This is Olpersonality's TypePad Profile.
Join TypePad and start following Olpersonality's activity
Olpersonality
Recent Activity
What about reStructuredText?
Commented Oct 26, 2012 on The Future of Markdown at Coding Horror
The Future of Markdown
Markdown is a simple little humane markup language based on time-tested plain text conventions from the last 40 years of computing. Meaning, if you enter this… …you get this! Lightweight Markup Languages ============================ According to **Wikipedia**: > A [lightweight markup lan...
For nitpickers, let me be more clear:
Vulnerable:
WEP
WPA/WPA2 Personal using Wireshark
WPA Enterprise using brute force
WPA2 Personal/Enterprise with TKIP using brute force
Harder but Vulnerable:
WPA2 Enterprise AES
Perfect:
...
For Wireshark's excellent "How To Decrypt 802.11" website:
http://wiki.wireshark.org/HowToDecrypt802.11
Do you trust your coffee shop to use the right wireless security settings? If not, the above advice - "be very careful how we browse on unencrypted wireless networks" - is insufficient. Be very careful how you browse on any network you don't trust, period, and if you're very worried about security, tunnel.
Commented Nov 14, 2010 on Breaking the Web's Cookie Jar at Coding Horror
Breaking the Web's Cookie Jar
The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works: Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn't require a password before you can connect to it. Install Firefox and the Firesheep add-in. W...
@Mircea Chirea
Bugmenot5 is right. In a standard WPA2 setup, as long as the attacker is listening when you connect to the network, encryption is not sufficient.
WPA2 uses PTK for private transmission between the AP and each client, but in order to set up the PTK channel, it has to send the key to the client in the first case. This is done via the broadcast GTK, and any users who are already connected to the network (authorized users) can intercept the key that is sent. That is, if I am on the network when you connect, then I will see the key the AP sends you via GTK that you will use to encrypt your PTK messages, and thus I can trivially decrypt each one. Further, if I have the right tools, I can force you to disconnect and reconnect, so even if you connected before I did, it won't really matter that much (just an extra step).
Even in the case where the right tools are set up to prevent this attack (and doing so is far beyond the reach of most coffee shops), there are other proven man-in-the-middle attacks against WPA2. Assuming that WPA2 will protect you is not a good idea. Here's an example:
http://www.networkworld.com/newsletters/wireless/2010/072610wireless1.html
VPN is an excellent suggestion; if you have a host somewhere you trust that can serve as a proxy for all of your web traffic then using it through VPN, SSH tunnel, or otherwise, it is a great way to protect yourself.
TL;DR: wireshark can still snoop your traffic if it is on the network before you; wpa2 isn't good enough, but VPN is
Commented Nov 14, 2010 on Breaking the Web's Cookie Jar at Coding Horror
Breaking the Web's Cookie Jar
The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works: Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn't require a password before you can connect to it. Install Firefox and the Firesheep add-in. W...
Olpersonality is now following The Typepad Team
Nov 14, 2010
Subscribe to Olpersonality’s Recent Activity
0 Favorites
Around The Web
