Your Ad Here

Wireless Security and the Truth About WEP Cracking

 Network Security  5 Responses »
Jun 192008
 

by Tom Duffy

Okay, this is a subject that gets me going! I am a bit obsessive about my network security and when WEP first became popular I began using it right away. Then, as soon as I started hearing rumors about wireless sniffing, packet injection, and WEP cracking I immediately changed the way I look at wireless security. Obviously, it is important to keep your network secure. But at what cost? Some of the security options out there are seriously more effort than they are worth! Even setting up WPA on my home network was a hassle because I have 5 computers on the network. Three are various Linux distros, 1 Mac PowerBook, and 1 Windows XP laptop. I also have an Xbox 360 with a wireless adapter. In order to get all of these devices connected with WPA, I had to jump through several hoops. So what is a simple and safe way to secure my wireless network? Well, in order to answer this, I decided to learn how to crack a WEP key and try to hack my network in various states with different security features. Here are the results:

1. 64 Bit WEP Without MAC Filtering

This was scary…took me about 3 or 4 minutes to collect enough IV’s to crack the wep key. If you don’t know what IV’s are, please read about cracking wep here.

2. 128 Bit WEP Without MAC Filtering

This one took a little bit more time, but once there was ARP requests from the router to my wireless adapter, the IV’s started pouring in. Total crack time was 12 minutes.

3. WPA Personal TKIP with a 6 character passphrase

Had to relearn the process a little for WPA, but once I got the hang of it this took me about 15 to 20 minutes.

4. WPA Personal TKIP with a 20 character passphrase

I know that there are people who can crack this…but I simply couldn’t.

5. WPA AES/TKIP With RADIUS

Couldn’t crack this either.

Okay, so my findings are that WEP is useless right? Well, not entirely. I found that by not broadcasting the ESSID and filtering MAC addresses, 128 Bit WEP was enough to make me feel kinda safe. WPA Personal with a long passphrase was the best option for me. This is because of the combination of ease of setup and good security. The reason for the long passphrase is to avoid rainbow table cracking.

So what is the truth about WEP cracking? Well, the truth is that there aren’t a whole lot of people out there who are any good at it. A lot of people download BackTrack or another liveCD linux distro with wep cracking tools and they assume that the tools just crack wep for them. The reality is that the tools that are used for WEP cracking are quite complex. I personally am not concerned about someone trying to crack my wireless network. However, I am concerned about my client’s networks. Business networks should be as secure as possible. Always.

So, if you just bought a new wireless router and are thinking that you’ve done the right thing by securing it with WEP, please reconsider, but let’s not get paranoid…there isn’t an army of hackers trying to crack your wep key. I hope that this helps someone!

 Posted by Tom Duffy at 12:29 pm  Tagged with:

Utopia Theory Comic Strip

 Uncategorized  No Responses »
Jun 122008
 

by Tom Duffy

I stumbled upon this awesome comic strip from www.utopiatheory.com.

iCorn

 Posted by Tom Duffy at 9:06 pm  Tagged with: , ,

How To Create Very Secure Passwords That Are Easy To Remember

 Network Security  32 Responses »
Jun 022008
 

by Tom Duffy

I have had a lot of experience trying to get clients to use secure passwords and the common problem that comes up is that secure passwords are often difficult to remember. So, I came up with a simple solution to this. Let’s get started:

First, we should pick our favorite song. For the sake of this tutorial, I will use Stairway To Heaven by Led Zeppelin. Now, pick a line from the song that is 7 or more words long. I will use the line “And she’s buying a stairway to heaven”.

Next, take the first letter of each word in that line of the song. Mine would be:

ASBASTH

Now, alternate between lower case and upper case:

aSbAsTh

Next we will choose a letter in this that can also be represented by a number. Some examples of this would be to use a 5 instead of an S or a 1 instead of an I. So, I will use a 5 instead of the capital S:

a5bAsTh

Next, we will add a character that is not alpha-numeric such as a $ or a # and add it to the beginning and end of the string. I will use a $:

$a5bAsTh$

“$a5bAsTh$” is a very secure password. A brute-force attack would take a LONG time to break this and a dictionary attack would simply fail. The best part is that even though this password is very secure, all I have to remember is that line from the song with a “$” on either side of it and a “5″ instead of an “S”. I recommend this to all of my clients now and it has convinced a lot of computer novices that they can have secure passwords without the worry of forgetting what they are! I sure hope that this helps some people!

 Posted by Tom Duffy at 1:54 pm  Tagged with: ,

Linux Uptime…1 Year With No Reboot!

 Linux  38 Responses »
May 222008
 

Impressive…Let’s see a Windows machine stay up for that long!

 Posted by Tom Duffy at 10:16 am  Tagged with: , ,

StumbleUpon – The Fickle Reader Has Challenged Me

 Linux  1 Response »
May 142008
 

by Tom Duffy

Lately, I have been getting a lot of traffic to my blog from StumbleUpon. This is great! Welcome fellow Stumblers! However, a few Stumblers have complained about my choice in titling my last blog entry with the word “Advanced” claiming that the information I was providing was more “Intermediate” than “Advanced”. Okay…I agree completely. The information I was providing was not very advanced. The reason I chose to name it “Advanced” was because of the massive influx of new Linux users who are not used to this sort of thing. To them, deactivating their NIC from the command line is “Advanced”.

This is all fine and well, but now I have this strange feeling in my gut. It’s a feeling that I used to get when I was dared to do something in elementary school. A feeling that I get when my knowledge or experience is challenged. So, now I feel I must redeem myself with a tutorial on what I would consider a much more “Advanced” Linux topic. So, without further adieu, I give you…xargs.

xargs – silly noob, commands are for piping.

Usually in a Linux or Unix environment, we run commands in order to get information in the form of an output. This output might be a list of strings for example. Then we read that information from the output in order to do something with it. Or we copy and paste part of the output into a new command. Wouldn’t it be easier to just use one command to do all of this for us? Wouldn’t it be easier to have a command’s output automatically used as a parameter for another command? Ladies and gentlemen, please welcome xargs. xargs allows you to execute some other commands on the output. For example, lets say that we want to find files in a directory that are symbolic links or are compressed. Then let’s say that we want search those symbolic links and compressed files for the word “foo”. And then let’s say that we want to have the output of all of this display nice and neat in the form of the ls command. Let’s try this:

file -Lz * | grep foo | cut -d":" -f1 | xargs ls -ltr

Let’s dissect this command string. The first, file -Lz *, finds files that are symbolic links or compressed. It passes the output to the next command, grep foo, which searches for the string “foo” in them and produces the output similar to this:

auth.log:              foo.techremedy.net
auth.log.1.GZ:      foo.techremedy.net (compress'd data 16 bits)

Since we are interested in the file names only, we applied the next command, cut -d”:” -f1, to show the first field only:

auth.log
auth.log.1.GZ

Now, we want to use the ls -l command and pass the above list as parameters, one at a time. The xargs command allowed you to to that. The last part, xargs ls -ltr, takes the output and executes the command ls -ltr against them, as if executing:

ls -ltr auth.log
ls -ltr auth.log.1.GZ

So, as you can see, xargs isn’t so much awesome on its own, but when used with other commands, it’s awesome factor increases significantly.

There is some good information out there about xargs. I recommend the man page. Just type man xargs and you can read it. One thing to point out is that white space, or blank spaces aren’t handled well by xargs at all. So, be sure to use the –null option or the -0 option to overcome this problem. I hope that this is helpful and “Advanced” enough for you fickle Linux folks out there. I will apologize for the unfortunate “Nitty Gritty Linux Hacking” part of the title on my last post. That was just uncalled for! :)

 Posted by Tom Duffy at 4:47 pm  Tagged with: , , ,

Freedom for Your Windows Computer

 Windows  1 Response »
May 012008
 

by Tom Duffy

So far, almost every one of my blog posts has been about Linux. That’s because I use Linux. But a lot of people out there use Windows and there’s a vast amount of Windows open source software out there. Want freedom for Windows? Download WinLibre Here. WinLibre is an application that gives you access to many open source applications for Windows all in one place.

For those of you who want more advanced open source solutions, check out www.sourceforge.net. SourceForge is an all out armada of open source software for many different platforms including windows. If you are a user who simply can’t escape using a Windows operating system, then at least there are open source options to replace many costly Windows based applications. I mean, why pay for Microsoft Office when you can get OpenOffice for free? Why use Windows Media Player when you can use MPlayer and have more options? Why pay for Photoshop when you can use Gimp? Why pay for DreamWeaver when you can use NVU?

I hope that you check out these open source alternatives to corporate proprietary software for your Windows Computer.

 Posted by Tom Duffy at 12:01 pm  Tagged with: , , ,

A Basic Yet Usefull Bash Script

 Linux  No Responses »
Apr 302008
 

This was the first bash script that I ever wrote…pretty basic, but it is actually somewhat useful! Enjoy.

#!/bin/bash
#my first script

#The Welcoming
read -p "Enter Your Name: " name
clear;
echo "Hello " $name", what would you like me to do? "

sleep 1

#The Menu
echo "..........................."
echo "...........MENU............"
echo
echo "1 Display this months calandar"
echo "2 Display who is logged in"
echo "3 Show active connections"
echo "4 Exit"

read choice

while [[ $choice != 0 ]]
do
case $choice in
1)  clear;
cal;
;;
2)  clear;
who;
;;
3)  clear;
netstat -a;
;;
4)  clear;
echo "Thanks" $name"!"
exit;
;;
*)  clear;
echo "You have entered an invalid option!"
;;
esac
echo "..........................."
echo "...........MENU............"
echo
echo "1 Display this months calandar"
echo "2 Display who is logged in"
echo "3 Show active connections"
echo "4 Exit"
read choice
done
 Posted by Tom Duffy at 7:29 pm  Tagged with: , , , ,

Tech Remedy Official Review: Ubuntu 8.04 Hardy Heron

 Linux  6 Responses »
Apr 282008
 

by Tom Duffy

Last week, I was one of those geeks that was constantly refreshing the homepage at www.ubuntu.com, wondering, “Is it up yet?”. Of course, I am refering to the latest LTS (Long Term Support) version of Ubuntu. Version 8.04 (codename “Hardy Heron”) has been anticipated by many in the Open Source and Linux worlds as the distro that could push Linux to the forefront of mainstream desktop computing. Well, when it was finally available, I opted to download a torrent of it since the Ubuntu servers were under heavy strain. The torrent downloaded in about an hour and I was ready to try it out. Here’s what I found:

Installation

When my system booted up for the first time with the Hardy Heron CD, I noticed an immediate change from my previous Gutsy Gibbon install. This was the language selection before choosing boot options. Cool! Well, Moving on from there, the next obvious difference is that the installer and the LiveCD are two seperate things now. (sort of anyway) I like that because booting the installer now takes less time than it did in Gutsy. Anyways, I got the installer up and running and began the process. Nothing new in the install process itself. I did notice that it seemed to take a little longer than Gutsy did. I was happy with the install though.

First Run

Well, after the install I removed the CD and rebooted. I was a little disapointed at how the only obvious changes at first were the wallpaper and some other basic graphical differences. It wasn’t until I started digging in and really using Hardy Heron that I started to notice how impressive this new LTS is! My absolute favorite change is that Ubuntu 8.04 comes with Gnome 2.22, which didn’t look any different to me at first. But under the hood is a list of new features and stability/security updates.

Some of the new features that Gnome 2.22 brings to Hardy Heron are Cheese webcam viewer, Metacity compositing, Google Calendar support in Evolution, and a new remote desktop viewer. Also, GVFS has replaced the old Gnome-VFS system with a completely re-worked backend allowing for applications to use any resource, such as SSH or a Samba share, in a uniform manner. GVFS provides a FUSE hook that allows applications that don’t even support GVFS to use the services provided by it.

After some more tinkering around I found some new applications that are included with Hardy Heron. My favorite of which is Transmission, a BitTorrent client with an interface not too far off from uTorrent. BitTorrent and BitTornado in Gutsy were annoying. Transmission is light weight, yet provides ample torrent management.

transmission

There is also a new CD Burning application called Brasero. Making a CD or DVD has never been rocket science, but Brasero truly makes it “idiot proof”.

I wasn’t too pleased that they included firefox 3 because it is still in beta testing. In my opinion, including beta software as important as a web browser in a release of an OS should be left to Microsoft. That said, I’m sure they’ll keep it updated.

Security

There are a ton of security updates for Hardy. The coolest of which is PolicyKit. PolicyKit allows administrators to control the access levels of individual users. Doesn’t sound so cool, right? Well, what’s neat about PolicyKit is that it allows access control for specific sections of software allowing for truly finetuned access control.

All in all I’m impressed that Hardy is living up to the hype. I will say again that I don’t like the use of beta software in a release of an OS, but thats just me I guess. I highly recommend checking Hardy Heron out. If you are currently a Windows user, the Ubuntu Developers included a nifty way for you to install Hardy as an application under your current windows install to try it out! Pretty cool! Please post your comments and let me know what your experience has been with Hardy Heron.

Tom Duffy

 Posted by Tom Duffy at 11:25 am  Tagged with: , , , , ,

Cube2 – A GREAT Game for Linux!

 Linux  No Responses »
Apr 282008
 

by Tom Duffy

Most of the time that people mention gaming in an argument about whether Linux is better than Windows, I shrug it off. This is because gaming has never been my focus. I’m all about productivity, programming, automating system tasks, managing data, etc. However, SO many people have brought up gaming to me that I thought I would post a GREAT game that works very well on Linux. The game is called Cube2: Sauerbraten. Download

sauer

Cube2 is a free single and multi player 1st person shooter game with some satisfying fast oldskool gameplay. I highly recommend that you try this game out. Try editing some levels and testing them out. I had a LOT of fun with this! So, this is one of many games that works great under Linux. I would post more of them, but I’m tired and want to go to bed. Enjoy!

 Posted by Tom Duffy at 1:15 am  Tagged with: , , ,

The Truth About The Software Industry

 Open Source Software, Software  2 Responses »
Apr 252008
 

By: Tom Duffy

I was browsing through several software websites earlier today when
it suddenly dawned on me that the world of software development is at a
critical point right now. The simple truth is that the majority of
proprietary software is losing the quality war to the open source
community. I am a user of both proprietary and open source software and
I find myself almost always opting for an open source solution to
whatever my needs may be.

I may sound like an open source fanboy here, but the other great thing
is the ability to be involved with the creation, development, and
testing of open source software. Even if you have no ability to
program, you can still be involved with alpha and beta testing.

I hope for the sake of the open source community that this continues! I
try to stay as involved as possible and I hope to get even more involved
in the programming aspect soon. I hope that you post your comments on
this as it is a very interesting time for software.

 Posted by Tom Duffy at 11:17 am  Tagged with: , , ,
Page 14 of 15« First...6789101112131415
© 2011 Tech Remedy Suffusion theme by Sayontan Sinha