Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 19-11-2010, 12:12   #16
cruiser

Join Date: Oct 2007
Posts: 751
Quote:
Originally Posted by SailFastTri View Post
But I think it's wrong to yell "the sky is falling" when you're worried about just one link in a very long chain.
First, I'm happy for the debate. I'm not offended by it. I think it's a good thing and so far no one is saying, "ya mutha".

I think the risks in "the last mile" are much greater than any other part of the network chain because it's quite easy to sniff WiFi packets. It's really quite difficult to get into the internet backbone and swallow all of the data coming through. There are also physical issue of getting into the marina internet line to swipe data.

The issue to me is all about percentages. I lock my boat knowing full well that there are 20 ways someone could break into it (sledgehammer not withstanding). Still, I lock it because it's the casual "last mile" person I'm trying to keep out. The person who will go to the next boat if mine is locked. That's the way I look at this right now. Give me WPA because that will provide a quick fix. While not complete, it'll end the attack by the largest number of people capable of mounting one.
__________________

__________________
ActiveCaptain is offline   Reply With Quote
Old 19-11-2010, 12:17   #17
cruiser

Join Date: Oct 2007
Posts: 751
Quote:
Originally Posted by s/v Jedi View Post
What you all forget is that when you switch to WPA, everybody who knows the password (key).. i.e. every legitimate user of the system, can still intercept all your traffic. It just protects you against nearby hackers who do NOT know the WPA key in use.
That is technically not true. You're confusing WPA with WEP - that is the way WEP locking is implemented.

For all practical uses of WPA and WPA2 today, you could put a 10 foot sign up at the marina with the passcode allowing everyone to access the router and everyone's network traffic will have different encryption based on a different code. That's one of the reasons WPA was created. There is one WPA mode that doesn't work that way but no one uses it.

Again, I'm not saying that WPA is immune to attack. It's just really difficult and the tools aren't there right now. WPA is a pretty good quick-fix right now.
__________________

__________________
ActiveCaptain is offline   Reply With Quote
Old 19-11-2010, 12:52   #18
Registered User

Join Date: Dec 2009
Location: Ontario
Boat: 5 m Bolger runabout, plus a Starwind 860 power tri under construction
Posts: 248
WPA (or better yet, WPA2) is enough to deter the local kids from snooping around. If the government or a serious crook decides they want your data, it won't stop them.

But the average troublemaker is just out to sniff some packets, maybe catch a Facebook session cookie or an email login, and cause a bit of mischief. The next level up is the guy who's after your credit card details. Both are easily thwarted by being just careful enough that you're more trouble than you're worth, so they'll move on to easier targets. Don't send any login details over open connections, don't send any transaction details over HTTP (make sure it's HTTPS and that the certificates match) and you've deterred pretty much all the troublemakers and most of the thieves. If you're worried about confidential data in emails being intercepted, add a PGP encryption plug-in to your mail client (30 minutes of reading, 5 min of setup, many years for a crook to break into). All that's left is the serious spies, and if you have them on your tail, you need to hire a computer engineer and a lawyer, pronto.
__________________
Matt Marsh
marshmat is offline   Reply With Quote
Old 19-11-2010, 16:35   #19
Do… or do not
 
s/v Jedi's Avatar

Cruisers Forum Supporter

Join Date: Feb 2009
Location: in paradise
Boat: Sundeer 64
Posts: 9,198
Quote:
Originally Posted by ActiveCaptain View Post
That is technically not true. You're confusing WPA with WEP - that is the way WEP locking is implemented.
I'm sorry but I'm not... For WEP, you can gain access without any knowledge of the key. I crack a WEP encrypted accesspoint with some active users typically within 10 minutes.

For WPA / WPA2, the big thing to crack is the pre-shared key. Once that is done (or you know it because you have access), decrypting the traffic is not so hard anymore because the specs are open / published and the tools are available.

See cracking_wpa [Aircrack-ng] for details.

cheers,
Nick.
__________________
s/v Jedi is offline   Reply With Quote
Old 19-11-2010, 16:50   #20
Senior Cruiser

Cruisers Forum Supporter

Join Date: Oct 2005
Location: Cruising NC, FL, Bahamas, TCI & VIs
Boat: 1964 Pearson Ariel 'Faith' / Pearson 424, sv Emerald Tide
Posts: 1,531
Quote:
Originally Posted by SailFastTri View Post
Jeffrey I think your single-handed campaign is doing a great disservice to the people who occasionally need to use open WiFi.

Your efforts would be much better placed on educating about solutions. .....
Yup.

Transient cruisers (who do not like to stay in marina's) are not served by efforts to secure open networks. Let the user be responsible for their OWN security...
__________________
s/v 'Faith' is offline   Reply With Quote
Old 19-11-2010, 17:12   #21
cruiser

Join Date: Oct 2007
Posts: 751
Quote:
Originally Posted by s/v Jedi View Post
I'm sorry but I'm not...

For WPA / WPA2, the big thing to crack is the pre-shared key. Once that is done (or you know it because you have access), decrypting the traffic is not so hard anymore because the specs are open / published and the tools are available.
See, I'm actually sorry on this one.

You simplified the work required and while aircrack-ng might help with the cracking, look at the directions required to actually do the cracking. Be honest - have you step-by-step gone through all of that?

WPA is a pretty slick protocol for encryption. When a connection is first established, the passkey is used to create a special encryption key for the individual user. Every user ends up with their own key. If you're able to view the initial handshake for the connection, you can uncover the user's modified key and then can decrypt the traffic. It's important to note that the connection handshake probably happened hours before the traffic was being sniffed.

Again, there are ways around all of this for someone willing to take the extended amount of time, effort, along with the knowledge to actually do it. That's no different than an expert locksmith with the tools that can get into my boat when locked in 30 seconds. I'm not worried about him. I can't stop him. But I can stop the punk who rattles the door to see if it's open. That's what is being protected with WPA and adding all of these "but what about..." scenarios that show how it's still not bullet proof with 3 pages of detailed instructions is way off base and just, well, sorry looking.
__________________
ActiveCaptain is offline   Reply With Quote
Old 19-11-2010, 17:30   #22
Marine Service Provider

Join Date: Oct 2007
Boat: Endeavour 42CC
Posts: 1,182
Thanks Jeff

I figured you'd chime in here. I missed your newsletter info when it came in.
__________________
gettinthere is offline   Reply With Quote
Old 19-11-2010, 17:54   #23
Marine Service Provider

Join Date: Nov 2008
Posts: 1,249
Quote:
Originally Posted by S/V Antares View Post
If you can identify them in a starbucks then perhaps spilling a double tall cappacino with extra sugar on their laptop is warranted.
Yeah, but that would just embarrass them more than anything. And I don't want to waste my expensive coffee like that. I think what they really need is a good old fashioned public *** kicking.

Jeff and marshmat - Very good analogies, and very good points. It's like anything else software, music, DVD, iPhone OS. They keep coming out with update after update to encrypt, for copy protection, etc. And all they're really stopping is casual users. Because every time they come out with a new update, someone comes out with a new hack for it. Speaking of which is there a jailbreak for the latest iOS yet? I've been holding out.

Anyway, I was going to go with the, you just need to have a bigger chain than your neighbor analogy. Problem is Firesheep could be compared to new bolt cutters that would allow a grandma to chop through 1" chain like it was butter. Or like a bigger, faster, hungrier bear.
__________________
off-the-grid is offline   Reply With Quote
Old 19-11-2010, 19:01   #24
Registered User
 
doug86's Avatar

Join Date: Nov 2009
Location: Between Block Island and Bahamas
Boat: Marine Trader 40' Sedan Trawler, 1978. WATER TORTURE
Posts: 715
Quote:
Originally Posted by s/v 'Faith' View Post

Transient cruisers (who do not like to stay in marina's) are not served by efforts to secure open networks. Let the user be responsible for their OWN security...
On the contrary, its the near and in marinas where a hacker will find the biggest concentration of unsuspecting open wifi cruising lambs ripe for picking. If open networks are subject to easy intrusion, who is served by that? If every marina who offers free wifi would just add WPA it would help.

The point is not to make all WiFi fee based, but to encourage the hotspot provider to at least make a basic attempt at security.

If the world is full of free, open but vulnerable connections, it helps no one; even the ones responsible for their own security. Nor can any of the users force it to be more secure on their own behalf if the WiFi provider insists on keeping it open and unsecured.

I think you are confusing free with secure, and they are not mutually exclusive. Marinas and others can offer free connections that would easily thwart the Firesheep threat. In most cases, its just a box to click on the router settings. In fact, as Jeff pointed out, you could even broadcast to all users the password, but each would have to log in and have their own browsing session at least.
__________________
"When one is willing to go without, then one is free to go." - doug86
doug86 is offline   Reply With Quote
Old 19-11-2010, 19:13   #25
Senior Cruiser
 
Therapy's Avatar

Cruisers Forum Supporter

Join Date: Jul 2007
Location: W Florida
Boat: The Jon boat still, plus a 2007 SeaCat.
Posts: 6,894
Images: 4
Well I guess I am just a sheep that will get slaughtered.

My email is pop3. I know squat about what you guys are talking about.

Quote:
…Don't send any login details over open connections, don't send any transaction details over HTTP (make sure it's HTTPS and that the certificates match)
Certificates??? HUH? I am going to look at what?
__________________
Therapy is offline   Reply With Quote
Old 20-11-2010, 09:56   #26
Do… or do not
 
s/v Jedi's Avatar

Cruisers Forum Supporter

Join Date: Feb 2009
Location: in paradise
Boat: Sundeer 64
Posts: 9,198
Quote:
Originally Posted by ActiveCaptain View Post
See, I'm actually sorry on this one.

You simplified the work required and while aircrack-ng might help with the cracking, look at the directions required to actually do the cracking. Be honest - have you step-by-step gone through all of that?
All these complicated steps..... can be SKIPPED when you know the pre-shared key. You don't have to crack it anymore because the marina office gave it to you.

The only WPA that gives security against other authorized users on the network requires a 802.1X authentication server and private keys or certificates (each user's data gets encrypted with a different key) ... something that enterprises do most of the time but I've never seen it in use on public WiFi like operated for boaters.

The WPA-Personal security (as opposed to the "Business" variant with authentication server) is supposed to be used on an AP in the home, where the group of users is a family where only that family knows the pre-shared key. Now, if you want to decode that WiFi data from outside that family, you need to crack the pre-shared key which, like you say, isn't that easy.

Again I repeat: look up the support pages of your email provider and see if they support secure email exchange. Any decent provider should and this provides security end-to-end which is far superior than any encryption that uses pre-shared keys or passwords.

Switching on WPA with pre-shared keys on public access points is useless and it won't take long before the kiddie tools to capture this traffic are available too, while any decent hacker can already do it today (when he knows the key).

cheers,
Nick.
__________________
s/v Jedi is offline   Reply With Quote
Old 20-11-2010, 10:09   #27
Marine Service Provider

Join Date: Oct 2007
Boat: Endeavour 42CC
Posts: 1,182
On my g-mail account, under 'Browser Connection', HTTPS is selected. Am I secure?
__________________
gettinthere is offline   Reply With Quote
Old 20-11-2010, 14:21   #28
Do… or do not
 
s/v Jedi's Avatar

Cruisers Forum Supporter

Join Date: Feb 2009
Location: in paradise
Boat: Sundeer 64
Posts: 9,198
Quote:
Originally Posted by gettinthere View Post
On my g-mail account, under 'Browser Connection', HTTPS is selected. Am I secure?
for webmail.. yes if you indeed use the https page (not the normal http:// page). Most webmail login's use encrypted password too, so if you login on a regular webpage (http://) which has a check-box for secure (https) email.. if you check that box, you should next get a https page which is visible in the address line of your browser.

I don't know the specifics of gmail, sorry.

ciao!
DeVerm.
__________________
s/v Jedi is offline   Reply With Quote
Old 20-11-2010, 14:31   #29
Freelance Delivery Skipper..
 
boatman61's Avatar

Community Sponsor
Cruisers Forum Supporter

Join Date: Jan 2010
Location: PORTUGAL
Posts: 20,224
Images: 2
pirate

Quote:
Originally Posted by S/V Antares View Post
If you can identify them in a starbucks then perhaps spilling a double tall cappacino with extra sugar on their laptop is warranted.

Personally ... thank you Jeffery. A reasonable heads up.
Thay're welcome to hook into me.... I got free worms that'll keep em amused for hours....Lmao
__________________


Born To Be Wild
boatman61 is offline   Reply With Quote
Old 28-11-2010, 01:12   #30
Registered User

Join Date: Feb 2008
Posts: 2,062
Quote:
Originally Posted by SailFastTri View Post
snip

PS -- Jeffrey for the record I was making a point above and don't want you to shut down your site. I think it's brilliant and love it. But I think it's wrong to yell "the sky is falling" when you're worried about just one link in a very long chain. Security has a cost in user inconvenience and encryption overhead, maintenance and cost of certificates, etc. One needs to start with the servers and applications that run on them. Please tell us about the security for your site, or why it is or isn't needed.
Jeffrey -
Some uses just don't need protection. Do I care whether someone intercepts a weather query? No.

When you decide to change the world you've got to think about your glass house. I've been hoping you would answer the bold portion above. It seems you're raising alarms about everyone else's connection but haven't addressed legitimate questions about what's under your direct control.
__________________

__________________
SailFastTri is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security While Away from Your Boat betachz Liveaboard's Forum 108 15-10-2010 05:31
WiFi Antenna Installation Issue Zydeco Marine Electronics 30 12-08-2010 18:13
WiFi Security nhschneider Marine Electronics 6 08-12-2009 18:43
boatyard security shellback Off Topic Forum 18 23-05-2007 11:01
WiFi security onboard? elf Marine Electronics 31 14-12-2006 09:24



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 00:59.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.