Take steps to secure vulnerable WLANs
TechRepublic:
Take steps to secure vulnerable WLANs,
Oct 23, 2001,
Brian Hook
Archive for the ‘arch’ Category.
WLAN VPN Support for Handhelds Ships
WLAN VPN Support for Handhelds Ships. allNetDevices Oct 17 2001 3:58AM ET [Computer security news]
Wireless insecurity + ARP Poisoning
Robert Fleck, Cigital: Wireless insecurity + ARP Poisoning (pdf) (FAQ)
Observations:
- It’s true.
- It’s shameless security consultant self-promotion.
These are not new problems. - ARP poisoning is still a problem on wired networks too. VPN and/or encrypted security contexts (e.g. SSL) are the solution.
Related article:
DowJones: Security Experts Are on Alert Over Wireless-Hacking Technique. Quicken.com Oct 15 2001 6:32AM ET
“Mr. Fleck of Cigital combined those wireless vulnerabilities with an attack that has been identified and addressed in most wired networks. Known as ARP poisoning, from the acronym for address resolution protocol, the attack manipulates software in the circuit boards that connect computers to corporate networks. That software contains addresses of other connected machines; a skilled hacker can fool the software to make it seem like his machine has an authorized address to receive data packets on the network. An attacker who understood both techniques, Mr. Fleck said, could use a laptop with a wireless connection to enter a company’s wireless network, and then effectively tell machines on the wired portion of the network to pass all data packets through his laptop.
“The most obvious solution to the problem is to segregate the gateway device that acts as the front door for machines making wireless connections to a network. That can be done using routing devices or filtering programs known as firewalls.”
[via Moreover Computer security news]
Web Services: It’s So Crazy, It Just Might Not Work
Clay Shirky: Web Services: It’s So Crazy, It Just Might Not Work
That high-pitched sound you hear is the Web Services hype machine revving up, as words like “revolution’ and “paradigm” begin making their regularly scheduled appearance in the press and white papers, where we are promised a Shiny New World of on-the-fly software creation.
The hype is happening just as practical applications for XML-structured data beginning to appear. Web Services can reduce the effort and quicken the process of creating standards between developers or businesses which want to work together, an important if somewhat modest improvement in the Internet’s plumbing.
Unfortunately, though, Web Services are being sold not only as improved plumbing but also as a way to create fantastic new software, seamlessly and automatically connecting any two business processes or applications anywhere on the network as if by magic.
BEA under attack from IBM
BEA under attack from IBM. What firepower has it got? [The Register]
XML Divided
XML Divided. Edd Dumbill: XML Divided “So there are points of inflection in our comprehension of the world around us. We are now at such a point in the XML world, too. This is not to say that the future for XML looks bleak — in many ways it’s never looked better — but tomorrow’s XML will be very different from what we’re used to.” [via ZopeNewbies]
Web service invocation sans SOAP
Web service invocation sans SOAP. developerWorks: Web service invocation sans SOAP “SOAP has become almost synonymous with Web services, even though it is just one of many possible bindings for accessing Web services. This means that applications that make use of Web services usually do so through APIs tied to a specific implementation of SOAP. This series of articles will describe a more generic, SOAP-independent approach to invoking Web services called the Web Service Invocation Framework (WSIF). It was specifically designed to invoke Web services described using the Web Services Description Language (WSDL) directly, hiding the complexity of underlying access protocols such as SOAP.” [via ZopeNewbies]
How Xerox got its engineers to use a knowledge management system
TechRepublic: How Xerox got its engineers to use a knowledge management system
One reason the Xerox staff was reluctant to use the KM system was that participation would be an added duty to an already tightly controlled workday—essentially, staff would need to ‘‘share” in the little downtime available to them. Xerox tried a number of incentives to book employee interest and learned that professional credit was the key. With a quick app revamp, Eureka provided engineers an ability to “author’’ their solutions.
“Once we enabled them to attach their name, it became a professional peer process. They’re proud of their solutions and are recognized for it,” Holtshouse explained.
