Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Re RSA conference
Wave Systems @ booth # 1847 as exhibitor
Delayed Reaction
Deb Radcliff
February 01, 2013
Despite the ubiquity of the Trusted Platform Module, holdups exist and adoption remains slow. Deb Radcliff reports.
In 2008, an unencrypted laptop went missing from the car of a worker at Barnabas Health, New Jersey's largest health care system. And, although fewer than 2,000 records were exposed, the health care provider subsequently made self-encrypting drive (SED), a type of hardware-based encryption, a mandatory part of its mobile device upgrade process.
“Everyone who gets a new laptop must have SED enabled,” says Hussein Syed (below), director of IT security at Barnabas Health, which consists of 4,600 physicians, seven medical facilities and two business offices. “We don't want to incur another incident because someone left a document on a device and then lost it.”
The encryption cannot be tampered with by users, and access is easier because assigned users now need only one master login to access all their provisioned resources (via Active Directory). SED takes only minutes to initially encrypt the full contents of the hard drive, compared to 36 hours using an older, software-based disk encryption. And, using a third-party encryption management service from Wave Systems, machines can be provisioned just as quickly, says Syed.
Now, with SEDs present in virtually every one of its 1,280-issued laptops, Saint Barnabas is turning its attention to SED's companion technology, Trusted Platform Modules, or TPMs.
Maturing encryption
TPM, which began shipping in October with Windows 8 and the Windows 12 management server, has become ubiquitous. The specification integrates with other modules from The Trusted Computing Group (TCG) to support system integrity checks, disk encryption, key management and other functions at machine speed.
TCG, parent to both TPM and SED, claims there are more than a billion PCs, servers, embedded systems, network gear and other devices with TPM and/or SED functionality embedded in them. Yet, according to analysts, actual adoption of these technologies is difficult to measure and has been slow to catch on.
“I am surprised at the modest adoption of hardware roots of trust, in spite of the ubiquity of embedded TPMs in enterprise-class machines,” says Derek Brink, an analyst with Aberdeen Group, a Boston-based provider of intelligence research. “It seems a question of commitment and will, rather than waiting for the technology to be available and mature.”
In a comparison study Aberdeen published last June, 41 companies using SED experienced 50 percent fewer incidents and saved $80 per endpoint per year versus 81 companies that used other forms of disk encryption.
One thing holding up widespread adoption of TPM and SED is interoperability, according to users and analysts. Apple, Google and Microsoft all use different standards, not all of which support TPM, says Roger Kay, founder and president of the Massachusetts-based analyst firm Endpoint Technologies Associates (ETA). The other problem is key management, he adds.
“As with PKI encryption for the PC world, the problem is the certificate authority (CA),” he says.
Most organizations will require a third-party intermediary, such as Wave Systems, which needs to interoperate with other CAs, say analysts. There will also be those with enterprise expertise in key management who will want to manage their own keys.
Rooting rootkits
To support enterprise key management and interoperability, the Trusted Computing Group is putting a lot of emphasis on Windows 8 endpoints, including built-in TPM supportable through Windows 12 server. TPM enhances support for SED and includes a pre-boot system integrity check that the accessing system's basic input/output system (BIOS) and registries haven't been changed from a pre-measured state.
“TPM has mainly been used by a small segment of PC users to tie their Windows Bit Locker and other encryption keys to user devices,” says Steven Sprague, CEO of Lee, Mass.-based Wave Systems. “Now, these features are native.”
Of all the features in TPM today, machine attestation – or the ability to boot up in safe mode, check the machine's integrity and remotely attest that its settings have not been changed – is the most important feature, says Neil Kittleson, Trusted Computing portfolio manager for the Commercial Solutions Center at the National Security Agency (NSA).
Since the TCG's inception 10 years ago, the NSA has been heavily invested in using the nonprofit's technologies in its high assurance platform, or HAP.
“TPM capabilities represent a shift against today's attackers who are embedding rootkits beneath the notice of today's software-based security solutions,” Kittleson says. “We found TPM works very well for our high-assurance platforms.”
In a demo, a simulated attack on a TPM-protected device at the NSA stopped malware from spreading out of a virtual machine onto a host system. Researchers demonstrated a failed attestation when an infected device tried to connect. In that case, access was denied, and an alert sent to the mobile management administrator as the authentication server detected changes in the registry.
Despite this success, TPM is only in use among a “miniscule amount of devices” used across the vast defense network supported by the NSA, says Kittleson.
Adoption of Windows 8 and the upgrade of the key management infrastructure should help speed adoption across the Defense Department networks and other organizations supported by the NSA. It should also propel the Barnabas operation into full adoption.
While deployments may seem slow at this time, the licensing costs of TPM modules are declining, and interoperability standards are improving, say experts. This market penetration, combined with new risks introduced as mobile endpoints continue to proliferate, means it is only a matter of time before the use of TPM technologies becomes more common than not, both Syed and Kittleson say.
“The real driver is mobility,” ETA's Kay adds. “If every device is a potential attack point, we need to protect those endpoints with hardware-based security.”
http://www.scmagazine.com/delayed-reaction/article/276462/
No reverse split
Barge, do you agree with Kis's assessment?
Kis,
I don't know the inner workings of the company. Sounds like you do. This company is like a cat with nine lives. When you think it's done, it's not. Can't wait to see what they've got up their sleeve next. IMHO
Hopefully, we can look at this in the rear view mirror soon.
Form 8-K for WAVE SYSTEMS CORP
11-Jan-2013
Other Events
Item 8.01. Other Events.
On January 10, 2013, Wave Systems Corp. (the "Company") received notification from the Listing Qualifications Department of The Nasdaq Stock Market ("Nasdaq") granting an additional 180-day period, or until July 8, 2013, to regain compliance with Nasdaq's minimum $1.00 bid price per share requirement. Under Nasdaq listing rules, the Company was granted this extension because it met the continued listing requirement for market value of publicly held shares and all other applicable Nasdaq listing requirements, except the bid price requirement, and the Company provided written notice to Nasdaq of its intention to cure the bid price deficiency during the second compliance period by effecting a reverse stock split, if necessary.
The Company will regain compliance with the minimum bid price requirement if at any time prior to July 8, 2013, the bid price for the Company's common stock closes at $1.00 per share or above for a minimum of 10 consecutive business days.
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
WAVE SYSTEMS CORP.
By: /s/Gerard T. Feeney
Gerard T. Feeney
Chief Financial Officer
Interesting close, lot of activity in the final minutes. Could be fun in the morning.
Blue, I knew that would get your attention.
You can be a pessimist or optimist, your choice.
I am optimistic about the future of Wave. My personal choice.
If I wasn't, I would have sold my shares. It's that simple.
Why would anyone hold shares in a company they did not believe in even if it met taking a loss?
Happy New Years!
Ski
The approval to buy Samsung products with TPM's on board. I wonder if it is just coincidence that WAVE's government test ended about then? Hmmm
I know, I know, more dots....
Thanks Barge, I don't think it was just by chance that Samsung came together with WAVE and the others in the Trustonic partnership. IMO Wave seems to be making the right connections and partnerships.
Now, lets see some of the contracts to go with it. I think we would all feel better when that happens. I can't change the past (Blue) but the future is ours.
Is it my understanding that Wave can request an extension to mitigate a delisting event for that upcoming possibility?
Player, I hear what your saying, the article all but says Wave is involved. I guess you have to make a leap of faith that wave is providing their software to the package. Dots.
Happy New Year to all!
Ski
Samsung Demo: Solid-State Drives Supporting TCG Self-Encrypting Drive Technology
Samsung has been using SED, SSD's for a while now.
Solid-State Drives (SSD) supporting TCG’s Self-Encrypting Drive (SED) technology provide robust protection of stored data using hardware-based encryption built directly into the drive hardware and electronics, protecting sensitive data from loss or theft or during re-purposing, warranty work, or end-of-life.
Solid-state drives (SSD) offer many advantages over rotating magnetic media such as better reliability and performance, remarkable ruggedness, less weight, no noise, and significantly lower power consumption. Compared to a hard disk drive (HDD), the SSD's booting and application loading times are 50% less and file copy time is 60% less. The current price differential between SSDs and HDDs is steadily declining and the superior advantages of SSDs make that price difference even less consequential. The important cost comparison is not the initial cost, but the life cycle costs of using an SSD versus an HDD. Time savings in doing every task significantly reduces the "wait" time for active users and provides a more productive work experience. Ruggedness and longer life save on repair and replacement.
https://www.trustedcomputinggroup.org/resources/samsung_demo_solidstate_drives_supporting_tcg_selfencrypting_drive_technology
U.S. Air Force Selects Samsung Series 7 Slate Network Tablet
Date Published: September 27, 2012
The talk of whether WAVE is making money or not with Samsung is answered in this article.IMHO
U.S. Air Force officials selected the Samsung Series 7 Slate tablet computer as the first device under the new network slate tablet category under the Client Computing and Servers blanket purchase agreement (BPA).
The Air Force added the Samsung Series 7 Slate to the BPA effective immediately. The Samsung Series 7 Slate is available for deployment at U.S. bases worldwide from Samsung Electronics America Inc. and Intelligent Decisions (ID) Inc.
“Highly mobile government agencies such as the U.S. Air Force are increasingly looking for mobile PC alternatives that can meet their stringent purchasing requirements and give their personnel the computing power they need for maximum productivity anywhere they go,” affirms Todd Bouman, vice president of marketing at Samsung’s Enterprise Business Division. “Samsung engineered the Series 7 Slate with the needs of government in mind, from meeting strict security and network compatibility requirements to durability, quality and TAA-compliance.”
The Series 7 Slate, sporting an Intel Core i5 processor and 4GB1 of DDR3 system memory, meets the Air Force’s Gold Master standards for computing performance, says a spokesperson. The Samsung Series 7 Slate is compliant with the Trade Agreements Act (TAA), a requirement for government agencies and educational institutions purchasing products with government funds. For agencies such as the Air Force with strict security requirements, the basic input/output system (BIOS) of the Series 7 Slate is NIST SP800-147-compliant and supports secure BIOS integrity measurement mechanisms.
The Samsung Series 7 Slate provides the standard desktop configuration implementation of Windows 7 Professional, supports the same programs as a full-size PC in a slim tablet form-factor, measures a half-inch thick, and features an 11.6-inch touch screen. The Samsung Slate is delivered with a Trusted Computing Group-certified Trusted Platform Module 1.2 chip.
“The Samsung Series 7 Slate combines high-end design and graphics with the strength and capabilities of a full-size PC,” explains ID President and CEO Harry Martin. “Productivity will never be easier for all levels of U.S. Air Force employees who want the convenience of a tablet without having to compromise when it comes to programs, power, and capabilities.”
The Quantum Enterprise Buy, or QEB, catalog of systems is available through AFWAY, a Web-based Air Force system for purchasing information technology (IT) that provides a one-stop resource.
http://www.trustedcomputinggroup.org/media_room/news/265
I think most of us here would like to know what business relationship wave will have with Dell going forward. Don't we have a 16 year agreement with Dell? Correct me if I'm wrong.
Any ideas?
I'm sure there was hope that Dell might acquire WAVE and there is still that potential, but then again, DELL isn't the only fish in the sea.
Can you be more specific?
Partner Gives Microsoft Assist in Windows 8 'Secure Boot' Controversy
I don't recall anyone posting this article
By Kurt Mackie
October 22, 2012
A new "secure boot" firmware protocol supported in Windows 8 has its doubters, but Microsoft ISV Wave Systems is prepared to assure organizations that the system really works.
The Lee, Mass.-based trusted computing vendor announced a partnership with Microsoft in February that will provide "attestation" and computer health reporting services for Windows 8 systems. Wave, which provides its solutions to OEMs, also contributed a lot of input to Microsoft that went into Windows 8's security model.
"We, Wave, are a trusted computing software provider and in the unique position as a software vendor and in the industry in that we've provided a lot of the industry capabilities around a lot of the Windows 8 security architectures, based on the Trusted Computing standards," said Brian Berger, executive vice president at Wave Systems and a board member of the Trusted Computing Group, in a phone interview this month. "And so Wave has shipped over 110 million copies of security software based on those standards through the OEM channels."
Secure boot, which is also called "trusted boot" by Microsoft, is part of a Unified Extensible Firmware Interface (UEFI) specification. It isn't Microsoft's technology. The spec describes a way to sign bootloaders via a Certificate Authority before the operating system loads. The idea is to prevent rootkits (otherwise known as "bootkits") from taking control at the firmware level, something that currently goes undetected, even by the best anti-malware software. Newer systems shipping with Windows 8 likely will have secure boot turned on by default, mostly because Microsoft is requiring that capability in its recommendations to OEMs.
Secure Boot and Linux
Clearly, secure boot has benefits that most computer users would want. However, developers and hobbyists testing Linux OSes on PCs fear that Microsoft's requirement for chip builders to turn on secure boot in Windows RT systems by default will make it impossible to sign Linux OSes, thereby making it unlikely that mass-produced computers will be capable of duel-booting Windows and Linux OSes. In response, the nonprofit Linux Foundation appears to be moving forward with a plan to obtain a "pre-bootloader" from Microsoft that will work with any Linux or non-Linux OS distribution, according to a description by James Bottomley, chief technology officer of server virtualization at Parallels and a Linux kernel maintainer of the SCSI subsystem.
"In a nutshell, the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system)," Bottomley explained in a blog post. "The pre-bootloader will employ a 'present user' test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems."
When available, this prebootloader will be available for anyone to download and use, according to Bottomley's post.
Microsoft's stipulation to chipmakers about turning on secure boot by default will have fewer restrictions for Linux developers on x86/x64 systems. That's because Windows 8 will have a setting to disable secure boot, should anyone want to do such a thing. And it looks like they will be able to get signed certificates.
"I can't really speak to Microsoft's plans or architectures," Berger said. "We [Wave] look at how do we provide solutions on a Microsoft platform, whether Windows 8 or Windows RT -- can we get UEFI modules signed by Microsoft or other third-party signing authorities? And the answer is 'Yes' to that part. And in the case of a third party who has their own bootloader to perform a dual boot, they should be able to get that signed by Microsoft or another third party by the authority for UEFI. We haven't seen that as a barrier to entry."
Berger did acknowledge the limitation for turning off secure boot on the Windows RT side, but said it would affect only some developers.
"Our understanding of secure boot disablement is that it can be done on x86 architectures -- UEFI can be turned off by the user by going to the BIOS setup," Berger said. "On the [Windows] RT side, our understanding [is] that secure boot cannot be disabled."
Windows 8 and Trusted Platform Support
Despite the grumbling heard on the Linux side, Berger was upbeat about Microsoft's implementation of security in Windows 8. He noted that the Wave Endpoint Monitor (WEM) product will provide notification to enterprises about the security of their Windows 8 platforms. Microsoft provided an opening for third-party vendors, such as Wave, to tap into the Windows 8 security plumbing, and even that of Windows 7 with its "legacy BIOS."
"The value of secure boot and WEM is about notification of your standing of your platform state and its integrity," Berger said. "Microsoft has done a great job of bringing more security to the platform going forward. We at Wave look at that and say, 'They've using the key components of the industry standards group -- good going; allowing third parties to integrate into those areas -- good story there; for us as an ISV, providing more value on top of the operating system for the end user, for the IT organization -- is all good.' We're doing it on Windows 7 today, actually all of this stuff."
WEM measures the platform state before the operating system loads. The company is currently working with OEMs on implementing it with Windows 8. Wave's product also will enable integration with so-called "early launch anti malware" (ELAM) software vendors. Windows 8 will enable antimalware vendors to the check boot loader firmware during an ELAM phase of the bootup. Wave's product isn't providing antimalware itself, but it does deliver the notifications if something's wrong at the ELAM stage.
Wave also provides support for self-encrypting drive (SED) technology, which allows drive manufacturers to add cryptographic capabilities to hard drives, based on the Opal Storage Specification of the Trusted Computing Group. Wave's technology ensures the compliance of SEDs and works with rotating media, solid-state drives and even hybrid drives, according to Berger.
Wave recently announced a cloud service via its EMBASSY Remote Administration Server (ERADS) product that supports SEDs. ERADS provides lifecycle management for the trusted platform module (TPM) of drives and it can also manage Microsoft BitLocker deployments, Berger explained.
"It provides a very clean solution for organizations who want mixed environments with different security needs," Berger said. "Whether they want VPN or network access control solutions or platforms as a token or they want data at rest using self-encrypting drives or they like encryption based on BitLocker, maybe on desktop machines, we have one solution that has one console for all. And that same solution has the plug-in for WEM. So now we have the platform integrity component."
Some organizations are looking at BitLocker, a Microsoft drive encryption technology, as an alternative security approach to using self-encrypting drives. However, self-encrypting drives are still the security measure of choice for mobile workers, according to Berger.
In general, Berger sees Microsoft as having baked TPM support into the operating system with Windows 8. He added that trusted computing is becoming a category by itself, and that's changing how platform security is being built.
http://rcpmag.com/Articles/2012/10/21/Partner-Gives-Microsoft-Assist-in-Secure-Boot.aspx?Page=2
Trusted Computing Group (TCG) to Speak About Solutions at 7th Annual NASSCOM–DSCI Information Security Summit 2012
--(BUSINESS WIRE)--
Hello world, Trusted Computing is now, not the future, or should we say the future is here NOW
What: Trusted Computing Group (TCG) members will address attendees of the 7th Annual NASSCOM–DSCI Information Security Summit 2012.
TCG member security experts will participate in the following sessions:
Panel Session: National Imperatives of Securing Operational Technologies… Smart Grids, Oil & Gas, & Public Utilities
Speaker: Aman Puri, Fujitsu Head of IT Solutions, Fujitsu Consulting India
Date/Time: 10:15-11:15 on Tuesday, December 11
Exclusive Speaking Slot: Trusted Computing Is Now, Not the Future
Speaker: Pratap Kesarkar, Worldwide Director, Technical Business Development, Wave Systems
He must be really important
Date/Time: 14:00-14:20 on Wednesday, December 12
When: December 11-12, 2012
Where: Taj Lands End, Mumbai, India
Website: http://www.dsci.in/events/about/1023
More information and the organization’s specifications are available at the Trusted Computing Group’s website, www.trustedcomputinggroup.org.
http://www.businesswire.com/news/home/20121204005003/en/Trusted-Computing-Group-TCG-Speak-Solutions-7th%C2%A0Annual
Trusted Computing Group TPM Adds Security to Platforms Using Windows 8 and Windows Server 2012
Date Published: December 6, 2012
PORTLAND, Ore., Dec. 6, 2012 – PCs and mobile devices using the new Windows 8 operating system and Windows Server 2012 will benefit from a number of security features enabled by the TPM, or Trusted Platform Module.
The TPM, based on specifications created by the Trusted Computing Group, provides a hardware root of trust that is embedded into hundreds of millions of endpoints, including PCs, servers, tablets and embedded systems. TCG also has developed widely used specifications for self-encrypting drives (SEDs), network security and mobile device security. More than a billion endpoints in total are protected with Trusted Computing Group-based technologies.
All systems using Windows 8 include the new Unified Extensible Firmware Interface (UEFI) Secure Boot feature. UEFI replaces the legacy BIOS firmware used in older systems. By checking integrity before boot-up, UEFI and the TPM can detect rootkits and other malware and prevent system infections.
Windows 8 also makes management of drive-based encryption easier and more automated, using the BitLocker capability. The TPM stores half of the key pair required to encrypt and decrypt the drive, with the encryption managed by the operating system. The key in the TPM is protected against attacks.
BitLocker also uses integrity measurements stored in the TPM, using a TPM feature called “unsealing” where the TPM will only reveal the disk encryption key if the integrity measurements have not changed. This ensures that a thief cannot boot into an attacking utility that extracts the disk encryption key.
Windows 8 also supports the growing category of self-encrypting drives (SEDs). SEDs, based on TCG specifications, provide full-disk encryption on the drive quickly and transparently to users.
Systems with Windows 8 also can more effectively manage and protect installed software. Windows Server 2012 automatically provisions and manages the TPM, which is anticipated to make the TPM significantly more useful to IT managers. It supports managed boot to prevent malware and to check system integrity. It also supports using the TPM as a virtual smart card and for secure certificate storage.
TCG will host a security workshop, Trusted Computing: Billions of Secure Endpoints in 10 Years, at RSA 2013 in San Francisco on Monday, Feb. 25, 10 a.m. – 2 p.m. Panelists and leading IT experts, analysts and developers will address a number of security issues, including Windows 8, BYOD, data protection and security automation.
The Trusted Computing Group (TCG) provides open standards that enable a safer computing environment across platforms and geographies. Benefits of Trusted Computing include protection of business-critical data and systems, secure authentication and stron protection of user identities, and the establishment of stron machine identity and network integrity. Organizations using built-in, widely available trusted hardware and applications reduce their total cost of ownership. TCG technologies also provide regulatory compliance that is based upon trustworthy hardware. More information and the organization's specifications and work groups are are available at the Trusted Computing Group's website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn.
http://www.trustedcomputinggroup.org/media_room/news/284
"The US DoD has already mandated the activated use of TPMs" so there must be a NIST out mandating this, correct?
Thanks wavedreamer!!
Can anyone tell me the document number that the government had a period of time to comment on about the use of trusted computing?
Thanks
Ski
You are correct, it has to break above at least the 1.15 level to change the current momentum. It seems to being setting up nicely for doing so. But you are right, who really knows.
Ski
Technical Analysis - I love this stuff - OK, here goes, Wave hit the low for the year around Aug 13th at about 53 cents and than rallied back above a dollar to about 1.15. It is currently forming an inverse head and shoulders. This formation is usually bullish when you have a higher low than the previous low. The stock could rally back to at least the 1.10 - 1.15 area.
If it breaks thru resistance at that level, it could easily move up to the 1.50 - 1.60 area and possibly higher.
Two other leading indicators I watch have indicated a change in direction of momentum are RSI and MACD. The RSI broke above resistance line I have on my chart and the MACD is turning positive.
Good news would defiantly help the move.
Good luck to all!
Ski
TPM Chip in Windows 8 Lays Foundation for Widespread Enhancements to Hardware-Based Security
This was posted at the time Win 8 was released, very good article explaining the importance of Windows 8 to trusted computing as Barge has explained.
Today's release of the Microsoft Windows 8 operating system brings embedded hardware-level security to the forefront. Microsoft, going forward, will require the Trusted Platform Module (TPM) chip on Windows PCs, phones and tablets, moving security checks to the platoform's lowest level. TPM isn't new, but security experts hope this move by Microsoft lays the foundation for future security mechanisms built on top of TPM that deter today's most sophisticated boot-level incursions.
In this interview, Ari Singer, chairman of the Trusted Computing Group's TPM Working Group, and Stacy Cannady, a newly elected TCG board and TPM Working Group member, discuss the impact of the relationship between Windows and TPM and how this can evolve to improve security moving forward.
Threatpost: What is Windows 8 going to do for mainstream adoption of the Trusted Platform Module (TPM) and hardware-based security?
Ari Singer: TPM and other hardware-based technologies are fundamental to the security of a platform. The place where security needs to start is at the lowest level. Having Microsoft require TPM and have that be a critical part of the OS, and the security of the OS, is very big. Probably the most important way for TPM to gain adoption happens when it gets used automatically by the system with no involvement from the users.
Stacy Cannady: TPMs have been built into commercial lines of PCs for five or six years. Home PCs don't have TPM, neither do phones nor tablets. With the advent of Windows 8, Microsoft requires a TPM in many more platforms. If you buy a replacement PC going forward, you are much more likely to have a TPM in it. If you buy a Windows 8 phone or tablet, they will have TPM in it. Microsoft is driving it forward.
Threatpost: What are the advantages and disadvantages of TPM and hardware-based security?
Stacy Cannady: TPMs were created because there was a perception on the part of the security community in the late ‘90s that software-based attacks against computers were increasing and would continue to increase, and software-based defenses were not likely to be successful. You have a firewall and antimalware on your PC; there has been malware in the past that detect these tools and subverts them and then lies to you about their status.
If that happened before, it can happen again. A steady trend in the fight between defenders and attackers is to go further into the machine. Now, you have bootkit attacks against firmware moving closer to hardware. If we can base security in the hardware of the platform, you have a high ground you can use to defend the platform against these types of network-based attack. TPM is about providing that foundation of security for detecting you've been attacked and making it possible to do something about it.
The way this hardware-based system determines if it's been compromised is that it asks if anything changed that shouldn't have changed. It's a simple yes or no question, and it uses cryptographic hashes to make that determination. You don't need to know what that change is, just that I'm in trouble, it's over here and do something about that.
Google Chromebook, for example, has TPM and it's used this way. Press power and as the system comes up, it measures firmware in that system to determine if the firmware changed. If it has, Chromebook goes to a library of last known good modules, rips out the bad one and sticks in a new one, measures it again, and if it's ok, comes up. It's the natural self-healing talent of this device and it's representative of what the TCG would like to see more of.
Ari Singer: One reason protecting against boot-level attacks is so important is that if your BIOS or pre-boot environment is infected, no matter what you do to clean it up, things that get that low into pre-boot can re-infect you at any time and nothing the OS level does to clean that up can protect you. You will be re-infected every single time. It's a way for an attacker to get a persistent attack on machine. Typically, this is very difficult to detect.
Threatpost: Why are boot-level security features more important than ever today?
Ari Singer: If you listen to some of the things coming out of the NSA and other organizations that understand this stuff, the general state of security is one where the attackers are absolutely ahead. It's nearly impossible using traditional technologies to create a safe environment. The NSA is leading charge and TCG and a lot of organizations are realizing this is the best answer to address this. It's a situation where it's really bad, and this is an opportunity to turn the tables and be able to create a foundation that can provide real protection.
Threatpost: What happens when malware infects BIOS and Master Boot Record?
Stacy Cannady: When you can affect the boot loader or install yourself into the Master Boot Record or firmware, a common use for that is to make sure that an OS-level piece of malware can harvest credentials or in some other fashion impose its will on your system and remain present. It may be that your antivirus package can detect and root it out, but since your malware package also has a control position in the OS loader, MBR or firmeware which the antivirus package cannot reach, when you boot your system the next time the malware will detect that its client has been removed and just reinstall itself. Or, it can detect presence of a tool capable of removing its client and install a tool prevent its removal it in the future.
Ari Singer: Once an attacker gets in and has full access to your machine, and has a launching point at other machines, its exceedingly difficult to remove. It's a foothold for an attacker to get in and do what want over a long period of time.
Threatpost: Where is awareness of TPM and its capabilities within the industry?
Ari Singer: Awareness among those in the industry is high, but among the broader population, it's still pretty low. One challenge is that the kinds of things Microsoft are doing are the first steps. Even with what they've done, which certainly has its advantages, it isn't all by itself going to change the threat landscape. You can equate it to the building of railroads in this country; all by itself, that doesn't do anything. But it creates the ability to build on top of it something that adds value. This fundamental technology doesn't solve all problems right away, so it's difficult for enterprise to justify investing in technology like this unless they have a longer term vision.
Windows 8 doing this is huge for the industry and the world overall because it's laying that foundation and it creates an opportunity for a much bigger gain.
Threatpost: What are some things that can be built on top of this that would take it to the next step?
Ari Singer: One thing Windows is already doing that is very related is early-launch antimalware; think of it as antivirus before the OS comes up. The TPM is measuring the pre-boot stuff and the early-launch antimalware makes sure the OS is ok.
In the future, more complementary technologies like those being built by Intel and AMD providing hardware-based isolation of memory that allows certain applications to run in a very isolated way so even if the OS infected, malware cant' get at the app. Another hot topic in security is real-time monitoring; monitoring what's going on at that moment and catching attacks as happen and being able to in real time. I'm fine at boot, am I still fine?
Stacy Cannady: At that point, what we are seeing antivirus companies struggling with is that there are 100,000 variants of malware posted every day. If you're using a signature-based system to ID those things, it's not scalable or sustainable. As a result, it would be very nice to see a tool that can handle it.
Threatpost: What can you tell us about the UEFI BIOS standard? What is its impact on the security of a machine?
Stacy Cannady: UEFI was created because the conventional method of creating BIOS was unstructured and it was difficult to maintain a BIOS. UEFI imposed standards of structured modular programming onto the firmware space. In response to later demand, it incorporated notions of how to do security. The idea there is that certain elements of firmware have to be signed by an approved authority in order for code to be executed. That allows for what's called a chain of transitive trust to be built. When you get an initial module of UEFI BIOS to come up, hopefully it's measured by TPM, which then asks what's the signature of the next piece of code to be executed? When that's done, it executes next element of the chain and checks its signature. Each trusted element determines the trustworthiness of the next element.
Threatpost: What's the relationship between TPM and self-encrypting drives (SED) in Windows 8?
Stacy Cannady: The drive itself is independent of the OS, so you can take a SED and put it on a Linux machine, or it will run on Windows. This is a benefit compared to software-based encryption mechanisms that are universally OS aware or dependent. For example, most of the software-based solutions support Windows, but don't support Linux or MacOS. If you have a SED, you can buy 1,000 of them, shove them into a PC no matter what the OS is and it will work everywhere.
However, when you talk about managing these drives, things get stickier. SED's use a TCG standard called Opal, which defines how to manage a SED. If you get an Opal-compliant application, it will integrate only into Active Directory on Windows, so now you're talking about managing things back to a Windows environment.
Ari Singer: There's been more of a recognition throughout the world that drive encryption is important. When SEDs are broadly used and shipping everywhere, it becomes the default and everything is encrypted all the time. Something else to recognize is that people only pay for security when they absolutely have to. So, the best way to have security is when it's built in and there. When we see the proliferation of TPM and SED, you get that invisible security benefit without it being an inconvenience to the user. With Windows 8, the intent is that users have no idea TPM and SED is there. They just get those benefits automatically provided; that's really what the industry needs.
http://www.trustedcomputinggroup.org/resources/tpm_chip_in_windows_8_lays_foundation_for_widespread_enhancements_to_hardwarebased_security
Information on ELAM – Early Launch Anti-Malware.
With advances in malware detection and better support for related 3rd party solutions, Windows 8 provides support for early detection of boot-level malware hiding underneath the OS and remote attestation by trusted third parties. The active use of TPMs allows boot-level security features to be implemented. TPMs can also enable the enterprise to check the platform’s integrity, which can be affected by malware in the pre-boot state or BIOS. This attestation, confirmed by hardware-protected measurements bound to the platform, ensures the device has not been altered by malicious code. Software security fails to do this.
Microsoft also enables ELAM – Early Launch Anti-Malware. This feature ensures that anti-malware vendors’ drivers running on the validated platform will always be the first to load, so that they cannot be fooled by malware running first and feeding them false data.
http://www.wave.com/windows-8-security
Windows 8 security is already an opportunity
23 Nov 2012
We need more articles like this
Big software players have been making millions on the mantra that layering can solve it all. But there are now threats that can go undetected and wreak havoc before the OS loads – representing a channel opportunity as enterprises start to look for better answers.
TDL4 malware and its multiple variations evaded host-based detection and remediation through its ability to change master boot records, and also through peer-to-peer communications. Instead of having one command-and-control URL or a single server, the server continued to change. Commercial anti-virus is unable to detect let alone remove it.
The only way to detect system changes from these attacks is to activate and manage embedded hardware security that can store the signatures of critical start-up components, and the ones that are most important are used early in the boot process, before anti-virus initiates.
Trusted platform modules and management consoles can allow data collection and correlation, alerting the IT manager when unwanted changes are detected.
Windows 8 supports hardware encryption tools like the Trusted Computing Group standard platform modules and Opal self-encrypting drives (SEDs), easing procurement and deployment of industry-standard drives, purchased from multiple sources and managed across an installed base using Windows 7, Windows 8, or both.
Microsoft is also advocating remote attestation in Windows 8, allowing trusted third parties to monitor pre-boots.
Enterprises don't need to migrate immediately. Many are in the process of migrating to Windows 7, but will be able to take advantage of the activation and management of embedded hardware security straight away.
Encryption is vital. A European data protection regulation drafted early this year will require enterprises to prove encryption at the point of loss or theft. Penalties may be up to two per cent of an organization's global annual turnover.
But if encryption is software based, it is difficult to prove it is even working. With an SED, encryption cannot be turned off, and the management console can provide auditable information.
Hardware-based security is also more cost-effective than software-based security, not to mention the protection against being penalized under the law and being forced to pay substantial fines. So the channel can start selling the benefits of Windows 8 to enterprises now.
http://www.channelweb.co.uk/crn-uk/opinion/2226901/windows-8-security-is-already-an-opportunity
Apparently the VA had problems with other types of encryption
SEDs rock in comparison
Click on Buzz hub
Under blog security matters
VA deploys SEDs
See waves website for article
Cyberwars Reach a New Frontier: the Airport
By Michael Dolgow on August 15, 2012
Thought this was an interesting article.
Anyone know anything about "Trusteer"?
To bad they didn't have activated TPM's, interesting that they had to do a "Sweep" to find the malware.
It sounds like an air traveler’s nightmare: a sophisticated software attack that allows hackers to access internal airport computer systems and manipulate data as if they were authorized employees. Yet that is what happened two weeks ago, according to Boston digital security firm Trusteer, which says it uncovered malware hidden in the private network of a major non-U.S. international airport. The company says the threat could have compromised everything from employees’ personal information to the safety of passengers.
“This was potentially very dangerous, but we don’t know whether the attacker group was targeting the financial system of the airport for economic gain or if the attack was terrorism-related,” says George Tubin, a senior security strategist for Trusteer, which declined to specify the airport that had been targeted, citing security concerns and an ongoing investigation. “They could have been trying to access critical infrastructure—possibly air-traffic control systems and even the air-conditioning ducts on planes. Or they might have been looking at the hiring process, to see if they could get someone in there to work as an employee.”
The airport VPN was immediately disconnected after officials there were made aware of the breach and authorities are investigating, Tubin says. A spokesman for the U.S. Transportation Security Administration, Dave Castelveter, says his agency was made aware of the breach by Bloomberg Businessweek’s inquiries but declined to comment further, citing a policy of not discussing security protocol.
Tubin says the breach was discovered during a routine security sweep of the 30 million PCs protected by Trusteer’s software. The attack used Citadel Trojan malware—which computer users can unknowingly install simply by clicking on a Web link—to read the screens of employees who logged in remotely to the airport’s virtual private network (VPN). It also allowed the cybercriminals to capture the username, password, and one-time passcode of the victims with a form-grabbing technology, according to Trusteer. With the employee’s credentials in hand, the hackers would have unlimited access to the airport computer system’s software to the extent the worker’s account would allow.
Many businesses use VPNs to provide outside workers with access to secure data. Incursions on these networks often involve advanced “Man in the Browser” malware such as the Citadel, Zeus, and SpyEye programs. Infections of this sort can be hard to recognize, and in many cases the hacker can peruse all the victim’s files and communications, without leaving any trace of activity, Tubin says. Historically, MiB programs have been used to acquire financial information from banks and other money-management companies, but in recent years other types of businesses have been targeted.
“We’ve seen this before, although it’s not very frequent,” says Tubin, who views this latest episode as evidence of how the government and private sector have been fighting a losing battle against increasingly sophisticated cybercriminals. “Frankly, it’s way too easy for hackers to get employee credentials and exploit them. For the most part, industry is not doing a very good job protecting against these kinds of threats.”
Trusteer’s announcement came a day after it released a new product designed to protect users of Citrix software programs from malware and other advanced cyberthreats. Tubin says the news of the airport breach and Trusteer’s new product was a “complete coincidence” and that the software’s release date had been planned long before the airport threat emerged.
http://www.businessweek.com/articles/2012-08-15/cyber-wars-reach-a-new-frontier-the-airport#r=lr-fs
The Case for Turning on Trusted Platform Modules
White Paper posted Nov 2012
This paper addresses the use case for turning on Trusted Platform Modules (TPM) as provided by the National Security Agency (NSA) of the United States Government.
In 2005, the Trusted Computing Group (TCG) published guidance to preserve user privacy as well as user control of their computing platform environment, among other things. The TCG recommended vendors deliver trusted computing technologies in a state such that platform users must choose to turn them on, a policy they called opt-in1. Vendors implemented opt-in for Trusted Platform Modules (TPMs) in a variety of ways, with several major vendors delivering platforms to end users with Trusted Platform Modules (TPMs) turned off. At best, vendors left the TPM in inconsistent states from vendor to vendor, and even across product lines of the same vendor. This inconsistency discouraged application developers from taking advantage of the TPM to enhance security in their products and systems. The opt-in policy has inadvertently hindered the integration into global enterprise IT infrastructures of over 400 million TPMs that platform vendors have shipped over the past eight years.
In implementing TCG's 2005 guidance, some vendors’ concept of user may have been more narrow than necessary. As the guidance points out, users of Trusted Computing technologies may include traditional administrators and end users as well as platform vendors and service providers. Some platform vendors assumed a responsibility to ensure the integrity of the firmware and software they design, create, and deploy on their platforms. The TCG has designed the TPM with several controls that allows the end users (to include administrators) to control private information as well as control how the TPM should be used in their applications. However, end actor should take care to exercise this control in a way which avoids conflict with the roles of other actors who have responsibilities to preserve the integrity of the platform and software installed on the same.
The US, UK and EU follow internationally recognized agreements for protecting privacy. 2 However, despite the fact they share the same goals, sometimes they approach and implement solutions a little differently. With help from privacy advocates, the TCG identified and mitigated several concerns with privacy and user control in TPM features.
The US advocates allowing platform vendors to deliver TPMs in a state in which physical presence opt-in of the TPM is not necessary, and furthermore, to present a predictable TPM configuration to security-aware applications. The TCG recently approved a new interface3 which allows vendors to configure the TPM and satisfy a variety of requirements with respect to privacy and user control. The US endorses this interface, which gives platform vendors flexibility to enable platform and service provider roles that provide integrity and other security features rooted in hardware, namely the TPM, while at the same time provide options to the other users, namely administrators and end users, to use the TPM to manage their own private information.
http://www.trustedcomputinggroup.org/resources/the_case_for_turning_on_trusted_platform_modules
Increasing PC Security and Data Integrity - Trusted Platform Module Solution from Infineon Supports Windows 8
Neubiberg, Germany–November 5, 2012–Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) today announced that its Trusted Platform Module (TPM) solution supports and secures the recently introduced Microsoft Windows 8 operating system. Infineon provides a complete solution based on Common Criteria certified TPM hardware and the corresponding software suite aiming at use in communication and office applications. In Windows 8, the TPM is used e.g. in the Microsoft BitLocker Drive Encryption to protect the keys for the encryption of the hard disk. In addition, the TPM provides integrity verification during system boot.
With the release of Windows 8 the importance and role of TPM in the operating system is significantly increased. The TPM technology offers a cost-effective and tamper-proof hardware-based certified security solution, which provides a security level that is not achievable with software-based security solutions. Over the last years many new computing devices have been sold with a built-in trusted platform module chip. The Trusted Computing Group (TCG) estimates that more than 600 million PCs using a TPM were shipped until today.
Infineon’s Trusted Platform Module (TPM) is a fully standard compliant TPM which successfully passed the Trusted Computing Group (TCG) certification process regarding the compliance and the security requirements. Infineon will also provide TPM solutions based on the TPM 2.0 library specification of Trusted Computing Group (TCG).
“Given the strong market demand for a common security solution and increased support by Windows 8, TPM penetration in business PCs, Ultrabooks and Tablets will significantly increase over the next years,” said Juergen Spaenkuch, Vice President and General Manager Platform Security of the Chip Card & Security Division at Infineon Technologies.
TPM Professional Package 4.3
The TPM Professional Package from Infineon already supported prior Windows operating systems. In combination with the currently shipping TPM V1.2 hardware module the new TPM Professional Package 4.3 now also supports Windows 8 which comes with additional security improvements. The latest version of the TPM Professional Package compliant with the Trusted Computing Group’s (TCG) 1.2 specification provides unique TPM management and policy configuration features and supports different platform types, operating systems and multiple languages. The TPM management allows easy configuration of the platform to the TPM environment. It supports Microsoft BitLocker, Microsoft Encrypted File System (EFS), Personal Secure Drive (PSD), encrypted virtual drive, e-mail programs and web browsers encrypting and digital signing.
The Trusted Platform Module (TPM) from Infineon is a specific protected and encapsulated microcontroller security chip used to defend the internal data structures against external attacks. Infineon was the first in the market offering a Common Criteria certified TPM 1.2. The nature of this security chip allows that the information like keys, password and digital certificates stored within is made more secure from external software attacks and physical theft. TPM is an implementation of Root-of-Trust which is integrated into the boot process to establish trust level and gather measurement about the running environment for trusted reporting. Hence, TPM is typically affixed to the motherboard of a computing system.
http://www.smartcardalliance.org/articles/2012/11/06/increasing-pc-security-and-data-integrity-trusted-platform-module-solution-from-infineon-supports-windows-8
You know who else hates Windows 8? Hackers
Antivirus makers heap praise and scorn on new security features
By John Leyden
Posted in Windows 8, 3rd November 2012 13:02 GMT
Free whitepaper – Gartner: Secure Web Gateway Malware Detection Techniques
Microsoft's emphasis on the mobile nature of Windows 8 and its bold touch-friendly user interface may lead some to fear the software giant has taken its foot off the pedal in terms of security.
However there are plenty of changes under the bonnet to merit an examination of the new operating system's defences. Judging by the buzz among security researchers and IT dept bods, the most interesting changes are: the built-in tool Windows Defender now tackles all kinds malware rather than just spyware; the use of digital certificates to ensure the machine doesn't boot up a compromised or tampered Windows installation; and the new Early Launch Anti Malware (ELAM) system that scans the operating system for malware and ensures antivirus software is the first thing to run on a freshly booted computer.
That's according to Aryeh Goretsky, a top brain at security software biz ESET, who wrote up his thoughts in a whitepaper [PDF] [1] titled Windows 8: FUD for thought. He is broadly positive about Windows 8's security improvements.
Most Windows 8 machines will ship with Windows Defender, a rebadged version of Microsoft Security Essentials, included. Goretsky describes it as a good product that offers a "decent level of protection", especially when compared against other free anti-malware programs, if not paid-for products from the likes of, er, ESET. His verdict:
Windows Defender provides a good level of protection, but is mainly targeted at those who are unwilling - or unable - to purchase a commercial anti-malware solution. While any protection is better than none, and Microsoft is to be applauded for including a product of this caliber in Windows 8, Windows Defender should be thought of as the minimum bar for levels of protection and support that computer users should expect from their anti-malware software.
An advantage that Windows Defender has over other free anti-malware programs is that it does not attempt to up-sell the user to a paid-for product and toolbars or banner advertisements, nor does it modify existing search settings.
A big change in lower levels of Windows 8 is the requirement for computer makers to switch from using PC BIOS firmware in their machines and use UEFI firmware instead. UEFI, which powers up the computer and helps the operating system access some of the hardware, isn't particularly contentious, but it does have a feature called Secure Boot that Microsoft has wielded with gusto. Secure Boot prevents a computer from running an operating system unless its boot loader code is digitally signed with a key stored in the UEFI firmware.
Blocking unsigned startup code can effectively prevents malicious software, such as rootkits that spy on users, from hijacking the boot process to ensure it remains hidden from detection. But the technology also makes it difficult for free software enthusiasts to run GNU/Linux and other alternative operating systems on machines certified to run Windows 8.
Red Hat and Ubuntu-maker Canonical Ubuntu have come up with ways to support UEFI's Secure Boot. While Microsoft has said that although the ability turn off Secure Boot must be present in order to pass Windows 8 certification tests, the technology must be enabled by default. Goretsky argues that open-source loyalists critical of Secure Boot [2] should lay off and recognise that the technology is the best available to combat an all-too-real threat. Goretsky, a Microsoft "Most Valuable Professional", wrote:
While it’s too soon to know the long-term effects on security of Microsoft’s Secure Boot requirement, in the short term it greatly reduces the attack surface currently exploited by bootkit forms of rootkit malware on systems using BIOS-based firmware.
It is disappointing that Microsoft’s efforts to repair the hole in the chain of trust of the PC boot process, which has been in existence for two decades, is being met with skepticism and outright hostility at a time when sophisticated attacks are on the increase. We hope that Microsoft and the critics of its stance on UEFI can work out their disagreements so that the security of all operating systems, not just Microsoft Windows, can be enhanced.
Microsoft's stance on Secure Boot has been much debated [3], but one security feature in Windows 8 that has so far drawn little comment is the Early Launch Anti Malware (ELAM) system. This sits in a software layer just above the secured boot process, and ensures a configured anti-malware product is the first third-party code to run while the operating system is still loading - heading off viruses and other nasties before they can compromise a system.
Goretsky describes it as a potential useful tool against sneaky forms of malware, such as bootkits, that try to hide on infected machines:
While the effectiveness of ELAM is as yet unproven, the concept behind it is fundamentally sound and it should prove to be a major deterrence to boot-time malware. The technology, however, may need to be periodically updated to overcome existing limitations and provide additional functionality. Advanced functionality for memory and disk manipulation would be useful for enhancing the detection and removal capabilities of anti-malware programs.
So the OS is defended - but what happens when hackers target ordinary folk?
Despite building these defences around the operating system, Microsoft has some security headaches it can't easily shake off: the ESET whitepaper concludes that social engineering - basically, tricking users into doing dumb things including unwittingly handing control over to hackers - will continue to be a problem. Attacks could also target on-board sensors to tamper with readings.
"While location telemetry might be the likeliest data to be abused, it is not the only one," Goretsky noted. "Data from barometers and thermometers might be spoofed to force a computer to turn itself off, or an unscrupulous manufacturer might falsify data in order to deny warranty service. The same scenarios are also possible with accelerometer, gyroscope and magnetometer sensors and their data."
In addition, Microsoft's insistence on developers digitally signing code could make programmers and their build systems a target for attack; hackers would love to get their hands on the private keys so malicious software can masquerade as legitimate third-party products and trick victims into installing them - and there have been a few cases of miscreants getting hold of sensitive security certificates [4].
Goretsky argues attacks of this kind are only likely to increase, and said the best way to tackle the threat is to improve organisations' IT security policies rather than specifically change the operating system.
Microsoft has made hundreds of security improvements with Windows 8, according to Goretsky, who adds "upgrading to Windows 8 is a no-brainer from a security perspective: doing so greatly increases your security".
However the veteran researcher notes that security will have little bearing on the success of Windows 8 in the marketplace, which is far more tied to its ability to establish a credible alternative to Apple's iPad. We're now in an era where conventional desktop and laptop sales are stagnant while smartphone and tablet shipments are going like gangbusters.
It's the hardware, stupid
Brian Berger, executive vice president at Wave Systems and a board member of the Trusted Computing Group, is even more upbeat about Windows 8's security improvements, particularly the greater reliance on "hardware-embedded security".
"Microsoft’s decision to focus on active embedded hardware security in the Windows 8 OS comes in response to a rapidly changing cyber landscape, marked by the threat of sophisticated boot sector viruses, compliance with data protection laws, an increasingly mobile workforce and porous network perimeters," Berger said. "It brings the Trusted Platform Module (TPM) and optional use of Self-Encrypting Drives into the mainstream for enterprises. In doing so it means that hardware-based security becomes even more pervasive in broader platform types and a very real (and cost-effective) option for securing business continuity and data."
Windows 8 will modernise access control and data management, he added.
"The launch of the new OS also brings fresh capability for the management of virtual smart cards and DirectAccess, allowing enterprise users to establish their identity using the machine as a token-for-network logon, negating the need for tens of passwords which fail to live up to the current threats we face. It also simplifies the user experience and provides higher assurance, reducing help desk costs," Berger concluded.
The positive outpourings for Windows 8's security follows a thumbs-up during an earlier analysis of the operating system by Chris Valasek, a senior security research scientist at software testing firm Coverity. Valasek praised the exploit-mitigation technologies [5] built into Windows 8 - specifically in the heap memory manager and kernel pool llocator - arguing that these features will serve to make life far more difficult for malware slingers.
Rik Ferguson of security software maker Trend Micro is also broadly upbeat about the security improvements in Windows 8, and highlighted the fact that web filtering features commonly found in browsers have been extended across the OS.
"The SmartScreen technology that you are used to seeing in Internet Explorer has now been extended across the entire operating system so now even if you are using something other than a browser to access internet resources and downloads, you will still be offered some level of filtering for potentially malicious downloads. Let’s hope this one isn’t as 'noisy' as User Access Control (UAC) has been," Ferguson wrote in a blog post [6] on Windows 8 security.
The only note of criticism was a weakness [7] in the way Windows 8 stores passwords for people who use pictures or PINs to login.
"Microsoft has added some functionality obviously designed for those touchscreen devices they are anticipating," Ferguson said. "Picture or PIN based logins credentials can be used once a user password has been set as a shortcut to logging in. While this feature may be convenient, research during beta testing demonstrated that an attacker with local administrator privileges could access and decrypt the passwords of accounts using this feature."
Ferguson also damns the built-in Windows Defender malware protection with faint praise: "Microsoft Windows 8 is more secure out-of-the-box than it has ever been, but remember the integrated anti-malware provides only baseline security, not the fully featured security of a dedicated specialist." ®
http://www.theregister.co.uk/2012/11/03/win8_security_analysis/print.html
Finalists announced in Government Security New’s 2012 awards program
Thu, 2012-11-08 03:49 PM
If this was posted earlier, forgive me for posting it again.
In spite of unfortunate business interruptions caused by power outages, flooding, loss of Internet services and other damages inflicted on the Northeastern part of the country by Hurricane Sandy, Government Security News has announced finalists in all three broad categories of its 2012 Homeland Security Awards Program.
The annual contest celebrates the public-private collaboration that makes up the nation’s homeland security apparatus by presenting awards to leading vendors of IT and physical security products and solutions, and to federal, state, county and municipal agencies for notable achievements in government programs, projects, strategies and initiatives.
The winners’ trophies will be presented at the 2012 awards dinner, which will take place on the evening of Thursday, November 29, 2012 at the Grand Ballroom, L Street Concourse, of the Washington, DC Convention Center. Individual seats or a table for 10 can be reserved on the GSN Website or by contacting GSN Publisher Edward Tyler at 212-344-0759, ext. 2001 or by email at etyler@gsnmagazine.com.
Discounted rooms for awards dinner attendees can be reserved at the Marriott Renaissance Downtown Hotel, which is across the street from the Convention Center, by going to the hotel’s Website and using the group discount code: smasmaa.
According to GSN managing partner, Adrian Courtenay, the 2012 awards program has a record number of entries relating to new IT and physical security technologies, and to significant programs from government agencies at all levels to enhance security in a year that saw presidential elections, thwarting of terrorist plots and heroic federal, state and local emergency responses to a series of natural disasters that occurred throughout the year.
Government Security News would like to acknowledge and thank the generous sponsors that have enabled the 2012 Homeland Security Awards program to take place:
BRS Labs
Cisco Systems
Entrust
Raytheon
Redseal
Teradata
Vanguard Integrity Professionals
Whitestone Group
The complete list of finalists and preemptive winners appears below:
CATEGORY 1 – VENDORS OF IT SECURITY PRODUCTS AND SOLUTIONS
Best Anti-Malware Solution
Accuvant, Inc.
Invincea
GFI Software
Best Identity Management Platform
Alert Enterprise (Converged Identity and Access Management Platform)
Entrust
Net IQ (Identity Manager)
Vanguard Integrity Professionals
Best Certificate Management Solution
Entrust -- Preemptive Winner
Best Compliance /Vulnerability Assessment Solution
Agiliance
Application Security
eIQnetworks
RSA
Vanguard Integrity Professionals
Best Data Security/Loss Management Solution
Application Security
Free Wave Technologies
WAVE Systems
http://www.gsnmagazine.com/node/27793?c=federal_agencies_legislative&cm_mid=1852869&cm_crmid=
The bottom line for me would be if they did a reverse split. Of course, we are not at that point so it may be a mute point.
I believe someone else made mention that even that date could be extended. Correct me if I'm wrong.
Bottom line is, close the sales and this talk will be history.
Virtual Smartcards to Thwart Cyber Attacks That Target Domain Credentials
With Wave, IT Can Use All the Security Features of Physical Smartcards With Technology They Already Own
Press Release: Wave Systems Corp. – 54 minutes ago
LEE, MA--(Marketwire - Oct 31, 2012) - Wave Systems ( NASDAQ : WAVX ) announced capabilities in its newest version of EMBASSY Remote Administration Server (ERAS) that empowers IT to roll out virtual smartcards for added protection against credential theft -- without the provisioning challenges, costs and support associated with physical smartcards.
Microsoft is emphasizing the role of virtual smartcards in its recently released Windows 8 operating system, as one of the key pillars of modern access control. Wave is delivering modern access control today on Windows 7, enabling the use of both machine and user ID using hardware-protected certificates through the Trusted Platform Module (TPM).
Virtual smartcards are similar to physical smartcards, but instead of requiring the purchase of additional hardware, they utilize technology that users already own. They feature the same properties, including non-exportability (ensuring information on the card cannot be extracted from the device), isolated cryptography (cryptographic operations cannot be extracted) and anti-hammering (to prevent brute force attacks). The primary difference lies in the fact that private keys are protected using the TPM of the PC instead of smart card media. Private keys are protected not by the isolation of physical memory, but rather by the physical isolation and cryptographic capabilities of the TPM.
"There are compelling reasons why organizations should give serious thought to upgrading to virtual smartcards, rather than tokens or physical smartcards, to address their modern access control requirements," said Steven Sprague, CEO for Wave Systems. "These older forms of user authentication come with significant acquisition and replacement costs, plus additional hardware such as card readers. Virtual smartcards can be enabled on any machine running Windows 7 today -- without procurement expenses."
Implementing virtual smartcards means employees never have to type domain credentials into their device, effectively providing two layers of protection against credential stealing attacks.
Depending on policy, user name and password may never need to be used -- so it's virtually impossible to steal them.
It's much more difficult to target user name and password as a means of attack, as they would only be one authentication factor.
Making Device ID the Cornerstone of Enterprise Network Security
Virtual smartcards provide added security by identifying both the user and the device. The user's possession of his or her PC serves as the equivalent of holding the smartcard, because the smartcard is "loaded by default."
"The organization that employs virtual smartcards has taken the very important step of managing device identity -- a fundamental shift in network security. It puts the focus on the identity of the device and out of the hands of the user. Tomorrow's network starts with device ID."
Good question, you'ed think there would be some sort of annoucement.
Wave Exec Sees Trusted Computing Gains with Windows 8 and 'Secure Boot'
By Kurt Mackie
10/18/2012
A new "secure boot" firmware protocol that Microsoft will support with Windows 8 may have stirred up controversies, but it's all old hat for companies like Wave Systems Corp.
Wave, a Lee, Mass.-based trusted computing independent software vendor that was founded in 1988, is prepared to provide assurance to organizations that the secure boot system really works. The company announced a partnership with Microsoft in February that will provide "attestation" and computer health reporting services for Windows 8 systems. Wave, which provides its solutions to OEMs, also contributed a lot of input to Microsoft that went into Windows 8's security model.
Advertisement
"We, Wave, are a trusted computing software provider and in the unique position as a software vendor and in the industry in that we've provided a lot of the industry capabilities around a lot of the Windows 8 security architectures, based on the Trusted Computing standards," said Brian Berger, executive vice president at Wave Systems and a board member of the Trusted Computing Group, in a phone interview conducted last week. "And so Wave has shipped over 110 million copies of security software based on those standards through the OEM channels."
Secure boot, which is also called "trusted boot" by Microsoft, is part of a Unified Extensible Firmware Interface (UEFI) specification. It isn't Microsoft's technology. The spec describes a way to sign bootloaders via a Certificate Authority before the operating system loads. The idea is to prevent rootkits (otherwise known as "bootkits") from taking control at the firmware level, something that currently goes undetected, even by the best antimalware software. Newer systems shipping with Windows 8 likely will have secure boot turned on by default, mostly because Microsoft is requiring that capability in its recommendations to OEMs.
Secure Boot and Linux
Clearly, secure boot has benefits that most computer users would want. However, developers and hobbyists testing Linux OSes on PCs fear that Microsoft's requirement for chip builders to turn on secure boot in Windows RT systems by default will make it impossible to sign Linux OSes, thereby making it unlikely that mass-produced computers will be capable of duel-booting Windows and Linux OSes. In response, the nonprofit Linux Foundation appears to be moving forward with a plan to obtain a "pre-bootloader" from Microsoft that will work with any Linux or non-Linux OS distribution, according to a description by James Bottomley, chief technology officer of server virtualization at Parallels and a Linux kernel maintainer of the SCSI subsystem.
"In a nutshell, the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system)," Bottomley explained in a blog post. "The pre-bootloader will employ a 'present user' test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems."
When available, this prebootloader will be available for anyone to download and use, according to Bottomley's post.
Microsoft's stipulation to chipmakers about turning on secure boot by default will have fewer restrictions for Linux developers on x86/x64 systems. That's because Windows 8 will have a setting to disable secure boot, should anyone want to do such a thing. And it looks like they will be able to get signed certificates.
"I can't really speak to Microsoft's plans or architectures," Berger said. "We [Wave] look at how do we provide solutions on a Microsoft platform, whether Windows 8 or Windows RT -- can we get UEFI modules signed by Microsoft or other third-party signing authorities? And the answer is 'Yes' to that part. And in the case of a third party who has their own bootloader to perform a dual boot, they should be able to get that signed by Microsoft or another third party by the authority for UEFI. We haven't seen that as a barrier to entry."
Berger did acknowledge the limitation for turning off secure boot on the Windows RT side, but said it would affect only some developers.
"Our understanding of secure boot disablement is that it can be done on x86 architectures -- UEFI can be turned off by the user by going to the BIOS setup," Berger said. On the [Windows] RT side, our understanding that secure boot cannot be disabled."
Windows 8 and Trusted Platform Support
Despite the grumbling heard on the Linux side, Berger was upbeat about Microsoft's implementation of security in Windows 8. He noted that the Wave Endpoint Monitor (WEM) product will provide notification to enterprises about the security of their Windows 8 platforms. Microsoft provided an opening for third-party vendors, such as Wave, to tap into the Windows 8 security plumbing, and even that of Windows 7 with its "legacy BIOS."
"The value of secure boot and WEM is about notification of your standing of your platform state and its integrity," Berger said. "Microsoft has done a great job of bringing more security to the platform going forward. We at Wave look at that and say, 'They've using the key components of the industry standards group -- good going; allowing third parties to integrate into those areas -- good story there; for us as an ISV, providing more value on top of the operating system for the end user, for the IT organization -- is all good.' We're doing it on Windows 7 today, actually all of this stuff."
http://redmondmag.com/articles/2012/10/18/trusted-computing-gains.aspx