truste

Web of Trust (WOT) for Internet Explorer provides users with a simple meter for gauging a Web site's danger level. With easy to read warnings, this program only leaves one thing to chance with your safety.

The program does not have anything to offer on your computer's desktop because it embeds itself into your Internet Explorer browser for quick access. Depending on the Web site you visit, the program's icon turns red, yellow, or green to illustrate the danger level. Clicking on the icon displays a chart showcasing Trustworthiness, Vendor Reliability, Privacy, and Child Safety. The warnings … Read more

SAN FRANCISCO--Microsoft is testing some of its new identity-based security technology in Washington state schools, where students and teachers will be able to securely access grades and class schedules, a Microsoft executive said in a keynote address Tuesday at the RSA 2009 security conference here.

The software company is working with the Lake Washington School District-- comprised of 50 schools and nearly 24,000 students in and around Microsoft's home town of Redmond--to deploy its Geneva claims-based identity platform, said Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group.

Students and parents will bring identification information into … Read more

Be careful who you give your mobile phone number out to. An attacker with the right toolkits and skill could hijack your phone remotely just by sending SMS messages to it, according to mobile security firm Trust Digital.

In what it calls a "Midnight Raid Attack" because it would be most effective when a victim is asleep, an attacker could send a text message to a phone that would automatically start up a Web browser and direct the phone to a malicious Web site, said Dan Dearing, vice president of marketing at Trust Digital. The Web site could … Read more

Some researchers claim that Intel has a serious chip bug on its hands. But that all depends.

Security experts who are into the arcana of chip security may find "CPU cache poisoning" riveting and serious stuff. Others, however, may simply scratch their heads and move on.

But let's not move on too quickly. First, a quote from an abstract of the paper (PDF) that has some of the chip world abuzz. "In this paper we have described practical exploitation of the CPU cache poisoning...This is the third attack on SMM (system management mode) memory our … Read more

I've recently written about a new standard published by the Trusted Computing Group (TCG) for self-encrypting drives. With this standard, Fujitsu, Hitachi, Seagate, Toshiba, and Western Digital are shipping or will soon ship self-encrypting hard drives for laptop computers. This in turn should prompt a transition, where users will opt for systems with self-encrypting drives rather than install encryption software utilities.

To me, this conversion is inevitable since hardware-based cryptographic processing tends to lead to superior security and performance while eliminating the muss and fuss around software procurement, installation, and maintenance.

Given these benefits, I believe that the U.… Read more

PALM DESERT, Calif.--We've all heard of the promise of single sign-on, but to date, the concept has yet to make serious inroads. It's still mainly a concept with potential.

But the idea makes sense: giving users a way to log in to all the sites they use without having to have a different set of IDs and passwords for each. Since many Web users are busy and easily distracted by everything going on in our lives, only having to remember a single ID and password would be immensely valuable.

At Demo 09 here Tuesday, a Sunnyvale, Calif., … Read more

PALM DESERT, Calif.--If you've spent any time online, you've almost certainly found yourself wondering about the trustworthiness of the people and Web sites you encounter every day.

Already, individuals are often rated on many sites, like Slashdot or eBay. But it can be difficult to easily discover whether you can trust what you come across, regardless of where you go online.

That's where a company called Purewire and its Trust service come into play. The service, which Purewire announced Tuesday here at Demo 09, is intended to give people a way to quickly and simply see … Read more

According to the Privacy Rights Clearinghouse, since January 2005 there have been more than 252 millions records containing sensitive personal information compromised because of security breaches in the U.S.

Most of these breaches were because of the loss of computer equipment, more specifically the hard drive. When a laptop is stolen, chances are the information contained on its hard drive is worth a lot more than the value of the computer itself. And thousands of laptops are stolen each year.

For this reason, the Trusted Computing Group released Tuesday its final versions of three storage specifications designed to enable … Read more

In cloud computing lately, trust seems to be on everyone's mind.

Alan Murphy of the Virtual Data Center blog points to the dynamic nature of the cloud as a reason why there will need to be more "trust" between customers and vendors:

So moving forward, as the security people tear apart the (in)security of cloud computing, the rest of the world will just need to take that leap of trust. A lowering of our standards for what we can control in the cloud's outsourced data model.

As an end user, it kills me, but I know I have to make those sacrifices, if I want to use those services. So I have to modify my level of trust, and apply new and stronger safeguards to the rest of my work flow processes (personal and professional) to make sure I'm able to recover if/when there is a massive breach that's beyond my control.

My recovery is something I can control, and I definitely trust myself.

Chris Hoff of the blog Rational Survivability responds by pointing out that if more trust means less security, we've got a problem:

In simply closing our eyes, holding our breath, and accepting that in the name of utility, agility, flexibility, and economy, we're ignoring many of the lessons we've learned over the years, we are repeating the same mistakes and magically expecting (that) they will yield a different outcome.

A few months ago, I sat through a very cool "unsession" at the Cloud Summit Executive in San Jose, Calif., in which the conversation ranged across an incredibly broad range of cloud-related subjects.… Read more