This is an old revision of the document!


Past Events in Boston Massachusetts

DateDetails
2017-07-28Monthy Digital Security 101 at Sprout
2017-06-20BPL Fields Corner branch

I went to the Fields Corner cryptoparty last week and had a lot of fun. Had about 10 attendees. Talked about using general operational security, threat models, strong passwords, password managers, mobile security, and anonymous browsing. Seemed like our info was well-received. We're getting pretty good at the Digital Security 101 training, if I do say so myself!

DateDetails
2017-06-24BPL South Boston branch
2017-05-30Monthy Digital Security 101 at Sprout
2017-05-05LGBTQ-focused Details, Make Shift Boston South End
2017-04-26Monthy Digital Security 101 at Sprout
2017-04-22Boston Socialist Unity Project Conference, MIT
2017-03-31Privacy at the Border workshop for International Students - Harvard Univ
2017-03-29Monthy Digital Security 101 at Sprout
2017-03-27Privacy at the Border workshop for International Students - Harvard Univ
2017-03-24Libre Boston meetup Personal Privacy & Security Skillshare
DateLocationAddressAdditional Information
2017-03-02Fields Corner branch BPLBoston, MA

Jamie and I had a great cryptoparty last week at the Fields Corner branch of BPL. The flower of our conversation might be instructive for this month's “Train the Trainer” session.

For context: We were joined by a librarian and three older women, who meet regularly as a reading group. They did not have any expertise in technology.

We started the conversation by loading the Norse real-time attack map. We did this to communicate that, if they didn't already know (!), the internet is not a safe space. There are concerted efforts to compromise networks and identities going on all the time.

Because a few of the attendees had personal experience with phishing attacks, we talked about how to hover over a link with your cursor to check the path. Close reading and attention to URL length can save you from many attacks. Similarly, if you are downloading a file from e-mail, you can hover over the attachment and see the attachment's file extension. File extensions like .exe, .bat, .dll should be avoided! What are people phishing for, anyways? Bank accounts. Personal information. Usernames and passwords. &c &c.

We moved into a discussion of passwords – er, passPHRASES. The XKCD comic was great, if only to broach the fact that it's not individual humans trying to guess your password, but automated programs that query against dictionaries and tables of known passwords. We talked about salting, 2FA, and about not using the same password for multiple accounts.

That was the first 45 minutes of the cryptoparty. During the last 45 minutes we talked about threat modeling and a bit about encryption via HTTPS. I'd say the transition to talking about encryption needs work. It's a crucial topic but very difficult to grasp intuitively at first.

Scared straight, the group wondered about how they might audit their computers to know if they'd been compromised. We suggested running anti-malware programs on the reg (recommended AVG as a free alternative). We also walked through opening up the task manager and reviewing what processes are running at any given time. Right clicking was a new feature for most of the group. And we might have accidentally found some malware on the library computer, spoofing as the csrss.exe program(!).

DateLocationAddress
2017-02-22Sprout339R Summer Street, Somerville, MA
2017-02-18East Boston branch BPLBoston, MA
2017-02-05Somerville LibrarySomerville, MA
2017-02-03The Humanist HubSomerville, MA
2017-01-25SproutSomerville, MA

Someone already sent a link to Sumana Harihareswara's talk from last year's LibrePlanet. It is really important that we provide a safe space for cryptoparty participants, like addressing our preferred gender pronouns during introductions. An easy thing we can do for our LGTBQIA+ cryptonauts. Same goes for people who don't share our class, politics, race, ethnicity, culture…

During the cryptoparty, we walked through securely installing a new operating system for a laptop. We downloaded an .iso file from a torrent for the Xubuntu OS. We downloaded the SHA256sum checksum file to verify that the .iso file we downloaded is the same .iso file Xubuntu uploaded. We also downloaded the public key signature associated with the signed chechsum file. We verified the checksum and the public key using command line tools. Finally, we used the dd command to format a USB into a bootable device with our .iso file on it. In all, it took a good 90 minutes!

We also chatted about Tor and privacy policy.

For next month, there was some talk about focusing on surveillance cameras. I think I heard that someone had a camera to bring in to play with? Anyways, I would find it super useful to learn how to “read” surveillance cameras, know what it is they are monitoring. Would anybody else be interested in this?

I thought it would be cool if we produced a short (~20 minute) cryptoparty show that we could get aired on SCATV. They might also help us distribute the show to community access stations across the country. Anybody else interested in producing this with me? I remember someone saying that this had already maybe been done before, too.

DateLocationAddressAdditional Information
2016-12-28Encuentro9A Hamilton Place, Boston
2016-11-30Sprout339R Summer Street, Somerville, MA
2016-10-26Sprout339R Summer Street, Somerville, MA

A couple things from last night: Mailvelope seems to be a pretty cool tool. There's a demand for a Linux “install fest”. Let's set aside some time to do that in the future. Speaking of which, seems we're developing a workflow to on-board new members into the crypto community. Something like this: Install Linux –> Generate key pair –> Exchange keys –> Start messaging. The more concrete we can be about this process on the website and during cryptoparties, the easier it'll be for others to join. Talked a little about botnets and DDOS attacks. V v interesting. Would love to learn more about systems administration and protecting home routers against botnets. So turns out the models I've been using to describe encrypted messaging (Alice, Bob, public key, private key) barely scratch the surface of the problem of secret messaging. It'd be great to have more information about what, exactly, models like the Diffie-Hellman diagram are trying to describe. From what I gather, the problem is how to make a handshake when you're being watched the entire time. If you can, please shed some light about this problem!

DateLocationAddressAdditional Information
2016-10-22BPL, Grove Hall Branch41 Geneva Avenue, Dorchester, MA
2016-09-28Sprout339R Summer Street, Somerville, MA
2016-08-31Parts and CraftsSomerville, MA
2016-07-27Parts and CraftsSomerville, MA
2016-01-27Parts and CraftsSomerville, MA
2015-12-30Parts and CraftsSomerville, MA
2015-10-28Parts and CraftsSomerville, MACommunity Jamboree: Imagining what the Internet will look like in 5 years
2015-09-30Somerville Ave StarbucksSomerville, MA
2015-09-16BLU PGP Keysigning
2015-08-26Parts and CraftsSomerville, MA
2015-07-23Parts and CraftsSomerville, MA
2015-06-30Parts and CraftsSomerville, MA
2015-05-21Parts and CraftsSomerville, MA
2015-05-17Danger! Awesome, Together Boston
2015-05-02Point to Point Camp http://ptp.camp/
2015-04-16Parts and CraftsSomerville, MA
2015-03-19Parts and CraftsSomerville, MA

[:boston|https://www.cryptoparty.in/boston]