Sunday, October 10, 2010

Free WiFi access may be dangerous, you go first ...

Some of you may have received emails or have seen advertisements for free WiFi access from your local ISP. It sounds like a great idea especially since many of us have these nice smart phones or netbooks with WiFi on them. You enable your WiFi, use the advertised network and sign with your browser and away you go, easy!

But how secure are these access points? The ones I've seen so far have had no security (no WEP, no WPA no nothing). Not that this security would have been too helpful. And when you login you're getting just a https redirect service. For my local XFinity connection I found out it's using Optimimum Online's server (??? - Isn't Optimum Online a different ISP from Comcast and their XFinity service?). Talk about easy to spoof!

I have a little more experimenting to do but I'm not so sure I'll depend on these WiFi services for very much and certainly not for anything that depends on passwords or other personal account information. And with today's smart phones using multitasking you no longer have total control over all the apps. So your email could be running in the background while Mr. Wiley E. Hacker is letting you use his spoofing WAP which happens to look a lot like the ISP's WAP (which happens to be a different ISP's service anyway). It's convenient but at what cost to your information security?

Friday, October 01, 2010

NASA we have a problem, yeah I can hold ...

The warning has been told (you're running out of IPv4 addresses) and the towns remain quiet (only few web sites have IPv6). It's been debated around the world (now on Slashdot: There Is No Plan B, the Ugly Transition To IPv6 and DSLReports: Article: "...why the IPv4-to-IPv6 transition will be ugly") and some folks want more time to invent new ways to postpone the inevitable - we're moving to IPv6. There are several issues that need to be dealt with the most obvious is what do new ISPs/hosts/services do when they can't get a new IPv4 address? Then there's that in between periods when some users have just IPv4 or some sites have just IPv6 (coming soon, like June 2011, to an internets near you) then there's the embedded device problem. Many embedded devices have been in place for years or are one-off devices. They run IPv4 but probably won't be able to move to IPv6 without a fork-lift upgrade (swap out old for new - $$$). Since many of these devices are either one-off devices or won't work behind NAT or a Proxies these device are in major trouble and will have to be handled on a case by case basis. If you think this is no big deal understand that embedded devices far outnumber desktops and servers. In fact the world's most popular OS is not Windows, Linux or Mac OS, it's an embedded OS (sorry can't remember it's name right now).

So where does this leave us, well for the average Internet user I expect IPv6 is not going to be too traumatic (for the support and engineering staff that's another story) as they don't care either way (as long as they can get to Facebook, Twitter or whatever). XP, Vista, Win7, Mac OSX, BSD and Linux all support IPv6. Of course end users will need new firewall routers (see this message for available models) but I expect to see more available soon as we're seeeing more ISPs trialing IPv6. For the corporate environment, you're late and you better get busy! There is more to IPv6 than just replacing your routers and enabling IPv6 on your PCs. There are plenty of software suites that need to be upgraded. In some cases it will be time to move to new technology rather than attempt to upgrade. There are support systems that now need to handle IPv6 information (Hey Network Solutions where are you on IPv6?!?). There is also new training on IPv6 (you remember training that budget that was cut to zero) and there is the lag in getting a hands-on understanding of IPv6, boy are there going to be mistakes made. Finally those who deal with the embedded world, well ... good luck and we're all counting on you ... . You'll have to figure this one out on a case by case basis. I'd take a look at Contiki to see what they've done. Might not be the solution but it may give you ideas.

Upgrading to IPv6 is like resolving the year 2000 problem. If the correct amount of work is put into this before hand no one will notice (too bad the general public can't understand what it takes to keep this stuff running). The problem is that there is a lot of work that needs to be done. Consider upgrading to IPv6 like you would to doing your first marathon. There is training, there is planning and there is not trying to eat the elephant in one bite. Seems to me like a lot of us are going to ignore the problem until the night before, Bon appetite!