My latest article is up on Geekwire: How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks.
In my latest Geekwire article “How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack, I continue looking at the SolarWinds event, this time digging into the SAML token angle that’s not been covered very well. Others have either ignored it entirely or touched on it in a light, technically unclear/inaccurate way all leading to confusion and a lack of appreciation for how serious this angle is.
In my latest posting on Geekwire, “Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach” I draw on my past experiences being on the teams running the biggest incidents at Microsoft. In this I give what I think is the fullest picture ever on what Microsoft has done in a major incident, in this case the ongoing SolarWinds incident.
Microsoft doesn’t do this for all incidents, but this isn’t the only incident they’ve pulled out the stops like this. Unfortunately no one outside of the teams has ever really understood how much they can and do do at times.
In that way, this article is dedicated to the literally hundreds if not thousands of people who have worked these incidents at Microsoft over the years, many of whom I had the true honor and pleasure of working with.
Update 12/28/2020: As a follow up I’m happy to say I’ve heard from several people that this has been making the rounds internally at Microsoft and has made people who otherwise haven’t gotten credit for work feel they got some credit. That makes me very happy.
Also, I’m told that about two weeks after posting, this has racked up around 800,000 page views, making it one of the best performing article ever for Geekwire.
For my latest article on Geekwire, I dig into Amazon’s plans for their new Sidewalk offering looking at how they’ve chosen to deploy it using “forced opt-in”, how that mirrors and differs from Comcast’s deployment of Xfinitywifi, and what it means moving forward.
I’m proud to say that I’ve got a new article up on Geekwire.com: With ‘Pluton’ chip, Microsoft shows strength, and proves Trustworthy Computing still matters.
This goes deeper into the story to explain why this announcement is more significant than it may seem and what it tells us about today’s Microsoft and the continuities you can still find with the Gates-era Microsoft.
My latest posting over at Geekwire is my analysis and commentary on why Hillary Clinton using a “homebrew” email server is a major security problem.
Ten years ago yesterday, Bill Gates sent out his Trustworthy Computing memo that marked a significant change in the culture at Microsoft and put security, privacy and reliability at the center of the company as ideals.
I was at Microsoft as part of the Microsoft Security Response Center when that came out. And until I left Microsoft in December 2010, I was involved in security and privacy. So I have a former insider’s long-term view of what that was all like.
As my former colleagues are marking the occasion I’m sharing my own thoughts on what it meant then and what it means for the future.
Here are my comments in Robert X. Cringly’s article “PC security: We’ve come a long way, baby“. And a longer write-up by me over at Betanews “10 years after Bill Gates’ Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one“.
It was something to be a part of, but the world is different today. Part of my take on it is how this is still relevant in this different world.
Be sure to check out my new guest posting over at the Seattle Opera blog, Seattle Ring 2009: A New Wotan for the Ages. In it I share my thoughts on Greer Grimsley as Wotan, what his portrayal tells us about this year’s cycle, and how I’ve seen a new Wotan in this production.
Check it out, and my thanks to the Seattle Opera for letting me guest post.