Due to popular demand, the next dc949 meet will be at 16241 Beach Boulevard Huntington Beach, CA 92647.  The meetings page will be updated to reflect the new location shortly.

For those who weren't there, the last meeting we talked about Synn's lab, Black hat tactics, VM detection, and moving the meeting to HB. 

Someone noted that the Chipotle's on Beach Bl. has benches (in addition to chairs).  We're still scoping out other places, and in the meantime meetings will be at the usual place (see meetings page).

After 5 years of running Open Capture the Flag, we have come to the decision that it is time to pass it along.  It's been a good run, absolutely fascinating, and amazingly fun. We hope that everyone who has participated in our Open CTF has had as much fun as we have had running it.  It's been a lot of work, more work than we have time for anymore. There's so many things that where put on the back burner to make the time for oCTF.  We feel like now would be a good time to pursue these endeavors, and pass our contest to another group of passionate hackers.

Livindead contacted me a few weeks ago when he heard that we may not be running oCTF anymore.
He asked if his group, who has participated in just about every oCTF, could take the reigns and give it a shot.  Frankly, I can't think of any crew better to take over oCTF.  If anyone has the drive and passion to keep the spirit we tried to instill in the contest, its these guys.

Without ranting on much longer, I would like to formally and officially, announce that...

The Tube Warriors are now officially in charge of every aspect of Open Capture the Flag.

We will be available to them in a supporting role for this year, giving as much or as little help/advice/support as they request.  This will be their first time undertaking a project of this size, and frankly, we wouldn't have it any other way.  When we started, we had no clue what we where getting into, and our first year was all but disastrous.

Lets all welcome The Tube Warriors, and wish them luck in their new calling.
http://tubewarriors.org/

Sincerely,
All of DC-949

To be more compatible with peoples' schedules, we've moved meetings to Tuesdays instead Thursdays.  Same time (19:00), same place (Chipotle's off the 91).

We're getting a new server which will soon host skynet, as well as utfSmuggler.

Our next research project is to look at hardware acceleration and parallelization to attack the crypto algorithms we all know and love.  I expect that the result will be epic... whether it's fail or win has yet to be determined.

There's a meeting tonight. If you don't know, now ya know!

Someone asked me if we're actually meeting tomorrow.  Well hell yeah we are!  I understand that most people will be too busy for a hacker meeting, but as for the rest of us, we'll be hacking something in the parking lot to be sure.  So I'll see you there if you show up.  Telecommuters welcome.

If you don't have your tickets by now, you best get them in the last round.  For without a ticket, you can't create an awesome barcode of some sort for our contest, barcode shmarcode!  Check out the pictures so you can make sure you're not doing something that's already been done.  Come original.

Time to put some rumors to rest...

• First, we didn't all die and get buried in the Nevada desert. I know, it's shocking, but we're all accounted for, honestly.
• Next, which is related to not being dead, the group is not going the way of the dodo. We still meet the second and fourth Thursday of every month at Chipotle's (12560 Artesia Blvd, Cerritos, CA 90703). To make it even easier, you can just type in dc949 on google maps and we'll show up.

Next, we should explain why the site has been offline for several months. Well, we're in between hosts and nobody in the group had any rackspace they were willing and able to share, which is why we were offline. We're online now is because Adam is hosting the site, DNS, etc. from a desktop at his house. So, if you're reading this on google cache because the site is down, it's probably because Verizon changed his IP again and we haven't been able to update the DNS yet. We are working on a proper solution where we'll have our own host in a rack, with our own IP. That'll probably get set up by the end of this year. Until then, enjoy the crappy service courtesy of Adam (but crappy service is better than no service!).

Things we're currently working on include hardware development / hacking. Adam plans on powering the vending machine with an arduino (mega). Frank^2 is busy taking over botnets. Keytops is working on some circuits for his car (fun blinkers, distributor, and possibly fuel injection & full ECU replacement). Others are probably busy with work or working on super secret projects. We may do some more work with UTF-8 smuggling. We may resume some crypto work that we were doing previously. Shmoocon isn't too far off, and if we can think of a contest which is worthy of existing at a con of that calliber, we'll do that. As you should have realized at LayerOne in 2008, DC949 really is a mixed bag of fun. We have some binary reversing ninjas, people with packet-foo, and others who are attacking the new web technologies as fast as they appear. Diversity is they key!

Vyrus will be going over "morphing techniques for plain text malware"at the next meeting.  at least 1 live before and after sample will be provided.

"Also, if you have a laptop with a VM, bring it.  I'm specifically looking for things other than VirtualBox running either Windows or Linux." --Adam

I gave a little demo of how to derive a private RSA key from someone's 256-bit public RSA key a while back.  If one takes this exercise to the next level and attempts to break a 512-bit key, they should get a feel for how things scale.

A 1024-bit key is not going to be broken in a reasonable amount of time on standard computers.  There are the paranoid people who think that even 4096-bit keys are easily broken by "the government."  I haven't seen any proof, and it would either take a very large amount of CPU power (i.e. quantum computers, and other things which haven't become a reality yet) and/or a revolutionary algorithm which has eluded all mathimatitions for literally thousands of years.  In thier defense though, it wouldn't be public knowledge if someone did find a way.  And it's better to error on the safe side.

Bruce Schneier's take
Not even slashdot says it's feasible
426-bit key broken in 5000 MIPS-years

I hope the skeptics continue to support encryption; without it we know we're wide open for any MiM to take the data; with it we at least have a chance at gaining some privacy.  At a minimum it would severely limit the number of people who could read the encrypted message, and isn't that worth the trouble of clicking the encrypt button and entering your passphrase?

The files from my demo:  dc949_rsa_cracking.tar.bz2