Comments for MOJO Wireless http://blog.airtightnetworks.com AirTight Networks Blog Sun, 08 Mar 2015 21:51:39 +0000 hourly 1 Comment on ISP Network on the Home Side and the Role Wi-Fi May Play by sriram http://blog.airtightnetworks.com/isp-network-on-the-home-side-and-the-role-wi-fi-may-play/#comment-581308 Sun, 08 Mar 2015 21:51:39 +0000 http://blog.airtightnetworks.com/?p=8587#comment-581308 Very nice article Hemant. I agree with you that the industry needs a co-ordinated effort to define the requirements of home Wi-Fi.

Scalability of Wi-Fi management is the other requirement that might become very critical for service providers if they have to operate profitably.

]]>
Comment on iOS8 MAC Address Randomization Update by Chandra http://blog.airtightnetworks.com/ios8-mac-randomgate/#comment-549084 Fri, 13 Feb 2015 18:54:13 +0000 http://blog.airtightnetworks.com/?p=7939#comment-549084 I used to turn off Location Services and Cellular data to save battery and stay within limits of data usage. After a while data caps went up and realized that it’s wifi probes that drain battery more than location services and cellular data. Still keep location services off for most of the apps for privacy. Wifi only at trusted places to watch high speed videos or so.

]]>
Comment on iOS8 MAC Randomization – Analyzed! by Harshal Vora http://blog.airtightnetworks.com/ios8-mac-randomization-analyzed/#comment-532696 Wed, 04 Feb 2015 10:42:07 +0000 http://blog.airtightnetworks.com/?p=7875#comment-532696 Hi,

Thanks for answering my earlier question.
Wiki Pedia page mentions that the U/L bit should be set to 1, and it does not talk anything about the unicast or multicast bit.

So are the following addresses also classified as LAM’s?

xb-xx-xx-xx-xx-xx
x3-xx-xx-xx-xx-xx
x7-xx-xx-xx-xx-xx
xf-xx-xx-xx-xx-xx

Regards,

]]>
Comment on Healthcare, Wi-Fi and HIPAA – A Tricky Combination by Jack Brickman http://blog.airtightnetworks.com/wireless-security-and-hipaa-compliance-in-healthcare/#comment-400162 Tue, 16 Dec 2014 12:53:14 +0000 http://blog.airtightnetworks.com/?p=6137#comment-400162 As an information security specialist for many years, I unfortunately see the same recurring theme with businesses time and time again, and that’s the failure to implement comprehensive security policies, procedures, processes, and other fundamental initiatives. With so many free and cost-effective solutions available online, there’s really no excuses as to why businesses don’t take the necessary steps for ensuring the safety and security of one’s entire network infrastructure. What’s also frustrating is not seeing comprehensive security awareness training and other basic, fundamental programs, like annual risk assessments, that should be in place for further helping protect organizational assets. There are literally hundreds of sites offering free employee training material. It’s time companies got serious about security and not just profits because data breaches are continuing to grow at such an alarming rate. Think about it, what business do you even have if a significant data breach occurs? Kiss your profits goodbye and say hello to the onslaught of lawsuits sure to arrive.

]]>
Comment on Going Beyond the Checkmark: All Things PCI by Charles Denyer http://blog.airtightnetworks.com/going-beyond-the-checkmark-all-things-pci/#comment-333325 Mon, 01 Dec 2014 13:04:59 +0000 http://blog.airtightnetworks.com/?p=4753#comment-333325 As one of the longest licensed PCI-QSA’s in North America, I can attest that wireless security is a hug issue, and something that needs to be taken seriously by all companies. I actually have a few clients who use AirTight, and the products are very good. I just also wanted to add that don’t forget that one of the most important – and time consuming aspects of PCI DSS compliance – is developing all mandated policies and procedures. As a PCI-QSA for years, I’m constantly having to deal with my client’s challenges of having little or no documentation in place. If you look at the actual standards, there’s close to 50 or so policies and procedures that need to be in place, so finding a comprehensive policy packet is a must. PCI DSS is not always about the technical aspects, there’s a lot of documentation that has to be in place, so just remember that! There are numerous providers online offering cost-effective templates, so now it’s easier and more affordable than ever to put in place all mandated PCI specific documents.

]]>
Comment on Healthcare, Wi-Fi and HIPAA – A Tricky Combination by Heather McFarland http://blog.airtightnetworks.com/wireless-security-and-hipaa-compliance-in-healthcare/#comment-304359 Tue, 25 Nov 2014 15:43:36 +0000 http://blog.airtightnetworks.com/?p=6137#comment-304359 Hermant, thanks for the great article on wireless security. I’ll def. be mentioning such services to my clients. I would like to add that HIPAA compliance – for most Covered Entities and Business Associates – is largely dependent on having documented policies, procedures, and processes in place for both the HIPAA Security Rule and the Privacy Rule, along with other applicable areas. But most CE’s and BA’s seem to just focus on the well-known Security Rule and forget about the dozens of “standards” and “implementation specifications” under the Privacy Rule, which are also important. There are numerous provisions regarding the uses and disclosure of Protected Health Information (PHI) – along with other important considerations that deserve attention – so remember to focus on the Privacy Rule also by putting in place all mandated policies, procedures, and controls.

]]>
Comment on How Long Will Wi-Fi Protect You from Carrier Monetization Programs? by Ksenia Coffman http://blog.airtightnetworks.com/how-long-will-wifi-protect-you-from-carrier-monetization-programs/#comment-251691 Fri, 14 Nov 2014 18:41:20 +0000 http://blog.airtightnetworks.com/?p=8272#comment-251691 Hi Geoff, yes, agree – with Hotspot 2.0 and Passpoint, Wi-Fi networks will become more homogeneous, with just a few providers managing large amounts of hotspots. T’s and C’s will become even more important.

I’ll connect with you via email to discuss further.

]]>
Comment on How Long Will Wi-Fi Protect You from Carrier Monetization Programs? by Geoff Revill http://blog.airtightnetworks.com/how-long-will-wifi-protect-you-from-carrier-monetization-programs/#comment-250600 Fri, 14 Nov 2014 13:28:14 +0000 http://blog.airtightnetworks.com/?p=8272#comment-250600 Excellent analysis and update thank you.
However you forget one other thing that regularly occurs with public Wi-Fi – many companies openly state they will track your usage of Wi-Fi when you sign up – but few people read those T’s and C’s. So if you Wi-Fi is turned on and you logged into just one hotspot and clicked their Ts and Cs, then they track your movement across all hotspots – and as your own blogs highlight Apple’s new mac scrambling technique does not really help.
I have considered creating a list of the public Wi-Fi providers that do this – is this something we could collaborate on?

]]>
Comment on iOS8 MAC Randomization – Analyzed! by The AirTight Team http://blog.airtightnetworks.com/ios8-mac-randomization-analyzed/#comment-34308 Wed, 01 Oct 2014 16:07:41 +0000 http://blog.airtightnetworks.com/?p=7875#comment-34308 Hi Umit,

We have not tested iphone 5C but I believe its behavior is like Iphone 5 i.e no random mac addresses supported.
In our observation we have seen that as soon as you use the phone (or get an alert/notification etc) the phone will send out probe requests. [BM]

]]>
Comment on iOS8 MAC Randomization – Analyzed! by Umit Tuzel http://blog.airtightnetworks.com/ios8-mac-randomization-analyzed/#comment-33757 Wed, 01 Oct 2014 10:38:29 +0000 http://blog.airtightnetworks.com/?p=7875#comment-33757 Hi,

I also did some testing on Iphone 5C, IOS 8.02

My findings:
1) As long as Data Services is ON, there is NO RAND MAC.
2) If the phone is in the sleeping mode, there are some cases where you have no probe request broadcast for 600sec(10min)!!!! This is a real killer for WiFi tracking business.

Could you please confirm these?
Thanks again.

]]>