Jeff's InfoSec Blog

Thoughts about information security, privacy, and regulatory compliance. Brought to you by Jeff Newfeld, the product unit manager for security solutions in Microsoft's Core Infrastructure Solutions group.

September, 2005

  • Credit Bureaus adopt data protection standard... so what?

    So the three big credit bureaus are adopting a single data encryption standard to "further assure the protection of sensitive consumer data when transmitted between data furnishers and credit reporting companies" ( link ). Great. Except that data encryption...
  • British Gov't validating security tools - "CSIA CT Mark"

    The CSIA is sort of the British version of NIST, with respect to IT. They've invented their own accreditation for security tools ( link ), basically looking to validate the vendor's claims (thus the name, "Claim Tested Mark"). This is a very different...
  • Cool stuff - Microsoft MAX

    If you have a high-performance machine with a good video card, check out http://www.microsoft.com/max/ . It's the Codename Avalon user interface used for photo browsing. Not only is it really pretty, but it also shows some great ideas around how a UI...
  • Trapping passwords by listening to typing

    An interesting paper to be published shortly by three clever people at UC Berkeley reports that without training (other than a 10-minute recording of someone typing) a recognition algortithm can be built to derive what is being typed, including passwords...