triphazard

I just read the "leaked" draft of the senate encryption bill. It looks awful and contradictory in addition to the adjectives the wired article gave it. My senator's office is across the street from where I work. So I plan on stopping by over lunch on Monday to irritate her staff, by listing off the ways that that bill could break the internet while failing to solve the problems it is aimed at fixing. Wired article here http://www.wired.com/2016/04/senates-draft-encryption-bill-privacy-nightmare/ vice article here http://motherboard.vice.com/read/leaked-burr-feinstein-encryption-bill-is-a-threat-to-american-privacy draft here https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft Anyway, I'm a bit annoyed right now that someone thought what they have so far was worth writing down.

screwdriver

For coldboot attacks, I can only find a few answers. Like "don't let anyone steal your laptop", and make sure it's powered off when you're not using it. One thing I've always wondered, is how can I be sure my system hasn't been tampered with. Yes, I have an encrypted drive, but no, my boot sector obviously can't be encrypted. I suppose I could boot from a USB and verify it's integrity some how before rebooting. Could use Arch, or something else that comes small and boots fast, to create a utility to boot, check, display an ok or danger message, and reboot. But I have no idea where to start to mitigate a bios modification. What vectors can be used to modify BIOS. And how would one test for or resolve issues. I completely expect what the three letter agencies to use yesterday to be used by criminals tomorrow.

I absolutely despise setups like this. Well, it's not that I despise the setup, but more the fact that signatures are accepted in this manner. I'm starting to see more and more places doing this. If it weren't for the ease of forgery and modification afterwards, I wouldn't really have a problem with it. It's not against the businesses that employ tools like these, but against anyone who would accept one of these documents as valid. I also have some problem with organizations that would support accepting these documents as valid, so ignore the first part of my last sentence. Sorry, I know I really didn't answer your question, I had to get that out. It's just one of my peeves.

Thanks for the heads up. BTW, latest google chrome for linux will run it on some distros out of the box, as long as you check prefer HTML 5 in your netflix settings. Unlike the article below says, user-agent switching not required. https://www.google.com/chrome/browser/?platform=linux www.pcworld.com/article/2687243/netflix-on-linux-how-to-get-it-today-and-why-its-such-a-pain.html

Dead yes...no. Reaver specifically, maybe....WPS still has it's nefarious uses, even if it locks out. Seeing as how most home users/small business owners don't seem to know it exists, it still has it's uses for persistence on the network. Seeing how WPS was built for convenience, yet know one seems to ever use it. It's my personal opinion, that WPS is an epic failure overall. But picture this scenario, asshat gains access, then gains access to admin pages. Asshat then copies down WPS pin, and enables it if it's not already enabled. Owner suspects router compromised for one reason or another. Could be the sluggishness of the network from our friendly neighborhood asshat's excessive torrent usage. Owner changes WPA PSK. Asshat uses WPS to retrieve WPA PSK. Wash rinse repeat. Wow, neat treat? As far as "reaver is dead" goes... as far as I know the developer dropped the project. So it's old unsupported software that targets old unsupported routers. There may be some changes to WPS on newer routers, I haven't really looked into it. In that case, someone might fork reaver(doubtful). And by the way, it's not just comcast techs. I've seen Frontier techs doing the same thing. It's another one of those things that will probably never go away. Like password1, and cookie reuse. BTW, who ever got a pin in the first 15 minutes? Must have been nice. What I'm actually kind of curious about now, since I haven't had Comcast lately, is the use of that username and password for their hotspot portals. Are those creds used anywhere else? Because if something that I feel would be easily harvested could be used to access anything else, it would deter me from using Comcast again.

There is no need to start bruteforcing yet....have you checked for vulnerabilities for that model/version/firmware? I mean....accepting unauthenticated commands, password disclosure, etc...Before I go too far into this, why are you trying to get onto a network with mac address filtering? And why don't you want to reset it?

yes

I will give you a solution as clear as your question.... get a screwdriver.

I was reading through Tim Tomes' website when I found this link and thought of this thread. Why fight with admin rights when you don't need to right? Let windows do the work. http://pauldotcom.com/2012/03/retrieving-wireless-keys-from.html I plan on checking this out sometime when I get home tomorrow. But if the article is correct(Tim Tomes linked to it, and he's freakin' awesome) those keys aren't protected, they're just obscured a bit in a proprietary way (best security ever), so that settings can still be imported and exported. The reason why it would be this way baffles me, which is why I still intend to check it out for myself. The article was written for Vista when they changed the way windows handles wireless PSKs, which I don't believe has changed again yet. Please correct me if I'm wrong.

http://en.wikipedia.org/wiki/Comparison_of_netbooks columns 16 and 17 in the specifications table also http://en.wikipedia.org/wiki/Ultrabook#Specifications and http://blog.laptopmag.com/all-day-strong-longest-lasting-notebooks Wikipedia isn't always up to date. However, their information is organized better than most commercial sites.

try nmaping something that you KNOW the ports from. There is a good chance you're only nmaping the captive portal. Have you tried wget with IP address? Keep in mind, if you find your way out, a few nice men who used to work for bell-atlantic might get in touch with you.

the lines I used was something like wget -r (ip) cd (ip) # it created a directory with the ip address as the name cat * | grep -i 'pw\|pass' I might have grepped for a few more things, but I remember it popping right up

So you say it's form based eh? Before you go all nutty bruteforcing, you might as well poke around a bit and see what it'll let you access without auth. I had an old belkin a while back that I could gain access to with....wget -r, and a little bit of grep. The really sad part is, after I knew what I was looking for, I found that particular line that mattered was actually loaded into the browser in a login.stm. Line began with " var password = " followed by an md5 hash of the password. Cool right? Then I found that all I needed to do was use tamper data and copy and paste and that was it. Routers suck sometimes. I doubt yours has this particular flaw, it looked like it was made in house. But you might learn more from poking around at it. I hydra completely broke on your machine, or are you just missing some protocols?

I've been thinking of parental control ideas for myself as well. I've recently decided to get an openWRT router. With my situation it would be simplest to maintain 2 sets of config files and 2 scripts to reconfigure my network that I will run as cron jobs. It should work for me, because I mostly want my unrestricted access after the kids go to bed, and the scripts that unrestrict me will also boot the kids, (also change the essid pw) and so they stop watching youtube videos in the middle of the night. I have a few more less creative ideas involving a VPN and firewalling DNS instead of installing 3rd party software on each machine.