February 27, 2017 brianradio2016

Otterbox is currently having a winter sale, and they’ve discounted many of their popular cases up to 30% for a limited time. Commuter, Defender, Symmetry series and more are included, in various colors and for various phone models including iPhone 6 and various Galaxy models. Jump over to the Otterbox winter sale page to explore options and current discounts available.

This story, “Up to 30% Discount On Otterbox Cases For iPhone, Galaxy and Other Devices – Deal Alert” was originally published by TechConnect.

February 27, 2017 brianradio2016

Well, this is annoying. Maryland’s Montgomery County schools are using Chromebooks. The school system is using about 120,000 Chromebooks and multiple PCs running the Chrome web browser. But when Google recently updated them to Chrome OS 56, over 30 percent couldn’t log on, while many PCs running Chrome were unable to reach the web.

Broken Screen

TLS failures in BlueCoat and other web proxy programs are making Chromebooks fail.

So, was it Google’s fault? Not so fast.

The school system was using Symantec’s BlueCoat, a man-in-the-middle (MitM) SSL web proxy. This uses ProxySG technology to examine Secure-Socket Layer (SSL) and Transport Layer Security (TLS) encrypted web content. So far, so good — if you want to make sure your seventh graders aren’t peeking into pornography. But, in this case, it turns our BlueCoat doesn’t support the newest standard web security protocol, TLS 1.3.

Special Feature

Cloud - How to Do SaaS Right

Cloud – How to Do SaaS Right

Software as a Service offers irresistible benefits for organizations of all sizes — from cost savings to scalability to mobile accessibility.

Whoops.

TLS is SSL’s successor. The newest version, TLS 1.3, blocks attacks that were effective against TLS 1.2 and earlier security protocols. It also speeds up web connections.

“This update, the first since 2008, is a major overhaul that provides both increased security and enhanced speed, especially on mobile networks,” said Nick Sullivan, CloudFlare‘s head of cryptography. “TLS 1.3 improves request speeds by requiring one less round trip to connect to an internet application, compared to previous versions, and can decrease page load times by 20 percent.”

Mozilla Firefox, Google Chrome, and Opera currently support TLS 1.3. Microsoft and Apple are working on supporting it in Internet Explorer 11 and Edge and Safari, respectively. Google decided in its latest update to more fully support only TLS 1.3.

Both Google and Mozilla saw TLS decryption problems coming. A recent security study found vendors are badly handling TLS inspections. The anti-virus or network appliances “terminate and decrypt the client-initiated TLS session, analyze the inner HTTP plaintext, and then initiate a new TLS connection to the destination website.” However, they then incorrectly validate certificates and can introduce security flaws.

Unfortunately, some programs, and BlueCoat’s is one of them, goes even farther wrong. They hiccup when trying to deal with TLS 1.3. What should happen is “Successful connection. Client and proxy may negotiate down to TLS 1.2 instead of TLS 1.3.” Instead, “when Chrome attempts to connect via TLS 1.3, BlueCoat hangs up connection.”

There are fixes. For example, you can force Chrome 56 to use TLS 1.2 with the flag:

chrome://flags/#ssl-version-max

at the next screen, change the flag from “Default” to “TLS 1.2”

But this has to be done by hand and it only works for the current user. It’s in no way a fix you’d want to use with tens of thousands of Chromebooks or PCs.

So, in the short-run, Google has set “Chrome so that when it can check-in will receive instructions to disable TLS 1.3 and thus should stay ‘fixed’ (for now).” To do this, you must set your web proxy so that it doesn’t intercept TLS traffic until all the devices have been upgraded. In the case of Chromebooks, that will simply be logging in. With PCs running Chrome, you’ll need to go to a Google site, such as Gmail, that requires a login. If you’re only installing Chrome OS or Chrome 56 now, the new versions default to using TLS 1.2 and should work fine.

Whose fault is it?

Google puts the blame squarely on BlueCoat and other web proxy vendors. One note on the Chromium bug list said: “We’re waiting on a response from BlueCoat. They were made aware of TLS 1.3 several months ago, but evidently did not test their software per our instructions.”

Another Google software engineer stated: “These issues are always bugs in the middlebox products. TLS version negotiation is backwards compatible, so a correctly-implemented TLS-terminating proxy should not require changes to work in a TLS-1.3-capable ecosystem. It can simply speak TLS 1.2 at both client proxy and proxy server TLS connections. That these products broke is an indication of defects in their TLS implementations.”

Eventually, Google will return TLS 1.3 as the default. With Chrome 57 almost ready to go, this probably won’t happen until the Chrome 58 release, after the security vendors fix their proxies.

As for BlueCoat? A Symantec spokesperson said “Symantec has been alerted of a potential issue with TLS 1.3 on select devices. We’re investigating now and are working to resolve the issue.”

Hopefully it won’t take long. Otherwise, with Chromebooks being so popular in schools and SSL/TLS decryption being a common feature in educational-system web proxies, we can only expect to see further failures.

Related Stories:

VIDEO: Samsung’s new Chromebook Pro hybrid can run a universe of Android apps

February 27, 2017 brianradio2016

The security and privacy community was abuzz over the weekend after Google said it was open-sourcing E2Email, a Chrome plugin designed to ease the implementation and use of encrypted email. While this is welcome news, the project won’t go anywhere if someone doesn’t step up and take ownership of it.

Interest in secure communications has soared in recent years, and a number of tools bring end-to-end encryption to phone calls, text messaging, and online chats. However, almost three decades after the invention of PGP (Pretty Good Privacy), encrypted email still relies on command-line tools, plugins for IMAP-based email clients, or dedicated mail services such as ProtonMail and Lavabit, putting PGP out of reach for most individuals.

Consider how clunky it can be: A Gmail user can copy and paste the block encrypted in a different tool, and the recipient can do the same into a decryption tool to read the message. There’s a reason why many security professionals don’t use PGP — including, at one point, its inventor, Phil Zimmerman.

Thus, when Google started its research on end-to-end encryption back in 2014 and released the JavaScript cryptographic library as open source shortly after, there was a lot of interest. The fact that E2Email is using this cryptographic library is a good sign for the extension’s future.

February 27, 2017 brianradio2016

Smartphones with Intel-based x86 chips aren’t dead yet. Intel may have stopped making Atom chips for smartphones, but a partner is keeping that effort alive.

Chinese chip maker Spreadtrum is still making x86 smartphone chips based on the Atom architecture named Airmont. The company will ship a powerful eight-core Atom variant for smartphones in the second half of this year.

Smartphone makers will be able to use the Spreadtrum SC9861G-IA chip in mid-range handsets. It will have a PowerVR GT7200 graphics core and support 4K video and displays with resolutions up to 2560 x 1440 pixels.

It’s far more powerful than the original Atom smartphone chips made by Intel. Handsets with the chip were shown at Intel’s booth at the ongoing Mobile World Congress trade show.

February 27, 2017 brianradio2016

If you want to learn learn Linux from top to bottom, what better way to learn than by rolling your own mini distribution?

Linux From Scratch, a combination software project and book, now in a newly released 8.0 revision, provides a step-by-step guide to building an entire functional Linux system from the ground up. It’s a valuable and revealing project, though it doesn’t directly cover the cutting edge of the Linux world.

Bake your own Linux right at home

Most Linux tutorials focus on working with an existing Linux distribution with some name-brand recognition: Red Hat/Fedora, Ubuntu, Suse, and so on. LFS assumes that the user doesn’t simply want to learn how things work from the outside, but to understand the internals of Linux system design and create their own distribution for specific projects.

The core LFS project begins with an existing Linux distribution as a development environment, such as one of the aforementioned Linuxes. There, the user creates a dedicated partition where the new Linux lives, downloads the needed packages, and assembles the toolchain needed to build them. Everything in the new distribution, from the kernel to the userland packages, is built from source, with the book providing guidance along the way as to how all the pieces fit together.

February 27, 2017 brianradio2016

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company’s quantum key server with an encryption device from Nokia.

The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.

Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.

Current encryption systems often necessitate the distribution of keys by hand to ensure no tampering — a costly and time-consuming process. In quantum cryptography, the distant party can receive a key via the network and be absolutely sure that it hasn’t been intercepted or tampered with, meaning they can be sure it’s secure.

February 27, 2017 brianradio2016

HandBrake is a terrific tool for transcoding video. The app is free and open source, and you can now get version 1.03. HandBrake has a ton of features, and can output video into lots of different formats.

A writer at Tips on Ubuntu shows how to install HandBrake 1.03 in Linux Mint and Ubuntu via PPA or Synaptic.

ML reports for Tips on Ubuntu:

1. To add the PPA, open terminal (Ctrl+Alt+T) and run command:

sudo add-apt-repository ppa:stebbins/handbrake-releases

2. Type in your password, then hit Enter.

3. After that, launch Software Updater and upgrade handbrake from a previous release after checking for updates:

4. Or install / upgrade handbrake either via Synaptic Package Manager or by running commands:

sudo apt update

sudo apt install handbrake-gtk

More at Tips on Ubuntu

Windows 10 Creators Update will include Linux improvements

Microsoft has made some big strides in supporting Linux in Windows 10, and now a new update will soon add additional improvements for Linux.

February 27, 2017 brianradio2016

A cellular base station with 128 antennas may soon help some mobile operators serve many more subscribers in crowded areas.

Nokia demonstrated the technology, called massive MIMO (multiple in, multiple out) with Sprint at Mobile World Congress on Monday. It’s one of several types of advances in LTE that could eventually come into play with 5G, too.

Massive MIMO uses a large number of small antennas to create dedicated connections to multiple devices at once. In this case, the base station has 64×64 MIMO, or 64 antennas each for upstream and downstream signals. In Nokia and Sprint’s tests, it increased the capacity of a cell by as much as eight times for downloads and as much as five times for uploads.

For the demonstration, the base station connected with eight commercial, off-the-shelf phones behind a wall of Nokia’s booth and streamed data to and from them.

February 27, 2017 brianradio2016

iphones-sap.png

SAP said it will deliver its software development kit for Apple’s iOS on March 30. SAP has already posted its iOS curriculum on its developer training site, SAP Academy.

Apple and SAP forged an alliance last year designed to bring enterprise apps to the iPhone and iPad. The general theme is that iOS would be the front-end and mobile enabler for SAP’s back-end financial and analytics applications.

more MWC 2017

The SAP Cloud Platform SDK announcement landed at Mobile World Congress in Barcelona. SAP is looking to speed up the development process for enterprise developers with giving customers native iOS performance.

Among the key points:

  • The SAP SDK for iOS is written in the Swift programming language and includes prebuilt user experience components.
  • Touch ID, location services and notifications are also included in the library.
  • Enterprise features such as offline data synchronization and APIs to SAP S/4HANA are built into iOS via code snippets.
  • SAP and Apple have jointly developed the initial training materials on SAP Academy, which will court 2.5 million SAP developers and 13 million Apple developers.
  • And SAP is currently building native iOS applications for various industries such as retail and manufacturing.

Separately, SAP highlighted its Internet of Things and connected car integration via a collaboration with Concur, Hertz, and Nokia. SAP’s Vehicle network creates an automated experience for rental cars that provides keyless entry to autos, parking space identification, payment, navigation, and expense management tools for business travelers.