TrustMeSecurity.com

Tech Republic has a fantastic article up today that explains how one large enterprise implemented a secure email solution only to have it fail miserably. The moral of the story is that users need an unobtrusive solution that is embraced by management as well as the rank and file.

Having a solution that is as easy to use for internal employees and external partners as it is secure is critical. That’s where TrustMe delivers.

Checking with other departments, the technical team discovered that, with the exception of a few people in IS, no one was actually using the system. New employees didn’t know it existed, management didn’t enforce compliance, and many outside entities wouldn’t accept encrypted attachments. The end.

InformationWeek has a short article about a new Consumer Policy Solutions survey that confirms that privacy is a major consumer concern - especially for parents.

“Nearly everyone surveyed — younger generations, adults, and older Americans — said privacy, protection, and security is important to them, yet they don’t fully understand their own vulnerabilities,” Debra Berlyn, president of Consumer Policy Solutions, said in a statement. “This survey shows that while privacy and safety are critical concerns for Internet users and their families, many engage — either knowingly or unknowingly — in online actions that compromise their security and privacy.”

Ars Technica has a rather well written article slamming Embarq’s appearance before congress to defend it’s trial partnership with NebuAd. Embarq claimed that their use Of NebuAd’s third party opt-out technology to monitor their subscribers traffic wasn’t about making a quick buck - it was all about “empowering individual and business Internet users by making their experience more accessible and relevant.”

Embarq also takes pains to stress that all the data it collected was anonymous (and has since been deleted). “No raw or identifiable customer data was ever collected or utilized during the test,” says the letter. “In fact, the only data utilized during the test consisted of codes representing categories of interest that were derived anonymously.”

TrustMe Security, a provider of development platforms for secure online communication applications, today announced that it is adding support for OAuth to the TrustMe Security API.

OAuth is an open protocol that enables secure API authentication for web, mobile and desktop applications using a standard method. The protocol gives service provider developers access to their data on OAuth compatible services while protecting their account credentials. Supporting OAuth is ensuring that TrustMe is working with developers to easily work with the best available open protocols and standards.

“With only about six per cent of all Facebook applications averaging at least 500 active users per day TrustMe wants to ensure that developers have access to the tools they need to easily and efficiently develop applications for all online communication platforms,” said Mike Mullen, CTO of TrustMe Security. “Consumers need to feel confident that the applications they are using are safe and secure. Supporting open protocols like OAuth will help developers feel confident in the security they are offering with TrustMe’s API.”

TrustMe empowers developers to add security and privacy to online communication platforms such as email, social networks (Facebook, MySpace, LinkedIn, etc.), instant messaging and VoIP. Developers may access TrustMe’s Public Key Name Service (PKNS) using a REST-based API. The PKNS allows applications and web sites to encrypt communications and limit the disclosure of a person’s personal information to only that person’s trusted contacts.

“OAuth is an emerging, community-driven open protocol that is essential to lowering the cost of doing the right thing when it comes to helping people share their information between web services in a safe and easy way,” said Chris Messina, Open Source Advocate-at-Large. “That TrustMe should adopt this protocol speaks to their foresight and good intentions when it comes to securely delivering people’s private and personal information wherever it needs to go.”

While attending the F8 Conference this week in San Francisco, the TrustMe team will be meeting with Facebook developers to gain insight and feedback on additional open protocols and standards developers are relying on as well as the TrustMe API. TrustMe is dedicated to providing the developer community with the most complete and easy-to-use development tools to secure online communication applications. The TrustMe API is available for free at www.trustmesecurity.com.

-30-

Looking for more information? You can contact Drew at TrustMe at 506 860 6600 or our fantastic media rep, Natalie Sauvé from High Road Communications at 613 688 1187.

Amber MacArthur and the rest of the team at MGI Media produced this great introduction video for TrustMe. You may recognize Amber from her other gigs at CityTV, G4TechTV and her widely popular commandN.tv web cast.

The video was shot just across the bridge from TrustMe HQ in PEI.

Tim Anderson of IT Week has written a terrific article that highlights why online services need stronger security if business users are to entrust their critical data to the cloud. This is the very core of the services that TrustMe provides.

Marko Karppinen, who uses Apple’s .Mac online services, got a shock when he tried to log into his Apple Developer Connection account (see his blog here). He found that the password and the email address associated with his account had been changed. Apparently, someone other than himself contacted Apple’s Developer Relations unit claiming to have forgotten the password, and Apple responded by changing both the email and password without any further checks - ­ effectively handing over the account to the hacker.

No doubt this was an isolated incident, but it is one that highlights several security issues. First, it underlines the drawbacks of single sign-on. Apple is one of several IT giants offering a suite of services linked to a single user account. What Karppinen lost, as he noted in an indignant email, was not just his developer account, but files stored in the iDisk remote storage services, an iTunes account, personal email, and more. Single sign-on is convenient, but increases the risk to you, and the value to criminals, if that flimsy username and password combination is discovered.

CNet has an article that made me chuckle today. Apparently NebuAd CEO Robert Dykes whose business has been mentioned on this very blog a few times, appeared before Congress and took quite the business model beating. Lawmakers found the “opt-out” policy “contemptible”, “flatly illegal” and one went as far as to say the opt-out practice “goes against everything the country’s been founded on.”

…under questioning from Markey, Dykes refused to answer whether he thought an opt-in standard should be applied. “I really must protest…I think you’re forcing me into a ‘Have you stopped beating your wife recently?’,” he said. (Markey replied, to laughter: “No, no, no, it’s ‘Have you stopped beating the consumer?’ is the question.”)

According to an article from InfoWorld:

Gartner Research says 20 percent of the revenue of messaging security tools currently comes through the cloud delivery model. But this will jump to 60 percent by 2013.

Gartner defines cloud computing as a type of computing where IT-related capabilities are provided as a service using Internet technologies to multiple external customers. This delivery model is getting closer towards widespread acceptance, according to Gartner, because it allows enterprises to gain security services such as distributed denial-of-service attack (DDoS) protection without huge capital investments.

Interesting article over at PC World about a new Facebook glitch that allows people to see a user’s birthday information even if the user has explicitly stated that they want this information to be kept private.

Sophos Senior Technology Consultant Graham Cluely discovered the bug while he was checking the new Facebook design. He noted that birth dates of some of his very reclusive and privacy-obsessed acquaintances were popping up when actually they should have been hidden.

This reinforces our advocating that social networks incorporate third party tools like TrustMe to give users more control over how their information is used.

Google has announced that it will turn over data revealing user’s usage habits on YouTUbe to Viacom as part of a lawsuit. YouTube and Viacom have announced a compromise, after YouTube balked at releasing customer information, that would see the user names “anonymized” before being turned over.

PC World however was quick to point out that anonymizing user names doesn’t protect users.

In the AOL case where 20 million search keywords for over 650,000 users over a 3-month period, that were intended for research purposes, was leaked to the Web, it didn’t take long before sleuths turned “numeric IDs” into real names. One was user 4417749 (AKA Thelma Arnold). Arnolds is the then 62-year-old woman who The New York Times correctly identified by examining her history of keyword searches.