My colleague at Forrester, Chris Silva, recently commented upon the recent Air Defense acquisition by Motorola. Looking at the deal through the security lens, I completely agree with Chris that this will help ease integration of wireless security into wireless infrastructure. It's good to see one of the major wireless brands step up and take wireless security seriously. Perhaps that other major wireless vendor will get the hint...
Motorola announced this week its intentions to acquires Wireless IDS/IPS vendor AirDefense.
The acquisition may provide a bit of deja vu to readers who recall the
acquisition of Network Chemistry's wireless IDS/IPS assets by Aruba
Networks in 2007.
As a security guy, I’ve spent a lot of time thinking about the security ramifications of wireless connectivity. Wireless has evolved from a single protocol, 802.11b, to a veritable alphabet soup loosely defined as "Mobility." We now have 11a/b/g and maybe n, Bluetooth, RFID, CDMA, Wi-Max, and a bunch of other stuff that all provides wireless access, often without even a thought of security. As people scramble to have the latest, coolest, most connected devices in the company, they are tossing security right out the window.
TechCrunchIT reported today that a Rackspace data center went down for several hours during the evening due to a power grid failure. Because Rackspace is a managed service provider (MSP), the downtime affected several businesses hosted in the data center.
I am sure many of you are aware of the recent massive-scale SQL injection attacks targeting Microsoft ASP applications running on IIS. The latest report has the number of attacked sites at 500,000. The press makes it sound like there is a new vulnerability in IIS or ASP. This cannot be further from the truth. The reality is the attacks are targeting Web applications where user input validation is not done (this is one of the fundamental security programming techniques). When a Web application does not validate its form input, it is opening itself up to code injection attacks including SQL injection. Today, the security industry is doing a decent job of communicating the importance of input validation. But you'll still find many legacy Web applications that have these flaws. And this is exactly what happened here: the attackers (well, they are organized) are using Google to find old ASP pages that take user input, and are systematically going after these pages to perform SQL injection attacks.