Randomdata at Hack in The Box / Haxpo 2014 Amsterdam + The Inner Workings of Project-S

Randomdata will be present next week at the Hack in The Box Haxpo, you will find us at booth number 43.
In the past few months Ardillo and Fish_ and a bunch of volunteers have been working on a project called Project-S for HITB. The “S” stands for
Secret, Supercool, Strange, Special and a lot of other “super” words.

During one of the HITB NL core crew meetings we spoke about doing
“something extra” for the fifth Amsterdam edition of the HITB security
conference and to mark the first ever HITB Haxpo and after an evening of
brainstorming we knew what we wanted.

What is Project-S?

Project-S is an Über Badge
we created for Hack in The Box / Haxpo 2014 Amsterdam – a fully
functional Arduino with some extra features thrown in for extra hacky

So what are these features?

The HITB Crew will have a badge with all components on-board
including some wireless communications – it also contains some LED’s as
well and after the conference you can use it as a regular Arduino

What? Only the HITB crew gets a badge?

NO! We have badges for sale at the Randomdata booth (NL-043)! Be sure you get it fast though because we have only 133.7 badges to sell!
We have fully completed badges as well as badges that require you to
get your soldering hackf00 on! Don’t know how to solder? Worry not, as Mitch Altman is on hand right next door (NL-044) to teach you how!

Can I pre-order a badge then?

No, sorry…

Can I see it now?

We’ve done even better – check out this video!

What else?

After the conference we might release some more goodies for the badge
for you to expand its functionality further. Got an idea you think we
should implement? Stop by the Randomdata booth

What can we do at the Randomdata booth?
- Solder your own HITB / Haxpo Badge

- Buy your own badge and goodies

- Learn how the project works

- see what projects where done by Randomdata in 2013/2014

- 28th May 16:00 at the Haxpo track we will tell you in 30 minutes who we did managed project-S

So where are you waiting for, come over to the Haxpo!

Privacy Cafe Zaterdag, 17 May, 2014 - 13:30 to 16:30

Privacy Cafe is een gezellige bijeenkomst waar hackers je helpen met het beveiligen van je computer en je communicatie.

Sinds de onthulingen van Edward Snowden zijn steeds meer mensen geinteresseerd in digitale zelfverdediging. En het mooie is: veel van de tools en tactieken die It professionals, hackers en andere nerds gebruiken zijn helemaal niet zo moeilijk om te begrijpen. Maar je moet ze net even weten te vinden.

Een privacy Cafe?
Privacy Cafe is een gezellige informele bijeenkomst waarbij o.a. enkele deelnemers van Randomdata je helpen bij het beveiligen van je computer.Soortgelijke events worden regelmatig georganiseerd, meestal onder cryptische naam "crypto party".
In samenwerking met

Dit event komt tot stand in samenwerking met Xander Bouwman (vrijwilliger bij Bits of Freedom), Randomdata (de Utrechtse Hackerspace), de Bibliotheek Utrecht en Setup.
Waar en wanneer is het?

17mei, in de centrale bibliotheek van Utrecht, van 13:30 tot 16:30u
Wat moet ik meenemen?

De apparaten die je wilt beveiligen. Vooral je laptop, maar ook in je smartphone kunnen we soms helpen te beveiligen.

Open hackerspaceday at Randomdata a big success

The open day, already a month ago, can righteously be called a great success. With more than 50 visitors during the entire day it was very busy at times.

The audience was remarkably diverse, ranging from hackers to housewives and from neighbours to nerds, all with different questions and interests.

Luckily a tantamount diversity of activities was prepared and there was something to anyone's taste.
Examples of these activities were 3D printing a tardis keychain hanger or a talk about how to hack into a cheap wireless alarm.
All of which accompanied by generally socializing and playful discussions on technology and security.

We are all looking forward to next years edition of this great event! So put it in your agenda for next year, again at the fourth saturday of march! (or last saturday of march?)

Open Hackerspace day NL: march 29


On Saturday March 29th, Randomdata participates in the international open Hackerspaces day . Anyone who wants to see what we do and how we work is welcome to visit our hackerspace between 12:00 and 20:00.

Our doors will be open all day for anyone with a general interest in programming, 3D printing, electronics, etc...  During the open day we also have a number of activities in which you can participate:

  • there will be an "arduino 101" which gives you the opportunity to get started with electronics and microcontrollers;
  • there will be a demonstration of how to crack a wireless home-alarm;
  • you can see a 3D printer in action and print your own 3D design;
  • and you can see some of our current projects.

Want to know more? Come and visit us at the Parkstraat in Utrecht! See the contact page for details on how to get in.

Mate Statistics 2013

Mate stats 2013

The clubmate stats are announced!

HITR2NDB 2013 Edition

Hitr2ndb logo

In December the groups Hack in The Box, 2600NL and Randomdata organized again a new edition of HITR2NDB (Hack In The Random 2600 NL Data Box).

The agenda was promising again from hardcore tech to inspiring community talks:

  • Opening – by Fish_ and Junk
  • RIPE aTTYlas – by Ardillo
  • Speed and Size-Optimized Implementations of the PRESENT Cipher for
    Tiny AVR Devices – by Kostas Papagiannopoulos and Aram Verstegen
  • ‘What is Deeeezzzzeeee?’ Got root < 5 minutes – by SYNNACK
  • The Noble Art of Wasting Time – by Peter ‘blasty’ Geissler
  • One gadget to rule them all – by Brainsmoke
  • #HOSSEL DIE SMATJE – by Flunk
  • The Dubai Taxi Driver – by Mark Fonseca Rendeiro

You can find the video’s of HITR2NDB at the youtube channel of Randomdata

Where is your data?

Last months there was a lot of news about PRISM where Snowden told the people what the capabilities the secret services in America and the UK possess.
This news had a lot of impact but we didn't see a lot of people moving in the Netherlands. Therefore we spoke with NRC Next to see how we could facilitate in making the PRISM issue more touchable to the public. We decided to create a tool for the NRC Next where they where able to investigate email traffic of large Dutch companies. Companies that are processing sensitive and/or private information, assumable also by email.
The result is quite interesting and therefore we decided to make a part of this toolset also available to the public called: whereismydata.nl (waarismijndata.nl, see below).
The tool searches for the domain name servers of your email address' its domain, it will do a check on the location of these server by matching it to the GEOIP database.
NRC Next used a more advanced version of the tools where also WHOIS and Traceroutes where combined to the final conclusions.

Note: not only the location of the mailservers is a risk within PRISM, also the location of the entity and its sysadministration of your mailservers is a risk.

So what to do?
First check where your mailservers are located with our prismdigger:

If your mailservers are located in the USA: GET AWAY, move to a new provider etc.
If your mailservers aren't located in the USA, it still could be an American entity, to be sure: ask your provider.

With our "simple tool" we hope to make it more visable to the public on where your email is being processed. If you have any question, just let us know.

Video blog: 3D printing workshop

At the 1st of October we had an awesome 3D printing workshop organized by Harmless:

A short video impression:

The details of the workshop (wiki)

Randomdata meets IVIR

Last month Ardillo and I were invited to present a hacking workshop for non-hackers. The group, called Instituut voor Informatierecht (IViR), is affiliated with the Faculty of Law of the University of Amsterdam and contained a large amount of legal advisors, professors and students. About 30 people attended our workshop which we compiled especially for this group.

Our agenda contained a few main subjects and demos:

Workstation security

How secure is your workstation, what's the value of a password and how can you bypass these mechanisms. We showed the group how easy it is to find passwords, to crack them if they are not strong enough, how you can overwrite the password and also how to disable the password mechanism based on a DMA (Direct Memory Access) Attack.

Wireless security

Everybody is using wireless hotspots nowadays, did you remember the "FREEPUBLICWIFI" id's in the air when you were drinking your cup of coffee at a look-a-like Starbucks?
But what can go wrong, and how can you attack these systems? Well, by our man in the middle (Ardillo), it became quite clear it's easier than you though.

Breaking alarm systems

To bridge the gap between software and hardware, and to make security more "touchable" we decided to explain how wireless alarms can be hacked, bypassed and disarmed.
One of the attendees was even using the same system we used for this demo, he was quite convinced the alarm system wasn't delivering that what (where) he paid for.

DIY Arduino

After all these demos it was time to DIY, the 30 attendees joined our Arduino workshop in pairs of 2. In 1 hour everybody was able to program their own micro-controller and play around with LEDs :-)
Some even had time to build a "Knight Rider"! :-)


This workshop was of course organized for IVIR to make security and hacking more touch-able, on the other side it was great for me and Ardillo to see how a totally new public was responding to technical subjects we presented.
A few of our major conclusions:
* More than average technical skilled people, we even had people working with Ubuntu, "if then else" functions and PGP :-)
* For Arduino: Windows and serial-ports is still crap :p
* We had a lot of questions: and how do you solve this issue, we even started an idea to create easy vpn solutions. We (the techies) are still not able to create a user friendly solution and we should (more to come ;-))
* On the wireless communication part we had somebody asking about security on medical support systems, like pacemakers, insulin pumps, etc. It might be worth to investigate this, although we didn't came to an ethical solution if we find a #zeroday.

The overall conclusion:

It was well worth to do these workshops with a variety of groups, we (the techies) can learn a lot from other people and that's why we are going to search for a wider public for this type of presentations/workshops. It will enlarge the awareness, will give people the chance to understand tech and last but not least, it gives us the chance to understand what is important at a wider public.
Our focus for now is on:
- NG (Next Generation) hackers: kids in multiple ages, we should invest more time and energy in our future
- Teachers: see how the NG hackers are getting their current skills, where can we (the techies) help?
- Other acadamic's like Docters, etc. to detect more vulnerability's in our every day life's
- CEO's, to see how people on higher level of company's are aware
- Politicians: if we want to rule the world, we should at least be able to understand politics.

We would like to thank IVIR to work together, it was a pleasure!
kthxbye, Fish_ & Ardillo
- The slides of the day
- Cold boot attack explained
- Man in the Middle

Hack in The Random 2600 NL Data Box @ OHM2013

We're going to the OHM2013 camping event. At this moment we have to make some arrangements on the gear, 0xf00d and other important stuff. The organizing of our village can be followed on our wiki - OHM2013.
The HITR2NDB village is on the OHM Village page as well.

For more information about OHM2013 you van visit the OHM website

You can find our camp during ohm on the S5 spot, yes the crazy ones ;-):


Subscribe to Randomdata RSS
2013 © All rights pwned by Randomdata ;-)