Jul02 Meeting Report.
Brum2600 Jul 2002
Having dodged the muggers and big issue sellers that throng outside Snowhill to make it to the relative safety of the main station I was once again the only person there on time.
However I was soon joined by MinusQ and we spent a few minutes discussing Home automation technology both X10 and using the parallel port to control devices. For a large chunk of the conversation I bitched about X10 being so expensive in this country as apposed to the slightly cheaper American 110V system.
A few other members strolled up fashionably late and the conversation switched to the proposed "Entitlement Card" scheme introduced by David 'Orwellian Nightmare' Blunket. ID cards in all but name, the problems that such a system would create are immense even before the vast civil liberty issues are considered. Do we really trust this government to successfully implement this scheme providing forgers with a single point of failure to copy someones identity for 60 million people, without any problems. Costing the taxpayer several billion pounds in the process.
The fact that this government is hellbent on destroying the few remaining civil liberties we have was a recurring topic of the night and many interesting point were raised.
Once we seemed to have all who where coming we moved on to our current haunt the 'Darwin Pub'. Once again big thanks to the bar staff for being wonderful and providing such a cool place to meet.
In attendance where....
Me(L-s-L) --As usual
Once again quite a small attendance but one which more than made up for its size with the sheer range of material discussed.
I'm going to mention Cyber D just to get it out the way. It has been decided that the Open D project should support ....
<> A Web/Wap interface
<> AX25 (Packet Radio)
<> Phone ie dial in
<> Voice over ip. ie say "go faster" etc
<> Wireless LAN
<> SSH/Telnet ie command line
After asking for any more standards someone suggested carrier pigeon. Going off on a tangent the discussion turned to implementing IPv6 over pigeon, but the project was abandoned due to lack of carriers (pigeons).
The above aside the rest of the discussion was largely serious covering Security and Liberty topics. The DVD/CD/MP3 issues were discussed, with myself making the point that Sony (TM) and other manufactures are now making portable MD/CD players with support for CD R's and MP3's while the same company is also trying to clamp down upon the distribution and indeed the creation of MP3's. It is my belief that sooner and later something is going to fuck up, hopefully for the better. Also covered was the fact that CD's sold recently have incorporated a (rather trivial) security feature that prevents them from them from been played on a PC. While it is stupidly easy to circumnavigate this, the point still remains that I should be able to play my CD/DVD on whatever fucking piece of hardware I like.
The general stupidity of the British government was also covered with favorites such as the RIP bill been discussed along with the proposed ID scheme. See Stand.org.uk of more information.
Home automation, especially the direction its traveling with fridges having an Internet presence and the security implications of such a system. Imagine having a script kiddy hacking your fridge and coming home to find its just ordered 200000 pints of milk. Also the (possible) security problems of X10 if it takes off. Think how easy it would be to gain access to a houses power line. Clearly although home automation is the future, certain issues are going to have to be thought through before it becomes viable on a wide scale.
Discussion covered the latest 'sploits' including the Apache worm and Open SSH. NOTE BRUM2600 IS FOR A FREE EXCHANGE OF COMPUTER SECURITY INFORMATION AT NO STAGE DOES ANY ILLEGAL ACTIVITY TAKE PLACE. FREE SPEECH IS ONE OF THE FEW LIBERTIES REMAINING (MOSTLY) LETS MAKE THE MOST OF IT.
Lots of other stuff was covered but the main topics have been outlined above. So before I sign off lets have the (mis)quotes of the evening.
"I'm also a lesbian from Colorado" Agent (on confused identity on the internet)
"Get me something girlie and cheap" Bambam (when asked for a drink.) "Like the Barmaid" MinusQ
"I only play with it when I'm asleep" Bambam.
"Not that i'd get caught for anything major" Fizzy. (hhmm!!)
"Go to Mexico, its OK over there" Bambam.
"As opposed to 8 years in prison, which is what I would get if I handed my pass phrase over" Bambam (on the possibility of 2 years in jail for refusing to hand over encryption keys under the RIP act.)
"Its fizzy who really turns me on" Bambam.
Right thats it for another month. Watch the site for details of August.
Photos Thanks Agent :)
Report 1 L-s-L
Report 2 Bambam
Lsl and MinusQ were there when I turned up (late) and Savvy and Zipser arrived not long after. There were few enough of us to move off in cars to the Darwin pub.
Having turned up, it appeared that whomever had knocked down the worthless building next to the phone equipment building had also accidentally left said building with local root hole. Being law abiding citizens, none of us investigated any further, but I believe that pictures were taken.
Someone had the corner seats in the pub, so we pushed two tables together and got down to business. Fizzy had joined us outside, and pink was later to make a surprise entrance, however they both showed their lack of hardcore by leaving early :P
Having finished up, we all left (again) in cars. Thanks to MinusQ for the lift home :)
as in, time to make one: a group partly responsible for knocking back the RIP extension that would have allowed tom dick and harry (in addition to frank, martha and darryl, who already do) to read your email, get your phone logs, etc..
atstake took apart a bluetooth hub, and found the implementation to be buggy as hell, and insecure like a default red hat 6.2 installation. Plans to extend the current 2 metre range to a 100 metre range mean that soon I will be able to take over your fridge and microwave.
our opening subject in fact: quite obviously we are all against them, and the conversation was more about the best tactics to fight them. MinusQ convinced bambam that jail time was certainly not the way to go - breaking them and showing how stupid they are from a *security* point of view (them being a single point of failure for all authenication) would be enough to point out how shit an idea it is,rather than just relying on the obvious civil liberties problems with them. Also pointing out that they don't do what they are supposed to:
help stop terrorism should be enough to stop their introduction.
are apparently looking for a new president. Check them out: www.fipr.org.uk
OpenSSH and other protocol holes
nearly everyone there had had the extensive task of upgrading a fleet of machines twice, and was quite bummed about it. Holes were apparently in the Challenge-Response authentication code (so, skey, secureID, anything like that will use this code), and also other holes which were "believed to be exploitable". Holes in software always come from the deep dark corners of the protocol:
Apache chunked encoding & IIS problems.
Win32 exploits available for apache chunked encoding problems, IIS (unsurprisingly) also suffers from problems with this area of the protocol. Apparently chunked encoding is used for when and http client request sends a file but does not preceed the transmission with the file size. Another dark corner exposed.
one hand fighting the other: the hardware arm is making hardware to rip cd's to mp3s, etc, while the music/software side is trying to stop people from doing that. The general feeling in the group is that the hardware arm will win. Explainations on how copy protection on cds works and how theoretically one might go about breaking it.
idea for new website where we encourage people to firewall off any packets from korea - we know of no-one in korea, and yet we get shit loads of (illigitimate) packets from their from (owned) redhat servers.
in theory is best done from havenco in sealander (a country-come-oilrig) but hosting is expensive, so best to forward from south america, then own a server there and forward the packets on their too - then off to China if possible, and into the US, then wherever.
steganographic file-system to you. A filesystem which not only encrypts, but is capable of doing this on multiple levels such that the same drive will give you different data with different keys. May be usefull if slapped with an RIP info request order.
it turns out that you cannot be named for legal reasons upon arrest if you are under 21, after which you can be named if the police so wish.
A couple more years playing for the over 18s who thought they were too old for that shit then...
and owning your fridge.
due to the ludicracy of the RIP act, you cannot tell anyone if you have been slapped with a request - or else you get 5 years mandatory. So if anyone sits down and tells you that pink bananas: they're pink, and they're bananas, you know what they are on about.
I have not been slapped with an RIP request today you aren't allowed to tell anyone if you have been, but you can tell them every day that you haven't, until you have if you like.
a windblows virus that mutates, and spreads via email, a couple of encouners with it.
google for underground hacker book. heh
What can we control it over? LsL has the list.
operations by remote. Surgery over vpn. very bad idea.
Lsl was on top form this month:
LsL: [with reference to conversation on recent kiddy porn arrests]
"Just out on interest, how many kiddie fiddler pics do I have to have before I get arrested"
worrying, but not as worrying as:
LsL: "it runs x, netscape, & plaympeg, and that's enough for me"
also, showing to characteristic xenophobia:
LsL: [with reference to the whole world] the amicans have bombed the rest: they don't mean to, they just miss..
MinusQ dropped a corker too:
Sav: [to bambam] what do you want? [gestures at bar]
bambam: something cheap and girly.
MinusQ: what, like the barmaid?
-q: who's that ginger tosser now errm....
-q: Just imagine that, they're in the middle of an operation, you crack the vpn and boom! the surgeons dissappear. oops.
Agent: [with reference to tiger, and in a brummy accent] she loves it!
Zipser also opened his mouth (despite his attempts not to)
Zipser: [with reference to CyberD] just be careful about the edject button.
A relatively small meet: but the lower people count allowed the group to operate as a whole. Covered all the relevant topics and had fun. Altogether a perfect meet.