ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Talkback

Post a comment


Story: Bluetooth security dangers ignored, say experts

  • Previous comment

Posted by: alessandrot (Thursday 24 April 2008, 9:28 PM)

  • Reply

No security flaws in the ASN.1 standard

The statements about ASN.1 in the article above are incorrect. ASN.1 is a well-established standard language that is used in many different standard communications protocols to define the structure of the messages and their encodings. As a standard language, ASN.1 is very mature and very stable, and has no security vulnerabilities. Over the long history of this standard (two decades), there have been reports of security flaws in some of its implementations. Now and then there have also been allegations that the language itself had flaws, but such allegations were never substantiated.

Around the year 2002 there was a surge in the level of public concern and in the number of security vulnerability reports on certain implementations of communications protocols specified in ASN.1. As the increased level of concern was reflected in the press, many articles that mentioned security vulnerabilities associated with "ASN.1" were posted on the Web at that time, and many of those articles are still popping up today on Web searches. The issues referred to in those reports were solved by correcting bugs in the various implementations, and it was never necessary to modify the ASN.1 standard itself. Some ASN.1 implementations, such as OSS Nokalva's ASN.1 tools, were found to be free of the bugs that were plaguing certain other ASN.1 implementations, suggesting that the use of professional ASN.1 tools by a protocol implementer greatly reduces the risk of security flaws being present in the final product.

The key point, anyway, is that while some implementations may be buggy (and hence contain security weaknesses), the ASN.1 language itself has no such weaknesses.

View complete profile

Private message disabled

View all posts

alessandrot

alessandrot
n/a
Member since: April 2005

Site Activity Rating:

1

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats


Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers