Net Neutrality under fire

posted 29-Nov-2017

We've all of it by now. Ajit Pai, the chairman of the FCC has promised to repeal the Net Neutrality rules put in place under the Obama administration. So much has been written on NN that there's no need for me to go into too much depth. Google is your friend. Just search "what is net neutrality" and you'll have plenty to read.

This post is more about why Net Neutrality needs to remain in place. As I discuss here, internet access is a basic human right. ISPs such as Comcast, AT&T, etc. have spent many millions of dollars lobbying congress to overturn Net Neutrality. Clearly they believe there's a lot of money to be made or they would not be fighting it so hard.

Right now, with Net Neutrality in place, the nation's backbone providers and ISPs need to meet the demand of all customers without giving priority or preference to any particular customer. If the amount of traffic starts to overwhelm their networks, then they must respond by upgrading their networks, to keep their customers happy. And they might have to increase rates to pay for those upgrades. Sounds logical, right?

But allowing big business to buy priority access to their networks incentivizes ISPs in ways that can harm the overall internet. How is that? Because selling priority access only works when regular access is limited somehow. e.g. If their networks aren't saturated (not bogged-down, not at capacity) then why would, say, Netflix, Amazon, or anyone else, pay extra for priority access that they don't need? They wouldn't. But if the network is saturated then companies like Netflix might be forced to pay for priority access so their customers don't see a lot of buffering and timeouts.

So rather than spend money to maintain and upgrade the network as demand rises, the backbone companies and ISPs can simply charge more to give priority access to their increasingly limited resource. Let's change that wording a little bit to see what "priority access" really means. Giving priority access to customer A means throttling customer B. If the network is saturated (at capacity) such that priority access would be necessary, then by the same token, non-priority customers must yield access (be throttled or slowed-down) in order to free up capacity. This is also called over subscribing. That's when an ISP deliberately takes on more business than they can handle.

It's a multi-whammy in their favor and against We The People.

 

So, to summarize:

  1. They save money by not having to expand the network as much to meet current demands, which...

  2. Allows them to take on more business than they can handle, and...

  3. They make more money selling priority access to customers who cannot tolerate diminished performance.

It's a long wet kiss for the ISPs!

New Bluetooth vulnerability disclosed that potentially affects many billions of devices

posted 01-Oct-2017

The so-called "BlueBorne" exploit takes advantage of a vulnerability in the Bluetooth wireless feature found in virtually all portable internet-capable devices including iPhones, Android phones, tablets, laptops, fitness trackers, in-car hands-free systems, medical devices -- anything with a Bluetooth chip in it.

The vulnerability is already patched on Apple devices so iPhones and iPad are safe. But already-sold Android devices are still vulnerable and the vast majority of those will probably never be patched due to the horrendous Android update problem.

Read more about the BlueBorne vulnerability here.

Read more about why the Android update system is such a mess here.

Critical Infrastructure Under Attack via the Internet
posted 18-Jun-2017

Twice in as many years, both times in the dead of winter, the Ukrainian electrical grid was hacked into via the internet. The attackers shut-off one substation after another, cutting power to hundreds of thousands of Ukrainians, while station operators watched helplessly.

Don't feel complacent just because this happened elsewhere. Today in the U.S., much of our critical infrastructure is exposed to bad actors through the internet, just as the Ukrainian power companies are. These facilities include the power grid, gas and oil pipelines, airports, office towers, rail systems, traffic signals, and more. For years, long before the internet became a thing, such infrastructure was controlled using SCADA over closed and very secure dedicated communications links. But these days, such control systems are moving toward the internet. Why? Cost and convenience. Lets save on these expensive comm links and use the internet! What could possibly go wrong?

See Internet of Things: The good, the bad, and the ugly.

It's not that the internet itself is the problem. The internet simply provides the connection between critical infrastructure and bad people who mean harm. If the last 20+ years of widespread internet use has taught us anything, it's that nothing is totally secure. Motivated bad actors will find a way into whatever systems they wish to breach. Most sober security analysts will tell you that. The best way to secure such infrastructure is to remove it from the internet entirely and return to the dedicated comms used before the internet came along.

Control rooms where these facilities are managed can still have internet-enabled computers. But they they must be air-gapped from the SCADA computers controlling the facilities. Even air-gapping by itself isn't enough as the Stuxnet attack on Iranian nuclear facilities in 2010 demonstrated -- but it is the single largest step toward increased security.

One of the biggest problems that security advocates face is pushback due to cost and inconvenience. Security is expensive, pesky, and inconvenient -- but no security is even worse. There there countless thousands of separately managed critical facilities in our country, each with their own managers, budgets, and appreciation (or lack thereof) for security. Finding the right balance is already hard enough. Convincing all these separate entities of the importance of proper security, well, that's the real task.
 

"WannaCry" Ransomware Attack
posted 13-May-2017

A new highly destructive wave of Ransomware, "WannaCry", surfaced yesterday and infected over a quarter million computers in a matter of hours, in dozens of countries. This is headline news among most major news outlets. Like all the variants that came before, the WannaCry ransomware encrypts your data (documents, pictures, etc.) then demands a ransom of several hundred dollars to decrypt your data.

WannaCry is especially virulent because (1) it takes advantage of a vulnerability in certain versions of Windows, which means you can become infected even if you didn't download anything or click on a fraudulent email. And (2), once inside your computer, WannaCry scans the network looking for other computers to infect. If you're in an office full of computers, that could be a catastrophe if they aren't properly secured.

Ransomware made its first widely publicized appearance in Oct 2013 and there have been a few outbreaks since then. And just as the N. Koreans learn from each missile and nuke test, so to do ransomware creators learn from each attack wave, making their malware more resilient and effective. Yesterday's WannaCry attack is the biggest yet, ramping up the ransomware game and you can well bet the creators have learned a lot from it. Future attacks will be that much stronger.

Ransomware is the fasting growing malware segment today because the bad guys have figured out how to monetize their malware and it's working. Ransomware writers are making millions of dollars from people and multiple institutions desperate to get their data back. People and institutions that had not taken steps to protect themselves prior to being attacked are having to pay in many cases thousands of dollars per institution to retrieve data lost across dozens or even hundreds of computers. And there's no guarantee the decryption will even work!

Phishing schemes, a major transmission vector for malware (there are others), are getting more sophisticated every day as the recent Google Docs attack of a couple of weeks ago demonstrated. It's even getting harder for I.T. geeks to recognize some of today's very convincing phishing schemes. If I.T. geeks with their trained eyes are having trouble sussing out a phishing scheme, what hope do regular computer users have?

It's absolutely imperative that your computers are as secure as possible from attack and are backed-up every night. Imagine the headache or even possible ruin your company could suffer if some or all of its computers and servers became infected.

Please contact me so I can review your security and backup posture to reduce the odds of this happening to you or your company. The time and cost to prevent an infection is miniscule compared to the time and cost of mitigating one -- if, indeed, mitigation is even possible.