Fwd: [PhreakNIC] CTF

From: Jon Nyx 
------------------------------------------------------
FYI

PS - "Keith" is this guy:

Keith Watson
Information Security Manager, College of Computing
Georgia Tech, Atlanta GA
http://www.cc.gatech.edu/~krwatson

Part of his day job is taking large botnets away from organized crime
outfits, studying them, and then disassembling them. We're very lucky
to have him helping with our con.

Dru Myers
Nashville2600 President, PhreakNIC founder and con chair, 1997-2001 & 2014


---------- Forwarded message ----------
From: Keith
Date: Tue, Aug 26, 2014 at 8:48 AM
Subject: [PhreakNIC] CTF
To: phreaknic@googlegroups.com


I've talked to GTRI (the people who put on the Hungry Hungry Hackers
CTF) and it looks like a go. I will have more info in the next week or
so.

H3 was this last weekend, it went great (8/22 & 8/23)
http://www.hungryhungryhackers.org/

We noticed at past events that people would leave the CTF after only a
few hours. We asked around and found that people want to compete but
are overwhelmed and don't know where to start.

This year we had two tracks, competition and educational. The
educational track had multiple speakers that did walk-throughs of
tools and how to solve some basic challenges. It went very well and
after the end of the educational track a bunch of them joined the
competition.

The CTF is Jeopardy style with about 60 challenges. In addition we had
ten stations setup with a FPGA hardware flags and a car hacking
station setup with CAN buss flags.

Craig Smith of TheiaLabs set up the car hacking station and was on
hand for the entire event. It was a combination CAN buss/WiFi hack.
Craid was alos handing out copies of the Car hacker's Handbook. You
can download the PDF here:

http://opengarages.org/handbook/

A lock picking challenge was also part of the CTF.

Once we do our post CTF debrief we'll start solidifying the PhreakNIC CTF.

Let me know of anything you would like to see in the CTF.

keith

--
You received this message because you are subscribed to the Google
Groups "PhreakNIC" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to phreaknic+unsubscribe@googlegroups.com.
To post to this group, send email to phreaknic@googlegroups.com.
Visit this group at http://groups.google.com/group/phreaknic.
To view this discussion on the web visit
https://groups.google.com/d/msgid/phreaknic/7ba33013-fc4b-460c-9742-6fb1a7703dd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Anyone Going to PhreakNIC in Nashville?

From: Jon Nyx 
------------------------------------------------------
On Tue, Aug 26, 2014 at 1:53 PM, Wil Wade  wrote:

> Just found out about https://phreaknic.info in Nashville (via KLUG) October
> 30 - November 2, 2014.
>
> Anyone going?

(raises hand)

I am.

Guess I should introduce myself:

Howdy,

I'm Dru Myers (aka jonnyX). I started PhreakNIC in 1997 with several
like-minded friends, ran it until 2001 when I moved to Atlanta, and
now that I'm back in Nashville I'm running it again. I believe we're
the oldest & longest-running non-profit hacker (in the original
non-criminal/white-hat sense of the word) convention in the US, if not
the world. Technically, we're an infosec, maker, linux/foss conference
these days, with a bit of aerospace, engineering, general science &
experimental music (we're in Nashville, after all, music has to be
involved somehow) thrown in for good measure.

PhreakNIC had been struggling the last several years, which is why I
stepped back into the organizer's position, with the goal of growing
it and the parent non-profit so they'll both be relevant and useful
once more, not just the local tech scene but the community at large.
Basically, we're rebooting this year.

Currently, we're working very closely with the Nashville Linux User's
Group, the Atlanta Linux Enthusiasts, DefCon 404 (an Atlanta infosec
group), Freeside Atlanta (a huge hackerspace), Maker's Local 256
(another large & well-organized hackerspace in Huntsville) - you get
the idea. Many of the leaders and admins of the above groups are also
involved in PhreakNIC's reboot. We'd love to have more people onboard,
especially if they have something to contribute to the success of the
convention.

~edit~
We're also working with TVIW - http://tviw.us - which is the week
after PhreakNIC (and in Oak Ridge), and the TVIW folks will have a
presence at PhreakNIC, doing some talks and promoting *their* con..

Info I sent to the Atlanta Linux Enthusiasts list last week can be
found here (I don't want to retype it all):
https://www.dropbox.com/s/8in97pykibmcddv/ALE

Open Chattanooga Civic Hack Night This Wednesday @ 5:30 on the 4th Floor of Chattanooga Public Library!

From: Sean Brewer 
------------------------------------------------------
It's that time again!

We will be having a civic hack night on the 4th Floor Wednesday on the 4th
Floor at 5:30!

You don't have to know how to code! Just bring your awesome self! There is
something you can work on!

You can RSVP here, but you can just show up!:
http://www.meetup.com/cfabrigade/Chattanooga-TN/1199142/

OT:BEST Android phone yet... LG G2 VS980 Verizon

From: Phil Sieg 
------------------------------------------------------
Got a new piece of kit. Here is how it happened:

My business partner got the new LG G3 5.5" but 20% smaller than the Galaxy Note 2/3 even though the screen is the same size. I have been VERY impressed with my Nexus 5 and his G3 is amazing, in fact almost perfect. The ONE THING it is lacking is the wireless Qi charging.

Well I am hooked on Qi the way a crack ho loves rock... yes it is that bad. If you don't have wireless charging, you thing I am an idiot. If you do, you get it. There simply is no going back, not even for the iPhone 6.

The problem is that I am still dissatisfied with the battery life on my Nexus 5. I have rooted, rom-ed, kerneled, and tweaked this thing to death, and have gotten every last drop of energy out of it, and it just isn't enough, especially for international travel.

So I start reading up on hacking Qi into the G3, and find out that the G2 from Verizon has it built in. 

For those of you that don't know, the LG G2 is the Nexus 5 on steroids. It is the exact same size with a .2 inch larger screen (5.2 vs 5.0) due to smaller bezels. It has a bigger battery, better camera, better screen, and the Verizon model's SIM slot is UNLOCKED. You can use the ATT Straighttalk SIM and it will do HSPA+ (4G) without hacking and LTE if you flash an AOSP rom.

OH and it doesn't have any stupid buttons on the side where they get pressed accidentally ALL THE TIME. The buttons for power/vol are in the center of the back just below the Camera...which actually rocks.

The best part: $225 on ebay for like new in the box 32GB!!!

So far I am digging it.

Will rant in a few days if battery life is disappointing.

No rant means I am pleased.

Phil Sieg
President
SeniorTech LLC / snapfōn®
www.snapfon.com
phil.sieg@seniortechllc.com

Phone: 423.535.9968
Fax: 423.265.9820
Mobile: 423.331.0725

"The computer is the most remarkable tool that we've ever come up with. It's the equivalent of a bicycle for our minds."

Steve Jobs, 1955-2011





Open Chattanooga Meeting This Wednesday

From: Sean Brewer 
------------------------------------------------------
We're re-starting our lunch meeting/hack nights for Open Chattanooga.

This Wednesday, we will be meeting at the Grocery Bar for lunch, which we
will provide!

If you want to find out what we're about, have a civic problem that needs
to be solved, or want to find a project to participate in, then you should
definitely come!

We will also have a special guest: Preston Rhea, the Brigade Program
Coordinator with Code for America.

You can RSVP here: http://www.meetup.com/cfabrigade/Chattanooga-TN/1194152/

Open Chattanooga Civic Hack Night - Trails!

From: Sean Brewer 
------------------------------------------------------
All,

Tomorrow we will have an Open Chattanooga hack night, for trails!:
http://www.meetup.com/cfabrigade/Chattanooga-TN/1188522/

It will be on the 4th Floor tomorrow night starting at 5:30 until whenever
the library decides to kick us out.

Since we finished mapping the trails on Enterprise South Nature Park in
OSM, we will begin creating an interactive webmap from that:
https://github.com/openchattanooga/enterprise-south-nature-park-webmap/wiki/Develop-Webmap

We also want non-devs involved as well! With the ESNP interactive map we
could use feedback, testing, feature request, UX help. You don't need to be
a dev to do that.

Also, there's not a central location where ALL of the local trails are
documented. Chattanooga has a localwiki that folks can edit:
http://localwiki.net/cha/ where those trails could be listed

If you have any other trail related hacks/ideas, bring those and show up!
We'll try to break into teams by project interest.

Fwd: Linux Journal: Awesome Tech Magazine or Extremist Forum?

From: Jonathan Calloway 
------------------------------------------------------


Begin forwarded message:

> From: Linux Journal 
> Subject: Linux Journal: Awesome Tech Magazine or Extremist Forum?
> Date: July 8, 2014 at 8:00:46 AM EDT
> To: jonathancalloway@epbfi.com
> Reply-To: Linux Journal =

>=20
> Linux Journal: Awesome Tech Magazine or Extremist Forum?
> =20
>=20
> NSA: Linux Journal is an "extremist forum" and its readers get flagged =
for extra surveillance
> by Kyle Rankin
> A new story published on the German site Tagesschau and followed up by =
BoingBoing and DasErste.de has uncovered some shocking details about who =
the NSA targets for surveillance including visitors to Linux Journal =
itself.
>=20
> While it has been revealed before that the NSA captures just about all =
Internet traffic for a short time, the Tagesschau story provides new =
details about how the NSA's XKEYSCORE program decides which traffic to =
keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, =
and the article reveals that Web searches for Tor and Tails--software =
I've covered here in Linux Journal that helps to protect a user's =
anonymity and privacy on the Internet--are among the selectors that will =
flag you as "extremist" and targeted for further surveillance. If you =
just consider how many Linux Journal readers have read our Tor and Tails =
coverage in the magazine, that alone would flag quite a few innocent =
people as extremist.
>=20
> While that is troubling in itself, even more troubling to readers on =
this site is that linuxjournal.com has been flagged as a selector! =
DasErste.de has published the relevant XKEYSCORE source code, and if you =
look closely at the rule definitions, you will see =
linuxjournal.com/content/linux* listed alongside Tails and Tor. =
According to an article on DasErste.de, the NSA considers Linux Journal =
an "extremist forum". This means that merely looking for any Linux =
content on Linux Journal, not just content about anonymizing software or =
encryption, is considered suspicious and means your Internet traffic may =
be stored indefinitely.
>=20
> One of the biggest questions these new revelations raise is why. Up =
until this point, I would imagine most Linux Journal readers had =
considered the NSA revelations as troubling but figured the NSA would =
never be interested in them personally. Now we know that just visiting =
this site makes you a target. While we may never know for sure what it =
is about Linux Journal in particular, the Boing Boing article speculates =
that it might be to separate out people on the Internet who know how to =
be private from those who don't so it can capture communications from =
everyone with privacy know-how. If that's true, it seems to go much =
further to target anyone with Linux know-how.
>=20
> It's bad news to all of us who use and read about Linux on a daily =
basis, but fortunately we aren't completely helpless. Earlier in the =
year I started a series on security, privacy and anonymity in my Hack =
and / column that included articles on how to use the Tor browser bundle =
and Tails. With either piece of software in place, you can browse Linux =
Journal (and the rest of the Internet) in private.
>=20
> Read this and other privacy-related stories at LinuxJournal.com.
>=20
> A Bundle of Tor
> Tails above the Rest: the Installation
> Tails above the Rest, Part II
> Are you an extremist?
> Dolphins in the NSA Dragnet
> Are you an extremist?
> Get the T-Shirt!
> Get the T-Shirt by itself or take advantage of our special (and =
temporary) offer and get a 1-year subscription with your shirt for just =
$10 more!
>=20
>=20
>=20
>  Follow us on Twitter | Like us on Facebook
> Copyright =A9 2013 Linux Journal, All rights reserved.
> Our mailing address is:
> Linux Journal
> 2121 Sage Road, Ste 395
> Houston, TX 77056
>  If you do not wish to receive further e-mails regarding Linux Journal =
products, please visit: =
http://linuxjournalservices.com/portal/unsubscribe/?V77Dxgls%2FB0Xo8NsY%2B=
qzRuMrEAEQbeqSA.=20
> =20
>=20

Learn about OpenStreetMap, the Wikipedia of maps, at this Tuesday's Maptime on the 4th Floor!

From: Sean Brewer 
------------------------------------------------------
Tim Moreland, from the Chattanooga-Hamilton County Regional Planning
Agency, will be giving a presentation on OpenStreetMap at this Tuesday's
Maptime meetup at 5:30pm on the 4th Floor of the Chattanooga Public Library
downtown.

More info here: https://github.com/maptime/chattanooga/issues/4

The local chapter of Maptime here in Chattanooga has a meeting with talks
every second Tuesday on the 4th Floor at 5:30pm and hack nights every
fourth Tuesday at the same time at the same place.

SDR:Interviews with Bruce Perens and Michael Ossman

From: Rod-Lists 
------------------------------------------------------
Bruce Perens I shouldn't have to introduce. Michael Ossmann is the developer of the HackRF platform.
KN4AQ talks with both at the TAPIR booth @ Dayton Hamvention. 
Yes the topic is SDR.
http://arvideonews.com/hrn/HRN

Nexus 5 update

From: Phil Sieg 
------------------------------------------------------
I so love almost everything about the Nexus 5. FAR better device than my Galaxy S4 (rest in peace).

Wireless charging that really works is the BOMB!

However...

1. Battery life is only reasonable after a half dozen hacks and tweaks...
2. Lack of SD card slot is annoying.

I have remedied the battery life issue with 3 wireless chargers (home, office, car).

Maybe, just maybe I won't be the first iPhone 6 user in the area...

Phil Sieg
President
SeniorTech LLC / snapfōn®
www.snapfon.com
phil.sieg@seniortechllc.com

Phone: 423.535.9968
Fax: 423.265.9820
Mobile: 423.331.0725

"The computer is the most remarkable tool that we've ever come up with. It's the equivalent of a bicycle for our minds."

Steve Jobs, 1955-2011





Keren Elazari: Hackers: the Internet's immune system

From: David White 
------------------------------------------------------
I just watched this.

Not all hackers and security researchers break the law, but I found this
video fascinating, and it raises a lot of good points.

https://www.youtube.com/watch?v=erCAp

I'm baaaaaaack!

From: Ed King 
------------------------------------------------------
Got bumped off the list back in mid May due to "too many bounces".    Been checking chugalug.org webpage occasionally for any job announcements or hardware sells/freebies ;-)

I stayed unsubbed for awhile (and missed Hack-a-nooga too) because I needed to focus on our latest and biggest client rollout, which went "live" on 6/2/2014.    To "save money" we switched hardware platforms a few weeks before rollout (went from $800 kids-toy netbooks to $300 Dell Venue tablets), but the software platform stayed the same (albeit with some custom mods for the new client):    lamp stack (linux/apache/php/mysql) on qemu.    Why are we running in a vm/emulator?  Well its a long story but a previous 3rd party vendor wrote our field software.  This 3rd party vendor required Windows netbooks.  Their software was slow and flakey (as you'd expect from dot-net) so we ditched them and rewrote the field software in-house (like we wanted to do in the first place, and we did it in less than half the time, and still had more features and flexibility!).    But... we couldn't just throw out twenty $800 netbooks, so we leveraged that hardware "investment"
 by using qemu to run our lampp stack, thinking that it would also be portable if we ever moved to android (does anyone know of a qemu package for android that doesn't SUCK?)

Back-end:   For "security" this client did not want their data on the same server as our other clients, so I set up a new Debian server just for them.  HTTPS and automated sftp file transfers. 

Well now that this new client is up 'n running, I figured it was time for me to re-sub, so...  I'm back.  This new client is our biggest client to-date, and has doubled the amount of inspectors in the field (and doubled the data collection too...  thank goodness we solved that mysql lock problem we used to have).   Things are running smoothly!   I dare say that the support calls have somehow decreased (oh great, now I've jinxed us).    

Props to our little I.T. team:    Danny "dj" Smith Jada "coldfish" Case, and Master Ed :)









TrueCrypt no longer supported (or secure?)

From: David White 
------------------------------------------------------
This is brand-spanking-new news.

Here's the only article I can find on the subject as of yet:
http://www.idigitaltimes.com/articles/23222/20140528/what-happened-truecrypt-encryption-software-development-ends-hacked-defaced.htm


The project page just says that the project has been shutdown and offers no
good explanation. http://truecrypt.sourceforge.net/



-- 
David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Nonprofit Organizations Worldwide
http://developcents.com
423-693-4234

yes, another hackathon

From: gary hasty 
------------------------------------------------------
If interested, next AT&T hackathon is on home automation & wearables...June
6 & 7

https://www.eventbrite.com/e/att-mobile-app-hackathon-atlanta-home-automation-tickets-11376843445

Haswell Chromebook hack...

From: Phil Sieg 
------------------------------------------------------
I bought an Acer c720 chromebook for my daughter to play with, and have 
liked it itso much my daughter has yet to touch it. She is not quite 4 
yet... so I don't really feel guilty.

I recently bought an SSD to upgrade the storage from 16gb to 128 gb, and 
at the same time installed Elementary OS (An Ubuntu remix) on it.

I LOVE IT!!! 8+ hours of battery life with ubuntu, very fast and 
responsive, very slim and svelte form factor, and an all in price of 
$350 with upgraded SSD! About 6 hours of hacking and Linux 
setup/tweaking involved, which is about standard fo me to set up any OS 
to my liking.

If you are looking for a great cheap NEW laptop, this is the ticket.

Phil Sieg
President
SeniorTech LLC / snapfōn®
www.snapfon.com
phil.sieg@seniortechllc.com

Phone: 423.535.9968
Fax: 423.265.9820
Mobile: 423.331.0725

"The computer is the most remarkable tool that we've ever come up with. 
It's the equivalent of a bicycle for our minds."
Steve Jobs, 1955-2011


free devlab

From: gary hasty 
------------------------------------------------------
FYI, if anyone's thinking about coming down for the AT&T hackathon this
weekend we're also having a devlab session during the day at the foundry:

https://www.eventbrite.com/e/devlab-by-att-atlanta-speech-in-app-messaging-advertising-apis-and-appcelerator-workshop-registration-10516496123


*Free one-day workshop on the AT&T Speech, In-App Messaging, Advertising
APIs, and Appcelerator*

Are you a *mobile application developer* with an interest in adding *voice
commands*or text-to-voice translation to your app?  Or sending *text
messages* from inside your application?  Or earning *advertising revenues*?
Join the AT&T Developer Program for a one-day workshop on the *AT&T Speech,*
 *In-App Messaging* (including SMS and MMS)*,*and* Advertising APIs*.  This
will be a day of learning and hands-on coding ("lab time").  Bring your
laptops (PC or Mac) and leave with our APIs working from your own AT&T
Developer Program account. The event will close with a session by Pratik
Patel, CTO of Triplingo and evangelist for Appcelerator, on how to leverage
Appcelerator to complete your app.

The workshop will be taught by AT&T and Appcelerator subject matter
experts, and AT&T Developer Program staff.  This also is a great
opportunity to network with AT&T and your fellow mobile developers. We will
be using Postman and cURL for the lab exercises.

The event is free and lunch is provided.  If you are an app developer
working independently or with a company planning or already producing
mobile applications then this is the event for you. Space is limited so
register now.

Find out how carrier APIs from the AT&T Developer Program can benefit you
and your app strategy. *We look forward to meeting you!*

next AT&T hackathon

From: gary hasty 
------------------------------------------------------
For those geeks interested - April 11th at the AT&T Foundry here in Atlanta

https://www.eventbrite.com/e/att-mobile-app-hackathon-atlanta-women-in-tech-home-automation-tickets-10453704311?ref=enivte&invite=NTQ4NzM0OS9nYXJ5Lmhhc3R5QGF0dC5jb20vMA%3D%3D

So what is the state of making your own circuit boards?

From: Rod 
------------------------------------------------------
I'm looking into linux based Software Defined Radio and found this  
wonderful device.
Transmit and recieves from 30mhz to 6ghz.
https://github.com/mossmann/hackrf/tree/master/hardware/jawbreaker

https://www.kickstarter.com/projects/mossmann/hackrf-an-open-source-sdr-platform

-- 
Using Opera's mail client: http://www.opera.com/mail/

New Language Hack - Facebook's Embellished version of PHP

From: David White 
------------------------------------------------------
This is really interesting...

http://venturebeat.com/2014/03/20/facebook-unveils-hack-a-faster-programming-language-to-power-the-social-network/

-- 
David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Nonprofit Organizations Worldwide
http://developcents.com
423-693-4234