Archive for the ‘Security’ Category

DEMOfall: This message will auto-destruct after you read

September 26, 2006


Well, not my blog post. This is what will happen if you use VaporStream to send your emails. So what really does VaporStream really do?

VaporStream has introduced its Stream Messaging System that removes all records of an email after it has been read by the recipient. According to VaporStream, this idea has appealed to 91% of America’s corporate executives in recent independent market research studies (no sources are referred to in this case though).

The way VaporStream works is that it separates the header of the message, the who, what and where, from the body of the message. There is no record connecting the VaporStream subscriber with the content of the message. Messages sent using VaporStream cannot be forwarded, edited, saved, printed, or cut and pasted. Once read, messages are gone forever. As VaporStream site says:

VaporStream is totally recordless.

VaporStream uses a custom login system using your email and password. So if you want to send a confidential message using VaporStream, enter or select the e-mail recipient’s address, and start composing your message. As soon as you being typing your message, recipient’s name vanishes. When you finally send your message it goes through VaporStream’s SSL encrypted network and is delivered to the recipient. When the message is opened, the sender’s name gets deleted from the message header, and the message gets deleted from VaporStream servers. VaporStream works on both PC and Mobile platforms.

For individual users VaporStream is available for $39.99 per year and additional $5.00 per year if you also want access from mobile. VaporStream also has enterprise plan which cost the same for each user as for an individual account, with an additional $5 setup charge.

Personally I want to save all my email so it doesn’t really help me. But there will be lot of people who will like to get their hands on VaporStream. Is it a good idea for corporate sector to implement VaporStream? I don’t think so. Will know in next few months how it works out for VaporStream. On the lighter side, if VaporStream had launched their product few years back, Frank Quattrone would have been a happier man today.


Tags: , ,


DEMOfall – Web security for all from MyPW

September 25, 2006

MyPW wants to provide secure authentication service for all web-businesses. Idea is very simple yet effective. For those who have used RSA’s SecureID this will sound familiar. Any web-based business owner, who wants to secure their site, can get a MyPW token for each of their users, and implement MyPW code into their sites authentication process. From there on any time a user tries to logon, he will have to input the serial number from the MyPW token along with the regular authentication credentials. This serial number is passed onto MyPW server using webservices like xmlrpc, which does not take any other personal information. MyPW than verifies the validity of the serial number, depending on which you can login.

Currently, RSA provides similar kind of service for corporate businesses with large number of employees. MyPW wants to target companies with small number of employees who cannot afford to develop their own 2-point authentication process. It can be a company with 100 employees, or e-commerce company like Amazon or even bloggers like us. MyPW service will cost $1 per user per month and is free for personal sites where only 1 user has to authenticate.

MyPW will be providing code samples in c, perl, or php to enable easier integration for a broad user base. MyPW is still unsure about the pricing of the token, which might be free later on and cost $9 to start with. MyPW token is supposed to have average life of 5 years. The best part about MyPW is that if multiple sites use MyPW for authentication, you will be able to use the same token to login into all those sites.

MyPW will prove very beneficial to banks and financial institutions that need to implement 2-point authentication, which has been mandated by Congress. Currently few banks are using some funky 2-point authentication process in which they have to identify an image before they can login to the site. Sooner or later they will have to move over to a real 2-point authentication, where MyPW product will nicely fit in.

Besides the banking industry, MyPW can take advantage of the fact that there are over 180 million internet users in US with most of them concerned about identity theft. MyPW will have to convince online firms for these users that MyPW is the safest authentication solution in market.
MyPW, located in Washington, is headed by Daryn Nakhuda who is also the CTO of SpamArrest. MyPW service is up and running right now and will be live after conference. I, for the fact, will be definitely signing up for MyPW service to secure all my sites.


Tags: , , ,