Receive new posts as email.
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.
Entire site and all contents except otherwise noted © Copyright 2001-2011 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Lufthansa announces new Wi-Fi in the sky service, FlyNet: Lufthansa was the biggest adopter of Connexion by Boeing in the early part of last decade, and wanted to reach an accommodation to keep it running when Boeing shut it down. The airline has been looking for the right partner to bring service back ever since, and Panasonic Avionics has come through. Panasonic started talking about relaunching a Connexion-like Ku-band satellite service in September 2006, even before Boeing down in-flight service (see "Panasonic May Relaunch Connexion," 19 September 2006).
Although the exact plane count isn't set, Lufthansa said it will equip almost all of its intercontinental craft, having service in place on all such planes by the end of 2011. It's possible that Boeing's Connexion retrofitting may make it cheaper to put in Panasonic's gear, too. The service starts with Internet access via Wi-Fi, although GSM/GPRS access (via an onboard picocell) will be added "in the future."
The pricing is quite aggressive. €19.95 or 7,000 Lufthansa air miles get you 24 hours of unlimited access across any equipped Lufthansa flight and in the airline's lounges. The hourly price is €10.95, which seems crazily high, but they want to push you to pay the 24-hour rate as a sweet spot. Lufthansa's long-haul flights can range from five hours to well over a dozen.
Service will be free until 31 January 2011, but the press release doesn't say when the first Flugzeug with restored access will take off.
(I wanted to write the headline: "Drahtlose Internet und Lufthansa Wiedervereinigen!" but I realized only five readers would get the joke.)
This is a big shift in in-flight Wi-Fi: Delta is taking a big move in expanding its already extensive Wi-Fi coverage. Delta committed to full mainline fleet coverage—these are the larger planes that carry more passengers and typically fly longer routes—but regional jets seemed less likely. Shorter routes with smaller numbers of passengers would make it seem quite difficult to get a return on the investment.
Nonetheless, Delta has plans to put Gogo Inflight Internet on 223 of the Delta Connection subsidiary and partner aircraft. The planes have between about 65 and 76 seats, according to Delta's press release. More critically, all the planes have first-class sections, and the commitment appears to be put Wi-Fi service on all routes with first-class service.
It's possible that the investment is relatively low compared to the customer loyalty it may engender. Those who want continuous Internet access across a route, and who are more likely to buy or upgrade into first class may be so valuable that the amount realized in additional seats purchased and higher fares (as regional service is often not as competitive as national routes) is where the revenue comes from to balance the accounts.
Delta currently has over 700 mainline aircraft in operation, and 549 of those have Internet service installed. The regional jets will receive Internet service during 2011.
American Honda Motor is sponsoring free Wi-Fi on Alaska Airlines: The offer is good until 9 December.
Google has opted to underwrite free Wi-Fi over the holiday season on three airlines: AirTran, Delta, and Virgin America will offer free Wi-Fi from 20 November 2010 to 2 January 2011 under Google's sponsorship. Delta is, by far, the largest of the three airlines, and has hundreds of planes equipped. It's a promotion for the Google Chrome browser, which may a branding campaign in anticipation of devices appearing that run the Google Chrome OS.
Clearwire is digging in: The company, majority owned by Sprint, is shaving expenses. This doesn't bode well. With aggressive competition for 4G services from AT&T and Verizon Wireless, cutting back seems to make less sense than trying to double down. Clearwire is laying off 15 percent of its staff and delaying new markets and handsets.
Clearwire had already said it was testing LTE, the alternative to WiMax. WiMax's chief advantage was that it was available long before production LTE gear, and could take advantage of broad channels that Clearwire and Sprint had available in spectrum they'd acquired. LTE is now coming to market, and will be the dominant 4G flavor worldwide, while WiMax has developed into a useful niche technology that could retain double-digit marketshare even when LTE is the powerhouse.
However, how can Clearwire redeploy in the middle of a cash crunch? Especially with $2b in debt and other obligations becoming due in 2011, as Stacey Higginbotham reports.
The NewScientist asks if in-flight Wi-Fi or cell use might be banned after Yemeni-originated bombs: Wi-Fi seems unlikely to be disabled for security reasons. A compatriot would be required on board to navigate the login process with an account or credit card, or a script would have to be written to handle that. It seems rather complicated and prone to failure. Otherwise, a compatriot would need to be on board, in which case the compatriot could trigger the event.
There's one potential for danger, which is DNS tunneling. Devicescape and other authentication systems work at hotspots by sending particular DNS queries through to remote servers that respond with information in special text records that can provide login credentials and other information. DNS is proxied and often scrubbed for hotspots, however, and I suspect that Aircell figured this out in advance.
On the cell side, only a handful of planes in Europe and the Middle East are flying with picocells on board that can be used to establish a phone connection via a satellite data link. A number of elements would also need to be in place for a remote connection to be established. A timer or air-to-ground cell link would be much more reliable.
I expect that authorities will scrutinize in-flight cell and Wi-Fi service for additional weaknesses, but I doubt any ban will be put in place.
Steve Gibson suggests using WPA/WPA2 Personal encryption on hotspots to prevent Firesheep from working among users on the same network: That's an interesting idea, but only for the moment. Gibson explains the weakness to his solution in a comment below the post. I recommend at the bottom a solution involving WPA/WPA2 Enterprise that builds on Gibson's recommendation.
The shared passphrase version of WPA lets an access point and Wi-Fi adapter (the "station") negotiate what's sometimes called a session key (the pairwise transient key). You can't extract or crack that session key without watching the initial association during which secrets are sent, but which a party with the passphrase could monitor. But not so fast. You just need to force a deauthentication—currently not guarded against in 802.11 or Wi-Fi, but which will be one day—and all the stations will run through their four-way handshake again.
Someone who might run Firesheep, a point-and-click credential theft Firefox plug-in and proof of concept, is likely to not download and install Wi-Fi cracking software that would aid in this. Aircrack-ng, the gold standard, requires some technical know-how to use.
But the code is freely available and licensed under the GPL. Firesheep is also free, open-source, and available. All it would take is an interested party to combine the two into an active attack agent—perhaps called Firecracker. This would move use of the extension from potentially illegal in some jurisdictions (passive scanning may be legal, but sidejacking is probably a crime in most states and many countries), to definitely illegal in most areas (forcing deauthentication in order to obtain credentials). But it could still be a point and click operation.
Thus, a WPA/WPA2 Personal protected network would briefly afford some protection against Firesheep, it wouldn't be long lived.
The more sensible action is one I first heard discussed years ago. Enable WPA/WPA2 Enterprise (802.1X) on a network and give out the same user name and password to every user. This reduces the administrative burden of password management to zero, and allows any savvy visitor to get a higher level of protection. WPA/WPA2 Enterprise in the form of the most common method, PEAP, uses SSL/TLS to protect the handshake between station and access point, protecting the unique key assigned from even those with the same 802.1X login information.
Windows and Mac OS X have offered PEAP clients for years. Free clients for versions of Windows without it can be obtained. Linux has clients as well. There's no technical bar to set this up, just one of education. If you can't get users to employ VPNs, or they don't have access to them, 802.1X is a much simpler way to go.