Archive for the ‘Reviews’ Category

Writely: A great product with questionable security

Friday, March 17th, 2006

For those of you not familiar with Writely, it’s an online beta word processing service that provides the following services:

  1. Create documents online
  2. Upload documents from Word
  3. Publish to the web
  4. Post to your blog
  5. Participate in online collaboration with people you specify

Yes, it’s a great product with fantastic potential.  And now that Google has purchased the company, Upstartle, things could get very interesting.  There is just one catch; there are no safeguards to protect the content of documents during editing or viewing.

On February 27, 2006, in the Writely blog, Jen, an employee of Upstartle, responded to a thread in which users questioned why SSL protection was not provided. 

 [QUOTE=Jen]OK, now I have to reply ;-}

We don’t have SSL definitively planned as part of a premium service, although that’s certainly possible. SSL will definitely slow the service down, which is why we would likely not make it the default in the basic service. Yes, I know this response is vague, but it’s only because our plans are not final![/QUOTE]

As I posted to the Writely blog, it’s irresponsible for an organization to provide a tool like this without any apparent regard for safeguarding the activities of its users.  I hope that Google takes a different approach with this innovative and, in my opinion, much needed service.

 Author:  Tom Olzak
 

Listen to our Podcasts –> add to my PodNova

Free security training available at http://adventuresinsecurity.com/SCourses

 

Review our Podcast

Sunday, March 5th, 2006

In the past several weeks, we changed our format.  We’d like your opinion.  Please let us know if you like the new format or if a single host is better.  Also, let us know how we can improve.

You can either leave a blog comment or sent an email to tom.olzak@erudiosecurity.com.

Thanks for your support.

Podcasts –> add to my PodNova

 

Review: Surf Control ETS (Enterprise Threat Shield)

Wednesday, February 22nd, 2006

From a security and a general IT perspective there is a not so new and growing threat, unauthorized software. Call it what you like, spyware, adware, malware. The simple fact remains that if it is unsupported and was not installed by the IT staff, it could potentially wreak havoc on your environment. I’m going to give you a quick review of a software solution by SurfControl, who is also known for their solid web filtering solution. Let’s move on to see why Threat shield can help save you from the malware, but can also help save you from your users as well.
(more…)

Goodmail Systems CertifiedEmail: What is it, and why all the fuss?

Tuesday, February 14th, 2006

Last month, AOL announced it was beginning to use a certified email system designed by Goodmail Systems.  Basically, the Goodmail solution attaches an encrypted token to business/marketing email from certified businesses.  When AOL sees the token, and validates it, the email is treated as a non-spam message.  The catch for the sender is a small fee per message.  The impact on AOL email users is an increase in email with no other purpose than the delivery of unsolicited marketing material.

In this article, I’ll explore how Goodmail’s CertifiedEmail works, what the implementation of this solution means to business, and what users of AOL email services can expect.

(more…)

Desktop Security Service – Windows OneCare

Friday, February 3rd, 2006

In the spring of 2005, OneCare was released with much fanfare.  It’s Microsoft’s venture into the world of desktop security.  But it comes with a twist.  Microsoft’s solution is a software-as-a-service offering.  This means that you will probably pay a monthly fee for the rights to run the combined anti-virus, backup, cleanup, and update services.  I say probably because OneCare is still in Beta.

(more…)

Sample Chapter from “Just Enough Security”

Monday, January 23rd, 2006

The attached PDF is a draft copy of Chapter 4 from my upcoming book, “Just Enough Security.”  The book will be published in late April. 

This chapter describes the Just Enough Security (JES) model.  It’s fundamentally a layered approach to applying security safeguards.

JES_Chapter4_Draft_2006.pdf

Yahoo’s new Answers Service

Sunday, January 22nd, 2006

I was pretty excited this week with I discovered Answers.Yahoo.com.  It has all the elements necessary to provide a forum for the free exchange of knowledge on a variety of topics, including security.  It allows participants to post questions, which are then answered by the other members of the service.  After several days, the question posted is closed for answers as members vote on the best answer. Points are given for posting a question, posting an answer, having your answer selected as the best answer for a specific question, etc.  Like I said, I was pretty excited when I first visited this site.  But my excitement quickly turned to disappointment.

Like all forums, the Yahoo Answer service suffers from user ignorance.  Many answers posted are just plain stupid.  Those are pretty obvious.  So they cause no harm.  However, there are answers selected as “best answers” that are wrong.  Of course you can post comments about the wrong answer, but the participants don’t seem to care.  The best answer, even if wrong, continues to rack up votes while the person requesting the information goes merrily on his or her way with an erroneous factoid lodged securely in the brain.

 I decided to pass on this service.  I have many other worthwhile activities to pursue.  Someday, however, I hope to find a forum where knowledge and attention to accuracy actually has some meaning.