2007 News:

Date: November 16, 2007
Source: San Jose Mercury
(abridged) WiFi security gaps found at stores
"BOSTON - Half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping centers in the U.S. and Europe use wireless data systems vulnerable to hacking, the company said Thursday. The data that stores routinely transmit on wireless networks includes customer credit card and Social Security numbers and other sensitive information. AirDefense, an Atlanta-based maker of security products for wireless data systems, found that about 25 percent of the stores' 4,748 wireless access points were exchanging data with no encryption at all to mask the information. Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy that AirDefense said is easily cracked by thieves using widely available tools. While the 3,045 retail outlets surveyed included many large, high-end stores, they also included merchants' carts in shopping malls and other small, less sophisticated retailers, Rushing said. The survey included locations of 51 of the largest U.S. retail chains, he said. The surveyors carried backpacks containing laptop computers with radio signal-intercepting antennae. After walking through the stores, they downloaded the information the laptops had gathered and examined the data for security holes using tools that unscramble encrypted data. The retailers weren't told of the project, although AirDefense did privately notify retailers via e-mail in cases where it found major security flaws, Rushing said. AirDefense is not disclosing the names of retailers, to avoid drawing hackers' attention."

Date: November 5, 2007
Source:PC World
(abridged) Aruba Launches 802.11n Lineup
"Aruba Networks is the last major wireless LAN vendor to launch 802.11n fast Wi-Fi wireless LAN products -- but it claims to have better power-over-Ethernet support and central switching than the competition. "This had to be done right," said Roger Hockaday, director of marketing EMEA for Aruba, explaining that a later generation of Atheros' 802.11n draft silicon lets Aruba's access points run in full 802.11n mode on most current power-over-Ethernet installations, saving the cost of power injectors. Meanwhile, an upgrade lets its chassis wireless switch handle up to 32Gbit/s of encrypted wireless traffic, and cope with the higher data rates of 802.11n, he said. While other companies such as Trapeze have moved to a different architecture which shifts some switching to the edge to accommodate the high bandwidth of 802.11n, Hockaday says that central switching is the best architecture, and Aruba is upgrading its Wi-Fi switches and blades to handle 802.11n capacities. The blades of its chassis switch have had the supervisor function integrated, freeing up slots, so a MMC-6000 Multi-Service controller with four blades can now handle 80Gbit/s of encrypted traffic and 8000 access points, and the MMC-3000 can handle 8 Git/s and 500 access points. Till now, wired and wireless switches have always adapted to new bandwidth with faster core capability, says Hockaday. "Why would a vendor want to switch at the edge?" he asked. "Cisco and Aruba have the ability to invest in high performance switching at the core, while other wireless switches may be built on PC platforms and the vendors can't afford to get the high performance silicon required for faster core switches." In fact, Aruba already offers the option of splitting traffic and switching some nearer the edge for situations where it is useful, such as branch offices, he said. "We think centrally switching is the best way, but we give people all the options that are necessary." Trapeze Networks responded by arguing that upgrades to the central switch are costly and not necessary, if distributed switching can manage the load. "Trapeze customers who upgrade to 11n use the controller they already have installed," said Michael Coci, director of technical marketing at Trapeze. "Aruba customers who upgrade to 11n must buy new APs, plus the controller hardware necessary to support them. That means higher costs, additional hardware, and added customer effort." "If customers like the centralized forwarding path, Trapeze will certainly sell them hardware that is capable of 802.11n speeds," said Matthew Gast, director of consulting engineering at Trapeze. "The raw data throughput of switch fabrics isn't a barrier for us in the wireless industry. We can all buy switch fabrics that move data through the network at wire speed. The barrier is in performing all the crypto operations for client devices." Coci likened Aruba and Trapeze's 802.11n upgrades to recent operating system upgrades from Microsoft and Apple: "If I'm a Microsoft customer who wants to upgrade to Vista, because of the heavier requirements I have to buy new hardware. If I'm an Apple customer and I want Leopard, I buy the new OS, and enjoy all the new functionality while running it on my existing hardware. Which vendor's customers are better served -- which vendor has the better architecture?"

"

Date: June 26, 2007
Source: Wall Street Journal
(abridged) Helpless, Hopeless, Wireless
"Companies Cool on Hotspots as Wi-Fi Connection Problems Lead to Help-Desk Headaches. When William Friemann joined real-estate firm Prudential Fox & Roach last year as its vice president of technology operations, he was alarmed at how much it was costing his information-technology department to continuously troubleshoot the company's patchwork wireless network. For Mr. Friemann, Prudential, Fox & Roach's problems continued with the firm's wireless network until he approached managers in October and convinced them that a Wi-Fi overhaul was necessary. In January, the company began upgrading its wireless systems, spending $120,000 and tapping Aruba Wireless to help. Aruba put in a secure wireless system with high bandwidth access points that allowed the operators to better monitor who was using the network. Today Prudential's Wi-Fi network is more stable and Mr. Friemann's time is no longer consumed by troubleshooting."

Date: May 28, 2007
Source: information week.com
(abridged) URGENT CARE...The health care industry is making painfully slow progress ditching paper for electronic health records.
"When people talked about the promise of electronic medical records, Santa Barbara County usually came up as a role model. In 1999, a nonprofit was created to connect hospitals and doctor's offices in the California region using interoperable e-records to share patient data across practices, with goal of improving care and cutting costs. In December, however, the Santa Barbara County Care Data Exchange quietly died. A $10 million grant ran out, and the health care community didn't see enough value to keep it going "

Date: May 4, 2007
Source: Wall Street Journal
(abridged) How Credit-Card Data Went Out Wireless Door
"The Biggest Known Theft, Retailer's Weak Security Lost Millions of Numbers. The $17.4-billion retailer's wireless network had less security than many people have on their home networks, and for 18 months the company that owns T.J. Maxx, Home Goods and A.J. Wright--had no idea what was going on."

Date: March 19, 2007
Source: INFOWORLD.COM
(abridged) Open Source VoIP
"Thanks to worthwhile IP PBX alternatives such as Asterisk, open source VoIP is ready for targeted enterprise deployment. ...So much so that Sam Houston State University last year migrated 6,000-plus extensions from Cisco CallManager to Asterisk, eliminating phone licensing costs and increasing customization control and security in the process. "

Date: January 1/8, 2007
Source: INFORMATIONWEEK
(abridged) Get Ready for VoIP Attacks
"SECURING VOICE OVER IP hasn't been on the radar of most companies because VoIP, so far, hasn't been a popular target of attackers or bug hunters. But security experts say it's time to make VoIP security a priority.

To show how easy VoIP hacking can be, David Endler, director of security research at TippingPoint and co-author of Hacking Exposed: VoIP (McGraw-Hill Osborne Media, 2006), has released more than 20 VoIP hacking tools that he and co-author Mark Colier, CTO at SecureLogix, wrote while researching everything from denial-of-service attacks to adding audio to active IP calls. "