In 2012, Swedish pest control company Anticimex began a period of rapid expansion into 18 countries and now reaps revenues of $474 million thanks in part to an aggressive new technology plan that hinges in part on the Internet of Things. Anticimex’s embrace of IoT goes back to a regional manager in central Europe reading a story about rat infestations in Copenhagen and inventing a motion-detector-based rat trap for use in sewers, according to company’s CIO Daniel Spahr.

IoT Target: Rats The basic system Anticimex uses for its main industrial customers used to be totally manual – a worker would have to stop by once a week or once a month to check if any rats had been unlucky enough to be caught in a given trap.

“What happens during that other 29 days of the month? Do you really know that nothing’s happening? With the digital traps, you do know,” said Spahr.

Anticimex’s smart traps send real-time data back to the company, detailing whether they’re detecting nearby motion, and whether the trap has been activated. The units are powered by rechargeable batteries of various size, and can also send warnings when they’re low on power or otherwise need maintenance.

The networking is based on SIM cards, sending SMS messages via 2G and 3G networks to a central hub located in Denmark, keeping the team in the loop on what’s happening with its traps around the clock. The comparatively low-tech method of communication has the added bonus of being highly secure - it's hard to hack a system with just a text message

The Data

When the system started out, Spahr said, it wasn’t particularly sophisticated in the way it handled the information sent back to headquarters.

“[The original] system has some basic reporting, but it’s more of a straightforward, dumb database,” he told Network World.

That’s changed since then, thanks to new technology from software company IFS. In the past year, the two companies have worked to create a more meaningful IoT platform, getting data into a more useful repository.

Spahr said that Anticimex has been using the new platform since April – the initial trial run is taking place in Finland – and is just now starting to really crunch the numbers to make the business more efficient. Identifying battery life trends – including bad cells that should be replaced – can help with resource planning.

“It’s like if you walked up to a whiteboard and you pick up a pen, and it’s not working, the thing that everybody does is they put on the cap and they put it back and they grab another pen – what they should do is throw away that pen,” he said.

Anticimex also hopes to be able to track pest trends globally, letting the company’s sales and marketing departments target their efforts more precisely. But in the longer-term, Spahr said that the idea is to make some of the information easily available to customers, giving them a look into pest control efforts taking place on their premises.

Source: Network World

The Hack

Security researcher Leigh-Anne Galloway notified Myspace about the flaw in April, and published details about it on Monday after failing to receive a substantive response.

The problem stems from Myspace not being, you know, the most widely-used service anymore. As such, it has extensive mechanisms and advice available for recovering accounts when you’ve lost the password, no longer have access to the email address associated with the account, or don’t remember your Myspace username.

Galloway discovered that the Account Recovery form doesn't actually require very much information to validate ownership of an account and take control of it. Since the name and username associated with an account show up on its public profile, Myspace’s account recovery setup was such that you really only needed someone’s date of birth to complete an account takeover. The form claimed that other fields like the account email address were "required," but it wasn't actually validating these fields in practice.

“This is indicative of the landscape we live in,” Galloway says. “Everything is done online, which means there is more and more code online. Web applications are the front door to an organization. The consequences of getting access can be catastrophic.”

Who’s Affected?

Who can say! Myspace has been cagey for years about how many users it still has, and it's unclear how long this account recovery form was live. “I haven't had a response from MySpace,” Galloway says. A lot of Myspace user data got scrubbed in its redesign a few years ago, but the mass exodus away from the service when social networks like Facebook were on the rise definitely left a number of forgotten accounts that are still live in some form and could be exploited.

Myspace's decision on Monday to revoke public access to the page indicated that the company was aware of the situation and investigating. It later said in a somewhat forlorn statement, "In response to some recent concerns raised regarding Myspace user account reactivation, we have enhanced our process by adding an additional verification step to avoid improper access. We take data security very seriously at Myspace. We plan to continue to refine and improve this process over time."

How Serious Is This?

Last year some estimates said that Myspace, which was purchased by Time Inc. last year and lives on as a music and entertainment-focused site, was still hanging on to 20 million to 50 million unique views per month. But legacy technologies can still potentially hold valuable data, and Myspace of all services should know this after it disclosed its massive breach in 2016.

"I think the public is just waking up to the realities of living a connected life," Galloway says. "This is a good thing and will put more pressure on organizations to implement smarter security."

This flaw may not be the worst digital threat facing consumers right now, but each small erosion of consumer trust adds up. If you still have a Myspace account kicking around, the time has come to rediscover its existence, and delete it.

Source: Wired

It’s not too early to start basic planning of how 5G might benefit IT

The next step in the evolution of wireless WAN communications - known as 5G - is about to hit the front pages, and for good reason: it will complete the evolution of cellular from wireline augmentation to wireline replacement, and strategically from mobile-first to mobile-only.

Even though at its core 5G is more about evolution than revolution, it’s not too early to start least basic planning to understanding how 5G will fit into and benefit IT plans across organizations of all sizes, industries and missions.

5G will of course provide end-users with the additional throughput, capacity, and other elements to address the continuing and dramatic growth in geographic availability, user base, range of subscriber devices, demand for capacity, and application requirements, but will also and equally importantly enable carriers, operators, and service providers to benefit from new opportunities in overall strategy, service offerings, and broadened marketplace presence.

• Enhanced throughput – As is the case with Wi-Fi, major advances in cellular are first and foremost defined by new upper-bound throughput numbers. The magic number here for 5G is in fact a floor of 1 Gbps, with numbers as high as 10 Gbps mentioned by some. However, and again as is the case with Wi-Fi, it’s important to think more in terms of overall individual-cell and system-wide capacity. We believe, then, that per-user throughput of 50 Mbps is a more reasonable – but clearly still remarkable – working assumption, with up to 300 Mbps peak throughput realized in some deployments over the next five years. The possibility of reaching higher throughput than that exceeds our planning horizon, but such is, well, possible.

• Reduced latency – Perhaps even more important than throughput, though, is a reduction in the round-trip time for each packet. Reducing latency is important for voice, which will most certainly be all-IP in 5G implementations, video, and, again, in improving overall capacity. The over-the-air latency goal for 5G is less than 10ms, with 1ms possible in some defined classes of service.

• Advances in management and OSS – Operators are always seeking to reduce overhead and operating expense, so enhancements to both system management and operational support systems (OSS) yielding improvements in reliability, availability, serviceability, resilience, consistency, analytics capabilities, and operational efficiency, are all expected. The benefits of these will, in most cases, however, be transparent to end-users.

• Increased mobility – Very-high-speed user mobility, to as much as hundreds of kilometers per hour, will be supported, thus serving users on all modes of transportation. Regulatory and situation-dependent restrictions – most notably, on aircraft – however, will still apply.

• Improved security – As security remains the one aspect of IT where no one is ever done, enhancements to encryption, authentication, and privacy are expected. It would not be surprising to see identity management (IDM) solutions along the lines of those now at work in many organizations available from at least a few carriers. Current IDM suppliers as well might be more than mildly interested in extending their capabilities to 5G services purchased by enterprises.

• New spectrum – It is expected that frequencies in the so-called millimeter-wave bands above 30GHz will see service in at least some 5G deployments. Both licensed and unlicensed spectrum at these frequencies is available in many parts of the world. MM wave frequencies are often appropriate to small cells since they require smaller and less obtrusive antennas, and the inherent signal directionality can multiply spectral efficiency. The core disadvantages for MM waves are less applicability to traditional larger cells along with poor object (e.g., buildings) penetration, but such can again be advantages in terms of frequency reuse. Regardless, more spectrum is required given the throughput and capacity objectives that justify 5G development and deployment – present spectral allocations will most certainly not suffice even with the ability to aggregate smaller blocks of spectrum.

• New enabling technologies – We expect to see higher-order MIMO implementations, sometimes described as “massive” with, for example, 16-64 streams, more aggressive modulation and channel coding, improved power-utilization efficiency, and related advances. Small cells will see frequent application, and the days of large cell towers may be numbered in more densely populated areas. Current trends otherwise at work in networks today, include SDN and NFV, will also see application in 5G, with much infrastructure implemented within cloud-based services. 5G will likely require no major advances in chip or manufacturing technologies, and device power consumption will likely benefit from more limited geographic range even as higher clock rates take a small toll here. Still, much work remains in terms of both technical and feasibility analysis as well as cost, but we see no showstoppers on the horizon. There is no danger of producing another WiMAX that offers marketing hype with no clear advantages over the previous generation, and the overall level of technical risk is low. Perhaps the greatest challenge is schedule slip, as the complex nature of the systems engineering that is required needs more time than many expect.

• Universal application support – 5G as a wireline replacement will have to support every class of traffic and every conceivable device, from broadcast-quality video distribution to telemetry, implantable medical devices, augmented and virtual reality, and advanced interactivity and graphics – and not just for gaming. The list also includes connected and autonomous cars, remotely-piloted vehicles (drones), public safety, building and municipal automation/monitoring/control, and disaster relief. including relocatable infrastructure with moving cells and support for dynamic wireless meshing. Also in the mix are robotics and IoT devices tolerant of limited data throughput and highly-variable latency. We expect literally tens of billions of 5G devices to be deployed over the next decade or so, so the scale of both the challenge and the demand is clear.

• Industry growth – Finally, carriers, operators, and equipment vendors of both infrastructure and subscriber devices simply require the deployment of new technologies with quantifiable end-user-visible benefits from time to time in order to continue to grow their businesses. New subscriber units alone cannot accomplish this goal.

In short, 5G is a business opportunity being designed and implemented to provide all of the communication capabilities and performance we expect from a wireline network. Getting to that point, given all of the requirements above, won’t be easy, quick, or inexpensive.

Source: Network World

We must stay vigilant about security.

During the past few years, the Internet of Things (IoT) has become one of the hottest movements of our time. Although many technology trends and buzzwords come and go overnight, it’s clear that the IoT is here to stay. Almost half of the world's population is online, and technology is a deeply integrated part of our lives. Smart thermostats regulate our business and household temperatures, connected cameras watch over our homes and pets, online TVs and speakers respond to our every need, and intelligent devices constantly monitor our health.

According to Gartner, the number of world-wide Internet connected devices will grow to 11.4 billion by 2018. It’s a phenomenal trend that will continue to spread until human and machine connectivity becomes ubiquitous and unavoidably present.

Of course, anything that develops this rapidly will bring a lot of growing pains, and the IoT is no exception. Security hazards are one of the largest concerns. The market has emerged so quickly that manufacturers have hastily created insecure products in their rush to bring goods to market. Security has received very little, if any attention. Despite this lack of security and the inherent dangers it brings, we continue to buy and deploy these smart gadgets. As Amy Webb, futurist and CEO at the Future Today Institute proclaims: "Technology can be like junk food. We'll consume it, even when we know it's bad for us.”

There’s little doubt that the growth of insecure IoT devices will increase fraud. We’ve already seen numerous attacks against point of sales terminals and ATM machines. Recently, we witnessed how self-propagating malware can infect IoT devices in mass. In October 2016, nearly 150,000 smart security cameras were infected with malware as part of the Marai attack. In that particular assault, the compromised cameras launched a denial of service attack against the internet’s backbone, but the target could just as easily have been financial service organizations.

Today’s cybercriminals are organized, smart, and well equipped. They have the funding and resources to infect millions of IoT gadgets with disruptive mechanisms, spyware, password snatchers, legitimate device imitators, and a host of other nasty contraptions.

The only way to effectively protect ourselves is to stay continually vigilant and stay up to date with the latest knowledge and the most advanced security and fraud prevention tools.  The threats are dramatically changing, and if we want to minimize our risks of being attacked, we must be willing to change and adapt as well.

Source: Network World

A security lapse exposed the PINs of approximately 6 million Verizon customers.

If you're a Verizon customer who's called customer service in the past six months, it's probably a good idea to update your PIN, or the four-digit billing password that protects your account from people trying to impersonate you over the phone.

An Israel-based company called Nice Systems, a Verizon partner, reportedly exposed as many as 14 million records of subscriber calls on an unprotected Amazon S3 storage server, downloadable by anyone with the server's web address. The records show the subscriber's name, phone number, and account PIN. Security firm UpGuard detailed exactly what data was vulnerable in a recent blog post.

Verizon claims that no loss or theft of customer information occurred. In a statement emailed to BuzzFeed News, a Verizon spokesperson said the leaked dataset included the information of approximately 6 million subscribers. "Verizon is committed to the security and privacy of our customers. We regret the incident and apologize to our customers," the statement said.

Why is that bad?

That last bit of data — the security PIN — is especially sensitive information, as it would grant anyone with the four digit number access to your Verizon account. Verizon representatives use this account code (which, BTW, is different than the code you use to access your smartphone) to verify a customer's identity during a customer service call.

With this PIN, hackers can more easily gain access to online accounts (email, social media, banking, etc.) protected by two-factor authentication, which requires a code typically provided by text message in addition to a password.

Hackers would be able to call cell providers, impersonate the user, and change the SIM card on record to their own (which is what happened to Black Lives Matter activist DeRay Mckesson, when his Twitter account was hacked last year). This method of attack essentially reroutes the security code to another device, allowing hackers to bypass two-factor authentication for any account with it enabled.

I'm a Verizon customer, what should I do?

The first thing you should do is change your account PIN, just in case. You can never be too careful with your online privacy. Call customer service at (800) 922-0204, visit a retail store with government identification, or go to vzw.com/PIN. Note that the code *can't* be the last four digits of your Social Security number or cell number.

If you've reused that same PIN for other accounts, make sure you update those, too. It's best to keep all of your PINs unique. Those who have trouble remembering all of their PINs can store them safely in a password manager like Last Pass and Dashlane.

Source: Nicole Nguyen