Fedora Linux version 18 has been released and available for download. Fedora Linux is a community based Linux distribution. Fedora Linux is considered as the third most popular Linux distribution, behind Ubuntu and Mint for desktop usage. The new version comes with several new features such as – an installer that is rewritten and redesigned from the ground up, GNOME v3.6, KDE v4.9, Xfce v4.10, better network security with firewalld, Linux kernel v3.6, Python v3.3, Ruby on Rails v3.0, and much more.
What’s New In Fedora 18
- Updated installer : The anaconda installer has been totally redesigned for Fedora 18. Users will now have more flexibility in how they configure their installation. Some tasks will run in the background to speed the installation process.
- 256 color terminals – Many terminal programs (like vim and ls) can take advantage of 256 color terminals, and all xterms I know of support at least 256 colors and sometimes more.
- Fedup tool – It is a new tool for upgrading Fedora installations that is replacing preupgrade and the DVD methods of upgrading that have been used in earlier Fedora releases. It uses systemd for much of the upgrade functionality and will eventually be able to source packages from a DVD and use the standard repository instead of an upgrade specific side repo. In other words, it is possible to install fedup on an Fedora 17 system using yum (yum install fedup). Finally run the fedup-cli command to prepare the upgrade using fedup-cli --network 18 --debuglog fedupdebug.log command.
- UEFI Secure Boot – This will allow Fedora to boot on systems that have Secure Boot enabled. Tools are available for administrators to create custom certificates to sign local changes to GRUB or the kernel.
- Secure Containers (LXC Container) – Using SELinux and virt-sandbox, services can be run in secure sandboxes, even as root. The virt-sandbox-service package will create mount points and a libvirt container.
- Samba 4 – It is a combined set of daemons, client utilities, and Python bindings that allow communicating using SMB1, SMB2, and soon SMB3 protocols. It also implements Active Directory domain controller (DC) functionality as an integrated Kerberos DC, LDAP server, DNS server, and SMB/CIFS server.
- /tmp on tmpfs – This is a security and power saving feature. By default, /tmp on Fedora 18 will be on a tmpfs. Storage of large temporary files should be done in /var/tmp. This will reduce the I/O generated on disks, increase SSD lifetime, save power, and improve performance of the /tmp filesystem.
- Syscall filters – Syscall filtering is a security mechanism that allows applications to define which syscalls they should be allowed to execute.
- Perl v5.16 – Upgrade to Perl 5.16 as brings a lot of changes.
- OpenStack – This is an open source cloud computing platform. It lets you set up your own cloud infrastructure, similar to public clouds like Amazon EC2, Azure, etc. Fedora 18 comes with OpenStack “Folsom”.
- Eucalyptus – It is a cloud computing software platform for on-premise (private) Infrastructure as a Service clouds. It uses existing infrastructure to create scalable and secure AWS-compatible cloud resources for compute, network and storage.
- Web Servers – The Apache httpd package has been upgraded to version 2.4.3-1, which has many security and performance fixes. The lighttpd package has been upgraded to version 1.4.32-2.
- Cinnamon – Fedora users now have the option of using Cinnamon, an advanced desktop environment based on GNOME3.
- MATE desktop – This destop brings back a classic, intuitive, and easy to use desktop that users have been long requesting.
- NetworkManager now supports an enhanced Hotspot – This allows Internet connection sharing mode for Wi-Fi, which enables a much smoother connection sharing experience and is better supported by hardware. This mode is automatically enabled only for new connections to make sure existing configurations are unchanged.
- And much more. See Fedora 18 release note for more information.
Fedora 18 Screenshots
Fedora 18 DVD ISO download
You can download Fedora Linux 18 via the web/ftp server or via BitTorrent (recommended). The following DVD iso images are in live media format:
Download Fedora 18 GNOME live desktop dvd iso version
Download Fedora 18 KDE live desktop dvd iso version
Download Fedora 18 LXDE version
Download Fedora 18 Xfce version
- Fedora 18 Spherical Cow brings Linux fans a taste of Cinnamon, new installer (engadget.com)
- Fedora 18 Officially Released for IBM System z 64-bit (news.softpedia.com)
- Fedora 18 Spherical Cow released (liliputing.com)
- Alan Cox – Fedora 18 seems to be the worst Red Hat distro I’ve ever seen (plus.google.com)
Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you’re not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security protocol.
Here’s the bad news: A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers’ current passwords with relative ease. Here’s how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.
In the first section of this post, I’ll walk through the steps required to crack a WPA password using Reaver.
First, a quick note: As I often remind readers when I discuss topics that appear potentially malicious: Knowledge is power, but power doesn’t mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn’t make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.
What You’ll Need
You don’t have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you’ve got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you’ve got basically all you’ll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:
- The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that’s filled to the brim with network testing tools, and while it’s not strictly required to use Reaver, it’s the easiest approach for most users. Download the Live DVD from BackTrack’s download page and burn it to a DVD. You can alternately download a virtual machine image if you’re using VMware, but if you don’t know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don’t know which you have, 32 is a safe bet), ISO for image, and then download the ISO.
- A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn’t have a full compatibility list, so no guarantees. You’ll also need a DVD drive, since that’s how you’ll boot into BackTrack. I used a six-year-old MacBook Pro.
- A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I’ll explain in more detail in the “How Reaver Works” section how WPS creates the security hole that makes WPA cracking possible.
- A little patience. This is a 4-step process, and while it’s not terribly difficult to crack a WPA password with Reaver, it’s a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.
Let’s Get Crackin’
At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.
Step 1: Boot into BackTrack
To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don’t know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select “BackTrack Text – Default Boot Text Mode” and press Enter.
Eventually BackTrack will boot to a command line prompt. When you’ve reached the prompt, type
startx and press Enter. BackTrack will boot into its graphical interface.
Step 2: Install Reaver
Reaver has been added to the bleeding edge version of BackTrack, but it’s not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you’ll first need to connect to a Wi-Fi network that you have the password to.
- Click Applications > Internet > Wicd Network Manager
- Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.
Now that you’re online, let’s install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:
And then, after the update completes:
apt-get install reaver
If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)
Step 3: Gather Your Device Information, Prep Your Crackin’
In order to use Reaver, you need to get your wireless card’s interface name, the BSSID of the router you’re attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let’s do all that.
Find your wireless card: Inside Terminal, type:
Press Enter. You should see a wireless device in the subsequent list. Most likely, it’ll be named
wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
Put your wireless card into monitor mode: Assuming your wireless card’s interface name is
wlan0, execute the following command to put your wireless card into monitor mode:
airmon-ng start wlan0
This command will output the name of monitor mode interface, which you’ll also want to make note of. Most likely, it’ll be
mon0, like in the screenshot below. Make note of that.
Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you’re attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
airodump-ng wlan0 doesn’t work for you, you may want to try the monitor interface instead—e.g.,
You’ll see a list of the wireless networks in range—it’ll look something like the screenshot below:
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network’s BSSID (it’s the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column.
Now, with the BSSID and monitor interface name in hand, you’ve got everything you need to start up Reaver.
Step 4: Crack a Network’s WPA Password with Reaver
Now execute the following command in the Terminal, replacing
moninterfacewith the BSSID and monitor interface and you copied down above:
reaver -i moninterface -b bssid -vv
For example, if your monitor interface was
mon0 like mine, and your BSSID was
8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:
reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver’s cracking has completed, it’ll look like this:
A few important factors to consider: Reaver worked exactly as advertised in my test, but it won’t necessarily work on all routers (see more below). Also, the router you’re cracking needs to have a relatively strong signal, so if you’re hardly in range of a router, you’ll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.
Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don’t shut down your computer (which, if you’re running off a live DVD, will reset everything).
How Reaver Works
Now that you’ve seen how to use Reaver, let’s take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It’s a feature that exists on many routers, intended to provide an easy setup process, and it’s tied to a PIN that’s hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.
Read more details about the vulnerability at Sean Gallagher’s excellent post on Ars Technica.
How to Protect Yourself Against Reaver Attacks
Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn’t support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router’s settings, Reaver was still able to crack his password.
In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they’ve tested. “On all of the Linksys routers, you cannot manually disable WPS,” he said. While the Web interface has a radio button that allegedly turns off WPS configuration, “it’s still on and still vulnerable.
So that’s kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.
You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.
Double bummer. So what will work?
I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there’s yet another reason to love the free router-booster. If that’s got you interested in DD-WRT, check their supported devices list to see if your router’s supported. It’s a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router.
Thanks to this post on Mauris Tech Blog for a very straightforward starting point for using Reaver. If you’re interested in reading more, see:
- Ars Technia’s hands on
- This Linux-centric guide from Null Byte
- The Reaver product page (it’s also available in a point-and-click friendly commercial version.
- How to Crack a Wi-Fi Network WPA (powersthatbeat.wordpress.com)
- Hackers at Macca’s: wi-fi bunfight (smh.com.au)
- Experts Find Way to Crack Default WPA2 Passwords of Belkin Routers (news.softpedia.com)
If James Bond logs on to a computer, he doesn’t want to leave a bunch of files, cookies, or his IP address out there for someone to find. It might seem extreme, but sometimes it’s a good idea to take the same precautions yourself.
In this post, we’ll walk through how to use a USB stick or DVD to anonymize, encrypt, and hide everything you do on a computer no matter where you are. When we say “browse without leaving a trace”, we truly mean it. Using the Linux-based, live-boot operating system Tails (The Amnesiac Incognito Live System), you can use any computer anywhere without anyone knowing you were ever on it. Tails is a portable operating system with all the security bells and whistles you’ll ever need already installed on it. You can install Tails on one of your many dust-gathering USB drives or a DVD. We’ll show you how to set up your own portable boot disc in the second section, but let’s start by taking a look at what you get with Tails.
What Tails Is and What’s Packed Into It
The magic of Tails is that you don’t have to do a lick of work: once you create your boot disc you’ll have a completely anonymous, totally private operating system preloaded with all the software you (or James Bond) would need. What’s packed into it? Let’s take a look.
The Software Packed Directly into Tails
Once you create your Tails boot disc, you’ll be ready to reboot your computer into an encrypted and private operating system preloaded with all the software you’ll need to browse the web, email, IM, and edit documents. Regardless of whether you choose a DVD or USB nothing you do is left on the computer you booted from.
- Built-in online anonymity: The key feature that’s going to appeal to most people is Tails’ built-in online anonymity. This comes in the form of the customized web browser Iceweasel built using the anonymous web browsing technology from Tor. The browser also includes popular security extensions like HTTPS Everywhere for secure browsing, Adblock Plus to block ads, and NoScript to block Java and Flash. Other than those features, the web browser works exactly like you’d expect a web browser to work.
- Built-in encrypted email and chat: Additionally, you also get encrypted and private messaging. Tails includes the Claws email client with OpenPGP for email encryption and the instant messaging client Pidgin with an OTR cryptography tool that encrypts your IM conversations.
- Built-in file encryption: When boot Tails from a USB drive instead of a DVD, you can save documents to the thumb drive and they’re automatically encrypted using an encryption specification called LUKS. (Since the DVD is read-only, you can’t save any files—which is its own form of security.)
- A full suite of editing software: On top your web access being private you also get a full suite of work and creative software. Tails comes preloaded with Openoffice for editing documents, Gimp for editing photos, Audacity for editing sound, and plenty more additional software.
Now let’s walk through how to set up a boot disc for yourself.
Step-by-Step Guide to Set Up Your Own Tails DVD or USB Drive
Tails is pretty easy to set up on your own and it doesn’t differ much from setting up any other Linux Live CD. However, a few extra steps do exist to verify your download.
Step 1: Download the Necessary Files
You need to download two different files to get started with Tails: an ISO (an image of Tails that is burned to a disc) and a cryptographic signature to verify the ISO image:
The developers behind Tails recommend you verify your Tails ISO to make sure it’s an officially released version that hasn’t been tampered with. We won’t walk through that process here, but they have instructions on their web site for Windows and Mac or Linux.
Step 2: Burn Tails to a CD/DVD
You can find documentation for creating a Tails USB from scratch on each operating system here. Alternately, you can more easily make bootable USB installation of Tails after you boot from a Tails live DVD. For our purposes we’re going to burn Tails to a bootable DVD because it’s an easier process than creating a USB stick from scratch.
On Windows: Right-click the ISO image, select Burn Disc Image, select your DVD drive.
On Mac: Right-click the ISO image, select Burn “tails…” to Disc, select your DVD drive.
Once it’s finished burning let’s boot into Tails and kick the tires.
Step 4: Boot into Tails
Stick your Tails DVD, CD, or thumb drive into your computer and reboot. The process for booting into a disc or external drive depends on your system, so lets look at how to do it on Windows and Mac.
On a Windows System: Different Windows computers have different default settings for booting from an external drive. If yours doesn’t already check for a boot DVD first you can always edit the BIOS boot order (often the DEL key at startup) to make sure your computer looks for a CD or USB before it starts. Alternately, you can closely watch the BIOS screen at the beginning of your computers startup for the Boot options shortcut (usually one of the function keys). When you get to the boot option menu, select your DVD drive and you’ll boot into Tails.
On a Mac System: When you turn on your Mac immediately press and hold down the Option key to access the Startup Manager. Select the Tails DVD (the description will actually say “Windows”) and you’ll boot into Tails.
Step 5 (Optional): Clone the DVD onto a USB Drive
Now that you’re booted into Tails it’s easy to clone your boot DVD onto a USB drive directly from the Tails operating system. Here’s what you need to do:
- Connect your USB drive to your computer.
- Select Applications > Tails > Tails USB Installer.
- Click the Clone and Install Button.
- Select your USB drive, click “Create Live USB Drive” and let the program run.
When the installation is complete you’ll have a bootable USB drive. The benefit of the USB drive is that any files you create in Tails are saved and encrypted directly on your device. However, a USB drive could theoretically be hacked into if you leave it around which is why the ultra-paranoid might prefer a read-only DVD for Tails.
Also, Macs don’t support USB booting without downloading and installing additional software called rEFit. This means you have to download and install rEFit on every Mac you want to boot into Tails from a USB drive.
Creating a bootable Tails disc is a simple process and a great use for one of those USB drives you have laying around doing nothing. Since you can use Tails on about any public computer you run into it’s a great way to keep your browsing and usage hidden from the world. It’s even beneficial on your home computer since you don’t have to alter your system in any way.
- Skyfall – Cyber War Becomes Cool (infosecprofessional.com)