[ale] how can a firewalled PC POSSIBLY be attacked?
Jim Kinney
jim.kinney at gmail.com
Thu Jan 24 09:02:04 EST 2013
On Wed, Jan 23, 2013 at 5:20 PM, Ron Frazier (ALE) <
atllinuxenthinfo at techstarship.com> wrote:
> **
> Yeah Jim, I'm starting to feel like that.
>
> I appreciate all the information. Frankly, it's starting to make my eyes
> cross. I'm going to have to revisit some of the technical details when my
> brain is a bit less foggy. I think it's supper time. That must be the
> problem. I tried wireshark on Windows 7 64 bit to try to snoop on my own
> pc's on my wlan. I never succeeded, even though I know the psk. I'm sure
> other more knowledgeable people would probably succeed.
>
> Here's what I think I've gotten from the discussion:
>
> A) Sitting on open wifi, non ssl / vpn traffic. Anybody (with knowledge,
> tools, and motive) can see whatever I do.
>
> B) Sitting on shared password WEP wifi, non ssl / vpn traffic. Anybody
> can see whatever I do.
>
> C) Sitting on shared password WPA wifi, non ssl / vpn traffic. Anybody
> that captures my logon sequence can see whatever I do.
>
> D) Sitting on any network, using email in SSL mode. ASSUMING that the
> client brings up the SSL connection before exchanging authentication data,
> I should be OK.
>
The encrypted stream of data is mostly OK. SSL has some holes and that
requires latest-greatest versions.
>
> E) Sitting on any network, going to the bank. ASSUMING I'm in SSL mode
> before entering my login credentials, I should be OK.
>
ditto SSL
>
> F) Using a commercial VPN like HotspotVpn and ASSUMING they configured it
> properly, anything I do should be OK data wise. However, there still may
> be vulnerabilities in the networking stack / firewall that I'm still
> exposed to.
>
Encrypted stream is protected unless using older SSL (see above). VPNs use
multiple methods of securing the channel and some are better than others.
SSL is easy to setup and fast but breakable in certain circumstances. IKE
and password-protected key exchange stuffs with asymmetric keys are as
close to bullet-proof as we can get right now. Their weak point is the key
itself. So each end sends the pub key to the other, then one encrypts a
random string with the pub key and sends out. The other end decrypts and
reencrypts with the other pub key. If the ends agree, tunnel is built using
a SYMMETRIC key that is changed on a regular schedule. This is still
subject to MitM attacks unless system keys are known on both ends.
All traffic outside the VPN is wide open, raw, unfiltered, adulterated,
yeah, fun stuff!
>
> Hopefully that is the main gist of it.
>
> Sincerely,
>
> Ron
>
>
>
> On 1/23/2013 4:28 PM, Jim Kinney wrote:
>
>
> To sum up this entire thread:
>
> Get off the Internet and read a dead-tree book you got from a trusted
> source.
>
> --
> --
> James P. Kinney III
> *
> *Every time you stop a school, you will have to build a jail. What you
> gain at one end you lose at the other. It's like feeding a dog on his own
> tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> *
> http://electjimkinney.org
> http://heretothereideas.blogspot.com/*
>
>
>
> --
>
> (To whom it may concern. My email address has changed. Replying to former
> messages prior to 03/31/12 with my personal address will go to the wrong
> address. Please send all personal correspondence to the new address.)
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone. I get about 300 emails per day from alternate energy
> mailing lists and such. I don't always see new email messages very quickly.)
>
> Ron Frazier770-205-9422 (O) Leave a message.
> linuxdude AT techstarship.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
--
--
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130124/42c0d236/attachment-0001.html>
More information about the Ale
mailing list