[SecurityRatty] tag: phoenix

Lenovo will let you kill a notebook with a text message

Thu, 27 Nov 2008 11:30:01 +0000

Lenovo is working with Phoenix on a BIOS that will let you disable a ThinkPad notebook PC by sending it an SMS text message. The feature should be available early next year, reports TG Daily.

Wee-Fi: Meraki Modifies, Drops Standard; Tempe's Phoenix?; Remote Wake, Wi-Fi Need Not Apply

Thu, 14 Aug 2008 06:32:51 +0000

Meraki reworks product line, drops new sales of community flavor: The cheap mesh router company has mutated slightly once again. The partly-Google-backed firm founded by MIT RoofNet "graduates" built the company on the notion that they could sell $50 routers that could mesh with each other, and use a robust central management system they developed. Over time, the $50 price didn't hold up for commercial networks of scale. Last October, the company mishandled a change in its business model when they abruptly announced a $100 increase in price for newly purchased nodes under their Meraki Pro level for any network that wanted to control whether or not ads appeared, have user accounts, and charge for service. (They eventually recovered, apologized, and reworked some of the transition details.) The company continued to offer a $50 indoor and $100 outdoor Standard level nodes for networks that required ads and had other limits. As of a few days ago, Standard is dead, and the Meraki mini has been upgraded to the Meraki Indoor ($150). The Indoor has signal strength LEDs on the side for better help in placing units, an internal antenna, and better resilience against power fluctuations. The company explains its move in eliminating Standard by noting that most customers moved to Pro. It's not precisely the end of idealism (nor did that happen last October), as Meraki is still one of the major commercial mesh vendors, and their products are still vastly easier and a fraction of the cost of higher-end competitors.

New life for dead Tempe network? Another firm has expressed interest in buying the pennies on the dollar assets that remain of the former Kite Networks installation in Tempe from the firm that financed the venture as long as they can negotiate a new, more favorable deal with the city for mounting and removal rights. CTC, Inc., which the East Valley Tribune reports runs networks in the Kansas City, Mo., area, thinks there's an opportunity. The article notes that reception problems were due in part to the prevalence of stucco in Tempe, common in the southwest. Stucco walls layer plaster or other materials on a wire mesh for strength that turns a house into a bit of an accidental Faraday cage, partially shielding the home from electromagnetic radiation. (Could I go so far to say that Tempe's network could be a phoenix? Ouch.)

Wake up, you darn computer: Intel's new Remote Wake motherboards won't work with Wi-Fi, it's important to note. The feature, announced today, will let an incoming VoIP call (the articles all say "phone call over the Internet") to wake a computer, as long as the call comes from a particular source. Of course, the standard SIP protocol for VoIP doesn't have the kind of security and integrity that would allow this; Intel has to overcome the problem with network address translation that renders most computer unreachable from outside the local network without a separate service like GoToMyPC or LogMeIn; and it will only work for computers connected via Ethernet to a local network, because Wi-Fi is off when a computer sleeps, while Ethernet can remain lightly active. I don't have the protocol details yet, but there's long been a Wake on LAN protocol that required support in a router, operating system, and Ethernet card; Intel may be leveraging this.

Sometimes, It Takes a Thief to Catch a Thief

Mon, 09 Jun 2008 13:00:00 +0000

News from Portfolio.com

Also on Portfolio

Time for Tech to Throw Everything Into Energy

Hollywood Frets Over Corruption Crackdown

McCaw's Back to Remake the Wireless Landscape

Subscribe to Portfolio magazine

Apollo Robbins won't say whether he's ever stolen anything in his life, but it's clear he could if he wanted to. Having grown up in Missouri with three half-brothers who were all involved in various criminal activities (one of them is in the witness protection program after testifying against former colleagues of his), the 34-year-old Robbins was indoctrinated at an early age into the finer aspects of pickpocketing and con games.

He eventually developed those skills into a successful career as a sleight-of-hand artist and performer in Las Vegas. His latest act, though, has him starring as a corporate security consultant. In this role, it is less his dexterous hands that appeals to his clients than his mastery of all aspects of criminal cons, grifts, and social-engineering ploys.

"When you're trying to steal something, you find the weakest link and work that," Robbins says. "Nowadays, as technology gets better and security systems get harder to break through, the weakest link in any system is the human running it."

Robbins founded his consulting operation, Whizmob Inc. (the name comes from the street term for a team of pickpockets working together), two years ago while still performing full-time.

After doing a show a few years back in which he pickpocketed Secret Service agents accompanying former president Jimmy Carter, the resulting publicity led several law-enforcement agencies and other groups to contact him about his techniques.

"At first, I'd refer them to security people I knew," says Robbins. "Then I realized that instead of being a referral service, I could capitalize on this."

It was a good time to get in on the act. Information security consulting, which barely existed in the mid '90s, has become an estimated $10 billion to $12 billion business as the need to protect sensitive information stored on computers and servers has become a more central concern.

Today, Robbins counts the N.F.L., TNT, and several Fortune 500 companies among his customers. He recently advised the N.F.L. on information security protection at this year's Super Bowl in Phoenix to combat the expected flow of thieves and con artists lured by all the deep-pocketed spectators coming to town.

His work included getting a major hotel to upgrade its WiFi security so that fake access programs known as Trojans couldn't extract valuable data and password information from unsuspecting guests' computers. And at the stadium where the game was held, Robbins and his team identified areas where pickpockets would most likely operate—specifically, places with lots of traffic where bumping into people would be customary, and easy access to exits for escape purposes.

Besides the shadier elements of Robbins' childhood, his father, a blind minister, instilled in him a strong sense of morality. "It was like living in two worlds," Robbins says.

In many ways, he still is living in two worlds, since he keeps in regular contact with some professional thieves he knows in order to stay abreast of the latest cons. (While he doesn't pay them, Robbins says that "a lot of these guys are really good at what they do but they can't exactly discuss it with a lot of people.") But increasingly, Robbins is spending time in the more staid settings of the corporations that hire him to vet their security systems.

"It's a good time to be in the business," he says.

Hackers Invade Mars

Tue, 03 Jun 2008 07:50:49 +0000

Well, the website for the NASA Phoenix Lander at least.

From the Register:

Add the webpages for the Phoenix Mars Lander to the list of high-profile sites that have been hacked by script kiddies. Not once, but twice.

Security pros had to take down the University of Arizona-hosted site after hackers replaced the lead blog entry with graffiti that read “hacked by VITAL.” As if that wasn’t enough, members of the self-declared “sql loverz crew” redirected baffled visitors of the Phoenix mission’s official webpage and a companion site to a third-party destination. That page gave credit to hackers going by the names BLaSTER and Cr@zy_king.

Red is the color of the Martian surface, but it seems it also describes the faces of security pros responsible for the sites. Evidently, they had better things to do than vet their scripts for SQL-injection vulnerabilities. So these hackers were willing to step in and test the sites for them.

Pesky SQL Injection attacks abound and the script kiddies are loving ‘em.

Article Link

"The Kite Runner" will change how you think about Afghanistan

Tue, 29 Apr 2008 07:16:44 +0000

My wife Bonnie and I don't get out to the movies as much as we used to. When we do it is often with the kids, so we miss out on many of the adult (no, I don't mean those kind of adult) themed movies that come out. We wait for the DVD, but even than I miss many. I compensate by watching movies on planes a lot. Recently I caught The Kingdom with Jaime Fox and We Own the Night with Marc Wahlberg and Joaquin Phoenix. Both good, powerful movies. However, last night on my way out to Vegas for Interop I watched a movie that will change my life. It is the Kite Runner, based on the book of the same title by Khaled Hosseini.

The movie tells the story of two boys growing up in pre-Soviet invasion Kabul, Afghanistan all the way up to the year 2000, with a pre-9/11 Taliban regime in charge. You can read the Wikipedia article I linked to or better yet go rent the movie or read the book (I am going to read it next) for all of the dramatic details. However, let me talk a bit about my take away from this film. First of all, like many Americans I had a pre-concieved notion of Afghanistan as a poor, backwater, backwards place that welcomed a repressive regime like the Taliban to power and were part of the Muslim world that runs from the Med through to Pakistan. Nothing distinctive and in fact lets face it, I am not sure we humanize the people who live in that part of the world, as we do Europeans or our fellow Americans. I knew little to nothing of Afghan history or lifestyle. Our American view of the world makes it hard for us to remember that children are children the world over and their lives are special. Whether it be something as simple as flying a kite or aspiring to be a writer, all children share the same dreams, hopes and challenges. Yes, in a place like Afghanistan with its ethnic tensions, there is room for a level of violence we don't often see here (but even that is BS, me living in Boca doesn't see it, but live in an inner city bad neighborhood in the US and is life any better for a child?). But parents are parents the world over and they love their children and have hopes for their children the same way you and I do. People have values they believe in and may not be the most religous, but are never the less good people.

The movie made me think about my role as a father, husband and American. The whole American immigration experience is such a great influence on the world. We have the ability to take people from anywhere and they become Americans. The father in the movie goes from being a man of power and wealth in Kabul, to working in a gas station here. The father-in-law was a general in Afghanistan, but just a lower middle class worker here. But they don't lose their identity or the pride and sense of who they are and most of all their values. They don't lose their identity into the melting pot, but we add their identities to our tapestry of life here in this country. That is the real special sauce in what makes America

That part of the world is not just full of religous extremists. There are real live human beings there who think and feel very much like we do. Yes there are incredible challenges with religous extremism to overcome, but there is a core of real people who are worthy of our efforts. At the end of the day, that is what the movie has succeeded in doing for me. It has made the Afghan people real.

Seven Years of Wi-Fi Networking News

Fri, 04 Apr 2008 11:10:45 +0000

It's hard for me to believe this, but Wi-Fi Networking News is seven years old on Sunday, 6 April 2008: Folks, there are times when I feel a little bit aged. Turning 40 a couple weeks ago didn't give me that feeling. Have two children (1 and 3 2/3) has a bit (mostly when I'm achey from too much carrying and too little sleep). But finding that my "other child," Wi-Fi Networking News is a grand spanking seven years old has, in fact, made me stoop just a little bit.

I started Wi-Fi Networking News under the less euphonious name 802.11b Networking News back in April 2001 after spending months researching what became a front-cover article in Circuits, the then-separate tech section of The New York Times. The first post is still live, as are all the nearly 4,800 others.

(I had help: Nancy Gohring wrote part-time for WNN for a couple years when we had a bit more traffic; she took a full-time job for and still works for IDG News Service, which I am now slightly affiliated with through my new hardware regular blog at PC World.)

The site as it appeared in April 2001

That first article for the Times left a lot of research unused. I flowed some of it into the first weeks of the 802.11b-later-Wi-Fi site. I discovered there was generally no shortage of news about wireless data, which in those early days included HomeRF and then early flavors of Bluetooth. HomeRF hit the dust, and Bluetooth evolved into a complement to Wi-Fi.

Since starting, I've covered extensively the growth of the hotspot market, the rise and fall and rise again of municipal networks, the change in consumer equipment from expensive and slow to cheap and fast, the growth of the enterprise market, the phoenix-like in-flight calling/broadband market, and, more recently, cellular and WiMax technology.

Enterprise coverage was once a central part of Wi-Fi Networking News, but it became clear a few years ago that as equipment was redesigned to be integral to the enterprise, that my ability cover and test gear was too limited, and the need for true enterprise experience was necessary to write about it. This disappointed a lot of enterprise readers and equipment makers who wanted me to keep writing about corporate hardware.

The focus over the last few years on municipal Wi-Fi was not just necessary--few people besides me were covering it in depth--but also represented the only significant news in the Wi-Fi world outside of the development of 802.11n/Draft N gear. It's only recently that WiMax, cellular data, spectrum auctions, and in-flight broadband have picked back up to become stories that you all want to know about--because they've become real technology you might work with. As the city-wide Wi-Fi arc played itself out, I'm covering it less because there's less of interest; it's going to become routine and the province of city CTOs and CIOs.

While writing this site, I try to have opinions, but not an agenda. I try to keep an open mind, though I do descend into cynicism, often well founded, but perhaps too readily employed. I'll try my best to keep myself honest and cheery in the years to come.

The biggest trends I expect to see develop in 2008 to 2010 are in these key areas:

Appliances. I expected 2007 to be the year that Wi-Fi was in everything: cameras, games, phones, and tchotchkes. Instead, Wi-Fi has only gradually spread, with a few gaming consoles, and many handsets and smartphones gaining or extending their use. It may be that I missed a trend: cameras in phones may become so good by 2009, that we don't need a camera with Wi-Fi at all (Wired reports today on several 5 megapixel cameraphones shown at CTIA this week). It's also likely that if WiMax gets a foothold, we'll get handhelds probably in 2009 that sport high-speed connections for all kinds of high-bandwidth purposes, like live uploading of streaming video.

Video over wireless. I look at this category as not just another instance of broadcast, like Qualcomm's MediaFLO which is really TV to the cell phone; rather, we'll see ways in which Wi-Fi, WiMax, and cellular data are used to push stored and streaming media to all sorts of devices. I look to Starbucks, Apple, and AT&T to lead the way on cached media in stores that can be filled up at local network speeds: download a full-length, HD movie in a few minutes in a Starbucks from the iTunes cache rather than 3 hours at home.

Radio over Wi-Fi. Internet radio via Wi-Fi music players seems like a trend--buying a boombox you can tune in wherever you are, or using a handheld MP3 players--but even with many devices, I don't feel a sense that it's caught on quite yet. If Apple puts Internet radio over Wi-Fi into new iPhone/iPod touch firmware, it'll likely take off; Nokia allows a third-party program for its N series for Internet radio over Wi-Fi already.

Cellular data/mobile broadband. I admit to being wrong about the potential of cell data, due to the overhype from the carriers and the horrible pricing relative to throughput and availability of the 1xRTT and GPRS systems. As cell data networks have matured into true broadband--slow, but broadband--media, the hype has lessened, disclosure has improved (no more "unlimited" usage, eh?), and the value has increased. We'll see more of the same with faster flavors of GSM networking and WiMax's deployment. The networks will become faster and cheaper and less restrictive.

For a good sense of what people are still reading on Wi-Fi Networking News, here are the titles of the top 10 articles since I switched to Google Analytics in Sept. 2006:

Change Your Linksys WRT54G Admin Password Right Now!
WPA Cracking Proof of Concept Available
Weakness in Passphrase Choice in WPA Interface
Most Wireless Speakers Don't Live Up to Goal
Best Wi-Fi Signal Finder Yet
Linksys Latest Models: Your Experience?
T-Mobile Loses Starbucks; AT&T Becomes Wi-Fi Hotspot Giant
Editorial: Don't Buy Draft N
WPA for Free under Windows 2000
The L in Linksys WRT54GL Stands for Linux

A few observations. Security remains key in people's minds: Security articles from 2004 are still being heavily viewed in 2008. Linksys is definitely high in people's minds for particular problems: Change the default password, buy a Linux (not VxWorks) embedded router, report problems with various models. Oddly, the wireless speakers and wireless printers articles are short stubs that are pure blog: they link to longer articles elsewhere. The Best Wi-Fi Signal Finder Yet story is 4 years old and still gets 1,000 page views a month. The invisible hand--nay, the long tail!--works in archives as it does everywhere.

Will I still be pounding away 7 years from now on this site? That seems about as unlikely as the last 7 years, which means it will probably happen. Traffic has dropped off over the years from the time in which Wi-Fi was a great (and expensive) mystery to today when there's more information and less confusion about it. As long as there are any questions to be answered, I'll keep writing.

First Magnus Financial customer data found in dumpster

Thu, 21 Feb 2008 10:56:43 +0000

Technorati Tag: Security Breach

Date Reported:
2/15/08

Organization:
First Magnus Financial Corporation

Contractor/Consultant/Branch:
None

Victims:
Customers

Number Affected:
Unknown

Types of Data:
Loan and financial documents containing names, addresses, phone numbers, Social Security numbers, credit card numbers, financial account information, etc.

Breach Description:
Stacked boxes containing thousands of sensitive loan and financial documents were discovered in an dumpster outside a Ft. Lauderdale, Florida branch of the now bankrupt First Magnus Financial Corporation. The documents contain sensitive personal information belonging to customers.

Reference URL:
CBS Channel 4 News online story

Report Credit:
Carey Codd, CBS Channel 4

Response:
From the online source cited above:

Outside a University of Phoenix Building in Ft. Lauderdale, files and paperwork belonging to the defunct First Magnus Financial at 550 West Cypress Creek Road were just lying inside stacked boxes inside an industrial garbage container, available for anyone to peek at.

The paperwork contains some of the most sensitive information a consumer could posses: Social Security numbers, credit card information, addresses, properties, etc.

Shortly after CBS4 News cameras arrived on Friday, employees of the building removed the boxes and took them indoors, all while police officers from Ft. Lauderdale arrived and roped off access to the dumpster and started an investigation.
[Evan] The Ft. Lauderdale Police Department treats the location of this breach as a crime scene, which it obviously is. Common sense, right? Not so much in some police departments. I have read credible reports of police refusing to even come to the scene and taking reports over the telephone. Kudos to the Ft. Lauderdale Police Department.

"We were told that we just could get rid of this stuff no matter how, that this was going to end up in the landfill, it's going to be drenched down here inside the container, and no one's going to have access to it," said Mike Shank.
[Evan] This is lazy, reckless, and overall bad business (assuming that this statement is accurate).

The building management is supposedly waiting for officials with First Magnus to come and properly dispose of the sensitive documents.
[Evan] I wouldn't hold my breath. First Magnus is bankrupt and has not paid employees after the company folded on August 16, 2007. Who from First Magnus is left to come and get the documents?

Commentary:
Bankruptcy stinks. It stinks for creditors, customers and employees. This bankruptcy stinks a little more for customers because of poor common sense and judgment. Thankfully, someone reported the poorly discarded documents in the dumpster and reported it before (it appears) they fell into the hands of the nefarious. I wonder where the documents are now and who has access to them, supposing they still exist.

Not only did First Magnus have a business responsibility for the protection of senstive information (which ceases with the business), but they also have a moral responsibility (which does not cease).

Past Breaches:
Unknown