Today marks the end of the second week of The Undercroft’s 5-week cybersecurity training program, UC Baseline. This week was a quick but in-depth (we each had a Cisco switch to configure) introduction to networking. Next week, we look at Windows and Linux from a security perspective.
I have some familiarity with the operating systems in question.
If you’re bored: When I was a Microsoft developer evangelist (they hired me from the open source/free software world), I won Stallman’s auction for a plush GNU gnu — and paid for it with my Microsoft corporate card. Here’s the story, titled Winning the GNU.
The conference will be made of bite-size (15 minutes or shorter!) presentations by Tampa Bay techies and demos of capstone projects by Suncoast Developers Guild alums. Here’s the schedule, which is subject to update:
(Suncoast Developers Guild)
Badges? We don’t need no stinkin’ badges!
(Jason L Perry)
Will it Scale?
Demo: Smash Bros Combo
Your Friendly Neighborhood Type System
Demo: Evolution X
(Cody Banks & Abtahee Ali)
The Rubber Duck Pal Program
Don’t Crash! CSS-Modules in React
How to start your own Coding Podcast 101
Pull Requests, and the Developers Who Love Them
Demo: Rollerblade Buyers Guide
Post Bootcamp Reflections: Rebuilding my capstone in React Native
Create games, visual novels, and fast food dating sims (and learn programming) with Ren’Py!
“You do belong here” and other affirmations and ways to beat imposter syndrome.
A Taste Of Docs As Code
Once again, it’s free-as-in-beer (and not free-as-in-mattress) to attend, and all you need is an internet connection! Register here.
In another life, I was a developer evangelist who travelled across North America and I saw tech scenes from Palo Alto to Peoria. I can tell you that one of the signs of a healthy tech community in a small- to medium-sized city is a coding school that acts as a social/technical/gathering place. If your city had one, things were looking up for local techies. If not, it was a safe bet that the place was experiencing a brain drain.
Here in Tampa Bay, Suncoast Developers Guild fills that vital role, and it does so spectacularly. They’re a key part of the heart and soul of tech in the area, and it shows in their efforts, such as events like this.
Thanks, Suncoast Developers Guild! I’ll see you on Saturday!
Let’s face it: The purpose of many (but not all) hackathons — even if it’s not the primary purpose — is to promote one or more tech company’s wares or services, or to act as a scouting exercise to find new talent. This is especially true when a hackathon is organized or sponsored by a for-profit company and especially when they encourage or require you to use one of their products, services, or APIs.
What if you participate in a hackathon held by a for-profit company and your idea is a really good one? Who owns it?
This workshop will be led by Brent C.J. Britton, local IP/techie lawyer, and generally the first guy I run to when I face some kind of intellectual property issue (and yes, I have, when a copyright troll was getting up in my business).
Check it out tonight!
Here’s Brent’s bio:
Brent Britton is the only graduate of the prestigious MIT Media Lab to become a lawyer. Brent holds degrees from the University of Maine, the The Media Lab at the Massachusetts Institute of Technology, and Boston University School of Law. He is Managing Partner for the Tampa office at De La Pena & Holiday LLP, where he advises companies on emerging business and technology law, intellectual property, complex commercial transactions.
Brent is the author of Ownability, How Intellectual Property Works and one of the most interesting and entertaining speakers in the Tampa Bay area on Startups, IP and related matters. He is recommended on Linkedin by a futurist as: “Visionary, pragmatic, insightful and full of life with a capital L”.
Here’s my daily view for seven hours a day for the next little while, as I’m part of the inaugural cohort of UC Baseline, the 5-week cybersecurity training program from Tampa bay’s security guild, The Undercroft:
Last week was devoted entirely to the “Hardware 101” part of the program. Here’s a video summary of what happened that week, and Yours Truly’s in a fair bit of it:
This week is “Networking 101”, which is all about how the bits gets transferred across wires and air to our hardware.
One of the exercises is making our own Ethernet cables. I can do it — just, very, very slowly…
We spent a good chunk of time setting up virtual LANs on our individually-assigned Cisco Catalyst 3750 programmable 48-port switches (alas, we don’t get to keep them), hooking up our Raspberry Pi 4 boxes (which we do get to keep) to them, and wiring our VLANs together via trunks:
It’s a strange world, where IOS doesn’t Apple’s refer to “iPhone Operating System” — part of my usual stomping grounds as a developer — but in the world of network administration, it’s Cisco’s Internetwork Operating System:
This is way outside my normal experience with networking, which I do at the application level, where I deal with data structures like arrays, dictionaries, base64-encoded data, and maybe the occasional data stream. This is the world of packets, frames, switching, and routing. I would still probably ruin a server room if left in charge of it, but after this course, I’d ruin it less.
I do have a refreshed generalized concept of what happens at the lower levels of the network, and that’s the important thing for me and the sort of work that I do.
It’s Monday, July 27th, which means that I’ve completed the Hardware 101 portion of the 5-week UC Baseline cybersecurity training program offered by Tampa Bay’s security guild, The Undercroft! Here’s a quick rundown of what I’ve posted so far about my experiences…
Day 4 of the Hardware 101 component of the UC Baseline cybersecurity program was all about security for the enterprise, which naturally included topics such as servers. Not everyone in the class has had the opportunity to tour a server room or data center, and this was their chance to see these machines up close.
Unlike the previous days, we did not attempt to dismantle and then reassemble the servers — this was a “look, but don’t touch” sort of lesson.
We also had a guest lecturer who gave us a pretty thorough walkthrough of the sorts of things involved in an enterprise server/data center setup, some of which went way over my head. I don’t see a sysadmin/system architect role in my future, but it might not hurt for me to do some supplementary reading on this topic.
Day 5 was the final day of Hardware 101 and started with something that I’ve always been terrible at: Making networking cables.
We also spent some time looking over all sorts of intrusion devices, such as the incredibly cute “Pwnagotchi”, a Raspberry Pi Zero-based device that “listens” to wifi chatter to feed its machine learning program in order to figure out wifi passwords.
It uses an e-paper screen, which is quite legible and consumes little power.
It’s incredibly small:
Here’s a Pwnagotchi beside a U.S. quarter for size reference:
A great way to steal information to gain access to people’s accounts and systems is to set up a fake wifi hotspot at a place that offers free wifi, such as Starbucks. That’s what the Wifi Pineapple is for — people connect to it, thinking they’re connecting to Starbucks wifi. You route their signals through to the real Starbucks wifi, but you’re the go-between, and can “see” everything that your marks are sending on the internet: the data they’re passing back and forth, including stuff like user IDs and passwords:
It sends out a signal that causes devices currently connected to wifi to disconnect. You could use it in tandem with a Wifi Pineapple to force people to disconnect from the real wifi and then connect to the Pineapple instead, enabling you to read their internet communications.
If you really want to “sniff” all the wifi traffic in the room, you’ll want one of these — a high-gain antenna system hooked to a network interface controller (NIC) that reads signals in “promiscuous mode”, a capability that’s disabled in most NICs. In promiscuous mode, you can capture all wifi traffic instead of the bits of data that you’re authorized to receive. It’s a good network diagnostics tool — and it’s also useful for getting up to no good:
And finally, the Shark Jack. Plug it into someone’s network, either via the ethernet jack or USB, and it will execute scripts to get a map of the network or even deliver a payload somewhere onto the system:
It’s basically a real-world version of the device that Tony Stark slipped onto the command console of the SHIELD helicarrier in the first Avengers movie (it’s at the 0:44 mark):
I may have to invest in one of those bad boys. For research purposes, you understand.
We also had a guest lecturer who delivered a very thorough and informative presentation on getting started in cybersecurity. I’ll have to post notes on it later: