# Neg9 Seattle - Sept 12, 2017 ## Meeting Vitals | | | |-|-| |**Location**|University of Washington [Map](https://www.google.com/maps/search/UW+Computer+Science+%26+Engineering+-+Room+203,+185+West+Stevens+Way+Northeast,+Seattle,+Washington+98195,+United+States+of+America/@47.653273,-122.30605,19z) CSE 203| |**Date**|Tuesday, Sept 12, 2017| |**Time**|18:00hrs (6:00PM Pacific)| The doors will be locked after 5pm, but if you go to the side nearest the street, people will be waiting until 6pm to let you in. If there aren't people, there will be a sheet of paper that has a phone number you can call to get let in. ## Meeting Agenda CTF talk by a member [Lean Coffee](http://leancoffee.org/) agendaless meeting format To be determined on day of meeting at the meeting. ### Presentations * CTF Talk ### Hacking * Learn how to hack or show your prowess! ### Projects * [JavRE](https://www.altsci.com/concepts/javre/) * Reverse engineering tool for ELF executables * [JRSFuzz](https://www.altsci.com/jrsfuzz/) * Dumb fuzzer for a dumb world * [Mechanical Phish](https://github.com/mechaphish) * [ChipWhisperer](https://github.com/newaetech/chipwhisperer) * [Seattle Infosec Calendar](http://seattle-infosec-calendar.com/) * [tcpdump](http://seclists.org/oss-sec/2017/q3/416) * Feel free to add your project here. ### Misc. Info [Aug 8, 2017 Meeting information](/Seattle-2017-08-08) ## Meeting Minutes * Infocondb is in development, tom will announce beta * If you don't know what [infocon video database](https://infocon.org/) is, check it out. * Javantea is working on [Sybil Attack](https://www.freehaven.net/anonbib/cache/sybil.pdf) this week * supersat is working on a NSA-alike project, sucking down wireless spectrum putting it on a website * Sparse in fft so you can compress * binary tree in fft * peter is working on dna data * http://overthewire.org/wargames/vortex/vortex0.html * http://overthewire.org/wargames/vortex/vortex1.html Lean Coffee https://ropemporium.com/ * Java - Sybil Attack * hackworth - [ESP-12S/Feather huzzah](https://learn.adafruit.com/adafruit-feather-huzzah-esp8266/overview) * morje - Equifax Technical details * Egress Filtering Struts had two vulns: * March * September ### Sybil Attack * papers on sybil social network connections * graph theory to figure out sybils are connected to one another but not without * google linkfarm pointed to each other * gaming pagerank * sybil attacks are bad for reputation graphs [Where does Alexa get its data?](https://support.alexa.com/hc/en-us/articles/200449744-How-are-Alexa-s-traffic-rankings-determined-) * looking glass data from core * buy it from google analytics? no, google won't sell. * internet voting top 100 person of the year hack * no bounds checking on the vote On Equifax: standing may 2016 Spokeo v. Robbins http://www.haynesboone.com/alerts/supreme-court-issues-important-ruling-on-standing-in-class-action-and-data-breach-cases ### ESP-12S wifi access point * $15 * $3 per piece in quantities of 100 * default firmware has lua interpreter, there is a micropython interpreter. * IoT will be based on this or things like it * LiPo charging controller built-in. * Battery will last a long time as a sniffer, not as a transmitter. ### Equifax * Insurance policy * You can't afford it. Prove it with an audit by a different company each time. * One group tries to validate, the other tries to invalidate the claim. * Schneier's writing on externalities says we're on the right road but we're too immature. * Economics of security, security is an externality. they can fix it but they don't bear the reprecussions of failure. * Insurance would result if companies would be held responsible. "If we had standards we wouldn't have the Internet" Cloud standards will decide what are the standards. The guys doing Office365 are taking a huge task on -- tons of people using e-mail in a browser. Were they negligent? Expert witnesses could say given the equipment they had, how difficult was it to break in? If you want to become an expert witness: * They will check all your licenses, etc to invalidate your testimony. * Krebs just did a hatchet job on MalwareTech based on stuff he did before. Weev DoS'ed supersat's home internet connection. Long story. Regex in fpgas. No one has made progress. Regex is not regular if you use backref or skip forwards. ---- CategoryLocalMeetings