Categories
News

Dutch ISP Hits Spamhaus With Police Complaints

 by Tom Jowitt

A Dutch ISP has filed two police complaints against Spamhaus, telling eWEEK Europe that its CEO is “nuts”

A Dutch Internet Service Provider, A2B, has filed two complaints with the police against anti-spam outfit the Spamhaus project, which is based in Geneva, Switzerland.

Spamhaus touts itself as an international non-profit organisation whose mission is to track the Internet’s spam operations and sources. Some ISPs use its blacklisting services to reduce the amount of spam they have to deal with.

Meanwhile, A2B is a Dutch ISP that provides the upstream connection for a number of data centres.

Blackmail Allegation

Speaking to eWEEK Europe UK, the director and owner of A2B, explained why he had decided to file two complaints with the Dutch police about Spamhaus, accusing it of “blackmail”, after it added all of A2B’s IP addresses to its SBL blacklist.

The problem began after Spamhaus asked A2B to block all the data traffic from the German ISP Cyberbunker, claiming the latter had been engaged in spamming. But A2B told eWEEK Europe that it decided to block only the particular IP address that Spamhaus had identified as a source of spam.

But this cut little ice with Spamhaus, which promptly added all of A2B’s IP addresses (for all of its customers) to its blacklist. After about 24 hours, A2B gave in and blocked all of Cyberbunker’s traffic, after which the blacklist entry was removed.

A2B sees this as proof it had been extorted and that the listing was not based on the ISP being involved in spamming. It claims Spamhaus’s actions were unfair and illegal.

“We are an ISP that provides upstream connections to our clients (mostly data centres),” explained A2B owner Erik Bais. “One of our data centre clients had another client, who was the original target of this problem.”

“Basically what happened is that instead of asking us to deal with it (by removing the offending IP address), Spamhaus told us that it wants that particular customer off the Internet, or we list all your customer’ IP addresses on our blacklist,” Bais said.

“This forced us to drop this particular customer’s IP address, but this IP address had nothing to do with where the spam message had originated from,” said Bais. “Suddenly all of our innocent customers were asking us what is going on, as their email connections were suddenly not working.”

No Legal Reason

“Spamhaus is blackmailing us because they forced us to do something for no legal reasons,” insisted Bais. “We checked and that customer had not violated our strict abuse policy, and it was absolutely not doing anything illegal.

“However Spamhaus said to us ‘you must do this or your customers will not have any email service’,” said Bais. “They deliberately denied email services to those that had absolutely nothing to do with spam.

“Consequently I filed two complaints with the Dutch police. The first complaint is a blackmail complaint against Spamhaus. And the second complaint is that Spamhaus has denied services to our customers, and denied them to have regular email traffic.”

Non-Civil Response

Bais also went on to accuse Spamhaus of responding to his emails on the subject in a “non-civil manner.”

“I emailed Spamhaus CEO Steve Linford,” said Bais. “He responded by actually stating that ‘our policies are our policies we don’t care about your local laws’”.

According to Bais, Linford then told A2B that it must either follow the Spamhaus abuse policy or find itself on the blacklist.

“There are very strict rules about spam in the Netherlands, and indeed in Europe. Internally we also have very strict abuse policies, but I was very shocked at his response, as he (Linford) thinks he is above the law. This has to stop, as the guy is nuts,” said Bais.

“I actually stated in my email correspondence with Spamhaus that I was not trying to shut you down, or seeking financial compensation, as I want it resolved between us, but you need to adjust your policy because using a blacklist is all about your reputation,” said Bais. “By doing this, Spamhaus is ruining its own reputation, not mine.”

Bais said that at the end of this month he will be addressing an anti-abuse workgroup in Vienna (Austria) about this incident. “We are going to address this to the whole IT community and ask them to decide who is right and who is wrong. We are going to ask the IT community if Spamhaus is out of line, or if they need to limit themselves to just the offending ISP address in this case. This needs public discussion, but I am pretty sure which way it will go, as the community will say that Spamhaus is out of line here.”

Spamhaus did not respond to eWEEK Europe at the time of writing.

Updated: Spamhaus has responded to eWEEK Europe’s request, dismissing A2B’s claims as “rubbish”.

“If The Netherlands had penalties for wasting police time, Dutch ISP ‘A2B Internet’ would be looking at a hefty fine,” said Linford in an email.

Categories
News

British Man Impaled By Laptop

 by Tom Jowitt

A Briton living in New Zealand has suffered a bizarre injury after he was impaled by his laptop computer

A British man in New Zealand is recovering after suffering a freak injury caused by his laptop computer.

According to the New Zealand Herald newspaper, 52 year old William Warner suffered a horrendous hand injury after the DVD drive of his Toshiba laptop fired out a piece of metal which impaled his palm.

According to the newspaper report, Warner works as a driver in the Whangaparaoa area near Auckland. The Briton said that he had placed a disc on the DVD tray of his laptop, and was in the process of closing the drawer when a sharp piece of metal shot out and pierced his right palm.

Metal Spike

“I looked at my palm and I was wondering, God what just happened?” he is quoted as saying. “Then the pain … became excruciating and I had to be rushed to hospital.”

Warner was apparently taken to North Shore Hospital, where the 11cm metal spike was removed. His treatment included having a bone fused as well as stitches.

It seems that the metal spoke was part of the track holder of the DVD tray.

The accident reportedly happened a year ago, and Warner has been seeking compensation from Toshiba for the injury, after discovering from his doctors that the after effects may be permanent.

Warner states that he is struggling to complete simple chores.

“I’ve been told I can no longer fish or play golf, and even writing for me now is a struggle,” Warner reportedly said.

“I can’t believe that trying to play a DVD on the laptop would land me with injuries that ended the use of my right hand as I know it,” he said.

Replacement Laptop

Warner had first complained to the store where he purchased the laptop. He was asked to email the details so the problem could be raised with Toshiba.

Toshiba’s first response was apparently to offer Warner a replacement laptop, but he has since been negotiating for financial compensation.

The New Zealand Herald quoted Toshiba’s marketing communications manager, Mariana Thomas as saying that the company was aware of the case but would not make any further comment as it was in discussions with Mr Warner.

“Toshiba does not believe that the circumstances of the case raise any general safety issue with its products and stands behind their safety,” Thomas reportedly said. “We are not aware of any incident with a Toshiba product resulting in a person suffering injuries of a similar nature in New Zealand or elsewhere in the world.”

Hard To Verify

Of course incidents like this can be very hard to independently verify. Most injuries associated with laptops tend to be physical burns.

In June for example HP recalled 162,000 lithium-ion laptop batteries after a number of people reported incidents of injuries and burns affecting batteries that hadn’t been included in an earlier recall.

Prior to that, HP announced a recall programme in May 2010 affecting about 54,000 batteries, which itself followed on from a May 2009 recall affecting about 70,000 batteries, according to the US Consumer Product Safety Commission (CPSC).

Acer, Toshiba and Sony have also previously issued recalls for overheating machines.

In September 2010, 59-year-old Eileen Visser, a former school inspector sued her former employer Ofsted in the High Court for breaching safety regulations. Visser blamed her company’s laptop for causing a fire at her thatched cottage that resulted in more than £350,000 damages.

eWEEK Europe was unable to contact Toshiba UK for comment at the time of writing.

Categories
News Search Engines Security

Jeremy Hunt To Press Google On Copyright

 by David Jamieson

The culture secretary wants a new front in the war on online copyright infringement with the help of Google

The government is set to press Google to start pulling its weight in the fight against online piracy this week.

The call for more to be done will come in a speech from secretary of state for culture, media and sport Jeremy Hunt in Cambridge tomorrow, reports the Financial Times.

Hunt is expected to tell the Royal Television Society that search engines, advertisers and credit card companies should go further to “make life more difficult” for online pirates.

According to reports, if a court deems a site to be unlawful the government wants search engines to push it down the rankings to stifle traffic and at the same time cut off advertising or payment revenues to make the site economically unviable.

In the absence of an industry-led solution the government is apparently prepared to use the upcoming Communications Bill to legislate on the issue. The government has previously demanded that ISPs cut off pirate sites and users who infringe copyright, but this has been challenged in court by BT and TalkTalk – and ISPs have proposed an independent watchdog with the power to blacklist sites.

Equal rights

Hunt (pictured) will reportedly say that online businesses deserve the same legal protection and rights as offline, physical ones.

“We do not allow certain products to be sold in the shops on the high street, nor do we allow shops to be set up purely to sell counterfeited products. Neither should we tolerate it online,” the Financial Times expects him to say.

“The government has no business protecting old models or helping industries that have failed to move with the times. But those new models will never be able to prosper if they have to compete with free alternatives based on the illegal distribution of copyrighted material.”

The government has promised to table the new Communications Bill this parliament.

Pressuring search engines rather than ISPs over copyrighted content is a new approach for the government and opens up another front in the war against illegal content.

In July, Hollywood finally won a protracted legal bid to compel BT to block access to file-sharing site Newzbin which linked to copyright content around the Internet.

The ruling prompted fears from digital rights activists over the precedent set for other Internet service providers, potentially paving the way for further website blocking.

The Daily Telegraph reports that Google claims it already deals with requests from copyright holders within four hours.

In the US, the Departmebnt of Justice has fined Google £300 million for displaying adverts from Canadian online pharmacies, for products which it is illegal to sell in the US. Investors have sued the search giant over the incident.

Categories
Legal News

Nominet Considers Criminal Domain Takedown Rules

 by Matthew Broersma

Police could request a domain be blocked without a court order, if new proposals are adopted

Nominet, the registrar that handles .uk domains, is moving ahead with proposed rules (PDF) that could allow law enforcement agencies to request a domain be shut down without a court order.

The registrar launched the process in response to a request from the Serious and Organised Crime Agency (SOCA). Currently Nominet’s rules don’t allow for domains to be shut down for criminal reasons, though in the past it has blocked domains at the request of law enforcement agencies on the pretext that they provided false contact details.

Limited application

Suspension of a domain will not require a court order but should be limited to circumstances where necessary “to prevent serious and immediate consumer harm”, according to Nominet.

The draft proposal would establish a process under which law enforcement agencies would request a domain be blocked in cases where “suspension is proportionate, necessary, and urgent”.

The policy would cover cases in which a site is involved in crimes covered under the Serious Crimes Act 2007, including fraud, prostitution, money laundering, blackmail and copyright infringement.

Nominet would only accept take-down requests from law enforcement bodies with which it has a trusted relationship.

The policy would allow for appeals and would not allow take-down requests related to “disputes between private parties, freedom of expression or political speech, or requests relating to offences where prosecution would require the authorisation of the Attorney General or the Director of Public Prosecutions”, Nominet said.

Nominet’s director of policy, Alex Blowers, said the policy was intended for cases where the delay needed to obtain a court order would allow damage to consumers.

Copyright enforcement

While the policy advisory group has taken input from the Alliance Against IP Theft, Blowers said the policy wasn’t intended for private copyright enforcement.

An advisory group was formed in March, chaired by Dr Ian Walden, a professor of communications law at Queen Mary University of London, and including members from law enforcement, ISPs, domain regsitrars and academia.

The group’s draft recommendations have now been published and Nominet is seeking feedback from stakeholders ahead of a 21 September meeting, where the issue will be discussed before submitting recommendations to the Nominet Board.

If adopted the rules could go into effect by the end of the year, and will be subject to an annual review.

Categories
News

Scavenging Free Green Power From Radio Waves

 by Eric Doyle

Radio wave propagation may be a form of pollution but it could be a source of free, ubiquitous energy

A free, green way to harvest energy from the radio waves all around us has been developed by a research team from Georgia Tech School of Electrical and Computer Engineering.

On a waveband basis, the available power is low, but there is a lot of it about with mobile phones, TV transmissions, satellite communications systems and Wi-Fi, to mention but a few, the air is full of radio waves. By scavenging this ambient energy, its AC pulses can be converted into DC power for storage in super capacitors or batteries.

A Revolution In Small Low-Energy Gadgets

For several years, the Georgia tech team has been working on very low-cost transducers that can tap into these transmissions and could result in a free, constant flow of electricity to power-up improved devices such as RFID tags, environmental monitors and medical sensors. It could even provide the power to add security to a new generation of RFID tags.

“There is a large amount of electromagnetic energy all around us, but nobody has been able to tap into it,” said Manos Tentzeris (pictured left), a professor and research leader in the Georgia Tech School. “We are using an ultra-wideband antenna that lets us exploit a variety of signals in different frequency ranges, giving us greatly increased power-gathering capability.”

The antennas will be low-cost to produce, he said, and the research units are printed using ordinary ink-jet machines using a nanoparticle “ink”. The substrate is either paper or a flexible polymer. The ink is described as “a unique in-house recipe” containing silver nanoparticles and/or other nanoparticles in an emulsion. This not only allows RF components and circuits to be printed but also opens up the possibilities of novel sensing devices based on carbon nanotubes and other nanomaterials.

Many different frequency ranges are used by communications devices. The team’s scavenging devices can capitalise on frequencies from FM radio to radar, a range spanning 100MHz to 15GHz) or higher. The antennas can be tuned for use in specific environments, such as an airport where radar and fixed comms channels are major sources of free energy.

Scavenging Frequency Range Rapidly Increasing

When the research group began ink-jet printing antennas in 2006, the paper-based circuits only functioned at frequencies of 100 or 200MHz, recalled Rushi Vyas (pictured with Tentzeris), a graduate student who is working on the project.

“We can now print circuits that are capable of functioning at up to 15GHz-60GHz if we print on a polymer,” Vyas said. “So we have seen a frequency operation improvement of two orders of magnitude.”

Experiments using the transmission bands from a TV station half a kilometre away from the test site have yielded hundreds of microwatts of power. This was sufficient to run a temperature sensor but multi-band systems are expected to generate a milliwatt or more. The group is planning another demonstration where a microprocessor-based microcontroller would be activated simply by holding it in the air.

Super-capacitors may be used to power devices requiring above 50 milliwatts in a cycled operation. When power builds up to a preset level in the capacitor, it will be used to power the device and then will recharge.

The scavenging device could piggy-back solar energy panels so that, when the system stops generating power at sundown, the wireless energy could be used overnight to increase the battery charge or to prevent power leakage. The devices would also be useful in remote areas where an outage of a traditional power source could be flagged by sending a distress signal from an antenna-powered unit.

The possibilities are even more interesting in the world of RFID tags. Having a handy power supply attached would allow more features to be included in the tag. However, combining RFID tagging with sensors could offer even better returns.

Transportation of food is expensive and can be hit by strikes, vehicle or refrigeration breakdowns, traffic or timetable delays, and many other problems. Using radio-powered RFID tags linked to similarly-powered sensors would enable real time monitoring of any degradation in the cargo.

This possibility is not new but current systems rely on monitors using environmentally-damaging and more-costly batteries that have to be replaced from time to time.

Tentzeris said that self-powered, wireless, paper-based sensors will soon be widely available at very low cost but did not express a specific timeframe.

Categories
News

Survey: Consumers Want iPhone 5, Sight Unseen

 by Clint Boulton

Apple’s iPhone 5 is seeing heavy demand from consumers, even though they know nothing about it

Apple’s iPhone 5 is rumoured to be hitting the market this autumn, and the anticipation of what new perks Apple’s next-generation smartphone might offer users continues to percolate.

So frenetic is the fever pitch that 35 percent of nearly 3,000 US consumers surveyed online said they would buy the iPhone 5 upon its release later this year, according to Experian’s PriceGrabber shopping website.

Sight unseen

That means more than one-third of 2,852 people who filled out an online survey from 1 July through 11 July said they would buy the phone without ever having tried it. Fifty-one percent of respondents said that they will buy the smartphone within the first year of release.

Some 30 percent will purchase the device before the end of 2011, while 14 percent will buy it within the first month. Only 7 percent of those polled said they will buy it within the first week, a number that may change as they see friends, family and colleagues with the shiny new iPhones this fall.

It should be noted that those surveyed were clearly enamoured of Apple products.

PriceGrabber said that 48 percent of people polled said they preferred Apple’s iOS platform, compared to 19 percent who picked Google’s Android OS; 7 percent who chose Microsoft Windows; and 6 percent Research in Motion’s Blackberry.

Moreover, 69 percent of consumers indicated that they would prefer Apple’s iPhone 5 as a gift.

That compares to only 7 percent who claimed that they wanted Motorola’s forthcoming Droid Bionic, and only 4 percent opting to receive the Samsung Galaxy S II, perhaps the most heralded and anticipated Android smartphone that has yet to launch in the US.

Brand strength

The pledged purchasing faith in the iPhone 5 and clear iOS preference is a testimony to the power of Apple’s strong product brand, as well as the well-worn faith that Apple-focused and gadget blogs are correct in their early scoops.

For example, it is believed the iPhone 5 will include Apple’s new iOS 5 operating system paired with a faster processor and an 8 megapixel camera. A new, teardrop-shaped design may be featured as well.

Consumers are apparently looking for the little things in the new iPhone 5; some 59 percent of PriceGrabber respondents cited better battery life, with 55 percent looking for a less expensive iPhone.

Some 46 percent said that 4G network compatibility was important to them, while 45 percent are hoping for a larger screen. About 42 percent would like an improved camera, something they will likely see.

4G and a larger screen, however, haven’t been rumoured to be part of the new phone.

Categories
Uncategorized

Google Redesign Backs Social Effort

 by Clint Boulton

The Google search pages have been tidied up, and it’s designed to boost the use of the Google+ social tools, says Clint Boulton

A redesign of Google’s user interface would normally be big news, but this week a fairly major change has been swamped by the hype regarding Google’s move into social media.

This week, Google announced changes to the Google.com homepage, Google Search and Google Maps, but they have been largely overlooked with the arrival of Google+, a software suite aimed at raising Google’s credibility in social media – by providing a more private, controlled social experience than Facebook currently provides.

Ironically, Google+ has a huge impact on Google’s Web services, but so far it will be limited to the users who have been invited to participate in the field test.

Shifting the furniture around

The new Google homepage sports a smaller logo, with links for the Web, images, maps and other search options moved to the top, and links for advertising, business partners and company information pushed to the bottom edges of the browser.

Google hopes this redesign provides a cleaner look. What the vast majority of Google Web services users can’t see – and people on the Google+ trial can see – is that Google+ has ostensibly taken over the top toolbar in the browser.

Those who are currently involved in the trial see their Google+ profile name as the first link in the top left toolbar when they are signed into their Google accounts. Search Engine Land has screen shots.

Moreover, to the far right of this toolbar is the user’s Google+ profile picture, a drop-down navigation bar to access their profile, Google+ contacts and account settings, a notification button and a share button.

Much like Facebook’s vaunted status update capability, the share button lets users post Web links, photos, videos and their location.

Making Google+ convenient

This move, which is clean and simple enough to anyone fluent in social software, is clearly aimed at making the Google+ social tool convenient to access for participating users, though this isn’t yet addressed in the redesign blog posts.

Clean yet elegant design is also core to Google Search, which also sports some changes this week. For example, the results page will soon feature a gray bar and a blue search button to highlight the search box.

The left-hand panel of search tools, which Google made a major upgrade to in 2010, now has muted colors, with bolder colors used to highlight action buttons, tools and filters.

The URL has also been relocated directly beneath the headline for each search result, bumping the search snippets lower.

Google Maps is also getting some new design tweaks, though these may be less discernible to anyone other than Maps power users. Check out the streamlining in this search for “oysters Portland maine”  before and after the changes.

Categories
Google News

IPv6 Day Is Hailed As A Qualified Success

 by Eric Doyle

World IPv6 Day passed by quietly, so the new protocol works, but there were still low traffic volumes

Donn is glad the Internet didn’t break today.

These were the sign-off words at the end of World IPv6 Day from Donn Lee, senior network engineer for Facebook’s Network Engineering Team.

Earlier yesterday, like over 400 of his peers, Lee located the red button, closed his eyes in silent prayer to Saint Vint (Cerf) the patron saint of mobile bits and bytes, and, with a single finger, symbolically pushed the world into a new era of networking.

Without the dramatic licence, June 8 was the day the world went IPv6 for the 24 hours, between 00:00 and 23:59 GMT.

Small Tremor, Not Many Injured

It was less of a gamble than Lee makes out because months of testing assured network managers that it would work, but there was a collective intake of breath nonetheless.

“We’re pleased that we did not see any increase in the number of users seeking help from our Help Centre. The estimated 0.03 percent of users who may have been affected would have experienced slow page loads during the test,” noted Lee.

The same glorious anticlimax was echoed across the Web as the new hexadecimal IP addresses held strong. The accepted figure for those who would experience problems is 0.05 percent which equates to just over a million users. Many of these would have experienced extended wait times or complete failure to load a Web page.

Since many adversely affected users will not report the fault or may not have been online during the 24-hour period, the figure has to be accepted on trust. The test participants, however, did seem satisfied with their results.

“We carried about 65 percent more IPv6 traffic than usual, saw no significant issues and did not have to disable IPv6 access for any networks or services,” observed Google’s Lorenzo Colitti, network engineer and ‘IPv6 Samurai’. “Over the next few weeks, we’ll be working together with the other participants to analyse the data we’ve collected but, at least on the surface, the first global test of IPv6 passed without incident.”

The Waiting Game Continues

This was just a test. A significant test but the reality in the UK is that few ISPs support the protocol. Entanet is one of the few who do. In a blog the ISP commissioned from Iain Shaw, managing director of leading UK buying group Brigantia, he explained the reasoning:

“The ISPs complain that hardware manufacturers have not yet developed enough supporting hardware to accommodate demand and therefore justify their investment in moving to IPv6, whilst the hardware manufacturers argue that they shouldn’t be developing the hardware until the networks can support it.”

It is a classic standoff, as ISPs and manufacturers watch and wait till one of them blinks – but fortunately, the hardware-makers have global interests so the UK market could be drip-fed products produced for the growing world market for IPv6 routers. Then it will be up to the ISPs to bite the bullet and decide how to upgrade their customers.

With IPv4 addresses running dry and none being available on the open Regional Internet Registry (RIR) market, time is running out. Version 4 and version 6 are incompatible so, for a while, dual stacks will be used to cater for the parallel systems but there is a danger that the end-users will suffer before any action is taken.

Is No News Good News?

For the time being the pain threshold is a long way off and the big news for World IPv6 Day is that there is no news – which means that the test was passed with flying colours.

“As we watched the various test sites and dashboards move to ‘green’ status for IPv6, sighs of relief were heard, followed by a sense of great satisfaction among everyone involved. twenty-four hours later, no major issues have been reported,” blogged Mark Townsley, a Cisco distinguished engineer with responsibility for the company’s IP switch-over. “All in all, World IPv6 Day seems to have gone off without a hitch.”

As a footnote, the IPv6 traffic accounted for around 0.3 percent of Internet traffic. According to Cisco’s recent Visual Networking Index, that means three petabytes of traffic from the estimated one exabyte of traffic per day – so the test was hardly exhaustive.

At Facebook, Lee reckoned that a million of the sites 250 million daily visitors (0.4 percent) connected via IPv6.

Categories
Infrastructure News Security

IPv6 Traffic Remains Minuscule

 by Fahmida Y Rashid

Despite growing interest in IPv6, the traffic over the protocol remains less than 1 percent of overall online traffic, Arbor Networks has found

Even though the number of available IPv4 addresses are dwindling faster than expected, the move to IPv6 remains sluggish, according to a recent study from Arbor Networks.

In a study of native IPv6 traffic volumes across multiple large carriers, IPv6 adoption remains minuscule as a result of technical and design challenges, no economic incentives, and a dearth of IPv6 content, according to the Arbor Networks study released on 19 April. During the six-month study period, Arbor Networks researchers found that traffic over IPv4 networks grew by an average of 40 percent to 60 percent while IPv6 traffic actually decreased by an average of 12 percent proportionately because it was not growing fast enough in comparison to IPv4 traffic.

Rising IPv6 traffic

“Despite 15 years of IPv6 standards development, vendor releases and advocacy, only a small fraction of the Internet has adopted IPv6,” said Arbor Networks chief scientist Craig Labovitz.

While actual IPv6 traffic volumes have gone up, it has shrunk as a percentage of all Internet traffic, to a mere 0.25 percent of all net traffic, Labovitz said. The top IPv6 applications are largely peer-to-peer applications such as BitTorrent, accounting for 61 percent of traffic. In comparison, peer-to-peer networks account for 8 percent of IPv4-based traffic. Web traffic makes up the second largest block of traffic on both IPv4 and IPv6 networks, but the differences are still striking. HTTP traffic accounts for 19 percent of IPv4 traffic, compared to a mere 4.6 percent over IPv6.

Online video, such as Netflix, YouTube and web video, accounted for a little less than half of IPv4 traffic, but they didn’t even make a dent over IPv6. It’s ironic considering Netflix is one of the few major companies with an IPv6-accessible website.

Users and businesses that are interested in migrating, but stymied by their ISP’s lack of IPv6 offerings, can use tunnels to get IPv6 connectivity. Arbor examined the total IPv6 traffic over a specific 24-hour period in February and found over 250,000 such tunnels. More than 90 percent of the tunnels belonged to five major tunnel brokers, including Hurricane Electric, Anycast and Microsoft’s Teredo service.

The Arbor research highlighted the fact that most companies and ISPs are way behind in their transition plans to move their networking infrastructure to the newer address space. This is worrying in light of the fact that the remaining IPv4 addresses are running out faster than predicted.

ICANN (Internet Corporation for Assigned Names and Numbers) allocated the last blocks of IPv4 addresses to the five regional internet registries in a public ceremony on 3 February.

While existing sites will continue working just fine even when the last IPv4 address has been assigned, any organisations wanting to expand or add new capabilities will be unable to without transitioning their network infrastructure to IPv6.

IPv4 exhaustion

In fact, that’s more or less the case for Asia-Pacific businesses. The Asia Pacific Network Information Centre, the RIR responsible for assigning IP addresses to the region, announced the release of its last available batch of IPv4 addresses on 15 April. While analysts had predicted APNIC would run out of the IP address blocks first, the predictions had estimated the supply would last till the summer.

“Considering the ongoing demand for IP addresses, this date effectively represents IPv4 exhaustion for many of the current operators in the Asia Pacific region,” said APNIC director general Paul Wilson.

APNIC have placed the remaining IPv4 addresses under limited distribution. “From this day onwards, IPv6 is mandatory for building new Internet networks and services,” Wilson said.

Asia-Pacific is well on the way to become the first “IPv6-enabled region”, but businesses need to begin the migration if they haven’t already done so in order to “remain viable”, according to Wilson.

The American Registry for Internet Numbers received 253 requests for IPv6 address blocks from internet service providers in the first quarter of 2011, compared to 134 requests in the last quarter of 2010. It’s not just ISPs talking about IPv6, as ARIN also received 247 end-user requests for IPv6 address space in the first quarter 2011, compared to 103 requests in first quarter 2010. ARIN received a total of 434 requests from ISPs in 2010, and expects requests to exceed that in 2011.

The upcoming “World IPv6 Day” on 8 June marks “a major milestone in the Internet’s evolution”, Labovitz said, because it will force businesses and ISPs to stress test the global network infrastructure. “Will the flood of IPv6 traffic result in network failures? As an industry, we’re not sure,” Labovitz concluded.

Categories
News

HTTPS Bug Disrupts Secure Hotmail Service

Microsoft turned off HTTPS access for Hotmail in some countries, leaving emails open to interception

Hotmail users in the Middle East, Africa and Asia had secure access to their email accounts disabled on Friday 25 March, after Microsoft turned off its ‘use HTTPS automatically’ setting.

The move – initially reported by Jillian C. York, who writes for Al Jazeera English – could potentially have allowed government-controlled ISPs to eavesdrop on sensitive communications. The problem was reported in more than a dozen countries, including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan.

Hotmail users with their location set to any of these countries, who attempted to turn on the always-use-HTTPS feature in order to read their mail securely, received an error message that said: “Your Windows Live ID can’t use HTTPS automatically because this feature is not available for your account type.”

York pointed out that users in the affected countries were able to overcome the problem by changing their location setting, indicating that users had been barred from HTTPS by their stated location rather than by IP address.

An inconvenient truth

Microsoft responded to the issue late on Friday, with a statement on one of its technical help sites.

“We are aware of an issue that impacted some Hotmail users trying to enable HTTPs.  That issue has now been resolved,” read the statement. “Account security is a top priority for Hotmail and our support for HTTPS is worldwide – we do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world.  We apologize for any inconvenience to our customers that this may have caused.”

However, some online commentators have pointed out that, for many people in the affected countries, this mistake could be far more than an inconvenience – and could even lead to political activists being rooted out and forced to face the consequences.

“For Microsoft to take such an enormous step backwards – undermining the security of Hotmail users in countries where freedom of expression is under attack and secure communication is especially important – is deeply disturbing,” wrote EFF International activist Eva Galperin on the Deeplinks blog.

Microsoft introduced the always-use-HTTPS feature for Hotmail in November 2010, enabling users to protect their sensitive communications from hijackers and fraud. The move followed Google’s decision to switch HTTPS to always-on by default for Gmail users earlier that year.

Facebook meanwhile, recently increased the security of its account log-ins, reportedly following attempts by the Tunisian government to capture login details of all Facebook users.

“By using a connection with advanced security features, you can be even more confident that your account is safer from hijackers and your private information is less likely to fall into someone else’s hands,” blogged Dick Craddock, group programme manager for Windows Live Hotmail, at the time.

Ensuring anonymity on the web

In related news, the Free Software Foundation has honoured the Tor Project – which works to ensure anonymity online and defend users against network surveillance and traffic analysis – at its latest annual award ceremony. According to the FSF, the technology “proved pivotal in dissident movements in both Iran and more recently Egypt”.

Despite attempts by the Egyptian government to block online communications during the recent political protests, the Tor Project helped to ensure privacy and anonymity on the web.

The Tor Project received the foundation’s Award for Projects of Social Benefit, which in previous years has gone to the Internet Archive, Creative Commons, Groklaw and Wikipedia.