Webremix Articles

China Tries Twitter Diplomacy?

Fri, 03 Feb 2012 15:03:22 GMT

This week, the China-watching twitterverse was surprised to discover that Hu Xijin, the editor of the Global Times, was now tweeting. That the editor of the Global Times, an “angry government mouthpiece” that supports China’s policy of Internet censorship, was accessing a site blocked in China raised a few eyebrows and provoked several people to ask what VPN (a Virtual Private Network) he was using to evade the controls. Somewhat defensively, Hu responded to a characterization of him by The Wall Street Journal’s ChinaRealTime blog as a “staunch defender of China’s need to censor” by tweeting that he supported the gradual lifting of controls and believed “speech freedom is inevitable in China.” A very long discussion in the December 2011 issue of Foreign Affairs Review, the journal of the Foreign Affairs University, provides some context for what Hu’s tweeting might be about. The article, entitled “Global Politics in the Web 2.0 Era,” is a discussion about how communication technologies are changing politics. The cases cited ... Read More...

Cleanup old options!

Wed, 01 Feb 2012 13:00:14 GMT

In various discussions I have expressed that I think that there are way too many options and variables in MySQL (and it gets worse for every new release). There are simply too many to know and remember them all. If you manage a server yourself it is (probably) a minor problem as you should know the options you use and not use those that you don’t know. But if you are connected to a server that you don’t manage yourself you may get surprises if some rare option you are not familiar with has been set. The last one I came across is ‘skip-character-set-client-handshake’. MySQL documentation http://dev.mysql.com/doc/refman/5.5/en/server-options.html says “To ignore client information and use the default server character set, use –skip-character-set-client-handshake; this makes MySQL behave like MySQL 4.0.” Now what is the idea in having a recent server ‘behave like MySQL 4.0′ ? There could have been some compatibility concerns in early 4.1/5.0 releases, but now (after 8 years) is it stilll relevant to have? I don’t think so. The ‘chain breaks’ in the case where a client (we are talking about clients compiled with the C-API or a connector having similar functionalities as mysql_options() in the C-API – what means that it is not PHP we are talking about!) requires character_set_client to be utf8. The client will execute “SET NAMES UTF8;” after connection just in case the server has a non-utf8 default charset. It works fine. SET NAMES works as expected. So far so good. Futher the client is using the ‘reconnect flag’. Reconnects may take place after connection was lost in several cases (client was idle for longer than wait_timeout, some tunnel system server (SSH tunnel, VPN tunnel) disconnected client and server, intermittent hardware or networking failures etc.). The important point to note here is that reconnect is handled by the API transparently for the ‘parent code’ where it is linked. Thus the client cannot know when to execute “SET NAMES UTF8;” again (as a regular SQL statement). The client will instead set the connection charset to utf8 in mysql_options() so that utf8 also will also be character set for the connection after a reconnect. But with the ‘skip-character-set-client-handshake’ -option set, it simply has no efffect (the option is intended to work like this). As a consequense there is no way not to have non-ASCII characters garble in the client after automatic reconnection in such environment as far as I can see. We had such report recently. It took some time to figure out the reason. There is also an old related bug here http://bugs.mysql.com/bug.php?id=11972 btw, but this is fixed long ago even though I first thought it might have found its way back to PerconaServer (what was used in this particular case), it was not the case. It is fair enough to have compability options with older servers for some time. But is it still after 8 years? Also in a case like this where it breaks the way a client and the server is intended to ‘negotiate’ multiple charsets? More old options to get rid of? I am a collector of such! Tweet

Jailbreaking The Internet For Freedom's Sake

Tue, 31 Jan 2012 22:14:25 GMT

With so many threats to a free and open Internet, sooner or later, people will need to arm themselves for the fight, writes Deep End's Paul Venezia. 'If the baboons succeed in constraining speech and information flow on the broader Internet, the new Internet will emerge quickly. For an analogy, consider the iPhone and the efforts of a few smart hackers who have allowed anyone to jailbreak an iPhone with only a small downloaded app and a few minutes,' Venezia writes. 'All that scenario would require would be a way to wrap up existing technologies into a nice, easily-installed package available through any number of methods. Picture the harrowing future of rampant Internet take-downs and censorship, and then picture a single installer that runs under Windows, Mac OS X, and Linux that installs tor, tools to leverage alternative DNS servers, anonymizing proxies, and even private VPN services. A few clicks of the mouse, and suddenly that machine would be able to access sites "banned" through general means.'

The Atlantic's Coverage of the Egyptian Revolution

Tue, 31 Jan 2012 18:04:26 GMT

A year ago, as I watched broadcast coverage of Egyptian President Hosni Mubarak's tumultuous ouster on a VPN server from China -- authorities quickly blocked any mention of Egypt on popular ...

The Atlantic's Coverage of the Egyptian Revolution

Tue, 31 Jan 2012 18:04:26 GMT

A year ago, as I watched broadcast coverage of Egyptian President Hosni Mubarak's tumultuous ouster on a VPN server from China -- authorities quickly blocked any mention of Egypt on popular ...

A vision for secure mobility management in the enterprise

Thu, 26 Jan 2012 13:54:39 GMT

There's been a lot of buzz lately about secure mobility in the enterprise, but often the focus is on just one or two aspects of the entire mobile device security landscape. While malware protection, mobile device management (MDM) and VPN are certainly valuable tools in protecting mobile devices, each of these strategies alone can provide only partial protection. And in a bring your own device (BYOD) corporate environment, the risks of "only partial protection" can be quite large.

Why SSL VPN Still Matters

Tue, 17 Jan 2012 19:15:00 GMT

We were very excited to announce recognition of our hard work on our SSL VPN solutions: F5 Positioned in Leaders Quadrant of SSL VPN Magic Quadrant. Second, we were even more excited to announce adding industry-leading support for Android’s 4.x OS, enhancing its SSL VPN capabilities. Why would be excited about that? Because mobile devices and virtualization (desktop, a la VDI, and server, a la cloud) continue to drive the need for secure remote access at a scale never before experienced by most IT organizations. While web monsters and primarily web-focused organizations have long understand the critical nature of scalability to their business, IT shops for whom a web presence was only somewhat important have not necessarily invested in the infrastructure or architecture necessary to truly scale to meet the increasing demand. It is increasingly the case that IT orgs of all shapes, sizes, and concerns must look to the scalability of its infrastructure to ensure its ability to service users inside and outside the data center via an often times dizzying array of clients and technologies.

Secure transfer key iTwin gains multi-user capability

Thu, 12 Jan 2012 06:00:00 GMT

Secure storage-and-sharing USB key iTwin has been upgraded to allow users to share files stored on a computer with multiple people simultaneously, providing an end-to-end encrypted solution for mirroring files that are on one part of the two-part USB key instantly to its mates. The free update lets multiple iTwin keys "belong" to each other, making transfer of data easy without the constraints of e-mail, the technical complication of VPN or the ongoing fees of cloud services....

Refusing REFUSED

Thu, 12 Jan 2012 01:41:00 GMT

The U.S. Congress' road to Stopping Online Piracy (SOPA) and PROTECT IP (PIPA) has had some twists and turns due to technical constraints imposed by the basic design of the Internet's Domain Name System (DNS). PIPA's (and SOPA's) provisions regarding advertising and payment networks appear to be well grounded in the law enforcement tradition called following the money, but other provisions having to do with regulating American Internet Service Providers (ISPs) so as to block DNS resolution for pirate or infringing web sites have been shown to be ineffectual, impractical, and sometimes unintelligible.

For example an early draft of this legislative package called for DNS redirection of malicious domain names in conflict with the end-to-end DNS Security system (DNSSEC). Any such redirection would be trivially detected as a man in the middle attack by secure clients and would thus be indistinguishable from the kind of malevolent attacks that DNSSEC is designed to prevent. After the impossibility of redirection was shown supporters of PIPA and SOPA admitted that a redirection (for example, showing an "FBI Warning" page when an American consumer tried to access a web site dedicated to piracy or infringement) was not actually necessary. Their next idea was no better: to return a false No Such Domain (NXDOMAIN) signal. When the DNS technical community pointed out that NXDOMAIN had the same end-to-end security as a normal DNS answer and that false NXDOMAIN would be detected and rejected by secure clients the supporters SOPA and PIPA changed their proposal once again.

The second to latest idea for some technologically noninvasive way to respond to a DNS lookup request for a pirate or infringing domain name was "just don't answer". That is, simulate network loss and let the question "time out". When the DNS technical community explained that this would lead to long and mysterious delays in web browser behavior as well as an increased traffic load on ISP name servers due to the built in "retry logic" of all DNS clients in all consumer facing devices, we were ignored. However when we also observed that a DNSSEC client would treat this kind of "time out" as evidence of damage by the local hotel or coffee shop wireless gateway and could reasonably respond by trying alternative servers or proxies or even VPN paths in order to get a secure answer, the supporters of SOPA and PIPA agreed with this and moved right along.

The latest idea is to use the Administrative Denial (REFUSED) response code, which as originally defined seemed perfect for this situation. To me this latest proposal as well as the road we've travelled getting to this point seems like an excellent example of why network protocols should be designed by engineers rather than by bloggers. REFUSED will not work for PIPA and SOPA's purposes, for two important reasons.

First, as I explained in DNS Policy is Hop by Hop; DNS Security is End to End, there is no security for the REFUSED signal. Since IP source addresses are easily forged no secure application can ever take an unsecure signal seriously. In DNSSEC, even failures must be secure or else any attacker can control the decisions made by an app. Since one such possible decision might be to retry an operation using a less secure method, we would call this a "downgrade attack". DNSSEC secures the data from end to end — meaning from the DNS content server to the secure client — but does not secure any of the messages that flow hop by hop through the DNS system — including REFUSED. In fact, the intermediate servers (including the ISP name servers to be regulated by SOPA and PIPA) don't have any kind of trust relationship with each other and can neither generate nor verify any secure messages. This may seem like an oversight but I was there and I remember this as a conscious and deliberate decision based on the cost-to-benefit ratio of adding hop by hop security to DNS. High cost, low benefit: no sale.

Second, and more importantly, REFUSED is the wrong signal. The preeminent DNS software on the Internet is BIND, whose market share has declined from 99% to 85% in the last 25 years. I maintained and rewrote BIND from 1989 or so until 1999 or so and I am also the author or co-author of a half dozen or so Internet RFC documents on the subject of DNS. So I know that we send REFUSED in response to a query when we don't like the client's IP address — DNS servers do not even look at the question before deciding whether to send REFUSED. On the client side, if we hear a REFUSED we give up on that server and move on to the next server — which means we assume that it was the client's IP address that the server is refusing, not the question we happened to be asking at that moment. Microsoft Windows will actually "de-preference" a name server if they hear too many REFUSED messages from it — so BIND is not the only DNS software that interprets REFUSED in this way. What this boils down to is that REFUSED is all about the relationship between the client and the server, and has nothing to do with the particular question being asked. If SOPA or PIPA becomes law with a requirement to signal REFUSED when someone looks up an infringing or pirate domain name, then in the language of DNS we will be saying "please stop asking this server any questions at all." There is no signal in DNS that means "that's a bad question but please feel free to ask other questions."

This means a classic non-secured DNS client will react to a REFUSED signal by treating the server as broken and just asking the next available server — hoping to find a server that is not broken. Whereas a newer DNSSEC client will react to REFUSED by ignoring it and continuing to wait — hoping for a real answer that might follow close on the heels of the potential forgery. In the unsecure case, the client will often do what the proponents of SOPA and PIPA would seem to want — display an error message in the web browser — but will occasionally just repeat the whole transaction a fraction of a second later, increasing the load on the ISP's name servers. In the DNSSEC case, the client will not do PIPA or SOPA are asking, there will just be delay followed by trying some other server, or retrying through a proxy, or otherwise circumventing what will look to DNSSEC like just another broken hotel or coffee shop wireless network.

In summary, REFUSED doesn't mean what supporters of SOPA and PIPA want it to mean and no amount of new law can change that. There is in fact no signal in DNS that conveys the meaning of SOPA and PIPA, and every protocol perturbation thus far suggested by the supporters of SOPA and PIPA will look to DNSSEC like an attack or failure requiring circumvention. I urge anyone interested in adding new signals to DNS please participate in the Internet Engineering Task Force (IETF) to work on a new Internet RFC document on this topic. As an open and transparent peer driven engineering forum, the IETF is ideally placed to study this problem, determine whether a solution is possible, and standardize such a solution for use on the global Internet.

Written by Paul Vixie, Chairman and Chief Scientist, Internet Systems Consortium

Verizon teams with In Motion Technology, transforms whips into rolling 4G LTE hotspots

Tue, 10 Jan 2012 17:15:00 GMT

Looking to get a bit more 4G LTE access in your Maybach than what your Galaxy Nexus affords you? The wait may soon be over as Verizon and In Motion Technology have announced the first wireless mobile router tech for use in vehicles. Making use of the latter outfit's onBoard system, Aventadors everywhere can be converted into secure mobile hotspots along with a network management that monitors the status of the whole kit. VPN security is also present, in all its mobile-optimized glory. The In Motion Technology has been widely used in public safety scenarios, including the onBoard Mobile Gateway in ambulances and other municipal vehicles. If you're looking to find out more on the duo's announcement, hit the full PR just beyond the break.

Continue reading Verizon teams with In Motion Technology, transforms whips into rolling 4G LTE hotspots

Verizon teams with In Motion Technology, transforms whips into rolling 4G LTE hotspots originally appeared on Engadget on Tue, 10 Jan 2012 13:15:00 EDT. Please see our terms for use of feeds.

Permalink | In Motion | Email this | Comments

Mobile Phone Best Practices: Having a VPN

Sun, 08 Jan 2012 08:21:19 GMT

Mobile devices will be king in 2012. Over half of professionals will be using a tablet or a smartphone as their primary computing device by the end of this year.

Mobile Phone Best Practices: Having a VPN

Sun, 08 Jan 2012 07:19:27 GMT

Mobile devices will be king in 2012. Over half of professionals will be using a tablet or a smartphone as their primary computing device by the end of this year.

Understanding the security framework behind RSA SecurID

Sat, 07 Jan 2012 14:21:10 GMT

RSA SecurID is trusted two-factor Authentication protocol often used to authenticate VPN clients enabling users to login to secure servers.

Understanding the security framework behind RSA SecurID

Sat, 07 Jan 2012 05:25:15 GMT

RSA SecurID is trusted two-factor Authentication protocol often used to authenticate VPN clients enabling users to login to secure servers.

Ramnit Attack Hits Facebook Despite Anti-Virus Protection

Fri, 06 Jan 2012 16:09:10 GMT

After a busy 2011, malicious hackers are wasting no time making headlines in 2012. The first target: Facebook. The social-media giant was hit with a malware worm known as Ramnit -- and the attack offered a booty that reportedly includes the log-in details for more than 45,000 Facebook users.

"Our security experts have reviewed the data, and while the majority of the information was out of date, we have initiated remedial steps for all affected users to ensure the security of their accounts," Facebook said in a published statement.

"Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices."

The Hackers' Motive

Security firm Seculert is taking credit for discovering the hack, which mostly targeted users in the United Kingdom and France. The Microsoft Malware Protection Center describes Ramnit as "a multi-component malware family which infects Windows executable as well as HTML files," and said its goal is to steal "sensitive information such as stored FTP credentials and browser cookies."

"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," Seculert wrote in a blog post.

"In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various Web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."

Ramnit's Financial Focus

Ramnit was first discovered in April 2010. But it's a major nuisance for corporate IT administrators. Symantec issued a report in July 2011 indicating that the Ramnit worm and its variants made up about 17 percent of all new malicious software infections.

"Ramnit started...

QNAP Betas New NAS Firmware

Thu, 29 Dec 2011 15:30:55 GMT

QNAP has released a beta for its next NAS OS that includes VPN and proxy servers.

Comodo adds VPN, attacks competitors

Tue, 20 Dec 2011 12:16:32 GMT

Comodo Internet Security 5.9 detects new Wi-Fi connections and asks if you'd like to begin a VPN connection.

Quamachi 0.6.0

Mon, 19 Dec 2011 08:17:28 GMT

Quamachi is a Hamachi GUI for Linux. Hamachi is a zero-configuration VPN service.

PSA: Verizon's Galaxy Nexus getting Android 4.0.2 update today

Thu, 15 Dec 2011 16:16:00 GMT

Big Red confirmed as much in yesterday's under-the-radar announcement , but we're now receiving reports that some users are being prompted to update their LTE-enabled Galaxy Nexus to Android 4.0.2. It's taking around two to three hours after activation for the update to hit, with ICL53F bringing an optimized mobile hotspot when used with VPN, a few notification fixes and visual improvements to the lock screen. It'll also now automatically reconnect to known WiFi access points, and those wonky email attachment issues that a few folks were having are gone. Oddly, DivX support has actually been yanked , though the company promises to support it "in a future upgrade" -- we're guessing the support that was baked in simply had too many issues to go to market with. It weighs in at 10.7MB; let us know how your installation goes in comments below.

PSA: Verizon's Galaxy Nexus getting Android 4.0.2 update today originally appeared on Engadget on Thu, 15 Dec 2011 12:16:00 EDT. Please see our terms for use of feeds.

Permalink Droid-Life | Verizon Wireless [PDF] | Email this | Comments

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 3

Wed, 14 Dec 2011 15:00:00 GMT

We'll see below some examples of security attack scenario that many people will put forth as a perfect example of how powerful, valuable and simple correlation is. As you can see, the overall approach of using static rule-based correlation on these is simply flawed. Attack Scenario Example 1: Identity Theft There are numerous ways to perform an Identity Theft attack, but let's focus on just one of them, recognizing that somebody cannot be in two places at the same time and hence that a user cannot log in your infrastructure from VPN and locally from the office "at the same time." Furthermore, if he connects through VPN, then disconnects and then "shortly thereafter" he reconnects locally, then it is probably Identity Theft.

2012 Security Predictions: APT's, Mobile Malware and Botnet Takedowns

Wed, 14 Dec 2011 14:14:01 GMT

As the weeks remaining in 2011 dwindle and 2012 peaks out from behind the last page of the calendar, it must once again be that time of year for purposeful reflection and prediction. Or is that navel gazing and star gazing?

The year still has a couple of weeks to rock on before we can comprehensively summarize the events and trends of 2011. I'm sure there will be a bunch of annual threat reports preempting the end of year — extrapolating trends etc. in order to get the jump on reports that use real data. At the highest level of navel gazing you could probably sum up 2011 with one word — "More". The bad guys got richer, more successful, invented a few new attack vectors, and generally grew in numbers; meanwhile the good guys got more efficient at causing the bad guys pain, but continued to be outspent by the bad guys.

But let's put that aside for now. What does 2012 hold in stall for us?

It's easy enough to predict the future when you're merely commenting upon the trends of past years and projecting "more" of the same. While I can offer no shortage of meaningful predictions for 2012 across a broad range of threat and security categories, I thought it would be fun to pick three topics that stole much of the limelight of 2011 — Advanced Persistent Threats (APT's), mobile malware and botnet takedowns.

So, without further ado, here are a handful of predictions for 2012.

APT Bonanza

The volume of persistent attacks directed at large corporations will continue to increase and the victims will continue to feel as though they have been specifically targeted. There will thus be a presumption of sophistication to successful penetrations, which will lead to more organizations concluding that they have been the victim of an APT — which, after more detailed analysis and external input, will increasingly be revealed as false claims.

More attacks will be labeled as APT's due to misunderstanding by the victims, or because of an implied "get out of jail" tactic when public disclosure of the breach is mandated by law.
External analysts and security firms will dedicate more time and resources to analyzing breaches that are disclosed as "APT's", and will be more vocal in correcting false claims.
A growing unease will be attributed to the "cry wolf" mentality of labeling breaches as APT's throughout the year.
Real APT attacks will increasingly be lost in the noise of falsely-claimed APT's, and the sophisticated attackers will be able to further obfuscate the intent of their attacks.

Mobile Malware threats will continue to be misunderstood

Mobile malware will divide into two streams — Smartphone malware and tablet crimeware. Both mobile malware streams will be similarly unimpressive from a threat sophistication perspective, however their criminal intent will direct their evolutionary changes. Tablet crimeware will develop at a faster pace than Smartphone malware in 2012 as the opportunities to defraud potential victims on tablet systems grow quicker.

The hype around mobile malware will continue to exceed the threat and the cybercriminals capabilities in 2012 — but the cybercriminals and security researchers will strive to meet that hype.
As mobile systems become more usable for day-to-day financial transactions and online stores tune their shopping portals for larger-screened mobile devices, cybercriminals will increasingly target these platforms. This crimeware (and injection vectors) will be more "traditional" and a closer facsimile of current generation PC-based crimeware capabilities than many have projected in the past.
Smartphones, long seen as "the" mobile threat vector and with the longest history of malware abuse (e.g. Symbian-based malware and premium-rate fraud), will technically be susceptible to the same malware as that affecting tablet systems — but will not be the primary target of attack.
Cybercriminals that develop malware specifically for Smartphones will increasingly target the devices for propagation purposes — seeking to infect other (traditional) corporate systems and to breach corporate VPN's.
In the corporate realm, the Bring-Your-Own-Device (BYOD) consumerization of IT will entice cybercriminals that target enterprise networks to innovate new attack and propagation vectors. Throughout 2012 new vectors will be theorized and may be developed as proof-of-concept tools, but the hype will be bigger than reality because there are technical hurdles within the operating systems of the mobile devices that have yet to be overcome.
Security conferences of a Black Hat ilk throughout 2012 will uncover and illustrate new vectors that subvert the underlying mobile device operating systems that will be leveraged in the 2013 timeframe for the targeted propagation of crimeware via BYOD
The traditional invasive and "scary" mobile malware capabilities (e.g. eavesdropping on the victims calls, tracking the device owner, etc.) will not advance in 2012 and will continue to be potential capabilities rather than primary objectives for attackers.
The first generation of commercial "DIY" mobile crimeware construction and attack tools will be developed and sold by enterprising cybercriminals
Large scale botnets will not exist on the mobile platforms in 2012. There will be several "proof-of-concept" botnet implementations and theoretical attacks but, from an overall global threat perspective, they will be insignificant.

Botnet takedowns will be ineffective

Despite a number of public and media-hyped botnet takedowns in 2011, and the prospect of increased takedowns in 2012, the overall impact on cyber-criminal operations will decrease. In response to the 2011 takedowns, cybercriminals will change some of their management tactics, further distribute their command-and-control (C&C) infrastructure, and invest in improved and more diverse infection vector operations.

Professional criminals who build and monetize botnets will invest in more robust crimeware distribution technologies and services. The capability to infect 10,000+ computers per day will be more important than the marginal loss of 3-year old botnets with only a few hundred thousand infected devices.
Botnet C&C infrastructure will continue to become more agile — flitting between domain names, IP addresses and physical locations at an increasing pace. In 2011 this agility was measured in weeks; by the end of 2012 it will be measured in hours.
Botnet operators will add more layers between themselves and their victims. In 2011 cybercriminals increasingly adopted the use of commercial anonymous VPN services to connect to their C&C servers, and deployed C&C proxies between the botnet victims and the real C&C servers. In 2012 we can expect this trend to continue and there is a high probability that multiple layers of C&C proxies will be adopted to further protect the cybercriminals C&C investment.
Noisy botnets (i.e. Spam botnets and DDoS) will continue to be the focus of legal botnet takedowns. In response, cybercriminals will in most cases reduce the noise of their botnets and will also further segment their botnets to ensure that the entire botnet is not lost in a single takedown operation.
Botnet takedown attempts will become more "risky" as the takedown entities become more comfortable with the process. Risk will be introduced as the entities pursue remote clean-up and remediation of victim devices.
"Good guy" botnet remediation services will become a commercial reality in 2012. As multiple security vendors and academic institutions focus upon the botnet menace they will uncover more vulnerabilities lying within the heart of both the botnet malware and the C&C portal software. There will be growing pressure to exploit these vulnerabilities for the purpose of usurping control of the botnet from the cybercriminals hands and to issue appropriate shutdown and uninstall commands directly from the compromised C&C servers.

I wonder how many of these predictions will come to fruition? I guess we'll find out in 380 days.

Written by Gunter Ollmann, VP of Research at Damballa

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 3

Tue, 13 Dec 2011 18:37:00 GMT

Verizon Adds 4G LTE Droid Xyboard Tablets

Tue, 06 Dec 2011 22:19:44 GMT

Verizon Wireless said Tuesday that it will be rolling out two high-speed tablets from Motorola Mobility for use on its 4G LTE network later this month. Called the Droid Xyboard 8.2 and Droid Xyboard 10.1, the new models are less than 9mm in thickness and weigh 13.9 oz and 1.3 lbs, respectively.

Sporting magnesium-reinforced bodies and aluminum housings, the 8.2-inch and 10.1-inch Droid Xyboard tablets will first ship with Android 3.1, also known as Honeycomb. The tablets will be upgraded next year over-the-air to Android 4.0, also known as Ice Cream Sandwich.

The other good news for Verizon's enterprise-class customers is that both Xyboard tablets integrate a number of business-friendly features. Among other things, the tablets feature "device encryption, VPN, remote device management and feature blocking," said Motorola Mobility spokesperson Kira Golin.

"This is also the first tablet with 3LM software, which enables a powerful level of control and security over the device," Golin said.

Tablet Features

Both of Motorola's tablets ship with Active Sync for work e-mail, contacts and calendar, Golin said. The mobile devices also will arrive with apps aboard that are squarely aimed at business professionals, such as Quickoffice HD for document editing and creation, Citrix GoToMeeting for collaboration and productivity, and Google Talk for videoconferencing.

The Droid Xyboard 10.1 also has been optimized for use with a stylus that ships with the device to enable business professionals to make notes or mark up documents by writing directly on the device's screen. "A wide range of accessories such as multiple docking options and a Bluetooth-enabled keyboard with integrated track pad [also] make it even easier to work while on the go," Golin said.

The Droid Xyboard 8.2 and 10.1 are equipped with high-definition, 1080-pixel displays protected by scratch-resistant Corning Gorilla Glass as well as a coating of water-repellent nano-particles.

Under the hood, both...

Pete Docter’s Next Pixar Film is Set Inside a Young Girl’s Mind

Tue, 06 Dec 2011 17:30:33 GMT

The next film from Monsters, Inc. and Up director Pete Docter is still quite a mystery -- we've known next to nothing about the plot and characters -- hell, we don't even have a title. The movie is likely meant to occupy one of the two dates that Disney and Pixar have penciled in for the next couple years (November 27, 2013 and May 30, 2014), probably the later date. We've heard that the script is by Michael Arndt (Toy Story 3) and is about "the formation of ideas." That latter point seems pretty spacy, but new comments from Pixar head John Lasseter make things a lot more clear. During an appearance on Charlie Rose [1], Lasseter said, Pete Docter, from Monsters, Inc. and Up, is doing a new film that takes place inside of a girl’s mind and it is about her emotions as characters, and that is unlike anything you’ve ever seen. That puts the original report about the formation of ideas into perspective, doesn't it? It also makes the Pixar short Day and Night [2] look like a much more specifically useful experiment than we thought -- that short seems, to me, like a sort of prototype for the idea of representing emotions as characters. And after Brave, this will be the second major Pixar film with a female lead. [via BigScreenAnimation [3]] [1] http://www.charlierose.com/view/interview/12024 [2] http://www.youtube.com/watch?v=VpN0vwgVBZk [3] http://www.bigscreenanimation.com/2011/12/pixars-mind-movie-set-inside-girls.html

US Cyber Command completes major cyber attack simulation, seems pleased with the results

Fri, 02 Dec 2011 21:34:00 GMT

The US Cyber Command is barely out of its infancy, but it's already crossed one milestone off its to-do list, with the successful completion of its first major test run. The exercise, known as Cyber Flag, was carried out over the course of a single week at Nellis Air Force Base in Nevada, where some 300 experts put their defense skills to the test. According to Col. Rivers J. Johnson, the participants were divided into two teams: "good guys," and "bad guys." The latter were delegated with the task of infiltrating the Cyber Command's networks, while the former were charged with defending the mock cyberattack and keeping the government's VPN free of malware. The idea, according to the agency, was to simulate a real-world attack on the Department of Defense, in order to better evaluate the Command's acumen. "There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson explained. "It was a great exercise." The Colonel acknowledged that the good guys weren't able to defend against all of the attacks, but pointed out that the vast majority were recognized and mitigated "in a timely manner." All told, Cyber Flag was deemed a success, with NSA Director and Cyber Command chief Gen. Keith Alexander adding that it "exceeded" his own expectations.

US Cyber Command completes major cyber attack simulation, seems pleased with the results originally appeared on Engadget on Fri, 02 Dec 2011 17:34:00 EDT. Please see our terms for use of feeds.

Permalink | Information Week | Email this | Comments

Cloud computing is not grid computing

Tue, 29 Nov 2011 10:42:22 GMT

Recently I had a few discussions with people looking at leveraging the cloud. They were looking at extending their own compute farm by establishing a VPN to a public cloud and borrowing computing resources as needed.

Motorola Xoom 2

Fri, 18 Nov 2011 10:43:00 GMT

Motorola Xoom 2 Android Tablet : The Motorola Xoom 2 with Wi-Fi features a 10.1-inch widescreen HD display and Android 3.2 Honeycomb like its predecessor, but the similarities end there. The Motorola Xoom 2 display is brighter and more vibrant than before with colour enhancement, and the edges have been strategically designed to make the Motorola tablet more comfortable to hold - this tablet is easy on the eyes, and easy on the hands. The Motorola Xoom 2 tablet is compatible with the optional Motorola Stylus that is great for note-taking, hand-writing e-mails and sketching. Motorola Xoom 2 tablet is loaded with Business Ready features like VPN support and data encryption.

strongSwan 4.6.1

Fri, 11 Nov 2011 18:45:35 GMT

It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols.

YouSAB VPN Desktop Messenger

Fri, 11 Nov 2011 13:59:27 GMT

YouSAB Messenger is an easy-to-use application which allows users to chat with their buddies online.

Understanding the security framework behind RSA SecurID

Thu, 10 Nov 2011 12:33:38 GMT

RSA SecurID is trusted two-factor Authentication protocol often used to authenticate VPN clients enabling users to login to secure servers.

Case Study: Masergy VPLS Solution Gives Client a Leg-Up on Productivity

Mon, 07 Nov 2011 23:09:00 GMT

Adept Technologies, a multisite, global robotics manufacturer needed to upgrade its VPN. Masergy's solution provided the flexibility, reliability and scalability they were looking for.

strongSwan 4.6.0

Mon, 07 Nov 2011 17:49:10 GMT

It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols.

strongSwan 4.6.0

Mon, 07 Nov 2011 16:04:52 GMT

It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols.

VirnetX lawsuit against Apple joined by ITC complaint

Mon, 07 Nov 2011 14:50:00 GMT

VirnetX revealed on Monday that its latest lawsuit against Apple was being joined by a matching International Trade Commission dispute. The complaint touches on the same VPN-related patent used in the main lawsuit and which VirnetX has tried to wield against large parts of the technology industry. It hopes not just to ban future iPad, iPhone, iPod, and Mac sales but to stop all marketing and sales around whatever is currently in stores should it win....

VirnetX sues Apple over hours-old VPN patent

Tue, 01 Nov 2011 13:25:00 GMT

Frequently labeled as a patent troll, VirnetX on Tuesday launched one of its more aggressive attacks by suing Apple (below) over a patent it had only just been granted. The company, which has sued Apple before, alleged that "at least" current iOS devices and Lion-equipped Macs were violating some claims of a patent for a "Method for Establishing Secure Communication Link Between Computers of Virtual Private Network," or a standard VPN connection. The patent had been granted just the same day, suggesting that the aim of the patent was only to sue others for profit....

UnitedStyles Lets You Play Fashion Designer

Mon, 31 Oct 2011 09:26:12 GMT

Based out of Shanghai, UnitedStyles is a Facebook Connect-enabled service that lets any user create customized women's apparel, allowing them sketch out, adjust and share a design via an online interface and customized 3D preview (Note: Chinese users will have to use a VPN to login through Facebook). Co-founder Marc van der Chijs tells me that his objective is to recreate the entire fashion design experience for Internet users, "It's very strange that you cannot [already] design your own clothes online."

TechCrunch Disrupt Beijing Hackathon: The Night Shift

Sat, 29 Oct 2011 18:55:46 GMT

It's 12:49 am at the TechCrunch Disrupt Beijing Hackathon ; Unlike any other hackathon I've attended, the late night hacker snacks here take the prize for unique brain fuel. They include Tea Eggs, Italian Red Meat Flavor potato chips, Yanjing beer, Apples, and Pokki sticks. Other differences? Well I'm writing this through a VPN because Wordpress is blocked, and I'm probably going to have to go back to the hotel room to finish because the Internet keeps crapping out half way in the middle of my post. Despite it being a hard day's night basically, there are about 100 intrepid programmers still here at the CNCC conference center in the Olympic Village, working all through the night with the fervor of well, programmers. Despite the lack of Red Bull. And Internet.

pfSense 2.0 Released

Fri, 28 Oct 2011 22:11:55 GMT

After three years of hard work and many enhancements, pfSense 2.0 has been released. Of the more impressive stats, more than 108,000 unique IP addresses have downloaded the snapshots during 2011, resulting in some amazing testing, feedback and now reliability with the 2.0 release. Among the many notable features and enhancements: Based on FreeBSD 8.1, Enhancements to IP Aliases, dashboard and widgets, SMTP and growl alerts, new traffic shaper, Layer 7 protocol filtering, major improvements to NAT engine and configuration, certificate manager, VPN improvements, virtual wireless AP support and many others.

RSA SecurID data stolen by a "nation state" (Digital Trends)

Wed, 12 Oct 2011 01:39:17 GMT

Digital Trends - Last March, infiltrators carried out a quiet cyberattack against RSA, obtaining information about the operation of its SecurID tokens, hardware devices used by corporations, governments, and organizations to establish secure VPN connections with remote employees. RSA admitted the breach in April and began replacing SecurID tokens last June, but now RSA is revealing a bit more about the attack. Speaking at a Q&A session at the RSA Conference in London, RSA chairman Art Coviello said the attackâs methodology revealed that two separate teams were at work, and the company is very confident that the skill and resources required by the attack had to have been supported by a nation.

AT&T uses Android as one-size-fits-all solution for 5 different types of customers

Tue, 11 Oct 2011 21:10:45 GMT

National wireless carrier AT&T on Tuesday simultaneously announced five new Android smartphones, none of which are flagship devices for the carrier, but each of which answers the needs of a specific type of phone user. For the Power User: Motorola Atrix 2 Following up on last year's breakthrough Motorola Atrix 4G, AT&T announced the Atrix 2 which is equipped with a 4.3" (960x540) screen, "4G" HSPA+ connectivity, a 1GHz dual-core processor, 1GB of RAM, 8 megapixel camera and front-facing VGA chat camera, enterprise-grade IPsec VPN, microSD encryption, and support for Enhanced Exchange ActiveSync. Like its predecessor, it also supports the… [Continue Reading]

3LM resurfaces, still wants to make Android secure enough for the IT guys

Tue, 11 Oct 2011 12:47:00 GMT

Remember when Motorola bought 3LM, a startup dedicated to offering enterprise-class device management to Android users? After eight months of silence, there's finally some news about the company and its handset-agnostic solutions. It's called, erm, 3LM and you (yes, you) can begin the scintillating process of installing it on your servers and company-issued smartphones later this week. Administrators will get the power to encrypt data and removable storage on Android devices like the Motorola ET1, remotely install / uninstall / blacklist applications, connect to the devices over VPN and behave like the killjoys we all know and love admins to be. There's no word on how much this shebang will cost, but you'll find most of the other important facts in the press release, tucked after the break.

Continue reading 3LM resurfaces, still wants to make Android secure enough for the IT guys

3LM resurfaces, still wants to make Android secure enough for the IT guys originally appeared on Engadget on Tue, 11 Oct 2011 08:47:00 EDT. Please see our terms for use of feeds.

Permalink PRNewswire | 3LM | Email this | Comments

Samsung Stratosphere Smartphone Targets Business Users

Mon, 10 Oct 2011 18:19:45 GMT

The iPhone 4S has seen more than a million pre-orders, but that's not stopping competitors from coming to market with smartphones of their own. Apple rival Samsung is rolling out a Galaxy S phone that aims to offer something Apple doesn't: more typing options and 4G speeds.

Verizon Wireless announced that the Samsung Stratosphere will hit its network on Oct. 13. The Stratosphere is the first 4G LTE smartphone Verizon Wireless has offered with a five-row QWERTY keyboard and designed with Samsung's 4-inch Super AMOLED display for richer graphics.

"There are going to be some consumers -- as there have been in the past -- who don't want an iPhone for whatever reason," said Michael Gartenberg, an analyst at Gartner. "There are also consumers who do want a QWERTY keyboard on their smartphone. In that regard this phone will definitely fill that niche."

Targeting Business Users

Samsung is perhaps aiming more at Research In Motion consumers than Apple users with the Stratosphere. The device supports B2B-enabled connectivity services from Cisco, a mobile implementation of Microsoft Exchange ActiveSync (EAS), and support for secure remote-device management from Sybase Afaria.

EAS includes features such as direct push, e-mail, calendar, contact sync and Global Address List, as well as EAS policies such as storage-card encryption, device encryption, and simple- and complex-password support. Stratosphere will support Samsung's Enterprise Platform enhancements such as VPN, encryption and mobile-device management.

The phone runs Android 2.3, which means there is also support for Google Mobile Services. And since the Stratosphere is built to run on the Verizon Wireless 4G LTE network, consumers can expect download speeds of five to 12 megabits per second and upload speeds of 2 to 5 Mbps in 4G LTE mobile broadband coverage areas.

Room for Variety

"The iPhone 4S is certainly the device to beat right now with over 1...

ShoreTel updates mobility platform to address BYOD trend

Mon, 10 Oct 2011 14:18:59 GMT

Add ShoreTel (Nasdaq: SHOR) to the enterprise communications companies looking to ride the mobility wave and the increasing trend of companies allowing employees to connect their own devices to their communications networks.

The IP phone systems specialist today announced it has updated its ShoreTel Mobility platform to enable corporate communication applications on employee-owned smartphones and tablets, while at the same time separating the personal and business identities on a single mobile device. The bring-your-own device (BYOD) solution helps reduce costs and IT department load, while allowing employees and contractors a greater range of device selections.

New to this iteration of ShoreTel Mobility, which is set to ship in November, is native telephony interface integration on Android-based devices, including the Motorola (NYSE: MMI) Atrix 4G, Samsung Galaxy S, Motorola Droid X2, HTC Droid Incredible 2 and the earlier-generation Motorola Droid. ShoreTel Mobility will continue to support all Apple (Nasdaq: AAPL) iOS devices and several Research In Motion devices that run BlackBerry OS 6.0.

Steve Blood, VP of research at Gartner, said BYOD is increasingly becoming an issue for companies.

"We see this as a big issue for enterprises, in addition to the efficiency and productivity benefits that mobile devices bring," he said. "Enterprises should look to a solution that supports a broad range of leading smartphones and tablets, as the devices being used at work are not always company owned. Enterprises will prefer a solution that is part of their existing IP PBX and UC system or works with the existing system therefore avoiding upgrades or replacement of their existing infrastructure."

And, ShoreTel said its platform allows the IT group to manage the security risk of enterprise communication in a BYOD environment in a way that doesn't hinder productivity. Unlike some solutions, ShoreTel Mobility automatically recognizes when users are outside the enterprise firewall and initiates the application-layer SSL VPN.

For more:
- see this release
- see the CRN article

Juniper offers new portfolio to leverage BYOD trend

Mon, 03 Oct 2011 15:48:40 GMT

IT departments are increasingly struggling to support an array of mobile devices as the bring-your-own-device trend adds additional security and management concerns to their responsibilities.

Juniper Networks (Nasdaq: JNPR), hoping to capitalize on the increased number of BYOD tablets and smartphones in use by enterprises, is launching several new products in a networking portfolio dubbed "Simply Connected." The portfolio includes three new switching products, wireless LAN product innovations and a set of updated iOS and Android mobile device security capabilities. The initiative arrives just as Apple (Nasdaq: AAPL) sets to launch the iPhone 5 Tuesday, likely to increase the demand for mobile solutions.

According to Nemertes Research, 86 percent of enterprises report an increase in the number of telecommuters. Additionally, while IT budgets remain flat or increase only marginally, more than 43 percent of organizations report a double-digit increase in mobility budgets.

Juniper said it believes legacy networks designed for wired PCs are ill-suited to meet the demands of new applications; the company hopes its new portfolio simplifies current network infrastructures.

"It should be simple for individuals to choose and change their devices, simple to securely access their business applications and easy for the IT department to provision one policy per user that works across multiple devices, from tablets to smart phones to PCs," said Alex Gray, senior vice president and general manager of the campus and branch business unit at Juniper Networks.

Juniper's Simply Connected portfolio includes two Ethernet switches available now, the EX2200 and EX3200, and the EX6200, which is set to ship in the fourth quarter. The EX6200 is designed to deliver a scalable, resilient, high-performance wiring closet solution and to provide extremely high port densities in a space-optimized form factor.

Also available this month is the WLC880 wireless LAN controller, which is supported by new system software capabilities, including Juniper Networks Spectrum Management, and ensures over the air reliability on mainstream 802.11n APs including the WLA-522 AP and advanced spectrum planning capability.

Juniper's Junos Pulse Mobile Security Suite has been updated to include the ability for enterprises and service providers with Apple's (Nasdaq: AAPL) iPhones, iPod touch and iPads to remotely lock and wipe lost or stolen devices, set and enforce security and passcode policies, provision and remove Microsoft Exchange profiles, provision VPN and Wi-Fi settings, inventory device applications and restrict specific apps on iOS devices.

For more:
- see this release

Galaxy Tab 8.9 hits pre-order, ships October 2nd in US; Galaxy Player 5.0 and 4.0 shipping October 16th

Mon, 26 Sep 2011 22:15:00 GMT

Hot on the heels of a UK release , Samsung has just announced that its long-awaited (and long-delayed ) Galaxy Player 4.0 ($229) and 5.0 ($269) will be available for pre-order starting September 27th, with US availability pegged for October 16th. Oddly enough, Samsung gave no reason behind the once-spring, now-autumn pushback, but at least we can finally stop wondering and instead start enjoying the spoils of an (almost) Galaxy Note-sans-phone . (Not like we haven't heard a similar tune before). All that aside, the Player 5.0 and 4.0 weigh in at 6.4 and 4.2 ounces, respectively, and both are powered by Android 2.3.5 (Gingerbread); other specs include 802.11b/g/n, WVGA Super Clear LCDs (800 x 480), Bluetooth 3.0, 8GB of onboard storage, a microSD expansion slot, 3.5mm headphone jack, voice recorder, mini-USB connectivity, front and rear cameras and support for Sammy's Media Hub content service. The big fellow gets a 2,500mAh battery, whereas its little(r) brother is equipped with a 1,200mAh cell. (Psst... you can catch our hands-on with these here and here. )

Meanwhile, the Galaxy Tab 8.9 is available for pre-sale right now , with shipments to hit retail on October 2nd. You'll be laying down $469 for the 16GB model, while a doubling of capacity will run you $100 more. Need a refresher on this one, too? How's about a WXGA (1,280 x 800) touchpanel, dual-core T250S processor, 6,100mAh battery, sub-one pound weight, DLNA compatibility, a 3 megapixel rear camera, 2 megapixel front-facing camera, integrated Swype / Polaris Office and even a few amenities for those in the enterprise -- things like full support for Exchange ActiveSync (v14), on-device encryption, Cisco VPN, Sybase MDM and WebEx support. Best of all, the inbuilt FindMyMobile service allows users to track their lost / stolen Tab 8.9 down on a map as it moves, remotely lock the device to prevent unauthorized access and delete personal information stored on the device. Head on past the break for the full release.

Continue reading Galaxy Tab 8.9 hits pre-order, ships October 2nd in US; Galaxy Player 5.0 and 4.0 shipping October 16th

Galaxy Tab 8.9 hits pre-order, ships October 2nd in US; Galaxy Player 5.0 and 4.0 shipping October 16th originally appeared on Engadget on Mon, 26 Sep 2011 18:15:00 EDT. Please see our terms for use of feeds.

Permalink | Best Buy | Email this | Comments

NeoRouter Mesh 1.6.0.2900 Beta

Fri, 23 Sep 2011 04:20:53 GMT

NeoRouter Mesh is a unique, easy to use, cloud-based remote access and VPN service.

Gadgetwise Blog: Making a PC That Is Abroad Look Like It Is in the U.S.

Fri, 23 Sep 2011 02:58:40 GMT

To watch streaming content from Netflix-as well as access other sites-while in foreign lands, it can help to make your PC look like it's in the U.S. VPN software can do just that.

VPN Firm NCP Engineering Makes Government Inroads

Thu, 15 Sep 2011 17:44:00 GMT

VPN firm NCP Engineering is making a channel push that includes a spot on the a spot on the governement's GSA Schedule and a distribution dea lwith North American distributor SYNNEX.