Business Daily from THE HINDU group of publications
Monday, Sep 11, 2006
ePaper
eWorld
Features
Stocks
Cross Currency
Shipping
Archives
Google

Group Sites

 eWorld - Hardware
Info-Tech - Security
Columns - Security Musings
Popular but unsafe?

R.K.Raghavan

What recent tech conferences said of Wi-fi enabled laptops and the blackberry is disquieting to users of these systems.


CONNECTED, with Wi-Fi. But how safe is your data? - A. Roy Chowdhury

This fortnight I begin where I left off in my last column on what happened at the recent Black Hat and DefCon conferences in Las Vegas.

If you were to believe some smart presenters who brought life to the proceedings, you would use a BlackBerry and a Wi-fi-enabled laptop with great circumspection. This will definitely not be music to the ears of those wedded to the two devices because they are constantly on the move and would still like to be in minute-to-minute touch with their businesses.

While I do not own a BB - I wish I could afford it - many of my friends parade it with great pride, as if to tell me that I am a sub-human species without it!I find one proud owner goes gaga writing to Computing Magazine: "That's right, I'm in love. The object of my affection is short, dark, and not much to look at. But it has a great personality. I am in love... ." People like these should now find themselves deflated by news that came in from the DefCon conference.

Jesse D'Aguanno, a consultant with security research firm Praetorian Global, told those present on the occasion that their BB was not all that secure. In his view, BB should be treated like "any untrusted computer with access to your network ... . It's a code-running machine that's always on and always connected to your internal network and has direct access to whatever you give it access to."

D'Aguanno highlighted the fact that the Intrusion Detection Systems (IDS) of many organisations look for an attack from outside, ignoring the dangers from within, and these devices were likely to miss any happenings around a BB.

He told DeConf about a programme written by him called BBProxy that exploited the open space between a BB and a company's intranet. Of course, there is the safety that BBProxy will have to be installed physically in the machine for it to prove mischievous.

Alternatively, it can also be slipped in as a Trojan through e-mail. In either case, the danger is real and BB users can ignore it only at their peril.

Imagine the consternation that D'Aguanno's presentation could create among fanatical BB users who number 5.5 million all over the world.

Research in Motion (RIM), which makes this wireless device, has a target of 10 million customers. It shipped more than a million pieces in the first half of this year! The company has taken D'Aguanno seriously and has sought to allay misgivings raised by him with regard to BB security through two papers posted on its Web site.

On his part, D'Aguanno claims that his intention is far from one of dishonesty. He merely wanted to draw international attention to a vulnerability that the manufacturer needs to fix early to avoid major attacks, which could lead to loss of customer confidence.

It seems his presentation at DeConf was more as a proof of concept. Also, his BBProxy was not a traditional malware that spells doom to lax networks. All that he wanted was that companies should ensure that their architectures end the current total licence to users to access everything on the internal network.

Also to be banned are the downloading of third party applications if BB was to be rid of its weak features.

Safety recommendations

Another company that has paid a lot of attention to D'Aguanno is Secure Computing, which is into security systems and devices. It has come out with several recommendations — many of which are already known to those of us in the business of protecting large systems — in order to avert a tragedy like the one feared from a BBProxy attack.

According to Secure Computing, the most important factor to remember is that since the BB server connects to the Internet, it has all the attendant problems arising from excessive exposure to outside forces of disruption.

Isolating this server securely on its own DMZ segment will, therefore, prevent unauthorised access to other servers. This rule of prudence applies equally to the mail server working with the BB server.

Also necessary is action to deny too many BB connections to the internal network and vice-versa. Wisdom demands permission to only those connections that are required for its minimum operational requirements.

Another subject, that is the favourite of many security experts, viz., vulnerabilities of wireless systems, also came in for scrutiny, this time at the BlackHat conference.

Two researchers, David Maynor and "Johnny Cache" Ellch belonging to SecureWorks, a service provider, told the audience how a break-in was possible into an Apple Computer MacBook. According to the duo, flaws in the software that runs wireless-networking hardware could facilitate breaking into a PC over Wi-Fi. They added that by sending malformed network traffic to a vulnerable computer, an aggressor could gain complete control over a machine.

They also spoke of a method to identify the driver that the targeted hardware was running. Maynor and Ellch did not opt for a live demonstration for obvious reasons of confidentiality. They were content with showing a video attack on the MacBook.

It is said that it is not merely the MacBook that is vulnerable. Other desktops and laptops running on Microsoft Windows and Linux-based operating systems are equally risk-prone. Called the Badseed, the exercise initiated by the two researchers brought remote access to files and folders in the MacBook that could be altered or deleted at will.

Most significant was the FBI's strong presence at the two conferences. Speaking at Black Hat, one of the Bureau's high-level supervisors referred to the growing dimensions of identity theft in the country.

Operation Identity Shield launched by the FBI involves collaboration with the technology industry. Daniel Larkin, chief of the FBI's Internet Complaint Centre, referred to the number of arrests made as a result of the Operation.

It is also interesting to know that the FBI has a dedicated Agent working at the Carnegie-Mellon University-run Computer Emergency Response Team (CERT) centre. CERT did commendable work during investigation of 9/11 attacks.

The point that the FBI was making at the conference was that law enforcement and private technology firms could no longer work isolated from each other, and that they needed to hold hands if cyber crime was to be handled dexterously.

This is something that India's CBI could emulate to great effect.

(The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.)

More Stories on : Hardware | Security | Events | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Is it rude or not?

Popular but unsafe?
Get the full value
`Ins and outs' of automation
Recovering file
Take security into account
Going off the beaten track
Flying right
Quiz
ICT as a shortcut to prosperity
Cartoon
For those moments

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2006, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line