Looking for projects/participants around infosec and related

Hey all,

I’ve popped into noisebridge a few times over the past few years and stopped by for the last weekly meeting and was told to post here as I’m looking for interesting projects that fit into one or more of a few subjects I’m pursuing.

I’d categorize myself as only mid-level at best in these subjects, I’m trying to fill out my skills as I’ve specialized more towards specifically programming/apis and web architecture in my career, but I’m eager to tech up and have time to spare.

  • Networking (bridges, relays, subnets, openvpn vs socks vs ipsec) - probably not til next space since all the networking is getting torn down imminently but sounds like there will be lots to do in this regard once we’re getting set up again
  • Linux security (iptables, live distributions vs qubes vs virtualization vs hardware isolation, categorizing threat models) - I’ve heard from a few people about the arcade cabinets, are people still congregating on fridays to poke at it?
  • Live USB systems (tails, custom debian builds) - Would be really interesting to dig through exactly how tails is set up and why they made the various decisions they did, what alternatives there might be, etc. Interested in general strategies and tools around computing without persisting to the local machine.
  • SBC networking devices (rasperry pi as a server/gateway, ddwrt, portable devices and mobile modems, minimizing cost) - maybe a get together sometime to trade notes about promising low cost single board computers as it’s rather tedious to do endless searches trying to find the cheapest combination of A, B, and C.
  • Cryptography (strengths/weaknesses of different approaches, maybe digging into the math behind it, general high level strategies to designing complex encrypted systems, analysis of encrypted systems [eg protonmail’s system where the password is never sent to the server]) - Spoke to kinnard about the cryptoforest stuff which looks great so far
  • Privacy/Anonymity/Decentralization (technical or non-technical, tor, syncthing, ipfs, dat)

Some projects I hope to take a stab at soon:

  • single board computers as decentralized nodes at home (maybe at noisebridge too? I’m guessing there’s already a lot of that set up there) both as networking practice and to donate some bandwidth to the services
  • hackable mobile hotspot that takes in a sim card and broadcasts wifi that gets encrypted through tor and/or vpn(s) before/after the tor connection and has a web interface, perhaps along with nice physical switches (hopefully less than $100 each but not sure if that’s possible… could almost do it with a cheapo burner android…)
  • “dumbphone” - cheap smartphone that has apps preinstalled on it, all of its radio interfaces (aside from in the visible spectrum) physically severed, along with the data pins of the usb, and is sealed with epoxy to prevent tampering to make a basically hack-proof personal device. Possibility of transferring small amounts of data like text docs via “QR-code video” between phones

I guess post a reply if you’re interested in any of these topics or projects and would like to brainstorm about something to meet/collab about!

Hi @jcwilk, welcome!

I’m Steve. I run Qubes as my laptop OS, I’ve headed about 10 cryptoparties/security self-defense workshops over the past few years, I am now in charge of Noisetor (though I haven’t done much yet), and I’m currently building end-to-end encrypted task management software for activists. Sounds like we should chat!

I’m elimisteve on Wire and can be contacted a bunch of other ways, too: https://tryingtobeawesome.com/contact/ . I look forward to hearing from you!

The closest thing I’ve seen to this is https://divan.dev/posts/animatedqr/ .

Cool idea! Leads: https://www.startpage.com/do/dsearch?query=rpi+tor&cat=web&pl=opensearch&language=english .

Hi @elimisteve I’m John and that all sounds super cool! Interested to hear more about all of it. I’ll ping you sometime tomorrow on keybase to sync up, I’m probably stopping by the weekly noisebridge meeting tomorrow evening as I’ll be in the area grabbing a craigslist router anyways lol do you usually go to that?

I ran across that one too and it was disturbingly similar to what I had in mind haha mildly disappointing that I didn’t think of it first but much more relieving to be able to skip spending the time to write it :joy: If I end up pursuing that project I’ll definitely be seeing if that can fit in somehow since it sounds fairly perfect particularly the description of it on another page - https://hub.packtpub.com/introducing-txqr-data-transfer-via-animated-qr-codes/

Thanks, I got a BalenaFinv1.1 (rpi CM3L-driven board with a bunch of extra shit attached) just recently to kinda prototype it figuring it should be able to handle whatever’s needed and then I can find a leaner approach if it works and is useful. The part I’m most concerned about is having it use a mobile modem with a sim card (at a reasonable price point), though having scripts like that one mentioned in the first result “RPI-Wireless-Hotspot software script by Harry Allerston” sounds very useful as a reference on the software side, thanks. After I get that ethernet-driven version working then I’ll take a stab at the modem.

Might want to skip the GSM modem altogether and just hack one of those cheap prepaid Android phones into oblivion. Assuming you can get root and flash yourself whatever AOSP variant you prefer, you’ve got the GSM modem, a respectable ARM processor, wifi, Bluetooth, camera, GPS, IMU, and mic on a native linux hardware platform for the low, low, Wal-Mart subsidized price of $30. Hard to beat that deal, and it’s always heartwarming to know that a global corporate superpower with more hoarded wealth than most small countries is unwittingly sponsoring the greater good.

I believe Amazon is also offering similar subsidies, in various phone and tablet form factors.

Yeah that’s a possibility though if one isn’t able to root an android phone then there’s very little that can be done with it as far as encrypted tunnels combined with mobile hotspots go because it only allows one vpn at a time so you can’t chain them and the mobile hotspot sort of counts as a vpn already? Or maybe it just isn’t affected by the vpn can’t remember… But yeah if it’s rootable then there’s more options. Downside of a phone is there’s no ethernet port so using it to tunnel a whole network rather than one device would be a little awkward (unless you only use wifi and in a small room), and using it to tunnel your connection from a public wifi would be a bit awkward (unless you were using a laptop and connect via USB (can phones USB-tether to each other? I kind of love that idea actually haha) or if you use Bluetooth I guess) yes I nest parenthesis.

Ideally I’d want 2 ethernet ports, pcie for mobile modem, sim card slot, wifi… If it had all those somehow then it could really cover quite a broad set of scenarios with very little technical knowledge required.

I guess a better approach would be to focus on one scenario that some pi i already have covers and work on the software that controls toggling the vpns and providing a web interface. If I’m lucky maybe openwrt or something like that would be good enough

You should talk to the folks at SudoRoom. They have a mesh network going with hacked consumer routers, covers most of Oakland as I understand.

Haha i definitely should do that! Thanks for the tip

1 Like

The sudo related mesh network is People’s Open. There is a node within Noisebridge. You can join their chat at https://peoplesopen.net/chat

IPFS developers are located two or three blocks from the space and hold monthly meetups with pizza and beer.

1 Like

Nice, yeah I’ve been hearing a lot about people’s open and sudoroom since i started this thread, definitely going to have to make it over there at some point… Too bad I’m almost in Daly city haha not the quickest jaunt but I’ll get over there at some point.

Good to know about ipfs… Maybe I can lurk til I can catch a double feature of events from both in one day lol

···

James
James

    June 4

The sudo related mesh network is People’s Open. There is a node within Noisebridge. You can join their chat at https://peoplesopen.net/chat

IPFS developers are located two or three blocks from the space and hold monthly meetups with pizza and beer.


Visit Topic or reply to this email to respond.


In Reply To

jcwilk
jcwilk
John Wilkinson

    May 29

Haha i definitely should do that! Thanks for the tip


Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.