Upgrade to LTE Will Let Phones Talk without Cell Towers, Allowing New Forms of Social Apps and Advertising

Posted on September 30, 2014 by mea

Facebook is exploring how the technology could be used with its mobile app. “LTE Direct would allow us to create user experiences around serendipitous interactions with a local business or a friend nearby,” said Jay Parikh, Facebook’s vice president of infrastructure engineering. “You could find out about events or do impromptu meet-ups.”

via Upgrade to LTE Will Let Phones Talk without Cell Towers, Allowing New Forms of Social Apps and Advertising | MIT Technology Review.

However, carriers will control which devices on their networks can use LTE Direct because it uses the same radio spectrum as conventional cellular links. Wireless carriers might even gain a new stream of revenue by charging companies that want to offer services or apps using the technology, Qualcomm says.

Heatmiser WiFi thermostat vulnerabilities

Posted on September 24, 2014 by mea

Scanning for Heatmiser thermostats on port 8068 really just requires a quick check for port 8068 being open – we can be fairly confident that anything with this port open is one of their devices. We can then make detailed check on port 80.
nmap -p 8068 -Pn -T 5 --open 78.12.1-254.1-254
nmap can easily do this scan. If you want to scan large blocks of addresses though, masscan is much faster.

via » Heatmiser WiFi thermostat vulnerabilities.

You need to forward ports at your local router so if you try and access this thermostat from the Internet and you come in on (per above example) port 8068 that the router knows to forward all that traffic to whatever IP it has associated with that port. This allows users to access things inside their local network from anywhere on the Internet. It also allows anyone on the Internet to access that internal device.

Here is my opinion on this matter. As the world moves towards self driving cars and self driving planes, extremely complicated devices that you would think need human intervention, the world is also moving to take very simple devices, like household appliances and making them so they need human intervention. A thermostat should be set and forget. It should have simple intelligence to figure out what temperature to set a room. If a human must get involved in messing with a thermostat then perhaps something went wrong but it’s not an emergency like this:

Should Airplanes Be Flying Themselves? | Vanity Fair.

A thermostat can certainly wait until you get home to physically figure out the problem and put it back on auto. The Internet of Things can certainly be useful for read only, like buzzing your phone when the dishes or laundry finishes. You can’t load laundry or dishes into these devices via the Internet so how do benefits from controlling them remotely, especially from remote Internet locations, outweigh the risks from allowing bad guys get into your local network.

Finally, here’s a link to a site that does port scanning on the Internet for you. Seems like a useful resource to know.

Plugging this into Shodan we get over 7000 results. That’s quite a lot. (note, you might need to register to use filters like this).

All Circuits Aren’t Busy

Posted on September 22, 2014 by mea

Network neutrality came from the telephone business. With electronic phone switching (analog, not digital) it was possible to give phone company customers who were willing to pay more priority access to trunk lines, avoiding the dreaded “all circuits are busy, please try your call again later.” Alas, some folks almost never got a circuit, so the FCC put a halt to that practice by mandating what it called “network neutrality” – first-come, first-served access to the voice network. When the commercial Internet came along, network neutrality was extended to digital data services, lately over the objection of telcos and big ISPs like Comcast, and the FCC is now about to expand those rules a bit more, which was in this week’s news. But to give network neutrality the proper context, we really should go back to that original analog voice example, because there are more details there worth telling.

via I, Cringely All Circuits Aren’t Busy – I, Cringely.

Why Is It Taking So Long to Secure Internet Routing?

Posted on September 17, 2014 by mea

Why is it taking so long to secure BGP?

The answer to this question lies in the fact that BGP is a global protocol, running across organizational and national borders. As such, it lacks a single centralized authority that can mandate the deployment of a security solution; instead, every organization can autonomously decide which routing security solutions it will deploy in its own network. Thus, the deployment becomes a coordination game among thousands of independently operated networks. This is further complicated by the fact that many security solutions do not work well unless a large number of networks deploy them.

via Why Is It Taking So Long to Secure Internet Routing? – ACM Queue.

Offline attack shows Wi-Fi routers still vulnerable

Posted on August 31, 2014 by mea

The research, originally demonstrated at the PasswordsCon Las Vegas 2014 conference in early August, builds on previous work published by Stefan Viehböck in late 2011. Viehböck found a number of design flaws in Wi-Fi Protected Setup, but most significantly, he found that the PIN needed to complete the setup of a wireless router could be broken into smaller parts and each part attacked separately. By breaking down the key, the number of attempts an attacker would have to try before finding the key shrunk from an untenable 100 million down to a paltry 11,000—a significant flaw for any access-control technology.

via Offline attack shows Wi-Fi routers still vulnerable | Ars Technica.

Create an Army of Raspberry Pi Honeypots on a Budget

Posted on August 2, 2014 by mea

Organizations typically focus on monitoring inbound and outbound network traffic via firewalls, yet ignore internal network traffic due to the complexity involved. In the scenario above, a firewall will not protect or alert us.

By running honeypots on our internal network, we are able to detect anomalous events. We gain awareness and insight into our network when network hosts interact with a Raspberry Pi honeypot sensor. Since there isn’t a good reason to interact with it (since it doesn’t do anything), activity on the Raspberry Pi is usually indicative of something roaming around our network and a possible security breach.

via Create an Army of Raspberry Pi Honeypots on a Budget | ThreatStream.

Multipath TCP Introduces Security Blind Spot

Posted on August 1, 2014 by mea

MPTCP is an extension to the Internet’s primary communication protocol. It allows a TCP session to move over multiple connections and network providers to the same destination. Should one drop, the session seamlessly moves to its second, backup connection, keeping phone calls or Internet sessions alive.

via Black Hat 2014: Multipath TCP Introduces Security Blind Spot | Threatpost | The first stop for security news.

“Technology like MPTCP makes it much harder for surveillance states,” Pearce said. “If I split traffic across my cell provider and an ISP I may not trust, in order for a surveillance state to snoop they have to collaborate with all these parties. It’s a much harder proposition.”

Help Us Build an Open Wireless Router

Posted on July 22, 2014 by mea

EFF is releasing an experimental hacker alpha release of wireless router software specifically designed to support secure, shareable Open Wireless networks.

via Calling All Hackers: Help Us Build an Open Wireless Router | Electronic Frontier Foundation.

Verizon made an enemy tonight

Posted on July 18, 2014 by mea

Watch the video to feel the full pain. What you’ll see is that on Fios it streams at 375 kbps at the fastest. The experience sucks. It takes an eternity to buffer.

Then I connect to a VPN (in this case VyprVPN) and I quickly get up to full speed at 3000 kbps (the max on Netflix), about 10x the speed I was getting connecting directly via Verizon.

via Verizon made an enemy tonight.

From: Verizon’s Accidental Mea Culpa

lvltvzw

Verizon has confirmed that everything between that router in their network and their subscribers is uncongested – in fact has plenty of capacity sitting there waiting to be used. Above, I confirmed exactly the same thing for the Level 3 network. So in fact, we could fix this congestion in about five minutes simply by connecting up more 10Gbps ports on those routers. Simple. Something we’ve been asking Verizon to do for many, many months, and something other providers regularly do in similar circumstances. But Verizon has refused. So Verizon, not Level 3 or Netflix, causes the congestion. Why is that? Maybe they can’t afford a new port card because they’ve run out – even though these cards are very cheap, just a few thousand dollars for each 10 Gbps card which could support 5,000 streams or more. If that’s the case, we’ll buy one for them. Maybe they can’t afford the small piece of cable between our two ports. If that’s the case, we’ll provide it. Heck, we’ll even install it.

World Record as Alcatel-Lucent Push 10Gbps Broadband Down Copper Lines

Posted on July 9, 2014 by mea

Bell Labs achieved 1Gbps symmetrical over just 70 meters on a single copper pair and 10Gbps was achieved over a distance of 30 meters by using two pairs of lines bonding. Both tests used standard copper cable provided by a European operator. The speeds are impressive but the distance is clearly more problematic, which might mean more of a choir for operators as they’d need to bring the accompanying fibre optic cable even closer to your doorstep at this range you could almost call it FTTB.

via World Record as Alcatel-Lucent Push 10Gbps Broadband Down Copper Lines – ISPreview UK.

The question for some operators will be whether or not it’s even worth following the G.fast to XG-FAST path, as opposed to simply putting fibre optic cable in the ground and having less to worry about in the future.

Bucktown Bell

Cut to the chase.

Category Archives: Networking