Mar02 Meeting Report.
Brum2600 Mar 2002
Having met as usual at Snow Hill Station, a third of our number moved on in the car, whilst the rest were left to flounder in the street. Conversation on the way included SQL and NT.
With such a large meet, we were a little worried that we may not be welcome in the dot comm cafe; to our surprise the situation was totally to the contrary. The manager was in (recall that we kept missing him before) and chatted away with us happily. We showed him the site and he seemed more and more impressed. I think we may have just caught him at a bad time in the past - this encounter was much more pleasant. Maybe we have been there enough times for him to realise that we mean (and will do) absolutely no harm to him or his business (or his computers).
No-one really used the computers much (as charges are now incurred), but AlDelarge showed off his nice new lappy (running WinXP) and "FBI" style theme. (Although Mission Impossible would have been more appropriate: "This Kernel will self-distruct in 5 seconds..."
We left Dot Comm with a warmer, fuzzier feeling than ever before: due both to the amount of alcohol consumed, and also the friendly (and more relaxed than previously) staff. Chips and Microsoft .Net were next on the agenda.
It was here that bambam's big plan was revealed: Having fed (yes - that is a pun :), our route took us into Brindley Place (the Neo-executive, post-depression, Feng Shui enhanced, Corporate centre of Birmingham) Where the congregation broke into a single-file march around the square and back out again, while bambam made a map of the location and where the CCTV cameras stood for footage requesting under the Data Protection act. A whip round was meant to occur for the tenner, but it looks like he'll be paying for it himself. Keep your eyes open for updates and a full project report on this one.
The two-fold advantage of the social protest march evident, the group was buzzing all the way to and inside the Darwin pub.
Fizzy, Muftak and Pink left early to go to a club. Lamers. :P
Here the conversation started proper, and conversations included:
Does anyone know the Korean for "Stop using Redhat 6.2, or you will spend the rest of your days getting as owned as you always have been: Redhat 6.2 wasn't even good when it came out, and you only use it because of the language support, whereas if you learned to speak (or at least read) English, or got (as a collective) a translator to translate all security advisories into Korean, then you might be a little (cough-understatement-cough) better off"
No? Oh well.... :))
Whether or not it is fundamentally harder to write exploits for, or whether it is just the lack of gain for the effort that means there aren't that many exploits in the wild for this platform.
bambam: "Things not being worth people's time and effort: Your enemy, and ... also your friend"
Mostly just discussing the legality of requesting the footage.
Why we should go to war with them just so kiddies have a playground that actually _has_ some infrastructure (unlike Afghanistan). Also the legality of crypto there - MinusQ seems to think that civilians might be able to use it nowadays, but bambam assures us that it never used to be the case.
"Comments" email address
For members to send random thoughts and comments on news and things to, to be added to the meet reports and quotes at the end of the month.
DVDs and home cinema systems
Their comparative merits.
How to make yourself stand out from a bunch of other applicants to a corporate infosec job by using different words that mean the same thing as your title.
"Try using \"Digital Combat Specialist\" instead of the frankly dull \"Security officer\" " says AlDelarge...
"As hackers we can sell ourselves under many different guises: Source Code auditers, Penetration tester, etc.."
That would be the "Regulation of Investigatory Powers" Act [www.hmso.gov.uk/legislation/2000/RIP.html, or somthing like that] (UK law) and wiretapping allowances for the police. Everyone needs to read this one.
National Security Monitoring
Bambam shared his thoughts on the possibility and practicalities of mass government internet traffic analysis:
"Whether they do or not is academic, the point is; they could. There would be no way to tell. I would like to make the assumption that they [GCHQ] are at least as smart and organised as me, and what *I* would be doing if I were doing there jobs is this: Monitor all traffic that I could get my hands on and analyse it using broad pattern matching algorithms, when a match occurs, all that section of traffic (as defined by the algorithm) would be stored and flagged for further analysis. In this way I would build up a several levelled system, with only the last level being deemed worthy of human analysis. That is certainly not the only thing I would be doing either: That would just act a background monitoring, while certain individuals previously flagged and discovered warranted human interest."
"But we are talking about organisations who quite honestly can't organise a piss-up in a brewery"
"The human analysis however [this term is taken to mean analysis by a human rather than automated pattern matching algorithms] will be directed towards actual terrorists, and other threats to national security, not people breaking into web sites"
"This is why I want to set up some encrypted network on top of the internet, a huge encrypted VLAN, where anonymous mail drops out of a random box, and with web-proxying etc.."
"My only concern with that is that as soon as you start doing that, any change is automatically adapted for: you move yourself up the flagging system and get more processor time allocated to you. In order to make a sucess of it, you would have to make it *very* secure in order to make it not worth their while cracking it."
"As soon as you start encrypting, you draw attention to yourself"
"I think you should just communicate in l33tsp3@k, that way you'll get dropped from their analysis system immediately"
"They could quite easily construct a database of how everyone is inter-connected, who they talk to, how often they talk, etc.. using other stuff, phone records and that, not just internet traffic."
Critical National Intrastructure
"This is a governement term, used to describe what is most important to keep running in the event of a national emergency, it includes things like electricity grids, phone networks, etc.. Nowadays, the government is including computer networks, like the Internet in general, and certainly the GSI (Government Secure Intranet)."
"So logically, they will be needing techies and representatives from that industry to sit on some sort of government committee, or at least be in good contact with those who administer the CNI?"
"In fact there is a number sitting on most networks/switches which is used so that higher priority calls can be made in the event of national emergency: Other calls, like someone calling their grandmother to see if she was in London the day it had a Nuke dropped on it, will be dropped so that essential communication can take place."
bambam: "And if all that isn't evidence of him [MinusQ] being a fed, then I don't know what is!! (but thanks for the info anyway :))))"
GSI (Government Secure Inranet)
bambam: "I hear many people talking about the government secure intranet, some saying it definately exists, others refuting that. I know that if I were them, I'd have one: Does it actually exist?"
Bob was saying that all his web-mail accounts seem to have useless spam filters, that drop intended messages too in the only way you can configure them.
Anonymous: "Yeah, there are some crazy ones: Like the Dildator, half dildo and half vibrator, and others that electrically stimulate the genitals directly, like those stomache exercise electro-shock things."
Anonymous2: "That could be painful, I'm not sure I'd want to test that one out"
bambam: "well, write the drivers for them, and i'll debug it :)) It is the ultimate test of confidence in your own code: Do you trust your penis with it??"
All talked out, brum2600 again drew to a close and dissappeared; like ice that melts and flows away, like a feather in the autumn breeze, like Kevin Spacey in the Usual Suspects.
An excellent meet which started slowly, with a nice trip to dot comm, but then really picked up with the CCTV march (see the photos) and Long converstations in the Darwin Pub.
With so many people, it couln't fail to go well - one of the best meets ever.
Many thanks to all who attended and helped make this meet so good.
Long may we continue.
This month was particularly good for all phrases messed up:
Re-LoaD: "I miss being a slapper"
AlDelarge: "I don't use big words, they scare me"
Bambam: "If microsoft _can_ buttfuck you, they _will_"
LsL: [with reference to some dirty mags which someone brought, which very quickly dissappeared into his bag, and with a look of defence] "That's salable material"
LsL: [presumably on a drive to incite more hatred against himself] "The Welsh aren't really a race"
PapaLazarus: "Someone's taken my trousers"
Savvy: [with reference to lsl's love life] "No wonder he looks depressed"
At this point I would like to apologise to savvy, as I can't remember what was said immediately before that last quote: All I know is that it made that quote the funniest thing that was said all evening.
AlDelarge: [to bambam] "No, you're too intelligent to become a bouncer.... and you don't have the right physique - your knuckles don't even reach the floor"
Re-LoaD: [in the ongoing cyber-dildonics debate] "Have you ever licked a 9v battery? .... Say no more"
Zipser: [with reference to the curry] "I don't know what's in the Red stuff, but the White stuff is alright"
Quotes seem to have become a major part of these monthly reports and as such
I now present some of the best.
"I miss being a slapper"
"I dont use big words they scare me"
"If Microsoft can buttfuck you, they will"
[Holding a chip paper] "Where can I put this, Please no ass jokes"
"Its more fun with a gun"
"If its gets too hot, put a bigger one in"
"Its going to be so disapointing for him when she tells hims shes got a scat
"Im going to get myself casrated"
Any quotes supposedly from me, quoted in other reports may have taken out of
In attendance this month....
The meet began,as always with a gathering around the silver man at snow
hill station. By about 7.30, already having caused much alarm to passers
by, especially the undressing of Papa Lazorus, we decided to give up on
the few absenties and moved on to the by now infamous Dot Com Cafe on
Broad Street. The sensable and lazy amongst us rode the short distance in
comfort, the others walked. Once we had swamped the cyber cafe, we decided
that on this occaision a new method would be used to get on the right side
of the manager and bouncer. Firstly we didn't use any of his computers,
secondly we took full advantage of the drink offers and thirdly, most
importantly Reload decided to show him our site. This endeared us to him
imeadiatly when he saw that his shop and staff all had very nice pictures
on a web site. meanwhile I was standing a short distance away praying to
any convenient god that he didn't read our (specifically mine) reports,
especially the sections refering to him and his bouncer, and us taking the
piss over the lax security. Thankfully I believe the reports have now been
After farting around in Dot Com we decided, with much persuasion from
Bambam that it was time we moved on and did something useful. In this case
the chosen project was requesting, under the data prtection act any CCTV
footage of ourselves. Naturaly we first had to ensure we had some CCTV
coverage. With this aim in mind we spent a happy few minutes trudging in
single file around Birminghams most pretidiuous areas waving madly at
security cameras. This probably sounds like a really crap way to spend a
few minutes, but just imaginge the affect 18 laughing computer geeks,
waving madly had on passers by, while walking in single file, before
attempting to duck Fizzy in the fountain.
The main entertainment of the evening, was as ever laofing in the Darwin Pub
here subjects as diverse as Reloads warze and cocktails where discussed.
Much discussion was also given over to encryption, the strenth and need for
which was talked about in detail. Security and encryption were the major
topics of the evening but this meet, perhaps unlike some recent
gatherings was a major forum for many varying disucussions, far too numerous
to mention here, even cyber dildonics made an apperance.
C U all in April.
X-inform: There is nothing interesting in my headers Bitch
Someone else has watched the matrix.
Smallest handheld digital camera.
Mention of an investigation by law enforcement into the reccent collapse
of a uk ISP. A man in the pub suggests the official explanation
may not be entierly accurate.
Not much interest in an announcement mailing list so check brum2600.net
regularly for news of brumcon 2.
exploits. Collation of surveillance data. Does crypto draw attention.
Alternate uses of self heating coffee cans.
Chewed kola nut pills taste like dried sheep excrement.
PapaL wants to be a guinea pig for 3G location tracking. He envisages
a webpage displaying the position of the group, and perhaps our distance
from landmarks such as the chip shop and manholes containg telco backbones.
Would anyone like to aquire a GPS, portable computing device,
mobile with flat rate SMS, a stationary mobile, a web host
and combine with some ingenuity?
Those concerned about personal privacy might be less enthusiastic. Why not
provide as much identifying information as can be fitted into an SMS message?
Light level, air temperature, compass bearing , cell
numbers and signal strength, sound level (over 90db==in the dot comm cafe),
heart rate and brainwave patterns.
Suggested further reading, google for APRS, GSM AT commands and the