Tag Archive for GOOG

| July 17, 2012
3 comments

IPv6 Compromise Smartphones Users’ Privacy

IPv6 Compromise Smartphones Users' PrivacyNow that the IPv4 address pool is depleted and the IPocalypse is at hand, wrinkles are emerging in IPv6.  One of the wrinkles is with mobile devices. Most of the cool mobiles devices have been able to handle IPv6 for a while. Apple’s (AAPL) iPhones, iPads, and iPods have been capable of handling IPv6 Since version 4 of the iOS operating system and most Google (GOOG) Android devices have been capable since version 2.1. H  Security is reporting that these mobile operating systems send information about their users to the network.

Smartphone risksA device on an IPv6 network usually determines half of their address (the “interface identifier”) themselves, but H Security says that smartphones are sloppy with this task. According to the article, smartphones simply add the same two bytes to their globally unique MAC address and use it as their identifier. As a result, they transfer a unique hardware ID whenever they communicate with an IPv6-enabled server.

The basic problem isn’t an IPv6 issue because there are other methods for generating the address. The article says that a device can generate a random interface identifier and replace it on a regular basis. This is called the Privacy Extensions method and is the factory-set option in Windows; it can also be enabled in other operating systems. The article points out that devices running Apple’s iOS or Android offer neither the option to enable Privacy Extensions nor the option to disable IPv6, anyone who uses an affected device on an IPv6-enabled wireless network will send their ID.

IPocalypseThe only thing the smartphones are lacking is a control option in the user interface, as the Privacy Extensions do come as part of their kernel. For instance, on a (jailbroken) iOS 4 device with root access, they can be enabled with the same command that enables them on a desktop device running Mac OS X:

sysctl -w net.inet6.ip6.use_tempaddr=1

The blog claims the problem is only affecting a small number of users because IPv6 is not yet in widespread use. However, more ISPs plan to offer IPv6 in addition to the old IPv4 in the future. In addition, there are routers like the Cisco (CSCO) Linksys E3000, which will automatically set up an IPv6 connection via a 6to4 conversion when their internet access is purely IPv4.

The author concludes that the issue is particularly sensitive because such devices tend to be used by one specific person. As a result, the MAC address, which is accessible to any server operator and network monitor, allows this user to be identified.

rb-

If this sounds familiar, it is I wrote about mobile apps uploading  UDID’s here.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| June 19, 2012
Comments Off on Attackers Attack Emerging Technologies

Attackers Attack Emerging Technologies

Help Net Security reports that attackers continue to focus on social engineering attacks and circumventing legacy enterprise security systems according to a recent report by Zscaler. The Sunnyvale, CA-based firm reported shifts in the sources of enterprise web traffic, and that some popular sites attempt to improve user security. Here are some of the top findings detailed in the report:

  • Local apps are generating more direct HTTP and HTTPS traffic
  • Not all web traffic comes from browsers, and as this traffic shifts, web threats have a new attack vector
  • Internet Explorer 6 is on the decline in the enterprise. While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.
  • Google (GOOG) is actively attempting to thwart search engine optimization (SEO) spam and fake AV attacks, the topmost Internet threats today. However, most users remain exposed to these threats.
  • More sites, like Facebook (FB) and Gmail, are moving to HTTPS delivery. This is good for preventing sidejacking, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection.

Internet of Things“Attackers know the limits of traditional security solutions,” says Michael Sutton, VP of Security Research at Zscaler. “But they are also very good at taking advantage of emerging technologies and new vectors for attack. Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats. Now more than ever, enterprise security solutions must inspect traffic in real-time, all the time, regardless of source, to provide true protection.”

RB-

I have covered IOT for a while here and here. I wrote about the big sites moving to HTTPS a while ago here and even wrote about HTTPS Everywhere here. And I am sure I don’t cost as much as an engagement with these firms.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| June 7, 2012
Comments Off on ‘Personal Cloud’ to Replace PC by 2014, Says Gartner

‘Personal Cloud’ to Replace PC by 2014, Says Gartner

‘Personal Cloud’ to Replace PC by 2014, Says GartnerMike Barton wrote on Wired’s Cloudline that there’s no doubting the cloud invasion. But the research firm Gartner (IT) believes the personal cloud will replace the PC as the center of our digital lives as soon as 2014.

Gartner logoSteve Kleynhans, research vice president at Gartner, said in a statement, “Major trends in client computing have shifted the market away from a focus on personal computers to a broader device perspective that includes smartphones, tablets, and other consumer devices.” He continues, “Emerging cloud services will become the glue that connects the web of devices that users choose to access during the different aspects of their daily life.”

cloud-happy futureIn the article, Mr. Burton writes that Google plans a cloud-centered future with Google (GOOG) Play and Android mobile OS. But the personal computer will also not miss out on the cloud, as Microsoft (MSFT) and Apple (AAPL) are planning to weave the cloud into the next generation of their desktop operating systems, Windows 8, and OS X Mountain Lion.

But a cloud-happy future will not be as easy as that, because Gartner says, “it will require enterprises to fundamentally rethink how they deliver applications and services to users.” Gartner sees a number of factors are converging to make for a perfect personal cloud storm by 2014.

Megatrend No. 1: Consumerization— Gartner says what corporate IT has seen so far been a precursor to the major wave that is starting to take hold across all aspects of IT as several key factors come together:

  • ConsumerizationUsers are more technologically savvy
  • The internet and social media have empowered and emboldened users.
  • The rise of powerful, affordable mobile devices changes the equation for users.
  • Through the democratization of technology, users of all types and statuses within organizations can now have similar technology available to them.

Megatrend No. 2: Virtualization — Virtualization has improved flexibility and increased the options for how IT organizations can set up client environments.

App-ificationMegatrend No. 3: “App-ification” — Apps change the way applications are designed, delivered, and consumed by users and it has a dramatic impact on all other aspects of the market.

Megatrend No. 4: The Ever-Available Self-Service Cloud – The cloud opens a whole new level of opportunity for self-servicing users. Every user can now have a scalable and nearly infinite set of resources available for whatever they need to do.

Megatrend No. 5: The Mobility Shift — Wherever and Whenever You Want Today, mobile devices combined with the cloud can fulfill most computing tasks, and any tradeoffs are outweighed in the minds of the user by the convenience and flexibility provided by the mobile devices.

The Mobility ShiftGartner’s Kleynhans said. “In this new world, the specifics of devices will become less important for the organization to worry about. Users will use a collection of devices, with the PC remaining one of many options, but no one device will be the primary hub. Rather, the personal cloud will take on that role. Access to the cloud and the content stored or shared in the cloud will be managed and secured, rather than solely focusing on the device itself.”

Wired says that former Microsoft chief software architect Ray Ozzie made the same point recently, “People argue about, ‘Are we in a post-PC world?’. Why are we arguing? Of course, we are in a post-PC world.” Ozzie reportedly told a conference,  ”That doesn’t mean the PC dies; that just means that the scenarios that we use them in, we stop referring to them as PCs, we refer to them as other things.”

rb-

Goodie for Gartner, they get paid for codifying the obvious. Consumers are moving to the personal cloud. DVDs vs.Netflix streams. Files on your hard drives vs. some distant data center run by Dropbox. Photo albums vs. Flickr. Books vs. Kindles and Nooks.

Related articles:
  • Supermodels, Megatrends, and Ultra Big Paradigm Shifts to the Cloud

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| June 6, 2012
Comments Off on Bad Day at LinkedIn

Bad Day at LinkedIn

Bad Day at LinkedInIt’s been a bad day for LinkedIn (LNKD). LinkedIn users have been the victim of two security and privacy blunders on the same day. First, the LinkedIn mobile app for iOS devices is sending potentially confidential private and business information to the company servers without the users’ knowledge.

LinkedIn logoHelp Net Security reports that security researchers Yair Amit and Adi Sharabani at Skycure Security identified the security hole. According to the researchers, the security flaw involves calendar syncing which collects data from all the calendars (private and corporate) on the iOS device.

“The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes,” the researchers point out in the article. “…this information is collected and transmitted to LinkedIn’s servers; moreover, this action is currently performed without a clear indication from the app to the user, thus possibly violating Apple’s privacy guidelines.”

The first response from LinkedIn‘s spokeswoman Nicole Perlroth appears to minimize the issue and blame the users for the privacy breach when she told Help Net Security that the feature is opt-in, and said nothing about whether the company will update the app that would stop this privacy snafu from happening in the future. (Looks like LinkedIn updated the App and broke it according to reviews in the Apple AppStore) This was reinforced by Joff Redfern, Mobile Product Head at LinkedIn on the LinkedIn blog where he also pointed out the information harvesting app is an opt-in feature. He claims that the information collected is not stored or shared. LinkedIn did change the LinkedIn app for Google (GOOG) Android so it no longer sends data from Droids to LinkedIn. There was no information in the article if LinkedIn plans to change the Apple iOS app.

But wait it gets worse…

LinkedIn also lost 6.5 million accounts today. They were however found on a Russian forum. LinkedIn has confirmed on their blog that there are “compromised accounts.” Cameron Camp, Security Researcher at ESET, commented on the leak for Help Net Security:

“The difference with this hack … is that people put their REAL information about themselves professionally on the site not just what party they plan on attending, ala Facebook and others …  mess with somebody’s professional profile, and you’re messing with their life, and their contacts know about it.”

rb-

I wrote about the value of different credentials here and here.

I am wondering about the timing of the two security problems for LinkedIn. Could they be related? Were attackers using the Apple iOS app as an attack vector? After all, we know that Apple loves to collect personal info on its customers.

Mitt Romney

What happened here?

Action Items:

  • Toggle off the “Add Your Calendar” option in the Sync Calendar feature of the LinkedIn app on your Apple iOS devices
  • Immediately change your LinkedIn password and any accounts that share the same password.
  • Be on the lookout for phishing campaigns that might leverage the incident.
Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| May 10, 2012
Comments Off on What Happened to the Paperless Office?

What Happened to the Paperless Office?

What Happened to the Paperless Society?The Economist wonders whatever happened to the “paperless office”? Thirty years ago computers were hailed as the beginning of the paperless office era. In 1980 The Economist recommended that firms trying to improve productivity “reduce the flow of paper, ultimately aiming to abolish it”.

Unfortunately not many people listened to The Economist. Since they extolled the virtue of a paperless office, global paper consumption has increased by half.

Paper consumption

The average American uses almost six 40-foot trees a year in paper. Gizmodo says don’t feel too bad. The EU bureaucracy in Brussels pushed the Belgian paper consumption to a whopping 8.5 trees per person. The equivalent to four Rockefeller Center Christmas trees.

Paperless office research says

The trend will not change. A report from ITnewsLink reports that more than half of Americans think the U.S. will never go paperless. Pollster Poll Position conducted a national survey to see if Americans think the U.S. could ever be a paperless society.

Poll Position researchPoll Position’s research found that 56% of Americans said they don’t think the U.S. would ever be a paperless society. Only 20% said yes, one day we’ll all go paperless. 24% of Americans were undecided or had no opinion on the question.

Other Poll Position finding

  • 63% of the 18-29 age group said the U.S. would never be a paperless society and 23% said we could be a paperless society.
  • 56% of men and women said we could never be a paperless society.

You can still vote in their online companion poll.

rb-

I think that in an era of computers, Amazon (AMZN) Kindle Fire and Apple (AAPL) iPad tablet computers, iPhones and Google (GOOG) Android smartphones that paper consumption would decrease. Apparently it takes more than buzzwords like “paperless” and “green” to make a difference.

Related articles
  • The Paperless Office? (Going Green) (whattheythink.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »