Re: wi-fi security?
On Tue, 1 Sep 2009 09:07:34 +0300 Andrei Popescu andreimpope...@gmail.com wrote: On Mon,31.Aug.09, 18:10:24, Celejar wrote: Google did not explain why using this new feature was so important, Perry said. This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they're secure but they're really not. I just checked and I found I had set this (probably since the first time I noticed it). Next to the setting is a link to http://mail.google.com/support/bin/answer.py?hl=enctx=mailanswer=74765 which among others says: Please note that selecting 'Always use https' will prevent you from accessing Gmail via HTTP (Hypertext Transfer Protocol). In addition, it may make Gmail a bit slower. If you trust the security of your network, you can turn this feature off at any time. I can imagine all but the paranoid users (like me ;) actually activating this after reading the paragraph above. Do you mean I CAN'T imagine? Anyway, I immediately activate Always use https after reading the articles I cited; I guess I'm paranoid, like you ;) Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Mi,02.sep.09, 10:18:10, Celejar wrote: I can imagine all but the paranoid users (like me ;) actually activating this after reading the paragraph above. Do you mean I CAN'T imagine? Of course, was a typo ;) Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: wi-fi security?
On Mon,31.Aug.09, 18:10:24, Celejar wrote: Google did not explain why using this new feature was so important, Perry said. This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they're secure but they're really not. I just checked and I found I had set this (probably since the first time I noticed it). Next to the setting is a link to http://mail.google.com/support/bin/answer.py?hl=enctx=mailanswer=74765 which among others says: Please note that selecting 'Always use https' will prevent you from accessing Gmail via HTTP (Hypertext Transfer Protocol). In addition, it may make Gmail a bit slower. If you trust the security of your network, you can turn this feature off at any time. I can imagine all but the paranoid users (like me ;) actually activating this after reading the paragraph above. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: wi-fi security?
On Wed, 5 Aug 2009 12:27:24 -0500 Boyd Stephen Smith Jr. b...@iguanasuicide.net wrote: ... If the wireless network uses WPA, you might be safe. There are some fairly sophisticated attacks against WPA personal, that don't require much resources besides time. So, treat those networks has if they have no security. However, WPA enterprise and WPA2 are still secure at this point in time; you can trust that an attacker can't see your packets between your radio and the AP's radio. Are you referring to this, or something else: http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-In-60-Seconds Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Monday 31 August 2009 01:04:57 Celejar wrote: On Wed, 5 Aug 2009 12:27:24 -0500 Boyd Stephen Smith Jr. b...@iguanasuicide.net wrote: If the wireless network uses WPA, you might be safe. There are some fairly sophisticated attacks against WPA personal, that don't require much resources besides time. So, treat those networks has if they have no security. However, WPA enterprise and WPA2 are still secure at this point in time; you can trust that an attacker can't see your packets between your radio and the AP's radio. Are you referring to this, or something else: http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-I n-60-Seconds Actually, I think I was referring to the earlier 12 to 15 minute attack, although I didn't get either from slashdot. In any case, it would appear that I was mis-remembering the severity of the attack. Breaking the TKIP would let the attacker on the network, but it wouldn't necessarily let them sniff your packets. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: wi-fi security?
On Mon, 31 Aug 2009 12:55:46 -0500 Boyd Stephen Smith Jr. b...@iguanasuicide.net wrote: ... Actually, I think I was referring to the earlier 12 to 15 minute attack, although I didn't get either from slashdot. http://www.itworld.com/security/57285/once-thought-safe-wpa-wi-fi-encryption-cracked http://it.slashdot.org/article.pl?sid=08/11/06/1546245tid=76 In any case, it would appear that I was mis-remembering the severity of the attack. Breaking the TKIP would let the attacker on the network, but it wouldn't necessarily let them sniff your packets. The article actually claims that inbound packets from the AP *are* readable with the attack, although outbound packets aren't: There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack The article on the new attack also claims that packets can be read: http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-In-60-Seconds Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima. Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Thu, 06 Aug 2009 00:07:57 -0400 Nick Lidakis nlida...@verizon.net wrote: On Wed, Aug 05, 2009 at 07:45:48AM -0400, Zachary Uram wrote: 2) How do I make my laptop more secure so others on wifi network can't steal or sniff my packets? If you're using Gmail over wifi you should be logging in with https:gmail.com. Using https encrypts not just the login but the entire session. You should see, in Firefox, the little yellow lock in the lower right hand corner of the screen to validate this. I don't think that this is correct: A security researcher at the Defcon hacker conference in Las Vegas on Saturday demonstrated a tool he built that allows attackers to break into your inbox even if you are accessing your Gmail over a persistent, encrypted session (using https:// versus http://). When you log in to Gmail, Google's servers will place what's called a session cookie, or small text file, on your machine. The cookie identifies your machine as having presented the correct user name and password for that account, and it can allow you to stay logged in to your account for up to two weeks if you don't manually log out (after which the cookie expires and you are forced to present your credentials again). The trouble is that Gmail's cookie is set to be transmitted whether or not you are logged in with a secure connection. Now, cookies can be marked as secure, meaning they can only be transmitted over your network when you're using a persistent, encrypted (https://) session. Any cookies that lack this designation, however, are sent over the network with every Web page request made to the Web server of the entity that set the cookie -- regardless of which of the above-described methods a Gmail subscriber is using to read his mail. As a result, even if you are logged in to Gmail using a persistent, encrypted https:// session, all that an attacker sniffing traffic on your network would need do to hijack your Gmail account is force your browser to load an image or other content served from http://mail.google.com. After that, your browser would cough up your session cookie for Gmail, and anyone recording the traffic on the network would now be able to access your Gmail inbox by simply loading that cookie on their machine. http://voices.washingtonpost.com/securityfix/2008/08/new_tool_automates_cookie_stea.html And see: http://fscked.org/blog/fully-automated-active-https-cookie-hijacking The correct fix (from the WaPo article): Web sites can say, 'Only transmit cookies for the https:// version of these image elements, but Gmail, Facebook, Amazon and a whole bunch of other sites just don't do this, Perry said. I should note here that this attack is hardly new. Perry said he told Google about this problem a year ago, about the same time he posted an alert to the Bugtraq security mailing list about it. Late last month, Google finally announced a new setting for Gmail users labeled Always Use https://;. While people who have selected this option are immune from this attack, many Gmail users may errantly assume that they are just as protected if they start the login process by typing a persistent, encrypted connection ( https://mail.google.com) into their browser. Without checking the new Always Use https://; setting in Gmail, users remain vulnerable to this attack. Google did not explain why using this new feature was so important, Perry said. This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they're secure but they're really not. And see: http://fscked.org/blog/how-properly-provide-mixed-http-and-https-support Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Wed, Aug 05, 2009 at 12:37:30PM -0600, Paul E Condon wrote: On 2009-08-05_14:27:26, Johann Spies wrote: On Wed, Aug 05, 2009 at 07:45:48AM -0400, Zachary Uram wrote: Got a new laptop and was wondering about wifi security. I've never used wifi before. I wanted to go to some of the local coffee shops that offer free wii but I need to know: 1) How do I setup wifi in Linux? The easiest way is to use network-manager. If you click on the Icon in your toolbar it should show you the detected networks. You can use the Create New Wireless Network... or Connect to Hidden Wireless Network... to set up connections. I am having some difficulty with network-manager. Aptitude says it is installed on my Acer Aspire one, but I don't have an Icon in my toolbar that leads me to a place where I am offered either of these two options (which both have specific mention of Wireless Network). I normally don't have this problem on Ubuntu laptops but on Debian I had to run 'nm-applet' to get the Icon up on the Panel. It might help if you put it in the startup-applications. Regards Johann -- Johann Spies Telefoon: 021-808 4599 Informasietegnologie, Universiteit van Stellenbosch Rest in the LORD, and wait patiently for him: fret not thyself because of him who prospereth in his way, because of the man who bringeth wicked devices to pass. Psalms 37:7 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Wed, Aug 05, 2009 at 03:28:21PM -0500, Preston Boyington wrote: Paul E Condon wrote: wicd has been flawless for me since i started using it. After playing with wicd for a week or three I went back to network-manager. I cannot remember what my problem with wicd was, but it was just easier to use network-manager in the end. Regards Johann -- Johann Spies Telefoon: 021-808 4599 Informasietegnologie, Universiteit van Stellenbosch Rest in the LORD, and wait patiently for him: fret not thyself because of him who prospereth in his way, because of the man who bringeth wicked devices to pass. Psalms 37:7 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On 06 Aug 2009, Micha Feigin wrote: On Wed, 5 Aug 2009 17:50:29 +0100 Anthony Campbell a...@acampbell.org.uk wrote: When I installed network-manager a week ago it blocked wired access to my router. I expect I could have reconfigured it in some way but it turned out to be unnecessary for my purpose so I removed it and everything worked normally again. This isn't an argument against using network-manager, just a warning of something to look out for. I guess that you setup things in /etc/network/interfaces. When using network manager or wicd you should not have any interfaces that you want to manage with them appear in /etc/network/interfaces. Also, by default they both try to use dhcp to setup the nic. If you use a specific address then it needs to be setup explicitly. They are much more useful for roaming connections (moving from wifi to/from wired on a laptop) and are not too useful on a desktop. Anthony Yes, that's correct; I do have /etc/network/interfaces set up. I don't need either network-manager or wicd here. Anthony -- Anthony Campbell - a...@acampbell.org.uk Microsoft-free zone - Using Debian GNU/Linux http://www.acampbell.org.uk (blog, book reviews, and sceptical articles) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Wed, Aug 05, 2009 at 12:27:24PM -0500, Boyd Stephen Smith Jr. wrote: However, NO wireless security protocol can protect you from packet sniffing at or *behind* the AP. If the entity that provides the network is a potential attacker, you must use end-to-end security (ssh, ssl, tls, vpn, etc.) for anything not public. IMO, this is the most important point in all discussions of wireless network security. It doesn't matter how secure the wireless connection itself is, the internet at large is (and almost certainly always will be) an untrusted network. If you're already treating all connections across the public internet as untrusted, then it really doesn't matter all that much whether the wireless network you're connected to is trustworthy or not. -- Dave Sherohman -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
Manon Metten wrote: snipped ...when I tried this, aptitude asked if it should remove 'network-manager-kde'. As I'm using that app and don't have wireless, I cancelled the installation. yes, this will also happen if you are running the gnome network manager. it's sort of 'all or nothing'. another option for wifi (and wifi only) is wifi-radar. i used to use it with great success, but didn't need to after switching to wicd since it handled all network connections. -- Arrant Drivel - really, it's just trash... http://www.arrantdrivel.com/ Where the road takes me - a highwayman's perspective http://www.prestonboyington.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On 2009-08-06_08:16:34, Preston Boyington wrote: Manon Metten wrote: snipped ...when I tried this, aptitude asked if it should remove 'network-manager-kde'. As I'm using that app and don't have wireless, I cancelled the installation. yes, this will also happen if you are running the gnome network manager. it's sort of 'all or nothing'. another option for wifi (and wifi only) is wifi-radar. i used to use it with great success, but didn't need to after switching to wicd since it handled all network connections. A related question: On my LAN before I got the Acer, I was not using DHCP on any Linux host. I suppose that I was not actually using network-manager at all on any of these host. Correct? If true/yes, I could remove network-manager on these without suffering any difficulties. Correct? I probably couldn't actually do it because of dependencies that are enforced by the apt-get system. But should I really worry about it not working on my computers that intercommunicate only via /etc/hosts? I want DHCP in the Acer because I intend to use it in the outside world, not merely on my LAN. But I want to set it up on my LAN, and hopefully, prepare it for defending itself in the outside world. I now see wicd in aptitude on the Acer. I did have a problem with access to backports. Thanks to everyone. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul E Condon wrote: I want DHCP in the Acer because I intend to use it in the outside world, not merely on my LAN. But I want to set it up on my LAN, and hopefully, prepare it for defending itself in the outside world. I now see wicd in aptitude on the Acer. I did have a problem with access to backports. Thanks to everyone. I've just been using wicd for a couple of days intermittend wired and wireless connections to different networks and can just say that it works great. If you don't have some peculiar reason for sticking to network-manager, you should be fine to remove it. IIRC there are different options for using dhcp with wicd. I use dhcp3-client. Cheers, Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkp7HWwACgkQC1NzPRl9qEXvNQCcC6qwrrLjjtka64+zvMUMkgDx HVQAnjPGhRXiFp2kzno35hr7YLo2Li4m =N6w4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Boyd Stephen Smith Jr. wrote: BTW, self-signed certificate != end-to-end security, it is trivial for an attacker to perform a man-in-the-middle attack. Except, if it is you who self-signed BOTH certificates (and verify that it is still the one you signed), IIUC. Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkp7HrgACgkQC1NzPRl9qEXKlACfTVognIEMUSYRT3lKR/mSzCaX aF8An3KJy6ZFZD/u+ryUqjsmFPDzf0UT =sMTl -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
In 4a7b1eb8.1030...@physik.blm.tu-muenchen.de, Johannes Wiedersich wrote: Boyd Stephen Smith Jr. wrote: BTW, self-signed certificate != end-to-end security, it is trivial for an attacker to perform a man-in-the-middle attack. Except, if it is you who self-signed BOTH certificates (and verify that it is still the one you signed), IIUC. Better to create your own CA and import it into your trust chain. That may not be possible in every environment. If not, checking the certificate fingerprint[1] *every* *time* you establish a connection is an acceptable substitute. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ [1] And don't use MD5 if your data is more valuable that a top-end video card. Use SHA-1 if you have to; SHA-2 if possible; SHA-3 as soon as it is available. signature.asc Description: This is a digitally signed message part.
wi-fi security?
Got a new laptop and was wondering about wifi security. I've never used wifi before. I wanted to go to some of the local coffee shops that offer free wii but I need to know: 1) How do I setup wifi in Linux? 1) How do I detect and connect to public free network(s)? 2) How do I make my laptop more secure so others on wifi network can't steal or sniff my packets? I heard many people using free wifi get heir passwords sniffed, etc. Running Ubuntu 9.04 and Debian 5.01 triple boot with Vista Home Premium. Any Linux programs for detecting available wifi signals and connecting to them and any wifi security apps? Also another problem is that when at home I want my laptop to be able to share my DSL connection, right now my desktop is connected directly (static IP, no PPoE just raw ethernet frames) to the DSL modem and I was hoping I can keep this setup and find a way to attack my laptop when I want to use it at home so what hardware would I need and how should I set it up? So right now I have: phone jack UPS DSL modem desktop NIC I setup the networking manually by editing the appropriate files. I want the laptop to automatically connect to the wired network at home when I connect it and to wireless networks also, not sure if this can be done. Zach -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Wed, Aug 05, 2009 at 07:45:48AM -0400, Zachary Uram wrote: Got a new laptop and was wondering about wifi security. I've never used wifi before. I wanted to go to some of the local coffee shops that offer free wii but I need to know: 1) How do I setup wifi in Linux? The easiest way is to use network-manager. If you click on the Icon in your toolbar it should show you the detected networks. You can use the Create New Wireless Network... or Connect to Hidden Wireless Network... to set up connections. 1) How do I detect and connect to public free network(s)? See the previous answer. 2) How do I make my laptop more secure so others on wifi network can't steal or sniff my packets? When you use a network that is not using a wpa-protocol it is more vulnerable. Regards Johann -- Johann Spies Telefoon: 021-808 4599 Informasietegnologie, Universiteit van Stellenbosch I am crucified with Christ, nevertheless I live; yet not I, but Christ liveth in me: and the life which I now live in the flesh I live by the faith of the Son of God, who loved me, and gave himself for me. Galatians 2:20 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
Johann Spies wrote: On Wed, Aug 05, 2009 at 07:45:48AM -0400, Zachary Uram wrote: Got a new laptop and was wondering about wifi security. I've never used wifi before. I wanted to go to some of the local coffee shops that offer free wii but I need to know: 1) How do I setup wifi in Linux? The easiest way is to use network-manager. If you click on the Icon in your toolbar it should show you the detected networks. You can use the Create New Wireless Network... or Connect to Hidden Wireless Network... to set up connections. I second the recommendation for network-manager. If you don't want it for some reason (e.g. you're allergic to Gnome dependencies), wicd is a useful alternative. I have also had decent success with wifi-radar some time ago. 1) How do I detect and connect to public free network(s)? See the previous answer. 2) How do I make my laptop more secure so others on wifi network can't steal or sniff my packets? When you use a network that is not using a wpa-protocol it is more vulnerable. wpa helps against others on the same network. However, it's a good idea in general to use encrypted access (SSL, SSH, etc.) for all sensitive services to that sniffing the packets doesn't gain an attacker anything. And many free public access points do not use WPA. WPA is primarily useful for keeping unauthorized people from using your network; this is a moot point for a public access point. If you follow good general security practice by only giving out passwords over SSL-encrypted connections (https, configure IM and mail programs to never send passwords in the clear, etc.), then you don't really need to worry. The wireless (even without WPA) will be no less secure than plugging in to someone else's network or using the Internet at large. - Michael -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On 05 Aug 2009, Michael Ekstrand wrote: The easiest way is to use network-manager. If you click on the Icon in your toolbar it should show you the detected networks. You can use the Create New Wireless Network... or Connect to Hidden Wireless Network... to set up connections. I second the recommendation for network-manager. If you don't want it for some reason (e.g. you're allergic to Gnome dependencies), wicd is a useful alternative. I have also had decent success with wifi-radar some time ago. When I installed network-manager a week ago it blocked wired access to my router. I expect I could have reconfigured it in some way but it turned out to be unnecessary for my purpose so I removed it and everything worked normally again. This isn't an argument against using network-manager, just a warning of something to look out for. Anthony -- Anthony Campbell - a...@acampbell.org.uk Microsoft-free zone - Using Debian GNU/Linux http://www.acampbell.org.uk (blog, book reviews, and sceptical articles) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
In ecfa260c0908050445l7c843b7qe4aef32632547...@mail.gmail.com, Zachary Uram wrote: 2) How do I make my laptop more secure so others on wifi network can't steal or sniff my packets? That depends on the security used by the network, which is not a choice you make when connecting to it, but rather a choice made by the entity that provides the network. If the wireless network has no security, packets are basically plain-text. Don't do anything over this network that isn't public or end-to-end secured (ssh, ssl, tls, vpn, etc.). If the wireless network has WEP security, packets are encrypted, but in a way that is trivial to break. Anyone that wants to put in some effort can see your packets. Treat this the same way you would a network with no security. If the wireless network uses WPA, you might be safe. There are some fairly sophisticated attacks against WPA personal, that don't require much resources besides time. So, treat those networks has if they have no security. However, WPA enterprise and WPA2 are still secure at this point in time; you can trust that an attacker can't see your packets between your radio and the AP's radio. However, NO wireless security protocol can protect you from packet sniffing at or *behind* the AP. If the entity that provides the network is a potential attacker, you must use end-to-end security (ssh, ssl, tls, vpn, etc.) for anything not public. BTW, self-signed certificate != end-to-end security, it is trivial for an attacker to perform a man-in-the-middle attack. Actually, that's true for any certificate that doesn't already have chain of trust to your trusted certificate authority stores. It's also true for any ssh/vpn fingerprint that you haven't approved over a secured link. If you get a trust/don't trust prompt over a non-trusted network, DO NOT TRUST! -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: wi-fi security?
On 2009-08-05_14:27:26, Johann Spies wrote: On Wed, Aug 05, 2009 at 07:45:48AM -0400, Zachary Uram wrote: Got a new laptop and was wondering about wifi security. I've never used wifi before. I wanted to go to some of the local coffee shops that offer free wii but I need to know: 1) How do I setup wifi in Linux? The easiest way is to use network-manager. If you click on the Icon in your toolbar it should show you the detected networks. You can use the Create New Wireless Network... or Connect to Hidden Wireless Network... to set up connections. I am having some difficulty with network-manager. Aptitude says it is installed on my Acer Aspire one, but I don't have an Icon in my toolbar that leads me to a place where I am offered either of these two options (which both have specific mention of Wireless Network). I do have something called Network Monitor. But its only mention of wireless is Edit wireless networks... (the ellipsis is part of what is actually displayed, not something I introduced to shorten this email) When I click on this Edit wireless networks... option, I get a screen that has text boxes labeled Network, Name:, and bssids:. All boxes are empty, and I have no idea what to type into them. I do not see any use of the word Create or of Connect, or Hidden. I know I am within radio range of my daughters Apple Air Port, because it is about 10 feet away, and the Acer detects it immediately when I reboot into Windows. What do I select in the Add to Panel window to get the icon that you are writing about? Or how do I get Network Monitor to report on wireless as well as wired networks? There are plugins to metwork-monitor mentioned in aptitude. Which, if any, might include the functionality that you have? -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
Paul E Condon wrote: snipped I am having some difficulty with network-manager. Aptitude says it is installed on my Acer Aspire one... Paul, seriously take a look at wicd. network-manager is now the second thing I uninstall on my Debian/Ubuntu machines (the first being the update-manager because I prefer to use Aptitude). wicd has been flawless for me since i started using it. -- Arrant Drivel - really, it's just trash... http://www.arrantdrivel.com/ Where the road takes me - a highwayman's perspective http://www.prestonboyington.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
* Zachary Uram net...@gmail.com [2009 Aug 05 07:04 -0500]: Got a new laptop and was wondering about wifi security. I've never used wifi before. I wanted to go to some of the local coffee shops that offer free wii but I need to know: 1) How do I setup wifi in Linux? Have a supported chipset (Atheros is good) Install the wicd package. Enjoy! -- The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true. Ham radio, Linux, bikes, and more: http://n0nb.us/index.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Wed, 5 Aug 2009 17:50:29 +0100 Anthony Campbell a...@acampbell.org.uk wrote: On 05 Aug 2009, Michael Ekstrand wrote: The easiest way is to use network-manager. If you click on the Icon in your toolbar it should show you the detected networks. You can use the Create New Wireless Network... or Connect to Hidden Wireless Network... to set up connections. I second the recommendation for network-manager. If you don't want it for some reason (e.g. you're allergic to Gnome dependencies), wicd is a useful alternative. I have also had decent success with wifi-radar some time ago. When I installed network-manager a week ago it blocked wired access to my router. I expect I could have reconfigured it in some way but it turned out to be unnecessary for my purpose so I removed it and everything worked normally again. This isn't an argument against using network-manager, just a warning of something to look out for. I guess that you setup things in /etc/network/interfaces. When using network manager or wicd you should not have any interfaces that you want to manage with them appear in /etc/network/interfaces. Also, by default they both try to use dhcp to setup the nic. If you use a specific address then it needs to be setup explicitly. They are much more useful for roaming connections (moving from wifi to/from wired on a laptop) and are not too useful on a desktop. Anthony -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On 2009-08-05_15:28:21, Preston Boyington wrote: Paul E Condon wrote: snipped I am having some difficulty with network-manager. Aptitude says it is installed on my Acer Aspire one... Paul, seriously take a look at wicd. network-manager is now the second thing I uninstall on my Debian/Ubuntu machines (the first being the update-manager because I prefer to use Aptitude). wicd has been flawless for me since i started using it. I find myself with a very puzzling problem. I want to look at wicd, but I can't. When I tried to install it with aptitude, I could not find it using / search. More puzzling still - I am using approx, the apt proxy, running on a lenny machine that is separate from my desktop and my Acer. I know the proxy is working because I have been using it for at least two months to configure two other specialized servers and my desktop. I used it in the re-install of lenny today, and it worked for that. I still cannot find wicd in aptitude on the Acer, even after this totally new install. **But** I can find it in aptitude on my desktop host. The only differences that I can think of are things that surely should not affect the visibility of a package in aptitude, namely: 1) I selected laptop in tasksel for tha Acer, but not for any of the other hosts. 2) I use /etc/hosts on the other machines, but DHCP on the Acer (DHCP is being served by my D-Link router. It has been doing it successfully for a lon time for the iMacs on the LAN and it allows the Acer to access the web) What could I be doing wrong? Any ideas, anyone? I'm really pretty sure that neither of these differences is the cause of the problem. I must be doing something really dumb, but I can't see what it is. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
Hi Paul, I'm running Lenny and found wicd on Debian Backports at: http://packages.debian.org/lenny-backports/wicd You should add the next line to your /etc/apt/sources.list (ie: if you're too using Lenny) deb http://www.backports.org/debian/ lenny-backports main contrib non-free run 'aptitude update', ignore the error msg, install the backports-keyring an update again: # aptitude update # aptitude install debian-backports-keyring # aptitude update Then you can install wicd as follows: # aptitude install -t etch-backports wicd However, when I tried this, aptitude asked if it should remove 'network-manager-kde'. As I'm using that app and don't have wireless, I cancelled the installation. Greetings, Manon. On Thu, Aug 6, 2009 at 6:04 AM, Paul E Condonpecon...@mesanetworks.net wrote: On 2009-08-05_15:28:21, Preston Boyington wrote: Paul E Condon wrote: snipped I am having some difficulty with network-manager. Aptitude says it is installed on my Acer Aspire one... Paul, seriously take a look at wicd. network-manager is now the second thing I uninstall on my Debian/Ubuntu machines (the first being the update-manager because I prefer to use Aptitude). wicd has been flawless for me since i started using it. I find myself with a very puzzling problem. I want to look at wicd, but I can't. When I tried to install it with aptitude, I could not find it using / search. More puzzling still - I am using approx, the apt proxy, running on a lenny machine that is separate from my desktop and my Acer. I know the proxy is working because I have been using it for at least two months to configure two other specialized servers and my desktop. I used it in the re-install of lenny today, and it worked for that. I still cannot find wicd in aptitude on the Acer, even after this totally new install. **But** I can find it in aptitude on my desktop host. The only differences that I can think of are things that surely should not affect the visibility of a package in aptitude, namely: 1) I selected laptop in tasksel for tha Acer, but not for any of the other hosts. 2) I use /etc/hosts on the other machines, but DHCP on the Acer (DHCP is being served by my D-Link router. It has been doing it successfully for a lon time for the iMacs on the LAN and it allows the Acer to access the web) What could I be doing wrong? Any ideas, anyone? I'm really pretty sure that neither of these differences is the cause of the problem. I must be doing something really dumb, but I can't see what it is. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
Hi Paul, Sorry, made an error. You should use or course: # aptitude install -t lenny-backports wicd Greetings, Manon. On Thu, Aug 6, 2009 at 6:48 AM, Manon Mettenmanon.met...@gmail.com wrote: Hi Paul, I'm running Lenny and found wicd on Debian Backports at: http://packages.debian.org/lenny-backports/wicd You should add the next line to your /etc/apt/sources.list (ie: if you're too using Lenny) deb http://www.backports.org/debian/ lenny-backports main contrib non-free run 'aptitude update', ignore the error msg, install the backports-keyring an update again: # aptitude update # aptitude install debian-backports-keyring # aptitude update Then you can install wicd as follows: # aptitude install -t etch-backports wicd However, when I tried this, aptitude asked if it should remove 'network-manager-kde'. As I'm using that app and don't have wireless, I cancelled the installation. Greetings, Manon. On Thu, Aug 6, 2009 at 6:04 AM, Paul E Condonpecon...@mesanetworks.net wrote: On 2009-08-05_15:28:21, Preston Boyington wrote: Paul E Condon wrote: snipped I am having some difficulty with network-manager. Aptitude says it is installed on my Acer Aspire one... Paul, seriously take a look at wicd. network-manager is now the second thing I uninstall on my Debian/Ubuntu machines (the first being the update-manager because I prefer to use Aptitude). wicd has been flawless for me since i started using it. I find myself with a very puzzling problem. I want to look at wicd, but I can't. When I tried to install it with aptitude, I could not find it using / search. More puzzling still - I am using approx, the apt proxy, running on a lenny machine that is separate from my desktop and my Acer. I know the proxy is working because I have been using it for at least two months to configure two other specialized servers and my desktop. I used it in the re-install of lenny today, and it worked for that. I still cannot find wicd in aptitude on the Acer, even after this totally new install. **But** I can find it in aptitude on my desktop host. The only differences that I can think of are things that surely should not affect the visibility of a package in aptitude, namely: 1) I selected laptop in tasksel for tha Acer, but not for any of the other hosts. 2) I use /etc/hosts on the other machines, but DHCP on the Acer (DHCP is being served by my D-Link router. It has been doing it successfully for a lon time for the iMacs on the LAN and it allows the Acer to access the web) What could I be doing wrong? Any ideas, anyone? I'm really pretty sure that neither of these differences is the cause of the problem. I must be doing something really dumb, but I can't see what it is. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Wed, 5 Aug 2009 22:04:13 -0600 Paul E Condon pecon...@mesanetworks.net wrote: I find myself with a very puzzling problem. I want to look at wicd, but I can't. When I tried to install it with aptitude, I could not find it using / search. Check your sources.list. wicd comes from the wicd repository rather than Debian's. -- Raquel Question with boldness even the existence of God; because if there be one, He must approve the homage of Reason rather than that of blindfolded Fear. --Thomas Jefferson -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: wi-fi security?
On Wed, Aug 05, 2009 at 07:45:48AM -0400, Zachary Uram wrote: 2) How do I make my laptop more secure so others on wifi network can't steal or sniff my packets? If you're using Gmail over wifi you should be logging in with https:gmail.com. Using https encrypts not just the login but the entire session. You should see, in Firefox, the little yellow lock in the lower right hand corner of the screen to validate this. I don't know if the other webmail services offfer this feature. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org