Hi all, well apart from the fact that the next meet date is yet to be arranged I thought I'd get into this with a public apolology. Sorry to everyone who wanted a security thingy for the last meet, I had a little family prob come up which took me to the Midlands on that day. No time (or memory) to notify you all. Anyways :
David Freeman david_freeman@rocketmail.com wrote :
Yes Mr newman, I wanted to chat to you about the wearables, I here you did some demos for Lonix of your wearables stuff, which means you are pencilled in for the next meet to do a wearables demo. Also While on the subject, Earl your doing a security demo. Out of interest for input devices what is there for a wearable? I quite like my split keyboard, could I some how still use a qwerty keyboard with a wearable?
Looks like Dave is grabbing the bull by the horns here and kicking us LUGGITES into line. So OK. Act of God permitting I will do an overview/demo at the next meet. This will be the format (assuming no-one else wants to get involved and up things a little) 1)TCP/IP as an inherently insecure protocol. 2)DOS : Why RFC compliant TCP/IP implementations leave your machine open to Denial Of Service. This will be the standard DOS, hopefully with a demo. Though I will nedd to run an older implementation of Linux to show this so unless I can get it right (or eeeeeeeek! use a windoze box) then it will have to be theory only. 3)Buffer Overflows : a)If its binary you can send it and get the remote machine to execute it. Demo1-Local : A simple bufer overflow program which yields a shell. Demo2-Remote : wu_ftp : A classic buffer overflow yielding a root shell. 4)Once compromised its easy to get back in : Standard things that are done to make sure you can get back in (Backdoors)
Someone or other may wish to have 2 penneth, esp. if you have any info on current backdoors, other B.O.s (I'm currently looking at Adore) I would be glad to share the load. I will not be touching on firewalling/NIDS either, I'm sure there are other ALUGites who could do this better. Feedback, thoughts, comments, suggestions, offers of cash or other involvement..... you have my email address. Cheers Earl