[ISN] New rules mandate wireless safeguards

From: InfoSec News (alerts@private)
Date: Wed Aug 30 2006 - 23:05:41 PDT


http://www.mercurynews.com/mld/mercurynews/business/technology/15392112.htm

By Sarah Jane Tribble
Mercury News
Aug. 30, 2006

The days of easily stealing wireless Internet access from your
neighbor may soon be over.

The state Assembly on Tuesday approved rules requiring wireless
manufacturers, such as laptop makers, to instruct consumers on how to
step up security measures and stop would-be piggybackers from
accessing their personal networks. The bill, which the governor is
expected to sign, would take effect in January.

If piggybackers or hackers gained access to your network, they could
post and distribute illegal information, such as child pornography.  
More sophisticated hackers could use the access to scan all your
personal files and programs, said Ken Baylor, director of market
development and strategic alliances at McAfee, the Santa Clara-based
anti-virus software maker.

``It's a small burden on the manufacturers to produce a document
saying this is how to secure this device,'' Baylor said. ``California
has led the way with data leakage, and I think California sometimes
nudges people in the direction of best practices.''

The bill, written by Speaker Fabian Núñez, D-Los Angeles, asks
manufacturers to include a warning label that would provide
easy-to-use instructions for how to protect personal files. The
warning label could appear in one of four ways:

* A warning sticker placed on the ports of a wireless router.

* A warning that appears when installing a wireless device.

* An alert that requires consumers to take action before the device is
  used.

* Or other, unspecified protections on the wireless connection.

The options give manufacturers a ``great deal of flexibility'' when
developing the consumer protections and are indicative of a broad
best-practices policy being adopted within the industry, said Frank
Hanzlik, managing director of Wi-Fi Alliance, a non-profit industry
association.

The alliance, which has 275 member companies, plans to introduce its
own standardized protective setup program within the next couple of
months, he said. The industry's development of security measures for
consumers comes after a series of high-profile laptop thefts attracted
attention and raised questions about the security of personal
information.

Steven Maviglio, deputy chief of staff for Núñez, said the speaker was
inspired to write the bill after an eye-opening experience at his home
last year: While Núñez and Maviglio worked late one night on a
project, Núñez watched Maviglio pull up three networks while using a
handheld device.

``He was amazed and bemused that you could take advantage of someone
else's service like that,'' Maviglio said.



_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Wed Aug 30 2006 - 23:20:42 PDT