StratVantage News Summary

Speaking engagements

The TrendSpot

Internet News

Opinion

Publications



Directories

 

Enterprise Architecture Resources

 

Nanotechnology
Resources

 

P2P Companies

 

Wireless Resources

 

Job Seeking Resources

XML Standards

Security Information

Online Newsletters

B2B Ecommerce Resources

 

 

Marketing Information


Search StratVantage


Search the Web
Google



Be on the wave or under it™


The News – 05/28/03

In this Issue:

Recommended Reading

I realize this is the only newsletter you’ll ever need, but if you want more in-depth detail, check out:

Stan Hustad’s
The Coaching Connection

Management Signature's
The Express Read

New Wireless Standard Enhances Security

Before we get started here, I’ve got to apologize for all the TLA (Three Letter Acronym) and FLA (Four Letter Acronym) acronyms in this story. But we’re talking wireless security here, an area reeking with technical jargon, but which you should be concerned about if you or your company runs a wireless LAN.

Wireless industry body the Wi-Fi Alliance recently announced the certification of products using WPA (Wi-Fi Protected Access), which replaces the existing security protocol, called WEP (Wired Equivalent Privacy.)

WPA is a subset of the 802.11i standard that the IEEE (Institute of Electrical and Electronics Engineers) has been working on for seeming ever. The IEEE won't be finished with the full standard for at least another year. Meanwhile, any wireless cracker with 24 hours to spare and a comfortable place to park his listening device can crack WEP on a reasonably busy network.

WPA is better at protecting wireless data, but it’s far from perfect. The standard uses the same weak RC4 (standing for Rivest's Cipher 4, based on creator Ron Rivest’s name) stream cipher from RSA Security (named for its founders, Rivest, Shamir, and Adleman). The standard improves the RC4 implementation by doubling the initialization vector size (don’t ask, I don’t know what it is either) and adds automatic key resetting, which means crackers have less time to crack the algorithm.

In the existing WEP standard, there was no means to rotate keys, a common practice used to decrease the likelihood of a system breach. When you use the same key for long periods of time, as WEP does, a cracker can find enough patterns in the transmissions to deduce the key. That currently can be done in about a day for networks with normally amounts of traffic. All a cracker has to do is intercept enough traffic to deduce the key, then use it to log on to the network and, bada-bing, bada-boom, your network is compromised. Automatically rotating in new keys at relatively short intervals decreases the window for compromise.

WPA goes to the extreme of rotating the key with every wireless packet. This is as if you and a friend decided to encode your messages to one another and used a different method for each sentence. Unfortunately, all this key swapping increases network load, and thus can slow a wireless network.

The new standard adds some other tricks like a checksum (each network packet must add up to a number that is transferred along with it) and increasing authentication (figuring out you are who you say you are).

The result, however, is that to use the new standard, you’re likely going to need new wireless network adapters for your machines. While wireless access points can likely be upgraded via firmware, it's questionable whether most adapters will.

But the wireless vendors will be happy to sell you new cards. Buffalo Technology will ship WPA-enabled products this month. D-Link Systems will equip its products with WPA by the end of the second quarter, and offer free firmware upgrades for current customers. Linksys Group (being acquired by Cisco) will make WPA available in its Wireless-G products via firmware and software upgrades this month. NetGear expects to provide a WPA firmware upgrades by the end of June. SMC Networks announced that WPA will be built in to all of its wireless LAN products by the end of June.

A company CEO recently asked me, “Should I be worried about wireless LANs?” I told him, “Yes.” Later this summer, the answer will probably be, “Maybe, if you don’t have WPA-enabled systems.”

InfoWorld
Silicon.com

Briefly Noted

  • Shameless Self-Promotion Dept.: My article, “Innovative Marketers Target Unwired Customers” was published in the NetSuds newsletter.

    Coming Soon: A new eBook, Be On the Wave Or Under It™ will collect the best of SNS’ insights over the last couple of years, along with additional material from CTOMentor white papers and new material. It will make a great gift (Father’s Day?) for associates and friends in need of a guide to the latest and greatest technology. Watch for more information in upcoming SNS issues.

    I was quoted extensively on eLearning in a recent issue of the Minneapolis magazine, Upsize, which is aimed at growing businesses.

    A couple issues ago I debuted SNS Begware, an opportunity for you, gentle reader, to express your appreciation by tipping your server via PayPal. See the sidebar for more info. Total in the kitty so far: $46.48.

    I’ve reworked the TrendSpot and Opinion sections, adding a Prediction Tracking page to track the various predictions I’ve made, and also added a Stuff I Said page with some quotes of things I said a decade or so ago on the Net.

    I repurposed and adapted an article about the wireless service known as Short Messaging Service (SMS) for the Reside newsletter. It’s entitled, Wherever they go, there you are and it points out how marketers can use – carefully – this new way to contact their customers.

    I’m featured in Manyworlds’ Thought Leader Showcase, which lists a few of the white papers I’ve done. I’ve also added their fancy icon to the StratVantage site.

  • Bring Out Your Dead (OSes):  It seems that Windows NT is finally doomed. Microsoft tried to retire NT 4.0 by the end of 2003 but, faced with a hue and cry from corporate America, the company decided earlier this year to extend the deadline until the end of 2004. The venerable OS (it’s seven years old, for crying in the beer!) is living on the newly borrowed time because too many corporate domain controllers and servers are running the old code and no one wants to spend the bucks to upgrade to either Windows 2000 (the sane choice as it’s been through several service packs) or the new (and thus really buggy, one figures) Windows 2003.

    Recently, however, Microsoft released security bulletin MS03-010, which reports that anyone with access to port 135 can crash the RPC endmapper service, thereby taking down all RPC functionality and some COM functionality. According to the software giant, the Windows NT architecture cannot be changed to accommodate a fix. Of course, we don’t know if this is just Marketing talking or not. Nonetheless, the effect is the same: All old WinNT systems are vulnerable to a simple hack and must be replaced. Kind of a convenient security flaw for a company that sells operating systems, wouldn’t you say? (Check here for the expiration dates of your favorite Microsoft operating system.)
    Microsoft

  • RFID Takes Another Step: Soon everything you buy will contain an RFID (Radio Frequency Identification) label. Gillette is buying a half a billion of the things for their consumer products, as reported in a previous SNS. And now the UCC (Uniform Code Council, the people who gave us the UPC) and the EAN (European Article Numbering, a standards body who gave us the EAN) have combined forces to license EPC (Electronic Product Code, tired of the acronyms yet?) technology that was developed by MIT (figure it out) Auto-ID Center. The joint effort, called AutoID Inc., will commercialize the technology that assigns a unique number to every possible manufactured thing. EPCs are then used in RFIDs to make possible things such as smart shelves (in test at Wal-Mart, as reported in the same previous SNS) and refrigerators that order milk when you’ve run out.

    Of course, I’ve had Auto-ID on the TrendSpot list since July of 2000, when it probably sounded like science fiction. Hmmm. What too-fantastic tech is on the list now that will come true in three years?
    RFID Journal
  • Legal Internet Guide Available: The Minnesota Department of Trade and Economic Development has released the fourth revision of their “A Legal Guide to the Internet” pamphlet.
    DTED (PDF)

  • Mac Axes SMS Promotions in UK: McDonald’s had been sending text Short Messaging System (SMS) messages to McDs;-)TXT Club members’ phones as part of one of the first large scale marketing uses of the new technology. The messages offered special deals on Mickey D’s products as well as other prizes, according to mobile marketing agency 12snap, which ran the campaign. (BTW, the 12snap Website is a rather nauseating Flash site.) The “Pop & Txt” promotion launched last November offering discounts embedded in McDonald’s drink cups. Club members would enter the code in an SMS message to receive discounts and prizes. The promotion ran for four weeks across all 1,200 UK restaurants. The agency said McDonald’s was decreasing marketing dollars across all venues and thus the SMS campaign got the ax. “It was right last year, but not now,” a 12Snap representative said.
    Silicon.com

  • Stolen Laptops Call Home: When the General Services Administration (GSA) in Atlanta had two laptops stolen from its office, Absolute Software's Computrace agent helped get them back. The agent was installed on each of the GSA’s computers. When the thief used one of them to connect to the Internet about two weeks later, the software program silently checked in with Absolute’s data center, and the computer was traced to a physical address. Within 48 hours, the thief was apprehended, and led authorities to the location of the second machine.

    The 2.2 MB Computrace Agent software silently calls into a data center every time the computer connects to the Internet. If the computer is reported stolen, authorities can often trace the physical location of the user with the cooperation of ISPs (Internet Service Providers).

    Of course, I can think of plenty of other privacy-infringing uses of this type of software in the event that some industry giant, say Microsoft, decides to incorporate this feature into its operating systems.
    TechRepublic

  • Mini-DMCA Laws Aren’t So Bad: Alert SNS Reader Andrew Hargreave sends along an article that takes issue with the notion that the Mini-DMCA (Digital Millenium Copyright Act, the name of a piece of brain dead federal legislation) laws currently being enacted or considered by the states outlaw common networking practices. I nattered on about this in a previous SNS primarily because I don’t trust legislators to understand technical concepts such as NAT (Network Address Translation, a scheme to make it appear that all traffic from a company is coming from a single address). The Mini-DMCA laws make it a crime to hide your real address but, as this article correctly points out, only if the intent is to defraud.

    Well, I stand by my trepidation because I can envision law enforcement adopting a “prove you’re not a crook” attitude toward users suspected of contravening the law.

    Can’t happen here, you say? We’ve got Bill of Rights protection, you say? Consider the sad case of US Citizen (of 14 years) Maher (Mike) Hawash. According to the Free Mike Hawash Web site, Hawash, a Muslim of Arab decent and an employee of Intel for many years, was held in a high-security federal prison without being charged with any crime for five weeks after his initial arrest.  Proceedings in his case during that time were then and are still secret. This guy’s not an “illegal combatant,” he’s a citizen for crying out loud. Still think it can’t happen here?
    LockerGnome

  • If You're Scoring at Home: Here's the tally of TLAs and FLAs in this issue:
    • TLAs 23
    • FLAs 3

Can you find them all? The first to email me a list of all 26 acronyms wins fame (a mention in the next SNS) but not fortune (what, are you kidding?). Note: the same acronym used multiple times only counts once. Good luck!


Return to Mike’s Take



Copyright © 2000-2008, StratVantage Consulting, LLC. All rights reserved.
Please send all comments to  .


Announcing Linked InSolutions, a New Social Media Consulting and Training Service from StratVantage

  • Each Power Workshop session is limited to 25 attendees to enable personal attention

Classroom rate: $125
Webinar rate: $65


House for Sale

$450,000

Looking to light up your office, your business, or your city?

The WiMAX Guys can help you easily provide secure wireless Internet to your customers.

The WiMAX Guys specialize in designing and running wireless networks. We're experienced, we're quick, and we won't cost you an arm and a leg. Give us a call today provide your users a wireless Internet experience tomorrow.

Call Mike Ellsworth
Head Guy
952-400-0185
www.TheWiMAXGuys.com




Alert SNS Reader Hall of Fame



About The Author


Announcing CTOMentor, a New Service from StratVantage




Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com. This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/. Let me know what you think.

Also check out the TrendSpot for ranking of the latest emerging trends.


In Memoriam

Gerald M. Ellsworth

March 14, 1928 - July 5, 2003

In Memoriam

Jane C. Ellsworth

July 20, 1928 - July 20, 2003