[Gloucs] February's Presentation

Mark gloucs at mailman.lug.org.uk
Sun Feb 23 22:36:02 2003


Oh you HAD to ask didnt you!


> Sound good. By 'snippets will be browseable' what do you mean? are you 
> bringing
> it on a laptop, on paper (surely not!) or encrypted form (lol).

Laptop and subsequently encrypted form.


> 
> If this code happens to be on a wireless enabled laptop, then maybe, 
> sftp access to it?
> I say this 'cause I will be bringing a wireless-savy laptop, of course 
> ;)

haw haw haw (good sense of humour there)

> 
> Any finally - what code? We talking IDSs, firewall code or some new 
> stuff?

Well ive actually written some things specially. And still discussing
with others as to what code for other projects I will bring.

Such things as code that evades rootkit detection modules. (such as St
Jude/Michael)


> 
> >
> > Ofcourse this is ALL limited to time so I will make sure I have my 
> > floppy
> > drive with me for anyone who wants a copy of the presentation to take 
> > home
> 
> Don't have a floppy drive. Oh no, I lie - there is one in that 'puter I 
> don't tend to
> use very often. Shouldn't we all be using USB key drives (read: fast 
> transfer so
> everything can feasibly be encrypted)?

I'll charge by the hour.


> Perhaps some mention of a security/practicality ratio, some sort of 
> benchmark
> for how secure we should all be at the moment and how this might change
> in the future (no I don't mean quantum cryptography or anything, just 
I dont have a 1000th of the knowledge to even give a group the
fundamentals on quantum crypography, if you want that I can certainly
ask someone who can.


> the ever
> increasing increase in key strength/CPU speed sort of thing) ...maybe...

all down to practicality and following strong password mechanisms,
depending on approach and processing power is the main length of time
taken.

eg zip file encryption, you certainly could use known plaintext attacks
in order to deduce the key. and when there were 5 or more files you used
to be able to garuantee decryption of the archive.. I believe (ofcourse
as per usual could be completely wrong and dont mind if i am to be
honest) that winzip (the vulnerable engine) has now upgraded.


nothing is impossible, its a case of the feasibility. for example,
rather than decrypt PGP encrypted messages from a Mafia boss in New York
the FBI resorted to placing system logging ("magic lantern") onto the
subjects windows based PC in order to grab what he typed for his
keyphrase..

Fun that its windows that can be kernel patched so easily by people who
have access to the code isnt it.

Ofcourse there is a 'version' of "Magic Lantern" for *NIX, havent heard
of it being employeed yet as I dont believe that the version I know of
has had terms agreed with the UK/US Governments over usage and
Modifcation.. it loaded as GPL last I heard  :p

yours on a tangent,

Mark