Dark Reading
Protect The Business - Enable Access
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Product Watch: AirPatrol Launches New Way To Enforce Mobile Device Security
'Situationally aware' technology can turn mobile apps on and off depending on where the device goes -- and who's nearby By Tim WilsonDark Reading
That's the idea behind ZoneDefense, a new mobile security technology unveiled today by AirPatrol. ZoneDefense can selectively allow or disallow the use of specific mobile applications, depending on where users go or who they are in the room with, the company says.
"Companies want to allow people to bring in their personal devices, but they need a better way to protect themselves from potential threats carried by those devices," says Tom Kellermann, CTO at AirPatrol. "What we're doing is giving them a way to enforce policy on a situationally aware basis."
ZoneDefense can detect any mobile device in an enterprise, track its location, check its compliance with company policy, and enforce rules based on where the user is located and who is nearby, AirPatrol says.
Under ZoneDefense, any mobile device that is detected -- whether it is a managed device or an unknown device -- can be restricted to specifically defined policies based on its current location and the other devices nearby. For example, a mobile device that is allowed to do file sharing in an approved area of the headquarters building might have file sharing turned off in another part of the facility. Enterprises also can set up the system to trigger an alert when an unknown device enters a secure zone, such as a boardroom or trading floor, AirPatrol says.
Utilizing commercial wireless bands and Wi-Fi, ZoneDefense can track a device within a couple of meters of its exact location, AirPatrol says. The initial rollout supports only iOS (iPhones and iPads) and BlackBerry, but the product will expand to the Android operating system later this year, the company says.
In addition to the release of ZoneDefense, AirPatrol issued a new whitepaper that points out vulnerabilities in mobile security strategies and offers guidelines on implementing wireless security policies.
Several of the vulnerabilities noted in the whitepaper are related to authentication. "One-time use passwords delivered via SMS are being defeated regularly by growing threats, such as Zeus Trojans and DroidDream," Kellermann observes. "This can make corporate data accessible to the adversary."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
CA To Acquire Authentication Vendor Arcot Systems Inc. 08/30/2010
China, Taiwan Nab 450 Suspects In Biggest Fraud Raid Ever 08/30/2010
DNS DDOS Threats and Corresponding Mitigation Strategies 03/23/2010
Spoofing Server - to - Server Communication: How You Can Prevent It 03/11/2010
DIGITAL ASSETS
Understanding Web Application Security Challenges
08/24/2010
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSHow To Detect And Root Out Sophisticated Malware
Are You A Human Confirms Man Or Machine With Games
State Of Utah Fires Tech Director Over Breach
MORE KEYHOLE
- Entering the Scrum: Taking the First Steps on Your Agile Journey
- Big Data at High Speed: Complex Event Processing at 10x
- SMB Server Guide: Meeting Email, Virtualization, and Business Application Challenges
- The Dell Difference: Lessons from Dell’s Own IT Transformation
- Techniques for Next-Gen Data Protection using Next-Gen Computing
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
