« First...102030...2,2392,2402,2412,2422,243...2,2502,2602,270...Last »

Microsoft Reveals Tougher Email Encryption After Google Remarks

Posted on by

July 1, 2014

Peter Suciu for redOrbit.com Your Universe Online

Last month Google Inc. called out rival email providers for not providing enough encryption for their respective users email accounts. Some of those rivals apparently took notice and quickly addressed the issue. On Tuesday Cnet reported that Microsoft unveiled tougher encryption standards for its web-based email and some cloud services.

Googles latest transparency report suggested that less than 50 percent of emails received by Google users through its Gmail service from Microsofts Hotmail, Live and MSN were in fact encrypted. Now Microsoft is implementing a series of changes that will provide better protection from potential prying eyes. Microsofts email services Outlook.com, Hotmail.com, Live.com and MSN.com are now secured via Transport Layer Security (TLS) protections, and this is meant to ensure that communications through these web-based programs are safe and secure.

We are in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services, Matt Thomlinson, vice president for trustworthy computing security at Microsoft, wrote in a blog post on Tuesday. Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data.

Thomlinson noted that the TLS encryption will be provided to both inbound and outbound email; and it will be encrypted and better protected as the email travels between Microsoft and other email providers.

There is a catch, however.

Of course, this requires their email service provider to also have TLS support, Thomlinson added.

Cnets Seth Rosenblatt reported that Comcast and Microsoft are already in the process of implementing TLS for their webmail services.

Outlook.com users will further get an extra level of security, as Microsoft announced that it has also enabled Perfect Forward Secrecy (PFS) encryption support for both sending and receiving of email between providers. This also utilizes a different encryption key for every connection, which the software giant claimed would make it more difficult for attackers to decrypt connections.

See more here:
Microsoft Reveals Tougher Email Encryption After Google Remarks

Microsoft Boosts Outlook.com, OneDrive Encryption

Posted on by

Microsoft has boosted encryption for Outlook.com and OneDrive.

Several months after pledging to beef up encryption across its services, Microsoft today announced some new security protections for Outlook.com and OneDrive.

Redmond has rolled out Transport Layer Security (TLS) on Outlook.com for inbound and outbound email. "This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers," Microsoft said, provided the recipient's email service also has TLS support.

Microsoft said it coordinated with several international providers - like Deutsche Telekom, Yandex, and Mail.Ru - over the last six months to make sure its solution worked.

The company is also rolling out Perfect Forward Secrecy (PFS) for Outlook.com and OneDrive. "Forward secrecy uses a different encryption key for every connection, making it more difficult for attackers to decrypt connections," said Matt Thomlinson, vice president of Trustworthy Computing Security at Microsoft.

PFS, which Twitter rolled out last year, will be on by default for those who access OneDrive via onedrive.live.com, the OneDrive app, and Microsoft's sync clients.

Other security upgrades made over the past few months, meanwhile, include enhanced message encryption in Office 365 and ExpressRoute for Azure, which enables businesses to create private connections between Azure data centers and infrastructure on their premises or in a co-location environment.

Microsoft's push for enhanced security came in the wake of the Edward Snowden leaks, and accusations that the National Security Agency (NSA) was spying on data traveling between the data centers of top companies like Google and Yahoo, which has also rolled out more robust encryption.

See the article here:
Microsoft Boosts Outlook.com, OneDrive Encryption

Open source in local government, and other unicorns

Posted on by

Oligopolies are unhealthy. When a small number of firms dominates a market, customers are left with a dearth of choice, and in the worst cases the dominant firms collude to raise prices.

And oligopoly describes fairly accurately the situation regarding software procurement within UK government. In fact, when it comes to office software monopoly might be a more appropriate description: its basically Microsoft or Microsoft. Its estimated that UK government departments have spent over 200m of public money on Microsoft Office applications since 2010.

Cabinet Office Minister Francis Maude admitted earlier this year: The software we use in government is still supplied by just a few large companies. A tiny oligopoly dominates the marketplace.

And Microsofts dominance of Whitehall appears at first glance to be reflected too in local government. When Computing spoke to Jos Creese, CIO of Hampshire County Council, and holder of one of the largest IT budgets in local government according to one inside source, he explained that Microsoft works out cheaper than open source alternatives.

We use Microsoft [for our desktops], said Creese. Each time weve looked at open source for desktop and costed it out, Microsoft has proved cheaper.

He explained that this is because most staff are already familiar with Microsoft products, and that they work well with the thin client model employed at Hampshire council. But its also partly down to Microsoft itself.

Microsoft has been flexible and helpful in the way we apply their products to improve the operation of our frontline services, and this helps to de-risk ongoing cost. The point is that the true cost is in the total cost of ownership and exploitation, not just the licence cost.

And Creese isnt alone in his attachment to Microsoft. Alan Shields, architect team manager at Cambridgeshire County Council, says: It is incredibly difficult to get away from the stranglehold of Microsoft products, and we are planning to reinforce this by entering into an Enterprise Agreement with Microsoft later this year.

Similarly, you wont find much open source running in the offices of the Royal Borough of Windsor & Maidenhead council. Rocco Labellarte, the organisations CIO, explains that a trial of productivity software suite Open Office was ultimately unsuccessful as it wasnt sufficiently compatible with other tools.

And other open source software was dismissed for different reasons.

Link:
Open source in local government, and other unicorns

Security of open source in a post-Heartbleed world

Posted on by

The open source horse has bolted and organisations must scrutinise their network security to ensure the use of such software doesn't put data at risk.

That was the consensus of IT leaders speaking at Computing's Enterprise Security and Risk Management Summit, which took place at the London Tower Bridge Hilton Hotel.

During a panel discussion on the subject of "Keeping up with the security threats of today: can you future-proof your business?", Computing editor Stuart Sumner asked whether the participants were more doubtful about the security of open source software in the post-Heartbleed world.

"I think it's horses for courses. Open source needs more scrutiny," said Barry Coatesworth, chief information security officer for New Look.

"There are pros and cons. But I think it boils down to what's the habitat, where's the business going, is it cost saving to use open source? So it's swings and roundabouts," he added.

Marc Lueck, director of global threat management at publishing company Pearson, continued with the horse theme, using it to suggest open source is already out there in the enterprise and that it's something that security personnel need to take into account when managing risks and networks.

"I'd add to that using a horse analogy; the stable door is open and the horse has bolted. We don't have the opportunity to change our minds now, we're using open source, that decision is made," he said. "We now need to figure out how to fix it, how to solve it, how to protect ourselves from decisions that have already been made."

However, Ashley Jelleyman, head of information assurance at BT, took the view that no matter what sort of software is being used, it still has to be properly evaluated for security.

"I think the real issue is not whether it's open source or closed source, it's actually about what you do with it and how you actually evaluate it to make sure it's fit for purpose. It's have we checked this through, are we watching what it's doing?," he said.

"One of the things we can look at - whether it's open source or closed source software - is whether it's doing things that are expected, it's about having an eye on not just the software but the whole network around it, it's environment, to make sure you're not seeing shed loads of data disappearing out of your extranet for no good reason," Jelleyman added.

Read the original here:
Security of open source in a post-Heartbleed world

Tools catch security holes in open source code

Posted on by

Maria Korolov | July 2, 2014

Given its prevalence, open source code is virtually impossible to avoid, but the proper steps need to be taken address its vulnerabilities.

This year has been the best of times and the worst of times for open source code and security.

On the one hand, the latest survey by Black Duck Software and North Bridge Venture Partners shows that 72 percent of industry professionals prefer open source software because it's more secure than proprietary solutions.

On the other hand, Heartbleed exposed a security flaw in the widely-used, open source OpenSSL encryption tool that affected more than half a million websites. Also this spring, TrueCrypt unexpectedly shut down, citing "unfixed security issues" on its SourceForge page, and a critical bug in Linux, GnuTLS, was finally exposed after having been undiscovered for more than 10 years.

Open source software is widely used in business in webservers running Linux and Apache, in databases, in the Android operating system, in code libraries used by enterprise developers, and embedded into commercial software packages.

Avoiding open source completely is not an option, but blindly trusting the open source community to fix all mistakes is also problematic.

One solution is to use automated code-scanning tools to scan code for known vulnerabilities and common programming errors. Fortunately, the automated tools are getting better every year.

Trust, but verify Over the past few years, more than 5,000 security vulnerabilities have been found in open source code, according to the National Vulnerability Database.

Ideally, a company would check each of these vulnerabilities against the open source software packages it uses, plus against the open source software used inside commercial packages, and even against pieces of code that their own programmers copied off the Internet.

View original post here:
Tools catch security holes in open source code

Edward Snowden ‘applies to extend asylum in Russia for another year’

Posted on by

Application was made a month before his one-year asylum was due to expire Comes as mystery surrounds his one-month stay in Hong Kong Snowden earlier said he had applied for asylum in several other countries

By Steve Hopkins

Published: 05:35 EST, 1 July 2014 | Updated: 09:13 EST, 1 July 2014

31 shares

23

View comments

Whistleblower Edward Snowden has filed an official petition to extend his asylum in Russia for another year.

Snowden, who fled to Moscow on June 23, made the request to The Federal Migration Service a month before his current one-year asylum was due to expire.

If granted, Snowden, 31, will be able to remain in Russia for another year, according to The Moscow Times.

Scroll down for video

See more here:
Edward Snowden 'applies to extend asylum in Russia for another year'

US authorised NSA to spy on BJP in 2010: Edward Snowden

Posted on by

WASHINGTON: America's top spy agency was authorised by a US court in 2010 to carry out surveillance on the BJP along with five other political organisations across the globe, including Egypt's Muslim Brotherhood and Pakistan Peoples Party, according to a classified document.

BJP figures in the list of foreign political parties along with Lebanon's Amal, the Bolivarian Continental Coordinator of Venezuela, Egypt's Muslim Brotherhood, Egyptian National Salvation Front and the Pakistan Peoples Party for whom the National Security Agency (NSA) had sought permission to carry out surveillance, says the document made public by The Washington Post yesterday.

The document lists the 193 foreign governments as well as foreign factions and other entities that were part of a 2010 certification approved by the Foreign Intelligence Surveillance Court. The list includes India.

"These are the entities about which the NSA may conduct surveillance, for the purpose of gathering foreign intelligence," the paper said, citing documents provided to it by former NSA contractor Edward Snowden.

It said each year a new certification must be approved by the court to permit such surveillance under Section 702 of the FISA Amendments Act.

"Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information 'concerning' all but four countries, according to top-secret documents," The Post reported.

The four countries are Britain, Canada, Australia and New Zealand.

The certification of surveillance also includes other international organisations like World Bank, IMF, the European Union and the International Atomic Energy Agency.

"The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so," The Post said.

Without specifically responding to questions related to surveillance on India and the BJP in particular, NSA spokesperson Vanee' Vines told PTI that the agency collects foreign intelligence based on specific intelligence requirements set by the President, the Director of National Intelligence, and departments and agencies through the National Intelligence Priorities Framework.

Visit link:
US authorised NSA to spy on BJP in 2010: Edward Snowden


« First...102030...2,2392,2402,2412,2422,243...2,2502,2602,270...Last »