Wednesday, December 22, 2010
Firesheep sniffs unsecured connections with major Web sites over local networks and lets a user with the Firefox plug-in installed sidejack those sessions. A trope has spread that the way to solve this problem is to password protect open Wi-Fi networks, such as those run by AT&T at Starbucks and McDonald's. The technical argument is that on a WPA/WPA2 (Wi-Fi Protected Access) network in which a common shared password is used, the access point nonetheless generates a unique key for each client when it connects. You can't just know the network password and decode all the traffic, as with the broken WEP (Wired Equivalent Privacy) encryption that first shipped with 802.11b back in the late 1990s.
Steve Gibson, a veteran computer-security writer and developer, suggested this the moment Firesheep was announced. A blog post at security consultant Sophos makes the same suggestion. But it won't work for long.
Gibson notes the key problem to this approach in the comments to his post: every user with the shared key can sniff the transaction in which another client is assigned its unique key, and duplicate it. Further, if you join a network with many clients already connected, you can use the aircrack-ng suite to force a deauthentication. That doesn't drop a client off the network; rather, it forces its Wi-Fi drivers to perform a new handshake in which all the details are exposed to derive the key.
Thus, you could defeat Firesheep today by assigning a shared key to a Wi-Fi network until the point at which some clever person simply grafts aircrack-ng into Firesheep to create an automated way to deauth clients, snatch their keys, and then perform the normal sheepshearing operations to grab tokens. I would suspect this might be dubbed Firecracker
The way around this is to use 802.1X, port-based access control, which uses a complicated system of allowing a client to connect to a network through a single port with just enough access to provide credentials. The Wi-Fi flavor of choice is WPA/WPA2 Enterprise, and the secured method of choice is PEAP. Even if every 802.1X user logs in using PEAP with the same user name and password, the keying process is protected from other users and outside crackers. Update: Reader Elmae suggests "Little Bo PEAP" instead of Firecracker.
Even though 802.1X is built into Mac OS X since about 2004, Windows starting in XP SP2, and available at no cost for GNU/Linux, BSD, Unix, and other variants (as well as for older Mac/Win flavors), it's got just enough overhead that hotspots haven't wanted to use it.
While hotspots aren't liable for people sidejacking with Firesheep or simply sucking down and analyze traffic on their networks (disclosure: IANAL), 802.1X is cheap and easy to implement when there's a single user account and password. It's possible we'll see some uptake. The long-term solution is for all Web sites that handle any data to encrypt the entirety of all user sessions.
Update: Commenter foobar pokes a hole, pun intended, in my suggestion for using 802.1X with a single user name/password: Hole196. This vulnerability, documented by AirTight, afflicts 802.1X networks. It allows a malicious party to spoof the access point for sending broadcast messages, and allows ARP and DNS poisoning. Thus Firecracker could become fARPcracker, and, once again, Firesheep emerges victorious. (I wrote about Hole196 for Ars Technica; it's not that big a deal for the enterprise, but it's perfectly easy to use in a hotspot.) Thus, sites securing all their connections with SSL/TLS becomes the only practical method to ensure privacy and prevent sidejacking.
Photo by Magic Foundry, used via Creative Commons.
In an e-mail sent to BSD project leader Theo de Raadt, former NETSEC CTO Gregory Perry has claimed that NETSEC developers helped the FBI plant "a number of backdoors" in the OpenBSD cryptographic framework approximately a decade ago.
Perry says that his nondisclosure agreement with the FBI has expired, allowing him to finally bring the issue to the attention of OpenBSD developers. Perry also suggests that knowledge of the FBI's backdoors played a role in DARPA's decision to withdraw millions of dollars of grant funding from OpenBSD in 2003.
Our research suggests that:2010 Report on Distributed Denial of Service (DDoS) Attacks
• DDoS attacks against independent media and human rights sites have been common in the past year, even outside of elections, protests, and military operations. With recent highly publicized DDoS attacks on Wikileaks, and "Operation Payback" attacks by "Anonymous" on sites perceived to oppose Wikileaks, we expect these attacks to become more common.
• Independent media and human rights sites suffer from a variety of different types of cyber attacks, including filtering, intrusions, and defacements in addition to DDoS attacks, and those attacks interact with each other in complex ways.
• Independent media and human rights sites suffer from both application DDoS attacks, which exhaust local server resources and can usually be mitigated by a skilled system administrator; and network DDoS attacks, which exhaust network bandwidth and can usually only be mitigated with the help of a hosting provider at considerable expense.
• Mitigating DDoS attacks against independent media and human rights sites will likely require moving those sites closer to the core of the Internet: inside the small number of major ISPs, websites, and content distribution networks* (CDNs) that have the experience and resources to defend against these attacks, particularly network DDoS attack
How does Twitter stack up against Facebook when it comes to demographics and online activity? Digital Surgeons, an online marketing agency, has put together an infographic comparing the Facebook population to the Twitter population, and it shows that while the two are similar in many respects in terms of age, income and so on, there are also some crucial differences of interest to marketers and others looking to mine the data and pick a favorite platform. Among the biggest differences are that Twitter users seem to be more active, but less interested in following brands.
Here are a few of the key findings represented in the infographic, which was based on data from a Barracuda Networks survey as well as an analysis from Razorfish and other demographic breakdowns from a number of sources (although the data on Twitter in particular is a little old — the service now has 190 million users).
- 88 percent of people are aware of Facebook, while 87 percent are aware of Twitter
- 12 percent of Facebook users update their status every day vs. 52 percent for Twitter
- males make up 46 percent of Facebook users, and 48 percent of Twitter
- 30 percent access Facebook via mobile vs. 37 percent for Twitter
- 40 percent follow a brand on Facebook vs. 25 percent on Twitter
- 70 percent of Facebook users are outside the U.S. vs. 60 percent for Twitter
Related GigaOM Pro content (sub req'd):
- Why Google Should Fear the Social Web
- Lessons From Twitter: How to Play Nice With Ecosystem Partners
- What We Can Learn From the Guardian's Open Platform
Google has announced that Gmail users will be able to make free phone calls to the U.S. and Canada through 2011. When calling was added to Gmail back in August, the company said that it'd be making such calls free "for at least the rest of the year," with per minute rates starting at $0.02 per minute for international dialing.
The service made a major splash initially, with 1 million calls placed in the first 24 hours and pundits predictably calling the service a potential Skype killer. That said, we haven't heard many updates about the traction the service is getting since then, though free calling for all of 2011 certainly stands to lure more users.
We've reached out to Google for some updated numbers and will post here if we hear back. In the meantime, let us know in the comments if you're making phone calls from Gmail.
Reviews: Google, Skype, gmail
For more Tech coverage:
Tuesday, December 7, 2010
Like a lot of people, I am conflicted about Wikileaks.
Citizens of a functioning democracy must be able to know what the state is saying and doing in our name, to engage in what Pierre Rosanvallon calls "counter-democracy"*, the democracy of citizens distrusting rather than legitimizing the actions of the state. Wikileaks plainly improves those abilities.
On the other hand, human systems can't stand pure transparency. For negotiation to work, people's stated positions have to change, but change is seen, almost universally, as weakness. People trying to come to consensus must be able to privately voice opinions they would publicly abjure, and may later abandon. Wikileaks plainly damages those abilities. (If Aaron Bady's analysis is correct, it is the damage and not the oversight that Wikileaks is designed to create.*)
And so we have a tension between two requirements for democratic statecraft, one that can't be resolved, but can be brought to an acceptable equilibrium. Indeed, like the virtues of equality vs. liberty, or popular will vs. fundamental rights, it has to be brought into such an equilibrium for democratic statecraft not to be wrecked either by too much secrecy or too much transparency.
As Tom Slee puts it, "Your answer to 'what data should the government make public?' depends not so much on what you think about data, but what you think about the government."* My personal view is that there is too much secrecy in the current system, and that a corrective towards transparency is a good idea. I don't, however, believe in total transparency, and even more importantly, I don't think that independent actors who are subject to no checks or balances is a good idea in the long haul.
If the long haul were all there was, Wikileaks would be an obviously bad thing. The practical history of politics, however, suggests that the periodic appearance of such unconstrained actors in the short haul is essential to increased democratization, not just of politics but of thought.
We celebrate the printers of 16th century Amsterdam for making it impossible for the Catholic Church to constrain the output of the printing press to Church-approved books*, a challenge that helped usher in, among other things, the decentralization of scientific inquiry and the spread of politically seditious writings advocating democracy.
This intellectual and political victory didn't, however, mean that the printing press was then free of all constraints. Over time, a set of legal limitations around printing rose up, including restrictions on libel, the publication of trade secrets, and sedition. I don't agree with all of these laws, but they were at least produced by some legal process.
Unlike the United States' current pursuit of Wikileaks.
I am conflicted about the right balance between the visibility required for counter-democracy and the need for private speech among international actors. Here's what I'm not conflicted about: When authorities can't get what they want by working within the law, the right answer is not to work outside the law. The right answer is that they can't get what they want.
The Unites States is — or should be — subject to the rule of law, which makes the extra-judicial pursuit of Wikileaks especially nauseating. (Calls for Julian's assassination are even more nauseating.) It may be that what Julian has done is a crime. (I know him casually, but not well enough to vouch for his motivations, nor am I a lawyer.) In that case, the right answer is to bring the case to a trial.
IIn the US, however, the government has a "heavy burden" for engaging in prior restraint of even secret documents, an established principle since New York Times Co. vs. The United States*, when the Times published the Pentagon Papers. If we want a different answer for Wikileaks, we need a different legal framework first.
Though I don't like Senator Joseph Lieberman's proposed SHIELD law (Securing Human Intelligence and Enforcing Lawful Dissemination*), I do like the fact that it is a law, and not an extra-legal avenue (of which Senator Lieberman is also guilty.*) I also like the fact that the SHIELD Law makes it clear what's at stake: the law proposes new restraints on publishers, and would apply to the New York Times and The Guardian as it well as to Wikileaks. (As Matthew Ingram points out, "Like it or not, Wikileaks is a media entity."*) SHIELD amounts to an attempt to reverse parts of New York Times Co. vs. The United States.
I don't think such a law should pass. I think the current laws, which criminalize the leaking of secrets but not the publishing of leaks, strike the right balance. However, as a citizen of a democracy, I'm willing to be voted down, and I'm willing to see other democratically proposed restrictions on Wikileaks put in place. It may even be that whatever checks and balances do get put in place by the democratic process make anything like Wikileaks impossible to sustain in the future.
The key, though, is that democracies have a process for creating such restrictions, and as a citizen it sickens me to see the US trying to take shortcuts. The leaders of Myanmar and Belarus, or Thailand and Russia, can now rightly say to us "You went after Wikileaks' domain name, their hosting provider, and even denied your citizens the ability to register protest through donations, all without a warrant and all targeting overseas entities, simply because you decided you don't like the site. If that's the way governments get to behave, we can live with that."
Over the long haul, we will need new checks and balances for newly increased transparency — Wikileaks shouldn't be able to operate as a law unto itself anymore than the US should be able to. In the short haul, though, Wikileaks is our Amsterdam. Whatever restrictions we eventually end up enacting, we need to keep Wikileaks alive today, while we work through the process democracies always go through to react to change. If it's OK for a democracy to just decide to run someone off the internet for doing something they wouldn't prosecute a newspaper for doing, the idea of an internet that further democratizes the public sphere will have taken a mortal blow.
We expected Google to launch its upcoming e-book store before the end of the year, and the company announced Monday that the new Google eBookstore is now open for business in the US. Google is touting the "open" nature of its e-books by making them accessible to the widest array of popular e-reader devices, including the iPad, Nook, and Sony Reader.
Google's new eBookstore works a little differently than other stores—at least when it comes to reading via computer. All purchased titles are kept in Google's cloud-based storage and accessed via a browser. When reading via an iOS or Android-based device, a dedicated app can download and cache titles for reading offline. And for devices compatible with Adobe's DRM-protected e-book formats—including Sony Reader and Barnes & Noble Nook—PDF or EPUB files can be downloaded and transferred to your device using Adobe Editions software.
Today Google launched its newest flagship phone, the Nexus S, and with it, the next version of the Android operating system, code-named Gingerbread (Android 2.3). The new platform introduces a number of new features for end users and developers alike, most notably several user interface changes including a new keyboard and text selection tool, support for NFC technology, better power management, Internet (VoIP/SIP calling, better copy and paste, gyroscope support and more.
The new features for users in Gingerbread are detailed here on the Android Developers website. To summarize, those are as follows:
- UI Refinements: the new UI has been redesigned to be easier, faster and more power-efficient. The theme's background has been changed to black in areas like the notification bar, menus and other parts of the UI. Changes in menus and settings have also been introduced for simplified use and navigation.
- New Keyboard: The keyboard has been updated for faster input and editing. The keys have been reshaped so presses are more accurate, and an idea stolen from add-in applications like SwiftKey, the new keyboard now displays word suggestions based on what you're typing. You can switch to voice mode from the keyboard to replace selections, too. Multi-touch key-chording lets you enter numbers and symbols with keyboard shortcut combos, instead of having to change to the numeric keyboard mode.
- Word Selection Improved: Now you can select a word via press-hold, a similar gesture to what's used on iPhone for the same task. On Gingerbread, this takes you to a free-selection mode where you can adjust the area needed to select by dragging two bounding areas together.
- Copy/Paste Improved: The press-hold gesture mentioned above also starts the copy/paste process. After selecting content, press anywhere in the selection mode to copy the text.
- Improved Power Management: Android now is more active in managing apps that keep the device awake, even going so far as to close apps when appropriate. In the Application Settings, users can now see how the battery is being used by various apps.
- Application Control: A shortcut to Manage Applications is now in the Options menu from the Home Screen. A new Running tab displays a list of active apps and the storage/memory being used. From here, apps can be stopped, ending the need for add-on "task killer" type applications to do this.
- Internet Calling: Internet Calling (SIP) addresses can be added to Contacts and calls can be placed from the Quick Contact or Dialer. A SIP account is needed for this feature to work. This feature will be available depending on manufacturer and carrier support.
- NFC: Near-field communications support is now included in the OS. With NFC, you can "touch" or "swipe" an NFC tag embedded in a poster, sticker, ad, or anywhere else and then be directed to a website associated with the URL included in the tag's data. NFC support will be determined by the phone's hardware.
- Downloads Management: Downloads can now be access and manager from the browser, email or within an app. A new Download Manager is introduced for this.
- Camera: The camera app now provides access to multiple cameras on the device, if the phone includes more than one (such as a front-facing camera, for example).
What's New For Developers: See Next Page
Gingerbread For Developers
Developers need to be aware of the following features:
- Concurrent garbage collector: The Dalivik VM introduces a new, concurrent garbage collector that minimizes application pauses, helping to ensure smoother animation and increased responsiveness in games and similar applications.
- Faster event distribution: The plaform now handles touch and keyboard events faster and more efficiently, minimizing CPU utilization during event distribution. The changes improve responsiveness for all applications, but especially benefit games that use touch events in combination with 3D graphics or other CPU-intensive operations.
- Updated video drivers: The platform uses updated third-party video drivers that improve the efficiency of OpenGL ES operations, for faster overall 3D graphics performance.
- Event Handling: Applications that use native code can now receive and process input and sensor events directly in their native code, which dramatically improves efficiency and responsiveness. Native libraries exposed by the platform let applications handle the same types of input events as those available through the framework. Applications can receive events from all supported sensor types and can enable/disable specific sensors and manage event delivery rate and queueing.
- New Sensor Types: Android 2.3 adds API support for several new sensor types, including gyroscope, rotation vector, linear acceleration, gravity, and barometer sensors. Applications can use the new sensors in combination with any other sensors available on the device, to track three-dimensional device motion and orientation change with high precision and accuracy. For example, a game application could use readings from a gyroscope and accelerometer on the device to recognize complex user gestures and motions, such as tilt, spin, thrust, and slice.
- Open API for Native Audio: The platform provides a software implementation of Khronos OpenSL ES, a standard API that gives applications access to audio controls and effects from native code. Applications can use the API to manage audio devices and control audio input, output, and processing directly from native code
- Native graphics management: The platform provides an interface to its Khronos EGL library, which lets applications manage graphics contexts and create and manage OpenGL ES textures and surfaces from native code.
- Native access to Activity lifecycle, window management: Native applications can declare a new type of Activity class, NativeActivity whose lifecycle callbacks are implemented directly in native code. The NativeActivity and its underlying native code run in the system just as do other Activities -- they run in the application's system process and execute on the application's main UI thread, and they receive the same lifecycle callbacks as do other Activities. The platform also exposes native APIs for managing windows, including the ability to lock/unlock the pixel buffer to draw directly into it..
- Native access to assets, storage: Applications can now access a native Asset Manager API to retrieve application assets directly from native code without needing to go through JNI. If the assets are compressed, the platform does streaming decompression as the application reads the asset data. There is no longer a limit on the size of compressed .apk assets that can be read. Additionally, applications can access a native Storage Manager API to work directly with OBB files downloaded and managed by the system. (Dev tools for creating and managing OBB files will not be available until early 2011.)
- Robust native development environment: The Android NDK (r5 or higher) provides a complete set of tools, toolchains, and libraries for developing applications that use the rich native environment offered by the Android 2.3 platform.
- Internet telephony: Developers can now add SIP-based internet telephony features to their apps. Android 2.3 includes a full SIP protocol stack and integrated call management services that let applications easily set up outgoing and incoming voice calls, without having to manage sessions, transport-level communication, or audio record or playback directly.
- Near Field Communications (NFC): The platform's support for Near Field Communications (NFC) lets developers get started creating a whole new class of applications for Android. Developers can create new applications that offer proximity-based information and services to users, organizations, merchants, and advertisers. Using the NFC API, applications can respond to NFC tags "discovered" as the user "touches" an NFC-enabled device to elements embedded in stickers, smart posters, and even other devices. When a tag of interest is collected, applications can respond to the tag, read messages from it, and then store the messages, prompting the user as needed.
- Mixable audio effects: A new audio effects API lets developers easily create rich audio environments by adding equalization, bass boost, headphone virtualization (widened soundstage), and reverb to audio tracks and sounds. Developers can mix multiple audio effects in a local track or apply effects globally, across multiple tracks.
- Support for new media formats: The platform now offers built-in support for the VP8 open video compression format and the WebM open container format. The platform also adds support for AAC encoding and AMR wideband encoding (in software), so that applications can capture higher quality audio than narrowband.
- Access to multiple cameras: The Camera API now lets developers access any cameras that are available on a device, including a front-facing camera. Applications can query the platform for the number of cameras on the device and their types and characteristics, then open the camera needed. For example, a video chat application might want to access a front-facing camera that offers lower-resolution, while a photo application might prefer a back-facing camera that offers higher-resolution.