4K all the way

You probably don't NEED a 4K webcam, but we love Logitech's BRIO 4K anyway

Long live Windows phone

Contrary to popular belief, Windows phone won't die anytime soon

XP-YESSSSSSS

Dell's already awesome XPS 15 gets even better in 2017

Surface Pwn 5

Surface Pro 5, Project NEON details leaked on LinkedIn?

Redefining the PC

Why Microsoft's Surface phone could be MUCH more than a mere 'phone'

Surface table meets Windows 10

Yes, we did put Windows 10 on the original Surface table ... and it rocks

Cream o' the crop

Before buying a Microsoft laptop, check out our pick for the absolute best

Simple and secure, just the way I like it

We think Windows 10 Cloud is a great idea, here's why

uber micro

Halo Wars 2 has something for everyone. Here's our full review.

Oldie but goldie

We reviewed Microsoft's decade-old Surface table

Creators Update comin' at ya

These are the coolest new features in the next big Xbox One update (video)

Buyer's guide

The Razer Blade 14 is the best laptop Razer has to offer

Windows 10 app gems

10 terrific Windows 10 apps you should be using

Tower of power

Here's what we think of Dell's XPS Tower Special Edition

Quite a deal

Grab the complete C# coding bootcamp for $41!

Your go-to laptop guide

Introducing our ultimate laptop buyer's guide

Listen here

Attn Android and iPhone users: What you need to know about Windows phone

Old is new?

The original Surface Pro still holds its own in the 2-in-1 world

Xbox Greenlight?

No, internet, Microsoft isn't opening Xbox to all UWP games

Falling in love

HP Envy 34 review: An ultrawide curved all-in-one after my heart

< >
Welcome to the Windows Central Forums Create Your Account or Ask a Question Answers in 5 minutes - no registration required!
Page 1 of 2 12 LastLast
Results 1 to 25 of 34
Like Tree13Likes
  1. palandri's Avatar
    Retired Moderator

    Posts
    7,589 Posts
    Global Posts
    9,915 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #1  
    I own a townhouse. I know all of my neighbors. My Cisco wireless router died. No big deal, I bought another one. I set up the new one up with the same SSID and WPA2 password. The difference with the new one is I could now see the activity lights.

    After I set it up, I checked all of my wireless devices (8 total) and they were all working fine. Later on I noticed my 2.4GHz band seemed really active. I thought I must be getting an update on one of my devices. The activity continued and I thought, what the heck is going on. I pulled up a network map and there are 10 devices connected to my wireless router. I thought, what device am I missing. I even checked the MAC address of all my devices. I wasn't missing any. There were 2 devices connected to my WiFi that I didn't recognize.

    I changed the WPA2 password on my router. Then changed the WPA2 password on my 8 wireless devices. Now when I pulled a network map up I get 8 devices connected. Some body, obviously one of my neighbors was tapped into my WiFi.
  2. Laura Knotek's Avatar

    Posts
    25,675 Posts
    Global Posts
    47,759 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #2  
    That's messed up. How did the neighbors get your password?
  3. ImmortalWarrior's Avatar
    Member

    Posts
    523 Posts
    Global Posts
    524 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #3  
    I can brute force a wpa in a decent time if you use common words or variants to make it.
    palandri likes this.
  4. Alex Rodriguez's Avatar
    Member

    Posts
    258 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #4  
    Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)
    palandri likes this.
  5. palandri's Avatar
    Retired Moderator

    Posts
    7,589 Posts
    Global Posts
    9,915 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #5  
    Quote Originally Posted by lak611 View Post
    That's messed up. How did the neighbors get your password?
    I have no idea. I asked my wife if she had given it out to anyone and she said no, I don't even remember it. I also checked firmware updates for my old Cisco router. I was behind one update. I was running 1.0.0.4, and the latest firmware was 1.0.0.5, but there was no mention of a security issue with the 1.0.0.5 update. It was a 10 digit password, which would normally be pretty secure, i.e., 47kLJttYeU.
  6. palandri's Avatar
    Retired Moderator

    Posts
    7,589 Posts
    Global Posts
    9,915 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #6  
    Quote Originally Posted by ImmortalWarrior View Post
    I can brute force a wpa in a decent time if you use common words or variants to make it.
    Thanks for letting me know that. It's appreciated.
  7. Laura Knotek's Avatar

    Posts
    25,675 Posts
    Global Posts
    47,759 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #7  
    Quote Originally Posted by palandri View Post
    I have no idea. I asked my wife if she had given it out to anyone and she said no, I don't even remember it. I also checked firmware updates for my old Cisco router. I was behind one update. I was running 1.0.0.4, and the latest firmware was 1.0.0.5, but there was no mention of a security issue with the 1.0.0.5 update. It was a 10 digit password, which would normally be pretty secure, i.e., 47kLJttYeU.
    That's weird. That wouldn't be considered a weak password.
    palandri likes this.
  8. palandri's Avatar
    Retired Moderator

    Posts
    7,589 Posts
    Global Posts
    9,915 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #8  
    Quote Originally Posted by Alex Rodriguez View Post
    Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)
    Thanks! Now i know.
  9. palandri's Avatar
    Retired Moderator

    Posts
    7,589 Posts
    Global Posts
    9,915 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #9  
    Quote Originally Posted by lak611 View Post
    That's weird. That wouldn't be considered a weak password.
    That's what i thought.
  10. Alex Rodriguez's Avatar
    Member

    Posts
    258 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #10  
    Quote Originally Posted by lak611 View Post
    That's weird. That wouldn't be considered a weak password.
    It becomes stronger if you put symbols like @#* instead of a use @, if you use i use ! or 1, things like that.
    gedzum and palandri like this.
  11. CJ Thunder's Avatar
    Member

    Posts
    715 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #11  
    Quote Originally Posted by Alex Rodriguez View Post
    Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)
    How? Isn't there a lockout after so many failed attempts from the same mac address?
  12. palandri's Avatar
    Retired Moderator

    Posts
    7,589 Posts
    Global Posts
    9,915 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #12  
    Quote Originally Posted by Alex Rodriguez View Post
    It becomes stronger if you put symbols like @#* instead of a use @, if you use i use ! or 1, things like that.
    Thanks!
  13. dipayanster's Avatar
    Member

    Posts
    120 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #13  
    on my belkin i have hidden ssid broadcast, use a strong password for wpa2, enabled mac id filtering and added my connecting devices mac ids in allowed list and set a strong password for router configuration access. i guess that as much as i can do. anything more can be done to secure the router?
  14. ImmortalWarrior's Avatar
    Member

    Posts
    523 Posts
    Global Posts
    524 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #14  
    Sure there is, but you don't brute force the router itself. You brute force the "handshake" files locally. Using monitoring you can capture the handshake packets, save them locally, then run them through a brute force with a 40 gb dictionary file.

    MAC address filtering is also useless. It's the easiest thing to spoof using almost any distro of Linux.
    Laura Knotek likes this.
  15. ImmortalWarrior's Avatar
    Member

    Posts
    523 Posts
    Global Posts
    524 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #15  
    Quote Originally Posted by dipayanster View Post
    on my belkin i have hidden ssid broadcast, use a strong password for wpa2, enabled mac id filtering and added my connecting devices mac ids in allowed list and set a strong password for router configuration access. i guess that as much as i can do. anything more can be done to secure the router?
    Hidden SSID does nothing to protect your network. It's the same level of protection provided by using a POST http request over a GET.

    Mac address filtering cam be spoofed in 2 seconds. I spoof all my hack attempts before I even touch the router. Valid MAC addresses are broadcast with the packets from those devices

    The only thing you can do is use a fairly long complex password. Make sure you do the same for your router login.
    palandri likes this.
  16. ttsoldier's Avatar
    Retired Ambassador

    Posts
    4,160 Posts
    Global Posts
    4,833 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #16  
    Nothing on the internet is safe.

    I have a friend who can hack you without being anywhere close to you or your router. The interweb + right tools in the wrong hands = destruction
  17. jdevenberg's Avatar
    Member

    Posts
    1,037 Posts
    Global Posts
    1,057 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #17  
    I've got a 16 digit password that has no basis on real words or meaningful number combos. Purely a random string. Pain in the butt for entering into things like wifi printers and such, but its secure and more and more devices are supporting WPS so I don't have to type it as often as before.
    palandri likes this.
  18. beachhoppr's Avatar
    Member

    Posts
    332 Posts
    Global Posts
    473 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #18  
    Its not the character combination that only matters its the length. Technically p1G............... is a tougher password to crack than say Hgh13&#
    Last edited by beachhoppr; 12-20-2012 at 12:59 PM.
    palandri likes this.
  19. ImmortalWarrior's Avatar
    Member

    Posts
    523 Posts
    Global Posts
    524 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #19  
    Quote Originally Posted by beachhoppr View Post
    Its not the character combination that only matters its the length. Technically p1G............... is a tougher password to crack than say Hgh13&#
    This is important. I haven't done a lot of digging into brute force algorithms and haven't yet written my own, but the first thing I would do is take a dictionary file and run through all the variations of each word and combinations of words. The last step would be to run a systematic one step at a time process of password attempts. Sequentially.....which could take eons.
  20. ImmortalWarrior's Avatar
    Member

    Posts
    523 Posts
    Global Posts
    524 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #20  
    Quote Originally Posted by ttsoldier View Post
    Nothing on the internet is safe.

    I have a friend who can hack you without being anywhere close to you or your router. The interweb + right tools in the wrong hands = destruction
    Not true at all. If the protocols are configured correctly and a strong SSL encryption is used the data is safer than if you kept a written copy of it in your wallet.

    The problem comes when someone uses an open network and passes user credentials and session information unencrypted. I can sniff that out immediately using common tools such as wireshark.

    There is a whole gamut of security concerns with database data, cross site scripting and injection attacks but that's not quite the same.
    palandri likes this.
  21. Daniel Ratcliffe's Avatar
    Retired Moderator

    Posts
    3,046 Posts
    Global Posts
    4,703 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #21  
    If it isn't an infinite number of characters in length, it ain't secure. Basically, you can never be too cautious. If someone wants to hack your stuff, they will no matter what it takes. Even if it isn't stored electronically, they'll just hire somebody to burgle your house for it.
    palandri likes this.
  22. jarettp's Avatar
    Member

    Posts
    49 Posts
    Global Posts
    85 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #22  
    Yea I've hacked my neighbors router before. It really isn't that difficult if you put your mind to it...
  23. gedzum's Avatar
    Member

    Posts
    1,972 Posts
    Global Posts
    1,992 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #23  
    Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.
    palandri likes this.
  24. palandri's Avatar
    Retired Moderator

    Posts
    7,589 Posts
    Global Posts
    9,915 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #24  
    Quote Originally Posted by gedzum View Post
    Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.
    It really opened my eyes also. I even added French letters with accent marks to make it a little harder. I am also watching my network map and log closely.
  25. ImmortalWarrior's Avatar
    Member

    Posts
    523 Posts
    Global Posts
    524 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #25  
    Quote Originally Posted by gedzum View Post
    Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.
    Precisely. Simple fact, if you have the CPU power, you can brute force well established algorithms. The problem is that some of the more complex algorithms in the 128 and 256 bit range are ridiculous and could take years and years for even the most powerful of computers to crack.

    What crackers do is use dictionary files of the most common passphrases and words that are used for passwords and go through a "trial and error" test on each one. If you pick common words, they can do it fairly easily. If you pick uncommon words, but use a short password, they can brute force it systematically pretty easily. The moment you use a long and complex password based on no real pattern, the number of permutations that a brute force algorithm would need to run through to crack it could take centuries. Literally.

    As for information passed over the air, ie. networks wired or wireless, unless it is encrypted it can be read in it's raw format. So ensure that SSL is used for logins when on public networks. If you are wired, on your secure home network with only you and your family etc, you'll be fine...unless your brother or someone is trying to sneak your passwords for fun.

    Over the air on a public network, even if it has a password, is still visible by anyone on that network. Open wifi is even worse.

    Moral of the story. Make sure sites use https (SSL through self signed or commercial certs) when passing sensitive information, use SSH2 when doing server to server stuff. Use FTP over SSH or FTPES with a cert and keep an eye out for news on security loopholes for the "secure" services you do use. SSL means jack squat if the server is passing session information back and forth without encryption. I could just snag that session and use it to masquerade as you on facebook without ever knowing your password to do it.

    Aside from that, not much more you can do.
    gedzum likes this.
Page 1 of 2 12 LastLast

Similar Threads

  1. Is it possible to factory reset your phone?
    By podsnap in forum Windows Phone 7
    Replies: 1
    Last Post: 10-07-2011, 04:14 AM

Posting Permissions

";