http://www.corecom.com/external/bcrmag/bcrmag.html#nov05
VoWiFi Vanguards: Blazing The Trail
BCR Magazine, November 2005

To better understand what it takes to deploy VoIP over WiFi, Lisa Phifer interviewed six companies that have already ventured down this path. From healthcare to hospitality, walled office to warehouse, these vanguards have given VoWiFi a try, with varied goals and results. These are their stories.

http://searchsecurity.com/generic/0,295582,sid14_gci1162378_tax299833,00.html
Understanding the protocols that power VoIP
searchSecurity, January 29, 2006

Like all new technologies, VoIP implementations require careful design, testing and analysis to identify and eliminate security vulnerabilities. In this article, Lisa Phifer describes the two main protocols that power VoIP (SIP and H.323), a few known vulnerabilities, and how functional protocol testing ("fuzzing") can help defeat such problems.

http://www.corecom.com/external/mobloop/Loop-122305.htm
One VoIP Phone To Go, Please
Published December 23, 2005

Have you been itching to bring your Vonage phone on the road? Lisa Phifer ponders Vonage "mobility" options, including VoWiFi, in this holiday season Mobility Loop post.

http://www.corecom.com/external/mobloop/Loop-011806.htm
Taking VoWiFi on the road: Vonage UTStarcom F1000
MobilityLoop, January 18, 2006

This VoWiFi handset may be tiny and portable, but don't expect it to replace your cellphone. Read about what worked and what didn't when Lisa Phifer took UTStarcom's F1000 Wi-Fi phone for a test drive.

WIRELESS

http://www.corecom.com/external/mobloop/Loop-012406.htm
Don't Talk To (Wireless) Strangers
MobilityLoop, January 24, 2006

In this MobilityLoop blog post, Lisa Phifer discusses NMRC's security advisory, "Windows Silent Ad hoc Network Advertisement" and measures to deter ad hoc AND infrastructure mode SSID spoofing.

http://searchmobilecomputing.com/tip/1,289483,sid40_gci1160151,00.html
Wireless laptop evolution
searchMobileComputing, January 19, 2006

If you're cycling out older laptops or deploying a whole new fleet, read this feature column, where Lisa Phifer explores embedded wireless interfaces and factors to consider when purchasing your next laptop.

http://searchmobilecomputing.com/tip/1,289483,sid40_gci1152171,00.html
Challenges posed by 802.11 wireless
searchMobileComputing, December 14, 2005

802.11 challenges have changed, from satisfying basic necessities like security and coverage, to addressing broader deployment issues like management and quality. In this year-end Wireless Advisor column, Lisa Phifer takes a look back at 2004-2005 WLAN evolution.

WINDOWS SECURITY

http://www.isp-planet.com/technology/2005/secure_windows_1a.html
http://www.isp-planet.com/technology/2005/secure_windows_2a.html
Thinking Outside The (Windows) Box, Parts I & II
ISP-Planet December 23 and 30, 2005

While many businesses depend on the Microsoft Windows Internet Explorer, Outlook, and the XP SP2 Firewall, vulnerabilities have generated growing interest in alternative clients that are leaner, cleaner, and faster. In this series, Lisa Phifer examines several freely available Win32 web browsers, e-mail clients, and firewalls.

http://www.corecom.com/external/livesecurity/protectdos.htm
Protecting Windows Servers against DoS Attacks
WatchGuard LiveSecurity, October 21, 2005

Many SMBs overlook the additional layer of security they can achieve by configuring the Windows OS to detect and protect its TCP/IP "stack" against DoS attacks. Dave Piscitello navigates the associated Windows registry keys in this LiveSecurity column.

ATTACKS AND COUNTERMEASURES

http://searchsecurity.com/tip/1,289483,sid14_gci1148951,00.html
Don't get bitten by Bluetooth
searchSecurity, November 17, 2005

Given limited range and application, Bluetooth is often incorrectly discounted as a business threat. But new Bluetooth devices can reach up to 100 meters, most are promiscuous by default, and many harbor flaws associated with the Bluetooth OBEX protocol. Learn more about Bluetooth attacks and security measures in Lisa Phifer's column.

http://www.corecom.com/external/livesecurity/dnsphishing.htm
DNS Pharming: Somebody's poisoned the water hole!
WatchGuard LiveSecurity, September 19, 2005

In this article, Dave Piscitello discusses DNS cache poisoning, a class of attacks where a name server is tricked into adding or modifying cached DNS data with incorrect and malicious data. There are several forms of DNS (cache) poisoning; here, Dave examines pharming, an attack associated with recent phishing incidents.

http://www.corecom.com/external/livesecurity/eviltwin1.htm
http://www.corecom.com/external/livesecurity/eviltwin2.htm
Anatomy of a Wireless "Evil Twin" Attack
WatchGuard LiveSecurity, August 29, 2005

"Evil Twin" is one of several catchy labels referring to attacks in which unsuspecting Wi-Fi users are tricked into associating with a phony wireless Access Point (AP). In this two-part column, Lisa Phifer disassembles this attack to see where vulnerabilities are exploited and mistakes are made during an Evil Twin attack, then recommends steps that can help you avoid becoming a victim.

http://www.corecom.com/external/livesecurity/logclues.htm
Logs offer clues to what users do
WatchGuard LiveSecurity, December 8, 2005

But perhaps the most powerful use of logging is user activity monitoring. In this LiveSecurity article, Dave Piscitello outlines how to implement user-level monitoring using a WatchGuard Firebox.

http://www.corecom.com/external/mobloop/Loop-113005.htm
Wireless Spam: Coming to a phone near you?
MobilityLoop, November 30, 2005

Telemarketers may not be texting your mobile phone anytime soon, but SMS/MMS spam is still a concern. Lisa Phifer discusses wireless spam and simple countermeasures to reduce your exposure.

http://searchmobilecomputing.com/originalContent/0,289142,sid40_gci1149776,00.html
Web site documents wireless threats, vulnerabilities
searchMobileComputing, December 5, 2005

TechTarget's Andrew Hickey interviews CoreCom's Lisa Phifer about the Wireless Vulnerabilities and Exposures Database, sponsored by CWNP, The Center for Advanced Defense Studies, and Network Chemistry.

Dave Piscitello's Blog

http://hhi.corecom.com/arc20051101.htm#BlogID477
DNSsec: the new whipping post
Dave's Blog, 30 Nov 2005

DNSsec is the latest Internet protocol to encounter resistance to early adoption and deployment. Like WLAN security, remote access VPNs, secure email, multi-factor authentication and, well, *every* security measure introduced in recent memory, reaction from network operators and administrators always begins with the same five sentence mantra...

http://hhi.corecom.com/arc20051201.htm#BlogID485
Windows XP Security Solutions
Dave's Blog, 26 Dec 2005

In this post, Dave gives a thumbs up to Dan DiNicolo's "step-by-step methods for evicting invaders and keeping them out", published by PC Magazine.

http://hhi.corecom.com/arc20051201.htm#BlogID482
"Multilingual Internet" has many dimensions
Dave's Blog, 16 Dec 2005

Here, Dave discusses some of the challenges that members of the Internet community face as they struggle to accommodate national and local character sets in the Domain Name System.

http://hhi.corecom.com/arc20051201.htm#BlogID481
New twist on an old exploit
Dave's Blog, 12 Dec 2005

Nearly a decade after the disclosure of the exploit code for the original LAND attack, two remote variants of the attack have resurfaced. In this post, Dave explains why he finds these attacks so interesting, and what they reveal about the way security is evolving (or devolving).

http://hhi.corecom.com/arc20051201.htm#BlogID478
Harry Potter and the Group Password
Dave's Blog, 5 Dec 2005

Dave uses J.K. Rowling's endearing character as a literary device to make a point about the way authentication is practiced today.

-----------------------------------------------------------------

Cornerstone is an electronic publication of Core Competence, Inc. If you do not wish to receive future issues, please reply to this message or send email to cornerstone@corecom.com with the word "remove" in the subject line or message body.

For additional information about Core Competence, visit our web site http://www.corecom.com
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.