What exactly does SSL protect in a web site forum/mail?

Reply to
Alice J.
Loading thread data ...

Thanks.

Reply to
Alice J.

Probably. It wouldn't be the first time, nor the last! That's why public usenet is so good because someone will correct me!

I read those two pages, and I tried to download the software but it's no longer available. Also those pages assumed that something called DOCSIS BPI (Baseline Privacy Interface) is turned off.

Looking this up, in my Costco DOCSIS3 modem, BPI is called SEC but the purpose appears to remain the same, which is to encrypt the cable communications.

According to the DOCSYS Wikipedia

formatting link
"The intent of the BPI/SEC specifications is to ... a. provide cable modem users with data privacy across the cable network b. prevent unauthorized modems and users from gaining access

I can only presume that Comcast is smart enough to turn on the SEC specification in my modem, but I do not know that they actually did that.

Reply to
Alice J.

I found a (lot) more about cable theft here:

formatting link

And this explained that DOCSIS is essentially ETHERNET spelled backwards:

formatting link

Reply to
Alice J.

It wouldn't be the first time. Thanks for correcting me.

Reply to
Alice J.

$ urandom No command 'urandom' found, did you mean: Command 'random' from package 'bsdgames' (universe) urandom: command not found

$ head /dev/urandom ?^?k?=?HS????s?\i???gk??C?u?]

Reply to
Alice J.

My neighbors are SUPER sophisticated!

One is friends with Marius Milner, just for an example, when they both worked at Google (long ago, before it went public).

So, that's why it matters that I try to catch up.

Reply to
Alice J.

Reading the link that someone posted and then googling for DOCSIS3 BPI/SEC, I suspect (but do not know this for a fact) that Comcast wouldn't be so stupid as to not turn on the SEC switch of DOCSIS3 which apparently encrypts the DOCSIS packets.

I tried to figure out HOW to tell if SEC is turned on in my Costco Arris/Motorola cable modem, but I can't tell yet, even after reading this rather detailed description:

formatting link

Reply to
Alice J.

My neighborhood has never had a robber to my knowledge in the last fifteen years I've lived here. Someone thought that someone else left poisoned meatballs outside their gate but other than that, and a few homeless people getting arrested for walking around here, that's about it for this neighborhood on crime.

Reply to
Alice J.

You can be arrested just for walking around? Where do you live, North Korea?

Reply to
Richard Kettlewell

I agree based on the cable-stealing article that someone provided. In googling what security there is in the cable between my Costco Arris/Motorola DOCSIS3 modem and the cable company, it seems that the cable company *can* turn on BPI+ (aka SEC) encryption which would encrypt (I assume everything I type) so that my neighbors would NOT see it while it is between my modem and the cable company.

But, I don't as yet know how to query the cable modem to tell if DOCSIS3 SEC is actually turned on.

Reply to
Alice J.

I just tried to see the login and password on my own network. I can't even see it. I may have missed it, but what's wrong with this procedure?

  1. Run tcpdump to capture all packets on wlan0 on linux laptop.
  2. Run ipad Safari browser & attempt to log in with bogus credentials.
  3. Run wireshark to view all the captured packets on linux laptop.

I can't find anywhere where the ipad bogus login credentials attempting to log into bimmerfest.com showed up on the laptop's wlan0 NIC.

formatting link

What did I do wrong?

Reply to
Alice J.

My neighbors are definitely much more sophisticated than I am (one of them, for example, worked with Marius Milner over at Google, before or during the time it went public).

They definitely are smarter (and far richer) than I am so they definitely have very sophisticated knowledge.

At the moment, I can't worry about that since I'm building my knowledge from the ground up.

I "think" (but have no way yet of proving) that the cable company would be smart enough to turn on the SEC encryption feature of DOCSIS3.0.

If they did that, I "think" my communications "on" the cable from my modem to the cable company are reasonably secure from the snooping neighbors on the same cable trunk line.

Reply to
Alice J.

It didn't work what I tried.

formatting link

Reply to
Alice J.

While SSL does not hide the site identity, using the Tor Browser Bundle

*does* hide the site identity from my snooping neighbors and from Comcast.

However, Tor Browser Bundle doesn't hide the fact that I'm using Tor (according to their web site) since Tor hands me a list of what they call "directory servers".

So, VPN added to Tor does hide this fact that I'm using Tor from Comcast.

That seems to be the best I can do, but, unfortunatly that final hop to the http non-ssl site is *still* in what you call cleartext!

Is there any way around that (other than to not use the non-ssl site)?

Reply to
Alice J.

Very wealthy part of Silicon Valley (probably in the top ten in the country although I don't look that stuff up - but it's close).

I'm sure he was arrested for some other reason, but everyone in the neighborhood was on nextdoor saying there was a homeless-looking guy walking on the streets.

Afterward, some said they felt sorry for him, but the police carted him off. We don't know why as that was the first ever for this neighborhood (we keep in touch with nextdoor so we'd all know it the moment the first person saw anyone who didn't belong on the street).

Reply to
Alice J.

urandom is a device /dev/urandom. It spews out forever, a string of highly random bytes.

cat /dev/urandom >/tmp/rand whill fill that file with random bytes, which you can use to make a password. (I would not advise doing it that way, unless you immediately ^C that command to stop it, as otherwise you will fill the filesystem with that file of random bytes.

Yup. Those ? are things your particular terminal was not able to display. But even just using the printable ones wouls be OK ^k=HS\igkCu] is a random 12 byte password, (it has an entropy of about 5 bytes, or

10^12 passwords. Ie, the attacker would need to try about that many passwords to find it. Or convert the stream to hex and grab about 20 of them as a hex stream to use as your password.
Reply to
William Unruh

And you think they care what cars you look at?

Reply to
William Unruh

Do not worry about your SSID. It is public anyway. So it does not matter that it is public.

Reply to
William Unruh

Thank you for that article

formatting link

Yes, I am using WPA2/PSK, which is the strongest, I think, I can set on a home router.

How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng "The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake... If we can grab the password [during that 4-way handshake], we can then attempt to crack it."

Basically they put the wifi card into "monitor" mode to capture all "packets". Then they choose an AP BSSID and bounce the user off their own access point!

When the user tries to reconnect to their own AP, they capture the 4-way handshake, and then they save the encrypted password to a file. Then they attempt to crack that password using a dictionary at the rate of roughly 2 million tests per hour.

I will try to run this test you suggested against my own password.

I couldn't tell what operating system they were using. Can you tell which operating system they are using?

Reply to
Alice J.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.