Archive for June 4, 2011

| June 4, 2011
Comments Off on Google, Facebook and Yahoo Test IPv6

Google, Facebook and Yahoo Test IPv6

Google, Facebook and Yahoo Test IPv6A global trial of IPv6 is scheduled for June 8th 2011. Google (GOOG), Facebook, Yahoo (YHOO), and Akamai (AKAM) will reportedly take part in the IPv6 “test flight.” The Internet Society, a non-profit group that educates people and companies about net issues is coordinating World IPv6 Day. Those who sign up for the test will make their pages available via IPv6 for 24 hours to help iron out problems created by the switch to the new addressing scheme.

IPv6 good news

Internet Society logo“By providing an opportunity for the internet industry to collaborate to test IPv6 readiness we expect to lay the groundwork for large-scale IPv6 adoption and help make IPv6 ready for prime time,” said Leslie Daigle, chief Internet technology officer at the Internet Society in a statement.

“The good news is that internet users don’t need to do anything special to prepare for World IPv6 Day,” said Lorenzo Colitti, a network engineer at Google in a blog post. “Our current measurements suggest that the majority (99.95%) of users will be unaffected. However, in rare cases, users may experience connectivity problems, often due to misconfigured or misbehaving home network devices.”

According to Google, Vint Cerf, the program manager for the ARPA Internet research project chose a 32-bit address format for an experiment in packet network interconnection in 1977. For more than 30 years, 32-bit addresses have served us well, but now the Internet is running out of space. IPv6 is the only long-term solution, but it has not yet been widely deployed.  In November 2010 Mr. Cerf, one of the driving forces behind Google’s IPv6 efforts warned that the net faced “turbulent times” if it did not move quickly to adopt IPv6.

rb-

Vint Cerf wants you t use IPv6It will be interesting to see the number of participants. This all may just blow over the top because not enough of the right people in organizations see the need. I spoke to my Boss about this a while ago and I think one phone call has been made to our upstream ISP to see what they are doing. We probably won’t deal with it until there is a need for a point-to-point IP video conference with China or something and when it won’t work, then it is a crisis that gets addressed.

Does your organization have a plan for IPv6 migration?

View Results

Loading ... Loading ...
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| June 2, 2011
Comments Off on LinkedIn Accounts can be Hijacked

LinkedIn Accounts can be Hijacked

Help Net Security has a report that users of the newly minted public LinkedIn (LNKD) are in danger of having their account hijacked. The Linkedin accounts can be hacked when accessing them over insecure Wi-Fi networks or public computers. Independent security researcher Rishi Narang told Help Net Security that the risk is due to two reasons. First, the LinkedIn session and authentication cookies have an unnaturally long lifespan. Secondly, LinkedIn does not remove the cookies once the user logs out.

LinkedInThe article says the cookies in question are JSESSIONID and LEO_AUTH_TOKEN, and are available even after the session initiated by the user has been terminated. The cookies are also set to expire only after one solid year, and this fact allowed the researcher to get access to a number of active accounts of various people from all over the world during a period of many months. “They would have login/logged out many times in these months but their cookie was still valid,” Mr.Narnag writes on his blog.

In addition to all of that, those two cookies and the others that the welcome page stores are transmitted in clear text over HTTP, because they don’t have a secure flag set. “If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic,” explains Mr. Narang.

According to the researcher, until LinkedIn makes some changes, the only way to “expire” the cookies is for the users to change their password and then authenticate themselves with the new credentials. This could be a stopgap measure if you know that someone has stolen those cookies and is accessing your account, but won’t new cookies be created after the password change and authentication?

Help Net Security says that the only solution to this problem is for LinkedIn to effect some changes, and according to Reuters, they are planning to offer “opt-in” SSL support for the entire site in the coming months (and that would encrypt the cookies in questions), but have not commented on the cookies have such a long lifespan.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , , , , ,
  Recent Entries »