Archive for 2015

« Older Entries
Newer Entries »

Bug In iOS Can Remotely Cause Reboots And Crashes

Posted in Commentary with tags on April 23, 2015 by itnerd

Oh look here. There’s a nasty bug in iOS that can cause your device to reboot and crash among other things if it is in the range of a malicious WiFi network. Here’s the details:

Skycure bods Adi Sharabani and Yair Amit say the attack, dubbed “No iOS Zone”, will render vulnerable iOS things within range unstable – or even entirely unusable by triggering constant reboots.

“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference in San Francisco today.

“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.”

Charming. The good news is Apple is working on a fix. However, there’s basically no way to protect yourself as there’s no way to tell if you’re in range of one of these networks. So until this is fixed, if your iDevice constantly reboots, you’ll have to get out of range of whatever network is causing it.

Leave a comment »

Apple Security Questioned As Researcher Finds Method To Bypass OS X Security

Posted in Commentary with tags on April 23, 2015 by itnerd

This week has not been a good week for Apple on the security front. After serious bugs in iOS and OS X were disclosed yesterday, a researcher by the name of Patrick Wardle, director of research at Synack says that all of the protections in OS X are simple to bypass and pwning a Mac as an attacker isn’t hard. Here’s the high level overview starting with Gatekeeper which is a key security framework of OS X:

“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper,” Wardle said in a talk at the RSA Conference here Thursday. “It only verifies the app bundle.” 

Lovely. But Gatekeeper is backed up by XProtect which protects a Mac from malware. That has to come to the rescue, right? Wrong:

Getting past XProtect turns out to be just as simple as bypassing Gatekeeper. Wardle found that by simply recompiling a known piece of OS X malware, which changes the hash, he could get the malware past XProtect and execute it on the machine. Even simpler, he could just change the name of the malware, which also lets it sneak in under the fence.

“It’s trivial to bypass XProtect,” he said.

Great. But OS X sandboxes apps. Surely that provides protection. Well….. :

“While the core sandbox technology is strong, there are plenty of bugs that can bypass it,” he said. 

This is depressing. But apps have to be code signed so that they can run on OS X. That’s not much good apparently:

“The code signing just checks for a signature and if it’s not there, it doesn’t do anything and lets the app run,” he said. “I can unsign a signed app and the loader has no way to stop it from running.” 

Why is that? Here’s why:

The check for this runs in user mode, which is a huge security fail because the attacker would be in user mode.” he said. “He could just modify a kernel extension or load unsigned ones.” 

Bottom line. OS X security isn’t secure. This report isn’t going to go over well at 1 Infinite Loop. Plus you can bet that evil doers are right now using this info to stage attacks on Macs. Which means Apple needs to step up their game when it comes to security. And they need to do it now.

Leave a comment »

Linksys Announces The WRT1200AC Router

Posted in Commentary with tags on April 23, 2015 by itnerd

Linksys today announced it is expanding its WRT router line to include a 2×2 AC1200 Dual-Band Wireless-AC Gigabit Router, the WRT1200AC. This new router provides users with the high-end features of the WRT1900AC router at AC1200 speeds and a lower price point. 

image003

The Linksys WRT1200AC Dual-Band Gigabit Wi-Fi Router is based on the Avastar Wireless & ARMADA Processor product series from Marvell and features wireless speeds up to 1.3 Gbps and a 1.3GHz dual-core CPU.  Two adjustable, removable antennas and high-powered Wi-Fi power amplifiershelp ensure maximum range and performance in single- and multi-story buildings, while beamforming technology focuses and strengthens the Wi-Fi signal. Four Gigabit ports offer blazing-fast wired connections, a USB 3.0 port and a dual USB 2.0/eSATA port allows for sharing external storage across the network with data transfer speeds of up to 3 Gbps. Users can also connect external storage or devices with the USB 3.0 port. The WRT1200AC is engineered to work with open-source firmware for complete customization. In collaboration with Marvell, Linksys is happy to announce the open-source Wi-Fi driver for the WRT1200AC and WRT1900AC has been released to OpenWrt. This driver has been incorporated into the latest open source firmware image snapshot, available here (Command line interface experience recommended):

https://downloads.openwrt.org/people/kaloz/openwrt_wrt1900ac_snapshot.img

Linksys recently added these new features via a firmware upgrade to select Linksys routers and each will be available on the WRT1200AC:

  • OpenVPN Server (Coming in May)
  • New Network Map features
  • Wireless Widget
  • Wi-Fi Scheduler
  • Improved device identification

The Linksys WRT1200AC Router is available at leading retail and online retailers at an MSRP of $179.99.

Leave a comment »

Keeper Security Collaborates With RSA To Enhance Security Of Their Apps

Posted in Commentary with tags on April 23, 2015 by itnerd

Keeper Security today announced that it has achieved certification through the RSA Ready Technology Partner Program for its interoperability with RSA SecurID offering, a market leading two-factor authenticationproduct from RSA. This certification is designed to bring seamless, out of the box RSA SecurID interoperability for Keeper’s Password Manager and Digital Vault customers, enabling security conscious enterprises to deploy an added layer of authentication. When RSA SecurID authentication is enabled on a Keeper account, users are prompted for their Keeper login (their email address and master password) and then asked to enter the RSA SecurID token code which changes every 60 seconds to help thwart a hacker from gaining access.

 

One thing to note is that Keeper was selected by AT&T as the only password management application to be pre-loaded on all Android and Windows Phone devices in the United States. Thus it has some credibility in the security space. Credibility that is about to increase with having RSA on board.

Leave a comment »

Citrix Announces The CloudBridge Virtual WAN Edition

Posted in Commentary with tags on April 23, 2015 by itnerd

Citrix today announced the CloudBridge Virtual WAN Edition. The new CloudBridge Virtual WAN allows businesses to scale WAN bandwidth at a dramatically lower cost, reducing the cost of delivering applications, documents and IT services to branch offices by up to 80 percent, while ensuring nearly 100 percent application availability.
Enterprises have traditionally relied on costly MPLS services to avoid disruption to business, making the cost of scaling WAN bandwidth expensive for organizations. The new Citrix solution extends the CloudBridge platform and its integration with the company’s HDX and application acceleration technology, offering a cost effective, high performance solution for securely delivering mobile workspaces with the applications, documents and IT services people need to work better in remote and branch offices.

Key features include:

  • Dramatically lower costs for expanding capacity – allows enterprises to augment MPLS with cost-effective broadband services in order to expand capacity for the delivery of high-priority application traffic, video and VOIP, while increasing reliability over a standalone MPLS-based WAN.
  • Deliver superior user experience through improved quality for all application types – offers enterprises better mobile workspace user experience and high quality for voice or video over IP services. The experience is enabled through CloudBridge Virtual WAN appliances that continuously measure and monitor the latency, jitter and packet loss of every WAN connection and dynamically make path decisions using best quality paths.
  • Convert backup links to active– many enterprises already have back-up links in place today but are not able to utilize them until a failure occurs. CloudBridge Virtual WAN enables enterprises to easily and seamlessly pool active and back-up link capacity, therefore eliminating wasted bandwidth.
  • Ensure availability of high-priority applications – When one or more WAN services are impaired, CloudBridge Virtual WAN provides a failover system to ensure adequate bandwidth on the best-performing remaining paths is used to deliver business-critical applications.
  • Easily manage and monitor WAN performance – presents enterprises with a simple, end-to-end management system that provides visibility into the WAN and all of the application delivery from the cloud, data Center or branch, through CloudBridge Virtual WAN Center.
  • Securely connect cloud to branch – enables enterprises to combine datacenter and cloud application delivery through the use of advanced encryption between CloudBridge devices on customer premises or in the cloud when using the Internet.

More details can be found via this Citrix Blog entry.

Leave a comment »

Serious Flaws In iOS & OS X Made Public

Posted in Commentary with tags on April 22, 2015 by itnerd

Apple HQ must be less than please with the public disclosure of vulnerabilities in both OS X and iOS. They are:

  • The first security flaw makes about 1500 iPhone and iPad apps vulnerable to hackers who could leverage the vulnerability to steal passwords, bank account information, and a handful of other sensitive information according to Ars Technica. The flaw allows anyone generating a fake Wi-Fi hotspot access to a user’s data on that same Wi-Fi connection. Discovered by security analytics firm SourceDNA last month, the “man-in-the-middle” attack was fixed in a 2.5.2 update to AFNetworking, the open-source code which housed the vulnerability. But some developers have not implemented this fix, leaving their apps, and you by extension at risk.
  • The other flaw, called “Rootpipe” is one that was discovered in October but actually dates back to 2011. The flaw essentially allows a hidden backdoor to be created on a particular system, opening up root access of a computer to a hacker after they obtain local privileges on the device. Physical access or previously granted remote access to the target machine is required in order for the vulnerability to be exploited. Apple intended to patch the Rootpipe vulnerability in OS X 10.10.3 earlier this month, although older versions of OS X were left vulnerable which sucks for those users. But as reported by Forbes, former NSA agent Patrick Wardle has discovered the flaw to still be present on Macs running OS X 10.10.3, as well as older versions.

There’s been no comment from Cupertino on these flaws, but you can bet that someone might be working on doing something about them. I hope.

Leave a comment »

BlackBerry Makes Several Announcements At RSA

Posted in Commentary with tags on April 22, 2015 by itnerd

Yesterday during the annual RSA Conference in San Francisco, BlackBerry made several announcements to reaffirm its leadership in cybersecurity and expand secure mobility solutions for customers.

  • Acquisition of WatchDox: BlackBerry has entered a definitive agreement to acquire WatchDox Ltd., which offers the most secure enterprise file-synch-and-share (EFSS) solutions. The addition of WatchDox will extend BlackBerry’s commitment to help organizations securely connect employees with each other and with corporate information across all mobile and desktop platforms. Here’s a press release and a  blog post on this acquisition.
  • Establishment of the BlackBerry Center for High Assurance Computing (CHACE): BlackBerry’s global security R&D team will collaborate with academic institutions and industry groups to drive innovation and improvement in computer security. CHACE will extend BlackBerry’s state-of-the-art competencies in vulnerability prevention and enable the application of high assurance security research to real-world products and services. Here’s a press release and a blog post on this.
  • Launch of a new managed PKI certificate service: BlackBerry subsidiary Certicom will help device manufacturers and service providers secure their IoT networks and ecosystems with the service, which is designed to scale up to hundreds of millions of connected devices. Here’s a press release on this.

It looks like BlackBerry is really looking to further assert itself in the security space. Let’s see if it helps them to gain further traction.

Leave a comment »

Infographic: Linksys Sells 100 Million Routers

Posted in Commentary with tags on April 22, 2015 by itnerd

Link sys announced yesterday that it has sold more than 100 million wired and wireless routers globally. In recognition of that, here’s an infographic that shows how they got 100 million routers sold:

image004

Leave a comment »

Telus To Spend Big On Network Upgrades In Ontario

Posted in Commentary with tags on April 22, 2015 by itnerd

Telus announced yesterday that spending more than $2.1 billion in new infrastructure and facilities across Ontario through 2018.

Here’s what they’re doing:

  • Upgrading wireless towers across Ontario to 4G LTE, enhancing the already exceptional speed, coverage and reliability experienced by Telus customers
  • Supporting eHealth Ontario and their mandate to improve health services by connecting healthcare providers with timely access to electronic health records
  • Continuing their focused investment in network, security, cloud computing and Internet-connected devices to facilitate Internet of Things (IoT) growth in Ontario
  • Expanding Telus WISE, a free Internet and smartphone safety and security educational program available to all Canadians. Since its launch in 2013, this program has reached more than 100,000 Ontarians through more than 150 community learning sessions

It really sounds like Telus is going to go toe to toe with the other members of the “big three” telcos. This should be interesting to watch.

Leave a comment »

Review: Roku 3

Posted in Products with tags on April 20, 2015 by itnerd

My wife hates paying our cable bill. It’s expensive and we don’t get a whole lot for our money even in the so called “500 channel universe”. That makes “cutting the cord” a very attractive option. If you want to “cut the cord” with your cable company and you still want to watch TV, you have to have a streaming device and lots of content to access. One of the leaders in the streaming device market is Roku and they have just refreshed their line of streaming devices. The top end of the food chain for Roku is the Roku 3. Here’s what you get in the box:

IMG_1294

You get the Roku 3 set top box, a power cable, a remote control, a set of headsets and instructions. However, you do not get a HDMI cable. Keep that in mind that you’ll need one of those too. You can get the Roku 3 online via Ethernet and by WiFi. I chose the latter and one thing I noted is that it saw both my 2.4 GHz WiFi network and my much faster 5 GHz network. The latter is great for making sure that content from the Internet gets streamed to the Roku 3 efficiently so I took advantage of it. Setup took all of 7 minutes with the help of my computer to create a Roku account. After a reboot to update the software, it was online.

Now that I had the Roku 3 online, I had to get content to watch. Now Roku has made some significant software updates to make finding content easier. The key one in my mind is that you can search with your voice via pressing the search button on the remote and speaking into it. I was able to use my voice to search by artist, title or actor and the ability for the Roku 3 to recognize my voice was almost perfect. When it searches it will search multiple streaming services to find the content you’re looking for. A key feature of the remote is that you can plug in the supplied headsets to listen privately to whatever show or movie you’re watching which means you can watch a movie in your bedroom without disturbing your spouse. One big plus is that the remote appears to be radio based rather than line of sight infra-red. That means that objects won’t interfere with its use. Now if you don’t like the remote, you do have another option. You can also control the Roku 3 with your smartphone or tablet using the free Roku app for iOS and Android. The app also supports text input, voice search, and streaming media from your mobile device to your HDTV over the Roku 3, not to mention that you can use it to find and add channels and apps. In my usage, it was often crash prone on my iPhone 6 and it would often say that the Roku service was not available from time to time. It sounds like an update is in order. Another key feature that Roku has introduced is the Roku Feed. It can track recently released movies and provide you with updates on when they become available on Roku through the various on-demand video services. That may prove useful to some, but I have to admit that I did not make use of this feature.

Roku has a pretty extensive channel store. But what you get depends on where you live. Because I live in Canada, I don’t get services like Hulu. But I do get services like Google Play, Crackle and Netflix. Plus if you hunt around, you can add what are called “private channels” which are channels that are not officially supported by Roku. That way you can get the content that you are looking for. Though I will say that being in Canada there was content that is available for Roku that I wish I could get, but I can’t because I live in Canada. Pity. But I was still able to set up the following channels:

  • Netflix
  • Crackle – This is a service that has a decent selection of movies and TV shows that are available for free. It does have ads though.
  • National Film Board – This is a service that allows you to watch movies from Canada’s National Film Board. There’s a lot of choice here from documentaries to short animated films.
  • Cineplex Store – Cineplex is a chain of movie theaters that also offers this online service to give you access to first run movies and TV shows for a fee.
  • Google Play
  • Docudrama – This service offers all sorts of documentary movies.
  • FilmOn.tv – This is a private channel that allows me to watch live TV from the UK among other countries. I was able to watch the FA Cup semi-final between Arsenal and Reding (which my beloved Arsenal won by the way) using this service and I can get the BBC as well. There are free and paid options available.
  • Sky News
  • Sundance Doc Club – This is a service that offers documentary movies that have been viewed at the Sundance Film Festival.
  • Funmation – This is a service that allows me to get my animated TV fix.

What’s missing, at least in Canada, is the ability to stream first run TV shows as in shows like Arrow, Orphan Black, and the like because most likely Canadian telcos like Rogers, Shaw and Bell own the streaming rights to those shows for their own steaming services. That may change due to the CRTC wanting to force Rogers Bell and Shaw to make their streaming services available to all. Also missing are Canadian broadcasters such as CTV, CBC, and Global. In contrast, there’s a fair amount of US local TV available on Roku. Plus there’s no Canadian news such as CBC News Channel. In contrast, CNN is available to American Roku users. Perhaps Roku can work to get more Canadian content on their service as I for one would love to have them available and be able to “cut the cord” with my cable company. That’s something that would make my wife really happy.

But the Roku 3 isn’t just an online streamer. If you have a Network Attached Storage (NAS) device or a hard drive that you can plug into the USB port of the Roku 3, you can use the Roku 3 to play the content that you already have. To test this, I set up the Roku to access my DLink DNS-323 NAS which supports DLNA and I was able to access movies, music and photos. The catch is that the content has to be in a supported format. Here’s what the Roku 3 supports:

  • Video — MKV (H.264), MP4 (H.264), MOV (H.264), WMV
  • Music — AAC, MP3, WMA, FLAC, WAV
  • Photo — JPG, PNG, GIF (non-animated)

If you’ve got media in one of these formats, it will work perfectly. I should mention that there are apps of all sorts available that range from what I described above to browsers (Firefox for example) to screen savers and games (though hardcore gamers will take one look at the games offered here and go back to their PlayStation or Xbox). All of this combined with all the streaming services that the Roku 3 has access to illustrates the value proposition of the Roku 3. You get the ability to see the content that you want to see regardless of where the content comes from. Be it from a streaming service or content that you have on a storage device or some other device. That’s the exact opposite of something like the Apple TV which is basically a walled garden that only play nice with other Apple products. Speaking of walled gardens, I experienced that when I tried to leverage the Roku 3’s ability to mirror the display of a computer or smartphone to the Roku 3. It worked fine except for my Mac which apparently isn’t supported. Is this a Roku issue or an Apple issue? I’m not sure but my money is on the latter. While this is a beta product, it was a real letdown to not be able to have any of my Macs be able mirror to the Roku 3 and hopefully this changes.

Gripes? Other than the lack of content in Canada that would truly allow me to cut the cord, I only have two. If you log into Roku.com using your Roku account which is tied to your Roku streaming device, the webpage does have the ability to add channels from the webpage to your Roku device. However, this functionality isn’t supported in Canada. But strangely the same functionality is supported from the Roku app. Another note, the webpage lists channels that you cannot get in Canada. Now some of these channels clearly say that they aren’t available in Canada once you click on them to get more details, but others do not and you only find out when you try to add the channel. Not that you can actually add it via Roku.com if it were available in Canada. I say that that needs to be straightened out ASAP.

The Roku 3 goes for $109 CDN and is worth a look if you’re considering “cutting the cord” if the content that you want to watch is available for you to do so. Roku does offer other options for your streaming needs, but if you want the best that Roku has to offer, the Roku 3 is it and I am pretty sure that you’ll love having it in your home.

Leave a comment »

« Older Entries
Newer Entries »