Raspberry Pi Zero 新增了對外的無線網路與藍牙...

Raspberry Pi Zero 本來是沒有網路功能的,對於 IoT 應用有點綁手綁腳,現在則出了加上無線網路與藍牙的版本,Zero W:「New product! Raspberry Pi Zero W joins the family」。

本來的 Zero 是 USD$5,有無線網路與藍牙的 Zero W 要 $10,然後也有出專用的殼:

這樣應用好像多了一些...

歐盟法院認為公開無線網路的營運者不需要對使用者的侵權行為負責

歐盟法院 (The Court of Justice of the European Union) 認為公開無線網路的營運者不需要對使用者的侵權行為負責:「EU Court: Open WiFi Operator Not Liable For Pirate Users」。

不過這是有一些前提的,法院認為應該要符合這幾個要件,營運方才不要負責。基本上完全沒有 filter 限制的無線網路會符合這些條件:

The Court further notes that in order for such ‘mere conduit’ services to be exempt from third party liability, three cumulative conditions must be met:

– The provider must not have initiated the transmission
– It must not have selected the recipient of the transmission
– It must neither have selected nor modified the information contained in the transmission.

帶這並不代表丟著不管,而是在發生後要求改善:

In an effort to strike a balance between protecting a service provider from third party liability and the rights of IP owners, the Court ruled that providers can be required to end infringement.

“[T]he directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers,” the Court found.

One such measure could include the obtaining of an injunction which would force an operator to password-protect his open WiFi network in order to deter infringement.

但法院並不同意直接監控:

On a more positive note, the Court rejected the notion of monitoring networks for infringement or taking more aggressive actions where unnecessary.

“[T]he directive expressly rules out the adoption of a measure to monitor information transmitted via a given network. Similarly, a measure consisting in terminating the internet connection completely without considering the adoption of measures less restrictive of the connection provider’s freedom to conduct a business would not be capable of reconciling the abovementioned conflicting rights,” the Court concludes.

網路對現在的言論自由非常重要,所以只有在確認侵犯他人權益的情況下才採取必要措施,歐盟法院這樣判大概是覺得這樣吧...

WiGLE (Wireless Geographic Logging Engine)

WiGLE 是個蒐集無線網路資訊的服務 (i.e. SSID、mac address 以及定位位置),依照維基百科上的資料,WiGLE 計畫從 2001 年開始,到現在快十五年了:

The first recorded hotspot on WiGLE was uploaded in September 2001.

趁著最近 Pokémon Go 會跑來跑去,就順便幫忙蒐集資料了...

目前我蒐集資料的方式是透過 WiGLE 的 Android 應用程式 (Wigle Wifi Wardriving) 開著讓他背景跑,然後回到家以後上傳,過一陣子讓系統更新後就可以看到了。

Linksys 的 WRT54GL

前幾天跟同事聊到 Android 刷機的事情,而最近剛好看到介紹這台無線分享器裡的名機,LinksysWRT54GL:「
The WRT54GL: A 54Mbps router from 2005 still makes millions for Linksys」,第一款被廣泛應用在各種客製化硬體的機器。


取自維基百科的「File:Linksys WRT54G.jpg

從 2005 年開始賣,到現在 2016 年還是繼續在賣,而且這東西支援的無線規格很舊,還比其他的無線分享器貴不少:

Witness the Linksys WRT54GL, the famous wireless router that came out in 2005 and is still for sale. At first glance, there seems to be little reason to buy the WRT54GL in the year 2016. It uses the 802.11g Wi-Fi standard, which has been surpassed by 802.11n and 802.11ac. It delivers data over the crowded 2.4GHz frequency band and is limited to speeds of 54Mbps. You can buy a new router—for less money—and get the benefit of modern standards, expansion into the 5GHz band, and data rates more than 20 times higher.

但不只能賣,還賣的很好:

Despite all that, people still buy the WRT54GL in large enough numbers that Linksys continues to earn millions of dollars per year selling an 11-year-old product without ever changing its specs or design.

量大到 Broadcom 還是繼續支援,然後產品 PM 就抱怨他搞不懂:

"To be honest, it somewhat baffles my mind," Linksys Global Product Manager Vince La Duca told Ars. But production won't stop any time soon as long as Linksys' suppliers, including chipmaker Broadcom, keep selling the parts needed to build the WRT54GL. "We'll keep building it because people keep buying it," La Duca said.

只能說,施主您多保重...

Audi 準備在 New York International Auto Show 上惡搞無線網路

就是車商的那個 Audi 打算在 New York International Auto Show 上惡搞無線網路,推銷自家的 A4:「Audi is trolling the competition with its Wi-Fi at the New York Auto Show」。

據說再過幾天就會知道實際情況了...

利用 MAC address 抓出網路攝影機 (AirBnB 事件後續的反制)

之前 AirBnB 的屋主在屋內安裝攝影機而打官司的事情繼續被討論:「Beware, houseguests: Cheap home surveillance cameras are everywhere now」。有人提出自救方法,作者使用 DropCam 與 Withings 的 MAC Address Prefix 抓出網路攝影機:「Detect and disconnect WiFi cameras in that AirBnB you’re staying in」。

由於 MAC address 不需要知道 WPA passphase,所以可以直接掃出來。作者提供的程式需要使用 airmon-ng 來掃無線網路。

另外作者有點出這個方法可以打掛透過無線網路的裝置 (像是 WiFi jammer),用在安全機制上 (也就是這些產品本來的設計) 未必有效,還是建議用有線網路接:

For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.

另外要注意的是,在美國地區使用這樣的技術可能是違法的,使用時請自己負責:

It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.

Mac OS X 10.10.4 beta 把會讓網路一直斷的 discoveryd 幹掉了...

OSNews 上看到 Mac OS X 10.10.4 的 beta 版把 discoveryd 幹掉了:「Apple drops discoveryd in latest OS X beta」。報導引用自「Apple drops discoveryd in latest OS X beta following months of network issues」。

移除 discoveryd 幾乎是拿到 Mac OS X 後必須要做的事情,不然無線網路會一直斷線... 從今年年初到現在,總算是暫時解決了這個問題 :o

接下來等正式 release...

iOS 8 的 DoS 攻擊:強制無限重開機

Twitter 上看到別人 retweet 的新聞:

RSA Conference 發表的 0-day exploit:「iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range」。

Adi Sharabani and Yair Amit of Mobile security firm Skycure presented their latest research, titled "No iOS Zone", at the RSA security conference in San Francisco on Tuesday.

示範影片:

起因自 iOS 對惡意 SSL certificate 的處理會造成重開機:

All an attacker need to do is create a malicious wireless network that uses the Wi-Fi connection in order to manipulate SSL certificates sent to iOS handsets.

目前最好的解法是關閉無線網路:

Another best measure is to simply avoid the free wireless networks you find in the street providing public Internet access.

利用 WPS 實做上的問題攻擊,而取得 WPA 密碼

在「Wi-Fi Router Attack Only Requires a Single PIN Guess」這邊看到利用 WPS 實做上的弱點攻擊而取得 WPA 的密碼。

投影片取自「Offline bruteforce attack on WiFi Protected Setup」這邊:

利用各種方法攻擊,像是不夠安全的 PRNG (Pseudo Random Number Generator)。

作者的建議是,關掉 WPS 會比較安全 XD

把家裡的無線網路換成 DD-WRT

看到「WRTnode Opened for $25」這個網站的時候,就想起來家裡還在用中華電信數據及提供的無線網路,訊號有點差... 算了一下 USD$25 就算不算運費也要 NTD$750 左右,還是到 PChome 24h 上找一台可以刷 DD-WRT 的機器來用...

後來是找到「D-Link Wireless N 實用版無線寬頻路由器 DIR-615」這台 NTD$399 的福利品:

會選這台是因為這台出一陣子了,雖然 802.11n 是 draft,但我在家裡用無線網路時不在意... 另外在 DD-WRT 的資料庫內是全部都支援,花白工的機會比較低:

拿到的時候背面可以看到是 E4 的硬體,對應到 DD-WRT 資料庫:

後面就照著官方的 Installation 文件做,把該設定的值設一設就收工了...