May 25
The ThinkPad X100e is Lenovo’s first professional-grade ultra-portable laptop starting below £400. It’s one of a new category of PCs for today’s business users that blends professional performance, usability and design with new colour options at an extremely affordable price.
The X100e also represents the first time Lenovo has offered AMD processors on ThinkPad laptops. Equipped with your choice of an Athlon Neo single or dual-core processor or a Turion dual-core processor, the X100e provides the performance needed for multitasking and running demanding office apps. It also has the power necessary to support corporate-level OSes like Windows 7 Professional.
The X100e weighs in at under three pounds, and is incredibly comfortable to use. An 11.6in highdefinition display provides ample screen real estate, and an ISO full-size keyboard with a multitouch touchpad and Trackpoint make navigation easy.For wireless connectivity on the go, the laptop comes with 802.11n Wi-Fi and optional Bluetooth and 3G.
After-purchase care comes in the form of ThinkPad Protection, which covers repairs resulting from accidental drops and spills. ThinkPlus Priority Support provides 24/7 business-class technical support for IT professionals. Lenovo Hard Disk Drive Retention lets customers keep their hard drive in case of damage or failure, ensuring that their data remains safely in their hands.
The ThinkPad X100e is available now through Lenovo Business Partners and www.lenovo.com, with models starting at £380 plus VAT. Alternatively, you can enter this competition for a chance of winning one. Good luck!
Click here for your chance to win a Lenovo ThinkPad X100e
Apr 17
Again a great “Security Now” podcast about SSL: how governments can sniff SSL traffic by enforcing Certificate Authorities to provide them with (intermediate CA) certificates. Based on this paper. Great story, recommended reading or listening!
Some things that I picked up:
- Different CA’s can provide you with SSL certificate for same URL (or whatever)
- Internet Explorer (actually the Windows crypto) downloads extra CA’s dynamically; so the list you see in IE can grow behind the scenes
- Firefox manages the list of trusted CA’s itself
- There is no standard policy for when a CA is accepted by browser vendors
- The list of trusted CA’s should be based on your geographical location
- Trusting a CA is somewhat equivalent to trusting a government
- Browser should provide (advanced) users with extra features to help them decide if CA certificate should be trusted or not
In my daytime job, SSL/TLS is used a lot for communication between IT systems within the corporate firewall or with business partners across the Internet. Low level configuration of SSL/TLS is often not supported:
- Configure single CA (or self-signed) cert to be trusted for specific outbound connection (e.g. when business partners have defined their “own CA”)
- Different SSL client certificate per outbound connection
- Easy configuration revocation checks (OCSP etc); and checking if the revocation checks actually work
- Different timeout settings per connection
- Only accept SSL connections on specific interfaces
Mar 12
SAML, WS-Security and the Secure Token Service of WS-Trust result in a very interesting mix, where federated identity and integration (web services) come together.
Microsoft has published the free book(let) “A Guide to Claims–based Identity and Access Control“. Obviously the book is focused on Microsoft technology, ADFS (code name Geneva), FAM and WIF in particular. But I found the first 2 chapters very informative and well written.
E.g. interesting to have confirmation that applications need to keep maintaining fine grained (data level) authorizations themselves.
Also intersting to read about the challenge of home realm discovery: how to know to what Identity provider an external user should be redirected to.
One of the main challenges in my opionion with federated identity is the transformation of tokens/claims. Unless there is further standardization (profiles), the integration with each external business partners will require token transformations. There seems to be a general tendency in WS-land not to bother too much with the actual business content of SOAP messages or SAML tokens.
The day when SAML tokens can be used in an interoperable manner to connect to back-end applications such as SAP or Oracle will be a great day. Looking forward to it.
