Mozilla Persona: Browser-side Authentication System

Posted by Unknown | September 28, 2012 | ,

Mozilla had announced the beta version of its long running web-scale identity system, Persona (formerly code-named BrowserID), which is aimed at entrenching privacy and secured web experience by utilizing authentication through existent email as against actual username and password.

Mozilla Persona differs from other authentication systems like OpenID in that it uses email address as identifier and fully integrated into the browser.

Persona takes precedence from the Verified Email Protocol system, which involves only the browser and compliant website.  It relies on public key cryptography on the browser-side without invoking the identity provider in the actual authentication process.

However, users will need create and verify an account on Persona.org by defining a password and adding one or more email addresses to their account. Thereafter, "Persona Authentication" would only take a two click process for already logged in users, while those not already logged in will need to enter their Persona details in the process.

Persona is built to naturally eliminate users tracking, which provides rest of mind for privacy conscious users, and at the same time ensuring secured access.

On the contrary, if users disclose their Persona details it can be used against them and to access all connected services. Mozilla, however, have iterated its plan to introduce two-factor authentication in later versions to beef-up security.

Developers have been called upon to contribute to the open source project. Whilst, Mozilla have promptly made available an extensive tutorial on What is Persona and How it Works.

Read More>>

Google Apps Drop Old Office Formats

Posted by Unknown | September 28, 2012 |

Google mid-week announced new updates to the Google Apps service which will take effect starting October 1. Google is dropping support for the older Microsoft Office (Office 97 - 2003) formats: .doc (Word), .xls (Excel), and .ppt (PowerPoint)  on the Google Docs.

The Google Docs to Microsoft Office exporting feature will only allow user download documents in the new Office formats: .docx, .xlsx, and .pptx. However, the ability to import Office files of any format to Google Docs remains unchanged.

Google Docs users who are still running the old Office 97 - 2003 versions have been afforded a free compatibility plugin by Microsoft which will allow them to open newer Office files.

And users of the Consumer Productivity Suite of Google Docs will continue to be able to export documents in the old Microsoft Office format, whereas support for the Commercial Productivity Suite have been discontinued.

Office document collaborator using the old Office format, being backward compatible, need not concern themselves whether a collaborator is using the new Office version, as the latest versions of the Suite is compatible to the old formats. But, the older version of the Suite is not compatible.

Read More>>

IE Vulnerability: Microsoft one-click Fix It

Posted by Unknown | September 20, 2012 |

Microsoft's Internet Explorer got a handful of critical exploitations earlier in the week. The zero-day vulnerabilities affects IE9 and older versions of the browser, the exploit allows remote code execution which could enable an attacker take control of a compromised system.

The exploit takes advantage of a "use-after-free" vulnerability, a vulnerability affecting mshtml.dll component of Internet Explorer.

The company has now provided a one-click work-around to the vulnerabilities, termed "Fix it for me", which affords an automatic fix to the vulnerabilities without requiring rebooting. The one-click automatic system does not affect browser sections while being implemented.

The "fix it" tool works by protecting the system from memory corruption, which security researchers have identified as the major entry mechanism for the exploits.

Microsoft has also scheduled an out-of-cycle security update to permanently fix the glitches for Friday. And users will be able to get the security patch through the Windows Update, while it will be automatic for those who have enabled automatic update.

Read More>>

Chrome "Do Not Track" Compliance

Posted by Unknown | September 14, 2012 | ,

The privacy policy proposal has now been embraced by virtually all leading internet technology vendors, with Microsoft even assuming a heightened dimension to it, purporting to making the do-no-track command the default setting on the next version of its browser IE10. Now, Chrome developers build released yesterday featured the revolutionary privacy option.

Google had earlier made known its decisions to bring comparative privacy options to users and implement a solution on its advertising systems as well. The "Do Not Track" feature, albeit, helpful in targeted advertising, appears exploitative to some segment of internet users, who maintains that choice to opt-out needed to be provided.

Advertisers, however, have expressed concern as to the actual implementation of the tracking restrictions, citing that it will thwart efforts to target advertising.

Before now, Google Chrome had remained the only major browser that did not implement the "Do Not Track" command. Mozilla first introduced the privacy mechanism in Firefox early 2011, with Opera and Internet Explorer later joining the train.

The privacy settings have been implemented in the Chromium developers channel and will be available in subsequent versions of Chrome.

Read More>>

Certificate Key Deadline Issued by Microsoft

Posted by Unknown | September 09, 2012 |

Microsoft has issued deadline about the necessary changes to Windows' certificate requirements in line with its scheduled automatic security update. Starting October 9, minimum key length for digital certificate supported by Microsoft must be at least 1,024 bits.

RSA digital certificate with key less than 1,024 bits will not be supported on the Microsoft platforms, hence administrators are required to update for the minimum certificate key length. Windows ActiveX Control would be blocked for any website without the required security certification level.

Microsoft Security Response blog noted that the changes will help improve security across the Windows platforms.

The company have made available a knowledge-base help in updating for the minimum certificate key length and detailed technicalities.

Microsoft effort to secure the Windows platform is paramount following the recent security breaches targeting the system. The company hopes the update to certificate key length requirements will help strengthen the Windows ecosystem.

Read More>>

New Microsoft Terms of Service: Privacy Twist?

Posted by Unknown | September 04, 2012 |

Microsoft cloud-storage offshoots have heralded new changes in the company's terms of service. Before now, Microsoft service agreement as regards its cloud offerings stated vividly that "Your files are not just bits to be synced, and certainly would not be scanned to serve advertising".

The new changes in the Microsoft service agreement read thus:

"When you upload your content to the service, you agree that it may be used, modified, adapted, saved, reproduced, distributed and displayed to the extent necessary to protect you and provide, protect and improve Microsoft product and services."

The above statement clearly portrays that the company intends full access to users data and rights to serve ads based on the available information thereby. Microsoft is perhaps treading Google's path, which have reserved the rights to allow it share users data across its cloud offerings.

Further more, Microsoft new service agreement terms explicitly acknowledged:

"For example, we may occasionally use automated means to isolate information from emails, chats, or photos in order to help detect and protect against spam and malware, or to improve the services with new features that make them easier to use."

The new changes in Microsoft terms of service also bears on actual word-rendering under "Privacy", the old stance on "Privacy" stated, that "Microsoft may access and disclose information about you"; whereas under the new heading, it clearly reads, "Microsoft may access, disclose, or preserve information associated with your use of the services, including (without limitation) your personal information and content, or information Microsoft acquires about you through your use of the services".

Also effected are changes in the legal rights, especially as it concerns U.S. users, the new agreement reads: "If you live in the United States, section 10 contains a binding arbitration clause and class action waiver. It affects your rights about how to resolve any dispute with Microsoft".

What this statement means is that Microsoft cloud services users in the U.S. cannot sue the company by a class action lawsuit, that is, any legal dispute with Microsoft must be resolved before a neutral arbitrator.

The new Microsoft terms of service will take effect starting October 19, 2012. Therefore, any user who does not find the above information comfortable must have to do away with the service now or leave the rest to Microsoft's whims.

Read More>>