Advertisement
Promo

Security threats Toolkit

In association with Network Liberation Movement

Talkback

Post a comment


Story: Bluetooth security dangers ignored, say experts

  • Previous comment

Posted by: alessandrot (Thursday 24 April 2008, 9:28 PM)

  • Reply

No security flaws in the ASN.1 standard

The statements about ASN.1 in the article above are incorrect. ASN.1 is a well-established standard language that is used in many different standard communications protocols to define the structure of the messages and their encodings. As a standard language, ASN.1 is very mature and very stable, and has no security vulnerabilities. Over the long history of this standard (two decades), there have been reports of security flaws in some of its implementations. Now and then there have also been allegations that the language itself had flaws, but such allegations were never substantiated.

Around the year 2002 there was a surge in the level of public concern and in the number of security vulnerability reports on certain implementations of communications protocols specified in ASN.1. As the increased level of concern was reflected in the press, many articles that mentioned security vulnerabilities associated with "ASN.1" were posted on the Web at that time, and many of those articles are still popping up today on Web searches. The issues referred to in those reports were solved by correcting bugs in the various implementations, and it was never necessary to modify the ASN.1 standard itself. Some ASN.1 implementations, such as OSS Nokalva's ASN.1 tools, were found to be free of the bugs that were plaguing certain other ASN.1 implementations, suggesting that the use of professional ASN.1 tools by a protocol implementer greatly reduces the risk of security flaws being present in the final product.

The key point, anyway, is that while some implementations may be buggy (and hence contain security weaknesses), the ASN.1 language itself has no such weaknesses.

View complete profile

Private message disabled

View all posts

alessandrot

alessandrot
n/a
Member since: April 2005

Site Activity Rating:

1

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

2 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters