July 13 2015 Cybersecurity, mesh networking, tools and snooping
John drew attention to the recent change in the MariaDBÂ 10 .mysql_history file format which means that any old .mysql_history file is overwritten [he later found the following thread in the RedHat Bugzilla which suggests that the issue has been around for a while but is only cropping up as distros update to MariaDBÂ 10].
He also drew attention to his report on the Cybersecurity futures lecture at Bradford University given by Prof. Sadie Creese, Professor of Cybersecurity at Oxford University.
Kriss and Shi then described their work on developing a light for Innovation labs and West Yorkshire Combined Authority which will change colour depending on how close a bus is to a bus stop so that elderly people approaching the bus stop know whether they can take their time or need to hurry to get to the bus.
They then introduced Byzantium, the ‘Ad-hoc wireless mesh networking for the zombie apocalypse,’ which they had looked at in connection with another project to provide a low-cost, easy to use intercom system. In practice, it consisted mostly of shell scripts plus Etherpad bundled into a CD download which enables you to set up mesh networking.
They had built a unit using a Raspberry Pi, a microphone, a sound card (to handle the second audio stream), a speaker and a button through which someone could broadcast a message to a mesh network by pressing the button and speaking. Everyone on the mesh network would hear the broadcast message. They had concluded that Byzantium was not the way to go through they had looked at it because they had got it running on a Raspberry Pi.
What they were interested in was OLSR which broadcasts on the UDP port in order to discover and build the structure of a mesh network; however, they weren’t interested in the mathematics of routing but in using it simply for identifying those to whom they could broadcast.
Finally, we looked at a short YouTube video of Nottingham Hackspace.
Richard then demonstrated the use of a punch-down tool for fixing cables, for example, into BT backplates, a network tracer for finding cables in walls which emits a tone as it follows the cable — it can also be used as a continuity tester — and a cable stripper.
David drew attention to the YouTube video Early days of Unix and the design of sh presented by Stephen Bourne before updating us on the latest snooping revelations.
He pointed to an article about Microsoft pushing out 17 new root certificates without explanation and one about police complicity in blacklisting trade unionists.
The Intercept has published an article about the workings of XKEYSCORE while it has become clear since Hacking Team got hacked and 400GB of data was passed to WikiLeaks how the FBI has been cooperating with them to get round the NSA and that Hacking Team was aware of three zero-day exploits in Adobe Reader as well as one for Android. Hacking Team was also selling its services to countries like Sudan in spite of earlier denials. It has also had dealings with a Bangladesh police death squad team while an email from the Metropolitan Police about possible contracts with the Home Office, MI5 and SOCA to Hacking Team has emerged. Fortunately, it appears that someone told Paul Knapp, the officer responsible, that it was illegal and nothing went ahead. However, they were also in contact with Staffordshire Police.
Hacking Team were also hacking ISPs to do dodgy stuff and, when they got shut down, Hacking Team got the police to help them to hijack other ISPs.
Meanwhile John Graham-Cumming has blogged about Hacking Team being aware of the Javascript being injected into webpages by the Tunisian government before its overthrow to intercept data going to Facebook, Gmail and Hotmail.
The news that Hacking Team used Trinity in one of its exploits has prompted Trinity developer, Dave Jones, to freeze development.
Past Meetings