CeBIT panel: For wireless use to grow, security innovations needed

Grok Headline matches for CeBIT panel: For wireless use to grow, security innovations needed

The future of mobility: Nokia showcases
latest 3G, multimedia and enterprise
innovations at CeBIT 2005

The future of mobility: Nokia showcases
latest 3G, multimedia and enterprise
innovations at CeBIT 2005 03/14/2005 06:28 PM
PhoneContent.com Mar 13 2005 10:48AM GMT

9/11 panel: Intel director needed

9/11 panel: Intel director needed 07/17/2004 06:15 PM
USA Today Jul 17 2004 9:31PM GMT

Microsoft Details New Security
Innovations at RSA Conference

Microsoft Details New Security
Innovations at RSA Conference 11/04/2003 06:25 AM

Microsoft Details New Security
Innovations at RSA Conference 2003,
Europe

Microsoft Details New Security
Innovations at RSA Conference 2003,
Europe 11/04/2003 10:55 AM
Today at RSA Conference 2003, Europe, Mike Nash, corporate vice president of the Security Business Unit at Microsoft Corp., detailed a series of new products and programs designed to help customers in Europe and around the globe enhance the security of their computers and networks. Among other topics, Nash discussed the release of Windows® Rights Management Services (RMS) for Windows Server™ 2003, progress on patch management and new innovations such as the Next-Generation Secure Computing Base (NGSCB).

Wireless on a roll at CeBIT

Wireless on a roll at CeBIT 05/03/2004 09:02 PM
Sydney Morning Herald May 4 2004 0:12AM GMT

Homeland Security Executives and
Government Officials to View Latest
Innovations

Homeland Security Executives and
Government Officials to View Latest
Innovations 08/06/2004 01:01 PM
Wi-Fi Technology Forum Aug 6 2004 5:26PM GMT

Bluetooth Wireless Mouse Recommendation
Needed

Bluetooth Wireless Mouse Recommendation
Needed 12/17/2004 06:32 PM
Okay, I'm really digging this full-szied bluetooth keyboard for my Powerbook. So much so, that I'm tempted to buy a second one to leave at work. But having a larger keyboard keeps my hands uncomfortably far from the touch pad. Anyone got a recommendation for a bluetooth mouse that has more than one button (sorry, Apple) and works well with a Powerbook? I'll probably use it left-handed about half the time, so I'd prefer one that is not shaped for...

Wireless carriers: Privacy bill not
needed

Wireless carriers: Privacy bill not
needed 09/21/2004 06:24 PM
WASHINGTON - Representatives of wireless telephone carriers planning a telephone directory service told a U.S. Senate committee Tuesday that legislation to protect their customers' privacy isn't needed, because their plan already does.

Training needed on proper use of
wireless Internet at universities

Training needed on proper use of
wireless Internet at universities 07/13/2004 06:47 PM
Business Day Newspaper Jul 13 2004 10:22PM GMT

Wireless Numbers Continue to Grow

Wireless Numbers Continue to Grow 02/12/2004 01:21 AM

Wi-Fi Market Surges on Consumer Sales

"Consumer holiday purchases contributed to rapid growth of WiFi gear sales in 2003. Synergy Research Group said that total revenue for WiFi gear was up more than 55 percent in the fourth quarter of 2003, reaching $751.9 million. Revenue for the year was up about 40 percent, reaching $2.5 billion.

The consumer sector drove the market, increasing about 74 percent in the fourth quarter to $517.6 million -- up 66 percent for the year, for a total of $1.6 billion. The enterprise sector was up about 26 percent for the quarter, to $234.3 million, and about 9 percent, to $869.7 million, for the year.

The rapid growth in the consumer market is consistent with past performance, but the good numbers from the business sector show that enterprises are beginning to overcome their initial unease about WiFi security and other perceived weaknesses of WLANs.' " [ZDNet, via TechnoBiblio]

cj then goes on to ask, "Do these sales figures bode the same thing for libraries?" Of course, I think the answer is yes. I just helped another non-techie co-worker purchase wireless equipment to install at home. She doesn't even have internet service, but she bought a laptop and it came with 802.11b in it. She's skipping dial-up and going straight to cable internet and installing wireless from day one. She's even going to try installing the equipment herself, which I think speaks to how far WiFi has permeated the collective consciousness of computer users, even at this early stage.

More of my neighbors are going broadband, so personally I'm seeing a definite trend. They're not all going wireless - yet. But when we talk about it, it's no longer a foreign concept and it's accepted as something they will eventually do, even if they're not ready quite yet.

Consumers are getting a taste of the convenience Wi-Fi provides, and the number of users and devices will only grow. Best to start preparing now.

How Much Security is Needed?

How Much Security is Needed? 01/22/2004 02:42 AM

Simon Willison proposes some ideas for securing authentication systems for Web-based applications and brings up a point that I’ve never thought much about. If you have a system that locks out a user after too many incorrect logins, then it becomes easy for a malicious user to deny access to your users by simply attempting to log in as them.

This doesn’t apply only to malicious users, however. Apparently there’s a host of people who think that they registered on eBay using my user name. Several times each month I get a notice from eBay that indicates I’ve asked to change my password. Someone probably can’t remember their account details and tries several username and password combinations, requesting a password reset for each of them.

If banning is a bad idea, then how do you defend against a brute-force dictionary attack on your site? Simon goes on to suggest a series of alternatives, listing the pros and cons of each. One thing that needs to be mentioned, however, is that your security approach should be appropriate for the value of information that is being secured.

A banking site needs a lot more security than a membership-based newsletter site. So locking out the account of a user might be acceptable for your bank, even though it would be silly for securing your vacation photos.

I’d like to see a system that reacts to a hack attack intelligently combining several of Simon’s approaches with some other ideas.

Simon said:

Ban login requests from the attacker’s IP address. This introduces the usual problems with IP banning, namely the risk of banning a whole bunch of people indiscriminately but leaving the attacker free to skip the ban using open web proxies.

You could use temporary banning to make life difficult for the attacker. After 40 consecutive invalid logins on the same user account over a period of time, ban the source IP addresses of the last few attempts for a few minutes. Instead of taking a few hours to break an account, it would then take several days. And the impact to real users would be minimal.

Lock the user’s account and email them a warning of the attack and a special key needed to unlock the account again.

This special key would also be vulnerable to a dictionary attack. You can mitigate this concern by issuing new keys as the attack continues. Each time an account has a certain number of invalid logins, change the key and resend it. It’s hard to brute-force a constantly changing key.

For systems that don’t need a high level of security, instead of creating a special key, you could actually reset the password to a random string and email it to the user. The attacker now has a moving target to crack.

Send an automated alert to a system administrator so they can analyze the situation in real time and take any necessary action. This relies on administrators being available 24/7 - hardly a safe assumption for most systems.

If you’ve slowed down the attacker as noted above, this becomes a viable option.

Other interesting (and perhaps half-baked) options would be:

• Once you detect an attack, redirect the attacker to a honeypot. Let them bang away at a system that has no correct passwords. Or "authenticate" them into a clone of your system that contains nothing but faked data.
• Throttle the speed of the whole authentication system during an attack. A fifteen second delay will be hardly noticeable to real users but will slow an attacker down enough that you can take action.
• After a few incorrect attempts, change the form submittal URL for that user. A real user will be submitting the form as it’s presented to them and would have no idea that it’s going to a different address. An automated attacker would be repeatedly submitting against the original URL, not knowing that the account was no longer allowed to authenticate through that URL.

Wireless home technologies showcased at
CeBIT

Wireless home technologies showcased at
CeBIT 03/27/2005 03:59 PM
NewsTarget Mar 27 2005 7:52PM GMT

Sprint, Cingular Grow; AT&T Wireless Off
(Reuters)

Sprint, Cingular Grow; AT&T Wireless Off
(Reuters) 04/20/2004 02:06 PM
Reuters - U.S. wireless service providers on Tuesday revealed a mixed bag for the first quarter with Sprint PCS (PCS.N) and Cingular Wireless reporting strong customer growth as AT&T Wireless (AWE.N) lost subscribers.

Wireless Internet to Grow to Over 500
Million Users By 2008

Wireless Internet to Grow to Over 500
Million Users By 2008 04/29/2004 06:29 AM
OfficialSpin Apr 29 2004 10:10AM GMT

Gov't IT: Security Clearance Needed

Gov't IT: Security Clearance Needed 05/03/2004 12:27 PM
Government requirements limit eligibility of IT professionals.

Email security survey - help needed

Email security survey - help needed 04/29/2004 10:44 AM
Give us ten minutes of your time

Homeland Security Executives and
Government Officials Meet to View Latest
Innovations in Communication and
Collaboration Technology

Homeland Security Executives and
Government Officials Meet to View Latest
Innovations in Communication and
Collaboration Technology 08/06/2004 02:39 AM
ROAMING MESSENGER (OTCBB: RMSG) today reported that the company exhibited its breakthrough messaging technology at the Experience IT 2004 show, in Anaheim, CA, last week. [PRWEB Aug 6, 2004]

CeBIT focus on security

CeBIT focus on security 03/14/2005 04:17 PM
Sydney Morning Herald Mar 14 2005 1:01AM GMT

Tech partners needed for US security
initiative

Tech partners needed for US security
initiative 11/11/2003 08:14 AM
Computer Weekly Nov 11 2003 7:08AM ET

Homeland Security: Tech partners needed

Homeland Security: Tech partners needed 11/11/2003 05:34 PM
The U.S. government is looking for private companies to partner with on technology-related homeland security projects, including biometric scanners, Wi-Fi radio communications, wireless surveillance cameras and data collection and fusion.

Data security attacks grow

Data security attacks grow 04/07/2005 01:18 PM
Computer Weekly Apr 7 2005 4:21PM GMT

Information security market to grow 20%

Information security market to grow 20% 01/28/2004 07:25 AM

Internet security attacks grow

Internet security attacks grow 09/20/2004 04:53 PM
Business Europe Sep 20 2004 8:43PM GMT

Frustration Over Microsofts Security
Problems Grow

Frustration Over Microsofts Security
Problems Grow 01/06/2004 09:16 AM
PakTribune.com Jan 6 2004 8:07AM ET

Frustration Over Microsoft’s Security
Problems Grow

Frustration Over Microsoft’s Security
Problems Grow 01/06/2004 10:41 AM
Many I.T. people are simply fed-up with the constant stream of never ending security problems using Microsoft's Windows products, adding myself to an ever-growing list of frustrated computer professionals. Upon returning from a ten-day vacation, and a single security patch behind, seven out of eleven servers attached to a remote DSL network were taken over by intruders. Granted I should have had a firewall in front of these computers, but because of their functionality, I didn't justify the expense. But still, am I to blame or should Microsoft be held accountable?

"CNN.com - Worries grow over new voting
machines' reliability, security"

"CNN.com - Worries grow over new voting
machines' reliability, security" 11/04/2003 09:28 PM

CNN.com - Worries grow over new voting
machines' reliability, security

CNN.com - Worries grow over new voting
machines' reliability, security 11/03/2003 06:39 AM
concerns about Diebold voting machines .. finally picks up

cnn.com/2003/ALLPOLITICS/10/30/elec04.election.worries/index.html
track this site | 6 links

Senate Panel Weighs In On Wireless
Directory (washingtonpost.com)

Senate Panel Weighs In On Wireless
Directory (washingtonpost.com) 09/22/2004 11:01 PM
washingtonpost.com - The Senate Commerce Committee voted yesterday to require cell phone companies to get the approval of individual customers before listing their wireless phone numbers in public directories.

Adventures in wireless security: Why
home and corporate wireless LANs are
insecure

Adventures in wireless security: Why
home and corporate wireless LANs are
insecure 06/03/2004 03:44 AM
The meat of the article is: “…Wireless security recommendations: Change your system defaults – everyone knows them. Change the Admin and SNMP passwords. Change the IP network range. Also change the Server Set ID (SSID). The SSID is a unique identifier for your wireless hub/router. The default SSID is set in the factory is definitely not unique. Don’t broadcast the SSID. While you can change the default ID, that does little if your hub or router broadcasts that SSID. Enable Wireless Encryption. WEP or something similar can be compromised, but it makes it significantly more difficult to compromise your information. The larger the key length, the better. Enable Shared Key Authentication. The default Open System setting lets anyone connect to your network with very minimal effort. Change your SNMP Community String. Create a Community String like it is a strong password. Enable MAC Address Codes. Again, this makes it more difficult for a hacker to compromise your home network. Set Wireless LAN cards to Infrastructure Mode. Most cards have the default Ad Hoc mode, which is less secure. Don’t rely only on the broadband firewall. A firewall at your home’s Internet entry point is critical. However, you should still have personal firewalls on all computers on your network, in case something makes it through your home’s firewall or a hacker does make it onto your network.”

Senate panel approves spyware, wireless
privacy bills

Senate panel approves spyware, wireless
privacy bills 09/23/2004 11:33 AM
WASHINGTON -- The U.S. Senate Commerce, Science and Transportation Committee on Wednesday approved bills intended to fight computer spyware and to protect wireless phone customers from potential privacy problems associated with a wireless phone number directory.

Panel: IT Security Certs Need Overhaul

Panel: IT Security Certs Need Overhaul 04/19/2004 08:18 AM

US House Panel OKs $32 Bln for Homeland
Security

US House Panel OKs $32 Bln for Homeland
Security 06/03/2004 11:33 PM
Reuters via Wired News Jun 4 2004 3:37AM GMT

Live from CeBIT: Siemens CeBIT Videos

Live from CeBIT: Siemens CeBIT Videos 03/14/2005 06:03 PM

Yesterday's sunny, breezy day has been sandwiched between wet, hateful storms, where each sloshing stomp between buildings gives the clouds opporunity to pry open my orifices and dillute the pneumonia sauce already boiling in my lungs. As a reprieve, I have been hiding in Siemens New Media trailer, where I've watched them edit together a bunch of movies documenting Siemens' CeBIT stuff, which they are posting to their site under 'Highlight of the Day' > 'video clips.' (It's a Flash pop-up site, which sucks, but alles kla.)

Disclaimer: I'm here as a guest of Siemens. Nobody told or even asked me to link this, but I wanted to point it out—because I'm a total whore and an ethics-free journalist and you should probably write something really damning and personally insulting on your blog exposing your mom our moral turpitude—and also because I've seen how hard they've been working on it and it's been interesting to see it come together.

9/11 Panel Urges Lawmakers to Put
Politics Aside for Security

9/11 Panel Urges Lawmakers to Put
Politics Aside for Security 07/25/2004 02:24 PM
Members of the commission today urged lawmakers and government officials to give priority to improving security in the U.S.

Sept. 11 Panel Explores Border Security
(AP)

Sept. 11 Panel Explores Border Security
(AP) 01/26/2004 11:25 AM
AP - Some of the 19 Sept. 11 hijackers were allowed into the country despite carrying fraudulent visas and being questioned by customs agents, an independent commission investigating the terrorist attacks said Monday in releasing new details about the attack.

Homeland Security panel picks
controversial chief

Homeland Security panel picks
controversial chief 04/06/2005 08:42 PM
Privacy board picks conservative lawyer known for championing the Pentagon's former Total Information Awareness project.

Homeland Security Rapped On Wireless
Security

Homeland Security Rapped On Wireless
Security 07/02/2004 07:25 PM

Panel members find security flaws in
Internet voting system

Panel members find security flaws in
Internet voting system 01/22/2004 06:21 PM
A federally funded Internet-based voting system for absentee voters poses serious security risks, according to members of an expert panel.

Winds of Change.NET: Liberal Blog-Panel:
Democrats & National Security

Winds of Change.NET: Liberal Blog-Panel:
Democrats & National Security 11/04/2003 05:18 AM
Liberal Blog-Panel: Democrats & National Security .. BACK AND FORTH AMONG LIBERAL BLOGGERS .. blog round up about the battles .. Go start reading the debate

windsofchange.net/archives/004235.html
track this site | 4 links

Grok Description matches for CeBIT panel: For wireless use to grow, security innovations needed
GrokA matches for CeBIT panel: For wireless use to grow, security innovations needed

CeBIT panel: For wireless use to grow, security innovations needed

The following phrases have been identified by the grok system as matching this entry: