security

Microsoft has been fighting off botnets and hackers for the last few years with Project MARS (Microsoft Active Response for Security). They have crippled major botnet networks including Waledac, Rustock, Kelihos, Zeus, Nitol, and Bamital.

Today, Microsoft plans to take their fight for web justice to the next level using their own cloud resources. The newly designed Windows Azure-based Cyber Threat Intelligence Program (C-TIP) allows computer emergency response teams to respond in near real time. TJ Campana, director of security in Microsoft’s Digital Crime Unit, stated that:

“(C-TIP) will allow organizations to have better situational awareness of cyber threats, and more quickly and efficiently notify people of potential security issues with their computers.”

Last Friday, Microsoft’s Orlando Ayala joined the Secretary of State of Telecommunications and Information Society of Spain to announce an agreement for the Spanish CERT, to become one of the first organizations to hook up with the company’s C-TIP service. The new technology will allow ISPs and CERTs to receive updated threat data every 30 seconds; the data will alert the organizations of any infected computers in their network or domain.

More →
-
loading...
-
loading...
-
loading...
-
loading...

Two-step authentication, the process whereby you use more than just a password to verify an account, is increasingly an important security tool desired by not just enterprise but consumers. Google has had with Gmail for a few years now, and Microsoft is on the cusp of releasing their version as well.

LiveSide.net is reporting that the service will be integrated into existing Microsoft Accounts (Outlook.com, Hotmail, etc.) though those with linked accounts may have to un-link and the re-link them to get it to work.

More →
0
loading...
0
loading...
0
loading...
0
loading...

A rag-tag group of privacy advocates, internet activists, journalists and organizations have banded together and have written an open letter to Skype, calling on the communications giant to "publicly document Skype’s security and privacy practices."

The letter, which is addressed to Skype Division President Tony Bates, Microsoft Chief Privacy Officer Brendon Lynch, Microsoft General Counsel Brad Smith, says that the members of the group who authored it rely on Skype to communicate under circumstances where privacy and security are imperative and that it would be doing them a great service to know just what they can expect.

More →
-
loading...
-
loading...
-
loading...
-
loading...

LastPass: When you have been on the internet for as long as we have and have as many passwords stored as we do, apps like LastPass get filed under “necessity” for immediate installation. The app has been on Windows Phone for some time but it was always kind of “meh”. That’s our technical lingo for saying it was missing features.

Luckily for us, the app has been bumped to version 1.9 and with a slight redesign and some added new features the app has become very useful for those who have amassed a tome of passwords over the years.

For those of you who aren’t familiar, LastPass (www.lastpass.com) is a service that acts as a password vault for your PC, Mac, Windows Phone…basically every platform out there today. You can use one master password which will allow you to login to the app and you can see everything.

More →
0
loading...
0
loading...
0
loading...
0
loading...
19

Tip: How to protect your Wallet in Windows Phone 8

Purchasing apps and games on a Windows Phone is an absolute breeze. Trials are a unique opportunity for developers to allow consumers to download and "try" their work before committing to a purchase. But with the speedy process in purchasing apps from the Store, should there be some level of protection for credit cards that are attached to a Microsoft Account?

Currently, anyone who has access to a Windows Phone that has a Microsoft Account loaded with valid credit cards for transactions can head into the Store and engage in a shopping spree - this isn't a good situation to be in but it can occur with children or other folk who borrow a smartphone for a few minutes. Luckily, Microsoft has a solution for this issue.

More →
0
loading...
0
loading...
0
loading...
0
loading...

Just two months after Microsoft bought up PhoneFactor to help bolster their enterprise security features, the company has released an official Windows Phone app that is on the Store now.

Simply called PhoneFactor, the app is rather modest in features but that’s a good thing as its job is rather to the point: to receive and manage authentication notifications sent to your phone...

More →
0
loading...
0
loading...
0
loading...
0
loading...

Did you know those using Facebook apps on their mobile devices can access your email address even if it's not displayed on your profile when checking the website? Most users of the social network don't.

Headlines have continuously attacked Facebook due to privacy concerns, confusing account settings and other monstrosities, but today we'll look at a quick tip on how to prevent your email address being available to contacts who can view your profile.

Just because your personal email address isn't viewable on the website when checking your profile via a web browser, don't be fooled into believing your friend's Windows Phone won't pull it down to his (or her) contact list. By default, it seems Facebook's settings are configured so email addresses are invisible to the 'timeline' but are still available and accessible by friends. So how does one configure email settings on Facebook to prevent them being accessed?

More →
0
loading...
0
loading...
0
loading...
0
loading...

Windows Phone currently suffers from a security vulnerability when synchronising email to and from POP3 / IMAP / SMTP servers using SSL, according to a recent filing over at the US-CERT (United States Computer Emergency Readiness Team) website. The issue is pinpointed to Microsoft's mobile OS not verifying CN (Common Name) of server certificates when connecting to servers using SSL.

More →
0
loading...
0
loading...
0
loading...
0
loading...

If only backing up was this easy

Continuing on with our series of Windows Phone how tos for those who are new to the platform, today we'll be looking at how to backup and restore our smartphones. Backing up is a chore than many have to undertake on their PC, whether it be apps, documents or photos from a memorable vacation - it's always best to have more than one copy of everything. The same goes for contents on your smartphone.

Should anything happen to your Windows Phone, or if you’d like to revert to an earlier snapshot, you’ll need a backup at hand to get everything working in perfect order. Unfortunately Microsoft doesn’t currently offer an official facility to manually backup a Windows Phone (not even in Zune), but luckily there are alternatives thanks to an active developing community.

More →
0
loading...
0
loading...
0
loading...
0
loading...

While there is a lot to look forward to with Windows Phone 8, some of the changes may not be as noticeable but no less important. Windows Phone 8 will have a number of significant changes under the hood to bolster the security of the platform.

Windows Phone 8 will have device encryption throughout the entire device including the OS and its applications. Designed along the same lines as Windows 7 PCs, encryption kicks in as soon as you power up the device. This system, based off of Bitlocker (but adapted for Windows Phone) was something first reported on back in February as an early rumor.

BitLocker is a logical volume encryption system that is present in Windows 7 and will be present in Windows 8.  BitLocker is designed to protect data by providing encryption for entire volumes or drives within a computer to protect the integrity of a trusted boot path.  The main difference between the PC version of encryption and what we will see on Windows Phone 8 is that the encryption keys are not manageable on our Windows Phone as they are on desktops or laptops.

More →
0
loading...
0
loading...
0
loading...
0
loading...

Online ads can be annoying and it appears Microsoft is working on a way to focus these ads more towards your likes and away from your dislikes. We ran across the Microsoft Personal Data Dashboard that will let you filter out the unwanted ads and let those you might be interested in through.  These filters will likely impact ads you see over on Outlook.com and on your Windows Phone.  

The Dashboard has several sections or tabs with the main tab reflecting your Windows Live Profile. Additional sections include: 

My Data: Here is where you can tag your interests and dislikes from a wide variety of topics. You can also narrow down your likes and dislikes to the brand names of products.

The My Data page also lets you view your Bing search history and any Microsoft Newsletters you are currently subscribed to.

More →
0
loading...
0
loading...
0
loading...
0
loading...

Software piracy is a serious battle, which can also affect our beloved platform developers. Microsoft has taken action by automatically applying encryption to all apps through the newly unveiled Dev Center. According to a detailed post on the Windows Phone Developer Blog, Todd Brix states that all apps (including those already submitted) are automatically encrypted without user input.

We first heard about the possibility of server-side encryption back in November, 2011. From our understanding, Microsoft was waiting until everyone was on Mango to implement that feature and it now looks to have happened. If you recall, at the end of April Microsoft decreed that you had to have Windows Phone 7.5 to get to the Marketplace. Combined with the Dev Center refresh, we think that transition for encryption is now complete.

More →
0
loading...
0
loading...
0
loading...
0
loading...

Last week we reported WhatsApp had disappeared from view on the Windows Phone Marketplace (it was actually set to private), and were awaiting official clarification on the matter. Turns out, according to a report over at MonWindowsPhone, the app has a serious security flaw, which requires the team to pull the app and look into the problem. An update is well on its way.

The app enables Windows Phone owners to send messages to other devices and is available for multiple platforms. German website ComputerBild reported that an Android app, called WhatsAppSniffer, allowed users to access messages sent using WhatsApp on a WiFi network. The developers of the popular messaging service are patching the app due to it sending  messages via XMP protocol and in plain text.

We'll keep you posted and will announce when the app is available on the Marketplace with the patch bundled in an update for existing users. In the meantime, you can checkout some early images of the Windows Phone 8 version of WhatsApp.

Update: We've received word from a WhatsApp employee stating the following in an email,

"This has nothing to do with security. Please don't spread mis-information."

Take it as you will. We'll look forward to more information and possible clarification. Until then, WhatsApp is not available until the promised update is released to the Marketplace.

via: MonWindowsPhone

More →
0
loading...
0
loading...
0
loading...
0
loading...

With the launch of Microsoft's Outlook.com, many have been questioning security features of the new email service. The most dominant topic is the limit of 16 characters for passwords. This is a limitation that was also present in Hotmail / Live and has been brought forward into its successor (due to Microsoft's login system). We'll take a look at this issue as well as a quick overview of additional security measures Microsoft has implemented to keep your emails safe.

More →
0
loading...
0
loading...
0
loading...
0
loading...

A few days ago, questions were raised over Skype's security in that Microsoft is reconfiguring the Skype network to allow Law Enforcement Agencies can have access to intercept calls. Mark Gillett, Skype's Chief Development and Operations Officer, responded to these concerns today.

With regards to the claims Skype has made changes in its architecture to provide Law Enforcement Agencies have greater access to Skype communications, Gillett says that this is false:

"The move was made in order to improve the Skype experience, primarily to improve the reliability of the platform and to increase the speed with which we can react to problems. The move also provides us with the ability to quickly introduce cool new features that allow for a fuller, richer communications experience in the future."

More →
-
loading...
-
loading...
-
loading...
-
loading...

Our audience is smart enough to know that no electronic system of communication is impervious to eavesdropping and there’s very little out there that’s near 100% secure. So it should come as no surprise that Skype is getting some publicity of its internal network restructuring that started occurring once Microsoft acquired the company last year.

The charge: Microsoft is reconfiguring the Skype network so that it Law Enforcement Agencies (LEA) can have access to intercept calls over the network to aid in investigations.

The reality is of course convoluted with no concrete evidence but it’s worth mentioning what exactly is going on here. So head past the break to get the scoop.

More →
0
loading...
0
loading...
0
loading...
0
loading...

There’s been a lot of news today—both for Microsoft and Nokia—so we’re going to just touch on a bit of that and also mention some other Microsoft stories that you may have missed. So here’s your roundup:

  • Microsoft wants you take your Xbox security seriously and posts tips on how to do that
  • Mark Penn, former advisor to President Clinton, will be a VP at Microsoft where he hopes to make Bing cool
  • Microsoft may have lost money this quarter but their consumer division is actually doing well

So head on past the break for today’s wrap up...

More →
-
loading...
-
loading...
-
loading...
-
loading...

MVP and frequent conference speaker David Rook, better known as SecurityNinja, gave an interesting presentation on security at Bsides London 2012. The chosen platform for discussion? Windows Phone. Rook goes into detail (it's an hour long presentation) about app and platform security. The talk covers Visual Studio, compiling code and how apps are ran within the OS.

While it's a fairly lengthy video, the talk is well worth checking out if you're interested in Windows Phone app development and security, or are wanting to know how everything works behind the doors.

Source: YouTube

More →
-
loading...
-
loading...
-
loading...
-
loading...
28

Good for Enterprise™ released for Windows Phone

As we reported earlier this morning, Good Technologies was prepping to release their enterprise messaging app for Windows Phone, a big win for those who need security and a strong feature set for their device.

That app has now gone live in the Marketplace ready for download. We must emphasize: you need Good's back-end technology to run this as it is not standalone (think Exchange). From the app description:

"Good for Enterprise™ delivers secure mobile collaboration and device management for Windows Phone devices.  With Good for Enterprise, employees securely access corporate email, contacts, and calendar.  Good for Enterprise provides a unique, secure container that separates personal from business while respecting employees’ privacy – ideal for BYOD devices.  Unlike other solutions, only Good for Enterprise prevents data loss by providing security at the application layer (in addition to device security)."

We listed the full feature set earlier and needless to say, it's fairly comprehensive for a v1.0 release and what's more, Good promises more features in coming updates.

As noted in comments on our previous article, the main benefit for Good users is encryption of messaging, sandboxing of data and better security than Windows Phone or Exchange alone can offer (for now). Plus, with clients on the iPhone, iPad and Android it's nice to see Windows Phone on par with the competition.

Pick up Good for Enterprise™ for Windows Phone here in the Marketplace. Thanks, Munsey S., for the tip

More →
0
loading...
0
loading...
0
loading...
0
loading...

Pages