[PLUG-Devel] Valentines HackFest Room 107 at UAT.edu PLANNING UPDATES

Mon Feb 16 06:34:32 MST 2009

Sheesh!  

I am very glad that only a few people showed up for the Fest at UAT on Valentines Day ([I colored my hair like Leeloo in the 5th Element;vyou all missed that amazing sight!] The UAT networking in the nice new lab-type room is still problematic under UAT's recently updated network security).

We can now use all the power directly from the large tables, boot the nice newer Dells from CD/DVD/USB (hit F12 at boot), assign static IPs subnets [10.204.0.61 255.255.0.0 10.204.0.1 gw 10.204.0.100 int dns [and ext dns {number escapes me} (however, MSDNS/DHCP and Cisco MAC connection controls are in now place), so we are not getting DNS resolution outside (using the same settings as the Dell workstations) or successfully able to use the proxy server [configured to use the same settings as existing XP's] outside of Active Directory/domain policy.  While we might be able to clone the MAC address (definately a grey area for Acceptable Use with UAT agreements), yet without A/D auth, we are undoubtably going to have to engineer our own DNS/internet gateway solutions.  

We can use the UAT MS XP Dell desktop systems with their constrained domain policies and local policy menu limitations to browse and surf, while using our own Wireless or wired laptops to complete lab exercizes.  THIS IS A HUGE IMPROVEMENT over the shopping cart of old extension cords, switches, routers and cables I was dragging in to setup starting at 10AM every month.  The InstallFests upstairs always suffered from being able to have more than a handful of people connected to the network concurrently unless someone brought in equipment.  

Backtrack3 is not compatible with the Dell Keyboard/Mouse USB or PCI with freeze during boot, which as yet needs to be resolved, however my Knoppix and Ubuntu 8.10 tool USBs as well as the new Samari (ubuntu based) distro booted easily - ping each other, but cannot get out (Dell desktops do not have wireless at UAT.edu).

Of course, I can bring in my DELL PII and run both a ppp0 to Sprint EDVO, and a wired connection, with port forwarding running a DNS server and everyone can use it as a gateway; albeit SLOWLY - Laugh!  Any such local HackFest DNS server or laptop wireless/wired proxy will certainly work for external browsing. 

However,  we will coordinate with UAT's staff for solutions, as recommended.

We went over new subjects including KDE/Gnome .desktop "virus" attachment security issues, XSS proxy description and dissection, disk/drive melting for secure data protection, NTP via Netcat packet spoofing to misuse pool.ntp.org, SHA1 Verisign certificates, MD5 entropy and DNS inherent protocol insecure bad behavior as as well as learning a bit about botnet tracking and commercial pentesting tools currently in place in Financial top shelf shops.   PLUG members wow'ed us with a breif introduction of the "Story of B" by Daniel Quinn while also exchanging descriptions of geeky, eye glazing Valentines Day right brained gifts [comix DVD's].  As usual, discussion evolved into limitations of open source tools in a corporate environment, the irony of dumbing down wit via American educational caste system, the nature of profit and profitability within non-exempt federal employment standards balanced with employer/task directed respect, and joked about whether the "PLUG best and brightest" from the December Hamaci Hackfest might have actually taken more flags than announced - and were now hiding out in pwnership of us all?  We reminded everyone to think outside the box, refuse to tow the stereotyped adages that compare one distro to another favorably [Linux is "more secure" than Microsoft"], always REPORT and solicit assistance (say from pool.ntp.org where extensive rogue packets are plaging the nix network neighborhood).

Again, we have a call for presentations for HackFests from anyone.  Youtube exposure is of course, optional.  The "Unknown Security Professional" plain paper bag with eyeholes can be donned for corporate modesty!  

NOTE: K. Westphals excellent video from January Hackfest is only available via private access - so contact me for that good forensic training session vid.  

obnosis.com | wiki.obnosis.com| (503)754-4452
PLUG HACKFESTS 2nd Saturday Each Month at Noon - 3PM

Date: Sat, 14 Feb 2009 12:43:06 -0500
Subject: Re: HackFest Today Room 107 at UAT.edu
From: bmike1 at gmail.com
To: plug-discuss at lists.plug.phoenix.az.us

I sure wish I could be there!

On Sat, Feb 14, 2009 at 12:12 PM, Lisa Kachold <lisakachold at obnosis.com> wrote:

The shiny new UAT HackFest (InstallFest) lab room #107 includes bootable workstations, power and networking!
Show up today (bring your LiveCD's) and help me check it out!

Open Presentation format - Loosely called Patch Procrastinators Recovery Group!

Noon - 3PM!

obnosis.com | wiki.obnosis.com| (503)754-4452

PLUG HACKFESTS 2nd Saturday Each Month at Noon - 3PM

Windows Live™: Keep your life in sync.  See how it works.

---------------------------------------------------

PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us

To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

-- 
:-)~MIKE~(-:

_________________________________________________________________
Windows Live™: E-mail. Chat. Share. Get more ways to connect. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_allup_howitworks_022009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-devel/attachments/20090216/45fbc18f/attachment.htm 