<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d13691723\x26blogName\x3daryveron\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://tyazmanians.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://tyazmanians.blogspot.com/\x26vt\x3d-7157851199588912654', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Wednesday, October 19, 2005

New hacker targets: cell phones and PDAs

There was a time when the biggest mobile computing risk was losing a laptop. How quickly things change. Cell phones, smart phones, and PDAs increasingly are being used to access business applications, E--mail, and the Internet. In sync with that trend are new security threats to mobile devices that store and distribute company information.
They're becoming victims of zombie attacks and other forms of hacking; malware; hybrid PC--mobile viruses like Comwarrior, Bluejacking, and Cabir; and spam. And for the first time, many businesses are finding they need plans for securing mobile devices, including what methods to use and rules for how devices can be used.
"Putting together policies and procedures to add security for a device ... is becoming a real challenge," said Larry Hardin, senior manager of communications in the IT group at food--service distributor Sysco Corp., during a session at last week's Mobile Business Expo in Chicago. The issue has come to a head at Sysco, Hardin said, as more traveling salespeople start using devices other than laptops. For easier management, Sysco requires that employees use only company--distributed mobile devices for work and has developed service--level agreements with all its wireless vendors.
Partners In SecuritySecuring E--mail was the motivation behind a partnership between Research In Motion Ltd., maker of the BlackBerry, and security software vendor PGP Corp. The companies last week unveiled PGP Support Package, due later this year, which is designed to provide encryption, decryption, digital signatures, and verification for E--mail sent and received on BlackBerry devices.
However, the support package will only work for customers who already have deployed PGP's Universal technology, which lets businesses manage encryption and digital signatures from a single console. It will be distributed exclusively by PGP through its 175 resellers.
It's a step in the right direction. But there still aren't enough security options for mobile devices, says James McGibney, operations manager at construction company Rudolph and Sletten Inc. About 150 of the construction company's workers use RIM's mobile E--mail service with BlackBerrys or Good Technology Inc.'s mobile E--mail with Treo devices, so they can stay on top of any alerts or changes during construction jobs. Because of a lack of good vendor options, the company's in--house IT department is writing an application that will scan messages before they're sent through Good Technology's E--mail service, McGibney says. "Imagine the impact of a worm attached to E--mail infecting your PDA and sending itself to everyone on your address book," he says. "We don't want to take chances."
Hackers and thieves are one problem----losing mobile devices is another. Consider this: Travelers left 85,000 cell phones and 21,000 PDAs and Pocket PCs in Chicago taxis in the past six months, according to recent research conducted by Pointsec Mobile Technologies, a data--encryption company. Mobile devices often don't offer strong user authentication, meaning almost anyone can get to their contents. "Basic passwords aren't enough," says Stuart Vaeth, chief security officer at mobile security company Diversinet Corp. and co--chair of the Initiative For Open Authentication's technology group, an IT vendor group fighting identity theft.
Diversinet last week released a version of its multitoken wallet for Symbian OS mobile phones. The wallet, which already is available for the Microsoft Windows Mobile Pocket PC, is an application that resides on a device and lets users add and manage all of their mobile tokens in one place. It's designed to be used with mobile tokens that Diversinet activates wirelessly. The tokens provide passwords that change each time a user accesses a secure network, server, or Web site via a mobile device and are generated in software or delivered as a text message on the device. Diversinet says it's planning to extend the multitoken wallet to additional mobile--device platforms.

Dikutip dari: commsdesign

Wi-Fi in the city Concerns raised over loss of privacy

San Francisco's plan to offer affordable wireless Internet connections may make it easier for computer hackers to spy on users and steal personal information.
That's the consensus of computer security experts, who say that the city's ambitious effort to get all residents online - potentially for free - could be more risky for users than traditional Web access.
The problem with wireless Internet connections - called Wi-Fi - is that the onus is largely on consumers to protect themselves, they said. But many Wi-Fi users fail to take precautions out of laziness or ignorance, putting themselves in danger of their personal information being stolen.
"The FBI views wireless networks as very insecure," said LaRae Quy, a spokeswoman for the FBI's Northern California office. "Software allows you to set up security, but most people leave it open."
"It only takes a few extra steps to make it secure," she added. "But even it you take the extra steps, a skilled hacker can get into the system."
In the next few weeks, Mayor Gavin Newsom is expected to decide how to proceed with his Wi-Fi initiative, which is aimed at making the city more economically competitive and bridging the digital divide. A commission is currently reviewing 26 proposals, including offers by Google, Earthlink and the Bay Area startup AnchorFree Wireless.
Chris Vien, who heads San Francisco's technology department, said that protecting Wi-Fi users is important, and that commissioners are reading carefully what companies say about privacy and security.
"Both of those issues need to be addressed," he said.
Flimsy Internet security is nothing new. Web users who log on through wire lines have grown accustomed to a seemingly perpetual onslaught of virus attacks and fraudulent e-mails that try to deceive them into disclosing personal information.
Wi-Fi adds to the risk, security experts said. Data sent over the airwaves can be more easily intercepted or "sniffed."
All criminals need to steal information is some technological know-how and possibly an antenna.
Companies that have proposed building San Francisco's Wi-Fi network describe their systems as secure. They call their countermeasures as some of the most sophisticated available.
Encryption is one line of defense. Scrambling data sent over the airwaves make it difficult for thieves to decipher.
Computers that are enabled for Wi-Fi generally come with encryption built in. Users whose computers have no Wi-Fi card can buy one separately.
Security experts generally praised newer encryption technology, which uses a standard called WPA. But they said that older versions have proven to be easy to crack.
To help solve the problem, Earthlink is proposing to send its Wi-Fi users a small antenna that is enabled for the latest encryption technology and must be attached to a computer.
Wi-Fi has gained a risky reputation based partly on free wireless connections at cafes having no encryption. Such networks are typically "open" to make them easy to use.
But they offer no protection. Even users who have the most up-to-date safeguards on their laptops are therefore wide open to a hacker.
Many home Wi-Fi systems are similarly vulnerable. Users simply fail to turn the encryption on.
"If you are looking at movie times, who cares if someone else sees what time that movie is playing?" said Ira Victor, managing partner Data Clone Labs, a security firm in Reno. "But if you are paying your bills online, that is not something I would do."
In San Francisco, some companies are also proposing a defense against hackers called virtual private networks. The technology allows users to send their data through what is essentially an encrypted tunnel that cannot be interfered with until it reaches its intended destination.
However, the technology requires users to download special software. Security experts said that many users -- especially novices, who are supposed to be the big beneficiaries of affordable Wi-Fi -- may simply not bother.
Cacey Ullman, chief executive of PostX, an e-mail security company in Cupertino, pointed to the possibility of San Francisco's Wi-Fi effort bringing out a boom in so-called "evil twins." These are Wi-Fi hotspots set up by fraudsters that appear legitimate, but are actually used for stealing personal data.
Users would simply see a connection such as "SFMuni" on their screen. They would then log onto it without realizing that it is actually a doppelganger to a city connection with the same name.
As users surf the Web, an evil twin hacker can collect credit card numbers. Downloading a special desktop security program - which Ullman's company and a few others sell -- is one of the few protections.
"I, for one, would love to have free, blanketed Wi-Fi," Ullman said. "People just need to keep in mind about what kind of activities they do on it."
Because of that, he said, users may want to think about having a way to connect to the Internet by wire. In some ways, his suggestion could defeat the purpose of affordable citywide Wi-Fi and its promise of cost savings to users.
Whatever the case, Jeb Linton, chief architect of municipal networks for Earthlink, emphasized the security of his proposed system and then compared it to Wi-Fi in a cafe.
"It's much safer than that," he said.
Andy Castonguay, an analyst with Yankee Group, said that for the most part, large Wi-Fi networks are safe if users take the right precautions. But he added that it will take a lot of effort to make sure that users protect themselves.
"Whoever ends up building this network -- the city or a company -- will have to spend some time educating the public about security measures," said Castonguay.
Dikutip dari: sfgate