Nokia plays more games

Now this is interesting. Not that the N-Gage is news at this point (we're fast entering the copycat point, with other manufacturers grinding out their own mobile gaming prototypes), but the fact that Nokia aims to act as its games publisher shows that it wants a large piece of that "$8 billion a year by 2007" mobile gaming pie.

It seems reasonable, for a change. Mobile phones, with over-the-air software installation and application locking to the device's IMEI, look like a cheap, popular and (at least for now) piracy-free platform for games publishers. Not to mention the fact that the distribution model cuts out a lot of middlemen...

But it still won't play Quake. :)

Palm gets 802.1X support

The Register points out that Meetinghouse is preparing to release a Palm version of its 802.1X client (currently available as beta). However, I was struck by the fact that the article specifically mentions Cisco LEAP support as a welcome feature.

Duh. LEAP is broken - not so obviously (or publicly known) like WEP, but nevertheless so. Besides not being a true 802.1X approach, it has known flaws - one of which (not widely publicised) is that it sends out plaintext usernames. That is a side-effect of the fact that (contrary to what the article says) LEAP does not perform full bidirectional authentication. That's what EAP-TLS and EAP-TTLS are for (PEAP does it too, but I'm not too keen on it).

I wish more people would read (and write) stuff like this nice compact overview of wireless security or this EAP variants comparison.

T610 in Hand