SecuraByte Episode 3
Last night we did a spontaneous hour long interview with the guys from HacDC, a Hackerspaces group.
Hosts:
Rob Fuller - Mubix
Chris Mills - ChrisAM
Chris Gerling - Hak5Chris
Guests:
Nick Farr - Treasurer HacDC
Mitch Altman - NoiseBridge San Francisco, Hackerspace
Bryce - HacDC
HacDC and Hackerspaces.
What is a Hackerspace?: Physical space where hackers make things, in
person place to do things rather in addition to online. People can
work on their own projects and collaborate with others.
Mitch has been working on Brain machines.
Tips on how to start a hackerspace:
- Visit a hackerspace
- Document on Hackerspace design patterns (PDF).
- Go to Visit: Hackerspaces.org and email questions about getting started to info@hacdc.org
- Last Hope Talk: Building Hacker Spaces Everywhere: Your Excuses are Invalid - Nick Farr and Friends (MP3).
If I am not a member, can I go: Yes!
Some hackerspaces mentioned:
NY Resistor (New York City)
C-base (Berlin Germany)
The Hacktory (Philadelphia)
Mitch working on SF Space, NoiseBridge
Join the NoiseBridge email list
Intersting Hackerspace projects:
Project Blinkenlights was a light installation in the Haus des Lehrers
building at the Alexanderplatz in Berlin that transformed the building
front into a giant low-resolution monochrome computer screen.
tmplab - Paris, France Hackerspace (French)
The Columbia Heights Wireless Project aims to provide wireless access to
the Internet to HacDC’s neighbors in Columbia Heights. This project, in
three phases, will help test different technologies and methods for
providing this access as well as building local neighborhood IT
infrastructure.
New Season of Hak5!
A new season of Hak5 just began with a bang with Securabit’s own Mubix showing off the open source forensics and intelligence gathering tool Maltego. Look for future shows featuring both Mubix and Chris Gerling.
SecuraBit Episode 9
On this episode of SecuraBit:
Multiboot Security DVD
Mubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to boot common security distros, all on one medium!
OS Choices:
- Backtrack 3
- Damn Small Linux 4.2.5
- GeeXBoX 1.1 (not geekbox )
- Damn Vulnerable Linux (Strychnine) 1.4
- Knoppix 5.1.1
- MPentoo 2006.1
- Ophcrack 1.2.2 (with 720 mb tables)
- Puppy Linux 3.01
- Byzantine OS i586-20040404
Make it into a bootable (NTFS formatted) USB stick using Unetbootin
Some distros the Securabit guys would like to see added:
RedHat/Fedora OpenSSH Compromises
As noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised.
The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised
- Stolen SSH keys are used to gain access to the system
- After that, rootkit “phalanx2″ is installed and steals more SSH keys
- Obviously this could be used to install any malware at all
The RHEL offshoot CentOS was not affected by the compromise.
Joomla Vulnerability
- US CERT Joomla! Password Reset Vulnerability
- Joomla Core Exploit Announcement - Password Remind Functionality
- Joomla user password reset vulnerability being actively exploited
Google Chrome
Google Chrome has generated a lot of press in the day since it was released on Tuesday. It gained over a 1% market share in under 24 hours. Some of the interesting tidbits from a risk/security standpoint:
Controversial EULA:
Google Chrome debuted with an extremely controversial EULA that basically says everything you do with the Chrome browser belongs to Google. They have since adjusted the EULA to remove some of the strongly worded sentences, but this might just have given us a peak into Google’s world domination plot?
Vulnerabilities:
It seems that only mere hours after the Chrome browser was available for download, vulnerabilities started showing up. Some of them as simple as a browser crash, others as serious as carpet-bombing. This is actually not too surprising since Chrome is based off the same version of WebKit, 525.13, that the vulnerable Safari 3.1 emanates from.
Incognito Mode:
The Chrome browser has a stealth browsing mode called Incognito which will not leave any tracks of where you browse in your history or store any cookies. This appears to be very similar to the IE8’s InPrivate browsing mode.
Independent Tabs:
Every tab opened in Chrome runs as an independent instance of the browser. Apparently, if you experience trouble in one tab, the rest of your Chrome environment is safe from the misbehaving tab. I guess this only works if you don’t browse to the vulnerability mentioned above that crashes your whole browser. 
So what is your take on the new Chrome browser? Mubix suggests power users should stick with Firefox or will Chrome make the internet less frustrating” as Walt Mossberg declares?
