Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives
Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)
Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.
Webcast: Collaboration Initiatives: Benchmarks & Best Practices
Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)
Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.
Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices
This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.
Learn more about the CIO Executive Council »
MacBook Vulnerable to Wireless Hack
Security researchers David Maynor and Jon Ellch performed a digital drive-by Wednesday at the Black Hat USA conference. Their target: ...
August 03, 2006 — CIO —
Security researchers David Maynor and Jon Ellch performed a digital drive-by Wednesday at the Black Hat USA conference. Their target: an Apple Computer MacBook.
The two researchers have found ways to seize control of laptop computers by manipulating buggy code in wireless device drivers. In a videotaped demonstration at the conference, Maynor showed how to use sophisticated hacking tools to add and remove files on a Wi-Fi enabled MacBook, manipulating the system from an adjacent laptop computer.
Wireless devices are designed to be constantly sniffing for new networks, and this can lead to security problems, especially if their driver software is buggy.
This can often happen as vendors rush to implement the complex wireless standards, said Ellch, a student at the U.S. Naval postgraduate school in Monterey, Calif. "A lot of hardware manufacturers have to ship stuff quickly," he said. "One of the things that gets sacrificed in the speed game is security."
Apple is not the only vendor to have problems with its wireless drivers, said Maynor, who is a researcher with SecureWorks. By exploiting bugs in four different wireless cards, the researchers found ways to seize control of laptops running Windows and Linux as well, they said.
"Don’t think that just because we’re attacking Apple that the flaw itself is in Apple," Maynor said. "We wanted to do some other demos and they weren’t panning out."
However, Maynor said the researchers knew that if they showed their demonstration on a Mac OS X system—generally considered to be a very secure platform—that show attendees would take their findings seriously.
The idea of poking a hole in Apple’s current advertising campaign, which smugly boasts that Mac OS X is more secure than Windows, also appears to have been a factor. "I’ve got to be honest, those Mac commercials, they just jump right out at you," Maynor told attendees during his presentation.
The researchers are now working with Apple to fix the problems, which may involve both operating system and driver patches, according to Maynor. Apple declined to comment for this story.
The Black Hat demonstration came just days after Intel issued patches for wireless driver flaws that could lead to the same problems that the researchers demonstrated in Las Vegas.
Maynor and Ellch could not say whether Intel’s patches addressed flaws that they had discovered, but they said they had not worked with the chipmaker on these fixes.
It is possible that the Intel patches were released in anticipation of their talk, the researchers said. Still, both men praised Intel for addressing driver security. "You have to admire a company that would proactively fix things before a talk instead of waiting until afterward," Ellch said.
Exchange 2007 Risks and Mitigation Strategies
XenDesktop Cuts IT Complexity and Costs
Solving On-premise Email Challenges
A Comparative Cost Analysis of Email Environments
An Infrastructure and Operations Analysis
Upgrading to VMware vSphere with vWire
An Open Framework for Business Intelligence
Email and Web Threats Require a Layered Defense
Smart techniques for application security: whitebox + blackbox security testing.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Extending Client Refresh - 11 Steps to Maximize Savings
Profit from Power Savings
Find out how and why 400 organizations have d...
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
RIM, Motorola Latest Defendants in Visual Voicemail Suit
New IPhone Worm Steals Online Banking Codes, Builds Botnet
Microsoft Begins Paving Path for IT, Cloud Integration
Microsoft Confirms IE6, IE7 Zero-Day Bug
Report: Apple's 'Black Friday' Deals Cut Mac Prices 8%
11 Security Tips for Black Friday, Cyber Monday
Momentum Builds for Open Content Management Standard
BlackBerry Bold 9700: Why It's RIM's Best BlackBerry Ever
Mobile Groups Protest Proposed Net Neutrality Rules
Information Security and Business Strategy Part 1
