Category Archives: Security

Encrypted VOIP from Glootix

While most VOIP providers have been ignoring encryption concerns, one European SIP-based VOIP provider, Glootix, is doing something about it. However, their site is still a little sketchy about whether subscribers can use their own unlocked ATAs (analog terminal adapters, used to connect an analog phone through an Ethernet connection to the Internet). Of course, if SIP compatibility is not a concern and you’re willing to be limited to only accessing the service from a computer then Skype is another option since calls placed using that service are supposed to be encrypted until they reach Skype’s PSTN interconnection facility.
Continue reading Encrypted VOIP from Glootix

WPA (Wifi Protected Access) for older operating systems

As mentioned in a recent Security Now podcast, McAfee offers free WPA client software that can be used to add WPA functionality to older operating systems. Other wifi client software may also provide, or soon provide, such functionality. For example, Cirond had promised that it would add WPA functionality to its WINC software during Q4 2005.

Wi-fi Protected Access is significantly more secure than the older WEP protocol. However, most access points can only operate in one mode (WEP or WPA). It is therefore necessary to upgrade all devices that access a particular access point to support WPA before adjusting the access point to operate using WPA.

180solutions sues ZoneLabs for reporting product

PC World reports that news has leaked out that 180solutions is suing Zone Labs, makers of Zone Alarm, due to the firewall’s SmartDefense Advisor reporting to users that 180solutions’ 180search Assistant is trying to monitor mouse movements and keystrokes. Apparently, a number of “safe” programs have been triggering SmartDefense. It appears that Zone Alarm may be a little too sensitive and is likely to provide false positives. Such false positives however can adversely affect sales of other products, such as 180solutions’ products.

Malicious Keyloggers

eWeek has an item about the growing problem of malicious keyloggers. These programs often evade detection by anti-virus tools and can be difficult to detect once installed. Some are customized to steal personal or financial information (and can lie dormant until the user visits a financial site) while others look for intellectual property such as Microsoft Corp. Word or CAD/CAM files.

CRTC investigating leak of cellphone records

The Canadian Radio-television and Telecommunications Commission (CRTC) is calling the country’s phone companies onto the carpet over revelations in Maclean’s that U.S. databrokers are selling the home and cellphone records of Canadian consumers. The cell phone operators have been given 10 days to report back with details of how the breaches occurred and what steps have been taken to improve security in the future.

Digital Home Canada

Texas sues Sony over XCP DRM

According to AP (as reported in the Globe and Mail), the State of Texas has sued Sony BMG Music under its new anti-spyware legislation saying that the XCP anti-piracy code installed by Sony music CDs leaves computers vulnerable to hackers.

Sony had already announced a recall of the discs last week, to be replaced with non-protected CDs, and has even offered to allow previous purchases to obtain MP3 versions of the music.

VPNs, the real deal

I recently clicked on a Google ad for WiTopia’s VPN service. The purpose of a VPN, or virtual private network, is to encrypt communications between two end points. It is typically used by remote users to access corporate systems from home or on the road. However, a number of companies now offer public VPN services that permit subscribers to encrypt their communications when using their laptop in a hostile environment such as a public Wi-fi hotspot. Since their destination probably doesn’t support encryption, these VPN products re-route the communications (Instant Messanging, Web browsing, VOIP, etc.) to one of their data centers and then send it unencrypted to the destination. The purpose is to protect the data stream from being intercepted from the user’s immediate environment.
Continue reading VPNs, the real deal