Archive for June 3rd, 2012

Internet address system upgrade likely to be smooth

WASHINGTON: The Internet is set for a major upgrade in the coming week. But if all goes well, users won’t even know it’s happening.

The switch occurs at 0001 GMT Wednesday, when the Internet system shifts to a new standard that allows for trillions of “IP” numbers or addresses, up from the current four billion.

Known as the World IPv6 launch to geeks, the move will see Web operators and others switch permanently to the new system from the existing standard, IPv4. A test of the system was held last year.

The new standard was needed because the number of IP addresses under the old system has been exhausted.

The full transition will take several years, and old IPv4 devices and networks should continue to function as before.

“Most users shouldn’t notice anything,” said Leo Vegoda, a “numbers resources” manager for the Internet Corporation for Assigned Names and Numbers, which manages the Internet address system.

“If ordinary Internet users need to know stuff, then the technology isn’t right.”

But Vegoda said there may be some “irritations” for users, as those using equipment on the old standard connect to computers and networks on the new standard.

Each piece of hardware — including home computers, tablets and mobile devices — has a unique IP address to connect to the Web.

With about seven billion people on the planet, the IPv4 protocol doesn’t allow for everyone to have a gadget with its own online address.

The situation has been equated to not having enough telephone numbers for every user.

Cisco is projecting that by 2016, there will be nearly 18.9 billion network connections, or nearly 2.5 connections for each person on earth, compared with 10.3 billion in 2011.

If there are not enough addresses, neighbors will have to start sharing IP addresses, which can slow things down.

But with the IPv4 and IPv6 systems coexisting, the connections need to find a compatible “path,” which sometimes may be longer than usual, said Vegoda.

If there are not enough paths available, someone connecting to a Web page from the United States might have to be routed across the Atlantic and then back again, a phenomenon known as “tromboning.”

This can slow down connections in some cases, but Vegoda said he expected “relatively light” problems.

Johannes Ullrich of the SANS Technology Institute said that in some cases, “you may see some degradation in speed and reliability” by remaining on IPv4. But he said that over time, the move will mean a smoother-running Internet.

“Don’t consider IPv6 a threat. Use it as an opportunity,” he said in a blog post. “There are a lot of neat things you can do in IPv6 to secure your network better. But get on it and learn about it now.”

Over time, home users may have to get new modems or routers to be compatible with the new standards, but major Internet providers are prepared for the switchover.

“We maintain our commitment to the goal of a seamless transition to IPv6,” said Jason Livingood, a vice president for Internet systems at Comcast, one of the largest US providers.

“That means customer Internet access will continue to be direct and fast. And because middlebox solutions are not used, customers avoid the risk that certain applications slow down, fail to work or experience other annoying errors.”

Big Web firms like Google and Facebook and hardware makers like Cisco are encouraging businesses and individuals to make the transition, saying it will be easier for different devices and networks to speak to each other.

“Your current network running IPv4-based devices won’t be obsolete for some time,” said Cisco’s Sampa Choudhuri.

“However, if you haven’t already started making plans for the transition to IPv6, you should. The first step you should take is determining how and when to transition to the new Internet protocol based on your business needs.”

He suggested that people doing business with partners on an IPv6 network shoud migrate “sooner rather than later.”

, , , , , ,

Leave a comment

PSA: Nintendo Direct Pre-E3 event streaming tomorrow at 6 p.m. Eastern

The 2012 Electronic Entertainment Expo officially starts on Tuesday morning, but that hasn’t stopped companies anxious to tout their latest wares from spilling the beans a little early. To wit, Nintendo Direct will be officiating its own pre-E3 shindig tomorrow afternoon/evening, at 6 p.m. Eastern/3 p.m. Pacific. Now, Nintendo’s real E3 press conference doesn’t happen until Tuesday morning at the show proper, but this preemptive stream very well could yield a little somethin’ somethin’. You folk will be able to watch the proceedings at this website when the time comes. Well, not this website, the one we just linked.

, , ,

Leave a comment

Ubisoft registers ‘Just Dance Floor’ domains

Ubisoft’s big pre-E3 press conference is roughly 48 hours away, and while common sense dictates that the announcement of a new Just Dance game is as likely as tomorrow’s rising sun, nothing official has happened quite yet. There are intriguing clues, however, such as JustDanceFloor.com and Just-DanceFloor.com, two new Ubisoft-owned domains uncovered by the intrepid detectives at Fusible . The trouble with URLs is that they generally divulge very little in the way of context , especially when it comes to titles. Are these addresses for Just Dance: Floor , or Just DanceFloor ? Just Dance: Floor would be a really terrible play on words, since the next Just Dance game in the series would be the fourth one. But, if it’s Just DanceFloor , why is “Floor” capitalized? Okay, now the word “floor” just looks weird.

, , ,

1 Comment

Risks of boomerangs a reality in world of cyberwar

WASHINGTON — The Obama administration is warning American businesses about an unusually potent computer virus that infected Iran’s oil industry even as suspicions persist that the United States is responsible for secretly creating and unleashing cyberweapons against foreign countries.

The government’s dual roles of alerting U.S. companies about these threats and producing powerful software weapons and eavesdropping tools underscore the risks of an unintended, online boomerang.

Unlike a bullet or missile fired at an enemy, a cyberweapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. It’s one of the unusual challenges facing the programmers who build such weapons, and presidents who must decide when to launch them.

The Homeland Security Department’s warning about the new virus, known as “Flame,” assured U.S. companies that no infections had been discovered so far inside the U.S. It described Flame as an espionage tool that was sophisticated in design, using encryption and other techniques to help break into computers and move through corporate or private networks. The virus can eavesdrop on data traffic, take screenshots and record audio and keystrokes. The department said the origin is a mystery.

The White House has declined to discuss the virus.

But suspicions about the U.S. government’s role in the use of cyberweapons were heightened by a report in Friday’s New York Times. Based on anonymous sources, it said President Barack Obama secretly had ordered the use of another sophisticated cyberweapon, known as Stuxnet, to attack the computer systems that run Iran’s main nuclear enrichment facilities. The order was an extension of a sabotage program that the Times said began during the Bush administration.

Private security researchers long have suspected that the U.S. and Israeli governments were responsible for Stuxnet. But the newspaper’s detailed description of conversations in the Oval Office among Obama, the vice president and the CIA director about the U.S. government’s responsibility for Stuxnet is the most direct evidence of this to date. U.S. officials rarely discuss the use of cyberweapons outside of classified settings.

Stuxnet is believed to have been released as early as 2009. It was discovered in June 2010 by a Belarusian antivirus researcher analyzing a customer’s infected computer in Iran. It targeted electronic program controllers built by Siemens AG of Germany that were installed in Iran. The U.S. government also circulated warnings to American businesses about Stuxnet after it was detected.

The White House said Friday it would not discuss whether the U.S. was responsible for the Stuxnet attacks on Iran.

“I’m not able to comment on any of the specifics or details,” White House spokesman Josh Earnest said. “That information is classified for a reason, and it is kept secret. It is intended not to be publicized because publicizing it would pose a threat to our national security.”

Cyberweapons are uncharted territory because the U.S. laws are ambiguous about their use, and questions about their effectiveness and reliability are mostly unresolved. Attackers online can disguise their origins or even impersonate an innocent bystander organization, making it difficult to identify actual targets when responding to attacks.

Viruses and malicious software, known as malware, rely on vulnerabilities in commercial software and hardware products. But it is hard to design a single payload that always will succeed because the target may have fixed a software vulnerability or placed computers behind a firewall.

On the Internet, where being connected is a virtue, an attack intended for one target can spread unexpectedly. Whether a cyberweapon can boomerang depends on its state of the art, according to computer security experts. On that point, there are deep divisions over Flame.

Russian digital security provider Kaspersky Lab, which first identified the virus, said Flame’s complexity and functionality “exceed those of all other cybermenaces known to date.” There is no doubt, the company said, that a government sponsored the research that developed it. Yet Flame’s author remains unknown because there is no information in the code of the virus that would link it to a particular country.

Other experts said it wasn’t as fearsome.

Much of the code used to build the virus is old and available on the Internet, said Becky Bace, chief strategist at the Center for Forensics, Information Technology and Security at the University of South Alabama. Flame could have been developed by a small team of smart people who are motivated and have financial backing, she said, making it just as likely a criminal enterprise or a group working as surrogates could have been responsible.

“Here’s the wake-up call as far as cyber is concerned: You don’t have to be a nation-state to have what it would take to put together a threat of this particular level of sophistication,” said Bace, who spent 12 years at the National Security Agency working on intrusion detection and network security. “There’s no secret sauce here.”

Stuxnet was far more complex.

Still, Stuxnet could not have worked without detailed intelligence about Iran’s nuclear program that was obtained through conventional spycraft, said Mikko Hypponen, chief research officer at F-Secure, a digital security company in Helsinki, Finland. The countries with the motivation and the means to gather that data are the United States and Israel, he said.

“This is at the level of complexity that very few organizations in the world would even attempt,” said Hypponen, who has studied Stuxnet and Flame. “Basically you have to have moles. Most of what they needed to pull this off was most likely collected with what we would characterize as traditional intelligence work.”

The more intricately designed a cyberweapon is, the less likely it will boomerang. Stuxnet spread well beyond the Iranian computer networks it was intended to hit. But the collateral damage was minimal because the virus was developed to go after very specific targets.

“When some of these super sophisticated things spread, it’s bad but it may not have the same impact because the virus itself is so complex,” said Jacob Olcott, a senior cybersecurity expert at Good Harbor Consulting. “It’s designed to only have its impact when it finds certain conditions.”

Israel is a world leader in cybertechnology and senior Israeli officials did little to deflect suspicion about that country’s involvement in cyberweapons. “Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” said Vice Premier Moshe Yaalon, a former military chief and minister of strategic affairs.

A senior defense official involved in Israel’s cyberwarfare program said Friday that, “Israel is investing heavily in units that deal with cyberwarfare both for defense and offense.” He would not elaborate. The official spoke on condition of anonymity because he is not allowed to speak with the media.

Isaac Ben-Israel, an adviser to Israeli Prime Minister Benjamin Netanyahu on cybersecurity issues, declined Friday to say whether Israel was involved with Stuxnet.

It could take years to know who is responsible, which is what is so unsettling about attacks in cyberspace. “We are very good as an industry at figuring out what a piece of malware does,” said Dave Marcus, director of advanced research and threat intelligence at digital security giant McAfee. “But we are less accurate when it comes to saying what group is responsible for it, or it came from this country or that organization.”

___

Associated Press writers Anne Gearan in Washington and Ian Deitch in Jerusalem contributed to this report.

Leave a comment

Google to make product search a paid service

NEW YORK: Google’s free ‘product search’ would soon be a paid service in the US under which merchants and retailers will have to pay for listings of products.

“We are starting to transition Google Product Search in the US to a purely commercial model built on Product Listing Ads. This new product discovery experience will be called Google Shopping and the transition will be complete this fall,” Google Shopping Vice President (Product Management) Sameer Samat said in his blog on Thursday.

The new initiative seen as a step to boost company’s revenue will in addition provide the customers a higher quality shopping experience.

“… shoppers can easily research purchases, compare different products, their features and prices, and then connect directly with merchants to make their purchase,” Samat said. The service will be based on bid price and relevance giving the merchants and retailers a greater control over where their products appear on Google Shopping. Over a period of time they will also have the opportunity to market special offers.

The internet company has begun experimenting with some new commercial formats on Google.com that will make it easier for users to find and compare different products. These include larger product images that give shoppers a better sense of what is available and also the ability to refine a search by brand or product type.

These new formats would be labeled “sponsored”, and take space currently occupied by AdWords. Users maybe able to view details regarding a product in one place and make a decision on the product and merchant of their choice.

“Google Shopping will empower businesses of all sizes to compete effectively and it will help shoppers turn their intentions into actions lightning fast. The changes are a first step toward providing technology, tools and traffic to help power the retail ecosystem,” Sampat said.

, , ,

Leave a comment