Your Windows Live ID is essentially your online identity for all of the Windows Live services, Xbox Live, Zune and other third party websites (such as Expedia.com) that utilize Windows Live ID. If you're using Windows Live Hotmail and Windows Live Messenger, your Windows Live ID stores all your contacts and email messages. Your Windows Live ID is definitely something you don't want to have compromised and I've got several pointers - or best practices - in keeping your Windows Live ID safe.

Do not hand out your password! Don't give anyone your password to your Windows Live ID. Handing out your password to anyone is simply asking for trouble. Don't even give out your password to friends or family. I can't imagine a reason why they would need it. Just don't give out your Windows Live ID credentials at all.

Be careful giving your Windows Live credentials on non-Microsoft websites. There are some websites out there that will claim they "require" your Windows Live ID credentials for their service. Some sites use this tactic to gain access to your Windows Live ID.

Fact: Microsoft will only ask for your Windows Live ID credentials on login.live.com and nowhere

...

After investigating public reports, Microsoft has published Microsoft Security Advisory 951306, which describes a vulnerability that affects multiple versions of Windows (including Windows XP Professional Service Pack 2, all supported versions and editions of Windows Server 2003, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.)

The newly found security flaw could potentially allow a malicious local user (who has authentication) to execute specially crafted code to raise his privilege level to LocalSystem. IIS and SQL Server are the main attack vectors. But other vectors are possible, such as Microsoft Distributed Transaction Coordinator (MSDTC) on Windows Server 2003.

The vulnerability looks like it basically allows for any process that has the SeImpersonatePrivilege to execute some code and be able to impersonate LocalSystem (which has the NT AUTHORITY\SYSTEM SID and a wealth of privileges in its token). For Windows 2003 and beyond the users awarded that privilege are in the Network Services, Local Services, Local System, and Administrators groups. On Vista/Server 2008 you additionally won’t have the privilege unless you’ve elevated. That fortunately reduces the scope of this otherwise highly serious vulnerability, though it still isn’t pretty.

It must be noted however  Microsoft stated in its advisory that- “Hosting providers may be at increased

...

This post gives you some links to online available White Papers and Guides from the Microsoft download site - I hope you can use some of it to analyze and protect your own network(s)!

New Security White Paper of April 2008:

"The Microsoft US National Security Team is composed of strategic security advisors who work with Microsoft customers, partners, MS internal constituencies and the information security industry to promote the adoption of security processes and technologies. The NST also focuses on driving vertical security solutions for a wide range of industries. To this end, the NST has produced a number of white papers that address the specific security needs of particular industries, such as the professional services and financial services industries."

You will find these papers:

- Electronic Signature Assurance and the Digital Chain-of-Evidence
- Enabling Secure Collaboration for Professional Services Firms
- Establishing the Foundation of Authenticity for Electronically Stored Information
- Information Protection Strategies For Financial Services
- Optimizing Branch Office Security and Productivity in the Financial Services Sector
- Secure Software Development for the

...

Yup, a wish came through - I'm now an MVP!

Receiving the Microsoft Most Valuable Professional Award is a great honor and much appreciated - thank you.

Sharing Rocks - Information wants to be free!

Time to get a beer :-)

 

.

Well - in regards to Hotfixes and Security Updates, check out this TechNet article. To get the complete overview, read this one. The "notable changes" can be found here.

That should be enough info to get safely through Eastern :-)

 

.

To help celebrate St. Patrick's Today - the Windows Live OneCare Team is kicking off a brand new campaign: Get Green Stay Green.

The Get Green Stay Green campaign is designed to make sure Windows Live OneCare users are staying "green" - meaning their PC Health Status. Here is Amy Barzdukas, Senior Direct here at Microsoft, to talk about Windows Live OneCare and keeping your PC safe. Amy leads the Windows Live OneCare Team.

Video: Microsoft Windows Live OneCare

I use Windows Live OneCare on my 3 personal home PCs - which are connected together in an OneCare Circle (you can have up to 3 PCs in an OneCare Circle). This lets me manage the PC Health for all my personal PCs. If any of my PCs in my OneCare Circle have their PC Health Status change to yellow or red, I can quickly see which PC it is and why. I can then do what is needed to bring that PC back to green. Keeping all my PCs green is very important to me. If any of my PCs slip into

...