[Security] Security virtual machine computer

[aestetix aestetix]

Sure.

I gave a pretty shallow overview of classical cryptography, by which I mean
crypto before the 1960s (so before public key, DES, etc). A lot of these
topics are really important to understanding modern cryptology, and I meet a
lot of "cypherpunks" who have major gaps in their cryptohistoric knowledge.

Some topics what we went over:
substitution ciphers (caesar cipher, rot13)
steganography (herodotus slaves example)
transposition ciphers (scytale)
defining plaintext, ciphertext, keys, the difference between codes and
ciphers
frequency analysis
examples of code books, and how they were used
monalphabetic vs polyalphabetic ciphers
the vigenere cipher, and how to crack it
the very basics behind the enigma machine
touched on DES a tiny bit

Some important names and concepts:
Martin Gardener
Simon Singh, wrote The Code Book
David Kahn, wrote The Codebreakers
Elonka Dunin (bias admitted, she's a good friend of mine)

Please keep in mind, this was all from memory, and I haven't really studied
this stuff in five years or so, but I think it went ok. An interesting topic
for future weeks could be "Concepts in classic cryptography that are found
in modern cryptography" (transposition ciphers and S-boxes come to mind).


On Thu, Oct 29, 2009 at 11:49 PM, Micah Lee <micahflee at gmail.com> wrote:

> Hey security group,
>
> So tonight I did a bunch of work setting up noisebridgesec, the computer
> that will be hosting virtual machines that are vulnerable to all sorts of
> attacks.
>
> It's IP address is 127.30.1.73 on the noisebridge LAN, and it's got an ssh
> and a vnc server. It's running Ubuntu 9.04 LTS, and it's all the way
> patched. Talk to me or aestetix for the username and password if you want to
> mess with setting up VMs.
>
> I also installed a Windows XP SP0 VM, not patched at all, which will be
> great for people to play with metasploit with (soo easy to pop a shell on
> it).
>
> I'm also planning on setting up a Windows XP SP2 box (unpatched), and maybe
> a fully patched Windows Vista or Windows 7 box running vulnerable services.
> And also a couple of different linux distros on there, at various patch
> levels, as well as a fully patched linux distro running an apache web server
> that we can use to test php exploits and vulnerable web apps, like
> wordpress, drupal, joomla, and their plugins. We can even set up a website
> there that links to things like last week's simple cross-site scripting html
> example, as well as other easy things to help people learn web hacking.
>
> And then, of course, we can set up capture the flag images that other
> people have made.
>
> If we set vmware to use bridged networking, then the VMs can be on the
> 127.30.2.0/24 subnet, so anyone on the local network can take a crack at
> them without having to do any fancy port forwarding or anything.
>
> Right now noisebridgesec has a 60gb hard drive, but I hear there's likely a
> 500gb one on the way (which would be great, because 60gb isn't much for lots
> of VMs). I also think it doesn't have enough RAM to run too many VMs
> simultaneously, so maybe we can slowly get more for it. But I hope that
> we'll be able to run maybe 4 VMs at a time, and even make a sign that lists
> their IP addresses and lets the general public try to hack away at them if
> they want.
>
> So that's an update on noisebridgesec. As for the security meeting,
> aestetix talk about classic cryptography, but I don't have notes for it.
> Aestetix, can you post your notes, and the reading list you had on the
> board?
>
> Micah
>
> _______________________________________________
> Security mailing list
> Security at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/security/attachments/20091030/9da6b1d9/attachment-0003.html>