Assumption : Open wifi networks are susceptible to software like firesheep but WPA2 Enterprise networks are safe. (Thanks for the clarification TheBigO)
To avoid the security issues of firesheep, I am wanting to create a WPA2 Enterprise network that accepts any password - therefore acting like a public wifi network.
Using which libraries and preferably c could I create a WPA encrypted wifi network that accepts any password?
Other options are welcome provided they make a "secure public network." :)
Edit: Unfortunately I didn't ever accomplish the task of accepting any password for the wpa 2 enterprise network. I felt a correct answer needed to be given.
I don't think this will approach will work; even if you allow the router to accept any password, it will probably still need to advertise itself as being WPA2 encrypted, in order for standard computers to set up communication with the router in the standard WPA2 manner, which will still lead to a password prompt, which means you'll still be asked what the password is, and you'll still need to tell your customers that they can enter anything, so you might as well tell them a specific password that they should type. Why not just advertise the password in the SSID, like "free-wifi-password-is-LOLZ"?
Anybody can use a man-in-the-middle technique to bypass a wap wifi and still use a firesheep and some arpspoof to do the job. The safest way is to have the user always use https. Maybe force ssl usage on chrome...
Related
I'm writing a C project that needs to validate the emails before they are stored. I will have to cross compile, so using regex.h is not an option.
Is there a surefire way to validate an email by checking if it is a deliverable address without actually having to send an email in C?
Alternatives or suggestions are welcome if there is no way of doing this.
You can perform a DNS query of the domain name (the part of the e-mail-address after the # symbol) to determine whether the domain is valid and has an MX record. To verify the username (the part of the e-mail-address before the # symbol), you will have to query the destination mail server itself, for example using the VRFY SMTP command. However, for security reasons, some mail servers may not support this command.
The C language itself does not provide any functions with which you can send network packets. However, most platforms provide an API which offers this functionality (e.g. POSIX sockets, Windows sockets). Some platforms also provide an API which performs the DNS query for you. Also, several libraries exist which provide this functionality.
There is no such procedure in any language.
I am trying to establish a wifi connection between iPhone and another ARM device(as AP), and thanks to NEHotsportConfiguration added in iOS11, the connecting process becomes easy and quick and all I need is AP's ssid and password which will be transmitted via BLE, Of cause they must be encrypted. now here comes the question if it's possible to use WPS instead of transmitting password in air.
I have read something and given my own answer No, so please correct me if have any mistakes, thank you.
No. No version of iOS or OS X supports WPS because it has fundamental security flaws that cannot be readily fixed. More to the point, you should disable WPS on any router that does support it, because it is a security hole so big you can drive a truck through it.
For more information, see:
https://apple.stackexchange.com/questions/81994/is-it-possible-to-connect-an-iphone-ipad-via-wifi-protected-setup-wps
and
http://routersecurity.org/wps.php
First of all: I'm not absolutely certain that this is the right place to ask, but I think the question fits here better then on superuser or serverfault, since it is a question from a programmer's perspective: I figured more programmers might have had the same question (although I couldn't find this specific question!).
I would like to have a feature in my program which allows users to send files to a 'friend'. You can find friends via an username: this all goes via a server which can provide the IP-adress of a friend.
I wanted to use a tcp connection to send the file. This becomes difficult, however, when one (or both) of the parties is behind a NAT. What is the best way to solve this? I heard that it's possible to send stuff via a server, but I'd rather send everything directly, to prevent server overhead.
I heard about a technique called hole punching, but also that it's pretty complex to implement and not 100% reliable. I could use UDP and implement some scheme to improve the reliability, but this seems a bit complex to me. I know skype, bittorrent and a whole lot of other programs do similiar things (but I don't know about the specifics, which protocol they use, if they use hole punching etc.).
I looked into FTP a bit, until I realised that this is just a protocol using TCP, so I should use TCP hole punching in order to let this work... Anyway, I hope someone can give me some advice on this :)
If you don't want to make data pass through a server, I'm not aware of other methods other than TCP Hole Punching or simple Port forwarding of a previously choosen port.
I'm trying to connect to MSMQ and send some messages. Unfortunately, there is "previous art" in the project on how this is done and I'm supposed to mimick it. The way this previous app is connecting is the following:
if (MSMQ in workgroup mode)
{
connect via FormatName;
}
else
{
if (connected to network)
connect via PathName;
else
connect via GUID (as FormatName)
}
Is all this really necessary? Shouldn't a proper FormatName be enough to connect to a queue?
Additionally, the "connected to network" is detected by calling NetGetDCName() which is marked as obsolete in my MSDN, adding to my confusion on why is the app connecting this way.
TL;DR: Is the above logic for connecting: wrong, obsolete or correct? Can I simplify this by simply using FormatName to connect in all cases?
That code is determining whether the domain is available by looking for the domain controller. If the domain is not available then MSMQ is assumed to be working in non-domain - or workgroup - mode.
Domain mode allows the use of public queues and pathname addressing.
Workgroup mode instead uses private queues and formatname addressing (although this is a simplification).
So the code is really determining the mode of message addressing to be used.
There is not enough information about the environment to say if you can just use formatname for all cases.
Cheers
John Breakwell
I am currently looking to add encryption to a server application (programmed in C) that passes raw data, unencrypted data over TCP to clients (a large number of different applications programmed in many different languages).
What is the best way to do this? Public-key cryptography? If so, how would the process go?
Thanks!
If you have to ask, you're probably not qualified to be doing cryptographic work. It is far to easy to make a subtle mistake in crypto processing that breaks your entire system's security, and unlike most other bugs, it is not at all obvious until someone else breaks your system.
Just use SSL (aka TLS). The folks that designed the SSL/TLS specs and libraries have already done all the hard work for you.
SSL: secure socket layers, which initiates and transmits encrypted data.
TLS: transport layer security, which asks to starttls and the answer to that is a list of capabilities, then the transmission can continue using the best mutually accepted encryption.
Note: the capabilities may include cleartext.
I suggest reading upon how to extend your existing protocol to support TLS, by looking at an example, say, the smtp starttls( rfc 2487 ). your time invested will be rewarded.
OpenSSL suits my needs! A quick view at the documentation and tutorials pointed me in the right direction.