Category Archives: Windows

Safari Web Browser on Windows and Font Rendering

Posted on by
Reply

If you are interested in typography you might find the article Safari Web Browser on Windows and Font Rendering interesting, posted at dougitdesign.com.

For many of the reasons explained in this article, it is laughable to hear some visual designer, developer, UX person, or whomever say they are an expert in typography, yet they use a box running Microsoft’s Windows. You might be an expert in the way Microsoft’s font rendering wrecks the shape of letter-forms, and how to deal with that mess, but if you had a real expertise in, and love of, typography there is no way that you could be using anything but the Mac OS X as your system of choice.

Read more

Outlook PST Security

Posted on by
Reply

Do you use Outlook with PST files, and have you bothered to set a password to your PST files to protect your data? As of today you might as well just remove that password.

Today the official PST specification was released as a PDF document, and it’s now up to anyone to easily create applications that bypass the PST password security and retrieve all the PST contents. From the official specification:

“PST files support a password-protect feature that requires an end user to enter a pre-defined password before the PST can be opened. In practice, the PST password is just implemented at the UI level, meaning that the password is only required to gain access of the PST through the UI. The password itself is not used to secure the PST data in any way.”
From the Official Outlook PST Specification

But, you might say, wasn’t there an option to encrypt the PST contents? Yes there is, but it doesn’t really secure the data in any way.

“This protocol uses two keyless cipher algorithms to encode the data blocks in the PST. These algorithms only provide data obfuscation and can be conveniently decoded once the exact encoding algorithm is understood. Moreover, only end-user data blocks are encoded in the PST. All the other infrastructure information, including the header, allocation metadata pages and BTree pages are stored without obfuscation. In summary, the strength of the encoded PST data blocks provides no additional security beyond data obfuscation.”
From the Official Outlook PST Specification

In other words – don’t even bother setting a password or trying to encrypt to your PST files from within Outlook anymore now when the official specification is out in the public. If you want to keep your files safe use EncFS, SATA password or a Whole Disk Encryption solution such as PGP or TrueCrypt. The PST files are now open for everyone to browse, regardless of the security settings you might have chosen.