Thursday, October 30, 2008

E-mail VS Instant Messaging. How Much People Use Them?

We have just published the results of a survey that we funded internally to find out how people use e-mail and instant messaging. The survey was conducted with 340 individuals in mid-October. Here's a summary of what we found:

* Users in smaller organizations (up to 1,000 employees) spend a median of 33% of their workday doing something in their e-mail client, including checking or sending e-mail, arranging their schedule, managing tasks, etc. Users in larger organizations spend a median of 40% of their day doing work in e-mail. This means that in a 40-hour workweek, users spend between 2 hours / 38 minutes and 3 hours / 12 minutes doing work in e-mail.

* Instant messaging, on the other hand, is used far less than e-mail – for 2% of the average e-mail user’s day in smaller organizations, and 3% for those in larger organizations.

* E-mail is a very important repository of business information. In smaller organizations, 44% of the information that individuals need to do their job is accessible or in their e-mail client; for users in larger organizations, the figure is 48%.

* Just how desirable is video in the context of conveying information? It depends on the content. For example, we asked about the preference for viewing an online video or reading text to convey a short news story while at work: the preference for text ranged from 72% to 75% vs. only 16% to 22% for video (7% to 9% were not sure or had no preference). However, for a 30-minute training session, the preference for viewing a video ranged from 56% to 73%, with 21% to 28% preferring a text-based format for conveying this information.

Source: Unified Communications Alert By Michael Osterman, Network World, 10/30/2008

Instant messaging communication solution for corporate network.

Increasing number of businesses presented online reflects significance and importance of online interaction between its participants. Fully understanding this necessity Flashcoms releases Corporate LAN Chat to be a communication part of a corporate structure.

Corporate LAN Chat is a text/video/audio communication solution to deploy at corporate networks. It combines all the advantages of flash architecture to provide secure approach in on-site or internal network communication. Regardless of network setup Corporate Chat easily fits into any segment of a system to provide the most effective way in communication.

Cutting-edge functionality coupled with clear-cut design, free interface branding which enables displaying your company credentials instead of developer's ones and advanced management options benefit businesses with all-sufficient solution. Impressive features such as built-in whiteboard serves a multi-functional purpose from presentation to online consulting, IM (ICQ, MSN) support allows accessing traditional IMs with no additional software installation, firewall compatibility and seamless integration into existing database accommodate requirements and structure of any corporate network.

Try demo at http://www.flashcoms.com/products/community_chat/demo/
Learn more http://www.flashcoms.com/products/community_chat/overview/

About FlashComs
FlashComs was founded in 2003 to make use of the latest web technologies and to apply them in the sphere of internet communications. From the very beginning our primary target was to provide web sites and web based communities with modern web applications that would make Internet communication easy and enjoyable. Our company's policy is flexibility and constant advancement. We are always open for new functionality requests, application customization and new skin design.
http://www.flashcoms.com/

Wednesday, October 22, 2008

Motorola offers safe wireless LAN for enterprises.

Motorola, with the close of its acquisition of AirDefense at the end of last month, is wasting no time integrating AirDefense’s wireless security technology into its wireless LAN access points.

Today, as part of the company’s announcement of a hardware-based wireless intrusion prevention system built into its wireless access points, Motorola noted that it’s not only eliminating the clutter of unnecessary wires but also the need for an added layer of hardware that was once needed to secure the LAN.

It marks a turning point for enterprise customers who are looking at wireless networking solutions as a way of not only identifying potential cost savings but also delivering throughput that exceeds traditional ethernet. With the arrival of 802.11n technology, networks can now wirelessly move data at the rate of 300 megabits per second, compared to the 100 megabits per second in Ethernet and 54 megabits per second of previous “a” and “g” versions of 802.11.

It’s also worth noting that Motorola’s security features not only protect the network from intrusions but also allow administrators to monitor where potential compromises exist. If a foreign wireless access point were connected to the network and enabled unsecured access to the network, administrators would be able to quickly identify and remove it.

When I met with Motorola, I asked how they planned to talk to potential customers about making an investment while so many companies are being asked to make cutbacks. The short answer was that enterprise customers are more often asking about wireless LANs as a way of reducing costs of installing hard-wired networks while increasing data throughput speeds. At the enterprise level, the common theme is trying to do more with less.

Separately, research firm IDC said this week that the worldwide wireless LAN semiconductor market is expected to pass the $4 billion mark by 2012 with a compound annual growth rate of 22.8%. Personal computers remain the largest application segment for WLAN semiconductors, with 802.11n technology serving as the next growth driver, there’s opportunity for new applications and usage models.

Source:http://blogs.zdnet.com/BTL/?p=10511
Author: Sam Diaz

Monday, October 20, 2008

How To Make Email Messaging Secure?

The email messaging service is getting much more secure now. You can always trust us. The firm was founded in early 90s in order to make you and your clients more secure. The instant messaging works in a secure manner. The business email hosting would make it more secure and your network would be made more secure now. The small business hosting has made it more reliable to make the home hosting securer than before.

The confidentiality issue is not a big issue any more. We offer you the same free service trials and product test features too. The corporate email hosting could be made more secure and this way, you can increase the trust in your business too. We offer customer made free trials too. You can always reach us via our website and other toll free contact number too. You can also login to our website and get a permanent registry too. The small business email would be much easier now too. We have made your business and corporate messaging much secure than before. The emails can be handled without any information leaking problems. The hipaa email security provides you the best of home and office security solutions. These can be handled now without any confidentiality problems.

Tuesday, October 14, 2008

Corporate Network Management For Enterprises.

Enterprise networks are far more complex than ever before — often an amalgam of LANs, MANs and WANs — so the term “enterprise network management” has also expanded in scope. It’s really a combination of various sub-disciplines, such as configuration management, fault management (i.e., “troubleshooting”), telecom expense management, performance management and security management. Enterprise network management sits just below “systems management,” which handles higher-level issues of applications and middleware management. Fortunately, there are a huge number of products out there to help you visualize and ultimately understand your network, not to mention troubleshoot it.


For many years, enterprises relied on mainstay management packages that have stood the test of time — in particular, IBM’s Tivoli and HP OpenView, a Hewlett Packard product family of network and systems management products, with optional add-ons from both HP and third parties. (Following HP’s acquisition of Mercury Interactive in July of 2006, HP OpenView was rebranded under the name, HP Software.) As for IBM’s Tivoli, it’s still going strong, with an enormous, dizzying array of management capabilities.

Nortel’s appropriately named Enterprise Network Management System (ENMS) enables network administrators to identify and resolve problems and performance bottlenecks before they affect such network services as multicast video and IP telephony.Nortel ( News - Alert) says that, whereas multiple competing systems are necessary to manage a network, Nortel’s single system can handle both wired and wireless, voice and data converged networks.

Nortel’s ENMS can provide a traditional “data-centric view” of a network, a global view of both the network and status of devices on the network. The data-centric view is normally the first point of contact where issues are identified, and acts as a launch point for more detailed views. The data centric view supports all Nortel’s products (domain management) and can be used without the VoIP and converged views for customers who do not have a converged network. This data centric view provides common launch points for other Nortel applications to integrate with ENMS.

The administrator can then move on to a “VoIP view,” which provides a view of the network from a VoIP system perspective. The status of network devices, as well as the VoIP system components and IP Phones, is maintained and carried through to the VoIP view, providing a quick way of identifying device issues. Using the VoIP view, you can see the VoIP system components (call servers, signaling servers, gateways) and the system-associated IP Phones. This view does not include the data infrastructure, so it allows the network operator to quickly distinguish between a VoIP system issue and/or a device or data infrastructure issue — the VoIP view provides a Logical View of the VoIP network or the Service View.

The ENMS “Converged view” mode provides an end-to-end view of the converged network. This view — also called the physical view — includes the VoIP system components, IP Phones, the data infrastructure (switches, routers, subnets), as well as the physical connectivity between the devices. As with the VoIP view, the status monitoring of devices continues to the converged view of the network.

Thus, you now have a complete view of the converged network and the interconnectivity associated with the devices. For example, status alarm devices in error can be quickly identified and the error’s impact determined, such as a router’s failure and how this would affect the VoIP calls within a given subnet.

The ENMS Campus Edition supports up to 500 managed IP interfaces, the Enterprise Edition supports up to 5,000 managed IP interfaces, and the Enterprise Upgrade — Enterprise Upgrade: Enterprise Edition upgrade to support up to 10,000 managed IP interfaces

I Can See It Now
The “visualization” of a network has become increasingly important in all of these products. One tool, IPsonar, by Lumeta, is favored by U.S. federal government agencies such as the Federal Aviation Administration (FAA), U.S. intelligence agencies, and the Department of Energy, as well as 15 of the 25 largest banks, five of the 10 largest pharmaceutical companies, and three of the largest energy companies in the world.

IPsonar is a network assurance solution that scans the network to collect all data related to network topology, address space, leaks, and device fingerprints. IPsonar maps every asset on a network (including assets not currently under management) visualizes the connectivity between assets and networks to uncover risk patterns and policy weaknesses, and enables network and security teams to bring unknown assets under management while deploying security technology more effectively to mitigate risk. Network and security managers and executives can accurately visualize what’s on the network, drilling down to analyze potential areas of risk and identify appropriate corrective actions.

Of course, some giant global enterprises may take on some of the characteristics of a service provider, particularly if they find themselves having to distribute something like high-definition video on a large scale to employees, partners, or customers. In such cases, they might want to look at a more service provider-type of bandwidth management technology, such as Sycamore Networks’ SILVX network management and SN 9000 Intelligent Multiservice Switch.

In most cases, larger enterprises will be more concerned with managing thousands of IP phones and IP PBXs. Nectar Services Corp., an IP communications and management services provider and wholly owned subsidiary of Juma Technology, recently debuted its Enterprise Session Management platform (ESM), which can take hundreds or even thousands of disparate hybrid and IP PBXs found in large multi-location enterprises (based on SIP or H.323), and bring them together into a unified enterprise telephony platform having intelligent call routing, advanced business continuity features, and considerable carrier-service cost reductions, thanks to “On-Net” calling over the corporate WAN. Its carrier-class routing and session management functionality is controlled via a simple, intuitive Web-based application, which yields global visibility and management of all voice traffic from the Nectar web portal.

Nectar has also unveiled the Nectar Converged Management Platform (Nectar/CMP), which provides a unified view of the systems that support business applications and processes and unifies separate management disciplines spanning voice, data, security, and applications. The Nextar/CMP is tailored and maintained for each client to provide visibility of overall system health, accelerate fault isolation and lower Mean-Time-To-Repair (MTTR). The platform has a dashboard interface and a business process correlation system, 24/7 remote monitoring and alarming, release upgrades, patch management, application topology, event integration, fault isolation analysis services, and help desk support.

Finding Fault
Aside from getting a visual conception of a network and its components, most administrators are looking for help in troubleshooting things that go wrong on their ever-growing, nearly bewilderingly complex networks, especially where their voice and/or video packet traffic must make a detour through the outside world.

Many enterprises are implementing proactive network support strategies. According to recent survey by the Service and Support Professionals Association (SSPA), the largest and most influential association for technology services and support professionals, 42 percent of respondents say their biggest push in 2008 will be proactive support, followed by online communities with 25 percent, knowledgebase and multi-channel service with 17 percent each.

NextNine’s Virtual Support Engineer was recently honored as a Spring 2008 “Recognized Innovator” finalist by the SSPA. NextNine’s product enables services organizations to more quickly identify the true failing component at the heart of one or a series of support incidents so a fix or workaround can be crafted. NextNine Service Automation software, thanks to its proactive, preventive abilities, enables organizations to improve the level of support they provide. The Virtual Support Engineer, a key component of the NextNine Service Automation platform, continuously monitors systems, and proactively detects problem symptoms before they cause service disruptions or downtime, thus allowing support engineers to virtually “be there” 24x7.

Clever: Power-over-Ethernet
Everything from phones to security cameras, tilt and zoom (PTZ) CCTV cameras, RFID and access control systems, WiFi Access Points (APs),WiMAX ( News - Alert) access equipment, thin clients, and even door lock controllers are increasingly becoming IP-based. To accommodate these devices, your LAN may expand into hard-to-wire areas where electrical power is not readily available, or the number of devices may simply increase to the point where there are an insufficient electrical outlets.

Fortunately an increasing number of IP devices can support Power-over-Ethernet (PoE) or “Active Ethernet,” wherein DC power is sent along with LAN signals over certain types of Ethernet cabling. This is a particularly attractive solution for Historic buildings and structures sealed because of asbestos.

In 2006, semiconductor maker Microsemi Corporation acquired PoE equipment vendor PowerDsine, which patented PoE and helped draft the 803.2af standard for the technology. Its new 7000 series of HiPoE Midspan switches delivers up to 30 watts of power, double what previous 802.3af-based systems were capable of. PowerDsine has released four models of its new midspan switches — one-, four-, 16- and 24-port versions.Microsemi ( News - Alert) Vitesse Semiconductor Corporation, a provider of advanced IC solutions for carrier and enterprise Ethernet networks, also recently announced its first joint reference design for power Gigabit Ethernet switches compatible with the new higher-power IEEE802.3at-draft3.0 Power-over-Ethernet standard.

The reference design, based on Microsemi’s PD69012 chipset and Vitesse’s VSC74xx family of Gigabit Ethernet switches, allows Ethernet OEM/ODM equipment suppliers to use the same printed circuit board to provide both 24-port PoE (Power over Ethernet) and non-PoE versions of a Gigabit Ethernet switch platform. The joint reference design supports, 30 watts per port, per IEEE802.3at-draft3.0, and is capable of driving up to 36W per port. Furthermore, Microsemi’s Dynamic Power Management technology allows customers to use small power supplies for switches that must power both high power and low power devices, a typical situation in enterprise applications involving both VoIP phones and 802.11n WLAN access points.

Microsemi’s Yuval Barnea, vice president of Systems Business, says, “Our design is a cost-effective way to upgrade a network to support Power-over-Ethernet. We can handle from one to 48 ports and up to a Gigabit per second in bandwidth. We were the first to announce pre-802.3at equipment. IT directors want to treat our devices like any other device on the network. PowerDsine came to us with their PowerView Pro, the latest generation of a secure, Web-based SNMPv3-based management application, that supports efficient monitoring and control of network devices. PowerView Pro can do remote power-off/power-on, unit scheduling, UPS power monitoring and Web-based monitoring. You can use it at home, in the office, at a remote location, or wherever you like. Of course, it’s the real-time reporting of system status and alerts to the IT manager that is particularly attractive, which is done by SNMP traps that can trigger SMS or even emails to the manager. It also enables him to enable, configure and monitor a series of our Midspans in real time using a graphical interface. It can activate or deactivate Midspan ports on a daily or weekly schedule for security purposes. It can even recycle power to remote faulty devices, such as an AP in an airport or a wide campus installation. This saves both time and costs.”

So, ironically, with all the talk about grandiose high-level enterprise management systems, ingenious low-level “nitty-gritty” items on the network such as PoE are often just as useful, particularly among small and medium-sized businesses (SMBs).

For example, SEH Technology, the printing and network computing specialist, recently introduced its PS06 Ethernet network interface card to its print server portfolio for HP output devices with EIO ports. This new PS06 Ethernet print server supports printing via either IPv4 or IPv6 in Ethernet networks (including socket, LPR, and IPP printing) and includes high level security features, such as several IEEE 802.1x standard authentication methods and print data encryption during transmission. Compared to its predecessor, SEH’s IC106-FAST (News - Alert)-HP-TX interface card, the PS06 considerably speeds up printing via HTTPs encryption. The multiprotocol print server works with all common operating systems, including Windows, Linux, UNIX,Apple ( News - Alert), and Novell. The latest ThinPrint print client provides for bandwidth-optimized network printing and ThinPrint SSL decoding. All for a mere US$209.99.

To sum up, you now view your network pretty from any perspective you desire. Indeed, there are whole families of enterprise network management products out there that can help you securely view, troubleshoot and otherwise manage the “sandbox” where your business-critical applications and data play.

Source: (This article originally appeared in the July 2008 issue of INTERNET TELEPHONY.)
By: By Richard Grigonis
Executive Editor, IP Communications Group

How To Create Instant Messaging Environment with Openfire Server?

Openfire Administration is a new book from Packt that details how to use Openfire to develop a secure instant messaging network. This book teaches users to install an efficient IM environment, and connect and integrate VoIP with users over external IM networks.

Openfire, is a free, open-source and full featured Jabber-based Instant Messaging server written in Java. This book teaches users to install and run Openfire, and configure different IM clients over Windows and Linux to allow only secured connections. Users will learn the advantages of IM over other communication modes as well as Openfire's features.

Through this book, system administrators will learn to connect with users over external IM networks, add users via a Directory Server like OpenLDAP and Active Directory, and import or export users and groups from other networks. They will also be shown how to add users from a remote network, transfer files across servers, and set up a server-to-server communication and an Openfire cluster with connection managers.

System Administrators experienced in managing servers on any operating system will find this book useful. The book is out now and is available from Packt. For more information, please visit: http://www.packtpub.com/step-by-step-guide-to-openfire-administration/book

Instant Messengers = Instant Threats?

Many vendors offering Instant Messaging (IM) services have added new features such as voice messaging and file sharing. Among other AOL, Microsoft and Yahoo offer these IM services.

Clients of Instant Messaging services are also easy prey for the community of hackers. Using a simple follow-up program, plain text of Instant Messaging can be easily captured and creates vulnerability to electronic eavesdropping. .

In one version of AOL Instant Messenger, aka AIM, a user was found to be the target of an attack by hackers. The villainous hacker had developed a URL that, when clicked by the user with AIM on their desktop, allowed the attacker to run a virus to the victim system. What is particularly alarming is that AIM does not need to be conducted this type of the virus being deployed.

Another possibility of an attack when the victim are simply sent an HTML e-mail with a link click, enter one or all of the following components: an increase of attack, a denial of service attacks, or install a backdoor for later use, to name a few.

Using a computer phone service that works on secure lines with high-end encryption codec on its own patented technology that features IM capability will optimally protect you against these vicious hacker attacks.

Monday, October 13, 2008

Instant Messaging Security. Is It Possible?

About 200 million people will use instant-messaging (IM) services this year, according to IDC, and next year over half of them will be business users. Many of them, in turn, will be in financial services, the business sector that has taken to IM more than any other.

It has enjoyed such a meteoric rise in financial services because the convenience and productivity it puts into users' hands, at very little cost, particularly appeals to bankers, traders, and insurers.

"Instant messaging is becoming a more mainstream business tool," says Andrew Brown, CTO of Global Infrastructure Services for Merrill Lynch. "IMlogic gives us enhanced capabilities regarding access control, reporting and management."

However, as corporate adoption of IM peaks this year, many commentators are becoming concerned about the need to secure the informal networks upon which IM depends, both to protect against hackers and to meet regulatory requirements.

The Big Bang in IM security threats
The warning signs are there to be read. For example, in February, Microsoft cut access to its MSN Messenger IM service to halt the exploitation of a security flaw: a vulnerability, which allowed malign attackers to take control of affected systems in all but the latest versions of the messenger clients, was posted on the Internet.

In addition, IMlogic has reported that the incidence of IM security threats increased by 50 percent in the first three months of this year; that more than one hundred of the most common IM viruses had grown by 30 percent in the same period; and that IM spam now accounts for up to seven percent of all traffic. In other words, IM malware has undergone a "big bang".

Financial sector authorities have already responded to the threat. As far back as December 2002, the Securities and Exchange Commission fined five large Wall Street firms $8.25m for failing to archive and supervise their electronic communications.

The industry itself has taken note too. The Financial Services Instant Messaging Association (FIMA) — whose members include Bank of America, Citigroup, Credit Suisse First Boston, Deutsche Bank, JP Morgan Chase, Lehman Brothers, Merrill Lynch, Prudential, and UBS Warburg — exists to pressure vendors into standardising IM platforms in order to promote compatibility and security. Furthermore, the National Association of Securities Dealers (NASD) recently told its 5,300 brokerage firm members to retain IM records for at least three years as proof against future disputes.

Handling IM security in financial organisations
On the other hand, taking responsibility for IM is not always as easy as might be thought. For example, if a firm decides simply to ban IM — in a similar manner to which some banks tried to ban email — then determined employees will readily find ways around bars on the network. Moreover, programming corporate IT systems to scramble any instant messages that are sent is tricky and time consuming, since most IM platforms are proprietary and change fast.

A ban may also not prove effective because IM penetrates the organisation under the radar: it is routinely embedded in office software, for example.

Arguably the more sensible route to take, not least because it has become part and parcel of modern business communications, is to control the use of instant messaging. IMlogic's approach is typical: its product, called IM Manager, archives every IM conversation across a network. IM Manager can track messages, reconstruct exchanges, and monitor for attacks.

In short, like email, IM has become part of the communications landscape. Financial organisations must embrace and secure it, not fear and try to dodge it.

Source: Mark Vernon, Tech Republic, Published: 12 Apr 2005

Beta Business Instant Messaging : Secure And Encrypted

Communicate more efficiently using real-time secure Business Messenger. Unlike public chat services, Business Messenger communication can be restricted to the people in your organization keeping your organization secure and private. And, all communications are SSL encrypted giving you security comparable to online banking.

Whether you are at the office or on the go, there are a variety of ways to stay connected with Business Messenger. Access Business Messenger securely from any web browser or download and install the easy-to-use Business Messenger chat client on your desktop. Need even more flexibility? Business Messenger is based on the open standard XMPP for compatibility with a wide variety of chat clients.

Features Include:

* Business class, real-time messaging
* Ability to restrict chat access to account users only for privacy and security
* SSL encrypted chat
* Customizable presence indicator
* Multi-person chat
* Secure chat rooms
* Persistent chat rooms
* Contact groups
* Contact profiles
* Web-based chat client
* Desktop chat client
* Support for XMPP compliant chat clients

Business Messenger is free during Beta. After Beta, it will be included at no additional charge for Hosted Microsoft® Exchange or Groupware Collaborative users. For all other users, it’s just $1 per month per user.

IM Service from NSIT. Chat Instantly with cIM!

NSIT offers a secure instant messaging system called cIM? All you need is a current CNetID and password. We recommend using a client called Spark, which you can download from the Connectivity Software site (http://nsit.uchicago.edu/services/connectivity/).

Like other IM clients, cIM is great for informal chatting, but it has additional benefits that also make it great for inter-departmental messaging. cIM is different from commercial instant messaging services in the following ways:

* All messages remain on campus servers so long as both parties are at the University, making your messages more secure.
* Messages sent between im.uchicago.edu users are not subject to the data mining often practiced by providers of commerical IM clients (e.g., Yahoo, Google, AIM).
* It's easy to locate someone on cIM by using their CNetID, instead of having to search for user-created screen names.

For help and information on setting up and using cIM, visit the Instant Messaging Documentation site.

Friday, October 10, 2008

Instant Messaging Threats. How To Defend Your PC?

The instant messaging world continues to evolve at an incredibly alarming rate. IM communications most changed more than in the past 10 years with the evolution of e-mail and instant messaging (IM). Once limited to desktops, instant messaging is now available via handheld devices and cell phones, allowing users to chat from virtually anywhere, even becoming a staple mode of communication in business environments.

However, its own share of security risks accompanies IM. Because IM is generally unprotected and unmonitored, it is vulnerable to attacks, and can easily expose all users in an IM contact list to the same attacks via IM sent from that machine, creating the potential for rapid proliferation. In such a scenario, it is likely that any malicious code that propagates through one of the protocols will also propagate through the other.

The most prevalent threats to IM include:

* Worms and Trojan horses

Similar to threats sent by e-mail, worms and Trojan horses via IM can compromise the integrity of IT systems. Too many IT departments focus solely on e-mail threats because they are not aware of the number of people using IM in their businesses. This is because individual users can load IM programs directly onto local computers, and IM traffic is often undetectable at the network level. According to the IMlogic Threat Center, “90% of IM-related security attacks included worm propagation; nine percent delivered viruses; one percent exploited known client vulnerabilities or exploits.” Via an IM program, it is possible for a Trojan horse to configure the client to give access to all files on a computer via peer-to-peer file sharing. Ultimately, this opens up the entire computer system to attackers.

* Password stealing and impersonation

Hackers can use Trojan horses to gain access to an IM password if it is stored on the computer. Using this method, hackers can have access to the user’s screen name and the user’s entire list of IM contacts. Impersonation is not only harmful to the victim whose password has been stolen, but to anyone who interacts with the hacker and divulges personal information or executes any files sent by the hacker under the guise of the user.

* Privacy intrusion

Outside parties can capture information to use in malicious ways, and employees may not be aware of the ramifications of their IM conversations. Businesses could be legally or financially at risk if employees send confidential information that is subsequently gathered by outside parties. Many IM programs do not offer encryption, making it easy for a third party to eavesdrop on IM conversations using different types of programs such as packet sniffers. Businesses can deal with these risks by enforcing an IM policy that restricts the type of information that can be exchanged via IM and setting up a system to encrypt IM conversations.

* SPIM

Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names.

While many of these threats have the potential to wreak havoc on any business, there are a few steps businesses can take to mitigate IM threats:

* Install IM security tools

IM security tools span a variety of functions from capturing data sent over IM, to monitoring and tracking unusual IM behavior, which may indicate misuse or virus-related security breaches. By installing IM security tools, businesses will have a more comprehensive, centralized solution to help manage IM usage within the company.

* Educate employees and create corporate policies

Employee education on any exchange service is paramount in securing the IT infrastructure, especially on IM usage, because of the potential for rapid proliferation throughout the network. Businesses should make it a priority to learn about the best safety and security practices and incorporate them into company policies. To protect businesses and employees, businesses should define appropriate uses of IM in the workplace and encourage precautionary measures such as not storing IM passwords on the computer.

* Secure IM logs

Because IM programs automatically create and store logs of all conversations on a user’s computer, hackers can obtain valuable information on a business, including specific statements made during a conversation as well as business secrets discussed via IM. One way to secure IM logs is to store them behind a corporate firewall or even delete the logs. These options are available in the preferences section of the program.

* Use vulnerability management tools for compliance

Businesses can install and use vulnerability management tools to gain an overview of IM software installed on employee machines. Using these tools, they can monitor whether employees have made any changes to their IM programs that violate business policies, and make sure that desktop firewall and antivirus programs are being used properly.

* Install desktop antivirus and firewall programs

Since spam sent over IM typically requires users to download and open an attachment. Security at the desktop and firewall level can guard against threats by blocking an attachment or cleaning an infected file. Installing desktop firewalls help protect individual machines from attacks from within an organization or through a LAN. Desktop firewalls are also good for those in a remote office or who handle sensitive data. Businesses should also install desktop antivirus programs to provide a final line of defense against viruses, worms, and Trojan horses.

* Install and update IM patches

The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. Businesses can reduce the risk of attacks to their computers via IM by installing and updating IM patches regularly.

There are many advantages to using IM in a business setting. If businesses choose to use this communication tool, they need to understand the IM security threats and how to protect their business against them. By educating employees, enforcing policies, installing protective technologies, and, where possible, encrypting IM conversations, organizations can continue to enjoy the benefits of using IM as a business tool while also managing its risks.

Source: Director Channel and Alliances, Symantec India, Ajay Verma

Thursday, October 9, 2008

Gmail And Google Talk Users Got Web Conferencing And Free Screen Sharing

Millions of Gmail and Google Talk users now have access to one click online collaboration.

8 October 2008, Future of Web Apps, London: Yuuguu today announced the seamless integration of the Google Talk Instant Messaging (IM) network into its real-time collaboration and web conferencing service. Yuuguu users can now share screens, hold web conferences and work collaboratively with anyone on the Google Talk IM network all via the Yuuguu application.

The Google Talk IM network is accessible via the downloadable Google Talk client, and the purely browser based GMail, iGoogle and Google Apps services. The move will dramatically increase Yuuguu’s reach, with Gmail alone having over 92 million users*.

Yuuguu, uniquely for a web conferencing and screen sharing service, has an integrated buddy list and chat system. Yuuguu users can now simply link to their existing Google account and any contacts they have on the Google Talk IM network will automatically appear in their Yuuguu buddy list.

With one click Yuuguu users can chat, share their screen and collaborate in real time with any friends or colleagues on the Google Talk IM network without those people needing any downloads or plug-ins. In addition Yuuguu supports group sessions of Google Talk IM contacts, so several participants can easily join the secure conference or screen share.

Yuuguu does not require participants to download software. Only the host downloads Yuuguu for free onto a PC, Mac or Linux computer. Yuuguu also includes high quality, low cost landline based voice conferencing services for one-to-many voice calls.

The new feature also supports users who access the Google Talk IM network through Google Apps, providing simple and integrated access to free web conferencing for business users.

In addition, Yuuguu has announced that it is now out of beta. The company has over 100,000 users worldwide who have been instrumental in providing feedback on the service to improve user experience and help provide a strong launchpad for its Pro and Enterprise versions in early 2009.

Users can download Yuuguu free of charge at www.yuuguu.com.

Founder and CEO of Yuuguu, Anish Kapoor said: “We have always been focused on building a service that integrates community, messaging and collaboration. By opening up our service to Google Talk IM network users, even more colleagues and friends can message and chat while they share screens for enhanced collaboration. Typical IM clients don’t allow screen sharing and have limited collaboration capabilities and typical web conferencing and screen sharing services have no presence or instant messaging capabilities. We wanted to bring these features into one application to ensure that users see, chat and control from one simple interface.”

Yuuguu will be exhibiting at Future of Web Applications, London, Web 2.0, Berlin and Defrag 2008, Denver.

About Yuuguu:

Yuuguu, named after the Japanese word for fusion, was founded by entrepreneurs Anish Kapoor and Philip Hemsted in 2007 after they became frustrated by working together remotely and not being able to see and share each other’s computer screens in real time. The company is based in Liverpool and received funding from Rising Stars and Liverpool Seed Fund among others. www.yuuguu.com

Wednesday, October 8, 2008

Communications Server environment. How to secure?

As (UC) unified communications are getting to become much more popular, it has become apparent that unified communications networks are prone to many of the same types of security threats as normal TCP/IP networks. Some of the more common threats include things like spam directed at instant messaging, man-in-the-middle attacks, denial-of-service attacks, sniffing and the list goes on.

Unfortunately, there is no way that I can possibly provide even a high-level overview of unified communications security within the confines of an article. There are simply too many aspects of the unified communications infrastructure that would need to be addressed. That being the case, I want to focus my attention on one particular component that I think deserves some of the most attention: the Office Communications Server (OCS) edge server.

The edge server allows OCS to be accessible to the outside world. The OCS edge server is placed in the network's demilitarized zone and proxies requests between the Internet and the back-end network. The reason why I want to talk about the edge server is because it is exposed to the Internet.

Install the appropriate roles

The first suggestion I would make is that you install the appropriate roles on your edge server. An edge server actually supports three different roles. You can install one, two or all three roles. Installing roles that are not needed can constitute a security risk.

The three roles are:

Access Edge: Allows external users to authenticate into the OCS deployment.

A/V Edge: Allows external users to take advantage of the network's audio and video capabilities from outside the organization.

Web Conferencing Edge: Allows external users to participate in Web conferences.

Be careful with how you enable 'federation'

In an OCS environment, federation refers to the way in which your OCS infrastructure is exposed to the outside world. When you initially configure the edge server, there is a setup wizard screen called the Enable Features on Access Edge Server screen that allows you to choose whether or not you want to allow anonymous users to join meetings, and whether or not you want to enable federation.

Although it is not exactly spelled out on this screen, there are three types of federation you can use. The first type that OCS allows is called direct federation. Direct federation is basically a trust relationship between two organizations. The organizations would have made an agreement to share presence information with each other, and to support the use of direct collaboration between the two organizations. With this type of federation, the participants use digital certificates to positively verify each other's identities.

The second type of federation that is available is something called enhanced federation. Enhanced federation (sometimes called open federation) is enabled through the Enable Features on Access Edge Server screen that I described earlier. By selecting the Allow Discovery of Federation Partners check box, you allow users to communicate with users in other organizations that also run OCS or Live Communications Server. What makes this different from direct federation is that there is not a direct trust between organizations, but rather an open trust that allows communication with any external OCS or LCS organization.

The third type of federation is called federation with public instant messaging providers. Once again, this type of federation is activated through the Enable Features on Access Edge Server screen. The screen contains check boxes administrators can use to enable federation with MSN, Yahoo and AOL instant messaging.

None of these types of federation are necessarily dangerous to use, but they do give your organization varying degrees of exposure. It is therefore important to choose the federation type that fits your plans for unified communications. Of course if you only want to use OCS as an internal communications mechanism then you don't have to enable federation at all.

In this article, I have explained that one of the most important tasks in protecting your unified communications network is controlling access to it from the outside world. This is important, because sensitive information is often passed through unified communications networks, and you do not want to accidentally expose your unified communications network to the world.

From searchcio-midmarket.com

Tuesday, October 7, 2008

Causerie Enterprise Instant Messenger: Be mobile.

(IM) Instant Messaging is one of the fastest growing branches of the Internet and is getting a popular communication choice embraced by millions of people around the world to communicate with their family, friends and business associates in an easy and powerful manner.

Causerie provides a single point contact which allows you to view all your contacts (buddies) in one place and even chat with your buddies irrespective of the network they belong to. Causerie provides a rich and powerful UI which allows you to access most of the handy features in a single tap or two. Some of the features include IM services to popular networks (SameTime, MSN, AOL, Yahoo, Jabber, ICQ and IRC), Presence & Status settings, Emoticon support, Easy Buddy lists (Add/Delete buddies) maintenance, Block/Unblock buddies, Customizable chat area, Font and Color support, Quick Text, E-mail and call tagging, Multiple login accounts.

Causerie for Consumers (CC):
CC is available in 2 editions - Standard and Deluxe. The Deluxe edition allows access to powerful buddy agents (bots) which retrieve real time information like stock, weather, news, currency, California traffic, gmail unread emails, Amazon searches, AI Chat Bot, eBay, dictionary, Fedex tracking etc. Additionally, it also facilitates multiple account logins to all popular IM networks. Real Time Alerts will also be supported in this edition.

The Standard and Deluxe editions are available for purchase from MantraGroup for US$24.95 and US$34.95 on a subscription basis for 1 year.

Causerie for Enterprise (CE):
CE is the ideal business productivity tool for corporations because it is cost effective, secure, scalable, cross-platform (communicates with SameTime, Jabber, AOL, ICQ, MSN, Yahoo and any configurable corporate IM services) and requires little IT support. Causerie offers huge benefits including improved employee communication and productivity with a variety of additional functions and personalization features, all the while reinforcing the network security standards. Causerie is a secure, reliable instant messaging system that fits the needs of businesses of all sizes. The core technology has the versatility to serve all businesses, from small companies to large corporations with workers dispersed throughout the globe. CE includes all the CC features along with Data encryption (AES / Blowfish), Message Archive support with precise timestamps and is Firewall friendly.

Causerie has been optimized for Treo600 users and supports five-way navigation/sound/vibrate/ LED options. DIA is supported on Tungsten3 and Sony devices.

Key Features:
* Login access to messengers like Yahoo/MSN/AOL/Jabber/ICQ
* Readily available roBots to get important information in a single tap (stocks, weather, traffic status, quotes, news, eBay, Google and many more)
* Customizable skins for wallpapers/sounds (using skin maker)
* Simultaneous login to six different messenger accounts and two accounts of the same IM type
* User friendly yet simple view of buddy list (Tree View)
* Multiple modes to view the buddy list (All/Online/Groups)
* Logging of conversions (Customizable Archive Log)
* Ability to run the Causerie messenger in background while using other applications
* Pre-defined message support: quick text messages
* Support for emoticons
* Auto reply messages
* Font support: support for fonts with/without Font Bucket
* Customizable chat screen display/colors
* Mail notifications/customizable alerts
* Auto updates of Causerie

About the company:
MantraGroup (http://www.mantragroup.com) is a solutions and services company focusing on development of software for the wireless PDAs and cutting edge smartphones.

Monday, October 6, 2008

AOL Instant Messenger Vulnerabilities Shows Risks of Public IM Networks.

According to Omnipod, the leading ASP instant messaging (IM) platform for enterprises, the identification of a buffer overflow flaw in AOL’s AIM service earlier this week underscores the security risks companies face from the uncontrolled or rogue use of public IM services. According to AOL, the security hole can be exploited to take control of users’ PCs. The flaw leverages a weakness in the IM client, and a lack of security controls and monitoring in the AIM service. Although AOL has been aware of the security issue since July 12, the company did not notify its 36 million users until August 9. AOL has stated it will release an update to correct the issue before the week’s end.

‘Unlike public IM networks, all executable text on our IM network is immediately stripped via our proprietary technology, so users simply aren’t at risk from this type of threat,’ said Gideon Stein, CEO of Omnipod. ‘Our POD technology takes the best aspects of public networks’presence detection and instant access’and incorporates those into a highly-secure service for real-time communications.’

Engineered to prevent the security vulnerabilities common in consumer IM platforms, Omnipod’s private IM network prevents the security problems of public IM and file sharing offerings by combining strict administrative controls with 168-bit 3DES SSL encryption, protecting POD users from hackers as well as from the common viruses and worms that routinely infect consumer IM systems.

Concludes Stein, ‘We pose this question to all companies still communicating via Yahoo, AOL or MSN: If you aren’t using Hotmail, AOL or Yahoo for enterprise email, then why rely on them for real-time messaging?’

About Omnipod
Omnipod, Inc. was founded in 1999 to provide a secure, centrally controlled communications platform built on instant messaging technology. Omnipod’s Professional Online Desktop (POD) is designed for enterprise use and seamlessly integrates file sharing and transfer capabilities, as well as numerous other secure communications functions into a presence-based messaging infrastructure. The company’s platform is presently deployed with a number of organizations and Fortune 500 companies in a cross section of industries. Omnipod’s investors include Lexington Ventures, Mapleton Investments and private individuals.

Contact: Caroline Venza, Antenna Group (for Omnipod)

IM security leak from Skype. Didn't they know?

Skype's official said that the company was unaware of a last security breach affecting Skype users in China.

In a blog published Thursday, Josh Silverman, Skype's president, explained he did not realize that TOM-Skype, Skype's partner in China, was logging and storing users' instant messages that were deemed offensive by the Chinese government.

He said the company knew that instant-messaging (IM) chats were monitored by the government, as all communications in China are. And he explained that Skype disclosed this to users in 2006, explaining that a text filter was being used to block certain words in chat messages. But he added that his understanding was that messages deemed unsuitable were "simply discarded and not displayed or transmitted anywhere."

"It was our understanding that it was not TOM's protocol to upload and store chat messages with certain keywords," he writes in the blog. "And we are now inquiring with TOM to find out why the protocol changed."

Earlier this week, Canadian researchers at the Citizen Lab at the University of Toronto published a report in which they said that "TOM-Skype was censoring and logging text chats that contain specific, sensitive keywords and may be engaged in more targeted surveillance."

The report also said the service was logging and capturing millions of records that include personal information and contact details for any text chat and voice calls placed to TOM-Skype users, including calls from Skype users. In addition, TOM was storing this information in a way that was inadequate in protecting the privacy of TOM-Skype users, the report said.

Silverman said that once Skype became aware of the problem it contacted executives at TOM, and the security issue regarding stored personal information has been resolved. But he also noted the company's concern that TOM has been storing this information.

"We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach," he said. "In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM."

Silverman pointed out in his blog that TOM, like all other ISPs in China, is required by the Chinese government to monitor all communication. And he said it is "common knowledge that censorship does exist in China." Keywords that triggered action included words related to Taiwanese independence, the banned religious group Falun Gong, and political opposition to the Chinese Communist Party.

But he tried to reassure Skype users that Skype's computer-to-computer voice calls are completely secure.

"(The security breach) does not affect communications where all parties are using standard Skype software," he said. "Skype-to-Skype communications are, and always have been, completely secure and private."

Source: http://news.cnet.com/

Secure IM messaging from Sigaba

[ Johannesburg, 3 October 2008 ] - Companies today have become increasingly reliant on digital communication channels and this trend has resulted in an emergence of complex message security solutions, says Jaap Nieboer, mailstream software solutions manager for Pitney Bowes SA.

The company has unveiled the Sigaba secure messaging solution, which it hopes will provide industries with user-friendly, flexible and secure information-sharing solutions, says Nieboer.

“Sigaba took a holistic approach to create a practical messaging security solution, recognising that the key to a scalable, extensible, expandable and consequently usable solution is to create a robust security infrastructure,” says Nieboer. “This infrastructure serves as the operating system for baseline authentication and data encryption resources.”

Sigaba's secure messaging platform, SigabaNet enables organisations to authenticate users and separately encrypt sensitive data, secure e-mail, instant messaging, document delivery and mobile device messaging.

“The Sigaba secure messaging platform is built on patented key management and authentication services, certified cryptographic libraries and an application set that comprises a broad product family. These include secure e-mail products, secure electronic statements, secure messaging products for mobile devices, secure instant messaging products and secure paging products,” he elaborates.

Sigaba also offers Secure Vault, a secure e-mail product comprising pull technology, where recipients are directed to a Web-based e-mail inbox to view their secure messages, adds Nieboer. Mail recipients receive company-branded clear-text messages in their existing inbox that contains a URL to the Sigaba Secure Vault. On successful authentication, the recipient is presented with their vault inbox for access to the secure messages.

Other secure products include SendAnywhere, which is designed to deliver secured messages to any e-mail inbox, Secure BlackBerry, a secure e-mail product for mobile devices, and Secure Vault Mobile, a secure Web mail application targeted for mobile devices when used in conjunction with Secure Vault.

“Sigaba's patented Key Server technology is the basis for this security operating system. The main differentiator of Key Server from other approaches is that it de-couples authentication and encryption. This results in an impenetrable messaging security solution, which meets today's demanding communications security requirements,” concludes Nieboer.

Source: http://www.itweb.co.za/
BY STAFF WRITER, ITWEB

Durov: The phone of the richest man in the world was hacked through WhatsApp.

The founder of "VKontakte" and Telegram Pavel Durov said that back in November 2019 he warned about the vulnerability of the Whats...