Tuesday, December 29, 2009

Hackerspace News

Portland now has a hackerspace. www.pdxhackerspace.com
Looks like we will be moving in during the first week of January. It's a really awesome space about .8 miles north of the Rose Quarter in north Portland. There is a stop a bit closer on the yellow line, one stop out of fairless, but the .8 miles is maybe a 10 minute walk. If you want to get involved, a membership fee of 80 dollars per month will get you a key which grants 24/7 access to the space.

Friday, December 4, 2009

It's that time again!

Hot surprise buttsex at backspace tonight; officially starting at 18:00, but things don't get full swing till 19:30 or so.

Potential topics for tonight's meeting:
  • shodan-ruby & nmap-ruby - Postmodern comes back with more ruby awesomeness.
  • Cable Modem Unlocking - HipPee will be giving a live unlocking demonstration.
  • Fedora Core 1 is awesome - Dealing with legacy distributions.
If you're a first timer and having problems finding the group, call or txt 503 928 4290

Friday, November 6, 2009

Remember Remember the 6th of November

Alright then, first Friday of November.

Topics may or may not include tor hacking, mass scanning with contempt, spider pwning with ronin, mass spider pwn tor hacking with ninjas, and how to survive after drinking a gallon of green tea.

I've got some fun new things I've been looking into, and some old projects I've been poking at now that conference season is dying down. Bring your code, bring your gear, bring your friends. Most people will be showing up around 6-7pm, and a few around 7-9.

Looks like there is a small show tonight, so they won't be kicking us out or anything. You should just be able to tell the door troll that you are here for 2600, and they will let you in without charge, but if they start being dorks about it, we will probably move to Fords.

Friday, October 2, 2009

October

Alright, it's October, and the theme for this month's meeting is cowboy hats! Anyone who wears a cowboy hat gets a free insulting laugh from me, and likely multiple others on the way to backspace!

Also lockpicks. Bring lockpicks.

Fun links / REQUIRED READING

http://www.offensive-security.com/metasploit-unleashed/
http://www.social-engineer.org/

Friday, September 4, 2009

It's that time again!

Today is the first Friday in September, and we all know what that means (2600, duh.)

We will be meeting downtown at our usual location, Backspace. The meeting should get started sometime between 6 & 7 PM. Todays forecast is looking pretty good for September in Portland, with a high of 72 degrees; a little warm for hackers who prefer the cool glow of their LCD's, but I'm sure we'll be able to manage.

Postmodern will be giving a lightning talk on using Sinatra to quickly write phishing websites, and possibly give us a demonstration using Ronin::Web::Server to transparently proxy content for those interested.

In case you missed it, here is the recommended viewing for Septembers meeting:
  • The Origami PDF Framework (via Postmodern)
  • Attacking Interoperability [PDF] (via me)
  • Moxie Marlinspike's SSLSniff & SSLStrip (via Dean)
I look forward to seeing you all tonight!

Peace, love, & (http) cookies, sbit.


About the author:
Daniel is a Portland based independent security researcher. You can find him on Twitter.

Wednesday, August 12, 2009

Cool Kids, Loud Music, & Anti-Sec. Now with bonus meme!

WEWT CHRISTIANS!!!The August 700 Club 2600 meeting had a very decent turnout; it had a higher attendance than all my birthdays combined. The meeting immediately after vegas/strippers/partying blackhat/security-b-sides/defcon is always lots of fun. Leftover drugs are consumed, event CD's are copied by those who weren't able to make it, epic stories of hacker bravado & drunken escapades are shared.

We saw a bunch of new faces mixed in with the regulars at the August meeting, we hope to see them at Septembers meeting. It's amazing to see so many young people showing up to the meetings with the right attitude towards learning. I don't think I've seen such a positive influx of people in my 5 years of attendance. The future of the Portland hacking scene looks very promising!

This year Dean & Goldy gave the "Introduction to WiMAX Hacking" talk at Defcon, which had a very positive crowd response. We had a Clear WiMAX home router at the meeting and were showing off some of it's capabilities; I'll be bringing mine to the September meeting & I'll hook it up to an AP for people to connect to & play with. If you're interested in tinkering with WiMAX (and you should be), be sure to join the wimax-hacking group.

We've had 2600 at Backspace for several years now, & we love them to death. A year or so ago they built a stage & started having music shows. Rad. Unfortunately for us, this means that Friday night can get very busy (and very loud.) It's hard enough to talk over other excited hackers, but it's damn near impossible to talk when sub-par rock opera is being played way too loud (I have a hype machine account, & that makes me a music critic.) To fix this problem, we are now using Fords as a backup location. They are located right next door to backspace, are open till 3am, have delicious food, & more importantly, power & wifi. Also, I know that the blog/magazine/etc say that the meeting starts at 6pm, but sometimes things don't really kick off until closer to 7pm. So if you're new & nothing seems to be happening, wait around a bit.

Sophsec: Sketchy Shit, Competitive Prices.For the September meeting, Postmodern Modulus III of Sophsec Intrusion Labs & creator of the Ronin platform will be giving a lightning talk on "Using Sinatra to quickly write phishing sites or client side control servers." I'm not sure exactly what this entails, but postmodern is a fucking amazing Ruby hacker so if you don't pay attention (or come stoned), you'll really be missing out on some great stuff.

If anyone is interested in presenting a lightning talk at next months meeting, or at any meeting for that matter; shoot an email to sanitybit@fuckspam.com (s/fuckspam/gmail) and I'll announce it on the blog.

Here is the recommended viewing for Septembers meeting:
  • The Origami PDF Framework (via Postmodern)
  • Attacking Interoperability [PDF] (via me)
  • Living for Jesus (via Cable Damage)
  • Moxie Marlinspike's SSLSniff & SSLStrip (via Dean)
  • Coming out to your parents (via sysfail)
If you would like to suggest something for the recommended viewing, leave a comment.





In recent months, the hacker pseudo-religion known as Anti-Sec has had quite a resurgence. There have been several high profile hacks including Astalavista and Imageshack. Using our advanced knowledge engine we have discovered the identity of the hacker who has perpetrated these attacks. We also believe the same hacker is responsible for the recent attacks on Matasano, Kevin Mitnick, Dan Kaminsky, 0x000000, hak5, & other security industry bitches. His name: dr. raid. By day he whores himself out to the industry (Old English ain't free, haters), and by night he takes his revenge. Using a GUI program we stole from CSI's servers, we've managed to reconstruct a picture of him. If you see this man, stay away, he's got mad skillz.


Spread the word: Dr Raid is Anti-Sec.




I love memes, even though I pronounce the word "meme" wrong 142% of the time. Recently while talking to Cable Damage on IRC, he told me about how awesome his last abortion was, and I thought "I should make a motivational poster about this." I spent the next 36 hours in mspaint while getting blown by a crack smoking midget to create an amazing labor of love. I hope you find it worthy of your ever so valuable lulz.

I just bought myself a VIP ticket to Hell.


Well children, my beastiality & ladyboy torrents have just finished downloading, so I'll try to wrap this up. Greetz to all the Sophsec & Janus peepz, I had a great time terrorizing Las Vegas with you guys. Special thanks to xyc0n for the super cool cyberpunk button. This is my first time posting on the 2600 blog, and I plan on contributing a lot more in the future, so be sure to subscribe to the rss. This blog post was brought to you under the influence of the letter E and the number 42. Music was provided by Gang Gang Dance & Jay-Z. Network bandwidth graciously donated by Clear & Xerobank.

Till next time, sbit.

P.S. Pirates > Ninjas



About the author:
Daniel is a Portland based independent security researcher. You can find him on Twitter.

Thursday, August 6, 2009

August 2600

In this episode:

1. Making fun of Dan Kaminsky
A really fun/brilliant guy, but looks like it's trendy to call him a dork, so what can you do? Required reading: zf05 http://www.rec-sec.com/files/zf05.txt

2. Blackhat/Defcon redux
PDX showed out in mad force this year, record breaking to my knowledge. To those that couldn't make it, we have stories. Lots of stories.

3. Hacking the WiMAX
My talk this year with Goldy generated quite a bit of buzz, and you can definitely expect some talking about that stuff. Every member of Janus that does not show up should expect harassing phone calls.

4. Project updates
Some funky fresh new updates to contempt, ronin, some libpoison updates maybe?

5. New people
Lets see how many show up. I ran into a few people at defcon from Portland. I have also been contacted my a few others who said they would make it out, and then there is always the crowd that just wandered into Portland.


Friday, August 7th 6pm Be there etc

Saturday, July 25, 2009

Gadi Evron trashes Matasano Security

Gadi Evron, prize winning turkey farmer, accomplished zoologist, and leader of the underground hacker cult known as "antisec" struck an epic blow against the white hat community this morning by defacing the website of Matasano Security.

haxlog http://seclists.org/fulldisclosure/2009/Jul/0388.html
screenshot http://twitpic.com/blss1

A funny note from our favorite appelbaum mentions that the matasano web server is actually being hacked from an idefense mail server(209.112.118.10). Lulzy extreme.

I spent a couple hours bruting the hash for this "adam" character mentioned in the haxlog, and either my machine is way too slow, or adam was NOT using a trivial password. If that is the case, and assuming antisec didn't tamper with the log (TERRIBLE ASSUMPTION), then the attack being used is not a simple ssh password enumeration like many seem to be claiming. This raises the possibility that antisec is actually in possession of some rather 1337 0day.

I really hope those running forensics on the penetration come up with something awesome, and can finally provide some solid evidence one way or the other on this mystical claims of ssh 0day. From what I can make out, it also looks like Gadi is going to attempt to sell his ssh 0day at infosecsellout's auction next week for 500k.

Thursday, June 18, 2009

Portland Mayor Sam Adams wants Portland to be a “hub for open source”

Portland Mayor Sam Adams opened the second day of Open Source Bridge with a keynote calling for increased collaboration between the City of Portland and the open source community.

Why? In hopes of making Portland the “hub of open source” and—in a bit of throwing down the municipal open source gauntlet—vowing to “out open source” Vancouver, British Columbia, which has recently declared itself a completely open city.


READ THE FULL STORY HERE

http://siliconflorist.com/2009/06/18/portland-mayor-sam-adams-portland-oregon-hub-open-source/

Friday, June 12, 2009

new rules!

Since there seems to be a new fad of people writing rules for the meeting, I though I would jump on the bandwagon :-)

1. Rules are for wussies.

2. Bring all the toys you can. Got your USRP to do something fancy? Bring it. Find some nifty features in the new kismet? Show those off. Find some new memory corruption in quicktime, but can't quite land code? We can help with that.

3. Talk and listen. Take the amount of time you have been at the current meeting, and divide by the number of people present. This is a length of time denoted by X. X is the ideal time for how much talking you should have done so far. If you have spoken for less than X/2, try randomly blurting out something cool you saw recently. If you have spoken for more than 2X, you should be asking more questions to other people, speaking with more breaks so people can interrupt without feeling like assholes, or maybe you just need to be more concise about what you are saying :-p

4. Don't worry about getting owned. Everyone gets owned eventually, or they live such a cloistered existence that they have no serious understanding of security. People get owned at 2600 because it's funny. No one at 2600 is the type of spiteful bastard that is going to rm your life. Most people there will just laugh and tell you when it happens. There is a rare exception for people who are super annoying, or mega drama queens etc, who might find some rick astley in their live journal.

5. PoC or GTFO. No one cares if you can win the internet in under 10 minutes. Don't give someone crap about running IE6 on win2k if you don't know how to land on it. If you think someone is running insecure tech, then own them. If you think something is easy because you saw someone blog about it somewhere, then try it for yourself. Avoid bragging about being able to do something that you have never done before.

6. 2600 accepts anyone the law allows. Mexicans, bigfoot, hipsters, garbage pail kids, old people, new people, malicious criminals, corporate whores, federal agents, even chan kids. Just show up. It's fun.

Wednesday, May 20, 2009

Linux

Got this from a post in Fark that linked to Slashdot post.

you need to comment the author of this.

http://linuxfonts.narod.ru/why.linux.is.not.ready.for.the.desktop.html

Friday, May 1, 2009

may is here


Turns out it's May. Sneaky huh? Looks like the typical game plan, meeting there around 6 or 7, and getting kicked out at 8.

(Slight edit by Tap3w0rm - Image was showing up funky in IE8 )

Tuesday, April 28, 2009

SAFETY REMINDER!


Remember it's all fun and games till someone looses a hand

Saturday, April 18, 2009

Locks

I came across this in my random wanderings around the internet. A very interesting and secure lock.


http://www.crypto.com/photos/misc/wecolock/

Thursday, April 9, 2009

Monday, April 6, 2009

Images from 2600 - Hacked by some Class A Hacker

The last 2600 was ok. It was a little annoying with the guitar hero contest going on in the background. Then we got kicked out for a concert. We chilled outside and talked for over an hour. Everything I heard of the concert was complete crap.

I snagged some pics of our meeting ( no faces of course ) and the ones i got are blocked. Also laptop screens are blocked out. Some class A hacker hacked all my images :)
Class A Hacker

Pile of 2600 mags


I just like the sticker

A clear modem in the upper left corner / and some mags

Thats the guts form a clear modem

Laptops and cellphones

MMore laptops

Friday, March 6, 2009

March 6 2009

Looks like YET ANOTHER concert going on at backspace this evening.

I called them to ask when it starts and was told it is a pay to get in thing and starts at 7:00 PM. So we can do old town pizza if we must. The concert starts at 7:00PM.

http://www.oldtownpizza.com/

[GOOGLE MAPS]

226 NW Davis St, Portland, OR‎ - (503) 222-9999‎

If you get lost you can email me tap3w0rm@gmail.com I will have my PDA Phone on me all night.

Friday, February 6, 2009

feb 2009

Backspace looks like they are having another band playing tonight.

If it gets too annoying, or they start charging at the door or whatever, we could probably meet up at old town pizza, which is just a couple blocks away (between 2nd and 3rd on Davis).

Monday, January 5, 2009

Friday, January 2, 2009

janurary meeting!

Hey everyone.

This month I will be bringing down some of my new wimax toys to mess around with.
If anyone else has any fun gear to bring down, please do. Wifi gear is also acceptable :-)

The current plan that I am aware of is backspace until we are bored, then if we feel like it, we can head back over to julia's cafe, or maybe bar hopping or whatever.

Also, all the cool kids are following this blog on rss, so if you aren't already, you should start, and anyone who asks gets admin privileges, so if you want to post some random crap here, just let any of the current admins know.