os2-wireless_users@2rosenthals.com Messaggio archiviato #1313

Da: "Rick R." <os2-wireless_users@2rosenthals.com> Intestazioni complete
Messaggio non codificato
Oggetto: Re: [OS2Wireless]Re: Bluetooth security
Data: Mon, 11 Sep 2006 15:24:47 -0700 (PDT)
A: OS/2 Wireless Users Mailing List <os2-wireless_users@2rosenthals.com>

But the whole point here is that, just as cell phones these days, Laptops are used as a commodity item by people who often have a hard time finding the "power on/off" button, much less be able to configure BT security properly.
The default stacks and configuration delivered by the manufacturers are so lousily written that they have security holes in almost all cases.
Yes, you can fix those, but you got to know what to do in order to fix them.
 
The same goes for WiFi security - and yes, since here in the US *everyone* has the IDIOTIC habbit of securing sensitive accounts with items like address, phone number and social security #, getting ones address book is already 2/3 of the rent.
And the SS# is a publically available record, you can buy those of the Internet!
So BT break ins into cell phones are indeed *directly* linked to identity theft.
 


Doug LaRue <os2-wireless_users@2rosenthals.com> wrote:
** Reply to message from "Lewis G Rosenthal" on Sun, 10 Sep 2006 17:51:16 -0400

Believe nothing is secure, yes even wires are not secure, and you'll have to accept that
there is some acceptable level of security for each and every type of connection and
session of data transmission across that connection.

One more thing, this all reminds me of how people seem to now associate credit card fraud
with "identity theft". I don't know who started it but the press is must plain dumb about
incorrectly labeling things as "identity theft". And they did a nice job at labeling Bluetooth with
"insecurity". There were a few stories of how some techie was able to find and connect to
cell phones running Bluetooth and do things like make calls and download phone numbers.
There were all cases where the phone or phone user left the Bluetooth radio in Discoverable
Mode. It was like placing your laptop on you front door landing inside your house and leaving
your front door wide open and blaming your door lock manufacturer when the laptop is stolen.

Lewis has it right and if you don't believe that, Google is your friend( ie search for more info ).

Doug


> To branch from another thread, and to follow my statement concerning the
> relative privacy or Bluetooth technology:
>
> Configured correctly, BT is quite "private" (though not encrypted).
> Devices must be "paired" to each other, and it is up to the user to
> tell a device to make its presence known to other devices.
>
> There are numerous hits on the net concering the insecurity of BT, many
> of which date back to 2003 and earlier. As I mentioned in my previous
> post, there have indeed been advances in BT technology, and it is, after
> all, for PANs, not LANs.
>
> For the latest information concerning BT security (all three available
> modes), one should visit
> http://www.bluetooth.com/Bluetooth/Learn/Security/ . To quote some of
> the content on that page:
>
> Lately, confusion and misinformation surrounding security and
> /Bluetooth/ wireless technology has increased. The current security
> issues typically involve mobile phones. How these issues apply to
> other classes of devices is important and is often not
> addressed. The encryption algorithm in the /Bluetooth/
> specifications is secure. This includes devices such as mice and
> keyboards connecting to a PC, a mobile phone synchronizing with a
> PC, and a PDA using a mobile phone as a modem to name just a few of
> the many use cases.
>
> Cases where data has been compromised on mobile phones are the
> result of implementation issues on that platform. [...]
>
> So, in short, considering the entire paradigm of wireless connectivity,
> BT is probably about as tight as anything else we have today (and I mean
> "probably" in a very loose sense of the word).
>
> Cheers, everyone, and don't sweat the small stuff. Get a good phone, and
> your data will most likely be safe. Don't sync your devices in public
> places (sounds pretty disgusting, anyway, huh?), and you should be just
> fine.
>
> --
> Lewis
> ------------------------------------------------------------
> Lewis G Rosenthal, CNA, CLP, CLE
> Rosenthal & Rosenthal, LLC
> Accountants / Network Consultants
> New York / Northern Virginia www.2rosenthals.com
> eComStation Consultants www.ecomstation.com
> Novell Users Int'l www.novell.com/openenterpriseserver
> Need a managed Wi-Fi hotspot? www.hautspot.com
> ------------------------------------------------------------
>
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> This message is sent to you because you are subscribed to
> the mailing list .
> To unsubscribe, E-mail to:
> To switch to the DIGEST mode, E-mail to
> To switch to the INDEX mode, E-mail to
> Send administrative queries to
> To subscribe (new addresses), E-mail to: and reply to the confirmation email.
>
> This list is hosted by Rosenthal & Rosenthal
> P.O. Box 281, Deer Park, NY 11729-0281. Non-
> electronic communications related to content
> contained in these messages should be directed
> to the above address. (CAN-SPAM Act of 2003)
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


Doug LaRue

"The idea that Bill Gates has appeared like a knight in shining armor to
lead all customers out of a mire of technological chaos neatly ignores
the fact that it was he, who by peddling second-rate technology, led them
into it in the first place."
- Douglas Adams, author of "The Hitchhiker's Guide to the Galaxy".
- full text: http://www.catscratch.net/douglasadams_on_win95.html
- more quotes: http://www.phnet.fi/public/mamaa1/adams.htm

"Excuse me: Can you tell me the IP address of this cable?"
- Actual question from a MCSE!

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to:
To switch to the DIGEST mode, E-mail to
To switch to the INDEX mode, E-mail to
Send administrative queries to
To subscribe (new addresses), E-mail to: and reply to the confirmation email.

This list is hosted by Rosenthal & Rosenthal
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



Stay in the know. Pulse on the new Yahoo.com. Check it out.
Isriviti: Feed, Riassunto, Indice.
Disiscriviti
Scrivi a ListMaster