Log in

View Full Version : Articles coming up this week...


Jason Dunn
08-12-2002, 10:00 AM
I wanted to let you know about the un-published PocketPC.com articles coming up this week, each week-day at 11 AM MST:<br /><br /><i>Monday</i>: Wireless Wonderland<br /><i>Tuesday</i>: Colorgraphic Voyager CompactFlash Card<br /><i>Wednesday</i>: Setting Up a Wireless LAN, Part 1<br /><i>Thursday</i>: Setting Up a Wireless LAN, Part 2<br /><i>Friday</i>: The multi-function LifeView FlyJacket<br /><br />Beyond that, I have eight more articles in the queue- I think you'll like them! <img src="http://www.pocketpcthoughts.com/forums/images/smiles/icon_biggrin.gif" />

Jonathon Watkins
08-12-2002, 11:22 AM
Great Jason - looking forward to them!

A quick question - do you mention Bluetooth security issues in the Wireless LAN articles? I know all about the weaknesses of 802.11b, but what implications are there to using Bluetooth as a wireless LAN (with a level 1 capable Bluetooth PDA and transmitter - i.e. 100 meters range)? Are there related security problems?

Jason Dunn
08-12-2002, 02:31 PM
I didn't have any Bluetooth devices back then other than my iPAQ 3870, so no, the article doesn't cover Bluetooth at all. Heck, I still don't have any functional Bluetooth connection...

Busdriver
08-12-2002, 03:11 PM
The wireless articles come at a good time for me, because I'm having absolutely no luck getting a wi-fi network to work in my home. :scrambleup:

Jonathon Watkins
08-12-2002, 04:08 PM
I am thinking of skipping 802.11b entirely in favour of 802.11g (much more secure). In the meanwhile however, a class 1 Bluetooth device would suit me nicely – i.e. let me browse the web wirelessly in the house & garden etc.

Trouble is that I have heard nothing about the security or otherwise of Bluetooth. This may be a good thing – or it may not. Does anyone have any information about the scrutiny & reliability a Bluetooth link?

miterb
08-12-2002, 04:33 PM
Jason,
Where do the articles come up at the PocketPC.com homepage? Can't find the first one, "Wireless Wonderland".

marlof
08-12-2002, 04:36 PM
Where do the articles come up at the PocketPC.com homepage? Can't find the first one, "Wireless Wonderland".

They don't. That's why they're "un-published". They were written for PocketPC.com, but never made it to that site. Jason will now publish his articles that were supposed to appear on PocketPC.com on this site. Stay tuned, Wireless Wonderland is scheduled to appear at 11.00 AM on this site. :)

Jason Dunn
08-12-2002, 04:40 PM
Can't find the first article (11:35 AM EDT)

11 AM MST (Mountain Standard Time) is when each will appear on THIS site, not PocketPC.com. They were articles that I wrote, got paid for, but due to a shift in strategy, PocketPC.com won't be publishing them. Thankfully, they gave permission to the authors to publish them, so the content won't go to waste. :D

Pony99CA
08-12-2002, 04:43 PM
I am thinking of skipping 802.11b entirely in favour of 802.11g (much more secure).

Why? Are you worried about hacking? Unless you live in an urban area, I bet it's not that likely that anyone will even try.

Even if somebody tries, changing the SSID and enabling 128-bit WEP will keep all but the most sophisticated hackers out, I think. I live in a rural/suburban area, and that's what I do.

And if you turn off the network when it's not being used, you should be very safe.


In the meanwhile however, a class 1 Bluetooth device would suit me nicely – i.e. let me browse the web wirelessly in the house & garden etc.

Won't the 30-foot distance limitation get in the way?

Even if won't, if you're going to get a Bluetooth access point, I think those are more expensive than 802.11b access points.

Steve

Jonathon Watkins
08-12-2002, 07:28 PM
I am thinking of skipping 802.11b entirely in favour of 802.11g (much more secure).
Why? Are you worried about hacking? Unless you live in an urban area, I bet it's not that likely that anyone will even try.

Yes, I do live in an urban area and yes - I have a seen a demonstration of someone sniffing all packets and decrypting in real-time on a 233 laptop running FreeBSD.

Even if somebody tries, changing the SSID and enabling 128-bit WEP will keep all but the most sophisticated hackers out, I think.
Well – you can get the programs in ‘point and drool’ mode, so any script kiddie can run them. I have seen 128-bit WEP being sliced though like a hot knife though butter. I have tested 802.11b as part of my job – if it’s secure for you then fine – but it’s not for me – not most other people really. The threat is small at the moment true – but it will grow as more and more people get 802.11b. 802.11g does not suffer from the same scrutiny weaknesses – I will hold off till then.

And if you turn off the network when it's not being used, you should be very safe.
True - but still.........

In the meanwhile however, a class 1 Bluetooth device would suit me nicely – i.e. let me browse the web wirelessly in the house & garden etc.
Won't the 30-foot distance limitation get in the way?
Bluetooth class 1 will get you 100 meters range (300 foot)! That’s plenty!

Janak Parekh
08-12-2002, 08:48 PM
I have seen 128-bit WEP being sliced though like a hot knife though butter. I have tested 802.11b as part of my job – if it’s secure for you then fine – but it’s not for me – not most other people really.
I assume you're referring to AirSnort. There are some vendors, most notably Orinoco, that have developed implementations that do render themselves invulnerable from this form of attack (i.e., they change the initialization vector to be randomized, which solves the WEP weakness--they call it "WEPplus"). Unfortunately Orinoco doesn't have a CF card :(

What you might consider is setting up a VPN that your PPC can connect to over 802.11b. Then you'd be reasonably secure no matter if anyone sniffs every packet from your router.

Re Bluetooth: I think you'll find range to vary based on material (walls, etc.) and implementation.

--bdj

Jonathon Watkins
08-12-2002, 10:41 PM
Re Bluetooth: I think you'll find range to vary based on material (walls, etc.) and implementation.
True - but same goes for WiFi.

I really can't be bothered with VPN for a little light surfing & NW action. :wink: 802.11b may work - but I would prefer something a little easier & cheaper out of the box. My soon-to-arrive LOOX has bluetooth - so all I need is the PC dongle and I'm set.

Pony99CA
08-13-2002, 01:19 AM
Even if somebody tries, changing the SSID and enabling 128-bit WEP will keep all but the most sophisticated hackers out, I think.
Well, you can get the programs in 'point and drool' mode, so any script kiddie can run them. I have seen 128-bit WEP being sliced though like a hot knife though butter. I have tested 802.11b as part of my job ? if it?s secure for you then fine, but it's not for me, not most other people really. The threat is small at the moment true, but it will grow as more and more people get 802.11b. 802.11g does not suffer from the same scrutiny weaknesses, I will hold off till then.

OK, so let's assume that people can sniff your packets. What's the worst that can happen? If you don't do any E-commerce on non-secure Web sites, they can see what you're browsing, but they won't get your credit card info. They also might be able to connect to your LAN, but if you have file sharing off, can they access your computer? If they could, all of these people setting up wireless hot spots would be in big trouble.

I have three computers on my LAN, and have my router set up to only allow three connections. If you only have one computer, just set it up to only allow one connection and only turn the router on when you want to browse wirelessly. Someone might be able to see your packets, but they won't be able to connect to your LAN.

I agree that 802.11b won't be appropriate for businesses transmitting sensitive data, but simple Web browsing probably doesn't fall in that class.




In the meanwhile however, a class 1 Bluetooth device would suit me nicely, i.e. let me browse the web wirelessly in the house & garden etc.

Won't the 30-foot distance limitation get in the way?
Bluetooth class 1 will get you 100 meters range (300 foot)! That's plenty!

You've mentioned this "Bluetooth Class 1" a lot. What are most Bluetooth devices (such as my iPAQ 3870)?

If Class 1 is really 300 feet, that's basically the same as WiFi, and that would be interesting to me, too. I'd love to use Bluetooth on my 3870 to connect to my LAN so I didn't need to use my PCMCIA WiFi card.

802.11b may work - but I would prefer something a little easier & cheaper out of the box. My soon-to-arrive LOOX has bluetooth - so all I need is the PC dongle and I'm set.
802.11b isn't that expensive. Figure $150-200 for a broadband router/access point and another $100-150 for a WiFi CF card. If you don't have the router already, I guess the Bluetooth dongle will be cheaper, but they're $100-150, too, right?

As for being easy, I'm not a hardware or networking guru, but I got mine set up without much difficultly. I installed my router, configured it via a hard-wired laptop, then set up another laptop and my iPAQ to connect using 802.11b in a couple of hours.

Also, is the Loox a "Class 1" device? If it's not, will it be able to connect to your Bluetooth dongle? Do both devices have to be Class 1? Not being a hardware person, I could use some education here....

Steve

QYV
08-13-2002, 02:30 AM
From the original post: it's "queue" not "cue". Sorry, but that one's been popping up everywhere lately, it seems...personal pet peeve. :x

Jason Dunn
08-13-2002, 04:27 AM
From the original post: it's "queue" not "cue". Sorry, but that one's been popping up everywhere lately, it seems...personal pet peeve. :x

Thanks for the correction. I've scolded my editor. ;-)

Jonathon Watkins
08-13-2002, 10:20 AM
OK, so let's assume that people can sniff your packets. What's the worst that can happen?
I’d rather not find out thanks. I want something that is secure out of the box right now. 802.11a has the same weakness as 802.11b. 802.11g does not have this weakness and is (as far as we know at the moment) secure.

Check out this ArsTechnica Wireless Security Blackpaper at: http://arstechnica.com/paedia/w/wireless/security-1.html
If you only have one computer, just set it up to only allow one connection and only turn the router on when you want to browse wirelessly. Someone might be able to see your packets, but they won't be able to connect to your LAN.
Well they can get onto you network by packet spoofing. I know – unlikely – but why take the chance?
I agree that 802.11b won't be appropriate for businesses transmitting sensitive data, but simple Web browsing probably doesn't fall in that class.
True – but why ask for trouble? 802.11g is not too far away – and Bluetooth will do me till then.


In the meanwhile however, a class 1 Bluetooth device would suit me nicely, i.e. let me browse the web wirelessly in the house & garden etc.

Won't the 30-foot distance limitation get in the way?
Bluetooth class 1 will get you 100 meters range (300 foot)! That's plenty!
You've mentioned this "Bluetooth Class 1" a lot. What are most Bluetooth devices (such as my iPAQ 3870)?
Check out this HP White Paper “Understanding Bluetooth” at: http://h30008.www3.hp.com/whitePapers/understandingBluetooth.html

Class 3 is 1 meter range, Class2 is 10 meters range, Class 1 is 100 meters range. Your range will be the lesser of the two devices, i.e. if you have a Class 1 BT transmitter and a Class 2 BT PDA you will only get 10 meters range. You will get 100 meters range if BOTH your PDA and transmitter are Class 1.
If Class 1 is really 300 feet, that's basically the same as WiFi, and that would be interesting to me, too. I'd love to use Bluetooth on my 3870 to connect to my LAN so I didn't need to use my PCMCIA WiFi card.
I THINK the IPAQ is a Class 2 device – but this needs to be confirmed.
802.11b may work - but I would prefer something a little easier & cheaper out of the box. My soon-to-arrive LOOX has Bluetooth - so all I need is the PC dongle and I'm set.
802.11b isn't that expensive. Figure $150-200 for a broadband router/access point and another $100-150 for a WiFi CF card. If you don't have the router already, I guess the Bluetooth dongle will be cheaper, but they're $100-150, too, right?!
Not quite- Jason posted the story “WNI Bluetooth USB Dongle“ on the front page a few days ago. Apparently CompUSA has a Belkin Bluetooth USB adapter for $49! That’s a lot less – especially as Bluetooth is already built into the LOOX (which is indeed a Class 1 device).

Gimpy00Wang
10-29-2002, 04:12 PM
I have to say that I agree with PDA Gerbil for the most part. It's a big kick in the a$$ when you have to devote time and money to securing an insecure technology such as 802.11b. Sure, it's nice, but it is simply not secure. You CAN use something such as a VPN over your 802.11b connection to secure your data, but that does not mean that 802.11b is now not evil. :) Heck, they might as well not have bothered with any gimpy encryption in 802.11b. :)

- G!mpy

FredMurphy
10-29-2002, 05:02 PM
Well, my 802.11b router/access point is on order so I'm looking forward to the WLAN articles.

On the security side, I'll probably do the hippy thing and open it up to the world. Peace, love and bandwidth to all. 8)

I'll just have to lock down my PC a bit. Nothing worth stealing anyway.

Fred

Jonathon Watkins
10-29-2002, 06:22 PM
This ought to get your attention guys, check out http://www.theinquirer.net/?article=5962 and http://www.hackinthebox.org/article.php?sid=8096:

Big Microsoft Wi-Fi network hacked
Vole finds answer in Ethernet
By INQUIRER staff: Tuesday 29 October 2002, 14:58

A REPORT IN Hack-in-the-Box said that Microsoft suffered a big hack at the Smau exhibition in Milan, Italy.
The report said that Microsoft put together a huge wireless network in its gigantic booth, with more than one hundred PCs linked together.

But hackers spoilt the party by getting into the system, which was eventually noticed by Microsoft technical staff.

The report adds that Microsoft was unable to prevent the hack, and even called in the Italian cybercops, but eventually hit on a solution to the problem.

They downed the wi-fi network and instead connected the network together using Ethernet cables.

Here's more. µ

Janak Parekh
10-29-2002, 06:25 PM
This ought to get your attention guys, check out http://www.theinquirer.net/?article=5962 and http://www.hackinthebox.org/article.php?sid=8096
Unfortunately, there are no details... there are ways of securing a Wi-Fi network, just sounds like those MS folks didn't know how :)

--bdj