This is indeed a nifty hack, however it seems a bit impractical and overly complicated way of protecting SSH.
I use the software script Denyhosts which runs whenever an SSH connection comes into the system
http://denyhosts.sourceforge.net/
You simply set the Account / IP address lockout threshold and so after X number of failed login attempts the system will put the connections source IP address into the hosts.deny file. The IP address stays there until eventually released, or it can stay there forever.
Thus its easy for me to share the login with friends so they can SSH and SFTP into the system and any / all attempts to guess or force a login are blocked after the threshold is reached.
Does this mean that while the plain is at the terminal, we could see its wireless network from the boarding lounge? Perhaps you could run etherial or other sniffer and get into the network, could you even exploit the bluetooth weakness like is done on cell phones. Think BlueSniper wifi / bluetooth gun. Another question, do they even have to use 802.x or bluetooth at all, they could use any frequency they want as long as they could secure it and make it reliable. I for one would not use one until all this is figured out and tested. I do not welcome our new fly by wire overlords.
How about this, instead of putting data on the laptop putting it at risk of theft don't store sensitive data on the laptop at all. Use a VPN or SSH tunnel and have the laptop access a remote server to get access to the information. You can even (and should) have the VPN / SSH server on a seporate server from where the data is located.
To futher secure it, you can setup a static route that says all remote login traffic cant access any other machine on the network except the database server. This way if the laptop is stolen, only the laptop is stolen and the data is safe. If the login server is broken into, there aren't allot of other places on the internal network the attacker can go to, provided of course you can detect / eliminate the threat before the attacker also gains access to the database server.
Well, thats my 2 cents on the topic: BTW: this is only theory, actual implementation would be more complex and thought out.
Camping 50ft from a high powered antena? If its that bad, then I'd suspect your phone or other signal obstruction. But then I live in the south SF bay area so I guess I'm not really one to talk about signal strength. BTW: Wise man say; "get to close to high power antena... and glow or fry you will."
As I recall, there are already some very high power and large wind tunnels at the NASA Ames research center in Mountain View California. http://windtunnels.arc.nasa.gov/. For those of you that live in Silicon Valley, I'm sure you are all familiar with the gigantic wind tunnel that is large enouph to handle a complete mid-sized airliner.
My solution to getting rid of the RIAA ( or at least making it less needed ) thought out in 15 min. And yes, I have googled it and found groups out there already trying this, problem is that you have to get some mainstream well known music service in on the act for those to be fully effective.
Why does the RIAA and promoters exist? To promote music, people, etc, to the general public? Do away with the RIAA and use iTunes, Napster, whatever to promote new music, artists, etc. When you have a large enough base of users that use music service XYZ, then you have a large number of people that can be quickly and easily reached. How?
+ Reach them by researching what kind of music the person purchases, then giving them free downloads of singles that are related to their preferences.
+ Make these free sample singles auto-download into their music libraries (opt out of course). I think Tivo already does something like this unless you tell it not to.
+ On the start page of music service XYZ, put banner ads for new bands.
+ They can tell if a band is popular or sufficiently popular by the number of downloads, feedback, clicks the band gets.
+ If very popular, then bring in a promotion company to arrange concerts, etc for them.
+ Thus fixed costs for promotions go down, research costs go down, RIAA is largely not needed, and prices of music can go down and thus much less music piracy
Problems:
-- Many people are still not in the digital age, so some CD stores must still exist, although even those are now much cheaper
-- DRM; hey, it's a digital age, take a look at how much DRM crap is stuffed into the ipod, DRM is so heavy because they have yet to figure out a good way of doing it that doesn't treat everyone like criminals.
-- Must still handle the costs of the promoters, making CDs, paying artists, etc.
I thought this whole thing out in like 15 min; any other ideas on how to render RIAA null or reduce the need for it?
I thought Fry's (fried) Electronics was the Walmart of the tech industry. I never go there for high end senstive electronic parts (cpu, mobo, etc). The only thing I buy there are items that are cheap, simple, and hard to damage. This is mainly because so much of their stuff is from manufacturers with low reputations and cheap stuff, futher, when an item is returned, its often miss-handled by the return counter people. I once saw a custmer returning a suposedly dead CPU, the return counter rep opened the box, took out the CPU, handled it (while wearing a flease sweeter), then put it back in the box and put it right back on the shelf to sell again. Further, the place carries everything under the sun from P_0_rn0 mags to electronics of all types to guns in some stores. If thats not an electronics version of Walmart then I don't know what is. BTW: their online store is www.outpost.com for those who dont know.
The Mythbusters did an experiment on this a few months ago. Go to the discovery channel website, lookup mythbusters and then look for the mirror experiment there.
Now this is interesting: I apologize if people see this as a flame or insulting post : When I posted a question on ask.slashdot.org. about WEP encryption problems in windows XP. (see article in ask.slashdot) I got flamed big-time about how dumb I was or how stupid windows and WEP are. Here we have a topic that really should be in the general ask.slashdot.org section and not out in the main slashdot site and what's more, there isn't anyone flaming him about googling the topic first or other nasty things. BTW: alot of information and answers to this question could have been gotten from google. Well, this is my opinion, let the flames begin.
On the advice and link to the utility. I tried using the Broadcom wireless utility to connect to the WEP encrypted AP. Connected pretty fast but no go. I posted the question to the groups as after much google searching I found alot of people with similar questions and no solutions that worked. Thus, with so many windows users out there with an un-resolved problem thought slashdot might help
Ok, i give up. I guess I'm just not going to be able to access WEP encrypted networks. I've tried:
Isolating possibility of a bad AP or NIC by using two APs and Two Laptops
Isolated possibility of Wireless config utility using Broadcom and Windows utilites on two laptops.
Double checking length of key 5 char for 64 WEP 13 char for 128 WEP.
Entered both forms of HEX keys manually and via copy / past
Double check then triple checked that it was using either open or shared keys and made sure it lined up
Tried it using WAP and Un-encrypted wireless setups and everything worked fine on both laptops and both APs
Tried newest and slightly older drivers to no effect.
Thanks for the help guys, I guess this is one of those Windows Annoyances thats just not going to get solved for anyone. If I ever post here again, I'll make sure the first post contains a better description of the symptoms of the problem and why I'm posting it on Ask Slashdot.
And BTW everyone: Yes, I do read slashot everyday and yes, I did do alot of googling on the topic and spoke to friends and phone support alot before posting the question here. I'm also an experienced Sys Admin for an SF Bay Area college with about 60 PC and Apple computers and do as much of my own tech-support as I can, problem is that I can't solve evertying.
Thanks agian for your time and effort Slashdot, Good wishes and luck to everyone.
Thnx, I hadn't thought to try using older drivers. I did however try pasting the entire hex key into the password dialog as suggested by others. The computer connected to the AP alright, but failed to move packets.
BTW: Neither laptop I tride came with a wireless configuration utility for the braoudcom (bad spelling) or Intel Wireless cards. I've been looking for an alternative to the one that comes with windows but am haveing a dog of a time with finding one for the braudcom, think I found one for the intel I'll try tonight. I'll keep looking but if you know of one already that can subistitute, I'd apprecitate it.
Thanks for the help, I believe I've already tried those ideas, but I'll run them though again for good measure a few more times. Its possible that I've miss-understood something so I'll go back and review to software and hardware, perhaps something isn't retaining its settings properly or something is miss aligned.
As for the configuration tool, neither laptop came with a configuration tool besides the one built into windows, I guess HP and Sony are getting lazy. Called Linksys and HP support and neither had an answer for me, Linksys said it was bad hardware but I'd already ruled that out and HP just didn't respond.
As for why I'm even trying to fix the problem? Well, I've done a fair amount of War Driving around town and found alot of WEP networks, even my work uses WEP (stupid huh?). So if I want to use the Wi-fi networks at work or at my friends place, I gota fix it. My Tivo cant use WPA yet. So I've got two access points, one for the WEP so the Tivo can use internet, the other for WPA so my laptops can connect.
I did try using Google for a couple weeks to see if anyone had some ideas on the cause. Found an article on Microsoft about the problem resulting from an update to the OS but I don't have the update on either system. I thought maybe the problem was a hardware issue, but if that was the case then it wouldn't work with the WPA or un-encrypted modes.
I went on the web and tried using 3rd party tools to generate the 64 and 128 bit encryption hashes to no effect. The system connects to the AP fine but then still doesn't get the IP or connect out if a static IP is entered. Even pasing the entire hex key into the password / key prompt with same results.
I'm a System Administrator for an SF BayArea college with about 100+ MAC and PC computers. Believe me, I do know how to search the internet for problem solutions but I just can't find any for this one.
**sigh** thanks for the assist, if you have any more ideas as to the possible cause / solution I'd be grateful for the help....
HumanCarbonUnit.
You guys are right, I didn't give enouph info in my origional post. Maybe I should have spent longer to try to solve the problem on my own. Either way, I've reviewd all the posts to date and I really must ask, why so much flaming? If you don't like the question or topic, just dont respond to it.
I posted this question to the Slashdot editors as I thought that it would be an opportunity to get some answers to windows users everywhere. I did Google the question several different ways and yes I did investigate the Microsoft support database. I posted the question on Slashdot because neither Google nor Microsoft could provide an answer to the dilemma. Further, I've encountered many other people on the web with a similar question and no solutions.
I'm using WPA encryption on the Airlink 101 and WEP on the Linksys as my Tivo can't use WPA and I'm not going to run an open network. I need the WEP question solved as like it or not, WEP is the standard network encryption as WPA hasn't caught on much.
If anyone has a solution as to why it is that Windows XP has such trouble with WEP encryption and networking, myself and many others would greatly appreciate the help.
My Fujitsu B3000 series with touch screen gets like 8 hours minimum with both batteries and weighs like 3 pounds! Everything is external in order to keep the weight down and the thing compact.
http://www.computers.us.fujitsu.com/www/productbri dge_bseries.shtml
Slashdot Mirror
This is indeed a nifty hack, however it seems a bit impractical and overly complicated way of protecting SSH.
I use the software script Denyhosts which runs whenever an SSH connection comes into the system
http://denyhosts.sourceforge.net/
You simply set the Account / IP address lockout threshold and so after X number of failed login attempts the system will put the connections source IP address into the hosts.deny file. The IP address stays there until eventually released, or it can stay there forever.
Thus its easy for me to share the login with friends so they can SSH and SFTP into the system and any / all attempts to guess or force a login are blocked after the threshold is reached.
Does this mean that while the plain is at the terminal, we could see its wireless network from the boarding lounge? Perhaps you could run etherial or other sniffer and get into the network, could you even exploit the bluetooth weakness like is done on cell phones. Think BlueSniper wifi / bluetooth gun. Another question, do they even have to use 802.x or bluetooth at all, they could use any frequency they want as long as they could secure it and make it reliable. I for one would not use one until all this is figured out and tested. I do not welcome our new fly by wire overlords.
How about this, instead of putting data on the laptop putting it at risk of theft don't store sensitive data on the laptop at all. Use a VPN or SSH tunnel and have the laptop access a remote server to get access to the information. You can even (and should) have the VPN / SSH server on a seporate server from where the data is located.
To futher secure it, you can setup a static route that says all remote login traffic cant access any other machine on the network except the database server. This way if the laptop is stolen, only the laptop is stolen and the data is safe. If the login server is broken into, there aren't allot of other places on the internal network the attacker can go to, provided of course you can detect / eliminate the threat before the attacker also gains access to the database server.
Well, thats my 2 cents on the topic: BTW: this is only theory, actual implementation would be more complex and thought out.
Camping 50ft from a high powered antena? If its that bad, then I'd suspect your phone or other signal obstruction. But then I live in the south SF bay area so I guess I'm not really one to talk about signal strength. BTW: Wise man say; "get to close to high power antena... and glow or fry you will."
As I recall, there are already some very high power and large wind tunnels at the NASA Ames research center in Mountain View California. http://windtunnels.arc.nasa.gov/. For those of you that live in Silicon Valley, I'm sure you are all familiar with the gigantic wind tunnel that is large enouph to handle a complete mid-sized airliner.
My solution to getting rid of the RIAA ( or at least making it less needed ) thought out in 15 min. And yes, I have googled it and found groups out there already trying this, problem is that you have to get some mainstream well known music service in on the act for those to be fully effective.
Why does the RIAA and promoters exist? To promote music, people, etc, to the general public? Do away with the RIAA and use iTunes, Napster, whatever to promote new music, artists, etc. When you have a large enough base of users that use music service XYZ, then you have a large number of people that can be quickly and easily reached. How?
+ Reach them by researching what kind of music the person purchases, then giving them free downloads of singles that are related to their preferences.
+ Make these free sample singles auto-download into their music libraries (opt out of course). I think Tivo already does something like this unless you tell it not to.
+ On the start page of music service XYZ, put banner ads for new bands.
+ They can tell if a band is popular or sufficiently popular by the number of downloads, feedback, clicks the band gets.
+ If very popular, then bring in a promotion company to arrange concerts, etc for them.
+ Thus fixed costs for promotions go down, research costs go down, RIAA is largely not needed, and prices of music can go down and thus much less music piracy
Problems:
-- Many people are still not in the digital age, so some CD stores must still exist, although even those are now much cheaper
-- DRM; hey, it's a digital age, take a look at how much DRM crap is stuffed into the ipod, DRM is so heavy because they have yet to figure out a good way of doing it that doesn't treat everyone like criminals.
-- Must still handle the costs of the promoters, making CDs, paying artists, etc.
I thought this whole thing out in like 15 min; any other ideas on how to render RIAA null or reduce the need for it?
I thought Fry's (fried) Electronics was the Walmart of the tech industry. I never go there for high end senstive electronic parts (cpu, mobo, etc). The only thing I buy there are items that are cheap, simple, and hard to damage. This is mainly because so much of their stuff is from manufacturers with low reputations and cheap stuff, futher, when an item is returned, its often miss-handled by the return counter people. I once saw a custmer returning a suposedly dead CPU, the return counter rep opened the box, took out the CPU, handled it (while wearing a flease sweeter), then put it back in the box and put it right back on the shelf to sell again. Further, the place carries everything under the sun from P_0_rn0 mags to electronics of all types to guns in some stores. If thats not an electronics version of Walmart then I don't know what is. BTW: their online store is www.outpost.com for those who dont know.
I hope you dont live near me, locusts and other plauge would realy put a damper on my property value.
The Mythbusters did an experiment on this a few months ago. Go to the discovery channel website, lookup mythbusters and then look for the mirror experiment there.
Now this is interesting: I apologize if people see this as a flame or insulting post : When I posted a question on ask.slashdot.org. about WEP encryption problems in windows XP. (see article in ask.slashdot) I got flamed big-time about how dumb I was or how stupid windows and WEP are. Here we have a topic that really should be in the general ask.slashdot.org section and not out in the main slashdot site and what's more, there isn't anyone flaming him about googling the topic first or other nasty things. BTW: alot of information and answers to this question could have been gotten from google. Well, this is my opinion, let the flames begin.
On the advice and link to the utility. I tried using the Broadcom wireless utility to connect to the WEP encrypted AP. Connected pretty fast but no go. I posted the question to the groups as after much google searching I found alot of people with similar questions and no solutions that worked. Thus, with so many windows users out there with an un-resolved problem thought slashdot might help Ok, i give up. I guess I'm just not going to be able to access WEP encrypted networks. I've tried: Isolating possibility of a bad AP or NIC by using two APs and Two Laptops Isolated possibility of Wireless config utility using Broadcom and Windows utilites on two laptops. Double checking length of key 5 char for 64 WEP 13 char for 128 WEP. Entered both forms of HEX keys manually and via copy / past Double check then triple checked that it was using either open or shared keys and made sure it lined up Tried it using WAP and Un-encrypted wireless setups and everything worked fine on both laptops and both APs Tried newest and slightly older drivers to no effect. Thanks for the help guys, I guess this is one of those Windows Annoyances thats just not going to get solved for anyone. If I ever post here again, I'll make sure the first post contains a better description of the symptoms of the problem and why I'm posting it on Ask Slashdot. And BTW everyone: Yes, I do read slashot everyday and yes, I did do alot of googling on the topic and spoke to friends and phone support alot before posting the question here. I'm also an experienced Sys Admin for an SF Bay Area college with about 60 PC and Apple computers and do as much of my own tech-support as I can, problem is that I can't solve evertying. Thanks agian for your time and effort Slashdot, Good wishes and luck to everyone.
Thnx, I hadn't thought to try using older drivers. I did however try pasting the entire hex key into the password dialog as suggested by others. The computer connected to the AP alright, but failed to move packets. BTW: Neither laptop I tride came with a wireless configuration utility for the braoudcom (bad spelling) or Intel Wireless cards. I've been looking for an alternative to the one that comes with windows but am haveing a dog of a time with finding one for the braudcom, think I found one for the intel I'll try tonight. I'll keep looking but if you know of one already that can subistitute, I'd apprecitate it.
Good person. Takes alot of guts to admit fault in a public forum, hats off to ya.
Thanks for the help, I believe I've already tried those ideas, but I'll run them though again for good measure a few more times. Its possible that I've miss-understood something so I'll go back and review to software and hardware, perhaps something isn't retaining its settings properly or something is miss aligned. As for the configuration tool, neither laptop came with a configuration tool besides the one built into windows, I guess HP and Sony are getting lazy. Called Linksys and HP support and neither had an answer for me, Linksys said it was bad hardware but I'd already ruled that out and HP just didn't respond. As for why I'm even trying to fix the problem? Well, I've done a fair amount of War Driving around town and found alot of WEP networks, even my work uses WEP (stupid huh?). So if I want to use the Wi-fi networks at work or at my friends place, I gota fix it. My Tivo cant use WPA yet. So I've got two access points, one for the WEP so the Tivo can use internet, the other for WPA so my laptops can connect. I did try using Google for a couple weeks to see if anyone had some ideas on the cause. Found an article on Microsoft about the problem resulting from an update to the OS but I don't have the update on either system. I thought maybe the problem was a hardware issue, but if that was the case then it wouldn't work with the WPA or un-encrypted modes. I went on the web and tried using 3rd party tools to generate the 64 and 128 bit encryption hashes to no effect. The system connects to the AP fine but then still doesn't get the IP or connect out if a static IP is entered. Even pasing the entire hex key into the password / key prompt with same results. I'm a System Administrator for an SF BayArea college with about 100+ MAC and PC computers. Believe me, I do know how to search the internet for problem solutions but I just can't find any for this one. **sigh** thanks for the assist, if you have any more ideas as to the possible cause / solution I'd be grateful for the help.... HumanCarbonUnit.
Yes, I read Slashdot everyday, thought you guys could help. I'm sorry I even tried asking.
You guys are right, I didn't give enouph info in my origional post. Maybe I should have spent longer to try to solve the problem on my own. Either way, I've reviewd all the posts to date and I really must ask, why so much flaming? If you don't like the question or topic, just dont respond to it.
I posted this question to the Slashdot editors as I thought that it would be an opportunity to get some answers to windows users everywhere. I did Google the question several different ways and yes I did investigate the Microsoft support database. I posted the question on Slashdot because neither Google nor Microsoft could provide an answer to the dilemma. Further, I've encountered many other people on the web with a similar question and no solutions. I'm using WPA encryption on the Airlink 101 and WEP on the Linksys as my Tivo can't use WPA and I'm not going to run an open network. I need the WEP question solved as like it or not, WEP is the standard network encryption as WPA hasn't caught on much. If anyone has a solution as to why it is that Windows XP has such trouble with WEP encryption and networking, myself and many others would greatly appreciate the help.
My Fujitsu B3000 series with touch screen gets like 8 hours minimum with both batteries and weighs like 3 pounds! Everything is external in order to keep the weight down and the thing compact. http://www.computers.us.fujitsu.com/www/productbri dge_bseries.shtml