October2005

From Taclug

Attendees

John Wickliffe
Wes Jennings
Paul Truzzi
John Bailo
Mark Young
Nick Webb
Bob Becker
Joel Carlson
Steve Cook
Jeff Maxwell
Andrew Becherer
Brian Baker
Andrew Kouklis
Jacob Church
Ron Booth
Kurt Forsberg
Paul Edwards
Bob Holden
Ken Meyer
Charles Mauch

Location

The meeting was held as scheduled at The Anna Lemon Wheelock Library
3722 North 26th Street, Tacoma, WA 98407
(253) 591-5640
Google Map (http://maps.google.com/maps?q=3722+North+26th+St,+Tacoma,+WA&hl=en)

[edit]

Original Agenda

Time	What	Who
1:00pm to 1:30pm	Meet and Greet	Everybody
1:30pm to 2:30pm	Presentation: PGP and Encryption	(Charles Mauch)
2:45pm to 3:45pm	Presentation: A Primer on RFID	(Kurt Forsberg)
4:00pm to 4:30pm	Dicussion: Taclug's Future Part 2	Everybody
4:30pm to 5:00pm	Business: General Membership Business Meeting	Taclug Members

[edit]

PGP and Encryption

Time: (1 hour)
Speaker:Charles Mauch

[edit]

Presentation Info

I'm giving this presentation a couple of reasons. Firstly, I believe that everyone should be using encryption and signatures in their email.

Secondly, I believe that if you are already using a mail client such as Mutt (which a lot of people are), Evolution, Kmail, etc - then there is absolutely no reason for you not to be using PGP-compatible software.

Thirdly, all of the documentation that I've seen thus far is geared toward someone who is already familiar with PGP, or at least has some idea how all this crypto stuff works. I wanted to provide inexperienced crypto users with enough knowledge to get started on their own.

Topics to be be covered (as time allows):

Why should I care about crypto?
Cryptanalysis (breaking ciphers)
Basic Encryption Theroy
Standards in use Today
Protecting your private key, publishing your public key
Validity and Your Web of Trust
The need for Message Signatures
Practical Examples (a demonstration and walkthrough)
PGP Key Signing

[edit]

Author Biography

Charles Mauch has been working with GNU/Linux and other UNIX platforms for 12 years. Charles has a background in security systems and network infrastructure (data and telephony). He has taught courses at local community colleges on Hacking, Computer Security, Computer Forensics, Establishing VPN's, and in combating fraud. He tends to work for School Districts, Hospitals, and for other businesses with a humanitarian focus.

Charles has been a member of TACLUG since 2002, and served on the TACLUG board at one point in time.

When left to his own devices, Charles tends to spend his spare time talking to office plants, eating glue from supply cabinet, and attempting to exterminate the weasels who have infested his pencil drawer.

[edit]

RFID

Time: (1 hour?)
Speaker:Kurt Forsberg

[edit]

Presentation Info

The presentation will begin with a description of the various RFID (Radio Frequency Identification) technologies, their pros and cons, and their applications. From there it will move into a Q and A.

[edit]

Author Biography

[edit]

Kurt

Kurt Forsberg has lived in Tacoma for 28 of the 29 years he has spent on planet Earth. The other year was spent in Pennsylvania. If you'd like to know about the time he has spent on other planets, just come to a Taclug meeting and ask him. He has been dabbling with Linux for about 8 years, and using it almost exclusively for about 5 years. His specialty is installing Linux on older systems with limited system resources, since he is too broke to upgrade. Although he has tried many different distributions, his favorite is Debian.

Kurt is an electronics technician and is interested in working on hardware projects using open source software. His hobbies include singing in a barbershop chorus (http://www.rvhchorus.org) and brewing British style ales. Here he is -- before he stopped trying to look like Ted Nugent and cut off all his hair -- enjoying a pint of porter and conversing with Chris Negus at the 2004 Taclug barbecue/yard sale. Kurt has developed custom RFID software and hardware professionally for the past year. He is also fascinated with WiFi, electronics, and other hands-on technologies.

[edit]

Taclug's Future Part 2

Time: (30 Mins)
Speaker:Open Discussion

[edit]

Presentation Info

TACLUG has been going through a rough patch the past ~~few months~~ year and two months. Several proposals have been made to help correct these problems and also to provide TACLUG with an interesting future. Expect topics to include:

A proposal on a new taclug structure
How we are going to operate in the near future
Near term projects, what's coming up in the short term.
Various smaller suggestions on the meeting format.

[edit]

Business Meeting

Time: (30 Mins)
Speaker: Only Taclug Members, Roberts Rules

[edit]

Agenda

Reading of the Last General Membership's Minutes
Nominations for General Membership President
Nominations for General Membership Secretary
Nominations for at least 1 Vacant Board Positions
Removal of Inactive members from the Membership Roster
~~Motion to Reduce the number of board members to 6, the minimum allowed by the bylaws.~~

notes: There are apparently only 5 active board members left, so the last item on the posted agenda is moot. As a result, we'll need to nominate at least one person for a board positions. The remaining members are Paul Edwards, Kurt Forsberg, Ron Boothe, Joel Parker, and John Wickliffe
Paul Edwards: Two nominees were brought forward the last time we tried to meet to vote about it. They were Jessica Clark and Rebel Nichols.

[edit]

What Happened

[edit]

Steve Cook's Notes

Charles's Presentation began a little late, at 13:57.

Symmetric Encryption

oldest method, requires shared key. (e.g., IPSec)

Asymmetric Encryption (aka public-key)

private key/public key parts of the complete key. Public is published, private is protected closely. Get the public key of the target of the message (who you're sending to), encrypt the message to their public key.
signing is another major aspect of Public Key Infrastructure (PKI). Provides authenticity verification (message comes from the author and has not been modified - note that the signature only verifies the body of email messages, not the headers). Originally attached as plaintext at the bottom of the message. Now, more common/preferred to use MIME attachment signature (keeps the body of the message clear of the PGP signature, but maintains the integrity check of the text.)
Note that there are two implementations of PGP now -- OpenPGP and PGP, Inc.'s implementation. If using the PGP, Inc. software, should use their keyservers.
OpenSSL (Certificate/Trust system) - relies on trusted certificate providers to authenticate identity. Doesn't use same format as PGP.
Validity vs. Trust in PGP: Validity refers to the fact that a key belongs to an owner. (Verified with Key Signatures -- formal implementation of keysigning requires key fingerprint/picture ID exchange. Manually verify match of the fingerprint given with the fingerprint downloaded from keyserver, then sign the key as verified. This develops a "web of trust" -- shortest path from you to the recipient of the message through all the connections that all signers of the key generate. Trust of a key -- What is your personal level of trust of the owner of the key you have imported to your keyring.
Importance of protecting private key/publishing public key. Publishing public key - web page, keyservers (e.g., pgp.mit.edu) Private key better stored offline, so if the system is ever compromised, the private key is not compromised. Not a bad idea to ASCII-encrypt and then print the private key, store it in a secure place. Also, creation of a revocation certificate should be done, and the revocation certificate should be stored separately from the private key (revocation certificate used to "turn off" your PGP key if it is ever compromised).

Recommended Titles:

Crypto - by Stephen Levy
The Code Book - Simon Singh
Cryptography: theory and practice - Douglas Stinson

Kurt's presentation began on time, 15:00 - RFID

Started with showing his DirecTV/Hunt's Spaghetti sauce can wi-fi antenna...connects to a Linksys WEP 11 wireless bridge.
RFID - Radio Frequency IDentification, two-way communication

Passive RFID (powered by the radio waves - chip pulls enough power from the waves to power the chip and return signal)

Active RFID (both devices powered and have transmitters) Semi-passive RFID (powered, but doesn't transmit. "backscatter" instead of transmission. "Backscatter" - intercepts the constant stream of 1's generated by the reader and reflects back a specific pattern of missing 1's.)

Drawbacks to passive:

generally ROM (write-once)
short range (usually < 3 feet)
very limited memory

Benefits to passive:

small
inexpensive

Active/semi-passive often have RAM, so have better storage capabilities, but are larger and more expensive. Can be interfaced with other devices (e.g. a programmable interrupt controller (PIC))

Active tags: indefinite storage capacity, faster access. Much more bulky and expensive, trades off for longer range.

Semipassive: significantly longer range (around 100 feet), very long life (card read over 25 million times and still counting).

Applications for RFID:

Primary access control (e.g., parking garage, hospital); merchandise & freight tracking; automatic toll booths; identification; animal identification;
Other possible uses - automation (e.g., the PIC mentioned before could be expanded to other uses)

[edit]

Taclug General Membership Business Meeting Minutes

October 15, 2005

The business meeting of the Taclug General Membership was called to order at 4:50 p.m. by Charles Mauch. President Jeff Maxwell was present but no member objected to Charles chairing this meeting. Secretary Dave Hawkins was out of state so Andrew Kouklis served as secretary. The quorum was verified; 15 members were present out of 58 total membership, which exceeds the required 20% quorum.

The minutes of the last general membership business meeting of 11/20/2004 were read and approved.

The Chairman opened the floor to nominations for officers to serve in 2005-06. Charles Mauch was nominated for President. Wes Jennings was nominated for Secretary. Bob Holden moved to open nominations to the Taclug.org wiki for all the open positions—president, secretary, and one board member—with nominations to close 14 days before the November meeting. The motion was adopted.

Steve Cook moved to notify the members listed below via the Taclug general mailing list and Taclug.org wiki, that they are removed from Taclug membership effective 11/18/2005 unless they post to the Taclug general list or the wiki that they intend to continue attending meetings. The motion, requiring a 2/3 vote to be effective, was adopted unanimously.

Andrew Kouklis Secretary pro-tem

The following members were those proposed for removal at the 10/15/2005 meeting. (This is not the list of members actually removed as of 11/18/2005, but the list originally proposed when the motion was first passed.)

Anzelini, Gabe Bailey, Scott R. Bate, Mike Beech, David Berg, Brandon Brice, Rick Buss, Mike Collings, James R. Dennis, Patrick Dowtin, Aaron Edwards, Kimberly Goode, Carlton Grimberg, Andrew Harris, Bob Hawkins, Dave Hughes, Ken Hunter, James Scott Keating, Jesse McCoy, Nathan Nay, Niles Negus, Chris Pedigo, Kevin Plaxton, Jeff Premeaux, Barry Rainier, Anthony Roeser, Dave Sala, Kenneth Schmeisser, Frank Schroeder, Jeffrey Sherer, Thomas Webber, Franklin Weltzer, Eugene

[edit]

Technical Issues & Notes

Charles Mauch has been working on several projects lately. They include a perl replacement for procmail (http://svn.mauch.name/cgi-bin/viewcvs.cgi/mailfilter/trunk/?root=source), homedir in subversion (http://svn.mauch.name/cgi-bin/viewcvs.cgi/?root=configs), and a bunch of small desktop perl utilities. He has also been fooling around with MPD (http://www.musicpd.org/) and ratpoison a lot as of late.

[edit]