The days of relying on WPA or WPA2 as your online layer of wireless security may be numbered. A new technique that makes use of NVIDIA’s newer GPU’s to do some of hte processing means that it’s possible to break “forgotten” keys about 100 times faster than was previously possible. This means a key could be broken in days or weeks instead of years. The distributed password recovery software is available here. I think there are a lot of misconceptions about WEP and WPA/WPA2 that we ought to rethink.
Tag: encryption
-
Varying Degrees of Password Security
Last week we talked about creating strong passwords, but should we use different passwords for every site? It’s best practice to do just that. Do they all have to be really hard passwords? Again ideally, yes. So, how can we keep up password spreadsheet? Big sheet of paper? Password management program. Some advantages of password management programs are that many are equipped with encryption. In other words one password locks the whole list away. The bad news is if you lose or forget that password you are locked out of everything. Lists are generally bad because with access to your pc, your list is easy to get at.
-
WiFi Locator
There are all sorts of these things out there on the market – I saw an ad for the Hawking HWL1 802.11b/g WiFi Locator… and it looked interesting (directional)… I’ve seen mixed reviews, but some might find it good/useful. I know, I know…. “why buy a wifi locator when you could pull out a laptop/pda”…. part of it is probably because you DON’T want to drag out a laptop, part of it is looking for a device that will give just a quick scan of what networks are available and what kind of encryption if any.
-
Banks and Web security
George Ou has a good post on Banks cheating their way to meet web security guidelines. Many of the observations that he notes come from the Between the Lines column here and are SPOT ON. The biggest I see is related to “multifactor authentication”….
-
Fun way to mess with wireless freeloaders….
Some people spend a lot of time finding ways to block the freeloaders from their wireless internet. Others find fun ways to mess with them…. They start off by settup up dhcpd.conf to carve out two subnets a “good” one with known mac addresses and an untrusted…. then the fun begins with some proxy side image manipulation. Either upside down images, blurry images, etc. I wonder why you don’t just take it a step further…. block images entirely and replace with a jpg of your choice. IF you have a very BUSY accesspoint with freeloaders – maybe you could even sell an ad…. or do a captive portal for the untrusted crowd that redirects through a page that says…. “Uploading personal data…. Please wait…. Credit Card info transfered…. browsing history transfered….. email history transfered…. My Documents in progress…” Of course, it would be actually doing this…
-
The security of remote tech support (ultravnc sc or x11vnc with wrapper script)
Well, I’ve got a nice way of doing “easy” one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see the biggest vulnerability for the computer running the listening vncviewer (because it HAS to be available to the outside world.) That means the tech support desk must keep on top of vncviewer updates and keep the service turned off when not expecting a client connection. The other question that comes to mind is encryption though….
-
OpenVPN
The last time I used openvpn, it was version 1.x and only supported a single connection per running process. So, if you had a server that you wanted to support multiple clients connecting, you had to… have multiple ports open to the outside world (unless you did something VERY fancy), and had to have as many openvpn processes open and listening for connections, as you had clients you expected to connect. It wasn’t a pretty setup unless you had a small number (1-5) that you expected to connect. Fortunately that has changed with the 2.0 series of openvpn and it’s really matured as a vpn solution.
-
The D-Link DWL-800AP+ as a wireless repeater to extend wireless range – Part 7
So, according to D-Link there is a short list of access points that the DWL-800AP+ will repeat for. They are all d-link branded access points. It seems that there have been firmware updates to improve the compatibility with more models (of d-link access points.) Some of the incompatibilities have been with WEP encryption from what I’ve read.
-
New variation of Sober virus coming in January
Now, we seem to be getting “coming attractions” previews in virus-land…. Anyway, I’ve read at several sources that we are to expect a new variation on the sober worm around January 5th, 2006. It’s said that the date was chosen to mark the formation of the Nazi Party. In the past, variants have spouted pro-nazi sentiments and redirected users to pro-nazi web sites.
-
Steganography with flickr
This caught my attention for some reason. I guess because steganography is such an unusual word and because the list of uses has been covered so much in the news. I found this article talking about how someone tested to see if there was any kind of filtering on flickr for images containing documents hidden using steganography.