May03 Meeting Report.
Brum2600 May 2003

Brum 2600 May 3rd.

A meet with a large attendance including a number of new visitors. Hopefully
we'll see you all again soon. In attendance where....

L-s-L (Me)
I'm really sorry but I didn't catch all the newbies names but they included
Shaun (I cant spell his handle, sorry!)
Uber ??--Someone gave me that name
And Others.

A large meet with quotes far too many to remember let alone write down, I'm
sure bambam got some I didn't. Choice snippets include:

"I shouldn't know this, but I do." --L-s-L

"Its a legally grey area." --L-s-L (When told ? was illegal) *I'm sure its not*

"You could turn Bambi into hardcore porn, all you need is the right one time
pad" --L-s-L

"Yeah you also need one that will turn all your data into 'Fuck you pigs' if
you get raided." --Bambam

"We smoked peanut skins..... we'd run out of dope"
"We spent 8 hours shelling the fucking things" --Anon

"I tried to wire one up once, but I cant stand the smell of burning rubber"

"I met the guy who arrested him, he said he cried like a girl"
--Anon (On Coldfire)

"Give me one of your admins, a quiet room and some power tools." --Anon (On
unconventional attack techniques)

The meet began as usual at Snow Hill, the arrival of MinusQ and entourage
coupled with some meet regulars formed a scary looking mass around the
silver man. General conversation ensued whilst we all waited for the
stragglers. Moving on to our regular haunt, the Darwin proved to be a bad
idea as a live band was tuning up as we entered, retracing our steps took us
back to the HogsHead. Taking over an area to the back of the bar the meet
took off.

the large numbers meant, at several conversations going on at any one time.
The ones I remember are outlined below.

StackGuard etc and why they sort of work but not really. Also what would
have to be done to compilers to make them unnecessary.

This discussion lead onto mail server 'spoits. Their cause and how they may
be prevented. As with many exploits currently available bad configuration
and/or design is as much to blame as poorly written code.

WiFi and bluetooth and why they are bad ideas. Wireless LAN technology is a
joke, even with WEP its a joke. Its useful, but still a joke. Wireless LANs
are becoming increasingly common but clearly the lack of security inherent
in wireless technology is going to cause serious problems, especially in
environments like hospitals.

The developed into telemedicine and why its a bad idea. Picture the scene,
a doctor is performing an operation remotely, the client machine has a
server exploit, the patient wakes up with "You have been owned by xxxxx"
written in scar tissue on their chest. Obviously this is a extreme example.

The recent fluffy bunny arrests provoked some discussion, especially as
fluffy bunny is group and the person arrested may only be an associate.

Less techy conversations included Hacker films like Hackers and Swordfish,
and why, despite the fact the are generally terrible you just have to have a

Various Old skool boxen and why they still rule.

Multinational companies and why they are bad.

Further misc personal conversations far too numerous to mention.

All in all a excellent meet, I hope to see you all again soon.



PS: the guy who asked me about the Freenet project, look at

Meeting report for May 2003 Brum2600 ( by bambam

Outline of meeting {
The world near the silver man was lonely at half an hour before the meeting. Lsl in his
we-can't-be-late neurosis had us arrive extra early so that we might wait around doing
nothing for half an hour. A huge group approached at nearly exactly 7pm. I recognised
some of the faces from brumcon ii, as the suspected feds of that conference.

We had the car to people ratio correct enough to drive to the Darwin. Only to find there was
a band on, so we drove all the way back to the hogshead, where new sofas had been installed
seemingly just for us.

We drank and chatted the night away, and left at kicking out time.

MinusQ was kind enough to give a contingent a lift back home (despite his home being
perpendicular to the path to ours) via N-Sanity's place for bambam to pick up and old
Sparc. Thankyou Mr. N-Sanity :-)

In attendance {
Sclerotik (Spelling?)


Notable absentees { Zipser (Regular), Al (Semi-regular) }

Minutes {

There was so much going on that it was particularly difficult to get even half down on

Submarines and Swimming;

Online "alternative" books {
including how to be a hitman - banned after a gentleman used the skills it portrays
to kill his entire family, and the ganja grower's guide, written by the editor of
the high times.

The fluffy bunny bust at infosec {

Dirty people {

How scripting can cause unemployment {
One attendee told of a story of how a company were "more"ing file and manually looking
for particular strings. Teaching them grep lost jobs. Shocking. Maybe if we just banned
grep then unemployment would be irradicated. Imagine what you could do with a shell script!

Cisco 7200 {

WinNuke {
A story of the state of play when it first came out, and a quick discussion of how it does/
has worked.

Microwave Ovens {
Reload told us all to put our phones in the microwave and call them. Sparks apparently.
Yet to be tested.

The past of Brum2600 {
Was explained to the new comers.

Freenet and legality thereof {
New arguments and thoughts have arisen since the last time this was discussed:

Originally it was concluded that if you have illegal material, or encrypted material on
your machine in any shape or form, you would still be in breach of the law. Regardless of
(as is the case with freenet) you are in possesion of the keys to the encryption of that
material. Therefor the legal interpretation of the law would simply state:
"Download and run this and go to jail".

However; several arguments have surfaced against this.

Your ISP (who is forwarding the material to you in the first place) cannot be expected to
check all the packets coming through it's routers for illegal material. As such they are
unlikely to be prosecuted so long as the majority of the traffic they ship is legal.

Under the freenet project, you become a routing node on a virtual network, and you cannot
be reasonably expected to inspect the contents of each request made by an end node (certainly
since that traffic is encrypted and you don't have the keys for it). So your role on this
network is akin to the ISPs role in providing you with material from the Internet.

Another (slightly more tenuous depending on how you look at it) argument is more general and
directed at uk law more directly: It is illegal to be in posession of material which can be
resolved or decrypted into illegal material. (Alas I cannot recall exactly which law this is
embedded in, or where within that law the paragraph stating that lies, but rest assured I have
read it, and it is there, I just can't remember where. ( if anyone knows)

The problem lies with constantly variable one bit XOR encryption, where the resultant encryption
key (instead of being say 5 or 6 bits long) is the same size as both the plaintext and the
cyphertext, much like you would use a key produced from a one time pad. The problem is this:
One can select any key they wish, thus transforming (or resolving, or decrypting) the cypher-
text into anything one wishes. As such it is possible to have a key (the size of a DVD) that
would turn the DVD of "bambi", the epic tale of a young animal dropped savagely into the cut and
thrust of life in the wild into "debbie does dogs" the less epic tale of a young animal dropped
savagely onto a naked lady named debbie. Or else another key that would turn the same movie into
many copies of the US constitution, or many copies of the paragraph in UK law that states that
the movie of bambi is illegal.

This (as -q raised) is now another issue: when does a key become the data itself? Just because
the diagrams of such crypto systems clearly label the cyphertext, cleartext and key seperately,
now they are interchangable so where is the data really stored?

Maybe if we changed our crypto algorithm to include uncompressing the next block of key before
continuing with the XOR operations. Now the three entities are not interchangable, but could be
made to be so. But then, who knows that the same isn't possible of RSA, or IDEA, it's just that
we haven't proved that you can and we haven't proved that you can't. But then, no-one knows how
to do this with RSA and IDEA, but it would be nearly trivial to do it with our decompress XOR

Clearly a lot more to think about here.

Formula One {
Someone said that their mate said (yes, tenuous I know, but still) that a few of the F1 teams
still don't encrypt their telemetry data at the race track. A pen test there could be tragic.
Still, it inspired some funny quotes.

Car Navigation Systems {
That are expensive and don't work. Humour thereof.

IP Fragmentation {
Was discussed, and it's relation to firewalling and IDS systems.

TCP/IP over pigeon {
Made what looks like it's last appearance. Check slashdot for this - apparently "some german
guy" did it. Sad bastard. :-)

April Fool RFC {
We hope you all read the April 1st RFC about "the evil bit". One of the funniest things I'd read
in ages originally! No-one's laughing now though. This is quite serious now: Quite a few products
are listing that they are compliant with that RFC according to one attendee.

If you haven't read said RFC, then read it! (Google for something like: "evil bit" rfc).

We will be running a "name and shame" page for compliant products and companies. Send in your
entries now!

Quotes {
For all the intelligent conversation and well constructed, well considered points of interest
and argument, there were a few miscreants that missed the usual sanity check performed in the
vocal buffer before flushing IO to the mouth device.

Star Quote {
anon: "I think I met the guy who arrested him [coldfire], he said that he cried like a little girl."

Quote {
Autom8on kept looking in people's bags.

bambam: "Yes, I saw that the zipper on by bag was undone [and knew you'd searched it]"
Auto: "What's amazing is that you didn't notice me going through your pockets in the gents.

Quote {
Autom8on was getting quite drunk by this point.

Auto: "I'm serious, next time you see an old person, just say hello to them, it confuses the hell
out of them - they just can't believe it"

Monstro: "[in huge deep thick welsh accent] He's trying to chat them up isn't he!"

Quote {
"Give me one of your admins, a quiet room and some power tools."

Quote {
Someone brought a "keyring" that was really a "pressure point weapon". This intrigued pink who
started playing with it in the manner of a small child.

pink: "What's it made of?"
bambam: "I don't know. It might be steel."
pink: "No, it can't be steel."
bambam: "Why not?"
pink: "[holding the instrument up to bambam's ear and jangling it furiously] it doesn't sound like
steel does it!"

[bambam laughs his ass off]

pink: "[super-offended and deadly seriously] Dya want me to shove this up ya ass?!"

Closing Remarks and Summary {
An excellent brum2600. Enriched my soul. Just what I needed. Thankyou all and long may we