Tag Archive for Wireless

| May 7, 2015
Comments Off on World’s First Hacker?

World’s First Hacker?

World's First Hacker ?The story of the first hacker could be a 21st-century tale. It includes a zero-day exploit, patent trolling, a live demo, egos, and industrial espionageNew Scientist has identified its candidate for the world’s first hacker. The hacker found a security hole in Marconi’s wireless telegraph technology and used it to publicly show the inventor up.

The first hacker

Nevil Maskelyne haclerNew Scientist’s first hacker was, Nevil Maskelyne. Nevil Maskelyne was a stage magician who disrupted a public demo of Marconi’s wireless telegraph in 1903. He disrupted the demo by wirelessly sending insults in Morse code through Marconi confidential channels. Visitors to the Bach Seat should be sophisticated enough to know the risks of running a live demo, but 110+ years ago, they didn’t.

According to the author, the first hack occurred at the Royal Institution in London. As Marconi associate, John A. Fleming (inventor of the vacuum tube) was preparing the Marconi equipment for a public demo of the long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi when something unplanned happened.

Scientific hooliganism

Marconi's wirelessBefore the demonstration was scheduled to begin, the demo gear began to receive a message. The unplanned message included a poem that accused Marconi of “diddling the public.” Then it started in with some Shakespeare.

Arthur Blok, Fleming’s assistant, figured that someone else was beaming powerful wireless pulses into the theater. The new signal was strong enough to interfere with Marconi’s equipment. Unfortunately for Marconi and Fleming, Nevil Maskelyne figured out the hack first. Mr. Maskelyne’s hack proved that Marconi’s gear was insecure. It also proved it was likely that they could eavesdrop on supposedly private messages too.

Wood towers supporting Marconi aerial at Cornwall England

In response, Fleming fired posted a complaint in The Times. In the paper he dubbed the hack “scientific hooliganism.”  He asked the newspaper’s readers to help him find the hacker.

However, Maskelyne, whose family had made a fortune making “spend-a-penny” locks in pay toilets outed himself four days later. He justified his actions on the grounds that he revealed the security holes for the public good. (Sound familiar?)

Maskelyne who taught himself wireless technology had a great deal of experience with wireless. According to the article, he would use Morse code in “mind-reading” magic tricks to secretly communicate with a partner. And in 1900, Maskelyn sent wireless messages between a ground station and a balloon 10 miles away. But, his ambitions were frustrated by Marconi’s broad patents. The overly broad patent left him embittered towards the Italian. Maskelyne would soon find a way to get back at Marconi. It turned out that the Eastern Telegraph Companyworried that Marconi’s wireless would kill their global wired communications business hired Maskelyne as a spy.

Revealed security holes for the public good

eavesdrop on the "confidential channelMaskelyne built a 50-meter radio mast near the Marconi Wireless offices. From these offices Marconi was beaming wireless messages to vessels as part of its highly successful “secure” ship-to-shore messaging business. From there, Maskelyne could easily eavesdrop on the “confidential channel” Marconi wireless messages.

Maskelyne gleefully revealed the lack of security by writing in the journal The Electrician in November 1902,

I received Marconi messages with a 25-foot collecting circuit [aerial] raised on a scaffold pole. When eventually the mast was erected the problem was not interception but how to deal with the enormous excess of energy.

To further publicize his results and perhaps extract some revenge on Marconi, Maskelyne staged his Royal Institution poetry broadcast.

The New Scientist concludes that Maskelyne’s name had been forgotten but now he is in the history books as the world’s patron saint of hackers.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| January 20, 2015
Comments Off on Palm Now A Chinese Mobile Company

Palm Now A Chinese Mobile Company

Palm Now A Chinese Mobile CompanyLet’s take a trip on the way-back machine and visit the first cool – gotta-have-it tech toy, the Palm Pilot. I had several versions of the Palm Pilot, The Palm V was the best version, but the  PalmOne-m515 had a color screen. The oft traded PDA builder moved from Palm to modem-maker US Robotics. Which was later purchased by 3Com, and then Handspring. Next, it was PalmOne/Source and finally purchased in 2010 for $1.2 billion by HP, where many tech firms go to die.

Palm logoNow ChinaTechNews.com reports that the Chinese consumer electronics group TCL recently announced that they will acquire the Palm brand. HP is selling Palm as part of Meg Whitman’s struggles to right the floundering HP (HPQ).

Li Dongsheng, chairman of TCL Group, claims the Palm acquisition is different from their purchase of Alcatel’s mobile division. According to the Chinese firm, Palm has its fans in America and its operating ideas are similar to Apple (AAPL). They believe this type of fandom can give Palm strength. Li said the Palm brand still has value in some of the global markets and people expect its re-emergence to continue to offer innovative products.

ChinaAccording to the article, TCL will launch new Palm products at the end of 2015. TLC plans to position Palm as a high-end smartphone brand. Maybe in China, the Palm name is an innovative mobile terminal brand, which will be closely related to users and fans.

Variety reports from CES that TCL said that it will re-create Palm in Silicon Valley. In the statement TCL claims:

Palm has always carried a lot of affect and emotions … That’s why TCL has set the direction to rebuild the brand involving Palm’s very own community, making it the largest scale crowdsourced project ever seen in the industry.

The firm will back the crowdsourced development of new Palm products with 5,000 engineers and seven research and development centers around the world.

Guo Aiping, CEO of TCL Communication, told ChinaTechNews.com that this acquisition is limited to the Palm brand and it does not include other assets such as employees.

rb-

First, another US company sold to the competition. Just saying.

I agree with ArsTechnica they hypothesize this move could be seen as TCL’s attempt to break into the U.S. smartphone market under a well-known brand. Other Chinese companies such as Lenovo, which now owns Motorola, have a similar strategy of operating in America under a well-known brand.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| September 25, 2014
Comments Off on Internet of Things Full of Holes

Internet of Things Full of Holes

Internet of Things Full of HolesThe Internet of Things, is big and heading towards huge. The Internet of Things (IoT) is a system where unique identifiers are assigned to objects, animals, or people. These “Things” then transfer data over a network without requiring human-to-human or human-to-computer interaction. Whatis.com says IoT evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), and the Internet.

Business Insider believes that the IoT will be the biggest thing since sliced bread. They claim there are 1.9 billion IoT devices today, and 9 billion by 2018, which roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined. Gartner (IT) predicts that there will be 26 billion IoT devices by 2020. Based on a recent article in InfoSecurity Magazine is a very scary thing.

BI Global IOT Installed Devie projectionsThe InfoSecurity article says HP (HPQ) found 70% of the most common IoT devices have security vulnerabilities. HP used its Fortify On Demand testing service to uncover security flaws. HP detected flaws in IoT devices like TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers as well as their cloud and mobile app elements according to the new study.

HP tested IoT devicesHP then tested them with manual and automated tools and assessed their security rating according to the vendor neutral OWASP Internet of Things Top 10 list of vulnerability areas. The author concludes that the results raised significant concerns about user privacy and the potential for attackers to exploit the devices and their cloud and app elements. Some of the results are:

  • A total of 250 security concerns were uncovered across all tested devices, which boils down to 25 on average per device,
  • 90% of devices collected at least one piece of personal information via the device, the cloud, or its mobile application,
  • 80% of devices studied allowed weak passwords like 1234 opening the door for WiFi-sniffing hackers,
  • 80% raised privacy concerns about the sheer amount of personal data being collected,
  • 70% of the devices analyzed failed to use encryption for communicating with the Internet and local network,
  • 60% had cross-site scripting or other flaws in their web interface vulnerable to a range of issues such as the Heartbleed SSL vulnerability, persistent XSS (cross-site scripting), poor session management and weak default credentials,
  • 60% didn’t use encryption when downloading software updates.

Mike Armistead, VP & General Manager, HP Fortify, explained that IoT opens avenues for attackers.

IoT opens avenues for the attackers.While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface … With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.

HP urged device manufacturers to eliminate the “lower hanging fruit” of common vulnerabilities. They recommend manufacturers, “Implement security … so that security is automatically baked in to your product … Updates to your product’s software are extremely important.”

Antti Tikkanen, director of security response at F-Secure, told InfoSecurity said the problems HP uncovered in this report were just the tip of the iceberg for IoT security risks.

One problem that I see is that while people may be used to taking care of the security of their computers, they are used to having their toaster ‘just work’ and would not think of making sure the software is up-to-date and the firewall is configured correctly … At the same time, the criminals will definitely find ways to monetize the vulnerabilities. Your television may be mining for Bitcoins sooner than you think, and ransomware in your home automation system sounds surprisingly efficient for the bad guys.

rb-

I covered the threats that IoT or “smart” devices presented back in 2012. I don’t know where HP (or the rest of the security community) has been.

The current generation of “smart” devices does not seem to have any security. Most likely the manufacturer did not consider basic security or worse calculated it was better to ignore the secure design in their rush to gain market share.

It is also annoying that HP did not reveal the details on the products they tested.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| June 5, 2014
Comments Off on Sears Converts Stores to Data Centers

Sears Converts Stores to Data Centers

-Updated 07-12-16- Data Center Frontier reports that Sears ultimately decided to spin off its Sears and Kmart stores as a real estate investment trust (REIT) rather than converting them into data centers.

Sears Converts Stores to Data CentersThe blinking blue lights of servers soon fill the aisles that previously offered the Blue Light Special according to an article in Data Center Knowledge by Rich MillerSears Holdings (SHLD) has formed a new unit to market space from former Sears and Kmart retail stores as a home for data centers, disaster recovery space, and wireless towers.

Ubiquity Critical EnvironmentsWith the creation of Ubiquity Critical Environments, Sears hopes to convert the retail icons of the 20th century into the Internet infrastructure to power the 21st-century digital economy. The article says Sears Holdings has one of the largest real estate portfolios in the country, with 3,200 properties spanning 25 million square feet of space. That includes dozens of closed Sears and Kmart stores. Sean Farney, the COO of the newly formed Ubiquity believes the firm has a great asset on its hands he told DCK.

It’s an amazing real estate portfolio … The goal is not to sell off properties. It’s to reposition the assets of this iconic brand. The big idea is that you have a technology platform laid atop a retail footprint, creating the possibility for a product with a very different look to it.

SearsCOO Farney is an industry veteran who previously managed Microsoft’s huge Chicago data center, and then ran a network of low-latency services for the financial services firm Interactive Data. He told DCK, he sees an opportunity to build three lines of businesses atop the Sears portfolio: data centers, disaster recovery sites and “communications colocation” in which Ubiquity leases rooftop space to wireless providers.

Ubiquity will be able to leverage real estate at both closed stores and some that are still operating, depending on the opportunity. The first step has been to evaluate the portfolio and identify properties that could work as data centers. The article reports that Chicago engineering firm ESD has conducted “data center fitness tests” on promising properties to size up their power, fiber, and risk profiles. Ubiquity is also working with Newmark Grubb Knight Frank to market the portfolio to the brokerage community.

Data centerThe first Ubiquity project will be a Sears store on the south side of Chicago, nestled alongside the Chicago Skyway. The 127,000 square foot store will be retrofitted as a multi-tenant data center. Ubiquity’s Farney says he already has a commitment for the first tenant at the site on East 79th Street, which has 5 megawatts of existing power capacity and the potential to expand. “It’s a building that’s lit very well, from both a fiber and power perspective,” Mr. Farney told the author. “It’s going to be great data center building.”

Mr. Farney acknowledges that many of Sears’ mall-based retail locations aren’t viable for data center usage. “I don’t think the industry is yet ready for a mall-based data center,” he said. “That may take some time. The stand-alone location is optimal.”

Cell towerUbiquity has those stand-alone facilities, along with distribution centers and some parcels of vacant land. ”There are closed Kmarts that are stand-alone, 200,000 square-foot properties with good fiber and power and 10 acres of parking,” said Mr. Farney. “These are owned assets.”

The article cites the COO who says Ubiquity has flexibility in how it works with tenants. It could finance a buildout and then hand over a wholesale data center to an enterprise or managed hosting provider or could opt for a powered shell solution for a tenant, depending on the customer’s needs.

After initially focusing solely on data centers, Ubiquity has expanded its strategy Mr. Miller explains. Although mall-based stores may not be right for data centers, they could be ideal for disaster recovery facilities, Mr. Farney said. That includes mall stores that have closed, as well as those that have downsized to a smaller retail footprint. In either scenario, a separate workspace could be created with an exterior entrance to restrict access, while still allowing employees to take advantage of nearby stores and eateries. Mr. Farney believes this makes sense for the client.

Disaster recovery sitesThere are compelling reasons why this is a great model … It used to be the business continuity centers were located in an industrial park. The customer has evolved to the point where they want a sexier location, where they can have access to a Starbucks and other retail, because it’s possible they may be there for weeks or months. Sears and Kmart stores are located in just such retail locations in major malls.

The COO also predicts that customers are ready for a more distributed approach to business continuity.

In the past, customers had a single monolithic recovery center … Now, after (Hurricane) Sandy, there’s a need for multiple locations, because you don’t be tied to one location in a regional disaster. There’s a desire to have multiple locations spread costs across multiple areas. The Sears footprint really fits that.

Then there’s wireless, which the article says is the most exciting opportunity. Mr. Farney says that seventy percent of the U.S. population lives within 10 miles of a Sears or Kmart store.

When malls were being built, they gravitated to the intersection of freeways and highways, and Sears got entry to all of them … These rooftops have proximity to the greatest mass of consumers available. As wireless users grow, the size of the cell is shrinking, creating holes in coverage. Having rooftop access to the cars and pedestrians around the malls is important. The Sears portfolio can capture that … There’s tons of interest. I will put as many of the rooftops in play as I can.

 rb-

This is a rather innovative and out-of-the-big-box thinking and smart use of space for a company with a huge real estate portfolio. 

Sears’ solution to the problem of now-vacant retail buildings isn’t to sell them off for scrap and hope for the best but to hang on to its assets and find a way to make them more profitable. Every struggling company and town in this country could learn a lesson from Sears.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| September 12, 2013
Comments Off on PoE Overworked

PoE Overworked

PoE OverworkedGary Audin at No Jitter warns that Power over Ethernet (PoE) is not always a plug-and-play environment and PoE should be monitored, managed, and efficient. In this article, Mr. Audin observes that PoE has evolved into an electrical power device utility platform. POE started out as a centralized power source for IP phones, backed up with an Uninterruptible Power Supply (UPS). (rb- Click here and here for my overview of PoE) Since those early Cisco dominated days. The article says PoE now is called upon to support wireless access points; environmental controls; point, tilt, and zoom cameras; lighting control; clocks; door controls; Bluetooth devices; RFID; now laptops, and still more to come.

The LAN switch is the PoE source, but the article warns it can be overwhelmed with the power drain, which produces headaches for IT. Unless properly managed, the PoE function can experience:

  • power drainA blown-out power supply. Smoke is an indicator of this condition.
  • Reduced power to all devices with degraded service from all the attached devices.
  • An added PoE device does not work.
  • The more power is drawn by PoE, the shorter the UPS battery life. The original UPS design could last 20 minutes. Added PoE devices could shorten this to 3 minutes.

PoE IP phones and other devices can signal to the PoE network what class of device it belongs to and how much power it may need. Class 0 devices, usually older devices, do not indicate their PoE power requirements. These devices may draw any power level from none to maximum. The other standard classes, 1-3, range from very low power to mid-level power consumption.

Class 4 is a newer class of device requiring PoE+ (802.1at) and needs to draw more than the 12.95 Watt maximum provided by the original standard PoE. Class 4 devices must be powered by PoE+ ports and may not function correctly on an 802.3af PoE port. Most IP phones are in class 2. IP phones with color screens and other advanced features may be categorized as class 3 devices.

PoE classes

PoE Access Points Wireless LAN access points are also common PoE devices, many of which started out as class 2 and 3 devices. As the wireless speeds increased, so did the power requirements. The 802.11ac standard means that the access points (AP) will have a 1 Gbps connection back to the switches and routers.

site-surveyAt issue is the PoE required. It is likely that each AP could need 20 to 30 watts, the limit that the 802.1at PoE+ standard delivers. Many installed switches cannot support PoE+. So the enterprise has to buy new switches or power supplies or power injectors. (rb- add this to your site-survey when you plan to implement 802.11ac)

Mr. Audin spoke to Tim Titus, CTO, and founder of PathSolutions, (they happen to sell a network management tool) about what he considers a good approach to monitoring and managing POE. He told No Jitter,

“Regardless of whether there are any PoE or PoE+ devices on a network, it can be very helpful to monitor the health of our network equipment’s power supplies. The best monitoring system watches the status and power consumption of each power supply, what percentage of utilization it is running, and which interfaces are drawing power, so power policing can be achieved.”

He provided this example of missing power management.

“Keeping an eye on power supplies avoids unpleasant discoveries. One unlucky network administrator had two power supplies installed in a network chassis (one primary and one backup). Unfortunately, when the primary power supply stopped working, nobody knew, since the backup power supply was doing its job of keeping everything running. The problem wasn’t noticed for over six months. Nobody was in the empty remote wiring closet to notice the lack of lights on the power supply. The users remained blissfully unaware of impending doom until the wee hours of a weekend when the second power supply was shut off by a circuit-breaker trip!” 

Mr. Titus pointed out to Mr. Audin, that monitoring should happen at the port level,

“Not only will a monitoring system show you what mode a PoE port is operating in, but it should also provide a view of relevant error counters.

  • MPS Absent and Invalid Signature errors frequently point to broken or defective powered devices.
  • Overload conditions and short-circuits typically point to wiring problems (or somebody re-wiring devices in use).
  • Denied errors can point to devices asking for more power than the switch has available, and may indicate that it is time to consider adding another power supply to a large Ethernet chassis.”

How did that happen?

Finally, many network engineers try to buy limited PoE due to the cost premium of POE ports, only to find that half of their PoE ports are used by non-PoE devices such as PCs. With a monitoring tool, the engineers could have avoided buying expensive PoE ports or purchased less expensive “ordinary” Ethernet ports.  The engineers should have an up-to-date PoE port inventory and use it to avoid over-buying the PoE by playing safe in their design. (rb- Been there done that, I’ve been in many customer’s closets and found POE switches full of PC and printer access ports.)

rb-

The author warns not to assume that PoE is always a plug-and-play environment. PoE should be handled like a utility–monitored, managed, and efficient.

I have tried to build custom fields by working with reports in SolarWind’s Orion by working with MIBs, it’s not the funnest thing in the world. I wonder if this product does a better job.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »