BlackBerry messaging service rolls out to Android and iPhone this weekend

Amid rumors of layoffs and a possible sale of the company, BlackBerry today announced some good news: its growing BBM instant messaging service will be available for Android and iPhone devices in the next several days.

BBM is one of the high points of the failing BlackBerry legacy business, with recent growth in BBM users mainly in Europe and Asia. Until now, BBM has only been available for BlackBerry devices.

[ Get expert advice about planning and implementing your BYOD strategy with InfoWorld's 29-page "Mobile and BYOD Deep Dive" PDF special report. | Keep up on key mobile developments and insights with the Mobilize newsletter. ]

BBM has 60 million monthly active customers who send and receive more than 10 billion messages a day, BlackBerry said. Messages are quickly read in seconds, which BlackBerry said is an indication of how engaged BBM users are.

BBM will be a free download in the Google Play store for Android on Saturday and in the Apple App Store for iPhone on Sunday, BlackBerry said.

"With more than a billion Android, iOS and BlackBerry smartphones in the market, and no dominant mobile messaging platform, this is absolutely the right time to bring BBM to Android and iPhone customers," Andrew Bocking, executive vice president for BBM at BlackBerry, said in a statement.

In addition to BBM text chat, users can share files such as photos and voice notes. BBM lets a user know that a message has been delivered and read and shows when a friend is responding.

Up to 30 friends can join in group chats and share photos and schedules. A function called Broadcast Message allows users to send out a message to all their BBM contacts at the same time.

BBM relies on a unique PIN to authorize a user, which BlackBerry maintains is more secure than giving out a phone number or email address to a new contact.

The Android download will be available at 7 a.m. ET on Sept. 21 for Android 4 and later. For iPhones running iOS 6 and iOS 7, BBM will be available in the App Store at 12:01 a.m. local time on Sept. 22.

Later in 2013, BlackBerry is expected to unveil BBM Channels to allow for conversations between users and communities. The conversations can be organized around common interests, brands, celebrities and more. BBM video and BBM voice calling are also planned for Android and iPhone in a future version, but BlackBerry didn't disclose when.

BBM isn't yet available for Windows Phone smartphones, and BlackBerry didn't indicate when, or whether, that would occur. Windows Phone recently overtook BlackBerry as the third-largest smartphone brand shipping globally.

Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed. His email address is mhamblen@computerworld.com.

See more by Matt Hamblen on Computerworld.com.

Read more about mobile apps in Computerworld's Mobile Apps Topic Center.

View the original article here

'Hash Hunters' Web service cracks password hashes for bitcoins

A search for “Hash Hunters” turns up marijuana-themed t-shirts for sale. It also brings up a password-cracking outsourcing service, payable in bitcoin.

Fearing data breaches, Web services often store hashes of passwords, or cryptographic representations of the passwords, which have been processed by an algorithm.

In the hands of a hacker, the hashes are useless unless they can be converted back to the original password. That’s where Hash Hunters comes in.

Hash Hunters lets users post their hashes and offer a reward for a person who can convert it. It’s not the first kind of website that takes such outsourced jobs, but it’s possibly one of the few using only bitcoin, the pseudonymous virtual currency, as its only payment method.

The service will likely only attract a criminal crowd, said Jeremi Gosney, CEO of the Stricture Consulting Group, which specializes in password-related security products and services. He said most professional security professionals who probe networks and systems for weaknesses aren’t allowed to use such Web-based services.

“We considered doing a similar service (involving Bitcoin as well), but had a hard time coming up with a legitimate use case,” Gosney said via email. “So that’s why we abandoned plans for that. We still do paid password recovery, but we do it as a professional service.”

Hash Hunters is a bit rough around the edges, Gosney wrote. It doesn’t use “https,” which is a standard security technology that encrypts communication between a client and a server.

Gosney, who created an account on Hash Hunters, said it doesn’t seem to have a reliable way for contract password crackers to communicate with their clients, the site crashes occasionally and it doesn’t appear that cracked passwords can be uploaded.

The domain, hashunters.net, was created on June 25, according to the Whois database, which provides domain name registration information. A Facebook page for the site appears to have been created on Aug. 29.

Efforts to reach the domain name’s owner were unsuccessful, although it appears from the Whois record to be related to a search-engine optimization company based in Germany called Seotecs UG.

Quite a few hashes have been submitted, which are labeled by the type of algorithm which generated them: MD5, SHA1, SHA224, SHA384. The highest reward posted on Hash Hunters is 1.585 Bitcoins for an MD5 hash, which would be about $209 according to the market price on the Mt. Gox Bitcoin exchange on Thursday.

Large data breaches over the years have yielded millions of hashes, many of which have been converted to their original password for research projects looking at password security. Consulting those lists is often the first step for someone trying to crack one.

If there are no matches, decoding tools and powerful graphics processors can be used to try and covert it. Typically, the longer and more complicated the password is, the harder is it to crack. Brute-force attempts create different word, number and symbol combinations in hopes of generating a matching hash. But that can take a long, long time.

Kevin Young, an adjunct professor of information security at Utah Valley University who studies passwords, said via email that there are people on IRC instant messaging channels that will crack passwords for free.

“It’s a challenge, the thrill of the hunt,” Young wrote.

The utility of Hash Hunters depends on how desperate you are to crack a password, he said. “If you’re looking for the password to your girlfriend’s laptop and wanna snoop around, it probably isn’t worth it. If a disgruntled employee quit and changed the password on your network infrastructure, it would be worth every penny.”

View the original article here

AT&T’s contract-free Aio service going nationwide in mid-September

Sorry, I could not read the content fromt this page.

View the original article here

Cybercrime service automates creation of fake ID verification documents

A new Web-based service for cybercriminals automates the creation of fake scanned documents that can help fraudsters bypass the identity-verification processes used by some banks, e-commerce businesses, and other online services providers, according to researchers from Russian cybercrime investigations firm Group-IB.

The service can generate scanned copies of passports, ID cards, and driver’s licenses from different countries for identities supplied by the service users, fake scanned utility bills from various companies, as well as fake scanned copies of banking statements and credit cards (as shown above) issued by a large number of banks, said Andrey Komarov, head of international projects at Group-IB, via email.

Group-IBAAn example of fake U.S. passport scan from online cybercrime service

It is common practice for banks, payment and money transfer providers, online gambling sites, and other types of businesses that engage in money transactions via the Internet to ask their customers for scanned copies of documents in order to prove their identities or verify their physical addresses, especially when their anti-fraud departments detect suspicious account activity.

Using image manipulation software to change the photo, name and other details on a scanned ID is obviously not a new practice, but services like the one identified by Group-IB that automate the whole process and produce high-quality results are new on the cybercriminal market, Komarov said.

According to Group-IB, the service is provided through a website hosted on a server in Germany. The domain name was registered in May, but the service was launched in mid-August, Komarov said.

Independent cybercrime researcher Dancho Danchev described a very similar service in a July blog post; however, Komarov could not confirm whether it is the same one because there was no reference to the service’s domain name in Danchev’s report.

The service found by Group-IB has templates for passports, ID cards and driver’s licences for the U.S., Canada, Russia, the U.K., Germany, the Netherlands and other European Union countries. It also has templates for bank statements, credit cards—front and back—and utility bills from banks and utility companies operating in those countries.

The templates are for documents and cards that show signs of use and are scanned at different angles and different positions on the canvas. This makes the resulting image appear more authentic.

Group-IBPrices for fake document scans on cybercrime service Using the service, a cybercriminal can get their desired counterfeit scanned document in JPG or PNG image format in around 40 seconds, Komarov said.

Scans of U.S. passports are the most expensive product and cost $11 each. Other scanned documents are priced at $7.99 or $9.99 each.

Cybercriminals can pay using several online payment services and virtual currencies including WebMoney, Perfect Money, Bitcoin, Paymer and a new payment service called papogo.com that caters to the black market, Komarov said.

Some companies that use scanned documents for identity verification have specialized systems and tools that can detect image modifications, Kamarov said. When there is suspicion about the authenticity of a scan, the anti-fraud teams will request images with better quality to verify that they are really created by the user, he said.

However, sometimes companies don’t have the resources to perform detailed checks of incoming scans and criminals are exploiting this, Komarov said.

View the original article here

Upcoming Salesforce.com CRM release focuses on Chatter, customer service

Salesforce.com's next CRM (customer relationship management) software release will contain a slew of new features, with many focused on the Chatter collaboration and messaging tool as well as customer service, according to a set of official release notes.

Many new features associated with Chatter concern usability and access to the system. For example, now iOS device users will be able to launch Chatter Mobile from their Salesforce.com email.

[ Also on InfoWorld: Salesforce.com adds premium 'Performance Edition' bundle. | For a quick, smart take on the news you'll be talking about, check out InfoWorld Tech Brief -- subscribe today. ]

This is an important update "as most folks are still email-dependent," said analyst Ray Wang , CEO of Constellation Research.

Another major new feature, albeit available only as a pilot, is called Salesforce Files. It allows users to "securely sync files between Chatter and your desktop and some mobile devices," according to the notes. "This is the competitor to Box," and something customers should look at, Wang said.

For core sales automation, the upcoming release introduces Console for Sales.

This gives users "easy access to sales intelligence and helps you quickly contact leads, assess companies, and identify key contacts -- all in a dashboard-like interface that means more access to contextual data with fewer clicks and less scrolling," according to the notes.

Salesforce.com has also deepened the integration between its application and Microsoft Outlook.

Known as Winter '14, the new release also features improvements to Salesforce.com Communities, including the ability to assign a moderator to groups; and a series of usability updates within the Service Cloud product family, which includes Chatter Answers, Salesforce.com's knowledge base platform and Live Agent, among others.

Meanwhile, Winter '14's new feature lineup for analytics and mobile is less impressive, in Wang's view.

"Next to the mobile apps, analytics still is the weakest part of Salesforce.com," Wang said. "To be clear, it's better reporting and dashboards, not really analytics, as there are no predictive models, or algorithms applied here. This area will require the most attention in the long run but for now, reporting and KPIs are fairly decent."

Many of the new features in Winter '14 came from users' suggestions submitted through Salesforce.com's IdeaExchange, which is admirable on the company's part, Wang said.

As of November, Salesforce.com will no longer offer new customers the ability to purchase Unlimited Edition subscriptions, although it will support existing ones, according to the notes. Instead, the top-tier offering will be the recently announced Performance Edition, which costs more money but includes additional features.

It wasn't immediately clear Monday when the Winter '14 update will go live, although customers with Salesforce.com sandbox accounts can take part in a preview period that begins Sept. 6.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com

View the original article here

Upcoming Salesforce.com release focuses on Chatter, service

Salesforce.com’s next CRM (customer relationship management) software release will contain a slew of new features, with many focused on the Chatter collaboration and messaging tool as well as customer service, according to a set of official release notes.

Many new features associated with Chatter concern usability and access to the system. For example, now iOS device users will be able to launch Chatter Mobile from their Salesforce.com email.

This is an important update “as most folks are still email-dependent,” said analyst Ray Wang , CEO of Constellation Research.

Another major new feature, albeit available only as a pilot, is called Salesforce Files. It allows users to “securely sync files between Chatter and your desktop and some mobile devices,” according to the notes. “This is the competitor to Box,” and something customers should look at, Wang said.

For core sales automation, the upcoming release introduces Console for Sales.

This gives users “easy access to sales intelligence and helps you quickly contact leads, assess companies, and identify key contacts—all in a dashboard-like interface that means more access to contextual data with fewer clicks and less scrolling,” according to the notes.

Salesforce.com has also deepened the integration between its application and Microsoft Outlook.

Known as Winter ’14, the new release also features improvements to Salesforce.com Communities, including the ability to assign a moderator to groups; and a series of usability updates within the Service Cloud product family, which includes Chatter Answers, Salesforce.com’s knowledge base platform and Live Agent, among others.

Meanwhile, Winter ’14’s new feature lineup for analytics and mobile is less impressive, in Wang’s view.

“Next to the mobile apps, analytics still is the weakest part of Salesforce.com,” Wang said. “To be clear, it’s better reporting and dashboards, not really analytics, as there are no predictive models, or algorithms applied here. This area will require the most attention in the long run but for now, reporting and KPIs are fairly decent.”

Many of the new features in Winter ’14 came from users’ suggestions submitted through Salesforce.com’s IdeaExchange, which is admirable on the company’s part, Wang said.

As of November, Salesforce.com will no longer offer new customers the ability to purchase Unlimited Edition subscriptions, although it will support existing ones, according to the notes. Instead, the top-tier offering will be the recently announced Performance Edition, which costs more money but includes additional features.

It wasn’t immediately clear Monday when the Winter ’14 update will go live, although customers with Salesforce.com sandbox accounts can take part in a preview period that begins Sept. 6.

Chris Kanaracus covers enterprise software and general technology breaking news for the IDG News Service.
More by Chris Kanaracus

View the original article here

Amazon's cloud service problems wobble Airbnb, Vine

Sorry, I could not read the content fromt this page.

View the original article here

HP introduces SAP HANA based cloud service

Sorry, I could not read the content fromt this page.

View the original article here

US Postal Service explores entering the cloud business

Can the U.S. Postal Service (USPS) find a new future running a cloud-based authentication service for the government? The USPS intends to try and do just that under a three-year $15.12 million contract awarded to SecureKey Technologies last week for some foundation technology to build a cloud-based authentication exchange.

While in the early stages, the USPS-managed Federal Cloud Credential Exchange (FCCX), as it's being called, is envisioned as a way that people can use their existing online credentials to gain access to U.S. government agency online services in the future.

What third-party credentials would be used as part of FCCX is not yet decided, but ideas in play include credentials that users already have with the likes of Google and PayPal, for example, says Andre Boysen, executive vice president for marketing at SecureKey. It's anticipated these credentials would be of various strengths and types, from simple names and passwords to the government-designed Personal Identity Verification cards.

The request for proposals for the FCCX contract was originally put out for bid last January and the award to Toronto-based SecureKey means that the USPS will be proceeding with its plans to try and operate a cloud-based authentication exchange for the government.USPS spokesperson Darleen Reid-DeMeo said USPS is "implementing a pilot software solution to enable the public to use commercially issued digital credentials to access government services online with greater security, privacy and efficiency."

Many details, however, need to be ironed out as what would be the nation's first-of-its-kind authentication service to federal government in the U.S.  

"Participants have not been finalized at this time," Reid-DeMeo says. "However, some of the agencies that have been assisting in developing the requirements for the pilot are the Veterans Administration, the Department of Education, the Social Security Administration and the Internal Revenue Service." It's anticipated that the FCCX pilot project would begin this fall.

The USPS pilot project for a cloud-based exchange is one of several experimental approaches to online access to government services envisioned under the Obama Administration's  National Strategies for Trusted Identities in Cyberspace (NSTIC) program.

The NSTIC program seeks to find new ways to reduce password use online for security reasons or to facilitate novel ways to facilitate government services in the future. Reid-DeMeo says the FCCX pilot project is being led by the White House Office of the Federal Chief Information Officer.

The FCCX project basically involves the USPS setting up a kind of credential-brokerage service using SecureKey's federated authentication platform. It's hoped that FCCX will work behind the scenes so when users go to a government agency's online service, they can enter a credential they already have that was not necessarily issued by the government to get access rather than having to go ask for a credential from the agency itself.

This all suggests a close level of trust and cooperation between all the participants involved, including the government agency, the USPS, and any third-party credential provider. While this kind of authentication brokering hasn't been done yet in the U.S. for government, something similar has been shown to work in Canada.

A cloud-based authentication brokerage system, with technology provided by SecureKey, has been operated by the Canadian government  for well over a year for use by the Canadian Treasury Board and other Canadian agencies.  

According to SecureKey's Boysen, the Canadian credentials exchange now processes over 1 million transactions per month with users entering banking credentials they already have from the Bank of Montreal and TD Bank, for example. The Canadian system has the government's cloud-based credentials exchange service doing a quick online authentication verification with the participating banks concerning the user's credentials before allowing the user into the government online service.

The idea behind it is that users interact frequently with their banks online but infrequently with government services. Thus, they remember their online banking credentials while they are more likely to forget credentials they only use a few times a year for a government service.

It will be some time before it's clear exactly how the USPS-run FCCX might work, but it could give the country's beleaguered mail-delivery service, a new mission. But it might also prove unworkable and fade away after a year of a FCCX pilot cloud project, too.

Ellen Messmer is a senior editor at Network World. She covers news and technology trends related to information security.
More by Ellen Messmer

View the original article here

Jongo expands streaming speaker lineup, unveils subscription music service

Sorry, I could not read the content fromt this page.

View the original article here

Despite recent cloud service outages, security a bigger concern than availability

Wow. No sooner did I finish writing about how the Google and Microsoft outages were not a reason to lose confidence in the cloud, than Amazon went down. The online retail site—and its associated cloud services—were down for just under half an hour Monday afternoon. I stand by my assertion that the sky is not falling, but there’s more to using the cloud than just availability.

Amazon.com was the third major cloud service to suffer an outage in the last week.

Over on WindowsITPro.com, Paul Thurrott summed up the hysteria over cloud outages nicely. “And of course, the cloud computing doubters—who, like global warming doubters are increasingly at odds with reality—will argue that such outages prove that our move away from on-premises hardware and local storage is nothing but a temporary trend.”Let’s start with some perspective, breaking down the math like I did yesterday for Google and Microsoft. Amazon was down for about 25 minutes (although I’ve seen reports from 15 minutes to 40 minutes). In the grand scheme of things, Amazon was down for an infinitesimally small period of time. Depending on the estimate you go with, Amazon lost about $5 million in retail commerce during that timeframe—or about two percent of what it cost Amazon CEO Jeff Bezos to buy the Washington Post, or about two thousandths of a percent of his net worth.

Thurrott also pointed out the irony of how many users turn to Internet-based services like Facebook or Twitter to complain about cloud outages and declare the impending death of this cloud fad.

The debate over cloud availability is silly. As I pointed out my post about the Google and Microsoft outages, local networks and servers are not impervious to outages, so the risk is essentially the same as it pertains to availability.

Security and privacy are more relevant cloud concerns than availability.

There are, however, other concerns that offer a much more valid argument against cloud services for some businesses. Chief among them is security and privacy.

The convenience of outsourcing the IT infrastructure to a cloud-based third-party comes with increased risk that your network traffic or stored data could be compromised in some way, either directly by the IT support personnel charged with maintaining your services, or inadvertently by exposing it to increased risk on Internet-based servers.

It doesn’t have to be that way, though. You can enjoy some of the benefits of cloud servers and storage without sacrificing control, or putting the data at increased risk by hosting your own private cloud, or using a hybrid approach that includes on-premise and cloud-based services.

For example, you could store your data locally in an appliance like the ioSafe N2. The NAS (network attached storage) device can hold terabytes of data in a redundant configuration inside a fire proof, flood proof enclosure. Best of all, the N2 connects to the network and to the Internet, and it makes the data available from virtually anywhere, and from any computer or mobile device.

Another option is to choose a hybrid cloud solution like Egnyte. Egnyte does provide cloud file storage, but it can also connect and sync with local storage platforms.

Just keep in mind that this approach has tradeoffs. In order to gain greater security and privacy, you have to take responsibility for managing and maintaining the servers and data, which is arguably one of the biggest benefits of cloud services for small businesses. Also consider the fact that the third-party cloud support personnel might know more than you do about security and privacy, so managing it yourself may give you an illusion of greater security and privacy, while actually putting your servers and data at greater risk.

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by Tony Bradley

View the original article here

Bitcoin wallet service to issue refunds after users' funds stolen

A widely used Bitcoin wallet service plans to issue refunds to people who saw their bitcoins stolen as a result of a weakness in its application.

Blockchain.info, which has a Web-based service called My Wallet, has also upgraded its application after finding a vulnerability similar to one discovered earlier this month in some Bitcoin wallet programs running on the Android mobile OS.

“Likely if you have been affected by this problem your coins will have been taken already,” a Blockchain.info official wrote on the Bitcointalk.org forum. “All affected users will be refunded in full.”

The number of affected users is small, said Roger Ver, who is an investor in Blockchain.info, via email. Blockchain.info expects to refund around 50 BTC or $5000, he said.

Interest in Bitcoin has surged since its debut just four years ago. The system offers a low-cost way to transmit virtual currency over the Internet, and many companies and entrepreneurs are working to solve concerns around how to safeguard bitcoins from hackers.

Blockchain.info’s My Wallet uses a browser extension that encrypts a person’s Bitcoin wallet on their computer before it is sent and stored on its servers.

On Tuesday, Blockchain.info upgraded its browser extensions for Chrome and Firefox and its Mac OSX client after it was found a random number generator wasn’t working securely in some cases, potentially exposing people’s bitcoin stashes to theft.

Random numbers are used to sign transactions performed over Bitcoin’s peer-to-peer network as part of its public key cryptography system. If duplicate random number values are used to sign more than one transaction, it may be possible for an attacker to figure out a person’s private signing key and sweep their bitcoins away.

The issue came to light after one user reported on Bitcointalk.org that 1.8 bitcoins—worth around $218 as of Wednesday morning according to Mt. Gox’s market price—were stolen.

The user speculated that Blockchain.info or Firefox had a weakness in code that generates random numbers, similar to the problem found in Android Bitcoin clients earlier this month.

Several Bitcoin clients that used a random number generator component within Android were patched after it was found it occasionally repeated random numbers. Google also issued a patch.

A Blockchain.info official wrote on the forum that My Wallet users on Firefox could be particularly vulnerable. Users should upgrade their My Wallet browser extension to the latest versions, which for Chrome is v2.85, for Firefox is version 1.97 and for Mac clients is version 0.11.

The official also advised that people who only use Blockchain.info’s web interface “should clear their browsers cache before next login.”

Bitcoin addresses—which are used by people to send and receive bitcoins—that may be affected have been listed on Bitcointalk.org.

View the original article here

Google seeks experts for its soon-to-launch Helpouts video service

Google needs help. More specifically, the Internet giant is looking for people who are experts on basically anything to lead some of the first sessions for its soon-to-launch Helpouts video calling program.

Helpouts is a face-to-face, live video calling service, based on the company’s Google+ Hangouts product, that the company has been testing internally for some time. The service is designed to let professionals or experts in a particular area share their expertise or knowledge with others who want to learn from them, for a price.

Helpouts could provide an additional platform for Google to attract new users beyond its usual channels within the Google+ social network. It may also give Google a strong e-commerce business in providing users with more personalized expert information that can’t be gathered from a simple search on Google.com.

If someone is an IT expert looking to make some extra cash, Helpouts can connect that person with less technically savvy people to, say, hook up a wireless router or connect a laptop to a printer, Google said in one example of the service.

The company is stressing the social side of the service. “Helpouts is a new way to connect people who need help with people who can give help, over live video, anytime, anywhere,” the service’s current landing page proclaims.

Helpouts is not yet open to the public, but the company is looking to attract people with expertise across a range of topics to offer sessions within the program once it goes live. Google is looking to bring on people and businesses who are experts across a number of categories, including information technology, home and garden skills, fashion and education, a Google spokeswoman said.

People who are interested can visit the Helpouts site to submit their contact information. “If we feel they are a good fit, we will follow up with them and possibly extend an invitation to apply,” the Google spokeswoman said. Users will need an invitation code to sign up as a provider and create listings on Helpouts.

Google declined to say exactly when Helpouts would launch, but it will be rolling out soon, the spokeswoman said. The company has been conducting internal tests of the product with multiple partners for some time.

Once it goes live, here’s how Helpouts will work: Expert providers can charge for their sessions or offer Helpouts for free if they want, but a platform fee must still be paid to Google for each completed Helpout. The service is designed to let people start or join a call from their desktop computer, Android-based mobile device, iPhone or iPad.

Helpouts is designed to make it easy for people to grow their businesses by setting their own rates and getting paid online, according to the company. Providers can work on their own schedules, whether they’re at home or on the go.

If the provider charges a fee for the session, both providers and customers will need to use Google Wallet for the payment, according to the Helpouts site.

Helpouts has a strong social component for a reason: Social networking is an area of Google’s business that the company is continually seeking to scale out to better compete against rivals such as Facebook and Twitter. While Facebook and Twitter have more than 1 billion and 200 million active users, respectively, Google+ has about 190 million, the company reported in May.

Google already provides videos covering practically every topic through its YouTube video-sharing site, some of which are instructional in nature. But Helpouts looks to be a step up in both the level of interaction and the qualification of the experts, given its current invitation-only sign-up process.

View the original article here

HP equips WorkSite with file-sharing service

Hewlett-Packard has launched a file storage service for users of its Autonomy WorkSite document management software that it promises can be more helpful than consumer-focused hosted file services.

“With consumer-grade services, you can’t govern what’s out there and often you are not sure about security,” said Dan Carmel, who is the head of enterprise content management strategy and solutions for HP Autonomy.

Hewlett-PackardThe HP LinkSite service makes it easy to transfer internal documents to the cloud, where it can be accessed by other devices.

The LinkSite service synchronizes files on an internal WorkSite deployment with an HP file storage repository accessible from the Internet, making internal files available from outside the corporate firewall. All files inherit their read and write permissions from their in-house counterparts.

WorkSite is HP Autonomy’s document management suite, which can be used to index and store corporate files. Autonomy acquired the company that created WorkSite, Interwoven, in 2009. Autonomy itself was acquired by HP in 2011.

HP is pitching that this new cloud companion service can provide a superior file hosting to popular consumer-focused services, because it offers more security, auditing and control for system administrators.

The company also asserts that LinkSite has advantages over other enterprise-focused file-sharing services—such as Citrix ShareFile, or Novell Filr—in that, at least for users of WorkSite, it is integrated with an existing content management system, so an administrator does not need to set up separate sets of policies for a new hosted file service. Employees also don’t have to learn a new interface.

Users can access LinkSite through any browser that supports HTML5 markup, as well as through specific apps for Apple iOS and Android devices. For administrators, LinkSite could audit who creates, modifies or deletes files. They also get a dashboard summarizing usage statistics.

The service is built on HP Flow CM, a hosted content management service HP launched last year for storing online scans made by the company’s multifunctional printers. LinkSite runs on HP Cloud Services data centers located in the U.S.

The service transfers files through the HTTPS (Hypertext Transfer Protocol Secure) protocol. Carmel declined to elaborate on any policies that HP has on working with government intelligence agencies, in terms of disclosing or withholding customer data, other than to note HP follows standard industry and legal procedures for dealing with such situations as they arise.

List price starts at $19.95 per month for each WorkSite-licensed user, and prices decrease with volume purchases. There is no charge for external users. Each account gets 1GB of storage, and there is no charge for bandwidth use.

The service will go live Sept. 15.

Joab Jackson covers enterprise software and general technology breaking news for the IDG News Service.
More by Joab Jackson

View the original article here

Twitter's new Vine video service hits 40M users since January

Sorry, I could not read the content fromt this page.

View the original article here

NSA-dodging mail service explains why email can never truly be private and secure

Earlier this month, Lavabit and Silent Circle—two privacy-minded email providers—decided to shut up shop rather than give the U.S. government the chance to access to their customer data. Shortly thereafter, Lavabit owner Ladar Levison told Forbes, "If you knew what I knew about email, you might not use it."

This weekend, Silent Circle's Louis Kowolowski dropped the cryptic comments and explained a major, inherent vulnerability with email: metadata.

While encryption technologies like PGP and SMIME can be used to obscure the actual contents of a message, assuming you use a desktop program that supports encryption software, current email protocols don't allow you to secure the "header" metadata details that are used to shuffle email from point to point. The sender, recipient, subject, date and time, and even server path information is all sent along in clear text.

That's enough to be a liability to people who truly need privacy, according to Kowolowski.

If your goal is to not have metadata leakage in your otherwise secure communications, you may wish to avoid email altogether. Email leaks the information about who is communicating, and how often. This information may be just as damaging as the content of the email.

Snowden's leaks have shown that the U.S. government is aware of the power of metadata. The NSA collects Verizon's phone records to examine metadata and analyze call patterns, and the government does not need individual warrants to do so, as courts have classified metadata as "transactional data" rather than actual communications. Again, here's Kowolowski:

With the tapping of backbone internet providers, interested parties can now see all traffic on the internet. The days where it was possible for two people to have a truly private conversation over email, if they ever existed, are long over.

Since text, video, and messaging communications don't suffer from the same header needs as email, they're able to be secured from end-to-end, with all encryption and decryption handled on the client machines—and indeed, Silent Circle still offers "Silent Phone," "Silent Eyes," and "Silent Text" services that do just that. Check out our guiding to protecting your PC from Prism surveillance for more privacy-minded tips and tricks, or if metadata security means less than the message itself, read PCWorld's guide to securing your email.

Brad Chacos spends the days jamming to Spotify, digging through desktop PCs and covering everything from BYOD tablets to DIY tesla coils.
More by Brad Chacos

View the original article here