I love excessively documented things. Design documents, protocols specs…whatever and Tor is one of those projects that I’ve always loved to randomly poke around into. I got sucked into Tor’s source code today and was entertained by the results. Beware, crypto time suck ahead. ControlPort Tor is controllable by making socket connections to it’s aptly named “ControlPort” usually on port 9051. The control port is not enabled by default if you’ve just installed Tor on Ubuntu or something, but it is enabled on the Windows packages that use front-ends like Vidalia.

Late next week, JustBill and I will be presenting at Defcon/303 Skytalks in Las Vegas. The presentation, Jukebox Jacking, is a project I’ve been working on for longer than I want to admit. The short version is that I’ve been messing around with a jukebox in my spare time as a weird side project. It started out as just a mobile hacking project and then turned into RF and hardware hacking.

BSidesROC is over. There’s no reason to really give you a blow by blow but I think it might be entertaining to see some of the feedback we received from attendees. Both years that we’ve done BSidesROC we’ve sent out a survey email right after the event with a very quick survey that gave us some feedback on what people thought about the event. I really do take it seriously but also some of the responses were very interesting.

BSidesROC is this Saturday at 8am. Holy crap. I wanted to give a final post before the con so you can figure out what to expect the day of the event. If you haven’t signed up, you should get a ticket right now. Do so on the website. http://www.bsidesroc.com Capture All The Flags We will have a capture the flag style competition. The open competition will involve you and your team being rewarded for cracking security challenges.

There’s only a few days left for this years BSidesROC on 5/12/12. “Rochester’s first and only hacker con”. « Do you know why we say that? Not because we’re the only computer security conference, and not because we think other security conferences suck (well some do), but it’s because an info sec event is not the same as a hacker con. I’m talking about Rochester Security Summit for example. It’s been going on for years run by the local ISSA chapter and they do a good job.

The first official meeting of the Rochester TOOOL chapter happened this last Thursday. Jason Ross, the organizer of the group, you may have met at 2600 meetings, BSidesROC, seen present at BlackHat, or whatever infosec you’ve been to in the area. He’s been working with TOOOL.us to get a chapter started locally which makes Rochester a part of a small group of TOOOL chapters in the US. The Open Organization Of Lockpickers is organized in the U.

It’s been 6 months since I started running a Tor bridge node on an Amazon EC2 instance. Back then, Tor had just announced an initiative to get people setting up cloud images to run as bridge nodes. This was during the then recent upheaval in the Middle East where connections to the Internet were either disabled completely, or they were extremely restricted as to what sites they were allowed to see.

Here is a brain dump of what happened this weekend at ISTS 9, SPARSA’s Information Security and Talent Search. A bunch of the people from 2600, Raphael Mudge, Punkrokk, Joe, Gerry, and others were part of the Red Team. Define:ISTS The event worked like so: There were 13 Blue Teams, groups competing in the event. Their job was to take the 5 servers that they were given, run specific services in order to get points, and, something a little different than other competitions, hack into other groups for points.

I think it was less than a week after I announced my little Android Manifest auditor tool, Manitree, that Anthony Desnos, the developer of Androguard, sent me a message in the tone of “hey, why didn’t you use Androguard for that?” If nothing else, why didn’t I use Andoguard’s native AXML converter? Andoguard is this immense Android app analysis project. If you take a look at the first page, you may get overwhelmed pretty quickly.

Every month we do the 2600 meetings. Lately I send out this ridiculous email to my circles and social networks explaining a theme of the meeting. It looks something like the one I did for January: Only 12 months away from the end of days where the Earth’s polarity will completely flip causing server faults to erupt with hot Java and spew volcanic bash. Sudonomies will destroy cities and cause packet storms.

This is just an update that will 1) fill the home page with something and 2) to mark down some of this years plans. At the annual Interlock meeting, I presented a list of things that I’d like to work on at the space this year, along with a list of things that I hilariously failed at the year before. The failures are for Interlock member entertainment only, sorry. But the other list just about covers my plans for this year.