SITEMETER


In the News


  • 2005-04-14:

    PKI in the News
    Diffie: Infrastructure a disaster in the making

    Part 2: Diffie, now chief security officer, vice president and a fellow at Sun Microsystems, explains why Windows' spread into critical infrastructure is dangerous and how use of elliptical curve cryptography will grow with the proliferation of smaller, integrated mobile devices.
    more...


    PKI in the News
    Hellman: Authentication at every access point

    Part 1: Hellman, now professor emeritus of electrical engineering at Stanford University, explains why phishing is one of the biggest threats we face, why strong authentication is needed at every access point and why security add-ons won't do much to ease the threats of cyberspace.
    more...


    2005-03-29:

    RMS in the News
    Patricia Seybold Group Identifies Liquid Machines as Leader in the Enterprise Rights Management Market

    "Liquid Machines' Solutions for Managing Digital Rights on Electronic Desktops: Tracking How Customers and Business Partners are Distributing Content across the Web" (Patricia Seybold Group - March 2005) discusses the suitability of Liquid Machines ERM products to the growing enterprise need for a rights-management solution that can protect their sensitive and high-value documents, prevent information leakage, and eliminate potential violation of compliance regulations. The report identifies many key differentiators of Liquid Machines ERM solutions' including its Policy Droplet? control, technology superiority in the area of policy enforcement and persistence, and strategic partnership with Microsoft® to extend Windows® Rights Management Services.
    more...


    2005-03-27:

    VS and VPC in the News
    Virtual-Server Face-Off

    The year 2004 might very well become known as the year of virtualization. Initially, IT pros recognized the value of virtualization technologies in test and demo environments. However, with the advent of ever more powerful systems coupled with continued improvements in virtual machine (VM) technologies, virtualization has since become a production-level technology that enables server consolidation.
    more...


    IdM in the News
    Microsoft Preps Move on ID Management

    Observers say Microsoft's intent is to centralize some identity services and make it easier to deploy its identity platform by reducing the amount of integration end users must do and giving developers one point where they can tie their applications to the identity platform.
    more...


    PKI in the News
    RSA Security Solutions Adopted for PSP (PlayStation®Portable)

    i-Newswire, 2005-03-25 - RSA Security Inc. ( Nasdaq: RSAS ) announced today that it has licensed RSA BSAFE® Secure Sockets Layer ( SSL ) and public key infrastructure ( PKI ) products to Sony Computer Entertainment Inc. ( SCEI ), to provide a secure interactive environment for software title developers and publishers creating game titles for its new PSPTM ( PlayStation®Portable ) handheld entertainment system.
    more...

« April 2005 | Main

April 28, 2006

Virtual Server 2005 R2 Service Pack 1 Beta 1 Is Now Available!

A beta of Virtual Server 2005 R2 service pack 1 is available today for download. Virtual Server 2005 R2 service pack 1 will support the hardware virtualization capabilities developed by AMD and Intel. By supporting both AMD Virtualization and Intel Virtualization Technology, customers will be provided better interoperability, strengthened isolation to prevent corruption of one virtual machine from affecting others on the same system, and improved performance for non-Windows guest operating systems. The beta of Virtual Server 2005 R2 service pack 1 is available at www.microsoft.com/virtualserver.

Microsoft will have two betas of Virtual Server 2005 R2 SP1. Beta 2 is scheduled for calendar Q4, with general availability in Q1 2007.

Beta 1 of Virtual Server 2005 R2 service pack 1 includes:

- Intel Virtualization Technology compatibility
- Host Clustering technical white paper and the VB script

Beta 2 is planned to include the features of Beta 1 plus:

- AMD Virtualization Technology compatibility
- Active Directory integration and management features
- Volume Shadow Service

The Beta 1 download is available via Microsoft Connect. Select the Virtual Server 2005 R2 SP1 Beta program from the list of available programs that appear here:
https://connect.microsoft.com/availableprograms.aspx.

Posted by Paul Adare at 08:42 PM

April 21, 2006

Interesting RMS Issue

So I'm working on an RMS deployment for a customer and we ran into a weird issue that up until now I'd never seen before so I thought that I'd share the problem and what we finally discovered to be the cause of the problem.
Problem Description
If a user, let's call her Alice since RMS is a cryptographic application, created a piece of protected content using the built-in Office protection methods (IOW not using a custom template) and assigned another user, say Bob, a specific set of limited rights on the content, when Bob opened the content, rather than having the limited rights assigned appeared to have full control of the content. Now if Bob were to create a piece of protected content, and assigned limited rights to Carol, when Carol opened the protected content, she had the correct rights assigned. Similarly, if Carol assigned rights on content to Bob, everything worked as expected. If Bob or Carol assigned rights on content to Alice, Alice had the correct rights when opening the content. So the problem only occurred when Alice was protecting content. Finally, if Alice protected content using a custom template, everything worked as expected.
Examining the EULs issued to Bob or Carol showed that regardless of the protections assigned by Alice, Bob and Carol had the OWNER right, which is similar to NTFS full control, in the EUL.
Cause and Resolution
After opening a case with Microsoft's CSS we discovered what was causing this problem. The customer uses the email attribute of security groups to list the email address of the owner of each group. They do this so that they have a point of contact for adding user accounts to the group in question. This was the cause of the problem we were seeing. It turned out that Alice was the owner of a group that contained Bob and Carol and because of the practice of adding the group owner's email address to the email attribute of the group anyone who was a member of that group was being granted OWNER rights to the content. Removing Alice's email address from the email attribute of the group, and flushing RMS' group cache resolved this problem.

The other side effect of this issue is that any member of a group that contained Alice's email address in the email attribute would have OWNER rights on the content, even if they had not been specifically assigned rights on the content.

The reason that this behaviour did not appear when using custom templates is that the templates used the special RMS group Anyone which obviously doesn't have an email attribute.

The customer in question is going to fix up the security groups that affect their pilot deployment, however, this behaviour may well prevent them from pursuing a broader deployment of RMS.

Hope this helps.

Posted by Paul Adare at 05:29 AM

April 19, 2006

Want the Performance Improvements in Virtual Server 2005 R2 But Still Want to Use Virtual PC 2004?

In addition to some new features (host based clustering using iSCSI, x64 support, etc.) VS 2005 R2 also includes some fairly significant performance improvements. What if you're running, and want to keep on using VPC 2004 but you'd still like to have the performance improvements that VS 2005 R2 provides? Now that VS 2005 R2 is free, there is a simple solution to this problem. If you install VS 2005 R2 on a system that already has VPC 2004 installed, a number of components that are shared between the two products will be installed and will then be available to VPC 2004. These shared components contain most of the performance improvements in VS 2005 R2 and as such will be available to VPC 2004 after installing VS 2005 R2. Note that if you don't plan on using VS 2005 R2 you don't need to have IIS installed before installing VS 2005 R2. Also note that you won't get any of the new features as these are all VS specific, however, you will get the benefit of the performance improvements.
This will also allow you to take advantage of the latest version of the Virtual Machine Additions which ship with VS 2005 R2. To use the new Additions you can either manually mount the ISO from Program Files\Microsoft Virtual Server\Virtual Machine Additions in a VPC guest or, if you want to be able to install the updated Additions using the Action menu item in VPC, copy the VMAdditions.iso file from that folder to the Program Files\Microsoft Virtual PC\Virtual Machine Additions folder, replacing the existing Additions ISO.

Posted by Paul Adare at 04:37 AM | Comments (2)

April 18, 2006

Microsoft Executive Circle Webcast: Security360 with Mike Nash: Building a Secure, Connected Infrastructure with Digital Certificates

Brian Komar, my business partner, is Mike Nash's guest on today's Microsoft Executive Circle Webcast. Should be a good one!

Posted by Paul Adare at 06:52 AM

IdentIT Inc. Finally Has A Decent Web Site

Brian and I decided that it was finally time for IdentIT Inc. to have a proper web site so I built and published one. The URL is http://www.identit.ca.

Posted by Paul Adare at 06:48 AM

I'm Back!

So after an extended absence, that I'm sure most folks have not even noticed, I've decided to try to keep my blog up to date. There, didn't that make your day?

Posted by Paul Adare at 06:13 AM | Comments (2)