I overheard a conversation the other day and being a bit of a techie, it got me really interested. "Just hide your SSID broadcast, and they won't be able to hack into your Router." Boasted some guy who has probably "fixed a computer before, so he's a Computer tech".
I didn't actually chime in and shoot him down straight away, so I went away and did some digging around. Within a few minutes of perusing Google and YouTube, I found a Linux distribution called Backtrack. This little gem of an OS can be loaded onto a USB memory stick, and will boot off that and no installation onto a hard drive is necessary. Took me a little while to get it working, but once all the little bugs were ironed out, I was staring at a desktop background with the words Backtrack splashed all over it.
So, being a bit of a Unix/Linux newbie, I started a little self-study on how to actually use the console, and what applications I could use to illicit torture to my poor router.
So, first up: Find out if hiding the SSID was actually "hidden". Simple answer, No. With a little persistance, you can actually find out the SSID, as the stations (computers, consoles, mobile phones, wifi printers - the list goes on) actually blurt the name out, and direct the name to the MAC address of the router in question. This took all of 10 seconds to figure out.
Ok, so I have the SSID, now what?
Doing another quick YouTube search, I found out that I can get an application to actually deauthorise a computer from a router. I don't need anything fancy, nor even be on the wifi network. What this does, is send the de-auth packet targeted at the station, and makes it reauthenticate back to the router. It does this by spoofing the mac address of the router, so that the computer thinks this is a genuine request. The computer then reauthenticates, and the application that you use just received it and recorded it. Here's where the fun starts.
So, another application that is included with backtrack, is something called Crunch. This will try and crack the password of the authentication packet you got from the station, and just brute force it's way in until the right password is found. The longer and more complex the password, the longer it will take to crack.
I know that my router came shipped with letters only as the default password, and it was 8 characters long, using alphabet characters only. So, let's put this into math.
26^8= 208,827,064,576. That would be the possible pool of password choices. Big number, isn't it?
My laptop was capable of doing roughly 4,500 passwords a second via the CPU, and at that rate, it would take 46406014 seconds, which is 537 days.
Good, that's pretty secure, just make sure I change the password once a year, and I should be fine.... right?
NO!
Let me explain a new concept that has been developed by Nvidia and ATi. What they've done, is allow the computer to use the graphics card for processing power, so that it can share the load. Graphics cards are built and designed with huge data processing in mind, with working out physics, lighting, etc. So, doing brute force attacks with a GPU would be childs play. GPU's can do about 45,000 passwords a second, that's 10 times faster than the CPU in my laptop could do!
Let's recalculate that, shall we?
208,827,064,576/45,000 = 4,640,601 seconds, or 53 days....
Ok, so that's getting to the point of being dangerous, and you'd need to possibly change your key every month to stay ahead of the game.
Aaaand now, I'll introduce you to the tech called SLI. (You knew there was a catch, didn't you!)
SLI, allows you to install more than 1 video card into your computer, and they balance the processing load. So, effectively doubling the processing power. So now, we're bordering 90,000 passwords a second and that pushes it down to ~27 days. Get a third card, you see where this is going.
If someone is persistent enough, they'll get in. Get more computers all cracking at the same time, and it soon becomes clear that this will be cracked in no-time.
Lets just say, you have 26 computers at your disposal, each with 2 graphics cards, each doing 90,000/sec, and each computer has the first letter configured in the crack, so that computer only needs to crack the last 7 letters. This reduces the number of combinations from 208 Billion, to a mere 8,031,810,176. So one of the 26 computers will get the key in just 24 hours! That's on the premise that the key is the highest value of *ZZZZZZZ.
But all of this number crunching above can be circumvented by the dreaded WPS system. This uses an 8 character numerical code that you can type instead of the network key. There are 99,999,999 different combinations, and is easily crackable. This will actually reveal the network key, no matter how complex, or how long, or whether or not you even use special characters.
So, to sum it up, wireless "can" be secure, just whatever you do, DON'T USE WPS. Also, use capitals, numbers and special symbols, and at least 10 numbers. You've heard this all before "use secure passwords, blah blah blah". But be warned, if someone hijacks your wifi connection and does some "questionable activity" on it, YOU will be the one that the police will be grilling.
Tuesday 4 December 2012
Monday 26 March 2012
To Free, or not to free. That is the question
Hello and welcome to my first blog. I will be posting blogs about all sorts of random stuff, so without further adieu, here we go.
So this weekend, I decided to have a bit of a clean-out. I have a bunch of old junk that is just gathering dust, and I was about to shove it all into the car and take it to the local recycling depot.
I then remembered a website that my Aunty used to get a TV stand off, and thought "Eh, I'll give it a try". Freecycle.org
So I rummaged around the house for stuff I dont use/want anymore. Couple of candidates were:
- A Playstation 2, with Gran Turismo 4 which I haven't used in years.
- A polaroid 600 camera (previous owner of the house left it here and I've never used it)
- An old DVD player, I have a PS3, so there is no use for this anymore.
- A printer (I wanted to get rid of, because the cartridges require you take a mortgage out to buy)
- A VHS player, and a few more odds n sods.
I posted these up at around 7am Sunday morning, and by 7:30, I just decided to check my email Inbox, and sure enough, I had 3 emails waiting already! Excitedly, I opened the emails up, and I already had 2 requests for the Playstation, and one for the DVD player.
The main thing that then hit me was "Who do I give it to?"
You read their stories, and surely enough, they do tug at the heart strings. On the one hand, you have some illiterate person that didn't bother spell checking before hitting send, and the other person tells you their story about how their child has wanted a console for years, but couldn't afford it.
Moral Dilemma let me tell you. After feeling all charitable, I made my mind up and gave them a ring. They were over the moon that I'd chosen them, and it felt nice that I could put some of this old junk to good use somewhere.
About an hour later, the lady who wanted the printer and the DVD player for her son's room turn up. First thing that struck me immediately, I could tell that they didn't have a lot of money (if any). They weren't in designer clothes, nor in a fancy car. The car mind you, I was actually surprised it was moving, the thing was rattling so bad I thought I'd have to get a tow truck out to get it shifted off my driveway as it was about to pack up!
Afternoon rolls on, and within 6 hours of posting my stuff, it had all gone. Pretty productive day, I must say!
Had an early night, and woke up at the crack of dawn again this morning.
I went online to freecycle this morning just to have a nose about and see if any new offerings were put up, and someone was offering an M&S Rug (http://www.marksandspencer.com/Marks-and-Spencer-Godda-Chenille/dp/B0055VQG9I?extid=TP_2_FRO_T_MSF_ ). Valued at around £150 new, so its pretty nice. They said just needs a bit of a clean which is fine.
I thought, "lets see if I can be lucky and get this rug", as I've always wanted one, but the price has always turned me off actually going and getting one.
I had learned a thing or two about how to pull at people's heart strings from my productive day on Sunday, and I wrote a nice little email out to the poster asking if I could have it, as it would be a nice addition to my bare lounge (which it is). I left my phone number, and then hit send. I then stared at my phone for a good 5 minutes, but as the age old saying goes, "A watched pot never boils". Sure enough, the phone sat there staring back at me thinking I was a lunatic.
About 30 minutes later, my phone springs to life blaring out the bog-standard ring tone (I really do need to change it to something a bit more interesting), and frightened the life out of me.
"Hello?"
"Oh hi, I'm just responding to your email about the rug, and it is yours if you want it!"
"Oh thank you so much!"
She gave me the address that I need to go to later on today, and I must say, I feel stupidly happy, and can't wait to go pick it up later.
"This isn't just a rug, its a Marks & Spencer Rug..." :D
At least this rug wont end up on a tip along with all the other useful working stuff that someone else can use.
Think before you throw stuff out, there is a very high probability that someone would cherish that piece of junk you have in your hand. Less landfill, more happy people :)
So this weekend, I decided to have a bit of a clean-out. I have a bunch of old junk that is just gathering dust, and I was about to shove it all into the car and take it to the local recycling depot.
I then remembered a website that my Aunty used to get a TV stand off, and thought "Eh, I'll give it a try". Freecycle.org
So I rummaged around the house for stuff I dont use/want anymore. Couple of candidates were:
- A Playstation 2, with Gran Turismo 4 which I haven't used in years.
- A polaroid 600 camera (previous owner of the house left it here and I've never used it)
- An old DVD player, I have a PS3, so there is no use for this anymore.
- A printer (I wanted to get rid of, because the cartridges require you take a mortgage out to buy)
- A VHS player, and a few more odds n sods.
I posted these up at around 7am Sunday morning, and by 7:30, I just decided to check my email Inbox, and sure enough, I had 3 emails waiting already! Excitedly, I opened the emails up, and I already had 2 requests for the Playstation, and one for the DVD player.
The main thing that then hit me was "Who do I give it to?"
You read their stories, and surely enough, they do tug at the heart strings. On the one hand, you have some illiterate person that didn't bother spell checking before hitting send, and the other person tells you their story about how their child has wanted a console for years, but couldn't afford it.
Moral Dilemma let me tell you. After feeling all charitable, I made my mind up and gave them a ring. They were over the moon that I'd chosen them, and it felt nice that I could put some of this old junk to good use somewhere.
About an hour later, the lady who wanted the printer and the DVD player for her son's room turn up. First thing that struck me immediately, I could tell that they didn't have a lot of money (if any). They weren't in designer clothes, nor in a fancy car. The car mind you, I was actually surprised it was moving, the thing was rattling so bad I thought I'd have to get a tow truck out to get it shifted off my driveway as it was about to pack up!
Afternoon rolls on, and within 6 hours of posting my stuff, it had all gone. Pretty productive day, I must say!
Had an early night, and woke up at the crack of dawn again this morning.
I went online to freecycle this morning just to have a nose about and see if any new offerings were put up, and someone was offering an M&S Rug (http://www.marksandspencer.com/Marks-and-Spencer-Godda-Chenille/dp/B0055VQG9I?extid=TP_2_FRO_T_MSF_ ). Valued at around £150 new, so its pretty nice. They said just needs a bit of a clean which is fine.
I thought, "lets see if I can be lucky and get this rug", as I've always wanted one, but the price has always turned me off actually going and getting one.
I had learned a thing or two about how to pull at people's heart strings from my productive day on Sunday, and I wrote a nice little email out to the poster asking if I could have it, as it would be a nice addition to my bare lounge (which it is). I left my phone number, and then hit send. I then stared at my phone for a good 5 minutes, but as the age old saying goes, "A watched pot never boils". Sure enough, the phone sat there staring back at me thinking I was a lunatic.
About 30 minutes later, my phone springs to life blaring out the bog-standard ring tone (I really do need to change it to something a bit more interesting), and frightened the life out of me.
"Hello?"
"Oh hi, I'm just responding to your email about the rug, and it is yours if you want it!"
"Oh thank you so much!"
She gave me the address that I need to go to later on today, and I must say, I feel stupidly happy, and can't wait to go pick it up later.
"This isn't just a rug, its a Marks & Spencer Rug..." :D
At least this rug wont end up on a tip along with all the other useful working stuff that someone else can use.
Think before you throw stuff out, there is a very high probability that someone would cherish that piece of junk you have in your hand. Less landfill, more happy people :)
Subscribe to:
Posts (Atom)