I’ll be presenting a talk entitled Hacking Measured Boot and EFI.

No Comments » Permalink

The May 2012 edition of the JW Secure Informer newsletter is now out. Learn more about authorization claims here.

No Comments » Permalink

Amazon Web Services has announced built-in support for .NET developers in their easy scale-up fabric, Elastic Beanstalk, as well as support for SQL Server in their hosted relational data store, RDS. Pretty cool stuff for developers using the Microsoft/Windows tool chain. Full announcement is here.

No Comments » Permalink

Couldn’t resist doing a post on this table, which makes some excellent points:

However, the axis that’s missing here is customer demand. After all, how “real” can security be if nobody’s buying? Not that customers aren’t buying from both columns – they are. But why should there be this dichotomy, perceived or otherwise, between Compliance versus Real Security? Customers as well as technology vendors (not to mention government) share responsibility for that perception. The industry is better served by products that blur those lines.

No Comments » Permalink

Captured by our new Android technology website page, and exemplified by the mobile health claims solution we demonstrated at the RSA conference this year – and which also included a Windows Phone “Mango” version – JW Secure are experts in device identity. Need a custom security solution on Android and don’t want to confuse your users? We’ve got that covered.

No Comments » Permalink

What is it about networked computers that allow them to be so easily hacked? Find out in the JW Secure Informer newsletter.

No Comments » Permalink

High-growth businesses have advanced IT needs that can only be met by a combination of services and resources that are internal and external, off-premise and on-premise. The best line of business storage solutions are those that offer the interoperability of SQL, the rapid provisioning benefits of the cloud, and the security benefits of on-premise storage.

Learn more in the JW Secure Informer newsletter.

No Comments » Permalink

SmartUtil version 1.0.3.1 is now available for download here. It supports Windows versions Vista through 8, including the new virtual smart card device.

No Comments » Permalink

Come check out Mobile Computing Revealed, hosted tonight in Bellevue by Seattle Technical Forum. Event details and registration are here. I’ll be presenting Mobile Health Claims, including two of the demos that we did this year for RSA.

No Comments » Permalink

We (JW Secure) used cloud computing as the foundation for all four of the “live” security demos we showed at our booth at RSA last week:

• Mobile Health Claims: the backend consists of a consumer banking web service and a custom security token service (STS), both of which are running on Windows Azure. The frontend consists of a mobile checking app for Android and Windows Phone. Device identity is tightly bound to user identity, and only devices with up to date firmware and operating system versions are allowed to perform high-value transactions such as fund transfer.
• TPM Health Claims: the backend consists of a Windows web server running in Amazon EC2. The frontend is a web page with an ActiveX control. The control allows the user to sign into online checking only from a host that meets a certain security bar (anti-malware signatures are up to date, firewall is on, etc.). Health data is submitted in the form of SAML claims, signed by a private key protected by the client Trusted Platform Module (TPM).
• Secure Boot and Remote Attestation: the backend consists of a line of business (LOB) web service and an STS, both in Azure. The web service implements a purchase order submission and approval workflow and interfaces with a front-end Metro-style GUI. Purchase orders can only be approved if the host TPM is trusted and the boot log is clean.

See a recurring theme? LOB services deployed to the cloud. This is the new state of the art when it comes to Rapid Application Development (RAD). If you’re an LOB development shop and you’re not taking advantage of the latest toolkits (Ruby on Rails, ASP.NET MVC) and cloud application fabrics (Heroku, Azure), then you’re probably not deploying new business capabilities as quickly as you could be.

No Comments » Permalink