Archive for January, 2013

Aruba brings Wi-Fi to wall plates

Thursday, January 31st, 2013

The typical Wi-Fi deployment today involves access points deployed in hallways or rooms as standalone boxes. As the move towards pervasive wireless access grows, so too have the demands on wireless infrastructure. That’s where Aruba Networks (NASDAQ:ARUN) is aiming to fill a gap with a new wall mountable access point.

The AP-93H is a 2×2 MIMO 802.11n access point that can be installed on a standard wall mount for wired Ethernet access. The AP-93H has a gigabit uplink port for high-speed connectivity to the wired network for access. The access point is a dual band radio operating in either the 2.4 Ghz or the 5 Ghz ranges. On the software side the device includes the Linux-powered Aruba OS.

Among the target markets for the AP-93H are hotel and dorm room type deployments.

“Over the past few years, the number of mobile devices have really exploded,” Manish Rai, head of Industry Solutions for Aruba, told “I think we have reached a tipping point where it makes sense to increase the capacity and move to an in-room deployment for better coverage.”


Cisco accelerates Wi-Fi with Aironet 3600

Thursday, January 31st, 2013

Cisco (NASDAQ:CSCO) is updating its WLAN portfolio today with a new flagship Aironet access point. The Aironet 3600 is a three spatial stream device with a simultaneous 2.4 and 5 GHz, 4×4 antenna design. The total theoretical speed of the access point comes in at 900 Mbps.

Specified speed alone doesn’t define the true capabilities of any Wi-Fi access point as things such as reach and signal integrity often are more important to end-users in an enterprise deployment.

“The cool thing about the extra fourth antenna is that we have a degree for redundancy that lets us speed up the slower clients,” Sylvia Hooks, senior manager, wireless solutions at Cisco.”We’re able to speed mobile devices that need speeding up and there is no special software or standards required on the client side.”

Hooks explained that the Aironet 3600 has four transmit and receive antennas that allow for more consistent upload speeds. The need for more consistent speeds is important to help consumer-grade devices like tablets that don’t have strong transmit power capabilities.

“So even if the signal is weak from the mobile device, we’re able to compensate,” Hooks said. “On the reverse side, when we get a signal from a mobile client, we’re able to calculate its location and then send back to that exact location using beamforming.”

She added that with the power to get stronger signals out to individual mobile devices, the access point is able to serve even more users, increasing the overall system capacity.  Aironet 3600 users can also roam farther than before.  Users can go up to 130 feet away from the access point without dropping down to a slower speed.  The integrity of the signal is further protected with Cisco’s Clean Air technology that analyses the wireless spectrum for potential interference.  Clean Air was first deployed by Cisco in 2010 on the Aironet 3500 series access points.

With the Aironet 3600, Cisco is also introducing support for the IEEE 802.11r standard which specifies Fast Roaming for wireless clients.

“It’s a standard that defines how clients roam between access points on the same network, fast enough so there aren’t any delays or lost connections,” Hooks said.

Another standard that is likely of interest to enterprise buyers is the emerging 802.11ac standard for gigabit Wi-Fi. Currently 802.11ac chip technology is mostly at the consumer-level, according to Hooks. That said, she didn’t rule out the future possibility that the Aironet 3600 could get an upgrade.

“We haven’t defined additional modules yet to snap into this access point although it does have the ability to snap in a totally new radio,” Hooks said. “At this time, Cisco hasn’t formally announced any plans but the intention of the platform is that it is modular enough to accept new technologies.”


Cisco brings Unified Access to Catalyst switching

Wednesday, January 30th, 2013

Cisco’s $100 million R&D investment results in new silicon that will support unified access and SDN.

For the most part, wired and wireless networks on the enterprise campus have been two separate entities controlled by different technologies.  That’s about to change, thanks to a new suite of Unified Access technologies announced today by Cisco.

At the core of the Cisco announcement is new silicon that will enable the convergence of wired and wireless traffic.  The Cisco Unified Access Data Plane (UADP) is an ASIC that has up to 1.4 billion transistors on it.  Cisco has invested over $100 million in research and development to bring the UADP to market.

“The UADP has high performance and it’s also programmable,” Inbar Lasser-Raab, Senior Director of Enterprise Networking Marketing at Cisco, told Enterprise Networking Planet.  “It also supports the open APIs of the Cisco ONE environment, so you can do some really interesting applications with it.”

Cisco ONE is the Software Defined Networking (SDN) approach that Cisco first announced in June 2012.  With Cisco ONE, the underlying networking hardware can be abstracted via APIs to enable software defined control across a network.

The UADP ASIC is being first deployed on a pair of new hardware appliances.  One of them is the Catalyst 3850 Unified Access Switch, which includes a wireless network controller.

“For the first time, we have single network solution that brings together wired, wireless with high-performance and the same set of features across both types of access,” Lasser-Raab said.  “So it’s not just a single physical infrastructure for wired and wireless, it’s also the same set of network intelligence like QoS, network visibility and control.”

The Catalyst 3850 includes two of the new UADP ASICs to power both wired Cisco 3850 and wireless traffic.  The 3850 can be configured with up to 48 ports and multiple boxes can be stacked to deliver up to 480 Gbps of stacking bandwidth.  The switch also support the PowerOverEthernet Plus (PoE+) 802.3at standard, enabling up to 30w of power transfer per port.

On the wireless controller side, the Catalyst 3850 series can support up to 50 wireless access points and 2000 wireless clients on each switch.

Cisco 5760 Wireless LAN Controller

While the Catalyst is all about combining wired and wireless control in a single box, Cisco figures there are still use cases for a standalone controller as well.  The Cisco 5760 Wireless LAN controller is powered by a trio of UADP ASICS and delivers 60Gbps of capacity.  Lasser-Raab noted that different customers have different needs and that’s why Cisco is debuting a standalone controller.  She noted that the 5760 is the most scalable Cisco wireless controller ever built with support for up to 1,000 access points.

Linux Powered

Both the 5760 and the 3850 are powered by Cisco’s IOS-XE operating system.  IOS-XE in turn is based on the open source Linux operating system, which Cisco has enhanced over the years to support enterprise networking requirements.

“The beauty of that is we’re now using a consistent version of IOS for both wired and wireless access, providing the same capabilities across the solution,” Lasser-Raab said.


U.S. government warns of hack threat to network gear

Tuesday, January 29th, 2013

The Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.

The U.S. government’s Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.

UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel’s McAfee unit, said hackers would have a “field day” once the vulnerability in network devices is exposed.

“Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,” said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.

Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.

The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday. The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm’s researchers have identified with the UPnP standard.

The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.

Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.

“This is the most pervasive bug I’ve ever seen,” said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.

CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc’s Linksys division and Netgear.

Linksys said it is aware of the problem. “We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,” Linksys said in a statement.

Belkin, D-Link and Netgear did not respond to requests for comment.

Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7’s findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.

“This definitely falls into the scary category,” said Wysopal, who reviewed Rapid7’s findings ahead of their publication. “There is going to be a lot more research on this. And the follow-on research could be a lot scarier.”

Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.

“Simple targets such as home routers now become targets of greater interest,” he said.


Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.

He said that was unlikely to happen quickly.

In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.

Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.

Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.

People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and “smart” or Web-connected TVs are often shipped with that functionality turned on by default.

“You can’t stay silent about something like this,” he said. “These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.”

Veracode’s Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.

“If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,” he said.

Rapid7 has released a tool to help identify those devices on its website.

Source:  Reuters

River Thames to bathe in upgraded long-distance WiFi

Tuesday, January 29th, 2013

Not that a view over the Thames ever gets old, but commuters should soon find it a bit easier to check their inboxes while they’re on or next to the water. Californian WiFi specialist Ruckus says that its wireless steering technology — which increases network range by up to 4x by directing signals around obstacles and interference — has just been picked for an upgrade to BT’s Thames WiFi service.

The new “carrier-grade” equipment should be activated within the next couple of months and will stretch out along the full 27 meandering miles of river that are already covered by traditional antennas. With better hotspot access spreading across the Tube network, black cabs and now the water, EE’s central London LTE service will have even more to prove in terms of raw speed.


Java’s new “very high” security mode can’t protect you from malware

Monday, January 28th, 2013

Fix that was supposed to make malware attacks harder can be easily circumvented

Security researchers have uncovered a newly discovered bug in Oracle’s Java framework that allows attackers to bypass important security protections designed to prevent malware attacks.

The security improvements were introduced in Java 7 Update 10, and they came after a spate of in-the-wild attacks exploited fully patched versions of Java. Those allowed crooks to surreptitiously install malware on the computers of unsuspecting people using Java browser plugins. By default, the change required end users to manually allow the execution of Java code not digitally signed by a trusted authority. Users also had the ability to prevent any unsigned Java applet from running at all. Some security experts praised Oracle for adding the feature because it promised to drastically reduce the success of attacks that exploit security bugs in Java.

“Unfortunately, the above is only a theory,” security researcher Adam Gowdiak wrote on Sunday, referring to the way the protections are supposed to block untrusted code from running on end-user computers. “In practice, it is possible to execute an unsigned (and malicious!) Java code without a prompt corresponding to security settings configured in Java Control Panel.”

Oracle representatives didn’t immediately respond to an e-mail seeking comment for this post. In addition to shoring up the quality of the Java code base, many security professionals have called on Oracle to communicate more quickly and effectively when it learns of new vulnerabilities in recent versions of its software.

As a result of the vulnerability, Gowdiak wrote in an e-mail posted to the Bugtraq mail list, “unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings.” He said Security Explorations, the Poland-based security firm he runs, has submitted proof-of-concept attack code to Oracle. It successfully overrides the protections on a fully patched Windows 7 machine that’s configured to run Java 7 Update 11 with the “very high” security setting.


Yes, that PC cleanup app you saw on TV at 3 a.m. is a waste

Monday, January 28th, 2013

Why these apps are awful and what you really need to do about your slow PC

Maybe you’ve seen the ads on the Internet or on TV in the wee hours of the morning. They make lofty promises: get rid of blue screens and error messages! Increase your speed! Clean up your system! But even when these PC cleanup apps aren’t just malware in disguise, the things they’re doing for your PC are often dubious. Many either replicate tasks that can be handled by built-in utilities or do things that could cause more problems than they solve.

To highlight just why you and your loved ones should never let these applications anywhere near your PC, we picked one that we’d recently seen ads for: MyCleanPC. It’s the archetypal Windows cleanup app—and you probably shouldn’t install

Intimidation tactics

These ads for PC cleanup products often follow the same basic formula: appeal to people with slow or buggy PCs, throw in a few shots of an operating system that looks kind of like Windows, tack on some “customer testimonials,” and offer a free diagnosis that will make all the problems go away.

Once they’ve offered an easy solution and encouraged you to download and install the software, their next play is to make it seem like everything is wrong with your PC. Installing the free MyCleanPC scanner and running it using the default settings resulted in 1,020 “issues” on a PC with a week-old, barely-used clean install of Windows 8 running on it.

It turns out the threshold for what constitutes an “issue” is absurdly low. Each and every cookie and cache stored within Google Chrome—files that are completely normal and are in no way inherently problematic—are all counted as individual issues. Every individual fragmented file on your drive? Also an issue. Individual registry errors? Issues. Prepare for liberal use of scary red Xs and big warning labels hoping to further incite user panic.

The program is only too happy to identify all of these “issues” for you, but actually fixing them requires you to cough up $39.99 for a one-year license. These are business practices purpose-built to draw in especially worried or too-trusting users, with the ultimate goal of terrifying them about the run-down state of their PC before extracting money from their wallets.

So what should I do instead?

Many, many PC cleaning programs are designed to make your computer look more broken than it is, and to extract money from users who do not understand that. To many of you, I’m sure that’s a given. Luckily, the things these PC cleanup applications do (or say they do) are things that can be done just as easily with free tools, some of which are actually built into Windows itself.

If your PC is actually tossing up error messages and crashing all the time, the chances are good your needs go further than what some sham of a cleanup app can fix for you. So what’s the right way to handle a slow PC, or one that’s acting strangely?

Malwarebytes Anti-Malware

It goes without saying you should do a full scan of your hard drive with whatever anti-virus product you’re using (I think Microsoft’s solution, which is built-in to Windows 8 and freely downloadable for Windows 7, is fine, but your tastes may differ), but if your computer is already infected it might need a little extra help.

I’ve had excellent luck over the years with Malwarebytes Anti-Malware, a free security scanning product that does a decent job of cleaning infections that more conventional software can’t quite scrub away. Think of it as getting a second opinion about your computer’s health.

Let me Google that for you

Getting blue or black screens of death? Seeing particular error message pop-ups? There’s no shame in turning to a search engine for help. Just a couple of months ago I cleaned a particularly stubborn infection from a family member’s computer after Googling an error message I kept seeing. Neither Malwarebytes nor Microsoft Security Essentials could get rid of the infection entirely, but it was a common enough infection that another anti-virus vendor had issued a handy tool to destroy the malware.

Spring cleaning

If your PC is coming up clean but just seems slow, it might be time to try removing some apps. Installing an applications or plugin that you actually want can also sometimes install applications and plugins that you never asked for, and these superfluous system tray icons and browser toolbars have a way of adding up over time. I hesitate to recommend that you uninstall things indiscriminately just because you don’t know what they are… but you should consider it (and when in doubt, use the previous trick).

You should also run Windows’ built-in Disk Cleanup tool to get rid of old temporary files. Defragmentation can also help if you have a spinning hard drive but since Windows Vista, disk defragmentation is set to happen in the background on a schedule by default so it isn’t really the go-to recommendation it once was.

Check for hardware problems

If you’ve tried all of the above and your PC is still acting strangely, it’s time to start looking beyond software problems—it might be that you’ve got a bad stick of RAM or a failing hard drive that’s causing all of your trouble. Luckily for you, we’ve got a handy guide to help you diagnose most common hardware problems.

The nuclear option: Reinstall Windows

If your hardware is fine, your other PC cleanup efforts have failed, and your computer is still acting strangely, it’s time to resort to scorched-earth tactics. Reinstalling Windows is a gigantic pain, granted, but it’s also the best way to guarantee a clean system, especially if you’ve been afflicted by some kind of rootkit.

We’ve got a pair of guides—one for Windows 7 and one for Windows 8—that will take you all the way through the reinstallation process if you have to do it from scratch. Chances are your PC also came with some kind of recovery media or restore partition that you can use in a pinch.

In either case you’ll still need to take care of your own data, which you’ll want to move to an external drive before wiping your operating system. You’ll also want to be very careful when restoring this backed-up data to your fresh Windows installation—scan everything on the external drive with your anti-virus software of choice and Malwarebytes before moving it back to guard against re-infection.


Cisco Wireless LAN Controllers affected by four critical vulnerabilities

Friday, January 25th, 2013

The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities:

  • Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability
  • Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability
  • Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability
  • Cisco Wireless LAN Controllers SNMP Unauthorized Access Vulnerability

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

Vulnerable Products

For specific version information, refer to the Software Versions and Fixes section of this advisory.
Each of the following products is affected by at least one of the vulnerabilities covered in this security advisory:

  • Cisco 2000 Series WLC
  • Cisco 2100 Series WLC
  • Cisco 2500 Series WLC
  • Cisco 4100 Series WLC
  • Cisco 4400 Series WLC
  • Cisco 5500 Series WLC
  • Cisco 7500 Series WLC
  • Cisco 8500 Series WLC
  • Cisco 500 Series Wireless Express Mobility Controllers
  • Cisco Wireless Services Module (Cisco WiSM)
  • Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
  • Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
  • Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
  • Cisco Catalyst 3750G Integrated WLCs
  • Cisco Flex 7500 Series Cloud Controller
  • Cisco Virtual Wireless Controller
  • Cisco Wireless Controller Software for Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910

Excerpt from:  Cisco

AT&T buys Verizon spectrum for $1.9 billion

Friday, January 25th, 2013 Wireless and AT&T continued to dance the spectrum shuffle today, with the companies inking deals for the transfer of licenses in the 700 MHz and AWS bands.

Verizon agreed to sell 39 lower 700 MHz B block licenses to AT&T for $1.9 billion. In exchange, AT&T will hand over 10 MHz of AWS spectrum to Verizon in western markets like Los Angeles, Phoenix, Fresno, and Portland, Oregon.

Verizon also sold 700 MHz B block licenses to Florida-based private equity firm Grain Management for $189 million in exchange for leased access to Grain’s AWS spectrum in Dallas, Texas – which Grain is buying from AT&T.

The sales are part of Verizon’s April 2012 promise to sell its 700 MHz spectrum if regulators approved its $3.6 billion purchase of spectrum from U.S. cable companies. That deal went through in August, and Verizon is now ridding itself of its 700 MHz licenses.

Back in 2008, Verizon spent $9.4 billion on 109 licenses in the 700-MHz band during an auction run by the Federal Communications Commisison, ending up with spectrum in the A, B, and C blocks. Verizon said last year that it has used spectrum in the upper C block to deploy its 4G LTE network, and plans to use the cable-owned spectrum to continue that rollout. As a result, Verizon is selling the 700-MHz spectrum it purchased in the A and B blocks to the highest bidder.

In the past few months, Verizon has inked 700 MHz spectrum deals with five small and regional telecom carriers, as well as one minority-owned firm. Today’s AT&T deal, however, completes the sale of its lower 700 MHz holdings.

A list of the markets covered by the 39 licenses being sold to AT&T is available on Verizon’s blog. The deal must be approved by the FCC and Department of Justice.

Carriers like Verizon and AT&T are snapping up spectrum left and right in order to deal with the increased bandwidth demands of smartphone- and tablet-hungry consumers. Both carriers are also building out their 4G LTE networks, which boosts speeds but includes even more bandwidth strains, resulting in the need for more spectrum.

Earlier this week, AT&T paid $780 million the U.S. retail wireless operations of Atlantic Tele-Network Inc. (ATNI), which operates under the Alltel brand in several markets. That includes wireless properties, spectrum licenses, network assets, retail stores, and about 585,000 subscribers.

The FCC, meanwhile, is planning to auction off more spectrum – specifically, unused broadcast spectrum. In a blog post, AT&T said today that it is also wants 600 MHz spectrum from the auction. “Freeing up more spectrum is critical to U.S. economic growth and technological leadership,” the company said.


Cisco to buy SON software vendor Intucell for $475M

Friday, January 25th, 2013

Intucell’s self-optimizing network software can decrease the number of dropped calls and lessen congestion, it said

Cisco Systems is planning to acquire Intucell in a bid to make its products more attractive to mobile operators as traffic volume on networks continues to grow.

Cisco said Wednesday it will pay approximately $475 million in cash and retention-based incentives to acquire the entire business and operations of Intucell.

Headquartered in Ra’anana, Israel, Intucell provides advanced self-optimizing network (SON) software, which enables mobile carriers to plan, configure, manage, optimize and repair cellular networks automatically, Cisco said in a statement.

Intucell’s software can detect coverage, overload and other issues in real time and automatically adjust the network to respond, according to the company’s website. For example, when too many users are connected to one base station, the system automatically adjusts coverage by getting assistance from nearby towers, the company said.

For users, that means fewer dropped calls, better network coverage and less congestion, according to Intucell. For operators, it is another tool as they face a growing volume of data, according to Cisco.

In addition to Intucell’s technological prowess, Cisco also highlighted the fact that the company’s software works with hardware from multiple vendors.

When the acquisition closes, Intucell employees will join Cisco’s Service Provider Mobility Group.

The acquisition is expected to close in the third quarter of Cisco’s fiscal year 2013, and is subject to the usual closing conditions, including applicable regulatory approvals.


Hong Kong takes Internet speed title

Friday, January 25th, 2013

It’s likely someone from Hong Kong has just beaten you to this story.

The city was found to have the highest average peak connection speed of just over 54 megabits per second during the third quarter of 2012, according to analysis by Akamai Technologies.

It’s the first time speeds have shot past 50 Mbps and, if the global trend continues, it’s just going to get faster. While there was a slight drop in pace over the quarter, over the year average peak speeds surged 36%.

Top peak connection speeds (Mbps)

1. Hong Kong (54.1)
2. South Korea (48.8)
3. Japan (42.2)
4. Latvia (37.5)
5. Romania (37.4)

In the peak speed stakes, Hong Kong is followed by South Korea (48.8 Mbps), Japan (42.2 Mbps), Latvia (37.5 Mbps) and Romania (37.4 Mbps).

The United States straggled in in 14th place with 29.6 Mbps. The U.S. state with the fastest connection is still Delaware with a swift 10.9 Mbps, although the District of Columbia is catching up.

For the fastest average connection speeds in Europe, head over to Switzerland (8.7 Mbps), which just beats the Netherlands (8.5 Mbps) to second, while the Czech Republic (7.7 Mbps) is in third.

Top average connection speeds (Mbps)

1. South Korea (14.7)
2. Japan (10.5)
3. Hong Kong (9.0)
4. Switzerland (8.7)
5. Latvia (8.7)

The place NOT to be for speedy downloads is China. Despite a 21% jump in connection speed during the quarter, the country’s average peak connection reached just 7.1 Mbps. That makes it the slowest in Asia and gives it a lowly global rank of 123.

For consistency, South Korea was the best place to log on, boasting the highest average connection speed of 14.2 Mbps. Japan came second at 10.7 Mbps and Hong Kong third with a surprisingly sluggish 8.9 Mbps.

The State of the Internet Report also revealed the top sources of Internet attacks, as well as the most common targets.

Top attack traffic (origins)

1. China (33%)
2. United States (13%)
3. Russia (4.7%)
4. Taiwan (4.5%)
5. Turkey (4.3%)

Once again, China was found to be the single largest source of attack traffic — 33% — during the quarter. Attacks from the country doubled during the period, a statistic the report described as “somewhat surprising.”

The United States and Russia came next in the top three. In all, the top 10 countries were responsible for almost three quarters of global attacks.

Akamai releases its report every quarter, based on information gathered from 680 million unique IP addresses connected to its cloud platform.

Source:  CNN

Cisco to sell Linksys home networking business to Belkin

Friday, January 25th, 2013

Belkin will keep the Linksys brand and partner with Cisco for software and service-provider products

Cisco Systems plans to sell its Linksys home networking business to Belkin International for an undisclosed sum under an agreement that includes cooperation between the companies on software, service-provider products and other areas.

Belkin will keep the Linksys brand alive and honor warranties for customers who bought Linksys products, it said in a press release Thursday.

Cisco acquired Linksys in 2003 and has used it to deliver several generations of Wi-Fi routers and other consumer networking equipment into homes. But Cisco is now pulling back from its consumer business as it focuses on becoming one of the top enterprise IT vendors.

Belkin makes consumer and small-business networking gear as well as accessories and peripherals and is based in Playa Vista, in Southern California. That’s not far from Irvine, where Linksys is based. Belkin plans to bring in the Linksys workforce as part of the deal, which is expected to close in March.

The combined company is set to be a powerful force in home networking. After the acquisition closes, Belkin will have about 30 percent of the U.S. market for home and small business networking, it said.

“Belkin’s ultimate goal is to be the global leader in the connected home and wireless networking space and this acquisition is an important step to realizing that vision,” CEO Chet Pipkin said in a statement.

Linksys gear will not be totally cut off from its Cisco origins. The companies plan to build a relationship in retail distribution, marketing, and products for service providers.

“Having access to Cisco’s specialized software solutions across all of Belkin’s product lines will bring a more seamless user experience for customers,” Belkin said.


Carnegie Mellon, MIT researchers create grammar-aware password cracking algorithm

Friday, January 25th, 2013

You’re best off forgetting your grammar lessons when it comes to creating passphrases, according to new research out of Carnegie Mellon University and MIT.

The researchers say that using grammar – good or bad – can clue in hackers about the words in a multi-word password. And they’ve built an algorithm as a proof-of-concept to show it (the team, led by software engineering Ph.D. student Ashwini Rao of CMU’s Institute for Software Research, will present its research at the Association for Computing Machinery’s Conference on Data and Application Security and Privacy on Feb. 20 in San Antonio.).

The team tested its grammar-aware password cracking algorithm against 1,434 passwords containing 16 or more characters, and cracked 10% of the dataset via the algorithm.

“We should not blindly rely on the number of words or characters in a password as a measure of its security,” Rao said, in a statement.

The researchers say that while a password based on a phrase or short sentence can be easier for a user to remember, it also makes it simpler to crack because grammatical rules narrow word choices and structures (in other words, a passphrase with pronoun-verb-adjective-noun would be easier to crack than one made up of noun-verb-adjective).

The researchers found that “Hammered asinine requirements,” for instance, is harder to crack than even the longer and seemingly clever “Th3r3 can only b3 #1!”

Passwords in general have come under increasing fire by security pros, as some of the highest profile breaches (LinkedIn, Nvidia) have been the result of password compromises or resulted in passwords (including encrypted ones) being made public.

Google’s security team is looking into ways to avoid passwords altogether for logging into websites.


Secret backdoors found in firewall, VPN gear from Barracuda Networks

Thursday, January 24th, 2013

The undocumented accounts may have been around for a decade.

A variety of firewall, VPN, and spam filtering gear sold by Barracuda Networks contains undocumented backdoor accounts that allow people to remotely log in and access sensitive information, researchers with an Austrian security firm have warned.

The SSH, or secure shell, backdoor is hardcoded into “multiple Barracuda Networks products” and can be used to gain shell access to vulnerable appliances, according to an advisory published Thursday by SEC Consult Vulnerability Lab.

“This functionality is entirely undocumented and can only be disabled via a hidden ‘expert options’ dialog,” the advisory states. The boxes are configured to listen for SSH connections to the backdoor accounts and will accept the username “product” with no Update: a “very weak” password to log in and gain access to the device’s MySQL database. While the backdoors can be accessed by only a small range of IP addresses, many of them belong to entities other than Barracuda.

“The public ranges include servers run by Barracuda Networks Inc. but also servers from other, unaffiliated entities—all of whom can access SSH on all affected Barracuda Networks appliances exposed to the Internet,” the advisory explained.

Barracuda issued several of its own security advisories on Wednesday here. “Our research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log in to a non-privileged account on the appliance from a small set of IP addresses,” one advisory with a risk rating of “medium” stated. “The vulnerabilities are the result of the default firewall configuration and default user accounts on the unit.”

A timestamp and version relevant for the code that enables the backdoor bears a date from 2003, suggesting it may have existed in the Barracuda appliances for a decade. Advisories from SEC Consult and Barracuda also reference a serious authentication bypass bug. In an age of sophisticated advanced persistent threats, administrations who oversee any of this gear should update as soon as possible.


Google testing new wireless network, asks FCC to keep details secret

Thursday, January 24th, 2013

Experimental network at Mountain View given “confidential” status.

Google is building a wireless network at its headquarters in Mountain View, California, using spectrum owned by Clearwire that’s suitable for LTE cellular deployments. The project is described in an application to the Federal Communications Commission, but many of the details are secret. In a letter accompanying the application, Google “respectfully requests confidential treatment.”

“Google has not made the information subject to this request available to the public or to any third parties, does not routinely disclose such commercially sensitive information to the public or to third parties, and has established procedures to protect such information internally,” the company wrote.

So what’s going on? What details we know are in Google’s application for an experimental license and a two-paragraph description accompanying it. “Google plans to test up to 50 base stations and 200 user devices,” wireless engineer Steven Crowley wrote yesterday in a blog post summarizing the application. “Base stations will be indoors and outdoors, with the range of each 100-200 meters, and 500-1000 meters, respectively. Both directional and non-directional antennas will be used. The experiment is to take place within a two-mile radius, so this is a quite dense network, which could have very high capacity for carrying data.”

Google requests use of frequencies 2524-2546 and 2567-2625 MHz, which are used by Clearwire for mobile broadband. “The only reason to use these frequencies is if you have business designs on some mobile service,” Crowley told the Wall Street Journal. Google has not revealed the output power of the devices used in the test, though, deeming the information “not applicable” in the application form. That “doesn’t make sense,” Crowley wrote. “The power is a fundamental quantity that should be disclosed so others may independently assess the potential for interference from the experiment to their services. FCC staff should ask Google to supply this information.”

The types of base stations and end-user devices used in the tests are also confidential.

Google, of course, has become an Internet provider with Google Fiber in Kansas City. There have also been rumors that Google is talking to Dish Network about offering cellular service. And just days ago, Dish offered to buy Clearwire, whose spectrum Google is using in this test.

Google’s previous requests for experimental licenses have used unlicensed frequencies such as those in the 2.4 and 5 GHz bands used by Wi-Fi. “This appears to be Google’s first experimental radio application using mobile broadband bands,” Crowley wrote.


The best 802.11ac routers featured at CES

Sunday, January 13th, 2013

If you’re in the market for a new [consumer grade] router, consider holding out for these new models.

At last year’s CES, 802.11ac was hardly prevalent on the show floor. Though other companies were still showing off their 802.11n capable routers, only Texas-based Buffalo had a prototype router set up at its booth for attendees to see. This year, the tables seemed to have turned, as the show floor was rampant with 802.11ac products, including varying routers from competing companies.

Interestingly enough, all of the routers featured here claim to be able to dial in a hearty 1300Mbps on their 5GHz band. Whether this is true or not remains to be seen—we haven’t used any of them just yet—but one thing is for sure: if you’re buying a new router this year, you may want to consider making the switch to 802.11ac after all. Fortunately, there were plenty of choices on display at CES, so here are a few of the models worth looking out for later this year. AirStation AC1750 Gigabit Dual Band Wireless Router – WZR-1750DHP

The AirStation AC1750 Gigabit Dual Band Wireless Router (or, more simply, model WZR-1750DHP) will cost $179 and feature speeds up to 1300Mbps on the 5GHz band and 450Mbps on the 2.4GHz band. It also contains a dual-core chip for Buffalo’s Beamforming technology, which provides faster Wi-Fi speeds and longer ranges. Additionally, it will ship with four gigabit Ethernet ports, as well as USB 3.0 and USB 2.0 ports for NAS-like functionality and printer sharing. It’s expected to ship late this year. D6200 Wi-Fi DSL Modem Router

Netgear announced a slew of products at its official CES 2013 press conference, one of which was the 802.11ac-compatible, dual-band gigabit D6200 Wi-Fi router. The router features built-in ADSL2+ model and Gigabit WAN with support for fiber-optic connections. It also comes with a proprietary featured dubbed Netgear ReadySHARE cloud that allows users to remotely access hard drives, printers, and flash drives that are tethered to the monitor. It will be available in April. Smart Wi-Fi Router AC1750 HD Video Pro, EA6700

The Smart Wi-Fi Router AC1750 HD Video Pro, EA 6700 is one of the beefier router models the company showed off at CES. The dual-band EA 6700 supports up to 10 or more connected devices and can support streaming HD video, as well as Wi-Fi speeds of up to 1300Mbps on the 5GHz band and up to 450Mbps on the 2.4GHz band. As an added bonus, it also syncs up with Linksys’s iOS and Android apps and features SmartMap, which offers a virtual representation of every device connected within the network. No word yet on its availability.

D-link AC1750 Dual-Band Gigabit Cloud Router, DIR-868L

D-link debuted a couple of new 802.11ac routers on the show floor, one of which is the DIR-868L: a dual-band gigabit, cloud-capable router with the ability to control its settings via a mobile app or the Web. The cylindrical shaped router is a nice change of pace from the standard “skinny box” model and features a Broadcom-based processor inside to facilitate StreamBoost, which helps designate the appropriate amount of bandwidth for all of the devices connected to the router. The router should be available later this year.


Fastest Wi-Fi ever is almost ready for real-world use

Sunday, January 13th, 2013

In a quiet suite removed from the insanity of the Consumer Electronics Show expo floor, a company aiming to build the fastest Wi-Fi chips in the world demonstrated its vision of wireless technology’s future.

On one desk, a laptop powered a two-monitor setup without any wires. At another, a tablet playing an accelerometer-based racing game mirrors its screen in high definition to another monitor. Across the room, a computer quickly transfers a 3GB file from a wireless router with built-in storage.

The suite was set up in the Las Vegas Hotel by Wilocity, a chip company specializing in wireless products using 60GHz transmissions, which are far faster than traditional Wi-Fi. Avoiding the show floor is a good idea if you’re worried about Internet connectivity, because thousands of vendors are clogging the pipes. But that’s not why Wilocity was here—they’d be able to perform the demo even in the busiest parts of CES without interference because they’re not relying on the congested bands used by regular Wi-Fi.

“I don’t think we’d have an issue with air congestion,” said director of product marketing Teresa Liou. “We’re just here because it’s quieter and less hectic than being on the show floor.”

Faster than a speeding bullet, too weak to pass through walls

Traditional Wi-Fi using the 2.4GHz and 5GHz bands is crossing the gigabit per second mark with the 802.11ac standard. Wilocity is one of the main proponents of the even faster WiGig (or “wireless gigabit”), which can theoretically hit speeds of up to 7Gbps, with the downside of using frequencies that are easily blocked by walls. Even thin cubicle walls may block signals, Wilocity acknowledged. (See: 7Gbps wireless transfers and streaming, no router required.)

It’s possible the next wireless router you buy will use the 60GHz frequency as well as the lower ones typically used in Wi-Fi, allowing for incredibly fast performance when you’re within the same room as the router and normal performance when you’re in a different room.

Wilocity’s current chips hit a maximum throughput of 4.6Gbps, putting wireless speeds roughly on par with USB 3.0. Tri-band routers, wireless storage devices, and docking stations that facilitate wireless connections between mobile devices and monitors were all showcased in the Wilocity suite. These were just prototype devices, since shipping products have mostly not yet hit the market.

A Dell Latitude 6430u Ultrabook is thus far the only product using a Wilocity chip that you can buy. But WiGig isn’t really a selling point for this laptop today, because there’s no way to take advantage of it until there are companion products like docking stations or routers. Liou said Dell is planning a bundle to pair the Ultrabook with another WiGig-enabled product, but otherwise Wilocity couldn’t say when further products will hit the market.

WiGig builds on top of the just-completed 802.11ad wireless standard. Wilocity’s first-generation chip with 802.11ad can be used in computers and docking stations that connect devices to monitors, keyboards, and mice, but the chip can’t be used in wireless routers. A second-generation chip with router support was announced by Wilocity and Qualcomm at CES this week. The chip combines 802.11ad with 802.11ac, the successor to 11n. That way, when WiGig products have to fall back to 2.4GHz or 5GHz transmissions, they’ll at least be getting the best speeds that regular Wi-Fi offers. The chip will be sampled to vendors within a few months, and Wilocity is working with Marvell on tri-band chips as well, Liou noted.

Since no tablets with a WiGig chip are commercially available, Wilocity installed one of its chips into a Samsung Windows 8 tablet for purposes of the demo. The routers, wireless storage devices, and docking stations shown off by Wilocity were also prototypes made in conjunction with original design manufacturers like AzureWave.

Wilocity wanted to dispel any notion that WiGig requires users to keep devices stationary because of the limitations in 60GHz frequencies. To do that, they demonstrated streaming video from a laptop to a monitor while spinning the laptop around in circles. WiGig compensates for the movement with beamforming technology, which helps direct wireless signals.

“It finds the best path every time. It reflects off the walls,” Wilocity hardware engineer Vineeth Alva said.

Excerpt from:

Hack turns the Cisco phone on your desk into a remote bugging device

Friday, January 11th, 2013

Internet phones sold by Cisco Systems are vulnerable to stealthy hacks that turn them into remote bugging devices that eavesdrop on private calls and nearby conversations.

The networking giant warned of the vulnerability on Wednesday, almost two weeks after a security expert demonstrated how people with physical access to the phones could cause them to execute malicious code. Cisco plans to release a stop-gap software patch later this month for the weakness, which affects several models in the CiscoUnified IP Phone 7900 series. The vulnerability can also be exploited remotely over corporate networks, although Cisco has issued workarounds to make those hacks more difficult.

“Cisco recognizes that while a number of network, device, and configuration based mitigations exist, there is no way to mitigate the physical attack vector on the affected devices,” the company’s advisory stated. “To this end, Cisco will conduct a phased remediation approach and will be releasing an intermediate Engineering Special software release for affected devices to mitigate known attack vectors for the vulnerability documented in this advisory.”

The vulnerability is the latest reminder of privacy threat posed by today’s phones, computers, smartphones, and other network-connected devices. Because the devices run on software that is susceptible to hacking, they can often surreptitiously be turned into listening—and sometimes spying—vehicles that capture our business secrets or most intimate moments.

The vulnerability in Cisco phones was discovered by Ang Cui and Salvatore Solfo, a doctoral candidate and a computer science professor, respectively, in Columbia University’s engineering department. In a talk titled “Just because you are paranoid doesn’t mean your phone isn’t listening to everything you say” and presented at the 29th Chaos Communication Congress, Cui demonstrated a device that connects to the local serial port of a Cisco phone. Once attached, it injects attack code that gives the attacker control over the devices.

Among other things, the hack allows attackers to monitor phone calls and to turn on the phone’s microphone in order to eavesdrop on conversations within earshot and stream them over the network.

Cui demonstrated the vulnerability earlier in December. Cisco issued a patch around the same time, but in his later demonstration, Cui said it was ineffective. Cisco responded with Wednesday’s advisory, pledging to rewrite the underlying firmware to “fully mitigate the underlying root cause” of the vulnerability. The advisory said that would happen in the next few months but wasn’t more specific.

Cui’s hack works by overwriting portions of the user or kernel space in the phone’s memory. That allows him to gain root access to the phone’s Unix-like firmware system and take control of the digital signal processor and other key functions.

While the hack requires physical access to the phone, it would still be possible for janitors, colleagues, or other trusted insiders to carry out the attack. Once done, a phone exhibits few indications that it has been compromised. It’s not uncommon for security-conscious people to place masking tape over the video camera of their computers to prevent drive-by attacks that turn them on. Thwarting attacks that turn phones into bugging devices will be harder, since the phones can’t be unplugged during calls. Welcome to the world of network-connected devices.


Oracle to release 86 security patches, including 18 for MySQL

Friday, January 11th, 2013

The company posted a preview of its latest quarterly patch batch, which is scheduled for Tuesday

Two of the MySQL vulnerabilities can be exploited by an attacker remotely without the need for a user name and password, according to a pre-release announcement posted on Oracle’s website. At least one has a “base score” of 9.0 on the CVSS (Common Vulnerability Scoring System), which runs from 1 to 10, with 10 being the most dangerous.

The patch batch, which is scheduled for Tuesday, also includes one fix for Oracle’s flagship database, including versions 10g R2, 11g R1 and 11gR2. While the vulnerability in question also has a CVSS base score of 9.0, it can’t be exploited remotely without credentials, according to the announcement.

But another five patches will be shipped for Oracle Database Mobile/Lite Server, and all of them are remotely exploitable without requiring authentication, Oracle said. This grouping’s highest CVSS base score is 10.0, according to Oracle.

Various components of Oracle Fusion Middleware, including WebLogic Server and Access Manager, will receive seven patches.

Some 13 patches concern Oracle Enterprise Manager Grid Control. All are exploitable remotely without credentials.

The remaining fixes set to ship Tuesday cover Oracle applications such as E-Business Suite and JD Edwards, as well as the Sun Storage Common Array Manager and Oracle’s virtualization technology.

Oracle’s last patch release, which came in October, fixed 109 problems.


Critical Java zero-day bug is being “massively exploited in the wild”

Friday, January 11th, 2013

Your fully patched installation of Java isn’t safe

A previously unknown and currently unpatched security hole in the latest version of the Java software framework is under attack online, according to security researchers and bloggers.

Attack code that exploits vulnerability in Java’s browser plugin has been added to the Blackhole, Cool, Nuclear Pack, and Redkit exploit kits, according to the Malware Don’t Need Coffee blog, prompting its author to say that the bug is being “massively exploited in the wild.” Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors. KrebsOnSecurity reporter Brian Krebs said the curators of both Blackhole and Nuclear Pack have taken to the underweb to boast of the addition to their wares. It’s not yet clear how many websites have been outfitted with the exploits.

According to researchers at Alienvault Labs, the exploits work against fully patched installations of Java. Attack files are highly obfuscated and are most likely succeeding by bypassing security checks built in to the program. KrebsOnSecurity said the malware authors say the exploits work against all versions of Java 7.

Update: Analysis from antivirus provider Kaspersky Lab indicates the exploits are already deployed on a variety of websites.

“There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem,” Kaspersky Lab expert Kurt Baumgartner wrote. “We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites.”

People who don’t use Java much should once again consider unplugging Java from their browser, while those who don’t use it at all may want to uninstall it altogether. The release notes for Java 7 Update 10—the most recent version—say users can disable the program from the browser by accessing the Java Control Panel. KrebsOnSecurity has instructions here for other ways to do this.