Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Wireless Networking Worms Intel Hardware IT

New Security Ideas From Intel 151

Scott writes "Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user. This is one of several ideas were presented at Intel Developer Forum. Intel has also released a hardware-based solution to fight against worm spreading. From the report: 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'"
This discussion has been archived. No new comments can be posted.

New Security Ideas From Intel

Comments Filter:
  • by Vyyper ( 83684 ) on Friday August 26, 2005 @06:49PM (#13412346)
    is only as strong as the weakest link.. which in most cases is the user.
  • by Anonymous Coward
    What happens if I have to take my laptop to the bathroom with me? Will I stay connected?
    • What happens if I have to take my laptop to the bathroom with me? Will I stay connected?

      It's because of people like you that I cannot touch our company's periodicals library. Damn you! DAMN YOU TO HELL!
      • Come on now, everyone's picked up a brown-tagged magazine at least once in their life. You're there on the toilet, nothing to do but stare at a blank wall and wait. It's probably one of the most boring things humans do. So, you spot a magazine or newspaper in the stall, grab it and start reading. Even if you're just flipping pages, it keeps your brain occupied until your posterior is finished.

        So don't look too harshly upon brown-tagged periodicals. They have their place in the media food chain.
  • Say Goodbye (Score:4, Interesting)

    by Nom du Keyboard ( 633989 ) on Friday August 26, 2005 @06:51PM (#13412363)
    'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.

    Say goodbye to P2P and BT.

    • Uh - it detects the # of connection to your WAP. I hope people are not BTing from there and instead come through your cable/DSL connection.
    • by tepples ( 727027 ) <tepplesNO@SPAMgmail.com> on Friday August 26, 2005 @07:10PM (#13412448) Homepage Journal

      If you tell the router which port you run your P2P on (e.g. I usually run Azureus on port 6502), then it should be able to distinguish P2P traffic from virus traffic. Besides, virus connections are usually much shorter lived than P2P connections, right?

      • by flithm ( 756019 ) on Friday August 26, 2005 @08:11PM (#13412758) Homepage
        While a good thought, you're forgetting how worms propagate themselves.

        Usually these days they go in through a buffer overflow in some network application (such as P2P clients).

        The bottom line is it's really hard to tell what's a virus and what's not (viruses tend to disguise themselves).

        That's why they're trying out this method. Yes it's got some problems, especially for the home user, but for corporate situations this might work.

        It all depends on how smart their algorithm is.
      • To begin with, if you actually have a router and it's properly configured, nothing can get trough but exactly what you allowed. (This is my config.) So what's the point of distinguishing activity based on port numbers? Truth is, most people (on the 'desktop') don't want to be bothered with a (properly-configured) router. Heck, I quit using MSN messenger because the new version (7) wouldn't work at all behind a router (and this is actually acknowledged by MS).
    • Re:Say Goodbye (Score:3, Insightful)

      by Icyfire0573 ( 719207 )
      You could be right, but think of it this way, if your computer is involved in a DDOS, your main method of attack is sending as many SYN packets as your processor and upload will allow, so if your sending 1000SYN packets to every ACK then the network card says HELL NO! and the attack is ceased
    • i was just about to say - it sounds more like intel in bed with media companies and comming up with a "feature" which happens to make p2p beyond the average user in forder to "protect" them from worms. i won't be buying anything where i have to especially configure to just to make more then 10 connections from it.
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Friday August 26, 2005 @06:51PM (#13412364)
    Comment removed based on user account deletion
    • I suspect that the majority of people who buy a wi-fi router in the next five years will still not bother to even change the default admin password.

      I hope you're right! All those open WAPs are so convenient.

      (This post should not be interpreted to advocate actions which may be illegal in your jurisdiction and probably mine too.)
      • Comment removed based on user account deletion
      • I suspect that the majority of people who buy a wi-fi router in the next five years will still not bother to even change the default admin password.

        I hope you're right! All those open WAPs are so convenient.


        Won't matter. They'll ship 'em with the limit turned on. The clueless will leave it that way, only the clueful who WANT to allow open access will turn it on.

        APs are shipped with open default configs so users can get them up and running without making an expensive service call. Limiting the range won'
    • by riptide_dot ( 759229 ) * on Friday August 26, 2005 @07:06PM (#13412429)
      I suspect that the majority of people who buy a wi-fi router in the next five years will still not bother to even change the default admin password.

      Or take any other measures to secure the device for that matter, like preventing access to unknown MACs, limiting usage to certain times of the day, not broadcasting the SSID, etc, etc...

      This is one of those cases where some of the people that want devices like these have absolutely no idea how to use them correctly. To me, it's like handing the keys to a Ferrari to a 12 year old. ALL of my neighbors have open access points, so whenever people come over to my house with wireless equipment, I don't even bother to modify my network to let them in - I just tell them to sit by a window and inevitably they get all the bandwidth they need.

      Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user.

      I think this is supposed to read "using the time it takes for packets to arrive from the Wi-Fi user to the access point. I have no idea how an access point would be able to monitor how long it took for its packets to make it to the clients...
      • by merreborn ( 853723 ) on Friday August 26, 2005 @07:51PM (#13412654) Journal
        I have no idea how an access point would be able to monitor how long it took for its packets to make it to the clients...

        It probably measures the time between transmission, and the reciept of an ACK(nowledgement). Of course, you'd think a really bogged down machine with a USB Wifi adapter could concievably return ACKs a little slow, and get dropped.

        All in all, it seems like a pretty goofy idea: "Secure your WAP: artificially limit it's already meager range!"

        • All in all, it seems like a pretty goofy idea: "Secure your WAP: artificially limit it's already meager range!"

          If it means accepting connections from people in the building and rejecting those from people in the parking lot, across the street, or in the competitor's facility next door, I bet it will go over big with enterprise users.

          Measuring with multiple receivers can also pinpoint the client location, not just distance, even in the presence of unceartainty in turnaround time. Also: Turnaround time unce
        • All in all, it seems like a pretty goofy idea: "Secure your WAP: artificially limit it's already meager range!"

          What's wrong with having an adjustable range limit? It makes perfect sense to me.

          In particular: Permissions-based configurations lead to most home users having wide-open APs. The incentive on the manufacturers is to ship a default configuration with the door wide open, so the user doesn't have trouble getting connected on instalation. Of course most users stop once it's up and running, so most
      • by Anonymous Coward
        Yeah let their passwords get sniffed by "open accesspoints" while you think you are secure by totally ineffective measures like MAC filtering and broadcast-off...

        nice going!
      • by j.blechert ( 726395 ) on Saturday August 27, 2005 @02:18AM (#13413985) Homepage
        Shouldn't the people who install the access points secure them and not the people who use them? You can't expect joe user to understand even what a MAC or SSID is.
    • I suspect that the majority of people who buy a wi-fi router in the next five years will still not bother to even change the default admin password.

      And yet, no one makes this a requirement. Like when you get an ATM card and they make you change the PIN when you activate it. Really, how hard is this?
      • How hard is this? When users type in a key and forget it do you think they know to plug in an ethernet cable to reset it? Do you think they will figure out how to reset the router to re-enable its default password? I think they can figure both of these things out--after calling the 800 number on the box. All the hardware in these things is just a commodity at this point; the various companies can only save costs by making support cheaper.
        • I don't think they will chose a hard password. Heck, they can make the passowrd their dog's name for all I care. Having some sort of password on the access point will lessen wardriving, even if the password is the owner's first name. At least then you would at least have to know who lives at a house to sip off their internet connection.
    • by Deitheres ( 98368 ) <brutalentropy AT gmail DOT com> on Friday August 26, 2005 @08:03PM (#13412721)
      I agree... about a year ago I did a quick wardrive around my mom's neighborhood (upper middle class suburb of Columbus, OH). I drove 3 blocks, and found 14 wireless networks. 10 were open. I tried using the default password for all of the router types (as identified by netstumbler), and it worked on 9 of the open networks... only 1 of the secured networks had not changed the default password.

      What is the solution to this? I am hardly an expert on supply-side economics relating to production, but how hard would it be to set a random password for both the router and the wireless network? Include a piece of paper with both the password written on them (kind of like a manual addendum, that way each manual won't have to be customized). Or better yet, make the default password the serial number of the router. Extremely difficult to guess, usually a string of alpha and numerics, and the user could never really lose it (unless they removed the serial number sticker from the router).

      There has to be a better way of doing things than what currently exists. To offer a product to consumers that has no security whatsoever in an out of the box condfiguration is moronic. Even more moronic is the fact that the consumer (I'm speaking in general terms of course) makes no effort to read the manual. You would think that logic would strike them in the face as they connect to their network for the first time...

      "Oh, look, Windows automagically detected my wireless network!"
      "Neat, now it's joined! That was easy..." ......

      "Almost TOO easy"
      *smack* (this is the sound of logic smacking them in the face)
      "Wow, maybe I should do something so that it wouldn't be this easy for other people!"
      • Re: (Score:2, Insightful)

        Comment removed based on user account deletion
        • Oh, please don't think I disagree with you.

          I also share a dream of a socialist wifi sharing utopia, but public paranoia over security is definitely making this an issue. Look at the recent arrest in FL (there was a slashdot article about it, too lazy to look it up) where a man was arrested for leeching wifi. Granted, he was a dumbass who did it from a car, and also in the same location for many hours... but the potential for abuse does exist, especially in urban areas where there are many more users within
          • by ultranova ( 717540 ) on Saturday August 27, 2005 @02:29AM (#13414017)

            I also share a dream of a socialist wifi sharing utopia,

            You made a mistake here. Using the word "socialist" immediately sends a "strawman alert" through the brains of anyone reading your message. It's just overused nowadays, and doesn't have the same "oomph" as it did when Soviet Union was still the evil empire.

            The fact is though that the consumers want security, and they are scared of "hackers" (mostly because of media distortion and hyperbole).

            The consumers couldn't care less about security, as proven by their continued usage of Windows, for example. And why should they ? It's not like it harms them in any way if someone piggypacks on their connection - especially if they can do the same on their neighbour's connection, which will lead to traffick being routed through whatever connection has most unused available.

            No, it is the four- and three-letter acronyms that want security - RIAA, MPAA, FBI, CIA etc. If people are free to connect through whatever wireless connection happens to be available, they are pretty difficult to monitor. Make them connect through a single designated pipe, and you can pin easily monitor all incoming and outgoing traffick for a particular person.

            Furthermore, as wireless access points grow more numerous, you would eventually get to a point where IP packets would simply be routed from one wireless point to the next, forming an uncensorable internet. That is unacceptable - all countries want to censor their citizens. Even Finland recently found an arrangement where the police gives a list of websites to be blocked to the ISP's, who will then block them - this was done to combat child porn, of course; now let's see how long until someone starts demanding that hate speech, illegal file sharing, and whatever else he might have a grievance against gets blocked by the Great Firewall of Finland.

            A privately owned (by private citizens, not corporations) and operated Internet, made up of wireless access points routing packets outside the corporation owned wires would make such censorship impossible, so better to kill it off before it really catches on. That is the true motive behind these calls for security.

            For those of us that want to turn it off, the option would still exist.

            Yeah, but that means that you purposefully allowed your access point to be used by anyone, making it much easier to succesfully sue you for any illegal actions someone might conduct through it.

            Who do you work for ? CIA ? FBI ? RIAA ? MPAA ? How well did they pay you for your message ?

        • Where do you live, and do you own a gun?
  • by LittLe3Lue ( 819978 ) on Friday August 26, 2005 @06:51PM (#13412366)

    From the report: 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'


    Please. Slashdot has had the same effect on websites for years.
    • The university where I work already incorporates this tactic, and it works quite well. The only way to get your computer back on the network is to prove you've installed virus software + firewall, and have completely rid your machine of the malicious software. It really gets users to shape-up quick. They also run a daily scan of the network for certain open ports and vulnerabilities that are commonly used by worms. "Punishment" is still the same - fix it or remain cut off.
  • by This Old Chestnut ( 759273 ) on Friday August 26, 2005 @06:54PM (#13412379)
    Security through proximity is not security at all.
  • Huh? (Score:4, Insightful)

    by Limburgher ( 523006 ) on Friday August 26, 2005 @06:55PM (#13412387) Homepage Journal
    So it shuts down if you suddenly start using it more? Like if I start a multi-threaded FTP transfer, a bittorrent session, or a portscan?

    No thank you. Don't decide for me what traffic I can generate.

    • Yeah, no kidding. I'm all for Windows throwing up a little bubble saying "hey, your network usage isn't usually this high. You sure there's not a problem?", but this sounds pretty ruthless.
    • Re:Huh? (Score:3, Informative)

      by Keeper ( 56691 )
      No, it shuts down if the time it takes for your wireless nic to respond to the wap is greater than a certain threshold, where the threshhold is set in a manner that represents absolute distance from the access point.

      This has nothing to do with the actual 'ping time' of data sent using the wireless protocol, rather it has everything to do with the 'ping time' of protocol itself.
      • where the threshhold is set in a manner that represents absolute distance from the access point.

        Meaning that it assumes that people using a device from too great a distance must be a hacker? Do network cards / computers have predictable enough response times? I say that because sometimes there is some other processes might slow down response times, and a computer chugging along on a bunch of eyecandy might not respond quickly enough.
        • It means that I don't want people outside of a certain radius (say, beyond the walls of my house) using my WAP.

          The response time of a wireless NIC is several orders of magnitude faster than the time it takes for a signal to travel through the air (think of the difference between a CPU hitting cache vs a CPU hitting main memory and multiply by a factor of ~250 per 100 feet).

          Obviously, this technique isn't precise to the exact cm, but the tolerances are acceptable. In other words, the coverage pattern won't
    • Comment removed based on user account deletion
    • When security compromises functionality, you have already lost. Kinda like how Al-Qaeda won the war on terrorism.

      The first idea sounds like some geek's dissertation. Bully for you, Dr. Poindexter, you get the degree, but you don't get the VC. The second is just stupid, a naive case of traffic conditioning.

      Here's a novel idea for security--stop writing crappy software. This will never happen so long as profit$ = quality / time. That's why I hate programming, and why I'm now doing system administration t
  • im skeptikal... (Score:1, Interesting)

    by brianopp ( 862935 )
    while this sounds fine and dandy.. arent there so many things to consider.. interference from other devices, walls, metal objects... how accurate would this be... im thining it could end up with too many false-positives
  • The amount of time it takes for a packet to arrive could change because things other than physical distance from the access point. Like hardware latency, interference, etc. If it could be forgiving of these, perhaps the packet transfer time could only be so high, it may work. I haven't RTA yet, but I think there are betters ways to stop the spread of a worm. I think every machine on a network should be running a software firewall, not just a hardware firewall for incoming threats from the outside. With peo
    • Intel and others are already integrating functions to off-load some of TCP/IP's more costly aspects from the CPU. At that point, adding a connection count throttle only requires a few extra transistors to recognize incoming/outgoing connects and count them.

      But the connect limit would have to be configurable to accomodate people's usage patterns... and if the limits are programmable, nothing is stopping a virus from altering them even if the limiting itself is done in hardware.

    • The speed of light in the neighborhood of the device might be locally distorted, too. (I hate it when that happens. I loose all track of time.)
  • by Anonymous Coward
    Its disgusting how Intel capitalizes on paranoia in order to increase profit. How do you expect free community networks to take off if people don't keep their access points open? I keep my access point wide open for everyone to use and never had any problems. If I need to transfer something sensitive I simply use ssl, ssh, or any other type of encryption.
    • What if someone uses your open access point to send Spam thru your ISP and account ?
      The thought of having other people using my ISP account, which has my name on it, to do ilegal or inmoral (to me) stuff like spam, warez, piracy, etc is enogh to think about security. The fact that I don't wan others sucking up my bandwithd is another thing I think off.
      I would donate part of my bandwidth to the general community though. If it was easy and secure.
      Regarding others reading my packets, well I already asume that,
  • With lines like this....

    The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network. You'd have to wonder how many people are that transucent to understand once you're connected to a netwrk, you're vulnerable from many varieties of attacks, no matter what browser you use.

    These people make sure that they find workable ways around browsers to ensure the installation
  • by Tackhead ( 54550 ) on Friday August 26, 2005 @07:05PM (#13412426)
    > Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user.

    Crackers are developing new technologies to enable unauthorized access to wireless networks using the time it takes them to intercept and retransmit packets between the access point and the Wi-Fi user.

    As for the "solution" of detecting worms by autokilling connections when bandwidth usage changes in a way that the software didn't predict, (in a way that's more likely to cripple your favorite P2P client software more than it's likely to disable a worm that decides to start slowly and ramp up), how about Intel gets off its sorry ass (if you felt a rant coming on, you were right) and comes up with a real solution to connection hijacking -- namely by implementing cryptographically strong authentication between client and access point at Layer 2 of the OSI model, not Layer 7.

    Oh, right. Securing Layer 2 instead of Layer 7 would harm the interest of those in charge of writing Layers 8 (financial) and Layer 9 (political) of the 7-layer model.

  • by Lemming Mark ( 849014 ) on Friday August 26, 2005 @07:11PM (#13412456) Homepage
    Before anyone gets too upset at the idea of their computers getting cut off from the internet for running P2P:

    This kind of technology is not interesting to home users, or even for developer workstations: nobody is going to want to use a technology that cuts off their personal computer. The place it looks (IMHO) to be aimed at is ordinary user desktops in large corporations. These are (supposed to be) highly locked-down environment and controlled tightly by the sysadmins. In this environment, the IT manager is going to prefer inconveniencing a few users by cutting their 'net connection than managing a widescale worm outbreak that'll likely take the rest of the network down for everyone.

    Horses for courses: home users and developers will still be best served by taking precautions (virus scanners and social countermeasures) and being vigilant for signs of an outbreak.
    • This kind of technology is not interesting to home users ... The place it looks (IMHO) to be aimed at is ordinary user desktops in large corporations.

      So how long before your ISP picks it up? Think of upload caps, port blocks and smtp jails as other "technologies" that piss users off and don't do anything for security.

      • Yup, *that* is worrying. My ISP is a university and thus generally quite permissive, with a load of totally random restrictions that they sometimes enforce in heavy-handed ways.

        This kind of technology might be useful to ISPs (from their point of view) but it's something I'd pay extra to avoid - I'd been very happy to vote with my wallet by going to another ISP, as long as the competition is available (not in my case :-( )

        OTOH, will the availability of this technology *really* make the situation much worse
  • by TheStupidOne ( 872664 ) on Friday August 26, 2005 @07:19PM (#13412500)

    The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.

    My router, a Westell 327w, already has this feature. It locks up when I use the wifi for anything remotely network-intensi...NO CARRIER SIGNAL

    • I use it for (mostly) Web sites (including now) and also for gaming. You are perfectly right, the VersaLink (as Westell marks it) does disconnect the wireless (and sometimes even the Ethernet) connection sometimes, especially when both are active--and sometimes when both are needed. (Playing SOCOM II while finding a "war" on Game Battles [gamebattles.com], etc.) I ued to think it was just the ISP booting us for abuse; from what you say, I believe it is That Damn Modem.

      Usually, it gets teh job done, though.

  • hmm (Score:3, Interesting)

    by manavendra ( 688020 ) on Friday August 26, 2005 @07:22PM (#13412514) Homepage Journal
    Why stop at doing this for wireless devices? Why not include such connnection-based control for any connections made from the host?

    Also, the article says this proposed change will require change to existing Wi-Fi devices. IS that really going to happen in near future?

  • But when I think of hardware security, I think of a box I built one time without a hard drive. It just had a CD ROM, from which I would load a Puppy Linux CD, remove it, and leave it running for days at a time with nothing but RAM. If we needed to save a file on it, we used removable media such as USB keydrives. With no writable disks present to infect, with nothing, in fact, but a motherboard, CPU, and a 1-gig DDR, I always wondered how it would fare on a network. But I suppose this is what is meant by 'd
    • With no writable disks present to infect, with nothing, in fact, but a motherboard, CPU, and a 1-gig DDR, I always wondered how it would fare on a network.

      You'd still be completely vulnerable to worms that exploit buffer overflows and the like. The only difference is that a reset will cure you.

      But I suppose this is what is meant by 'dumb terminals'.

      No. Dumb terminals, such as Sun Rays, don't have their own processors and memory.

  • bye bye bittorrent (Score:4, Insightful)

    by Gopal.V ( 532678 ) on Friday August 26, 2005 @07:26PM (#13412525) Homepage Journal
    > The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.

    What is there here that can't be done with software ?. Oh, wait .. that needs Microsoft to do it. Doing it at the WiFi card level might give intel an advantage - but most likely they'll just push this into the driver code. Then we're back to the "why doesn't Microsoft do this" - though in truth, we should chuck it and use Linux.

    It essentially means that the moment I run bittorrent, Intel's new WiFi chip will throw me off the network. That's what it'll do for most of us.

    > The access point times the time it takes a packet to arrive the client and go back. Using this time, the access point can predict the location of the user and tell whether a client device is inside or outside the allowed area, for example office wall.

    Similarly all Ethernet cards will have something that allows only packets addressed to it's MAC address to be read. And then someone will find out a way to work around that. I could rephrase when guns are outlawed, only outlaws will have guns - but this is even worse. Intel will create APs which have an artificially limited range to prevent you from taking your laptop to the crapper. This is almost like the userfriendly joke about laptops chained to the desk form of security.

    Truly these are ideas to be sold, not products. Once people buy in on the security of these things, intel hopes to make a killing for no extra-work (yes, we have to buy the NEW secure WiFi cards and then just boot up that AP, let's get mailing status reports - leaving a router with "linksys" wide open). Security needs care and control - just cheap hacks on hardware will not do .
  • by springbox ( 853816 ) on Friday August 26, 2005 @07:27PM (#13412531)
    Intel is developing a new technology that could prevent unauthorized access to wireless networks

    Could it be..

    • Setting the router defaults to be more secure
    • Printing out how to run the setup utility included with the router to secure your network on a big bright yellow card
    • Forcing the user to pay attention to the settings by setting the WPA key to a random default
    • Printing, in big letters somewhere on the inside of the box, explaining how if the user runs yet another inescure 802.11b network, the terrorists have already won
    </sarcasm>

    It seems like Intel might be searching for an automatic solution for this problem, which is bound to fail as quickly as they can put it out in the wild. How do you protect users from bad network setups if the users largely aren't aware that the problem exists? We don't need new technology, we need to modify existing technology that, while it might add a few extra steps, forces users to pay attention to the problem that everyone here is already aware of.

  • by Anonymouse Cownerd ( 754174 ) on Friday August 26, 2005 @07:29PM (#13412544) Homepage
    "The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network."

    DOS attacks have just gotten easier.

    • "DOS attacks have just gotten easier."

      Yes, and the potential for worm based inward-facing DOS attacks is very real, even though most DOS attacks are thought of as accidental (due to network traffic from the probing threads) or outward facing (directed at remote web site). It's one of the more interesting aspects of this Zotob outbreak, but not well reported.

      Zotob (and variants) demonstrated that an internal DOS attack can be about as devastating as the worm / botnet infestation itself. The massive

  • Intel is inventing a solution for a problem that has never really been determined to be a problem.

    There are plenty of existing ways of securing an existing Wi-Fi network. Those who care will.

    A lot of the reason people don't know how to secure their networks is because people have never been give a reason to learn. In spite of all this talk from the security conscious about why they should lock down their networks (the most compelling justification I feel is to make sure illicit things (terrorism, kiddie por
  • by http ( 589131 )
    From http://www.it-observer.com/articles.php?id=857 [it-observer.com] :

    The solution support automatically to detect infected computers by monitoring the network activity and isolate them.

    I'm accustomed to technical descriptions occasionally lapsing into arcana, but come on. Is a grammatically correct sentence too much to ask? Sure, you might say 'But you were able to figure out what they meant', but the fact is I had to work to get the drift of it, and I know I may have misinterpreted something. I suspect they weren't

  • by volsung ( 378 ) <stan@mtrr.org> on Friday August 26, 2005 @08:09PM (#13412748)
    Any sufficiently advanced worm will be indistinguishable from normal user traffic.

    (OK, so it has nothing to do with Clarke's Law, other than sharing the same sentence pattern.)

  • "Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user."

    As opposed to, say, enabling encryption?

    "Intel has also released a hardware-based solution to fight against worm spreading."

    The software-based solution is using a real OS. Another hardware-based solution is to refuse to run any Microsoft operating systems.
    • "The software-based solution is using a real OS."

      Windows won't be going away any time soon, so there will remain plenty of worm fodder. I am surprised by the number of relatively unsophisticated home users who are switching to Mac OS X or Linux as a result of adware, spyware, and worms, but I haven't seen the same switcher phenomenon occurring in corporations.

      Besides, worms probably wouldn't go away even if Windows did. Although conventional wisdom says that a large pool of exploitable systems is

  • 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'

    ok.. so this will also cut off anyone who uses bit torrent or any other swarming distribution program, regardless of legitimate or illegitimate activity. Fun.
    • I tend to be a little skeptical of these kind of heuristic bandwidth capping systems myself. As it turns out I work in a large, very decentralized organization that has actually used bittorrent internally as an emergency distribution mechanism.

      Such a system would have to be tuned properly, and yes, bittorrent would probably be a casualty of this sort of thing. Often times the tuning of these sorts of systems can be nearly impossible in a big organization that cannot have downtime or helpdesk calls from fa
  • by jav1231 ( 539129 )
    "Dude! As soon as I finish downloading the new Knoppix CD we'll be set to...WTF?!?"
  • I wonder if there's some kind of conservation of energy system possible for securing radio transmissions (like WiFi, Bluetooth, "wireless"). A system in a closed space like a room which is covered with a material which absorbs all the internal radiation could be good - if such a system (perhaps room-temp superconducting) consumed nearly no power, it might run solely on a fraction of the absorbed radiation.

    Maybe tightly focused beams of radio energy, connecting transmitter and receiver with thin, long low po
    • Why bother to setup such a complicated system when there is quantum transmission already implemented? Ok, it is not wireless, but I suspect a system like yours might detect a security breach every time someone moves his chair ..
      • Because quantum transmission is very expensive and even more complicated, just in the physical transmission layer. My system isn't very complicated - the ACK heartbeat protocol is simpler than most TCP/IP ACK protocols. Are you really comparing my idea to the actual complexity of quantum entanglement and existing networks, or just the versions you've read about in Discover magazine?
        • Well, you need an insulated room, and you need precise signal power measurements for every incoming and outgoing signal. Sounds like a lot of effort.

          It is not like I could not see the NSA trying it out, but for every other institution your idea is just not how affordable electronics is handled.
          • Quantum entanglement is easy and cheap?
            • No, it isn't, but you just have to secure a line, not a 3D space, which makes it scale better.

              Also QE gets down to the smallest unit that energy can be measured in - your system would still risk to be snooped on by a detector that didn't milk much power. So eventually your system with increasing sophistication would end up being a quantum entanglement system as well.

              Your idea is quite useful to detect someone exploting an existing system, but not as a concept for the design of a new system.
    • There's no need for any of this. All we have to do is make use of the security flag defined by RFC3514. See it at: http://www.faqs.org/rfcs/rfc3514.html [faqs.org]

      This has been available to us since 4/1/03, and comes to us via Steve Bellovin, a security guy of note.
  • if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines

    So any one macine will only have time to infect five others. Problem solved!

  • Take a hammer and beat the IT directors at every major broadband ISP over the head until they finally decide to start filtering port 25. Simple. Elegant, and more effective than any other idea that's been presented.
    • by Anonymous Coward
      lame idea, where would it stop?
      some other thing using a well known protocol will come along.... hey lets block it, not like this is called the internet or anything.
    • They did this for a while last year with bell south. My friend could no longer check or send email and his router ceased properly functioning. yeah.. filter port 25... who cares about any of that "internet stuff"
  • by Rutulian ( 171771 ) on Friday August 26, 2005 @10:20PM (#13413281)
    Intel is developing a new technology that could prevent unauthorized access to wireless networks

    There already exist a number of methods for preventing unauthorized access to wireless networks: stopping SSID broadcasting, filtering MAC addresses, WPA, and even IPSEC for the paranoid. People already don't use what is available because they don't think it is important. What makes Intel think they will use this? It seems to me that the automatic response to security mechanism these days is "turn it off, it's too confusing and we aren't trying to hide anything." A lot of people just don't understand that their passwords and credit card numbers are being sent over the airwaves in cleartext and can be easily intercepted unless you use the security features of your access point.
  • If you go to far you get disconnected.
    Mostly its not anything special just a 25 foot cat5 cable.
  • How about a simple USB jack on the wireless router, and another on the remote device; if you plug the remote unit into the hub when it's at factory default, it accepts settings (keys, channels, etc.) from the router, then you unplug, and slap it on the remote computer, viola, all done.

    I could imagine a collection of settings on the remote device (Home, Office, Starbucks) that once set, are kept and automatically scanned through when powered on, and uniquely indentified. (each user getting a key set could ge
  • 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'


    I see it now...

    *open Azureus or other BitTorrent client*
    *50+ connections very quickly*
    *Intel has used hardware to protect you from yourself. Have great day*

    -M
  • Seems to me that if they're trying to decide whether a wireless signal is coming from near or far, they're relying on that old speed-of-light thingie, which I recall as being around one nanosecond per foot.

    In order to establish a "bubble" within which users must be located, you have to determine the position of the furthest legitimate user and then add one foot per nanosecond of worst-case response time. For a real-world situation, this new sphere is likely to take in some real estate that isn't under you

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (7) Well, it's an excellent idea, but it would make the compilers too hard to write.

Working...