SITEMETER


In the News


  • 2005-04-14:

    PKI in the News
    Diffie: Infrastructure a disaster in the making

    Part 2: Diffie, now chief security officer, vice president and a fellow at Sun Microsystems, explains why Windows' spread into critical infrastructure is dangerous and how use of elliptical curve cryptography will grow with the proliferation of smaller, integrated mobile devices.
    more...


    PKI in the News
    Hellman: Authentication at every access point

    Part 1: Hellman, now professor emeritus of electrical engineering at Stanford University, explains why phishing is one of the biggest threats we face, why strong authentication is needed at every access point and why security add-ons won't do much to ease the threats of cyberspace.
    more...


    2005-03-29:

    RMS in the News
    Patricia Seybold Group Identifies Liquid Machines as Leader in the Enterprise Rights Management Market

    "Liquid Machines' Solutions for Managing Digital Rights on Electronic Desktops: Tracking How Customers and Business Partners are Distributing Content across the Web" (Patricia Seybold Group - March 2005) discusses the suitability of Liquid Machines ERM products to the growing enterprise need for a rights-management solution that can protect their sensitive and high-value documents, prevent information leakage, and eliminate potential violation of compliance regulations. The report identifies many key differentiators of Liquid Machines ERM solutions' including its Policy Droplet? control, technology superiority in the area of policy enforcement and persistence, and strategic partnership with Microsoft® to extend Windows® Rights Management Services.
    more...


    2005-03-27:

    VS and VPC in the News
    Virtual-Server Face-Off

    The year 2004 might very well become known as the year of virtualization. Initially, IT pros recognized the value of virtualization technologies in test and demo environments. However, with the advent of ever more powerful systems coupled with continued improvements in virtual machine (VM) technologies, virtualization has since become a production-level technology that enables server consolidation.
    more...


    IdM in the News
    Microsoft Preps Move on ID Management

    Observers say Microsoft's intent is to centralize some identity services and make it easier to deploy its identity platform by reducing the amount of integration end users must do and giving developers one point where they can tie their applications to the identity platform.
    more...


    PKI in the News
    RSA Security Solutions Adopted for PSP (PlayStation®Portable)

    i-Newswire, 2005-03-25 - RSA Security Inc. ( Nasdaq: RSAS ) announced today that it has licensed RSA BSAFE® Secure Sockets Layer ( SSL ) and public key infrastructure ( PKI ) products to Sony Computer Entertainment Inc. ( SCEI ), to provide a secure interactive environment for software title developers and publishers creating game titles for its new PSPTM ( PlayStation®Portable ) handheld entertainment system.
    more...

April 21, 2006

Interesting RMS Issue

So I'm working on an RMS deployment for a customer and we ran into a weird issue that up until now I'd never seen before so I thought that I'd share the problem and what we finally discovered to be the cause of the problem.
Problem Description
If a user, let's call her Alice since RMS is a cryptographic application, created a piece of protected content using the built-in Office protection methods (IOW not using a custom template) and assigned another user, say Bob, a specific set of limited rights on the content, when Bob opened the content, rather than having the limited rights assigned appeared to have full control of the content. Now if Bob were to create a piece of protected content, and assigned limited rights to Carol, when Carol opened the protected content, she had the correct rights assigned. Similarly, if Carol assigned rights on content to Bob, everything worked as expected. If Bob or Carol assigned rights on content to Alice, Alice had the correct rights when opening the content. So the problem only occurred when Alice was protecting content. Finally, if Alice protected content using a custom template, everything worked as expected.
Examining the EULs issued to Bob or Carol showed that regardless of the protections assigned by Alice, Bob and Carol had the OWNER right, which is similar to NTFS full control, in the EUL.
Cause and Resolution
After opening a case with Microsoft's CSS we discovered what was causing this problem. The customer uses the email attribute of security groups to list the email address of the owner of each group. They do this so that they have a point of contact for adding user accounts to the group in question. This was the cause of the problem we were seeing. It turned out that Alice was the owner of a group that contained Bob and Carol and because of the practice of adding the group owner's email address to the email attribute of the group anyone who was a member of that group was being granted OWNER rights to the content. Removing Alice's email address from the email attribute of the group, and flushing RMS' group cache resolved this problem.

The other side effect of this issue is that any member of a group that contained Alice's email address in the email attribute would have OWNER rights on the content, even if they had not been specifically assigned rights on the content.

The reason that this behaviour did not appear when using custom templates is that the templates used the special RMS group Anyone which obviously doesn't have an email attribute.

The customer in question is going to fix up the security groups that affect their pilot deployment, however, this behaviour may well prevent them from pursuing a broader deployment of RMS.

Hope this helps.

Posted by Paul Adare at 05:29 AM

April 19, 2005

Microsoft Windows Rights Management Services (RMS) with Service Pack 1 (SP1) Released

RMS SP1 has been released and is available for download from here. SP1 introduces some significant changes for RMS and if you're working on a deployment of RMS, or if you've already deployed it, you really should start evaluating and working with SP1 right now. The product team has done a great job at making the deployment of SP1 pretty painless and because of their efforts it is entirely feasible to stage the SP1 deployment as you see fit. SP1 and RTM can peacefully coexist.
I'll talk some more about the changes in SP1 in the near future, but for now here are the top 10 reasons (from Microsoft) to download and install SP1 now:


Posted by Paul Adare at 04:18 AM

April 01, 2005

TechEd Session on RMS

I just picked up another session at TechEd (in addition to my session on Virtual Server and the Virtual Server Migration Toolkit). I will be presenting SVR311: Rights Management Services (RMS) Design and Deployment Best Practices. Here is the abstract for this session:
Add to your RMS toolkit today by learning about best practices around planning, design, deployment and management for RMS. What are the common challenges that can be avoided? What are best practices around disaster recovery? This session also includes recommendations for migrating systems from v1 to SP1 and for operating in a mixed v1/SP1 environment. Finally, it provides you with a list of scenarios that are enabled by our partners to help you deploy RMS.
Service Pack 1 for RMS is right around the corner, and the solutions that Microsoft partners are coming up with to extend RMS are pretty exciting. I'm really looking forward to this session, so please drop by and bring your questions. I'll also be doing cabana duty during the week so if you can't make the session, or if you want a more in-depth discussion about RMS, please come by the cabanas during the week.

Posted by Paul Adare at 09:21 AM