Skip to content

Cisco Warns Service Providers to Get Moving on IPv6

Cisco has announced that Free, a part of the French Iliad Group,  has deployed the Cisco Carrier-Grade IPv6 Solution using Internet Protocol version 6 rapid deployment technology for more than four million Free residential broadband customers. The Iliad Group (Euronext Paris: ILD) provides telecommunications and Internet access via Free and Alice (4,225,000 ADSL subscribers as of 31 December 2008), Onetel and Iliad Télécom (fixed telephony providers) and IFW (Wiresless Local Loop)  in France.  This is reportedly the first win for the Cisco 6rd technology.

In 2009 the networking goliath announced the Cisco Carrier-Grade IPv6 Solution using Internet Protocol version 6 rapid deployment technology. At that time  LightReading described it as, “significant enhancements to its [Cisco's] Internet Protocol Next-Generation Network (IP NGN) architecture that are designed to secure the foundation of the Internet, which must accommodate the exponential increase of connected devices for highly secure, efficient video delivery and collaboration.” According to LightReading

“new Cisco Carrier-Grade IP Version 6 (IPv6) solution, Cisco helps enable service providers to effectively deal with the bottleneck created by the imminent depletion of IPv4 addresses. This new solution complements Cisco’s IPv6 portfolio, the widest and most extensive in the market. Now spanning from the core of the network to the home, Cisco’s IPv6 capabilities have been expanded and added to a wide range of the company’s routers and switches. Cisco is introducing new carrier-grade IPv6 capabilities to the Cisco CRS-1 Carrier Routing System for the network core and to the Cisco Aggregation Services Routers for the network edge. These new additions provide a cost-effective and efficient means to bridge to a full IPv6 next-generation network while extending the life of existing IPv4 addresses to smoothly manage that migration.

In an interview after the Free announcement Mike Capuano, director of service provider marketing, says upgrading the broadband infrastructure and replacing modems and mobile phones that aren’t IPv6 capable is a major looming challenge. He is quoted in LightReading, “Ideally this would have all been taken care of five years ago,” Capuano says. “But every major service provider is working on it.”

The LightReading article says that volume is a major issue in the consumer world, where there may be millions of end points that need to be replaced, along with infrastructure that has to be upgraded to manage the coming transition. “The CPE [customer premises equipment] in the home is definitely a big issue in terms of the clock and how long this will take… but it’s not limited to those end points, it’s the whole infrastructure,” Capuano says.

In Cisco’s world, the transition to an all-IPv6 world is a three-stage process dubbed; Preserve, Prepare, and Prosper and will take a decade-plus. The Preserve phase is well underway because  IPv4 addresses could be used up as early as May 2011 . Capuano says, “we need to preserve the IPv4 address space we have and use it well while we work with service providers to migrate to a hybrid v4/v6 network, which we call the Prepare phase, before we get to an all-v6 network, which we call the Prosper phase.”

There are many ways of preserving IPv4 addresses. Two common ones are IPv6 rapid deployment technology, also known as 6rd, and Large Scale NAT (network address translation), also called LSN. 6rd allows a CPE  device such as a modem/router or a mobile phone “to have a v6 address facing inside the home and v4 facing outside to the Internet.” This approach uses IPv6-over-IPv4 tunneling to take the IPv6 packets over an IPv4 infrastructure, terminating on a Cisco ASR 1000 aggregation router, which can then send the IPv6 packet into a data center that has mainly V6 content.  The LSN approach pulls network address translation, now done at the edge, into the network. NAT enables one public IPv4 address to be used to support multiple private IPv4 addresses within, a network, thus conserving IPv4 addresses. By doing NAT within the network core, Capuano says, LSN can use one public IPv4 address to support 100 private IPv4 addresses, taking conservation a  step farther.

Capuano admits he doesn’t know how many DSL or cable devices or mobile phones will have to be replaced. He does think this is a service provider issue, not a consumer problem. “The consumer shouldn’t care — they just want their applications and service,” he says.

Takashi Arano, Intec NetCore developed this gadget

Posted 05 September 2010 RB § IPv6 § Networking Comments (0) ° Tagged: , ,

CAPTCHAs Broken

Mims Bits on MIT’s Technology Review reports that researcher from UC San Diego have figured out how spammers use low-cost workers in Russia, Southeast Asia, and China to solve millions of CAPTCHAs in near real-time.

A CAPTCHA is that bit of distorted text you have to type back at a webpage when you’re trying to sign up for a new email account or leave a comment on a blog.  In order to prevent spammers from flooding the web with their malware researchers developed CAPTCHAs. CAPTCHAs are designed to be easy for humans to solve but challenging enough for computers to get right that automated systems would not be effective.

In what Mims calls an epic new analysis by the UC San Diego researchers, they uncovered the “seedy underbelly” of a sophisticated, highly automated, world-wide network of services that help  spammers get past the CAPTCHAs. The article says that the inventors of CAPTCHA probably didn’t expect thousands of laborers working for less than $50 a month would be recruited by spammers to solve an endless stream of CAPTCHAs.  Automated middlemen deliver the  CAPTCHAs to the workers by and then sell the results to spammers in real-time, so that their spam bots can use those solutions to post to blogs and set up fraudulent email accounts according to a paper (PDF) delivered at the USENIX Security 10 Symposium.

The UC San Diego researchers analyzed where the workers involved in this scheme were located and found that they are based in India, Russia, Southeast Asia and China. The system is so efficient at delivering CAPTCHAs to workers in these remote locales that the average time for delivery of a solution hovers around 20 seconds. ImageToText, one of the CAPTCHA services the researchers experimented with was able to deliver correct results in “a remarkable range of languages,” including Dutch, Korean, Vietnamese, Greek and Arabic.

Even setting the sample CAPTCHAs to Klingon , as a control in their experiment, could not stop ImageToText, according to Technology Review. The workers managed to solve a handful of the Klingon CAPTCHAs despite odds of less than one in one thousand of their randomly getting the right answer.

The results of this landmark study, says Mims,  show that a number of sites, including those run by Microsoft, AOL, Google and the widely used reCAPTCHA, are regularly compromised by spammers employing these services. The researchers conclude that their investigation with an anonymous “Mr. E” who actually runs one of these services, proves that for advanced spammers, CAPTCHAs aren’t so much a barrier as a cost of doing business.

DarkReading has a report that independent security researcher Chad Houck recently demonstrated his work on solving Google’s (NASDAQ: GOOG) reCAPTCHA. reCAPTCHA was designed to stop software bots attempts to create free accounts on the Google services for their malware ways.  Despite recent enhancements made by Google, DarkReading says Houck came up with algorithms that could beat reCAPTCHA 30 percent of the time.

A 30% success rate means that automated software using Houck’s algorithm will be able to create one Google account out of just three attempts. Multiply those odds by the endless attempts by tens of thousands of zombies in a typical botnet, reCAPTCHA is broken.

In the DarkReading article, Houck notes that “[ReCAPTCHA] has never been wholly secure. There are always ways to crack it.” The researcher has since published a white paper on it, and has also released his algorithms online. For now at least, a Google spokesperson says there has not been any sign of this particular attack being actively used.

Posted 31 August 2010 RB § Malware § Security Comments (0) ° Tagged:

New School Year Same Security Threats

Another school year is starting up and security firm WatchGuard has a list of the top threat to school IT systems as classes start-up again.  Eric Aarrestad, Vice President at privately held WatchGuard Technologies says, ”With so much at risk and so much to gain by cybercriminals, today’s campus is one of the most dangerous IT environments around.” He continues, “Unlike enterprise organizations that can throw substantial resources towards network and data protection, schools and universities are more constrained, yet they face some of the most demanding security challenges due to the dynamic interaction between students and their school’s IT resources.”

WatchGuard’s top threats include:

Social Networks The security firm calls social networks, the number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing and more. Adding to this, socially engineered attacks are often extremely successful due to the “trusted” environment that social networks create.

Malware As students and teachers use the web for education purposes, the Seattle-based firm company says many unwittingly expose themselves to drive-by downloads or corrupted websites, which inject malicious forms of software on their computers. Once infected, they risk becoming victims of identity theft or loss of personal information via spyware and keyloggers.

Viruses Today, email remains one of the primary ways for delivering viruses. According to the release, recent surveys suggest that 27 percent of users fail to keep their antivirus signatures which may, in any case, be unable to up stop the new generation of viruses with polymorphic properties.

Botnets The privately held security firm estimates that 15 to 20 percent of all school and university computers connected to the Internet may be part of a botnet. As part of a botnet, school and university systems may be used in a variety of unknown exploits, including spam delivery, denial of service attacks, click-fraud, identity theft and more.

Phishing Phishing scams continue to get more sophisticated and selective, with students being specifically targeted. WatchGuard claims that phishing attacks via social networks achieve a success rate of over 70 percent.

Hacking In a recent survey of education IT professionals, 23 percent ranked student hackers as one of their greatest threats to network security.

Access Control Usage of mobile devices and wireless access to education IT resources continues to plague network administrators. As use of mobile devices escalates, schools will face increasing challenges in managing authorized network access according to the security vendor.

WatchGuard Technologies provides a variety of Internet security software and hardware products, including firewalls, virtual private network (VPN) appliances, and anti-virus applications under the XTM, XCS, and e-Series brands.

Posted 28 August 2010 RB § Malware § Security Comments (0) ° Tagged: , ,

Acer Beats Dell

I recently wrote about the troubles at Dell. Here is more proof of the downturn at DellBusinessInsider is reporting that Acer (LSE: ACID), the Taiwanese computer maker has posted another solid quarter of global PC sales, according to new data from Gartner.

The Asian and emerging markets drove Acer’s growth. It has also successfully ridden the explosion in netbook demand. The netbook market is drying up now, though thanks to Apple’s iPad. This could give Dell an opening, if it can execute well (a big if lately) and Taiwan based Acer has problems cracking the mainland China market.

Posted 25 August 2010 RB § Hardware § PC Comments (0) ° Tagged: , , ,

80% of US Job Seekers Wont Get Jobs Soon

The U.S. Labor Department recently reported that the unemployment rate held steady at 9.5%.   The analysts at Chart of the Day crunched some numbers and it looks like the U.S. is not out of the economic woods yet.  According to Chart of the Day, assuming that the depression, economic uncertainty, recession ended in June 2009, the current unemployment rate is exactly where it was at the end of the recession (9.5%). They offer some perspective on the current state of the labor market, their chart illustrates the amount of time it took for the unemployment rate to ultimately dip below (and stay below) its recession-end level for each recession since the late 1940s.

For example, at the end of the recession that ended in November 1982, the unemployment rate stood at 10.8%. As the chart illustrates, it took two months for the unemployment rate to drop below (and stay below) the recession-end level of 10.8%.

The Economic Policy Institute (EPI) pointed out last March that to absorb the nearly 15 million officially unemployed workers in this country, plus the roughly 2.6 million “marginally attached” workers (jobless workers who want a job but have given up actively seeking work and are not counted as officially unemployed), job openings and hiring must rebound dramatically.

The latest EPI numbers say that for every job filled, there are still 5 people who cannot find a job. In this environment of constant right-sizing, resource actions, mass-hiring, firms are stock-piling cash and not making things. The cash stock-piles are huge. The BusinessInsider has this graphic which says it all in my opinion.

Bloomberg reported in February that a  majority of companies in the Standard & Poor’s 500 stock index increased cash to a combined $1.18 trillion while simultaneously reducing spending, keeping a jobs recovery on hold. Bloomberg reports that firms such as:

  • Caterpillar Inc.
  • Eaton Corp.
  • Walgreen Co.
  • General Electric Co.

are among 256 companies that ended last quarter with billions more cash than a year earlier after cutting capital spending by 43 percent. Bloomberg economists say the dearth of investment is keeping the jobless rate at about 10 percent.

According to a Washington Post article,  non-financial companies are sitting on $1.8 trillion in cash, roughly one-quarter more than at the beginning of the recession. The Post sites a survey of more than 1,000 chief financial officers by Duke University and CFO magazine showed that nearly 60 percent of those executives don’t expect to bring their employment back to pre-recession levels until 2012 or later — even though they’re projecting a 12 percent rise in earnings and a 9 percent boost in capital spending over the next year.

It is noteworthy that, over the past two decades, it has taken much longer (on average) for the unemployment rate to drop below its recession-end level. The reasons for this increased time for the unemployment rate to turn around varies. One explanation that Chart of the Day offers is that following World War II, the US found itself in a strong/dominant economic position. It took time, but eventually many of the remaining world economies began to recover and we are now witnessing increased competition as a result of the rise of the rest.

If it globalization or corporate greed, the lack of jobs in the U.S. means 80% of job seeks are out of luck. “The 5-to-1 ratio means that there is literally only one job opening for every five unemployed workers. That is, for every four out of five unemployed workers there simply are no jobs.” explains EPI economist Heidi Shierholz.

Posted 23 August 2010 RB § Recession Comments (0) ° Tagged: ,