The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.
Here’s an excerpt:
600 people reached the top of Mt. Everest in 2012. This blog got about 11,000 views in 2012. If every person who reached the top of Mt. Everest viewed this blog, it would have taken 18 years to get that many views.
Today’s tea is a part of my collection at home, and from what I understand, it must be one of David’s best sellers, as they have a hard time keeping it in stock in store. The Skinny is an oolong tea, and contains ginseng, which is supposed to aid digestion and help stop fat absorption in the body.
I’m not too sure about its weight loss claims, as I don’t drink this tea regularly, but it is a nice finish to a heavy meal. It’s slightly similar to orange pekoe, but with a hint of sweetness.
I give The Skinny a 3.5 out of 5.
Sorry for missing my post yesterday. I went to bed as soon as I got home after work yesterday, and didn’t get up until this morning. So, I had two teas this morning.
Yesterday’s tea was Kiwi’s Big Adventure. I have to say, this tea was pretty good for a green tea. The kiwi fruitiness really takes Ll but. Bit of the green tea taste out of it.
I give Kiwi’s Big Adventure a 3.5 out of 5.
Yay, an exciting tea! Read My Lips is a long time David’s classic. It’s got chocolate in it, so where could it go wrong? And if that’s not enough to impress, it’s got red candy lips too. Hehe. I tried this tea at the recommended max brew time, but I found it a bit watery, so I steeped it longer, and the chocolatey taste was even more yummy. I didn’t really taste to much spice from the red peppercorns, but I’m not a lightweight when it comes to spice as Rob is a hot sauce collector, so maybe I’m just immune. Hehe
I give Read My Lips a 4 out of 5.
Today’s tea is yet another green tea, Toasted Walnut. By way of green teas though, I must say this is the least ick one I’ve tasted. It smells like tossed walnuts and coconut. The taste is not too bad. Sort of coconutty and walnutty, with just a hint of the green tea ick aftertaste.
I give Toasted Walnut a 2.5 out of 5.
Check out my funky new mug. I saw it at the thrift store and had to have it. It’s so cheerful and quirky. Hehe
I think after two days of green teas, I’m happy to see anything else at all. It’s nice to finally have a white tea, the first of this advent calendar. Checkmate is actually a blend of white and black teas, but David’s classifies it as a white. There is a chocolate smell to this tea, which is nice. The taste is also fairly chocolatey.
I give Checkmate a 3.5 out of 5.
After yesterday’s icky green tea, I was looking forward to something wonderful for today’s tea. I was disappointed when it was another green tea, North African Mint. I find the variety of teas in the calendar aren’t mixed up well – you get 4 black or green teas in a row type thing. 😦
North African Mint is very minty, which does tame the icky green tea taste a bit. It is light, and refreshing. If you like green teas, give this one a try.
I give North African Mint a 1.5 out of 5.
This is a rather long picture post, enjoy!
I have to honest up front – I do not like green tea. I don’t like the taste of it at all. I can deal with green and fruity, because the fruit taste really overpowers most of the green ick. So, sorry green tea lovers, I’m a hater.
Todays tea is Japanese Sencha. I’m sure if you like green tea, this would be one of the best. I, unfortunately don’t. I found this particular green tea really strong tasting too.
I give Japanese Sencha a 1 out of 5.
To hopefully redeem myself a bit, while sipping my green tea, I made quesadillas for supper. Rob loves my quesadillas! See, I’m not all bad! 🙂
Goji Pop is one of David’s more fruity and fun teas. It’s a pretty pink color, and sweet and breezy tasting. I think it would be just as tasty iced as it is hot. The one negative thing I have to say about Goji Pop is that it does have a bit of a bitter aftertaste to it. Other than that, it’s great!
I give Goji Pop a 4 out of 5.
Today’s tea is a green tea, Green and Fruity. I like this one because the fruity part makes the bitter green tea aftertaste much better. The fruity smell is nice too. I also like that it is similar to Fruite Mate, one of David’s teas that they no longer carry.
I give Green and Fruity a 3.5 out of 5.
I’m really liking these teas that smell like Christmas baking. Today’s tea is Forever Nuts. The first thing that hits you with this tea is the smell when you open the tin. It smells all nutty and spicy. Then, when you brew it, it’s a surprising bright pink, like pink lemonade. It’s an odd combination, the color and the taste. It’s all bright and fruity looking, but it tastes like it smells, like warm nutty baking.
I give Forever Nuts a 4 out of 5.
Just a note, I’m coming down with a cold or flu as of today, and I’m hoping it won’t affect my taste, but I’m sure it will. :(. I’m glad that I do have some of David’s Cold 911 at home. I highly recommend it!
The HTTP protocol allows a client to specify a time condition for the document it requests. It is If-Modified-Since or If-Unmodified-Since.
You can use curl command to see if a copy (http resources such as text/html or image/png) that they hold is still valid. However, this will only work if response has a Last-Modified header. You can send a Last-Modified header using web server or your web application.
Step #1: Find out if response has a Last-Modified header
Type the following curl command:
curl --silent --head https://robdurdle.com/foo/bar/image.png curl --silent --head https://robdurdle.com/foo/help.html
curl -I http://RobDurdle.com/foo/bar/image.png curl -I http://RobDurdle.com/foo/help.html
In this example, note down the Last-Modified headers in the response to this HEAD request:
$ curl -I http://www.RobDurdle.com/faq/
HTTP/1.1 200 OK Server: nginx Date: Tue, 11 Dec 2012 10:10:24 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Last-Modified: Tue, 11 Dec 2012 10:10:23 GMT Cache-Control: max-age=299, must-revalidate Vary: Cookie X-Pingback: http://www.robdurdle.com/faq/xmlrpc.php X-Galaxy: Andromeda-1 Vary: Accept-Encoding
The syntax is as follows to send If-Modified-Since header using the curl command line:
$ curl -I --header 'If-Modified-Since: DATE-FORMAT-HERE' http://RobDurdle.com/foo/bar/image.png
$ curl -I --header 'If-Modified-Since: Tue, 11 Dec 2012 10:10:24 GMT' http://RobDurdle.com/faq/
HTTP/1.1 304 Not Modified Server: nginx Date: Tue, 11 Dec 2012 10:12:11 GMT Connection: keep-alive Vary: Cookie Last-Modified: Tue, 11 Dec 2012 10:10:23 GMT X-Galaxy: Andromeda-1 Vary: Accept-Encoding
The resource sends a 304 Not Modified response, indicating that it supports Last-Modified validation.
Sorry today’s post is so late in the day. I slept most of my day away (apparently I had some sleep to catch up on), the I had my work Christmas party to go to. So, with it nearing midnight, and me having to work tomorrow morning, I’m really glad today’s tea is caffeine free!
I’m happy to finally have a toasty Christmas tea to try. Sleigh Ride was a seasonal winter tea, but if I’m not mistaken, I think it’s part of David’s full menu now.
The smell is superb. It smells like s’mores, and Christmas baking. Yum! The taste is great too. It’s got a great nutty taste, and after a sip I decided it would be phenomenal as a latte, and I was right, it’s great. It’s similar to a chai latte, not as spicy. Very good!
I give Sleigh Ride a 4 out of 5.
Today’s tea was yet another new tea for me (10 days into this journey, I’m realizing that I might be more about David’s exciting seasonal teas instead of the old classics) – Organic Detox. I’m not sure if I buy into the whole detoxing thing, it may just be some New Age hippie propaganda, but at the least you’re getting tea, and tea definitely has lots of great healthy properties.
I find this tea tastes pretty well like a plain green tea, so that’s great for anyone who wants to do the detox thing and not have to drink some of the other nasty things I’ve heard people drink for detoxing! It’s not my favourite David’s green tea I’ve had, but its not bad.
I give Detox a 3 out of 5. Sorry for the blurry pic. I didn’t realize my pic was blurry until long after my tea…
View original post 3 more words
Hot Lips was today’s tea. It smells good, like hot cinnamon candies. I must say that I usually don’t like cinnamon flavours since I drank too much Goldschlagger in college and got sick. Oi. So, I wasn’t sure if I’d like this tea, but it was good. I liked the heat from the cayenne too. It was all round a nice, toasty tea.
I give Hot Lips a 3.5 out of 5.
Ahhh, here it is. This is a classic orange pekoe flavoured tea, David’s Organic Breakfast. From smell to taste, this makes me think of my childhood, with Mom and Gran drinking their Red Rose. :). I find this type of tea bitter, and so I don’t really like it overall. If I was a fan though, I think this particular tea would be rated high among its peers. It is bold, and has lots of flavour.
I give this tea a 3 out of 5. If you’re an orange pekoe fan though, I bet you’d love this tea!
I must be honest; any tea that David’sTea has put out that is a dessert flavour I’ve ran and bought very promptly. I am a foodie, and I love desserts, Creme Brûlée not excluded. So, I do already have this tea in my collection, and I love it. It’s got a great caramel aftertaste, and makes you feel all warm and fuzzy inside, so it’s ideal on a cold winter night.
I give Creme Brûlée a 4 out of 5.
I was glad today’s tea is Glitter & Gold, another long time fan-favourite that I haven’t yet tried. I could stop this post right here and give this tea 5 stars, just on the basis that it GLITTERS!!! It was love at first brew when the gold started swirling and sparkling in my cup. <3.
But, I have to calm down and give this tea my serious evaluation. :). It's got an orange pekoe kind of bland smell, meh. The taste isn't bad though. It's got a bit of sweet to it, I think without that the tea would be a bit bitter, but that sweetness makes it yum. I forgot about the half mug I had left on my desk while I worked away at an important project on my computer, and when I went back to it it was cold. So I can also say that this…
View original post 29 more words
Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you’re not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security protocol.
Here’s the bad news: A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers’ current passwords with relative ease. Here’s how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.
In the first section of this post, I’ll walk through the steps required to crack a WPA password using Reaver.
First, a quick note: As I often remind readers when I discuss topics that appear potentially malicious: Knowledge is power, but power doesn’t mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn’t make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.
What You’ll Need
You don’t have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you’ve got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you’ve got basically all you’ll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:
- The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that’s filled to the brim with network testing tools, and while it’s not strictly required to use Reaver, it’s the easiest approach for most users. Download the Live DVD from BackTrack’s download page and burn it to a DVD. You can alternately download a virtual machine image if you’re using VMware, but if you don’t know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don’t know which you have, 32 is a safe bet), ISO for image, and then download the ISO.
- A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn’t have a full compatibility list, so no guarantees. You’ll also need a DVD drive, since that’s how you’ll boot into BackTrack. I used a six-year-old MacBook Pro.
- A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I’ll explain in more detail in the “How Reaver Works” section how WPS creates the security hole that makes WPA cracking possible.
- A little patience. This is a 4-step process, and while it’s not terribly difficult to crack a WPA password with Reaver, it’s a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.
Let’s Get Crackin’
At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.
Step 1: Boot into BackTrack
To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don’t know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select “BackTrack Text – Default Boot Text Mode” and press Enter.
Eventually BackTrack will boot to a command line prompt. When you’ve reached the prompt, type
startx and press Enter. BackTrack will boot into its graphical interface.
Step 2: Install Reaver
Reaver has been added to the bleeding edge version of BackTrack, but it’s not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you’ll first need to connect to a Wi-Fi network that you have the password to.
- Click Applications > Internet > Wicd Network Manager
- Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.
Now that you’re online, let’s install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:
And then, after the update completes:
apt-get install reaver
If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)
Step 3: Gather Your Device Information, Prep Your Crackin’
In order to use Reaver, you need to get your wireless card’s interface name, the BSSID of the router you’re attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let’s do all that.
Find your wireless card: Inside Terminal, type:
Press Enter. You should see a wireless device in the subsequent list. Most likely, it’ll be named
wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
Put your wireless card into monitor mode: Assuming your wireless card’s interface name is
wlan0, execute the following command to put your wireless card into monitor mode:
airmon-ng start wlan0
This command will output the name of monitor mode interface, which you’ll also want to make note of. Most likely, it’ll be
mon0, like in the screenshot below. Make note of that.
Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you’re attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
airodump-ng wlan0 doesn’t work for you, you may want to try the monitor interface instead—e.g.,
You’ll see a list of the wireless networks in range—it’ll look something like the screenshot below:
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network’s BSSID (it’s the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column.
Now, with the BSSID and monitor interface name in hand, you’ve got everything you need to start up Reaver.
Step 4: Crack a Network’s WPA Password with Reaver
Now execute the following command in the Terminal, replacing
moninterfacewith the BSSID and monitor interface and you copied down above:
reaver -i moninterface -b bssid -vv
For example, if your monitor interface was
mon0 like mine, and your BSSID was
8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:
reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver’s cracking has completed, it’ll look like this:
A few important factors to consider: Reaver worked exactly as advertised in my test, but it won’t necessarily work on all routers (see more below). Also, the router you’re cracking needs to have a relatively strong signal, so if you’re hardly in range of a router, you’ll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.
Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don’t shut down your computer (which, if you’re running off a live DVD, will reset everything).
How Reaver Works
Now that you’ve seen how to use Reaver, let’s take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It’s a feature that exists on many routers, intended to provide an easy setup process, and it’s tied to a PIN that’s hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.
Read more details about the vulnerability at Sean Gallagher’s excellent post on Ars Technica.
How to Protect Yourself Against Reaver Attacks
Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn’t support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router’s settings, Reaver was still able to crack his password.
In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they’ve tested. “On all of the Linksys routers, you cannot manually disable WPS,” he said. While the Web interface has a radio button that allegedly turns off WPS configuration, “it’s still on and still vulnerable.
So that’s kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.
You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.
Double bummer. So what will work?
I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there’s yet another reason to love the free router-booster. If that’s got you interested in DD-WRT, check their supported devices list to see if your router’s supported. It’s a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router.
Thanks to this post on Mauris Tech Blog for a very straightforward starting point for using Reaver. If you’re interested in reading more, see:
- Ars Technia’s hands on
- This Linux-centric guide from Null Byte
- The Reaver product page (it’s also available in a point-and-click friendly commercial version.
- How to Crack a Wi-Fi Network WPA (powersthatbeat.wordpress.com)
- Hackers at Macca’s: wi-fi bunfight (smh.com.au)
- Experts Find Way to Crack Default WPA2 Passwords of Belkin Routers (news.softpedia.com)