November 14, 2012 archive

Nov 14

Cisco’s 6Lab Provides Worldwide IPv6 Statistics With Interactive Map, Daily Updates

Want IPv6 deployment statistics?  Want to use an interactive map to see the global deployment?  Over the past few months, Cisco’s IPv6 Lab has rolled out a very cool new IPv6 statistics site at:

http://6lab.cisco.com/stats/

We recently added a resource page about the site and added it to our list of IPv6 statistics sites.

Pulling data from a wide variety of public sources, the site displays the statistics via an interactive map at a global or country level. As Alain Fiocco wrote in a very detailed blog post announcing the 6lab statistics site, there are a number of ways to interact with the data:

  • Simply mouse over the world map to see aggregated metrics per country.
  • Select your favorite “data type” to see more details for each metric.
  • Click on “world-scale data” or click on a country to display historical data.

The site also has an information page that explains the methodology behind the site and the sources used for the data.

Cisco 6Lab Statistics Site

Alain Fiocco goes into a deeper analysis in his lengthy blog post describing in more detail what they are trying to do with the site. He also indicates there, and has confirmed this via email to us, that these statistics are being updated daily and they are continually looking at ways to improve the site.

It’s a great way to visualize the data and we’re pleased to see that Cisco has made this available.  Kudos to Alain and his team for making it happen.  If you are interested in IPv6 deployment statistics, please do check it out!

Nov 14

Cisco’s 6Lab Statistics Site

Cisco maintains a comprehensive IPv6 statistics site that is updated daily at:

http://6lab.cisco.com/stats/

As Alain Fiocco wrote in a very detailed blog post announcing the 6lab statistics site, there are a number of ways to interact with the data:

  • Simply mouse over the world map to see aggregated metrics per country.
  • Select your favorite “data type” to see more details for each metric.
  • Click on “world-scale data” or click on a country  to display historical data.

The site also has an information page that explains the methodology behind the site and the sources used for the data.

Cisco 6Lab Statistics Site

According to Alain Fiocco at Cisco the site is being updated daily with new data.

Nov 14

The Apple Maps Fiasco Finally Hits Me – Tiffin St, Not Giffin St

Until last night I had been blissfully unaffected by the whole Apple Maps fiasco. I upgraded both my iPhone and iPad to iOS 6.0 and have generally had no problems whatsoever. I've gotten to where I needed to go when using "Maps" and in fact I like the better driving directions.

And then last night I read an article in our local paper about a building to be demolished and wondered where that was in Keene, as I'd not heard of "Tiffin Street". So I popped the street name into Maps on my iPhone and was suprised...

Photo Nov 13 7 14 23 PM

I tried a couple of times at different zoom levels and settings but Apple Maps would not show me a "Tiffin St" anywhere in Keene.

So I flipped over to Google Maps, still on my iPhone, and of course there it was:

Googlemaps

And indeed I went by the street on my lunchtime run today and can confirm to Apple with my own eyes that Tiffin Street does indeed exist in Keene!

Tiffinst

Hopefully Apple will continue to improve their data, because this is really quite silly!

P.S. I guess the good news is that I now know where "Giffin St" is in Keene... but that's not what I wanted! :-)

If you found this post interesting or useful, please consider either:

Nov 14

Microsoft Researching Skype Password Reset Security Hole

This morning The Next Web reported on an exploit where Skype’s password reset web page could be used to hijack a user’s Skype account using only the password associated with the account. So… if you could guess someone’s email address (which can often be found through a Google search), you could effectively take over their Skype account.

Microsoft/Skype has DISABLED this feature while they investigate further so it appears that for the moment the security risk is limited.

However, it may be wise to watch closely the email account associated with your Skype ID for the next bit to see if any random password reset messages are sent to your account. Odds are that attackers will be sniffing around trying to see if there is any other way to exploit the apparent vulnerability.

The Next Web team reports that they were able to reproduce the attack on two Skype accounts of willing victims, confirming that the vulnerability was indeed real. They also reported the issue to Skype and worked with folks there.

The vulnerability is interesting in that it shows the complexity of modern communication applications. Skype is for the most part a desktop/mobile application, but yet it does rely on a centralized cloud-based service for authentication/passwords, etc. A vulnerability in the web interface for that central service then weakens the security of the overall system.

The “good” news for Microsoft/Skype is that because this appears to be a vulnerability in the web interface of the centralized system, this is probably something relatively easy for them to fix – and without requiring any client updates.

Kudos to Microsoft/Skype for reacting quickly to minimize the risk and we look forward to the issue being addressed.

UPDATE #1: Skype has issued a brief statement on their “heartbeat” web site with the same text that has been quoted in several articles.

UPDATE #2: The Verge has an article out now where many people in the comments are suggesting you change the email address associated with your Skype account to something less likely to be guessed. While Microsoft seems to have removed the immediate attack vector and this change is no longer critical to do, it may be something some of you may want to consider.

UPDATE #3: There’s a long Hacker News thread on this issue that also includes a link to an article walking through the exploit step-by-step as well as walking through links to protect your account. Note that because of the steps Microsoft has taken the exploit steps no longer work.