3G?

[Guest]

[Japo]

Well I need an Internet connection for my new home, first I thought about cable, but the monopolistic cable operator doesn't have where I'll be living. So I guessed it had to be ADSL over phone line, but the building is new and the flat doesn't have a phone line, so I have to set it up, I go ahead and do it, but then the company tells me they can't set up phone lines in this building until some bureaucracy is through over at the Government in Madrid. They don't have a clue how long I might have to wait.

I need it now, and the only broadband option left I can think about is 3G with one of them USB modems, even though I'd be using it on a desktop computer. (If you can think of another option, please by all means tell me--and I'll tell you if it's available in my neck of the woods.)

I've actually already ordered it, but now I wonder, does it have security issues? The traffic is encrypted so it cannot be eavesdropped, and the network you connect to is verified, right? Any information appreciated, thanks.

[Creasy]

In case of you, there is only one choice, cable.
I don't recommend you using 3G.
You can use encrypted communication between modem and PC.
(if your modem doesn't support encryption, you can't use it)
It means your data(in/out) is not protected by encryption.
Only Your local communication can be protected by encryption.
(It depands on phone company but I don't think they provide you encryption for in/out communication.)
But it can be eavesdropped even if it use encrypted communication for in/out.
One of the vulnerabilities is location privacy attack with a jammer.
Also there are many security issues.
The traffics can be eavesdropped. And there is another issue.
When you use encrypted communications between your modem,
actually your data can be protected by encryption.
But your key stroing pulse is not protected by encryption.
Because the data can be protected but the frequency can't be protected.
We can capture the frequency and decrypt the pulse.
We can recognize key stroking with pulse.
Because the pulse is completly different from each other.
Also the modem can be compromised easly.
I don't really recommend you using wireless network.
Wireless nerwork is a free hacking zone.
Refund it then use cable.

[Japo]

Many thanks.

Cable was my first option before ADSL, but as I said there is no cable where I'm going to live. I cannot get cable.

I'm not techy enough to understand half of what you said...

There is no way that the communication between the computer and the modem can be tapped, or the modem being physically acessed, the modem is a small device connected directly to a USB port of the computer:

http://www.comfortsurf.com/images/huawei/e160g/e160g_15.JPG

According to the Wikipedia, 3G as a standard uses Kasumi encryption. It also has information about its theoretical vulnerabilities:

http://en.wikipedia.org/wiki/KASUMI_(block_cipher)

One of the vulnerabilities is location privacy attack with a jammer.

You mean someone finding out my location? Dunno, I don't know who would be interested on that, and I'll be using this at home on my desktop, I don't even have a portable computer.

We can recognize key stroking with pulse.

Now this sounds worrying. You mean tapping the communication between computer and modem, or is this also possible by just listening to the encrypted blocks that are the only thing actually being broadcast from my physical location? It's not, right?

Actually the only stuff whose secrecy is really important for me (banking, trade, or even email) is already encrypted locally with SSL. Could it be decrypted only because the encrypted data is transmitted through an insecure network that can be listened? I'm not sure I know what I'm talking about, but one thing is tapping a signal, and another one is decrypting it?

Would be TrustConnect able to solve whatever security issues?

Thanks again.

[Creasy]

Many thanks.
Cable was my first option before ADSL, but as I said there is no cable where I'm going to live. I cannot get cable.

My recommendation is 'do not use wireless network'. So use wired network(ADSL,Cable etc).

I'm not techy enough to understand half of what you said...

I'm Sorry...I
I wiil explain easly.

There is no way that the communication between the computer and the modem can be tapped, or the modem being physically acessed, the modem is a small device connected directly to a USB port of the computer:
http://www.comfortsurf.com/images/huawei/e160g/e160g_15.JPG
According to the Wikipedia, 3G as a standard uses Kasumi encryption. It also has information about its theoretical vulnerabilities:
http://en.wikipedia.org/wiki/KASUMI_(block_cipher)

forget it, because the communication company provides you only User verification with encryption.
Your coummunication will not be protected.
Don't too much trust Wikipedia stuffs.
It's very different from Real world. They only put articles from other place.
And the only show theories, definitions.
I can say A book is better than all of Wikipedia.

You mean someone finding out my location? Dunno, I don't know who would be interested on that, and I'll be using this at home on my desktop, I don't even have a portable computer.

Now this sounds worrying. You mean tapping the communication between computer and modem, or is this also possible by just listening to the encrypted blocks that are the only thing actually being broadcast from my physical location? It's not, right?

Actually the only stuff whose secrecy is really important for me (banking, trade, or even email) is already encrypted locally with SSL. Could it be decrypted only because the encrypted data is transmitted through an insecure network that can be listened? I'm not sure I know what I'm talking about, but one thing is tapping a signal, and another one is decrypting it?

Would be TrustConnect able to solve whatever security issues?

Thanks again.

Yes.
There is an attack tehcnique.
In the Cryptology, the attacker can read, insert, modifiy any messages
between victim and server.
When an attacker attacks with this, two of victims(client and server) can't
recognize what's going on.
Let's see following process.

1.You conntect the server who provides online banking, and you receive a
server certification digitally signed by a trusted provider.
2.You pc will analyze the certification is trusted or not,if the certification
is trusted by trusted provider, and then the public key will be extracted.
3.Now your PC sends ramdomly generated message with encryption to the server
for the purpose of 'session key'.
4.The server decrypts the session key as server's own secrete key.
The server will use the key  with  a form of 'sysmtric key', and then communicate
with your PC.
What do you call above process?
Yes we call it 'HTTPS protocol'.
Many people think it looks like safe including you right?
But there is something you missed.
Web browsers rely on basically user's confirmation when there is a confirmation for
unverified certification.
Yes...this will be very important vulnerrability.
Let's see how to attack.
1.the attacker makes his IP address as the server with DNS Spoofing.
  (DNS Spoofing:the hacker changes your DNS server ip to his IP, so your PC thinks
   the attacker's IP is real DNS server.)
2.you can't recognize it's real one or not.
3.the attacker starts to relay packets from you.(this technique what we call 'packet relay')
4.you still think there is no problem with communication.
  yes...nothing is happened in front of you.
5.when you log in to the server, the attacker takes the certification from the server
  and saves into attacker's pc.
  How is it possible? you pc already attacked by DNS Spoofing.
6.now the attacker sends a fake cetification to you.
7.you will receive and confirm attacker's fake certification.
8.your pc will decrypt the fake certification.
9.the attacker can find your real login ID and password from real certification.
  How is it possible? he already took your key and server's certification.
  the attacker's pc is now the server and you.So the attacker can extract key from
  the certification. the attacker pretends you and server.

When there is fake certification, your web browser shows you
warning message. But many people don't think about the warning message
from their web browser then just click 'ok' instead of 'cancel'.
If you click 'cancel', you will not have any problem.
So are you still safe if you click 'cancel'?
No...
There is another attack technique to bypass that.
Next time I'm gonna explain about another technique.
There is one more thing you should know.
In the real world, SSL is not always safe.
If SSL is always safe, there is no OTP,Security card, key stroking encryption etc.
Right?
So you can think why OTP,Security card, key stroking encryption etc exist.

But I think one of moderator will delete or edit my post.
Because, something was happened a few days ago.
So, I can't post all about those hacking technique here.
If I want to make people understand the process,
I should introduce ,for example,attack tools and how to use them.
But as you know, I can't do it here.
I think I should better post those stuffs on other place instead of here.
If I do that, I'll let you know.

I don't teach hacking and cracking.
I just want to show why people should know about it.
And then they can defend themselves.
am I wrong?

thank you.

You should read following my posts.
I posted it before.
It will show you the real world...

https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/criminal_minds_case1-t37250.0.html

https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/criminal_minds_case12-t37306.0.html

https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/criminal_minds_case1final-t37355.0.html

[panic]

Check your PMs Japo.

[Japo]

Check your PMs Japo.

Thanks. Yes I remember.

So you also think TrustConnect will be necessary?

How much overhead does it entail, do you know?

[LaserWraith]

Check your PMs Japo.

   That always makes me curious. 


I want to know what Japo should do, because I have a similar problem.   

[Creasy]

Thanks. Yes I remember.

So you also think TrustConnect will be necessary?

The secure connection will be necessary if you want use wireless network.
You need to ask about packet encryption service to your ISP.
But I don't think they provide it for HOME networking users.
That's why I recommed you the wired network.
There are many hacking accidents with wireless network.
You can easly sniif other ppl's packets.
Also you can easly hack other ppl's network.

How much overhead does it entail, do you know?

It depands on the region.

[Japo]

  That always makes me curious. 


I want to know what Japo should do, because I have a similar problem.   

DUN DUN DUNN...

He recommended Comodo TrustConnect to me.

I was already considering the option, the problem is that my knowledge isn't enough to establish on my own whether it's really needed.

[LaserWraith]

I am considering getting CIS Pro, which should come with TrustConnect.  The issue that you have to provide your payment details in order to get a trial is standing in the way a bit. 

I hoped that TrustConnect would not show my IP address.    But it may make our already crawling connection even slower.   

[Creasy]

I am considering getting CIS Pro, which should come with TrustConnect.  The issue that you have to provide your payment details in order to get a trial is standing in the way a bit. 

I hoped that TrustConnect would not show my IP address.    But it may make our already crawling connection even slower.   

Check your PM LaserWraith. 

Creasy.

[Creasy]

DUN DUN DUNN...

He recommended Comodo TrustConnect to me.

I was already considering the option, the problem is that my knowledge isn't enough to establish on my own whether it's really needed.

If you ready to pay for Trustconnect, it's a good choice.

For your guidance, it's based on VPN.

[Japo]

Thanks guys.

In the end the phone guys called me and I'm all set up 100 per cent wired. (Too bad cable wasn't a possibility.)

Now on to cancelling the 3G contract and let's see if some friend wants the modem.

[Tags:]