Archive for RB

| December 4, 2010
Comments Off on U.S. Running Out Of IPv4 Addresses

U.S. Running Out Of IPv4 Addresses

U.S. Running Out Of IPv4 AddressesInformationWeek says IPv4 addresses will run out by the end of 2011. The plethora of mobile devices and an increase in Internet services to the home have led to a shortage of Internet addresses, which could run out by the end of 2011 according to InformationWeek. “We now face an exhaustion of IPv4 addresses,” Lawrence Strickling, administrator of the U.S. National Telecommunications and Information Administration (NTIA), said in the meeting, Reuters reported. There’s only room for 4.3 billion IPv4 addresses and the U.S. owns more than 90 percent of public IP addresses globally. The U.S. has used about 94.5 percent of its public IP addresses.

smartphones are depleting the supply of available addressesThe recent surge in tablet computers like the Apple iPad and Research in Motion Blackberry smartphones are depleting the supply of available addresses. The remaining 5.5 percent of the IPv4 addresses will be distributed among the Regional Internet Registries by next summer Reuters reported. New IP-based technologies such as LTE and WiMax have also contributed to the dwindling number of IPv4 addresses. M2M devices and smart technologies in consumer products like refrigerators, dishwashers, and vehicles also decrease the number of addresses available. “Fortunately, IPv6 will support 340 trillion, trillion, trillion addresses,” Strickling is quoted in Reuters, and appealed to businesses to widely roll out and integrate IPv6.

The reason is that IPv6 is a much longer address, but it makes up a lot more possible numbers, said Todd Day, industry analyst, Mobile & Wireless Communications, Frost & Sullivan. “It’s similar to a phone number with many digits, so it’s like having a longer phone number.” Switching to IPv6 could be costly for businesses and the technology might not integrate well with what they are using. “Ultimately you have equipment that has to be replaced in order to support IPv6, you have software changes and upgrades in other pieces of equipment and testing and actual implementation costs,” Day said.

In spite of the challenges, the new protocol has its advantages, he said. “There are definitely a lot of benefits to IPv6,” Day said. “In the bigger picture, it allows for more security, video and voice streaming, and better quality of service.

rb-
This is not a U.S.-specific problem as InformationWeek would have their readers believe. This is a worldwide problem. John Curran President and CEO of ARIN pointed out in the article, “some other countries have already set their IPv4 depletion / IPv6 adoption plans.” Of course not in the US, there are so many other important issues for the Feds to worry about, like the noise level of TV commercials.

This gadget has been developed by Takashi Arano, Intec NetCore

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| December 1, 2010
Comments Off on Huge MacOS Patch Sets Record

Huge MacOS Patch Sets Record

Huge MacOS Patch Sets RecordApple Computers (AAPL) recently released a mega update that addresses 134 vulnerabilities in MacOS X. The incremental update weighs in at 650 megabytes, which PCMagazine’s Larry Seltzer is quoted as describing as “possibly unprecedented proportions.”  According to the Washington Post‘s Rob Pegoraro, the actual download size varies depending on different machines, up to  977.2 megabytes.

Apple logogTony Bradley of PCWorld compared the Mac OS X update with Microsoft’s Patch Tuesday, and claims that “To surpass 134 vulnerabilities, you have to combine six months’ worth of Patch Tuesdays from June through November.” To be fair, the massive MacOS update includes 55 updates related to Adobe Flash. Vulnerability expert (and multi Pwn2Own winner) Charlie Miller is clearly not impressed. In a tweet sent late Wednesday, he wroteApple releases huge patch, still miss all my bugs. Makes you realize how many bugs are in their code (or they’re very unlucky).”

What is in the mega MacOS patch?

The mega MacOS update patches a handful of long outstanding vulnerabilities, one from 2008 and 7 from 2009. The update also includes fixes to common UNIX software such as X11, PHP, and OpenSSL. Apple included more than two dozen non-security issues, many of them stability or reliability problems.  The 10.6.5 upgrade also fixed a problem with some HP printers connected to wireless networks, added support for encrypted transfers of files to Apple’s online storage service, and improved the reliability of connections to Microsoft Exchange servers.

Mac users can read more about MacOS X v10.6.5 and Security Update 2010-007 here.

rb-
The consumerization of IT has hit my workplace with iPad’s and Macs working their way in as “special projects.” This latest patch from Apple shows the firm’s attention to security. Despite the fanboyz believes, the Mac isn’t more secure than Wintel. The simple fact is, breaking into Macs probably has not ranked very high on the to-do list of cyber-criminals given the smaller number of Mac users when compared with the number of machines running Windows. The second fact is that Apple is slow with security updates. The mega update addressed some MacOS problems that are over two years old.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| November 27, 2010
Comments Off on Social Networks Are Risky

Social Networks Are Risky

Social Networks Are RiskyAccording to the Czech security firm TrustPort, social networking’s popularity and ease of use can cause users to forget its risks.  These risks include the loss of private personal data and malware infection.  Even though social networking is new, a recent IBM (IBM) X-Force report says the threats are not.  According to IBM, traditional threats like phishing, malware, 419 fraud schemes, identity theft, data harvesting, and botnets now use social networks as attack vectors.

FacebookMany social networking users fall victim to attackers offering new apps or features for joining the group.  Net Security.org cites the Facebook Stalker Catcher as an example of such a scam.  Even though this malicious app appeared in 2009, Facebook users still fall victim to it.  To start a Stalker Catcher attack, Net Security.org says users are lured to the group on the pretext that they will see exactly who and when is visiting their personal profile.  The alleged instructions for feature activation result in nothing more and nothing less than sending group invitations to all contacts of the victim.

Sunbelt Software reports that the latest scam targeting Facebook users specifically targets kids.  The scam promises a free proxy service for those who want to bypass parental controls and blocks set up by schools.  The scam tempts the victims to try the service at hxxp://myfatherisonline.com to access Facebook in school.  Of course, when the victims visit the website, they can’t find the advertised service.  The researchers instead found a plethora of scam attempts.  The victims are faced with an affiliate site containing malware, surveys, quizzes, and offers for free iPhones that will try to get them to subscribe to a premium rate service or sign up for spam.

The number of users who voluntarily join fraudulent groups and send invitations to all their contacts is strikingly high.  In the Net Security.org article, IBM says the informal feel of social networks is the real risk.

We’re all friends here,” you’re thinking to yourself, and you’re mind chooses to ignore the things that would usually set off alarm bells in your head. Who knows – maybe it’s our inherent sense of safety that we get when surrounded by lot of people? Safety in numbers, so to speak. In any case, most of us are just less careful.

SPAM

These same users then access Facebook at work, exposing their employers to more risks.  The anti-malware firm Sophos recently found that reports (PDF) by companies of spam and malware derived from social networks were up 70 percent from a year earlier and concludes that “Because of this, social networks have become one of the most significant vectors for data loss and identity theft.”

Due to this carelessness, the criminals behind the scams quickly gain large databases of contacts.  These databases are later sold to other cybercriminals and used for sending spam or for further phishing scams.  Some fraudulent groups explicitly invite users to install a particular application, which is even more dangerous.  According to the article, the risk of malware infection should never be underestimated.

rb-

So the important message here is:

  1. Keep your computer up to date
  2. Use regularly updated antivirus and antispyware software
  3. Verify what you are doing before you do it
  4. If it is too good to be true, it probably is

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005.  You can follow him on LinkedInFacebook, and Twitter.  Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , ,
| November 26, 2010
Comments Off on HTTPS Everywhere Updated

HTTPS Everywhere Updated

The Electronic Freedom Frontier (EFF) has updated its HTTPS Everywhere security tool to enhance protection for Firefox browser users against webpage security flaws. The new version of HTTPS Everywhere is a response to growing concerns about website vulnerability in the aftermath of the October 2010 release of Firesheep.

MalwareFiresheep is an attack tool that could enable an eavesdropper on a network to take over another user’s web accounts on social networking sites like Facebook or webmail systems such as HotMail if the browser’s connection to the web application either does not use cryptography or does not use it thoroughly enough.

Since the first release of HTTPS Everywhere the Firefox plugin has been downloaded more than half a million times.

Other sites targeted by Firesheep that now receive protection from HTTPS Everywhere include

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| November 23, 2010
Comments Off on Server Counts Climbing

Server Counts Climbing

Server Counts ClimbingData Center Knowledge has updated its list of companies with the most servers (at least the ones that release the information). I wrote about this server list last year and some of the changes from last year include adding Intel (INTC) and Facebook to the list, SoftLayer’s acquisition of The Planet, and increases in server fleets.

Server Growth

FirmServers (2009)Servers (2010)% change
Intel--100,000NA
OVH55,00080,00045
SoftLayer21,00076,000262
Akamai Technologies48,00073,00052
1&1 Internet55,00070,00027
Rackspace50,03863,99628
Facebook--60,000NA
iWeb10,00035,000250

Some notable companies that have not changed since 2009 include:

* SBC Communications
* Verizon
* Time Warner
* AT&T
* Peer1/ServerBeach.

rb-

One thing that many of these companies have in common is that they are cloud companies or companies that enable cloud computing. The research firm IDC reported in 2009 that only 14.3% (2.2 Exabytes) of the 15.4 Exabytes of enterprise storage capacity resides in the public cloud. IDC believes this number will grow to 27.6% by 2013.

If IDC is right,  over the next 3-4 years, server fleets will continue to grow.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »