Archive for the ‘Apple’ Category

« Older Entries

Server hack prompts call for cPanel customers to take “immediate action”

Monday, February 25th, 2013

Change root and account passwords and rotate SSH keys, company advises.

The providers of the cPanel website management application are warning some users to immediately change their systems’ root or administrative passwords after discovering one of its servers has been hacked.

In an e-mail sent to customers who have filed a cPanel support request in the past six months, members of the company’s security team said they recently discovered the compromise of a server used to process support requests.

“While we do not know if your machine is affected, you should change your root level password if you are not already using SSH keys,” they wrote, according to a copy of the e-mail posted to a community forum. “If you are using an unprivileged account with ‘sudo’ or ‘su’ for root logins, we recommend you change the account password. Even if you are using SSH keys we still recommend rotating keys on a regular basis.”

The e-mail advised customers to take “immediate action on their own servers,” although team members still don’t know the exact nature of the compromise. Company representatives didn’t respond to an e-mail from Ars asking if they could rule out the possibility that customer names, e-mail addresses, or other personal data were exposed. It’s also unclear whether the company followed wide-standing recommendations to cryptographically protect passwords. So-called one-way hashes convert plain-text passwords into long unique strings that can only be reversed using time-consuming cracking techniques. This post will be updated if cPanel representatives respond later.

The cPanel compromise is the latest in a long string of high-profile hacks to be disclosed over the past few weeks. Other companies that have warned users they were hacked include The New York Times, The Wall Street Journal, security firm Bit9 Twitter, Facebook, Apple, and Microsoft. On Tuesday, a computer firm issued an unusually detailed report linking China’s military to hacks against US companies, although at least some of the most recent attacks are believed to have originated in Eastern Europe.

It’s unclear how many cPanel users are affected by the most recently disclosed compromise. The hack has the potential to be serious because the passwords at risk could give unfettered control to a large number of customers’ Unix-based computers.

Source:  arstechnica.com

Tags: ,
Posted in Apple, Microsoft, Server, Web | No Comments »

Microsoft suggests fix for iOS 6.1/Exchange problem: Block iPhone users

Thursday, February 14th, 2013

iOS 6.1 hammering Exchange, dragging down server performance.

iOS 6.1 devices are hammering Exchange servers with excessive traffic, causing performance slowdowns that led Microsoft to suggest a drastic fix for the most severe cases: throttle traffic from iOS 6.1 users or block them completely.

“When a user syncs a mailbox by using an iOS 6.1-based device, Microsoft Exchange Server 2010 Client Access server (CAS) and Mailbox (MBX) server resources are consumed, log growth becomes excessive, memory and CPU use may increase significantly, and server performance is affected,” Microsoft wrote on Tuesday in a support document.

The problem also affects Exchange Online in Microsoft’s Office 365 cloud service. Office 365 customers may get an error message on iOS 6.1 devices stating “Cannot Get Mail: The connection to the server failed.” The Microsoft support article says both Apple and Microsoft are investigating the problem.

Microsoft suggests several fixes, starting out gently, then escalating to the complete blockage of iOS 6.1 devices. Based on the fixes suggested, the problems may be caused when iOS devices connect to Exchange calendars.

The first workaround is “do not process Calendar items such as meeting requests on iOS 6.1 devices. Also, immediately restart the iOS 6.1 device.”

If that doesn’t work, users are instructed to remove their Exchange accounts from their phones or tablets while the Exchange Server administrator runs a “remove device” command on the server side. After 30 minutes, users can add the Exchange accounts back onto their devices but should be advised “not to process Calendar items on the device.”

If that doesn’t work, the fixes get more serious. The next method is for the server administrator to create a custom throttling policy limiting the number of transactions iOS 6.1 users can make with the server. “The throttling policy will reduce the effect of the issue on server resources,” Microsoft notes. “However, users who receive the error should immediately restart their devices and stop additional processing of Calendar items.”

One Exchange administrator who created a throttling policy through PowerShell to solve the problem provides a guide here, but Microsoft also has a page providing instructions.

Finally, the last method Microsoft recommends is to block iOS 6.1 users. “You can block iOS 6.1 users by using the Exchange Server 2010 Allow/Block/Quarantine feature,” Microsoft notes. (See this post for more detailed instructions.)

Businesses of all sizes limiting or blocking iOS devices

We don’t know exactly how widespread this problem is. It’s clearly not affecting everyone, but the impact seems to run the gamut from small businesses to large.

“We’re using Exchange 2010 in a small software firm with about a dozen iOS users (each with multiple iOS devices),” Shourya Ray, chief administrative officer of Spin Systems in Virginia, told Ars via e-mail. “Last week our Exchange server froze (internal mail was being routed, but external mail stopped flowing).”

It turned out that the 300GB VMware virtual machine hosting the Exchange server was full. “You can imagine our surprise when that VM filled up overnight,” Ray said. “If we were running Exchange in a typical hardware-based server with a 1TB drive, it would have taken us a week to realize the problem.”

How did it happen, and how did the company get things working “normally” again? “The transaction log had 200,000 records and was the indication of a problem,” Ray said. “Our temporary solution has been to ask iOS users to switch to manual pull rather than ActiveSync push. For heavy e-mail users, we are recommending an automatic pull every 30 minutes. So far, that seems to have kept Exchange happy with no other issues since last week. Let’s hope that Apple and Microsoft put their heads to together and fix this soon.”

We heard from several other people on Twitter that they have been bit by the iOS 6.1/Exchange problem. One said, “My 22,000+ employee enterprise has blocked iOS 6.1, execs all have iOS.”

A support thread on Microsoft’s Exchange Server site was opened January 31 to discuss the excessive logging caused by iOS 6.1. The server administrator who began the thread identified an iPad that “caused over 50GB worth of logs” on a single database.

The thread got more than a dozen replies. One Exchange administrator explained that “malformed meetings on a device cause the device to get into a sync loop which causes excessive transaction log growth on the Exchange mailbox servers.” This in turn “will cause Exchange performance issues and potentially transaction log drives to run out of disk space which would then bring down Exchange.”

To solve the problem, this admin simply “disabled all iOS 6.1 on our Exchange system.”

iOS 6.1 was released on January 28. iOS 6.1.1 came out a couple of days ago, but for now it can only be installed on the iPhone 4S and is designed to fix cellular performance and reliability. Apple didn’t mention anything about Exchange fixes when releasing this latest version. Last year, iOS 6.0.1 fixed an Exchange problem that could lead to entire meetings being canceled when even a single iOS user declined a meeting invitation.

The iOS 6.1 problem isn’t the first time iOS has caused Exchange servers to perform poorly. An Apple support article from 2010 describes sync problems in iOS 4 and says, “Exchange Server administrators may notice their servers running slowly.” At the time, Microsoft noted iOS 4 led to “Exchange administrators… seeing heavier than normal loads on their servers from users with iOS devices.” Microsoft got in touch with Apple to fix that problem.

We’ve asked both Apple and Microsoft how many users are impacted by the latest problem, and when a more permanent fix is coming. We also asked Apple if it agrees with the workarounds suggested by Microsoft. Microsoft told us it has nothing else to say, as the “support article contains the latest.” Apple has not responded to our request for comment as of yet.

UPDATE: Apple posted a support document of its own today, describing the problem thusly:

When you respond to an exception to a recurring calendar event with a Microsoft Exchange account on a device running iOS 6.1, the device may begin to generate excessive communication with Microsoft Exchange Server. You may notice increased network activity or reduced battery life on the iOS device. This extra network activity will be shown in the logs on Exchange Server and it may lead to the server blocking the iOS device. This can occur with iOS 6.1 and Microsoft Exchange 2010 SP1 or later, or Microsoft Exchange Online (Office365).

Apple’s suggested fix is to turn the Exchange calendar off and back on again within the iPhone’s settings. An operating system update to fix the problem is on the way. “Apple has identified a fix and will make it available in an upcoming software update,” Apple said.

Source:  arstechnica.com

Tags: , ,
Posted in Apple, Cellular, E-Mail, Exchange 2010, Microsoft, Mobile, OS, Server, Wireless | No Comments »

Mobile’s dawning signal crisis

Wednesday, February 13th, 2013

Telecommunications tower (Copyright: SPL)

In April 1973, Marty Cooper made a phone call that put him straight into the history books. As he strolled down Lexington Avenue, New York, the Motorola executive (CK) whipped out an enormous prototype handset that he had built and placed the first public, mobile phone call.

The brief chat – and the photograph that immortalised the moment – marks the start of the mobile phone era. But Cooper’s legacy extends far beyond just that first conversation.

Along with a host of inventions, the engineer also formulated – and lent his name to – a mathematical law that captures the inexorable progress of our communications. Cooper’s Law, as it is known, shows how our use of the ether has grown since Guglielmo Marconi first transmitted radio waves 2.4 kilometres across the streets of Bologna – eight decades ahead of Cooper’s own historic transmission.

It has been estimated that the technology available when Marconi made his first transatlantic transmission, radio techniques were able to support just 50 simultaneous conversations worldwide. Since then radio capacity has grown by a factor of a trillion – doubling every two-and-a-half years. That’s Cooper’s law.

As well as describing progress, the law also become the mobile industry’s ruthless master: providing an aggressive roadmap for the rise of mobile culture.

The industry met this challenge thanks to advances in technology.

But now the game has changed. Although few in the industry acknowledge it publically, Coopers Law, which has stood for more than a century, is broken. And it is all down to the phone in your pocket.

Bin there, sent that

To understand the scale of the problem, you only need to look at the numbers.

For example, the mobile giant Ericsson has been tracking the growth in mobile traffic for years. But 2009 was a landmark year, according to the firm’s Patrik Cerwall: “That year saw more data traffic than voice traffic over the mobile networks”. And the data traffic has been doubling every year since – far outracing Cooper’s law.

The big accelerator was the smartphone, which suddenly made the data-carrying capacity of 3G networks attractive. “People didn’t really understand the benefit of 3G until the app concept changed everything,” Cerwall elaborates.

Data-hungry video is also driving demand. Networking firm Cisco has just reported video downloads last year crossed the 50% threshold, accounting for half of all data transferred over the mobile networks.

At the moment, there are around 1.1 billion smart phones across the world; by 2018 (the horizon for the Ericsson forecasts) that will treble to 3.3 billion. If you think that in 2012, smartphones represented only 18% of total global handsets, but represented 92% of total global traffic, you begin to see the problem.

And the growth will continue relentlessly, according to the Cisco analysis. In 2012, for example, global mobile data traffic grew 70% from 2011, to 885 petabytes per month – that is 885 million gigabytes of data. And in the next five years, it is expected to increase 13-fold, eventually reaching 11.2 exabytes (11, 200 million gigabytes) per month by 2017, according to Cisco.

These dramatic hikes will in part be driven by more people switching to smartphones, particularly in emerging markets, as well as new features on phones and in apps.

The impact of simple changes in an app was dramatically demonstrated in November 2012 when Facebook released new version of its mobile app for Android and Apple phones. Prior to the release, according to networking firm Alactel, the social network already accounted for 10% of the signalling and 15% of the airtime load on 2G/3G networks, respectively. But, as users around the world updated and started to use this new version, the firm noticed a dramatic increase of almost 60% in the signalling load and 25% in the airtime consumed by new features in the app.

However, data hikes will not just be driven by consumers. Firms also predict a rise in so-called machine-to-machine (M2M) communication, that will connect the mobile networks to an array of inanimate objects – from bins that will signal when they are full to electricity meters that will constantly call in to the utility company.

By the end of this year, Cisco predicts that the number of mobile-connected devices will exceed the number of people on earth, and by 2017 there will be more than 10 billion.

No wonder the chairman of the US Federal Communications Commission recently declared: “The clock is ticking on our mobile future.

Running out

The illusion is that the airwaves, like the atmosphere they pass through, are effectively limitless. We can’t see them, they can travel in any direction and link any two points – why should they be limited? Yet, in practice they are as hemmed in as a motorway through a city.

Radio spectrum is a limited resource, strictly farmed out by national and international regulation. At the moment it is all spoken for by the military, mariners, aviation, broadcasters and many more – all the way up to the very extreme of useful frequencies at 300 gigahertz.

No-one can get more bandwidth without someone else losing out. The 4G spectrum auction that recently began in the UK, for example, is the equivalent of adding a new six-lane motorway to the existing wireless infrastructure (itself already running at 10-lanes), built on virtual land vacated by old-fashion TV broadcasts.

It helps, but will only keep the expansion going for a certain time. Which is why mobile operators, and their rivals, are gearing up for major spectrum negotiations at the International Telecommunications Union in 2015. The so-called WRC-2015 conference aims to carve up the available spectrum amongst different competing uses. But an overriding priority is identifying and allocating additional frequencies to mobile services.

Already, the stakeholders are preparing their positions. Ericsson’s Afif Osseiran, project coordinator for the European consortium Metis, says the ITU conference “will be a crucial moment for laying out the spectrum needs for the 2020s.”

But industry will not just rely on these delicate negotiations to secure its future. Much of the advance in the past 20 years has not been about how many of these wireless “lanes” we have, but how efficiently we use them.

Like a newly built motorway that’s used by just a few cars, the first generation of phones were incredibly wasteful of the spectrum they used. Capacity was wasted in the same way as the gaps between vehicles represented lost transport opportunities.

In going from 1G to 2G, there was a 1,000-fold increase in capacity, mostly not because of the new radio lanes added in, but because more traffic was squeezed onto those lanes.

And in going from 2G to 3G, capacity rose another factor of 1,000: digital techniques managed to squeeze out yet more of the empty space.

But with the latest generation of tricks being rolled out in 4G (actually described as 3G Long Term Evolution by developers), the industry is running out of ways to improve the efficiency further.

These limits that determine how much information can be transmitted were established in the 1940s by the American engineer Claude Shannon. Although his employers, the Bell Labs of AT&T telephone, were interested primarily about the limitations of telephone wires, Shannon’s equations can be used equally for radio transmissions.

And mobile experts generally accept that the limits to data flow revealed by Shannon’s formulae are close to being reached.

Data crunch

So how will the mobile industry meet this challenge and keep satisfy out appetite for data?

The industry is clearly optimistic. It already confidently speaks of 5G – a further generation of technology that will roll out as current ideas have run their course. What exactly they mean by 5G is poorly defined, but a host of tricks are being discussed that it’s hoped will keep past trends going well into the next decade.

Which is just as well, as the lure of being immersed in a seamless flow of data will only become more compelling, says Rich Howard, formerly head of wireless research at Bell Labs and now with Winlab at Rutgers University.

“Mature technology is invisible – and that’s the direction we’re heading,” he says.

Howard looks forward to a day when phones begin to make intelligent decisions by themselves.

“What you want is a digital assistant that, while you’re having a call with somebody, will be busy looking at options for actions relevant to that call and have them available,” he says. So, if you are talking about a train journey, the phone could begin to check your calendar, ticket prices and connections. By the time you hang up, it would be able to present you with a list of available options. “Everytime you start to say something, you turn around and it’s already done, the way you want it done.”

It is a vision that is a world away from Cooper’s first call forty years ago and one that is only going to add the coming data crunch.

How the industry plans to keep up and deliver this future will be explored in the next article in this series.

Source:  BBC

Tags: , , , ,
Posted in Android, Apple, Apps, Cellular, Cisco, Mobile, Network, Web, Wireless | No Comments »

DoS vulnerability affects older iPhones, Droids, even a Ford car

Friday, October 26th, 2012

Publicly available code allows hackers to disable Wi-Fi in a range of products.

The iPhone 4 and a slew of older devices from Apple, Samsung, HTC, and other manufacturers are vulnerable to attacks that can make it impossible to send or receive data over Wi-Fi networks, a security researcher said.

http://cdn.arstechnica.net/wp-content/uploads/2012/10/broadcom-poc_exploit-640x475.jpgProof-of-concept code published online makes it trivial for a moderately skilled hacker to disable older iPhones, HTC Droid Incredible 2s, Motorola Droid X2s, and at least two-dozen other devices, including Edge model cars manufactured by Ford. The Denial-of-Service vulnerability stems from an input-validation error in the firmware of two wireless chips sold by Broadcom: the BCM4325 and the BCM4329. The US Computer Emergency Readiness Team has also issued an advisory warning of the vulnerability.

“The only requirement to exploit the vulnerability is to have a wireless card that supports [the] raw inject of 802.11 frames,” Andrés Blanco one of the researchers from Core Security who discovered the vulnerability, told Ars. “The Backtrack Linux distribution has almost everything you need to execute the POC provided in the advisory.”

The Core Security advisory said that Broadcom has released a firmware update that patches the “out-of-bounds read error condition” in the chips’ firmware. Device manufacturers are making it available to end users on a case-by-case basis since many of the affected products are older and already out of service.

Blanco said the exploit makes it impossible for an affected device to send or receive data over Wi-Fi for as long as the DoS attack lasts. Once the malicious packets subside, the device will work normally. Other device functions are unaffected by the Wi-Fi service interruption. He said it’s possible the bug could be exploited to do more serious things.

“We are not sure that we could retrieve private user data but we are going to look into this,” he said.

Source:  arstechnica.com

Tags:
Posted in Apple, Google, Linux, Network, Security, Wireless | No Comments »

Confirmed: Apple-owned fingerprint software exposes Windows passwords

Tuesday, October 9th, 2012

Security consultants have independently confirmed a serious security weakness that makes it trivial for hackers with physical control of many computers sold by Dell, Acer, and at least 14 other manufacturers to quickly recover Windows account passwords.

The vulnerability is contained in multiple versions of fingerprint-reading software known as UPEK Protector Suite. In July, Apple paid $356 million to buy Authentec, the Melbourne, Florida-based company that acquired the technology from privately held UPEK in 2010. The weakness came to light no later than September, but Apple has yet to acknowledge it or warn end users how to work around it. No one has accused Apple of being responsible for the underlying design of fingerprint-reading software.

The UPEK software has long been marketed as a secure means for logging into Windows computers using an owner’s unique fingerprint, instead of a user-memorized password. Last month, Elcomsoft, a Russia-based developer of password-cracking software, warned that the software makes users less secure than they otherwise would be because it stores Windows account passwords to the registry and encrypts them with a key that is easy for hackers to retrieve. It takes only seconds for people with the key to extract a password, company officials said. They withheld technical details to prevent the vulnerability from being widely exploited.

Now, a pair of security consultants say they have independently verified the vulnerability and released open-source software that makes it easy to exploit it. Easily decrypted passwords are stored in one of several registry keys located in HKEY_LOCAL_MACHINE\Software\Virtual Token\Passport\, depending on the application version. The duo said they released the software and additional information so that penetration testers, who are paid to penetrate the defenses of their customers, can exploit the weakness.

“From a penetration testing perspective, local administrator access is required to obtain the necessary registry key’s value, so it only matters if you already have control of the PC,” Brandon Wilson, one of the security consultants, told Ars. “But since so many of these devices are used in corporate environments, it makes it easy to obtain domain credentials, and from there, easily expand an attack to other systems.”

When Protector Suite isn’t activated, Windows doesn’t store account passwords in the registry unless users have specifically configured an account to automatically log in. Security experts have long counseled people not to use automatic log in. Disabling Windows login functionality from within Protector Suite will not remove the password from the registry key, the penetration testers confirmed. If the “passport” for that user is deleted from within the application, the password is also deleted. When uninstalling the application, an option is presented to the user to also delete the passport data. If left, the password remains, and if removed, the password is deleted, Wilson said.

According to Wilson, every version of the software labeled “UPEK Protector Suite” that he and fellow penetration tester Adam Caudill have analyzed has tested positive for the vulnerability. In addition to Dell and Acer, other PC makers that preinstall the software include Amoi, Asus, Clevo, Compal, Dell, Gateway, IBM/Lenovo, Itronix, MPC, MSI, NEC, Sager, Samsung, Sony, and Toshiba. UPEK Protector Suite is also rebranded by Lenovo as ThinkVantage Fingerprint Software, Wilson said.

Given the claims made in the UPEK software that it’s a safe alternative to account logins, it’s surprising there has been no recall or an advisory warning of the vulnerability. Representatives from Apple and Authentec didn’t respond to an e-mail seeking comment for this brief.

Source:  arstechnica.com

Tags: ,
Posted in Apple, Security, Windows | No Comments »

Spoofing a Microsoft Exchange server: a new how-to

Friday, July 27th, 2012

The smartphone-based attack wreaks havoc on Android and iOS smartphones.

http://cdn.arstechnica.net/wp-content/uploads/2012/07/exchange_server_spoofing.pngIf you use an Android or iOS device to connect to a Microsoft Exchange server over WiFi, security researcher Peter Hannay may be able to compromise your account and wreak havoc on your handset.

At the Black Hat security conference in Las Vegas, the researcher at Edith Cowan University’s Security Research Institute in Australia described an attack he said works against many Exchange servers operated by smaller businesses.  Android and iOS devices that connect to servers secured with a self-signed secure sockets layer certificate will connect to servers even when those certificates have been falsified.

“The primary weakness is in the way that the client devices handle encryption and do certificate handling, so it’s a weakness in SSL handling routines of the client devices,” Hannay told Ars ahead of his presentation on Thursday.  “These clients should be saying that the SSL certificate really doesn’t match, none of the details are correct.  I won’t connect to it.”

Hannay has developed an attack that uses a WiFi network to implement a rogue server with a self-signed certificate, rather than one issued by a trusted certificate authority. Vulnerable devices on the same network that try to connect to their regular Exchange server won’t reach that intended destination. Instead, it will initiate communications with Hannay’s imposter machine.

The use of an SSL certificate to protect an Exchange server is designed to preclude precisely this kind of man-in-the-middle attack. Devices are supposed to connect only if the certificate bears a valid cryptographic key certifying the service is valid. But that’s not what always happens, the researcher said.

Android devices that connect to an Exchange server with a self-signed certificate will connect to any server at its designated address, even when its SSL credential has been spoofed or contains invalid data. iOS devices fared only slightly better in Hannay’s tests: They issued a warning, but allowed users to connect anyway.  Microsoft Windows Phone handsets, by contrast, issued an error and refused to allow the end user to connect.

Once a phone connects to a rogue server used in Hannay’s experiments, a script he wrote issues a command to remotely wipe its contents and to restore all factory settings.  He said it’s also possible to retrieve the login credentials users need to sign in to their accounts. Hannay said a malicious hacker could then use that information to login to the legitimate account.

“It’s really simple and that’s what’s disturbing to me,” Hannay said.  The whole attack is just 40 lines of python and most of that is just connection handling.”

As stated earlier, the attack works only against phones that have connected to an Exchange server secured by a self-signed SSL certificate.  Hannay said most organizations with fewer than 50 people use such credentials, rather than paying to have a certificate signed by a recognized certificate authority.

Google and Apple didn’t respond to an e-mail seeking comment for this article.  A Microsoft representative said members of the company’s Exchange team are looking in to the report.

Source:  arstechnica.com

Tags: , ,
Posted in Apple, E-Mail, Electronics, Google, Hardware, Microsoft, Mobile, Network, Security, Server, Wireless | No Comments »

Spam-happy iOS trojan slips into App Store, gets pulled in rapid fashion

Friday, July 6th, 2012

Spamhappy iOS trojan slips into App Store, gets pulled in rapid fashionYou could call it technological baptism of sorts… just not the kind Apple would want.  A Russian scam app known as Find and Call managed to hit the App Store and create havoc for those who dared a download, making it the first non-experimental malware to hit iOS without first needing a jailbreak.

As Kaspersky found out, it wasn’t just scamware, but a trojan: the title would swipe the contacts after asking permission, send them to a remote server behind the scenes and text spam the daylights out of any phone number in that list.

Thankfully, Apple has already yanked the app quickly and explained to The Loop that the app was pulled for violating App Store policies.  We’d still like to know just why the app got there in the first place, but we’d also caution against delighting in any schadenfreude if you’re of the Android persuasion. The app snuck through to Google Play as well, and Kaspersky is keen to remind us that Android trojans are “nothing new;” the real solution to malware is to watch out for fishy-looking apps, no matter what platform you’re using.

Source:  engadget.com

Tags: , ,
Posted in Anti-Virus, Apple, Apps, Google, Mobile, Privacy, Security | No Comments »

U.N. could tax U.S.-based Web sites, leaked docs show

Friday, June 8th, 2012

Global Internet tax suggested by European network operators, who want Apple, Google, and other Web companies to pay to deliver content, is proposed for debate at a U.N. agency in December.

http://asset3.cbsistatic.com/cnwk.1d/i/tim/2012/06/07/unbw.jpg

The United Nations is considering a new Internet tax targeting the largest Web content providers, including Google, Facebook, Apple, and Netflix, that could cripple their ability to reach users in developing nations.

The European proposal, offered for debate at a December meeting of a U.N. agency called the International Telecommunication Union, would amend an existing telecommunications treaty by imposing heavy costs on popular Web sites and their network providers for the privilege of serving non-U.S. users, according to newly leaked documents.

The documents (No. 1 No. 2) punctuate warnings that the Obama administration and Republican members of Congress raised last week about how secret negotiations at the ITU over an international communications treaty could result in a radical re-engineering of the Internet ecosystem and allow governments to monitor or restrict their citizens’ online activities.

“It’s extremely worrisome,” Sally Shipman Wentworth, senior manager for public policy at the Internet Society, says about the proposed Internet taxes. “It could create an enormous amount of legal uncertainty and commercial uncertainty.”

The leaked proposal was drafted by the European Telecommunications Network Operators Association, or ETNO, a Brussels-based lobby group representing companies in 35 nations that wants the ITU to mandate these fees.

While this is the first time this proposal been advanced, European network providers and phone companies have been bitterly complaining about U.S. content-providing companies for some time. France Telecom, Telecom Italia, and Vodafone Group, want to “require content providers like Apple and Google to pay fees linked to usage,” Bloomberg reported last December.

ETNO refers to it as the “principle of sending party network pays” — an idea borrowed from the system set up to handle payments for international phone calls, where the recipient’s network set the per minute price. If its proposal is adopted, it would spell an end to the Internet’s long-standing, successful design based on unmetered “peered” traffic, and effectively tax content providers to reach non-U.S. Internet users.

The sender-pays framework would likely prompt U.S.-based Internet services to reject connections from users in developing countries, who would become unaffordably expensive to communicate with, predicts Robert Pepper, Cisco’s vice president for global technology policy.

Developing countries “could effectively be cut off from the Internet,” says Pepper, a former policy chief at the U.S. Federal Communications Commission. The ETNO plan, he says, “could have a host of very negative unintended consequences.”

It’s not clear how much the taxes levied by the ETNO’s plan would total per year, but observers expect them to be in the billions of dollars. Government data show that in 1996, U.S. phone companies paid their overseas counterparts a total of $5.4 billion just for international long distance calls.

If the new taxes were levied, larger U.S. companies might be able to reduce the amount of money they pay by moving data closer to overseas customers, something that Netflix, for instance, already does through Akamai and other content delivery networks. But smaller U.S. companies unable to afford servers in other nations would still have to pay.

The leaked documents were posted by the Web site WCITLeaks, which was created by two policy analysts at the free-market Mercatus Center at George Mason University in Arlington, Va, who stress their Wikileaks-esque project is being done in their spare time. The name, WCITLeaks, is a reference to the ITU’s December summit in Dubai, the World Conference on International Telecommunications, or WCIT.

Eli Dourado, a research fellow who founded WCITLeaks along with Jerry Brito, told CNET this afternoon that the documents show that Internet taxes represent “an attractive revenue stream for many governments, but it probably is not in the interest of their people, since it would increase global isolation.”

Dourado hopes to continue posting internal ITU documents, and is asking for more submissions. “We hope that shedding some light on them will help people understand what’s at stake,” he says.

One vote per country

ETNO’s proposal arrives against the backdrop of negotiations now beginning in earnest to rewrite the International Telecommunications Regulations (PDF), a multilateral treaty that governs international communications traffic. The ITRs, which dates back to the days of the telegraph, were last revised in 1988, long before the rise of the commercial Internet and the on-going migration of voice, video and data traffic to the Internet’s packet-switched network.

The U.S. delegation to the Dubai summit, which will be headed by Terry Kramer, currently an entrepreneur-in-residence at the Harvard Business School, is certain to fight proposals for new Internet taxes and others that could curb free speech or privacy online.

But the ITU has 193 member countries, and all have one vote each.

If proposals harmful to global Internet users eventually appear in a revision to the ITRs, it’s possible that the U.S. would refuse to ratify the new treaty. But that would create additional problems: U.S. network operators and their customers would still be held to new rules when dealing with foreign partners and governments. The unintended result could be a Balkanization of the Internet.

In response to the recent criticism from from Washington, ITU Secretary-General Hamadoun Toure convened a meeting yesterday with ITU staff to deny charges that the WCIT summit in Dubai “is all about ITU, or the United Nations, trying to take over the Internet.” (The ITU also has been criticized, as CNET recently reported, for using the appearance of the Flame malware to argue it should have more cybersecurity authority over the Internet.)

“The real issue on the table here is not at all about who ‘runs’ the Internet — and there are in fact no proposals on the table concerning this,” Toure said, according to a copy of his remarks posted by the ITU. “The issue instead is on how best to cooperate to ensure the free flow of information, the continued development of broadband, continued investment, and continuing innovation.”

Robert McDowell, a Republican member of the Federal Communications Commission who wrote an article (PDF) in the Wall Street Journal in February titled “The U.N. Threat to Internet Freedom,” appeared to reference the ETNO’s proposal for Internet taxes during last week’s congressional hearing.

Proposals that foreign governments have pitched to him personally would “use international mandates to charge certain Web destinations on a ‘per-click’ basis to fund the build-out of broadband infrastructure across the globe,” McDowell said. “Google, Tunes, Facebook, and Netflix are mentioned most often as prime sources of funding.”

They could also allow “governments to monitor and restrict content or impose economic costs upon international data flows,” added Ambassador Philip Verveer, a deputy assistant secretary of state.

ITU spokesman Paul Conneally told CNET this week that:

There are proposals that could change the charging system, but nothing about pay-per-click as such. There isn’t anything we can comment about this interpretation because, as stated before, member states are free to interpret proposals as they like, so if McDowell chooses to interpret as pay-per-click, that is his right and similarly it is he who should provide pointers for you.

From the beginning, the Internet’s architecture has been based on traffic exchange between backbone providers for mutual benefit, without metering and per-byte “settlement” charges for incoming and outgoing traffic. ETNO’s proposal would require network operators and others to instead negotiate agreements “where appropriate” aimed at achieving “a sustainable system of fair compensation for telecommunications services” based on “the principle of sending party network pays.”

“Not all those countries like open, transparent process”

This isn’t the first time that a U.N. agency will consider the idea of Internet taxes.

In 1999, a report from the United Nations Development Program proposed Internet e-mail taxes to help developing nations, suggesting that an appropriate amount would be the equivalent of one penny on every 100 e-mails that an individual might send. But the agency backed away from the idea a few days later.

And in 2010, the U.N.’s World Health Organization contemplated, but did not agree on, a “bit tax” on Internet traffic.

Under the ITU system for international long distance, government-owned telecommunications companies used to make billions from incoming calls, effectively taxing the citizens of countries that placed the calls. That meant that immigrants to developed nations paid princely sums to call their relatives back home, as high as $1 a minute.

But technological advances have eroded the ability of the receiving countries to collect the fees, and the historic shift to voice over Internet Protocol services such as Skype has all but erased the transfer payments. Some countries see the WCIT process as a long-shot opportunity to reclaim those riches.

The ITU’s process has been controversial because so much of it is conducted in secret. That’s drawn unflattering comparisons with the Anti-Counterfeiting Trade Agreement, or ACTA, an international intellectual property agreement that has generated protests from Internet users across the world. (The Obama administration approved ACTA in 2011, before anyone outside the negotiations had a chance to review it.)

By comparison, the Internet Society, with 55,000 members and 90 worldwide chapters, hosts the engineering task forces responsible for the development and enhancement of Internet protocols, which operate through virtual public meetings and mailing lists.

“Not all those countries like open, transparent process,” says Cisco’s Pepper, referring to the ITU’s participants. “This is a problem.”

Source:  CNET

Tags: ,
Posted in Apple, Google, Web | No Comments »

U.N. takeover of the Internet must be stopped, U.S. warns

Friday, June 1st, 2012

A U.N. summit later this year in Dubai could lead to a new international regime of censorship, taxes, and surveillance, warn Democrats, Republicans, the Internet Society, and father of the Internet Vint Cerf.

Democratic and Republican government officials warned this morning that a United Nations summit in December will lead to a virtual takeover of the Internet if proposals from China, Russia, Iran, and Saudi Arabia are adopted.

It was a rare point of bipartisan agreement during an election year: a proposal that Russian Prime Minister Vladimir Putin described last year as handing the U.N. “international control of the Internet” must be stopped.

“These are terrible ideas,” Rep. Fred Upton, a Michigan Republican, said during a U.S. House of Representatives hearing. They could allow “governments to monitor and restrict content or impose economic costs upon international data flows,” added Ambassador Philip Verveer, a deputy assistant secretary of state.

Robert McDowell, a member of the Federal Communications Commission, elaborated by saying proposals foreign governments have pitched to him personally would “use international mandates to charge certain Web destinations on a ‘per-click’ basis to fund the build-out of broadband infrastructure across the globe.”

“Google, iTunes, Facebook, and Netflix are mentioned most often as prime sources of funding,” McDowell said. Added Rep. Anna Eshoo, a California Democrat whose district includes Facebook’s headquarters, many countries “don’t share our view of the Internet and how it operates.”

What prompted today’s hearing — and a related congressional resolution (PDF) supporting a free and open Internet — is a Dubai summit that will be convened by the 193 members of the U.N.’s International Telecommunications Union, which was chartered in 1865 to oversee international telegraph regulations.

Called the World Conference on International Telecommunications, or WCIT, the summit will review a set of telecommunications regulations established in 1988, when home computers used dial-up modems, the Internet was primarily a university network, and Facebook CEO Mark Zuckerberg was a mere 4 years old.

That review has created an opening for countries with a weak appreciation of free speech and civil liberties — with Russia and China in the lead — to propose the U.N. establish an new “information security” regime or create an alternative to ICANN, the nonprofit organization that has acted as the Internet’s de facto governance body since the late 1990s.

Unless the U.S. and its allies can block these proposals, they “just might break the Internet by subjecting it to an international regulatory regime designed for old-fashioned telephone service,” Rep. Greg Walden, an Oregon Republican said. (U.S. allies include Japan, Canada, Mexico, and many European countries.)

This is hardly the first time that the U.N. or its agencies wanted to expand their influence over the Internet. At a 2004 summit at the U.N.’s headquarters in New York, U.N. Secretary General Kofi Annan criticized the current system through which Internet standards are set and domain names are handled, and delegates from Cuba, Ghana, Bolivia and Venezula objected to what they said was too much control of the process by the U.S. government and its allies.

Two years later, at another U.N. summit in Athens, ITU Secretary General Yoshio Utsumi criticized the current ICANN-dominated process, stressing that poorer nations are dissatisfied and are hoping to erode U.S. influence. “No matter what technical experts argue is the best system, no matter what self-serving justifications are made that this is the only possible way to do things, there are no systems or technologies that can eternally claim they are the best,” Utsumi said.

In 2008, CNET was the first to report that the ITU was quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous. A leaked document showed the trace-back mechanism was designed to be used by a government that “tries to identify the source of the negative articles” published by an anonymous author.

December’s meeting has alarmed even the Internet’s technologists. The Internet Society, which is the umbrella organization for the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB), sent a representative to today’s hearing.

ISOC’s Sally Wentworth, senior manager of public policy for the group, warned that the proposals to be considered are not “compatible” with the current open manner in which the Internet is managed.

Vint Cerf, Google’s chief Internet evangelist, co-creator of the TCP/IP protocol, and former chairman of ICANN, said the ITU meeting could lead to “top-down control dictated by governments” that could impact free expression, security, and other important issues..

“The open Internet has never been at a higher risk than it is now,” Cerf said.

Source:  CNET

Tags: ,
Posted in Apple, Google, Security, Web | No Comments »

Official version of Office for iPad, Android now rumored for November

Thursday, May 24th, 2012

The mobile version will reportedly look similar to a version leaked in February.

A new rumor suggests iPad and Android tablet users will be able to use a native, tablet-optimized version of Microsoft Office this fall. According to a source speaking to BGR, Microsoft will have a version of Office for both platforms ready in November.

A purported iPad version of Office was allegedly leaked in February, though Microsoft denied that what was published was “an actual Microsoft product.” Despite this, the company wouldn’t say whether it was in fact working on a version of Office for Apple’s popular tablet or not.

BGR’s source claimed to have seen Office running on an iPad, and confirmed that it looked “almost identical” to the previously leaked version. Additionally, Microsoft will reportedly release the software for Android-based tablets in the same November timeframe.

Microsoft would neither confirm nor deny the information in BGR’s report. “We have nothing to share at this time as we do not comment on rumors or speculation,” a Microsoft spokesperson told Ars.

With the increasing uptake of tablets at home, work, and school, there has been a growing demand to use Microsoft’s popular word processing, spreadsheet, and presentation applications on mobile devices. There are a number of apps that offer varying compatibility with existing Office documents, and a few solutions have popped up which allow running Office on virtualized Windows environments running on remote servers. Such solutions do work, but aren’t optimized for tablet interfaces.

Source:  arstechnica.com

Tags: ,
Posted in Apple, Apps, Google, Microsoft, Mobile, Office 2010, Software | No Comments »

« Older Entries