|
|
|
|
|
|
|
||
|
|
|
|||
 |
|||||
 |
     
|
 |
Security Sentinel Laptop wireless vulnerabilities are not lessening; they're growing worseToni McConnel At Black Hat USA 2006, security experts warned that wireless communications remain risk-fraught for laptop users, especially in public places such as airports, cybercafés, and wireless ‘hot spots’. David Maynor, a senior researcher with SecureWorks Inc., and vulnerability researcher Jon Ellch proved their point by showing a video in which Maynor used a Dell laptop to invade a MacBook in a mere 60 seconds using the latest strategy used by attackers--targeting the laptop’s wireless card and device driver. Part of the problem is simply the nature of the market. Technology proceeds at breakneck speed, propelled by competition—the backbone of capitalism, of course. But the same competition that enriches the market for consumers has another side. Vendors rush products to market before they are ready, trying to get an advantage in the marketplace. In the rush, products are released that don’t work as they should, but worse, security may not have been adequately tested. Another problem is the 802.11x protocol. It has always been full of holes, and still is. Maynor and Ellch feel the problem is designing protocols by committee, which makes them overly complicated and easy to take advantage of. Some flaws that have made device drivers susceptible to attacks in the past have been fixed, such as TCP/IP, which Microsoft fixed last year, and two Windows flaws that Microsoft fixed last month in bulletin MS06-035. And Intel Corp. recently provided upgrades to fix security holes in Windows drivers and applications for Intel PRO Wireless Network Connection hardware. But when a fix involves a driver upgrade, many people will not bother to download and install the new driver, just as many people don’t bother to be sure their Bluetooth connection is turned off when they are in public places, or to check settings for wireless security on their laptop, as I have pointed out in earlier columns. Security remains largely the responsibility of the user, whether as an individual or in an enterprise setting. It shouldn’t be that way, but it is. No one has yet designed a system or security software that will do it all for us. Mind those security bulletins and notices of driver upgrades, and never again believe that Macintosh computers are not of interest to attackers because they are innately secure. Toni McConnel is executive editor of iApplianceWeb. She is also a nature writer and photographer. Your comments on this column are welcome. Write to her at ToniTechRite-Associates.com. You know where to put the @ sign, don’t you? If you’re that smart, how come you are still using Internet Explorer? Latest tally: Firefox, 4 vulnerabilities; Opera 9, none; Internet Explorer, 21. For more information about topics, issues and technologies mentioned in this story go to the flashing icon in the upper left corner on any page or go to the iAppliance Web Views page and call up the associatively-linked Java/XML-based Web map of the iApplianceWeb site. |
 |
|
|||||
Terms and Conditions Privacy Statement |
||||||||||
