Tuesday, April 29, 2008

Microsoft Messenger 7 ready for Mac

It's still well behind the Windows equivalent in terms of functionality, but Microsoft Messenger for Mac 7.0 has arrived.

While Messenger 7.0 finally delivers video and audio conferencing, this feature is only available when used in conjunction with Office Communications Server 2007. So if you were hoping to make a video call to Aunt Inge in Finlandia, you're out of luck. If you can't talk her into buying a Mac so you both can use iChat, there's always Skype or one of the other IM programs that support cross-platform calls.

Personal audio and video support has been promised for a subsequent version of Messenger for Mac, but it won't happen until after Windows Live Messenger has adopted the audio and video protocol used by Office Communications Server. All Microsoft's saying is "We are making progress".

OCS users will also find they can search the corporate address book.

Ordinary users do get the ability to search the contacts list (useful if you count contacts in hundreds rather than dozens) and to assign nicknames so you don't get confused by people who keep changing their screen name, while OCS users can search the corporate address book from within Messenger.

Both groups can take advantage of Bonjour support to see if any other Messenger for Mac 7 users are active on the same LAN. Excited by that? Me neither.

Messenger for Mac 7 requires Mac OS X 10.4.9 or later and either a Windows Live ID or an OCS 2007 account.

Source: http://www.itwire.com/content/view/17959/1151/

By Stephen Withers

Wednesday, April 16, 2008

How to lock down instant messaging in the enterprise.

Instant messaging (IM) is one of the most widely deployed Internet-enabled applications today. This huge user base is one of several reasons why IM applications are an obvious target for hackers. Another is IM's capability to transfer files, which makes it an effective medium for spreading malware. IM traffic also bypasses many firewall checks, as it can use any port to connect to IM services and is often embedded inside HTTP packets.

Like many Web-based applications, IM security is not keeping up with its rate of adoption. Enterprises must appreciate that the nature of IM-borne threats is substantially different to those that enter a network via email. The critical defenses that protect against email threats won't provide adequate protection against the growing array of threats that can enter networks through IM clients.

Here are a few defensive strategies that make sense when locking down instant messaging in the enterprise.

Monitor IM traffic
To control and monitor IM usage, it's necessary to monitor inbound and outbound traffic across all ports and protocols. Top-end Web security gateway devices can provide this type of multi-layered traffic inspection. Web security gateways offer the advantage of consolidating many security functions in a single device, protecting clients from the internal network threats they encounter while using the Internet. A Web security gateway also allows an administrator to set policy rules on one device, a far easier task than trying to enforce each policy across several different devices. This greatly reduces workloads particularly as there is only one interface to grapple with.

For those that go the Web security gateway route, ensure that it can integrate with the organization's identity and authentication management system, often Active Directory. This will allow the blocking of specific users or groups of users from accessing IM services.

Deploy an enterprise IM system
To really tackle the threats posed by IM, I feel there is a strong case for using an enterprise IM system. Real control is impossible if an organization allows employees to use IM software of their own choice. Bringing the instant messaging infrastructure in-house enables enforcement of policy rules, as well as monitoring, filtering, blocking and archiving traffic. None of the major instant messaging protocols encrypt network traffic, but an enterprise IM system can enforce the use of encrypted messages as well as authenticate users to the server. This will help ensure compliance with regulatory and corporate governance policies.

Create an IM acceptable-usage policy
Whether your organization deploys an enterprise IM server or a Web security gateway, it is vital to create and enforce an IM acceptable-usage policy. You can certainly base this policy on an existing email usage policy, as the framework will be similar. The IM policy though must address, additional areas, such as how file transfers are initiated.

Finally, as new services like VoIP are added to instant message software, it is as important as ever to keep your system and software programs patched and up to date. IM usage has become a must-have communications method in countless enterprises, and with a moderate investment of time and effort, there's no reason it can't be adequately secured.

About the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for several SearchSecurity.com Security Schools and, as a SearchSecurity.com site expert, answers user questions on application security and platform security.

Monday, April 14, 2008

Barman’s GoGroups aims to replace IM

Touradj Barman SOM ’07 plans to kill the instant messenger. Or replace it, at least.

With these hopes, Barman is releasing GoGroups, a downloadable program that allows users to join, chat and share in public and private online groups. His program, which he began developing while a student at the School of Management, does all this with the help of his patented “live html.”

Barman is making GoGroups available to the Yale community today in the first step toward a wider distribution.

In GoGroups, each group of users has a set of “cards,” chat conversations encoded in HTML and updated immediately. Barman said this patented technology makes each card like “a Web browser without a refresh button.” The cards can contain text, HTML, pictures and even widgets like YouTube videos.

“You could take any window that’s out there on the Internet and put it in there,” he said.

Barman said he hopes these cards will be simultaneously as immediate as IM and as “persistent” as e-mail, allowing the user to archive and continue previous chats.

Among the archived cards already on GoGroups, there are numerous test messages between Barman and the other developers tracking the growth of GoGroups over the past four months. But the idea itself started long before that, when, in his first year at the SOM, Barman wanted to combine elements of instant messaging and e-mail. He shared the idea with his friend Jason Mallet SOM ’07, who encouraged him to raise money for the project.

“[Mallet] has knowledge of the finance world,” Barman said. “And he thought it was fundable, so that was really encouraging.”

Barman also got encouragement from the SOM, where he concentrated in marketing and in strategy. “It gave me the inspiration to make it real,” he said. “Going to the classes gave me a more strategic mind.”

Even with inspiration from his friends and faculty, raising the capital proved to be the biggest hurdle Barman’s idea faced.

“I tried to do that at school, and I didn’t have a lot of luck,” he said. “Less than three weeks after I graduated, I randomly met this real-estate agent from San Francisco, and he ended up giving me 250K.”

Barman hired developers, and now the program is almost ready for launch. But Barman is still trying to raise more money. “It’s always a challenge,” he admitted. He said he has also found it difficult to conceptualize a unique business model.

“I didn’t want to just put ads in people’s faces,” Barman said. “Facebook will take your information and use it to make money, but if you find a way to make money without invading people’s privacy, you’re going to be better off.”

“We’re focusing on unique ways to make money instead of selling data,” Barman added, citing such avenues as “feature packs” including financial add-ons for specific users and private networks for corporate clients.

Gabriel Tejada ART ’07, who helped Barman create the GoGroups identity and Web site, agrees that he is not the typical businessman.

“Most of the other students are more interested in getting into a corporate world, but he has the entrepreneurial thing in him,” she said.

Tejada said that pushing boundaries, while encouraged among students in the art school, seems less common among the stereotypically more conservative students from the business school.

“He’s not taking the safe way,” Tejada said.

“Even in conceptual phases, he could articulate very clearly what he wanted,” she recalled. At the time, she could see the passion he had for the idea, and how it was something different from Facebook or instant messaging.

To gradually attract its initial members, Barman is first opening up GoGroups to the Yale community alone. But it is still unclear how students here will receive it.

“It seems that it has the possibility to be really cool,” Drew Westphal ’09 said. “It could be a good idea or a good service, but it’s not quite ready.”

Westphal, a computer-science major, doesn’t see GoGroups becoming very popular.

“It seems like instant messaging was really cool in high school, and it’s declined in popularity since we got to college,” Westphal said. Except when one is in section, he added.

After seeing a YouTube introduction to GoGroups and the company’s Web site, Westphal prepared a list of criticisms of the program.

“It seems that their HTML is pared down,” he said, pointing to what he called the limited abilities of the cards’ live HTML as compared to that of standard Web browsers. HTML is not an ideal way to format text, Westphal said, although the ability to drag and drop links, like those from YouTube, makes sense.

Westphal wondered as well about the program’s social-networking abilities.

“How is this going to become easier and faster to use than Facebook?” he asked.

Barman’s own profile on GoGroups includes his contact information through services like AIM and MySpace.

But although GoGroups may not be great for socializing, it could be useful for organizing, Westphal said. The quality of the tag cloud — a list of the conversation cards, matching more popular cards with larger font sizes — will determine how easy it is for users to navigate between conversations.

“How good the tag cloud is will determine a lot about the programs usability,” he said.

Additionally, Westphal sees great potential for filesharing in GoGroups’ secure 256-bit encryption.

“It’s encrypted so you can share files, not just for piracy, but for business purposes, too,” he said.

For those who never let the law keep them from a free movie, GoGroups provides one gigabyte of storage and a server with, as Westphal says, “a whole lot of bandwidth.”

“A gig is still pretty large,” Westphal explained. “You could share one program, or one or two feature-length films or three or four episodes of a TV show.”

GoGroups may have a stopgap to prevent illegal filesharing, Westphal said, but it will essentially come down to the company’s stance on censorship.

“If they don’t care who’s using it, and just want a lot of people using it, then they should not check,” Westphal said. “People will join, possibly for illicit purposes.”

But Barman is continually finding ways to improve GoGroups.

“He’s dedicated himself to it,” Tejada said. “He’s made it this far because of his own effort.”

By Simon Swartzman

Source: http://www.yaledailynews.com/articles/view/24415

Wednesday, April 9, 2008

Using Instant Messaging in the Office

We have received a question about using Instant Messaging services (such as AIM, Yahoo, MSN Messenger & Skype Chat) in the office: “Is it safe to allow our employees to do this, what are the benefits and what are the dangers?”

This is a pretty complex subject for a single blog entry – and as with anything to do with security and technology, things are changing all the time – but here are some pointers for you to consider when making your decision.

IM can be handy as a means to communicate very quickly when situations require. The ‘real time’ aspect of messaging is appealing to many as it can save huge amounts of time if you require advice or an opinion in a hurry - without the cost of a telephone call. You can’t get faster than instant! Also, as most IM software is available as a free download so it’s unarguably a cost-effective communication tool.

But, it is also undeniably an easy way for people to chat about non-work related subjects, or even moan about work in general. It’s not really the done thing in offices these days for people to sit at their desk and chat on the phone to friends. However, chatting on IM is a means for people to do the same thing without getting caught. Co-workers and supervisors may assume the person was discussing serious work matters but in practice it could actually be plans for the weekend or the latest episode of EastEnders!

It may be quick and convenient but is it secure? Different IM applications use different protocols and standard firewalls may not block or detect them. Some IM clients can use ports other than those associated with IM even commonly open ports such as 80 (normally associated with web browsing).

IM programs such as AIM, Yahoo and MSN Messenger pose additional possible security issues. These programs often allow more than just chat: they allow file transfers as well. Not only could users send documents – a recent study revealed that around 32% of companies have found employees passing confidential information to a third party - but users can also receive files that may possibly contain viruses or malicious code. Not to mention the liability nightmare if employees use the file transfer feature to share copyrighted music, movie or software files in violation of the law.

Is there an answer without an all-out ban? It could be a simple case of allowing one type of IM to be used over another. There are two basic types of IM technologies: peer to peer (P2P) and client-server. With a P2P system, IM clients communicate with each other directly hence they are less secure as there is no centralised control. With a client-server system, communications go through a central IM server from which it is passed on to the recipient. With client-server systems, IM communications can be monitored and logged at a central location (which also conforms to current compliance regulations). Not only do you have an audit trail but employees will be deterred from engaging in non-work related chit-chat and file swapping if they know they could be found out and held accountable!

Many places already have employees using IM at work, and the automatic assumption - that it cannot be used safely or is hindering productivity and therefore should be blocked - is probably unfair. Used and monitored properly, IM can be a great tool – but, like most other modern tools, it does need to be controlled and monitored if you are to ensure that productivity doesn’t suffer and that your network and data is to be kept secure. Like most other things out there, you just need to know what you are dealing with and know how to control it.



Source: http://blog.charitysolutions.co.uk/2008/04/07/using-instant-messaging-in-the-office/

Wednesday, April 2, 2008

OctroTalk Launches

March 31, 2008

OctroTalk Multiple Buddies on separate IM servicesOctroTalk mobile instant messaging client features connectivity to Google Talk/Jabber with MSN, AIM, ICQ and Yahoo, IM capabilities, VoIP, P2P file transfer, folder sharing, quick picture messaging, and more.

OctroTalk works over both low-bandwidth and high-bandwidth connections, including GPRS/EDGE/CDMA/WiFi/Bluetooth data connections. OctroTalk supports a low bandwidth codec with low CPU usage requirements so it runs quite well on smart phone devices. It currently runs on Windows Mobile smartphones, Windows Mobile Pocket PC, and Symbian S60 3rd Edition. OctroTalk features an easy to use user interface that supports one handed operation and 5-way navigation. OctroTalk currently supports GoogleTalk/Jabber, MSN, AIM, ICQ and Yahoo.

Interestingly, when you logout from the Google/Jabber account, the application will automatically log you off from all your accounts including MSN, AOL, ICQ and Yahoo. You can be connected to MSN, AOL, ICQ or Yahoo! only when you are connected to Google Talk/Jabber. I guess Google Talk/Jabber must act as the mediation to the other IM services.

In any event, OctroTalk allows you to have multiple IM sessions going on simultaneously which will appear as tabs.

One cool feature is that If you are using the Google Talk account, then for your Google Talk buddies you can archive your chat conversations and search an information in your Gmail account.

Emoticons are supported (comes with the Microsoft MSN Messenger emoticons). Initiating a VoIP call is pretty easy to do.

The only limitation is that you can only VoIP someone with a Google Talk/Jabber account. It doesn't support VoIP connectivity with MSN, AIM, ICQ, or Yahoo.

With OctroTalk you can create or join chat conference rooms. It appears that OctroTalk hosts the conference rooms but it can support other services. The conference rooms only support IM and not VoIP. I'd like to see group conferencing with VoIP capabilities in a future release. Of course, that would require MCUs and possibly some heavy transcoding, but it's certainly a feature people want.

Summary of Features:

* Always on connected to Google Talk/Jabber with MSN, AIM, ICQ and Yahoo transports
* Complete VOIP product. Access to PSTN.
* Supports Low Bandwidth Codec (even works with EDGE/GPRS/CDMA).
* Streamlined UI. Optimized for one-handed operation. Today Screen on Pocket PC. Home Screen support for Smartphone.
* Extremely fast P2P file transfer. Quick picture messaging.
* Low CPU usage. Only VOIP product that works on Treo 700w (300 MHz processor).
* Secure and Encrypted connection to GoogleTalk. Google Talk messages are encrypted using industry standard TLS/SSL.
* Message Archiving in your GMail Account.
* Share files with your buddies (automated file transfer).
* Access your computer remotely. Install OctroTalk for Windows on your desktop, and share a folder with OctroTalk on your Mobile.
* Support for GroupChat/Conferencing. OctroTalk lets you create/join Jabber conference rooms.

LAN Instant Messaging Software - LAN Messenger

LAN Messenger is an instant messaging software for home or office users that can be very useful for your work. LAN chats allow you to commu...