Viewing decrypted files - vulnerability

I use Cyptainer LE to encrypt some of my sensitive files. Since they are .doc or .xls files once decrypted I use Open Office to read them. Recently my PC crashed while viewing one of those files. After a quick restart I loaded Open Office to write a document. Open Office alerted me to an unsaved file and asked if I wanted to recover it to which I said Yes. And guess what, my so called encrypted file popped up. With auto save feature on Open Office saved the file in cache.

Wander how big of an issue this is? I wander if this makes my secure data completely unsecured? How long is the data held in cache?

I found this in a Open Office forum http://www.oooforum.org/forum/viewtopic.phtml?t=65016"... Delete the file Documents and settings/userName/Application data/Openoffice.org2/user/registry/data/org/openoffice/Office/Recovery.xcu

Beware, it resets the settings for Autosave in the Tools>Options>Load/Save>General dialog. ..."

Google security

I've used Google Docs on a number of occasions for collaborative working. It might not be a perfect tool for collaborative work but it is free and does the job. In the past I did not pay much attention to the security aspect of those documents since they were never of contained highly sensitive information.

But what if they did?!

Sharing documents online has its advantages namely only one master copy exists and can be viewed and edited by multiple users simultaneously. Such documents are accessible (if not set as public) only to specific users (specified by the document owner) who must have a Google account too.

If those documents are protected by simple username/password combination, how secure are they? In fact such documents are as secure as the weakest authentication credentials (username/password) of users who share those documents.

Therefore I would like to be able to specify a certain criteria which users must fulfil before they can access my shared documents. To add an additional layer of security I should be able to specify:

1. "To view my documents the invited user must use a strong password", meaning Google “password strength” tool must indicate "Strong".

2. "To view my documents the invited user must use captcher when login-in".

3. “To view my documents the invited user will need a secret key to decrypt them.” Google docs (end emails in Gmail) should have offer encryption which would add additional layer of protection for sensitive documents.

All of the above should be optional so that those who see it as "just another obstacle" do not have to use it.

How much additional security would such options provide???

What about backup?? How secure should the backup be?

Social Networking

As part of my research into Social Networking (SN) I was given a task of finding an Open Source (OS) SN which can be run locally (ie. not web based service like Facebook/Orkut/Ning etc). Having read about Apache Shindig my hopes of finding a suitable application were very high.

For those who are not familiar with Apache Shindig, "Apache Shindig is an OpenSocial container and helps you to start hosting OpenSocial apps quickly by providing the code to render gadgets, proxy requests, and handle REST and RPC requests." (taken from the site). There is a Java version and a PHP one.

Shindig is a container allowing us to run OpenSocial gadgets across (in theory) SNs that support OpenSocial. Looking at gadgets used in popular SN services (like Orkut, Ning and others) they can generally be classed as entertainment and sales gadgets rather than real world apps, although there might be some exceptions (like to-do or chat gadgets). Shindig does not provide features like messaging, groups, photo gallery etc.

So apart from Shindig we need an application to sit on top or along side Shindig and provide us with the UI features we want (I call these, "component apps"), like: friends list, messaging, wall posts, photo albums, groups, creating networks etc).

The only application that I could find is Partuza which was surprising. Looking at it issue tracker it is clear that this application is in its infancy and not ready for full production use (lacks features and there are a few bugs). Not surprising since such full blown application probably requires substantial resources which, by the looks of it, Partuza is lacking.

Having this in mind it be better if the Open Source community started developing features (component apps) as components, independent from each other yet supporting interoperability. Not sure if OpenSocial as standard would be enough to support such a project but it could be extended if not.

This way there would be a range of component applications to choose from and relatively easy to build own Social Network(s). These components could include forum, wiki, blog etc to enrich SN environment as we know it today. There would be no reliance on one project (like Partuza) and costs would be spread across the community.

I've looked at Joomla and its ability to support third party extensions (component apps) and a similar approach should be taken up for OS-SN development.

Soon I will be looking at Google Wave and how it can be used as Social Network. Since Google Wave extends OpenSocial any existing gadgets should be reusable.