[Q] Safe surfing over open wifi spots? - Samsung Galaxy Nexus

When your out traveling you often connect to different wifi spots(restaurants, hotel,...) and you never know how what happens behind.
Is there a way to use your phone on Internet in a safe way? Like a switch on your home screen you can turn the it on/off easly? I guess you need an app, a vpn or a server of some sort??

What do you mean with "in a safe way" ?
For example gmail uses a cripted (SSL) channel to read/send email. Is SSL "enough" safe for you ?
Using a "public" hotspot is not less "safe" than acecss your online backing form a pc at office. Is it possible for the "neworking guy" to see that you are accessing an online bank? Yes, for sure. Could he read your PIN/passwd and steal your money ? If your bank has a decent website (HTTPS) probably not (or not so easily..).
Do you wnat to be "safe" to read an online newspaper for last headnews?

Tor, private VPN
Sent from my i9250

kliw said:
For example gmail uses a cripted (SSL) channel to read/send email. Is SSL "enough" safe for you ?
Click to expand...
Click to collapse
With the easy availability of Jasager routers and how simple SSL-stripping is, no, SSL isn't safe enough on a public wifi.
As bk said, either use Orbot (TOR's Android implimentation) or a private VPN that provides endpoint-to-endpoint encryption.

I usually tend not to do any super personal stuff over public wifi - that means access gmail, google drive, etc.
I tend to stick to browsing websites for reading and that's it.
Chances are, if it's in a known location of a big business you probably have nothing to worry about.
A mom-and-pop coffee shop, or a crummy hotel wifi access point I'd be skeptical of the security enforced.

Here you go..
http://forum.xda-developers.com/showthread.php?t=1350941

akira02rex said:
Chances are, if it's in a known location of a big business you probably have nothing to worry about.
Click to expand...
Click to collapse
Actually, a big business's wifi is probably less safe. Anyone who wants a large number of targets at once just needs a Jasager router, the ability to launch a de-auth attack (not difficult at all), and a local Starbucks.

Related

Please help me with wifi problem...

Hi all,
Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE....
It's only a notion but I'd check your friend's WiFi AP. I set one up recently in our place. The device used is a Wireless G Broadband Router and Access Point (AP) which also has a net port (4 physical connections).
I couldn't get a murmur out of it on the simplest device... ancient Jornada 720 Win 2000 with Aironet 340 card (they are matched) although it was evident that all parts were working and the setup programs recognised each other as being there. Tried our Acer n30 next on a Safecom card. Same result. Head scratching.
Eventually a light bulb went on.
Tried a hard reset on the AP/Router. It re-set from one channel (11) to another (6). Everything suddenly started talking.
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
The AP Router is full of encryption options from WEP up. Your gadget has to match the requirement from the AP/Router... that might mean a keyword used as a base for encryption or steadily more complex requirements... depends on what your friend's AP Router is set to.
My solution had to be simpler. I could not be bothered to prat about sticking code words all over the place every time I wanted to add a device... and getting encryptions to agree is sometimes not as easy as they'd have you believe.
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
So check with your chum and see what his settings on his WiFi are. Maybe try a hard re-set on it too if poking about in the admin program doesn't help.
QF
Yol said:
Hi all,
Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE....
Click to expand...
Click to collapse
quinbus_flestrin said:
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
[snip]
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
Click to expand...
Click to collapse
QF,
Are you aware that it's a fairly simple task for someone to spoof a MAC?
And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.
Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.
Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.
Yol,
Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.
If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.
So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).
You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.
Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can.
I just knew there'd be a more complicated way ;-))...
Seriously Mr Doormat... Thanks for the heads up though.
This guy was just hanging here without a response this morning when I found this XDA board.
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
We have the AP/Router open for web access only AFAIK.
The only physical connection is the one you mention... to the computer via the Ethernet card, which accesses the Admin Menu.
I'm unable to get any access around logged in machines myself and I'm on the admin machine.
I dloaded WiFi for Dummies but, as usual, I haven't got past the boring bit in the front where they describe what you are dealing with rather than what you can do to/with it.
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
I picked up a Safecom 802.11g PCMCIA card to try in the laptop, but it really hated that and refused to see it in the end. But it really loves the old Aironets.
Both Vaio and PC are on a nice Windoze XP SP2, from our friends at Appznet. The Jornada is Win 2000, and the two Pocket PCs are 2003.
I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.
As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.
It seems to be a question of finding the level for whatever you have.
I can allegedly bring 802.11g on with this PCMCIA card and the AP, but if I do the XDA can only do 802.11b can't it? As can the Safecom for the Acer.
I am so pleased to have found a forum for the XDA, but you'll understand I hope that I'm a bit bemused to find the first topic I get into is WiFi. I thought that had been sorted... I should have known better. )
Any information you feel relevant to this would be much appreciated. Jornada forums are all but dead now. The Acer N30 is having an unusual revival for no reason I can think of. And the AP Router is from a pleasant bunch of folks, but they eveidently know about as much as I do.
QF
Doormat said:
quinbus_flestrin said:
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
[snip]
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
Click to expand...
Click to collapse
QF,
Are you aware that it's a fairly simple task for someone to spoof a MAC?
And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.
Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.
Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.
Yol,
Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.
If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.
So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).
You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.
Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can.
Click to expand...
Click to collapse
quinbus_flestrin said:
I just knew there'd be a more complicated way ;-))...
Click to expand...
Click to collapse
There is always a more complicated way ... that's part of the fun, I think
quinbus_flestrin said:
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
Click to expand...
Click to collapse
Yes and No.
An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.
Don't get me wrong ... I'm not suggesting that there is a pack of rabid hackers circling your place using your wifi as an initial entry point to permit them to realise their schemes to bring down the Internet and western civilisation ;-)
But, as I often point out to my clients ... How would you feel if you found out that in the middle of the night someone used your unsecure AP to upload a couple of hundred MB of kiddie porn? And that you then had to prove that it wasn't YOU.
I admit - it's unlikely and a bit graphic ... but it IS a possible senario.
Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.
quinbus_flestrin said:
We have the AP/Router open for web access only AFAIK.
Click to expand...
Click to collapse
It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.
quinbus_flestrin said:
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
Click to expand...
Click to collapse
There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have.
Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course.
quinbus_flestrin said:
I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.
Click to expand...
Click to collapse
Quite possibly nothing ... it is not uncommon for people (even people who should know better) to focus on everything but the channel. Everyone does it
quinbus_flestrin said:
As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.
Click to expand...
Click to collapse
If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.
Case in point ... my home AP is currently running (I see no point in power cycling it over and over) but the wireless is disabled. It takes 30 seconds to browse to the setting on the menu to enable it. It then takes about 30 seconds before I can associate. Before I go to bed at night I make sure that the wireless on the AP is disabled ... I'm not going to be using it so there's no need for it.
There is a lot of discussion about how easy it is to crack WEP ... and it IS easy. IF you have the hardware and sofware and know what you're doing, etc. I should point out that I do NOT have the setup to crack a WEP key ... but I've studied it sufficiently so that I know it's not really secure. BUT it will keep the majority of those who wish to jump on your bandwidth out. So if you can get it going, do so.
The other aspect is the security of what you are moving across the network. Internet banking, for example, is pretty secure as the data is encrypted anyway. But your usernames and passwords for your email, forum accounts, and anything that you are sending that isn't encrypted by default is being broadcast in clear.
This only becomes a problem IF someone is bothering to gather the packets being broadcast and then extracts the relevant info from all the other noise. Which is probably pretty unlikely. Unless, like a mate of mine, you live in a block of apartments with 3 unsecure wifi AP's in reach. I recently suggested that if he were to sell his flat, he could get more by pointing out that it came with free internet
Now thats what I call some good advice. A lot of the topics in this board are a bit over my head... upgrading or cooking new ROMs for example... but this is good practical advice for relatively simple old boys like me.
Our police are so good at arresting people who are not criminals, and so bad at catching those who are, that it is more than likely that bandwidth stolen to upload stuff like porn would land us in prison. They are pathalogically unable to admit that they themselves lie as much as the criminals do and deliberately cause miscarriages of justice now, so unless you can produce an iron-clad case then you are stuffed. They stopped policing some time ago when they started working for the government.
Eight of them performed a judicial murder in the tube, in full view of everyone, and still they deny that they were responsible for a needless death. That about sums them up now. Overpowered and Overpowering.
Sometimes I'm glad I'm confined to the house and the locale so much.
I will certainly turn off the WiFi when not in use. Thanks a lot for the tip.
<Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.>
Here in the increasingly Orwellian UK we use an outfit called ntl. The deal we have is £25 pm 2Gig Broadband and (as yet) no practical dload limits. Although traffic limits are in the agreements, no one so far has reported a penalty. I stayed on 512k for a while when they brought them in, as the limit on there was far higher. But next door went on the 10Gig and dloaded more in a week than I had in a year (films mostly I think) and suffered no hit from ntl.
<It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.>
This I must look into further. Thanks.
<
quinbus_flestrin said:
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
Click to expand...
Click to collapse
There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have. >
I'll try the WEP once more.
<Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course. >
This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. )
This is the kicker... simple, effective, and easily done by the punter. The mark of the professional at work.
<If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.>
<Case in point ... >
Funny you should mention flats. There are some next door and some houses on the other side.
Yesterday our XDAiis and PC notified me that a net was operational and the usual "did I want to connect". I didn't then.
However after reading your post I have.
You're right again. I needn't have bothered with all the work I did WiFi-ing, and the £40 for the AP/Router. This lets the XDA and our laptop in the upstairs sitting room on-line anyway.
My initial task was to get off dial-up in the upstairs sitting room and on to our downstairs BB account... saving the cost of the old account and the extra phone line we had put in, then to re-direct that saving to upping the BB speed.
The AP is off at night anyway... my lady won't have electrics on (aside from the phone) at night... and religiously goes round shutting them off b4 we retire.
I'm going to get my nose back into WiFi for Dummies now, and another one I just 'found' called Wireless Network Hacks and Mods. Please let me know if anything else occurs to you.
QF
quinbus_flestrin said:
This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. )
Click to expand...
Click to collapse
I love old hardware ... I think it's a shame to waste it and with the passion everyone has for 'latest and greatest' one can pick up 'outdated' stuff really cheap.
Add to that the fact that never I upgrade OS or software unless it very clearly provides something that I really want. So I can totally empathise with your desire to keep the Jornada alive as it were.
I'll send you a PM, as we're really drifting into stuff that has little relevance to these forums.
YOL anyone having WIFI WIRELESS PROBLEM
YOL anyone having WIFI WIRELESS PROBLEM
http://forum.xda-developers.com/viewtopic.php?t=40712&highlight=wifi+problem
read this thread fully.. should help..
Doormat said:
quinbus_flestrin said:
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
Click to expand...
Click to collapse
Yes and No.
An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.
Click to expand...
Click to collapse
More importantly, once someone has access to the wireless side of your router (i.e., you don't use encryption or you use WEP/WPA-PSK and they cracked your key/passphrase), it's possible for them to poison the ARP tables and launch a man-in-the-middle (MITM) attack against BOTH your wireless clients AND the wired clients plugged into the router. This sounds hard, but it actually quite simple with a tool like Cain. Once they are set up as a MITM, anything goes, including attacks on your SSH connections and web browser SSL sessions (i.e., https). A successful MITM attack such as this can compromise all of the data in these "secure" connections, including usernames, passwords, PINs, etc.
It is very important to lock down the wireless side of your router, even if you do all of your "sensitive" surfing from the wired side. Also, you should always be careful when accepting certificates for secure sites in your web browser. For more information, I suggest you read this whitepaper: http://www.eecs.umich.edu/~aprakash/eecs588/handouts/arppoison.pdf.
Good luck,
Paul

[TUT] [APP] Hacking Facebook, Yahoo etc. over wifi

DroidSheep is an Android application that demonstrates security weaknesses (not using https) and is capturing facebook, twitter, linkedin , yahoo, and other accounts.
PS> this is NOT my work, nor do i intend it to be taken as my work, I just wanted to share with the community!
NOTE FROM THE GERMAN DEVELOPER:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
Now>
WHAT DO YOU NEED?
1. A rooted phone (no, it will for sure not work without root)
2. The App installed on the phone (latest build attached to the present post)
3. A WIFI network to test it on
How do you use it?
DroidSheeps main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep any user – even without technical experience – can check if his websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
This video demonstrates what DroidSheep can do:
http://droidsheep.de/?page_id=14
How does it work?
As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.
How does that work this simple?
There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.
http://droidsheep.de/?page_id=424
How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website.
You can also install DroidSheep Guard from the Market:
https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&hl=en
A very interesting feature is the possibility to save cookies!!
Source> http://droidsheep.de
Imagine the possibilities....
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
backfromthestorm said:
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
Click to expand...
Click to collapse
-what exactly "isn´t good" ?
Ok you are correct, yes, WIFI (as any other electromagnetic wave) can also be transmitted through vacuum, so yes there is no need of "air"
Re-ported to a MOD I don't think this should be shown or talked about on XDA this isn't an hacking site like you might think for taking advantage of other peoples accounts.
XDA is a hacking community for the good like Rooting.
This app has been on XDA for quite a while http://forum.xda-developers.com/showthread.php?t=1593990
Even a portal article about it http://www.xda-developers.com/android/droidsheep-undresses-network-security-and-shows-how-its-done/
Please use the main thread to discuss this app, not this one.
@ shankly1985, we appreciate your concern, but people need to know how insecure important accounts can be. Thus enabling them to make the changes to fix them.
Thread Closed.

[Q] T-Mo's tether block

T-Mo blocks access to web pages if they see a certain UA string, its pretty easy to get around, but my question is,
Isn't how they are blocking us illegal? For them to be able to block this would they not need to do deep packet inspections?
Which is not legal to do to your customers in the U.S. unless you have government permission?
Or am I wrong, did we allow this somewhere when we signed the contract?
ThaDSman said:
T-Mo blocks access to web pages if they see a certain UA string, its pretty easy to get around, but my question is,
Isn't how they are blocking us illegal? For them to be able to block this would they not need to do deep packet inspections?
Which is not legal to do to your customers in the U.S. unless you have government permission?
Or am I wrong, did we allow this somewhere when we signed the contract?
Click to expand...
Click to collapse
It is in the TOS and in the end it is their network not public airwaves. If you tether and do not follow the TOS they have every right to cancel you. They also have every right to see what kinds of packets are passing through and where they are going to and coming from
There is no reasonable expectation of privacy on the internet. It is a common misconception
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
RonnieRuff said:
It is in the TOS and in the end it is their network not public airwaves. If you tether and do not follow the TOS they have every right to cancel you. They also have every right to see what kinds of packets are passing through and where they are going to and coming from
There is no reasonable expectation of privacy on the internet. It is a common misconception
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
Click to expand...
Click to collapse
Thank you, so it is in the TOS.
Now do you think I can argue them into removing this block?
I already tried it and it seemed to be working but they never called me back.
My argument was that I want to be able to use Chrome for desktop 28 UA strings to always have a desktop view, and by them not allowing me that liberty I can not load certain websites to get the full experience on my Note 2.
"Your limiting my Note 2 not a tether!".
Think if I keep going they'll give me what I want? Or should I just give up and drop it?
ThaDSman said:
Thank you, so it is in the TOS.
Now do you think I can argue them into removing this block?
I already tried it and it seemed to be working but they never called me back.
My argument was that I want to be able to use Chrome for desktop 28 UA strings to always have a desktop view, and by them not allowing me that liberty I can not load certain websites to get the full experience on my Note 2.
"Your limiting my Note 2 not a tether!".
Think if I keep going they'll give me what I want? Or should I just give up and drop it?
Click to expand...
Click to collapse
I do not see them changing their business model concerning tethering based on that argument.
Background on DPI
Service providers obligated by the service-level agreement with their customers to provide a certain level of service and at the same time, enforce an acceptable use policy, may make use of DPI to implement certain policies that cover copyright infringements, illegal materials, and unfair use of bandwidth. In some countries the ISPs are required to perform filtering, depending on the country's laws. DPI allows service providers to "readily know the packets of information you are receiving online—from e-mail, to websites, to sharing of music, video and software downloads".[8] Policies can be defined that allow or disallow connection to or from an IP address, certain protocols, or even heuristics that identify a certain application or behavior.
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
Ok, thanks for that info, so no threatening to sue (not that I would do that.) And I did indeed agree to this....damn.
I was going to try to give them some BS about being a website designer needing to test my sites with different UA to test for compatibility.
You know, any bullocks someone who isn't tech savy would believe. I mean I was getting somewhere in the store until the manager (he was so confused) decided to call support and they put me off for 3 days. Today is Day 3. If I cant convince them today, I will give up and continue to use the stupid Opera UA.
Thanks again, now I know what I'm working with.
Isn't it true that you can tether/hotspot if you root? I have no block.
Also, with reference to the "desktop experience", have you tried Puffin?
ThaDSman said:
T-Mo blocks access to web pages if they see a certain UA string, its pretty easy to get around, but my question is,
Isn't how they are blocking us illegal? For them to be able to block this would they not need to do deep packet inspections?
Which is not legal to do to your customers in the U.S. unless you have government permission?
Or am I wrong, did we allow this somewhere when we signed the contract?
Click to expand...
Click to collapse
It's not necessarily that they are just watching packets, but when your IP is sent out over certain channels it sets off a flag. Simple programming stuff:
Code:
("If UA=X, then Run "UpgradeService.Script")
It's because when you tether the traffic by default (it's in framework-res.apk) is pc.tmobile.com and that is not the main APN that is used by the phone itself. Strings need to be modified so that APN is replaced with the regular data APNs for it to be undetectable.
KillaHurtz said:
It's not necessarily that they are just watching packets, but when your IP is sent out over certain channels it sets off a flag. Simple programming stuff:
Code:
("If UA=X, then Run "UpgradeService.Script")
It's because when you tether the traffic by default (it's in framework-res.apk) is pc.tmobile.com and that is not the main APN that is used by the phone itself. Strings need to be modified so that APN is replaced with the regular data APNs for it to be undetectable.
Click to expand...
Click to collapse
But I' on a AOSP rom, RootBox, would it still be in my framework?
RonnieRuff said:
I do not see them changing their business model concerning tethering based on that argument.
Background on DPI
Service providers obligated by the service-level agreement with their customers to provide a certain level of service and at the same time, enforce an acceptable use policy, may make use of DPI to implement certain policies that cover copyright infringements, illegal materials, and unfair use of bandwidth. In some countries the ISPs are required to perform filtering, depending on the country's laws. DPI allows service providers to "readily know the packets of information you are receiving online—from e-mail, to websites, to sharing of music, video and software downloads".[8] Policies can be defined that allow or disallow connection to or from an IP address, certain protocols, or even heuristics that identify a certain application or behavior.
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
Click to expand...
Click to collapse
As much as I hate to agree with him on anything he's right on his tmobile policy stuff I think he's one of their lawyers
Sent from my GT-N5110 using Tapatalk 2
What worries me is that I use firefox ua on boat browser...
Can they think I am tethering because of this?
If I do tether I use ssh tunnel, so its undetectable.
dima202 said:
What worries me is that I use firefox ua on boat browser...
Can they think I am tetherithe store or call their supportng because of this?
If I do tether I use ssh tunnel, so its undetectable.
Click to expand...
Click to collapse
If you successfully connect to the internet on your tethered device without the Upsell redirect I think your good. It seems like that's the only block. I found a UA that isn't blocked and gives a desktop view all the time, I can pm it to you if you like. I've been using it for about 4 days now with no issues also I've pulled 53GB so far with no limiting or throttling. I never did go back to the store or call their support.
ThaDSman said:
If you successfully connect to the internet on your tethered device without the Upsell redirect I think your good. It seems like that's the only block. I found a UA that isn't blocked and gives a desktop view all the time, I can pm it to you if you like. I've been using it for about 4 days now with no issues also I've pulled 53GB so far with no limiting or throttling. I never did go back to the store or call their support.
Click to expand...
Click to collapse
I'd like to know what you're using to get tethering to work pm me or post away thanks!
Sent from my SGH-T889 using xda premium

Securing your Phone - discussion

Looking for things you can do to reduce your exposure...
- dnscrypt seems like a no brainer - install via adb.
- se linux also seems like a no brainer despite being created by the NSA
- limit the rights that applications have
- standard phone encryption - yes google will hand over the keys if asked but TrueCrypt for android doesn't appear to exist.
- tor/vpn/proxies.
- restrict application rights
- leave the gps off unless you need it.
Additions? Thoughts? Improvements?
RobertFontaine said:
- standard phone encryption - yes google will hand over the keys if asked but TrueCrypt for android doesn't appear to exist.
Click to expand...
Click to collapse
You sure about that? Source?
If you're also concerned with what people can do when they have physical access to your phone - Make sure you have a lock on it and disable USB debugging when you're not actually using ADB
Jaspah said:
You sure about that? Source?
Click to expand...
Click to collapse
No... I'm not sure... While google is my friend there seems to be more opinions and less fact...
Encryption based on dm crypt. Encryption key tied to screen unlock key (16 characters or less).
The is an app in Play Store that will separate the two on rooted phones.
http://www.guyrutenberg.com/2012/06/29/some-thoughts-about-androids-full-disk-encryption/
The best solution is a vpn such as hideman. It uses 256 bit encryption. You get 5 free hours a week. The mobile subscription is only 4-5 bucks a month with unlimited use and over 20 different countries ip address to choice from.
Wireratt said:
The best solution is a vpn such as hideman. It uses 256 bit encryption. You get 5 free hours a week. The mobile subscription is only 4-5 bucks a month with unlimited use and over 20 different countries ip address to choice from.
Click to expand...
Click to collapse
A VPN is only as secure as its endpoint. What's stopping some company or government entity from shutting these guys down or paying them off for your logs?
Jaspah said:
A VPN is only as secure as its endpoint. What's stopping some company or government entity from shutting these guys down or paying them off for your logs?
Click to expand...
Click to collapse
Nothing but that applies to any ISP as well. I like controlling who has logs and not leaving it completely up to my ISP. If they want you bad enough there is nothing to secure you.
source: I was tech on a sply plane that's capable of intercepting SMS and email right out the air. This thing could record 1 sec of a persons voice and scan for it until that persons makes a phone call and then get exact location.
The gov is not the only one who might be listening.
A vpn secures you from anyone who is sharing your wifi or listening for your passwords ( key loggers).
Wireratt said:
Nothing but that applies to any ISP as well. I like controlling who has logs and not leaving it completely up to my ISP. If they want you bad enough there is nothing to secure you.
source: I was tech on a sply plane that's capable of intercepting SMS and email right out the air. This thing could record 1 sec of a persons voice and scan for it until that persons makes a phone call and then get exact location.
The gov is not the only one who might be listening.
A vpn secures you from anyone who is sharing your wifi or listening for your passwords ( key loggers).
Click to expand...
Click to collapse
+1 In pure terms, anything connected isn't secure in one way or the other. We only try to get what's the best available of the lot, and VPN is one of the best ways available.
I have been searching for how to install dnscrypt on android, if you will please explain the steps I need to take to install via adb...

wireguard and azire vpn

I have a pixel 2 xl with EX 1.01 kernel. I downloaded wireguard and then signed up on azire. It says it's only free until tomorrow- which is now today. I downloaded all the host files/ phony addresses and put them in wireguard.
Am I going to have to pay for the VPN? It was my understanding that this was all free. I'm still not sure what this is going to be doing for me though. It's my understanding that with wireguard on I can route my internet traffic through a phony server/location/device address. Azire had choices of Canada, Switzerland, Miami Florida, and some other places. I downloaded a file for each place. So I can just toggle on one of the locations and all my internet traffic will go through that phony address, right? This will allow me to access restricted content at work without work being able to track me, right? For example, movie and entertainment stuff is not viewable during lunch break because its access is restricted.
edit: I had 1 of the wireguard locations toggled on today. They were files I added from azire. They don't let me access ANYTHING on the internet when the switch is flipped on and in on my work wifi. What's going on?
Please can someone also explain the REAL, awesome benefits of wireguard and VPN? I'm only really playing around with it at this point.
I just signed up, and it says OpenVPN is free for 24 hours, while Wireguard is free indefinitely.
I don't know much about all this stuff, but I think Wireguard is a replacement for OpenVPN, which has a lot less lines of code, lighter, and having better security compared to OpenVPN. I think it's free currently as it is new and still under testing. Somebody with better knowledge oughta chime in and add more info.
Well its not much use if the VPN itself isn't free, right? What is everyone using this for? I am having a really hard time understanding it's application. If all the VPN services cost, I would think one would have to use this stuff a lot for it to make sense. Are there good, free VPNs?
I have the wireguard switch on for one the VPN files I downloaded from azire, and it works at home on my home networks, but at work I can not access anything on the internet. What does this mean? It was doing that before the 24hr trial was up (pretty sure). And I would think it wouldn't be working anymore, but I can still access stuff while on my home network with the wireguard in app switches toggled.
Im exploring this because if my phone and kernel are capable of it, I'd like to learn and utilize it. Just need help understanding how and what the proper application is.
Schroeder09 said:
Well its not much use if the VPN itself isn't free, right? What is everyone using this for? I am having a really hard time understanding it's application. If all the VPN services cost, I would think one would have to use this stuff a lot for it to make sense. Are there good, free VPNs?
I have the wireguard switch on for one the VPN files I downloaded from azire, and it works at home on my home networks, but at work I can not access anything on the internet. What does this mean? It was doing that before the 24hr trial was up (pretty sure). And I would think it wouldn't be working anymore, but I can still access stuff while on my home network with the wireguard in app switches toggled.
Im exploring this because if my phone and kernel are capable of it, I'd like to learn and utilize it. Just need help understanding how and what the proper application is.
Click to expand...
Click to collapse
Your office may be blocking access to VPN services.
Schroeder09 said:
Well its not much use if the VPN itself isn't free, right? What is everyone using this for? I am having a really hard time understanding it's application. If all the VPN services cost, I would think one would have to use this stuff a lot for it to make sense. Are there good, free VPNs?
I have the wireguard switch on for one the VPN files I downloaded from azire, and it works at home on my home networks, but at work I can not access anything on the internet. What does this mean? It was doing that before the 24hr trial was up (pretty sure). And I would think it wouldn't be working anymore, but I can still access stuff while on my home network with the wireguard in app switches toggled.
Im exploring this because if my phone and kernel are capable of it, I'd like to learn and utilize it. Just need help understanding how and what the proper application is.
Click to expand...
Click to collapse
VPN basically protects you from being identified on the internet. People use it to prevent the government or hackers from spying on them, or even bypass restrictions on website that the government imposed(torrent, porn, google.com in China).
Sure there are free VPNs, but I guess the "protection" will not be very secure compared to a paid VPN. Obviously not all paid VPNs will be super secure, you'll have to do your research on which company provides the most secure VPN. But if you're just looking to bypass restrictions and don't give a hoot about security, a free VPN normally suffice.
About not able to access the internet during work, yeah probably the office network doesn't allow any form of VPN, since that would mean they don't know what you would be doing.
Schroeder09 said:
Well its not much use if the VPN itself isn't free, right? What is everyone using this for? I am having a really hard time understanding it's application. If all the VPN services cost, I would think one would have to use this stuff a lot for it to make sense. Are there good, free VPNs?
I have the wireguard switch on for one the VPN files I downloaded from azire, and it works at home on my home networks, but at work I can not access anything on the internet. What does this mean? It was doing that before the 24hr trial was up (pretty sure). And I would think it wouldn't be working anymore, but I can still access stuff while on my home network with the wireguard in app switches toggled.
Im exploring this because if my phone and kernel are capable of it, I'd like to learn and utilize it. Just need help understanding how and what the proper application is.
Click to expand...
Click to collapse
the vpn is free.. azire offers the wireguard vpn for free since its still in beta testing.. openvpm is a separate vpn altogether and does not work in wireguard
the openvpn was a 24hr trial period.. openvpn will not work in wireguard
this is more a general question, not really for themes and apps section.. i suggest u read up on vpns and the different types/methods to understand more about them
eushaun99 said:
VPN basically protects you from being identified on the internet. People use it to prevent the government or hackers from spying on them, or even bypass restrictions on website that the government imposed(torrent, porn, google.com in China).
Sure there are free VPNs, but I guess the "protection" will not be very secure compared to a paid VPN. Obviously not all paid VPNs will be super secure, you'll have to do your research on which company provides the most secure VPN. But if you're just looking to bypass restrictions and don't give a hoot about security, a free VPN normally suffice.
About not able to access the internet during work, yeah probably the office network doesn't allow any form of VPN, since that would mean they don't know what you would be doing.
Click to expand...
Click to collapse
speed is also a factor.. some free vpns are slow compared to ones you can purchase.. but yes, agreed, he needs to do some more research on the internet lol
How do I know if my azire is still functioning? With the wireguard VPN switched on I can access sites on my home network
Is there anyway to get around wifi networks blocking access to VPN? Can I change dns settings or addresses or something? Every place I try to use this it doesn't work. I can use my VPN at home which is where I least care to use it or need it.
I'm currently at a hotel. There are tons of people on the wifi and it seems if I were concerned about security and safe browsing I'd want to use this now! I can't! As soon as I enable the VPN the internet access stops. This seems useless. Can someone help?

Categories

Resources