The Community for Technology Leaders
Green Image
Issue No. 01 - January/February (2005 vol. 9)
ISSN: 1089-7801
pp: 12-15

Internet Media
Network Magazine,
November 2004
"Network Identity and VoIP Security," by David Greenfield.
The most important security issue surrounding voice over IP (VoIP) is not denial-of-service attacks or eavesdropping — challenges that get much attention but have been largely addressed — but rather, caller identity. Without a method for authenticating a person's identity, enterprises can't keep useful lists of who to filter out to block voice spam. Vital online transactions are also limited. AT&T and MCI both provide VoIP services that can confirm internal caller ID by using Session Initiation Protocol certificates, but neither can currently verify outside callers. Greenfield calls on VoIP vendors to not only write security standards but also to implement them.
PC Magazine,
30 November 2004
"Your Media Files Unbound," by Jamie M. Bsales.
ORB Networks is rolling out a service that lets consumers access multimedia content at home using any device that has a Web connection. A 10-Mbyte client applet on a home PC resizes the files to match the device's resolution and connection speed, then sends them to the device using ORB's secure server.
Mobile and Wireless Computing
Visual Studio Magazine,
September 2004
"Program Mobile Devices," by Wei-Meng Lee.
For those who'd like to leverage the growing popularity of Short Message Service (SMS) in the US, Lee walks through the process of writing a Pocket PC application using Microsoft's new .NET Compact Framework to send SMS messages through a Bluetooth-enabled cell phone. SMS messages can be up to 160 alphanumeric characters — usually written using cell phone number keys — shared between mobile subscribers. Although the .NET Compact Framework doesn't have managed classes for programming Bluetooth, Lee explains a workaround technique that provides Bluetooth functionality through serial ports.
Network Magazine,
November 2004
"SSL VPNs: No Compromise?" by Andrew Conry-Murray.
Numerous vendors now offer a class of Secure Sockets Layer (SSL) remote-access software for virtual private networks (VPNs) that combines the best attributes of SSL technology and its rival, Internet Protocol Security (IPsec). However, these "network access" packages have some security problems and fail to solve new obstacles facing SSL VPNs, including their inability to keep out malicious software and stop application-layer attacks. Although vendors have taken steps to improve security measures — including adding security features at the gateway and sending SSL VPN traffic through extra security checks after it's been decrypted at the gateway — Conry-Murray says both have trade-offs in performance that network architects should weigh before deciding to use any of the network access packages.
Dr. Dobb's Journal,
November 2004
"ZigBee Wireless Sensor Networks," by Drew Gislason and Tim Gillman.
ZigBee is a promising, globally open wireless-sensor standard aimed at a niche that other technology standards don't yet cover: industries needing a low-cost, secure, reliable option for large sensor networks of up to 65,000 nodes running on batteries that can last months or years. ZigBee, whose hardware radio standard is IEEE 802.15.4, will work in various applications, including lighting controls, heating controls, home security, and automatic meter reading. The ZigBee Alliance (, formed to promote the standard and assure interoperability, now has more than 100 member companies in 22 countries on four continents.
Network Magazine,
November 2004
"NAT: Internet Mugger?" by David Greenfield.
The IETF has formed the Behavior Engineering for Hindrance Avoidance (Behave) working group to tackle the ongoing challenge of Network Address Translation. Most IETF members view NAT as a stumbling block to widespread VoIP deployment and network application, and some believe it blocks the transition to IPv6. However, the Behave WG seeks to define a comprehensive nomenclature for NAT technology and a set of best practices to dull its effects on the Internet's future. Cullen Jennings, engineer at Cisco Systems and cochair of the group, called it "a bit like making rules for how to mug someone."
Programming and Development
Dr. Dobb's Journal,
November 2004
"Binary XML," by Oliver Goldman.
Although XML has been widely adopted, its verbose nature isn't compatible with applications with limited bandwidth and memory, or those that require binary data, and it doesn't allow for randomly accessing portions of a document. Various proposals claiming to fix these problems have been suggested. Collectively, these proposals are referred to as "Binary XML," even though some of the proposals don't involve binary data and none of them create files conforming to the XML specification. In this article, Goldman analyzes a few of the Binary XML proposals and takes a closer look at some of XML's perceived drawbacks.
"Creating Trace Listeners in .NET," by Michael Taylor.
Although the .NET framework gives programmers "powerful" ways to debug and examine applications, trace listeners can broaden its abilities. Trace listeners check for debug and trace messages from .NET and display messages to users either through text boxes or by putting them into files. Taylor says .NET has three predefined trace listeners, but programmers can also define their own, and he outlines how to do this.
December 2004
"Sensitive Data & the .NET Crypto API," by David B. Scofield and Eric Bergman-Terrell.
In addition to being a good idea, protecting sensitive information is also a legal requirement in many areas — from a California law requiring companies to publicly disclose confidential data leaks to the US Health Insurance Portability and Accountability Act of 1996, which mandates that healthcare providers safeguard patient information. Scofield and Bergman-Terrell believe .NET's Crypto API provides a simple, effective way to meet those goals — as long as organizations meet certain criteria, including choosing the correct cryptographic algorithm, generating keys and initialization vectors, and encrypting or decrypting objects and byte arrays. The authors provide a sample application to demonstrate how to achieve these three criteria.
PC Magazine,
19 October 2004
"Security Center Spoof," by Jay Munro and Neil J. Rubenking.
One problem with Windows XP Service Pack 2 is a spoofing vulnerability in the Windows Security Center, the new security control panel for Windows PCs. This security gap could let altered security settings go unnoticed and, among other things, cause the Security Center to report falsely that no problems exist while the PC is under attack. Munro and Rubenking say the problem lies in the Windows Management Instrumentation (WMI) subsystem, Microsoft's version of Web-Based Enterprise Management, an industry standard for retrieving management information. WMI is where Windows stores security status, but the authors found that the WMI database can be spoofed because it doesn't verify programs reading or writing information to it.
30 November 2004
"Picture Peril," by Jay Munro.
Munro predicts that a worm will soon exploit a Windows vulnerability that lets a JPEG download and execute a Trojan on a victim's system as soon as the user views the image. Such a worm could, among other things, let the victim's PC be controlled remotely. The good news is that the Windows XP Service Pack 2 or any firewall that blocks outgoing requests address the problem, which hackers have already exploited in limited ways on the Internet. Because the worm could be passed through email, IM, Web sites, or downloaded programs, however, Munro expects it will be too tantalizing for hackers to pass up.
Fall 2004 special issue
"Encryption Skeleton Key?" by John R. Quain.
A math professor at Purdue University believes he can prove the Riemann Zeta function, a formula proposed in the 1800s by the German mathematician G.F.B. Riemann to describe the distribution of prime numbers. If he's right, it could mean more than winning a US$1 million prize from the Clay Mathematics Institute, because analysts believe a proof of the Riemann Zeta function could eventually let hackers break e-commerce encryptions, which use prime numbers. For instance, it's not uncommon for Web sites to use the product of two prime numbers as public keys — that is, mathematical keys that can be made public and verify signatures formed with an accompanying private key.
Dr. Dobb's Journal,
November 2004
"Secure Web Forms & Struts Extensions," by Hari Gopal.
Digital signatures help solve the twin security dilemmas of address authentification and nonrepudiation, or ensuring that parties involved in an agreement don't deny their promises later. However, Secure Sockets Layer (SSL), one of the most common protocols for protecting electronic communications, doesn't address nonrepudiation. Gopal argues the need for a uniform cross-browser digital-signature library to encourage the adoption of digital signatures. He outlines one possible approach using secure Web forms that offer a simple method for using digital signatures in Web applications built with the open-source Jakarta Struts Framework, which uses Java Servlet and Java Server Pages.
Alison Skratt is a freelance writer based in Oakville, Conn.
93 ms
(Ver 3.3 (11022016))