August 2010 Archives

Having never attended a hacker con before I wasn't completely sure what Hope was going to be like, I'd attended 'professional' tech conferences before though and my initial impressions were similar but as the conference got into full swing (by Friday night really) you could start to see the big differences. Mainly it's that everyone at Hope is there because they love technology and they love sharing what they know, there were people of all ages - parents bringing kids (which is awesome), security professionals, interested locals and even the odd law enforcement type standing out like a sore thumb!

The Next Hope 2010 logo

Vintage Computing by Bill Degnan and Evan Koblentz - the talk brought us from ENIAC, through the first mobile computer (built in the back of a truck) and up to the home 'micro' era from kit-computing to ready made systems. The enthusiasm of the presenters was infectious and if you're into your history it's well worth downloading the talk.

Cats and Mice: The Phone Company, the FBI, and the Phone Phreaks by Phil Lapsley - a great history of phreaking from the 50s to the 80s with some very early recordings and accounts of the major lessons learned by phreakers over the years.

RFID badge tracking site

Despite the awesome quality of the talks the coolest part of the con was the mezzanine, there were people teaching basic electronics and playing with a 3D printer in the Hackerspace Village, a whole load of vendor tables (I picked up an Arduino starter kit), an area where you could ride on a Segway (it's easier than you might think) and the infamous Club Mate stand selling the bizarre but oddly compelling German energy drink. Also on the mezzanine was the Lockpicking Village where I learned a few basic picking techniques and the Mid-Atlantic Retro stand where I spent nearly an hour talking to Frank O'Brien about the Apollo guidance computer, the CPU of which he had on display - the idea that man landed on the moon using 36K of ROM and 2K of RAM just seems crazy to me.

Other small highlights included Marco Figueroa finishing his talk by challenging Dual Core to a rap battle with rhymes about C and Assembly, Robert Steele's 8-hr talk that started at midnight (I only made a couple of hours), a screening of by Jason Scott's GET LAMP documentary about text adventure games and social engineer Mudsplatter getting a whole room full of hackers to Rickroll themselves by singing Rick Astley's Never Gonna Give You Up. The closing ceremony was fittingly crazy with Johannes of monochrom standing on the tables at the front of the stage singing The Last Unicorn as part of 'Wikileaks: The Ballet' and then within just 3-4 hours the entire con was torn down by a crew of volunteers and I left with sleep deprivation, a few souvenirs and some great memories.

Event site: http://thenexthope.org/

Posted on behalf of Ash.

By popular demand, the next unofficial mid-month meeting will be on Saturday 21st August 2010 from 15:00. at the usual pub the Nell of Old Drury near Covent Garden.

Subscribe to the London 2600 email discussion list or email this blog via meetings@london2600.org.uk (obviously taking the appropriate communications data and other anonymity precautions if necessary), for the latest details, and to plan future events.

On June 17th 2010, EFF and the TOR project released the Firefox extension HTTPS Everywhere. There are thousands of Firefox extensions. Almost all of which I couldn't care less about. I have no interest in clogging up my browser with additional icons, buttons & menu items. That do something that Firefox already does in a slightly different way. Or will save you 1 mouse click in 10, for a function you don't use anyway. Or even worse attempt to make a browser the only piece of software on your computer. I don't want a browser that is an FTP client, a mail client, a diary, a kitchen sink. All I want a browser to be, is a browser. I know a browser can do all these things (except a kitchen sink) but a browser doesn't do these things well. That's my opinion anyway. So I avoid installing plug-ins and extensions for the sake of it. HTTPS everywhere is not one of those extensions.

Any extension that improves security is worth a look at. The principle of HTTPS Everywhere is simple, when you visit a supported website you load the HTTPS version. This means the content is encrypted. No-one can sniff your traffic. Not your ISP, that's the company interested in selling your browsing activities to marketing companies as an additional revenue stream. Not the government, where the nanny state has run a mock and cannot be trusted to keep it's noise out of your business. Not a criminal, who is attempting to profit from account credentials or hijacking sessions. All in an attempt to help you, by lightening your bank account.

You may have thought your data, your traffic was encrypted all along. It isn't, encryption is an additional burden that the sites you visit have avoided. Your traffic can currently be viewed unless you are connected via HTTPS. How can you tell? Check your address bar, yes grandma the long thin bar at the top of your browser. If the address starts with HTTP, with no S the session is not encrypted. If it start with HTTPS it is, it's that simple.

There is a light at the end of the tunnel, in this day and age many sites do support HTTPS for all their content. By default your browser still looks for the unsecure HTTP content unless told to do otherwise. That's what HTTPS Everywhere does. It forces the supported sites for which currently there are few. To use HTTPS. The ISP, the nanny state & the criminals can still see which server you are connected to. But they don't know what you are doing there. On big sites like Google or Wikipedia this offers considerable privacy protection. As you could literally be doing anything there. On a XXX server it's a bit more obvious. Although they still don't know exactly what you are browsing. Most small sites are on shared hosting, one server many sites. In which case they wouldn't even know what site you are on. Let alone what your doing there.

The extension version is only 0.2.2. So it is young and few sites are currently supported. The good news is that more will be supported over time. After all this extension was originally inspired by the launch of Google's encrypted search option. Yes Google didn't want others to see what you were searching for. I think they did that for a different reason though. They wanted control of who would have access to this information, THEM. But that's another article.

Currently supported sites:

1. Google Search


2. Google API's


3. Google Services


4. Wikipedia


5. Twitter


6. Facebook


7. Amazon (most of)


8. GMX


9. Wordpress.com blogs


10. The New York Times


11. The Washington Post


12. Paypal


13. EFF


14. Tor


15. Ixquick


16. DuckDuckGo


17. Identica


18. Live


19. Mail.com


20. Meebo


21. Microsoft


22. Mozilla


23. NL Overheid


24. Scroogle


25. Gentoo Bugzilla


26. Noisebridge


27. Zoho

You might think that's a pretty short list and your right, it is a short list. But on the list we have mail providers, search engines, blogs, micro blogs, newspapers, shops, social networks, software vendors, hackspaces, Wikipedia, payment providers. Basically a bit of everything. Including some very big names. As is often the case, big names lead the way. Google, Paypal, Twittter, Facebook, Microsoft and Wikipedia are the biggest at what they do. If they are supporting 100% HTTPS, then others will follow.

What's even better is YOU can write your own rules. The EFF have a guide on their website that shows you how https://www.eff.org/https-everywhere/rulesets. The rulesets are a simple XML file. Do bear in mind, you can only write a rule for a site that supports HTTPS.

That about wraps up HTTPS Everywhere extension for Firefox. Until next time.

I wasn't able to attend this meet but from what I heard it was an excellent meet. One regular, said it was the best meet that he had ever attended! It was a small cosy meet. Rather than 30 - 60 people turning up throughout the duration of the meet. It was a quiet 18.

The role of London 2600 'meet & greet' at the Trocadero. Was taken by Zap and 3 others, one of the three wearing the group T-shirt. Which helps the n00bs identify us, this can get difficult from time to time. For example, this month there was again the bull ride, crazy gulf & street dancers. The street dancers were having a competition. Have to get some photos of that, as some of them perform amazing feats. With all this hustle and bustle it can be difficult for the n00bs to find us. But find us the 2 n00bs from Imperial College did.

At 19:30 the 6 attendees headed off to our secondary meeting location. The pub. To have drinks and chat until closing time, is the usual custom. Through out the evening the other 12 attendees turned up. Notable of which were:

• A new London 2600 member (bought down by one of our regular old skool members) who had been to New York 2600 and one of the Australia 2600 meets.


• There was also a member of Dublin 2600 in attendance.


• A London 2600 member who had attended this years 'The Next HOPE' in New York.


• One old skool member. Who hadn't been down for 7 or 8 years. This gave the older members an opportunity to talk about old friends.

Zap bought down an EeePC 701 running Mac OS 7.5.5. He had the following to say on the ailing list. "The emulator was running in Free Dos on a 2GB SD memory card. I chose Free DOS as it is freely and legally available but any version of DOS will do. The Mac emulator emulates an old 68K Mac and runs at a reasonable speed. You will need to obtain a ROM image from a Mac as it is not included with the emulator for legal reasons. Google will help."

• Swiss Army knife pen drive
• Wireless web cam
• PCI wireless card, 54G
• USB to Ethernet adapter
• That was just what two people picked up. There was much more.

One of our members brought down some satellite transmitters. Check the mailing list archive if you'd like them. (Sorry about the unsigned SSL certificate, you'll have to add an exception to your web browser for that.)

Among the topics discussed and in no particular order:

• Cracking Sky default WPA keys, based on SSID's


• Old skoll virus writing, including the destruction of the authors own college work!


• Satellite kit


• Discussion of a new London 2600 secondary meeting location


• The current Wikileaks scenario


• Adrian "I am a cock" Lamo, surprise, surprise


• The latest WPA2 vulnerability, that wasn't a vulnerability


• This years 'The Next HOPE', including but not limited to:


• Steve Rambam's latest privacy is dead talk


• The wikileaks keynote by Jacob Appelbaum and the circus that surrounded him during HOPE and blackhat


• Jacob Appelbaum's phone seizure that could *possibly *result in Julian Assange's location being pinpointed by U.S. authorities


• Attending the next HOPE in 2012

The 2 n00bs from Imperial found the meet interesting, one of which was taking a plentiful quantity of notes with his high tech 'pen & paper version 1.0'.

That about it wraps it up for this meeting report. I look forward to seeing YOU at the next London 2600 meet.

UPDATE: 25th August 2010

Zap's EeePC running Mac OS 7.5.5 included Internet Explorer 4.01.

Extra to: Swag giveaway

• USB hubs


• Bluetooth access point

Extra to: Among the topics discussed and in no particular order:

• Discussion about Wikileaks and their 'insurance' file (http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256 - 1.4GB).

After a drive through some very nice looking Dutch countryside, we come across the first signs of something unusual. There's a pair of lights and what looks like stone walling sat by a little entrance way. A small signed marked "Eth-0" gives away that we're at the correct place. The lack of crowds indicates it's a more intimate affair than CCC or HAR. There's a small drop-off car park next to the single camping field. We park up, show our tickets and then unload in the direction of the camp site. There's a large marquee, a couple of network points and most tents are already pitched. We find a pitch fairly easily at the other end of the field and quickly pitch the tent. We're right next to the power point so I quickly dispense with the twin+earth and just run a small extension lead into the tent. Moments later I run a Cat 5 out the dist switch and we have power and ethernet to the tent. Unlike HAR there's no dark fibre run back to AMS-IX but a wifi antenna just outside the camp gives a respectable 108MB link to the 100M backhaul. With the tent up the heavens open and it proceeds to piss it down for the rest of the day and most of the night. A quick retreat is made back to the lounge where we can have a toastie and get on the web while looking at large crows hovering overhead. There's a single talk venue with some talks in Dutch and others in English. Most of the week is spent either in the lounge or in the talks. It's certainly a much simpler affair to CCC or HAR, fewer people, fewer talks, fewer gadgets, light shows, etc. More of a week relaxing in the Dutch countryside than anything else but still a good week is to be had. They tell me last year there were only about 80 people there, so it's certainly grown some. I can see Eth-0 growing to take up the gap between CCC and HAR, et al. The closing ceremony also reflects the smaller scale. A simple "thanks and see you again" was pretty much all before we grabbed laptops and hit the road. The beauty of the location is that it's only about 100 miles of detour to swing by the location of HAR at Vierhouten and have dinner at the outstanding Novice restaurant!

Posted on behalf of BOfH

Event website: http://eth-0.nl/