It’s not raining data, it’s pouring

Where on earth are we going to put all this data? Thanks to engineers and programmers, disk drives are becoming more voluminous and combining them into efficient storage systems is getting easier. Taken together, we can see that the challenges we are facing today will be simpler to resolve. But with ever more data predicted to be generated by machines, such as autonomous vehicles and smart factories, coupled with the gigantic quantity of material already being stored and backed-up by humans, will we be able create enough storage for the coming decade’s needs? Or will we have to contemplate a more ruthless approach and start to contemplate what warrants being stored at all?

Balancing HDD against SSD in a world of increasing data

Not only does the amount of data that we store continue to grow unabated, its growth is faster than predicted. The expectation had been that, while the proportion of data stored on flash and SSD increased, there would be a drop in the quantity of data stored on hard drives and magnetic tape. However, it is clear today that all three technologies continue to grow simply because there is so much data to be stored. In 2019 it can be assumed that 90% of the capacity for typical cloud computing applications will be realized with hard disks, with some possibly on magnetic tape, and only 10% will be implemented with SSD. But, since enterprise SSDs cost up to ten times as much as HDDs per unit capacity, the financial investment will be balanced with around 50% spent on HDDs and the same invested in SSDs. These storage systems cover the entire spectrum of applications, from all-flash appliances, to hybrid models with flash for cache or hot data and HDD for cold/warm data, through to pure hard disk-based storage servers.

Helium HDDs to provide ~20TB of storage

All three major manufacturers are now shipping HDD models filled with helium, with 14TB capacities currently available. Over the coming years capacity can be expected to increase at a rate of around 2TB per year, meaning 20TB HDDs should be available at the beginning of the next decade. These hard drives are likely to be optimized for high capacity at a low price, but notable improvements in other technical parameters are not expected. One exception is power consumption, which will reduce as a result of the introduction of helium in HDDs. While air-filled 3.5″ 7200rpm HDDs consumed a relatively constant 11W of power under load, regardless of capacity, the power consumption of helium-filled HDDs lie at around 6-7W. This is as a result of the lower friction of the lighter helium gas. Thus, the introduction of helium-filled hard drives will help to tackle the challenge of increasing energy consumption of data centers. Every watt of power saved by such drives results in less energy required by a data center as well as less dissipated heat, resulting in more economical cooling. A knock-on effect of the reduced temperature is that helium-filled drives also have an increased reliability compared to air-filled drives in continuous operation. This results in far fewer failures and a longer life. Further increases in storage density are also in the pipeline, with technologies such as microwave assisted magnetic recording (MAMR) to be integrated into hard drive write heads.

Storage architectures

We can expect a continuing growth in top-load rackmount storage solutions due to capacity demands. While 60 bays in a 4U format is standard today, there are already enclosures supporting 78 to around 110 bays for 3.5″ hard drives. Instead of opting for hardware RAID, such quantities of drives are configured using software solutions.

Modern software-defined storage systems will continue to dominate, along with scale-out designs such as Ceph clusters, with several storage servers being combined into larger units. Here data protection is no longer ensured through the redundancy of hard disks in the server. Instead, redundancy is implemented through the storage servers nodes available on the server network.

Data explosion

Today there is already an enormous amount of data being generated by people. When we also consider that this data is then backed up in data centers and the cloud, this only serves to multiply the amount of storage needed. To date, the quantity of machine-generated data has been, by comparison, rather low. However, this will change from 2019 onward as solutions and technologies such as autonomous driving, smart factories, IoT and home automation generate further data streams that need to be stored.

The expected amount of data is so large that the current philosophy of data storage is under scrutiny. The harsh reality is that we will need to analyze data before it is stored to determine which data is really important and needs to be retained.

AI, deep learning and blockchain

New computing applications, such as AI, deep learning and blockchain have increased the demands on processing performance dramatically. We can expect these technologies to generate much more data and demand access to storage solutions. Currently it is unclear precisely what impact they will have on storage requirements, as not enough is known about the applications and how they will be implemented. We should, however, start to acquire more clarity as we move through 2019 and into the next decade. What is clear today is that these technologies will even more increase in the amount of data to be stored.

Huawei fights back with $2B security pledge

Huawei has promised to spend $2 billion on cybersecurity. (Oak Ridge National Laboratory)

As the arrest of the company’s chief financial officer captures global headlines, Huawei held a rare public press conference in its headquarters in China to fight back against allegations that the company’s equipment could open the door for Chinese espionage.

“There isn’t any evidence that Huawei poses a threat to national security to any country,” Ken Hu, one of Huawei’s four deputy chairmen, told reporters during the event, according to The Wall Street Journal. “We welcome any open dialogue with anyone that has legitimate concerns. “ … But we will firmly defend ourselves from any ungrounded allegations and we won’t allow our reputation to be tarnished.”

Added Hu: “When it comes to security, we need to let the facts speak for themselves, Huawei’s record on security is clean,” according to Mobile World Live.

At the press event, Huawei pledged to spend $2 billion over the next five years to focus on cybersecurity

Huawei’s efforts come amid increasing global turmoil for the company. A number of countries have moved to ban the company from selling its equipment there, while operators including BT, SoftBank and Deutsche Telekom are reportedly reconsidering the use of Huawei equipment for 5G.

Hu, for his part, noted that Huawei is on track to generate $100 billion in revenue this year, up from $87.5 billion in 2017, and has signed 25 5G commercial contracts. He said the company has already shipped more than 10,000 5G base stations.

But those developments follow the arrest of Huawei’s CFO,  ­the daughter of the company’s founder ­in Canada due to requests from U.S. officials, who are looking to extradite Meng Wanzhou to the U.S. as part of an investigation into Huawei’s alleged use of the global banking system to evade U.S. sanctions against Iran. Meng was recently released on a $7.5 million bail.

Although Huawei has not been able to sell equipment or smartphones to the major wireless network operators in the U.S., a large number of small and regional wireless network operators do use equipment from Huawei. Further, they have been arguing forcefully that Huawei should not be banned completely from the U.S. market.

Indeed, the Rural Wireless Association in the U.S. recently said it believes fully a fourth of its membership currently uses equipment from Chinese suppliers like Huawei.

Can Technology Be Trusted

Since the industrial revolution, technology has changed society continually. Largely due to innovations in semiconductor electronics, software and computer technology, the pace of technological development has continued to accelerate over the past 50 years.

Personal computers now fit into your pocket. You have access to people and information all over the world through the Internet. Anything up to the size of a small building can be printed. Just about everything — from your house to your car — is becoming intelligent.

Yet every leap forward in technology is accompanied by concerns over its potential use or misuse. Most recently, concerns have ranged from the use of artificial intelligence to create smart weapons and unstoppable hacking bots, to 3D printed guns that are undetectable by traditional security scanners.

Unfortunately, much like the news itself, by the time people grow concerned about the possible negative applications or misuse of the technology, that misuse already is possible.

Innovation Begets Innovation

Innovation itself is a catalyst for future innovation. As a result, an innovation by one person or organization enables and encourages innovations by others.

Consider that initial innovation in 3D printing, using plastics, enabled innovation in printing using a wide variety of materials, ranging from ceramics to metals and glass. Likewise, 3D printing spawned innovations in printing cars, buildings and, yes, even guns.

The process happened so fast that plans for 3D printed weapons were available well before the airing of recent concerns about the release of plans for such weapons. This topic is just now becoming a focus of government bodies and various organizations. The fact is, regulations have not curbed the development of the technology, nor are they likely to prevent its proliferation.

Additionally, many innovations are the result of research for malicious purposes — or as we like to call them, defense. I have been in the tech industry for over 30 years and spent a considerable amount of time working around military and aerospace applications. What most people don’t realize is that many of the innovations in our lives are a direct result of military and aerospace applications and other government-funded research.

Everything from wireless communications to the predecessor of the Internet to autonomous vehicles has been a focus of government research. In the U.S., funding comes from multiple sources, including the Defense Advanced Research Project Agency (DARPA), the Department of Energy, the Department of Defense, NASA and many other organizations.

As a result, a new technology often is developed and implemented in a variety of applications long before society becomes aware of it, or expresses concerns about it — long before it is utilized in consumer applications. Government applications often include weapons.

Note that this pattern is not limited to electronics. The same is true for energy, chemical, biomedical and other forms of technology. Additionally, advances in one form of technology often enable advances in other forms of technology.

Advances in AI are rapidly accelerating advances in other technologies by enabling the ability to build models and simulations larger and faster than humans are capable of processing. As a result, technology is moving so fast that it is impossible to see all the potential consequences, much yet the applications, in advance.

This may be one reason that the entertainment industry often depicts the future so negatively — and so often as the result of technology. It reflects our collective fear of those unintended consequences.

Regulator Ignorance

Yet today, technology impacts just about every aspect of our lives. Technology is also a key driver in economic growth and the generation of wealth. Technology companies are driving advances in global stock markets, and the technology they develop is powering the markets and the investors in those markets.

So, despite some of the negative ramifications of technology, the world generally benefits from continued advances.

While many believe that there should be some curbs or control over certain technologies, the reality is that regulators often are ignorant about technology, and bureaucracies cannot react fast enough to have any significant impact on its progress.

Given the impacts of technology on the economy and society, it’s not clear that regulators should be interfering with the pace of technological innovation.

Innovation comes from everything from garage tinkerers to multibillion-dollar organizations. Where would we be if regulators tried to control the founders of Apple and Microsoft, or current tech leaders like Amazon and Google?

The rate of technological innovation is increasing, and concerns over the use of technology often lag the innovation. As a result, many people put an inherent trust in the technology.

Society wants to believe that technology will be used for the common good. However, technology can and will continue to be used for any and all possible applications. The trust really should be in the belief that people and society will use technology in a positive manner — not for malicious purposes. Further, people should not fear the pace of technology, but accept that the future still holds enormous possibilities.

8K Is Getting Real

Looking Ahead to CES 2019

ONE Media to demo new ATSC 3.0 chip

LAS VEGAS­ Just before the 2019 CES begins Jan. 8, the Consumer Technology Association will reveal its annual electronics sales forecast, and for the first time 8K ultra high definition TV sets will be included in the forecast.

“8K is getting real,” says Steve Koenig, CTA’s vice president of market research. “We’ve seen 8K in previous years, but now I expect every manufacturer will show 8K equipment, and there will be big announcements about plans to begin shipping 8K sets later in the year.”

Koenig’s forecast will also confirm the strength of the television receiver market, showing that 55-inch 4K UHD displays are “now the industry standard,” a dramatic jump from the 42-inch screen which had been the mainstay of the flat-panel industry for several years. Koenig also expects that 65-inch sets will be heavily promoted at CES.

Although Koenig admits he has “no idea” about the pricing for 8K equipment, he expects the sets will be just one aspect of the renewed focus on TV devices. Advanced TV display technology, including rollable screens, micro LEDs from Samsung and Sony’s short-throw laser projection are among products Koenig expects to see at next year’s CES.

THE RISE OF ‘C-SPACE’

CTA’s Karen Chupka, senior vice president, CES & Corporate Business Strategy, affirmed the staying power of television sets despite the boom in alternative viewing devices.

Expect LG and Samsung to use the 2019 International CES to promote their competing OLED vs. QLED display technologies.

“At one point, everyone thought the TV set would become a dumb device, yet TVs have become smarter,” Chupka said. “TVs are still a huge part of our everyday lives. While we have all these great technologies being built into things we never thought of, at the end of the day, people are still using TVs, albeit interfacing with them in different ways.”

Citing the rapid adoption of streaming video, as well as user-created content, Chupka characterized as “incredibly important” the growing reality that “content resides on all our devices.” Focusing on the growth of “C Space,”­a conference and exhibit area at CES aimed at content producers, marketers and distributors­ she focused on the growing role of analytics and other tools that help marketers and programmers evaluate new opportunities.

“We created C Space with the intent to bring branding, content and marketing people under one roof,” Chupka told TV Technology. “There is so much knowledge about who’s watching what and the ability to create diverse programming. All this data and analytics are becoming more and more important to understanding audiences.”

This year, “Sports Zone,” a popular component of the CES in recent years, has been moved to C Space, because it’s “such an important tie-in,” Chupka explained. The combination means that 2019’s C Space will be twice the size of last year’s event, which drew 22,000 attendees. Chupka expects a larger crowd this year.

Other technologies such as ATSC 3.0 will be less visible­ but not absent from the halls and suites at CES. Koenig does not expect manufacturers to demonstrate 3.0 devices on the show floor, although such products may be on display at the 2020 CES.

WELCOME TO ‘THE DATA AGE’

Along with 8K introductions, Koenig expects other video developments.

“What matters is picture quality,” he said. Technically advanced consumers will be looking for advanced features, such as high dynamic range. Koenig’s research also indicates that 4K sets will dominate U.S. TV sales in the coming year. Nearly half of all new receivers will have 4K displays in 2019, and that figure will rise to 55 percent by 2020, Koenig said.

Television sets are the number one most-owned technology in America, in 96 percent of U.S. homes, according to CTA’s research, with smartphones (86 percent) coming in second place.

“Even in this mobile-driven era, the TV remains the centerpiece of technology in U.S. homes,” Koenig added. “TV is still a major attraction at CES.” He expects that one major issue next month will be the intense global competitive market, especially as more TV brands from China offer innovations, just as Japanese and Korean companies have done in recent years.

At their presentation at the “CES Unveiled” preview in New York last month, Koenig’s CTA research colleagues predicted an upbeat holiday sales season, predicting that 164 million adults (about two-thirds of American adults) will purchase technology gifts, spending an average of $464. TV receivers remain the most popular item on the holiday wish list, similar to 2017, with notebook/laptop computers and smartphones/tablets filling the next two spots.

In their presentation, Ben Arnold, CTA’s senior director-innovation and trends, and Lesley Rohrbaugh, director-market research, introduced a new strategic perspective, calling 2020 the start of the “Data Age,” following the “Digital Age” (2000) and “Connected Age” (2010). They singled out the growing use of artificial intelligence­ where IoT, which usually stands for “Internet of Things”­has been updated to the “new” IoT: “Intelligence of Things,” in which digital assistants become more specialized and a range of home products are integrated into a “whole home view.”

READY FOR ATSC 3.0

Pearl TV, the alliance of eight broadcast companies promoting Next Gen TV, will be active during CES in anticipation of its 2020 service launch, according to Anne Schelle, managing director.

“Our entire focus is on the commercialization of the very flexible ATSC 3.0 standard,” of Pearl TV, Schelle said. The organization’s leaders and its Phoenix model market partners will be at CES “meeting with various ecosystem partners, reaching out to consumer device manufacturers, automotive manufacturers, and other players to share our service requirements and plans resulting from the Phoenix tests,” she said.

Schelle contrasted the 3.0 rollout to the high-definition transmission and reception launch 20 years ago, which “took several CES and NAB Shows to accomplish.”

“It’s moving much faster in today’s digital environment,” she said. “While we don’t anticipate seeing much in the way of ATSC 3.0 receivers on the show floor itself in 2019, we know that ‘behind the scenes’ discussions will be about new partnerships and new capabilities of future television products ­just like conversations in past years.

“CES will be another opportunity to explain how this transition is different than the last one, and how broadcasters are embracing the Internet Protocol capabilities of the new standard,” Schelle added.

Separately, ONE Media, the Sinclair Broadcasting technology unit that is developing Next Gen TV services, will privately demonstrate three configurations of its chip for ATSC 3.0 devices. There will be a simple demodulator package, a demodulator with analog/digital conversion capability and a demodulator with analog/digital conversion plus an embedded turner, according to Mark Aitken, president of ONE Media and Sinclair’s vice president of advanced technology.

First versions of the chip, which was developed by Saankhya Labs, an Indian firm in which Sinclair holds a major stake, were due to be delivered during the past month from a Samsung foundry. The single-chip receivers feature a low-power embedded antenna and were also designed for use in moving vehicles. The chips include a closely coupled antenna array to insure reception in a high-speed mobile environment, according to Aitken. “We’re going after the largest possible markets, including the global market for set top boxes,” Aitken told TV Technology. The new multi standard SDR (software defined radio) chip will support 23 broadcast standards, he added. ONE Media will demonstrate the technology privately in a hotel suite during CES and expects “we’ll have more to show” (possibly on the exhibit floor) at the 2019 NAB Show, Aitken said, adding that he also plans to demonstrate the chip’s capabilities at the Mobile World Congress in Barcelona in late February.

Aitken declined to discuss pricing, but said that even in low quantities, the price point will be “a fraction” of what other companies are charging for SDR chips.

SENSORY OVERLOAD

Beyond the renewed vigor within the video category, CES continues to expand its reach into countless digital realms ­thereby attracting an ever more diverse array of exhibitors and attendees. For example, the Eureka Park exhibit area­ where start-ups and young companies can display their innovations­ will have 1,200 small booths next month, up from 1,000 in 2018 and six-fold the size of the first Eureka Park five years ago.

Overall, more than 4,500 exhibitors have signed up to show their wares in the 2.75 million square feet of space at CES’s three major venues in Las Vegas (Tech East, Tech West and Tech South, all of which include multiple buildings), CTA’s Chupka said. Floor space and the expected attendee roster of more than 180,000 people are “tracking ahead of last year,” Chupka added. About one-third of attendees are based outside the United States, and CTA’s tally shows that 65,000 people carry a “senior-level executive” title.

In addition to the Prince of the Netherlands and the United Kingdom’s Minister of Trade, 10 other overseas Ministers will take part in the programs.

Chupka is particularly enthusiastic about the growth of C Space, with its larger-than-ever presence by Hulu, NBCUniversal, Turner, Google and other old and new media companies. CES has expanded its “Marketplace” clusters of technologies ­each focused on purveyors in categories such as robotics, artificial intelligence, virtual reality, smart cities and travel.

Koenig pointed out the continuing explosion of new programming, including material created for streaming, subscription video-on-demand and other platforms.

“There is so much content out there,” he said, speculating that the “mosaic of sources can be a ‘Frankenstein monster’ of content that consumers have trouble wrangling.” He said he’ll look for ways that artificial intelligence can better help consumers curate their choices. Koenig cited the predictive algorithms (recommendation engines) of Netflix and Amazon Prime which steer viewers to shows they like.

“As algorithms get better and better and train the AIs,” Koenig said he expects that the services will bridge to other digital assistants that will help consumers make viewing decisions. He cited a service, which will be on display at CES, in which LG uses Google Assistant to enable viewers to control the TV.

“It will be interesting to see what is the next level of integration beyond command and control, getting into curation,” Koenig said.

Among other features that he expects to emerge at CES is more audio for home theater, such as a new Dolby Atmos technology that provides “an enormously rich, immersive sound field to go with 4K or 8K.”

WHERE CONTENT AND TECHNOLOGY MEET

The CES 2019 keynote speaker line-up includes a first-time appearance by LG Electronics President/CTO Dr. I.P. Park, who will appear at a Monday night pre-show event to discuss how artificial intelligence has become the company’s main growth engine.

The CES conference program ­spread over the four days of CES, Jan. 8–12, encompasses more than 250 sessions on dozens of topics. The keynote speaker line-up includes a first-time appearance by LG Electronics President/CTO Dr. I.P. Park, who will appear at a Monday night pre-show event to discuss how artificial intelligence has become the company’s main growth engine. Park is also expected to describe how AI will affect nearly every major industry from technology to healthcare, agriculture, transportation and engineering.

Other keynoters include IBM Chairman/President/CEO Ginni Rometty, who will also discuss AI and quantum in the context of trust and transparency, and Verizon CEO Hans Vestberg, who will (according to CTA) “take a deep dive into the impact of 5G,” especially for use in building smart cities infrastructure. AMD President/CEO Dr. Lisa Su will examine next-generation of computing, especially in terms of gaming and virtual entertainment.

FCC Chairman Ajit Pai is scheduled to sit down with CTA President/CEO Gary Shapiro for a half-hour on-stage chat about regulatory issues on the first day of CES. Other members of the FCC and Federal Trade Commission are expected to join various public policy sessions, which had not yet been confirmed at press time. International trade issues will also be on the agenda, Chupka promised.

Even after more than 20 years of overseeing CES, Chupka seemed awed at the velocity of changes now infusing the technology industry.

“One thing I think that will be surprising is how many advances there will be apparent in just one year.”

Spam calls jumped over 300% in 2018

According to the yearly report published by Stockholm-based phone number-identification service Truecaller, spam calls grew by 300 percent year-over-year in 2018. The report also found that telecom operators themselves are much to blame.

Between January and October of this year, Truecaller said, users worldwide received about 17.7 billion spam calls. That’s up from some 5.5 billion spam calls they received last year. For its study, Truecaller says it looked at aggregated data of incoming calls that its users marked as spam, as well as other calls that were automatically flagged by its system.

One of the most interesting takeaways from the report is a sharp surge in spam calls users received in Brazil this year, making it the most spammed country in the world. According to Truecaller, an average user in Brazil received over 37 spam calls in a month, up from some 20 spam calls during the same period last year.

According to the report, telecom operators (at 32 percent) remained the biggest spammers in Brazil. The report also acknowledged the general election as an event that drove up spam calls in the country.

India, which was the most spammed country in the world last year, saw a marginal decrease (1.5 percent) in the volume of spam calls users received this year. As in Brazil, Indians were bombarded by telecom operators (a whopping 91 percent of all spam calls came from them) and service providers trying to sell them expensive plans and other offerings.

Spam calls received by users in the U.S. were down from 20.7 calls in a month to 16.9, while users in the U.K. saw a drop in their monthly dose of spam calls from 9.2 to 8.9. Other European markets, however, witnessed a big surge in spam calls. Spain saw a 100 percent increase, Greece a 54.1 percent rise, and users in Italy reported a 22.7 percent increase.

Losing money

Truecaller also reported that scam calls subjecting victims to fraud attempts and money swindling are still a prevalent issue. One in every 10 American adults lost money from a phone scam, according to a yearly report the firm published in April this year (Truecaller worked with the Harris Poll to survey over 2,000 Americans aged 18 or higher). Scam calls cost 24.9 million people in the U.S. an estimated $8.9 billion in total losses.

And such scams are a global issue. Canada saw a 67 percent increase in scam calls, while users in the U.K. and India reported receiving twice as many scam calls this year.

Government agencies and companies worldwide are scrambling to get on top of the problem. In the U.S., both the House and Senate held hearings on the issue of robocalls this year. The FCC urged telecom operators to stop robocalls by next year. And some are pushing for stronger measures.

Massachusetts senator Ed Markey (D) and South Dakota senator John Thune (R) last month introduced a bill to significantly ramp up penalties for illegal robocalls. India’s telecom authority forced Apple to make changes to its iOS mobile operating system to support an app that can detect unwanted spam calls and texts. In China, Apple and local telecom operators are exploring the use of machine learning to curb spam texts. And Google is slowly expanding the reach of its Duplex technology, which, among other things, frees users from the annoyance of spam calls.
=========

Use a VPN for Safer Online Shopping

With the holidays fast approaching,
are you looking to buy presents online?

The holiday season has become synonymous with online shopping. This isn’t really surprising as physical stores usually attract crowds of deal hunters. This often conjures up images of throngs of people waiting in line outside the store, some even camping out. This activity is tolerable for some and even fun for others. However, for many others, it’s not worth the hassle.

Why would it be, when there are perfectly legitimate and convenient alternatives online?

Well, for one thing, many people shop online without first thinking about their security. Most people are led to believe — or want to believe — that all e-commerce sites are secure. This isn’t completely true. With so much personal and financial information being exchanged, online shoppers aren’t the only ones enjoying the holiday rush — cybercriminals are too!

Still, it’s possible to add security to your e-commerce transactions by using a virtual private network. A VPN can help you enjoy your online shopping experience without worrying about falling prey to cybercriminals.

The Cybercrime Problem

First, here are some of the pressing reasons for securing e-commerce transactions in the first place.

As you know, e-commerce stores usually require you to register with their site in order to enjoy their services. This involves trusting them with your personal information, usernames, passwords, and credit card details — information that you’d rather did not fall into the wrong hands.

The thing is, cybercriminals know this fact. They will descend to any depth just to get their hands on such information. How exactly do they do this?

KRACK Attacks
A KRACK (key reinstallation attack) is a severe replay attack on the WiFi Protected Access protocol that secures WiFi connections.

An attacker gradually matches encrypted packets seen before and learns the full keychain used to encrypt the traffic by repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake. This attack works against all modern WiFi networks.

Simply put, KRACK attacks can intercept sent data by infiltrating your WiFi connection, no matter which major platform you’re on (Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others). These attacks require the attacker to be within the range of the WiFi connection they’re trying to infiltrate, which means they might lurk somewhere near or inside your home, office or school.

MitM Attacks
In a MitM (Man-in-the-Middle) attack, the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

This attack can succeed only when the attacker can impersonate each endpoint to the other’s satisfaction, delivering results as expected from the legitimate ends.

In the context of e-commerce transactions, these attacks are done on unprotected WiFi networks like the ones you find in airports, hotels and coffee shops. This is actually one of the reasons I often suggest that people stay away from public WiFi unless they’re packing some security software.

With this type of attack, you never know if the person sipping coffee at the next table is simply checking up on social media accounts or is actually sifting through the data being sent by other patrons.

Rogue Networks
Imagine yourself going to a downtown hotel to visit a friend. You wait in the lobby and decide to connect to the hotel WiFi while you wait. You find that there seem to be two networks with the same name, so you connect to the one with the stronger signal.

STOP! You may be connecting to a rogue network.

Rogue networks are ones that impersonate legitimate networks to lure unsuspecting users into logging in. This usually is done by setting up near a public WiFi network and then copying that network’s name, or making it appear that it’s an extension of the legitimate network.

The main problem with this is that you never know who set up the rogue network or what data is vulnerable to monitoring and recording.

The Green Padlock’s Trustworthiness
Now, you may have heard that HTTPS sites can give you the security you need while you visiting them. Most, if not all, e-commerce sites are certified and will have a green padlock and an “HTTPS” prefixing their URL to reassure visitors that their transactions are safe and encrypted.

Hypertext Transfer Protocol Secure, HTTPS, is a variant of the standard HTTP Web transfer protocol, which adds a layer of security on the data in transit through a secure socket layer (SSL) or transport layer security (TLS) protocol connection, according to Malwarebytes.

The thing is, just because your connection to a site is encrypted doesn’t automatically make the site safe. Bad actors actually can forge SSL certificates and make it appear that their site is safe. Even worse, anyone can get an SSL certificateeven cybercriminals. The certificate authority simply needs to verify the site owner’s identity and that’s it — the owner gets an SSL certificate.

Now, bringing it all back, I’m not saying that all sites with green padlocks are unsafe. What I am saying is that you shouldn’t rely solely on the presence of these green padlocks to keep your transactions safe.

A VPN Can Provide Security
I’m now getting to the meat of the matter: using a VPN to secure your e-commerce transactions.

A virtual private network, or VPN, is software that routes your connection through a server or servers and hides your online activity by encrypting your data and masking your true IP address with a different one.

Once you activate the client, the VPN will encrypt your data, even before it reaches the network provider. This is better understood if you have basic knowledge of how online searches work.

Let’s say that you’re looking to buy some scented candles to give as emergency gifts. You open your browser and type in “scented holiday candles” and press “search.”

Once you do, your browser will send a query containing your search words. This query first goes through a network provider (your ISP or the owner of the WiFi network you’ve connected to), which can monitor and record the contents of these queries.

After going through the network provider, your query is sent to a DNS (domain name system) server that searches its databanks for the proper IP address corresponding to your query. If the DNS server can’t find the proper IP address, it forwards your query until the proper IP address is found.

The problem with this is that the contents of your query consist of easily readable plain text. This means that hackers or your ISP are able to view and record the information contained therein. If that information is your name, username, password, credit card information, or banking credentials, they’re in danger of being viewed or stolen.

These queries also can be traced (by hackers or your ISP) back to your IP address which usually is traceable to your personal identity. This is how bad actors infiltrating your connection can discover what you’re doing online.

So, with a VPN active, your online transactions and private information will get an extra layer of protection through encryption and IP address masking.

When discussing VPNs, it’s always important to consider the protocols they use. These protocols determine the security level and connection speed. As of this moment, there are five major VPN protocols:

  1. PPTP (Point-To-Point Tunneling Protocol) – PPTP is one of the oldest protocols still in use today. It originally was designed by Microsoft. The good thing about this protocol is that it still works on old computers. It’s a part of the Windows operating system, and it’s easy to set up. The problem is, by today’s standards, it’s not the most secure. You wouldn’t want a VPN provider that offers this protocol alone.
  2. L2TP/IPsec (Layer 2 Tunneling Protocol) – L2TP/IPsec is a combination of PPTP and Cisco’s L2F protocol. On paper, this protocol’s concept actually is quite sound: It uses keys to establish a secure connection on each end of your data tunnel. The problem is in the execution, which isn’t very safe.
    While the addition of the IPsec protocol does improve security a bit, there are still reports of NSA’s alleged ability to crack this protocol and see what’s being transmitted. Whether the rumors are true or not, the fact that there’s a debate at all should be enough of a warning to anyone relying on this protocol.
  3. SSTP (Secure Socket Tunneling Protocol) – SSTP is another protocol that traces its roots to Microsoft. It establishes its connection by utilizing SSL/TLS encryption which is the de facto standard for modern day Web encryption. SSL and TLS utilize setups built on symmetric-key cryptography in which only the two parties involved in the transfer can decode the data within. Overall, SSTP is a very secure protocol.
  4. IKEv2 (Internet Key Exchange, Version 2) – IKEv2 is yet another Microsoft-built protocol. It’s simply a tunneling protocol with a secure key exchange session. Although it is an iteration of Microsoft’s previous protocols, it actually provides you with some of the best security. It requires pairing with IPSec to gain encryption and authentication, which is what most mobile VPNs use because it works well while your VPN reconnects during those brief times of connection loss or network switching. Unfortunately, there is also strong evidence that the NSA is spying on mobile users using this protocol.
  5. OpenVPN – This takes what’s best in the above protocols and does away with most of the flaws. It’s an open source protocol based on SSL/TLS, and it is one of the fastest and most secure protocols today. It protects your data by using, among other things, the nigh-unbreakable AES-256 bit key encryption with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm. One notable flaw it does have is its susceptibility to VORACLE attacks, but most VPNs already have solved this problem. Overall, it’s still the most versatile and secure protocol out there.

About Free VPNs and Jurisdictions
Now you’ve learned about the risks you may face with your e-commerce transactions and how you can avoid those risks by using a VPN with the right protocol. However, you may have heard rumors about VPNs not being as safe as they seem to be.

These rumors are partly true.

Not all VPNs can be trusted. There are VPNs that purport to be “free forever” while you’re actually paying with your personal information. Needless to say, you should avoid these types of VPNs and instead look for trustworthy VPN services.

Another rumor you may have heard is that trusting VPN companies with your personal data is just as bad as trusting your data to your ISP. This is only true for VPNs that log your data and are situated in a jurisdiction under any of the 14-eyes countries. This is why you should look into your VPN’s logging and privacy policy, as well as the country it is situated in.
In Conclusion
Buying online for the holidays can be an enjoyable and fulfilling experience if your transactions are secure. Protect your private information from KRACK, MitM, and rogue networks by using a VPN to encrypt your data and hide your IP address.

When using a VPN, remember to choose the most secure protocol available, and beware of free VPNs or those that log your data while inside 14-eyes jurisdictions.

Follow these steps, and you’ll be well on your way to more secure e-commerce transactions

Andy Marken, President
Marken Communications