[ISN] Microsoft: A separate look for security

From: InfoSec News (isnat_private)
Date: Thu May 08 2003 - 22:51:50 PDT

  • Next message: InfoSec News: "[ISN] Fluffi Bunni worked for Siemens"

    By Michael Kanellos 
    Staff Writer, CNET News.com
    May 8, 2003
    NEW ORLEANS -- Microsoft is trying to make security obvious. 
    The software giant plans to visually alter document or application
    windows that contain private information that's secured through
    Microsoft's Next-Generation Secure Computing Base (NGSCB), formerly
    known as Palladium. Secure windows will look different than regular,
    unsecured windows in order to remind users that they are looking at
    confidential material, Peter Biddle, product unit manager for
    Microsoft, said Thursday at the Windows Hardware Engineering
    Conference (WinHEC) here.
    "We know that users need to be able to tell the difference between a
    trusted window and a regular one," Biddle said. "The window (will be)  
    noticeably different."
    People will likely customize the secure pages, which will help prevent
    "spoof attacks," where hackers plant a fraudulent Web page on a PC
    screen that looks, but isn't, a file from a person's doctor or
    accountant, for example.
    The border of a secured page may contain information--such as the
    names of all the dogs that someone has ever owned--to make the data
    instantly recognizable as sound to the individual owner, as well as
    difficult to replicate. A hacker can create a spoof page with dogs'
    names running along the border but, in all likelihood, not one reading
    "Buffy, Skip and Jack Daniels--and in that order," Biddle said.
    NGSCB essentially creates a secure data vault and a secured way to
    transmit data between memory, the hard drive, the monitor and trusted
    third parties. Computer users will likely secure intellectual property
    files or bank records with it, but not the bulk of their data on their
    PC, according to Microsoft.
    Information on secured windows will vanish if another window is placed
    on top of it or shifted to the background. Erasing the information
    will prevent certain types of attacks and remind people that they're
    dealing with confidential material, Biddle said.
    When the secure window returns to the top of the stack, the
    information will reappear, he said.
    Microsoft is still working on how to implement this technology and
    what it will ultimately look like.
    Separately, David Kirk, an executive with graphics chipmaker Nvidia,
    said his company will be able to release graphics chips that conform
    to the NGSCB specifications the day that Longhorn, the next big
    version of Windows, comes out. NGSCB will not be integrated into
    Longhorn, which is due in 2005, but will instead come out as separate
    software, Biddle said. Over time, pieces of the technology will be
    integrated into the coming operating system.
    Graphics cards are a security problem, because they contain their own
    pool of memory.
    John Crank, senior branding associate at Advanced Micro Devices, said
    the chipmaker is also looking to adapt its products to the security
    Earlier in the week at WinHEC, Microsoft showed off a prototype of
    NGSCB that's based on real and emulated hardware. Small applications
    running on the technology demonstrated its security features.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri May 09 2003 - 00:34:45 PDT