security

Two-step authentication, the process whereby you use more than just a password to verify an account, is increasingly an important security tool desired by not just enterprise but consumers. Google has had with Gmail for a few years now, and Microsoft is on the cusp of releasing their version as well.

LiveSide.net is reporting that the service will be integrated into existing Microsoft Accounts (Outlook.com, Hotmail, etc.) though those with linked accounts may have to un-link and the re-link them to get it to work.

More →
5
loading...
44
loading...
47
loading...
0
loading...

A rag-tag group of privacy advocates, internet activists, journalists and organizations have banded together and have written an open letter to Skype, calling on the communications giant to "publicly document Skype’s security and privacy practices."

The letter, which is addressed to Skype Division President Tony Bates, Microsoft Chief Privacy Officer Brendon Lynch, Microsoft General Counsel Brad Smith, says that the members of the group who authored it rely on Skype to communicate under circumstances where privacy and security are imperative and that it would be doing them a great service to know just what they can expect.

More →
0
loading...
0
loading...
23
loading...
0
loading...

LastPass: When you have been on the internet for as long as we have and have as many passwords stored as we do, apps like LastPass get filed under “necessity” for immediate installation. The app has been on Windows Phone for some time but it was always kind of “meh”. That’s our technical lingo for saying it was missing features.

Luckily for us, the app has been bumped to version 1.9 and with a slight redesign and some added new features the app has become very useful for those who have amassed a tome of passwords over the years.

For those of you who aren’t familiar, LastPass (www.lastpass.com) is a service that acts as a password vault for your PC, Mac, Windows Phone…basically every platform out there today. You can use one master password which will allow you to login to the app and you can see everything.

More →
3
loading...
7
loading...
37
loading...
0
loading...
19

Tip: How to protect your Wallet in Windows Phone 8

Purchasing apps and games on a Windows Phone is an absolute breeze. Trials are a unique opportunity for developers to allow consumers to download and "try" their work before committing to a purchase. But with the speedy process in purchasing apps from the Store, should there be some level of protection for credit cards that are attached to a Microsoft Account?

Currently, anyone who has access to a Windows Phone that has a Microsoft Account loaded with valid credit cards for transactions can head into the Store and engage in a shopping spree - this isn't a good situation to be in but it can occur with children or other folk who borrow a smartphone for a few minutes. Luckily, Microsoft has a solution for this issue.

More →
3
loading...
8
loading...
23
loading...
0
loading...

Just two months after Microsoft bought up PhoneFactor to help bolster their enterprise security features, the company has released an official Windows Phone app that is on the Store now.

Simply called PhoneFactor, the app is rather modest in features but that’s a good thing as its job is rather to the point: to receive and manage authentication notifications sent to your phone...

More →
2
loading...
12
loading...
25
loading...
0
loading...

Did you know those using Facebook apps on their mobile devices can access your email address even if it's not displayed on your profile when checking the website? Most users of the social network don't.

Headlines have continuously attacked Facebook due to privacy concerns, confusing account settings and other monstrosities, but today we'll look at a quick tip on how to prevent your email address being available to contacts who can view your profile.

Just because your personal email address isn't viewable on the website when checking your profile via a web browser, don't be fooled into believing your friend's Windows Phone won't pull it down to his (or her) contact list. By default, it seems Facebook's settings are configured so email addresses are invisible to the 'timeline' but are still available and accessible by friends. So how does one configure email settings on Facebook to prevent them being accessed?

More →
4
loading...
16
loading...
50
loading...
0
loading...

Windows Phone currently suffers from a security vulnerability when synchronising email to and from POP3 / IMAP / SMTP servers using SSL, according to a recent filing over at the US-CERT (United States Computer Emergency Readiness Team) website. The issue is pinpointed to Microsoft's mobile OS not verifying CN (Common Name) of server certificates when connecting to servers using SSL.

More →
2
loading...
29
loading...
26
loading...
0
loading...

If only backing up was this easy

Continuing on with our series of Windows Phone how tos for those who are new to the platform, today we'll be looking at how to backup and restore our smartphones. Backing up is a chore than many have to undertake on their PC, whether it be apps, documents or photos from a memorable vacation - it's always best to have more than one copy of everything. The same goes for contents on your smartphone.

Should anything happen to your Windows Phone, or if you’d like to revert to an earlier snapshot, you’ll need a backup at hand to get everything working in perfect order. Unfortunately Microsoft doesn’t currently offer an official facility to manually backup a Windows Phone (not even in Zune), but luckily there are alternatives thanks to an active developing community.

More →
3
loading...
0
loading...
55
loading...
0
loading...

While there is a lot to look forward to with Windows Phone 8, some of the changes may not be as noticeable but no less important. Windows Phone 8 will have a number of significant changes under the hood to bolster the security of the platform.

Windows Phone 8 will have device encryption throughout the entire device including the OS and its applications. Designed along the same lines as Windows 7 PCs, encryption kicks in as soon as you power up the device. This system, based off of Bitlocker (but adapted for Windows Phone) was something first reported on back in February as an early rumor.

BitLocker is a logical volume encryption system that is present in Windows 7 and will be present in Windows 8.  BitLocker is designed to protect data by providing encryption for entire volumes or drives within a computer to protect the integrity of a trusted boot path.  The main difference between the PC version of encryption and what we will see on Windows Phone 8 is that the encryption keys are not manageable on our Windows Phone as they are on desktops or laptops.

More →
12
loading...
24
loading...
70
loading...
0
loading...

Online ads can be annoying and it appears Microsoft is working on a way to focus these ads more towards your likes and away from your dislikes. We ran across the Microsoft Personal Data Dashboard that will let you filter out the unwanted ads and let those you might be interested in through.  These filters will likely impact ads you see over on Outlook.com and on your Windows Phone.  

The Dashboard has several sections or tabs with the main tab reflecting your Windows Live Profile. Additional sections include: 

My Data: Here is where you can tag your interests and dislikes from a wide variety of topics. You can also narrow down your likes and dislikes to the brand names of products.

The My Data page also lets you view your Bing search history and any Microsoft Newsletters you are currently subscribed to.

More →
3
loading...
5
loading...
39
loading...
0
loading...

Software piracy is a serious battle, which can also affect our beloved platform developers. Microsoft has taken action by automatically applying encryption to all apps through the newly unveiled Dev Center. According to a detailed post on the Windows Phone Developer Blog, Todd Brix states that all apps (including those already submitted) are automatically encrypted without user input.

We first heard about the possibility of server-side encryption back in November, 2011. From our understanding, Microsoft was waiting until everyone was on Mango to implement that feature and it now looks to have happened. If you recall, at the end of April Microsoft decreed that you had to have Windows Phone 7.5 to get to the Marketplace. Combined with the Dev Center refresh, we think that transition for encryption is now complete.

More →
8
loading...
0
loading...
46
loading...
0
loading...

Last week we reported WhatsApp had disappeared from view on the Windows Phone Marketplace (it was actually set to private), and were awaiting official clarification on the matter. Turns out, according to a report over at MonWindowsPhone, the app has a serious security flaw, which requires the team to pull the app and look into the problem. An update is well on its way.

The app enables Windows Phone owners to send messages to other devices and is available for multiple platforms. German website ComputerBild reported that an Android app, called WhatsAppSniffer, allowed users to access messages sent using WhatsApp on a WiFi network. The developers of the popular messaging service are patching the app due to it sending  messages via XMP protocol and in plain text.

We'll keep you posted and will announce when the app is available on the Marketplace with the patch bundled in an update for existing users. In the meantime, you can checkout some early images of the Windows Phone 8 version of WhatsApp.

Update: We've received word from a WhatsApp employee stating the following in an email,

"This has nothing to do with security. Please don't spread mis-information."

Take it as you will. We'll look forward to more information and possible clarification. Until then, WhatsApp is not available until the promised update is released to the Marketplace.

via: MonWindowsPhone

More →
2
loading...
20
loading...
57
loading...
0
loading...

With the launch of Microsoft's Outlook.com, many have been questioning security features of the new email service. The most dominant topic is the limit of 16 characters for passwords. This is a limitation that was also present in Hotmail / Live and has been brought forward into its successor (due to Microsoft's login system). We'll take a look at this issue as well as a quick overview of additional security measures Microsoft has implemented to keep your emails safe.

More →
3
loading...
3
loading...
53
loading...
0
loading...

A few days ago, questions were raised over Skype's security in that Microsoft is reconfiguring the Skype network to allow Law Enforcement Agencies can have access to intercept calls. Mark Gillett, Skype's Chief Development and Operations Officer, responded to these concerns today.

With regards to the claims Skype has made changes in its architecture to provide Law Enforcement Agencies have greater access to Skype communications, Gillett says that this is false:

"The move was made in order to improve the Skype experience, primarily to improve the reliability of the platform and to increase the speed with which we can react to problems. The move also provides us with the ability to quickly introduce cool new features that allow for a fuller, richer communications experience in the future."

More →
1
loading...
0
loading...
28
loading...
0
loading...

Our audience is smart enough to know that no electronic system of communication is impervious to eavesdropping and there’s very little out there that’s near 100% secure. So it should come as no surprise that Skype is getting some publicity of its internal network restructuring that started occurring once Microsoft acquired the company last year.

The charge: Microsoft is reconfiguring the Skype network so that it Law Enforcement Agencies (LEA) can have access to intercept calls over the network to aid in investigations.

The reality is of course convoluted with no concrete evidence but it’s worth mentioning what exactly is going on here. So head past the break to get the scoop.

More →
5
loading...
12
loading...
38
loading...
0
loading...

There’s been a lot of news today—both for Microsoft and Nokia—so we’re going to just touch on a bit of that and also mention some other Microsoft stories that you may have missed. So here’s your roundup:

  • Microsoft wants you take your Xbox security seriously and posts tips on how to do that
  • Mark Penn, former advisor to President Clinton, will be a VP at Microsoft where he hopes to make Bing cool
  • Microsoft may have lost money this quarter but their consumer division is actually doing well

So head on past the break for today’s wrap up...

More →
0
loading...
1
loading...
14
loading...
0
loading...

MVP and frequent conference speaker David Rook, better known as SecurityNinja, gave an interesting presentation on security at Bsides London 2012. The chosen platform for discussion? Windows Phone. Rook goes into detail (it's an hour long presentation) about app and platform security. The talk covers Visual Studio, compiling code and how apps are ran within the OS.

While it's a fairly lengthy video, the talk is well worth checking out if you're interested in Windows Phone app development and security, or are wanting to know how everything works behind the doors.

Source: YouTube

More →
1
loading...
5
loading...
21
loading...
0
loading...
28

Good for Enterprise™ released for Windows Phone

As we reported earlier this morning, Good Technologies was prepping to release their enterprise messaging app for Windows Phone, a big win for those who need security and a strong feature set for their device.

That app has now gone live in the Marketplace ready for download. We must emphasize: you need Good's back-end technology to run this as it is not standalone (think Exchange). From the app description:

"Good for Enterprise™ delivers secure mobile collaboration and device management for Windows Phone devices.  With Good for Enterprise, employees securely access corporate email, contacts, and calendar.  Good for Enterprise provides a unique, secure container that separates personal from business while respecting employees’ privacy – ideal for BYOD devices.  Unlike other solutions, only Good for Enterprise prevents data loss by providing security at the application layer (in addition to device security)."

We listed the full feature set earlier and needless to say, it's fairly comprehensive for a v1.0 release and what's more, Good promises more features in coming updates.

As noted in comments on our previous article, the main benefit for Good users is encryption of messaging, sandboxing of data and better security than Windows Phone or Exchange alone can offer (for now). Plus, with clients on the iPhone, iPad and Android it's nice to see Windows Phone on par with the competition.

Pick up Good for Enterprise™ for Windows Phone here in the Marketplace. Thanks, Munsey S., for the tip

More →
2
loading...
4
loading...
70
loading...
0
loading...

We don't recall seeing this at the insanity that was Mobile World Congress, but evidently on February 27th, Good Technology, who focuses on enterprise and security (and who used to be owned by Motorola) announced a partnership with Nokia to bring their "FIPS-certified 192 bit AES encryption and end-to-end mobile messaging" service to Lumia Windows Phones.

The service is set to roll out in Q2 2012, which means we should see this very soon. The press release goes on to detail the features coming to the Windows Phone app, which by the sounds of it will be only available in the Nokia Collection through the Marketplace:

"Employees will be able to access corporate email, contacts, and calendars through the Good for Enterprise application on their Nokia Windows Phone smartphones—just as they access Microsoft Outlook® or Lotus Notes® on desktop computers at the office—using the intuitive user interface with panorama and pivot views with which they are already be familiar. IT managers will be able to protect corporate data with data encryption and easy-to-apply policies, such as requiring passwords and preventing 'cut/copy/paste' capabilities from the Good for Enterprise app. They will also be able to establish role-based policies using web-based management tools and perform remote wipe of enterprise information only, leaving music, photos, and other personal data present elsewhere on an employee's mobile device intact in the event the mobile device is compromised, lost or stolen."

A big gap in Windows Phone services is actually in enterprise, specifically the lack of encryption on the device or secure, non-Exchange based messaging. Unfortunately, while many in IT departments want more advanced features on current Windows Phones, there seems to be no plans for an "enterprise update" for Windows Phone 7. Instead, Microsoft is putting off a major refocusing on this area till Windows Phone 8, expected in late 2012 (rollout early 2013) including 128-bit native BitLocker data encryption.

While Windows Phone 8 looks promising, this partnership with Nokia for the Lumia 710, 800 and 900 devices will offer a nice stop-gap for mid 2012 and another reason to "go Nokia". Combined with AT&T's recent secure-messaging software for Windows Phones, Lumia 900 owners will have no less than three enterprise-focused messaging solutions: AT&T's, Good Technology and of course Exchange. We think that's a pretty killer combo for IT departments.

Read the full press release after the break...Thanks, bilzkh, for the tip!

More →
3
loading...
17
loading...
42
loading...
0
loading...

Security firm CrowdStrike has identified a vulnerability that could allow attackers to seize complete control over a smartphone.  The hole could allow an attacker to gain access via Webkit-based browsers, which makes up the bulk of mobile web browsers.  The good news for Windows Phone users is that they are in the clear because Microsoft designed Internet Explorer themselves, opting not to use the Webkit platform.

George Kurtz, CEO of CrowdStrike, has tested this theory and has confirmed that Windows Phone, unlike iOS, Android and Blackberry, is immune to this threat.  Kurtz has not revealed the details of the vulnerability, but will be holding a demonstration tomorrow at a TSA conference.  For the time being, there is little that users can do to protect themselves.  Any fixes must come from the OS developers first, and then get pushed out to consumers.

Source: Zunited

More →
16
loading...
101
loading...
146
loading...
0
loading...

Pages