How do you talk to someone over a common, instant message client (Gtalk, MSN) securely, with encryption

Posted on by Steven Smethurst

How do you talk to someone over a common, instant message (IM) client (gtalk, MSN, ect..) securely, with encryption. This was my question when I went to the Practical intro to computer security at Vancouver Hackspace.

Off the record (OTR) is a plugin for most IM clients that sets up a secure connection between two computers that you can use to ensure that no one else is listing in and that you are talking to the person you intend to. The problem is that there is no OTR plugin for my perfered IM client Digsby. Infact there are not a lot of clients that support the OTR plug-ins. The OTR people do provide a tool kit to devlope plug-ins for other clients but thats a lot of work.

The ORT developers suggest Pidgin. A cross platform, multi protocol (MSN, GTalk, Jabber, ect..), opensource, Free, IM client that can run without being installed. I have looked at Pidgin before but i didn’t like it as it was too plain for me. This talk gave me the opportunity to look deeper in to this application and I found that its is has many plugins and themes for it that make it much more usable.

Instructions 

  1. Download and install Pidgin 
  2. Download and install the OTR plugin
  3. Start Pidgin, from tools menu select “plugins”
  4. Select the Off The Record ”OTR” plugin from the menu and click configure.
  5. Select a account on the Off the record configuration dialog and click the “Generate” button.
  6. Start a conversation with a friend that has the OTR plugin installed. You should see a new button called 
  7. Click this button and it will send your friend a message starting the secure communication.
    • If your friend does not have the OTR plugin installed they will see a message that looks like this “?OTR?v2? nobody@nowhere.com has requested an Off-the-Record private conversation <http://otr.cypherpunks.ca/>.  However, you do not have a plugin to support that. See http://otr.cypherpunks.ca/for more information.
    • If your friend does have the OTR plugin installed correctly they should see a message similar to this “(12:34:26 PM) The privacy status of the current conversation is now: Unverified, Conversation with __FRIENDS_NAME___ on 3/28/2012 12:34:26 PM: (12:34:26 PM) The privacy status of the current conversation is now: Unverified” What this means is that the communication between you two are now encrypted but you can’t be sure that your friend is who they say they are.
  8. You can then verify your friends by click the unverified button and select “authenticate buddy” from the menu
  9. On this page you can ask your friend a question that only they would know.
  10. Once you have verified that your friend is who they say they are then the icon will change to
Notes:
  • Most clients will allow for logging of the chat session, if you are using OTR this defeats the purpose of the system. You will never know if your friend is logging the conversation. This is a a possible attack/vulnerability
  • If you are talking over GTalk you may notice that the logs show random chars for your communication. This is good this is your encrypted conversation.
    me:  ”?OTR:AAIDAQAAAAMAAAADAAAAwOP8n7lerGtKSO/sT5C5cC1uYPOaFsBxPgesW1aXmmldhO510p+k7eCw/PxWyersVzOc5iyul3xqeHkbZ9rlr8lP2CLYadi1rb2sw+JneD54tEgt/EFcT8CBZ4JcdyNeAI0TtsByn08g6EkeMPSMrln56Lb32Vl8aBdddioeiwqwDSDFsdfsekb6RqXvhNVsLMiogBPiyRk3UarwsJ3tUHdpWuIsW2yv0HmAb4QWxlVPaehNdWl9itVBveWawtQZaqd8eu2aalvi9/+JSeyawAAAAAAAAABAAAABSQVb9d9BNaZAKwdVsJQH3Wgcgeb7E3ozMoAAAAUkIlPXeG/HYLDXS1qC/h9epdhBpo=“. Sent at 12:43 PM on Wednesday

 External links 

Vancouver Maker Faire – Call for Makers

Posted on by Steven Smethurst

If you haven’t already heard, Vancouver Maker Faire have an amazing venue in store for this year; we’ll be in the Forum building at the Pacific National Exhibition (PNE) on the weekend of June 23rd and 24th. This will give us 48,000 square feet of indoor space, and ample outdoor space too! Yes, forty eight thousand square feet of space to fill with amazing makers, doers, and creatives! It’s going to be HUGE!

But that means we need Makers, and we need help spreading the word that the Call for Makers is now open. The deadline is April 21st, so don’t put it off too much longer if you’re planning on participating.

You can find the Call for Makers, which contains all the information you need to become a Maker and links to the application forms, on our website here: http://vancouver.makerfaire.ca/makers/

Why be part of Maker Faire?

  • Share in the motivation and encouragement of a large group of similarly minded people working towards the same goal.
  • Teachlearn, and share knowledge.
  • Inspire others and be inspired yourself.
  • Network and meet people and groups with which you have a common interest.
  • Show off your projects, see how people react, and get feedback.
  • Promotion for you, and your projects. Get your name and logo or photo on our website.

Making a Gear Heart

Posted on by Steven Smethurst

I created a Gear Heart for a friends birthday on Maker Bot (A 3D printer) at Vancouver Hackspace’s. It took about 8 hrs to print all the different parts. I also created a time-laps video of my printing two of the gears. This is a decent animation showing how the gear system works. It was a easy project that was a good intro to 3D Printing.

Vancouver floating dining room using plastic 2-Liter bottles

Posted on by Steven Smethurst

The founder of the School of Fish Foundation, Shannon Ronalds, is working to create a positive impact on the seafood industry by educating chefs about sustainable seafood. He had a vision to build the floating dining room and new that plastic 2-Liter bottles could be used as flotation. With the help of a marine engineer and Goodweather Design, they drew up plans for a dining room that floats using 1,672 bottles. The elegant raft was constructed out of reclaimed pinewood. All materials going into and coming out of this floating dining room are renewable, recycled, reclaimed and/or repurposed.

Source: school of fish foundation floating dining room

 

Vancouver Scavenger Hunts

Posted on by Steven Smethurst

I have mentioned vancouver scavenger hunts before but it was mainly for Vancouver’s parks and I wanted one that is more geared towards Vancouver its self. I tried searching Google and yahoo but failed to find anything worth while so I created my own list.

Set up a scavenger hunt with your family and friends to see who can find the most items the fastest. Please do not take or disturb any of the items that you find use a camera to take a picture and help keep our city looking great.

First we should start with general the rules:

  1. Walking, Running and Translink only. No car, cabs, scooters, anything else with wheels.
  2. Don’t take anything, don’t disturb the environment. When you find an item on the list take a picture of it and write down where you found it.

Items to hunt for

Vancouver Mini Maker Faire 2011

Posted on by Steven Smethurst

* I found this post in my drafts, unfinished, lost and forgotten. I decided to post it, unfinished instead of deleting it. * 

What a Amazing, fun, aw-inspiring event. Thank you everyone that put on this event, Emily Dallas, Jenny, all the volunteers, makers and sponsors. Thank you for putting on a fantastic event.

When I heard about this even a few months ago at VHS. I decide to build a RGB LED POV Globe, The same one that I have been talking about on this blog for the past few weeks. After working very hard on it with lots of help from friends, I was unable to get it working in time for Maker Faire Vancouver. Very sad but I will keep working on it and should have it ready for burning man this year.

Instead I made a few smaller projects just in time for Vancouver mini Maker Faire 2011.

There is no way I could catalog all the interesting things that I saw over the weekend so here are some of the highlights.

Luke Detheridge milk jug dragon
Built with milk jugs, wire, rivits, and a hell of a lot of creativity.  This project was hidden away in the ContainR project instead of the dark spaces witch is too bad as a lot of people didn’t get a chance to see it. I lent him the RGB LED strip lighting to make the whole thing glow and change color.

Mondo Spider
A ride-able walking giant robot spider, what more could you ask for?
In this video Luke Detheridge is in control of it running up and down the main street of Maker Faire

Robot playground
Robots, robots, and robots. In this area different robots interacted and played with each other, some nicer then others.

Music boxes
You yell a word in to a box, it records 8 secs of audio and loops it back to you.

 

Five Pirates

Posted on by Steven Smethurst

You have five pirates, ranked from 5 to 1 in descending order. The top pirate has the right to propose how 100 gold coins should be divided among them. But the others get to vote on his plan, and if fewer than half agree with him, he gets killed. How should he allocate the gold in order to maximize his share but live to enjoy it? (Hint: One pirate ends up with 98 percent of the gold.)

* Answer in the comments *

How to be distracted

Posted on by Steven Smethurst

I work up at the crack of noon today determined to-do three things, buy a shaver, Clear my inbox, and write a new post on my blog.

Started with attempting to clean my inbox. The first email I looked at was a reply to a post I made on Facebook. Logged in to Facebook to make a reply. My first mistake. 2hr later I have uploaded 25 pictures responded to 30 messages, researched and posed witty replies to other peoples posts.

Along the way one of my friends made a post about how she was having problems getting a computer science job. Well I listen to a lot of Stack Exchange Podcast and one of the things they talk a lot about is there Careers 2.0. I looked in to it and found that it was an invite only service, lucky I am pretty active on the Stack Exchange sites and I had an invite that I never got around to activating.

So I signed up and started filling out my profile. They have this meter at the top left of the profile telling you how much of the profile you have completed. Its madding to only have 120 out of 210 points completed.

One of the questions was; “What was the first computer that you used” for me it was an old Macintosh that we used to play a game called bolo. And after reading the wikipedia page I found out that there is a windows version of this game called Winbolo.

Of course I had to download it and lost another 2hrs. I also pinged a few friends and got them playing as well. destroying any change of them getting any real work done either.

After a few games I closed down Winbolo determined to get something useful done today. So I started closing browser windows and found wikipedia still open. Clicked on link and end lost another 2 hours.

According to my history it went something like this
bolo => Tank => Blitzkrieg => Maginot_Line =>On_Her_Majesty Secret_Service_(film) => Sean_Connery => Scottish_National_Party => Scottish_Green_Party => Social_justice => Humanism => Positivism => Common_sense => TED.com

TED.com killed another 2hrs. By this time I had pretty much given up on doing anything worth while.

This is how you kill an entire day by just clinking a single link.

SQL Injection License Plate

Posted on by Steven Smethurst

 One clever hacker realized that recent speed traps use cameras that automatically register your speed, take a picture of you license plate, and then use character recognition to translate you license plate number into something they can use as a lookup within the DMV database. With this in mind, he changed his license plate number to

(‘ZU 0666′, 0, 0); Drop Database Table.

If the DMV uses this string of characters in their database lookup it has a good chance of deleting all of the database records containing his actual license plate number, ZU 0666. This has got to be 10 out of 10 on the creativity scale, and once again showing the importance of knowing what SQL injection and little Bobby tables is all about.

Source: SQL Injection license plate hopes to foil euro traffic cameras

Ping and pong

Posted on by Steven Smethurst

Ping: A call out in to the void in search of another. To check the existence of life on the other end. To seek a connection. A normal response to ping is “pong”

Pong in answer to a ping: Yes, I do exist. I acknowledge your existence and you are no longer alone in this system. We have a connection and I am waiting for you.

Its a beautiful system.

Office Parkour and ZombinLaden

Posted on by Steven Smethurst

Insane Office Escape (try this at work!) – Biting Elbows
Interesting music video, includes: free running, parkour, interesting fight sequence and camera angles. Well worth the 3mins it takes to watch it.

ZombinLaden: The Axis of Evil Dead Short Film
What if somebody found a rotting body at the bottom of the ocean? What if they somehow managed to bring that body back to life? And what if that rotting body just also happened to be Osama bin Laden?

ZOMBINLADEN The Axis Of Evil Dead from Clement Deneux on Vimeo.

Merrie Melodies – Daffy Duck the Wizard HD

Javascript redirect when device has restarted

Posted on by Steven Smethurst

Over the past few months I have been building a sensor device with a embedded webserver for configuration and reporting. When a user saves a configuration to the device the device needs to be restarted before the changes come in to effect.

While the device is restarting the webserver is unreachable and the users get a blank page or 404 pages, this is bad for the users. So I created this simple script to check to see if the device has been restarted correctly then redirect the users to the correct page. This script uses JQuery

Script: Redirect on reboot

<script type="text/javascript">
		function UrlExists(url) {
			var http = new XMLHttpRequest();
			http.open('HEAD', url, false);
			http.send();
			return http.status!=404;
		}

		var checkCount = 0 ; 

		function CheckServerUp(){
			checkCount++;
			$('#status').text('Checking. ' + checkCount ) ;
			if( checkCount > 30 ) {
				$('#Error').html('The device is taking a long time to reboot, <a href="/refresh2.htm">Click here to continue</a>' + checkCount ) ;
			}

			if( UrlExists( "refresh2.htm" ) ) {
				$('#status').text('Device running, redirecting...') ;
				window.location.replace( "/refresh2.htm" );
			}
		};

		$(document).ready(function(){
			setInterval( "CheckServerUp()", 1000 );
		});
	</script>