Talk – Page 10 – Tog Hackerspace

11/06/201216/10/2012

Intro to SSL Certificates

The web is great. You can talk to people on the other side of the planet and not even notice a delay. But that one connection goes through numerous unknown machines from you to them and back again. Some formats like email can even leave copies of themselves laying all over the world. That super embarassing secret you’re telling your best friend, your credit card or banking details, some things you just don’t want other people to know. That’s where Secure Socket Layers (SSL) Certificates come in.

Stay with me, I’m going to avoid most of the tech talk, but I hope to explain how they work for websites. Basically it’s the difference between http:// and https:// at the start of a website address. http:// means everything is straight-forward, and in the clear. Including, usually, passwords. https:// on the other hand means you are connected through SSL, and the communication is encrypted. Meaning people trying to overhear your digital conversation can’t make out what’s going on. (But note, as someone on twitter said, https:// means “private”, not “to be trusted”, afterall you might be having a private conversation with Satan.)

Whenever you’re doing something important on the internet it is a good idea to check for https:// and other indicators like little padlock symbols your browser displays. And to take heed of certificate warnings from websites you have visited before.

But, how does this encrypted conversation happen? Even with a website you’ve never been to before? Well, there are things called Certification Authorities (CAs). These are trusted-third parties (usually companies) who vouch for the correctness of the SSL cert. They can do this because they have a proven track record, and the people who make your browser (Microsoft, Apple, Mozilla, etc) saw fit to include their root certs in your browser by default. Want to see all the CAs trusted by your browser? I’m using FireFox, but you can easily find the coressponding values in your browser, or through a quick internet search. Open up Tools->Options, go to the Advanced tab, and then the Encryption sub-tab.

If you click the “View Certificates” button you open up the Certificate Manager in another window.

You can see the long list of CAs under the Authorities tab. (There are other tabs with other kinds of certs as well, but we’ll leave them for a future post.) Bet you didn’t realise you were so trusting.

So what does all this have to do with TOG? You’re probably viewing this site through http://www.tog.ie, but we also have a https:// version of the site available as well. … If you just tried it you’ve probably gotten a warning from your browser, telling you that we can’t be trusted. Well, that’s up to you to decide, but let me explain about the cert.

Most of the CAs prepopulated in your browser are commerical entities. They charge money for their services. They also often require a lot of personal information to get a cert (so that they can determine trustworthiness). TOG has server admins that care about privacy and non-commerical alternatives. Our cert comes from CAcert.org, an organisation with similar values. But, CAcert is not included in any browsers CA lists, yet. So when you visit https://www.tog.ie you get the warning: “The certificate is not trusted because the issuer certificate is not trusted.”.

To avoid getting these warnings everytime you can permanently add the cert for tog.ie to your browser (via the warning screen itself). Or, to trust any site with a cert from CAcert, go to CAcert and import their root certificate. On that page you’ll find three types of certs. What you want is the Class 1 PKI Key root cert, probably in PEM format.

When you click on the cert you may be prompted as to what purposes you wish to accept this cert. For our purposes “Trust this CA to identify websites” is fine. Then that’s it. You trust one more CA, and can visit SSL secured sites that use its certs without warnings getting in your way.

Phew, that was a mouthful, time for a cup of tea.

14/05/201222/05/2012

Lockpicking Reborn :)

Back due to popular demand, Lockpicking Group shall reform to meet on a bi-weekly basis starting from Tuesday 22nd May 2012 from 7:30pm.

I will kick it all off with my presentation on lockpicking, going through the different types of tools and locks. Then after we will take out the box of locks and get our hands dirty, and (hopefully) pick some locks.

Beginners welcome, locks and tools are supplied.

>EDIT<

This event is open to the public and FREE. No booking required.

>/EDIT<

21/04/201223/05/2012

Security Series: Wireless Security Workshop (again)

IT Security
Next Saturday I am going to re-run my Wireless Security Workshop. Last time I had 16 attendees all busy hacking away at the different wireless access points I set up.

This is a hands on workshop. It is aimed at beginners and you will be following along with what I do on my screen on the projector.

I will cover:
* What wireless is
* Different security settings
* The insecurities of each
* Live demo’s of Open Wireless, WEP, WPA.
* Discussion of WPS

The duration of the class will be 4 hours with a small break in the middle. For the class you will be required to bring your own laptop with either airtools installed, a virtual machine with Backtrack running, or booting into Backtrack via USB/DVD.

This will be the final security course that I run free of charge. In future I will charge a fee that will go towards the running of TOG.

Date: 28th April 2012
Time: 1pm – 5pm
Seats are limited to 16

SOLD OUT – Please add yourself to the waiting list and I will let you know this evening if a place becomes free

Continue reading “Security Series: Wireless Security Workshop (again)”

23/03/201223/03/2012

Intro to Mailing Lists

I’m sure you’ve come across mailing lists before; a service to which you subscribe, and when someone posts to the list you get the email. TOG has a public mailing list, that strictly speaking operates as a discussion list. Anyone subscribed can post to the list, on-topic discussion is encouraged, and you will get more than just anouncements.

To join our mailing list simply go to http://lists.tog.ie/mailman/listinfo/tog, enter your email address, and press the “Subscribe” button. A confirmation email will be sent to the address you entered, to which you can either reply, or click the link included. You will then receive a Welcome email, with info like links for subscription info, passwords, etc. It’s a good idea to keep this email around.

Perhaps the only real choice you need to make is whether or not you would like to receive list mail in daily digest format.
Pro; seperate emails will be bundled together and sent as one mail, therefore you will have less emails in your inbox.
Con; seperate emails will be bundled together and sent as one mail, meaning you might not see the discussion until after it’s over, and you will have difficulty replying to individual emails (quite a bit copy-pasting is involved).

If you plan to lurk and only ever read, and don’t mind being a bit behind the times, then digest-mode might be for you. For everyone else we recommend selecting “No” when asked if you’d like to receive the daily digest. It will make your life a lot easier, promise.

There are other tricks and techniques to making surviving a mailing-list easier, but many come down to your actual mail-client itself. For instance, if offered, use labels, filters, folders, anything to sort the mail automatically without you having to do anything. That way you can leave the mail sitting in your inbox (or other folder) until you’re ready to deal with it.

And remember, the tog public mailing list is archived. To browse the archives go to http://lists.tog.ie/pipermail/tog/, and browse month-by-month, sorted by Thread, Subject, Author, or Date. If browsing isn’t for you and you’d like to search the archives, it’s time to employ some google-fu;

Go to www.google.ie and enter;
site:lists.tog.ie inurl:/pipermail/tog/ WHATYOUWANTTOSEARCHFORHERE
e.g. to search for “open social”, then do a google search for
site:lists.tog.ie inurl:/pipermail/tog/ open social

There you go, that should be enough to get you started! Just one other thing; don’t forget your manners, and try to follow good netiquette.

Welcome to the mailing list.

(And remember, you can always unsubscribe! Bottom of page here. A few simple clicks can take the pain away 🙂

16/03/201216/10/2012

Intro to IRC

One of the primary ways tog members (and non-members) interact when not in the space is over irc. IRC stands for Internet Relay Chat, and is an old text-based way to chat online.

TOG has a channel (#tog) on freenode.net, which is free to use. To connect you can download a client (like Pidgin), or just use the webchat interface from your browser. But we like to make things easy for people, so on our Contact page you’ll find the webchat interface, but pre-filled in to connect to the #tog channel. All you have to do is fill in the reCaptcha and hit connect.

You’ll see that we have generated a nickname for you, but you are welcome to change it to any nickname (that isn’t currently in use or registered to someone else). If you do try to use a nickname that’s in use you’ll get this message;
== Nickname is already in use: popularNickName
And it will be changed, perhaps by appending an underscore to the end, e.g. popularNickName_

If the name is already registered (aka claimed) by someone else, you will get a message like this;
== This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify password.
(If it is your nickname, then you can ‘sign in’ by typing /msg nickserv identify yourpassword)

Once in the room, you can still change your nickname with /nick newNickName

You will notice two tabs at the top of the webchat window, one called ‘Status’ and one called ‘tog’. Any additional rooms you enter, or private chats you start, will open in new tabs. Under ‘tog’ you will see the message;
== TOGvisitor1 [1a2b3c4e@gateway/web/freenode/ip.x.x.x.x] has joined #tog

From here it’s very simple. You type into the text-entry-box at the bottom of the tog tab, and press enter to send it to the room. If you type someones name, your message will be highlighted (usually in red) for them. Some clients also send notifications, but not all. You will see this in action when someone writes your nickname.

If you click on someones nickname from the list on the right, you will get two options; whois and query. whois brings up info like ip-address, servers, name, etc, most of which is rarely accurate. query will start a private chat with that person.

If you can’t quite find the words, but could like to describe an action there is /me, for example, /me waves hello becomes;
* TOGvisitor1 waves hello

Then, when you tire of all this chatting, you can leave the room with /part, and disconnect from IRC with /quit. Then just close the browser.

There are many irc guides and commands around that a search engine can help you find, or you can use this helpful guide.

14/02/201214/02/2012

Engineers Week Talks

TOG will be hosting a night of short talks as part of engineers week on Thursday 1st of March . Each talk will be twenty minutes long on a range of interesting topics. The space will open from 18.30 with the talks starting at 19.15. The event is free and open to all.

Talk 1

Title: PRESENTING WITH EFFECT

Blurb: Not effects, e-f-f-e-c-t. If your presentation doesn’t have an effect, why do it? Rowan will delve into the elements that will raise your talk from the level of background noise, get audiences to pay attention, and ultimately, get them to take action as a result of your talk. Presenting can be powerful and effective if you give a little extra thought in advance. Rowan will show you where to focus your efforts to best effect.

Speaker

Rowan Manahan

BIO

Presentation skills demon, PowerPoint nerd, wordsmith, storyteller, speaker, trainer, and dancing bear.

Talk 2

Title: Data erasure for the security conscious and the overly paranoid pervert.

Blurb: Lets discuss some of the commonly used methods of data erasure and

why they might just be overkill due to the limitations of modern forensic investigation tools.

Will include a couple of live demos of file deletion and recovery (or lack there of).

Speaker

Kevin McGlone

BIO

Kevin is a full time student studying computer forensics and security at Waterford institute of Technology. He founded the WIT Hackers Society in Jan2011 and was involved in the organisation of the CampusCon hacker conference. He loves hacking, forensics & networking.

Talk 3

Title: Continuing Professional Development (CPD) – “keeping it real”.

Blurb: We live in exponentially changing times. This talk sets out to showcase why CPD is so important.
Dismissing the ‘turgid’ HR type definition of CPD for a more verbose real life CPD.

The talk will explains the different stages of CPD though a person career.

Speaker

Joe Fitzpatrick

BIO

Chartered Engineer Joe Fitzpatrick, BE CEng FIEI, is the Program Director
for Industry Solutions Development with IBM Software Group in Ireland.

Talk 4

Title: Broadcast Yourself, without the Internet – An Introduction to Amateur Television and how to start your own TV station

Blurb: We have all heard of CB radio where anyone can talk to anyone without the internet. A step up from that is Amateur Television where anyone can start broadcasting television and others pick up the picture.

Speaker

Daniel Cussen

BIO

Daniel Cussen an Electronic Engineer will explain what’s needed to get involved, and how Dublin-wide coverage of his TV system was recently achieved. A little bit of electronics wizardry, a video camera and a TV is all that is needed