Daily Archives: Tuesday, February 10, 2015

  • France: internet connection available on trains by end of 2016

    Steve WoodsTech

    Libération reports that the entire French railway network will be connected to the internet between now and the end of 2016, according to French train operator SNCF, alluding to forthcoming works to be conducted with mobile operators and Arcep, the French telecommunications regulator. “We shall work in full cooperation with the operators and what we can say, without making a false promise, is that all French trains will without a shadow of a doubt be able to receive the internet properly between and the end of 2016, ” SNCF chairman Guillaume Pepy stated at the end of a press conference.

    “The first stage is to carry out a proper diagnosis with Arcep and a technical diagnosis of the quality of reception on the network with specially equipped trains and a methodology that will be foolproof,” Pepy added. He stressed that there will then be a need to deal with notspots or areas of poor reception and then get round the table. “We are starting these measurements from March onwards so as to be able to share the initial results of these measurements in April with the four [mobile] operators and Arcep,” explained SNCF’s Digital and Communications Director Yves Tyrode.

    SNCF is going “to facilitate infrastructure access to mobile operators for deployment of their antennas,” he added. “As an addition to this 3G and 4G coverage, SNCF is going to increase wifi coverage, but only in certain specific instances, such as some stations and on TGV trains,” he continued.

    picture of 3 TGV trains
    Three TGV trains. Picture courtesy of Wikimedia Commons

    An invitation to tender is underway to equip TGV trains with internet access (posts passim), whose outcome will be known at the end of June. “We’re going to change technology. Up to now we tested technology which brought wifi and connection by satellite together and we’re going to change to a technology that will ally wifi on the trains with 4G,” he stressed. “The choice made five years ago and which was hailed by everyone, the satellite-based model, did not prove to be pertinent, neither from a technical point of view, nor a commercial one,” Guillaume Pepy commented.

    Originally posted on Bristol Wireless.

  • Students discover nearly 40,000 insecure databases

    Steve WoodsOpen Source, Tech

    Cyber security students at Saarland Univeristy in Germany (which I attended during 1975 and 1976. Ed.) have discovered up to 40,000 insecure databases on the internet, the university reports.

    Worldwide distribution of openly accessible MongoDB databas
    Worldwide distribution of openly accessible MongoDB databases. Source: CISPA

    Anyone could retrieve or even amend several million customer accounts with name, address, email and credit card details via the internet, according to information from the University’s Center for IT-Security, Privacy, and Accountability (CISPA). The cause is a wrongly configured, freely available database on which millions of online shops and platforms around the world are establishing their services. If the operators blindly stick to the defaults in the installation process and do not consider crucial details, the data is available online, completely unprotected. CISPA has already contacted the vendor and data protection authorities.

    “It is not a complex bug, but it’s effect is disastrous”, explains Michael Backes, professor of information security and cryptography at Saarland University and director of CISPA. He was contacted by the students and CISPA employees Kai Greshake, Eric Petryka and Jens Heyens at the end of January. Heyens is a cyber security student at Saarland University and his two fellow students plan to concentrate in this subject in the forthcoming semester. The flaw which they detected affects 39,890 databases. “The databases are accessible online without being protected by any defensive mechanism. You even have the permissions to update and change data. Hence we assume hat the databases were not left open on purpose”, Backes explains. The vendor of the database is MongoDB Inc. Its MongoDB database is one of the most widely used open source databases. Out of curiosity, the students queried a publicly accessible search engine for servers and services connected to the internet and thus discovered the IP addresses companies use to run unprotected MongoDB databases.

    When the students called up the detected MongoDB databases with the respective IP addresses, they were surprised. Access was neither locked, nor protected in any other way. “A database unprotected like this is similar to a public library with a wide open entrance door and without any librarian. Everybody can enter”, explains Backes. Within a few minutes, the students also detected this critical condition in numerous other databases as well. They even found a customer database possibly belonging French ISP and mobile phone provider containing the addresses and telephone numbers of roughly 8 million French customers. According to the students, they also found the data of half a million German clients among those addresses. Another unprotected database detected was that of a German online retailer which included payment information. “The saved data can be used later to steal identities. Even if the identity theft is known, even years later the affected people have to deal with contracts signed under their own names by the identity thieves”, says Backes. The CISPA researchers began contacting MongoDB Inc. immediately, as well as the international computer emergency response teams (CERTs). They informed the French data protection service, the Commission nationale de l’informatique et des libertés, and the German Office for Information Security. “We do also hope that the developer of MongoDB will quickly include our results, incorporate them into its guidelines and forward them to the companies using the database”, says Backes.

    CISPA has released a report of its findings (pdf).