You make an interesting point. The idea of a secure P2P private networks still doesn't sit well with me. The insider threat can still act as the attacker and remove data from their assigned facility. None the less, business requirements "are" business requirements. "Its not the technology that's the problem", its how easy it is to abuse.

So, the idea was to load "sleeper" software by default on all these machines? Is the URL associated with this "service" always at the same memory location? It shouldn't be that hard for a Malware author to check for this BIOS and try to change the address. Who feels like being monitored by criminals? 10% off sale price?

Maybe, maybe not. When was the last time you hear a telecommunications company update their software within a reasonable time frame? It would just be easier and cheaper for the phones to get updated. So the phone manufactures will blame the telcoms while the telcoms will blame the manufactures. I can see where this is going...

You forgot nokia, symbian and all the other SMS stacks out there.

http://www.blackhat.com/presentations/bh-europe-09/Gassira_Piccirillo/BlackHat-Europe-2009-Gassira-Piccirillo-Hijacking-Mobile-Data-Connections-whitepaper.pdf The weakest link is always exploited first. Trust nothing.

I saw this one coming. Some cell phones cannot distinguish between a moble provider sending binary encoded XML enabled SMS messages or an attacker through an SMS gateway. Amateur security model/practices.

I do not consider wire transfer services such as SWIFT a P2P technology. I wouldn't call a network of Morse code operators using telegraph lines P2P either. Getting into a semantic discussion won't solve anything though. If one were to distinguish PUBLIC P2P v. PRIVATE P2P I would say neither are secure. An internal P2P network could be easily exploited by a rouge insider. Simply stated, the government and military contractors should proactively block all P2P traffic or risk heavy fines and potential termination of employment or funding.

I forgot about that!!! There is no firewall with enough throughput to shut him up.

The data must be unencrypted to access the information. Mission critical data is useless if its always encrypted.

Banning or simply ensuring employees that they will be terminated in the event you use P2P software is a good idea. Financial Institutions already enforce strict policies regarding P2P software. Notice we haven't heard of a bank getting P2P'd lately?

This is probably worded in way that you can understand.

"In fact, it would take little more than a cable modem to deny service to large metropolitan areas in the U.S. For example, a city the size of Washington, D.C., could be taken out by a DoS attack with a bandwidth of about 2.8 megabits per second, they said."

http://www.pcworld.com/article/122878/sms_attack_could_harm_cell_phones.html


And.. You should read the section titled "Seperation of Voice and Data" (as well the whole document) from the researchers at Penn.

"Even if a provider rationalized the expense, the elevated provisioning merely makes DoS attacks more difficult but not im-possible"

http://www.smsanalysis.org/smsanalysis.pdf

This research paper is 4 years old! How long has it been since you left your parents basement?

Bullcrap yourself friendo.

It doesn't have to be that complicated. A single person with a cable connection can knock out a small area code. First, make a list of all valid cell phone numbers. Second, determine each phone numbers specific provider. Third, determine the email address for all valid numbers. Finally, email bomb all the numbers in a random order with a multi-threaded tool. SMS Carpet Bombing persay.

Rule #1, an increase in attack surface area will increase the likelihood of an attacker targeting said technology. If the software is, as YayaY stated, so fragile and providers don't shape up then we're all f'd big time.

Consideration #1, Wireshark has supported GSM stacks for a few years. Nokia has had unlocked phones for some time. gnuRadio allows for cellular communications development. Considering an unlocked iPhone isn't the only means to access cellular signaling information this probably would have happened already.

My vote, its a ploy to keep iPhone users locked in.

Thermal, Near X-Ray, Radiological, RF Detection, Camera Detection/Jamming and the list goes on. The only reason to use glasses would be to conceal yourself in public. Got $20,000 to make one?

I'll believe it when I try it... Have seen similar promises before...