Choosing a sign-in model for Office 365

Paul Andrew, the technical product manager for Office 365 Identity Management, has blogged about the different identity models you can choose with Office 365. Learn how to move between them and choose the right one for your needs.

Read everything here http://blogs.office.com/2014/05/13/choosing-a-sign-in-model-for-office-365/

Advertisements

A €299 forensic tool decrypts BitLocker, PGP and TrueCrypt disks

The Russian Elcomsoft sells Elcomsoft Forensic Disk Decryptor for €299. Of course the tricky part is how to decrypt the contents. Below you can read what they say about finding the encryption keys. I copy from their website:

Perform the complete forensic analysis of encrypted disks and volumes protected with desktop and portable versions of BitLocker, PGP and TrueCrypt. Elcomsoft Forensic Disk Decryptor allows decrypting data from encrypted containers or mounting encrypted volumes, providing full forensic access to protected information stored in the three most popular types of crypto containers. Access to encrypted information is provided in real-time.

Features and Benefits

  • Decrypts information stored in three most popular crypto containers
  • Mounts encrypted BitLocker, PGP and TrueCrypt volumes
  • Supports removable media encrypted with BitLocker To Go
  • Supports both encrypted containers and full disk encryption
  • Acquires protection keys from RAM dumps, hibernation files
  • Extracts all the keys from a memory dump at once if there is more than one crypto container in the system
  • Fast acquisition (limited only by disk read speeds)
  • Zero-footprint operation leaves no traces and requires no modifications to encrypted volume contents
  • Recovers and stores original encryption keys
  • Supports all 32-bit and 64-bit versions of Windows

efdd s This $299 tool is reportedly capable of decrypting BitLocker, PGP, and TrueCrypt disks in real time

Three Ways to Acquire Encryption Keys

Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be derived from hibernation files or memory dump files acquired while the encrypted volume was mounted. There are three ways available to acquire the original encryption keys:

  • By analyzing the hibernation file (if the PC being analyzed is turned off);
  • By analyzing a memory dump file *
  • By performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).

* A memory dump of a running PC can be acquired with one of the readily available forensic tools such as MoonSols Windows Memory Toolkit
** A free tool launched on investigator’s PC is required to perform the FireWire attack (e.g. Inception)

Acquiring Encryption Keys

Generally, the choice of one of the three attacks depends on the running state of the PC being analyzed. It also depends on whether or not installation of a forensic tool is possible on a PC under investigation.

If the PC being investigated is turned off, the encryption keys can be retrieved from the hibernation file. The encrypted volume must be mounted before the computer went to sleep. If the volume is dismounted before hibernation, the encryption keys may not be derived from the hibernation file.

If the PC is turned on, a memory dump can be taken with any forensic tool if installation of such tool is permitted (e.g. the PC is unlocked and logged-in account has administrative privileges). The encrypted volume must be mounted at the time of memory dump acquisition. Good description of this technology (and complete list of free and commercial memory acquisition tools) is available athttp://www.forensicswiki.org/wiki/Tools:Memory_Imaging.

Finally, if the PC being investigated is turned on but installing forensic tools is not possible (e.g. the PC is locked or logged-in account lacks administrative privileges), a remote attack via a FireWire port can be performed in order to obtain a memory dump. This attack requires the use of a free third-party tool (such as Inception: http://www.breaknenter.org/projects/inception/), and offers near 100% results due to the implementation of FireWire protocol that enables direct memory access. Both the target PC and the computer used for acquisition must have FireWire (IEEE 1394) ports.

Once the original encryption keys are acquired, Elcomsoft Forensic Disk Decryptor stores the keys for future access, and offers an option to either decrypt the entire content of encrypted container or mount the protected disk as another drive letter for real-time access.

Fonts break after Windows security patch KB2753842

UPDATE: The security update is now fixed and everything works fine.

We have seen many problems during the last years with updates and patches but this one is really strange. After the security update KB2753842 was applied on 12/12/12, programs that use the vector “side” of fonts cannot show characters of specific fonts that used to work perfectly. You can see the font in the font list, you can select it but the font doesn’t work. This happens with programs like CorelDraw, Adobe Flash, Expression Design etc. Word, InDesign and programs that use the font as bitmap work fine.

Microsoft identified an exploit with the GetGlyphOutline() API call, made a change and everything collapsed. The 12/12/12 date would leave an entry in computer history… So, we are waiting for a fix on this. If you just remove the security update and reboot, things are back to normal (but we are still open to a possible hack). The problem appears on Windows XP, Vista, 7, 8, Server 2003, 2008, R2, 2012 (even Windows 8 RT) and some OpenType or TrueType fonts (not all of them).

Instructions to remove the update:

  1. Click on the “Start” button, click on “Control Panel” and then double-click on the “Add/Remove Programs” icon.
  2. Click the “Show Updates” check box at the top of the window and wait for the list of installed updates to appear.
  3. Click on the update you wish to remove, click the “Remove” button and then restart your computer. The update is now successfully removed from your computer.

Don’t forget to change the automatic updates to manual otherwise it will be reinstalled. As soon as there is a fix for this issue, you can change updating to auto.

http://graphics-unleashed.unleash.com/2012/12/windows-update-kb2753842-will-make-some.html

http://connect.microsoft.com/Expression/feedback/details/774232/microsoft-update-kb2753842-opentype-ps-outline-bug

http://forums.adobe.com/thread/1113943?tstart=0

Nokia Lumia 920: Detailed specifications (with highlights)

Nokia Lumia 920

A lot of people ask me about the new Nokia flagship with Windows Phone 8. So, I highlighted and underlined all the specs and features that I believe are worth pointing out. Lumia 920 is not an ordinary smartphone. It carries a number of innovations that will be available in the future on other smartphones like the super sensitive screen that can be “touched” even with gloves or the optical image stabilization (you don’t even have this on most of the dedicated cameras…).

There are also many things that can not be described with technical terms but give you the experience of using this device like the fluidness and responsiveness of the Windows Phone software. So don’t get this as a review, it’s a copy of the device specifications from Nokia’s website.

Ah, it also comes in 5 colours…

  • Design
    • Dimensions
      • Height: 130.3 mm
      • Width: 70.8 mm
      • Thickness1: 10.7 mm
      • Weight: 185 g
      • Volume: 99 cm³
    • Display and User Interface
      • Display size: 4.5 ”
      • Touch screen technology: Capacitive Multipoint-Touch
      • Screen height: 1280 pixels
      • Screen width: 768 pixels
      • Display features: Polarization filter, Light time-out, Ambient light detector, Brightness control, Corning® Gorilla® Glass, Orientation sensor, Proximity sensor, High Brightness mode, RGB Stripe, Sunlight readability enhancements, Pixel density 332 ppi, Luminance 600 nits, Aspect ratio 15:9, Super sensitive touch, Color boosting, IPS, Refresh rate 60 Hz, Sculpted 2.5D glass
      • Display height: 97.0 mm
      • Display width: 58.0 mm
      • Display colors: 16.7 million
      • Display technology: PureMotion HD+
    • Keys and Input Methods
      • User Input: Touch
      • Dedicated hardware key: Camera, Power, Volume, Search, Back, Windows Start key
    • Form factor
      • Phone form factor: Monoblock
  • Hardware
    • Connectivity
      • Dual SIM: No
      • Connectors: Micro-USB Charging Connector, Micro-USB Data Connector, Micro-USB 2.0, 3.5 mm audio connector
      • Wireless connectivity: Bluetooth 3.0, Near Field Communication, Wi-Fi Channel bonding, WLAN IEEE 802.11 a/b/g/n, Qi Wireless charging
      • Syncronization: Windows computer companion application, Mac computer companion application, Exchange ActiveSync
    • Data Network
      • Data bearer2: HSPA+ (3G), EDGE/EGPRS (2G), FD-LTE (4G), HSUPA (3G), GSM (2G), HSDPA (3G), WCDMA (3G)
    • Operating Frequency
      • Operating band3: GSM 850, GSM 900, GSM 1800, GSM 1900, WCDMA Band V (850), WCDMA Band VIII (900), WCDMA Band II (1900), WCDMA Band I (2100), LTE 800, LTE 900, LTE 1800, LTE 2100, LTE 2600
      • Data speed – Upload: LTE Cat 3 – 50 Mbit/s, HSUPA Cat 6 – 5.76 Mbit/s
      • Data speed – Download: EGPRS MSC 12 – 236.8 kbit/s, HSDPA Cat 24 – 42.2 Mbit/s, LTE Cat 3 – 100 Mbit/s
    • WLAN features
      • WLAN Security: WPA2 (AES/TKIP), WPA, WEP, PEAP-MSCHAPv2, EAP-SIM, EAP-AKA
    • Power Management4
      • Battery: BP-4GW
      • Battery capacity: 2000 mAh
      • Battery voltage: 3.7 V
      • Removable battery: No
      • Maximum 2G standby time: 460 h
      • Maximum 2G talk time: 18.6 h
      • Maximum 3G standby time: 460 h
      • Maximum 3G talk time: 10.8 h
      • Music playback time: 74 h
    • Processor
      • Processor name5: Snapdragon™ S4
      • Processor type: Dual-core 1.5GHz
    • Memory
      • Internal memory: 1000 MB
      • Mass memory: 32GB and 7GB in SkyDrive
  • Snapdragon™ S4 Processor
    • Performance
      • Do more. Wait less: Tap into faster performance. The Snapdragon™ processor CPU cores enable extra performance when you need it and puts you in charge of running the most demanding applications, including gaming, photography, as well as business and personal productivity.
    • Power consumption
      • Less charging. More doing: The Snapdragon™ processor’s unique asynchronous technology enables each core to power up and power down independently, resulting in maximizing core performance level without wasting battery power.
    • Technology
      • Beyond mobile. And beyond all expectations: Snapdragon™ S4 processor is a highly integrated, mobile-optimized system on a chip that delivers dynamic, immersive experiences and powerful, battery-friendly performance that can put new possibilities in your hands.
  • Software and applications
    • Personal Information Management (PIM)
      • Features (Personal information Management): Calculator, Clock, Calendar, Phonebook, Notes, Reminders, To-do list, Phonebook with integrated social networks, OneNote, Wallet
    • Other Applications
      • Gaming features: DirectX 11, Accelerometer, Gyroscope, Touch UI, XBox-Live Hub
    • Software platform & User Interface
      • Supported amount of phonebooks: One integrated Phonebook
      • Developer platform: Windows Phone 8
      • Software release: Windows Phone 8
      • Development technology: Silverlight, XNA, Visual Basic, DirectX, Java Script, XAML, C++
  • Communications
    • Email and Messaging6
      • Email solution: Hotmail, Yahoo! Mail, Outlook Mobile, Windows Live / Hotmail / Outlook.com, Gmail, Mail for Exchange, Office 365, Nokia Mail
      • Email protocol: SMTP, IMAP4, POP3
      • Email features: Viewing and editing of email attachments, Email with filtering, Always up to date, Multiple simultaneous email accounts, HTML email, Text-to-speech message reader, Email attachments, Conversational view on email
      • Instant messaging: Twitter, Facebook chat, LinkedIn, Windows Live Messenger
      • Messaging features: Integrated text messaging and chat, Instant messaging, Concatenated SMS for long messages, Multiple SMS deletion, List of recently used numbers, Audio messaging, Text-to-speech message reader, Conversational SMS for chat-style SMS, Text messaging, Common inbox for SMS and MMS messages, Unified MMS/SMS editor, Automatic resizing of images for MMS, Distribution lists for messaging, Multimedia messaging
    • Call management
      • Features (Call Management): Voice dialling, Voice Commands, Conference calling, Video calling, Call waiting, Voice mail, Call diverts, Video sharing, Integrated hands-free speaker, Call forwarding, HD audio, Call history
      • Contacts: Unlimited
  • Device security
    • Security
      • Enterprise security features: Remote security policy enforcement
      • General Security features: Remote device locking via Internet, Application sandboxing and integr check, Secure NFC, Track and Protect via internet, Firmware update, Remote wipe of user data via Internet, Application integrity check, Device lock
      • Device startup security: Device passcode, Secure device start-up, PIN code, Firmware and OS integrity check
      • Advance security features: Lost device tracking, Anti-phishing protection
      • Data encryption: User data encryption for device
  • Sharing and Internet
    • Browsing and Internet
      • Internet sharing: Use as a Wi-Fi Hotspot for up to 5 Wi-Fi-enabled devices
      • Supported web technologies: XML, CSS 3, HTML 5, HTML 4.1, CSS
      • Browser: Internet Explorer 10
  • Navigation
  • Photography
    • Main camera
      • Primary camera sensor size: 8.7 megapixels
      • Camera Flash Type: Short pulse high power dual LED
      • Carl Zeiss Tessar lens: Yes
      • Camera resolution: 3552 x 2448 pixels
      • Camera Focus Type: Auto focus with two-stage capture key
      • Camera F number/aperture: 2.0
      • Camera digital zoom: 4 x
      • Camera focal length: 26.0 mm
      • Flash operating range: 3.0 m
    • Main camera features
      • Camera feature: Nokia PureView camera, Touch to Focus and capture in a single tap, Landscape orientation, Geo-tagging, Auto and Manual White Balance settings, Still image Editor, Optical Image Stabilization, Lenses applications, Sensor type: BSI, True 16:9 sensor, Pixel size 1.4 µm, Sensor size 1/3″
      • Camera image format: JPEG/Exif
    • Image capturing
      • Flash modes: Off, Automatic, On
      • Scene modes: Automatic, Night portrait, Sports, Night, Close-up, Backlight
      • Capture modes: Video, Still
      • White balance modes: Cloudy, Incandescent, Fluorescent, Daylight, Automatic
      • Photos viewed by: Camera Roll, Timeline, Photo editor, Favorites, Album, Photos from Social networks
    • Secondary camera
      • Secondary camera resolution: 1280 x 960 pixels
      • Secondary camera minimum focus range: 35.0 cm
    • Graphics
      • Graphics format: JPEG
  • Music and Audio
    • Music
      • Music package: Nokia Music Store, Nokia Mix Radio
      • Noise cancellation: Multimicrophone noise cancellation
      • Music features: Music player, Media Player, Audio Streaming, Dolby Headphone
      • Other Features (Music and Audio): Selection by artist, album and genre, Cloud music playback, Podcasts, Cloud music offline playback, Playlists, Album graphics display, Music recommender
      • DRM support: PlayReady
    • Music format
      • Codecs: MP3, AMR-WB, AMR-NB, WMA 10 Pro, WMA 9, AAC LC, AAC+/HEAAC, eAAC+/HEAACv2
      • Audio format: ASF, Wav, MP4, AAC, AMR, MP3, M4A, WMA, 3GP, 3G2
    • Voice and audio recording
      • Recording: Voice Commands
      • Audio recording file formats: Wav, 3GP, 3G2
      • Audio recording codecs: AMR-NB
      • Speech codecs: AMR-WB, GSM FR, AMR-NB, GSM HR, EFR
      • Audio recording features: Mono with high dynamics
  • Video
    • Main video camera
      • Video playback frame rate: 30 fps
      • Video camera resolution: 1080p (Full HD, 1920×1080)
      • Video recording features: Video Light, Video zoom, Optical Image Stabilization
      • Camera video frame rate: 30 fps
      • Camera video zoom: 4 x
      • Video white balance modes: Cloudy, Fluorescent, Incandescent, Automatic, Daylight
    • Main video camera features
      • Video streaming: YouTube browsing and video streaming
      • Video feature: Video recorder, Video call, Video sharing, Video player
    • Other features (video)
      • Video sharing and playback: Video sharing to social network, Video sharing to Facebook, Video sharing to Skydrive
    • Secondary video camera
      • Secondary video camera resolution: 1280 x 720 pixels
  • Environment
    • Environmental features
      • Eco content and services: Available at Store, Nokia Maps: pedestrian navigation
      • Energy efficiency: Automatic screen brightness adjustment, Battery Saver feature
      • Materials: Free of BFR, rFR as in Nokia Subst. List, Free of PVC, Contains recycled metals, Free of nickel on the product surface
      • Product is recyclable (up to): 100% recoverable as materials and energy
      • User guide: Small printed guide, full on nokia.com, In-device user guide

Will your new computer be able to play an MKV file?

I was reading this article “How 4 Microsoft engineers proved that the “darknet” would defeat DRM” on how they were “attacked” for saying the truth. But what amazed me is a reader’s comment that the editor has also highlighted (that’s the quality of Ars Technica…). I copy parts of it:

What good is piracy if you can’t buy a computer that will execute your booty?

That’s the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier…

I totally agree. The millions of consumers that buy mainstream hardware and use mainstream software will find it really hard to use pirated material.

The issue of “monitoring” internet connections at home and businesses by organizations and copyright holders will be on another post…

Does a Mac need protection?

It is a long discussion for the last twenty years: Windows need constant maintenance and security software – Macs don’t have these problems. Until recently where thousands of Mac users realized that things are more complicated than presented by marketing gurus and Apple understood that its carpet has accumulated a lot of hidden issues. The “totally secure” trend has mainly changed due to the huge increase of sales of Apple hardware. But wasn;t this the reason of the Windows problems? Hundreds of millions of uneducated users and a legion of smart guys trying to rip them off?

TUAW posted this: Securing Your Mac – A Guide for Reasonable People, Version 1.0

They put a lot of attention on backup. Perfect! But, the funny thing is here:

Do You Need Anti-Malware Software for Mac today?

My answer is no. Is it possible that at some point in the future, Mac OS X users will need to run real-time anti-virus and/or anti-spyware software? Yes. It is likely? No. Mac security software has not shown itself capable of catching new attacks in real-time, and there are not many attacks to be protected against.

So, why do you need tools like this?

The folks at CIRCL (Computer Incident Response Center Luxembourg) created a free tool to detect when something has been added to the automatic launch settings for OS X. You can download it at http://www.circl.lu/pub/tr-08/ and it will give you an alert whenever something is added to one of those folders.

They still can’t realize that the world has changed. We are not in the 80s with viruses (on diskettes only) easily counted with your ten fingers…

Harden your Windows apps with EMET

Do you have legacy applications that worry you? Are you still waiting for a security patch? Some months ago, Microsoft released the Enhanched Mitigation Experience Toolkit v2.1 (EMET), a powerful configuration utility that will help you harden Windows applications.

For more details here: The one security tool every Windows user should know about | ZDNet

From Microsoft’s Download Center:

Overview

The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system.

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:

1. No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.

2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.

3. Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.

4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET’s graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.

5. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready

The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.

Oops! I thought my Mac was safe…

A lot of people have switched to a Mac just to get rid of all the malware found on a Windows PC. Actually all the malware they may attract to their PC but the perception is that you can be infected even if you are on “best practices”.

But everybody who understands how malware is created and spread, knew that it was a matter of time for serious infections on MacOSX now that the platform is getting a worthy percentage in the market. If we also take into account that most of the new users in the platform are mainly consumers with no real understanding of how things really work, things are getting worse.

Even though Apple was always downplaying the possibility of malware on a Mac (and laughing on Windows’ users in big adventures), they “introduced” phrases for their OS like “Another benefit of the 64-bit applications in Snow Leopard is that they’re even more secure from hackers and malware than the 32-bit version.” and “With virtually no effort on your part, Mac OS X offers a multilayered system of defenses against viruses and other malicious applications, or malware.” which convinces users that everything is OK. even though the words “even more secure” means we are not at 100% yet…

What is the latest threat? As ZDNet reports:

According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform: The first advanced DIY (Do-It-Yourself) crimeware kit aimed at the Mac OS X platform has just been announced on a few closed underground forums. … The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Apparently, a dedicated iPad and Linux release are under preparation as well.

If a group decides to deploy an attack like this on a wide scale, the impact on Mac users could be devastating. Only a tiny percentage of Macs run antivirus software, and Mac users have been conditioned to believe they’re immune from Internet threats. That’s a deadly combination.

All of us on the Windows platform have suffered for years, but we have learned the hard way how we can be protected. MacOSX is not the only problem. The whole market is changing and millions are now using devices with iOS or Android. Some millions will be using other tablet OSes soon. All these people need to be educated but the companies that sell these machines are not willing to undertake this “mission”. I believe, mainly because any mention on security concerns will hurt their sales. But a serious infection will definitely hurt their reputation and their market share (the only thing that they care about). Let’s see…

Read the whole story at ZDNet: Coming soon to a Mac near you: serious malware | ZDNet.

Which suite is more secure? Microsoft Office vs. Oracle Openoffice

It’s funny to read about security flaws especially when an article shows that popular preconceptions are usually wrong. Microsoft has managed to bring its Office 2010 suite to a very good state regarding security while Oracle inherited OpenOffice unwilling to further evolve it. LibreOffice is the new open source “branch”.

Read the whole analysis here: CERT/CC Blog: A Security Comparison: Microsoft Office vs. Oracle Openoffice. For a teaser look at the following chart:

officefuzz-expmajor.png