Rogue Wi-Fi Hotspots

October 17, 2017

India offers two types of Wi-Fi access free metered access which requires the users to register and second are those hotspots which do not have any password.

Some of these are Government initiatives like the one in Mumbai is “Aaple_Sarkar_Mum-WI-FI”, while Google in conjunction with Indian Railways is offering free Wi-Fi services at Railway stations across India. Furthermore, Coffee Shops, Bookstores and Hotels have also been providing free Wi-Fi access.

The common factors are:

  1. These services require registration and authentication
  2. Located at Public Places.

Providing Free Wi-Fi has been the best move by the Government for this social networking crazed generation, which has been using it for accessing Facebook, Instagram, Whatsapp etc However, it shouldn’t take a long time for the cyber criminals to realize the huge potential of gaining access to the network traffic by implementing Rogue Wi-Fi hotspots.

Rogue Wi-Fi Hotspots could be turned into surveillance systems and could also be used to inject malicious / advertisements into the network traffic. It’s not just the researchers who have demonstrated but Organizations too have injected traffic into the network in the past and what would stop the criminals from using the same technology to monetize this craze of accessing Free Wi-Fi.

Privacy concerns are raised by the elite few while most of the others turn a blind eye as long as they don’t have to pay a dime for Internet Access and has been aptly proved by the 4G boom with the free offerings by all the Telcos, and ultimately resulted in market consolidation vis’a’vis data pricing.

In these trying times when every bit of data can help build up your personal profile, it would pay in the longer run for everyone to exercise caution while accessing Internet. Moreover caution is just not limited to accessing Internet but also the Apps and their system level permissions do play an important role in securing your privacy.

Rogue Wi-Fis are very difficult to detect since there is very little information that they leak and it is very much possible that SSID will be replicated by these criminals in order to lure unsuspecting victims into their trap. It is also very much probable that the Rogue Wi-Fi wouldn’t ask for registration / authentication and should alert the users that something is amiss.

How to user Free Wi-Fi:

  1. Implement VPN on your devices / laptops
  2. Keep a separate Cell Number for accessing the Wi-Fi as most of them rely on OTP sent as an SMS to the registered number. It should be different from the one used for Banking Transactions.
  3. Verify the App Permissions before installing them on your device.
  4. Never conduct banking transactions through Free WI-FI; one may never know who is sniffing your traffic.
  5. Always keep you Phone Antivirus updated to ensure maximum efficiency.
  6. When in doubt about a particular SSID, do ask the owner of the shop who is providing this service and you may always choose to disconnect immediately.

 

Advertisements

Krack Attack – Wi-Fi Vulnerability Affecting WPA

October 17, 2017

WEP has been considered to be a flawed encryption and Wi-Fi implementations have always concentrated on implementing WPA Encryption standard so as to ensure a secure Wi-Fi communication channel. However, recently researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have found multiple flaws in WPA encryption which would allow hackers to decode the traffic and inject malicious packets into the secure WPA communications channel.

The vulnerabilities in itself are related to the WPA protocol standard which allows the attackers to force the devices to reissue the nonce effectively forcing the devices to initiate Key Reissue Attacks (KRACK).

This weakness in the protocol allows the attackers to sniff the traffic traversing between the devices and access-points while the worst case scenario is injection of malware into websites. The vulnerability affects all devices running on Windows, MacOS, iOS, Android and Linux. Due to the devastating implications of this vulnerability, Vendors have been quick to respond and made available patches to mitigate these vulnerabilities.

Identifiers:

  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

More can be read about this research over here https://www.krackattacks.com/

Vendors:

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Ubuntu:

https://usn.ubuntu.com/usn/usn-3455-1/

Redhat:

https://access.redhat.com/security/cve/cve-2017-13080

Intel:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Advisory:

  1. Patch your devices as and when the patches are made available
  2. Since this is protocol-level vulnerability, changing password wouldn’t help in mitigating the attacks.

 


Thecus N2350 bags an award as the “Most Interesting NAS” at Computex 2017 by Tom’s Hardware, USA

October 16, 2017

NEW TAIPEI CITY, TAIWAN / MUMBAI, IndiaOctober 16, 2017  – The Tom’s Hardware team traveled to Taipei for Computex 2017 last month to bring all of the latest developments in the enthusiast categories that matter most. The N2350, the latest 2-bay NAS from Thecus was lucky enough to be awarded the “Most Interesting NAS”.


“Instead of following the herd, Thecus took a leap of faith to entice new users with a lower price point. The Marvell Armada 385 dual-core SoC processor won’t break any benchmark records, but it’s strong enough to tackle your data transfers at high speeds and run some applications in the background.”

“The goal is to bring users into the connected world where software overshadows the core functions most associated with products: data storage. Once indoctrinated, you can use the N2350 for what it is or step up to a system with more features, like powerful multimedia through HDMI and more resource-hungry applications.”

“The Thecus N2350 will get you in the door for a taste test without breaking the bank. You should like it enough to want more features in your next NAS, and that’s why we like this model, at thisprice, so much.”

  • Embedded with Marvell Armada Dual Core CPU
  • 1GB of DDR4 RAM
  • Running on the newly-designed, enhanced ThecusOS™ 7.0
  • Uninterrupted Accessibility with Thecus System Failover
  • Mobile Access with Thecus Connect and Orbweb.me
  • Cloud Service Backup with Amazon S3
  • RAID Support (0,1 and JBOD)
  • Plex Media Support

Thanks to Chris Ramseyer and the whole team at Tom’s Hardware for the recognition.

Availability & Warranty

The Thecus N2350 is available with its Regional Distributors carrying a warranty of 2 years.

For more information on the Thecus N2350, please go to:

http://www.thecus.com/product.php?PROD_ID=134

# # #

About Apical

Apical is a leading name in Value Added Data Storage Solutions. Established in 2005 Apical is a trusted name owing to their strong Solution Centric approach and is known for its partner focused Distribution pan India.

 

For past seven years the teams in Apical have dedicated themselves to create Quality, Robust yet Cost Effective solutions serving all industry verticals and applications, for their partners who cater to SMB, Enterprise and Government Customers. Based out of Mumbai the Promoters of Apical have an aggregated experience of over 25 years.

In a constant endeavor to Delight Customers and with understanding to market dynamics and sensitivity Apical team is continuously working with multiple brands and adding new products in portfolio. Apical today is the Distribution house for Data Storage brands like Thecus, Infotrend and Toshiba.

With a good spread in the IT Channel, Apical wishes to create a strong business relationship with the SI and SMB community by providing them with profit rich products and at the same time satisfy the end user with Quality and Technology, to know more please visit Apical.in

About Thecus®

Established in 2004, Thecus Technology Corp provides market leading network attached storage and network video recorder solutions, committed to revolutionize how everyone from home user to enterprise level business centrally stores, manages and accesses their digital data both onsite and cloud-based. Thecus strives to deliver continuous innovation through cutting edge technology and design to provide data storage with the most customer-friendly platform, rapid performance and robust security. In May 2016, Thecus was formally acquired by Ennoconn Corporation and thus became part of the Foxconn IPC Technology group. Partnered together this diverse group of companies work in tandem to provide a total IoT (Internet of Things) solution. Now with an unparalleled portfolio to work with, Thecus is collaborating to bring unprecedented change to the network storage industry. To know more please visit www.thecus.com


The first ECM solution worldwide to fulfill the requirements: Doxis4 achieves SAP S/4HANA certification

October 16, 2017

BONN, Germany / NEW DELHI, India October 16, 2017 – Doxis4 from SER is the first ECM system worldwide to receive SAP S/4HANA certification for the archive interfaces ArchiveLink and ILM. And this means long-term security for all companies that plan to switch to the new generation SAP S/4HANA. It is possible for them to safely store their SAP documents and data in the Doxis4 archive with S/4HANA.

Doxis4 users can continue using their existing archive solutions after switching to SAP S/4HANA. The archive interfaces of the Doxis4 iECM suite have once again successfully passed the demanding functional test scenarios for SAP S/4HANA and for SAP NetWeaver. Utilizing the certified interfaces Doxis4 HTTPContentServer (HCS) for archiving via ArchiveLink and Doxis4 WebDAV Connector for ILM (Information Lifecycle Management), SER customers can securely store SAP documents and data (e.g. print lists, order or invoice documents) – also in an audit-proof way. Furthermore, they can manage retention periods and thereby fulfill legal requirements.

We support the latest SAP technologies always very early on. If you claim to support SAP S/4HANA, you have to prove it: We have achieved this once again with the SAP certification. In doing so, we give our customers long-term security,” explains Klaus Eulenbach, Head of Technology at SER.

ECM integration encompasses many different use cases

As a long-standing certified partner of SAP, SER offers a deep integration of SAP and the Doxis4 iECM suite, which many companies appreciate: Over 50 percent of all SER customers use Doxis4 together with SAP for a diverse range of use cases. This includes SAP data archiving, SAP document archiving, electronic records in SAP, and SAP inbound invoice processing. The last is integrated through the certified SAP interface of Doxis4 InvoiceMaster 8.3 with the Doxis4 iECM suite. Beyond this, SER has its own namespace in SAP (/SER/IM4S).

An overview SER’s SAP-certified solutions:

  • Doxis4 HTTPContentServer (HCS) is certified according to the SAP specification S/4-BC-AL 7.40
  • Doxis4 HTTPContentServer (HCS) is certified according to the SAP specification BC-AL 7.40
  • Doxis4 webDAV Connector for ILM is certified according to the SAP specification S/4-BC-ILM 1.0
  • Doxis4 InvoiceMaster 8.3 is certified in combination with SAP ERP and SAP NetWeaver 7.40

# # #

About SER Group

SER connects people, products and processes in the most efficient way possible to create the digital workspace of the future. With our leading Doxis4 iECM suite we have been setting new standards in the development of enterprise content management software (ECM) for the past 30 years. More than one million satisfied users worldwide rely on our user-friendly solution to increase their return on information. The unified platform for ECM and BPM (business process management) seamlessly integrates content and processes to the benefit of its users. ECM Excellence by SER unites vision, inspiration, experience, awareness and the expertise of our team of over 550 employees.

With sales representations in Germany, Austria, Switzerland, BeNeLux, France, Iberia, Poland, Russia, United Kingdom, India and China, we offer our customers localized products and services according to their needs. An international network of professional business partners supports us in further locations. For more details please visit www.ser-solutions.com


Infortrend Completes its EonStorGSe Pro Family by Introducing 4 and 8-bay Storage Systems for Entry Level Users

October 13, 2017

NEW TAIPEI CITY, Taiwan / MUMBAI, IndiaOctober 13, 2017 –  Infortrend® Technology, Inc. (TWSE: 2495) has launched their new EonStor GSe Pro 1000 series with a small 4 or 8-bay rack mount design. Even with such a small space, it fully supports data storage, file sharing, cloud integration, and all RAID functions to easily run local SAN/NAS applications. SMBs and SMEs that want entry level storage systems now have a complete product line to choose from.

The new EonStor GSe Pro 1000 series provides a compact 1U 4-bay or 2U 8-bay NAS system with a quad-core processor and four embedded 1GbE ports to boost productivity. It also supports AES-NI hardware encryption engine to lower CPU loading, maintain system performance and security, while redundant power supplies increase service continuity, making it the ideal choice for surveillance, backup, file sharing, and email servers.

The EonStor GSe Pro family features two rack mount series, and is designed for SMBs with easy storage management and complete data services. The small rack mount designed EonStor GSe Pro 1000 series is entry level storage, while the EonStor GSe Pro 3000 series offers higher performance and a capacity of up to 436 drives.

We are pleased to launch the new small rackmount EonStor GSe Pro series to further complement our product line. With its compact design and affordable price, the EonStor GSe Pro is the ideal storage choice for SMBs with budget and space concerns,” said Thomas Kao, Senior Director of Product Planning at Infortrend.

The high speed 2U 8-bay EonStor GSe Pro 3008 is available for those that demand faster performance. For more information about the EonStor GSe Pro 1000 series, click here. For the EonStor GSe Pro 3000 series, click here.

# # # 

About Apical

Apical is a leading name in Value Added Data Storage Solutions. Established in 2005 Apical is a trusted name owing to their strong Solution Centric approach and is known for its partner focused Distribution pan India.

For past seven years the teams in Apical have dedicated themselves to create Quality, Robust yet Cost Effective solutions serving all industry verticals and applications, for their partners who cater to SMB, Enterprise and Government Customers. Based out of Mumbai the Promoters of Apical have an aggregated experience of over 25 years.

In a constant endeavor to Delight Customers and with understanding to market dynamics and sensitivity Apical team is continuously working with multiple brands and adding new products in portfolio. Apical today is the Distribution house for Surveillance, Data Storage and Home Control brands like Thecus, Infotrend and Toshiba.

With a good spread in the IT Channel, Apical wishes to create a strong business relationship with the SI and SMB community by providing them with profit rich products and at the same time satisfy the end user with Quality and Technology, to know more please visit www.Apical.in

About Infortrend

Founded in 1993, Infortrend Corporation (Public TPE:2495) is a leading provider of high performance networked storage solutions focusing on quality, reliability, choice and value. Fueled by a depth of technological expertise and system level knowledge, Infortrend storage solutions have been widely deployed on a variety of demanding applications by multiple users across commercial and industrial markets. Its core brands include the ESVA, EonStor DS, EonStor, EonNAS product families. For more information, please visit www.infortrend.com


%d bloggers like this: