Tag Archive for Microsoft

| May 6, 2014
Comments Off on Security From the Heart

Security From the Heart

Security From the HeartWe have all heard the horror stories of password management. Users choose the same weak passwords, trade them for chocolate bars. They keep track of them on post-it notes. Firms are negligent in managing weak passwords. Help Net Security wrote about the latest innovation in passwords from Canadian security start-up Bionym.

Bionym logoBionym created Nymi, a bracelet/wristband containing an ECG (electrocardiogram) sensor that “reads” the unique heartbeat pattern of the wearer. The bracelet will use the ECG to authenticate into electronic devices; cars, computers, smartphones, TVs, etc.

“It was actually observed over 40 years ago that ECGs had unique characteristics,” Bionym CEO Karl Martin pointed out to Tech Hive. “What we do is ultimately look for the unique features in the shape of the wave that will also be permanent over time. The big breakthrough was a set of signal-processing and machine-learning algorithms that find those features reliably and to turn them into a biometric template.”

When you clasp the Nymi around your wrist it powers on. By placing a finger on the topside sensor while your wrist is in contact with the bottom sensor, you complete an electrical circuit. After you feel a vibration and see the LEDs illuminate, your Nymi knows you are you and your devices will too. You will stay authenticated until your Nymi is taken off,” it’s explained on the firm’s website.

3-factor security

Nymi knows you are youThe Nymi functions on a 3-factor security system. To take control of your identity you must have your Nymi, your unique heartbeat, and an Authorized Authentication Device (AAD). The AAD could be a smartphone or device registered with their app.

No details about the bracelet’s security have been share on the site. Ars Technica’s Dan Goodin has pumped Martin for information and, so far, the news is good. Elliptic curve cryptography is used to ensure data traveling between the bracelet and the device is not monitored or intercepted by attackers. ECC also encrypts the handshake performed between the bracelet and the devices being unlocked.

perform remote, gesture-specific commandsThe Nymi also has motion sensing and proximity detection that allows users to perform remote, gesture-specific commands, creating a dynamic and interactive environment,” it is explained. “A simple twist of the wrist can unlock your car door.”

When it arrives, Nymi will offer three-factor authentication. The wristband itself, your unique cardiac rhythm, and a mobile device, like a smartphone or tablet. The Nymi hardware acts as a secure token that ties into the biometric. The wristband will need to check in with your smartphone or tablet at the beginning of the day.

rb-

The thing that excites me most about Nymi is its potential to get rid of passwords. I think the password has a limited shelf-life. Once wearable computing takes off, payment processing will be integrated with biometrics on the wearable devices, there will be no need for passwords.

Nymi will be compatible with the FIDO AllianceBionym’s Martin stated,   “[Killing the password] is one of our goals,” noting that the Nymi will be compatible with the FIDO Alliance.

FIDO, which stands for Fast IDentity Online, was created by PayPal and Lenovo (LNVGY) and now counts Google (GOOG) and Microsoft (MSFT) among its members. The alliance has set out to create the next-generation standard for identity verification. 

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| April 1, 2014
Comments Off on Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close MSFT HolesIt’s been best practice for a very long time: all users and processes should run with the fewest privileges necessary. That means no Admin rights for users. This limits the damage that can be done by an attacker if the user or process is compromised.

Avecto logoZDNet says that running users without admin rights on Microsoft (MSFT) Windows XP was generally impractical. It is a much more reasonable and manageable approach on Windows Vista, Windows 7, and Windows 8, but many organizations still run users as administrators because it makes things easier in the short term.

Impact of running with “least privilege”

ZDNet cites a new study from UK software company Avecto which demonstrates the real-world impact of running with “least privilege”. In 2013, Microsoft released 106 security bulletins and updates to address the 333 vulnerabilities identified in them. 200 of the 333 total vulnerabilities would be mitigated if the user were not running as administrator. 147 of the vulnerabilities were designated critical; 92 percent (135) of these would be mitigated.

Dark Reading says that the Avecto results also revealed that removing admin rights would also mitigate:

  • running with "least privilege"91% critical vulnerabilities affecting Microsoft Office,
  • 96% of critical vulnerabilities affecting Windows operating systems,
  • 100% of vulnerabilities in Internet Explorer and
  • 100% of critical remote code execution vulnerabilities.

Breakdown of Microsoft V\vulnerability Impact in 2013

Avecto told ZDNet that non-administrator users can still be compromised, but it’s much less likely that they would be and, if they were, the impact would likely be greatly limited. Least privilege is most effective as part of a more comprehensive security architecture including the prompt application of updates to patch vulnerabilities.

Paul Kenyon, co-founder, and EVP of Avecto told Dark Reading, “This analysis focuses purely on known vulnerabilities, and cybercriminals will be quick to take advantage of bugs that are unknown to vendors. Defending against these unknown threats is difficult, but removing admin rights is the most effective way to do so.”

rb-

Employees with admin rights can install, modify and delete software and files as well as change system settings making more work for the help desk folks. The report demonstrates that many companies are still not fully aware of how many admin users they have and consequently face an unknown and unquantified security threat. It is also conceivable that privilege management would have made high-profile attacks such as the recent one on Target if not impossible then much harder, by reducing the potential for the abuse of partner access, believed to have been at the heart of the breach.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| January 7, 2014
Comments Off on Rockstars Team Up Against Google

Rockstars Team Up Against Google

Rockstars Team Up Against GoogleTo usurp Mark Twain, the reports of Nortel‘s demise are greatly exaggerated. GigaOm reports that the defunct Canadian telco giant has found an afterlife as part of a patent trolling operation that struck Android phone makers and is now targeting network and cable operators, including Google, with lawsuits in Texas and Delaware.

afterlife of a patent trolling operationJeff John Roberts writes that Nortel’s second act as the walking dead is taking place thanks to “Rockstar Consortium,” a group formed by Microsoft (MSFT), Apple (AAPL), Blackberry (BBRY), Sony (SNE), Ericsson AB (ERIC)EMC (EMC) and other Google (GOOG) rivals, which bought bankrupt Nortel’s patent portfolio in 2011 for $4.5 billion. (rb- I covered the sale of Nortel’s IP here)

Nortel was the source of many of the most important innovations in history in the field of telecommunications and networking,” says a new Rockstar lawsuit filed in the seemingly pro-troll U.S. District Court for the Eastern District of Texas that accuses Time Warner Cable (TWC) of violating six patents, including US Patent 6128649, which was issued in the year 2000 and describes a method to show multiple screens in a video conference the article summarizes.

Rockstar Consortium formed by Microsoft, Apple, Blackberry, Sony, Ericsson, EMC

The complaint doesn’t say how exactly Time Warner Cable is infringing the old Nortel patents, but only notes that “TWC operates, sells and offers to sell video, high-speed data and voice services over its broadband cable systems throughout the United States.” The author says Rockstar, which is suing through a subsidiary called Constellation, also complains that the cable company walked away from its licensing demands in 2012.

GigaOm notes a second lawsuit, filed in Delaware by Rockstar under the alias “Bockstar” makes a series of broad-based allegations against Cisco (CSCO) that claim the company is violating six other old Nortel patents, including this one from 1998, related to routers and switches.

costs are passed on to customersLike all patent trolling, the author says that has nothing to do with innovation, but it certainly will lead to higher cable bills as Time Warner will have to spend millions on lawyers to fight the suit or else pay expensive license fees for old patents from a dead company; either way, the costs are passed on to customers.

Joe Mullin of Ars Technica noted when Rockstar sued the phone companies, “it’s patent trolling gone corporate.” And there’s no sign of where this will stop. Apple and Microsoft are sitting on thousands of patents that date from an era when the Patent Office would grant a patent on nearly anything, and it looks like they’re going to use them to sue every industry they can think of.

dysfunctional US CongressThe totally dysfunctional US Congress tried to take on patent trolling but caved into lobbyists. Microsoft has already succeeded in stripping out a part of the law that would have made it easier to challenge bad patents. This means the best hope for a return to patent sanity may lie with the Supreme Court, which agreed to consider what type of software patents should be granted in the first place.

GigaOm cites CBC reports that Ottawa, Nortel’s hometown has been transformed from a one-time innovation hotbed into a tech necropolis where once-proud engineers are paid to pick apart other people’s inventions in search of new patent violations that they can pass on their American masters.

 rb-

I have covered the patent trolling mayhem in the mobile market for a while and this seems to be more of the same. Innovation is dead in the mobile market and the only way these firms can compete is in the courthouse.

In addition to their choice of venue in the pro-troll Texas court, further evidence that Microsoft and Apple have created a patent troll can be found in the fact that Rockstar has filed suit against the leading Android phone producers:

  1. Samsung Electronics Co. (005930) (#1 Android OEM in U.S. sales),
  2. LG Electronics (LGLD) (#2),
  3. ZTE (763) (#4),
  4. Huawei (002502) (#6) and
  5. HTC (2498) (#7).

In addition, DailyTech notes that Rockstar member Sony is a minor Android OEM.  If somehow Microsoft and Apple are able to troll other Android OEMs to death, Sony could see gains in market share, as the only OEM who doesn’t have to pay direct licensing fees to Microsoft/Apple (Sony also notably has preexisting licensing deals with Microsoft and Apple).

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
| January 2, 2014
Comments Off on Tech Titans Crush Patent Reform

Tech Titans Crush Patent Reform

Tech Titans Crush Patent ReformJeff John Roberts at GigaOM reports there is a battle going on in Washington DC over patent reform. Some in DC are attempting to rewrite the broken patent system. Under the current patent laws, what the author calls the struggling old guard firms can exploit the patent system to abuse monopolies over basic software concepts from decades ago. The result has been to smother start-ups and weigh down vibrant parts of the tech economy with frivolous lawsuits; lawyers get fat at the expense of those who are building real businesses.

Microsoft and IBM gutted a key House billThe latest push by Congress to fix the software patent problem suffered a setback after Congress allowed Microsoft and IBM to gut a key House bill that would have made it easier for victims to push back. TechEye explains that the “covered business method” (CBM) program drew the ire of Microsoft (MSFT) and IBM (IBM). The changes proposed would have sped up the method for the Patent Office to get rid of low-quality software patents. Under the reformed program, MSFT and IBM could not sue someone until the Patent Office considered if the patent was viable. TechEye reports that IBM flexed its political muscle (cash?) to stop the effort to expand the CBM program. An IBM spokesperson said that while “we support what Mr. Goodlatte’s trying to do on trolls, if the CBM is included, we’d be forced to oppose the bill.

The upshot according to GigaOM is that for the second time in three years, the U.S. is poised to pass a law that will make cosmetic changes to the patent system without addressing the root cause — garbage software patents — that has made the system a mockery and a byword for legalized extortion.

Patent OfficeThe article claims that reformers shouldn’t despair quite yet. GigaOM cites sources close to the legislative process that think real reform could still happen if powerful senators prevail and if opponents outgun Microsoft and its allies in the grubby money and lobbyist game. GigaOM lays out how the reform was de-railed.

Money Talks in the House

The chair of the House Judiciary Committee, Rep. Bob Goodlatte (R. Va.), was scheduled to bring his much-touted patent bill for a vote. The bill arrived on schedule — but it was a neutered version.

Fat cat, moneyA key provision, which would have provided a way to challenge software patents at the Patent Office, is no longer in the bill, which Fat cat money passed 33-5 vote by the committee. The change is significant, the author says because it means victims of patent bullies must still pay millions to challenge the patents in federal court or, as most do, simply swallow hard and pay a licensing fee.

Mr. Goodlatte’s decision to drop the provision is a victory for IBM and Microsoft, which have stacks of old software patents that provide licensing revenue even as their product lines sputter. It’s also a victory for trolls, which the article says are shell companies backed by private equity firms and lawyers that use patents (often obtained from Microsoft and others under a “privateering” arrangement) to wage ruinous legal war against everyone from Martha Stewart to individual users. (rb- Click here to read about IBM’s efforts to Patent Patent Trolling)

LobbistsAccording to reports, the change to the Goodlatte bill came after intense lobbying from groups linked to Microsoft, IBM, and others. The account was confirmed by a source close to Google (GOOG) and other groups that pushed for the provision to challenge software patents.

They outspent the living shit out of us,” said the source, who did not want to be named. He said that the companies spent heavily to lobby Democrats on the Committee and freshman Republicans, forcing Mr. Goodlatte to remove the provision rather than seeing it voted down at this stage.

A source with a lobbying group allied with Microsoft said the software giant’s role had been overstated, and that the change in the bill was less about money than it was about “shoe leather” lobbying.

Patent reform in the Senate

Electronic Frontier Foundation If we had a quarter of the people who opposed SOPA supporting this anti-patent troll law, we’d win,Sen. Chuck Schumer (D-NY) told the author. Mr. Schumer was joined by the Electronic Frontier Foundation, to talk patent reform and his up his bill to take on trolls, which he said are “preying on New York’s technology industry.”

Mr. Schumer is pushing a bill that includes the key provision about software patents that was stripped from the House bill. Schumer’s support is significant, not only because he carries clout in the Senate, but because he succeeded in including a similar provision aimed at frivolous financial services patents in the America Invents Act of 2011.

Other patent reform bills are circulating in the Senate including similar bills from Sen. Patrick Leahy (D-Va.) and Sen. John Cornyn (R-Tx.). According to the source tied to Google, Mr. Leahy has signaled that his bill is a “Christmas tree,” meaning other politicians can hang their preferred provisions atop it; the bill that will ultimately get a vote on the Senate floor will likely contain a provision to challenge software patents.

Washington insiders said patent legislation is one of the few bipartisan initiatives available to members of Congress, who are eager to notch legislative achievements before the mid-term campaign season begins next summer. This means that the bills are expected to go to a full floor vote in the House and Senate by early 2014 and that a markup session on a final bill will take place in the spring — the only question is which version will prevail.

The endgame

There’s months to go till conference committee,” said the source close to the reform lobby, predicting that the balance of power will tilt towards the software patent reform camp, as Google and others ramp up lobbying efforts. The source tied to Microsoft, unsurprisingly, panned this prediction and declared that challenges to software patents are now a “third rail” that most in Congress don’t want to touch.

The outcome will be determined in large part by money, and whether Google and the other companies that recognize the harm caused by software patents (Twitter (TWTR) is another) are willing to seize the chance at reform that is within their grasp.

Today, attitudes have changed after a steady parade of patent horror stories: Boston University using a 1997 patent to sue Apple and seek an iPhone ban; a troll using a 1998 patent from a Holocaust foundation to shake down the New York Times; a troll lawyer who boasts he likes to “go thug,” and is pressing an extortion campaign against hundreds of companies.

the patent system is out of handAll of this has led everyone from small app developers to President Obama to suggest the patent system is out of hand. After years of asking defendants to take it on faith that the system is working, it’s now up to Microsoft and others to justify that their ancient software patents — which award 20-year monopolies in a fast-moving industry — do more good than harm.

 rb-

While I’m not a lawyer, this seems pretty messed up to me. But that is the magic of Democracy, we get the leadership we elect.

 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| November 8, 2013
Comments Off on Microsoft Develops Shortlist for New CEO

Microsoft Develops Shortlist for New CEO

Microsoft Develops Shortlist for New CEOThe Grand Pooh-Bahs in Redmond have developed a shortlist of candidates to replace outgoing CEO Steve Ballmer. Reuters says the list includes internal candidates. Reported on the list is former Skype CEO Tony Bates, who is now in charge of business development at Microsoft (MSFT). Another internal candidate is Satya Nadella, the company’s cloud, and enterprise chief.

Sources told Reuters that Ford Motor Company (F) CEO Alan Mulally and former Nokia (NOK) CEO Stephen Elop are also contenders. While I am sure they are all worthy successors to Steve. I wonder if Mr. Mulally has his own rant ready for his interview Taurus’s … Taurus’s … Taurus’s (rb- do these jobs really have interviews?)

 

Here’s a remix from DevelopersDevelopers.com (Oldie but goodie)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »