Hacker Publications : A small listicle

The information age is grand! Anyone with an internet capable device and a connection can learn whatever they want if they know where to look. However, information overload is easier than ever.

In the interest of sharing, and not losing, information about some fascinating community resources I put together this small list of pulications and archives for techies, hackers and security concious folks.

Current

2600 : The Hacker Quarterly

I love 2600, and it was the first zine or publication I came across written by and for hackers. There are opinion pieces, stories, research and more in the quarterly. To me, 2600, is fascinating and inspiring. It’s the only magizine I can pick up at Barnes & Noble concerned with privacy, freedom and surveilance.

But I don’t think I can put it any better than the New Yorker did here when interviewing the editor, Emmanuel Goldstein :

“2600 provides an important forum for hackers to discuss the most pressing issues of the day—whether it be surveillance, Internet freedom, or the security of the nation’s nuclear weapons—while sharing new code in languages like Python and C. For example, the most recent issue of the magazine addresses how the hacking community can approach Snowden’s disclosures. After lampooning one of the leaked N.S.A. PowerPoint slides … and discussing how U.S. government is eroding civil rights, the piece points out the contradictions that everyone in the hacking community currently faces. “Hackers are the ones who reveal the inconvenient truths, point out security holes, and offer solutions,” it concludes. “And this is why hackers are the enemy in a world where surveillance and the status quo are the keys to power.”

Scott told me that 2600’s advocacy for Snowden was nothing new. At the time of the leaks, the then Congressman Ed Markey, of Massachusetts (he is now a senator), once called the publication “a manual for computer crime.” But the magazine is less a how-to guide than a collection of stories gathered by hackers on their adventures on and offline, reflecting the bulletin-board systems (B.B.S.s) that inspired Goldstein to start the magazine in the early eighties. “ [From https://www.newyorker.com/tech/annals-of-technology/print-magazine-hackers%5D

If you can’t find it in your bookstore you can still subscribe to paper or digital issues here: https://www.2600.com/

POC||GTFO

Proof of Concept or Get the Fuck Out started as a community zine, and is now also availibe in two bound volumes, printed by the beloved No Starch Press!

In their own words:

PoC||GTFO (Proof of Concept or Get The Fuck Out) follows in the tradition of Phrack and Uninformed by publishing on the subjects of offensive security research, reverse engineering, and file format internals. Until now, the journal has only been available online or printed and distributed for free at hacker conferences worldwide.

Consistent with the journal’s quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers, authors of classics like “Reliable Code Execution on a Tamagotchi,” “ELFs are Dorky, Elves are Cool,” “Burning a Phone,” “Forget Not the Humble Timing Attack,” and “A Sermon on Hacker Privilege.” Twenty-four full-color pages by Ange Albertini illustrate many of the clever tricks described in the text.” – [https://nostarch.com/gtfo]

As you might expect, it’s full of POC and research, in addition to poetry and social commentary. If you’re looking for inspiration, or want to know how to hack your tamagotchi, this is the place to look!

From Times Passed

NTK.Net

NTK [http://www.ntk.net/] ran from 1997 to 2007 and collected interesting tidbits and news in the community.

Check out the photos below to get a feel for their content.

Phrack

Phrack appears to no longer be active, but the website is up and full of fascinating reads. To allow it to speak for itself, here is the introduction to Phrak from 1985 :

Screen Shot 2019-02-25 at 10.55.32 PM

This article on the fall of hacker groups is one of my favorites right now :

phrack_hackerculture

phrack_fallofhackergroupspart2
Phrack : Strauss : The Fall Of Hacker Groups

 

 

Mastodon Cloud-Server Progress Update : Digital Door Knocking

As a small update since my first semester-project post my Mastodon cloud-server project has been approved!

My next step is to reach out to groups who may be interested or could benefit from having their own social media server.

While I may be able to target the project to my contacts in IT or cybersecurity, or from art school, my advisor had excellent suggestions for reaching out to established groups who could benefit such as campus clubs, non-profits organizations, a church group or even a city rec center. In other words, there is surely a group who would like to stay connected without having to use big social media platforms.

Currently, I’m compiling a list of possible contacts, and drafting fitting proposals per group. Hopefully, I can find a group that is interested and comfortable with the proposal. I’m very excited to get underway!

Cost allowing, I plan to setup a server for personal use, such as amongst friends, in order to get started on the technical and logistical aspects. This should help me when I make contact with an interested group.

Until next time, best of luck to you in all you do! : )

A Semester for Neglected Projects

Despite the fact that this is my last semester before I graduate, the most exciting part for me is that I can finally dedicate a substantial amount of time to hands-on projects. The main reason for this is, I’m working on my capstone project and have another class requiring a hands-on project. In both cases, the projects are very open and meant to encompass about 3 months of work. The only restriction of the second project is that it must be cloud based and for a nonprofit group.

Capstone: FitBit Telemetry, Privacy, and Security Analysis

For my B.S. IT degree, my capstone project is centered on security and privacy of wearable technology like the FitBit. As digital and internet technology expands into new areas of life, an unfathomable amount of data is generated by our comings and goings. Wearable tech is subject to the same concerns as other Internet of Things with the additional issues brought about by collecting biometrics, and health information. So, after a review of current literature, I will start by analyzing telemetry data sent by the FitBit Charge2, and possibly other models. While others have done research in this area I think it will be important to collect and analyze data myself.

One of my concerns with wearables such as fitness trackers is that in order to use them consumers must place full trust in the company selling them the hardware. Heartbeat data is collected, sent to servers, and analyzed in order to provide the user with useful reports. For the FitBit this means turning on location services and Bluetooth in order to authenticate and sync the device. While there is the option to encrypt data sent to the servers, I’d rather connect the tracker to a laptop, or other computing device to handle processing. So my second goal is to develop an application to handle the data locally, without needing to use other’s servers.

What excites me about this project is the chance to learn more about how health data is collected, stored, managed, and presented as information. In addition to that, I’d like to be able to develop programming skills to create a tool that puts control back in the hardware owner’s hands. This project will be the most difficult and research intensive of the two, but that’s why I’m so excited to begin!

Cloud Architecture: Mastodon

A mastodon leaps into the air holding a paper airplane in its trunk. He is surrounded by clouds and paper airplanes. The mastadon is the mascot of the decentralized social media platform Mastodon. This image links to Join Mastodon dot org

While my second project hasn’t been approved yet, the thing I’m really excited to use cloud services for is to set up and maintain a Mastodon instance. Eugene Rochko created Mastodon, which is built on standard protocols to allow any community to set up their own server. These independent servers are interoperable allowing a federation of independent social media servers to arise. Mastodon is free, contains anti-abuse tools, is naturally community moderated, and has no advertisements. This means that unlike Facebook, Twitter, YouTube and Patreon, content creators are not restricted or influenced by corporate interests outside of their control.

When I heard about Mastodon, I signed up for an account on Mastodon.Technology and since then, I’ve toyed with the idea of setting up my own instance. However, time and financial constraints meant that I had to keep putting the experiment off for ‘one day’. Particularly in light of deplatforming campaigns, which often become out of control due to the giant games of internet-telephone, which occur with increasing regularity, a community-owned decentralized social media platform is extremely appealing. I believe the internet is at it’s best when people can interact freely, without censorship, without having their intellectual property rights being undermined, and in communities which are not isolated, but can set their own standards.

The strength of hosting the instance on a cloud service is that it will be possible to pay for resources in proportion to their use. Therefore if the server has low usage, or suddenly high usage, service will continue and pricing should stay reasonable. I plan to promote it amongst security and privacy conscious friends, as well as my artist friends who may find themselves increasingly restricted by social media scrutiny and standards.

Hosting the Mastodon instance will provide another real world avenue to understand resource usage and allocation over time, as well as cloud server vulnerabilities. If I can get the server up and active quickly, then my focus will be on maximizing privacy and control for users as well as safety.

Future Updates

As I progress through both of these projects my plan is to document my progress here. Hopefully, it can help someone else, as well as serve as a useful personal record.