I just signed up for comcast internet with the wifi package. Nice and
fast, no complaints. I noticed that if I sign a device into
'xfinitywifi' it stays signed in. For example I sign in at my house in
Quincy and while switching trains at Part St I notice I'm still signed
in to the xfinitywif
On 11/4/2014 7:40 PM, Eric Chadbourne wrote:
How do I really know it's them and how do they really know it's
me? I'm scared. Can you make me feel better? ;)
SSL certificate are 100% reliable. (read: You don't.)
There's nothing to worry about. (read: You should be.)
Don't worry, be happy. (re
On 11/04/2014 08:01 PM, Richard Pieri wrote:
On 11/4/2014 7:40 PM, Eric Chadbourne wrote:
How do I really know it's them and how do they really know it's
me? I'm scared. Can you make me feel better? ;)
SSL certificate are 100% reliable. (read: You don't.)
There's nothing to worry about. (re
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne
>
> I've tried two different vpn apps (avast & surf easy) and both really
> sucked. If I have some free time I might try rolling up an openvpn
> server this weeken
Ned -
Your comments on WiFi encryption and Insecurity of DNS are right on.
But ..
> If you're connecting to secure services, then your traffic is secure, even on
> the unencrypted wifi.
Maybe. Maybe not.
tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so
far. Rest of HTTPS no
"So you're concerned about people near you sniffing your wifi traffic. You
think wifi encryption will help. You're wrong, because #1 everyone near you
knows the password anyway. So even with wifi encryption, they can still sniff
your traffic."
I do not think that is accurate. Probably nobod
On 11/6/2014 11:41 AM, Eric Chadbourne wrote:
I do not think that is accurate. Probably nobody around me knows my
wifi password. Cracking wifi is hard. Not like it used to be. Try it
sometime.
Cracking WPA-Personal is not hard:
http://www.willhackforsushi.com/?page_id=50
WPA-Enterprise is ha
Edward Ned Harvey (blu) wrote:
>Eric Chadbourne wrote:
>> Using unencrypted wifi just seems insane.
>
> Oh. THAT is what you're concerned about? That's a little bit
> insane, because nevermind the wifi near you, your traffic goes across
> the whole internet. ... if you're connecting to insecure
> From: Bill Ricker [mailto:bill.n1...@gmail.com]
>
> tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so
> far. Rest of HTTPS not as much.
I'm not following you here.
> If the hacker with control of the WiFi AP is working for an
> organization with control of any of the many Roo
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne
>
> I do not think that is accurate. Probably nobody around me knows my wifi
> password. Cracking wifi is hard. Not like it used to be. Try it sometime.
In the ol
> From: Tom Metro [mailto:tmetro+...@gmail.com]
>
> WPA-PSK and WPA2-PSK encrypt everything with per-client, per-session
> keys, but those keys are derived from the Pre-Shared Key (the PSK; the
> key you have to know to get on the network) plus some information
> exchanged in the clear whe
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Edward Ned Harvey
> (blu)
>
> Additionally, if you get on the network and want to attack another client on
> the same wifi connection, there's an awful lot of broadcast traffic expo
On 11/8/2014 5:29 PM, Edward Ned Harvey (blu) wrote:
If you don't have the password to some network, the key is derived
using pbkdf2 with 4096 iterations. This means a single cpu core can
guess around 36 guesses per second.
Pyrit w/ coWPAtty on a dual RADEON HD 69xx series can exhaustively
se
On Thu, Nov 6, 2014 at 6:54 PM, Edward Ned Harvey (blu)
wrote:
> > tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so
> > far. Rest of HTTPS not as much.
>
> I'm not following you here.
Then time to read up on Certificate Pinning (really CA pinning).
https://www.owasp.org/inde
For example:
http://arstechnica.com/security/2014/11/darkhotel-uses-bogus-crypto-certificates-to-snare-wi-fi-connected-execs/
--
Rich P.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
On 11/8/2014 7:57 PM, Bill Ricker wrote:
Then time to read up on Certificate Pinning (really CA pinning).
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
Nutshell version: pinning is what SSH has been doing with host keys
since the get-go.
--
Rich P.
On Tue, Nov 11, 2014 at 6:50 PM, Richard Pieri wrote:
> Nutshell version: pinning is what SSH has been doing with host keys since
> the get-go.
Yes, that.
( Can't imagine why this wasn't done day 1 for HTTPS also unless they
thought the initial set of CAs would have indefinite oligopoly. )
--
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Bill Ricker
>
> On Tue, Nov 11, 2014 at 6:50 PM, Richard Pieri
> wrote:
> > Nutshell version: pinning is what SSH has been doing with host keys since
> > the get-go.
>
> Yes, that
On 11/12/2014 12:02 AM, Bill Ricker wrote:
( Can't imagine why this wasn't done day 1 for HTTPS also unless they
thought the initial set of CAs would have indefinite oligopoly. )
Simple: Netscape designed SSL to be easily compromised by federal
authorities. They did it that way instead of usin
19 matches
Mail list logo
