On Wed, Mar 13, 2013 at 8:31 PM, Ryan Snow <
rjs...@gmail.com> wrote:
>
> I'm also interested in diaspora and telephony, which especially would be
> nice to hear about since we have some experts within the group.
>
> My top three interests probably are:
>
> 1. Linux history, philosophy, finance, and legal context. The softer side of
> linux...
> I'd love to hear more about Linux history; the philosophy behind
> gnu/Linux/foss development; how linux development is financed; and about
> legal issues behind, for example, the gnu general public license, etc. I
> understand there is an acquaintance of some of the members of the group that
> is an attorney and linux enthusiast, and it might be nice to hear from him.
>
> 2. How to set up a home computer for external access via ssh. I think this
> one is probably fairly simple for some of our members, but this would be
> pretty interesting and informative for myself at least. And home network
> security--how to monitor, etc.
The one thing I will put in here, and hopefully someone would've
mentioned it in person if this gets covered, is don't become a GWF.
Thats the term network operators use for people who report "attacks"
based on absolutely no information, and what was probably a drive-by
port scan at best. GWF stands for "Goober With Firewall" - There is a
constant background "hum" or noise of attempts on everyone all the
time. An attempt to establish a connection is NOT an attack. Worse
some of these GWFs even if they're getting attacked omit any
information that might help us as network admins to resolve the issue.
Like source IPs and *ACCURATE* timestamps WITH TIMEZONE. 99.9% of
"reports" from end users we have no choice but to file into /dev/null,
even assuming there's anything actually going on.
One of the most common examples is one I get every day, dozens a day
of, from people who connect to IRC servers. The email usually goes
something like this:
YOU ARE COMMITTING ILLEGAL ACTIVITIES AGAINST MY NETWORKS STOP IMMEDIATELY!
Which is completely useless, meaningless, and gets binned as a GWF report.
If it's an unusually highly functioning GWF they might include that
"YOU TRIED CONNECTING TO PORT 113 ON MY NETWORK, STOP THAT!" -- port
113 is Ident - it's pretty uncommon now, but, IRC still attempts to
use it. When you connect to an IRC server it will try to verify the
reported username by connecting back to the IP you came from at TCP
port 113, give it the port number that it sees from you. Ident is
then to respond with the username that established that connection.
Windows has no such service unless your IRC client runs it. And many
Unixen/Linuxen no longer run the service either, but for legacy
reasons most IRC servers still perform the check.
My point is that not every connection attempt is an indication of an
attack. One has to understand the context. A single port open
attempt doesn't mean an attack. And information gathering (such as
port scans and ping sweeps) also don't necessarily qualify as an
attack or actionable item. If they're extremely frequent, or causing
network outages somehow, then a report is probably appropriate. But
if it happens once, and then basically never again, you're just going
to get your report labelled as GWF.
What a lot of us have started to do is insist people talk to their ISP
first and foremost...and then let the ISP talk to the other ISP if
necessary. This would work great if it weren't for the fact that 3/4
of all ISPs seem to share the same small thimbleful of clue between
them.
End of the day, your defense is your own responsibility. Firewalls
really don't protect you against much. Attackers almost always get in
via weak passwords, default passwords, or users doing Stupid Things -
like clicking on links in emails and then becoming a victim of some
other browser based attack or higher level attack at sat Outlook.
If you're going to put an ssh server in the wild, ensure you're
keeping track of all OS updates. It's also not a bad idea to decrease
your visibility by putting the ssh server on a non-standard port -
however thats just security through obscurity - it's kleenex. It'll
help you feel better but if you've a cold (an insecure system) it sure
isn't going to do anything about it.
> 3. Bitcoin. This is interesting because it has the potential to change
> modern currency, but it's somewhat dangerous in that hacked bitcoins are
> apparently gone forever. Security is a concern, as well as the possibility
> for money-laundering. Oh and bitcoin mining, whatever that is.
I wish I was still in Missoula, because I'd love to actually do this
one. Not that I necessarily believe bitcoin will take over or
anything, or even that I necessarily believe in bitcoin itself, but
because I find it interesting...interesting enough that I'm one
of....hell might be the only one....attempting to produce an
independent full client that isn't actually a fork of the Satoshi
(bitcoind/bitcoin-qt) client. Bitcoin is definitely a start, and goes
in the right direction, but it has some flaws. None of which
presently involve the authentication/etc, but with the scalability of
the system.
Changing dates probably wouldn't make it any better. I'm all the way
out in Seattle so it's around $300 for me to come to Missoula...right
now I am next planning on being in Missoula around May 12th (mother's
day) - so... perhaps we could plan for that timeframe if people are
still interested by then...
But I have to say, right off, bitcoin is NOT ANONYMOUS. It's a very
stupidly terribly way to try to launder money. In fact it's I'd say
the polar OPPOSITE of anonymous. All transactions are easily
validated. Readily traced. Now - since a "bitcoin" doesn't travel as
a single unit, and can be divided up, and recombined at will, you
can't necessarily follow any individual unit of currency, but in each
and every transaction you can see where the amounts came from (what
transaction) and where they're going to (the requirements to claim the
coins) - usually these are requirements to produce public key
signatures. B/c of the way public key crypto works, given a public
key, you can validate a signature. So when you send coins to someone
you say to the entities later validating that claim "they must produce
a valid signature of this request to spend the coins with key C" - and
then anyone can validate someone later claiming that coin. The
claimant signs a statement "I claim the coins from this transaction -
sig C" and if it's valid the network will pass the transaction along,
each node performing this check.
So for money laundering it's probably a bad idea. This is a very
popular myth about bitcoin. Especially if LEOs get your private key
store, they can match things up to that key store (AKA wallet in
bitcoin). Encrypted it might be more difficult, I have not validated
the satoshi (bitcoind/bitcoin-qt) client approach to encrypting the
wallet. I don't know how much information it leaks, and neither does
anyone else I suspect. Bitcoin works maybe better than the real world
bank/sham business way of passing around cash it since they can't just
write down serial numbers of bills - theres absolutely no equivalent
to that in bitcoin, but, remember, a bank they have to subpeona for
recods...well...at least unless they declare you a terrorist. A sham
business they have to satisfy a judge to get the assets seized and
start looking closer. With bitcoin every transaction is public. This
is a requirement of bitcoin. You can't have secret transactions
inside of bitcoin.
mtgox/etc keep an internal ledger, separate from the bitcoin network,
so trades WITHIN mtgox (or any other exchange) are not public until
you withdraw or deposit.
I can go into a lot more detail in a separate email of people are interested.
--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler