How new ‘white space’ rules could lead to an urban super-Wi-Fi

The UHF spectrum, which ranges from 400 to 700 MHz, is superior to the higher-frequency signals used for existing Wi-Fi hotspots, the researchers said, as these signals carry for miles and are not blocked by walls or trees.

Source: How new ‘white space’ rules could lead to an urban super-Wi-Fi | Computerworld

It should be noted that carriers such as AT&T and related associations such as the National Association of Broadcasters objected to the FCC rules in the run up to the commission’s August meeting, citing concerns that new unlicensed uses in the 600 MHz band would create interference.

I wonder what AT&T’s true motivation for their objection.

IoT Hubs Expose Connected Homes to Hackers

Many of the most serious flaws revealed a kind of sloppiness in the design and production of the devices, Brandon Creighton, Veracode’s research architect, told The Security Ledger. For example: both the Ubi and Wink Relay devices left debugging interfaces exposed and unsecured in their shipped product.  That could provide an avenue for attackers who had access to the same network as the device to steal information or bypass other security controls.

Exposed debugging interfaces are useful during product testing, but have little or no utility to consumers. That suggests that the companies merely forgot to restrict access to them before shipping, Creighton said.

via Research: IoT Hubs Expose Connected Homes to Hackers | The Security Ledger.

Gogo Inflight Internet is intentionally issuing fake SSL certificates

In this case, performing a man-in-the-middle attack would require the attacker to attack the SSL certificate first before being able to snoop on someone’s traffic.

For whatever reason, however, Gogo Inflight Internet seems to believe that they are justified in performing a man-in-the-middle attack on their users. Adrienne Porter Felt, an engineer that is a part of the Google Chrome security team, discovered while on a flight that she was being served SSL certificates from Gogo when she was requesting Google sites. Looking at the issuer of the certificate, rather than being issued by Google, it was being issued by Gogo.

via Gogo Inflight Internet is intentionally issuing fake SSL certificates – Neowin.

Issuing fake SSL certificates is clearly a deceptive practice that should be illegal for providers of wifi.  This article shows a good reminder that an attacker must get your permission from your system to grant the fake certificate and pop up windows explaining this on most systems are very clear.  Never click yes when this window pops up unless on a secure network with prior knowledge as to the purpose for the certificate issuance.

Past reports on Gogo from this blog here and here.

Apparently Gogo’s Terms of Service may claim hijacking SSL connections is an acceptable form of “filtering.”   Beware of any open wifi system that does this.  It’s bad enough with third party script kiddies hijacking your sessions let alone the provider of your network.

Acknowledgement of Filtering and Restriction of Access to Pornography or Other Offensive or Objectionable Material. You specifically acknowledge and agree that Gogo may, as a necessary incident of providing the Service, or as required or permitted by law, by law enforcement authorities or by the host airline, or as hereby expressly contemplated by this Agreement, use any advanced blocking technologies and other technical, administrative or logical means available to it, to identify, inspect, remove, block, filter, or restrict any uses, materials or information (including but not limited to emails) that we consider to be actual or potential violations of the restrictions on use set forth in this Agreement, including, but not limited to, those activities that may subject Gogo or its customers to liability or danger, or material that may be obscene, lewd, lascivious, filthy, excessively violent, pornographic, harassing, or otherwise objectionable.

One wi-fi hotspot for every 150 people, says study

Over the next four years, global hotspot numbers will grow to more than 340 million, the equivalent of one wi-fi hotspot for every 20 people on earth, the research finds.

via BBC News – One wi-fi hotspot for every 150 people, says study.

“At the moment you have to have a separate log-in for every hotspot and ultimately the winning providers are those that will offer the easier access experience,” she said.

Gowex, the Spanish wi-fi firm, admits to false accounts for four years

The Madrid-based company supplies free wi-fi services in major cities across the world – including Madrid, London, Shanghai and Buenos Aires.

via BBC News – Gowex, the Spanish wi-fi firm, admits to false accounts for four years.

This company recently came to Chicago.

From: Free Wi-Fi service Gowex arrives in Chicago on June 3, 2014.

Gowex, a Madrid-based telecommunications company, launched a local network this week with 450 Wi-Fi hot spots, covering neighborhoods from the Loop to Lakeview with its ad-supported service.

BeWifi lets you steal your neighbor’s bandwidth when they’re not using it

The way Telefonica has made this happen in a practical way is to build its own routers that can be installed in houses within a neighborhood. So far these have had to be installed by engineers, but the next generation are plug-and-play, and eventually all that will be needed is an over-the-air software update to customers’ existing routers. According to Rodriguez, the software “creates a mesh to aggregate the capabilities [of the routers].” Pooling all of the bandwidth from these routers allows anyone within the network to take advantage of it at home, and they can also connect to any BeWifi network they come across on their mobile devices when out and about.

via BeWifi lets you steal your neighbor’s bandwidth when they’re not using it | Ars Technica.

The title is a bit dramatic using the term “stealing” as if something as ephemeral as unused bandwidth, which disappears never to be used by anyone ever as time passes, is an asset that could be considered “stolen” if taken or used by someone else.  The victim of this kind of “theft” does not wake in the morning and see something missing unless they’re subscribed to some kind of data cap.  Most home installations do not have caps.

Telefonica is currently looking towards developing economies and its huge customer base of over 200 million households in 14 countries in South America as the places in which BeWifi could have a real impact.