Thursday, February 21, 2008
Sunday, February 10, 2008
Saw this Infoworld article through Rebecca Herold’s blog , “IT managers who object to employees using unauthorized software at work have another tool to worry about: Google Apps Team Edition, which requires no IT participation to implement”
As corporate Information Security professionals, does this really worry you? If you say yes, here is a list of applications to add to this,
Pownce “Pownce is a way to send stuff to your friends. What kind of stuff? You can send just about anything: music, photos, messages, links, events, and more.”
Qipit “Qipit turns camera phones and digital cameras into mobile copy centers so people can turn photographs or written and printed materials into scan-quality digital documents they can share and store on the go.”
Meebo “Meebo is a website for instant messaging from absolutely anywhere. Whether you’re at home, on campus, at work, or traveling foreign lands, hop over to meebo.com on any computer to access all of your buddies (on AIM, Yahoo!, MSN, Google Talk, ICQ and Jabber) and chat with them, no downloads or installs required”
Willselfdestruct “You can create a secure anonymous email message to a friend or colleague by entering their e-mail address and the message to see.”
The site goes on to say that “No messages or e-mail addresses are stored after the message has been viewed. We also do not log your IP address or any information about you, your message, or the recipient. Once sent, all data disappears forever.”
DocSyncer “DocSyncer automatically finds and syncs your document files to Google Docs and your DocSyncer account. DocSyncer monitors your documents for changes and syncs the updated files as well.”
YouSendIt “Our innovative service enables users to send, receive and track files, on-demand.”
These examples make a great case for deploying DLP and other monitoring solutions but understand that many of them offer ways to bypass monitoring by allowing the users to encrypt and password protect the channels and data.
Thursday, February 7, 2008
Speaking of vulnerabilities Apple (QuickTime), Adobe (Reader) and Firefox all announced patches for application flaws.
How do we check for patches like these automatically? Check my earlier post on Secunia PSI