Paul Andrew, the technical product manager for Office 365 Identity Management, has blogged about the different identity models you can choose with Office 365. Learn how to move between them and choose the right one for your needs.
Read everything here http://blogs.office.com/2014/05/13/choosing-a-sign-in-model-for-office-365/
The Russian Elcomsoft sells Elcomsoft Forensic Disk Decryptor for €299. Of course the tricky part is how to decrypt the contents. Below you can read what they say about finding the encryption keys. I copy from their website:
Perform the complete forensic analysis of encrypted disks and volumes protected with desktop and portable versions of BitLocker, PGP and TrueCrypt. Elcomsoft Forensic Disk Decryptor allows decrypting data from encrypted containers or mounting encrypted volumes, providing full forensic access to protected information stored in the three most popular types of crypto containers. Access to encrypted information is provided in real-time.
Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be derived from hibernation files or memory dump files acquired while the encrypted volume was mounted. There are three ways available to acquire the original encryption keys:
* A memory dump of a running PC can be acquired with one of the readily available forensic tools such as MoonSols Windows Memory Toolkit
** A free tool launched on investigator’s PC is required to perform the FireWire attack (e.g. Inception)
Generally, the choice of one of the three attacks depends on the running state of the PC being analyzed. It also depends on whether or not installation of a forensic tool is possible on a PC under investigation.
If the PC being investigated is turned off, the encryption keys can be retrieved from the hibernation file. The encrypted volume must be mounted before the computer went to sleep. If the volume is dismounted before hibernation, the encryption keys may not be derived from the hibernation file.
If the PC is turned on, a memory dump can be taken with any forensic tool if installation of such tool is permitted (e.g. the PC is unlocked and logged-in account has administrative privileges). The encrypted volume must be mounted at the time of memory dump acquisition. Good description of this technology (and complete list of free and commercial memory acquisition tools) is available athttp://www.forensicswiki.org/wiki/Tools:Memory_Imaging.
Finally, if the PC being investigated is turned on but installing forensic tools is not possible (e.g. the PC is locked or logged-in account lacks administrative privileges), a remote attack via a FireWire port can be performed in order to obtain a memory dump. This attack requires the use of a free third-party tool (such as Inception: http://www.breaknenter.org/projects/inception/), and offers near 100% results due to the implementation of FireWire protocol that enables direct memory access. Both the target PC and the computer used for acquisition must have FireWire (IEEE 1394) ports.
Once the original encryption keys are acquired, Elcomsoft Forensic Disk Decryptor stores the keys for future access, and offers an option to either decrypt the entire content of encrypted container or mount the protected disk as another drive letter for real-time access.
UPDATE: The security update is now fixed and everything works fine.
We have seen many problems during the last years with updates and patches but this one is really strange. After the security update KB2753842 was applied on 12/12/12, programs that use the vector “side” of fonts cannot show characters of specific fonts that used to work perfectly. You can see the font in the font list, you can select it but the font doesn’t work. This happens with programs like CorelDraw, Adobe Flash, Expression Design etc. Word, InDesign and programs that use the font as bitmap work fine.
Microsoft identified an exploit with the GetGlyphOutline() API call, made a change and everything collapsed. The 12/12/12 date would leave an entry in computer history… So, we are waiting for a fix on this. If you just remove the security update and reboot, things are back to normal (but we are still open to a possible hack). The problem appears on Windows XP, Vista, 7, 8, Server 2003, 2008, R2, 2012 (even Windows 8 RT) and some OpenType or TrueType fonts (not all of them).
Instructions to remove the update:
Don’t forget to change the automatic updates to manual otherwise it will be reinstalled. As soon as there is a fix for this issue, you can change updating to auto.
http://graphics-unleashed.unleash.com/2012/12/windows-update-kb2753842-will-make-some.html
A lot of people ask me about the new Nokia flagship with Windows Phone 8. So, I highlighted and underlined all the specs and features that I believe are worth pointing out. Lumia 920 is not an ordinary smartphone. It carries a number of innovations that will be available in the future on other smartphones like the super sensitive screen that can be “touched” even with gloves or the optical image stabilization (you don’t even have this on most of the dedicated cameras…).
There are also many things that can not be described with technical terms but give you the experience of using this device like the fluidness and responsiveness of the Windows Phone software. So don’t get this as a review, it’s a copy of the device specifications from Nokia’s website.
Ah, it also comes in 5 colours…
I was reading this article “How 4 Microsoft engineers proved that the “darknet” would defeat DRM” on how they were “attacked” for saying the truth. But what amazed me is a reader’s comment that the editor has also highlighted (that’s the quality of Ars Technica…). I copy parts of it:
What good is piracy if you can’t buy a computer that will execute your booty?
That’s the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier…
I totally agree. The millions of consumers that buy mainstream hardware and use mainstream software will find it really hard to use pirated material.
The issue of “monitoring” internet connections at home and businesses by organizations and copyright holders will be on another post…
It is a long discussion for the last twenty years: Windows need constant maintenance and security software – Macs don’t have these problems. Until recently where thousands of Mac users realized that things are more complicated than presented by marketing gurus and Apple understood that its carpet has accumulated a lot of hidden issues. The “totally secure” trend has mainly changed due to the huge increase of sales of Apple hardware. But wasn;t this the reason of the Windows problems? Hundreds of millions of uneducated users and a legion of smart guys trying to rip them off?
TUAW posted this: Securing Your Mac – A Guide for Reasonable People, Version 1.0
They put a lot of attention on backup. Perfect! But, the funny thing is here:
Do You Need Anti-Malware Software for Mac today?
My answer is no. Is it possible that at some point in the future, Mac OS X users will need to run real-time anti-virus and/or anti-spyware software? Yes. It is likely? No. Mac security software has not shown itself capable of catching new attacks in real-time, and there are not many attacks to be protected against.
So, why do you need tools like this?
The folks at CIRCL (Computer Incident Response Center Luxembourg) created a free tool to detect when something has been added to the automatic launch settings for OS X. You can download it at http://www.circl.lu/pub/tr-08/ and it will give you an alert whenever something is added to one of those folders.
They still can’t realize that the world has changed. We are not in the 80s with viruses (on diskettes only) easily counted with your ten fingers…
They used to exchange password lists. Now they are exchanging hash tables. Do you want to know why? Read here: A salt-free diet is bad for your security
Things are getting very complicated…
Do you have legacy applications that worry you? Are you still waiting for a security patch? Some months ago, Microsoft released the Enhanched Mitigation Experience Toolkit v2.1 (EMET), a powerful configuration utility that will help you harden Windows applications.
For more details here: The one security tool every Windows user should know about | ZDNet
From Microsoft’s Download Center:
Overview
The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system.
Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.
Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:
1. No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.
2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.
3. Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.
4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET’s graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.
5. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready
The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.
A lot of people have switched to a Mac just to get rid of all the malware found on a Windows PC. Actually all the malware they may attract to their PC but the perception is that you can be infected even if you are on “best practices”.
But everybody who understands how malware is created and spread, knew that it was a matter of time for serious infections on MacOSX now that the platform is getting a worthy percentage in the market. If we also take into account that most of the new users in the platform are mainly consumers with no real understanding of how things really work, things are getting worse.
Even though Apple was always downplaying the possibility of malware on a Mac (and laughing on Windows’ users in big adventures), they “introduced” phrases for their OS like “Another benefit of the 64-bit applications in Snow Leopard is that they’re even more secure from hackers and malware than the 32-bit version.” and “With virtually no effort on your part, Mac OS X offers a multilayered system of defenses against viruses and other malicious applications, or malware.” which convinces users that everything is OK. even though the words “even more secure” means we are not at 100% yet…
What is the latest threat? As ZDNet reports:
According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform: The first advanced DIY (Do-It-Yourself) crimeware kit aimed at the Mac OS X platform has just been announced on a few closed underground forums. … The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Apparently, a dedicated iPad and Linux release are under preparation as well.
If a group decides to deploy an attack like this on a wide scale, the impact on Mac users could be devastating. Only a tiny percentage of Macs run antivirus software, and Mac users have been conditioned to believe they’re immune from Internet threats. That’s a deadly combination.
All of us on the Windows platform have suffered for years, but we have learned the hard way how we can be protected. MacOSX is not the only problem. The whole market is changing and millions are now using devices with iOS or Android. Some millions will be using other tablet OSes soon. All these people need to be educated but the companies that sell these machines are not willing to undertake this “mission”. I believe, mainly because any mention on security concerns will hurt their sales. But a serious infection will definitely hurt their reputation and their market share (the only thing that they care about). Let’s see…
Read the whole story at ZDNet: Coming soon to a Mac near you: serious malware | ZDNet.
It’s funny to read about security flaws especially when an article shows that popular preconceptions are usually wrong. Microsoft has managed to bring its Office 2010 suite to a very good state regarding security while Oracle inherited OpenOffice unwilling to further evolve it. LibreOffice is the new open source “branch”.
Read the whole analysis here: CERT/CC Blog: A Security Comparison: Microsoft Office vs. Oracle Openoffice. For a teaser look at the following chart:
Paradigm Shift 