IOT | Bach Seat

Tag Archive for IOT

RB | April 2, 2017

Comments Off

300 Billion Passwords

The death of the password has been predicted for years. Bill Gates predicted the death of the password at an RSA Security conference in 2004. In 2011, IBM (IBM) predicted that biometrics would replace passwords by 2016. In case you haven’t noticed in 2017 and passwords are still with us and they suck. “It’s now years after those statements were made, and passwords are still in heavy use,” Joseph Carson, head of global strategic alliances at Thycotic Software told CSO.

A new report (Reg. Req.) from cyber-security research firm Cybersecurity Ventures says that the number of passwords in use will grow from about 75 billion today to around 100 billion in 2020. AND the number of passwords used by machines, such as IoT devices, will grow even faster, from around 15 billion in 2015 to around 200 billion in 2020, the report said. That is 300 billion passwords by 2020.

And these numbers don’t include one-time passwords, SSL encryption keys, and other short-term credentials said Thycotic’s Carson. Thycotic Software sponsored the report.

Mr. Carson told CSO the estimates come from worldwide statistics about the total number of computers, operating systems, servers, routers, and other technologies and applications that come with passwords or need users to create passwords to use them. he added, “Then there are the social media accounts, which have been growing significantly.”

The average user has over 25 passwords, he said. There’s no decline in the number of passwords, in fact, the opposite is the case. “We find that the growth is accelerating at a massive pace,” CSO observed that the use — and reuse — of all these passwords is creating an ever-growing attack surface of both human and machine-to-machine passwords. A record number of credential breaches were disclosed in 2016, Mr. Carson added — 3 billion, with 43% of people having had at least one password or credential stolen.

A report released by the Pew Research Center said that for U.S. adults, the number was even higher. According to a 2016 survey, 64% said that they had personally noticed or been notified of a data breach that affected their accounts or personal data.

According to Mr. Carson, the financial damages of the breaches will continue to increase as well. Thycotic and Cybersecurity Ventures predicts potential damages from cyber-crime to reach $6 trillion by 2021.

rb-

Looks like passwords are here to stay. Followers of the Bach Seat know that passwords suck. I have covered a number of options to replace passwords. None of the biometric options have taken off as IBM had predicted.

Where biometric authentication is deployed, it’s been as an adjunct to passwords, not a replacement. Passwords are used to set up the initial trusted relationship, and as a fallback when the biometrics fail. Mr. Carson concludes, “The biometrics are used for ease of access to systems … Biometrics will never replace passwords.”

Related articles

JetBlue and Delta begin testing biometrics to identify passengers (The Los Angles Times)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2017, Bill Gates, Biometrics, Cybersecurity Ventures, Data breach, IOT, Passwords, Security, Social media, SSL, Thycotic

RB | February 2, 2017

Comments Off

Who Owns Ruckus Today?

Updated December 05, 2017 – As predicated below, cable box maker, ARRIS International completed its acquisition of Ruckus Wireless from Broadcom in December 2017. According to reports, “Ruckus Networks, an ARRIS company,” will operate as a dedicated business under the ARRIS Enterprise Networks business segment.

—

Ruckus Wireless was founded in 2004 and supplied Wi-Fi services and equipment to enterprises and service providers. At its peak, it had annual revenues of almost $400 million and more than 1,000 employees. Ruckus was the first firm to roll out enterprise 802.11ac Wave 2 AP. The company’s products powered high-profile public Wi-Fi installations, such as New York City’s LinkNYC.

In April 2016, San Jose, CA-based Brocade purchased Ruckus Wireless in a deal worth about $1.5 billion. Brocade is most famous for data center SAN switches and a player on the NFV and SDN scene. Brocade planned to add Ruckus’s Wi-Fi products to its enterprise networking business.

At the time of the purchase, Brocade CEO Lloyd Carney said, “The acquisition will strengthen Brocade’s ability to pursue emerging market opportunities around 5G mobile services, Internet of Things (IoT), Smart Cities, OpenG technology for in-building wireless, and LTE/Wi-Fi convergence.”

Ruckus changed hands. Irvine, CA-based chipmaker Broadcom (AVGO), which supplies to phone vendors purchased Brocade for $5.9 billion. But the chipmaker said it plans to divest the Brocade IP networking business that consists of wireless networking, data center switching, and software networking offerings.

Brocade CEO Lloyd Carney wrote on the company’s website. “In terms of our IP Networking business, due to competitive overlap with some of Broadcom’s most important customers, Broadcom will seek a buyer for the business.” The Ruckus product line competes with industry titans like Cisco and Apple.

Broadcom CEO Hock Tan said in a press release, “… we will find a great home for Brocade’s valuable IP networking business that will best position that business for its next phase of growth.” It seems Broadcom has found a firm willing to take Ruckus off their hands.

FierceCable is reporting that cable set-top box manufacturer Arris (ARRS) is in talks with Broadcom to pay around $1 billion for Brocade’s wireless network edge business – i.e Ruckus Wireless. The article says Arris CFO David Potts told investors that the vendor might transition into serving the wireless needs of its customers. Arris client, Comcast is developing a wireless service based on its MVNO relationship with Verizon.

Reports are that Arris does not want to buy other parts of the business being divested by Brocade. Brocade is reportedly looking for a buyer for the rest of its IP portfolio, which includes data centers, switching, and software.

Wi-Fi Charges Up Ethernet | Bach Seat (rbach.net)

Category: Uncategorized | Tags: 2017, 5G, Apple, Arris, ARRS, AVGO, Broadcom, Brocade, Cisco, CMCSA, Comcast, IOT, LTE, Mergers and Acquisition, Networking, Ruckus Wireless, Wi-Fi

RB | July 23, 2016

Comments Off

Ethernet Marches On

It has been a while since we talked about networking on the Bach Seat. So it is time to get back to my roots. Ethernet continues to dominate the world. The Institute of Electrical and Electronics Engineers (IEEE) 802.3 Ethernet Working Group, the group responsible for the Ethernet standard, recently ratified 4 new Ethernet-related standards. The committee approved IEEE 802.3bp, IEEE 802.3bq, IEEE 802.3br, and IEEE 802.3by.

IEEE 802.3br has implications for IoT and connected cars. This new standard addresses the needs of industrial control system manufacturers and the automotive market by specifying a pre-emption methodology for time-sensitive traffic. IEEE 802.3bp addresses how Ethernet operates in harsh environments found in automotive and industrial applications.

The 2 more interesting new standards to networkers are IEEE 802.3bq and IEEE 802.3by. These standards help define how 25 GB and 40 GB Ethernet will work and more importantly how products from multiple vendors should interoperate in the data center. For a summary of the rationale for the new standard here is the IEEE presentation (PDF).

IEEE 802.3bq, “Standard for Ethernet Amendment: Physical Layer and Management Parameters for 25 Gb/s and 40 Gb/s Operation, Types 25GBASE-T and 40GBASE-T“, opens the door to higher-speed 25 Gb/s and 40 Gb/s twisted pair solutions with auto-negotiation capabilities and Energy Efficient Ethernet (EEE) support for data center applications.

IEEE 802.3by, “Standard for Ethernet Amendment: Media Access Control Parameters, Physical Layers, and Management Parameters for 25 Gb/s Operation”, introduces cost-optimized 25 Gb/s PHY specifications for single-lane server and switch interconnects for data centers.

Siemon’s Standards Informant explains that 25GBASE-T will be backward-compatible with existing BASE T technology and both 25GBASE-T and 40GBASE-T are planned for operation over TIA category 8 cabling. The deployment opportunity for 25GBASE-T is aligned with 40GBASE-T and defined as the same 2-connector, 30-meter reach topology supporting data center edge connections (i.e., switch to server connections in row-based structured cabling or top of rack configurations).

The standard’s ratification comes shortly after the Telecommunications Industry Association (TIA) approved its standard specifications for Category 8 cabling, the twisted-pair type designed to support 25GBase-T and 40GBase-T.

Though 25 Gigabit Ethernet is only now becoming an official standard, Enterprise Networking Planet reports that multiple vendors already have technologies in the market. Among the early adopter of 25 GbE is Broadcom (AVGO) which announced back in 2014 that its StrataXGS Tomahawk silicon would support 25 GbE. In 2015, Arista (ANET) announced its lineup of 25 GbE switches. Cisco (CSCO) is also embedding 25 GbE support in some of its switches including the Nexus 9516 switch.

That is where 25-Gb/s Ethernet comes in. It uses the same LC fiber cables and the SFP28 transceiver modules are compatible with standard SFP+ modules. This means that data-center operators can upgrade from 10 GbE to 25 GbE using the existing installed optical cabling and get a 2.5X increase in performance.

The IEEE 25GbE standard seems to have come out of nowhere, (especially considering the L O N G D R A W N O U T 8 0 2 . 1 1 n process but the technology actually came into being as the natural single-lane version of the IEEE 802.3ba 100-Gb/s Ethernet standard. The 100-Gb/s Ethernet standard uses four separate 25-Gb/s lanes running in parallel, so defining a single lane makes it a straightforward and natural subset of the 100-Gb/s standard.

rb-

IEEE P802.3by and P802.3bq were initially targeted for server connections in mega data centers like Amazon, Facebook, and Google. In the next 5 years, 25G will be the next mainstream server upgrade from 10G, even for smaller data centers. SMB data centers will be facing a connectivity crisis in the future as the pace of virtualization increases.

According to IDC, the typical virtualized server supported about 10 virtual machines (VMs) in 2014 and will support in excess of 12 VMs by 2017. In many organizations, the majority of production workloads are already virtualized and almost all new workloads are deployed on virtualized infrastructure, placing inexorable stress on server connectivity.

In order to accommodate this growth Twinax copper and short-reach MMF are included in the “by” standard, while 25GBASE-T (twisted pair) was added to the existing 40GBASE-T “bq” project making 25G possible in smaller data centers without having to re-wire the data center.

5 Methods For Improving Data Center Efficiency (electronicdesign.com)

Category: Uncategorized | Tags: 2016, 802.3, 802.3az, 802.3bp, 802.3bq, 802.3br, 802.3by, Arista Networks, BRCM, Broadcom, Cisco, Connected cars, CSCO, Data center, Fiber optic cable, IEEE, IOT, Networking, SFP, Standards, Twisted pair cable

RB | May 8, 2016

Comments Off

Wearables – Growing Enterprise Risk

Market research firm Tractica predicts that the high levels of interest will drive worldwide shipments of wearable computing devices for enterprise and industrial from 2.3 million in 2015 to 66.4 million units by 2021 and could reach 75.4 billion by 2025. This means there will be a total of 171.9 million wearables in the wild by 2021.

The report at FierceMobileIT cites a large number of trials or deployments with a diverse set of wearables across a variety of industry sectors for the growth. Tractica research director Aditya Kaul explained the prediction,

In the past year, the enterprise and industrial wearables market has moved into an implementation phase, with the focus shifting from public announcements to the hard work that needs to be done behind the scenes to get wearables rolled out at commercial scale.

Tractica noted a range of new IoT use cases are emerging for workplace wearables. The new uses are focused on application markets like; retail, manufacturing, healthcare, corporate wellness, warehousing and logistics, workplace authentication and security, and field services.

The market research firm believes the primary wearable device categories will be; smartwatches, fitness trackers, body sensors, and smartglasses, There will also be other niche categories that will play a role for specialized use cases.

The report does concede that in terms of unit volumes and revenue, enterprise and industrial wearables are still a very small part of the IoT overall market. Wearable’s share of the total market will grow over time, according to Tractica.

Wearables proliferation does not bode well for IoT or enterprise security. A recent survey of 440 IT pros by IT networking company Spiceworks found that enterprise wearables are most likely to be the cause of a data breach out of all Internet of Things devices connected to a workplace network.

According to FierceMobileIT, the survey found that 53% of IT pros believe wearables are the least secure of all IoT devices. Overall, 90% of those surveyed think IoT makes workplace security more difficult. Spiceworks also found that only one in three of those surveyed are preparing for the tidal wave of these devices.

The number of companies allowing wearables on the network has jumped from 13% in 2014 to 24% in the current Spiceworks survey. That’s a significant jump, and especially worrisome for the two-thirds of organizations putting off a proper security protocol. 41% of those surveyed said that their organizations have a separate network for connected devices, 39% allow them on the corporate network and 11% don’t allow IoT in any capacity.

Enterprise IoT devices aren’t the only reason IT pros should worry, as Andrew Hay, CISO of DataGravity, told FierceMobileIT at the RSA conference this year. Workers are bringing consumer-grade IoT devices into enterprise environments, too. In other words, IT pros don’t have a choice at this point but to seriously consider security measures for IoT.

rb-

I first covered IoT security holes in 2011. In 2014, I wrote about HP research which found on average 25 security flaws per device tested. If these stats are right, there will be almost 4.3 billion security flaws in the wild.

Some of the security flaws HP pinpointed in wearables during 2015 included:

Mobile interfaces lack two-factor authentication or the ability to lock out accounts after login failed attempts.
Watch communications to be easily intercepted.
• Firmware is transmitted without encryption.
• Half of the tested devices lacked the ability to add a screen lock, which could hinder access if lost or stolen.
•40% were still vulnerable to the POODLE attack, allow the use of weak ciphers, or still used SSL v2. Transport encryption is critical because personal information is being moved to multiple locations in the cloud.

Security is key concern for IoT developers, survey shows (hotforsecurity.com)

Category: Uncategorized | Tags: 2016, 2FA, Authentication, Data breach, Encryption, HP, IOT, POODLE, Security, SSL, Tractica, Wearable computer

RB | November 24, 2015

Comments Off

Television Sells Your Viewing Habits

– Updated 03-26-2017 – Vizio will pay $2.2 million to the FTC and the state of New Jersey to settle a lawsuit alleging it collected customers’ television-watching habits without their permission.

In addition to the $2.2 million in payments, Vizio will now have to get clear consent from viewers before collecting and sharing data on their viewing habits. It’ll also have to delete all data gathered by these methods before March 1st, 2016 according to the Verge.

—

Just in time for the Black Friday consumerism orgy of spending, Help Net Security reports that you are giving away more than cash when you buy a Smart Television from Best Buy or whoever. It turns out that owners of Smart TVs manufactured by California-based consumer electronics company Vizio (VZIO) viewing habits are being tracked and sold to third parties. The Vizio privacy policy says;

… VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements … delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV.

Vizio’s competitors Samsung (005930) and LG Electronics (LGLD) can also track users’ viewing habits via their smart TV offerings, ProPublica‘s Julia Angwin pointed out, but the feature has to be explicitly turned on by the users. The collection of viewing data by Vizio’s Smart TVs is turned on by default, as is the Smart Interactivity feature that manages it.

According to the IEEE, Vizio smart TVs can track data related to whatever TV programming and related commercials you’re watching and link such data with the time, date, channel, and TV service provider. On most of the over 15 million Smart TVs sold, Vizio will also track whether you view TV programs live or later on. Vizio knows what you’re watching even if it’s a DVD being played on a gaming console or a show being watched via cable TV. The identification tracking technology can differentiate between 100 billion data points.

While, in theory, IP addresses are not personal information, they actually can be linked to individuals if there is enough information (specific attributes like age, profession, etc.) tied to it.

ProPublica‘s Angwin’s sources, tell her that Vizio has been working with data broker Neustar to combine viewing data with this type of information about the user.

Even though users can turn off the spy technology, which will not won’t affect the device’s performance, the problem is that many, many users won’t bother reading the privacy policy or change the default settings once they set up the TV and start using them.

TechHive reports that backlash against intrusive spying has started. Two lawsuits (Reed v. Cognitive Media Network, Inc. (PDF) and David Watts et. al. v Vizio Holdings Inc et. al. (PDF)) have been filed in California against Vizio and their partners about their data collection habits.

The suits accuse Vizio and Cognitive of secretly installing tracking software on the former’s smart TVs in a way that violates various federal and state laws.

Legal system The suits allege that Vizio violated the Video Privacy Protection Act. The Video Privacy Protection Act prohibits any company engaged in rental, sale, or delivery of audio-visual content and not necessarily just videotapes from divulging any personally identifiable information about its customer to a third party, except where the customer has clearly consented to such data sharing.

Of course, Vizio has previously argued it’s not a videotape service provider at all, and so this particular law doesn’t apply to it.

rb-

I pointed out as far back as 2011 that Smart TVs are a dumb idea for privacy.

Consumer Reports offers tips on how to stop your Smart TV from spying on you here.

The Internet Of Things – How will it shape the future of business? (techburgh.com)

Category: Uncategorized | Tags: 2015, Big data, Black Firday, Broker, Collection, Data, IEEE, IOT, IP address, ISP, LG, PII, Privacy, ProPubica, Samsung, Security, Smart TV, Vizio, VZIO

« Older Entries Recent Entries »

Bach Seat

Tag Archive for IOT

300 Billion Passwords

Who Owns Ruckus Today?

Related articles

Ethernet Marches On

Related articles

Wearables – Growing Enterprise Risk

Related articles

Television Sells Your Viewing Habits

Related articles

Meta