|[ Also see: Bluejacking
Network World Experts: What to expect after cybersecurity executive order
U.S. government agencies will need the help of companies while developing a set of cybersecurity standards that President Barack Obama has called for in an executive order signed last month, administration officials said.
Network World Java's security problems unlikely to be resolved soon, researchers say
Since the start of the year, hackers have been exploiting vulnerabilities in Java to carry out a string of attacks against companies including Microsoft, Apple, Facebook and Twitter, as well as home users. Oracle has made an effort to respond faster to the threats and to strengthen its Java software, but security experts say the attacks are unlikely to let up any time soon.
Network World US NIST: Industry should lead creation of cybersecurity framework
The U.S. government agency leading an effort to create a voluntary cybersecurity framework for companies operating critical infrastructure wants to hear ideas about what to include in those standards.
FreeNewsFeed Security Alert: Beware of Tiffany Trojan on the Attack
Malware writers are using a luxury name to hack into your computer. Security watchdog Sophos is reporting that e-mails coming from a Tiffany.com address and carrying the attachment copy.zip are looking to install a malicious Trojan horse on your PC.
"This may be a deliberate ploy on the part of the criminals behind the attack to tempt more people into opening the attachment," Graham Cluley, senior security analyst at Sophos, wrote in a blog post. "Of course, it's child's play to forge e-mail header inform...
FreeNewsFeed Twitter Fights Off Hackers With New Authentication Process
Twitter has been a weak link in one too many high-profile hack attacks. Now, the micro-blogging service is finally doing something about it. Twitter is beefing up its security with a voluntary, opt-in two-step authentication system in hopes of putting an end to much of the drama.
"Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a...
FreeNewsFeed Kim Dotcom Claims Patent for Two-Factor Authentication
Two-factor authentication has become a popular way to heighten log-on security, used by many Internet companies and financial institutions. Now, controversial Megaupload Web site owner Kim Dotcom says he owns the patent for the process.
In a tweet on Thursday, Dotcom wrote that "Google, Facebook, Twitter, Citibank, etc., offer Two-Step-Authentication. Massive IP infringement by U.S. companies. My innovation. My patent."
About a half-hour after the "massive IP infringement" message, Dotcom tweeted: "Goog...
FreeNewsFeed Blue Coat Beefs Up Big Data Security with Solera Buy
Blue Coat Systems is expanding into the Big Data security, intelligence and analytics for advanced threat protection space. The company has snapped up Intel-backed Solera Networks. Financial terms of the deal have not yet been disclosed.
Specifically, Blue Coat is betting that the Solera DeepSee platform will add strategic capabilities to its product portfolio, paving the way to deliver an end-to-end security solution that spans protection, remediation and governance. The deal is also expected to help Blu...
InfoWorld Wireless vendors gear up for small-cell boom
Adding small cells to mobile networks made up of full-sized base stations should help to fuel more voice and data calls, but outdoors, linking those dispersed cells to wired networks presents its own problems. Connecting a high-capacity data line to a cell mounted on a lamp post or a telephone pole isn't as easy as wiring up a cell tower. Power, security and wiring are all harder to arrange, vendors and analysts say. The problems are unique to outdoor small cells, versus indoor ones tha...
InfoWorld Verizon Enterprise chief looks past AT&T, eyes Amazon and Google as rivals
In the battle for the next generation of enterprise IT, John Stratton carries a lot of weapons. Stratton is president of Verizon Enterprise Solutions, the nearly $30 billion unit formed just over a year ago to deliver networking, cloud, mobility, managed security, telematics, and a host of other services in a more coordinated fashion for Verizon's top enterprise buyers. Building on a traditionally strong base of wired and wireless network services, Verizon Enterprise also blends in acqu...
BWE Magazine ODIN's Self-Inventorying SMART Container ® Breaks New Ground in Automated RFID Tracking
ODIN introduced the ODIN self-inventorying SMART Container -- a first in automated technology for the tracking of critical assets. The SMART Container goes beyond basic security and location tracking for a given container. In fact, it provides detailed visibility of items inside the container via passive UHF RFID and can transmit item level data to any ERP system over various communication mediums, to include satellite, cellular, and active RFID.
About our headline feed
Welcome to our summary of Bluetooth security information, tips,
encryption, techniques, news and tools.
IEEE 1902.1 (RuBee) Protocol
RuBee is a bidirectional protocol operating at low wavelengths designed to operate in harsh environments and high security applications. As a competitive technology to the more widely used Radio Frequency Identification (RFID) systems, RuBee, however, is not RFID. RuBee is an on demand peer-to-peer protocol that works like WiFi, except it uses magnetic waves not radio waves. RuBee tags have passed stringent security tests, and are in use within some of the most secure sites in the USA where other wireless technologies such as RFID, Wi-Fi, and Bluetooth are banned. RuBee is the only wireless technology that can dynamically manage range to prevent eavesdropping as well as the option to provide bit level data encryption.
Published By: Faulkner Information Services
Date Published: Jan 2010
* * * * * *
Mobile Content and Services (7th edition)
Mobile Content and Services (7th edition) answers key questions, illuminating case studies from around the globe and future roadmaps for players across the value chain - backed by detailed forecasts to 2013. The report provides you with critical information on which to base your strategy.
The major industry analysis covered within the Mobile Content and Services report includes:
Key Issues Addressed
- Mobile enterprise analysis: evaluation of the mobile applications and solutions employed in these sectors.
- Business models: Coverage of key areas, including mobile messaging, music, games, Mobile TV and video, mobile web browsing and search, location based services, mobile advertising and social networking, and m-commerce and mobile financial services.
- Strategic issues: analyses the impact of the evolving content value chain on all industry players. Evaluates high level business and marketing issues, and the critical considerations for addressing the mobile content and services market. Looks at the impact of disruptive technologies such as VoIP. Assesses the impact of the growth of the handset market including smartphones and the impact of devices like the iPhone on the industry.
The report details
Global industry forecasts
Value chain and competitive analysis
New services available
Revenue and business models
Major players’ strategies
Future roadmap scenarios
Please Note: Informa requires that clients sign a confidentiality agreement prior to fulfillment of all orders. Fulfillment may take 2-3 days after receipt of form.
Published By: Informa Media and Telecom
Date Published: Jan 2009
* * * * * *
Bluetooth PIN Recovery tool. Thierry
Zoller, a security consultant, developed BTCrack, an
implementation of a flaw disclosed in 2005 by Israeli security
researchers. The tool takes advantage of weak PINs in Bluetooth
devices, allowing an attacker to listen in on a pairing session and
gain access to both paired devices.
Real Bluejack is software for smartphones and Pocket PCs, that
use Bluetooth. It extends your device’s Bluetooth functions. This
program can: send Bluetooth messages, browse target-device’s
filesystem via OBEX protocol, send AT commands, get phonebook, send
SMS via target-phone, send files up to 2x faster then file managers,
receive files directly into the Storage Card and other features.
"THE REAL BLUEJACK" IS NOT INTENDED FOR GETTING
UNAUTHORIZED ACCESS TO PERSONAL DATA! Authentication is required!
(But after you can do everything that you want)
Bluetooth SIG Response to Recent Analysis of Pairing and
Security (6/05) New Scientist reported a new security threat
to Bluetooth technology in June 2005 (New
hack cracks 'secure' Bluetooth devices) from two Israeli
researchers who suggested a way to subvert one of the built-in
Bluetooth security mechanisms. Bluetooth devices generate a secure
connection by means of the initial pairing process. During this
process one or both devices need a PIN code to be entered, which
is used by internal algorithms to generate a secure key which is
then used to authenticate the devices whenever they connect in the
future. The new academic paper puts forward a theoretical process
that could potentially “guess” the security settings on a pair
of Bluetooth devices. To do this the attacking device would need
to listen in to the initial one-time pairing process. From this
point it can use an algorithm to guess the security key and
masquerade as the other Bluetooth device. What is new in this
paper is an approach that forces a new pairing sequence to be
conducted between the two devices and an improved method of
performing the guessing process, which brings the time down
significantly from previous attacks.
Java Security Our new listing on
WAP Security Our listings of WAP
security news, tips, tools and techniques.
The Bunker Serious
flaws in bluetooth security lead to disclosure of personal data In
November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there
are serious flaws in the authentication and/or data transfer
mechanisms on some Bluetooth enabled devices. Specifically, three
vulnerabilities have been found: Firstly, confidential data can be
obtained, anonymously, and without the owner's knowledge or consent,
from some Bluetooth enabled mobile phones. Secondly, it has been found
that the complete memory contents of some mobile phones can be
accessed by a previously trusted ("paired") device that has
since been removed from the trusted list. Thirdly, access can be
gained to the AT command set of the device, giving full access to the
higher level commands and channels, such as data, voice and messaging.