News Blog

Read all 'software security' posts in News Blog
March 31, 2008 9:18 AM PDT

Microsoft joins MIT Kerberos Consortium

by Dawn Kawamoto
  • 5 comments

The MIT Kerberos Consortium, a security authentication and authorization group, announced Monday that Microsoft has joined its shindig.

The consortium, which launched in September with Google, Apple, Sun Microsystems and a collection of universities, noted Microsoft is coming aboard as a founding sponsor.

Kerberos aims to offer consumers the same single sign-on authentication and authorization system that corporate America has been using to allow employees to access network services with one log-on. Kerberos is an offshoot of MIT's Project Athena, which was developed back in the 1980s.

Microsoft uses the Kerberos network authentication protocol in such products as its Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. And Kerberos also serves as the main authentication tool in Microsoft's Active Directory.

"Microsoft joining the Kerberos Consortium is significant," Stephen Buckley, consortium executive director, said in a statement. "They represent a vast number of users of Kerberos. It is an important step forward towards our common ambition to create a universal authentication platform for the world's computer networks."

What's next? Given its past troubles with its passport authentication efforts, is the next stop for Microsoft the Liberty Alliance Project?

Topics:
Enterprise software,
Microsoft,
Security
Tags:
Microsoft,
MIT,
Kerberos Consortium,
Liberty Alliance,
authentication and authorization software,
security software
Share:
Digg
Del.icio.us
Reddit
May 22, 2007 12:25 PM PDT

Opera Software sings security note

by Dawn Kawamoto
  • 1 comment

Just a few days ago, Opera Software was singing the blues.

It turned out that unsavory attackers could craft malicious torrent files, which, in turn, could lead to a buffer overflow in Opera for Microsoft Windows users, according to Opera's security advisory.

And that's not a good thing.

These attackers could inject arbitrary code into users' systems, if they right clicked on a torrent entry in the transfer manager, resulting in a buffer overflow. Fortunately, for some, simply clicking on a torrent link would not trigger the vulnerability.

Opera, which was notified of the flaw on May 8 by security research firm iDefense, dashed out a fix Monday with its 9.21 security update.

Topics:
Security
Tags:
Opera Software,
security update,
security flaw
Share:
Digg
Del.icio.us
Reddit
April 24, 2007 12:34 PM PDT

OpenOffice password crack is open to abuse

by Tom Espiner
  • 1 comment

Security experts have warned that password recovery tools for OpenOffice, the open-source application suite, are vulnerable to abuse.

The release of version 1.0.4 of Intelore's OpenOffice Password Recovery software on Thursday allows IT managers and systems administrators to recover OpenOffice passwords and discard formatting and editing restrictions--for example, locked cell protection and permissions. The software allows password recovery through brute force and dictionary-based attacks, or a combination of both.

"Even if you have lost passwords for all your OpenOffice programs and documents, Intelore's solution can help you quicker than any similar program--OpenOffice Password Recovery supports simultaneous processing of several recovery projects with different attack profiles," said Dmitry Rozenbaum, chief executive officer of Intelore.

Although password recovery tools for Microsoft applications have been available for at least six years, OpenOffice Password Recovery is one of the first commercially available tools for open-source products. But security experts have warned that such tools could be open to abuse.

"These kinds of tools can be used for both good and bad," said Graham Cluley, senior technology consultant for security vendor Sophos. "It's a grey area in software. Cottage industries for such tools are mushrooming. These applications can help people, but in the wrong hands they're a bit of a security concern." Cluley added that IT managers could set policies about who could have access to such tools on a business network.

Paul Wood, senior analyst at e-mail security vendor MessageLabs, said that it opened a possible attack vector from disgruntled employees. "One attack vector is if a rogue employee has access to file-share password-protected documents. They can copy them, take them offline, and brute-force them at their leisure." Wood added that companies should lock down privileges, and consider encryption for sensitive documents.

OpenOffice Password Recovery version 1.0.4 is available to download for evaluation. The full business version costs $129. The product offers Unicode support and allows for recovery of multi-language passwords. OpenOffice Password Recovery version 1.0.4 can also recover a password containing typing errors, according to Interlore.

Topics:
Security
Tags:
OpenOffice,
passwords,
software security
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET