Upgrading old computers

[Wolf K]

On 26/06/2012 12:06 AM, Char Jackson wrote:
[...]

As you may know, if it has the WPS feature, (Wireless Protected Setup
or whatever D-Link calls it), then it's likely vulnerable to an easy
hack. In that case, the number of characters in the password makes no
difference and therefore doesn't contribute to security.

I'm all ears. Kindly explain. Is a fix possible?

Not that I expect a drive-by intrusion attempt here. ;-)

 

[Char Jackson]

On 26/06/2012 12:06 AM, Char Jackson wrote:
[...]

As you may know, if it has the WPS feature, (Wireless Protected Setup
or whatever D-Link calls it), then it's likely vulnerable to an easy
hack. In that case, the number of characters in the password makes no
difference and therefore doesn't contribute to security.

I'm all ears. Kindly explain. Is a fix possible?

a) Disable the feature in the router
b) Check for new firmware that addresses the hack

Not that I expect a drive-by intrusion attempt here. ;-)

No one ever does.

 

[Wolf K]

On 26/06/2012 12:06 AM, Char Jackson wrote:
[...]

As you may know, if it has the WPS feature, (Wireless Protected Setup
or whatever D-Link calls it), then it's likely vulnerable to an easy
hack. In that case, the number of characters in the password makes no
difference and therefore doesn't contribute to security.

I'm all ears. Kindly explain. Is a fix possible?

a) Disable the feature in the router
b) Check for new firmware that addresses the hack

Not that I expect a drive-by intrusion attempt here. ;-)

No one ever does.

'Ta.

 

[Gene E. Bloch]

Thanks, Joe. I appreciate the rescue attempt and should probably
accept it graciously and move on, but I honestly don't remember the
last time I've seen a wireless client configuration manager that
allowed the user to select the channel or security settings. If you
guys say there is such a thing, I'll accept your word for it.


From what I've seen, at the client side you're limited to entering the
password. The other security settings are negotiated transparently,
and by negotiated I mean the router says 'this is what we're going to
use" and the client tries to comply, if it can.

We've been a bit at cross-purposes here.

I was only thinking about SSID names and passwords, so Joe Morris
correctly caught my source of miscommunication. Or confusion, or
whatever you'd like to call it

 

[pjp]

On 26/06/2012 12:06 AM, Char Jackson wrote:
[...]

As you may know, if it has the WPS feature, (Wireless Protected Setup
or whatever D-Link calls it), then it's likely vulnerable to an easy
hack. In that case, the number of characters in the password makes no
difference and therefore doesn't contribute to security.

I'm all ears. Kindly explain. Is a fix possible?

a) Disable the feature in the router
b) Check for new firmware that addresses the hack

Not that I expect a drive-by intrusion attempt here. ;-)

No one ever does.

Well I never do. I'm willing to bet on it

They'd have to basically sit in a car in my driveway. Rural area, empty
road with closest house almost a Km away. I can't make it to my barn and
keep a connection so can't see anyone "war driving" with equipment would
make that much difference.

I keep it wide open simply because kid's Gameboys didn't seem to have
any means of accessing internet thru a password protected setup.
Gameboys and kids gone now but still see no reason to bother changing
what works without hassle.

 

[Wolf K]

[...]

Not that I expect a drive-by intrusion attempt here. ;-)

No one ever does.

Well I never do. I'm willing to bet on it

They'd have to basically sit in a car in my driveway. Rural area, empty
road with closest house almost a Km away. I can't make it to my barn and
keep a connection so can't see anyone "war driving" with equipment would
make that much difference.

I keep it wide open simply because kid's Gameboys didn't seem to have
any means of accessing internet thru a password protected setup.
Gameboys and kids gone now but still see no reason to bother changing
what works without hassle.

Well, we're in a small town, not quite as isolated, but strangers
sitting in car outside the house for any length of time will be, um,
conspicuous. ;-)

 

[Char Jackson]

[...]
Not that I expect a drive-by intrusion attempt here. ;-)

No one ever does.

Well I never do. I'm willing to bet on it

They'd have to basically sit in a car in my driveway. Rural area, empty
road with closest house almost a Km away. I can't make it to my barn and
keep a connection so can't see anyone "war driving" with equipment would
make that much difference.

pjp: A kilometer, just over a half mile, is easily achievable,
depending on terrain, equipment, and other factors.

Well, we're in a small town, not quite as isolated, but strangers
sitting in car outside the house for any length of time will be, um,
conspicuous. ;-)

It's funny, but people frequently use the example of a stranger
sitting in a parked car, while that's rarely where unauthorized access
comes from. It's usually from a neighbor. They have the advantages of
unlimited time and no one wondering what they're doing since they're
doing it from inside their house. Line of sight helps, but isn't
strictly required.

 

[Char Jackson]

We've been a bit at cross-purposes here.

I was only thinking about SSID names and passwords, so Joe Morris
correctly caught my source of miscommunication. Or confusion, or
whatever you'd like to call it

Thanks, Gene. All good now.

 

[Wolf K]

[...]
Not that I expect a drive-by intrusion attempt here. ;-)

No one ever does.

Well I never do. I'm willing to bet on it

They'd have to basically sit in a car in my driveway. Rural area, empty
road with closest house almost a Km away. I can't make it to my barn and
keep a connection so can't see anyone "war driving" with equipment would
make that much difference.

pjp: A kilometer, just over a half mile, is easily achievable,
depending on terrain, equipment, and other factors.

Well, we're in a small town, not quite as isolated, but strangers
sitting in car outside the house for any length of time will be, um,
conspicuous. ;-)

It's funny, but people frequently use the example of a stranger
sitting in a parked car, while that's rarely where unauthorized access
comes from. It's usually from a neighbor. They have the advantages of
unlimited time and no one wondering what they're doing since they're
doing it from inside their house. Line of sight helps, but isn't
strictly required.

The nearest neighbour with the smarts to do this is about 1.2km away on
the other side of town. She's a virus hunter. ;-)

 

[Joe Morris]

It's funny, but people frequently use the example of a stranger
sitting in a parked car, while that's rarely where unauthorized access
comes from. It's usually from a neighbor. They have the advantages of
unlimited time and no one wondering what they're doing since they're
doing it from inside their house. Line of sight helps, but isn't
strictly required.

That's probably accurate, but it doesn't address the consequences to the
owner of the unsecured access point if the stranger uses it to commit a
crime.

A few years ago at a SANS conference we were given an FBI presentation on
one such case in which multiple unsecured access points were used in an
extortion scheme. As langiappe, after the bad guy was taken down police
found a significant amount of material intended to produce ricin, although
the briefing did not include an explanation of what use was planned for the
poison. The access point owners were exonerated, but probably only after
spending more time talking to the authorities than they liked.

Joe

 

[Joe Morris]

From what I've seen, at the client side you're limited to entering the
password. The other security settings are negotiated transparently,
and by negotiated I mean the router says 'this is what we're going to
use" and the client tries to comply, if it can.

Given the number of vendors and models of WiFi clients (and their drivers)
that are running around, it's likely that we're seeing different
populations. (Recall the old story of the blind men describing an elephant:
one holds a leg, one holds the trunk, one holds the tail...)

My population is mostly business-class devices where you need to specify
such items as WPA2 Enterprise vs. WPA2 PSK vs. 802.1X, TLS vs. LEAP vs.
PEAP, MS-CHAP vs. TLS, etc., plus a number of low-level settings, most of
which are now buried in the Device Manager dialogs. Note that the channels
that can be used by a card are different depending on which nation's laws
apply to your location.

I've been periodically checking my local neighborhood since early
2006. Back then things were mostly open with a few DSL customers
running 2Wire modem/routers using WEP. Since then it's been
interesting to see the slow but steady migration away from open
networks to WEP, then away from WEP to WPA, and finally to WPA2. There
are still two open networks here, about a half dozen WEP (still DSL
customers), and the rest (about 35-40) are mostly WPA2 now.

One surprising thing I found from my audit runs several years ago was that
of the thousands of access points recorded, only *one* had an SSID that was
.... let's say "inappropriate for use in mixed company." Even more
surprising was that the "questionable" SSID was found not in the vicinity of
either the George Mason University or the University of Maryland (and I made
a point of driving through Frat Row) but among the apartment buildings in
Tysons Corner, VA.

Also, while the count was quite low, the most common SSID was "NOT YOURS".

Joe

 

[Char Jackson]

Given the number of vendors and models of WiFi clients (and their drivers)
that are running around, it's likely that we're seeing different
populations. (Recall the old story of the blind men describing an elephant:
one holds a leg, one holds the trunk, one holds the tail...)

My population is mostly business-class devices where you need to specify
such items as WPA2 Enterprise vs. WPA2 PSK vs. 802.1X, TLS vs. LEAP vs.
PEAP, MS-CHAP vs. TLS, etc., plus a number of low-level settings, most of
which are now buried in the Device Manager dialogs. Note that the channels
that can be used by a card are different depending on which nation's laws
apply to your location.

I see what you're saying. Where I work, our laptop images include a
Cisco connection manager application, and it exposes all or most of
the things you mentioned. In the consumer space, though, I don't see
those options.

One surprising thing I found from my audit runs several years ago was that
of the thousands of access points recorded, only *one* had an SSID that was
... let's say "inappropriate for use in mixed company." Even more
surprising was that the "questionable" SSID was found not in the vicinity of
either the George Mason University or the University of Maryland (and I made
a point of driving through Frat Row) but among the apartment buildings in
Tysons Corner, VA.

I think I used inSSIDer, a Windows app, to do basically the same thing
as I drove through the city core here awhile back. I only collected a
few hundred SSID's, but quite a few were creative and funny. Nothing
adult, as I recall.

Also, while the count was quite low, the most common SSID was "NOT YOURS".

For me, I think the most common was "linksys", if you don't count the
dozens that began with "2Wire" and included a 3-digit numeric suffix.

 

[pjp]

[...]
Not that I expect a drive-by intrusion attempt here. ;-)

No one ever does.

Well I never do. I'm willing to bet on it

They'd have to basically sit in a car in my driveway. Rural area, empty
road with closest house almost a Km away. I can't make it to my barn and
keep a connection so can't see anyone "war driving" with equipment would
make that much difference.

pjp: A kilometer, just over a half mile, is easily achievable,
depending on terrain, equipment, and other factors.

Well, we're in a small town, not quite as isolated, but strangers
sitting in car outside the house for any length of time will be, um,
conspicuous. ;-)

It's funny, but people frequently use the example of a stranger
sitting in a parked car, while that's rarely where unauthorized access
comes from. It's usually from a neighbor. They have the advantages of
unlimited time and no one wondering what they're doing since they're
doing it from inside their house. Line of sight helps, but isn't
strictly required.

Not a problem, for sure. I know my "next door" neighbour and anything
and everything I've tried hasn't even come close to working there, both
desktops and laptops. In fact, so sure because at one time I was willing
to let them share so we did make an effort.

My thoughts about range are, yea maybe a 1/2 Km on the prairies with
router up high in attac (exxageration) but hills, woods etc. and in my
case the tin siding on house and I'm happy a laptop works on back deck
etc. and the portable phone makes it around the field (2+ acres)
surrounds house.

My actual internet connection is wireless though. Comes in on a yagga
style attenna pointed at a tower sits up the end of the straight stretch
I'm along. I might be able to take it out with a real good 22 but it'd
be a very long lucky shot. 303 with a scope and likely someone could.

So perhaps, someone could lock into that somehow but then to my mind
they're not technically even hacking into me but the system as a
separate account (or least spoofing mine rather than piggy-backing onto
it). I'll watch for vehicles with yagga attenna on them

 

[Anthony Buckland]

I live in the suburbs of a larger city and there are at least a dozen
places around me that take old computer gear. Some of them attempt to
refurbish what they can and sell or donate it, while others simply
palletize it in large quantities and truck it somewhere for
reclamation. CRT monitors have large amounts of lead, while anything
with a circuit board likely has small amounts of gold that can be
reclaimed.

Likewise (North Shore suburbs of Vancouver BC).
One activity of a depot to which to take bottles
in bulk for refunds. I've taken more than one
machine there. My practice, to secure personal
data: remove the drives first, dismount the actual
metal disks for data destruction, put the rest of
the drives back, loose, in the machine.

 

[Gene E. Bloch]

I've explained, and you've clipped my explanation more than once now,
what quotes so used mean to me and to some others.

And when a new term *is* introduced (i.e., a term that is expected to be
new to the reader), the normal thing is to quote it the first time and
not later in the article.

The repeated quoting just makes it seem all the more apologetic to me.

And we've seen, thanks to Ed Cryer and another poster, that the term is
accepted by others, so

1) I have to stop complaining anyway

2) The quotes should be no longer needed

But what the heck, I and many others do know what you mean by bitness


My spell checker doesn't recognize the word, but it fails to recognize a
lot of perfectly fine words...Ed Cryer's name is one, BTW.

Surely it's time to inject some humor into this discussion.

Reading the funnies today, I saw this bit of synchronicity on the
subject of quote marks:

http://www.gocomics.com/nonsequitur

Navigate to the strip for June 27, 2012, in case you're looking at it
tomorrow.

 

[Antares 531]

We have two old desktop computers in our household network that are on
the verge of obsolescence, but I would like to upgrade them. Both are
still running Windows XP but I'm not sure the CPUs and the motherboard
in general is capable of handling a later version...say Windows 7, 64
bit.

How can I determine the upgrade limitations for these old computers
before I buy any new hard disks or software for them?

If these computers are upgradable, can I install a new hard drive then
format it for 64 bits, then install Windows 7, then use the old files
that are now stored on a second hard drive that is formatted for 32
bit data?

To keep everyone up to date, here's the latest bit of information
pertaining to the above set of problems. As I said earlier, I got the
Ethernet desktop working well a few days ago but could not get my
wife's old desktop computer working until this morning. I went to
Computer Connections and bought a Wireless LAN PCI Card, RNX-N150PC
and installed it in this computer. It connects with the new
NETGEARN300 DGN3500 Wireless Gigabit ADSL2+ Modem Router, but the
signal strength is very low. I think this may be caused by the fact
that this old computer is downstairs and in the opposite end of the
house from the upstairs router. The old desktop computer will connect
with the router and it can send/receive e-mail messages, etc., so I
guess the problem is caused by the location of the old computer's
Wireless LAN card's antenna. I think maybe an antenna extension cable
might be worth trying. Any ideas or suggestions, anyone.

I do really appreciate all the help I've received here, and I'm sorry
I didn't always keep up with the feedback on how things were going. I
kept trying and trying all the things that were suggested, but I guess
the old Wireless LAN PCI card simply could not communicate with the
new router. Gordon

 

[Paul]

so I guess the problem is caused by the location of the old computer's
Wireless LAN card's antenna. I think maybe an antenna extension cable
might be worth trying. Any ideas or suggestions, anyone.

I do really appreciate all the help I've received here, and I'm sorry
I didn't always keep up with the feedback on how things were going. I
kept trying and trying all the things that were suggested, but I guess
the old Wireless LAN PCI card simply could not communicate with the
new router. Gordon

I would be using a wired (Ethernet) connection by now.

Or, I would change the location of the router a bit,
if the cabling would allow it.

Maybe the router can be placed in a more central location.

It really depends, on how many RJ-11 phone boxes you
have sprinkled around the house, as to where the
router could be located. I only have one phone outlet now
(all others disconnected), so my ADSL stays put.

Look at your supply of cabling first, to see if that
is possible. Cables can be expensive, especially if you
head off to Best Buy to get them. If you order them
elsewhere, you might get a slightly better price on them.

Paul

 

[Zaidy036]

<snip>

Or try a free "beer can antenna" Google it.

 

[Char Jackson]

To keep everyone up to date, here's the latest bit of information
pertaining to the above set of problems. As I said earlier, I got the
Ethernet desktop working well a few days ago but could not get my
wife's old desktop computer working until this morning. I went to
Computer Connections and bought a Wireless LAN PCI Card, RNX-N150PC
and installed it in this computer. It connects with the new
NETGEARN300 DGN3500 Wireless Gigabit ADSL2+ Modem Router, but the
signal strength is very low. I think this may be caused by the fact
that this old computer is downstairs and in the opposite end of the
house from the upstairs router. The old desktop computer will connect
with the router and it can send/receive e-mail messages, etc., so I
guess the problem is caused by the location of the old computer's
Wireless LAN card's antenna. I think maybe an antenna extension cable
might be worth trying. Any ideas or suggestions, anyone.

The problem is that the antenna is tucked down behind the PC, in the
worst possible location for optimum reception. Forget antenna
extension cables. That would be the worst possible choice.

Some options, in no particular order because I can't walk through your
house.

Use Ethernet (wired), if possible!

USB Wireless Adapter. That would allow you to place the antenna up and
away from the back of the PC. If you don't have a USB post available,
a PCI card that provides 2-5 USB ports is widely available. Swap the
USB PCI card for the new PCI Wireless LAN card you just installed.

Ethernet connection to a wireless client bridge.

Powerline networking to bring Ethernet to the far end of the house.

....and many more options. You know your situation better than we do.