Diberdayakan oleh Blogger.

Popular Posts Today

LTE network for US public safety taking it one step at a time

Written By kom nampuldu on Senin, 28 Juli 2014 | 16.01

The organizers of the FirstNet LTE public safety network have the frequencies and standards they need to build the system, and they know where the money's coming from. They know how to get there from here, but it won't be a quick trip.

FirstNet will realize a vision that emerged in the wake of the 9/11 terror attacks, using technology that didn't exist until years later. It will be a single network linking all federal, state and local public-safety agencies in the U.S., based on the same radio spectrum and technology throughout. Though it won't replace every public-safety radio system in use today, FirstNet will help to eliminate the crazy quilt of incompatible radio systems and frequencies that makes it hard for different teams to coordinate their efforts.

That's no small matter when the news is bad enough to send first responders from multiple cities, counties or states converging on one area. For example, the many firefighting forces that battle summer blazes around the West often can't communicate directly with each other because they use different types of radios and different frequency bands, said TJ Kennedy, acting general manager of the First Responder Network Authority (FirstNet), which is in charge of making the network a reality.

The systems that first responders use now, including more than 10,000 separate LMRS (land mobile radio system) networks, also fall short of many users' needs. Some public-safety employees have to use their own smartphones in order to use apps, send photos and make calls in the field, according to Kennedy. Once FirstNet's built, all agencies will be able to sign up for the same national service, built on modern mobile broadband technology. It will span not just the 50 states but also U.S. territories, such as Puerto Rico, Guam and the Virgin Islands, and is intended to cover as much land as possible. In some cases that will probably require satellite, but most wireless will go over land-based LTE.

As with any effort to coordinate across 50 states and six territories, spanning about 60,000 public safety agencies, the network won't happen overnight. In fact, FirstNet isn't committing to any precise timeline or budget for getting it done. To give an idea how long the effort might take, there's a 46-step process that has to be carried out for each state and territory. The group is making progress: In many states, it's on step 7, Kennedy said.

That long process is designed to make sure the FirstNet system serves the needs of each state. FirstNet is meeting with local agencies and others involved with the issue, educating them about the technology and finding out what they want out of it.

"The geography and the needs of public safety in Maryland are probably very different from the needs in Alaska," Kennedy said.

Ultimately, each state and territory will choose whether to build the local wireless portion of the network themselves or have FirstNet do it. They can't opt out of the system altogether. Once the wireless infrastructure is in place, individual police departments, fire departments and other agencies will sign up and pay for service on FirstNet in much the same way they now buy service from a commercial mobile operator. FirstNet expects the service to be competitively priced, Kennedy said.

The network itself will be built and operated by carriers or other bidders that respond to FirstNet RFPs (requests for proposals), which will lay out the requirements for the system. Those criteria are still being set.

There's better news on the funding and technology for FirstNet.

Though not all the money is there yet, the funding sources for the system are secure, Kennedy said. The law that authorizes the network says the money to build it will come from three national auctions of wireless spectrum, which are forecast to bring in about US$7 billion. One of those, the so-called H Block auction, has already generated about $1.5 billion. Still to come are the sale of a band called AWS-3 to mobile operators, coming in November, and later the so-called incentive auctions to convert TV frequencies to mobile broadband.

FirstNet is also likely to be an easy fit with other networks and devices. It's designed to run entirely on IP (Internet Protocol), with a fast wired backbone in the core and LTE wireless networks at the edge. Because all the major commercial carriers in the U.S. use LTE, any gear that goes into the network or into first responders' hands can be based on the same mass-produced technologies, keeping costs down.

Unlike current public-safety systems, FirstNet will also have enough bandwidth to carry voice, video and data on mobile devices. The network has been assigned a 20MHz chunk of spectrum in the 700MHz band, comparable to what the major commercial carriers are using in that band. Carriers like 700MHz for its long-reaching signals and ability to penetrate walls.

Some devices on the market already are equipped to use FirstNet's band, and more will follow, Kennedy said. Some other countries have adopted the same band for public safety, most importantly Canada, which shares a continent-wide border with the U.S. This could allow for interoperability between U.S. and Canadian systems if needed, he said.


16.01 | 0 komentar | Read More

Verizon will throttle heaviest LTE data users starting in October

If you have an unlimited data plan with Verizon and use it heavily, here's some bad news: Verizon says it will begin throttling the "top 5 percent" of LTE data users in certain situations starting in October.

Under the new new policy, which was announced in a posting to the Verizon website entitled "Ensuring the Optimal Wireless Experience," the carrier reserves the right to limit 4G LTE data speeds for the heaviest unlimited data users as network conditions dictate.

"While all major wireless carriers employ tools to manage the traffic on their networks, Verizon Wireless uses network intelligence to slow the speeds of only some of its heaviest users on unlimited data plans, and only when those users are connected to a cell site that is experiencing peak usage at that particular time," the post states. "Once the heavy usage eases, or the user moves to a different cell site, the user's speeds return to normal."

Verizon employed a similar policy to limit data speeds for heavy 3G data users under certain circumstances in the past. The carrier also notes that this policy will not impact the vast majority of its users.

While any sort of data-speed throttling isn't ideal for users, Verizon's arrangement of throttling the heaviest users only when the network is congested is arguably a better approach than what some other carriers employ. For example, AT&T throttles unlimited plan users when their monthly data usage exceeds 3GB on 3G and 5GB on LTE, regardless of the network conditions.

Still, when your plan says "unlimited," you expect it to not have any restrictions or strings attached.


16.01 | 0 komentar | Read More

Until the Tails privacy tool is patched, here's how to stay safe

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.

Tails, a portable operating system that employs a host of privacy-focused components, plans to patch flaws contained in I2P, a networking tool developed by the Invisible Internet Project that provides greater anonymity when browsing. It's similar in concept to Tor.

On Saturday, I2P developers released several fixes for XSS (cross-site scripting) and remote execution flaws found by Exodus Intelligence, a vulnerability broker that irked some by announcing first on Twitter it knew of flaws but didn't immediately inform Tails.

It wasn't clear when Tails would release an update with I2P's fixes. It couldn't be immediately reached Sunday.

On Friday, Tails advised that users can take steps to protect themselves in the meantime. It recommended that I2P not be intentionally launched in Tails version 1.1 and earlier.

Luckily, I2P is not launched by default when Tails is started. But Tails warned that an attacker could use some other undisclosed security holes to launch Tails and then try to de-anonymize a user. To be sure that doesn't happen, the I2P software package should be removed when Tails is launched.

The danger of hackers using the I2P vulnerabilities is mitigated somewhat by the fact the details of the flaws haven't been disclosed publicly. But Tails wrote that hackers may have figured them out.

Even general descriptions of vulnerabilities often give hackers enough information of where to start hunting for flaws, enabling them to figure out the exact problems.

To execute an attack on I2P, a hacker must also lure someone to a website where they've manipulated the content, Tails said. That sort of lure is usually set using social engineering, successfully tricking a person into loading malicious content. Savvy users may spot such a lure, but it's easy to get tricked.

Soon after it wrote on Twitter of the flaws, Exodus Intelligence said it would provide the details to Tails and not sell the information to its customers. It wasn't clear if public pressure influenced Exodus.

The company wouldn't say if it would make similar exceptions for privacy-focused software in the future such as Tails, which has been recommended by former National Security Agency contractor Edward Snowden.


16.01 | 0 komentar | Read More

Phone unlocking bill clears US House, next step is president's signature

Written By kom nampuldu on Minggu, 27 Juli 2014 | 16.01

A bill that allows consumers to unlock their cellphones for use on other carriers passed its last hurdle in Congress on Friday, opening the way for it to become law once it is signed by President Obama.

Senate Bill 517 overturns a January 2013 decision by the Congressional Librarian that ruled the unlocking of phones by consumers fell afoul of the Digital Millennium Copyright Act (DMCA). It had previously been permitted under an exception to the anti-circumvention provisions of the DMCA, which are generally aimed at cracking of digital rights management technology.

Cellphones and smartphones are typically supplied to consumers with a software lock that restricts their use to a single wireless carrier. Removing that lock—the process of "unlocking" the phone—means it can be used on the networks of competing carriers. In the U.S., this is most often done with handsets that work on the AT&T or T-Mobile networks, which share a common technology, but is also popular with consumers who want to take their phones overseas and use foreign networks rather than roaming services.

The Unlocking Consumer Choice and Wireless Competition Act has made fast progress through Congress. It was passed by the Senate on July 16, just a week after it was passed by the Senate Judiciary Committee, and on Friday by unanimous vote in the House of Representatives. It now waits to be signed into law.

In addition to making the unlocking process legal under copyright law, the bill also directs the librarian of Congress to determine whether other portable devices with wireless capability, such as tablets, should be eligible for unlocking. 

"It took 19 months of activism and advocacy, but we're finally very close to consumers regaining the right to unlock the phones they've legally bought," said Sina Khanifar, who organized an online petition that kicked off the push to have the Library of Congress decision overturned. The petition attracted more than 114,000 signatures on the White House's "We The People" site. In its response to the petition, the Obama administration called for the legalization of cell phone unlocking.

"I'm looking forward to seeing this bill finally become law—it's been a long road against powerful, entrenched interests—but it's great to see citizen advocacy work," Khanifar said in a statement.


16.01 | 0 komentar | Read More

LTE network for US public safety taking it one step at a time

The organizers of the FirstNet LTE public safety network have the frequencies and standards they need to build the system, and they know where the money's coming from. They know how to get there from here, but it won't be a quick trip.

FirstNet will realize a vision that emerged in the wake of the 9/11 terror attacks, using technology that didn't exist until years later. It will be a single network linking all federal, state and local public-safety agencies in the U.S., based on the same radio spectrum and technology throughout. Though it won't replace every public-safety radio system in use today, FirstNet will help to eliminate the crazy quilt of incompatible radio systems and frequencies that makes it hard for different teams to coordinate their efforts.

That's no small matter when the news is bad enough to send first responders from multiple cities, counties or states converging on one area. For example, the many firefighting forces that battle summer blazes around the West often can't communicate directly with each other because they use different types of radios and different frequency bands, said TJ Kennedy, acting general manager of the First Responder Network Authority (FirstNet), which is in charge of making the network a reality.

The systems that first responders use now, including more than 10,000 separate LMRS (land mobile radio system) networks, also fall short of many users' needs. Some public-safety employees have to use their own smartphones in order to use apps, send photos and make calls in the field, according to Kennedy. Once FirstNet's built, all agencies will be able to sign up for the same national service, built on modern mobile broadband technology. It will span not just the 50 states but also U.S. territories, such as Puerto Rico, Guam and the Virgin Islands, and is intended to cover as much land as possible. In some cases that will probably require satellite, but most wireless will go over land-based LTE.

As with any effort to coordinate across 50 states and six territories, spanning about 60,000 public safety agencies, the network won't happen overnight. In fact, FirstNet isn't committing to any precise timeline or budget for getting it done. To give an idea how long the effort might take, there's a 46-step process that has to be carried out for each state and territory. The group is making progress: In many states, it's on step 7, Kennedy said.

That long process is designed to make sure the FirstNet system serves the needs of each state. FirstNet is meeting with local agencies and others involved with the issue, educating them about the technology and finding out what they want out of it.

"The geography and the needs of public safety in Maryland are probably very different from the needs in Alaska," Kennedy said.

Ultimately, each state and territory will choose whether to build the local wireless portion of the network themselves or have FirstNet do it. They can't opt out of the system altogether. Once the wireless infrastructure is in place, individual police departments, fire departments and other agencies will sign up and pay for service on FirstNet in much the same way they now buy service from a commercial mobile operator. FirstNet expects the service to be competitively priced, Kennedy said.

The network itself will be built and operated by carriers or other bidders that respond to FirstNet RFPs (requests for proposals), which will lay out the requirements for the system. Those criteria are still being set.

There's better news on the funding and technology for FirstNet.

Though not all the money is there yet, the funding sources for the system are secure, Kennedy said. The law that authorizes the network says the money to build it will come from three national auctions of wireless spectrum, which are forecast to bring in about US$7 billion. One of those, the so-called H Block auction, has already generated about $1.5 billion. Still to come are the sale of a band called AWS-3 to mobile operators, coming in November, and later the so-called incentive auctions to convert TV frequencies to mobile broadband.

FirstNet is also likely to be an easy fit with other networks and devices. It's designed to run entirely on IP (Internet Protocol), with a fast wired backbone in the core and LTE wireless networks at the edge. Because all the major commercial carriers in the U.S. use LTE, any gear that goes into the network or into first responders' hands can be based on the same mass-produced technologies, keeping costs down.

Unlike current public-safety systems, FirstNet will also have enough bandwidth to carry voice, video and data on mobile devices. The network has been assigned a 20MHz chunk of spectrum in the 700MHz band, comparable to what the major commercial carriers are using in that band. Carriers like 700MHz for its long-reaching signals and ability to penetrate walls.

Some devices on the market already are equipped to use FirstNet's band, and more will follow, Kennedy said. Some other countries have adopted the same band for public safety, most importantly Canada, which shares a continent-wide border with the U.S. This could allow for interoperability between U.S. and Canadian systems if needed, he said.


16.01 | 0 komentar | Read More

Verizon will throttle heaviest LTE data users starting in October

If you have an unlimited data plan with Verizon and use it heavily, here's some bad news: Verizon says it will begin throttling the "top 5 percent" of LTE data users in certain situations starting in October.

Under the new new policy, which was announced in a posting to the Verizon website entitled "Ensuring the Optimal Wireless Experience," the carrier reserves the right to limit 4G LTE data speeds for the heaviest unlimited data users as network conditions dictate.

"While all major wireless carriers employ tools to manage the traffic on their networks, Verizon Wireless uses network intelligence to slow the speeds of only some of its heaviest users on unlimited data plans, and only when those users are connected to a cell site that is experiencing peak usage at that particular time," the post states. "Once the heavy usage eases, or the user moves to a different cell site, the user's speeds return to normal."

Verizon employed a similar policy to limit data speeds for heavy 3G data users under certain circumstances in the past. The carrier also notes that this policy will not impact the vast majority of its users.

While any sort of data-speed throttling isn't ideal for users, Verizon's arrangement of throttling the heaviest users only when the network is congested is arguably a better approach than what some other carriers employ. For example, AT&T throttles unlimited plan users when their monthly data usage exceeds 3GB on 3G and 5GB on LTE, regardless of the network conditions.

Still, when your plan says "unlimited," you expect it to not have any restrictions or strings attached.


16.01 | 0 komentar | Read More

'Canvas fingerprinting' tracking is sneaky but easy to halt

Written By kom nampuldu on Jumat, 25 Juli 2014 | 16.00

A method for tracking users across the Internet called "canvas fingerprinting" is simple to stop, but average Internet users may not know how to do it.

A research paper concluded that code used for canvas fingerprinting had been in use earlier this year on 5,000 or so popular websites, unknown to most. Most but not all the sites observed used a content-sharing widget from the company AddThis.

The researchers, from KU Lueven in Belgium and Princeton University, described how companies are looking for new ways to track users in order to deliver targeted advertising and move away from cookies, which can be easily deleted or blocked.

"The cookie is dead," wrote Rob Shavell, a cofounder of Abine, a company that develops privacy tools, via email. Advertising and data collection businesses need to evidence that their targeting is working for paying clients, he wrote, but most users are unaware of how they're being tracked in new ways.

Following media coverage, AddThis admitted it ran a five-month test using canvas fingerprinting within its widget but said the canvas fingerprinting code was disabled earlier this month. Acknowledging privacy concerns, the company said it would provide more information on such tracking tests before starting one.

It worked like this: When a browser loaded the AddThis widget, JavaScript that enabled canvas fingerprinting was sent. The script used a capability in modern Web browsers called the canvas API that allows access to the computer's graphics chip, which is intended for use with games or other interactive content.

An invisible image was sent to the browser, which rendered it and sent data back to the server. That data can then be used to create a "fingerprint" of the computer, which could be useful for identifying the computer and serving targeted advertisements.

But of several emerging tracking methods, canvas fingerprinting isn't the greatest: it's not terribly accurate, and can be blocked.

Canvas fingerprinting may work best on smaller websites with stable communities, wrote Wladimir Palant, creator of AdBlock Plus browser extension, in a blog post. But it is less effective on a larger scale.

"As soon as you start talking about millions of users (e.g. if you want to track users across multiple websites) it is just too likely that different users will have exactly the same configuration and won't be distinguishable by means of canvas fingerprinting," he wrote.

Widgets such as AddThis can be entirely blocked with tools such as AdBlock Plus or DoNotTrackMe from Abine, both extensions that can block web trackers.

DoNotTrackMe, for example, can spot a browser making a request to AddThis for content and block it, meaning AddThis couldn't transmit JavaScript for canvas fingerprinting, wrote Andrew Sudbury, CTO and cofounder of Abine, via email.

AdBlock Plus can also block these kinds of JavaScript requests, but not by default, wrote Ben Williams, public relations manager for AdBlock Plus, in an email.

The extension is intended to be used with a series of filters, or lists, that enable certain kinds of blocking. Williams wrote that a user would need to install the EasyPrivacy filter. The AddThis widget would be blocked, along with any other JavaScript, he wrote.


16.00 | 0 komentar | Read More

New guide aims to remove the drama of reporting software flaws

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

Large companies such as Facebook, Google and Yahoo have well defined "responsible disclosure" policies that lay out what is expected of researchers if they find a vulnerability and often the terms under which a reward will be paid.

But many companies don't, which can lead to problems and confusion. Security researchers have occasionally been referred to law enforcement even when they have been up front about the issue with a company.

The guidelines were developed by Bugcrowd, which has a platform companies can use to have their applications analyzed by independent researchers in a safe way and in some cases, reward them. Bugcrowd worked on the framework with CipherLaw, a legal firm specializing in technology.

They've released a short and lucid document on Github describing how companies should approach setting up a responsible disclosure program as well a boilerplate disclosure policy that can be included on a company's website.

The framework "is designed to quickly and smoothly prepare your organization to work with the independent security researcher community while reducing the legal risks to researchers and companies," according to an introduction on Github.


16.00 | 0 komentar | Read More

Apple faces privacy suit following Chinese TV report

An iPhone user has filed a lawsuit for invasion of privacy against Apple, about a week after a Chinese state broadcaster raised security concerns about the device's location-tracking functions.

The U.S. class action lawsuit, filed by a woman named Chen Ma, alleges that Apple has "intentionally intruded" into her privacy with the iPhone's location tracking service. Apple has also disclosed the data to third parties, including the U.S. government, according to the claims.

In making the allegations, the lawsuit cites a July 11 report from the state-run China Central Television, which warned that Apple's location-tracking functions could be a security threat.

The function in question was the "Frequent Locations" feature found on iOS 7. The service records the places the user has visited, along with the duration, and is meant to provide tips, including nearby shops of interest and estimated commute times.

The CCTV report, however, claimed that the feature could be used to effectively spy on users. The data could reveal information about China's economy, and state secrets, according to one security researcher interviewed in the report.

Shortly after CCTV's investigation, Apple released its own statement, assuring users that the company does not track users' locations. Nor does it have access to the Frequent Locations function on users' phones, or has worked with any government agency to create backdoors in its products, it added.

Apple on Friday declined to comment about the class action lawsuit. The complaint was filed in the U.S. District Court for the Northern District of California, San Jose division.


16.00 | 0 komentar | Read More

Facebook isn't giving up on search

Written By kom nampuldu on Kamis, 24 Juli 2014 | 16.00

Facebook reported Wednesday that it now handles an average of more than 1 billion searches a day, but it still has work to do to provide a comprehensive search tool.

Early last year, Facebook unveiled an ambitious search project called Graph Search. The feature was conceived to index the people on Facebook, their posts and the connections between them, to provide a personalized search tool based around people's social networks. It would allow for searches on a variety of topics pertaining to places, people, interests and other topics.

When it was announced at Facebook's headquarters in California, CEO Mark Zuckerberg described it as a way to make Facebook more useful by providing more answers to questions and helping to encourage new connections among members.

Facebook launched Graph Search in 2013, but the company would concede it has a ways to go to index all the content on its site.

It's not quite there yet. On Wednesday, Zuckerberg said Facebook is still a ways off from indexing the range of content on its site. And it's probably even further from making it easily searchable.

"Search for Facebook is going to be a multi-year voyage," Zuckerberg said during a conference call with financial analysts, coming off Facebook's second-quarter earnings announcement. "There's just so much content that's unique to the Facebook ecosystem," he said.

With Graph Search, Facebook started with indexing people. But the company's now working more on indexing the trillion-plus connections among them, as well as their posts, Zuckerberg said.

Ultimately, with this indexing, Facebook wants to give people answers to questions they can't get anywhere else, Zuckerberg said. As an example, the CEO said that the other day he was curious which of his friend's friends worked at a certain company.

Graph Search currently is only available on the desktop version of Facebook. It will let you ask questions such as "Restaurants in Denver, Colorado, my friends like," or "Friends who like to ski." The results, of course, will depend on what information your connections have shared.

Facebook has big competitors in search, the obvious one being Google. Google does not break out its daily searches, but it does handle more than 100 billion a month, according to the company. Graph Search's promised functions would also compete with services offered by Yelp, LinkedIn, Foursquare, and even upstarts like Jelly.

But with well over 1 billion active users, Facebook has a lot of data to use for a search tool.


16.00 | 0 komentar | Read More
Techie Blogger