I'll be teaching a class on how to setup a Pirate Box at the Generator on March 22nd. Check out more info and sign up here.
Want to carry around a world of important data, like Wikipedia, and health guides?
Need a way to share a bunch of files with some folks?
Come learn how to make a PirateBox a tool for sharing information in a secure offline manner!
The Laboratory B Crew and friends went out to Art Hop to show people how to make throwies and have a good time. We got together at the Lab around 5:30 assembled some throwies and made some awesome silly cyberpunk costumes (sorta). Then it was down to SEABA's Art Hop. Art Hop is party open gallery show, part street fair and part Burning Man down on Pine Street.
It was great to see the Vermont Makers crew, and the Generator folks out too on Pine Street.
First and foremost, 2600 is this Friday from 5-8 at the Quarterstaff Game Lounge,(178 Main Street in Burlington Vermont). It's going to be tons of fun and afterwards we will head to the Lab..maybe.
Second on Wednesday the 6th at 6:30 at the Laboratory, I'm going to be giving a talk on anti-surveillance fashion The talk will cover the current state of play, who is working on this topic and similar matters. Be there or be square.
Here is what The Burlington Free Press has to say about Laboratory B
From the iPad to the printed page
Funkiness gives way to what might well be a scene from a Frankenstein movie at Laboratory B, where Alec Brecher and about a dozen others tinker with computer security information research. The location, which has been dubbed a “secure bunker,” is inside in the freezer at the back of the old Hood Plant on south Winooski Avenue.
“It’s windowless and airless,” he said, “but no longer freezing.”
Members of the non-profit are hackers generally devoted to computerprogramming. At the Hop, their project is called “Who’s Got your Digital Booty?” According to Brecher, this means “an ad hoc collaboration that will reflect the trail of information leakage.”
In layman’s terms, he said, “visitors who bring their devices can opt into being hacked. We’ll encourage them to send Tweets or email messages. There’ll be network snooping tools, so they can visualize whatever communication is coming across.”
In techno-challenged language, maybe the Frankenstein monster of the 21st century looks like code instead of a lurching giant with plugs coming out of his neck.
The Laboratory B crew had a great time Friday and Saturday night at Art Hop. We didn't really get to leave our show to see all the awesome stuff other people were doing, but playing host is always fun. Bunches of new and old friends dropped by to play with a variety of the pieces we showed. We event got a write up in Vermont Art Zin
..."One of my favorite stops was Laboratory B, a self-described “hacker space” set up at 187 South Winooski. Jesse Krembs who showed us the work on display, says that Laboratory B is a group of tech-interested people who get together on Tuesdays and Thursdays from 5-8. Most of them have related day jobs (he said he’s at Fairpoint Communications), but they’re all interested in privacy issues and the interesting things that can be made with imagination, microcontrollers, and apps. He said Laboratory B is “not a straight-up art group, but hacking can sometimes look like art.” For example, a piece called Walk Don’t Walk picks up information from cards on your person that aren’t shielded and changes the walk signal. Another piece used “throwies” (a LED light and magnet packet), a metal sheet, and an amplifier to make a species of music when the throwie "...
Casey Reas, co-creator of Processing
Thursday, March 22, 2012
Emergent Media Center, Miller Center
Champlain College; Burlington, Vermont
This event is sponsored by the MFA in Emergent Media Program at Champlain College
Acclaimed software artist Casey Reas uses computer algorithms to create complex, organic abstractions. In his ongoing series Process, Reas explores the relationship between synthetic and naturally-evolved systems through strikingly beautiful prints, animations, architectural wall fabrics, relief sculpture and interactive works all derived from variations on the same fundamental software algorithm. Reas is also internationally recognized as co-creator of Processing, an open source programming language specifically for visual artists, a standard for artists creating images, animation and interactive art. Reas is a professor at the University of California, Los Angeles and has exhibited throughout the United States, Europe and Asia. Reas will be in residence in Burlington from March 21-23 working with local artists in algorithmic art.
Maybe we can get Casey to swing by the Lab!
via Vermont Makers
Fashion Meets Function. In an awesome cyber-surveillance evading way! Is it hip now to avoid the all watching eye!
CV Dazzle™ is camouflage from computer vision (CV). It is a form of expressive interference that combines makeup and hair styling (or other modifications) with face-detection thwarting designs. The name is derived from a type of camouflage used during WWI, called Dazzle, which was used to break apart the g
estalt-image of warships, making it hard to discern their directionality, size, and orientation. Likewise, the goal of CV Dazzle is to break apart the gestalt of a face, or object, and make it undetectable to computer vision algorithms, in particular face detection.
Because face detection is the first step in automated facial recognition, CV Dazzle can be used in any environment where automated face recognition systems are in use, such as Google's Picasa, Flickr, or Facebook (see CV Dazzle vs PhotoTagger by Face.com).
Oh this is handy..
You are on a test and pop a box which has an FTP client on it. On investigation you find it has credentials stored but the boxes they are for aren't in scope. Knowing the passwords could be reused on other boxes that are in scope you really want to collect them.
You could try grabbing the credentials file and trying to crack it but this might be an easier way...
Set up an FTP server on your machine then modify the hosts file on your popped box to point all the hosts with credentials to your machine. Then start a TCP sniffer on your machine and ask the client to connect.
The client will find the server and send the credentials which you can simply pull out of the packet capture.
This will also work with other plain text protocols such as HTTP basic auth and POP3 as long as you can get your own "fake" server to respond with enough initial info to trigger the details to be sent.
That is a cute little trick isn't it!