<div dir="ltr">Hopefully this Apple announcement will help things along....<br><a href="https://developer.apple.com/news/?id=05042016a">https://developer.apple.com/news/?id=05042016a</a><br><span class="">At WWDC 2015 we announced the transition to
IPv6-only network services in iOS 9. Starting June 1, 2016 all apps
submitted to the App Store must support IPv6-only networking.</span><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 6, 2016 at 8:51 AM, Mark Smith <span dir="ltr"><<a href="mailto:markzzzsmith@gmail.com" target="_blank">markzzzsmith@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><p dir="ltr"><br>
On 6 May 2016 7:10 AM, "Mark Delany" <<a href="mailto:g2x@juliet.emu.st" target="_blank">g2x@juliet.emu.st</a>> wrote:<br>
><br>
> On 06May16, Mark Smith allegedly wrote:<br>
><br>
> > Possibly, and it doesn't matter.<br>
> ><br>
> > <a href="https://technet.microsoft.com/library/bb877979" target="_blank">https://technet.microsoft.com/library/bb877979</a><br>
> ><br>
> > Every version of Windows since then has had a host firewall<br>
><br>
> Exactly.<br>
><br>
> I know this has been done to death, but the idea of an CPE firewall is<br>
> becoming pretty meaningless as you have 10s or 100s of IP connected<br>
> devices on the inside. All containing dubious software written by<br>
> not-very-caring vendors, such as IP cameras that reach back outside<br>
> the network to upload streams to dropbox.<br>
><br>
> I think we have to start thinking of the home network as a naturally<br>
> hostile environment - just as we do the wifi network at the local<br>
> coffee shop.<br>
></p>
</span><p dir="ltr">I always wonder if and how often people who express this concern have and do, without any concern or consideration, connect their laptop, smartphone or tablet to cafe, conference, hotel, corporate or friends' networks without first asking if there is a network firewall and then inspecting the firewall rule set.</p>
<p dir="ltr">If the don't (and they probably don't) then they've been implicitly been relying on host security to protect them, just haven't realised it yet.</p>
<p dir="ltr">If anything, I think the biggest threat to laptops, smartphones etc. are completely unencrypted public WiFi networks (i.e. not even WEP) that are "secured" using a portal. Sniffing that traffic is exceptionally easy on a Linux host, as long as the Wifi card supports monitor mode. That is not a special feature - it has come with the 3 laptop/desktop WiFi cards I've bought since 2009 (including cheap TP-Link ones) and the NIC that came in my 2013 Dell laptop, and I didn't specifically look for it as a feature when buying.<br></p>
<p dir="ltr">Regards,<br>
Mark.</p><div class="HOEnZb"><div class="h5">
<p dir="ltr">><br>
> Mark.<br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</p>
</div></div><br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>