If you are having trouble viewing this email, click here to view this online



   ISSUE 49

26 August 2015

Article of the Month  Around the World

Sri Lanka First Country to Deploy Balloon Based Internet, What Security Risks Does It Pose?


Project Loon

We think that most people are connected to the internet when in fact two-thirds of the population do not have access to the internet. Google started a project in 2013 called �Project Loon� with an aim to make the whole world connected to the internet, concentrating on connecting people in rural and remote areas, to help fill coverage gaps and bring people back online after disasters using a network of balloons travelling on the edge of space. The exciting thing about this is that Sri Lanka will be the first country to deploy Googles balloon based internet, giving 100% of Sri Lankans resident�s access to the internet.

How it works

The balloons travel 20km above the earth�s surface in the stratosphere. The layers of winds in the stratosphere vary in speed and direction, so Project Loon uses software algorithms to determine where the balloons need to go, and moves each into a layer of wind blowing in that direction. This can be arranged to form one giant communication network.

The inflated part of the balloon is called the balloon envelope and it is designed to last around 100 days in the stratosphere and is powered by solar panels and a small box hangs underneath the balloon envelope which contains the electronics.

Each balloon can provide connectivity to a ground area about 40km using wireless communications technology called LTE. Project Loon partners with telecommunications companies to share cellular spectrum so people will be able to access the Internet everywhere directly from their phones and other LTE-enabled devices.


What is LTE technology?

LTE is also known as 4G. The technology covers a wider range of frequencies and has the potential to be 100 times faster than 2G and 3G networks. 4G was designed specifically for sending and receiving data. The methods taken to achieve these speeds also make it more vulnerable. What the industry has done with 4G/LTE technology is taken a self-contained telephone network, secured primarily by virtue of being separate from the internet, and then giving it internet capabilities. 3G networks use a protocol called SS7 to send signals which is hard to penetrate. LTE on the other hand uses systems such as Diameter, an open protocol that sends signals based on IP addresses of networks which makes it faster and can handle more traffic than SS7.

Security Issues

Main problem with LTE/4G is that user information can become easily available to hackers via �man in the middle� attacks. These new security risks are being exposed by the move to the IP-centric LTE architecture. The deployment of LTE is a primary driver behind the security risks as the LTE architecture is much flatter and more IP-centric than 3G, meaning there are fewer steps to access the core network.

What to think about

Project Loon should be prepared to meet every threat. They need to address security as a multi-level problem and ensure the highest levels of device security and educate users to protect themselves. Only then can they continue to build out their networks to reach more users while also protecting them.

- Menuka De Silva

Menuka is working as Intern - Information Security Engineer at Sri Lanka CERT|CC.













































  Europol takes down Italian Darknet service used to share child porn

Europol has helped to close a Darknet hidden web service used by cybercriminals to share material depicting the sexual abuse of children, in addition to selling services used for fraud, computer hacking and drugs.

  Is Windows 10 really 'the most secure Windows ever', as Microsoft claims?

'....When Microsoft was playing internet-catchup in the 1990s, its rush to make it easier for people to get.....'




'...Tenacious "supercookies" allowed mobile broadband providers to follow their customers' activity�both in the U.S. and abroad�for over a decade, until the practice was discovered and publicized late last year and companies began to roll back the cookies.....'



'...Feeling forgetful or mentally sluggish? Like you can't keep up at work? Help your mind out with some brain-training apps. Your gray matter will be in tip-top shape in no time.

You might already be familiar with the brain-training app, Lumosity, which helps users work on multitasking and problem solving. As you improve, the games become more challenging.....'

iPhone 6s release date confirmed by carriers

'...The iPhone 6s release date seems beyond doubt now. Apple is confidently believed to be releasing the new models on September 18 in tier-one countries. This will follow a launch date thought to be September 9.

The reason for the near-certainty is a series of three, apparently-unconnected, international leaks that all confirm the date.....�

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in July 2015
 Statistics - Sri Lanka CERT|CC


'....Top Obama administration and Indian government leaders met at the State Department this week to hash out issues concerning global information security.

The 2015 U.S.-India Cyber Dialogue, which occurred Aug. 11-12, covered matters including efforts to crack down on cyber criminals, ways to enhance the sharing of threat alerts, and incident response..'


Cyber security top CIO concern as Coats re-lists on London Stock Exchange

'...When manufacturing firm Coats floated on the London Stock Exchange this summer - 125 years after the UK firm's first listing - global CIO Richard Cammish had one topic at the front of his mind: security......'

Agile Development Drives Enterprise DevOps & Public Cloud Adoption

'...In the past decade, many companies have moved towards the agile method of development rather than the traditional waterfall methodology. Even companies that do not strictly adhere to agile development will usually use a blend of both agile and waterfall techniques. Agile development has many characteristics that make it more suited to modern technology than the waterfall method. Today, agile development is very closely related to DevOps and the cloud....'

Software Licensing got you down? Get your SaaS in gear and go cloud



'....Let's be absolutely clear -- figuring out software licensing, regardless of which vendor you are dealing with, is never fun. I never enjoyed it when I was an IT consultant in the financial sector, I hated it when I worked as a systems architect at IBM, and I certainly don't enjoy it today in my role at Microsoft....'


Drop test failures appear to be culprit for Google's Project Ara delay



'"....One of the early, key innovations for Google's Project Ara modular smartphone appear to have caused the recent delay of the product.

On Tuesday, it was announced that the first Project Ara handsets wouldn't arrive this year as expected, but instead, would be pushed out into 2016. A day later, the Project Ara team tweeted two informational bits that shed more light on exactly what the issue is.....'

Notice Board
  Training and Awareness Programmes - August 2015
- April04-06 Aug. 2015 Workshop on Database Design & Programming with my SQL NIE - Maharagama
07- Aug. 2015
Industry experts forum for Instructors of Zonal & Provincial ICT cenetrs. Water's Edge

Brought to you by: