After setting up a new Cisco Wireless LAN Controller (WLC), I decided to go ahead and setup a spare Cisco Lightweight Access Point (LAP) to connect to it. I did so by changing DHCP option 43 to point to the new WLC instead of the old one for that DHCP reservation. I plugged in the AP and… Damn, it still connected to the production WLC. I rebooted it again, and then a third time. After multiple restarts it was still connecting to the production WLC time and time again. I even went so far as to setting the LAP’s primary controller to point to the new WLC. Still, it failed to register with the new WLC and instead kept hitting the production one.
That’s when I remember, LAPs can use a DNS record to find the WLC they’re supposed to use if it can’t find one via DHCP option 43. I fire up DNS and sure enough, there are the two entries:
Both were A records pointing to the production WLC. Since every subnet our LAPs are a part of use DHCP option 43, it wasn’t completely necessary for these records to be around. Thinking that was the cause of my problems, I went ahead and removed the records. After waiting a few minutes for DNS to propagate to the other DNS servers, I rebooted the LAP one more time. This time it didn’t connect to the production WLC. Success! Or was it?
On November 20th, 2012 Comcast hijacked my HTTP traffic and re-routed it through their own servers, injecting a “notice” on the page before completing the request. What this means is instead of my web request being routed to the website I wanted to visit, Comcast took it upon themselves to hijack my web traffic, forcing it to go through their servers instead. This poses a massive security risk for users since there’s no telling what type of logging Comcast uses on their end. Why did they do all this? To force a “courtesy notice” on every webpage I visit until I logged into my Comcast account because I was within 90% of my new 300GB limit?
In my testing I discovered that this only affects HTTP traffic and not HTTPS traffic. What this means is while your online banking may be safe, any other website you visit over HTTP may cause your privacy to be at risk. This is a prime example of why SSL encryption on websites is so important. However, it may only be a matter of time before Comcast starts executing man in the middle attacks on SSL traffic. Continue reading
Around this time last a year 802.1x was configured on our wireless network. Everything worked fine for the most part until this morning. All wireless devices on the SSID configured for 802.1x were failing to connect. Non 802.1x SSID’s were fine, so it wasn’t an issue with the wireless access point being down. Additionally the network was being broadcast across multiple physical locations in different states and they all seemed to be down. Since no changes were made to the Cisco Wireless LAN Controller it must be an issue outside of the individual access points.
Taking a look at the RADIUS logs on the Cisco ACS yields this Christmas colored mess: Continue reading
Handing over sensitive information to startups that are only a few minutes old can lead to bad, bad things.
The startup under fire today is a web service by the name of Ice Box Pro posted on Hacker News today proved that point. The service was designed as a way to back up filed to Amazon Glacier that you put in a special Dropbox folder. I was curious to see how well it performed, so I decided to sign up and give it a test run. What follows is a perfect example on how not to handle security. Continue reading
AT&T has the following chart on their webpage at http://www.wireless.att.com/learn/international/roaming/international-roaming.jsp which outlines roaming rates while outside the U.S. We’re going to concentrate on the Text Messages row, also known as SMS messages.
|SENDING TEXT, PICTURE, AND VIDEO MESSAGES WHEN OUTSIDE THE U.S.
||$0.50 per message sent
|Picture and Video Messages
||$1.30 per message sent
I did the math and Tweeted my findings.
I was with Cingular until they switched to AT&T and everything was going fine until just a few years ago. First they took away unlimited data once phones came out that could actually use more than 200MB a month. Then they started charging more for tethering and threatening to remove the unlimited data plan users were grandfathered into for tethering with third party applications. And finally, most recently, they are once again forcing users to use the data they already pay for in the way that they want to. It is this reason that my relationship with AT&T will soon be over as I move to a company that doesn’t charge you more for less, and doesn’t screw you over (as much). While Verizon has done its fair share of being evil, their purchase of the 700Mhz wireless spectrum has made them unable to screw you over to the extent of AT&T due to restrictions in place by the FCC.
$9.99 a month – 50 GB storage + 32 GB referral space + 250MB bonus = 82.25GB
Dropbox offers 2GB of online storage completely free. The free plans have a referral limit of 8GB resulting in a maximum of 10GB of free storage plus 250MB if you complete the getting started steps. If you convert to a paid plan (starting at $9.99 a month) then the amount of extra space you can get from referrals doubles to 16GB. In addition, instead of receiving 250MB per referred user, you gain 512MB. The increased bonus is retroactive so your bonus space will double once you make the switch. Continue reading
MobileMe is Apple’s attempt to help users keep their data in sync. However, there is one problem with MobileMe: It costs $99 a year. While many users may be able to justify spending $99 a year to keep their data synced between their devices, others may find it outrageous and, as it turns out, there are free alternatives to MobileMe. Continue reading
The iPad vs HP Mini Netbook is a much heated debate amongst mobile devices.
When you compare, there’s no comparison
Ultimatrix pointed out where Steve Jobs compared the iPad to a Netbook, so you can stop posting comments about comparing two completely different devices.
Skip to 1:30
The problem is, Netbooks aren’t better at anything
- Steve Jobs
Well Steve, let’s see what the Netbook is better at.
Last week I wrote an article comparing Amazon S3 and Cloud Front to Rackspace Cloud Files. Since then I have gotten additional requests to compare more content delivery networks. The following is a comparison of Amazon Cloud Front, Rackspace Cloud Files, SimpleCDN, and GoGrid CDN. I tried to cover as many bases as I could. Please let me know if I missed anything.
We will start by taking a look at the response time for the three services over a period of 1 week
Rackspace Cloud Files came in first place with an average response time of just 69ms, however, GoGrid CDN was very close behind with 70ms. In third place was Amazon Cloud Front with an average response time of 225ms and in last place was SimpleCDN with an average response time of 402ms. Here’s a chart with the four Content Delivery Network’s average, fastest, and slowest response times over a period of one week. Continue reading