I got some strange IM from someone. Halfway through  I figure out we’ve
been setup somehow with a relay in the middle and both of us see the
other as some other identity. When the person says he is using adium, I
thought it was a perfect chance to fire up OTR to see what would happen
with this MITM scenario….  Funny enough, it revealed the identity of
the other user to me :)

(My AIM identity is letoams)

(06:17:38 PM) SensitiveCoho: Hey.
(06:18:16 PM) letoams: bot?
(06:18:36 PM) SensitiveCoho: are you a bot?
(06:18:53 PM) letoams: are you are you are you a bot?
(06:19:14 PM) SensitiveCoho: no
(06:19:17 PM) SensitiveCoho: i’m human
(06:19:28 PM) letoams: ok then
(06:19:57 PM) SensitiveCoho: who are you?
(06:20:13 PM) letoams: if you dont know why are you talking to me?
(06:20:26 PM) SensitiveCoho: i want to know why you’re talking to me
(06:20:48 PM) letoams: you started?
(06:20:52 PM) letoams: (06:17:38 PM) SensitiveCoho: Hey.
(06:21:12 PM) SensitiveCoho: i’m not SensitiveCoho
(06:21:30 PM) letoams: that’s what i see
(06:21:31 PM) SensitiveCoho: embarrassedcoho
6:17

Hi!
(06:21:40 PM) SensitiveCoho: i see you as “embarrassedcoho”
(06:21:48 PM) letoams: that’s not my name :)
(06:22:00 PM) letoams: funny. must be some bot connecting two random im
identities
(06:22:06 PM) SensitiveCoho: maybe
(06:22:20 PM) SensitiveCoho: you on mac/pc?
(06:22:27 PM) letoams: linux
(06:22:32 PM) SensitiveCoho: i’m on mac
(06:22:33 PM) letoams: not infected here :P
(06:22:37 PM) SensitiveCoho: using adium
(06:22:57 PM) SensitiveCoho: adium’s been weird today … bugging me that yahoo
messenger network is down for mainenance
(06:23:00 PM) letoams: really? let’s try otr then. that would defeat a man in
the middle attack
(06:23:02 PM) SensitiveCoho: it just keeps telling me this over and over
(06:23:03 PM) Attempting to start a private conversation with SensitiveCoho…
(06:23:12 PM) SensitiveCoho: otr?
(06:23:14 PM) sensitivecoho has not been authenticated yet.  You should
authenticate this buddy.
[Image] (06:23:14 PM) Unverified conversation with SensitiveCoho started.
(06:23:26 PM) The following message received from sensitivecoho was not
encrypted: [error]
(06:23:29 PM) The following message received from sensitivecoho was not
encrypted: [hmm]
(06:23:30 PM) letoams: its privacy crypto built into adium and pidgin
(06:23:33 PM) OTR Error: You sent encrypted data to logicbus, who wasn’t
expecting it.
(06:23:45 PM) Successfully refreshed the unverified conversation with
SensitiveCoho.
(06:23:45 PM) The last message to sensitivecoho was resent.
(06:23:47 PM) letoams: haha
(06:23:47 PM) The following message received from sensitivecoho was not
encrypted: [could this be due to a compromised password?]
[Image] (06:23:53 PM) Private conversation with SensitiveCoho lost.
(06:23:56 PM) OTR Error: You sent encrypted data to logicbus, who wasn’t
expecting it.
(06:23:59 PM) SensitiveCoho: i can’t read what you’re saying
(06:24:02 PM) OTR Error: You sent encrypted data to logicbus, who wasn’t
expecting it.
(06:24:03 PM) letoams: awesome. the MITM does otr too
(06:24:20 PM) sensitivecoho is contacting you from an unrecognized computer.
You should authenticate this buddy.
[Image] (06:24:21 PM) Unverified conversation with SensitiveCoho started.
(06:24:23 PM) The following message received from sensitivecoho was not
encrypted: [i read that]
[Image] (06:24:29 PM) Private conversation with SensitiveCoho lost.
(06:24:38 PM) SensitiveCoho: very strange
(06:24:40 PM) letoams: i think we blew up the mitm thing.
(06:25:06 PM) letoams: you know anyone in Toronto?
(06:29:13 PM) The encrypted message received from sensitivecoho is unreadable,
as you are not currently communicating privately.
[Image] (06:29:34 PM) Unverified conversation with SensitiveCoho started.
[Image] (06:29:34 PM) Unverified conversation with SensitiveCoho started.
[Image] (06:32:21 PM) Private conversation with SensitiveCoho lost.
(06:32:27 PM) letoams: is your handle logicbus ?
(06:32:41 PM) The encrypted message received from sensitivecoho is unreadable,
as you are not currently communicating privately.
(06:33:02 PM) SensitiveCoho: how did you figure that out
(06:33:11 PM) letoams: (06:23:33 PM) OTR Error: You sent encrypted data to
logicbus, who wasn’t expecting it.
(06:33:15 PM) letoams: otr told me
(06:33:26 PM) SensitiveCoho: hmm
(06:33:34 PM) SensitiveCoho: i just see “embarrassedcoho” for those msgs
(06:33:44 PM) SensitiveCoho: i suppose that could be a client thing
(06:33:49 PM) SensitiveCoho: i guess you have an advantage over me
(06:34:08 PM) letoams: still curious what is going on here. (my AIM is letoams)
(06:34:16 PM) SensitiveCoho: yeah
(06:34:41 PM) SensitiveCoho: i googled embarrassedcoho
(06:34:48 PM) SensitiveCoho: didn’t come up with anything helpful
(06:35:42 PM) letoams: me neither
(06:36:22 PM) letoams: anyway. gotta go. have a nice life :)
(06:36:35 PM) SensitiveCoho: peace

Anyone what this double-blind bot MITM thing is? Someone’s research project?

Posting this well in advance so that people show up!

Tuesday Dec. 9th I’ll be making duct tape wallets and would love for others to participate too!  I’ll have some tape available, and instructions, but please bring tape too if you want to make your own.

I’ll have enough heavy duty tin foil for a zillion wallets, so don’t worry about that.

It’s on our google calendar, of course:

-Leigh

I’ve just spent about 3 days LDAPizing several of the support apps Hacklab uses, so I thought I’d share my notes.
(continue reading…)

For the past couple of weeks a few of us have been meeting up at the lab to learn some Python.  Some of us are complete beginners, while some of us have been programming profesionally for years.  It makes for an interesting evening and we’re been learning lots.

We’re basing the sessions on the book Python for Software Design: How to Think Like a Computer Scientist, which is available for free online.  We’ve been impressed so far with the book’s clarity and the quality of the example code it comes with.

After a few successful sessions, we’ve decided to make this a more regular / official meeting at the lab.  It’ll be every Thursday at 7PM until around 9, though we have gone later in the past, and some of us show up earlier as well.  Feel free to drop in our IRC channel (#hacklabto on freenode) if you want to see if anyone’s already at the lab.  For this Thursday if you feel like catching up before you come out, we’re at chapter 4; don’t worry, though, we’ll be able to get you caught up if you’re a total beginner :)

-Leigh

Are you curious about the space and want to come check it out, but fear that you won’t know anyone or have anything to do?  Are you afraid of showing up in Kensington and knocking on the door only to find it locked?

Fear not!  Unpatched Tuesdays are just the thing for you.

Every Tuesday from 6(ish) to late in the evening we have an “open lab” night.  It has varied between a mostly social event and a productive work party depending on what people are up to, but the key thing about it is that the door is open to all comers.  Show up with a Linux or BSD question, an interesting piece of hardware, a technical problem, or your new widget that you want to show off.  The Tuesday night crowd is a resourceful and friendly bunch, and it’s always great to see some new faces.

You’re also welcome to show up empty-handed, but we might put you to work!  There are a bunch of ongoing hardware and infrastructure projects at the lab, so expect to be assigned a bug on our bugtracker :)

The other important thing to note is that you don’t need to be a 5up3r 31337 hax0r to come out on Tuesdays.  Just be friendly and interested and you’re totally welcome.  There’s no minimum height, age, or skill level required to participate.

There are also other events going on at the lab.  Go Night on Mondays, and irregularly scheduled classes which all get posted on the calendar and announced on our pretty low-traffic mailing list.  We usually post about them on the blag too, so subscribe to any of those to keep up to date.

-Leigh

I’m a mathtard. I admit it.

Which isn’t such a great thing to be in this line of work. I’m no slouch – I’ve rocked the occasional Smith Chart, understand basic calculus, and learned to hate LaPlace transforms – but when people start throwing formulae up on the board and proceed to analyze and then code something up based on it, I get lost very easy.

So I proceeded to bug Shardy the other day as to whether he’d be up for doing the occasional math lecture at HackLab. I wanted to learn more about the ideas, math and implementation of Markov Chains. He seemed cool with it, but now I think I might see about trying to leech even more from the guy’s brain.

Would people mind helping me come up with a list of ideas for Math talks? Let’s focus on stuff germane to cryptology, protocols and compsec.

Locks and Lockpicking, sometimes called ‘Locksport’ (yet another ‘politically correct’ term I abhor) is commonly seen at hacker conventions. If there isn’t an outright “Lockpick Village” or vendors selling picks and books, then at the very least a small group will unofficially congregate at some table or empty corner to talk and trade techniques.

I bet most people reading this have tried lock picking, and if not, it was only for lack of tools. But that shouldn’t be a reason any longer; it’s very easy to order the equipment online, and failing that, simple to make yourself. Street sweeper bristles, a cheap file and paper clips will do.

Starting off I had a real knack at opening locks, or at least thought I did, until I handed the tools to my brother who halved my picking times within a day. They then made their way to a roommate of his and she more than halved his times. Fun for the whole family!

While we’re at it, let’s give thanks for living in the Great White North where possession of lockpicking tools is entirely legal. Unless, of course, you’re using them to commit a criminal offense.

Now on to business… I would like to gauge the interest in holding some kind of monthly lockpicking meet-up at the wonderful HackLab space. I have several ideas and goals in mind:

1. Get new people involved, and equip them with tools so they can pursue this hobby

2. Bring like minded people together to share tips and techniques

3. Lend and/or trade various locks and lock collections, or create collections, so that there’s a wide range of interesting gear for people to learn and progress on

I’ve developed a pretty decent collections of locks that I will be happy to put into rotation. Some are modified with reduced pin counts to make learning easier, or cutaway so that you can study the action. Some have never been opened by anyone via picking – be the first!

Additionally, I hand manufacture 5 piece lockpicking kits, in small quantities and of tolerable quality. I will give them away, free of charge, to anyone who signs up and pays for HackLab membership. If regular meetups do come about, rest assured enough temp equipment will be provided for everyone who attends the session (within reason).

I’ve been wanting to get back into playing go. There’s also this neat lab space that I can use for hosting events (maybe you’ve heard of it). While thinking about these two things, I figured that maybe they would work well together!

So, I’m going to try to start a bi-weekly go night at the HackLab. Starting next Monday, from 6-9(ish) PM, I’ll be trying to get back into playing this awesome game, and you should join me. I’ll do my best to bring extra boards so everyone who shows up can play, but if you have one, please bring it!

If you don’t know how to play, that’s ok too, as I’m more than happy to teach people.

I hope to see people there next week!

Project Blinkenlights will be contributing to Nuit Blanche this year with Stereoscope lighting up Toronto’s City Hall. From their page:

Stereoscope

After a long break, Project Blinkenlights is coming back big time in Toronto, Canada this year. Targeting the landmark building of Toronto City Hall, the group is participating in this year’s Nuit Blanche all-night art event on October 4th, 2008. The installation’s name “Stereoscope” reflects the special nature of the building with its two curved, opposing facades effectively creating a three-dimensional appearance.

Not having rested in the recent years, Project Blinkenlights has developed new technology to wirelessly control the lights placed behind the 960 windows of City Hall allowing for a large scale visual concert during the night in downtown Toronto.

Public Participation

As usual, Project Blinkenlights invites the public to be a part of the installation by opening up a variety of ways to interact with and provide content for Stereoscope.

Among the more traditional features, everybody can play classic computer games on the facade simply by using a mobile phone. The two upper parts of each tower serve as dedicated playgrounds each offering separate telephone numbers for individual gameplay. These numbers will be published on-site beginning the week before Nuit Blanche so that people can get the information where they need it – at Nathan Philips Square in front of City Hall in Toronto.

A simple animation tool and open animation data formats enable you to to create simple movies for Stereoscope – addressing one of four parts of the whole facade. Focusing on simple, low-resolution imagery, Project Blinkenlights wants to revive the spirit of the original Blinkenlights installation in Berlin that obtained its charme from the down-to-earth, barebones design of low-res imagery.

For advanced graphic artists, the group provides a set of tools running on Macintosh computers to design complex animation design that serves as the background imagery and core appearance of the Stereoscope installation.

In addition to our usual events, we’ve got two upcoming parties at the lab that you may want to join us for.

The first is our incorporation party– to celebrate our official status as a non-profit corporation, we’re throwing a party. Come join us at the HackLab to celebrate our incorporation, get ready for Nuit Blanche and SecTor, or even check out the space if you haven’t seen it yet. Yes, yes, it’s not a secret, we’re also fundraising– help us out as we try to offset our start-up costs.

Also, we have a couch now, for real. For real!

The second is an unofficial afterparty for SecTor, where we get to show off the lab to everyone from out of town.

Save the dates:

Incorporation Party – 10/3, 7pm – 3am
SecTor Unofficial Afterparty – 10/8, 8pm – 1am

We hope to see you at the lab!