Apr02 Meeting Report.
Brum2600 Apr 2002

just the one report this month and no photos yet (Osi send em in thx photos) ..Thanks must go out to bambam who once again has put pen to paper or is it fingers to keys. I (Re-LoaD) have taken great pleasure in reading this one as i was not at the meet and I am still ill in bed :( Enjoy and don,t forget Brumcon2 next month.

ATTENDANCE

Fizzy
Zipser
Bambam
Osiris + Guest
Def + Guests
MinusQ
AlDelarge
Bracket
Pink
Agent
Tiger

Notable absences were: lsl, Re-LoaD and Savvy.

Lsl and Re-LoaD were both ill.

SPECIAL NOTE:

Savvy's father recently passed away and hence savvy was absent from this
meeting. Although no-one who attended has in fact spoken to Savvy yet, our
condolences, thoughts and feelings of sympathy and empathy are with him.

MEETING OVERVIEW

A strange meet that should have been very small and quiet ended up being
full size and normal volume - due to the unexpected appearances of Def and
Osiris avec enroutage.

After meeting at the Silver man we moved off to the Dot Comm caf, where the
music seemed near the 130dB (ear bleeding) point and the net access was a
quid for 15 mins. Only a short visit as communication (ironically enough
in a cyber caf) was restricted to inter-person semaphore so we moved off
to the Darwin Pub.

Someone had our usual seats, so by the time I arrived at the pub (after
making another guest appearance on the city's CCTV network) the congregation
had taken up seats as close to the bar as possible. Through a typically
English combination of fury and silence we regained the corner seats without
any contact with the people who were sitting there (we just waited) and began
talking.

For the first time in ages the meet drifted away rather than coming to a
conclusion but it did so around kicking out time, so all was not lost.
A strange end to a strange meet. I'm sure that in the long run this was
just a blib in meet history rather than the winds of change.

CONVERSATION OVERVIEW

BrumCon II
----------

For those of you living in a cave (one without bandwidth), BrumCon II is
nearly upon us! Unlike the first event, this conference is public
invitation: all are welcome! Details are on www.brum2600.net, talks
include GSM, PCM30, and Packet Radio.

This conference is completely open to all - please come along and show
your support, the venue will take many and the more who turn up, the less
the cost of tickets.Please email to say that you are coming so that we may
prepare accordingly.

AlDelarge tells us that a/some employees of the CCU (the Metropolitan
Police Computer Crimes Unit to you) will be attending for a Q/A session
(open to the floor) and general information gathering session (as there is
no such thing as an off-duty police officer) - one of the group/he is the
person who busted the 8lgm. Please start preparing questions now.

Checkout a report on the 8lgm case at the "Web Journal of Current legal
issues" - Published at the University of Newcastle upon Tyne:
webjcli.ncl.ac.uk/1996/akdeniz3.html

And get general information at
www.met.police.uk/computercrime

OpenWall
--------

wanted to know if there were FreeBSD openwall equivalent
patches - we knew of none, and suggested emailing Solar Designer himself
(hey, these guys need more emails :). seemed only really
concerned with the "privacy" parts of the patch - /proc permissions.
Wonder why... :)

Microsoft
---------
I have grouped all the microsoft topics together:

LICENSE CHANGE: Apparently microsoft have changed their licenses along
with their tactics: They now make standards open, but prevent you from
implementing them without bowing to their rules, etc.. Presumably to stop
things like Samba (www.samba.net) which implemented CIFS and hence lets
NIX boxes look like Windows boxes to other windows boxes on the network.

No-one was sure of the legality of this, but it is unanimously understood
and agreed upon within the group that this is extremely bad for the
individuals, competitors, the economy, customers and is just a part of
Microsoft's attitude to individuls, competitors, the economy and their
customers. It is policies like this that could bring about the eventual
downfall of Microsoft - or EVEN BETTER bring them accountable to their
customers and the economy.

bambam: It's almost like Microsoft are using the fact that law suits take
time to prepare and see through, so they just flood the Department of
Justice with as many illegal ideas as they can, and the DOJ are left to
pick out only the _most_ illegal actions to prosecute.

Thanks to Bracket for bringing this one up. Those who wish to know more
can find information of the current Microsoft vs. the US case at:

---

Agent: Once MSN is run you can never fully remove it; it simply keeps
re-asserting itself in the "run" part of the registry, and it comes
installed as default in Windows XP.

Presumably it modifies a dll function to do with the startup which
re-installs it every time the machine boots. More anti-competition: No-one
else is supposed to know this inner workings of these dlls, and hence
no-one else could (legally) make a similar product and sell it. Not to
mention that no-one else could bundle it in with the operating system.
Hence Microsoft is using it's dominance of one market to dominate another
market - illegal under the spirit of US law.

AlDelarge: But i know that *theoretically* if one were to be a trojan
[horse] writer, then one would have an excellent base upon which to start.

bambam: but what *is* a trojan - a program which you think does one thing,
and actually just fucks you around a lot, and does things you didn't
expect or want. Under that definition, is not the original MSN messenger a
trojan?

---

YOU can help by reading: www.antitrustinstitute.org and becoming a
"friend of aai"

---

Ed: Looking back at this section, it would seem that we are anti
microsoft. In fact, we are anti bullshit. It's just microsoft seem to be
producing more bullshit than anone else.

Mobile Telephony
----------------
AlDelarge explained the format of SMS headers, and was talking
about the "provider accepts the charges" bit.

GPS will be included soon as standard in mobiles, not as an inherent part
of any new technology (3G, etc) but as another technology designed to run
concurrently with 3G and other systems coming out very soon. If you don't
like the idea of your mobile provider and anyone allowed access to their
data (under the Terrorism Act, that includes: the police, MI5, GCHQ, etc)
having a real time system which tracks everyone and where they are all the
time, why don't you do something about it: tell people; tell everyone. If
enough people know, maybe the government will do something.

Certainly email people like Kanwar Chadha, the SiRF (the leading company
in the field of applied GPS (according to them anyway)) CEO, who is quoted
by abcnew.go.com as saying: "Let's put GPS in necklaces and dog collars.
Everything that moves should have GPS".
(abcnews.go.com/sections/tech/DailyNews/gpsphone980821.html)
Get more information generally on this applied technology at:
www.gpss.co.uk and www.gpss.co.uk/chase.htm

"I'm sorry sir, we don't do a Children back guarantee"
------------------------------------------------------

A new system has been developed; an armband which locks onto your kid and
uses GPS along with radio transmission, allowing you to locate the
physical location of your kid on the surface of the Earth at any given
time from the website.

Apart from the obvious big-brother type problems with this (does anyone
even know what that means any more?), there are other more pressing
problems:

I would hope that it would be obvious to *any* reader of this that it is
*extremely* important that any company undertaking such a task is
*extremely* digitally secure: Online shopping via credit card is insured
by the credit company, and that is it's eventual security. Your child has
no such insurance. With a security exploit, paedophiles could *pick which
child they wanted* and over the internet, track them just as you do
*completely untracably* and pick them up when they are the most vunerable.

Hopefully no-one who has just read this would even think of using one of
these devices.

Suggestions from the floor included adding a certain amount of randomness
between the web interface and the radio equipment - with a hope to
inspiring such phrases as "How the fuck did little johnny get to Gdansk?"

Or maybe you should just give them a mobile phone... :-|

More information on the current situation is as
www.usatoday.com/life/cyber/bonus/qa/2001-06-06-kids-tracking-devices.htm,
and future devlopments:
www.technocopia.com/gadgets-20001020-kidtracker.html
Although, these people are approaching only the concept and not the
implementation: they haven't even thought about what power it might give
those who with to abuse your child.

Other single points of failure
------------------------------

www.trafficmaster.net give real time traffic information by using "fixed
infra-red sensors mounted on overbridges (motorways) and Passive Target
Flow Measurement 'blue pole' cameras at the roadside (trunk roads)."

Artificial Intelligence
-----------------------

Bracket was playing with the idea that he may give a talk on AI at BrumCon
(now that he knows it's on (are you reading this now?!?)). A conversation
ensued about possible applications: Pattern matching on faces, voices and
body movement characteristics, but mostly it's use in SSH traffic
analysis.
Bambam insisted that it *is* possible to infer the keystrokes of a session
from the packet timing, but Bracket was more sceptical.
Dug Song and Solar Designer did a talk on analysing ssh traffic at hal
(www.hal2001.org).

CCTV Request
------------

Bambam's cctv request is in the works. Thanks to MinusQ for the reminder:
"Don't forget, calls may be recorded for training purposes". :)

SSH-patch
---------

As such (see AI above), it is proposed that brum2600 collectively write a
patch to both the server and certainly the client openssh programs which
will add in random timings, making such attacks harder.
No doubt any modification in the client will go closer to the front end
than the back :)
Members should feel free to submit ideas to: crew@brum2600.net where they
will be forwarded to the appropriate place/person.

Cyber-D
-------

Al has been desperately trying to get hold of someone to do a BrumCon
cyber-d talk. (Hence the quote below), and he proposes that we make our
own, under the project title: OpenDildo.

Data Protection
---------------

Thanks to Al Delarge for pointing out that companies who have trivially
ownable cgi-scripts in the UK are most probably contravening the data
protection act and as such should be reported to the government's
"Information Commissioner": www.dataprotection.gov.uk/contactus.htm

Subterfugue
-----------

Originally picked up on slashdot as news, subterfugue allows all kind of
monkeying with low level stuff: set up sand boxes, throttle bandwidth of
connections, speed up or slow down the clock for applications. More
information is at www.subterfugue.org


NEWS IN BRIEF

BrumCon II: May the 4th be with you. check out www.brum2600.net for info
on the hacking conference in Birmingham.

OpenBSD: 3.1 will be out soon

Israel: Some Bristol Uni crew have suffered gun-shot wounds and general
beatings - they went over for a peaceful demonstration and were there when
the whole thing kicked off big time. Although we are assured that they
remained peaceful, apparently the forces there didn't.

Bristol: Bristol2600 is officially dead. The last meet was on the 5th
April, 2002. Currently (as of 7th April, 2002) there are no plans for a
resurrection. Anyone still wishing to meet are welcome at the London meet,
or here in Birmingham.

CCTV: Request is in the works. Watch this space.

Subterfugue: subterfugue.org allows you to insert python code between the
linux kernel and applications. Check it out.

QUOTES

The subdued mood at the meet meant only a couple of quotes:

[We had been talking about the BBC after Sep 11th - saying that encryption
was very bad, and terrorists use it, etc]

Al Delarge: "What they [the BBC] didn't understand is that \"encryption\"
is the Arabic word for pizza boxes"

Al Delarge: "I've been harassing every sex shop owner in the country"

Anonymous: "[on Solo at Hal] He just looked like he was gonna stab
someone"

Anonymous: "And when Al [Delarge] invites you to something, you make a
point of not going"

bambam: "fel looks good, but so does a bank and a sawn off shotgun until
you get inside it."

IN SUMMARY

It was always going to be a weird meet, but it turned out to be a good
weird meet. The mood was a little subdued due to the absence of key
members and the reasons behind them.
All the same, a good meet. Let the message be clear: brum2600 is alive and
kicking.

Images.