Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

David Ramel

RamelCast

So what isn't a security risk?

1 comment

IT TOPICS:Networking, Security

Wow, dire news out of Las Vegas!

Every day brings word of a serious new security threat from the Black Hat conference.

The latest: your Xerox printers are at risk. I'm serious.

Before that, we learned people who read blogs are vulnerable. As are MacBook users. Along with Network Access Control products.

I'm expecting any minute an emergency bulletin warning that my stainless steel coffee cup is a gaping security hole. I'll have to wrestle it to the ground and quarantine it because Igor from the Russian mafia is out in the parking lot with his super-secret hacking laptop trying to use the cup to access our network. God forbid he gets ahold of next week's story plan.

How in the world are companies surviving and getting any work done in this minefield of threats?

Give me a break. I think there's a little sensationalism and hyperbole going on here. Ask yourself: who's benefitting from all these announcements? As they said in the Watergate investigation: follow the money.

I earlier wrote about how wireless security problems are completely overhyped. I stand by that. Despite a lot of reader bombast and vague insinuations and warnings, nobody has convinced me otherwise.

Now excuse me, I have to go apply a security patch to my Bluetooth earpiece. I think Igor is probing.

Email this

Digg this

What People Are Saying

Add new comment

Well, welcome to the United

Submitted by Mark Walker on August 4, 2006 - 12:40 P.M.

Well, welcome to the United States of Amnesia, where it didn't happen if it wasn't in this week's news.

Why is it humans dismiss warnings if they have yet to witness the (potential) problems in action?

Sure, only a subset of the current warnings are for things that will flare up into big problems in the shortterm, but haven't you seen enough (typically initially dismissed) warnings prove valid so that you'll stop declaring them useless?

I claim you don't have the data to say there aren't wireless attacks that are significant. Just how is it you know what is going on these days? Successful exploits don't announce themselves. In fact, we're lucky to detect them. Oh, sorry the last news story demonstrating this fact is a few weeks old.

I wouldn't be surprised if one could make some nice extra cash by driving about to locate vulnerable systems, turn them into zombies then (or at some later time) and then selling/renting the zombies to a SPAMming operation.

Sound like a hassle? Wireless is probably the easiest way onto a home network at this point, and we all know access is required before cracking a system is possible. Organized crime is recruiting mules via the internet for money laundering, why wouldn't they recruit war-drivers for related criminal purposes?

BTW, Did you miss the Intel wireless driver screwup? Do you think the endless chain of these kinds of vendor screwups is going to end anytime soon? Do you think that the existence of a patch makes the vulnerability go away?

Do you think that because you can't see a way to exploit a situation youself that an exploit isn't possible? The wierd stuff that goes on these days should be ample proof of the flaw of that way of thinking. Exploits aren't usually implemented by using the systems as intended, and that's where your head is - use as intended.

As an exersize for the reader, review the rise and fall of the various wireless security "solutions." Have we ever gone more than 6 months with a wireless security solution standing up as billed by the vendors and IEEE? It's not just the cybervandals and crooks that are fueling this fire. The IEEE let a classically flawed cryptographic implemention into one of their standards. This, after bragging how crypto experts were consulted on the standard.

Stop kidding yourself. With computers, it's always something and we're a long way from it being hard to compromise some types of systems. Get with the program and at least help reduce the problem by advising folks to tighten up on access to their chunk of the Internet.

Sound off on the lack of egress filtering by many AP/router vendors too, if you want to make a positive contribution.

It's "defense in depth" if you want to be current in your mindset...

Report this comment

The SMB Blues

Wi-Fi security: It's a good time to be a bad guy

How reliable is YOUR wireless network?

What your mother never told you about VPNs

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

Optimize Performance of Datacenter to Datacenter Traffic
To get the backups and database synchronizations completed on time, enterprises rely on WAN optimization from Blue Coat.

Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.

Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.

Preparing Your Business Services for the Future
Would you trust your network monitoring tools enough to know when something is truly halting a business service?

All White Papers | All Webcasts