OpenSSL Heartbleed Vulnerability discovered

security_image.jpg

On April 7th there was a serious security flaw discovered with OpenSSL and the problem is being called “Heartbleed”. Some major companies have been affected by the security flaw including Google, AWS and Rackspace, which plan to release patches quickly to fix the issue. Any company that uses OpenSSL to terminate SSL connections could find themselves facing issues with Heartbleed. To be proactive to the growing news we’ve received statements from Peplink to inform customers that their routing platforms aren’t affected by the Heartbleed OpenSSL Flaw:

Peplink/Pepwave Statement:

“On April 7th, a serious security issue called "Heartbleed" in OpenSSL was made public. We have since reviewed our products and online services for the impact.

Peplink has verified and confirmed that all of our products are not affected by this vulnerability - including Balance, MAX, FusionHub, AP One/Pro, Surf, Device Connector families.

As for the online services, they are either unaffected or we have been able to apply mitigation to fully resolve the issue.

There is no customer action required on your part.

Thank you for your attention.

The Peplink Team“   

3Gstore.com Statement:

We have ran internal tests to check for the OpenSSL security vulnerability and passed the check. 3Gstore remains PCI Compliant and is unaffacted by the security flaw! When you shop with 3Gstore you can ensure that your data is safe and you'll experience a smooth transaction and speedy delivery of equipment. 

Cradlepoint Statement:

In response to the critical security vulnerability discovered in the OpenSSL cryptography software library (CVE-2014-0160), nicknamed “Heartbleed,” CradlePoint has taken steps to incorporate the OpenSSL version 1.0.1g into its latest firmware and Enterprise Cloud Manager. The purpose of this email is to inform you of the vulnerabilities and the steps necessary to remediate this issue.

If exploited, this vulnerability could allow attackers to monitor all information passed between a user and a web service or decrypt past traffic they’ve collected. More details can be found here: http://heartbleed.com.

Affected Products

CradlePoint recommends immediately upgrading products to the upcoming firmware versions (available 4/14/14) in order to mitigate this vulnerability. The following are affected products (with firmware versions 4.2.0 and later):

  • AER 2100

  • ARC MBR1400

  • MBR1400

  • MBR1200B

  • ARC CBA750B

  • CBA750B

  • COR IBR600

  • COR IBR650

  • CBR400

  • CBR450

  • MBR95

WAN INTERFACES

On WAN interfaces routers were only exposed to risk under the following conditions:

1) Remote access is enabled (setting disabled by default)

2) AND remote administration access control is not enabled (setting disabled by default).

LAN INTERFACES

On LAN interfaces routers were only exposed under the following conditions:

If the network allows Admin Access, which is the default for the Primary LAN. Guest LAN default settings do not allow Admin Access and are not exposed to this vulnerability. Admin Access can be checked using the Network Settings / WiFi / Local Networks tab, listed for each network in the “Access Control” section.

PLEASE NOTE: Product firmware is still affected by this bug and CradlePoint recommends firmware upgrades for all affected products.

Products Not Affected

  • CBA750 (prior version to CBA750B)

  • CTR35

  • CTR250

  • CTR350

  • CTR500

  • CX111 (Juniper)

  • MBR90

  • MBR800

  • MBR900

  • MBR1000

  • MBR1100

  • MBR1200 (prior version to CBA1200B

  • PHS300

  • PHS2000W

Firmware Patch Available 4/14/2014

  • 5.1.1 – AER 2100, ARC MBR1400, MBR1400, MBR1200B, ARC CBA750B, CBA750B, COR IBR600, COR IBR650

  • 5.0.4 – MBR95

Download the latest firmware (new versions available 4/14/14).

Sierra Wireless Statement: 

This bulletin provides information about the impact of CVE-2014-01601 on AirLink gateways.

 

AirLink gateways running ALEOS are not affected by the issue described in CVE-2014-0160. Known as 'Heartbleed'.

 

Update: You can use this website to check any server to see if they were inpacted by Heartbleed - http://filippo.io/Heartbleed/

 

 

Sprint to shut down WiMAX network by end of 2015

sprint_logo_white.jpg

Sprint was the first official carrier to launch 4G service but opted to go with WiMAX instead of LTE. Unfortunately for Sprint WiMAX ultimately failed due to poor in building coverage and LTE on lower frequency bands took preference by the majority of consumers. Recently Sprint filed a 10G form with the Securities and Exchange Commission stating they’ll shut down 4G WiMAX by the end of 2015. “As a result of the Clearwire Acquisition, we expect to continue to migrate from Clearwire’s wireless broadband technology to LTE technology through the deployment of Network Vision utilizing the 2.5GHz spectrum acquired,” Sprint said in the paperwork, also mentioning they’ll be shutting down 4,300 cell sites that won’t be needed after the switch to 4G LTE.

 

T-Mobile offers top 4G LTE speeds according to RootMetric Study

t_mobile_lte_speed.jpg

Recently OpenSignal released a study to test the latest LTE speeds by carriers and T-Mobile has taken the lead as the fastest network available. Previously T-Mobile complained to RootMetric stating their study was out of date and the report didn’t show the results after their latest network upgrades. The OpenSignal study confirms that RootMetric’s report was out of date and shows that T-Mobile has the fastest LTE average speeds at 11.5Mbps. This doesn’t change the fact that Verizon and AT&T still have larger LTE footprints, but carriers like T-Mobile are upping the ante by giving customers faster speed and trying to improve coverage across the country. The OpenSignal report was generated from real world data across 103,025 users that use their Android and iOS speed test apps to get overall speed averages.

Want T-Mobile 4G LTE? Get a Rocket 3.0 USB Modem
 

Sprint HD Voice will go live in July

Sprint_logo.jpg

Sprint CEO Dan Hesse stated their “HD Voice” service would go live around July of this year after speaking at the Oracle Industry Connect conference in Boston this week. This isn’t the same technology as VoLTE and HD Voice is simply designed to improve the clarity of a voice call across seven octaves, where current phones only use four octaves. In addition to the announcement of HD Voice Hesse also promised an increase in LTE speeds of 150 to 180Mbps in several markets courtesy of their 2.5Ghz LTE TDD spectrum and carrier aggregation. As of now Sprint offers 4G LTE in 340 markets across the country and is quickly expanding to compete with Verizon and AT&T LTE coverage.

 

Cradlepoint joins Cloud Security Alliance

cradlepoint_logo.jpg

 

CradlePoint, the global leader in cloud-managed, 3G/4G networking solutions for distributed enterprises, today announced that it has joined the Cloud Security Alliance (CSA). CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing. CradlePoint's participation within the alliance provides an additional layer of confidence and aligns its cloud-based management solution, Enterprise Cloud Manager, with an industry-accepted framework.

CradlePoint's Enterprise Cloud Manager will look to the Cloud Security Alliance Cloud Controls Matrix (CCM) as a security framework for the solution. CCM provides fundamental security principles that are aligned to Cloud Security Alliance guidance in 13 distinct domains. The foundation of the Cloud Controls Matrix was built based on industry-accepted security standards, regulations, and control frameworks. The CCM provides the needed structure, detail and clarity relating to information security tailored to the evolving cloud industry.

"We are very excited to have CradlePoint join and participate within the Cloud Security Alliance," shared Jim Reavis, Chief Executive Officer at the Cloud Security Alliance. "Networking is at the heart of how enterprises are going to share information, access the cloud and achieve optimal business performance. CradlePoint's use of the Cloud Control Matrix as a framework ensures customers and partners that CradlePoint solutions are secure and aligned with the industry's most current standards to achieve better return on investment and lower-cost of management."

Cloud Computing is changing the way organizations support distributed enterprises and improve operations. CradlePoint's enterprise customers have turned to CradlePoint's Enterprise Cloud Manager to deploy, monitor and manage their networks since CradlePoint delivered the first certified 4G LTE networking solution. Focused on distributed enterprises, CradlePoint is committed to ensuring that its networking solutions are highly secure and optimized. In the past year, CradlePoint hired industry security veteran, Kent Woodruff as CSO, as well as adopted a number of industry standards that are a part of the CSA Cloud Control Matrix.

"Today's announcement with the Cloud Security Alliance is another example of CradlePoint taking a leadership role in enterprise security," said Woodruff. "We are excited to engage with CSA and its partners, and continue to look to the principles outlined in the Cloud Controls Matrix as the security foundation for Enterprise Cloud Manager. CradlePoint's adoption and alignment with the Cloud Security Alliance allows our customers to confidently deploy our 4G LTE networking solutions as a primary and failover application."


Related Links:

 

Sprint launches 20 new 4G LTE Markets

Sprint_logo.jpg

OVERLAND PARK, Kan. (BUSINESS WIRE), March 17, 2014 - Sprint (NYSE:S) today announced 20 new 4G LTE markets, bringing faster data speeds to customers in such locations as Bridgeport/Stamford/Norwalk, Conn.; Myrtle Beach, S.C.; Omaha, Neb.; Peoria, Ill.; and Sarasota/Bradenton, Fla. Sprint expects to cover 250 million people with 4G LTE by mid-year. Sprint today also announced Sprint Spark™ in Provo, Utah, and Trenton, N.J, as well as the upcoming availability of HD Voice.

Sprint Spark is an enhanced LTE service that’s built for data and designed to deliver peak wireless speeds of 60Mbps today on capable devices, with the potential for speeds three times as fast by late next year.1 With its unique combination of network technologies, spectrum capacity and tri-band devices, Sprint Spark is designed to greatly improve the performance of video and other bandwidth-intensive applications, including new generations of online gaming, virtual reality and advanced cloud services. It enables stutter-free video chat on-the-go and mobile gaming that leaves lag behind.

HD Voice is also now available to customers in Provo, and will soon be available in Trenton. HD Voice is a new Sprint standard for mobile phones where background noise is virtually eliminated and sound quality is dramatically enhanced.2 HD Voice is designed to provide a better experience than a landline. A typical phone without HD Voice offers four octaves of sound, but a phone with HD Voice offers seven (10 octaves is considered perfect hearing).

“Sprint’s all-new network is providing our customers significantly better call quality and faster data speeds in more places,” said John Saw, chief network officer at Sprint. “Customers in Provo and Trenton will be particularly pleased with the power of Sprint Spark – say goodbye to slow downloads and content that lags.”

New 4G LTE Markets:

  • Bakersfield, Calif
  • Lancaster, Pa
  • Omaha, Neb
  • Shawnee, Okla
  • Bridgeport/Stamford/Norwalk, Conn
  • Mason City, Iowa
  • Peoria, IL
  • Trenton/Ewing, NJ
  • El Centro, Calif
  • Myrtle Beach, SC
  • Provo/Orem, Utah
  • Visalia/Porterville, Calif
  • Hot Spring, Ark
  • Nogales, Ariz
  • Sarasota/Bradenton, Fla
  • Willimantic, Conn
  • Kenosha, Wis
  • Ocean City, NJ
  • Scranton/Wilkes-Barre, PA
  • Zanesville, Ohio
Poor Sprint service? Get a Wilson Sleek Universal
 

T-Mobile celebrates 1st anniversary of LTE rollout by launching more network upgrades

tmobile_logo2.jpg

BELLEVUE, Wash. - March 13, 2014 - Over the past year, T-Mobile US, Inc. (NYSE: TMUS) has abolished a litany of consumer pain points through a series of revolutionary new programs and services - and Americans have responded by making T-Mobile the fastest growing wireless company in the U.S. Today, the Un-carrier announced it is continuing its relentless pace of industry innovation by launching a major new program to expand what has already become the fastest LTE deployment the U.S. has ever seen.

Less than one year since launch, T-Mobile's 4G LTE network already reaches 210 million people in 273 metro areas nationwide. Building on the unprecedented pace of its LTE rollout, T-Mobile is now kicking off a major new program to upgrade its 2G/EDGE network with 4G LTE. The company plans to complete 50 percent of the work this year alone, and expects the program to be substantially complete by the middle of next year. The upgrade will provide customers who currently experience 2G/EDGE coverage new access to 4G LTE, and many already covered by 4G LTE will enjoy access to 4G LTE in even more places. In addition, T-Mobile plans to begin deploying 4G LTE this year in the new 700 MHz A-Block spectrum the company is in the process of acquiring.

"Right now, T-Mobile covers 96 percent of Americans, and over the past year, we've completely shattered records with the fastest 4G LTE deployment the U.S. wireless industry has ever seen." said John Legere, president and CEO of T-Mobile. "Our competitors want you to believe our network doesn't measure up. But that just isn't true. And American consumers are going to see right through the spin and half-truths when given the facts."

In a span of just six months, T-Mobile deployed its 4G LTE network coast to coast and at a pace unprecedented in the U.S. wireless industry - going from zero to nationwide coverage between March and September 2013. Already, T-Mobile has built America's fastest nationwide 4G LTE network - based on millions of speed tests by real customers using Ookla's Speedtest.net app on their own devices. More than 6.5 million customer tests have been conducted in 2014 alone.

"Through this major new network upgrade program, and other initiatives already underway, we're driving hard toward our multi-billion dollar strategy to further improve what is already an amazing network experience for our customers," said Neville Ray, Chief Technology Officer for T-Mobile. "Our 4G LTE is going to reach 230 million people across the U.S. by mid-year. By year's end, we're going to be delivering wicked-fast 4G LTE to more than 250 million people. That's how the Un-carrier rolls out 4G LTE."

In addition to these network updates, T-Mobile announced it is pushing back against misleading competitive claims through a new primetime television ad that began airing in primetime last night - and the company has demanded Verizon cease and desist with its well-known map ads.

"Verizon's ink blots massively understate our coverage and don't begin to represent the actual customer experience on T-Mobile's network," said Legere. "So we're setting the record straight - both by demanding an end to the misinformation, and by going straight to the people with the truth."

T-Mobile has taken legal action demanding that Verizon cease and desist the carrier's network map advertising, arguing that Verizon has cherry-picked a single network technology to depict in its ads rather than accurately reflecting the many technologies widely in use today. T-Mobile reaches over 230 million people nationwide with 4G HSPA+, which provides 4G coverage in many locations where LTE has not yet been rolled out.  This is in addition to T-Mobile's nationwide 4G LTE coverage.
 


Page 7 of 138