Blackhat attack on incoming free software workshop

1 Antwort [Letzter Beitrag]
nadebula.1984
Offline
Beigetreten: 05/01/2018

The incoming workshop was supposed to be focused on free software, as advertised by the group hosting it. However, to my great disappointment, it wasn't.

To the contrast, first, they wanted to contact me using non-free communication tools (and this message was sent to me via SMS). I refused, and demanded that they send me emails instead. After receiving the mail, I immediately noticed that all attachments were in non-free formats, including RAR archive format and OOXML document formats. Thankfully, their LoseRAR utility seemed to be very outdated and I could extract the archive file using "unar" (which is incapable of extracting some RAR5 format archives). The OOXML documents in the archive can be partially supported by LibreOffice, so I converted them to ODF and PDF after filling out the forms, and sent them back. Luckily, they didn't complain about the free fonts I used.

The next part was very torturing. According to the attached documents, we were required to prepare lots of non-free software including Losedows, Office, Acrobat, Photoshop, as well as a poorly-written non-free SSH client for Losedows (in order to log on their servers to do the calculations). Obviously, they didn't know PuTTY, let alone MinGW or Cygwin. I finally decided to temporarily install gratis trial versions of those non-free software so I could subsequently try to find free/libre alternatives. My plan is to install all these junks in a Losedows VM whereas the hypervisor runs on my GNU/Linux host system. I also don't need their servers at all, as I can build the free software from scratch on my host OS.

Given the skill level of the hosting group, I believe that their servers are highly susceptible to DoS attacks. I could at least make some fun of them. This post would be updated during the workshop.

nadebula.1984
Offline
Beigetreten: 05/01/2018

I have returned from it. It seemed that some of the participants lived in another dimension. Some of them left their workstations unwatched without activating screen savers, and leaving their mail, chatting, blog and even SFTP/SSH accounts logged on. I sneaked into one of them's keyring and certificate manager, and was so astonished by the fact that his private key used weak cryptography (like RSA 1024 or even weaker) and no PIN!

Be brief, the meeting was totally beyond my imagination, and I was so amazed to say a single word about it...