Raspberry Pi middle-man?

Stephen Elliott tnflyfisher at live.com
Mon Jun 10 17:26:30 MST 2019


Aaron, please explain this in more detail for the non-pros here. Thanks.

Stephen

On 6/10/19, 12:00 PM, "PLUG-discuss on behalf of plug-discuss-request at lists.phxlinux.org" <plug-discuss-bounces at lists.phxlinux.org on behalf of plug-discuss-request at lists.phxlinux.org> wrote:

    Send PLUG-discuss mailing list submissions to
    	plug-discuss at lists.phxlinux.org
    
    To subscribe or unsubscribe via the World Wide Web, visit
    	https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0
    or, via email, send a message with subject or body 'help' to
    	plug-discuss-request at lists.phxlinux.org
    
    You can reach the person managing the list at
    	plug-discuss-owner at lists.phxlinux.org
    
    When replying, please edit your Subject line so it is more specific
    than "Re: Contents of PLUG-discuss digest..."
    
    
    Today's Topics:
    
       1. Privacy on Public WiFi (trent shipley)
       2. Re: Privacy on Public WiFi (Aaron Jones)
       3. Re: Privacy on Public WiFi (Stephen Partington)
       4. Re: Privacy on Public WiFi (Michael Butash)
    
    
    ----------------------------------------------------------------------
    
    Message: 1
    Date: Sun, 9 Jun 2019 21:13:09 -0700
    From: trent shipley <trent.shipley at gmail.com>
    To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
    Subject: Privacy on Public WiFi
    Message-ID:
    	<CAEFLybLM7VYYy8LrD0gVBc1_e14hCqX0VZnKJyAb_ixHUotz+w at mail.gmail.com>
    Content-Type: text/plain; charset="utf-8"
    
    A while ago I was at the downtown Scottsdale public library with my
    computer.  They had open, public WiFi--which I was NOT going to use.  I
    tried to use my mobile phone data, but the reception inside the building
    was Terrible!
    
    It seems like the problem of insecure public WiFi should be surmountable.
    
    How hard would it be do develop technology that puts a key on a $1 or $2
    USB, that you buy (put a deposit on) at the reception desk (or from a
    machine).  You also get an FOSS app.  The app takes the key on the cheap
    USB and securely logs you into the library's (or Starbucks) public WiFi.
    The library determines how long the key(s) on the USB is (are) good for.
    
    When you're done.  You turn the little USB in for your deposit.  The
    library wipes the usb clean, puts another key on the usb, and vends it
    again.
    
    1) Does this exist at "trivial" cost to the WiFi user?
    2) If not, how feasible is it?
    3) If it does not exist, and is feasible, who would be interested in this
    as a project with a goal of a demo install at a local library, non-profit
    coffee house, etc. and RFC?
    
    Trent
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190609%2F43223bb7%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=HN%2F%2F%2B1bvhtIb4n3NovAae6N2x2FwyYDmMc7NAsy0GVM%3D&reserved=0>
    
    ------------------------------
    
    Message: 2
    Date: Mon, 10 Jun 2019 04:05:47 -0700
    From: Aaron Jones <retro64xyz at gmail.com>
    To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
    Subject: Re: Privacy on Public WiFi
    Message-ID: <547F0823-BFD0-41AD-86CB-E9F80AF44896 at gmail.com>
    Content-Type: text/plain;	charset=utf-8
    
    Use a Raspberry Pi as a middle man and a reliable VPN. No cost for the library and 20x safer for you. 
    
    Don’t plug stuff into your ports. 
    
    > On Jun 9, 2019, at 9:13 PM, trent shipley <trent.shipley at gmail.com> wrote:
    > 
    > A while ago I was at the downtown Scottsdale public library with my computer.  They had open, public WiFi--which I was NOT going to use.  I tried to use my mobile phone data, but the reception inside the building was Terrible!
    > 
    > It seems like the problem of insecure public WiFi should be surmountable.
    > 
    > How hard would it be do develop technology that puts a key on a $1 or $2 USB, that you buy (put a deposit on) at the reception desk (or from a machine).  You also get an FOSS app.  The app takes the key on the cheap USB and securely logs you into the library's (or Starbucks) public WiFi.  The library determines how long the key(s) on the USB is (are) good for.  
    > 
    > When you're done.  You turn the little USB in for your deposit.  The library wipes the usb clean, puts another key on the usb, and vends it again.
    > 
    > 1) Does this exist at "trivial" cost to the WiFi user?
    > 2) If not, how feasible is it?
    > 3) If it does not exist, and is feasible, who would be interested in this as a project with a goal of a demo install at a local library, non-profit coffee house, etc. and RFC?
    > 
    > Trent
    > ---------------------------------------------------
    > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
    > To subscribe, unsubscribe, or to change your mail settings:
    > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0
    
    
    ------------------------------
    
    Message: 3
    Date: Mon, 10 Jun 2019 07:54:53 -0700
    From: Stephen Partington <cryptworks at gmail.com>
    To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
    Subject: Re: Privacy on Public WiFi
    Message-ID:
    	<CACS_G9wC4XnfBWMxO5WrudPvu8snzOx7wgpz0XPwvGjVuvWGUg at mail.gmail.com>
    Content-Type: text/plain; charset="utf-8"
    
    This is exactly what VPN is designed for.
    
    The reason public wifi is insecure is that it is shared among everyone. Now
    if you could build your router to prevent anyone from talking to each other
    and just the outside world that would have your desired effect. Or maybe a
    partnership with a VPN provider.
    
    On Sun, Jun 9, 2019 at 9:13 PM trent shipley <trent.shipley at gmail.com>
    wrote:
    
    > A while ago I was at the downtown Scottsdale public library with my
    > computer.  They had open, public WiFi--which I was NOT going to use.  I
    > tried to use my mobile phone data, but the reception inside the building
    > was Terrible!
    >
    > It seems like the problem of insecure public WiFi should be surmountable.
    >
    > How hard would it be do develop technology that puts a key on a $1 or $2
    > USB, that you buy (put a deposit on) at the reception desk (or from a
    > machine).  You also get an FOSS app.  The app takes the key on the cheap
    > USB and securely logs you into the library's (or Starbucks) public WiFi.
    > The library determines how long the key(s) on the USB is (are) good for.
    >
    > When you're done.  You turn the little USB in for your deposit.  The
    > library wipes the usb clean, puts another key on the usb, and vends it
    > again.
    >
    > 1) Does this exist at "trivial" cost to the WiFi user?
    > 2) If not, how feasible is it?
    > 3) If it does not exist, and is feasible, who would be interested in this
    > as a project with a goal of a demo install at a local library, non-profit
    > coffee house, etc. and RFC?
    >
    > Trent
    > ---------------------------------------------------
    > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
    > To subscribe, unsubscribe, or to change your mail settings:
    > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
    
    
    
    -- 
    A mouse trap, placed on top of your alarm clock, will prevent you from
    rolling over and going back to sleep after you hit the snooze button.
    
    Stephen
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2F680cacac%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=ksjjZFJScFOAEU%2FBHezjykpGPat6X6eUWBcZxV2j5EE%3D&reserved=0>
    
    ------------------------------
    
    Message: 4
    Date: Mon, 10 Jun 2019 10:02:06 -0700
    From: Michael Butash <michael at butash.net>
    To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
    Subject: Re: Privacy on Public WiFi
    Message-ID:
    	<CADWnDst7FzSqH89gWx_bUHvVcZpYnfvDR0_Dhf86ERSb3=-p6Q at mail.gmail.com>
    Content-Type: text/plain; charset="utf-8"
    
    I don't see much of an issue with using public wifi so long as you know
    whatever you're doing that is important/sensitive is encrypted.  I don't
    use any public wifi any more than absolutely required, but otherwise almost
    every *responsible* website or service uses tls for https traffic today
    anyways, or as stated - you use a vpn to ensure no one locally at least is
    sniffing your wifi session.  If your websites or services aren't using
    https, you shouldn't use them, as even a vpn has to egress to regularly
    internet somewhere that has a government (or other) black box sniffing it
    too.
    
    I agree, it would be nice if there were a better method of getting public
    users encrypted, but without some unique key exchange per user, or at very
    least a white-list method (remember the wps buttons that generated a weak
    numerical pin?) to make strong, or at least random, it'll remain weak at
    best, and probably eventually exploitable.
    
    A hardware solution is a non-starter though.  Where does a phone or tablet
    have a usb slot to get on?  Certainly whoever made it wouldn't support
    linux, or a foss solution as it doesn't incentivise anyone to produce said
    hardware.  Hand out yubikeys, but client software and use is still
    problematic even with u2f per os for something like wifi use.
    
    If you did hardware, I'd imagine nfc-based for mobiles, make them come up
    and swipe a token to get the pass of the day to get on, and it changes
    every day.  PC's you just rotate a common key to give to customers every
    day and print/display for users inside the establishment every day.  Even
    just use a one-time token generator with a numeric key held by
    *someone(s)*.  I've seen medical offices handling guest wifi by changing
    keys daily for at least any guest ssid and just printing the daily guest
    wifi inside reception, which keeps persistent users from access outside the
    establishment doing probably nothing good.
    
    This can be done with any enterprise-ish wifi solution that supports
    Private-PSK functions, or many-to-one passwords for the same ssid.
    Aerohive, Cisco, Juniper/Mist, Aruba, etc all tend to do this, leverage otp
    generation via Duo, Google Authenticator, or other "app".
    
    Even once encrypted, do you still trust the internet source though, that
    their router isn't infected from running a 10yr old firmware?  You
    shouldn't, again vpn, or at least ensuring who you're accessing is using
    tls, and you trust their cert.
    
    Interestingly enough being in Santa Monica CA on business. their public
    library gets swarmed daily with homeless that really love their free public
    wifi there (seems even homeless all have cell phones these days), that I
    can only imagine the cesspool of devices there that could be
    hijacked/man-in-the-middle'd easily on non-encrypted wifi.  Even just build
    a fake public access ap to mitm, then infect...  Being that I'm there doing
    work *for* the city, it's something I have mentioned to folks as a problem.
    
    -mb
    
    
    
    On Sun, Jun 9, 2019 at 9:13 PM trent shipley <trent.shipley at gmail.com>
    wrote:
    
    > A while ago I was at the downtown Scottsdale public library with my
    > computer.  They had open, public WiFi--which I was NOT going to use.  I
    > tried to use my mobile phone data, but the reception inside the building
    > was Terrible!
    >
    > It seems like the problem of insecure public WiFi should be surmountable.
    >
    > How hard would it be do develop technology that puts a key on a $1 or $2
    > USB, that you buy (put a deposit on) at the reception desk (or from a
    > machine).  You also get an FOSS app.  The app takes the key on the cheap
    > USB and securely logs you into the library's (or Starbucks) public WiFi.
    > The library determines how long the key(s) on the USB is (are) good for.
    >
    > When you're done.  You turn the little USB in for your deposit.  The
    > library wipes the usb clean, puts another key on the usb, and vends it
    > again.
    >
    > 1) Does this exist at "trivial" cost to the WiFi user?
    > 2) If not, how feasible is it?
    > 3) If it does not exist, and is feasible, who would be interested in this
    > as a project with a goal of a demo install at a local library, non-profit
    > coffee house, etc. and RFC?
    >
    > Trent
    > ---------------------------------------------------
    > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
    > To subscribe, unsubscribe, or to change your mail settings:
    > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2Fae831f2c%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=zessCihj8YyH8ohLnXQ8OZy0x1iTannv2nWgRXCnaEE%3D&reserved=0>
    
    ------------------------------
    
    Subject: Digest Footer
    
    _______________________________________________
    PLUG-discuss mailing list  -  PLUG-discuss at lists.phxlinux.org
    To subscribe, unsubscribe, or to change your mail settings:
    https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
    
    
    ------------------------------
    
    End of PLUG-discuss Digest, Vol 168, Issue 5
    ********************************************
    



More information about the PLUG-discuss mailing list