jump to navigation

Windows NT Security Systems March 2, 2012

Posted by John Ruby in Archives, Security, Technologies.
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
add a comment

Windows NT Security Systems

The starting point for strong Internet security is the operating system of any machine connected to it. Fortunately for the organizations using IIS 4.0, strong levels of security were built into the core of Windows NT in order to meet and exceed certifiable security standards, i.e. the C2 security guidelines required by the U.S. Department of Defense’s evaluation criteria. Windows NT security contrasts sharply with the thin and weak security layers that are bolted on to the top of some other operating systems.

Compliance with the C2 security standard was originally only required for government organizations. However, many commercial organizations are demanding the same level of security, and they recognize the value that such standards offer. The main requirements for C2 compliance are:

  • User identification and authentication. Before gaining access to the systems, a user must prove their identity. This is typically done by providing a user-id / password combination, for example by entering the details via a keyboard or by the presentation of a device such as a smart card which stores such information.
  • Discretionary access control. Each object within the system, for example files, printers and processes, must have an owner—who can grant or restrict access to the resources at various degrees of granularity.
  • Auditing Capabilities. The system must provide the ability to log all user actions and object access, and include enough information to identify the user that performed any operation. Such information must only be accessible by system administrators.
  • Safe Object reuse. The system must guarantee that any discarded or deleted object cannot be accessed, either accidentally or deliberately, by other entities.
  • System integrity. The system must protect resources belonging to one entity, from being interfered with by another entity.

The C2 guidelines are applicable to standalone systems, and are specified in the document Trusted Computer System Evaluation Criteria (TCSEC). Fortunately, to make life simpler, this is often referred to as the Orange Book, thanks to the color of its cover. Other specifications that expand on the Orange Book include the Red Book for networking, and the Blue Book for subsystems.

Obtaining C2 certification is a long and complex task, and Microsoft are pushing hard for complete certification. Windows NT has passed the Orange Book certification process (for a standalone PC, not connected to a network) and is on the DOD’s official list of evaluated products. At the time of writing, Windows NT 4.0 is undergoing Red and Blue book evaluations.

Read More…Windows NT Security Systems

Advertisements

Windows 8 Consumer Preview: All Apps Comes Of Age March 1, 2012

Posted by John Ruby in BlogoSphere, Microsoft, Paul Thurrott, Software, Windows 8.
Tags: , , , , , , , , , , , , , , , , , , , ,
add a comment

 

Windows 8 Consumer Preview: All Apps Comes Of Age

homepage

If you’re familiar with Windows Phone, you know that this system presents a dual view user experience, with a primary screen called the Start screen that is filled with pinned tiles and a secondary screen called All Apps that lists every single app installed on the device. In the Windows 8 Developer Preview, however, only the Start screen was readily available. To get to All Apps, curiously, you needed to instantiate a search.

Guess what just got a lot easier?

In the Windows 8 Consumer Preview, Microsoft has fixed All Apps, making it much easier to access and, as important, making it even more useful than the similar feature in Windows Phone.

To access All Apps from the Start screen, swipe up from the bottom of the screen to reveal the new App Bar and then tap the All Apps button. (With the keyboard, you can tap WINKEY + Z. Or, with a mouse, just right-click the Start screen.)

ss_app_bar

The new All Apps interface, shown below, includes a few improvements, too.

all_apps

First, as you install new applications, the All Apps screen will segregate each of the app’s various executables into groups so that they’re together. As you can see above, there are groups for internal items (Windows Accessories) as well as applications that were installe separately by the user (Microsoft Office).

Also, the presentation is denser than it was in the Developer Preview, providing more apps onscreen at once.

Microsoft tells me, however, that one more change is coming. What’s missing, currently, is a way to easily get back to where you just were. So between the Consumer Preview an RTM, Microsoft will add an App Bar to the interface with a button to go back.

Note that you can still search for apps as before, and that’s true whether you’re in the Start screen or the All Apps view. To start a search, simply start typing any letter.

search

Windows 8 Consumer Preview: The True Story Behind the Missing Start Button March 1, 2012

Posted by John Ruby in BlogoSphere, Microsoft, Paul Thurrott, Software, Windows 8.
Tags: , , , , , , , , , , , , , , , , ,
add a comment

 

Windows 8 Consumer Preview: The True Story Behind the Missing Start Button

homepage

In the past few weeks, screen captures emerged showing that the Start button, a fixture in Windows since 95 when it debuted in Windows 95, would be removed from Windows 8. Enthusiasts acted as if it were a betrayal, a final nail in the coffin of the desktop UI they just know is being herded out to pasture.

None of it is true. Well, the Start button is being removed from the Windows 8 desktop, though as I wrote about in tongue-in-cheek fashion in Windows 8 Secrets: Windows 8 Is NOT Dropping The Start Button, any Windows logoed device or PC will have a Windows key (on the keyboard) or Windows key button (on the device itself) that will accomplish the same thing. What I couldn’t tell you at the time, sorry, was that this is only part of the story.

So here’s the true story behind the missing Start button in Windows 8.

iOS loophole gives developers access to photos, sources say a fix is coming | The Verge February 29, 2012

Posted by John Ruby in News and politics, Privacy, Security.
Tags: , , , , , , , , , , , , , , , , , , , ,
add a comment

 

iOS loophole gives developers access to photos, sources say a fix is coming | The Verge

Unlock-iphone-4-temp-rm-verge_large_verge_medium_landscape

Another day, another iOS security concern. Today’s confidence-defeating news comes from Nick Bilton at the New York Times. Bilton writes at the paper’s Bits blog that a loophole has been discovered in iOS which allows third-party developers access to your iPhone, iPad, or iPod touch’s photo and video location data… as well as the actual photos and videos themselves. It appears that if an app asks for photo location data on your device (and you approve the request for permission), that application will also be able to slurp down the photos and videos stored on your phone without any further notification. The Times report mirrors an earlier story from 9to5 Mac which detailed security issues on the platform.

We reached out to Apple about the issue, but the company declined to comment.

 

This story has clear echoes of that controversy, which came to light when a developer discovered that the app Path was downloading all of your device’s contact information to the company’s servers. In a follow-up report, we discovered that Path wasn’t the only app grabbing your info.