Doing things a bit differently today since there’s so much linux news to be shared! So in the FOSS spirit, here’s this week in open source. Enjoy! Join the c… Video Rating: 4 / 5Related Posts:
Linux fans wondering why they still don’t have a friendly UEFI Secure Boot option for Windows 8 PCs won’t get a solution in hand this week, but they’ll at least get an explanation. The Linux Foundation’s primary backer for the alternative OS efforts, Parallels’ server CTO James Bottomley, has revealed that Microsoft’s requirements for signed, Secure Boot-ready code are tough if developers aren’t entirely onboard its train of thought. The Redmond crew demands a paper contract signature (remember those?), agreements on work beyond the relevant software and a packaging process that complicates attempts to use open-source tools. Bottomley has already overcome most of these challenges, although he’s still waiting for a Linux Foundation-specific key that should theoretically clear a major hurdle. Whether or not that leads to a remedy in days or weeks is up to Microsoft; in the meantime, we’ll take comfort in knowing that a signature is so far a convenience for booting into Linux, rather than a necessity.
Source: James BottomleyRelated Posts:
We know you’ve got questions, and if you’re brave enough to ask the world for answers, then here’s the outlet to do so. This week’s Ask Engadget inquiry is from Scott, who needs some peace of mind with his new laptop, since it doesn’t have a security slot. If you’re looking to ask one of your own, drop us a line at ask [at] engadget [dawt] com.
“I have a Lenovo U410, which doesn’t have a Kensington lock slot. Do you have any suggestions as to how to keep it physically secured? Thanks!”
Well, Scott, while it’s not the greatest situation, there are a few alternatives you might want to try. For example:
- Griffin’s TechSafe connects through the device’s hinge, and should do a job to deter casual thieves.
- There’s also Kensington’s laptop docking station, which also clips around your device’s display — but does require you to drill some holes through your desk.
Of course, that’s just our two cents, now it’s time for you lot out there to chip in with your own suggestions. If you’ve learned the secret to securing Kensington-free laptops, share your knowledge in the comments below.
Filed under: Laptops
If you’re the average Joe, you don’t let your Retina MacBook out of your sight. But what if you’re an IT guy with a fleet of these things to secure on a client site? What to do?
MacLocks has just launched a locking case for the Retina MacBook, allowing folks to snap down their laptops almost anywhere. The case actually envelops the MacBook and the looped cable then fits over a table leg or pillar.
To throw in a little added value, the MacBook Retina lock also elevates the MBP a bit, to help with the laptop cool down. Unfortunately, the skin adds about a pound when you’re using both the bottom and top portion together as a shell.
Ever since Apple stopped adding laptop lock ports to their MacBooks, locking these puppies up has been harder and harder. Arguably not many care to lock down their workstations on the road – it’s too much of a hassle, man! – but it’s nice to see someone is thinking about the cautious among us.
The new Retina MacLock is available now for $ 69.95.Related Posts:
Question by Ray R: How to Secure iPad for Enterprise Use as far as Network Security & Intrusion Detection are concerned? I’m looking for an alternative to iPad antivirus/anti-malware software in light of the fact that the device isn’t as secure as it’s made out to be. I’ll be using this at the enterprise level, so I require something that has the required government-grade encryption.
Answer by Adrian JohnsonUse an enterprise iPad VPN like Hidepad:
Its primary objective is to encrypt and anonymize your enterprise network (the one to which your iPad is connected) so that the integrity of your device is maintained across the company-wide (even worldwide) network.
This works on two levels:
(a) your IP and network addresses remain secure and undetectable (due to the inherent anonymity function of this software) and therefore immune to intrusion, hacking or breach attempts.
(b) you have a secure iPad for enterprise use without the need for additional antivirus software. That’s because to keep your core Apple OS safe online, you don’t need an antivirus software… just a network protection/surveillance software.
This way, any wireless threats are handled externally, at the network level, before they get a chance to affect your Apple iPad.
I have deployed this exact solution across 4 of my company concerns and it’s doing its job well.
Know better? Leave your own answer in the comments!Related Posts:
Here’s one for today’s “Yeah, I probably should’ve thought of that” pile.
If you’ve got anything even remotely private on your phone (and who doesn’t? Your phone has access to your email, and thereby access to everything else), you’ve hopefully got a security PIN on the lockscreen. But which numbers should you use? 4 unique numbers would be most secure, right? Not quite, and here’s why: we’ve got nasty, nasty fingers.
While 4 unique digits (each an unknown digit from 0-9) might seem like the most secure option for a 4 digit pin (with 10,000 possibilities), our greasy mitts introduce a bit of an issue: our fingerprints.
(Before we dive in: Cheers to Skeleton Key Security for bringing this up and Presh Talwalker for having done the math a bit earlier. I’d highly recommend either for a deeper dive into the subject.)
Go ahead: punch in your pin, lock the phone again, and tilt the phone a bit until the light catches the oil residue. A huge chunk of the time, you’ll see big ol’ globs of finger-juice sittin’ right on top of the 4 numbers that make up your PIN. When a would-be intruder knows the 4-digits used (as they would gather from the placement of your prints), they only need to figure out the combination. The number of possibilities drops from 10,000 to 24.
So, what are you to do? Use one of the numbers twice.
By using one digit twice, you’re introducing two challenges: first, the intruder must guess whether you used 4 unique digits (and one of the digits just didn’t smudge clearly), or 3 digits with 1 repeated. If they go with the latter, they’ll need to figure out which of the 3 digits was used twice. This increases the number of permutations from 24 to 36. It’s not at all intuitive, but using one less unique digit actually makes things marginally more secure.
“But wait,” you say. “24 to 36 isn’t a huge jump. If they’ve got the time to try 24 possibilities, they’ve got the time to try 36.”
This is absolutely true… unless you’ve got a cap on the number of times they can make a guess before your phone wipes itself. If they’ve got 10 tries and 24 options, they’ve got a 41% chance of getting it right. If they’ve got 10 tries and 36 options, this dumps down to 27%.
Sure, the improvement is arguably slight — but better security is better security. Or, if you’re particularly hardcore, you could disable the Simple Password and have access to a full keyboard. That’s pretty painful, though.
(Side note: Apple [or anyone else with a touchscreen-based PIN input system] could actually make the 4-digit system exponentially more secure with an option to randomize the placement of each digit on the keypad each time. This would negate the fingerprint issue, spiking the possible count back up to 10,000. Of course, this would also be terribly confusing and definitely shouldn’t be enabled by default.)
Intel’s NFC aspirations are hardly a secret. The company showed off a Medfield-powered tablet at IDF sporting the tech and it’s partnered with MasterCard — promising to bring PayPass checkouts to Ultrabooks. Now Chipzilla is putting the final pieces of the equation in place by landing a licensing deal with Inside Secure. The company specializes in contactless payment systems and will be lending its Microread, Securead and Open NFC products to Intel for future chips. While it’s a safe assumption that we’ll be seeing NFC pop up in Ultrabooks, it’s also going to be an essential ingredient if the Santa Clara crew ever hopes to make x86 a player in the smartphone scene. We’ve still got a while to go before near field communication becomes truly ubiquitous, but this is one more step in the right direction. Check out the PR after the break.
Continue reading Intel enters licenseing deal with Inside Secure for NFC tech
PermalinkRelated Posts: | | Email this | Comments
If you can’t tell if a Rolex or a knockoff Prada bag is fake, your NFC-enabled smartphone will be able to. Toking on a long-standing problem with counterfeiting, French company Inside Secure has released the Vault150 security module, a NFC-based chip that can be embedded into any product a retailer might wish to have authenticated by prospective buyers. This could become as easy as literally embedding the chip, as NFC chips require no power source, can collect RF energy from an NFC reader such as a smartphone and complete an authentication request for a potential buyer.
For more intricate products where the chip might have to be buried deeper, Inside Secure has also offered several antenna options that allow the chip to be placed well within an item and still communicate with an NFC reader. In cases where a module needs to be embedded in items like a bottle of wine or pair of shoes, the chip can use a slew of voltage, frequency or temperature change sensors to sense if someone has tried to alter the chip’s information and return a warning from there. Along with authentication purposes, the devices could also ping a shopper’s handset (in addition to doing cool things like opening doors) when they came within a certain range of a product, informing them as to the savings they might be about to pass by. Final pricing and availability has yet to be announced and there’s no guarantee that this will spot every fake, but it’ll probably be better at the task than the current champ (yes, Chumlee).
Continue reading Inside Secure announces NFC chips to help distinguish knockoffs from the real thing
PermalinkRelated Posts: | | Email this | Comments
Microsoft is looking to hire a software design engineer to help the company secure its Windows Phone devices.
The software giant posted an advert inviting engineers to “help make Windows Phones the most secure phones on the market,” on Thursday. The job listing comes in the same week that iOS 5 struggles with two serious flaws that allow users to bypass the lock screen. CNET reported on Wednesday that the iPhone 4S Siri feature allows anyone to use a device to send emails, SMS and make calls even if a passcode is set on the device. Some iPhone 4S users have also reported that they can access the address book, photos and calendar on the device using Siri. Another serious flaw hit Apple’s iPad 2 device running iOS 5 this week. 9to5mac report that anyone with a Smart Cover accessory can break into an iPad 2. 9to5mac confirm that the issue is present in iOS 5 and could also working on earlier versions of iOS 4.3 (see video below for a demo). A similar flaw affected Apple’s iPhone 4 device around a year ago, allowing users to access devices after bypassing the lockscreen.
Microsoft is aiming to create the next generation of security software for Windows Phones. The software maker wants to ship the most secure phone the market has ever seen. Microsoft is currently fighting off enterprise adoption of iPhone, iPad and Android devices thanks to the secure and business oriented nature of Microsoft’s products. Security flaws are a major factor for enterprise and business adoption and a big reason why some businesses opt for third party products like GOOD to provide email, calendar and contacts to “consumer” devices. A large majority of enterprise customers choose RIM’s BlackBerry infrastructure and devices for their employees but Microsoft is clearly attempting to ship a more secure ecosystem with Windows Phone:
“We want your passion for shipping secure devices, technical depth, drive for breaking code and finding security holes. If you’re looking for your next move, or just looking to be involved in the ‘next big thing’ you should be talking to us. We can help bring out the best in you and you help bring out the best in our products.
The Mobile OS Platform group is looking for talented SDETs with a passion for shipping next generation of secure software for mobile phones. As a member of the security team, you will find yourself working on cutting edge fuzzing technology, pentesting, and other security tools to help us ship the most secure phone the market has ever seen. You’re expected to stay at the top of all current exploits and work closely with MSEC to react to all new found exploits. You’ll also have the opportunity to attend known security conferences.”
Thanks to WinRumors reader Simon for the news tip
Microsoft looking to secure Windows Phone as Apple suffers iOS 5 flaws originally appeared at WinRumors.com.
Microsoft chose to directly respond to confusion surrounding its Windows 8 Secure Boot feature on Thursday.
Microsoft’s Windows chief, Steven Sinofsky, admitted there had been some comments recently that “synthesize scenarios that are not the case” around Microsoft’s work with UEFI. Redhat employee Matthew Garrett speculated that OEM machines that ship with copies of Windows 8 may lock out support for Linux installations. Garrett highlighted Microsoft’s new Secure Build OEM requirements for Windows 8 systems. Sinofsky rejected the claims in a blog post on Thursday and stated that Microsoft is simply taking advantage of new technologies to improve the security of Windows. “We are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available,” said Sinofsky.
Tony Mangefeste on Microsoft’s Ecosystem team revealed that Microsoft is working closely with its OEM partners to improve the security experience of Windows. “Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secured boot,” says Mangefeste. ”We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.” Mangefeste believes the customer is ultimately in control of their PC. “Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility.”
Microsoft chose to highlight the flexible approach by reminding people that the Samsung tablet, with Windows 8 Developer Preview, handed out at BUILD contains the ability to disable the firmware Secure Boot feature. “OEMs are free to choose how to enable this support,” says Mangefeste. “Windows merely did work to provide great OS support for a scenario we believe many will find valuable across consumers and enterprise customers.” Microsoft summarized its work with UEFI:
- UEFI allows firmware to implement a security policy
- Secured boot is a UEFI protocol not a Windows 8 feature
- UEFI secured boot is part of Windows 8 secured boot architecture
- If desired, Windows 8 utilizes secured boot to ensure that the pre-OS environment is secure
- Secured boot doesn’t “lock out” operating system loaders, but is is a policy that allows firmware to validate authenticity of components
- OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
- Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows
Image Credit: Microsoft Corporation
Microsoft clears up Linux confusion over Windows 8 Secure Boot feature originally appeared at WinRumors.com.