ESR On Why the FCC Shouldn't Lock Down Device Firmware ( 60

An anonymous reader writes: We've discussed some proposed FCC rules that could restrict modification of wireless routers in such a way that open source firmware would become banned. Eric S. Raymond has published the comment he sent to the FCC about this. He argues, "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. ... The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility. I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system."

Worries Mount Over Upcoming LTE-U Deployments Hurting Wi-Fi 168

alphadogg writes: LTE-U is a technology developed by Qualcomm that lets a service provider broadcast and receive signals over unlicensed spectrum, which is usable by anybody – specifically, in this case, the spectrum used by Wi-Fi networks in both businesses and homes. By opening up this new spectrum, major U.S. wireless carriers hope to ease the load on the licensed frequencies they control and help their services keep up with demand. Unsurprisingly, several outside experiments that pitted standard LTE technology or 'simulated LTE-U' technology, in the case of one in-depth Google study, against Wi-Fi transmitters on the same frequencies found that LTE drastically reduced the throughput on the Wi-Fi connection.

Vigilante Malware Protects Routers Against Other Security Threats 79

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

First of 2 Australian NBN Satellites Launched Successfully 58

New submitter aduxorth writes: Sky Muster, the first of the two satellites that will comprise Australia's NBN's Long-Term Satellite Service, has been successfully launched from Guiana Space Centre in South America. The two geostationary satellites will offer a total capacity of 135 gigabits per second, with 25/5Mbps wholesale speeds available to end users. The second satellite is expected to launch next year. Testing of this satellite will start soon and will continue until services are launched early next year.

Reports: Telstra Customers Suffering Crippling Speeds To Any Apple Service 50

An anonymous reader writes: It appears a large number of customers of Telstra (one of Australia's largest telcos) have been suffering crippling speeds while attempting to connect to any Apple Service for the better part of four days. Reports indicate this is affecting Apple Music, Apple App Stores (on both iOS and OSX) and are stopping many Telstra customers from getting access to app updates and the much anticipated El Capitan release of OS X. Mobile phone customers as well as home broadband customers seem to be affected at this stage with a large number of posts both on Twitter and the Whirlpool Broadband Forum. It appears one Twitter user has also fully summarised all the issues in a single post including many of the Twitter posts as well.
United States

Raytheon Wins US Civilian Cyber Contract Worth $1 Billion 62

Tokolosh writes: Raytheon is a company well-known in military-industrial and political circles, but not so much for software, networking and cybersecurity. That has not stopped the DHS awarding it a $1 billion, five year contract to help more than 100 civilian agencies manage their computer security. Raytheon said DHS selected it to be the prime contractor and systems integrator for the agency's Network Security Deployment (NSD) division, and its National Cybersecurity Protection System (NCPS). The contract runs for five years, but some orders could be extended for up to an additional 24 months, it said. Dave Wajsgras, president of Raytheon Intelligence, Information and Services, said the company had invested over $3.5 billion in recent years to expand its cybersecurity capabilities. He said cybersecurity incidents had increased an average of 66 percent a year worldwide between 2009 and 2014. As you might expect, Raytheon spends heavily on political contributions and lobbying.
The Internet

Mark Zuckerberg Issues Call For Universal Internet Access 142

An anonymous reader writes: During the 70th annual U.N. General Assembly session, Zuckerberg discussed the "importance of connectivity in achieving the U.N.'s sustainable development goals. Connecting the world is one of the fundamental challenges of our generation. More than 4 billion people don't have a voice online." Zuckerberg said. Reuters reports: "The connectivity campaign calls on governments, businesses and innovators to bring the Internet to the some 4 billion people who now do not have access, organizers said. Signing on to the connectivity campaign were U2 star Bono, co-founder of One, a group that fights extreme poverty; actress Charlize Theron, founder of Africa Outreach Project; philanthropists Bill and Melinda Gates; British entrepreneur Richard Branson; Huffington Post editor Arianna Huffington; Colombian singer Shakira, actor and activist George Takei and Wikipedia co-founder Jimmy Wales."
The Internet

America Runs Out of IPv4 Internet Addresses 435

FireFury03 writes: The BBC is reporting that the American Registry for Internet Numbers (ARIN) ran out of spare IP addresses yesterday. "Companies in North America should now accelerate their move to the latest version of the net's addressing system. Now Africa is the only region with any significant blocks of the older version 4 internet addresses available." A British networking company that supplies schools has done an analysis on how concerned IT managers should be. This comes almost exactly 3 years after Europe ran out.
The Internet

US Rank Drops To 55th In 4G LTE Speeds 70

alphadogg writes: The U.S. has fallen to No. 55 in LTE performance as speeds rise rapidly in countries that have leapfrogged some early adopters of the popular cellular system. The average download speed on U.S. 4G networks inched up to 10Mbps (bits per second) in the June-August quarter, according to research company OpenSignal. That was an improvement from 9Mbps in the previous quarter, but the country's global ranking fell from 43rd as users in other countries enjoyed much larger gains.

Inside Amazon's Cloud Computing Infrastructure 76

1sockchuck writes: As Sunday's outage demonstrates, the Amazon Web Services cloud is critical to many of its more than 1 million customers. Data Center Frontier looks at Amazon's cloud infrastructure, and how it builds its data centers. The company's global network includes at least 30 data centers, each typically housing 50,000 to 80,000 servers. "We really like to keep the size to less than 100,000 servers per data center," said Amazon CTO Werner Vogels. Like Google and Facebook, Amazon also builds its own custom server, storage and networking hardware, working with Intel to produce processors that can run at higher clockrates than off-the-shelf gear.

Misusing Ethernet To Kill Computer Infrastructure Dead 303

Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains: I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.

Microsoft Has Built a Linux Distro 282

jbernardo writes: Microsoft has built a Linux distro, and is using it for their Azure data centers. From their blog post: "It is a cross-platform modular operating system for data center networking built on Linux." Apparently, the existing SDN (Software Defined Network) implementations didn't fit Microsoft's plans for the ACS (Azure Cloud Switch), so they decided to roll their own infrastructure. No explanation why they settled on Linux, though — could it be that there is no Windows variant that would fit the bill? In other news, Lucifer has been heard complaining of the sudden cold.

D-Link Accidentally Publishes Private Code Signing Keys 67

New submitter bartvbl writes: As part of the GPL license, D-Link makes its firmware source code available for many of its devices. When looking through the files I accidentally stumbled upon 4 different private keys used for code signing. Only one — the one belonging to D-Link itself — was still valid at the time. I have successfully used this key to sign an executable as D-Link. A Dutch news site published the full story (translated to english with Google Translate).

Attackers Install Highly Persistent Malware Implants On Cisco Routers 168

itwbennett writes: Researchers from Mandiant have detected a real-world attack that has installed rogue firmware on Cisco business routers in four countries. The router implant, dubbed SYNful Knock, implements a backdoor password for privileged Telnet and console access and also listens for commands contained in specifically crafted TCP SYN packets — hence the name SYNful Knock. In the cases investigated by Mandiant the SYNful Knock implant was not deployed through a vulnerability, but most likely through default or stolen administrative credentials.
The Internet

Broadband Users 'Need' At Least 10Mbps To Be Satisfied 280

Mickeycaskill writes: A new report says broadband users need at least 10Mbps speeds to be satisfied with their connection — especially with regards to online video which is now seen as a staple Internet application. Researchers at Ovum measured both objective data such as speed and coverage alongside customer data to give 30 countries a scorecard. Sweden was deemed to have the best broadband, ahead of Romania and Canada, while the UK and US finished joint-eight with Russia. "Ever since broadband services were launched, there has been discussion on what is the definition of broadband and how much speed do consumers really need?" said co-author Michael Philpott. "In 2015, the answer is at least 10Mbps if you wish to receive a good-quality broadband experience, and a significant number of households, even in well-developed broadband countries, are well shy of this mark."
Open Source

Open Source Router Firmware OpenWRT 15.05 Released 94

aglider writes: The newest stable iteration of the famous and glorious OpenWRT has just been released in the wild for all the supported architectures. The latest version is 15.05, codenamed "Chaos Calmer" after a cocktail drink, just like all previous ones. Major changes from the official announcements: "Linux kernel updated to version 3.18. Improved Security Features. Rewritten package signing architecture based on ed25519. Added support for jails. Added support for hardened builds. Improved Networking Support. Platform and Driver Support." For the full details you are welcome on the forums while the firmware itself and extra packages are available from the distribution servers.

In Survey of American Universities, MIT Scores Worst In Cybersecurity 47

An anonymous reader writes: In a cybersecurity survey of 485 large colleges and universities, the Massachusetts Institute of Technology came in at the bottom of the list. In a report released today, SecurityScorecard analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. That might not seem intuitive, but according to the linked article, it's not purely mistaken. Some of that low ranking can be chalked up to things like intentional security holes created in the course of researching vulnerabilities, but some of it comes from "exposed passwords, old legacy systems, and a bunch of administrative subdomains that seem to have been forgotten about," as well as pockets of malware.
GNU is Not Unix

The Free Software Foundation: 30 Years In 135

An anonymous reader writes: The Free Software Foundation was founded in 1985. To paint a picture of what computing was like back then, the Amiga 1000 was released, C++ was becoming a dominant language, Aldus PageMaker was announced, and networking was just starting to grow. Oh, and that year Careless Whisper by Wham! was a major hit. Things have changed a lot in 30 years. Back in 1985 the FSF was primarily focused on building free pieces of software that were primarily useful to nerdy computer people. These days we have software, services, social networks, and more to consider. In this in-depth interview, FSF executive director John Sullivan discusses the most prominent risks to software freedom today, Richard M. Stallman, and more.

Cheap Smartphones Quietly Becoming Popular In the US 209

An anonymous reader writes: Bloomberg reports that ZTE and its cheap Android smartphones have been grabbing more and more of the market in the U.S. It's not that the phones are particularly good — it's that they're "good enough" for the $60 price tag. The company has moved up to fourth among smartphone makers, behind Apple, Samsung and LG. That puts them ahead of a lot of companies making premium devices: HTC, Motorola, and BlackBerry, to name a few. ZTE, a Chinese manufacturer, seems to be better at playing the U.S. markets than competitors like Xiaomi and Huawei, and they're getting access to big carriers and big retailers. "Its phone sales are all the more surprising because it's been frozen out of the more lucrative telecom networking market since 2012. That year, the House Intelligence Committee issued a report warning that China's intelligence services could potentially use ZTE's equipment, and those of rival Huawei Technologies, for spying. Huawei then dismissed the allegations as 'little more than an exercise in China bashing.'"

Bugs In Belkin Routers Allow DNS Spoofing, Credential Theft 48

Trailrunner7 writes: The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17, and potentially earlier versions of the firmware, as well. The vulnerabilities have not been patched by Belkin, the advisory from the CERT/CC says there aren't any practical workarounds for them. "DNS queries originating from the Belkin N600, such as those to resolve the names of firmware update and NTP servers, use predictable TXIDs that start at 0x0002 and increase incrementally. An attacker with the ability to spoof DNS responses can cause the router to contact incorrect or malicious hosts under the attacker's control," the advisory says.