Padlock Your Palm

[InfoSec News <isn () C4I ORG>]

http://www.forbesbest.com/0226/060.html

[Pretty bland article, Even for the calibre of Forbes. But I have
never heard about the story in the first paragraph, and if anyone
knows more details, I want to hear them. Especially with HIPAA
and doctors loving their PDA's!

The fifth paragraph on the first page seems like it barely belongs
here, However I would love to see a Freedom application for the
wireless Palm pilots, And again, if anyone knows of anonymity products
for PDA's, Please drop a line.  - WK]


Edited by Nikhil Hutheesing
Best of The Web
02.26.01

Last summer a couple of teenagers hacked into the network of an
Internet health company, intercepted 14,000 patient records and
discovered that a classmate was infected with HIV. They then cruelly
boasted about their findings on a Web chat room, exposing their
classmate's identity. This, however, wasn't a typical computer hacking
incident. The network these kids broke into was a peer-to-peer
wireless network of Palm personal digital assistants. The PDA network
was being tested by a group of physicians, nurses and clinicians who
wirelessly swapped patient information from one PDA to another. The
teens, it seems, walked into the company armed with another Palm PDA.
Using the technology that allows one PDA to synchronize with another,
they were able to intercept patient data as it was beamed around the
company .

Since there are few wireless PDA networks today, such break-ins are
almost unknown. But Lawrence Ponemon, a senior partner for
PricewaterhouseCoopers, warns that as third-generation cell phones and
PDAs with powerful processors become common, they will become more
vulnerable. The problems will multiply as wireless networking
technologies, like Bluetooth, allow devices to talk to one another.

"Such information could be used to create a central profile of you
that will be used by marketers, hate groups and would-be terrorists,"
says Ponemon. This risk is real because service providers, like
GoAmerica and Verizon Wireless, will be required to implement
location-based services so that the FCC can make sure that as you move
around, you aren't being overcharged by your carrier. The byproduct is
that the providers will know details about your life and habits: when
you leave work, what route you take and whether you stop at Hooters on
the way home.

In the hands of stalkers, terrorists or, say, pesky marketing
companies, such information could be compromising. A terrorist, for
example, could figure out where a group of high-level executives or
politicians regularly congregated.

So how do you protect your handheld? First, turn on the
password-protection feature. It's a nuisance to type in a password,
but it'll help keep your data safer. Use your PC to check the wireless
privacy policy of sites. If there is no special policy, don't access
the site from your PDA. In the future, buy devices that have the new
privacy-preference cookies built in. These cookies regulate the data
that comes and goes from your PDA, according to your specifications.
Expect these cookies in future Blackberry and Palm devices and cell
phones. Also, check with your provider to see if its service works
with companies like Zero Knowledge, Pravada and Anonymity Online.
These outfits let you create truly anonymous pseudonyms so that
transactions can't be traced back to you.

[...]

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".