Archive for Wireless
Author: Dave Lewis
May 14, 2008 at 7:41 am · Filed under Military, Wireless
This strikes me as a troubling story.
From RFID News:
Axcess International has announced its Micro-Wireless RFID system will be used by the U.S. military to enable automatic inventory accounting and perimeter security for ordnance assets. Using the Axcess’ Dot tag design, the system uses ultra-small, low cost RFID transmitters assigned to each asset, enabling automatic tracking and automatic security monitoring.
Maybe I’m being paranoid but, I’ve seen enough presentations by Adam Laurie to have earned my paranoia.
Then I read this passage,
Any unauthorized movement of an armament outside the storage area automatically triggers an alert, but the handling of armaments can be linked to authorized service personnel via an RFID personnel badge
But, what of a cloned RFID tag? And what of the DHS report that slammed RFID?
Article Link
Author: Dave Lewis
May 12, 2008 at 1:58 pm · Filed under Dumbass, Wireless
Ah the joy of the first panicked post departure phone call. Today is my first day away from the office and my now former day joy called. It turns out that an old wireless router that had been sitting in a box in my office had been pinched soon after I left. That’s fairly typical. Someone exits the company whether on bad or, in my case, good terms, they leave things behind in their office.
Well, the router was one of them.
An old Linksys.
Damn if someone didn’t just pinch it. No. They had to go one step further. Some knothead plugged it in. Suffice as to say the hunt is on. Good luck folks.
Pity the half wit that thought it would be a good idea to plug it in.
Author: Dave Lewis
May 8, 2008 at 7:07 pm · Filed under Wireless
Hmm. OK.
I’m not sure what to make of this one. RFID is not my specialty to say the least. Any one have thoughts on this one?
From RFID Journal:
NeoCatena, a Sunnyvale, Calif., startup company, has emerged to address an issue its founders believe is of growing importance to end users of RFID technology: system security. The firm has created a security appliance designed to act as a firewall between RFID interrogators and the edge server of middleware an end user employs to collect and transmit RFID tag data upstream to its enterprise software.
The appliance, known as RF-Wall, runs software developed by NeoCatena to protect an RFID network from counterfeit RFID tags, and from attempts to use tags encoded with malware to introduce a virus to back-end systems, or to execute some type of breach to the security of sensitive data, according to the company’s cofounders, Boris Wolf and Lukas Grunwald.
While there have been no publicized incidents involving the use of RFID-based network attacks or counterfeit RFID tags, Wolf and Grunwald believe the threats to be real, and say experiments performed by Grunwald dating back to 2004 have proven such things possible.
Read on.
Article Link
Author: Dave Lewis
April 21, 2008 at 10:39 am · Filed under Freedoms, Wireless
Big брат is watching you. In a further attempt by the Russian government to turn the screws on the populace they are now mandating that all wireless APs, wireless devices, and the like, are registered with the government.
From Computer World AU:
Business travellers to Russia might want to keep their laptops and iPhones well-concealed - not from muggers, necessarily, but from the country’s recently formed regulatory super-agency, Rossvyazokhrankultura (short for the Russian Mass Media, Communications and Cultural Protection Service).
In the UK, Ofcom made deregulation one of its first priorities upon coming into existence, but the Russian equivalent is doing just the reverse, including an ominous-sounding policy of requiring registration for every Wi-Fi device and hotspot, according to a report this week from news agency Fontanka.
Rossvyazokhrankultura’s interpretation of current law holds that users must register any electronics that use the frequency involved in Wi-Fi communications, said Vladimir Karpov, the deputy director of the agency’s communications monitoring division, according to an English commentary provided by website The Other Russia.
Um, this has a rather chilling affect for any travelers heading to Russia. Not to mention end users in the country. I wonder how well this type of law is communicated to the people. Are folks in Russia aware of this interpretation by the Rossvyazokhrankultura?
Here’s another quote:
“Setting up a home Wi-Fi network or a hotspot would require what sounds like vast amounts of paperwork, akin to putting a cell tower,”
Damn. So are they planning to war drive looking for offenders? How is this going to play out for Russian wireless users?
Article Link
Author: Dave Lewis
March 23, 2008 at 9:35 pm · Filed under Legal Aspects, Wireless
It appears that there is some interesting legislation afoot in Maryland. From the Herald-Mail “Purposely surfing the Internet on someone else’s wireless connection, without permission, would be a crime under a bill Del. LeRoy E. Myers Jr. presented Tuesday.”
This is an odd one because, if I remember correctly, XP is a bit of a promiscuous wench when in comes to associating with any open wireless connection. For example, in my neighbourhood in Toronto if I were to search for a wireless connection I find no less than 20 connections. Of that group 5 or six are wide open. I’m a little torn here as I can understand not wanting other folks on my wireless access but, I can always enable the security features (and I have). If someone were to access and surf the interweb after that point then yes, that would be theft. But, if you leave your access wide open aren’t you just asking for trouble?
Myers, R-Washington/Allegany, said his bill is meant to clarify intentional theft vs. accidental use.
He told the House Judiciary Committee that one of his neighbors, after buying a new laptop computer, got onto the Internet, thinking it was through a cable TV hookup.
Actually, the connection was through Myers’ home wireless Internet system.
He said he didn’t want unintentional use like that to be prosecuted the same as computer hacking.
According to the bill, intentional unauthorized access to another person’s computer, network, database or software is a misdemeanor. The penalty is up to three years imprisonment and a fine of up to $1,000.
Hmm, this would a difficult one to prove. The fine is so low as to not be worth prosecuting. Although, the three year jail sentence has some teeth.
Thoughts?
Article Link
Author: Dave Lewis
March 6, 2008 at 7:58 am · Filed under Airline Security, Wireless
In a bid to avoid offending some by blocking “racy sites” Denver airport has been filtering website access from their free wi-fi hotspots. But, in their bid to address our collective squeamishness they are also blocking the likes of boingboing dot net and …Vanity Fair?
Um, OK.
From the Denver Post:
Airport spokesman Chuck Cannon says officials decided to block potentially racy sites when the airport made its wireless internet service free in November. Previously, there was a fee for using it.
Cannon says the airport would rather weather infrequent complaints about access than handle angry parents whose children might see pornography.
I’ll be willing to wager that if you wander around the airport you’ll be able to pick up an open AP from one of the first class lounges. At LAX one of the airlines is good enough to provide free wireless to their passengers…and anyone else in range of gate 26 in terminal two.
If anyone if traveling through Denver I’d love to know if access to Liquidmatrix is blocked as well.
Article Link
Tags: Denver Airport Wi-Fi, Internet Censorship
Author: Dave Lewis
February 28, 2008 at 8:57 am · Filed under Crypto, Wireless
From Daily Progress.com:
A University of Virginia graduate student and two fellow hackers say they have cracked the encryption code that protects billions of credit cards, subway passes and security badges.
With readily available equipment that cost less than $1,000, 26-year-old Karsten Nohl and his two Germany-based partners dismantled a tiny chip that is found inside many “smartcards” and mapped out its secret security algorithm.
With the cryptographic formula in hand, the hackers were then able to run it through a computer program that tried out every possible key. It broke the encryption after a few hours. If they were to try again, Nohl said, it would take a matter of minutes.
“I don’t want to help attackers, but I want to inform people about the vulnerabilities of these cards,” said Nohl, a Ph.D. candidate in computer engineering at UVa who is originally from Germany.
So, why does this seem familiar? The article seems a touch confusing. Did he break crypto or simply RFID? The quote from the article “found that it was fairly easy to crack the RFID chip’s code, potentially allowing a tech-savvy miscreant to clone credit cards, ride the Metro for free, or easily steal cars.” seems to indicate that they merely attacked the RFID as opposed to some encryption. Does anyone have a link to Nohl’s presentation from CCC?
Article Link
Tags: RFID, Karsten Nohl
Author: Dave Lewis
January 17, 2008 at 7:41 am · Filed under Wireless
AirDefense went for a drive (or more realistically, a walk) in NYC and scanned for open wireless points. The results of which leave one with the echoes of “fire bad” drifting back to you from across the years.
From PC World:
About one third of the stores had no security at all, not even the minimal encryption provided by the flawed Wired Equivalent Privacy (WEP) protocol. Another third had weak encryption, such as WEP or the pre-shared key mode of the Wi-Fi Protected Access (WPA PSK) specification, which was originally intended as basic security for home or SOHO WLANs.
The final third showed a quantum improvement, according to AirDefense Chief Security Officer Richard Rushing: the more advanced WPA2 specification, with 802.1X authentication brought down to every device, including handhelds, on the WLAN, and AES encryption, the strongest commercially available today. “These are the first retail stores we’ve seen with bulletproof [wireless] security,” Rushing says.
For the full scoop head on over to PC World.
Article Link
Tags: Wireless Security, NYC Wireless Access, NYC Wireless, Wireless
Author: Dave Lewis
October 18, 2007 at 9:30 am · Filed under Malware, Wireless
Here is an interesting piece from the ISS X-Force on the viability of RFID based worms.
From ISS(IBM):
A few weeks ago IBM ISS worked with the Georgia Tech Information Security Center (GTISC) to release a paper entitled “Emerging Cyber Threats Report for 2008”. As one of the contributors to the report I subsequently received a number of enquiries concerning some of the content; particularly the RFID security threats.
First of all, you’d have thought that a technology as ubiquitous as RFID would hold few security secrets or concerns – after all, most of us have been living with the technology for several decades already. But that most certainly doesn’t appear to be the case.
While there has been plenty of concern over consumer privacy aspects of RFID use in the retail sector, it looks like only the attendees of conferences such as BlackHat and Defcon have seen some of the darker side of what could be possible in the world of RFID hacking.
The RFID Worm
Without digressing too far, in one thoughtful conversation a link was made to RFID-based malware – worms in particular. From what I understand, sometime last year there was a lot of press attention in Germany about the possibility of an RFID worm threat (and subsequent consumer fear). But at the time of the conversation I hadn’t really given much thought to worms.
Read on.
Article Link
Tags: RFID, RFID Worms, RFID Attacks, RFID Security
Author: Dave Lewis
June 20, 2007 at 9:29 am · Filed under Email, Wireless
Today on “How Paranoid Are You?” watch contestants as they compete against each other to see how freaky paranoid they can get! Be sure to catch the schizo round where the prizes really rack up.
Sigh.
From the BBC:
French government officials have been ordered not to use handheld Blackberry devices amid fears that foreigners could spy on them, reports say.
Workers in the French president’s and prime minister’s office have been told their e-mails risk falling into foreign hands, Le Monde newspaper reports.
France’s SGDN security service is worried because Blackberries use US- and UK-based servers, the paper says.
But some officials are flouting the ban and using them in secret, it adds.
“They tried to offer us something else to replace our Blackberries but it doesn’t work,” one unnamed official told the paper.
Article Link
Tags: Mobile Security, Blackberry, Cell Phone, French Government
Next entries »
Explore
Security Bloggers Network
