OT computer issue

Page 4 of 5  
snipped-for-privacy@aol.com Fri, 21 Oct 2016 06:31:19 GMT in alt.home.repair, wrote:

I'm not writing about WPA/WPA2. There's no such thing as WPS2 (yet anyway) I specifically asked you about WPS being enabled. If WPS is active, one could hack that within a few seconds and recover a viable WPA2 key without your assistance which would give them guest access. but, more importantly, the ability to talk to your router. Depending on the router and the firmware, one might be able to leave your guest network and access the hard lines machines on it. And that's just one way of gaining access that one shouldn't have. It's also possible your router has vulnerabilities you know nothing about, and, all one would need in those cases is the WAN side IP address. no 'wifi' required there. Can your service provider access your router and apply updates/change things on it for you? If so, it's quite possible I could too.
WPS is vulnerable. And your router if it's one supplied from your internet provider (I'm guessing your phone company?) most likely is exploitable once you can 'talk' to it, even with the guest network.
So, one would take advantage of WPS being enabled, gain access via WPA2 thanks to it, and, then, depending on the firmware, take control of the router and setup another wifi point that doesn't isolate itself from the rest of your network.
From there, it's a matter of exploring and poking around (no pun intended). You've already told me a windows 98 box is acting as a server, I'd hit that one first, it would be the easiest. It'll share drive mappings and network topology. That would allow me to know about some of the systems present on your network and the IP addresses assigned to them, if you're using DHCP. Most do.
And, that's just one way, off the top of my head of breaking into your network. if I knew the specific make and model of your router, I might not even have to go through all that hassle and I could possibly do it from the internet. No 'wifi' access required. Your router might even be so kind as to tell me it's make and model, depending on it's firmware revision.
If you don't know what WPS is, you probably don't need it, AND, should disable it. Don't trust your router when it tells you it's off, either. check to be sure! Some will say it's off, but, it's not. Due to, again, a bug in firmware.
If you're comfortable using linux, I recommend kali linux for penetration testing. If you have a spare laptop, you can boot it from usb into kali and test the security of your network from there.

As I said, I'm not trying to be condescending or rude with you, I'm simply trying to ascertain your knowledge level concerning the PC.
While I certainly appreciate your comment and can relate to bailing out other techs who couldn't fix things, I don't believe we're discussing the same things here. Hence, my questions.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

The best security I have is distance. There are only a couple people within WiFi distance and I would give them my key if they asked. If someone is war driving through my neighborhood they might find themselves confronted by armed people asking them what the hell they were doing there. This is Florida. Neighborhood watch is an armed response. Even if they got into that router, there is another wall between there and my home network. All they could do is skim some internet without some more work.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com Fri, 21 Oct 2016 15:47:26 GMT in alt.home.repair, wrote:

Point is, if they wanted to make the effort, you've made it easier. And didn't even realize you had. Confusing WPS for that of WPA2 tells me a considerable amount of the PC related IT knowledge you don't have, as well. No offense. But, I didn't start off by declaring how many years I'd been doing PC level work professionally. I guess you thought the number would be impressive on it's own and your knowledge wouldn't be subject to question as a result. I've met many people with that mindset and, I've schooled each and every one of them.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

I am not a wiz about remembering which is the good by acronym but I know the difference when I set it up.
We were talking about hardware tho, not WiFi jargon. I just gave you my experience. I had a dead Aptiva supply, verified with my scope. I plugged in another one, the start line was ground and it did not start. I put in another one and it worked. Then I figured out the supply was a Dell. No smoke, no drama.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com

WPS isn't your encryption algorithm. it's actually something else entirely. Designed to make life easier for you, in fact. As with many things designed to make life easier, it can be abused.
https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key.[4] Users have been urged to turn off the WPS PIN feature,[5] although this may not be possible on some router models.[6]
Offline brute-force attack
In the summer of 2014, Dominique Bongard discovered what he called the "Pixie Dust" attack. This attack works only for the default WPS implementation of several wireless chip makers, including Ralink, MediaTek, Realtek and Broadcom. The attack focuses on a lack of randomization when generating the E-S1 and E-S2 "secret" nonces. If the attacker can figure out those two nonces, they can crack the PIN within one minute and 30 seconds, depending on the device. A tool called pixiewps has been developed[18] and a new version of Reaver has been developed to automate the process.[19]
Since both the access point and client (enrollee and registrar, respectively) need to prove they know the PIN to make sure the client is not connecting to a rogue AP, the attacker already has two hashes that contain each half of the PIN, and all they need is to brute- force the actual PIN. The access point sends two hashes, E-Hash1 and E-Hash2, to the client, proving that it also knows the PIN. E-Hash1 and E-Hash2 are hashes of (E-S1 | PSK1 | PKe | PKr) and (E-S2 | PSK2 | PKe | PKr), respectively. The hashing function is HMAC-SHA-256 and uses the "authkey" that is the key used to hash the data.
The WPS PIN may or may not (depending on router and firmware) be something you can change.

Dell doesn't actually make their own power supplies. it's.. outsourced, rebadged, rebranded, however you prefer to put it.

That's good. Question though. How do you know the start line was ground if you didn't know the pinout configuration to the board you were trying to use it with? Did you assume it was standard? Or did you manually force it to ground? it doesn't really matter, I'm just curious more than anything else.
As I'm sure you understand, If you did happen to run across something that wasn't standard wired and tried to use a standard power supply on it, you do run a very real risk of toasting the board and/or the power supply. The reason is quite simple. Some pins expect to see + 5/-5 volts and others expect to see +12/-12 volts. Swapping those is very bad for the board. That was the only point I was trying to make.
I can think of a few reasons why the power supply may have refused to start, though. One, you didn't short PS start line to a ground, or, you did, but the PS noticed something was seriously wrong; ie: dead short on it's side, right off the bat and refused to continue with power on sequence as a result. I have seen a few capable of doing that.
With that said, I've also seen some that didn't do that and if told to come online, you best make damn sure everything else is as it should be; as it's going to send power and/or burn itself or something else out trying. I've shown you some pin layouts where they differed from being standard. You would toast the board if you sent 12 volts to a 5volt spot on it. Even with a tolerance for slightly higher/slightly lower voltages, the tolerance isn't great enough to let you slide by over half the expected voltage in either direction.
I'm glad you didn't burn anything out, but, that's more luck than it is anything else in your case. Others have actually toasted their boards by swapping power supplies, thinking everything was standard about the ATX connector.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

WiFi is not the most likely way to break into a PC when you are out in the country. I doubt there are 2 people within a mile of me who even understand you should change the password from something other than the default admin/admin and strangers parked in the neighborhood will be noticed. The fact remains most attacks are shit people click on or email attachments they open. In my case, you won't get much anyway. You will be sifting through a terra byte of ripped movies, stolen music and pictures you could see on my web site. If I am doing things like my taxes, it will be on a PC that is not networked to anything, running off a thumb drive that gets pulled out and stored with my tax records.

I knew it was supposed to be #14 because that was the IBM (and most of the world) standard. I did not screw with Dells much then. I still am not a huge fan but the place where my wife works loves them so I have a few now. Like the other poster pointed out, they are using the standard configuration these days. Dell laptops are OK but they still use a lot of non compatible parts even across their own models.
I had 3 Dell laptops with different problems and I could not find enough compatible parts between them to get one working without buying something even though they looked very similar. I really think of PCs as Bic lighters anyway. I get them for free most of the time and I don't spend a lot of time or money fixing one. My biggest use is as MP3 players and movie streamers.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com Sat, 22 Oct 2016 15:32:09 GMT in alt.home.repair, wrote:

Many attacks are setup that way, yes. Many of those can be mitigated by not having the user who's logged in have Admin rights...Granted, some attachments may perform privilege escalation and make the limited user login a mute point. Privilege escalation vulnerabilities aren't reliable, because, it only takes one update to close it.
Remote attacks are still viable depending on the target, though. If your modem/router combo allows your ISP to update it remotely, that's a possible entry vector.

That's assuming I wanted something data wise from your machine/network. I may instead, want your network to join a botnet and assist me in a DDoS. I might also just be looking for some storage space and a speedy connection to the internet for dumpsite/temp storage pass on purposes. I might also be looking to 'borrow' your networks resources to participate in hacking other systems. If tracked back and all affected networks cooperated, it could be tied to your network, not me. I doubt your router is keeping connection logs. It's not always about taking a copy of your data. It just depends on the hackers intentions.

Most laptops do have some proprietary aspects to them. It's not Dell specific.

I understand that point of view. Many of the laptops present here use the network to pull music and movies from one or more servers on the network. Some are used more productively, but, the entertainment options are certainly there for the user.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

keep all updates turned off and I selectively apply things I am sure I want/need

I have a DSL connection. I assume they want something faster since I am surrounded by cable connections running much faster with little security. If you hack my DSL modem, you are still another router away from your first PC. Then there is some software you need to get through.

True and that gets you back to my first assertion. Laptops are not the first machine I would buy to use if I am not walking/flying around with it. I use the latitude because the application is not speed intensive and it runs with "night light" amounts of power.

network is just there to enable the sync. DASD is cheap.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com Sun, 23 Oct 2016 01:45:41 GMT in alt.home.repair, wrote:

You seem to be confused again. Remote updating of your router has nothing to do with Windows or Windows updates that you keep turned off. You wouldn't be selectively applying these, you probably wouldn't even be aware of this happening. If the modem/router combo is the one your ISP provided, it's mostly likely remote updatable by them. Again, that has nothing to do with Windows updates. It's not something YOU can usually turn off, either.

Is the software Windows based? [g] I think you may be over estimating the security your network is affording you. Or rather, the security you think it's affording you.

Of course not. People buy laptops for the portability aspect. Not to become a server. it's the wrong tool for the job in that situation. I could use a flathead to get a philips screw out, but, it's not the right tool and could damage the screwhead.

It would defeat the purpose if I foisted the content onto each client that wants to use it. Although, they are welcome to make local copies of anything they have access to. Sounds like i'd only need to break into one or two boxes and be able to acquire everything on the network; since you're keeping copies of the data on each one...
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 20 Oct 2016 19:16:11 -0400, snipped-for-privacy@aol.com wrote:

I tried a standard atx power supply on a Dell and it didn't do anything., untill a few wires were moved in the connector. Don't try to just move the start wire.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thursday, October 20, 2016 at 8:16:16 PM UTC-5, snipped-for-privacy@snyder.on.ca wrote:

For the past 15 yrs Dell has used a standard ATX P/S. ('96-'00 was non-standard)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 20 Oct 2016 19:03:00 -0700 (PDT), bob_villa

phrase "Dell from Hell" - because back then they WERE "from hell" Unlike Apple, who didn't pretend to be "standard" - Dell tried very hard to appear to be "standard" while, at the time, was anything but.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thursday, October 20, 2016 at 9:17:55 PM UTC-5, snipped-for-privacy@snyder.on.ca wrote:

Really "old news".
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@snyder.on.ca wrote:

Dell, HP, Compaq, etc. All guilty of stupid things like that.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yep. Our company farmed it's custom PCBs out to a company that had jest won the Malcom Baldridge Awared for Quality. Yet, they still tried to sub out our PCB components fer cheaper one's (that often did not work) so THEY could save money. We hadda go back and spec all the components WE wanted cuz the boards began failing.
I also helped a buddy test some memory sticks that were being returned to him (Infineon) for alleged failures. We tested 'em all and discovered it wasn't the memory sticks at all. They all worked fine. It was the cheapo memory stick finger connector strips that had been substituted by Dell to save money on their motherboards. The finger strips were the wrong size and therefor did not exert enough pressure to make good contact with the memory sticks.
nb
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yeah, the joke in the 90s was people were getting those yellow envelopes in the mail that said "You may have already won the Malcolm Baldridge Award"
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

No. The traces were good, it's jes them memory stick connectors had been cheapened to the point were they didn't work fer dammit. The finger contacts wouldn't exert enough pressure to ensure a viable connection. We finally got Dell to admit it was they who replaced the memory stick slot finger strips with cheaper one's. Since our test rigs were not Dell PCs, with cheapo memory connectors, the sticks all worked jes fine. ;)
nb
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@snyder.on.ca

You could have gotten an ATX adapter to do that for you. Much less risk of forgetting to swap the other wires which would result in frying the board and/or PSU...Which is why you told him not to just try moving the start wire, right? [g] You do realize, the PSU only needs the PS ON wire to connect to a negative line and it will try to come online, right? You were very lucky the non standard Dell didn't opt to do that when you stuck the ATX connector to it, you would have fried it if it did.
http://www.smps.us/power-connectors.html explains why, obviously.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 20 Oct 2016 17:01:40 -0400, snipped-for-privacy@aol.com wrote:

years "piddling" before that.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@snyder.on.ca

So you know you can convert an XP disc to oem,retail,vendor or vlk by changing five files, right? :) As, that's the only difference between the discs. Four bins, one ini, everything else is identical to the very byte. I'm not discussing the rules of licensing mind you, just the physical aspects of the contents of the disc itself.
Do you know how the vendor specific routine works? You've seen it in action. Let's take a 'Dell' branded XP OS cd for example. You notice that when you install it on the machine it shipped with, it never asks for a key, right?
Well, that's because it's checking the BIOS for a string, and it'll match a string inside one of the oembios* files (the four binaries) I mentioned previously. As long as it matches, you're golden; no cd key required.
If you take the same 'Dell' branded XP disc and load it on a non dell, you're prompted for the key. And the type of key it wants is controlled by the .ini file (retail,oem,vlk). You could take an HP 'branded' XP disc and convert it for use with a Dell, or vice versa, or, create your own branded disc if you wanted.
Obviously, you will need viable copies of the four files for each type of 'vendor' specific disc you want to create, as well as the set for retail,oem, and vlk. You should also copy the setupp.inf file as well; as this determines the type of keys the disc will accept. It is necessary if you wish to convert one of yours to say, VLK edition. (Volume License; they don't have to activate with MS)
The files you're looking to muck with are appropriately named oembios.bin,oembios.cat,oembios.sig,oembios.dat (they are compressed on the XP cd and stored as oembios.bi_,oembios.si_,oembios.ca_,oembios_da inside your /i386 folder) and of course, the setupp.inf file. That determines the type of key the disc will take, if you're prompted.
Saved me a lot of time reloading systems for an employer I once had. I could convert our oem discs to whatever I needed for the task. If the customer lost his/her Dell disc, for example, I could replace it for them. And, it would work just fine for their Dell. No key required. And, I wasn't pirating. I had copies of the four bins plus the .ini for damn near everything that came across my bench. If we got a new machine say, acer, I dilligently copied those files and added them to our server, in the event we needed it later. It would be a burned disc, but would be branded for the Acer. [g]
Btw, this 'trick' works for XP home and pro. There's very little difference on disc between the two. And it is possible to convert a 'home' disc to a 'pro' disc, if you really wanted to do so.
I respect the time you've both put into it, but, with that said, I don't think either of you would be schooling me anytime soon on things PC related. Mainframes, etc, certainly; I have very little hands on experience with them.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.