Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Friday August 28 2015, @10:14PM   Printer-friendly
from the time-for-port-mirroring dept.

With the release of Windows 10 there have been serious privacy concerns raised as to what data Windows is sending home to mommy and daddy. Much of this could be called benign data leakage for your average user (location information for a map, search information, etc) but it has been hinted that even disabling these features doesn't prevent data being sent from your computer. This is also true for Android, iOS devices, browsers, browser plugins, and software registration / update tools. Even a vanilla Linux or BSD install may be sending out information you aren't aware of. If you haven't checked, you don't know.

Firing up a packet monitor is fairly easy on the host OS and a decent firewall / gateway can dump all the packets from a local network. Assuming the majority of data you would be concerned about leaking out is encrypted, is there an easy way for an owner to decrypt it to see what is actually being sent out? Are there groups conducting this type of analysis and publishing their results with any level of detail?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by frojack on Saturday August 29 2015, @03:43AM

    by frojack (1554) on Saturday August 29 2015, @03:43AM (#229317) Journal

    Not always that easy.

    First, you want to capture packets on a different machine than the subject machine.
    Unless you can do this on the firewall/gateway machine, its kind of hard.

    Switches, which is what we use these days, don't allow you to sniff traffic between other stations.
    That means you have to put your wireshark machine in the path somehow.
    This is easier if you dig through your junk drawer, and find an old cat5 hub, probably 10meg at best. (which is fine).

    Hubs echo all traffic to all ports, so now you can capture all the packets you are interested in with wireshark.
    Put the hub on your switch, then hang both the subject machine and the test machine on other hub ports.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by soylentsandor on Saturday August 29 2015, @08:40AM

    by soylentsandor (309) on Saturday August 29 2015, @08:40AM (#229389)

    Not everything marketed as a switch actually is a switch though. The cheaper ones are more likely to secretly be hubs.

    • (Score: 2) by Urlax on Saturday August 29 2015, @01:06PM

      by Urlax (3027) on Saturday August 29 2015, @01:06PM (#229409)

      Isn't every wireless network (by design) an 'hub'? Of course we all have gigabit Ethernet to our NAS, but if you have a wireless adapter which supports promiscuous mode.. Otherwise you'll have to put a machine in between with two NICs, which is even easier.

      • (Score: 2) by frojack on Saturday August 29 2015, @08:01PM

        by frojack (1554) on Saturday August 29 2015, @08:01PM (#229529) Journal

        Not since the advent of switches instead of hubs.

        http://www.blackbox.com/resources/blackboxexplains.aspx?id=bbe_4170 [blackbox.com]

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 2) by Hyperturtle on Saturday August 29 2015, @11:14PM

          by Hyperturtle (2824) on Saturday August 29 2015, @11:14PM (#229606)

          Wireless/wifi is indeed a "wireless hub"--at least with the 802.11a/b/g/n types out. MIMO is more switchlike, but that's only true as long as you don't exceed the additional connections that the multiple antennas provide.

          Cheap hardware one gets at the retail electronics store is probably not what we'd use to do it; frojack, you wrote a good start for how it has to be done.

          The switch required has to provide a means of redirecting traffic to another port for the purposes of monitoring -- Cisco, Extreme, Juniper, Aruba etc, all have hardware with the option under a given name; Cisco calls it SPAN, and sometimes just monitoring.

          100mb hubs are available, too, and would work for this and related scenarios.

    • (Score: 2) by frojack on Saturday August 29 2015, @07:58PM

      by frojack (1554) on Saturday August 29 2015, @07:58PM (#229526) Journal

      That hasn't been true for a long time.
      It may have been true when switches first came out (although I never saw such gear), but nobody is selling that junk anymore.

      --
      No, you are mistaken. I've always had this sig.