Tag: Information Security

Why computer can’t connect to Wi-Fi Hotspot on Android phone for a long time (SOLVED)

Why my computer cannot connect to the Android mobile Wi-Fi hotspot for a long time

After updating Android, I ran into a problem that the computer sees a mobile hotspot, but at the same time:

1. It does not try to connect to it automatically

2. When I select the Access Point manually, an attempt is made to connect, which ends in failure after about a minute

See also:

Additional symptoms of the problem:

3. Before the Android update on the phone, connecting to the Hotspot was fast and without problems

4. The computer can sometimes connect to the mobile hotspot

5. New devices quickly connect to Hotspot on Android without problems

One reason for this behavior could be a new setting that allows you to use an arbitrary MAC address for the mobile hotspot.

How to set permanent or random MAC address for Hotspot on Android

Go to Settings → Connections → Mobile Hotspot and Tethering → Mobile Hotspot.

Click the “Configure” button.

Click the “Advanced” button.

Look for “MAC address type”.

There are two options to choose from:

  • Randomized MAC
  • Phone MAC

If you select the first option (“Randomized MAC”), a random MAC address will be generated for the created Mobile Access Point. If you select the second option (“Phone MAC”), the permanent MAC address of the phone will be used for the created mobile hotspot.

Select “Phone MAC”, save the settings and check if this solves the problem with the slow connection to the Hotspot on Android.

What is the “Randomized MAC” setting for? Is it safe to turn it off

The question may arise, why is the “Randomized MAC” setting enabled by default, which creates serious problems when connecting to a mobile hotspot? Perhaps it is very important and should not be disabled?

The MAC address of each device must be unique. More precisely, each network interface (one device, including a phone, can have several network interfaces) must have a unique MAC address. This MAC address allows you to distinguish one device from another. You can also find out the manufacturer of the device by the MAC address (for example, Samsung, Apple, and so on).

See also:

Enabling the “Randomized MAC address” setting makes it so that for a hypothetical third-party observer, an Access Point is created each time on a device unfamiliar to him.

But you need to remember that each Access Point has the following identifiers:

  1. Device MAC address (BSSID)
  2. Access Point Name (ESSID)

That is, if you are really concerned about privacy issues, then in addition to enabling the “Randomized MAC” setting, you also need to change the network name every time, otherwise the “Randomized MAC” setting loses all meaning.

In fact, most users just do not need to enable the “Randomized MAC” setting. Enabling the “Randomized MAC” setting without taking other measures (for example, changing the network name each time the AP is created) does not make much sense. But at the same time, other devices that, when connected to the AP, can be guided by its MAC address, begin to experience connection problems.

In short, if you do not have a clear understanding of what exactly you need the “Randomized MAC” setting for and/or you do not take other steps to make it difficult for your phone to be identified as an AP and at the same time you are experiencing problems connecting to a mobile AP, then you can safely disable this setting.

If your devices connect to the mobile AP without problems with the “Randomized MAC” setting enabled, you can leave it enabled.

Do I need to enable the setting “Support Wi-Fi 6 standard”

If after changing the MAC address type setting, your computer or other devices continue to experience problems connecting to the Mobile Hotspot, then pay attention to the following two settings.

The first setting is “Support Wi-Fi 6 standard”. This item is located in: Settings → Connections → Mobile Hotspot and Tethering → Mobile Hotspot → Configure → Advanced → Support Wi-Fi 6 standard.

Support Wi-Fi 6 standard” brings many technical improvements and data transfer speeds. But that's in theory. If, in practice, your devices cannot connect to the Access Point with the “Support Wi-Fi 6 standard” setting enabled, then disable it.

Choose “2.4 GHz” or “5 GHz”?

In theory, Wi-Fi at 5 GHz is faster. This is due both to the technical characteristics of the 5 GHz channels and to the fact that these channels are currently less crowded. However, in practice, the transmission area of a 5 GHz Wi-Fi signal is less than 2.4 GHz. Some older devices do not support 5 GHz operation. Some devices, even those that support 5 GHz, are slower to find the Access Point at these frequencies.

Although it is recommended to select the 5 GHz band in the Access Point settings, if you are not satisfied with the quality of the mobile Access Point, you can change the Frequency Band of your Access Point. To do this, go to: Settings → Connections → Mobile Hotspot and Tethering → Mobile Hotspot → Configure → Band. There you will be presented with a choice of:

  • 2.4 GHz
  • 5 GHz preferred

Switch to “2.4 GHz” and see if that solves your problem.

How to make VirtualBox virtual machines destroy on computer restart

How to use VirtualBox on Linux so that virtual machines and their settings are not saved

The desire to completely destroy virtual machines is extraordinary and may be related to security and privacy. However, there are at least two ways to achieve the desired effect: the virtual machines will be destroyed as soon as the computer is turned off.

1. Using VirtualBox on a Live System

If you need VirtualBox without saving settings, then you can work in a Live system.

Boot into Live mode, run the command to install VirtualBox:

sudo apt install virtualbox virtualbox-ext-pack

After the command completes, you can start VirtualBox, create virtual machines in it and work in them.

On the next reboot, all changes made will be lost.

To get VirtualBox again, repeat the previous steps exactly.

2. Saving virtual machines in the /tmp directory

The second method involves using a regular Linux installation or Persistence.

If you are working with a Live system, select “Live USB Persistence” or “Live USB Encrypted Persistence” when booting.

Install VirtualBox:

sudo apt install virtualbox virtualbox-ext-pack

Then open VirtualBox and go to menu File → Preferences → General.

Set “Default Machine Folder” to /tmp

As a result, all virtual machines will store their settings in the /tmp directory.

On each reboot, the /tmp directory is automatically cleared.

As a result, after the reboot, the VirtualBox executable files will remain in the system, but all virtual machines will be deleted.

If you are running a Live system, you will also need to select “Live USB Persistence” or “Live USB Encrypted Persistence” on subsequent reboots.

How to change the VeraCrypt interface language in Linux

Currently, preliminary versions of VeraCrypt have an interface in French, German, Russian and other languages. When localization support is added to the stable version, and this will be done in VeraCrypt 1.25, then to get VeraCrypt with the interface translated into your language, it will be enough to install it as shown above.

But currently the localized VeraCrypt interface can only be obtained by installing the preview (RC) version. At the same time, localization does not work in the portable version!

Download and unpack VeraCrypt 1.25-RC1:

curl -L https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/Linux/veracrypt-1.25-RC1-setup.tar.bz2/download > veracrypt-1.25-RC1-setup.tar.bz2
tar xvjf veracrypt-1.25-RC1-setup.tar.bz2

Run the unpacker of the version you need, in the following command the 64-bit version with a graphical interface is selected:

./veracrypt-1.25-RC1-setup-gui-x64

Choose option 1, that is “1) Install veracrypt_1.25-RC1_amd64.tar.gz”:

By the way, in another system, instead of a textual interface, a graphical one was shown, but in any case, we choose the installation.

Scroll through the license agreement and enter “yes”:

Do you accept and agree to be bound by the license terms? (yes/no): yes

In the VeraCrypt interface settings, you will not find an item to change the language – the language is set based on the value of the LANG variable. That is, VeraCrypt will choose the same language as your OS.

To change the language, you can set different values for the LANG variable:

  • Select English (default):
export LANG=en_US.UTF-8
  • Select Russian language:
export LANG=ru_RU.UTF-8

  • Select French:
export LANG=fr_FR.UTF-8

Please note that you can launch VeraCrypt from the menu or by typing the command

veracrypt

Changes to the LANG variable only have an effect on the terminal window in which they were made. That is, if you changed the LANG value in the terminal, but launched VeraCrypt through the menu, then it will ignore (not know) the LANG value and the VeraCrypt interface language will be in English.

To get rid of the error

Gtk-Message: 23:17:40.184: Failed to load module "gail"

install the libgail-common package:

sudo apt install libgail-common

How to check IP history for SSH sessions

How to list IP history of SSH sessions

If a Linux server has been hacked, it becomes necessary to collect information, for example, to get the time and IP addresses of the last SSH sessions. This can help not only identify the source of the danger, but also, for example, answer the question: was the SSH password brute-forced (or the certificate compromised) or an attacker exploited a software vulnerability.

Fortunately, Linux distributions keep logs of logins, both over the network and for users directly sitting in front of the computer.

IP address of the previous SSH connection

Each time you connect via SSH, a line is displayed with the IP from which the previous connection was made, the date and time of this connection is also displayed:

Last login: Thu Oct 7 14:14:48 2021 from 31.28.200.227

History of IP addresses of SSH connections

In addition to the last session, the system stores information about all successful logins for the last months. This information is contained in the utmp / wtmp file. In fact, the utmp file can be used by various programs (not just SSH) that want to preserve the user's login information.

Many distributions have a /var/log/wtmp file where programs write logins to the system. You can check the latest entries with the command:

last

All records containing IP addresses were made via SSH connection.

Entries without IP addresses are the logins of users directly in front of the computer.

Additionally you can check other log files: /var/log/secure (on RH based distributions) or /var/log/auth.log (on Debian based distributions). In these files, sshd usually keeps traces of connections made, even if they were not the result of successful logins (like utmp/wtmp does, which only keep track of successful logins).

Example:

Apr 3 16:21:01 xxxxxxvlp05 sshd[6266]: Connection closed by xxx.xxx.13.76
...
Apr 3 09:09:49 xxxxxxvlp05 sshd[26275]: Failed password for invalid user __super from xxx.xxx.13.76 port 45229 ssh2

The sshd service on IIRC Solaris (which is not necessarily the OpenSSH sshd service) stores this information in /var/adm/messages.

It should be remembered that if the attacker gained access with superuser rights, that is, the root account or another user with elevated privileges is compromised, then all entries in the files /var/log/wtmp or /var/adm/messages can be changed by the attacker. To protect against this, you must regularly upload logs to secure storage.

How to find out who is currently connected via SSH

To see the users logged in, use any of the following commands:

w
who
who -a

The following commands will also show active SSH sessions – each of them has a different set of output information, so you can choose the one that suits you best:

netstat -tnpa | grep 'ESTABLISHED.*sshd'
ss -tap | grep 'ESTAB.*sshd'
ps ax | grep sshd
echo $SSH_CONNECTION

Intel disabled undervolting on 11th gen Tiger Lake CPUs

Owners of new computers, as well as users updating the BIOS of their laptops and computers, may have noticed that manufacturers have a tendency to disable undervolting. 10th Gen processors ship with undervolting disabled by default. To enable it, you need to find the appropriate setting in the depths of the BIOS.

If you have previous generations of central processors and after updating the BIOS, you notice that the undervolting has stopped working, then the matter is in this update.

And not everyone is lucky: sometimes manufacturers block the possibility of undervolting and do not offer any options to re-enable it. The only option in such a situation is to rollback BIOS to the previous version.

And now, in Intel 11th generation processors, undervolting is completely disabled, at the hardware level. There is no other way to turn it on.

The official reason? Vulnerability allowing Plundervolt attack.

How dangerous is a Plundervolt attack? All of the following conditions must be met:

1. Physical access (!) to a computer with an Intel processor

2. Elevated privileges (root rights) (!)

3. 3. Sophisticated software that drastically (-200-300mV range) lowering the voltage in a bizarre way causes malfunctions in calculations and access to the SGX…

4. This vulnerability is only possible on Intel Software Guard Extensions (SGX). Do you know what this is? I do not know either. This is something complex and very rarely (never?) used by regular users.

You may ask, why does this attack even need undervolting if you already have physical access and already have root rights? After all, even using one of these, you can get full access over the computer and do anything with it. The only reason people talk about this vulnerability is the possibility of an attack on SGX. But the site itself says:

If you do not use SGX, you do not need to do anything.

That is the attack does not apply to your computer.

The question is, how reliable are attacks with a strong decrease in voltage in general, if the computer in such cases prefers to simply freeze or go into a reboot?

Why for an attack that is impossible in real conditions and is not exploited by anyone due to the fact that it is pointless/impossible to exploit, it was necessary to completely block the possibility of undervolting? Why not give the “risky guys” an opportunity to turn on undervolting if they are willing to accept non-existent risk?

All these unanswered questions suggest that Intel wants users to buy more expensive processors if they lack the power or TDP.

First of all, owners of laptops, especially ultrabook models, will lose from the prohibition of undervolting. It is difficult to provide good cooling in them and undervolting was the Holy Grail for them. Especially unpleasant for the owner of powerful (gaming) laptops.

Undervolting allows you to use central processors more efficiently, thanks to it they overheat less, consume less energy, keep high frequencies longer (throttling happens less often), and more productive generally. It is a pity that 11th generation Intel processors are deprived of all this due to some phantom danger.

Moreover, it is written on the Plundervolt site, Intel has already released a patch that eliminates this vulnerability.

How to disable autostart of programs and services in Windows

Auto-loading programs and services that you are not using is a waste of system resources. The automatic launch of a large number of programs can slow down your computer.

This article will show you how to check which programs start automatically when you turn on your computer and disable those you don't need.

In addition to programs, we will also consider services. In fact, services are exactly the same programs that may or may not be needed in startup, but for some reason, many people forget about them.

How to disable automatic launch of programs

Enter in the system search “Startup Apps” and open this settings window.

The Startup App setting will open.

Here you can move the sliders and disable those applications that you do not need to start automatically every time you turn on your computer.

How to disable services from startup

Services are a kind of programs that run in the background and do not require user input.

Services can either be native for Windows operating system or be third-party applications. Examples of services that the user can install himself: web server, VNC remote desktop server, SSH server, MySQL server.

To open the service manager, type “Services” into the system search and press Enter:

In the window that opens, pay attention to the “Startup Type” column.

Many of these services are part of the operating system and should not be disabled, otherwise computer performance problems may arise. However, some of these services can be safely removed from startup. This primarily concerns third-party services.

In fact, I would not recommend disabling Windows services. But how can you quickly filter out third-party services from Windows services?

This can be done in the “System Configuration” window.

Go to the Services tab and click the checkbox next to “Hide all Microsoft services”.

You need to pay special attention to these services – some of them can be safely excluded from startup.

Related article: How to manage services on Windows

Can't find exactly how the unwanted program is launched? Then use the Autoruns program.

How to install John the Ripper and Johnny on Windows with GPU support

John the Ripper is a password cracking program that can brute-force passwords for many types of files: archives, office documents, can crack network protocol hashes, and much more.

John the Ripper is a command line utility, so using it requires command line skills and knowledge of John the Ripper options.

Johnny is a graphical interface for John the Ripper that makes it easy to use the popular password cracker.

John the Ripper is portable; to install it, just unpack the downloaded archive with this program. Johnny is also a portable program distributed in an installer file. Johnny requires John the Ripper to work, which means both programs need to be installed.

The installation of these programs is simple, but John can only use the CPU to brute force the password, but it cannot use the GPU. Cracking a password on a video card is many times faster than on a central processor, so I would like to add support for a graphics card, especially since it is possible.

This tutorial will show you how to install John the Ripper and Johnny on Windows so that you can crack passwords on your video card.

How to install John the Ripper on Windows with GPU support (OpenCL)

Install Cygwin first – just go to the official website https://www.cygwin.com/, download the setup-x86_64.exe file and install.

Download the winX64_1_JtR.7z file from https://github.com/openwall/john-packages/releases/tag/jumbo-dev.

Unzip the contents of this archive into the C:\cygwin64\home\<USERNAME> folder, for example, my username is MiAl, so I unpack it to C:\cygwin64\home\MiAl\. Please note that you need to create a folder and copy files into it on behalf of a regular user, because during its work John the Ripper will try to write data to a .pot file in the same folder where the program is running. If you copied the JtR folder in the file manager with elevated rights, then this folder will belong to the Administrator and it is impossible to write anything into it or change the rights to it.

Now in the folder C:\cygwin64\home\<USERNAME>\JtR\run\ find cygOpenCL-1.dll file and rename it to cygOpenCL-1.dll.bac.

Then in the c:\Windows\System32 folder find the OpenCL.dll file and copy it to the C:\cygwin64\home\<USERNAME>\JtR\run\ folder.

Then, in the C:\cygwin64\home\<USERNAME>\JtR\run\ folder, rename the OpenCL.dll file to cygOpenCL-1.dll.

Then the same procedure must be repeated for the file in the C:\cygwin64\bin\ folder. That is, in the C:\cygwin64\bin\ folder, find cygOpenCL-1.dll and rename it to cygOpenCL-1.dll.bac. Then find the OpenCL.dll file in the c:\Windows\System32 folder and copy it to the C:\cygwin64\bin\ folder. Finally, in the C:\cygwin64\bin\ folder, rename the OpenCL.dll file to cygOpenCL-1.dll.

So that you understand why we are doing all this, take a look at the cracking speed on the central processor:

And on the speed of hacking on the video card, which became available thanks to the actions shown above with the substitution of files:

Open Cygwin console to execute commands.

Run test:

~/JtR/run/john --test=0

Run your system benchmark:

~/JtR/run/john --test

How to install Johnny on Windows with GPU support (OpenCL)

Open Cygwin – we'll be compiling Johnny from source.

Install apt-cyg:

curl https://raw.githubusercontent.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg
install apt-cyg /bin

See also: apt-cyg – apt for Cygwin

Install dependencies:

apt-cyg install gcc-g++ git libQt5Core-devel make libQt5Gui-devel libGL-devel xorg-server xinit

Download the source code and compile the program:

git clone https://github.com/shinnok/johnny && cd johnny
export QT_SELECT=qt5
qmake-qt5 && make -j$(nproc)

By default the X server is not running in Cygwin, start Cygwin/X:

startxwin &

Press Enter to see the command line prompt.

Let's set the value of the DISPLAY variable:

export DISPLAY=:0.0

You can now start Johnny:

./johnny

Start Johnny, go to the Settings tab and point to the john.exe executable, for example /home/MiAl/john/run/john.exe.

The following screenshot is taken in Windows after successfully cracking password using Johnny and the video card.

Look for instructions for use on the pages-cards of these programs:

How to find out Wi-Fi password nearby

Even while traveling, each of us needs the Internet connectoin – it doesn’t matter if you work online or just want to tell your relatives that everything is in alright or update your status in social media.

Almost all hotels and guesthouses have free Wi-Fi and you can just ask for an access password. But when renting a room in a condo, Wi-Fi is rarely included in the rental price. You need to either pay for the ability to connect to Wi-Fi, or buy a local SIM card.

But before doing this, try the described very simple way to find out the password for Wi-Fi networks around you. Firstly, it’s really the easiest way to find out the password from someone else’s Wi-Fi – you do not need any programs, you do not need to install or run any software. Secondly, in any case, you do not lose anything. Over the past year and a half of my life in Thailand, I have never paid for Wi-Fi, although I used it every day.

By the way, even if you are not traveling – it will still be useful for you to check your home router – it is possible that your password has leaked into the public Wi-Fi password database.

3wifi

3wifi is an open database of Wi-Fi access points with their passwords. The map shows the location of Wi-Fi networks and gives their characteristics along with passwords. All that is required is to find the location of interest and see the name of the networks and their passwords.

How to find out a password from someone else's Wi-Fi

Everything is extremely simple. Go to the map: https://3wifi.stascorp.com/map

Click the ‘Вход’ button and enter:

  • Login: antichat
  • Password: antichat

In addition, click on the Wi-Fi icon to temporarily remove wireless networks from the map – there are so many Wi-Fi access points in the database that it is already difficult to navigate on the map, because they close the view.

Enter the name of the city and metro station or street you are interested in:

Find the house where you will live:

And again click on the Wi-Fi icon to display wireless networks:

In the description of each Wi-Fi network, the penultimate line is the name of the network, and the last line is the password for this Wi-Fi network!

So easy! And given the huge number of Wi-Fi networks around us, it is almost always possible to find the one that is present in the 3wifi database.

Wi-Fi card for good signal reception

It doesn’t matter if you use a Wi-Fi network with a legally obtained password or if you found a Wi-Fi password on 3wifi, if the wireless access point is far (this can happen in hotels), disconnections will happen and the connection quality will be poor.

To significantly improve the situation, including for free connection to far Wi-Fi access points, it is advisable to purchase an external Wi-Fi adapter with a large antenna.

If you are limited in money, the Alfa AWUS036NHA is recommended along with the large Alfa ARS-N19 antenna.

If you want the very top, then buy the Alfa AWUS1900.

Alfa AWUS036NHA only supports 2.4GHz frequencies, and Alfa AWUS1900 supports 2.4GHz, 5.0GHz, and modern high-speed Wi-Fi protocols. This is the best, uncompromising solution, but costs more.

I recommend these two cards for the reason that with the help of them you can not only connect and have a good reception level, but also can hack wireless access points; hackers use these or similar devices.

With such Wi-Fi adapters and with 3wifi, free internet is almost guaranteed.

Is it dangerous to use someone else's Wi-Fi

In fact, yes, it’s dangerous! And this is not only when you steal Wi-Fi, even if you are legally connected to a third-party AP, then you are in the local network with other users. And among them there can be both ordinary users like you, and malefactors.

The danger is that third parties can connect to the services on your computer. An example of such services is Windows Shares (SMB protocol).

Another common service on webmasters’ computers is a web server. The web server can have your source code of sites and services, as well as the web applications on the running web server can be used to further compromise the entire computer.

In the local network, a man-in-the-middle attack and phishing attacks are possible as a result of which passwords from websites can be stolen; DNS spoofing attack is possible as well.

In general, when connecting to extraneous Wi-Fi access points (even if you are connected legally), disable unnecessary network services on your computer or set up a firewall to block connection to them. Be careful and do not to enter passwords on phishing sites.

Will VPN help when using Wi-Fi

Yes and no. Thanks to the VPN, all connections to the WAN will be encrypted and phishing attacks and password theft will be impossible. BUT: the network services on your computer are not protected in any way in a VPN, that is, if you have enabled password-free login to the Windows Shares, then anyone on the local network can connect to it even if you use a VPN! The protection of local services must be dealt, regardless of the use of VPN.

Loading...
X