Home » Posts tagged "wireless"

前員工監控公司網路的抓包過程...

看到「The curious case of the Raspberry Pi in the network closet」這篇有趣的過程,先從開頭與最後面開始看。首先是他們在辦公室裡面發現有個奇怪的設備:

追查後發現不是公司的人放的,最後發現是前員工放的,後來轉給法務部門處理了:

I checked the DNS logs and found the exact date and time when the Pi was first seen in the network. I checked the RADIUS logs to see which employee was at the premises at that time and I saw multiple error messages that a deactivated account tried to connect to wifi.

That deactivated account belongs to an ex employee who (for some reason) made a deal with management that he could still have a key for a few months until he moved all his stuff out of the building (don't ask..).

中間的過程還蠻有趣的,包括研究是什麼擴充卡 (以及用途),然後從 SD card 上面挖資料,配合 Google 找線索,還有透過 WiGLE 定位,以及透過內部系統交叉比對,最後找到兇手...

然後發現是離職員工以搬東西當作理由,讓他在離職後還有辦公室鑰匙而導致的 XDDD

Raspberry Pi 3 的新版本 Model B+

Raspberry Pi 3 推出了 Model B+ 的新版本:「Raspberry Pi 3 Model B+ on sale now at $35」。

除了 CPU 速度稍微快一些以外,另外支援了 802.11ac/5Ghz 的無線網路 (官方宣稱可以跑到 ~102Mbps,相較於先前在 2.4Ghz 只能跑到 ~35Mbps),以及更快的有線網路 (官方宣稱可以跑到 ~315Mbps,相較於先前的 ~95Mbps)。

然後是支援 PXE

Raspberry Pi 3B was our first product to support PXE Ethernet boot. Testing it in the wild shook out a number of compatibility issues with particular switches and traffic environments. Gordon has rolled up fixes for all known issues into the BCM2837B0 boot ROM, and PXE boot is now enabled by default.

以及支援 PoE 直接推動整台機器:

We use a magjack that supports Power over Ethernet (PoE), and bring the relevant signals to a new 4-pin header. We will shortly launch a PoE HAT which can generate the 5V necessary to power the Raspberry Pi from the 48V PoE supply.

或是吃更多電 XDDD

Note that Raspberry Pi 3B+ does consume substantially more power than its predecessor. We strongly encourage you to use a high-quality 2.5A power supply, such as the official Raspberry Pi Universal Power Supply.

所以看到這張圖時就不意外了 XDDD (風扇!)

只是風扇的細節要再找一下,在產品頁上好像沒看到...

Update:風扇那張圖的產品頁看起來在「Raspberry Pi PoE HAT」這頁 (參考下面的 comment)。

在 Ubuntu 16.04 上面隨機改變無線網卡的 MAC address

在「Randomize your WiFi MAC address on Ubuntu 16.04」這邊看到作者在介紹如何在 Ubuntu 上藉由改變無線網卡的 MAC address 保護自己的隱私:

Your device’s MAC address can be used to track you across the WiFi networks you connect to. That data can be shared and sold, and often identifies you as an individual. It’s possible to limit this tracking by using pseudo-random MAC addresses.

成果像是這樣:

主要應該是給 Ubuntu 的筆電使用者用...

WPA2 安全漏洞

話說 WPA2 也撐了十三年了:

WPA2 became available in 2004 and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.

這次的漏洞可以參考「Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping」這邊。

PoC 稱作 KRACK (Key Reinstallation Attacks),漏洞將會在十一月正式發表,從會議的標題名稱大概可以知道方向,是對 Nonce 下手:「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。另外站台 www.krackattacks.com 已經放好,等後續的發表更新了。

對於無線網路的各種漏洞,老方法還是目前最有效的方法,也是這次的 workaround 之一:上強度足夠的 VPN。

Update:補上論文「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。

Alphabet (Google) 的 Project Loon 拿到授權,支援波多黎各的救災計畫

Project LoonAlphabet (Google 的母公司) 透過熱氣球建立網路的計畫。

這次波多黎各災後已經好幾個禮拜了,但還是有大量的基地台還是不通。於是 Project Loon 從 FCC 得到實驗性的執照,建立行動網路:「Alphabet’s Internet balloons will try to restore cell service in Puerto Rico」。

Nearly 82 percent of cell sites in Puerto Rico and 57 percent in the US Virgin Islands are out of service, the FCC said in its daily damage report yesterday. In nearly all counties in Puerto Rico, more than 75 percent of cell sites are not working, and "22 out of the 78 counties in Puerto Rico have 100 percent of their cell sites out of service." Large percentages of residents are also without cable or wireline service.

在 FCC 的公告裡提到授權了 900Mhz 頻段:「FCC GRANTS EXPERIMENTAL LICENSE FOR PROJECT LOON TO OPERATE IN PUERTO RICO」(PDF 檔但是標題是「Microsoft Word」...)。

Project Loon obtained consent agreements to use land mobile radio (LMR) radio spectrum in the 900 MHz band from existing carriers operating within Puerto Rico.

不過由於要讓使用者可以使用現有的 SIM 卡連上網,需要當地電信業者的合作,Google 目前還沒完全確認:

Alphabet hasn't announced a schedule for providing service in Puerto Rico, and the company says it is still determining whether it will be able to help.

Project Loon must be integrated with the network of a cellular company in order to provide service, and Alphabet is “making solid progress on this next step," the spokesperson said. Project Loon is part of Alphabet's X division, formerly known as "Google X."

是一戰成名的機會...

iOS 11 的無線網路與藍芽關假的讓 EFF 不爽...

這次 iOS 11 的無線網路與藍芽需要到 Settings (設定) 裡面才能有效關掉的設計,讓 EFF 不爽寫了一篇文章:「iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security」。

On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”

不過藍芽的洞真的不少,儘量避免吧... +_+

Bose 販賣用戶隱私被告

Unroll 在旁邊燒的時候 (參考 Uber 戰火蔓延到 Unroll),Bose 也不甘寂寞決定跟上科技業的潮流:「Bose headphones spy on listeners: lawsuit」。

Bose 直接將他們 app 收集到的資訊拿出來賣:

Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.

這次打算控告的產品包括這些 (這邊提到的 Zak 是原告):

Zak is seeking millions of dollars of damages for buyers of headphones and speakers, including QuietComfort 35, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, SoundLink Color II, SoundSport Wireless and SoundSport Pulse Wireless.

編號可以記一下,之後可以拿來追蹤:

The case is Zak v Bose Corp, U.S. District Court, Northern District of Illinois, No. 17-02928.

iOS 透過無線網路的 RCE...

在「About the security content of iOS 10.3.1」這邊的說明:

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero

這描述看起來就不太妙...

Archives