Tag Archives: security

Microsoft’s focus on being responsible, secure and ethical. MS Build 2018.

Key-Note By Satya Nadella

The keynote of Satya was organized around two topics: opportunities and responsibilities.

It seems Microsoft paid attention to recent comments on Artificial Intelligent sometimes referred to by “death by robot” or “the age of robots”. Also the GDPR was put in the right perspective.

Responsibility will be organized around 3 pillars. First there is privacy and a statement that Microsoft would only use data when the users benefits from it and allowing the user to keep control. Microsoft will even go so far as to defend any privacy violation before the supreme court.

Cyber security is the second pillar. It will require collaboration across the tech sector. Since current attacks might have affected democracy Satya mentioned the need for a digital Geneva convention. Attacking systems in the heart of the democracy could be seen as an act of war.

The third pillar of responsibility is ethical AI. We must not think about what a computer can do but we should think about what a computer should do. AI benefits from cross company data for example machine learning benefits from broad datasets. AI can become more intelligent if we could combine data cross companies. But this should not come at the cost of privacy. Private AI is the answer where data is shared but kept secure so the privacy of the users is guaranteed. Solutions like homographic security are key.

Continue reading

Kerberos Helper Tool

When reading up on Kerberos security I found a nice tool that helps you with the tedious job of getting the Service Principal Names (SPN) right. It is called Kerberos SPN Viewer and Helper Tool. You can download it from msdn blogs. It was just released in a post a few days ago!
A good summary how Kerberos works, I found it in the following location: http://www.xml-dev.com/blog/?action=viewtopic&id=21 or as a Kerberos.

For the reasons why why we need SPN-s a quick introduction is written on Keith Guidebooks’ under: http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAServicePrincipalNameSPN.html. The PDF version of that page.

10 Immutable laws of security

Today when clearing up my desk, I ran across some old stained printouts called the 10 Immutable laws of security. Reading them again, I see the information still stands today so I thought why not sharing these with you.

10 Immutable Laws of Security: see essay on http://technet.microsoft.com/en-us/library/cc722487.aspx

  • Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
  • Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
  • Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
  • Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
  • Law #5: Weak passwords trump strong security
  • Law #6: A computer is only as secure as the administrator is trustworthy
  • Law #7: Encrypted data is only as secure as the decryption key
  • Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
  • Law #9: Absolute anonymity isn’t practical, in real life or on the Web
  • Law #10: Technology is not a panacea

10 Immutable Laws of Security Administration: see essay on http://technet.microsoft.com/en-us/library/cc722488.aspx

  • Law #1: Nobody believes anything bad can happen to them, until it does
  • Law #2: Security only works if the secure way also happens to be the easy way
  • Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
  • Law #4: It doesn’t do much good to install security fixes on a computer that was never secured to begin with
  • Law #5: Eternal vigilance is the price of security
  • Law #6: There really is someone out there trying to guess your passwords
  • Law #7: The most secure network is a well-administered one
  • Law #8: The difficulty of defending a network is directly proportional to its complexity
  • Law #9: Security isn’t about risk avoidance; it’s about risk management
  • Law #10: Technology is not a panacea