There's a meeting tonight. If you don't know, now ya know!

Someone asked me if we're actually meeting tomorrow.  Well hell yeah we are!  I understand that most people will be too busy for a hacker meeting, but as for the rest of us, we'll be hacking something in the parking lot to be sure.  So I'll see you there if you show up.  Telecommuters welcome.

If you don't have your tickets by now, you best get them in the last round.  For without a ticket, you can't create an awesome barcode of some sort for our contest, barcode shmarcode!  Check out the pictures so you can make sure you're not doing something that's already been done.  Come original.

Time to put some rumors to rest...

• First, we didn't all die and get buried in the Nevada desert. I know, it's shocking, but we're all accounted for, honestly.
• Next, which is related to not being dead, the group is not going the way of the dodo. We still meet the second and fourth Thursday of every month at Chipotle's (12560 Artesia Blvd, Cerritos, CA 90703). To make it even easier, you can just type in dc949 on google maps and we'll show up.

Next, we should explain why the site has been offline for several months. Well, we're in between hosts and nobody in the group had any rackspace they were willing and able to share, which is why we were offline. We're online now is because Adam is hosting the site, DNS, etc. from a desktop at his house. So, if you're reading this on google cache because the site is down, it's probably because Verizon changed his IP again and we haven't been able to update the DNS yet. We are working on a proper solution where we'll have our own host in a rack, with our own IP. That'll probably get set up by the end of this year. Until then, enjoy the crappy service courtesy of Adam (but crappy service is better than no service!).

Things we're currently working on include hardware development / hacking. Adam plans on powering the vending machine with an arduino (mega). Frank^2 is busy taking over botnets. Keytops is working on some circuits for his car (fun blinkers, distributor, and possibly fuel injection & full ECU replacement). Others are probably busy with work or working on super secret projects. We may do some more work with UTF-8 smuggling. We may resume some crypto work that we were doing previously. Shmoocon isn't too far off, and if we can think of a contest which is worthy of existing at a con of that calliber, we'll do that. As you should have realized at LayerOne in 2008, DC949 really is a mixed bag of fun. We have some binary reversing ninjas, people with packet-foo, and others who are attacking the new web technologies as fast as they appear. Diversity is they key!

Vyrus will be going over "morphing techniques for plain text malware"at the next meeting.  at least 1 live before and after sample will be provided.

"Also, if you have a laptop with a VM, bring it.  I'm specifically looking for things other than VirtualBox running either Windows or Linux." --Adam

I gave a little demo of how to derive a private RSA key from someone's 256-bit public RSA key a while back.  If one takes this exercise to the next level and attempts to break a 512-bit key, they should get a feel for how things scale.

A 1024-bit key is not going to be broken in a reasonable amount of time on standard computers.  There are the paranoid people who think that even 4096-bit keys are easily broken by "the government."  I haven't seen any proof, and it would either take a very large amount of CPU power (i.e. quantum computers, and other things which haven't become a reality yet) and/or a revolutionary algorithm which has eluded all mathimatitions for literally thousands of years.  In thier defense though, it wouldn't be public knowledge if someone did find a way.  And it's better to error on the safe side.

Bruce Schneier's take
Not even slashdot says it's feasible
426-bit key broken in 5000 MIPS-years

I hope the skeptics continue to support encryption; without it we know we're wide open for any MiM to take the data; with it we at least have a chance at gaining some privacy.  At a minimum it would severely limit the number of people who could read the encrypted message, and isn't that worth the trouble of clicking the encrypt button and entering your passphrase?

The files from my demo:  dc949_rsa_cracking.tar.bz2