Posts Tagged ‘security’

How To, And How Not To, Kind of Half-Heartedly Secure Your Wireless Network

Saturday, December 6th, 2008

So we finally got our own internet for the house.

It’s BigPond cable broadband with the wi-fi net gateway option so we don’t have to have a million network cables running all through the house like back in the good old days. And thus so, we have successfully added to the band of happy little access points that seem to be peppered around the various units and houses surrounding us.

Most these days popping up seem to be of the WPA or WPA2 variety (essentially the same thing), though there are still a few of the tired old WEP strains still kicking around in the wild. We even managed to spot one or two of the rare unsecured, unencrypted access points, sitting and waiting,  inviting, though at least they seemed to have evolved the ability to filter MAC addresses in the event of any attempted interfacing.

Well, first off, MAC filtering might sound like a pretty good defence mechanism against parasites and leeches, blocking packets from any and all devices excepting the trusted few. Unfortunately it is quite easy with a program like Macshift for a device to masquerade as another device, thus fooling the little unwary access point into serving tasty data — a bit like those cuckoo birds that trick other birds into raising their young.

WEP is not that much better. It’s been dead for years. Most can be successfully penetrated within ten minutes using linux, a bit of know-how and the aircrack suite.

WPA seems pretty solid at the moment, and that’s what we’re using. If you can capture a handshake between a client and an access point you can run a dictionary attack if their password is pretty simple, or a brute force attack, which can take considerably longer — at worst up to a few billion years of computation.

We didn’t want to make ours too difficult to crack however (where’s the fun in that?), so you’re welcome to come down Brunswick Street and give it a try. SSID is currently beaconing as “rocknroll” and we’ll even give you a special clue: the passphrase is a line from a song befitting the SSID.

The prize is free internet! At least until we change the password 🙂

But seriously, if you know you’re the jealous type with who your wireless access point associates with, use WPA encryption and a long password, preferably one with a random series of letters, numbers, and special characters. Then people would probably have more luck physically breaking into the house and plugging a network cable in directly than they would trying to hack your wireless.

Stay safe!

Secure Mail with S/MIME

Friday, October 24th, 2008

Support for S/MIME seems to be everywhere now, to enable secure email transactions. Still, it appears no one is using it; too hard to set up; don’t understand all that certificate authority mumbo jumbo; and no one else uses it (a catch-22). Actually it’s pretty easy, and far more widely supported and more versatile than PGP, which I was experimenting with a little while ago with moderate success.

First thing you’ll need is a free email certificate. I was previously using thawte to generate certificates, but found Comodo‘s system to be heaps easier and vastly superior. So head on over and generate a secure email certificate. They will send an email to you instructing you how to collect it, and assuming you’re using Firefox (and you should be), the certificate, combined with a unique private key, will be stored within your browser.

Export the certificate/key file to your desktop or somewhere through the Advanced Options -> Encryption tab by clicking View Certificates, selecting your certificate and hitting Backup.

Then you need to import the certificate into your email client; most modern ones support S/MIME. In Thunderbird Account Settings find Security in your account then View Certificates -> Import. Then select that certificate for Digital Signing and Encryption.

Now when a new message is composed, there will be an option to encrypt the message, or digitally sign it, or both. Signing a message ensures that the email really came from the person it says it came from and was not tampered with during transmission. To encrypt a message so that nobody can read it except its intended receiver you need to have the recipient’s public email certificate. The easiest way to obtain this is to get them to send you a signed email.

I’ve set Thunderbird to automatically sign every outgoing message, so that people can reply with a secure email. Otherwise here’s my public email certificate in case you wanted to send me a secret message.

I’m phocks at gmail.

Take care.

Human Contact Through Inhuman Means

Wednesday, April 16th, 2008

“It’s not especially private, but I still don’t want you reading it.” — My brain, Me

Yesterday I dug up the GNU Privacy Guard email encryption software again, inspired by a recent wave of news about the possibility of employers being commissioned by the Australian government to monitor our emails, the old take the people’s liberties by saying you’re protecting them from ‘terrorist threats’ trick. O what insult to intelligence. My only assumption on their reason for going to the public for help in cyber-snooping is that they are too incompetent to be ‘up for the job’ themselves — if you know what I mean.

I’m unsure of what we the people have demanded in regards to secrecy of correspondence in this country. It seems, from these articles, that email spying by government agencies is just fine and dandy, but for employers it would seem to be illegal, which personally I find to be a little back to front. Perhaps it is strange to think that the government should stay out of privacy for the main part, to hold the that government be restricted in passing any law denying free access to any information, to put privacy not in the hands of any bumbling third party, but in the power of he who values it most, the individual.

I think you’ll find that although I’m not an especially private person, I do respect privacy, and am vehemently against forceful invasion of privacy, particularly by government organisations, or dangerous cults. Working the machines in an office though, I can divulge that it is extremely easy to track electronic correspondence and especially email, though I think the person I’d keep an eye on is the IT guy and not the company administrators, who most likely wouldn’t have a clue. So to those concerned about their own privacy, don’t rely on ineffectual totalitarian control — which doesn’t work from what I can tell anyway — and take your privacy into your own hands.

That’s my little rant over anyway. This post is really just about the creation of a contact details page that I made. Included on that page is my PGP Public Key so that anyone can encrypt an email to me and it would take anyone else about a hundred million years to crack. Also, if anyone does have a public key, could they send it to me, or leave it in the comments here, so I can add it to my keyring.

Human contact is a valuable thing in this age on inhumanism.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32)

mQGiBEaTEzQRBACi8sAHqPNz2E3Em0gcKjn+5bbvbyoCft1MenScdXV0tNsii+84
MnrPC6nVfafQcq+5uok8sj546+oClHXkZGB6qOL71wvxfVpuyegfkptj5/vxoUwL
+U0FExlRHcYYkCSN61Ju8+2BF3QR8hT24J+5GPTEZAugHVpRjV1wigsK8wCg7tph
l4DqOsyg5/b4w1s7oiff+aEEAKAwPa0+0FukYo83i+Ixe+bIeR/im2eDN8/7c7Ur
jeDw4E+nk+Rpny/MqEUJ3ahpohvWsoYAZpZuIFlY823QLUMKN0OpEfTxuwantDS7
D7B+ny9EzZIszPBzXKRCcG/456LIJROT0Ww9yp4PJDuokmNqcJwjmNa4HMU74cCF
nyGTA/466ZmHveFg/IXFK+AGMDBXfc5G5fFHIk22HcWEYlu7ZRsdG9Mom23fL4P9
/PRsN0ERM1+pSN8y2ckmGWCCD/LJDyy25knOgC7kkXufqSqEScB5e9PM3btO5qkq
9PohjRf5dIclSTh6F69vOJAae2N+1JnIkqhh63FOBN+ZoLrVjLQZcGhvY2tzIDxw
aG9ja3NAZ21haWwuY29tPohmBBMRAgAmAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC
F4AFAkgDgrUFCQ0qN6wACgkQ4+k/c8RCFvHk+QCgyEYUKAZKCjEIzJX9Jym9cTwo
bgwAnRnRd2kiHf0ru9pIb453bz2mJ82puQINBEaTEzQQCACesakpz2QAUgbZUtXw
ghORc8kd8jwBz3qyie+K5PTIkh1Fisa0wBzM45ceak4H+j3UVjyNYqAa5jlamRnY
9PP3jSFVwyz9Q2o5i3m6yDC8GoIVAwVyuFCF3vvm6QjRuUxmLJ/V0UB3K11lxTGO
QzXcsdsQBlw3OB7kqYfxwtHHaC5HUqb4EBPfYSllQRgz2PAj8IgqwIl4Te+PJHlF
JlaZFbd6rNYc1nUKO1OLVdIcQ/kDiS3lMDFuPh5DjG213KOj1J2Mm4wN69Nj2H8L
S/eLxLuaCMIzhYnQkYTlZJC8HMxxzGAmNOjrM3NalAagJqSui669zfHBuJ9Nk7xZ
4KXvAAMFB/4noEzVYeLXEWz4uxtIt2+bLAK5pdoB9JEtxpekXmNzqVGe5OU8v3Ie
fHPELLxHWxvXd8A2qDS6n5SiySjcO/oxihutw6JKkFHHs1mP+uzGrCdCw7PSWm4q
Ipxd7Gsv336nMutb+zZM1dFh1iyWql8zkEX6donkqiao9PqSqvPTtYDcDWCjm08H
H/nY2UE9YE1MfwrRD65XFKNkNplBrZDsrOzIlcTROWXWl/5TXxfF/7Oz6TmE8wQK
dUskKv4ajHL91gRDLWzzlLjuEI7X/xQdRiR8sm9qsDyC3RSDjEN6K3UOXwxKFCc7
Js/rkmOpmnRvuOaMCH/fi8IDkuXvkjOXiE8EGBECAA8FAkaTEzQCGwwFCQlmAYAA
CgkQ4+k/c8RCFvHq6gCg5wyxtele6HhHfu98E0nxUZAxfPUAnRprFQfG6uwOBqRb
Qf618/wX5Xwd
=umby
-----END PGP PUBLIC KEY BLOCK-----

That’s my public key anyway. I use a Firefox add-on called FireGPG to add encryption to emails.