InfoCard: Microsoft Passport Reborn?
NetworkWorld has this article about Microsoft Live Labs releasing two (2) new security applications. The first one is dubbed Security Token Service (STS) and the other one is called Relay Service (RS).
STS is an online identity-management service that enables users to register personal information on a virtual information card using Microsoft’s authentication service, code-named InfoCard. After signing up for STS, when users visit a site that is InfoCard-enabled, they can sign in to the site using information stored in the virtual card, according to Microsoft.
Does this sound familiar? Yes, it sounds like Microsoft is bringing back its old Passport Service. This service is currently still operational for internally developed and operated Microsoft services such as Hotmail and its MSN portal. However, Microsoft pulled it out of the market sometime early last year. So, I certainly hope Microsoft got its act together and does it right this time around. The last incarnation of this service was plagued with security holes causing major customers to pull out of the service.
In the same article, Microsoft annouces a new way for spyware and other forms of malware to enter your computer system. It is called the Microsoft Relay Service! Yes, this service allows peer-to-peer communications that bypass firewalls and outer security devices. This makes it much easier for evil peers to stuff vicious code into your computers! This allows for convinience communications at the expense of a possible security back door. Today, a lot of malware enter private computer system either with worms or malware in p2p networks. If this service is made available and enabled by default on the new MS Windows Vista systems then it will serve as an additional vector for exploitation. The Zombie masters and botters will love this.
