palowireless
          Bluetooth Resource Center


Advanced search


palowireless
Wireless
WPANs news tools hardware software


bluethoot blutooth bluetoth bluetoot blueteeth bleutooth





 
wireless

Members

Member:

Password:

Forgot your
password?


New Member
palowireless
[  Also see: Bluejacking   Wireless Security   WLAN Security  Java Security  Cathal's Corner  ]

 

Recent Security Headlines

Network World SP 800-53 is essential for security in federal government IT systems
SP 800-53 (Appendix H) provides two-way mappings between security controls defined in SP 800-53 and security controls defined in international security standard ISO/IEC 27001, Information Security Management Systems

Network World 10 really cool university networking labs
10 really cool university networking labs featuring advances in wireless, cloud computing, security and more.

Network World Two start-ups, Egress and SafeMashups, make debut today
Two start-ups, Egress Software Technologies and SafeMashups, each make their debut today with security products that have a crypto-tech edge to make data flowing across the Internet safer.

Network World A Guide to Windows 7 Security
Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7 picks up where Vista left off, and improves on that foundation to provide an even more secure computing experience. Microsoft also incorporated user feedback about Vista to enrich the user experience and to ensure that the security features are intuitive and user-friendly. Here's a look at some of the more significant security enhancements in Windows 7.

Network World The Art of Creating Strong Passwords
While security has never been more important than it is today, the fastest way for an IT professional to become the most despised person in the company is to start enforcing a strong password policy. A policy perceived as overbearing may cause people to write down their passwords on a sticky-note near their computers, circumventing its very purpose. Your policy will be ineffective if your users don't know how to create strong passwords that are easy to remember.

Network World Facebook, Twitter Provide Sensitive Info for Criminals
Social networking services like Facebook and Twitter foster a false sense of security and lead users to share information which can be used by cybercriminals and social engineers. The very concept of social networking is based on connecting and sharing, but with who?

Network World Verizon Business to Offer Risk-Based Security Service
Verizon Business announced on Wednesday a new risk-based suite of security tools that include cloud-and-premises-based services. Verizon's Next Generation Managed Security Services Platform is designed to compete with similar offerings from ArcSight and RSA.

Network World Protect Your PCs from Windows 7's Zero-Day Exploit
It was a notable accomplishment when Windows 7 was not impacted in any way by the vulnerabilities addressed in the six Security Bulletins released by Microsoft for the November Patch Tuesday. It would be even more impressive if Windows 7 proved invulnerable to the zero-day exploit that hit the next day.

Network World MS Provides Guidance on Windows 7 Zero-Day Vulnerability
Microsoft has acknowledged the Windows 7 zero-day vulnerability reported last week with a Security Advisory. The advisory from Microsoft provides some additional details about the scope and nature of the threat, as well as some steps you can take immediately to protect vulnerable systems.

ZDNet iTunes update fixes security flaw
A flaw in the music software could allow a hacker to take over Windows and Mac machines remotely

About our headline feed



 

Research Reports

Wireless Communications Technologies And Solutions
Mind Commerce Publishing, Jan 2008

Wireless Personal Area Networks: Applications, Assessment Technologies and Markets
Practel, Inc., Jan 2009

Wireless security update
Ovum Plc, Jan 2008

Near Field Communications - the future of m-payments? An analysis and forecast for NFC applications and markets 2009-2014
Visiongain, Feb 2009

More Research Reports
 



 

Bluetooth Security

Bluetooth security encryption pin connection Welcome to our summary of Bluetooth security information, tips, encryption, techniques, news and tools.



Featured Research Reports

Mobile Content and Services (7th edition)

Mobile Content and Services (7th edition) answers key questions, illuminating case studies from around the globe and future roadmaps for players across the value chain - backed by detailed forecasts to 2013. The report provides you with critical information on which to base your strategy.

Key Coverage

The major industry analysis covered within the Mobile Content and Services report includes:
  • Mobile enterprise analysis: evaluation of the mobile applications and solutions employed in these sectors.
  • Business models: Coverage of key areas, including mobile messaging, music, games, Mobile TV and video, mobile web browsing and search, location based services, mobile advertising and social networking, and m-commerce and mobile financial services.
  • Strategic issues: analyses the impact of the evolving content value chain on all industry players. Evaluates high level business and marketing issues, and the critical considerations for addressing the mobile content and services market. Looks at the impact of disruptive technologies such as VoIP. Assesses the impact of the growth of the handset market including smartphones and the impact of devices like the iPhone on the industry.
Key Issues Addressed
The report details
Global industry forecasts
Value chain and competitive analysis
New services available
Revenue and business models
Pricing strategies
Technology launches
Major players’ strategies
Future roadmap scenarios

Please Note: Informa requires that clients sign a confidentiality agreement prior to fulfillment of PDF email delivery for all PDF orders. Fulfillment may take 2-3 days after receipt of form.

Published By: Informa Media and Telecom
Date Published: Jan 2009

* * * * * *

RFID for Airports and Airlines 2008-2018

RFID is an extremely powerful enabling technology in airports and aircraft, serving to improve security against criminal attack, safety against general hazards, efficiency, error prevention and data capture and to remove tedious tasks. It can even create new earning streams where it makes tolling feasible without causing congestion and where new airport "touch and go" cards offer new paid services without delays.

Please note, the PDF Email From Publisher version of this report allows five users.

Published By: IDTechEx Ltd
Date Published: Jan 2008

* * * * * *



Software Tools

n.runs BTCrack a Bluetooth PIN Recovery tool. Thierry Zoller, a security consultant, developed BTCrack, an implementation of a flaw disclosed in 2005 by Israeli security researchers. The tool takes advantage of weak PINs in Bluetooth devices, allowing an attacker to listen in on a pairing session and gain access to both paired devices.
WM-soft The Real Bluejack is software for smartphones and Pocket PCs, that use Bluetooth. It extends your device’s Bluetooth functions. This program can: send Bluetooth messages, browse target-device’s filesystem via OBEX protocol, send AT commands, get phonebook, send SMS via target-phone, send files up to 2x faster then file managers, receive files directly into the Storage Card and other features.
"THE REAL BLUEJACK" IS NOT INTENDED FOR GETTING UNAUTHORIZED ACCESS TO PERSONAL DATA! Authentication is required! (But after you can do everything that you want)

 

Useful Resources:

  • Bluetooth SIG

    • Bluetooth SIG Response to Recent Analysis of Pairing and Security (6/05) New Scientist reported a new security threat to Bluetooth technology in June 2005 (New hack cracks 'secure' Bluetooth devices) from two Israeli researchers who suggested a way to subvert one of the built-in Bluetooth security mechanisms. Bluetooth devices generate a secure connection by means of the initial pairing process. During this process one or both devices need a PIN code to be entered, which is used by internal algorithms to generate a secure key which is then used to authenticate the devices whenever they connect in the future. The new academic paper puts forward a theoretical process that could potentially “guess” the security settings on a pair of Bluetooth devices. To do this the attacking device would need to listen in to the initial one-time pairing process. From this point it can use an algorithm to guess the security key and masquerade as the other Bluetooth device. What is new in this paper is an approach that forces a new pairing sequence to be conducted between the two devices and an improved method of performing the guessing process, which brings the time down significantly from previous attacks.

  • Java Security Our new listing on Java-related security.
     

  • WAP Security Our listings of WAP security news, tips, tools and techniques.

  • The Bunker Serious flaws in bluetooth security lead to disclosure of personal data In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there are serious flaws in the authentication and/or data transfer mechanisms on some Bluetooth enabled devices. Specifically, three vulnerabilities have been found: Firstly, confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some Bluetooth enabled mobile phones. Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. Thirdly, access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging.