Group items tagged

"FREQUENTLY ASKED QUESTIONS What is WhiteHat Aviator? WhiteHat Aviator; is the most secure , most private Web browser available anywhere. By default, it provides an easy way to bank, shop, and use social networks while stopping viruses from infecting computers, preventing accounts from being hacked, and blocking advertisers from invisibly spying on every click. Why do I need a secure Web browser? According to CA Technologies, 84 percent of hacker attacks in 2009 took advantage of vulnerabilities in Web browsers. Similarly, Symantec found that four of the top five vulnerabilities being exploited were client-side vulnerabilities that were frequently targeted by Web-based attacks. The fact is, that when you visit any website you run the risk of having your surfing history, passwords, real name, workplace, home address, phone number, email, gender, political affiliation, sexual preferences, income bracket, education level, and medical history stolen - and your computer infected with viruses. Sadly, this happens on millions of websites every day. Before you have any chance at protecting yourself, other browsers force you to follow complicated how-to guides, modify settings that only serve advertising empires and install obscure third-party software. What makes WhiteHat Aviator so secure? WhiteHat Aviator; is built on Chromium, the same open-source foundation used by Google Chrome. Chromium has several unique, powerful security features. One is a "sandbox" that prevents websites from stealing files off your computer or infecting it with viruses. As good as Chromium is, we went much further to create the safest online experience possible. WhiteHat Aviator comes ready-to-go with hardened security and privacy settings, giving hackers less to work with. And our browser downloads to you - without any hidden user-tracking functionality. Our default search engine is DuckDuckGo - not Google, which logs your activity. For good measure, Aviator integrates Disconnect

The Future of the Open Web You're right that the browser wars do not matter - except for this point of demarcation; browsers that support HTML+ and browser that support 1998 HTML. extensive comment by ~ge~ Not all Web services and applications support HTML+, the rapidly advancing set of technologies that includes HTML5, CSS3, SVG/Canvas, and JavaScript (including the libraries and JSON). Microsoft has chosen to draw the Open Web line at what amounts to 1998-2001 level of HTML/CSS. Above that line, they provision a rich-client / rich-server Web model bound to the .NET-WPF platform where C#, Silverlight, and XAML are very prominent. Noticeably, Open Web standards are for the most part replaced at this richer MSWeb level by proprietary technologies. Through limited support for HTML/CSS, IE8 itself acts to dumb down the Open Web. The effect of this is that business systems and day-to-day workflow processes bound to the ubiquitous and very "rich" MSOffice Productivity Environment have little choice when it comes to transitioning to the Web but to stay on the Microsoft 2010 treadmill. Sure, at some point legacy business processes and systems will be rewritten to the Web. The question is, will it be the Open Web or the MS-Web? The Open Web standards are the dividing line between owning your information and content, or, having that content bound to a Web platform comprised of proprietary Microsoft services, systems and applications. Web designers and developers are still caught up in the browser wars. They worry incessantly as to how to dumb down Web content and services to meet the limited functionality of IE. This sucks. So everyone continues to watch "the browser wars" stats. What they are really watching for though is that magic moment where "combined" HTML+ browser uptake in marketshare signals that they can start to implement highly graphical and collaboratively interactive HTML+ specific content. Meanwhile, the greater Web is a

HTTPS connections don't work for you if you don't use them. If you're not using HTTPS Everywhere in your browser, you should be; it's your privacy that is at stake. And every encrypted communication you make adds to the backlog of encrypted data that NSA and other internet voyeurs must process as encrypted traffic; because cracking encrypted messages is computer resource intensive, the voyeurs do not have the resources to crack more than a tiny fraction. HTTPS is a free extension for Firefox, Chrome, and Opera. You can get it here. https://www.eff.org/HTTPS-everywhere

Google releases JavaScript alternative Web application programming language.  Release includes Cloud SQL, a cloud computing database to write Web apps against - using either JavaScript or DART. excerpt: Google on Monday introduced a preview version of Dart, its new programming language for Web applications. The introduction was widely expected, not only because the announcement was listed on the GOTO developer conference schedule, but because a Google engineer described the language and its reason for being in a message sent to a developer mailing list late last year. "The goal of the Dash [Dart's former name] effort is ultimately to replace JavaScript as the lingua franca of Web development on the open Web platform," said Google engineer Mark S. Miller in his post last year. More Insights White Papers The Dodd-Frank Act: Impact on Derivatives Technology Infrastructure Simple is Better: Overcoming the complexity that robs financial data of its potential Analytics Mobility's Next Challenge: 8 Steps to a Secure Environment SaaS 2011: Adoption Soars, Yet Deployment Concerns Linger Webcasts Effective IT Inventory and Asset Management: From Quagmire to Quick Fix Outsourcing Security: What Every Potential Cloud Security Customer Should Know Videos In an interview at Interop New York, Cisco's Justin Griffin shows how their wireless products can physically map radio sources by analyzing the spectrum. This allows you to detect rogue devices and sources of interference. Lars Bak, a Google engineer who helped develop Chrome's V8 JavaScript engine and one of the creators of Dart, said in a phone interview that Google works regularly on large Web applications and that the company's engineers feel they need a new programming language to describe large, complex Web applications.

"At its Ideas Summit in New York, Google has announced that it is working on developing a browser extension that will act as an easy-to-use way to bypass country-specific Internet censorship and make connections safer and more private. Safer connections The tool, which was developed by the University of Washington and seeded by Google, is at its core a peer-to-peer personalized virtual private network (VPN) that redirects Internet traffic coming from an initial, less secure connection through a second, trusted connection, and then encrypts the pathway between the two terminals. Whenever you access the Internet, the connection is routed through a number of terminals. At each step of the way the connection may be blocked, surveilled, or even tampered with (especially if the data is not encrypted). On the whole, the safety and privacy of your data is only as good as the weakest link in the chain. Google's solution with uProxy was to develop a tool that makes it much easier to make an unsafe connection more secure, with the help of a trusted friend. The software, which will be available as a Chrome and Firefox extension to begin with, can use existing social networks like Facebook or Google Hangouts to help find users who already have uProxy installed on their system. If two users agree to use the service in tandem, the software can begin to make data connections safer. How it works Let's assume that Alice, who lives in a country with an Internet censorship problem such as China or Iran, contacts Bob, who has much safer, or uncensored, or unmonitored access to the Internet. Bob agrees to act as a proxy for Alice, and as long as his browser is open, Alice's outgoing web traffic will now be routed through Bob's connection, and so she'll now be able to access websites that she wouldn't otherwise be able to reach on her own. The connection between Alice and Bob is also encrypted. To an external observer looking at Bob's connection, it would appear that he is simply s

Neil McAllister provides an in-depth no-holds-barred comparison of Google, Zoho and Micorsoft Web Office Productivity Apps.  It's not pretty, but spot on honest.  Some of the short comings are that Neil overly focuses on document fidelity, but is comparatively light on the productivity environment/platform problems of embedded business logic.  These document aspects are represented by internal application and platform specific components such as OLE, scripting, macros, formulas, security settings, data bindings, media/graphics, applications specific settings, workflow logic, and other ecosystem entanglements so common to MSOffice compound "in-process" business documents.   Sadly, Neil also misses the larger issue that Microsoft is moving the legacy MSOffice Productivity Environment to a MS-Web center.   excerpt:  A spreadsheet in your browser? A word processor on the Web? These days, SaaS (software as a service) is all the rage, and the success of Web-based upstarts like Salesforce.com has sent vendors searching for ever more categories of software to bring online. If you believe Google, virtually all software will be Web-based soon -- and as if to prove it, Google now offers a complete suite of office productivity applications that run in your browser. Google isn't the only one. A number of competitors are readying Web-based office suites of their own -- most prominently Zoho, but even Microsoft is getting in on the act. In addition to the typical features of desktop productivity suites, each offering promises greater integration with the Web, including collaboration and publishing features not available with traditional apps.

A new resource site for whistle-blowers. somewhat in the tradition of Wikileaks, but designed for encrypted communications between whistleblowers and journalists.  This one has an impressive board of advisors that includes several names I know and tend to trust, among them former whistle-blowers Daniel Ellsberg, Ray McGovern, Thomas Drake, William Binney, and Ann Wright. Leaked records can only be dropped from a web browser running the Tor anonymizer software and uses the SecureDrop system originally developed by Aaron Schwartz. They strongly recommend using the Tails secure operating system that can be installed to a thumb drive and leaves no tracks on the host machine. https://tails.boum.org/index.en.html Curious, I downloaded Tails and installed it to a virtual machine. It's a heavily customized version of Debian. It has a very nice Gnome desktop and blocks any attempt to connect to an external network by means other than installed software that demands encrypted communications. For example, web sites can only be viewed via the Tor anonymizing proxy network. It does take longer for web pages to load because they are moving over a chain of proxies, but even so it's faster than pages loaded in the dial-up modem days, even for web pages that are loaded with graphics, javascript, and other cruft. E.g., about 2 seconds for New York Times pages. All cookies are treated by default as session cookies so disappear when you close the page or the browser. I love my Linux Mint desktop, but I am thinking hard about switching that box to Tails. I've been looking for methods to send a lot more encrypted stuff down the pipe for NSA to store. Tails looks to make that not only easy, but unavoidable. From what I've gathered so far, if you want to install more software on Tails, it takes about an hour to create a customized version and then update your Tails installation from a new ISO file. Tails has a wonderful odor of having been designed for secure computing. Current

They're already so swamped that you have to reserve your user name and wait for an invite. They say they have to add servers. Web site is at https://protonmail.ch/ "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones. It's as simple as visiting our site and logging in. There are no plugins or apps to install - simply use your favorite web browser." "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones.

Web applications play a critical role in half of all breaches that happen around the world. With all this going around for a while now, a meager of 10% of companies secure all their critical applications and have the applications reviewed on security stance before and during production. #web #Application #Security

Another HTML5 Application Platform for Cloud Computing.  Provides secure data connections to existing business systems and workflows.  Not an Open Web Platform. summary: Mobile Helix is an enterprise application and data security platform provider focused on enabling unrestricted enterprise productivity. We are redefining endpoint computing by evolving and extending existing IT infrastructure and standards rather than reinventing them. At our core are three fundamental principles that are at the center of everything that we do: 1) we are application- and data-centric - we embrace the blurring lines between phones, tablets and laptops, permitting IT to relinquish control of the endpoint device entirely and embrace a bring-your-own-anything policy; 2) we provide unmatched yet unobtrusive security for sensitive corporate data by intelligently securing the data rather than the devices; and 3) simplicity is embedded into the DNA of our products, our designs and our communications. Our solution, Mobile Helix Link, is the industry's first pure HTML5 platform that combines unparalleled data security, a unique HTML5 application development and delivery platform, and breakthrough patent-pending performance enhancement technology. 

Oliver has a short post concerning Google Wave and the new world the Wave will have wrought. Once section in particular caught my eye:
Two behemoths going after each others markets
..."Google apps, while a very popular tool for students, has never caught on in the enterprise due to security concerns, with a few exceptions - Microsoft Office is the default in cubicle land. Google search meanwhile is currently the global market leader, and is a popular enterprise solution in the form of internal appliances behind the firewall, while Microsoft's search and associated electronically stored information taxonomy and tagging has been famously weak."
"While these two giants slug it out for the others coveted market the playing field may well change significantly as the third big internet revolution unfolds. We've gone from Web 1.0, the read only static html website world to Web 2.0, the read-write, 'user generated content' web. The explosion in interconnectedness is at the expense of information fragmentation: the third web generation (Web 3.0?) is all about the meaning and context of data and information.
"Behaviorally suggested content; the personalized experience of a web that seems to know you and anticipates what you want is just around the corner...."

Web application development is a long process as it involves creating a user-friendly app from scratch and one that is capable of simultaneously maintaining high performance and web security. For all developers, web application security is one area that functions partially beyond the creator's control as it is just not possible to even guess who is on the other end of the HTTP connection.

The Verint company has very close ties to the Iraeli government. Its former parent company Comverse, was heavily subsidized by Israel and the bulk of its manufacturing and code development was done in Israel. See https://en.wikipedia.org/wiki/Comverse_Technology "In December 2001, a Fox News report raised the concern that wiretapping equipment provided by Comverse Infosys to the U.S. government for electronic eavesdropping may have been vulnerable, as these systems allegedly had a back door through which the wiretaps could be intercepted by unauthorized parties.[55] Fox News reporter Carl Cameron said there was no reason to believe the Israeli government was implicated, but that "a classified top-secret investigation is underway".[55] A March 2002 story by Le Monde recapped the Fox report and concluded: "Comverse is suspected of having introduced into its systems of the 'catch gates' in order to 'intercept, record and store' these wire-taps. This hardware would render the 'listener' himself 'listened to'."[56] Fox News did not pursue the allegations, and in the years since, there have been no legal or commercial actions of any type taken against Comverse by the FBI or any other branch of the US Government related to data access and security issues. While no real evidence has been presented against Comverse or Verint, the allegations have become a favorite topic of conspiracy theorists.[57] By 2005, the company had $959 million in sales and employed over 5,000 people, of whom about half were located in Israel.[16]" Verint is also the company that got the Dept. of Homeland Security contract to provide and install an electronic and video surveillance system across the entire U.S. border with Mexico.  One need not be much of a conspiracy theorist to have concerns about Verint's likely interactions and data sharing with the NSA and its Israeli equivalent, Unit 8200. 

Apple desktop and iPhone support of Microsoft Exchange is not support for Microsoft, as some think.  It's actually a strategy to erode Microsoft's desktop monopoly.  It's also part of a longer term plan to thwart Microsoft's hopes of leveraging their desktop monopoly into a Web Server monopoly. Excerpt: Apple is reducing its dependance upon Microsoft's client software, weakening Microsoft's ability to hold back and dumb down its Mac offerings at Apple's expense. More importantly, Apple is providing its users with additional options that benefit both Mac users and the open source community. In the software business, Microsoft has long known the importance of owning the client end. It worked hard to displace Netscape's web browser in the late 90s, not because there was any money to be made in giving away browser clients, but because it knew that whoever controlled the client could set up proprietary demands for a specific web server. That's what Netscape had worked to do as it gave away its web browser in hopes that it could make money selling Netscape web servers; Microsoft first took control of the client with Internet Explorer and then began tying its IE client to its own IIS on the server side with features that gave companies reasons to buy all of their server software from Microsoft. As Apple takes over the client end of Exchange, it similarly gains market leverage. First and foremost, the move allows Apple to improve the Exchange experience of Mac users so that business users have no reason not to buy Macs. Secondly, it gives Apple a client audience to market its own server solutions, including MobileMe to individual users and Snow Leopard Server to organizations. In concert with providing Exchange Server support, Apple is also delivering integrated support for its own Exchange alternatives in both MobileMe and with Snow Leopard Server's improved Dovecot email services, Address Book Server, iCal Server, the new Mobile Access secure gateway, and its include

The EU's cyber security agency ENISA (www.enisa.europa.eu) announced this week it has released a new report on governmental cloud computing. The report, which can be downloaded now on the ENISA website, is targeted at senior managers of public bodies who have to make a security and resilience decision about migrating to the cloud, if at all. The main goal of the report is to support governmental bodies in taking informed risk based decisions relating to the security of data, resilience of service and legal compliance on moving to the cloud. ENISA concludes that private and community clouds appear to be the solutions that offer the best solution to meet the needs of public administrations if they need to achieve the highest level of data governance.The report makes several recommendations to governments and public bodies, including national governments and the EU institutions should investigate the concept of an EU governmental cloud.The report also argues that cloud computing will soon serve a significant portion of EU citizens, SMEs and public administrations, and therefore national governments should prepare a cloud computing strategy and study the role that cloud computing will play for critical information infrastructure protection.Finally, the report states that a national cloud computing strategy should address the effects of national/supra-national interoperability and interdependencies, cascading failures, and include cloud providers into the reporting schemes of articles 4 and 13 of the new Telecom Framework Directive. Download report:  http://www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds/

50GB free.  $9.95 /mo for $500GB + 1TB bandwidth.  WOW!! Full encryption with private key exchange using secure messaging.  Awesome Cloud Drive service, excerpt: "Right now, Mega is still a barebones file sharing service, but the company has massive plans for the future. Snooping around on their site reveals their plans for going much further than just file sharing. A post on their blog - dated January 18th - details the features that were cut from launch but will be added soon. There are also apps for mobile platforms already underway, with the company planning to support all major platforms in the near future and allow uploading from them. The blog details a secure email component (probably the part we can't get working) that will be added, secure instant messaging and the ability for non-Mega users to send large files to those with a Mega account (for example, for printing files at a print shop). It doesn't stop there, though, the company also says they're planning on-site word processing, calendar and spreadsheet applications (watch out, Google Docs!) as well as a Dropbox-esque client for Windows, Linux and Mac. They also say that there are plans in the works for allowing users to run Mega as an appliance on their own machine, though there aren't many details on that in the post. In another place on the site, Mega promises that in the near future they will be offering secure video calling and traditional calling as well. Talk about trying to take over the world."