# Neg9 Seattle - Nov 13, 2017 ## Meeting Vitals | | | |-|-| |**Location**|University of Washington [Map](https://www.google.com/maps/search/UW+Computer+Science+%26+Engineering+-+Room+403,+185+West+Stevens+Way+Northeast,+Seattle,+Washington+98195,+United+States+of+America/@47.653273,-122.30605,19z) CSE 403| |**Date**|Monday, Nov 13, 2017| |**Time**|18:00hrs (6:00PM Pacific)| School is in session, so the doors should be unlocked! ## Meeting Agenda CTF talk by a member [Lean Coffee](http://leancoffee.org/) agendaless meeting format To be determined on day of meeting at the meeting. ### Presentations * CTF Talk ### Hacking * Learn how to hack or show your prowess! ### Projects * [JRSFuzz](https://www.altsci.com/jrsfuzz/) Dumb fuzzer for a dumb world * [Mechanical Phish](https://github.com/mechaphish) * [ChipWhisperer](https://github.com/newaetech/chipwhisperer) * [Seattle Infosec Calendar](http://seattle-infosec-calendar.com/) * [Radare](https://radare.org/r/) * Feel free to add your project here. ### Misc. Info * [Oct 9, 2017 Meeting information](/Seattle-2017-10-09) * [Sep 12, 2017 Meeting information](/Seattle-2017-09-12) * [Aug 8, 2017 Meeting information](/Seattle-2017-08-08) ## Meeting Minutes 4 people made the meeting. It's likely that weather, business, personal stuff, and lack of a reminder e-mail to the mailing list contributed to the very low attendance. We discussed many topics including: * TLS * How does TLS even work? * How does hashing work? * How does HMAC work? * How does HTTP work with TLS? * AES * AES 256 has a different [key schedule](https://en.wikipedia.org/wiki/Rijndael_key_schedule) than AES-128. * SMTP's weakness * Servers are not yet willing to refuse e-mail * A very good point: even with the same security choices as HTTPS, SMTP would still be untrustworthy if you or your recipient uses a public server (Gmail, Office, Tutanota, Lavabit, Mailinator, ProtonMail, Cock.li, etc) * This property of SMTP would be best illustrated with a CTF challenge. * It is the problem of being point-to-point encryption instead of end-to-end encryption. * How to get into security * Feel free to ask people for an informational interview. * Go to hacker events. * Read [Art of Software Security Assessment](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426) * Play CTFs and [read solutions afterward](https://ctftime.org/) * Hack. * Why do hackers like the EFF? * They are good lawyers. * They sue the government repeatedly over the warrantless wiretapping that continues to this day. * They defend hackers. * They improve the public perception of hackers. * There is a serious problem in every court room that there is a knowledge gap between computer programmers and the people who decide their fate (judge, jury, and lawyers). * Do we do hands on stuff? * Yes. We played Vortex 0 and Vortex 1 [two months ago](/Seattle-2017-09-12). * What events are like Neg9? * [Batman's Kitchen](https://uwctf.cs.washington.edu/) * [Hushcon](https://hushcon.com/) * [2600](https://2600.com/) * [SoDo MakerSpace](http://sodomakerspace.com/) * Harry's Bar on Thursdays * The people who worked at Equifax will probably have hard ever living that down * It's possible that they could have trouble finding work with that on their resume. * It's possible that people could give them a chance because it takes a really evil company to scapegoat a guy for a catastropic security failure. * In order to fail that badly you need to 1. Not know that the patch is critical 2. Have a security team that doesn't know that the patch is critical * That seems like a reasonable situation for those people, but reasonable is relative. ---- CategoryLocalMeetings