[HacktionLab] HacktionLab Digest, Vol 29, Issue 11

John johnc at aktivix.org
Thu Sep 30 23:42:48 BST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I'll do my best to attend the Bradford meet-up. I'm starting a new job
on Monday as a digital spanner monkey for an ISP so not entirely sure
yet of shift plans etc. I'll confirm my attendance or otherwise as soon
as I know.

I look forward to the proposed workshops on secure VOIP, monkeysphere
and discussions on issues relating to PGP etc.

I've become quite interested recently in jabber/XMPP and have set up
several different types of jabber server including: prosody, openfire
and most recently ejabberd. I've also tested jabber servers with mobile
phone clients including bombus/bombusmod, talkonaut and jabber mix
client on low cost phones that support symbian or j2me clients which
allow for ssl secured text based communication. I'm thinking of doing
some sort of workshop on the above, if I can make it, and also if people
are interested?

Solidarity,
John

hacktionlab-request at lists.psand.net wrote:
> Send HacktionLab mailing list submissions to
> 	hacktionlab at lists.psand.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.psand.net/cgi-bin/mailman/listinfo/hacktionlab
> or, via email, send a message with subject or body 'help' to
> 	hacktionlab-request at lists.psand.net
> 
> You can reach the person managing the list at
> 	hacktionlab-owner at lists.psand.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of HacktionLab digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: A few updates to the web site (ana)
>    2. book again. was:  Hiding Stuff on your Computer (ana)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 29 Sep 2010 13:07:13 +0100
> From: ana <anap at riseup.net>
> Subject: Re: [HacktionLab] A few updates to the web site
> To: An occasional convergence to discuss technical topics
> 	<hacktionlab at lists.psand.net>
> Message-ID: <4CA32BF1.6020103 at riseup.net>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Hi,
> 
> I can't update the website myself I don't think, and this thread became
> a list of possible talks/ workshops for the next camp so, maybe should
> change the subject to "proposed talks for autumn camp" or similar?
> 
> Anyway, below is my proposed addition. I have - unsuccessfully - tried
> to encrypt an external hard drive, so I would love to receive a talk on
> the subject.
> 
> Alan Dawson wrote:
>> 0. Using monkeysphere to escape the hierarchy of x509. A skill sharing session on monkeysphere  ( http://monkeysphere.info ), which uses gpg to sign { ssh keys || http && other x509 certificates }. 
>> This would tie in nicely with a gpg signing session as we are all going to be doing gpg key transitions to 4096 bit RSA keys from the default 1024 bit DSA keys, which are becoming crackable with sufficient computing resource.
>>
>> 1. Using the barrier method for safe and fun social networking.  
>> Developing a series of proxies that allow individuals and groups ( think activists and indymedia collectives ) to insert their content into commonly used social networking infrastructure.
>> Demonstrate a twitter propaganda bot ( insults #tag trolls and positive retweeting activist service ).  Develop an implementation of a no data retention indymedia url shortening and rss->twitter news service. Discuss Diaspora, and possible implementations for privacy enthusiasts.
>>
>> 2. Deep throat.  Can we safely talk through internet ?
>> Results from the voip development discussions and experiments.
>>
>> 3. Our friends in the network
>> Some old school friends get together to share the latest gossip from the radicaltech collective scene, whats open whats not, and who's signing each others keys!
>>
>>   
> 
> 4. How to encrypt your external hard drive.
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 29 Sep 2010 13:25:00 +0100
> From: ana <anap at riseup.net>
> Subject: [HacktionLab] book again. was:  Hiding Stuff on your Computer
> To: hacktionlab at lists.psand.net
> Message-ID: <4CA3301C.608 at riseup.net>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi,
> 
> haven't seen any update on this, and nothing seems to have been added
> since my last edition, so, how are we moving this on?
> 
> Will we want to continue working on the book in this next gathering to
> include these concerns?
> 
> The london anarchist bookfair is in about a months time, it would be a
> great place to make a first appearance ... or not?
> 
> ana
> 
> John wrote:
>> Hi,
>>
>> I think the section "Hiding Stuff on your Computer" i.e.
>>
>> http://www.booki.cc/tech-tools-for-activists/hiding-stuff-on-your-computer/
>>
>> Needs to be completely revised lest we lull activists into a false sense
>> of security just because they've encrypted a directory or two on their
>> computers.
>>
>> It's always been a pain to ensure the ongoing security of a computer
>> once an adversary has gained physical access to it, (e.g. the police
>> have seized it).
>>
>> Here is a list of some of the problems I've come across, read about etc,
>> please feel free to add to this if I've missed anything. My knowledge of
>> cryptography and security is rather humble compared to some of persons
>> on this list.
>>
>> Unencrypted Swap File/Page File:
>>
>> I've written a little about this already but I'm going to recap: On all
>> modern operating systems Linux, Windows, OSX etc. There is a feature
>> called virtual memory. This feature basically allows programs running on
>> your computer to use a piece of your hard drive in a similar fashion to
>> how they use RAM. This kicks in when more memory is required than is
>> provided for by the RAM chips in your computer. On windows this
>> information is stored in the pagefile on your hard drive and on
>> Linux/BSD/OSX etc. it is stored on the swap partition. Unfortunately the
>> information isn't encrypted and stays there after you have shut down
>> your computer. There are freely available tools to search this file.
>> I've retrieved browsing history, wireless network keys etc. from this
>> data with ease. If you use the same password for these resources as for
>> your encrypted files then potentially your data could be unencrypted by
>> a person with physical access to your computer. The best way to protect
>> against this is to encrypt not just your confidential folder(s) but also
>> your swap folder/ pagefile as well. An even better solution is to
>> encrypt your whole hard drive. Various Linux versions have this feature
>> built into their installers and there are plenty of wiki's out there on
>> how to do this. If you're stuck with using Windows (why? ;-) ) TrueCrypt
>> encryption of your whole hard drive is probably the way to go.
>>
>> Firewire memory dump attack:
>> See:
>> http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation.
>>
>> This has been around for a few years now: If you have a firewire port on
>> your PC/laptop and it is enabled it is possible to dump all of the
>> contents of your RAM, Unlock your computer, (that is - if it is on and
>> the screen is locked),and also to capture cryptographic keys stored in
>> RAM. The easiest solution to this is by disabling Firewire in your BIOS,
>> (also known as IEE1394). Note: this has been demonstrated on macs and on
>> PC's running Linux and Windows.
>>
>>
>> Cold boot attack:
>> https://secure.wikimedia.org/wikipedia/en/wiki/Cold_boot_attack
>> http://citp.princeton.edu/memory/
>>
>> When you shut down your PC it can take minutes for the data in RAM to be
>> lost. You can extend this to hours by cooling, (see above). It is
>> possible to quickly cool and power down the RAM chips in a computer and
>> then boot up a tiny version of linux which will dump the contents of
>> memory to disk/ usb drive etc. You can then recover cryptographic keys
>> from this dump and unencrypt your confidential folder(s). This attack is
>> hard to protect against but there are some things you can do: Disable
>> hibernate and sleep to ensure ram is fully powered down when the
>> computer is not in use and also use a second external form of encryption
>> involving a usb drive or other external device.
>>
>> For the uber-paranoid:
>> No system is fool-proof. If your computer/laptop has been
>> bugged/compromised in some way. It doesn't matter how good your
>> cryptography is if your keystrokes are being recorded!
>>
>> See:
>> https://secure.wikimedia.org/wikipedia/en/wiki/Key_logger
>> Also interesting
>> https://secure.wikimedia.org/wikipedia/en/wiki/Van_Eck
>>
>> Cheers,
>> John
> 
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.psand.net
> http://lists.psand.net/cgi-bin/mailman/listinfo/hacktionlab
> 
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.psand.net
> http://lists.psand.net/cgi-bin/mailman/listinfo/hacktionlab
> 
> 
> End of HacktionLab Digest, Vol 29, Issue 11
> *******************************************
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBCgAGBQJMpRJoAAoJELy1jPQ1KER7uAEQAMFWydWh2WkAnCEWBu9KUwFD
2kNhjAocsoL3V3MRb4RyQs+uy3LYo8ET94q4hsyqnLjp/kmW1kMCb87o5n+xbOYB
NE5XI3AsNXdLTmOUyeGegbVCbDw0xUD/JFRa1ZOgWWr+lTGIn+q9G7iHHXkRdXbi
pmTaWrm1JA0Xz4QFtPcj+hYoS/eHePQJxhbPI6a+/jyEHfwkpCkgCCJD00HzLon/
5lUlWX1YonaU1PPD35qzsL9ziEBWVlRgBjr1PjjPClFEibYLHdk6b1Zm/gIy3LsG
UbFU9FQweF6UsTVP2u7gt+74enlqAAEVyHtpPH2fjZKVABLtHjd+RzjvH/BR9aeb
0hpVnulf+Ia81MvCl4yelradCKEjqesYU9OXhXczb5j7Xoy7v1HA+ZkWsF36ud94
qOhnk0ki/pMOmQCNPkIlGPmHI+RMiTArHOCxsRSmTi3tszDyXge+B5rkHpmWU/wY
zPDh1eWWq7o6KaaCOMrsp9MuyQ67Aqk3WGdzQEppRREXtoJWEPiTgsQ3yq7zbjiB
Oi6iaSa2P881ceSNl7PH6xBbN9aWJvntH+R3b/Adg7tHP+OVwNjQla0J0gKt0+Ux
Ya29eGAVpL7W2txK40czyi0bIaT40FJBu0q8Z+ZqAalKXi+W1gXdVxkrjfXQUTux
tGyNrTd2FUfY2YcFABdr
=edVR
-----END PGP SIGNATURE-----

More information about the HacktionLab mailing list