Skype VoIP: Who's listening in?

Described as the first ever "wiretap Trojan," a new virus that can eavesdrop on calls made with the popular Voice over Internet Protocol (VoIP) service Skype is raising concerns about the the security of personal computer-driven telecommunications and the prevalence of surveillance in the ecosystem of this increasingly popular technology.

With over 480 million users worldwide, Skype offers free or low-cost VoIP calling between two computers or between a computer and a phone. The new Trojan allows these voice conversations to be recorded and distributed to remote sites automatically, without the Skype users' knowledge.

The virus...doesn't target a particular vulnerability in Skype. Instead, it hooks into parts of the Windows operating system that handle audio processing. Then it intercepts all audio coming from Skype before it's encrypted by the software...The audio gets saved as mp3 files and can be sent to computers controlled by the criminals.

According to Kevin Haley, director of Symantec Security Resposne, "It's more interesting than dangerous. It's an espionage tool. That's its clear purpose. It's not practical for any type of broad-based attacks."

« Blog Home
Mocana Website »

WALL STREET JOURNAL Off-the-shelf mobile devices becoming government-issue standard

Until recently, government employees were rarely issued mobile devices like mobile internet devices or Blackberry's, usually because of the perceived security problem. That's changing, and fast. More and more often, government IT departments have decided "if you can't beat 'em, join 'em" and are rapidly outfitting their employees with commercial off-the-shelf mobile communications devices. These consumer devices, previously only issued to the highest-level government employees, are now much more likely to be found in the hands of the rank-and-file. That has dramatically expanded the government's mobile device population (and its over-the-air data traffic), leading some experts to worry that sensitive government communications are becoming less, not more, secure.

This change in government policy is happening on a massive scale.

This year, the U.S. government will spend $70 billion on information technology, including wireless devices, service contracts and applications, according to Warren Suss, president of Suss Consulting Inc...The shift is being driven by the desire to make government workers more effective and efficient by giving them access to critical information wherever they are, and by the need to cut costs -- private networks and proprietary devices are expensive to develop and require specialized staff to maintain and update.

Sara Silver of The Wall Street Journal reports on the exciting new uses government employees are finding for commercial devices and networks.

« Blog Home
Mocana Website »

MOCANA BYLINESecurity in Wireless Sensor Networks

Despite their ubiquity, security and networking technologies for sensors and other smart objects are still very much in their infancy, and there is tremendous technical and market opportunity in this arena. With major computational and communication resource constraints, these networks require new security solutions developed from the ground-up, as integral parts of their architectures.

Devices and "smart objects" like industrial sensors are rapidly outnumbering workstations on networks worldwide, with some experts projecting that within 5 years there will be over 100 non-PC devices for every workstation on a network. Some devices. . .have comparatively ample memory, processing and bandwidth resources at their disposal. As such, we can usually apply some of the security techniques originally developed for networks of PCs directly to the new "citizens" on the network. But at the very low end, devices like environmental sensors often present a unique challenge because of the extreme resource constraints they impose on security architects.

A recent RTC Magazine cover story by Mocana's own Kurt Stammberger, CISSP discusses the challenges these wireless sensor networks and smart objects present and the cutting-edge work being done to create solutions custom-built for securing them.

« Blog Home
Mocana Website »

Wyse + Mocana = Windows desktop on the iPhone

At VMWorld, Wyse Technology is selling a new iPhone app which makes it easy for users to access their Windows desktop, securely, from their iPhone. Wyse's new PocketCloud app uses Mocana's NanoSSL software to authenticate and encrypt the remote connection, making sure that unauthorized people can't log into YOUR desktop from THEIR iPhones :-).

PocketCloud works on both the iPhone and iPod Touch. The app works with either a virtualized or physical machine which supports Microsoft's RDP protocol, and also supports VMware View 3.1 connection broker (in direct or tunneling modes). $29.95 from the iTunes App Store.