Föreläsning

...now browsing by category

 

Summary of Hacknight #2

Thursday, June 24th, 2010

Hacknight
We drove down to Hacknight #2 at Forskningsavdelningen a Hackerspace in Malmö. I was thrilled to be in the car with “my boys” from GHS and Telecomix here in Gothenburg. There’s always a special feeling taking the car somewhere together, there’s bonding and talking about the most wicked things. We actually got some good ideas out of it. But this ain’t the time nor the place to tell about it.

Utkanten

Hacknight #2 started with a talk about Crypto Activism by chrisk, which was a presentation about Telecomix Crypto Munitions Bureau. Since it’s part of the Telecomix network, and I’m part of that there wasn’t really much there that I didn’t know, but it was a good presentation. Chris is really good at this stuff. I like the whole cypherspace and cyberspace difference.

brokep - Peter Sunde about the Pirate Baybrokep (aka Peter Sunde) talking about the Pirate Bay. There were some new things in there that I hadn’t heard before. The biggest joy of it though was to see him present it.
The whole story about the Pirate Bay is quite amazing, and I really love the responsibility that they have taken since they realized what a big influence they have on the online community.
I managed to walk up later and introduce myself as well. I have this small Flattr spreading idea. We’ll see how it works out.

Samira Ariadad about Netbased CommonsSamira Ariadad – Netbased Commons, Shared areas, both in real life and in cyberspace. There are some restrictions online, but most often not more than a registration that does not cost anything. In real life there are not as many common areas to reside. Hopefully we’ll be able to open this up more. She opened some interesting thoughts in my head. and I thank her for that.

I missed the presentation of Mandos but caught the guys discussing it later in the night, and it seems really interesting. Will be interesting to see how things develop with it.

Raccoon – Blackthrow, earlier the same week Agent x had made a presentation about the Blackthrow at the Telecomix Conference. Raccoon was supposed to be the original presenter, so I was glad to see him present it here instead. I like the whole idea about the blackthrow, and there area some great ideas coming out of it as we speak. We’ll see how many hears it will take for the blackthrows, blackworms and blacksplashes to conquer the world!

After the presentations there were lots of hours left. The beers started flowing, I must admit I had already started, and the night wore on. I got to talk to a lot of interesting people. Working through some of the ideas I had in my head and so forth.

Micke Jämtsved went with us on the trip down. He’s actually from Stockholm, but had stayed in Gothenburg since the Telecomix Conference there.
Also agent Nipe, who is one of the Pirate Party’s prime candidates (personal opinion), was there. He had brought the RepRap, but was soon on his way to spend two days at Dreamhack.
Forskningsavdelningen them selves seem pretty happy about the turnout of the event.

NRLI, Northern Lights, a vodcast crew attended the event as well. They had a little corner where they interviewed a lot of people. Will be interesting to see the footage later.
Some pictures were taken by different people

On the drive home we talked a lot about what how amazing we all thought the night had been. We also buzzed a lot about how both Telecomix and Gothenburg Hackerspace can carry on their work to save the world. Some of it involved more road trips, conferences and blackthrows!

Posted in Föreläsning, Internet, Konferens | 3 Responses »
Tags: , , , , , , , ,

raccoon – Blackthrow

Saturday, June 19th, 2010

Svartkast - I'm installing it for u nau

Blackthrow – Svartkast
I wrote about an earlier persentation during the Telecomix Conference

It’s about being able to setup a computer in a hidden place to collect information and send it to somewhere.
THe name is derived from Black box, and you throw it away, thus Blackthrow.

Kamakazie box. You might not be able to physicly reach it.

Blackfax, black cylinder paper loop.

It can be used for “bad” stuff. But it can also be used for good stuff in places where free speech is prohibited, since the governments are survailed all the time. This is a usage area.

You should put these boxes in strategic places all over the city. Through which you can build up a mesh network and use it for whatever you want.

There are alot of different ways to connect them and use them.

You can use any machine that can use linux, to build a Blackthrow. Single board devices is a good choice.

Make sure the machine can not be traced back to you. If you would use it for whatever reason the government might not like, it is in your best interest to protect yourself.
Clean it up from fingerprints or whatever you can. Labels, and marks. Use ram disks or memory disks.

Use TOR, use the reverse services, hidden services. So you can connect immedietly to that machine.

There are two examples of versions you can make of this. The “svartplask” which basically is black splash and the “svartmask” which means black worm.
The Splash you make waterproof and throw into the water. And the worm you burry in the ground.

Posted in Föreläsning, Internet, Konferens | 3 Responses »
Tags: , , , , , , ,

Samira Ariadad – Netbased Commons

Saturday, June 19th, 2010

Samira Ariadad, från tidningen Brand.

Då det var matpaus så missade jag när föreläsningen började, vilket var synd. Jag satt alltså och åt medan jag lyssnade på henne. Men kontentan är:

Likheterna mellan allemansrätten i den fysiska världen och online är enorm. Det finns ett problem med att de allmänna utrymmena försvinner i likhet med hur det arbetas med att begränsa internet.

Vi behöver fler tillgängliga, och fortsätt tillgängliga, offentliga rum. Både i den fysiska verkligheten för utrymmen som detta hackerspace, och online.

Posted in Föreläsning, Internet, Konferens | 2 Responses »
Tags: , , ,

brokep – The Pirate Bay

Saturday, June 19th, 2010

Peter Sunde starts his talk by telling us about how he started copying.
Just sharing with friends without thinking about anything other than the sharing, and being nice.

Joined Piratbyrån, where they later started up The Pirate Bay. They wanted to open up a site to share torrents. It was the one website that never went down.
We made a trio. One for media relations, which was himself, and the other two for technical work.

The Pirate Bay was in swedish in the start. When the other big sites got locked down they were the only left. They have 35 languages now, translated by users.

Staticial Information:
Closing in to 100.000 tracker connections / second
TPB mediating around 60-65% of all Bit Torrent Trafic
BitTorrent estimates at 80-82% of all internets trafic
that means over 48%

Pirate Bay was continuously growing, and they kept going, wanting to test the legal system.
When growing you realize that you gain alot of influence.

Made The Pirate Bay an artproject. The bus, and was invited to the biggest art event in Europe. It was painted really nicely. Still running, headquarter when at trials.

The Pirate Bay will never be shut down.

He continued to talk about copyright and the way of the world and how it has evolved.

Posted in Föreläsning, Internet, Konferens | 3 Responses »
Tags: , , ,

chrisk – Crypto Activism

Saturday, June 19th, 2010

Telecomix Crypto Munitions Bureau.

Chris starts with explaining how the Telecomix Crypto Munitions Bureau. It promotes the public knowledge of computer cryptography and software that can hide you on the internet.

Cyphernetics is the study of how to controll regulatory systems of any kind; technological, social, biological and mathematical systems. Cyphernetics, on the other hand, is similar to the study of sybernetics, but does not rely on that the entire system is known or controlled from one single point. Rather, cyphernetics is the study of how to do things in states of chaos and uncertianty.

Cybernetics was developed in the aftermath of the second world war.
In biology cybernetics is how to control an ecosystem.

Cybernetics Alpha, is hierarchical structur. With a leader/central nod, Government for example. Like the Soviet.

Cybernetics Beta, decentralized cybernetics system. Not a single top. Have a parliament, with constitutional rights. Dispursed power into the lower parts of the system.

In history these two systems, Alpha and Beta, they produced the Internet.
During the cold war both US and Russia was working nuclear weapons. In the US they wanted to construct a system where computers could survive a nuclear attack. The Alpha and Beta system would fail under it. They had to build a system that would not.
A distributed network can surive, since it will find more than one way.

Technological development isn’t really rational.

Cypher, means code. Code produces an uncertainty relations. The lolcat can be encrypted. We can produce an uncertainty relations with the cat. We hide the cat in a box, in the tunnels.

We need more people to work with us. Join us!

Usefull links
crypto.telecomix.org
cryptoanarchy.org
werebuild.eu
interfax.werebuild.eu
christopherkullenberg.i2p (the presentation)

Posted in Föreläsning, Internet, Konferens | 1 Response »
Tags: , , , , ,

Agent endrazine – Zero Crypto

Thursday, June 17th, 2010

Start: 14:37
What: Agent endrazine
Full disk encryption : distributed (via cloud computing) brute forcing preboot authentication passwords using x86 real mode bootloader instrumentation. This talk attempts to provide orders of magnitude regarding what is and what is not computingly breakable (and at what price !) regarding HD encryption. Featuring a heavy load of harcore 16b real mode assembly and live demos of the brute forcing of Lilo,Grub (MD5 mode) and Truecrypt. I will also cover the Bitlocker/Truecrypt plain text password leakage I previously disclosed at Defcon, briefly.
Watch it: on Bambuser

The only way to keep data secret is to encrypt it. The best way to keep it is full way full disk encryption.

Introduction

Goals of the talk is to demonstrant that there is to brute force a preboot authentication password. The ones in bios, or in bootloaders.
Give an estimation of how much it would cost in cracking on full encryption software using a generic instrumention methodology.

Cryptographic softare is mostly legalized in both North and south america and europe.
Wikipedia: In China, a license is still required to use cryptography. Many countries have tight restrictions on the use of cryptography. Among the more restrictive are laws in Belarus, Kazakhstan, Mongolia, Pakistan, Russia, Singapore, Tunisia, and Vietnam.

Cryptography from a government point of view is a superinteresting target. DES was designed to be resistant to differential cryptanalysis, a power ful and general cryptanalytic technique knwon to NSA and IBM, became publicly known when it was rediscovered in the late 1980s.
Cryptographic softwhere can be backdoored, this is a reality.

Non Tech people will say: “if it fails just go for brutefroce.
But how do you do it? There are no public tools. If you want to bruteforce it you will have to write your own operating system to brute forice it.

Keyboards internals

Endrazine gives us a Boot sequence overview, in order to further explain the full disk encryption.
CPU – > Bios EEprom – > IVT, RAM, Bootloader, Kernel.

Bios internals for keyboard management

Interaction with the keyboard, we need to understand the whole chain from the computer to the keyboard.
In your keyboard there’s a Pic, in the motherboard as well. Unified key scan codes. The data from the keyboard is stored in the bios keyboard buffer.
The password will be saved in physical memory forever.

Brute forcer design

The challanges are instalation and initial control flow modification (bios firmware, other media, mbr replacling/patching)
maintaining control (bp, ivt hijack, reroutning)
Get the source code.

Experimental Results

It is doable
The cost of hashing algorithms (md5..) is negligible in the cracking process
hashing algorithms: we tried 700 passwords in 30s. truecrypt: 10s/password (wohw!)
Time taken: Irrelevant (cloud computing)
With enough computer power you can break any given password within 1 hour.
Check the slides for more results.

Conclusion & bonus!

Bruteforcing is physically doable for both hashing algorithms and complex symetric systems
Bruteforcing remains unpratical against truecrypt so far (6 passwords / minutes, recommended pass phrases of length 20)

Not using TPM like technologies allows attackers to take advantages of distrubuted comput ing making the brute time irrelevant.

Presentation slide

Posted in Föreläsning, Internet, Konferens | 2 Responses »
Tags: , , , , ,

Agent jwalck on I2P

Thursday, June 17th, 2010

Start: 13:37
What: Setting up websites and running advanced services in the i2p-darknet. Agent Jaywalk will present how you may publish websites, blogs and other services without risking corporate or government repression.
Watch it: on bambuser

Sources and destination. It’s what you have in routing i2p.
If you work a server it’s as easy as running a server on vanilla internet. Except that it’s hidden
If its down its down if its up its up.
eepsites. experimental deepsites. Noone will know who uses the stuff on the sites.

Agent jwalck goes through how it looks when a i2p is set up.
On the default site you get all the information how to host the i2p and, how to regetser a domain and so forth.

The server setup is similar to the setup for the client.
Always backup the destination key. the information will be lost if you lose it. The domain-name will die.

I2p has started to increase lately and is up and coming again. Continued developments will be interesting.

Posted in Föreläsning, Internet, Konferens | 2 Responses »
Tags: , , ,

Hacknight #2 here I come

Thursday, June 17th, 2010

Hacknight i regi av Forskningsavdelningen i Malmö, det lokala Hackerspacet.
En kväll, start 17.00, och natt med föreläsningar och följande workshops. Om Crypto Activism, Blackthrows, Mandos, The Pirate Bay, Netbased commons, Lockpicking, All you can 1337, Beyond bleep-blop, Retro Computing Corner, PGP Key signing party och mer.

Schemat som så verkar inte satt än. Men jag ser fram emot en sjukt underbar hacknight med underbara människor. Vi kanske ses där!

Posted in Föreläsning, Internet | 5 Responses »
Tags: , , , , ,

Agent X on Blackthrow, Svartkast

Wednesday, June 16th, 2010

Start: 16:37
What: Presentation of the svartkast technology
raccoon xor from the GHS munitions factory presents the svartkast technology and how to deploy cipherspace nodes in existing infrastructure. The svartkast can be used to create secure and completely decentralized (owner-free) channels of communication to be used in situations where freedom of speech is critical, and in situations where it is impossible to interact with the ordinary Internets without having a traceable origin. Example scenarios are during war-time, in regimes that throttle the Internet connectivity (Iran, China). Usage of svartkast, or similar technology, is however definitely not limited to these circumstances. Everyone has the right to communicate freely, without corporations and authorities surveilling our correspondence.

Damn smokes, missed most of the presentation.

The idea with the Blackthrow is to build a small computer that can be hidden inside government agencies or corporations. It connects to the TOR or I2P networks and publishes its SSH server as a hidden service in any of these networks.

It’s for an educational purpose. Building it will give you a learning experience about network and the technologies used.

It’s a proof of concept that it’s impossible to stop people to talk about whatever they want.

Posted in Föreläsning, Internet, Konferens | 3 Responses »
Tags: , , , , , ,

Agent kugg on the Security of PPTP

Wednesday, June 16th, 2010

Start: 15:37
What: Agent Kugg talks about the security of PPTP
Many larger VPN companies use PPTP for securing their customers. Kugg will talk about PPTP and show some de-anonymisation weaknesses for different setups. These techniques are actually used by government and private agencies to identify individuals using VPN.
Watch it: On bambuser

Don’t miss Hacknight!

Poptop and misconfigurations
The misconfigurations cause you to be not as anonymous as you think you are.

What is a VPN service?
It’s a virtual private network. It creates a local interface on your
What is a proxy?
It’s a relay of a request.

Errors:
You need a proxy for every thing. FTP, Gopher, SOCKS host.
It can be easy to fuck up here. It is often used as a deanonymisation

Flash don’t care, about your proxy. It will work with your real IP.
WSword, if you have a link in or to a document, it will reveal your IP.
Quicktime as well.
These does not respect your proxy settings.

Check www.decloak.net for information about how you’ve failed in your protection.
Proxy-Authenticate, for TOR-nods and such. Gmail, has Flash objects to figure out your real IP.

Velcme to the virtual private network! Everyone in the virtual network are on the same network. Which is a problem. You are exposing your entire harddrive, domain and mac adress.
nbtscan -m .t2000 -qv -s/
When scanning the network we find alot of information about the connected machines. Through this search, ones a day, you can find patterns, and start following the information you get.
It’s bad that they will get exposed. The people who are not exposed are the ones who are not showed in the list, but they are still pointed out.

On Bittorrent Anti Piratbyrån is found to have used Ipv6 to detect your real IP.

    PPTP Creates VPNetworks
    If Clients are not seperate they will expose each other
    IPv6 and pptp don’t match turn ipv6 off?
    Ms windows firewalls are stupid
    The known authentication mechanisms for pptp authentication are to weak. (EAP-TLS works if there are a public key exhange)
    Web browsers are dangers and hard to harden

Endusers needs help!
We need to detect flaws and expose them, and fix them. Make up new services.
Try and support OpenVPN
Teach SSH and share
Never leave a darknet

These are good systems, they just need to grow and be nurished and formed into something better.

Don’t miss Hacknight!

Posted in Föreläsning, Internet, Konferens | 6 Responses »
Tags: , , , , ,

Agent Felix Atari on Internet and AFK Tunnels

Wednesday, June 16th, 2010

Start: 14:37
What: Agent Felix Atari talks about the Internet and AFK tunnels
The act of tunneling has gone through a socio-political change in recent years. It is no longer associated with closed groups, sect-like behavious and hiding away from the mainstream. This talk will argue that developing tunneling technology is the very prerequisite for remaining open at the surface and feature an exposé from dark nets to sunny mexican pirate markets.
Watch it: On bambuser

Since I was late I missed some of the presentation, and I will write what I caught.

Agent Felix Atari made an interesting analogy about the layers of communications in a way of layers in the jungle. It’s not just a plain surface.

Tunnels can only be closed off at the entrances, but the tunnels are still there and the information within the tunnel is still safe.

A problem with tunnels is that the laws can’t stop what goes through them. The communication, may it be of product or just normal communication, will find a way anyway. It undermines this binary power of borders.
The border between Mexico and US is made as an example.

No matter if you have a border or not, there is a slow degredation. The borders will move. Even if they have to go into the ground.

Surveilance wont stop or fully control. It will only make it slower, but never stop the process completely since the information always can go through tunnels.

Ciphersspace is just as cyberspace, but a little slower.

Discussion:
There are tunnels who are ever ending, and with no entrances.
Examples of being cut off from earth, in tunnels making a living in there.

Have you studied the similarities between the i2p tunnels and physical tunnels? With enough force you can destroy physical tunnels, and you should be able to with i2p as well?
Tunnels are temporary, they are built, and moved and rebuilt and so on. You can fortify them, if they are used for a longer time. Within filesharing you move a tunnel to somewhere else when a vonerability is found.

The information that is submitted through tunnels are usually short messages, which makes tunnels work even though they are slow.
Cipherspare sites have different esteics since they are slower, and need to be able to go through easier. It’s going back to web 1.0.

Could the tunnels be exploited? At the mexican us border, where mexican put up sweatshops near the border in mexico. So people move closer to the border to get the jobs and pay. The transportation from mexico to the US gets deminished. IS there anything similar going on in i2p?
Tunnels attrackt all different kind of activity. Look at the mexican border, drugs, and so forth. Tunnels often operate in intense zones.
Yes tunnels can be exploited.
If you want to spread something, you could create a buzz in the tunnels that there’s a leak, and have it spread back to the surface.

Erupted in a discussion about urination and bushes. Remove places where people can pee, and then “stake out” the areas where you have to go to pee, and catch you in the act.

Leaks and infiltration is a way to get out information from hidden tunnels, It can be tunnels in the government communication or other hidden. There are tunnels everywhere.

Posted in Föreläsning, Internet, Konferens | 2 Responses »
Tags: , , , , , ,

Försenad till Telecomix Conference

Wednesday, June 16th, 2010

Jag var försenad hit, så det kan gå. Men nu är jag här och det kommer bli två mycket intressanta dagar med föreläsningar och aktiviteter/workshops.

Ser många härliga personer här redan nu. För att nämna några:
Isak Gerson, Jimmy ‘HerrKanin’ Callin, Christopher ‘chrisk’ Kullenberg, Rikard ‘razor’ Fröberg, Göran Widham, Mikael Jämtsved och Magnus ‘monki’ Eriksson, som just nu föreläser.

Uppdateringar kommer fortlöpa under dagen.

Posted in Föreläsning, Internet, Konferens | 1 Response »
Tags: , ,