HackFest Series Goes to PRESENTATION ONLY: SNORT Logs and Forensics from the Past 2 HackFests = NO TRUST

[Lisa Kachold]

I finally got moved in after all the new townhouse repairs and have
sorted out and evaluated all the technical details from the past two
hackfests at the Foundation for Blind Children.

I have found:

1) Multiple successful exploits against my own equipment (4 prior
Hackfests starting from the first at UAT - 3 systems totally pwned).
2) Escalated access retention in the way of processes set in place to
retain access vi port 443 out to various local cox DHCP addresses on
two of my linux machines from the last Hackfest and from low level
exploits in a Vista system.
3) Access to harddrive on systems booted into USB or DVD Backtrack3/4
from various local and network users (2 builds accessed on my own
equipment historically).

There is no way to protect a local shared network outside of TRUST.
Unless we can assign an IP address to each person who provides their
address, name, phone number and signs a legally binding agreement, we
cannot continue.

If I cannot TRUST to keep my systems safe, we cannot continue to
endanger the networks of the Foundation for Blind Children by allowing
networking access with pentest tools.

HackFests will continue in presentation only format.  No networks, no
access to school machines with LiveCD's or USB keys will be allowed.

If users would like to bring their systems and follow along that is
find, but no Wireless access will be available (a WEP2 key is
available via decrypt in BT4 in 11 minutes).

We will continue to provide media to people wanting to burn a DVD for
any linux security tool.

-- 
http://linuxgazette.net/165/kachold.html
(623)239-3392
(503)754-4452 www.obnosis.com