Data security Archive

ISPs another vector for tech-support scams

Article

Tech support scams target victims via their ISP | BBC News

Fraudsters impersonate victims’ ISPs in new tech support scam | Graham Cluley Blog

My Comments

Previously, as I have known from close friends’ experiences, there have been the fake tech-support phone calls claiming to be from Microsoft or another major software vendor. This was with me congratulating a person who wasn’t computer-literate immediately hanging up on one of these calls along with someone else asking another of these scammers for their Australian Business Number (equivalent to a VAT number in Europe).

These scams have evolved to a pop-up message pretending to be from one of the major software firms but asking them to call a number listed on that message. Typically this comes in the form of a virus or pirated-software alert as the message and some of these messages even appear on the lock screen that you normally enter your password.

Now the messages are appearing to come from ISPs, typically the ones who have most of the Internet business in the US, UK and Canada. But this is about the ISP detecting malware on the customer’s system with a requirement to call a fake customer-support number.

In this case, they identify a customer’s ISP based on a “spy pixel” ad on a site infected with malware or a “malvertisement”. The ads are typically served through large ad networks offering low-risk advertising products. This is used to identify the customer’s “outside” or WAN IP address which effectively is the same for all computers accessing the Internet from the same router.

Here, most residential and small-business Internet services have this IP address automatically determined upon login or at regular intervals and is obtained from a pool of known IP addresses that were assigned to that ISP to give to their customers. There is logic in the malware used to identify which ISP a customer is with based which IP address pool the IP address is a member of.

In these cases, call the ISP using the number they have provided you for technical support: typically written on their own Website which you should type in the URL for; written on any documents that you receive from them like accounts or brochures, as part of doing business with them; or by looking them up in the phone book. As well, don’t give any account numbers or personally-identifiable information to unsolicited approaches for technical support that you are not sure about.

But in all cases, you are most likely to initiate the call for personal or business tech support yourself when you need this support because you know your computer and network and how these systems perform. Typically you will approach one of the computer experts in your community, your workplace’s IT department if they have one, or your computer supplier for knowledge or assistance.

Send to Kindle

You could enable your existing computer for Windows Hello

Article

USB accessories add Windows Hello capabilities to any PC | Windows Central

My Comments

Lenovo ThinkPad Helix 2 connected to Wi-Fi hotspot at Bean Counter Cafe

You could be soon able to equip your existing laptop or 2-in-1 with the same kind of fingerprint scanner as the Lenovo ThinkPad Helix 2

An increasing number of business-focused Windows laptops are being made ready for Windows Hello which is the password-free login ability that Windows 10 offers. This allows for facial recognition or fingerprint recognition as an alternative to keying in that Windows password.

But what if you have that tower desktop, all-in-one or existing laptop that has no RealSense camera or fingerprint reader. Normally, you would think that you were cut out of this feature.

At the Computex 2016 “geek-fest” in Taiwan, there were two aftermarket USB accessories that bless these computers with Windows Hello login abilities. One of these is a webcam that is compliant to Intel RealSense specifications which opens up the path for facial recognition, while another of these is a USB fingerprint-reader dongle that is very similar to a Bluetooth or wireless-peripheral-transceiver dongle and plugs in to the side of a laptop computer.

These peripherals would be a step in the right direction for small businesses and consumers if they were sold at reasonable prices and were made available at most electrical stores, computer stores and the like, rather than just being sold to value-added resellers that cater to big businesses.

A solution I would like to see especially for desktop users or people who set up primary workstations would be a fingerprint reader integrated in to a keyboard or mouse. This could be offered as a differentiating feature for business and gaming peripherals. Similarly, a standalone desktop fingerprint reader could be offered as a way to have your existing workstation or “gaming rig” working with Windows Hello. Similarly, a fingerprint reader could be offered as a “short-form” device that can be integrated in to the PC cases that tend to modified by gaming enthusiasts.

Similarly, more manufacturers and resellers could contribute to this class of device in order to allow more of us to benefit from Windows Hello.

Send to Kindle

Cleaning up online advertising: Google and Bing make life hard for undesirable advertisers

Article

Advertising of predatory financial services

Google Will Start Banning All Ads From Payday Lenders | Mashable

Advertising of online tech-support scams

Bing brings in blanket ban on online tech support ads | Naked Security

My Comments

Google clamps down on advertising of predatory financial services

An issue that has caused a lot of concern with the Global Financial Crisis is the existence of predatory sub-prime financing services like payday and other short-term loans. This issue has been raised as a civil rights issue as well as a consumer-protection issue because predatory lending occurs more with disadvantaged communities and the kind of loan products charge exorbitant amounts of interest.

Google has attacked this issue by prohibiting payday and similar lenders from advertising through their Adwords search-advertising platform. As far as I know, it doesn’t affect any of Google’s display advertising services like Adsense or Admob. This follows similar action that Facebook had taken concerning their online advertising platform, with both these companies being the biggest online advertising platforms encompassing both their own properties and the ad networks that serve other publishers and mobile app developers. It is part of Silicon Valley’s reaction to contemporary issues of concern like civil rights.

This will effect the advertising of loan products that are due within 60 days or have an interest rate of 36% or more in the USA. But the issue that may surface is whether Google will apply this rule to their display advertising networks and if other online advertising services will follow suit and apply it across their products.

Bing clamping down on online tech-support scams

I have given a fair bit of airtime on HomeNetworking01.info about the online tech-support scams due to hearing from people in my community who have had near misses with these scams.

This typically manifested in the form of the phone calls that people received from someone pretending to be the tech-support team associated with a respected IT or telecommunications name, stating that the user’s computer has a virus or something else is wrong with the user’s computer hardware or software.  But they lead you to establish a remote-access path to your computer so they can “fix” the perceived “problem” or “threat” for a fee, with these scammers making off with a large sum of money or installing software of questionable provenance and relevance on your computer.

Most of us have become aware of these scams through the various customer-education efforts by the IT community and consumer-protection organisations, encouraging us to seek IT support from people whom you know and have met in person like your business’s IT department or the IT experts in your household, family or community.

This has led to computer users not answering these calls or simply hanging up when they receive those calls. Now the scammers’ MO has changed towards cost-per-click Web ads or popups that flash up warning messages saying that your computer has problems and instructing you to call a toll-free number. This plays on the fact that you are seeking a problem to be rectified by placing that phone call.

Bing Ads, which is part of Microsoft’s Bing search platform, have banned the advertisement of third-party tech-support services because of the quality issues that are affecting end-users’ data safety. There has been an unintended consequence from this ruling which has made it hard for honest IT-support providers to advertise their services on that platform.

Conclusion

I see it as one of many efforts by the online advertising industry to clean up its act and gain the same level of respect as traditional advertising but there could be a more uniform approach to the problem of questionable online and mobile advertising.

The only way I see this coming about is for the industry to adopt a code of practice with conformance being indicated to end-users, publishers, content-filter software and others through distinct trademarks and symbols. This could address issues like advertising that is allowed, the kinds of ad contracts offered including the tenure of these contracts and the kind of payment received, due-diligence requirements, and liaison with law enforcement, customer protection and other authorities.

Send to Kindle

Popular Internet-based communications platforms to be secure

WhatsApp Android screenshot courtesy of WhatsApp

WhatsApp – the pioneer for security-focused online communications for consumers

Some of the popular over-the-top messaging and VoIP platforms are being equipped for personal privacy and security.

This was a feature typically pitched at high-stakes business users but is now being pitched at everyday consumers thanks to the saga occurring in the USA between FBI and Apple where the FBI were wanting the encrypted data held on a suspect’s iPhone.

At the moment, WhatsApp and Viber are offering secure-communications features but this could be rolled out by other messaging/VoIP/videocall platform vendors like Skype, Facebook or Apple. For that matter, WhatsApp have recently made their platform from a subscription-funded platform to a free-to-user platform. They will continue to raise money by offering business-focused WhatsApp communications services.

Platform-wide best-case encryption by default

One of the main features is platform-wide end-to-end encryption which is implemented to “best-case standards” by default.

This means that the data that represents your calls and messages is encrypted by the end devices. Along with that, the user’s public and private keys associated with the encryption algorithm don’t stay on the company’s servers, thus not being at risk of a subpoena or other court order or government mandate. Rather, these are created by the end-user’s device and kept there.

The reference to “best-case” operation in this situation is that if the users are communicating with the latest version of the software that supports newer encryption algorithms, these algorithms are used for the encryption process. This even applies to group conversations where the “best-case” encryption method is implemented if all the correspondents are using the client apps that support that algorithm.

Authentication of contacts and their devices

As part of key exchange between contacts, there is an emphasis on authenticating one’s contacts with some systems like WhatsApp preferring a “face-to-face” method or others like Viber requiring you to read and confirm a password during a call. The former method that WhatsApp implements is for you to scan a QR code

Here, this is about whether you are really talking with the user on their device, in order to circumvent situations like lost or stolen phones, users installing their SIM cards in different devices and “man-in-the-middle” attacks. It was highlighted in Graham Cluley’s blog article about improving your security with WhatsApp.

This will typically be highlighted through the use of an indicator in your contact list that shows if a contact has been authenticated or if they have switched devices.

Concealed text/image conversations

Viber - Hide This Chat

Viber with its ability to conceal a conversation

Viber introduced to their platform the ability for one to conceal a text/image conversation which can come in handy if you are exploiting their functionality to use tablets or regular computers as endpoints for Viber conversations.

Here, you can conceal the conversation so that others cannot see it unless they enter a user-set PIN or password. Situations where this can be necessary could include an innocuous activity like arranging that surprise event through a personal conversation held in a workplace to a traveller who leaves their iPad in their hotel room which can easily be visited by Housekeeping staff.

On the other hand, you could be able to specify whether a text/image chat is to be kept on each other’s devices or to disappear like what has been valued with Snapchat.

Features that could surface in the name of security

As other online-communications platforms jump on to the secure-communications bandwagon, there could be the rise of different features or variations on the above features.

For example, a communications-platform client could implement client-level user authentication where the software can be set up to require the user to log in to the client to start a conversation. Or the primary communications device like the smartphone has to be near a secondary communications client like a laptop before the user can run the software. This feature may be considered of importance with tablets and regular computers likely to be used by other users.

To some extent, an operating system that implements multiple-user operation could allow an online-communications client to switch user profiles and phone numbers so it works totally personally to the user.

There could be the ability for a user to mandate device-level authentication or encryption before a conversation takes place with a contact. This could allow for one to be sure they are talking to the right correspondent.

Other methods of verifying contacts and devices could surface such as the use of NFC “touch-and-go” or Bluetooth data exchange as a way of authenticating users’ devices. The software could also exploit other hardware or software “secure elements” like Trusted Platform Modules as an alternative to SIM cards for Wi-Fi-only tablets or regular computers.

This could even extend to such things as “trusted networks” or “trusted locations” where your caller can know that you are talking privately, based on factors like wireless-network parameters or proximity to particular Bluetooth devices.

Conclusion

What is now happening is that secure online conversations, once a feature that was enjoyed by big business and government, is now becoming available to every individual in the street for free. This allows them to have online conversations without being eavesdropped upon.

Send to Kindle

USB.org to introduce authentication in to the USB Type-C platform

Article

The USB Type-C connection will now be able to be authenticated irrespective of vendor

The USB Type-C connection will now be able to be authenticated irrespective of vendor

New USB Type-C Authentication spec can stop faulty cables before they do damage | Windows Central

From the horse’s mouth

USB.org

Press Release (via BusinessWire)

My Comments

Increasingly the USB connection standard has shown up a need to verify or authenticate device connections on a hardware level. Initially Apple had engaged in this practice with their iOS devices that use the Lightning connector to make sure that properly licensed Lightning cables are used with these devices. But there have been other reasons that this kind of authentication is needed.

One of the reasons was the existence of fake charging devices that are typically installed in public locations. These espionage tools look like plug-in AC chargers or “charging bars”  but are really computing devices designed to harvest personal and corporate data from visitors’ smartphones and tablets. The mobile operating systems have been worked to address this problem whether through asking users what role the mobile device plays when it is connected to a host computing device or whether you trust the host device you connect your mobile device to it.

But there has also been concern raised about ultra-cheap USB Type-C cables, typically Type-A adaptor cables, that aren’t wired to standard and could place your laptop, smartphone or tablet at risk of damage. In this case, users want to be sure they are using good-quality properly-designed cables and power-supply equipment so that their devices aren’t at risk of damage.

The USB implementers Forum have established a connection-level authentication protocol for USB Type-C connections. This implements some of the authentication methods used by Apple for their Lightning connection to verify cables along with the ability to verify the devices that are on the other end of a USB Type-C connection.

For example, a traveller could rectify the “fake charger” situation by setting their mobile gadgets only to charge from certified USB Type-C chargers. Similarly, a business can use low-level authentication to verify and approve USB storage devices and modems to the computers under their control are connected to in order to prevent espionage and sabotage. Vehicle builders that supply software updates for their vehicles to rectify cyberattacks on vehicle control units can use this technique as part of their arsenal for authenticating any of these updates delivered to customers via USB sticks.

What needs to be established is that the USB interface chipsets installed on motherboards and other circuit boards need to be able to support this kind of authentication. Similarly, operating systems and device firmware would need to support the low-level authentication in order to reflect the user’s choice or company’s policy and communicate the status concerning USB Type-C devices properly to the end-user.

At least it is an industry-wide effort rather than a vendor-specific effort to verify and authenticate USB devices at the electrical-connection level rather than at higher levels.

Send to Kindle

Spear-phishing doesn’t necessarily involve links or attachments

Article

Snapchat, Seagate among companies duped in tax-fraud scam | Mashable

My Comments

Compose Email or New Email form

Spear-phishing email doesn’t necessarily have to have links or attachments

An issue that has come to highlight lately is spear-phishing where an email is sent to particular departments within a business to extort critical financial or other information from that business.

This recently happened to a number of American businesses including Snapchat and Seagate where the human-resources departments were told in an “official manner purporting to be from the CEO” to turn out W-2 tax forms about their employees.

For those of you in countries other than the USA, this is a statement provided by your employer which states what you earned including the taxes that are withheld and would be known as a P60 in the UK and Ireland or a Group Certificate in Australia. When in the wrong hands, these statements can be a goldmine of data that can be useful for identity theft and tax fraud.

But this may be different from a garden-variety spear-phish attack because there isn’t a requirement to visit a Website via a link or open an attachment that comes with the email. Rather this is to prepare the information in a specified computer-file format to be sent as an attachment with the email’s reply.

What was highlighted was that the spear-phish email used the look of official company correspondence such as use of the company’s trade dress (logos, colour scheme, typography) and disclaimers associated with such correspondence. As well, such emails appear to come from someone high up in the business. The spear-phishers were able to identify “who’s the boss” by performing Google or LinkedIn searches and this data could simply be found on “About Us”, shareholder-information or similar pages on a company’s public-facing Website. Such correspondence also can surface at certain seasons like holiday seasons, tax-filing seasons or special events.

This is a classic form of social engineering in the business and the staff were caving in to human error and weren’t vigilant. Here, if they see an email with an important request coming from their boss, they would follow up on this request forthwith as expected for business life. This is similar to the classic distraction-burglary or burglary-artifice scam where a householder is under pressure to let people who look like officials in to their home and these bogus officials commit crimes against the household. It can also affect small businesses as well as larger businesses and organisations, because such a request could also come from the business’s owner, a franchisor (in the case of franchised businesses) or someone who is higher up in the business’s food chain.

A similar scam which is known as “whaling”, targets business owners, managers and other known organisational figureheads with email purporting to come from partners, suppliers / service-providers like your landlord or officials such as the taxman or the Trading-Standards officials. It has the same effect as spear-phishing where you are subject to trickery to divulge sensitive information. This situation can affect businesses and organisations of all sizes from the small pizza shop on the corner to the large business in town.

The red flags to be aware of with spear-phishing or whaling are: is the request out of the ordinary whether for your business or for normal business practice; whether the domains for “reply” or “origin” email addresses match the known domains for the business;  or whether the writing style reflects the purported sender’s style or the accepted norms for business correspondence in the locale.

But most importantly, verify the facts from the horse’s mouth. This means sending a separate email to the proper source at the address you know them to be at or, preferably, making a phone call to check those facts. It is more important if the request happens to come “out of the blue”.

As well, be wary of out-of-the-ordinary correspondence you receive by email around the critical occasions like tax time.

Once you know what is in the norm for your organisation and industry, you should then rely on your “sixth sense” to identify if something is suspicious and report it straightaway.

Send to Kindle

Another router answers the needs for a secure home network

Article

eero: A Mesh WiFi Router Built for Security (Product Review) | Krebs On Security

My Comments

A common issue raised in relation to home-network routers is that they aren’t really designed for security. It applies more to the equipment that is sold through the popular retail locations like the electronics chains.

This is due to issues like firmware that isn’t always kept up to date along with an insecure “out-of-box” management-console login experience. The latter situation manifests typically in the form of a default username and password that is common across a product range rather than unique to each device.

The eero router which is effectively a Wi-Fi mesh system has answered these issues courtesy of the following: firmware that is updated automatically and a secure-setup routine based around an enabling code sent to your phone. The former method has been practised by AVM with their latest firmware for the Fritz!Box routers with these devices automatically updating. The latter method has been practised through the use of a mobile-platform app where you enter your name, email address and mobile phone number. This requires you to receive a one-time password from your smartphone by SMS. You enter this to the mobile app before you determine your home network’s ESSID and passphrase.

This kind of login experience for the management Web page could be very similar to a well-bred two-factor authentication routine that comes in to play for some online services whenever you add another device or, in some cases, as you log in. Here, the FIDO U2F standard or support for Google Authenticator could be implemented in a router to permit secure login to the management page.

As for Wi-FI implementation, this router implements a proprietary mesh technology with each extender implementing separate radio transceivers for both the backhaul link and the client-side link. This allows for full bandwidth to be served to the Wi-Fi client devices. Each router device also has two Ethernet ports with one of those being configured for WAN (Internet) connection. Personally, I would like to see both ports switch to LAN mode on an eero router if it is serving as a repeater. This would earn its place with video peripherals, printers or desktop computers.

What I see of this is a step in the right direction for improved security for small networks and other manufacturers could learn from eero and AVM in working on a secure setup routine along with automatically-updated firmware.

Send to Kindle

XBox One joins the Microsoft world for blind updating on Patch Tuesday

Article

XBox One games console press image courtesy Microsoft

Now can be updated every Patch Tuesday

Hello XBox, Welcome To Patch Tuesday | Supersite For Windows

My Comments

Due to a very strong security reality, the IT industry ins pushing a requirement for companies who make dedicated-purpose devices like games consoles and network infrastructure devices to have a continual software-revision process.

This is involving a requirement to develop and deliver software updates and patches as soon as they are aware of any bugs and security exploits. The preferred installation for these updates is to have a totally hands-off approach that occurs whenever the device is connected to the Internet.

This is becoming more important not just to protect games software against piracy, but to protect users’ privacy especially as games consoles are being capable of working with cameras and microphones and being part of online-gaming ecosystems where players’ details are being hosted online or on the device’s secondary storage. Similarly these devices are being part of the online-entertainment and home-network ecosystem which gives them access network-connected devices and online services.

Microsoft has extended the approach they have with the Windows platform and brought the XBox One games console in to the software-update rhythm that is known as “Patch Tuesday”. This is where Microsoft delivers all the software updates and patches for the Windows platform on the second Tuesday of every month rather than on an ad-hoc pattern. It creates a level of predictability when it comes to keeping your computer’s operating software up-to-date and in most home and small-business setups, it is effectively a hands-off “blind update” but may require a computer to be restarted.

It is part of running XBox One on a Windows 10 codebase which will expose it to the same kind of vulnerabilities as a “regular” computer. As well, the XBox One will also end up being one of the platforms covered by Microsoft’s bug-bounty programs where computer users are paid to “smoke out” bugs in their computer software. This places importance on having operating software that is kept regularly patched and updated. It also shows that games consoles, like other computing devices can be vulnerable to bugs that can expose security weaknesses or can be vulnerable to “zero-day” security exploits that aren’t discovered by the software developer.

What could this eventually mean for software updating as far as games-consoles and similar devices go? This could put the pressure for manufacturers to develop a continual software-update rhythm including bug-bounty / vulnerability-reward programs and even push for longer software life cycles.

Send to Kindle

Google makes further efforts against unwanted software

Article – From the horse’s mouth

Google

Year one: progress in the fight against Unwanted Software

My Comments

What has become familiar for me after some computer-support tasks was dealing with unwanted software that uses fraud and deception to have computer users install the programs on their systems. Such software like TubeDimmer typically takes over one’s online experience by serving up ads typically for dodgy businesses, slowing down the user’s computer or sending off the user’s private computer-usage data to questionable entities. In some cases, the software pesters users to download other worthless software or pay for worthless IT services.

There have been some efforts in the computing industry to tackle this problem, most notably MalwareBytes Anti-Malware providing the ability to remove this kind of software. But Google has approached this problem in a multi-faceted manner.

Firstly, they have revised the Safe Browsing API used in Chrome, Android and other browsers and endpoint-security programs that exploit this API to detect the unwanted nuisance software. They also provided an online “cleanup tool” for Chrome to remove ad injectors and similar unwanted extensions from that browser.

On the AdSense and DoubleClick advertising-network front, Google have tuned their Bid Manager which is used for buying advertising space on these networks to filter out chargeable impressions that are generated by the unwanted ad injectors. Similarly, they are disabling ads which appear on these networks but are leading to unwanted-software downloads. These include the ads that show the “Download this” or “Play this” kind of text or artwork without referring to what you intend to download and is augmented by an unwanted-software policy that applies to any advertising that is about software delivery.

If you are “Googling” for software, the Google Search Results screen will highlight links that lead to the delivery of unwanted software or advertised software links.

These efforts have paid off for Google in the form of reduced user complaints about Chrome and other Google client software. There has been increased Safe Browsing alerts regarding unwanted software which has placed a roadblock against this software being installed. Chrome users and personal-IT support personnel have been able to get rid of the unwanted software very quickly and easily.

Now Uncle Sam has joined in the fight against unwanted software downloads

Now Uncle Sam has joined in the fight against unwanted software downloads

But there needs to be further action taking place beyond what is happening in Google’s or Malwarebyte’s offices. Uncle Sam has lent his weight behind this effort with the US Federal Trade Commission classing this unwanted software as a form of malware.

Microsoft could help with this effort by extending their security and software-cleanup tools that work with Windows, Office and Internet Explorer to provide a “one-click remove” option. Similarly Web browsers and endpoint-security software can be part of the effort to slow down the deployment of unwanted software, reduce its effect on the system or simplify its removal.

As well, there needs to be efforts taking place within the online advertising industry to clean up its act.This may involve issues like:

  1. managing the availability of low-risk high-return advertising products like “cost-per-click-only” products that appeal to “fly-by-night” operators;
  2. management and supervision of advertisers, publishers and campaigns;
  3. advertising through client-side software rather than Webpages;
  4. advertising campaigns that lead to software downloads, amongst other issues.

Such issues may have to be dealt with via establishing an industry-wide code of practice and/or use of a “seal-of-approval”. Here, this is to make sure that online advertising has the same level of respect as traditional advertising has amongst advertisers; publishers, broadcasters and advertising-surface providers; and the general public.

Send to Kindle

Another effort towards a more secure home-network router

Linksys EA8500 broadband router press picture courtesy of Linksys USA

A step towards a secure home network from Czech Republic

Article

This crowdfunded router updates its own security | Engadget

From the horse’s mouth

Project Turnis

Home Page

Crowdfunding page (Indiegogo)

My Comments

A constant thorn in the side of the secure-home-network effort is the network-infrastructure equipment. This is more so with the router which stands between the Internet connection and the home network.

There have been issues where the firmware on the typical home-network router hasn’t been updated or is riddled with software exploits and bugs that can make it attractive to cyber-criminals. It is in addition to these devices being configured poorly, typically running “out-of-the-box” default configurations like “admin/admin” management passwords or default ESSID names and passwords for their Wi-Fi wireless-network segments.

AVM took a bold step towards this goal by supporting automatic software updating for their Fritz!Box routers. But now a Czech effort, spearheaded by the Czech Republic’s domain-name registry, has taken place to facilitate an open-source router design that also supports automatic software updates and enhanced networks security.

The Project Turnis effort is based around a multi-computer effort which keeps track of security threats that can affect home and small-business networks and uses this to amend firewall rules to protect your network better.

The router supports Gigabit Ethernet for WAN and LAN connections and 802.11a/g/n dual-band for Wi-Fi wireless LAN connections and can even support USB-based failover functionality with a USB mobile-broadband modem. It also has native IPv6 capability which makes this unit futureproof and able to work with next-generation broadband. There is even a view to have this router designed to work with the Internet Of Things as a hub device or to store data.

All of the software and even the hardware design is open-source with the software being a “fork” of the OpenWRT open-source router firmware effort, which can allow for further examination and innovation. This can lead towards more vendors offering home and small-business routers and gateways that are designed for security which would lead to a breakthrough for an affordable secure Internet service for consumers and small businesses.

The router is also about supporting other “central data server” roles such as being a NAS once coupled with a USB external hard disk or even a DVB-T broadcast-LAN server when DVB-T USB tuner sticks are connected. But I would expect a lot more from these devices like VPN endpoints, public hotspot functionality and the like. Who knows what could come about?

Send to Kindle