Microsoft’s Commitment to Protect Customer Data through Encryption Continues

Late last year, Microsoft embarked on a comprehensive engineering effort to strengthen encryption across our networks and services in light of concerns about government surveillance. Since then, we’ve made great progress in several key areas. For instance, Office 365 has rolled out the general availability of message encryption. is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. OneDrive now has Perfect … Read more »

Microsoft’s Perspective on the Cybersecurity Framework: Next Steps for Incentives and International Harmonization

Over the past several weeks, I’ve visited several national capitals to address cybersecurity concerns with policymakers and industry leaders. One shared challenge facing governments and critical sectors worldwide is the need for a common baseline of cybersecurity risk management guidance that can be utilized by organizations at different levels of sophistication. Often, these discussions turn to the Cybersecurity Framework issued earlier this year by the U.S. National Institute for Standards … Read more »

Why businesses should care about cybersecurity this October

Around the world, governments have designated this October as “cybersecurity awareness” month, seeking to increase national resilience by raising national consciousness. This effort comes on the heels of a number of government initiatives that aim to strengthen cyber resilience of critical infrastructures, such as the U.S. Presidential Executive Order or the European Commission’s Network and Information Security Directive. But should businesses care about this nebulous and seemingly all-encompassing issue beyond … Read more »

You asked, we answered: #AskPtH Questions and Answers


Pass-the-Hash (PtH) refers to a technique that allows an attacker to capture account logon credentials on one compromised computer, and then use those captured credentials to authenticate to other computers across the network. Many of our customers, including administrators who want to protect their networks are particularly interested in this technique. So, we wanted to open the conversation to our @msftsecurity Twitter followers, and hear what questions you had about … Read more »

Windows 10: Continuing to Raise the Security Bar for Cybercriminals

Today, Jim Alkove made some important announcements about how we are raising the security bar for cybercriminals in Windows 10 through a blog post entitled “Windows 10: Security and identify protection for the modern world.” His post details important changes to Windows that can be summarized in three key areas: identity protection and access control, information protection and threat resistance. Here are some of the highlights. Identity protection and access … Read more »

Cybersecurity in the age of cities


Posted by Paul Nicholas & Cristin Goodwin Senior Director, Global Security & Diplomacy and Senior Attorney, Legal & Corporate Affairs Over the past decade, citizens around the world have been witness to an urban renaissance. For the first time in history, more than 50% of the world’s population lives in urban settings and it is expected that by 2050 nearly 70% of us – more than 6 billion people – … Read more »

Trust me, I’m a cloud vendor


I visited my sister and her family a while ago and somehow ended up playing a game with my seven year-old niece. I forget what it was called now, but the objective was to describe colors without being able to relate them to an object. In other words, describe the color blue without referring to the sea, or the sky. Try it. It’s tough. Though apparently not for seven year-olds. … Read more »

Trust: what’s it all about?


Today I delivered a keynote about trust in the cloud at the Cybersecurity Expo 2014 event in London. I’ve been thinking about how to tackle a topic like ‘trust’ and how it applies to cloud computing. I don’t know about you, but when someone you don’t know very well says ‘you can trust me,’ I kind of feel the opposite. I believe that actions speak louder than words. With that … Read more »

Vuln Hunt: Find the Security Vulnerability Challenge #2

vuln hunt image

Ex-Netscape engineer Jamie Zawinski has a great quote about regular expressions. He said: “Some people, when confronted with a problem, think ‘I know, I’ll use regular expressions.’ Now they have two problems.” That’s certainly true for this week’s Security Vuln Hunt. Two points are possible, plus an extra bonus point.  The question: The programmer here has written an input validation regex to test whether a given string matches the format … Read more »

Vuln Hunt: Find the Security Vulnerability Challenge #1

vuln hunt image

Whether it’s a riddle, puzzle, or detective mystery novel, most of us like to solve a good brain teaser. As security and program experts, these types of conundrums keep us on our toes. During the next few weeks, I’ll share some of my favorites, and see if you can find the security vulnerability. For this first one, let’s take a look at authenticated encryption. Two points are possible for solving … Read more »