What have we achieved so far?

If you want to kiss the sky Better learn how to kneel (On your knees, boy)

In this post I would like to summarize some of the things we (GNUCITIZEN) have achieved so far. I am writing this post purposefully for myself, and for our group and I hope that we can use it as a base reference point to go even further.

When I look back, it looks like we’ve done a lot, yet it still feels that we could have achieved so much more. Through, time and money, but mostly time, have always been problems and I wish we had an army of drones with hearts and brains to help us out in times when ideas burst out and motivation and passion are at their peak. Often that is exactly the case and I realize how important to stay focused is. Being focused is not a skill bur rather a human characteristic which fits some.

So, let me layout what we’ve got so far:

GNUCITIZEN .ORG/.NET/.COM

We’ve branched out into tree separate projects for our convenience since each one of them serves different purpose. The blog (.ORG) had an excellent two years of viability and have influenced the info sec field, but not only, in some positive ways. We’ve had a couple of good and bad experiments and we’ve learned a lot. This type of experience money can’t buy and I am quite happy that I had to go through all the hustle in times when hustle was I’ve got. We are progressing here. I haven’t blogged much lately due to the fact that I had to put my attention somewhere else, but I and the group are cooking some good things for the near future.

We are still looking for good people who would like to express their thoughts on GC. With the current user base, page rank (7) and an exceptional monthly traffic, I would say that we have one of the best scenes where you can develop you talent and get a good exposure. So, if you are interested, let us know, as always, from our contact page.

The .NET domain turned into a hub for all our external projects regardless whether they are security related or not. The domain is barely visible to our visitors (on average 50 unique visitors per day) but I feel satisfied when I go there and I see a bunch of good ideas shaping right in front of my eyes.

The .COM is yet to be fully implemented. Stay tuned for that one since we’ve prepared some awesome stuff for the future.

Hakiri

The reason I’ve started the Hakiri project was because I felt that I need to express my thoughts on art, design, culture, sociology and other topics very dear to my soul, on a separate domain. GNUCITIZEN has just started to shape into something more then a personal blog and I thought it is the right thing to do to keep personal development things on a separate place. That move caused all sort of good ideas to emerge but I thought I should write them down instead of jump start implementing all of them.

At the moment, Hakiri is developed when inspiration and free time is available and that pretty much sums up to once or twice per month, which is not enough but it I am taking it easy. Again, you are welcome to join, and I think that this project has a lot to offer.

Spin Hunters

I am partnering on this initiative and I must say that this is such an awesome idea. Spin Hunters, if you don’t know yet, is an organization which deals with thing such as Black PR, Reputation Security, and other things from the black and white arts of the PR industry. All of this is stirred well with a solid those of Infosecurity. This is what I call a wonderful mix of talent and ideas. What can I say? It does well!

SecUrls

I thought that the info security industry really needs a place where people can glance through what is going on a daily even hourly basis. I am subscribed to hundreds of feeds and most of them are practically useless. Yet again, I wanted to solve problem for myself and with that hoping to solve a problem for others, I’ve setup the first version of SecUrls which was pathetic. I even installed ads and although the site was down almost a month (a blank page), I’ve made $14 USD, go figure.

I am quite happy with the current version of SecUrls although I realize that there is so much more it could be in the future. We’ve got good sources, good filters on place and some cool algorithms to match news articles with awesome Flickr photos - a mashup at its best. For fun, there is even a twitter feed which summarizes what security pros are twittering about. Useful if you don’t want to setup your own Twitter account.

House of Hackers

Now this is the project which have an infinite number of potential developments. It could turn into anything. I have no idea where it will go but I had promised myself to buy a domain and purchase Ning’s premium services if we reach 1000 members. Today, HoH community is close to 5000 but non one have found a way to make use of it yet. Well, I have a few ideas but I have no power on whether they will be accepted. It is a community thing. But if you have an idea and you need people, this is the right group to approach. There are some quite interesting characters there from around the globe (yes, HoH is truly international, check the groups) who I believe make an excellent fit for all kind of useful, cool and interesting projects.

Blogsecurify

Work in progress! I think that this type of service is needed. Blogs are essential business tool today and they are important not only for individuals but also for companies and organizations. Therefore, keeping them secure is very, very much a must. Blogsecurify is what we’ve prepared to tackle this problem. I am quite proud of the testing engine, which is written in python and can be used for all kinds of security related projects that will be hosted on Google’s cloud. If you want to join the initiative, please ask.

Websecurify/Netsecurify

Like Blogsecurify but for Web and Net. Nothing here yet but I think that these are good ideas. Suggestions are welcome. If you want to join these initiatives, please ask.

Adsosimple

Ok, this is what I’ve been busy with lately. It is not security related but it felt like a fresh breeze after doing so much security work and I really needed a service of that type. Adsosimple is a simple service which solves a very fundamental problem - making ad revenue without going through advertising platforms such as Adsense. We were planning to build inline ads for Blogsecurify in order to keep the service free. Through, Adsense is not suitable for that kind of thing, neither other ad platforms I’ve been researching online. So, I thought to build one myself. Adsosimple is the result of my efforts. While building it, I’ve learned a lot about hacking paypal. You will be surprised how easy it is to buy goods from sites without paying a thing.

At the moment, Adsosimple is in sandbox beta stage. This means that you can only use the PayPal sandbox only to pay for things, which does not use real money. That will change once I am comfortable with the way the system works.

Mini Security Related Projects

We’ve got some many of them it is not even funny. :) Check our projects pages.

External Entities

We’ve got article across some of the best information portals online. I’ve been personally involved with contributing to several books. We’ve got a Wikipedia page, Technorati, Facebook, YouTube, Twitter exposure. It is really hard to summarize everything.

It still feels there is so much more to be done.

Comments

LKP responds:

Well, for what matters, a lot you guys have accomplished, there will be always more to be done, is just the way of things, not only in computer related stuff but in life aswell.

There are a lot of people who in some point just look back to see they didn’t accomplished nothing, so, no matter if it was one thing or two, I know you’ll feel better when you look at your past to see all the things you accomplished as a group.

It’s even better that beside all the things you’ve done you still have that motivation of keep doing new things so keep the work! ;)

Greg responds:

Hey pdp, how about your passing the TIGER exam. I though you guys were the only TIGER team out there, or am I wrong?
Out of interest did you and ap find it tough? I’m trying to choose a course to do but they seem way to tough for me right now :(. I’m not a security jock, just some guy in IT who wants to break stuff.

sal-e responds:

Hi PDP,

There is a lot of noise around Web2.0 security. But I am observing fundamental shift of the personal computer hardware that will make the current security practices obsolete virtually over night. At the same time I don’t hear anything about it.

Any person that keeps track of the latest video hardware knows that Nvidia just released a GPU with 1.4 billion transistors. Its performance is estimated to be about 1 Teraflops. That is a super computer. The main purpose of the GPU is to decode video and graphical information. At the same time there is war between Intel and GPU manufactures like AMD and Nvidia. As result of this war the GPU manufactures are opening their hardware to be used for general computing tasks. There are prototypes from Adobe for video transcoding accelerated by the GPU and results are very impressive. Those applications are still not available, but there is a project called “Folding@Home” (http://folding.stanford.edu). They already have high performance client that are using GPU. The GPUs are many, many time faster then regular CPUs in some tasks. What is the common between video and folding proteins is that both are very scalable across parallel GPU. As far as my limited knowledge there is one more task that shares the same characteristics - encoding and decoding any data, especially in the case of missing encryption keys. Every one knows that any encryption can be broken if you have unlimited time and computation power. Now what will happen when someone writes an encryption cracking tool that uses the latest Nvidia GPU?!

Is anybody else having sleepless night because of it?

pdp responds:

Greg, try getting a course out of your field of work. Seriously. You might find it more enjoyable.

Ross Snider responds:

@sal-e

I don’t think anyone else is worried, and you should now be either. I’ll solve your insomnia right now.

An RSA key of 1024 bits has to be factored to be broken. We rely on the difficulty of this task in order to keep our transmissions secure.

It takes an estimated 10^12 MIPS*years to break an RSA key of this size. At a terraflop a piece (1,000,000 MIPS) it would take 1 computer around a million years to break RSA. Now, if we assume our culprit can buy 1,000,000 such computers and wire/program them to work together, it could be cracked in one year.

Thankfully this is unlikely to happen. No worm is going to be spread that can take advantage of the full CPU and also not get noticed and taken out. The budget of the individual behind this would in the hundred millions or billions at least.

So lets say we really get scared of this happening. We’ll up standard key size. Against a 2048 bit key, this scenario looks (2^1024 times) even more unplausible. Against a 4096 bit key, this looks absurd.

Before any one can break RSA, we’ll have moved onto elliptic curve.

	Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
	Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.
	Websecurify is a division of GNUCITIZEN. The initiative was established to provide a fee web application security framework for automated and manul penetration testing. The service is still in private-beta.
	Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
	Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.

GNUCITIZEN

Navigation