Jump to content

kahhak

Active Members
  • Posts

    17
  • Joined

  • Last visited

  • Days Won

    1

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

kahhak's Achievements

Newbie

Newbie (1/14)

  1. Interesting concept - I can't say that I'd heard of it before. Isn't HSTS just SSL, but with theoretically better enforcement? With HSTS, SSL Strip wouldn't work, and return visitors should be alterted IF their browser remembers the visit and some sort of other stripping method is used. It would still break ads. It would still be a problem for mobile users who (apparently) can't use port 443. Baby steps, let's get SSL enabled first....
  2. The higher the gain (usually in dB, but sometimes i dBi - essentially the same concept, just calcualted differently) the stronger it is. My thoughts on this specific project: 1) The Verizon MiFi isn't very strong, which explains the signal dropoff. 200 feet for wifi, without special directional antennas is very doable. 2) Cat5 would work, but not if the client doesn't want it. Another hard spot is that the MiFi doesn't have an ethernet jack, so you'd need a device that could turn the wifi signal into ethernet first. Then in the barn, you'd need to plug into that ethernet either with another wireless access point, or with the laptop directly. 3) Ordinarily, another option would be to buy a wireless bridge. But again, since that MiFi doesn't have an ethernet jack, this is a little more difficult, since most bridges aren't repeaters and would requrie plugging in the modem via ethernet. There are options here, but you'd need a bridge that either works withthe MiFi via usb or that can bridge using its wireless signal. I wouldn't bother. 4) Your idea of reboadcasting is very good, you'd just need a repeater. Something like the Amped Wireless SB1000 ($80ish) should easily reach 200 feet, both in rebroadcasting the MiFi and receiving the signal from the computer in the barn. This would also improve wifi reception in the house quite significantly. Easy, as secure as the MiFi (make sure it's using a really good WPA2 key, because now you're going to be rebroadcasting to a wider area) 5) Since 200 feet isn't very far, another option is to NOT use the MiFi wifi's signal, and instead use it as a USB modem with something like the cradlepoint mbr1000. That device is like a traditional router, but it takes the MiFi as a usb modem. Then you use the cradlepoint as a router and access point. It claims a range of 750 feet. I've used one before, and had 80% strength at 300 feet, but didn't try further than that. Hope this helps. (vote this post up if it does, green + in the lower right of this post)
  3. Locking your front door is largely ineffective for stopping an indruder, but does that mean that we shouldn't lock our doors? Combination locks can be picked really easily, but does that mean that we should yell out the combination every time we unlock our own combo locks? Come on guys, let's not pretend that it's ok that a website has clear text authentication, especially a site dedicated to these type of topics. Any mobile phone service carrier that blocks SSL/443 traffic is crazy. What phones/providers do this? None of the major carriers that I know of here in the US are blocking 443. I'm disappointed that Darren hasn't chimed in on this. I'm going to assume that he's to crazy happy about the Pineapple MK4 to bother with this. Darren: I'll trade you an annual SSL certificate for the MK4...
  4. Sorry about starting this long thread - it was more to point out the irony in preaching security, but not practicing it. Why not make the site as secure as it resaonably can be? I use the same password here as I do on my luggage. It's unguessable, someone would have to try all 1000 combinations of the 3 digits to get in.
  5. Full site SSL would help to stop sidejacking, and that would be great. Full site SSL generally increases processor usage and usually screws up 3rd party ads. I can understand Darren's reluctance to implement that (though I encourage him to reconsider). However, I can't think of a good excuse not to have SSL at least for the login script. I've emailed Darren and Shannon about this a couple times, but didn't get a reply. int - I think it's time for you to continually tug on Darren's ear until he gets SSL login setup. This makes me concerned in general. Are passwords encrypted in the backend? Salted?
  6. Does anyone else see the irony that hak5.org still doesn't use SSL for its forum login? -poll added-
  7. Any chance that we can get a way to reflash the MK3 using the GUI (like you can in DD-WRT)? This would mean that we could update on the fly, without having to use redboot, etc. Might this also allow for our settings to be maintained between flashes (optional)? Just a thought.
  8. FYI, I used 2 simple wifi analyzers (inSSIDer on windows 7 and "wifi analyzer" on android). In my MK3 Wireless config, I've got: option ssid nonkarmassid option encryption none With Karma running, I still see "nonkarmassid" broadcasting on channel 11. Also, I've added "MyRealSSID" (which is encrypted running on my real router) to the SSID Black list. Still, on occasion, in the analyzers, I see the BSSID for the MK3 switch to MyRealSSID. At times I do see: "ESSID found in black list mode so not accepting the probe" in the web interface, but I without the timestamp (which I know you're working on) and the ssid that's being ignored, I'm not sure if it's my ssid or a neighbors which I also blacklisted. Last, under config wifi-device radio0 it doesn't seem to matter if I have option disabled 1 option disabled 0 no matter if karma is running or not. Do changes to these config files require a restart of the device?
  9. I do like the ability to easily add to the black / white list in the v2 firmware. However, now I don't see a way in the web interface to see the blacklisted ssid's. Assuming I'm not being a noob and missing it, I'd like to suggest adding a "view" button. Thanks
  10. I'm seeing this with a fully patched XP pro box too. This definitely wasn't the case before, certainly not with my old fon 2100. Might something in jasager changed or is this a MS update that's killed it? Would there be a way to have the MK3 broadcast a LIST of ssid's in addition to listening. I know we can setup one Karma SSID, but being able to send out beacons for multiple ssid's at once would be cool (linksys, att_wifi, etc)
  11. 1. Is there any way to reverse the sort order of the association log in the web interface? Is sure would be nice to be able to easily need new connections without having to continuously scroll down every time the association log refreshes. 2. Also, being able to stop/change the refresh rate would be nice. 3. Using a standard windows xp pro machine as a test victim I'm seeing a lot of log lines like this: Checking SSID for start of association, pass through testnet Successful association of 00:16:xx:xx:xx:xx (those two repeat a ton of times) Is that normal? 4. Last, if a wifi profile is setup on xp, no encryption, shouldn't it connect to karma automatically? I can't seem to get this to happen unless I check the "connect even if this network is not broadcasting." Thanks
  12. Huge DUH moment here! It's right there in front of my face!! My problem was that the ssid that the test machine was connecting to was called "internet" and I just overlooked the generic term in the log. DUh duh duh. Thanks for the gentle nudge in the right direction.
×
×
  • Create New...