Documente Academic
Documente Profesional
Documente Cultură
SECURITY
www.networksecuritynewsletter.com
Contents
1
2
20
FEATURES
Why APIs are central to a BYOD
security strategy
5
The Bring Your Own Device (BYOD) phenomenon
affects most organisations. A secure and scalable
BYOD strategy is essential to manage the risks.
The answer may lay in Application Programming
Interfaces (APIs). If an organisation delivers its data
via mobile APIs, then the data does not actually
reside on the device, explains John Thielens of
Axway.
NEWS
TOR attacked possibly by the NSA
REGULARS
News in brief
Reviews
Events
20
Continued on page 2
ISSN 1353-4858/13
1353-4858/10 2013
2011 Elsevier Ltd. All rights reserved
This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use:
Photocopying
Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple
or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit
educational classroom use.
NEWS
Editorial Office:
Elsevier Ltd
The Boulevard, Langford Lane, Kidlington,
Oxford, OX5 1GB, United Kingdom
Fax: +44 (0)1865 843973
Web: www.networksecuritynewsletter.com
Publisher:
GregHopwood
Valero
Publisher:
David
E-mail: g.valero@elsevier.com
Editor: Steve Mansfield-Devine
Editor:
Mansfield-Devine
E-mail:Steve
smd@contrarisk.com
E-mail: smd@contrarisk.com
Senior Editor: Sarah Gordon
Senior Editor: Sarah Gordon
International Editoral Advisory Board:
International
Advisory
Board:
Dario
Forte, Edward Editoral
Amoroso, AT&T
Bell Laboratories;
Dario
Forte, Edward
Amoroso,
AT&T BellJon
Laboratories;
Fred Cohen,
Fred Cohen
& Associates;
David, The
Fred Cohen,
Fred Cohen
& Communications;
Associates; Jon David,
The
Fortress;
Bill Hancock,
Exodus
Ken Lindup,
Fortress; BillatHancock,
ExodusLongley,
Communications;
Lindup,
Consultant
Cylink; Dennis
QueenslandKen
University
Consultant
at Cylink;
Queensland
University
of Technology;
TimDennis
Myers, Longley,
Novell; Tom
Mulhall; Padget
of Technology;
TimMarietta;
Myers, Novell;
Mulhall;
Padget
Petterson,
Martin
EugeneTom
Schultz,
Hightower;
Petterson,
Martin
Marietta;
Eugene
Hightower;
Eugene
Spafford,
Purdue
University;
WinnSchultz,
Schwartau,
Inter.Pact
Eugene Spafford, Purdue University; Winn Schwartau, Inter.Pact
Production Support Manager: Lin Lucas
Production
Support
Manager: Lin Lucas
E-mail:
l.lucas@elsevier.com
E-mail: l.lucas@elsevier.com
Subscription Information
Subscription
Information
An
annual subscription
to Network Security includes 12
An annual
issues
and subscription
online accesstoforNetwork
up to 5 Security
users. includes 12
issues
and online access for up to 5 users.
Prices:
Prices:
1221 for all European countries & Iran
1112
forfor
allall
European
& Iran and Japan
US$1367
countriescountries
except Europe
US$1244
countries except Europe and Japan
162 000 for
for all
Japan
147
foruntil
Japan
(Prices525
valid
31 December 2013)
(Prices
valid until
Augustto2013)
To subscribe
send 31
payment
the address above.
To
subscribe
send
payment to the address above.
Tel: +44 (0)1865 843687
Tel:
+44
(0)1865
843687/Fax:
+44
(0)1865 834971
or via www.networksecuritynewsletter.com
Email:
commsales@elsevier.com,
Subscriptions
run for 12 months, from the date payment
or
via www.networksecuritynewsletter.com
is received.
Subscriptions run for 12 months, from the date payment is
received.
postage
is paid
Rahway,Global
NJ 07065,
PermissionsPeriodicals
may be sought
directly
fromat Elsevier
Rights
USA.
Postmaster
send
all Oxford
USA address
corrections
to: Network
Department,
PO Box
800,
OX5 1DX,
UK; phone:
+44 1865
Security,
365
Blair
Road,
Avenel,
NJ
07001,
USA
843830, fax: +44 1865 853333, email: permissions@elsevier.com. You
may also contact Global Rights directly through Elseviers home page
Permissions
may beselecting
soughtfirst
directly
from
Elsevier then
Global
Rights
(www.elsevier.com),
Support
& contact,
Copyright
Department,
OX5 clear
1DX, permissions
UK; phone: and
+44 make
1865
& permission.POInBox
the 800,
USA,Oxford
users may
843830,
+44 1865
853333, Clearance
email: permissions@elsevier.com.
You
paymentsfax:
through
the Copyright
Center, Inc., 222 Rosewood
may
contact
through
Elseviers
home
Drive,also
Danvers,
MAGlobal
01923,Rights
USA; directly
phone: +1
978 750
8400, fax:
+1page
978
(www.elsevier.com),
firstthe
Support
& contact,
Copyright
750 4744, and in theselecting
UK through
Copyright
Licensingthen
Agency
Rapid
&
permission.
In (CLARCS),
the USA, users
may clear
permissions
and make
Clearance
Service
90 Tottenham
Court
Road, London
W1P
payments
through
the
Copyright
Clearance
Center,
Inc.,
222
Rosewood
0LP, UK; tel: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other
Drive,
Danvers,
MA
01923,
USA;
phone:
+1
978
750
8400,
fax:
+1
978
countries may have a local reprographic rights agency for payments.
750
4744, and
in the UK through the Copyright Licensing Agency Rapid
Derivative
Works
Clearance
(CLARCS),tables
90 Tottenham
Court
Road, London
SubscribersService
may reproduce
of contents
or prepare
lists of W1P
arti0LP,
UK; tel: +44
(0)20 7631
5555; circulation
fax: +44 (0)20
Other
cles including
abstracts
for internal
within7631
their5500.
institutions.
countries
may
have
a
local
reprographic
rights
agency
for
payments.
Permission of the Publisher is required for resale or distribution outside
Derivative
Works
the institution.
Permission of the Publisher is required for all other
Subscribers
may reproduce
tables of contents
or prepare lists of artiderivative works,
including compilations
and translations.
cles
including
abstracts
internal circulation within their institutions.
Electronic Storage orfor
Usage
Permission
outside
Permission of
of the
thePublisher
Publisherisisrequired
requiredfortoresale
storeorordistribution
use electronically
the
Permission
of the
Publisher
is required
for orallpart
other
any institution.
material contained
in this
journal,
including
any article
of
derivative
compilations
an article. works,
Exceptincluding
as outlined
above, noand
parttranslations.
of this publication may
Electronic
Storage
or
Usage
be reproduced, stored in a retrieval system or transmitted in any form
Permission
of the Publisher
required tophotocopying,
store or use electronically
or by any means,
electronic,ismechanical,
recording or
any
material
contained
this journal,
including
anyPublisher.
article orAddress
part of
otherwise,
without
priorinwritten
permission
of the
an
article.
Except
as
outlined
above,
no
part
of
this
publication
may
permissions requests to: Elsevier Science Global Rights Department,
at
be
a retrievalnoted
system
or transmitted in any form
thereproduced,
mail, fax andstored
emailinaddresses
above.
or
by
any
means,
electronic,
mechanical,
photocopying,
recording
or
Notice
otherwise,
without
prior written
of any
the injury
Publisher.
Address
No responsibility
is assumed
by thepermission
Publisher for
and/or
dampermissions
requests
to: Elsevier
ScienceofGlobal
Rights
Department,
at
age to persons
or property
as a matter
products
liability,
negligence
the
mail,
fax
and
email
addresses
noted
above.
or otherwise, or from any use or operation of any methods, products,
Notice
instructions or ideas contained in the material herein. Because of
No
responsibility
is assumed
by thesciences,
Publisherinforparticular,
any injury independent
and/or damrapid
advances in
the medical
age
to persons
or propertyand
as drug
a matter
of products
verification
of diagnoses
dosages
should liability,
be made.negligence
Although
or
from anyis use
or operation
of anytomethods,
products,
all otherwise,
advertisingormaterial
expected
to conform
ethical (medical)
instructions
or
ideas
contained
in
the
material
herein.
Because
of
standards, inclusion in this publication does not constitute a guarantee
rapid
advances of
in the
thequality
medical
sciences,
in product
particular,
independent
or endorsement
or value
of such
or of
the claims
verification
of its
diagnoses
and drug dosages should be made. Although
made of it by
manufacturer.
all advertising material is expected to conform to ethical (medical)
standards, inclusion in this publication does not constitute a guarantee
or endorsement of the quality or value of such product or of the claims
made of it by its manufacturer.
12987
Pre-press/Printed by
Mayfield
Press (Oxford) by
Limited
Pre-press/Printed
Mayfield Press (Oxford) Limited
Network Security
Mobile insecurities
multiply
August 2013