Found something very cool on our research pages... Microsoft Photosynth! What's the security part? Absolutely no idea (so far), but as a passionate photographer, I found the idea amazing and the realization cool! Well, perhaps the idea of "collecting" and "merging" all the photos in this world could raise some security concerns as well... However, have a look and have fun!
http://labs.live.com/photosynth/video.htmlhttp://labs.live.com/photosynth/default.html
Urs
"What if your photo collection was an entry point into the world, like a wormhole that you could jump through and explore… "
EFS has been around for quite some time within a Windows environment, but it has grown up a bit in Windows XP and Server 2003. EFS, Encrypting File System, is an excellent way to help protect data that is stored on a server or desktop.
http://www.windowsecurity.com/articles/Understanding-EFS-Windows-2003.html
This is a pretty interesting web-site: It contains Google quiries looking for vulnerabilities in publicly available source code. The list however is still rather short but I could think that this will be growing:
http://www.cipher.org.uk/index.php?p=projects/bugle.project
Roger
Microsoft has released a new tool to protect private information on the desktop. With Private Folders the user gets a password protected folder on Windows XP. Download.
http://www.microsoft.com/genuine/offers/Details.aspx?displaylang=en&countrycode=USA&offerid=441c2998-248b-49cf-b084-f3a237b58f71(The content is Genuine Microsoft Software protected)
I like it, even if it's not THAT kind of an invention... ;-)
Windows Fundamentals for Legacy PCs is based on Microsoft Windows XP Embedded Service Pack 2 (SP2), enabling you to upgrade to the security and stability of the Microsoft Windows XP platform. This eases the transition to Windows Vista Enterprise when you eventually replace your computers.
Windows Fundamentals for Legacy PCs is not a general-purpose operating system. It is designed to work with the Microsoft Remote Desktop Connection client or third-party clients such as the Citrix ICA client. In addition, it allows for a limited number of workloads to be executed locally, including security software, management software, terminal emulation software, document viewers, and the .NET Framework.
http://www.microsoft.com/licensing/programs/sa/benefits/fundamentals.mspx
It is unbelieveable but this story is not about how to secure a system but about what happens if you don't - and the hackers simply modify your system...
http://www.wired.com/news/technology/0,71363-0.html
I wrote already about this tool - it RTMed now and is ready for download. You can find it here.
At the moment we are discussing about flying those guys in and running some workshops about the way we do threat modelling and this tool. Woudl there be interrest in this?
If you haven't read "Why Phishing Works" (850 kb PDF) - written by Rachna Dhamija, J. D. Tygar, and Marti Hearst - stop what you're doing now and go get it...
http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf
Very frustrating... ;-)-Urs