Grey Hat Group

2014-10-06

Shellshock

A new Bash vulnerability. Read up on it.

IRC

Get on it! More information next week.

• Server: irc.uwirc.com
• Port: 6667
• Channel: #greyhat

PGP

Pretty Good Privacy, used for email encryption among trusted people.

• Install Mozilla Thunderbird
• Ensure Google Apps is enabled for you UW account
• Ensure IMAP is enabled in your account settings
• Configure Account
  • IMAP server: imap.gmail.com
    • Port: 993
    • SSL
  • SMTP server: smtp.gmail.com
    • Port: 587
    • STARTTLS
  • Account: xxxxxx@uw.edu
  • If you are experiencing issues Set a Separate Password for Google Apps
• Install GNU Privacy Guard
• Install Enigmail Thunderbird extension
• Create a Key
  • Menu>Enigmail>Key Management>Generate Key Pair
    • Passphrase: yes, you want one. No, you don’t want to forget it.
    • Revocation certificate: Generate one! and save it somewhere else! (such as on a thumb drive or CD)
    • Set key to expire within a certain time. One year recommended.
• Upload your public key
  • On Key Management, right click on your own key
  • Click on Upload Public Keys to Keyserver
  • Select pgp.mit.edu
• Key Signing
  • Used to verify that people are who they say they are.
  • Verify someone’s identity and their Key ID before signing
  • How to do it using Enigmail:
    • Go to Key Management>Keyserver>Search For Keys
    • Enter a Key ID or Email of someone you know
    • Select the correct person and import them to your Key Management list
    • From Key Management, right click on their name and select Sign Key
    • Click Keyserver>Upload Public Keys
  • Regularly Refresh All Public Keys to check for revocations and signatures

Next week

• Key-Signing party
  • Bring your new key’s fingerprint
• Setting up AWS microinstance to be used for consistent IRC connection