News & Information regarding DC802

Next Friday is the first of the month. That’s this Friday. It’s 2600 time! Meeting will be at the usual place the Game Lounge at 178 Main Street in Burlington Vermont from 5-8. It’s on the third floor, so just keep going up. There will be signs to point the way.

Afterwards we will probably head over to Laboratory B our new hacker space just  1.5 blocks away for further hijinks! We’ve made a lot of improvements since we moved in 2 weeks ago!

The Blog : The Truth about Violence : Sam Harris.

I thought this was very interesting. His three principles are:

1. Avoid dangerous people and dangerous places.
2. Do not defend your property.
3. Respond immediately and escape.

A New Cybersecurity Research Agenda (In Three Minutes or Less) | threatpost.

1. We would need a lot less research if we put into practice what we already know.  But we don’t.  Ergo, why we don’t put into practice what we already know is itself a research-grade topic.
2. We humans can build structures more complex than we can then operate. (The financial industry has just proven this by example.) Cyberspace is on track to prove the same thing to us all over again, which leads to the research question:  Are humans in the loop a failsafe or a liability? Is fully automated security to be desired or to be feared?  Is there a simple metric that differentiates the desirable from the frightening?
3. Security is not composable. However, in cyberspace, everything critical is a melange.  Gilbert and Lynch’s proof of Brewer’s theorem finds that in a distributed system it is Consistency, Availability, and Partition Tolerance, choose any two. That tells me there is a research grade result for cybersecurity that will be found to be parallel.
4. In the 1990s, the commercial world pulled even with the military world in the application of cryptography.  It is now doing the same with traffic analysis (heretofore the strategic redoubt of the intelligence community). While the intelligence community has had the pre-eminent sensor fabric, integrated messaging coupled to geo-location technology is the stuff of hegemony. This is a fact which is not lost on Russia, is not lost on China, and one hopes is not lost on Google.  Is resistance to traffic analysis a research grade question, or is it merely wishful thinking?

5. The security implications of the conversion to IPv6 are poorly understood. The security impact of the move to IPv6 will be felt one step beyond the IPv6 address, at the interface between an impossibly large Internet address space and a nearly infinite, but intermittently tethered Internet-of-things. IPv6′s simultaneous multi-homing and address-hopping along with consumer-grade multi-channel routers mean network discovery as a cybersecurity tool is dead.  As a research topic, what replaces network discovery as a management tool, or is consumerization the end of bothering to try?

6. All security technologies are dual use. Does anyone want to prove otherwise?

Advanced Nmap Security Aegis. NMAP is a tool I use every day..and I just use it for the scanning bit..

Some Thoughts on Binary Risk Assessment « The New School of Information Security.

Pocket Sized Risk Assessment…hmm interesting!

GPG on your Android Phone…yes please!

Apparently DerbyCon was awesome, for those who missed it! Check out all the talks here!

It’s 2600 meeting time again. Today at the  Game Lounge at 178 Main Street in Burlington. It’s on the third floor, so just keep going up. There will be signs to point the way.

I (Agent X) will be bringing some lame give-aways. And other surprises!

If our ignorance is infinite, the only possible course of action is to muddle through as best we can.

This applies to hacking too. Your not going to change the game by playing along.

I’m getting in gear to setup a another DC802 meeting, looking for presenters and an awesome venue! Is there anything you’d like to see? let us know at info@dc802.org