<br><br><div class="gmail_quote">On Wed, Jan 23, 2013 at 5:20 PM, Ron Frazier (ALE) <span dir="ltr"><<a href="mailto:atllinuxenthinfo@techstarship.com" target="_blank">atllinuxenthinfo@techstarship.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div text="#000000" bgcolor="#ffffff">
Yeah Jim, I'm starting to feel like that.<br>
<br>
I appreciate all the information. Frankly, it's starting to make my
eyes cross. I'm going to have to revisit some of the technical details
when my brain is a bit less foggy. I think it's supper time. That
must be the problem. I tried wireshark on Windows 7 64 bit to try to
snoop on my own pc's on my wlan. I never succeeded, even though I know
the psk. I'm sure other more knowledgeable people would probably
succeed.<br>
<br>
Here's what I think I've gotten from the discussion:<br>
<br>
A) Sitting on open wifi, non ssl / vpn traffic. Anybody (with
knowledge, tools, and motive) can see whatever I do.<br>
<br>
B) Sitting on shared password WEP wifi, non ssl / vpn traffic. Anybody
can see whatever I do.<br>
<br>
C) Sitting on shared password WPA wifi, non ssl / vpn traffic. Anybody
that captures my logon sequence can see whatever I do.<br>
<br>
D) Sitting on any network, using email in SSL mode. ASSUMING that the
client brings up the SSL connection before exchanging authentication
data, I should be OK.<br></div></blockquote><div><br>The encrypted stream of data is mostly OK. SSL has some holes and that requires latest-greatest versions. <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#ffffff">
<br>
E) Sitting on any network, going to the bank. ASSUMING I'm in SSL mode
before entering my login credentials, I should be OK.<br></div></blockquote><div>ditto SSL <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#ffffff">
<br>
F) Using a commercial VPN like HotspotVpn and ASSUMING they configured
it properly, anything I do should be OK data wise. However, there
still may be vulnerabilities in the networking stack / firewall that
I'm still exposed to.<br></div></blockquote><div><br>Encrypted stream is protected unless using older SSL (see above). VPNs use multiple methods of securing the channel and some are better than others. SSL is easy to setup and fast but breakable in certain circumstances. IKE and password-protected key exchange stuffs with asymmetric keys are as close to bullet-proof as we can get right now. Their weak point is the key itself. So each end sends the pub key to the other, then one encrypts a random string with the pub key and sends out. The other end decrypts and reencrypts with the other pub key. If the ends agree, tunnel is built using a SYMMETRIC key that is changed on a regular schedule. This is still subject to MitM attacks unless system keys are known on both ends.<br>
<br>All traffic outside the VPN is wide open, raw, unfiltered, adulterated, yeah, fun stuff!<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#ffffff">
<br>
Hopefully that is the main gist of it.<br>
<br>
Sincerely,<br>
<br>
Ron<div><div class="h5"><br>
<br>
<br>
On 1/23/2013 4:28 PM, Jim Kinney wrote:
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
</div>
</div>
To sum up this entire thread:<br>
<div class="gmail_quote">
<div><br>
Get off the Internet and read a dead-tree book you got from a trusted
source.<br>
</div>
</div>
-- <br>
-- <br>
James P. Kinney III<br>
<i><i><i><i><br>
</i></i></i></i>Every time you stop a school, you will have to build
a jail. What you gain at one end you lose at the other. It's like
feeding a dog on his own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br>
<i><i><i><i><br>
<a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br>
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a></i></i></i></i><br>
</blockquote>
<br>
<br>
</div></div><div class="im"><pre cols="72">--
(To whom it may concern. My email address has changed. Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address. Please send all personal correspondence to the new address.)
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new email messages very quickly.)
Ron Frazier
<a href="tel:770-205-9422" value="+17702059422" target="_blank">770-205-9422</a> (O) Leave a message.
linuxdude AT <a href="http://techstarship.com" target="_blank">techstarship.com</a>
</pre>
</div></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i></i>