gadget

Beyond eastereggs, things you probably don’t know

… IT is everywhere, some interesting facts you probably don’t know or haven’t heard even while using IT/it for years, some kind of eastereggs as greatings from the creators behind

1337 – leetspeak for the digital natives

IPoAC

IP over Avian Carriers (IPoAC) is a proposal to carry Internet traffic via birds, an RFC 1149 at Internet Engineering Task Force (IETF) from 01.04.1990

ping

the payload of an ICMP/ping request contains “abcdefghijklmnopqrstuvwabcdefghi”

cmd

install telnet-client as windows feature, open cmd and enter: telnet towel.blinkenlights.nl

wifi

set password to 2444666668888888, when someone ask’s for your password, tell him/her 12345678, but why? … it is calulated via 1*2,3*4,5*6,7*8

word

enter on a word file =rand(5,5) to generate random text

chrome

you know chrome’s offline easteregg and how to play online

you notice it when sites doesn’t load or videos can’t played… not at Firefox or IE google added in 2014 a little endless runner to chrome browser, the developer wrote about the idea – when your trying to load something and the connection suddenly stops – simply tab the screen or hit the spacebar –… Continue reading you know chrome’s offline easteregg and how to play online

“J”

on mobile you’ll receive emails containig an “J”, this is because outlook convert smilies in wingdings font, wich mobile display as a single letter J, K und L, instead of :), 😐 and 😦

firefox

enter “about:robots” in addres bar

google search

enter “(sqrt(cos(x))cos(400x)+sqrt(abs(x))-0.4)(4-xx)^0.1″ in google search

facebook

the IPv6 address auf facebook is “2a03:2880:f003:c07:face:b00c::2″

bluetooth

the name is a homage to Harald Blauzahn, the logo is a monogram of his wiking runes

apple

amazon

there are lot clever 404 sites out there, but amazon’s favor the love of it’s employee’s dogs


there a lot more easter eggs everywhere! read all 101 best Easter eggs in tech history @stuff.tv

apple, google, innovation, technology

qr code & share wifi

qr code in business it is quite common to use qr code to optimize processes – in private this feature is rarely adopted, but …

arrow read more: enterprise features of android pie

 

qr code

often used to link webpages, promote sales offers or share contacts – different styles, colors or even logos are possible …

2018-09-09 11_37_59-QR Code Generator - Create QR codes here     2018-09-09 11_40_44-QR Code Generator - Create QR codes here

 

… but it gets complicated if you don’t know how to scan the code, first need to download a qr code reader app – since ios11 apple added the native function to scan qr code with camera app – some android device got a qr code reader pre-installed, other need to download it from app store

 

wifi qr code

enterprise facing other challenges to secure authenticate and trust devices

arrowread more: wifi security today and attack vectors

friends often request to join private wifi – tell the password ? no – enter your 12diget&complex$pezialC4ract3r password ? maybe not

create a qr code of your wifi incl. password, with services like qifi, your friends needs to “simply” scan the code

tested: for ios since ios11 it is working pretty easy, android devices with pre-installed qr code reader need to find the right app, but even my huawei ai powered camera is unable to recognize the qr code

update: since ios12 it is possible to add qr code scanner to control center to access from lockscreen and qr codes  highlighted in camera while scanning

qr12-e1537271073765.jpg

 

ios share wifi

even since ios11 apple added a feature to share wifi password between two ios devices, unless you have an ios device, the are some requirements to be meet

  • both ios devices need ios11 or newer installed
  • both ios devices need wifi and bluetooth enabled
  • your ios device must be actively connected to the wifi that the other device wants to join
  • both ios devices need physical proximity to each other
  • you must have each other in contacts list

 

be aware

  1. that trusted devices are inside your network, may access your private services (sonos) or unsecured storages (nas) – better setup a separate guest wifi, with just access to the internet
  2. shared passwords synced to google backup or icloud backupScreenshot_20180909-120209
technology

wifi security today and attack vectors

because of current occasion …

… inside a wifi you could find your ip in android 8 settings > about > status, use unsecured services like sonos, scan for other clients, check open ports, bruteforce backend services (router, firewall)

open wifi – in 2018 none should access untrusted unsecured wireless networks anymore

wpa encryption – works with “handshake” to ensure trust between devices – wpa2 added advanced encryption standart (aes) – wpa2 is vulnerable: key reinstallation attacks – wi-fi alliance announced wpa3 with additional security features

public wifi – when accessing a wifi while shopping, your devices are redirected to a captive portal to accept policies and establish a secure connection

vpn – apps like nordvpn esablish secure connection to add another layer of security, browse incognito through the internet

business – could use radius protocol to check validity of authentification – further enroll client certificate via mdm to authenticate via 802.1x – aruba clearpass can check devices status in mdm to ensure security and trust at the entire cycle

rouge access – attacker can fake access points to start a man in the middle (mitm) attack, intercept your private data, for example this pineapple nano

hashcat – new technique allow to get all the information they need to brute force decrypt a Wi-Fi password, by snooping on a single data packet going over the air

ssl srip – a method to redirect traffic from https to http to force unencrypted transport – every passcode is unprotected, even it is shown as secure

secure-info.jpg

mobile devices management – is a way to protect company devices, e.g. disallow profile installation – but in a byod or mam-only scenario you can’t disable all features

mobile thread defense – mtd is for private and business devices, check behaviour and use ai to protect – like lookout as cloud service and additionally on device like zimperium, partners with mobileiron