Wikileaks’ CIA dump plugs massive Cisco security hole

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

If you look into the core of the Internet or just in a typical corporate or institutional data center, you’ll see rack after rack loaded with switches, routers and other gear made by Cisco. A vulnerability in even one of their products can leave a lot of networks and data open to attack. So you might come to the conclusion that spotting that kind of flaw and fixing it as quickly as possible is matter of national security.

You’d be wrong.

It turns out that more than three hundred Cisco devices can be breached via a cracking technique used by the Central Intelligence Agency and revealed in a massive document dump by Wikileaks. Company researchers have concluded that

  • Malware exists that seems to target different types and families of Cisco devices, including multiple router and switches families.
  • The malware, once installed on a Cisco device, seem to provide a range of capabilities: data collection, data exfiltration, command execution with administrative privileges (and without any logging of such commands ever been executed), HTML traffic redirection, manipulation and modification (insertion of HTML code on web pages), DNS poisoning, covert tunneling and others.
  • The authors have spent a significant amount of time making sure the tools, once installed, attempt to remain hidden from detection and forensic analysis on the device itself.
  • It would also seem the malware author spends a significant amount of resources on quality assurance testing – in order, it seems, to make sure that once installed the malware will not cause the device to crash or misbehave.

There’s a quick way to block it – disable telnet, an ancient and insecure communications protocol – but a permanent fix has yet to be released.

Generally, there are two ways the CIA could have obtained this exploit: either it was developed internally or it was purchased on the black market. If the former, it could have been duplicated by anyone with sufficient skill. If the latter, it means the CIA knew that broad swathes of the world’s IT infrastructure was exposed to anyone with deep enough pockets. In either case, its first duty should have been to plug the hole, and not sit on it until its own firewall was breached.

Middle mile fiber link to California’s north coast gets $47 million

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

The Digital 299 middle mile fiber project will receive a $47 million subsidy from the California Advanced Services Fund. The line begins in Shasta County, just south of Redding where it will connect to long haul fiber on the I-5 corridor, and runs along State Route 299 through Trinity County, ending on the coast in Humboldt County at Eureka, with laterals to a potential submarine cable landing site on Arcata Bay and Humboldt State’s marine lab in Trinidad. It also includes a spur up to Hoopa tribal lands along State Route 96. It’ll be built and operated by Inyo Networks/Praxis Associates, the commonly owned companies responsible for the similar Digital 395 project in eastern California.

The California Public Utilities Commission voted 4 to 1 to approve the grant yesterday, with president Michael Picker voting no. It pays for 70% of middle mile construction costs – $45 million of $65 million total – and 60% of a small last mile build for 300 homes in the Trinity County community of Lewiston, $1.5 million of $2.4 million total. People living in Lewiston will be able to get symmetrical gigabit Internet service for $60 per month.

Originally, Inyo Networks proposed offering this fast and cheap package to a total of 1,000 homes, in Douglas City, Hayfork and Burnt Ranch as well as Lewiston, but it had to slash 700 homes from the last mile component of the project. That was because Frontier Communications protested, promising instead to upgrade broadband speeds to 1,200 homes in the area to 10 Mbps download and 1 Mbps upload speeds. That’s something Frontier has to do anyway, to meet requirements attached to federal broadband subsidies it’s accepted. It’s also below the CPUC’s minimum 6 Mbps download and 1.5 Mbps upload standard, but Frontier dodged around that requirement by telling the CPUC that it “estimates that approximately 70 percent of these households will receive speeds greater than the minimum speed (12 mbps down and 2 mbps up, or higher)”.

The project budget also includes construction of up to 15 towers that would be attached to the network and provide a platform for mobile carriers, public safety radio systems and other wireless services: potential middle mile fiber customers, in other words.

FCC chair needs to upgrade his competitive thinking

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

For a smart guy, Federal Communications Commission chairman Ajit Pai can be awfully obtuse at times. Particularly where telecommunications competition is concerned.

On the one hand he extolls its virtues, saying to a Pittsburgh audience last week that “a competitive free market is crucial to unleashing private-sector ingenuity”. Just so. But in that same speech, he endorsed giving government subsidies to incumbent telephone companies, called for less regulation of those monopolies and ripped the idea that spending money on building competitive infrastructure or supporting new competitors has any value.

You can’t have it both ways. To get from the current model of broadband service – monopolies with deteriorating infrastructure in rural areas and equally predatory duopolies in cities and suburbs – to a free market, competitors have to be nurtured. Otherwise, the only way to ensure access to modern service at affordable and economically justifiable rates in a failed market is via the poor substitute of regulation.

Pai is correct in favoring “light-touch” regulation over the heavier kind, and he seems to prefer no regulation at all. That’s fine too. If there’s sufficient competition to make a free market function.

You can find competition in the mobile broadband industry. The recent return of unlimited data plans is a good example of competitive forces at work. But four national mobile carriers compete for your business.

If there was only one mobile carrier with a national footprint plus one with urban/suburban coverage, you’d have a choice between an mid-speed, mid to high cost plan and a fast, expensive one, as you do with wireline telephone and cable company offerings, respectively. Unless you lived in a rural area where you’d either have nothing at all or slow and expensive service, depending on how the monopoly carrier’s profit maximisation calculations came out.

Rural monopolies and urban/suburban duopolies are the product of more than 100 years of public policy that delivered subsidies, including money and privileged access to public right of ways, to select, regulated cable and telephone companies. The regulation largely ended, but the rents – cash and in kind – continue, and U.S. broadband customers continue to pay the price of monopoly.

Pai needs to understand that if you subsidise something, you get more of it. If he continues to subsidise monopolies and dismiss bona fide competition, costs will continue to rise, and the gaps between the have and have not communities, and between the U.S. and other developed nations, will widen.

All or nothing for Digital 299 tomorrow

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Update, 23 March 2017: the CPUC voted 4 to 1 to approve the Digital 299 grant this morning.

The Digital 299 middle mile fiber system will either get all of the $47 million that its backers are requesting from the California Advanced Services Fund, or it won’t be subsidised at all. The California Public Utilities Commission will make that choice tomorrow, assuming the current schedule holds, when it considers whether or not to fund a 300-mile fiber route that would begin near Redding, where it would connect to existing fiber lines along the I-5 corridor, and run through Trinity County and terminate on the Humboldt County coast, at Eureka and Trinidad.

When it was proposed in August 2015, the applicant – Inyo Networks – asked for a $51 million grant, based on the assessment that the project area was unserved, in other words, there was no broadband service available at all. That would have made the project eligible for 70% funding from CASF. However, after it had been under review for a year and a half – despite the fact that commission rules call for that work to be completed in three and a half months – that figure was trimmed back to $41 million. CPUC staff rated most of the territory as underserved – eligible for only 60% funding – and accepted late objections from Frontier Communications and Charter Communications which resulted in the majority of the included last mile service area being taken out and a reduction in the middle mile subsidy, respectively.

When the Commission first considered the project last month, Inyo Networks and supporters from the Humboldt area asked for $6 million more for the project, as well as easier completion bond requirements. At the time, commissioner Carla Peterman said she’d draft an alternate resolution that would do that. Instead, the original resolution was rewritten – it was published last week, but I missed it – to raise the grant amount and relax bonding specs. That means that there will only be one resolution on the table – the lower cost option is gone, absent a move by commissioners to revive it.

The big question now is whether it can muster three votes. At last month’s meeting, president Michael Picker said he’s “likely to vote against this under any circumstances”, and rookie commissioner Martha Guzman Aceves expressed similar skepticism. That means fellow rookie Clifford Rechtschaffen, Liane Randolph and Peterman will all have to vote yes. Otherwise, Digital 299 dies.

Google says we’re so sorry Kansas City and yanks fiber

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Grab the Google rabbit by the tail and face the situation.

Google’s vague pledge to complete fiber networks it was already building is worthless, it turns out. According to a story by KHSB-TV, residents of some Kansas City neighborhoods who signed up for service but never received it are getting cancellation notices from Google…

Hello,

Thanks for signing up for Google Fiber. Although we’ve been working hard to bring you service, we’re unable to build our network to connect your home or business at this time.

Unfortunately, that means we’ll need to cancel your Fiber account. If you paid a deposit, we’ll refund your deposit amount to your original form of payment in the next two weeks.

If you signed up for our Fiber 1000 or Fiber 1000 + TV plan, your additional 1TB of Google Drive storage will be removed and your storage limits will be set back to the free levels. Everything you have in Google Drive, Google+ Photos and Gmail will still remain intact and be accessible, but you won’t be able to create or add anything new over the free storage limit.

We’re so sorry for any inconvenience we’ve caused you. And we’d like to keep you updated on our progress if we can bring you Fiber in the future. If you would like to be contacted, please sign up for address updates again by checking your address at google.com/fiber/kansascity.

The Google Fiber team

According to a story by Karol Bode in DSL Reports, the company’s PR people are insisting that “Google Fiber loves Kansas City and is here to stay” and pointed to other locations in the metro area where construction continues.

I’d love to speculate about what Google Fiber is really up to, but the likeliest explanation is that it doesn’t know itself. It’s pushing microtrenching in Austin and jumping into the fixed wireless Internet service business in the San Francisco Bay Area. Or at least it will if the California Public Utilities Commission approves its purchase of Webpass on Thursday.

Broadband subsidies should be spent on California’s future

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

There’s more than $100 million left for broadband infrastructure subsidies in the California Advanced Services Fund and the California Public Utilities Commission is considering whether to set its own, statewide priorities for spending it. The first draft of a staff white paper that looks at objective methods of determining those priorities is open for comment, and I submitted three recommendations on behalf of the Central Coast Broadband Consortium on Friday…

  1. Be forward looking in assessing broadband development needs. Adopting the 10 Mbps download/1 Mbps upload speed standard, as the draft white paper in effect does, is a step backward for California, rather than a sorely needed leap forward. The technology and infrastructure required to deliver service at that level is inferior to that required to meet the CPUC’s current minimum service level of 6 Mbps download/1.5 Mbps upload speeds. Likewise, eliminating areas from consideration that are partly served by fixed wireless service will leave hundreds of thousands of Californians with either no broadband access at all or service that has no standards of reliability, affordability or public safety to meet.

    Instead, the commission should base its needs assessment on the availability of service that meets the federal 25 Mbps download/3 Mbps upload standard for advanced services and complies with the same kind of quality, reliability and integrity requirements that the commission mandates for other telecommunications service providers.

  2. Assess social impact as well as economic feasibility. When the CCBC conducted its priority-setting exercise in 2014, we evaluated both the social impact and the economic feasibility of pursuing broadband infrastructure projects in the areas we assessed. The draft white paper properly and cogently assesses economic feasibility, but does not consider social impact.

    We recommend running, as we did, a separate social impact analysis based on population (as opposed to number of housing units or households), number of community anchor institutions, the proportion of the community that would be reached by CASF-funded projects, and median household income. The result would be two analytical tools that could be applied by policy makers, and that could be rolled up, as we did, into a single, unified ranking.

  3. Apply the results of the analysis on a prospective basis. As of today, seven CASF broadband infrastructure grant proposals are pending and have been under review for an average of 435 days, 330 days past the deadline established by Decision 12-02-015 and reaffirmed by Resolution T-17443. Two major projects, Digital 299 and Gigafy Phelan, have been awaiting action for 586 days. These seven projects required hundreds of thousands of dollars and thousands of hours to prepare, and were submitted in reliance on good faith and the published criteria for such grants, as established by the commission.

    The delays and inconsistencies in the review and approval of CASF infrastructure projects has made it very difficult to find capable, reputable and financially able private sector partners. If the commission breaks faith with applicants and applies any new project criteria or priorities retroactively, it will make such recruitment impossible.

The first hint as to what commissioners will do with the remaining CASF money and, perhaps, what they think of the draft methodology should come on Thursday, when they consider a $41 million grant proposal for Digital 299, a northern California middle mile project.

CPUC considers pole access, Google and fiber

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Update, 23 March 2017: the CPUC voted 4 to 1 to approve the Digital 299 grant this morning, and unanimously approved Google’s purchase of Webpass and the enquiry into expanded utility pole access.

Three important decisions are in front of the California Public Utilities Commission this week: a $41 million (or perhaps $47 million) grant for a northern California middle mile fiber project, formally considering whether telephone companies can attach wireless gear to utility poles and what the aesthetic impacts might be, and allowing Google to buy Webpass, a mostly wireless Internet provider that’s also licensed to offer wireline service.

Although the pole access decision is routine – it would not establish new rules, just begin the process – the scope of the commission’s enquiry will be broad. But apparently that’s okay with utility companies, since none filed any objections. You can safely bet, though, that anyone with a stake in wireless services or utility poles will be watching it like a hawk.

The Webpass purchase is also uncomplicated on the face of it. Since Webpass has a CPUC-granted license to operate as a telephone company – a certificate of public convenience and necessity (CPCN) – Google needs permission to take it over. The transaction attracted the attention of a chronic protester, who was ultimately convinced to go away, and it has big implications for both current Webpass customers and Google’s plans (or lack thereof) to be a broadband service provider. Once it owns Webpass and its CPCN, Google can claim all the privileges of a phone company, including potentially the right to hang wireless equipment on utility poles.

Digital 299 is also on the agenda for this week’s CPUC meeting. It’s a proposed 300 mile fiber line linking existing routes that run through the Sacramento Valley along the I-5 corridor to the Humboldt County coast and points in between. There’s a draft decision on the table that would approve a $41 million subsidy from the California Advanced Services Fund, and commissioner Carla Peterman has promised to offer an alternate version that would add another $6 million.

The pole access item and the Webpass transfer are likely to be approved without comment – so far, there’s no indication otherwise – but the Digital 299 project faces an uncertain future. Two commissioners – Martha Guzman Aceves and president Michael Picker – have already expressed opposition. If just one of the three others join them, it’s dead.

G.fast field trial shows both speed and limits

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Strictly for short tracks.

British Telecom – aka BT – is offering real world verification of the speed claims made regarding the G.fast standard, which is technology that’s designed to get fast, fiber-like broadband speeds out of copper wires. The results are encouraging and live up to reasonable expectations, if not all the marketing hype surrounding G.fast.

According to a story by Sean Buckley in FierceTelecom, BT has found that G.fast’s field test results reasonably match laboratory predictions…

The provider is seeing great interest from customers and favorable technical results from its G.fast technology pilot deployment.

BT has been conducting G.fast trials with Nokia’s Alcatel-Lucent subsidiary, Adtran, as well as Huawei.

During its trials, BT found it can deliver about 330 Mbps to a home within 300 meters of a remote terminal (RT) cabinet.

“[Among] the first pilot customers the indications are that the performance of the product over the new equipment is pretty much spot on what we had predicted from the labs in the earlier few trials and I am very pleased with that,” Selley said. “I’m very pleased with where we stand right now on G.fast.”

The G.fast standard has gotten a lot of attention because it’s designed to fit as comfortably as possible into legacy copper networks and standard telco provisioning practices. In other words, it offers a degree of hope to both telephone companies and their customers who currently rely on lagging DSL platforms.

It’s not a substitute for fiber, which supports speeds a thousand times faster over distances a hundred times greater, but it’s better than what telcos have now and keeps them in the same ballpark as cable companies. If they adopt G.fast and make the necessary upgrades to their copper systems. Simply slapping the gear onto existing networks would be like dropping a V-8 engine into a go-kart: amusing but any improvement in performance would be short lived indeed.

Verizon threatens to end NYC FiOS service over lawsuit

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

New York City is suing Verizon for failing to build out fiber to the home service to all residences as promised and Verizon might retaliate by yanking out television service citywide. And stroppy landlords are making it a three-cornered fight.

Like any legal dispute that’s measured in billions of dollars, it’s a complicated affair. But one of the central issues is Verizon’s problems with getting access to apartment buildings and condos – multi-dwelling units (MDUs).

Landlords have not been particularly cooperative. Whether it’s because they have profitable arrangements with other video service providers or they think they can get something out of Verizon or they’re simply being obstinate, they’re preventing a million households from getting FiOS service. At least as Verizon tells it.

As the city sees it, though, Verizon is playing a game. If one landlord blocks access to his property and there are apartment buildings behind it, none of them get FiOS upgrades (h/t to Ars Techica for the documents)…

Verizon’s current position, as stated in correspondence and meetings with the City, is that fulfilling the “premises passed” obligation does not, with respect to a given premises, necessarily involve running fiber immediately in front of or behind the premises. Rather, Verizon has asserted, it should be deemed to have “passed” an individual building if it has run fiber to a nearby intersection and could access the building with further deployment of fiber. In particular, with respect to MDUs, Verizon has argued that an MDU should count as “passed” as long as Verizon intends eventually to run fiber to it, not directly from the street, but rather through an adjacent MDU or a chain of such MDUs, whether or not Verizon has obtained access to any of the MDUs from the property owners.

Verizon responded by saying, in effect, we were so simpatico with New York City that we didn’t have put all that in writing, and threatening to leave the market

Verizon has the option of opening negotiations for a renewal of the Agreement in July. Unfortunately, the City’s intransigence does not create a favorable environment for such negotiations. We would urge the City not to make it impossible for Verizon to continue to provide New York City residents with a competitive alternative to cable TV.

It’s certainly true that landlords can and do block access to competitive broadband companies. San Francisco has taken a different approach and outlawed the practice. That’s yet to be tested in court, though.

Give me the money, then I’ll give it to AT&T says Pai

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

In his “first major policy address” as chair of the Federal Communications Commission, Ajit Pai urged congress to channel broadband infrastructure spending through him. Pai spoke at Carnegie Mellon University in Pittsburgh yesterday, and focused almost entirely on broadband, with particular emphasis on the mobile variety.

Broadband infrastructure is at the top of his policy agenda. If congress decides to fund it, Pai thinks that the FCC should run the program and channel the money through its existing, incumbent-centric subsidy programs

Any direct funding for broadband infrastructure appropriated by Congress as part of a larger infrastructure package should be administered through the FCC’s Universal Service Fund (USF) and targeted to areas that lack high-speed Internet access…

…our track record is frankly better than that of other agencies. The 2009 stimulus bill gave direct funding for broadband deployment to both the Commerce and Agriculture Departments. The Government Accountability Office found that many USDA projects were delayed and dozens wound up being cancelled altogether. Indeed, one profile of the USDA program used the headline “Wired to fail.” And the Commerce Department’s program fared no better—indeed, it’s best known for duplicating existing networks in Colorado and wasteful spending in West Virginia.

Incumbent telephone companies nearly always have first dibs on universal service fund money. To get it, they have a low performance bar to clear. The benchmark for the Connect America Fund program is 10 Mbps download and 1 Mbps upload speeds, for example, and there’s no requirement that they build or upgrade infrastructure beyond the absolute minimum needed. For AT&T, that can mean yanking out wireline networks and replacing them with fixed wireless access points bolted onto existing cell towers.

At this point, though, there’s no money on the table. A $20 billion broadband infrastructure program – run through the commerce and agriculture departments, as it happens – has been floated by U.S. senate democrats but not yet drafted into bill language and not likely to get far in a republican majority congress.