About

My Photo

Adsense


Add to Google Reader or Homepage

Subscribe in Bloglines

Subscribe in one go

  • Subscribe to RSS Feed

Your email address:


Powered by FeedBlitz

Google reader

Software worth checking out

  • ActiveWords
    Do everything without leaving the keyboard
  • Anagram
    Translates copied text into Contact, Calendar, Task, and Note items for Outlook, Palm etc
  • BlogJet
    Weblog client for Windows that allows you to manage your blog without opening a browser.
  • ConnectedText
    Intriguing Wiki-based organiser
  • Copernic Desktop Search
    Great alternative to Google's or Microsoft's offering for searching your PC. Simple and unobtrusive
  • Courier Email
    Great email program
  • DtSearch
    Text Retrieval / Full Text Search Engine
  • ExplorerPlus
    Organize and manage all your system files and folders
  • Gmail
    Webmail that really works. Great for catching spam too.
  • Google Deskbar
    Search with Google from any application without lifting your fingers from the keyboard.
  • Google Earth
    Zip around the planet and see things differently
  • Google Reader
    Best online RSS reader I think there is out there
  • Jot+
    store all of your notes and information in an easy-to-use outline
  • Local Cooling
  • Mindjet
    The mindmapper of choice.
  • MSGTAG - MessageTag
    Email receipt alert
  • MyInfo
    free-form information organizer
  • NoteStudio
  • NoteTab
    Great text and HTML editor
  • Omea Reader
    Good RSS feedreader
  • PersonalBrain
    If you've ever wanted to organise your information in a way that's different, try this. Worth spending time on mastering
  • Process Explorer
    Not too geeky way to figure out what software is slowing down your computer. Just keep it running for a while and the culprit will become obvious.
  • Safari
    Surprisingly fast browser -- and for Windows too.
  • Skype
    Dump those phone bills
  • SpaceMonger
    Keep track of the free space on your computer via treemaps
  • Stick
    Post-It note-like tabs to store text, folders etc that cling to the edge of your screen
  • SuperNotecard
    Great for authors and writers organizing their thoughts
  • TaskTracker
    Lists recent documents by type for easy access
  • Text Monkey
    Easily clean copied text
  • Trillian IM Clients
    Gathers all your instant messaging accounts in one window

« Enter Kinja, The New Blog Directory | Main | More On Plaxo And Privacy »

April 01, 2004

The Dangers Of Snarf

Is Bluesnarfing something to worry about? Yes, according to an Austrian study.

In the middle of last month a researcher at Salzburg's Research Forschungsgesellschaft mbH, Martin Herfurt, set up a laptop and Bluetooth dongle near the public restrooms in Hall 11 at CeBIT, Europe’s biggest IT-exposition in Hannover. He then started to sniff for Bluetooth cellphones. In four days he found 1,269 different devices.

Bluesnarfing, or SNARFing, involves connecting to a device without permission (what's called pairing) and then accessing data on the device or using its features. Martin didn't do anything to the devices he did find, but he makes clear he could have:

  • sent SMS (text) messages from the victim's phone without her knowledge;
  • made phone calls from the victim's phone and
  • altered the phone book and the record of dialled numbers on the victim's phone.

    • Worst off: The Nokia 6310 and the more enhanced Nokia 6310i, which he says, "are very vulnerable to the SNARF attack. About 33 percent of all discovered devices of this type were disclosing personal phone book entries without requiring user-interaction." And Martin thinks it could have been a lot worse: By basing himself near the restrooms, a lot of his victims were passing by, moving away before he could complete a full 'attack'. (He stresses he has not kept any of the information he obtained this way.)

    I've said in the past that this sort of thing sounds obscure, and therefore not something we think we should worry about. But just because we can't think of how these vulnerabilities might be exploited doesn't mean they won't be, and that this is not a serious breach of our security. 

    These tricks in themselves may not in themselves be dangerous, but highlight the fact that most of us walk around with a lot of personal data inside our phone/PDA -- our address book, who we called, a record of messages sent and received, our name, our exact position, passwords and bank account numbers, email messages -- which could be obtainable by someone with the interest and a modicum of equipment.

    I don't think the problem here is hijacking a phone to make a call, or SMS spam, or whatever. It's that as cellphones and PDAs merge, these devices will inevitably become attractive targets of ID thieves, commercial spies and anyone else with an interest in finding out more about us. Unless we're careful, Bluetooth will become just one more open door through which they can do it.

    Posted on April 01, 2004 in Bluetooth, Phones, Security |

    Digg This | Save to del.icio.us

    Comments

    Post a comment

    If you have a TypeKey or TypePad account, please Sign In

    Loose Wire search

    Regulars

    Recent Posts

    Recent Comments

    Categories

    Subscribe to my Podcast

    Eco-Safe

    Categories

    Rank

    • Wikio - Top Blogs - Technology
    Blog powered by TypePad
    Member since 12/2003

    A Directory of...

    ten mov.es

    tenminut.es