HackFest Series Goes to PRESENTATION ONLY: SNORT Logs and Forensics from the Past 2 HackFests = NO TRUST
Lisa Kachold
lisakachold at obnosis.com
Mon Aug 31 20:16:07 MST 2009
Well with such a publicized event, we are all sitting ducks.
Local network TRUST is important.
I can't ensure that each of you are not rolling around with guests or
that these packets didn't originate with blind students (using
accommodations) already in place on that network.
They could also be sitting in the parking lot of in the adjacent
neighborhood, or wardriving.
It's just not worth all that many people's work to open up TRUST and
invite these types of threats, when we would do better simply with an
overhead training session and no practical sessions.
On 8/31/09, Lyle Tuttle <L.tuttle at cox.net> wrote:
> At 01:28 PM 8/31/2009, AZ RUNE wrote:
>
>>This is a sad day indeed
>
> Dittos! What integrity we seem to have, huh?
>
> There just weren't that many folks there to do this kind of
> thing...and as a 'newbie', presentations are fine, but just not the
> same as the real thing....
>
> Seems to me like that's a fair amount of hacking for such a short
> amount of time and people..........and didn't we each sign some
> agreement at the last hackfest?
>
> Was my system hacked? Good thing it is new, and nothing there, as I
> had the Linux HD installed........
>
> lyle
>
>
>>>On Aug 31, 2009 11:10 AM, "Lisa Kachold"
>>><<mailto:lisakachold at obnosis.com>lisakachold at obnosis.com> wrote:
>>>
>>>I finally got moved in after all the new townhouse repairs and have
>>>sorted out and evaluated all the technical details from the past two
>>>hackfests at the Foundation for Blind Children.
>>>
>>>I have found:
>>>
>>>1) Multiple successful exploits against my own equipment (4 prior
>>>Hackfests starting from the first at UAT - 3 systems totally pwned).
>>>2) Escalated access retention in the way of processes set in place to
>>>retain access vi port 443 out to various local cox DHCP addresses on
>>>two of my linux machines from the last Hackfest and from low level
>>>exploits in a Vista system.
>>>3) Access to harddrive on systems booted into USB or DVD Backtrack3/4
>>>from various local and network users (2 builds accessed on my own
>>>equipment historically).
>>>
>>>There is no way to protect a local shared network outside of TRUST.
>>>Unless we can assign an IP address to each person who provides their
>>>address, name, phone number and signs a legally binding agreement, we
>>>cannot continue.
>>>
>>>If I cannot TRUST to keep my systems safe, we cannot continue to
>>>endanger the networks of the Foundation for Blind Children by allowing
>>>networking access with pentest tools.
>>>
>>>HackFests will continue in presentation only format. No networks, no
>>>access to school machines with LiveCD's or USB keys will be allowed.
>>>
>>>If users would like to bring their systems and follow along that is
>>>find, but no Wireless access will be available (a WEP2 key is
>>>available via decrypt in BT4 in 11 minutes).
>>>
>>>We will continue to provide media to people wanting to burn a DVD for
>>>any linux security tool.
>>>
>>>--
>>><http://linuxgazette.net/165/kachold.html>http://linuxgazette.net/165/kachold.html
>>>(623)239-3392
>>>(503)754-4452 www.obnosis.com
>>>---------------------------------------------------
>>>PLUG-discuss mailing list -
>>><mailto:PLUG-discuss at lists.plug.phoenix.az.us>PLUG-discuss at lists.plug.phoenix.az.us
>>>To subscribe, unsubscribe, or to change your mail settings:
>>><http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>---------------------------------------------------
>>PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>To subscribe, unsubscribe, or to change your mail settings:
>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
http://linuxgazette.net/165/kachold.html
(623)239-3392
(503)754-4452 www.obnosis.com
More information about the PLUG-discuss
mailing list