The optimal policies for each application are then packaged into periodic firmware updates sent back to routers. People who sign up for the cloud service and contribute data will get the updated policies in automatic updates. Even those who want nothing to do with the cloud service can get the benefits by updating their router whenever they’d like.
via A wireless router that tracks user activity—but for a good reason | Ars Technica.
What could possibly go wrong with this plan? 🙂
Instabridge’s free Android app lets you automatically share Wi-Fi networks with your Facebook friends. Available in a handful of European countries, the app works by taking advantage of the Facebook Connect authentication tool, which lets users to log on to websites with Facebook credentials.
To share a Wi-Fi network through Instabridge for the first time, you must type in your network’s password, which is encrypted and stored on Instabridge’s servers.
You can’t measure the capacity of the Internet from the last mile connection. Just because you have that 100-megabit or even one-gigabit connection from your house to some local data center doesn’t mean you are even going to get a five-megabit stream if you are getting service from a data center halfway across the country.
via How Akamai’s New CEO, Tom Leighton, Hopes to Speed up Mobile Computing | MIT Technology Review.
Much of the Internet’s end-to-end security relies on the SSL protocol, along with its underlying X.509 certificate infrastructure. However, the system remains quite brittle due to its liberal delegation of signing authority: a single compromised certification authority undermines trust globally. The ICSI Notary helps clients to identify malicious certificates by providing a third-party perspective on what they should expect to receive from a server. While similar in spirit to existing efforts, such as Convergence and the EFF’s SSL observatory, our notary collects certificates passively from live upstream traffic at multiple independent Internet sites, aggregating them into a central database in near-realtime.
FreedomPop is now also entering the home market, with a free home broadband product called FreedomPop Hub Burst that uses Clearwire WiMax, the company is announcing today. FreedomPop is now accepting orders and expects to ship its home modem next month. The service is faster than DSL but slower than cable. Stokols says the service will disrupt incumbents like Time Warner Cable, AT&T, Verizon and Comcast. Users get free service of 1 gigabyte per month but they can “earn” unlimited free access by adding friends to their network or participating in partner promotional offers. That amount of data is fine for 70% of users, says Stokols, the former CEO of digital video company Woo Media and vice president at British Telecom.
via FreedomPop Preps Open Wi-Fi, Launches Free Home Internet Challenging ISPs – Forbes.
Network administrators who do not appreciate this sort of hole in their firewall and are worried about abuse, are left with only one option – they have to block outgoing UDP traffic, or limit it to essential individual cases. UDP is not required for normal internet communication anyway – the web, e-mail and suchlike all use TCP. Streaming protocols may, however, encounter problems, as they often use UDP because of the reduced overhead.
via How Skype & Co. get round firewalls – The H Security: News and Features.
Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It’s likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7.
“One countermeasure that companies or ISPs could eventually enforce in their firewall is to drop all packets that originate from known TOR nodes, in order to minimize the amount of potentially malicious traffic they receive,” Botezatu said. “Of course, they might also end up blacklisting a number of legit Tor users looking for anonymity.”
The new proposal specifies that “member states have the right to manage all naming, numbering, addressing and identification resources used for international telecommunications/ICT services within their territories.” This seems to be a challenge to the authority of ICANN and IANA, the quasi-private organizations that currently oversee the allocation of domain names and IP addresses.
via Authoritarian regimes push for larger ITU role in DNS system | Ars Technica.
According to Mandiant 83% of all backdoors used by APT attackers are outgoing sessions to TCP port 80 or 443. The reason for why APT, as well as other attackers, are using these two ports is primarily because most organizations allow outgoing connections on TCP 80 as well as 443. Many organizations try to counter this by using web-proxies, which can inspect the HTTP traffic and block any malicious behavior. But TCP 443 cannot be inspected in this way since SSL relies on end-to-end encryption.
via How to detect reverse_https backdoors – NETRESEC Blog.
Well, something that many people aren’t aware of is that the initial part of an SSL session isn’t encrypted. In fact, there are some pieces of relevant information being transmitted in clear text, especially the X.509 certificate that is sent from the SSL server.
It’s all run by a controller that’s centralized but also includes a federated piece distributed to each switch. The setup is similar to the way OpenFlow gets deployed, but the inner workings are very different (and no, OpenFlow itself isn’t supported yet). Plexxi uses algorithms and a global view of the network to decide how to configure the network.
In other words, rather than programming route tables, the controller looks at the needs of the workloads and calculates how the network ought to be getting used. Some of this can even happen automatically.