Domain name campaigners battle corporate monopoly of gTLDs

ICANN  (Photot: Wikipedia)

‘Stop Corporate Takeover of Internet Names Petition” launched

ECM Plus +++ An internet activist has launched a petition to prevent large companies control over Chinese, Japanese, English and many other new top internet addresses.

“We believe this is an abuse of the New gTLD Program and it poses great risk of harm to consumers, business, and internet users globally” declares Tom Gilles, NewgTLDsite.com  TLD-vangelist and petition organizer. “These generic category top level domain names such as .app, .book, .music, and others should be open for the general public, not monopolized and closed off for use by one large corporation exclusively at their sole discretion.” Continue reading →

Foundation sues over email and phone hacking allegations

Electronic Frontier Foundation

EFF says government ‘withholding information’ about ‘unconstitutional spying’

Washington, D.C. – The Electronic Frontier Foundation (EFF) sued the Department of Justice (DOJ) today, demanding answers about illegal email and telephone call surveillance at the National Security Agency (NSA). Continue reading →

British businesses hurt by poor Internet coverage – survey

Jeremy Hunt preached the ministerial code (Photo credit: Gwydion M. Williams)

Government policy under fire as new survey reveals Internet strategy should focus on coverage not speed

By ECM Plus staff

ECM Plus /London/ +++ A new report of 1,500 British small businesses reveals that 57 percent stated that the ‘poor quality of their internet access’ is now adversely affecting their ability to do business.

According to the findings, by Freelancer.co.uk, small businesses in Britain are now at odds with Culture Secretary Jeremy Hunt, who reiterated in a speech at the Google Campus building that broadband speed is more important than coverage. Continue reading →

EFF launches campaign to protect privacy

Internet censorship around the world

Tor programme to support open internet and protect privacy

By ECM Plus staff

ECM Plus +++ The Electronic Frontier Foundation has just launched a new campaign to promote internet privacy. Dubbed as the ‘Tor Challenge’, the campaign is to encourage Internet users all over the world to support the Tor network by operating relays. Continue reading →

LATEST FEATURE: Compliance: A hybrid marital troika?

BY HOWARD SKLAR

Compliance is essential for all organisations, not least because of the financial penalties and reputational damage that come with non-compliance.

This, however, is easier said than done when many organisations have no idea that they are failing to comply.

This can often be the case with global companies where they may find they’re complying in one country but not in another, or across the whole. Continue reading →

HTTPS Everywhere anti-FireSheep security gaining traction

Image via Wikipedia

EFF tool provides protection from ‘Firesheep’

ECM Plus – The Electronic Frontier Foundation has just launched a new version of ‘HTTPS Everywhere’, a free security tool with enhanced protection for the Mozilla Firefox web browser against so-called “Firesheep” and other exploits of webpage security flaws.

According to the Foundation, HTTPS secures web browsing by encrypting both requests from the Firefox browser to websites and the resulting pages that are displayed. Without HTTPS, online reading habits and activities are vulnerable to eavesdropping, and accounts are vulnerable to hijacking.

Their report stated that while many sites on the web offer some limited support for HTTPS, it said it was often difficult to use. Websites may default to using the unencrypted, and therefore vulnerable, HTTP protocol or may fill HTTPS pages with insecure HTTP references. The HTTPS Everywhere tool uses carefully-crafted rules to switch sites from HTTP to HTTPS.

The new free version of HTTPS Everywhere responds to growing concerns about website vulnerability in the wake of Firesheep, an attack tool that could enable an eavesdropper on a network to take over another user’s web accounts, on social networking sites or webmail systems, for example, if the browser’s connection to the web application either does not use cryptography or does not use it thoroughly enough. Firesheep, which was released in October as a demonstration of a vulnerability that computer security experts have known about for years, sparked a flurry of media attention.

“These new enhancements make HTTPS Everywhere much more effective in thwarting an attack from Firesheep or a similar tool” commented The Foundation’s senior staff technologist Peter Eckersley. “It will go a long way towards protecting your Facebook, Twitter, or Hotmail accounts from Firesheep hacks. And, like previous releases, it shields your Google searches from eavesdroppers and safeguards your payments made through PayPal.”

Other sites targeted by Firesheep that now receive protection from HTTPS Everywhere include Bit.ly, Cisco, Dropbox, Evernote, and GitHub.

In addition to the HTTPS Everywhere update, the Foundation also released a guide to help website operators implement HTTPS. “Firesheep works because many websites fail to use HTTPS,” said technology director at the Foundation, Chris Palmer. “Our hope is to make it easier for web applications to do the right thing by their users and keep us all safer from identity theft, security threats, viruses, and other bad things that can happen through insecure HTTP. Taking a little bit of care to protect your users is a reasonable thing for web application providers to do and is a good thing for users to demand.”

The first beta of HTTPS Everywhere was released last June. Since then, the tool has been downloaded more than half a million times.

To download HTTPS Everywhere for Firefox:
https://www.eff.org/https-everywhere

For more on implementing HTTPS in websites:
https://www.eff.org/pages/how-deploy-https-correctly

BMC to automate IT governance, risk and compliance

BMC does ITGRC with BSM

BMC ITGRC goes enterprise-wide for GRC

ECM Plus – by Paul Quigley – BMC Software has just expanded its Business Service Management (BSM) platform with a new set of automated capabilities enabling an IT-centric approach to governance, risk and compliance.

According to BMC, its IT Governance, Risk and Compliance (ITGRC) software offers automation to orchestrate the ITGRC lifecycle from policy creation to assessment reporting across the enterprise.

BMC said its ITGRC solution includes functionality, including the ability to define and manage policies, manage and automate controls and audits, automate and enforce compliance across infrastructure, suppliers and end-users as well as assuring appropriate user access permissions across the entire IT environment including mainframe, distributed, virtual and cloud.

“By facilitating the mapping of controls to specific IT resources, and by automating the collection and reporting of information on the degree to which those controls are being performed, IT GRCM can strengthen an organization’s position with respect to external audits, and can reduce compliance reporting costs and improve an organization’s capability to address IT risks” write Gartner analysts Mark Nicolett and Paul E. Proctor in their report, Critical Capabilities for IT Governance, Risk and Compliance Management, April 30, 2010.

The company added that ITGRC is fully-integrated into its BSM platform, which provides customers with the crucial link between compliance management and compliance execution. This offering constitutes one of the first steps in BMC’s strategy to further develop functionality and products that address the growing customer and industry need to automate these processes.

Xerox arm does ‘documents on demand’ compliance bundle

Before the signing of the Sarbanes-Oxley Act

Mr. Copy launches DocuShare on Demand hosted ECM for document management

ECM Plus – Xerox’ Mr. Copy has just launched DocuShare on Demand targeting small-to-medium-sized businesses

The D-o-D system is a hosted enterprise content management solution which enables users to undertake document management, collaborate, review and approve as well as web publishing.

Xerox said that when coupled with Xerox scan-enabled multifunction devices from Mr. Copy, DocuShare on Demand provides a complete document management solution from one trusted vendor.

“It’s important to offer services that will help customers improve business operations and productivity” commented Bob Leone, president of Mr. Copy. “We developed DocuShare on Demand for companies committed to business modernization and green technology initiatives. We work closely with customers to contain costs and implement sustainability processes. In addition, we ensure document integrity and follow rigorous security standards, including SAS 70, Red Flag and HIPAA certifications.”

Xerox also claims that DocuShare on Demand can save users up to 90 percent of operational and storage costs relating to document management. It added that the new service would improve operational efficiencies by cutting the time it takes to find vital information by up to 80 percent.

The company also boasts compliance for HIPAA, FERPA, Sarbanes-Oxley and 37 other state privacy laws were also bundled in the package.

---

SecurEnvoy gets fobbed off with tokenless security

All fobbed off with nowhere to go?

SecurEnvoy;s SecurPassword 5.4 takes tokenless two-factor authentication to the next level

ECM Plus – by Paul Quigley – Authentication specialist SecurEnvoy has just launched the new Version 5.4 of password reset solution SecurPassword.

V5.4 offers tokenless two-factor password reset options using a one-time passcode sent to users mobile handset instead of by using a key fob method. The passcode alternative is integrated into the operating system rather than requiring users to fill in a web-based form.

SecurEnvoy said thatr if users forget passwords at the login screen for Windows, for example, IT departments can give users an option to securely reset via self-service two-factor authentication, increasing security, compared with traditional ways that rely on static user data such as birthdate or other personal information.

“As soon as you use static data that is permanently stored in a server, there are risks of passwords being hacked,” commented SecurEnvoy’s technical director, Andy Kemshall. “SecurPassword changed that by giving people a secure but self-service option, without the need to carry around cards or key fobs. Now, with version 5.4, that same experience is available as a seamless part of day-to-day business IT.”

Users running SecurPassword 5.3 will be automatically eligible for the upgrade as soon as the new version is released. With a recent change to the pricing for SecurPassword, it is now one of the most cost effective two-factor password resets solutions, available for as little as £2.50 per user, per year.

Kemshall added: “In a world of massively fragmented IT, security products must be as compatible as possible if they are to solve problems and not simply create more. If password reset solutions do not become more intuitive, then they’re at risk of being overlooked and snubbed. This is why we continue to innovate and make our products accessible.”

SecurEnvoy is also offering SecurPassword free of charge with every licence of its tokenless two-factor authentication product SecurAccess, when taken before December 2010.

SecurPassword 5.4 is available in beta and will be launched by the end of 2010.

Final countdown for Magus’ ActiveStandards WCM

Exponential growth rate overtakes current tech trajectory

ActiveStandards shortlisted for Business IT Innovation of the Year

ECM Plus – Web governance and compliance specialist Magus’ ActiveStandards application has been selected as a finalist in the BCS Chartered Institute for IT 2010 UK IT Industry Awards for “Business IT Innovation of the Year” .

“Magus has always had an exceptionally strong commitment to innovation” said Simon Lande, CEO and founder. “We have an ambitious and fast-paced technology roadmap, with research and development commanding an unusually high percentage of our overall resources. Key to our innovation strategy is our focus on solving real-world problems for enterprise website managers. So it is particularly rewarding to see our hard work and investment acknowledged, not just for pure innovation, but for innovation targeting today’s critical business needs.”

According to Magus, managing the quality and compliance of unstructured information on enterprise websites poses major technical, operational and strategic challenges for all organisations.

Magus said it was committed to continuing its innovative development program on the ActiveStandards platform, to help companies optimise and protect their websites and achieve their business potential.