The email has become a very vital aspect of modern businesses. It is the main channel through which correspondence is carried out with clients; orders are placed and progressed, contracts agreed and many thousands of other items that make business work today. Emails are now important and have the same legal standing as formal letters were a decade ago, and as such there are regulations that govern how it should be made available for legal scrutiny purposes. Any business that fails to practice proper data retention policies is opening itself up to a number of legal tussles which can result in punitive fines and or even worse.

Nonetheless, solution to this is offered by a number of cloud email service providers such as Mimecast, which undertake cloud email archiving on behalf of their clients. However, many organizations are concerned that cloud email archiving has the potential to compromise the security of their email and other sensitive data. For instance, the service provider could potentially access sensitive information, or it could be accessed by a hacker while it is in transit between the client and the server.

There is no evidence, however, to suggest that these concerns are valid. In fact evidence suggests that cloud based archiving services are at least, if not more, secure than on-premises archiving. For instance Mimecast uses state of the art security methods for encrypting and moving data; no clear text data is stored, which is rarely the case with in-house archiving, and it is tamper-proof.

There are various reasons why organizations move to cloud based archiving. The main one is regulatory compliance, and the second most important is electronic discovery; email records are cited in a large majority of discovery orders. Litigation support is also important, and the ability to access email early on in case of any legal action can be of huge benefit.

Apart from regulatory and other legal requirements, an important advantage of cloud based archiving is memory management. As the volume of email increases, the infrastructure burden for storing it grows correspondingly. Cloud based archiving does not require bottomless infrastructure investment and is generally priced based on the number of user mailboxes.

Furthermore, as so much important corporate knowledge is stored in email, safely preserving it is essential. Any organization that fails to preserve historic data in an easily accessible archive is discarding a potentially highly valuable asset.

It is surprisingly quick to set up a cloud based archive. There are no major investment decisions to be made, no hardware to procure, and no software to install or get running. Although there are some work practice changes, these are mainly very minor, and for the most part the process is transparent.

Read More>>

ASM.js: Mozilla's Web App Speedup Project

Posted by Unknown | March 29, 2013 |

Mozilla foundation has been prepping a new programming technology, ASM.js as an alternative to JavaScript, with promises of bridging the C and JavaScript languages. It's an "extremely restricted" subset of JavaScript that's designed to make bringing existing apps written in the C programming language to the web easier.

The ASM.js software has undergone a benchmark test with stunning results, outperforming JavaScript in Firefox and Google Chrome browsers, almost to the speed of native apps.

And lately, the project is gunning interesting attention from game developers, with Google also announcing support for ASM.js on its Chrome V8 engine.

However, the setback had remain securing support from other major browser vendors, as the browser is crucial to the success of any programming technology. And so that developers will have a broad target, without the limitation to a single vendor support.

Albeit, the project is a direct competition to Google's conceived Native Client project, the company had maintained subtle support for ASM.js.

Read More>>

Google now Supports DNS Security Extensions

Posted by Unknown | March 21, 2013 |

Google debuted its public DNS service about 3 years ago with much emphasis on speed and security. The company had always advocated for faster internet, hence the need for building infrastructures to support that goal. And now that internet security seems to have taken a different level of importance, Google have taken a major step towards enhancing internet security as it announced support for DNS Security Extensions.

DNS Security Extensions (DNSSEC) is an emerging internet security standard which enables domain names and IP addresses to be verified through digital signatures and public-key encryption. It's aimed at preventing domain name hijacking, whereby traffic can be redirected from a legitimate website to a fake one by hackers without the knowledge of end users.

Albeit, DNS Security Extensions require some implementation, as ISPs must need to configure their systems to support the new standard, domain owners have to ensure that their websites are digitally signed.

Google stated that it has commenced checking for digital signatures on DNSSEC formatted messages, and that if it cannot validate a domain name, it will return an error message. However, if the domain name that fails to validate is a popular domain, it may exclude the site from blacklisting until fixed.

Additional information are available on Google's technical pages, particularly on DNSSEC support and security pages.

Read More>>

Review: Web Speech API Demonstration

Posted by Unknown | March 20, 2013 |

The Web Speech API which was announced mid-January is perhaps bringing more fun to the browser-side technology, allowing voice recognition on web applications, which Google have now converted into motion picture capabilities on Chrome.

The API runs on JavaScript which allows for flexibility over the speech recognition capabilities in Chrome starting from version 25 and later.

Google demonstrated the silent film capabilities of Web Speech API according to a blog post on Tuesday, announcing a new web portal The Peanut Gallery, which let users add titles in-between old black-and-white movie clips by talking out loud while watching it.

The feature follows on the webkitSpeechRecognition browser support, which provides the speech interface and sets the attributes. However, since the API is still experimental, it's currently vendor prefixed.

Google is hoping that developers will find more useful purposes for the Web Speech API as regards, web navigation, interaction and entering text on the web.

Read More>>

Apple on Thursday made available an update to OS X Mountain Lion v10.8.3 through its software update mechanism, fixing 21 vulnerabilities, with most actively been exploited in the wild to execute malicious codes.

The security update follows series of patches for Java flaw which led to the attacks on notable companies.

The zero-day Java flaw led to compromise on Mac OS X computers belonging to Apple as well, of which the company released an official acknowledgement. The company warned concerning Java Web Start application been run at the background, even when Java plug-in has been deactivated.

Mac OS X Mountain Lion update can be downloaded from the Apple Software Update page. The v10.8.3 update is recommended to all users of OS X Mountain Lion as it includes fixes and  features aimed at improving stability, compatibility and security of your machine.

The company have made available an extensive tutorial about the update in a release note, detailing procedures to follow in installing the Mac OS X update.

Read More>>

Chrome OS Defy Hackers at Pwnium 3

Posted by Unknown | March 12, 2013 |

Chrome OS had always been touted as a platform built for secured web access from the architectural point of view, being based on the Linux kernel coupled with the extensive sandbox technology. The open-source OS proved bookmakers right at the recently concluded hackers competition Pwnium 3, at CanSecWest in Vancouver, Canada.

Pwnium hacking contest is organized by Google to explore the security holes on its operating system, Chrome OS, so as to mitigate such vulnerabilities from being exploited in the wild. It attracts the brightest of hackers and security experts, who compete for the price money.

Pwnium 3 price was $3.14 million, inspired by the mathematical number "pi" which Google broke down into $110,000 for browser or system compromise, while $150,000 goes for a compromise after system reboot.

Albeit, the competition was extended by 3hrs owing to "no clear" exploit recorded, still Chrome OS defy the hackers at the contest. The outcome was announced on Google+ by the Chrome team, stating that no winning entries were received, but that they are evaluating some works that may qualify as partial exploits.

Read More>>

Chrome OS Gets new Control Features

Posted by Unknown | March 08, 2013 |

Google is indeed prepping its new Operating System, Chrome OS for prime time, as evident in the high-end machine, Chromebook Pixel recently announced under the platform. And as a follow up, the company on Thursday released new enterprise-level control features for Chrome OS.

Enterprise customers had clamored for more control over their network, given the always-online nature of Chrome OS, now that desire have been granted in the latest control update.

The Chrome OS management console update according to Chrome Releases blog, is meant to bring-in new users' policies as regards how administrators handle access level on a given network. It helps to determine whether or not to allow certain users the option to access some flagged malicious websites.

Top control features on the list includes: Third-party Cookies blocking, Plugin Authorization, Bookmark Bar, Control on Cookies for URL patterns and Malicious sites.

These listed settings will definitely give Enterprise administrators the controls necessary over the use of Chrome OS in their organization, covering important fields as web surfing, cookie access and application management.

Read More>>

Opera Browser beta for Android: What's new?

Posted by Unknown | March 06, 2013 |

Opera Software has according to an earlier announcement switched from its rendering engine, Presto, to the open-source Chromium rendering engine, WebKit, to which Apple also subscribe. The company released the first beta version of its WebKit-based browser for Android as a completely redesigned mobile browser, with native experience for Android devices.

The new Opera beta for Android employs native UI capabilities while still retaining Opera signature-features like Speed Dial and at the same time sporting completely new features. Below are the new features that came bundled into the beta version of Opera for Android.

The redesigned Opera browser beta introduced a unique new feature known as Off-road Mode, which enables proxy-browsing especially beneficial for slow network connections.

Other notable new features include: Discovery Tool and Download Manager. Discovery tool serves as a tab for tailored-content according to user's interests, while the later enhance the download of media files, making it possible to stop and resume any file download process.

Private browsing mode for individual tabs is also available as an option along with tabbed browsing, you can also save pages for later reading offline. However, full-screen mode appears to be missing in this beta version, also synchronization of bookmarks.

The Opera beta release for Android is the first step in the overhaul processes, with iOS and Opera web browser to follow.

Read More>>

HTML5 Flaw Crashes Major Browsers

Posted by Unknown | March 02, 2013 |

The emerging web standard, HTML5, is perhaps generating a whole lots of attention, especially from developers standpoint. And recently, a San Francisco based web developer, Feross Aboukhadijeh exposed a flaw in HTML5 Web Storage Standard implementation on Chrome, Apple Safari and IE, that could allow maliciously crafted websites to crash the browser by filling up the Hard Disk with junk data.

HTML5 Web Storage Standard defines how websites store larger amount of data than was previously allowed by cookies on a web browser.

The standard LocalStorage attribute allows the current limit of 2.5MB per origin in Google Chrome, 5MB per origin in Firefox and 10MB per origin in Internet Explorer, in anticipation that websites will want to abuse the feature.

The loophole follows when cleverly crafted website employ subdomains to circumvent the storage limit as explained by Feross in his personal blog, against the World Wide Web Consortium (W3C) warning that "user agents should guard against sites storing data under the origins other affiliated sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit".

Google Chrome, Safari and IE obviously failed to implement  the "affiliate site" storage limit, as accounted to why the trio are affected by the flaw. While, Mozilla Firefox is impregnable to the flaw as Firefox LocalStorage implementation is smarter.

However, argument are rife that the actual implementation across board may affect such sites like Github Pages, with individual user's page as subdomain.

Read More>>