Security Web Digest: @Stake reports cavities in Bluetooth security ... and More

Survey says users lack security awareness Verisign says fraud up, US biggest target SunnComm Technologies backs off litigation threat New ARM core implements TrustZone wireless security architecture


A report released last week by digital security firm @Stake argues that devices that are equipped with Bluetooth could be easily attacked. The report highlights experiments showing that devices with the short-range wireless technology can be detected easily and, in some cases, that personal data from the gadgets can be downloaded.

ARM has extended its ARM 11 core architecture with several new parts announced Monday at the Microprocessor Forum. Two of the devices are the first to use the TrustZone architecture for enhanced security in wireless applications. ARM first revealed details about the TrustZone security enhanced architecture in May this year. The technology does not specify cryptographic math support, leaving the option open to licensees whether to do cryptographic maths in software on the basic ARM processor or as dedicated hardware. "There is increasing concern about security issues for downloading content to wireless devices," said Noel Hurley, director product management at ARM. "Our objective has not been to create a security product range, but for others to build this in to their products, and the Trust Zone technology allows them to do this," he added.


Recent research from the Meta Group found that more than 75 percent of companies see the lack of user security awareness as detracting from their security programs. About two-thirds of companies see the lack of awareness among executives as having a similar impact. "Most organizations will fail to successfully secure their technology environment simply because the security staff lacks the communication skills to create this shift in corporate culture," said Meta in a statement.


Internet security breaches and fraud attempts have outpaced the "impressive" growth of Internet usage with the U.S. being the biggest target by attackers, according to statistics released by Verisign. The company reported that the number of security events per device it managed increased by nearly 99 percent between May and August of 2003. Data from Verisigns fraud prevention systems indicate that 6.2 percent of e-commerce transactions in the U.S. were potential fraud attempts, and over 52 percent of fraud attempts against Verisign merchants now originate from outside of the U.S. The firm painted a glowing picture of Web usage, reporting that DNS resolutions grew by more than 50 percent between August 2002 and August 2003. Verisign said DNS resolutions for e-mail jumped 245 percent in the same period.

Intellectual Property

A software company has backed away from a threat to sue a Princeton student who published details on how to thwart its CD copy-protection technology. Peter Jacobs, the chief executive of SunnComm Technologies Inc., said Friday the company disputed the conclusion by Princeton student Alex Halderman that its software was "irreparably flawed," but would not pursue the matter because it did not want to chill academic research.