SoylentNews is people
SoylentNews
With the release of Windows 10 there have been serious privacy concerns raised as to what data Windows is sending home to mommy and daddy. Much of this could be called benign data leakage for your average user (location information for a map, search information, etc) but it has been hinted that even disabling these features doesn't prevent data being sent from your computer. This is also true for Android, iOS devices, browsers, browser plugins, and software registration / update tools. Even a vanilla Linux or BSD install may be sending out information you aren't aware of. If you haven't checked, you don't know.
Firing up a packet monitor is fairly easy on the host OS and a decent firewall / gateway can dump all the packets from a local network. Assuming the majority of data you would be concerned about leaking out is encrypted, is there an easy way for an owner to decrypt it to see what is actually being sent out? Are there groups conducting this type of analysis and publishing their results with any level of detail?
(Score: 1, Informative) by Anonymous Coward on Friday August 28 2015, @10:18PM
https://en.wikipedia.org/wiki/Wireshark [wikipedia.org]
https://wiki.wireshark.org/SSL [wireshark.org]
Start with that and go from there.
Yes there are people out there who tear them apart and figure out what they do.
(Score: 1, Insightful) by Anonymous Coward on Friday August 28 2015, @10:21PM
And if you see sensitive data going out in plain text, panic.
(Score: 2) by novak on Saturday August 29 2015, @05:22AM
I don't do that much packet analysis, but in my own pretty limited experience with wireshark I have seen at least one program that transmits passwords as plain text. Just reminding everyone that sometimes professional looking programs are really security nightmare turds. Windows 10 I expect to be far more complex to root out what it's saying- MS wants to spy but certainly doesn't want to be accused of leaking user data or worse yet actually having the data fall into competitors hands.
novak
(Score: 5, Informative) by krishnoid on Friday August 28 2015, @11:03PM
Laura Chappell's classes [lcuportal2.com] are quite good -- I took her first course for free when she was offering it live. She definitely knew her stuff and provided solid, specific recommendations.
(Score: 0) by Anonymous Coward on Friday August 28 2015, @11:36PM
Of course she knows her stuff. Everybody and their dog relies on her work to do traffic analysis. Think of Laura Chappell as being the Linus Torvalds of her field.
(Score: 1) by Francis on Friday August 28 2015, @11:58PM
This is good to know. I'll definitely be using this on my VB installation of 10, just so I know how much to avoid using it for anything sensitive.
As it is, I'm a bit hesitent to trust it with anything financial in case the rumors are true. I've heard to many stories about companies that ought to know better losing data that they shouldn't have.
(Score: 0) by Anonymous Coward on Saturday August 29 2015, @12:29AM
There is overwhelming emphasis on SSL and other security stuff, but to really get the most out of Wireshark you should give yourself a brief familiarization of all those other networking acronyms like NAT, TCP/IP (especially the handshaking process), UDP, DNS(which runs on UDP), DHCP.
Any one of these [google.com] should provide a decent quick reference.
-- Ethanol-fueled
(Score: 2) by fleg on Saturday August 29 2015, @02:04AM
links borked, try [prweb.com] and the actual chart is here [prweb.com]
(Score: 2) by frojack on Saturday August 29 2015, @03:43AM
Not always that easy.
First, you want to capture packets on a different machine than the subject machine.
Unless you can do this on the firewall/gateway machine, its kind of hard.
Switches, which is what we use these days, don't allow you to sniff traffic between other stations.
That means you have to put your wireshark machine in the path somehow.
This is easier if you dig through your junk drawer, and find an old cat5 hub, probably 10meg at best. (which is fine).
Hubs echo all traffic to all ports, so now you can capture all the packets you are interested in with wireshark.
Put the hub on your switch, then hang both the subject machine and the test machine on other hub ports.
No, you are mistaken. I've always had this sig.
(Score: 2) by soylentsandor on Saturday August 29 2015, @08:40AM
Not everything marketed as a switch actually is a switch though. The cheaper ones are more likely to secretly be hubs.
(Score: 2) by Urlax on Saturday August 29 2015, @01:06PM
Isn't every wireless network (by design) an 'hub'? Of course we all have gigabit Ethernet to our NAS, but if you have a wireless adapter which supports promiscuous mode.. Otherwise you'll have to put a machine in between with two NICs, which is even easier.
(Score: 2) by frojack on Saturday August 29 2015, @08:01PM
Not since the advent of switches instead of hubs.
http://www.blackbox.com/resources/blackboxexplains.aspx?id=bbe_4170 [blackbox.com]
No, you are mistaken. I've always had this sig.
(Score: 2) by Hyperturtle on Saturday August 29 2015, @11:14PM
Wireless/wifi is indeed a "wireless hub"--at least with the 802.11a/b/g/n types out. MIMO is more switchlike, but that's only true as long as you don't exceed the additional connections that the multiple antennas provide.
Cheap hardware one gets at the retail electronics store is probably not what we'd use to do it; frojack, you wrote a good start for how it has to be done.
The switch required has to provide a means of redirecting traffic to another port for the purposes of monitoring -- Cisco, Extreme, Juniper, Aruba etc, all have hardware with the option under a given name; Cisco calls it SPAN, and sometimes just monitoring.
100mb hubs are available, too, and would work for this and related scenarios.
(Score: 2) by frojack on Saturday August 29 2015, @07:58PM
That hasn't been true for a long time.
It may have been true when switches first came out (although I never saw such gear), but nobody is selling that junk anymore.
No, you are mistaken. I've always had this sig.