Posted on Leave a comment

Cloning a MAC address to bypass a captive portal

If you ever attach to a WiFi system outside your home or office, you often see a portal page. This page may ask you to accept terms of service or some other agreement to get access. But what happens when you can’t connect through this kind of portal? This article shows you how to use NetworkManager on Fedora to deal with some failure cases so you can still access the internet.

How captive portals work

Captive portals are web pages offered when a new device is connected to a network. When the user first accesses the Internet, the portal captures all web page requests and redirects them to a single portal page.

The page then asks the user to take some action, typically agreeing to a usage policy. Once the user agrees, they may authenticate to a RADIUS or other type of authentication system. In simple terms, the captive portal registers and authorizes a device based on the device’s MAC address and end user acceptance of terms. (The MAC address is a hardware-based value attached to any network interface, like a WiFi chip or card.)

Sometimes a device doesn’t load the captive portal to authenticate and authorize the device to use the location’s WiFi access. Examples of this situation include mobile devices and gaming consoles (Switch, Playstation, etc.). They usually won’t launch a captive portal page when connecting to the Internet. You may see this situation when connecting to hotel or public WiFi access points.

You can use NetworkManager on Fedora to resolve these issues, though. Fedora will let you temporarily clone the connecting device’s MAC address and authenticate to the captive portal on the device’s behalf. You’ll need the MAC address of the device you want to connect. Typically this is printed somewhere on the device and labeled. It’s a six-byte hexadecimal value, so it might look like 4A:1A:4C:B0:38:1F. You can also usually find it through the device’s built-in menus.

Cloning with NetworkManager

First, open nm-connection-editor, or open the WiFI settings via the Settings applet. You can then use NetworkManager to clone as follows:

  • For Ethernet – Select the connected Ethernet connection. Then select the Ethernet tab. Note or copy the current MAC address. Enter the MAC address of the console or other device in the Cloned MAC address field.
  • For WiFi – Select the WiFi profile name. Then select the WiFi tab. Note or copy the current MAC address. Enter the MAC address of the console or other device in the Cloned MAC address field.

Bringing up the desired device

Once the Fedora system connects with the Ethernet or WiFi profile, the cloned MAC address is used to request an IP address, and the captive portal loads. Enter the credentials needed and/or select the user agreement. The MAC address will then get authorized.

Now, disconnect the WiFi or Ethernet profile, and change the Fedora system’s MAC address back to its original value. Then boot up the console or other device. The device should now be able to access the Internet, because its network interface has been authorized via your Fedora system.

This isn’t all that NetworkManager can do, though. For instance, check out this article on randomizing your system’s hardware address for better privacy.

Posted on Leave a comment

Use sshuttle to build a poor man’s VPN

Nowadays, business networks often use a VPN (virtual private network) for secure communications with workers. However, the protocols used can sometimes make performance slow. If you can reach reach a host on the remote network with SSH, you could set up port forwarding. But this can be painful, especially if you need to work with many hosts on that network. Enter sshuttle — which lets you set up a quick and dirty VPN with just SSH access. Read on for more information on how to use it.

The sshuttle application was designed for exactly the kind of scenario described above. The only requirement on the remote side is that the host must have Python available. This is because sshuttle constructs and runs some Python source code to help transmit data.

Installing sshuttle

The sshuttle application is packaged in the official repositories, so it’s easy to install. Open a terminal and use the following command with sudo:

$ sudo dnf install sshuttle

Once installed, you may find the manual page interesting:

$ man sshuttle

Setting up the VPN

The simplest case is just to forward all traffic to the remote network. This isn’t necessarily a crazy idea, especially if you’re not on a trusted local network like your own home. Use the -r switch with the SSH username and the remote host name:

$ sshuttle -r username@remotehost 0.0.0.0/0

However, you may want to restrict the VPN to specific subnets rather than all network traffic. (A complete discussion of subnets is outside the scope of this article, but you can read more here on Wikipedia.) Let’s say your office internally uses the reserved Class A subnet 10.0.0.0 and the reserved Class B subnet 172.16.0.0. The command above becomes:

$ sshuttle -r username@remotehost 10.0.0.0/8 172.16.0.0/16

This works great for working with hosts on the remote network by IP address. But what if your office is a large network with lots of hosts? Names are probably much more convenient — maybe even required. Never fear, sshuttle can also forward DNS queries to the office with the –dns switch:

$ sshuttle --dns -r username@remotehost 10.0.0.0/8 172.16.0.0/16

To run sshuttle like a daemon, add the -D switch. This also will send log information to the systemd journal via its syslog compatibility.

Depending on the capabilities of your system and the remote system, you can use sshuttle for an IPv6 based VPN. You can also set up configuration files and integrate it with your system startup if desired. If you want to read even more about sshuttle and how it works, check out the official documentation. For a look at the code, head over to the GitHub page.


Photo by Kurt Cotoaga on Unsplash.

Posted on Leave a comment

Microsoft acquires BlueTalon, simplifying data privacy and governance across modern data estates

The data landscape has changed rapidly over the past few years, enabling tremendous opportunity for enterprises to digitally transform. Data estates are increasingly diverse with fit-for-purpose systems (NoSQL, RDBMs, Data Lakes & Big Data, SaaS apps, etc.) spanning on-premises and cloud environments capable of processing data of all shapes and sizes. This rapid evolution has empowered data professionals including data engineers, data scientists and data analysts to do much more, but at the same time has vastly increased the size and diversity of data estates, making data management and governance harder than ever. In fact, 57 percent of Gartner survey respondents cited “supporting data governance and data security” as one of the biggest challenges for their data management practice.1

At the heart of any digital transformation is making data discovery, access and use simple, secure, compliant and trustworthy. Data privacy is one of the defining issues of our time, as evidenced by the introduction and evolution of privacy laws across the globe (e.g., GDPR, CCPA, etc.). As technology becomes more engrained in our lives and our work, it must be simple to understand and control what data is collected and easily manage who has access to that data and for what purpose.

Today we are excited to announce the acquisition of BlueTalon, a leading provider of Unified Data Access Control solutions for modern data platforms. BlueTalon works with leading Fortune 100 companies to eliminate data security blind spots and gain visibility and control of data. BlueTalon provides a customer-proven, data-centric solution for data access management and auditing across the diverse systems resident in modern data estates.

The IP and talent acquired through BlueTalon brings a unique expertise at the apex of big data, security and governance. This acquisition will enhance our ability to empower enterprises across industries to digitally transform while ensuring right use of data with centralized data governance at scale through Azure.

Together with BlueTalon, we are committed to help enterprises become data-driven companies in a secure and compliant manner. We’re excited to welcome the BlueTalon team to Microsoft and can’t wait to get started. For more information, please see BlueTalon CEO Eric Tilenius’ blog post.

¹ Gartner Survey Analysis: Data Management Is Pressed Between Support for Analytics — and Data Governance, Risk and Compliance, Figure 3, Roxane Edjlali, March 22, 2018

Tags:

Posted on Leave a comment

GDPR’s first anniversary: A year of progress in privacy protection

May 25 marks one year since the European Union’s General Data Protection Regulation officially went into effect. GDPR is a groundbreaking privacy framework that empowers residents of the EU to control their personal information so they can use digital technologies to engage freely and safely with each other and with the world.

A lot has happened on the global privacy front since GDPR went into force. Overall, companies that collect and process personal information for people living in the EU have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose.

This has improved how companies handle their customers’ personal data. And it has inspired a global movement that has seen countries around the world adopt new privacy laws that are modeled on GDPR. Brazil, China, India, Japan, South Korea and Thailand are among the nations that have passed new laws, proposed new legislation, or are considering changes to existing laws that will bring their privacy regulations into closer alignment with GDPR.

Empowering people to manage their information through our privacy dashboard

The driving force behind the global movement to modernize privacy laws is the new understanding people have of their right to privacy as technology changes how people create and share information. Around the world, there is a growing expectation that everyone should benefit from digital technology without losing control of their personal information. This is why Microsoft was the first company to provide the data control rights at the heart of GDPR to our customers around the globe, not just in Europe.

One year later, the ever-growing number of people using our privacy dashboard is a clear sign that people want to be empowered to control their data. Since GDPR went into effect, more than 18 million people from around the world have used our tool to manage their personal information. The highest level of engagement, both on a per capita basis and in absolute numbers, continues to come from the United States where about 6.7 million people have used the dashboard. Not surprisingly, residents of European countries covered under GDPR also account for a significant percentage of people who have visited the privacy dashboard—to date more than 4 million of our customers in the EU have logged on to manage their data.

Map showing use of the Microsoft Privacy Dashboard around the world
But the demand is truly global. Japan ranks No. 2 in using the privacy dashboard and Canada is fifth. Other countries in the top 10 included Brazil, China, Mexico and Australia.

Transforming culture and advancing privacy throughout the digital economy

To elevate the importance of privacy and embed it in their operational systems, companies like Microsoft that have fully embraced GDPR have undergone a profound cultural shift that begins at the executive level and reaches across the entire organization. Today, at Microsoft our responsibility to protect our customers’ privacy is the starting point for everything we do. Our commitment to greater user control and empowerment is stronger than ever.

You can see the results of this cultural transformation across our products and services. Last month, for example, we announced new steps to increase transparency about the data we collect when people use our products and to provide them with greater control over how their data is used. Those steps include describing the data we collect in clear and simple language; and making it easier for people to control their personal information. To enhance transparency, we are improving documentation and introducing a new biannual report about our data collection procedures.

We are also providing tools to help our customers meet their own privacy obligations under GDPR. To make it easier for game developers to comply with GDPR, we developed tools so they can allow players to view or delete data that is stored about them. We’re delivering features that improve how businesses secure sensitive data and protect the privacy of their employees and customers. We offer encryption to enable companies to protect sensitive data including credit cards and national IDs such as U.S. Social Security numbers. To help companies safeguard sensitive information on mobile devices, we announced a set of advanced privacy and security capabilities that enable companies’ IT administrators to better enforce privacy and security protection policies. And in April, we released new privacy tools for Office365 ProPlus that provide greater control over diagnostic data that is sent to Microsoft, and over optional cloud-based features in Office that enhance functionality.

Toward a framework for new privacy laws in the U.S. and interoperability around the globe

No matter how much work companies like Microsoft do to help organizations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments. Despite the high level of interest in exercising control over personal data from U.S. consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today.

In the absence of federal action, California took an important first step forward in advancing privacy protection with the passage of the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. A watershed for U.S. privacy law, CCPA was the first law in the United States to include rights inspired by GDPR.

Now, it’s Congress’s turn to adopt a new framework that reflects the changing understanding of the right to privacy in the United States and around the world. Like GDPR, this framework should uphold the fundamental right to privacy through rules that give people control over their data and require greater accountability and transparency in how companies use the personal information they collect.

California’s law is a good starting point. But federal legislation should go further and ensure that companies act as responsible stewards of consumers’ personal data. One way to achieve this is by requiring assessments that weigh the benefits of data processing against potential privacy risks to those whose data is processed.

This is important because the prevailing opt-in/opt-out privacy model in the United States forces consumers to make a decision for every website and online service they visit. This places an unreasonable—and unworkable—burden on individuals. Strong federal privacy should not only empower consumers to control their data, it also should place accountability obligations on the companies that collect and use sensitive personal information.

Federal law must also include strong enforcement provisions. As I saw first-hand when I served on the Federal Trade Commission, laws currently on the books are simply not strong enough to enable the FTC to protect privacy effectively in today’s complex digital economy.

Finally, while federal privacy legislation should reflect U.S. legal precedent—and the cultural values and norms of American society—it should also work with GDPR. For American businesses, interoperability between U.S. law and GDPR will reduce the cost and complexity of compliance by ensuring that companies don’t have to build separate systems to meet differing—and even conflicting—requirements for privacy protection in the countries where they do business.

In the year since it went into effect, GDPR has been an important catalyst for progress in privacy protection. Countries around the world have implemented new laws that reflect the new understanding people have for privacy in our digital era. Some companies are doing a better job of handling sensitive personal data and they have delivered new tools that make it easier for people to manage and control their personal information.

Now it is time for Congress to take inspiration from the rest of the world and enact federal legislation that extends the privacy protections in GDPR to citizens in the United States.

Tags: ,