Home Tags Tunnel

Tag: Tunnel

Use of DNS Tunneling for C&C Communications

Often, virus writers don't even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don't fall into either of the categories.

Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server.

Downloads of VPN-equipped Opera browser double after Congress revokes Internet privacy...

Opera Software today boasted that the number of new U.S. users of its namesake browser more than doubled days after Congress voted to repeal restrictions on broadband providers eager to sell customers' surfing history.Opera debuted a VPN -- virtual private network -- a year ago, and finalized the feature in September.

A VPN disguises the actual IP address of the user, effectively anonymizing the browsing, and encrypts the data transmitted to and from sites, creating a secure "tunnel" to the destination.[ Also on InfoWorld: Want privacy? Congress says you'll have to pay for it. |  Read 'em and weep: 5 ways your ISP is screwing you. | 5 more ways your ISP is screwing you. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]By using a VPN, U.S. users block their Internet service providers (ISPs) from recording their online activity.To read this article in full or to leave a comment, please click here

Pushing apps to the edge, Fly.io puts middleware in the cloud

New service puts logic closer to users, aims to be "global load balancer" for apps.

ATM hackers release cold, hard cash at the click of a...

The ATMitch heist has shown attackers are now able to remotely create an ATM tunnel to financial reward with little effort.

Prysmian to realise a new interconnector between France and the UK...

The project, awarded by ElecLink to a consortium of Prysmian and Balfour Beatty is worth approximately 219 m € in totalThe HVDC interconnector will increase the energy exchange between the two countriesMilan, 23 February 2017 – Prysmian Group, world leader in the energy and telecom cable systems industry, has been awarded a new important contract - in consortium with the leading international infrastructure group Balfour Beatty - for the realisation of a new High Voltage... Source: RealWire

Fileless attacks against enterprise networks

This threat was originally discovered by a bank’s security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry.

Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim’s host to the attacker´s C2.

Hyperloop pod competition yields a few outstanding models, tunnel announcement

Student, private research teams show off engineering prowess. Bonus: Musk announces tunnel.

How—and why—you should use a VPN any time you hop on...

One of the most important skills any computer user should have is the ability to use a virtual private network (VPN) to protect their privacy.

A VPN is typically a paid service that keeps your web browsing secure and private over public Wi-Fi hotspots.
VPNs can also get past regional restrictions for video- and music-streaming sites and help you evade government censorship restrictions—though that last one is especially tricky. The best way to think of a VPN is as a secure tunnel between your PC and destinations you visit on the internet. Your PC connects to a VPN server, which can be located in the United States or a foreign country like the United Kingdom, France, Sweden, or Thailand. Your web traffic then passes back and forth through that server.

The end result: As far as most websites are concerned, you’re browsing from that server’s geographical location, not your computer’s location. We’ll get to the implications of a VPN’s location in a moment, but first, let’s get back to our secure tunnel example. Once you’re connected to the VPN and are “inside the tunnel,” it becomes very difficult for anyone else to spy on your web-browsing activity.

The only people who will know what you’re up to are you, the VPN provider (usually an HTTPS connection can mitigate this), and the website you’re visiting. A VPN is like a secure tunnel for a web traffic. When you’re on public Wi-Fi at an airport or café, that means hackers will have a harder time stealing your login credentials or redirecting your PC to a phony banking site. Your Internet service provider (ISP), or anyone else trying to spy on you, will also have a near impossible time figuring out which websites you’re visiting. On top of all that, you get the benefits of spoofing your location.
If you’re in Los Angeles, for example, and the VPN server is in the U.K., it will look to most websites that you’re browsing from there, not southern California. This is why many regionally restricted websites and online services such as BBC’s iPlayer or Sling TV can be fooled by a VPN.
I say “most” services because some, most notably Netflix, are fighting against VPN (ab)use to prevent people from getting access to, say, the American version of Netflix when they’re really in Australia. For the most part, however, if you’re visiting Belgium and connect to a U.S.
VPN server, you should get access to most American sites and services just as if you were sitting at a Starbucks in Chicago. What a VPN can’t do While VPNs are an important tool, they are far from foolproof. Let’s say you live in an oppressive country and want to evade censorship in order to access the unrestricted web.

A VPN would have limited use.
If you’re trying to evade government restrictions and access sites like Facebook and Twitter, a VPN might be useful.

Even then, you’d have to be somewhat dependent on the government’s willingness to look the other way. Anything more serious than that, such as mission-critical anonymity, is far more difficult to achieve—even with a VPN. Privacy against passive surveillance? No problem. Protection against an active and hostile government? Probably not. HideMyAss A VPN service provider such as HideMyAss can protect your privacy by ensuring your internet connection is encrypted. The problem with anonymity is there are so many issues to consider—most of which are beyond the scope of this article. Has the government surreptitiously installed malware on your PC in order to monitor your activity, for example? Does the VPN you want to use have any issues with data leakage or weak encryption that could expose your web browsing? How much information does your VPN provider log about your activity, and would that information be accessible to the government? Are you using an anonymous identity online on a PC that you never use in conjunction with your actual identity? Anonymity online is a very difficult goal to achieve.
If, however, you are trying to remain private from prying eyes or evade NSA-style bulk data collection as a matter of principle, a reputable VPN will probably be good enough. Beyond surveillance, a VPN also won’t do much to keep advertisers from tracking you online. Remember that the website you visit is aware of what you do on its site and that applies equally to advertisers serving ads on that site. To prevent online tracking by advertisers and websites you’ll still need browser add-ons like Ghostery, Privacy Badger, and HTTPS Everywhere. How to choose a VPN provider There was a time when using a VPN required users to know about the built-in VPN client for Windows or universal open-source solutions such as OpenVPN. Nowadays, however, nearly every VPN provider has their own one-click client that gets you up and running in seconds.

There are usually mobile apps as well to keep your Android or iOS device secure over public Wi-Fi. Of course that brings up another problem.
Since there are so many services to choose from, how can you tell which ones are worth using, and what are the criteria to judge them by? First, let’s get the big question out of the way.

The bad news for anyone used to free services is that it pays to pay when it comes to a VPN.

There are tons of free options from reputable companies, but these are usually a poor substitute for the paid options.

Free services usually allow a limited amount of bandwidth usage per month or offer a slower service.

Tunnel Bear, for example, offers just 500MB of free bandwidth per month, while CyberGhost offers a free service that is significantly slower than its paid service. CyberGhost Everybody loves free services; but when you want to use a VPN, the free version usually isn’t the best deal. Then there are the free VPNs that use an ad-supported model, which in my experience usually aren’t worth using at all. Plus, free VPNs are usually anything but; in lieu of payment they may be harvesting your data (in anonymized form of course) and selling it as “marketing insights” to advertisers. The good news is VPNs aren’t expensive. You can usually pay as little as $5 a month (billed annually or in blocks of several months) for VPN coverage. We won’t get into specific VPN service recommendations in this article; instead, here are some issues to consider when shopping around for a VPN provider. First, what kind of logging does your VPN provider do? In other words, what information do they keep about your VPN sessions and how long is it kept? Are they recording the IP addresses you use, the websites you visit, the amount of bandwidth used, or any other key details? All VPNs have to do some kind of logging, but there are VPNs that collect as little data as possible and others that aren’t so minimalist. On top of that, some services discard their logs in a matter of hours or days while other companies hold onto them for months at a time. How much privacy you expect from your VPN-based browsing will greatly influence how long you can stand having your provider maintain your activity logs—and what those logs contain. TunnelBear TunnelBear is one of the author’s favorite VPNs, but there are many good choices on the market. Second, what are the acceptable terms of use for your VPN provider? Thanks to the popularity of VPNs with torrent users, permissible activity on specific VPNs can vary.
Some companies disallow torrents completely, some are totally fine with them, while others won’t stop torrents but officially disallow them. We aren’t here to advise pirates, but anyone looking to use a VPN should understand what is and is not okay to do on their provider’s network. Finally, does the VPN provider offer their own application that you can download and install? Unless you’re a power user who wants to mess with OpenVPN, a customized VPN program is really the way to go.
It’s simple to use and doesn’t require any great technical knowledge or the need to adjust any significant settings. Using a VPN You’ve done your due diligence, checked out your VPN’s logging policies, and found a service with a great price and a customized application. Now, for the easy part: connecting to the VPN. Here’s a look at a few examples of VPN desktop applications. TunnelBear, which is currently my VPN of choice, has a very simple interface—if a little skeuomorphic. With Tunnel Bear, all you need to do is select the country you want to be virtually present in, click the dial to the “on” position, and wait for a connection-confirmation message. SaferVPN works similarly.

From the left-hand side you select the country you’d like to use—the more common choices such as the U.S., Germany, and the U.K. are at the top. Once that’s done, hit the big Connect button and wait once again for the confirmation message. SaferVPN With SaferVPN, all you need to do is choose the country you wish to have a virtual presence in. HMA Pro is a VPN I’ll be reviewing in the next few days.

This interface is slightly more complicated, but it’s far from difficult to understand.
If you want to select your desired virtual location click the Location mode tab, click on the location name, and then choose your preferred location from the list. Once that’s done click the slider button that says Disconnected. Once it flips to Connected,you’re ready to roll. There are numerous VPN services out there, and they all have different interfaces; but they are all similar enough that if you can successfully use one, you’ll be able to use the others. That’s all there is to using a VPN.

The hard part is figuring out which service to use. Once that’s done, connecting to a VPN for added privacy or to stream your favorite TV shows while abroad is just a click away. This story, "How—and why—you should use a VPN any time you hop on the internet" was originally published by TechHive.

Cryptzone AppGate 3.0 Release Improves Software Defined Perimeter Security

AppGate 3.0 release adds new capabilities to help organizations provide secure, authenticated access to resources, including Single-Packet Authorization technology that keeps network resources hidden from unauthorized users. Security vendor Cryptzone t...

The official Tor browser for iOS is free to use

EnlargeTechno Fishy reader comments 26 Share this story When Mike Tigas first created the Onion Browser app for iOS in 2012, he never expected it to become popular. He was working as a newsroom Web developer at The Spokesman-Review in Spokane, Washington, at the time, and wanted a Tor browser app for himself and his colleagues.

Expecting little interest, he then put Onion Browser on the Apple App Store at just $0.99/£0.69, the lowest non-zero price that Apple allows. Fast forward to 2016, and Tigas found himself living in New York City, working as a developer and investigative journalist at ProPublica, while earning upwards of $2,000 a month from the app—and worrying that charging for it was keeping anonymous browsing out of the hands of people who needed it. So a few weeks ago, he made the app free.
Since then, its popularity has exploded, with thousands of downloads recorded every day.

The results of the recent US presidential election might have had something to do with this decision, and its impressive results, Tigas told Ars. "Given recent events, many believe it's more important than ever to exercise and support freedom of speech, privacy rights, and digital security," he wrote in a blog post. "I think now is as good a time as ever to make Onion Browser more accessible to everyone." Global concerns also influenced his decision. "Iran is not technically a country where you can get an iPhone, but on the grey market you can," he told Ars. "People over there can't get apps you have to pay for, because you have to have a credit card that Apple actually accepts," he added, noting that economic sanctions forbid Apple from selling to Iranian iOS users. Onion Browser is the official Tor Project-endorsed Web browser for iOS.

But it lacks some of the features available for Tor Browser (Linux, MacOS, Windows) and OrFox (Android), due to technical roadblocks peculiar to iOS. Onion Browser for iOS. In order to gain control over the browser's network settings, and route web traffic over Tor, Tigas has to use the older WebKit API (UIWebView) instead of the newer version (WKWebView).

The newer version uses the device's system settings for network and proxy settings and cannot be modified by an app. Onion Browser settings The two biggest challenges Tor developers on iOS face, as Tigas outlined in this blog post on the Tor Project website, are Apple's requirement that all browsers use the iOS WebKit rendering engine, and the inability to run Tor as a system-wide service or daemon on iOS. Developers have found workarounds to both problems, and iOS users can soon expect to see a new, improved Onion Browser, as well as a Tor VPN that routes all device traffic over Tor—probably in the first quarter of 2017. Not quite as secure Unlike the Tor or OrFox, Onion Browser is not based on the Firefox Gecko rendering engine.

This is good—Onion Browser is not vulnerable to Firefox exploits—but also bad, because code cannot be reused. A further challenge, Tigas said, is that Apple’s WebKit APIs "don’t allow a lot of control over the rendering and execution of Web pages, making a Tor Browser-style security slider very difficult to implement." Many of iOS's multimedia features don't use the browser's network stack, making it difficult to ensure the native video player does not leak traffic outside of Tor. "Onion Browser tries to provide some functionality to block JavaScript and multimedia, but these features aren’t yet as robust as on other platforms," Tigas wrote. Moreover, it doesn't support tabbed browsing, and the UX is pretty basic, but Tigas is working on a rewrite based on Endless. "It adds a lot of important features over the existing Onion Browser,” he said, “like a nicer user-interface with tabbed browsing, HTTPS Everywhere, and HSTS Preloading.

There’s a new version of Onion Browser in the works that’s based on Endless that will hopefully enter beta testing this month." Welcome to the sandbox The biggest challenge to getting Tor working seamlessly on iOS, though, is the inability to run Tor as a system-wide service or daemon, something which is trivial to accomplish with most other operating systems, but unavailable to iOS app developers.

To prevent misbehaving apps from getting up to their usual mischief, Apple sandboxes apps from each other, and from the underlying OS.

This means you can't install Tor on iOS, let it run in the background, and route all your device traffic over Tor. “In iOS the moment you leave an app, the app goes to sleep,” Tigas told Ars. “With Tor Browser Bundle or OrBot on Android, other apps can use the Tor in Tor Browser Bundle, other apps can use OrBot's connection on Android.” In fact, to get Onion Browser to work, he has to compile Tor into the app itself—as does any other iOS app developer who wishes to offer a Tor connection.

But that's about to change, thanks to iCepa. A Tor VPN for iOS Enlarge / OrBot, the official Tor routing service for Android. iCepa—from the Latin cepa for onion, and pronounced i-KAY-puh—is a Tor VPN for iOS currently under development that will enable iOS users to route all their traffic over Tor. "A lot of us had the idea simultaneously after Apple released iOS 9, which added some APIs that allowed you to talk to network traffic," iCepa developer Conrad Kramer told Ars. "It was intended for companies like OpenVPN or Cisco to build their own VPN solutions for iOS, but we realised we could build a version of Tor using this API." "It's similar to how OrBot works," he added, "which also uses a VPN approach." Apple-imposed memory limits had prevented Kramer from finishing work on iCepa until recently.

The memory limit for packet-tunnel extensions, he explained, was 5MB—and Tor needs around 10MB to run. Kramer said he was able to continue development work on a jailbroken iOS 9 device, but with little motivation since a jailbroken solution would not scale.

An encounter with Apple engineers at the WWDC conference gave him the chance to lobby Apple engineers to raise the limit—which they did, in iOS 10, to 15MB, more than enough to get a Tor VPN working in iOS. Kramer told Ars he had just gotten iCepa working on his test device in mid-December, and plans to share the working code in a private alpha with other Tor developers before the end of the year. He hopes to release iCepa to the public through the App Store at the end of the first quarter of 2017. "The timeline is still uncertain," he emphasised, "but I do want to get it out as soon as possible.” Paying for Tor development Since making Onion Browser free in early December, Tigas says the number of downloads has jumped from around 3,000 paid downloads per month to thousands per day. He is at peace with his decision, though, convinced he has done the right thing, but worries about the loss of income. "[The extra money] helped keep me doing investigative journalism by day," he told Ars. "If I can get to even 15 percent of where it was before, I would be really happy and amazed.
I think I have like five people on Patreon right now." Tigas has received some financial support from the Guardian Project to continue work on Onion Browser, but, he says, the money does not come close to replacing the income lost from the App Store. “I'm still a little terrified that I've made this change,” he wrote in his blog post, “but I'm happy this day has come—and judging from the responses I've already received, so have many of you.

Thanks for your support.” J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill. This post originated on Ars Technica UK

These three 2016 cases gave new life to software patents

For software patent defenders, Planet Blue's patent on lip synchronization in animated characters was their last, great hope.McRO, Inc. reader comments 6 Share this story In 2014, the US Supreme Court dealt a major blow to software patents. In their 9-0 ruling in Alice Corp v. CLS Bank, the justices made it clear that just adding fancy-sounding computer language to otherwise ordinary aspects of business and technology isn't enough to deserve a patent. Since then, district court judges have invalidated hundreds of patents under Section 101 of the US patent laws, finding they're nothing more than abstract ideas that didn't deserve a patent in the first place. The great majority of software patents were unable to pass the basic test outlined by the Supreme Court. At the beginning of 2016, the nation's top patent court had heard dozens of appeals on computer-related patents that were challenged under the Alice precedent. DDR Holdings v. Hotels.com was the only case in which a Federal Circuit panel ruled in favor of a software patent-holder. The Alice ruling certainly didn't mean all software patents were dead on arrival—but it was unclear what a software patent would need to survive. Even DDR Holdings left a teeny-tiny target for patent owners to shoot at. That all changed in 2016. Judges on the US Court of Appeals for the Federal Circuit found three more cases in which they believe that software patents were wrongly invalidated. What once looked like a small exception to the rule now looks like three big ones. The results of those cases could portend a coming year that will be friendlier to patent owners than the past few have been. As 2016 winds down, let's take a closer look at the details of these three software patent battles and how patent-holders kept their patents alive through the appeals court. Enfish LLC v. Microsoft Decided: May 12, 2016 Panel: Circuit Judges Kimberly Moore, Richard Taranto, Todd Hughes. In 1993, Enfish Corporation was founded in Pasadena, California, by a former Gemstar executive who wanted to find a better way to track and sort e-mail, files, and other data. By 2000, when Enfish founder Louise Wannier was profiled in the Los Angeles Times, the company had 45 employees and had raised $20 million in capital. But Enfish still wasn't profitable. The "Enfish Find" desktop search tool, and other company products, got positive write-ups in PC World and were downloaded by more than 200,000 users. In the end, though, it wasn't enough. By 2005, Enfish was out of business. The Enfish patents, though, lived on. By 2012, Wannier had formed Enfish LLC and decided to sue several huge software companies: Microsoft, Inuit, Sage Software, and financial tech heavyweights Fiserv and Jack Henry & Associates. The Enfish lawsuit (PDF) claimed that Microsoft's .NET Framework infringed two patents, numbered 6,151,604 and 6,163,775. Enfish claimed to have built a new type of "self-referential" database, with a priority date stretching back to 1995. The district court judge disagreed, though. He said a table is just a table. Emphasizing terms like "non-contiguous memory" (a ubiquitous method for computer storage) and "indexing" wasn't going to save the Enfish patents. In his 2014 order, US District Judge George Wu wrote: For millennia, humans have used tables to store information. Tables continue to be elementary tools used by everyone from school children to scientists and programmers.... the fact that the patents claim a "logical table" demonstrates abstractness... Humans engaged in this sort of indexing long before this patent. In May 2016, a Federal Circuit panel reversed Judge Wu. Software improvements are not "inherently abstract," the judges ruled (PDF). The Bilski and Alice cases were directed at processes "for which computers are merely invoked as a tool." Those cases didn't rule out a patent on a "specific asserted improvement in computer capabilities." The Enfish patent claims were "directed to a specific improvement to the way computers operate, embodied in the self-referential table." The self-referential table "is a specific type of data structure designed to improve the way a computer stores and retrieves memory," and thus deserves a patent. The panel also shot down Wu's finding that the Enfish invention was rendered doubly invalid by Microsoft Excel 5.0, a database product that was in public use more than a year earlier than the Enfish patent was filed. With all five of the patent claims now patent-eligible again, the case was sent back to the lower court. Discovery is underway and a trial is scheduled for 2018. For patent lawyers, the Enfish breakthrough was "like a ray of light at the end of a long dark tunnel," wrote one attorney at Fish & Richardson, the nation's biggest IP law firm, who analyzed the decision in a blog post. "Reaction by the patent bar was swift. Notices of additional authority and requests for reconsideration were submitted to district courts around the country." McRO v. Bandai Namco Games America Decided: September 13, 2016 Panel: Circuit Judges Jimmie Reyna, Richard Taranto, Kara Stoll. For patent system defenders, the next case was clearly a hill to die upon. In its opening Federal Circuit brief, patent-holder McRO Inc., which does business under the name Planet Blue, told the judges that the district court's ruling against it "violates supreme court precedent and threatens all software patents." Planet Blue was founded in 1988 by Maury Rosenfeld, a computer graphics and visual effects designer who worked for shows like Star Trek: The Next Generation, Max Headroom, and Pee Wee's Playhouse, according to his Federal Circuit brief (PDF). Rosenfeld's firm was hired by several video game companies "to work on animation and lip-synchronization projects." But, at some point, they clearly had a falling out. Beginning in 2012, Planet Blue sued more than a dozen big video game companies, including Namco Bandai (PDF), Sega, Electronic Arts, Activision, Square Enix, Disney, Sony, Blizzard, and LucasArts. Several of those big players had been Rosenfeld clients before the lawsuits. The complaints said the companies infringed two Rosenfeld patents, US Patents No. 6,307,576 and 6,611,278, which describe a method of lip-synching animated characters. Earlier methods of animating lip synchronization and facial expressions, said Planet Blue lawyers, were too laborious and expensive. US District Judge George Wu ruled against Planet Blue in September 2014. He acknowledged that Rosenfeld may have been an innovator, but his patents were nonetheless invalid because they claimed an abstract idea. The patents would have preempted any lip synchronization that used a "rules-based morph target approach." On appeal, the case was immediately seen as one to watch, in part because Rosenfeld was seen as a real innovator in his field. "The patents utilize complex and seemingly specific computer-implemented techniques," wrote Patently-O blogger Prof. Dennis Crouch. "An initial read of the claims in the Planet Blue patents seems to be a far cry from basic method claims." BSA—aka the Software Alliance, a trade group that includes Microsoft and other big software companies—weighed in on the case by filing an amicus brief (PDF) in favor of Planet Blue. The asserted claims weren't abstract, BSA argued. The district court judge, BSA said, had "imported" questions about obviousness into his analysis when he should have only considered a strict Section 101 analysis about abstraction. In BSA's view, the big swath of patents being thrown out in the post-Alice era should "not include claims directed to technological problems specific to the digital environment." The battle was joined on the other side, too. The Electronic Frontier Foundation and Public Knowledge jointly submitting a brief (PDF) arguing in favor of the video-game defendants. "The claims embody nothing more than the concept of applying numerical rules—that is, equations—to numerical inputs to obtain numerical outputs," wrote Public Knowledge attorney Charles Duan. "Since the law rejects Appellant’s theories of patentability, Appellant resorts to whitewashing its broad claims by extensively discussing the specification and implementing software. This is totally irrelevant," as it is the claims that are important. When the Federal Circuit found in Planet Blue's favor in September, it was the biggest win yet for software patentees in the post-Alice era. The three-judge panel held that the claims were "limited to rules with specific characteristics." Quoting the specification, they held that "the claimed improvement here is allowing computers to produce 'accurate and realistic lip synchronization and facial expressions in animated characters,' which could previously only have been produced by human animators." The judges didn't buy the defense argument that there was nothing new in having computer-based rules for animation. "Defendants concede an animator's process was driven by subjective determination rather than specific, limited mathematical rules." BSA was jubilant about Planet Blue's win. BSA President Victoria Espinel wrote: The Federal Circuit’s opinion reaffirms that software is worthy of patent protection just as any other field of technology. Software is a major component of today’s greatest innovations, and it is imperative that our patent system continues to encourage innovators in all fields of technology. Today’s Federal Circuit’s decision is a step in the right direction. McRO v. Namco Bandai is now back in Wu's Los Angeles courtroom, awaiting a scheduling conference for the litigation to go forward. Amdocs v. Openet Telecom Decided: November 1, 2016. Panel: Circuit Judges S. Jay Plager, Pauline Newman, Jimmie Reyna (dissenting). Israel-based Amdocs went to US courts to sue (PDF) an Irish company, Openet Telecom, in 2010. Amdocs asserted that four patents related to online accounting and billing methods were all derived from the same original application: Nos. 7,631,065; 7,412,510;  6,947,984; and 6,836,797.  The patents all describe the same system, which allows network operators to account and bill for internet protocol (IP) traffic. Claim 1 of the '065 patent claims computer code for "receiving... a network accounting record," then correlating the record with other accounting information, then computer code that uses that information to "enhance the first network accounting record." The district court found that Amdocs' claim wasn't much more than the abstract idea of correlating two networks. The court tossed the patent. And the Federal Circuit majority recognized that, in other cases, "somewhat... similar claims" had been thrown out under § 101—but then the Circuit majority went on to say that, despite that, the patent should have been allowed. "[T]his claim entails an unconventional  technological solution (enhancing data in a distributed fashion) to a technological problem (massive record flows that previously required massive databases)," wrote US Circuit Judge S. Jay Plager. "The components needed were "arguably generic" but had been used in such an "unconventional manner" that they led to "an improvement in computer functionality." The Amdocs saga isn't back in the lower courts quite yet. Defendant Openet has filed a petition for rehearing by the whole court. However it turns out, these three decisions mean that anyone seeking to enforce a software patent will come into 2017 in a far better position than they were a year ago. The Federal Circuit is continuing to debate the patent-eligibility of software. The random draw of judges on a Federal Circuit panel is increasingly looking like the most important factor on whether a patent prevails or dies at the appeals court. As Crouch notes in his analysis, two of the three judges that made up the majority in the Amdocs case can be seen as being in the minority of the court as a whole, since they pushed against the Alice patent. How such a split will be reconciled isn't clear. Crouch points out there may be two or three vacancies on the Federal Circuit during Trump's first term, and the Supreme Court has shown a continued interest in taking up patent cases. But looking back at the key decisions of 2016, anyone wanting to enforce software patents is in a far better position than they were a year ago, thanks to the three decisions above. 2016 may go down in history as the year that saved software patents.

Research on unsecured Wi-Fi networks across the world

The very nature of wireless Wi-Fi networks means that hackers or criminals simply need to be located near an access point in order to eavesdrop and intercept network traffic. Poorly configured access point encryption or services that allow data to be sent without any encryption pose a serious threat to user data. Confidential data can be protected by encrypting traffic at wireless access points.
In fact, this method of protection is now considered essential for all Wi-Fi networks.

But what actually happens in practice? Is traffic always encrypted on public Wi-Fi networks? How does the situation differ from country to country? Kaspersky Security Network statistics can answer all these questions. We compared the situation with Wi-Fi traffic encryption in different countries using data from our threat database. We counted the number of reliable and unreliable networks in each country that has more than 10 thousand access points known to us (this obviously excludes Antarctica and other regions where there is not enough data to draw any conclusions). Security of Wireless Networks Using statistics from Kaspersky Security Network (KSN), we analyzed data from across the world for almost 32 million Wi-Fi hotspots accessed by the wireless adapters of KSN users. Encryption type used in public Wi-Fi hotspots across the world Approximately 24.7% of Wi-Fi hotspots in the world do not use any encryption at all.

This basically means that by using an antenna capable of sending and receiving data at 2.4 GHz, any individual located near an access point can easily intercept and store all user traffic and then browse it for data they are interested in.

Fortunately, modern online banking systems and messengers do not transfer unencrypted data.

But this is the only thing that prevents users of Wi-Fi networks with unencrypted traffic from revealing their passwords and other essential data when using an unsecure access point. The WEP (Wired Equivalent Privacy) protocol for encryption of data transferred over Wi-Fi is used by approximately 3.1% of all analyzed access points.

The protocol was the first to be created, quite a long time ago, and is now completely unreliable – it would take hackers just a few minutes to crack it.

From a data security point of view, using WEP is not much different from using open networks.

This protocol is being relegated to oblivion everywhere, but as we see from the chart above, it can still be found in use. Around three-quarters of all access points use encryption based on the Wi-Fi Protected Access (WPA) protocol family.

The protocols from this family are currently the most secure.

The effort required to hack WPA depends on its settings, including the complexity of the password set by the hotspot owner.
It is worth noting that an attempt to decipher traffic from “personal” (WPA-Personal, PSK authentication) wireless networks (with public access points) can be made by intercepting the handshakes between the access point and the device at the beginning of the session. “Corporate” versions are protected from this sort of interception because they use internal company authorization. When it comes to “personal” WPA2 attacks, the situation is similar to that of WPA and mostly depends on the strength of the password set by the hotspot owner. It is only fair to note that during a standard attack on a Wi-Fi access point, a personal computer can generate from 50 to 300 keys per second on average.
If the encryption key is strong, it will take years to hack it.
Still, no one can guarantee that the key used at a cafe will be secure and that the attacker will have nothing but a PC at their disposal. Overall, it can be said that today’s WPA/WPA2 “non-enterprise” versions are reasonably, but not absolutely, secure.
In particular, they allow brute-force and dictionary attacks.

There are ready-to-use publicly available tools (aircrack-ng and similar software) for performing such attacks, as well as a large number of manuals. Geography of Unsecured Wi-Fi Access Points Share of Wi-Fi hotspots that use unreliable WEP or do not encrypt data (by country) We would like to note that the five countries with the highest proportion of unsecured connections include Korea (47.9% of unsecured Wi-Fi access points), while France (40.14%) and the US (39.31%) rate 9th and 12th respectively in the list. Germany appears to be the most secure among Western European countries, with 84.91% of access points secured by WPA/WPA2 protocol encryption. Share of Wi-Fi hotspots that use WPA/WPA2 (by country) However, even when using an encrypted connection, you should not completely rely upon this security measure.

There are several scenarios that could compromise even well-encrypted network traffic.

These include fake access points with names that duplicate or mimic real ones (for example, TrainStation_Free or TrainStation Free) and compromised routers forwarding traffic without encryption to attackers (malware tools that infect such devices are already “in the wild”).

At any rate, taking care of your own security is a good idea. Recommendations for Users There are several simple rules that help protect personal data when using open Wi-Fi networks in cafes, hotels, airports, and other public places. Do not trust networks that are not password-protected. Even if a network requests a password, you should remain vigilant. Fraudsters can find out the network password at a coffee shop, for example, and then create a fake connection with the same password.

This allows them to easily steal personal user data. You should only trust network names and passwords given to you by employees of the establishment. To maximize your protection, turn off your Wi-Fi connection whenever you are not using it.

This will also save your battery life. We recommend disabling automatic connection to existing Wi-Fi networks too. If you are not 100% sure the wireless network you are using is secure, but you still need to connect to the internet, try to limit yourself to basic user actions such as searching for information. You should refrain from entering your login details for social networks or mail services, and definitely not perform any online banking operations or enter your bank card details anywhere. To avoid being a target for cybercriminals, you should enable the “Always use a secure connection” (HTTPS) option in your device settings.
It is recommended to enable this option when visiting any websites you think may lack the necessary protection. If possible, connect via a Virtual Private Network (VPN). With a VPN, encrypted traffic is transmitted over a protected tunnel, meaning criminals won’t be able to read your data, even if they gain access to them. And, of course, you should use dedicated security solutions.

They inform users about any potential dangers when connecting to a suspicious Wi-Fi network and prevent any passwords or other confidential data from being compromised if there is a threat. One example of a dedicated solution is the Secure Connection tool included in the latest versions of Kaspersky Internet Security and Kaspersky Total Security.

This module protects users connected to Wi-Fi networks by providing a secure encrypted connection channel.
Secure Connection can be launched manually or, depending on the settings, activated automatically when connecting to public Wi-Fi networks, when navigating to online banking and payment systems or online stores, and when communicating online (mail services, social networks, etc.).