What is a Hackathon?

A hackathon is “is a is a design sprint-like event in which computer programmers and others involved in software development, including graphic designers, interface designers, project managers, and others, often including subject-matter-experts, collaborate intensively on projects”.

Most hackathons have a specific focus around a certain programming language, operating system, API, sponsor technologies etc. Some also have no restrictions, allowing for you to build anything you want to pursue.

The event often lasts about 24-48 hours nonstop, meaning people stay up through out the night working on their project. Those hours are filled with food, caffeine and prizes, which are often tech oriented or cash.

boilermakesleep

As the organization MLH (Major League Hacking) was founded, the amount of hackathons grew substantially. There is often always a hackathon near you every month or even every other week in some areas.

Teams are often formed before hand or even at the venue by finding others and networking. The collaboration aspect of hackathons are very imporatant and lead to the creation of great projects.

At the end of a hackathon, there are demos of the projects and judging for prizes takes place. They showcase the hard work the teams have put into creating a working demo to show off.

I highly recommend hackathons if you are interesting in coding and technology, and going with other friends makes it much more fun as well.

disrupt-hackathon

Bluetooth

Bluetooth is a “a standard for the short-range wireless interconnection of mobile phones, computers, and other electronic devices”. It operates between 2.4 and 2.485 GHz and uses very little power to create a connection between two devices.

Range varies between the version of the Bluetooth that is being used, material, antenna config, and battery condition.

Bluetooth 1.0 and 1.0B was the first release of Bluetooth but it was very buggy and products would often fail to work with each other.

Bluetooth 1.1 made some improvements by fixing various bugs and adding a signal strength indicator (RSSI).

Bluetooth 1.2 had major upgrades in speeds, faster connection and discovery, and AFH for avoiding crowded frequencies.

Bluetooth 2.0 + EDR was released in 2004 and introduced the Enhanced Data Rate standard for speedy data transfer.

Bluetooth 2.1 + EDR built upon faster pairing experiences and stronger security while improving power consumption/device filtering.

Bluetooth 3.0 + HS this standard is a large leap and allows for 24 Mbit/s over an 802.11 link after a bluetooth connection was established.

Bluetooth 4.0 + LE otherwise known as Bluetooth Smart includes Classic Bluetooth, Bluetooth high speed, Bluetooth low energy.

Bluetooth 4.1 is a software update to 4.0 that adds many new things such as…

  • Mobile Wireless Service Coexistence Signaling
  • Train Nudging and Generalized Interlaced Scanning
  • Low Duty Cycle Directed Advertising
  • L2CAP Connection Oriented and Dedicated Channels with Credit Based Flow Control
  • Dual Mode and Topology
  • LE Link Layer Topology
  • 802.11n PAL
  • Audio Architecture Updates for Wide Band Speech
  • Fast Data Advertising Interval
  • Limited Discovery Time

Bluetooth 4.2 introduces minor upgrades in security and support for new standards needed for IOT (internet of things).

Bluetooth 5 will focus on doubling speed, increasing range and improvements across the board to modernize the technology.

Here is a video you can watch to learn about Bluetooth 5, the future of the standard. https://www.youtube.com/watch?v=0n1x-wxESaM.

Bluetooth in relation to cybersecurity is very important because so many devices use it, meaning it needs to be strongly encrypted and not have big vulnerabilities. I suggest you read about Bluetooth and how secure it is to better inform yourselves.

bluetooth-logo-and-wordmark

 

 

What is Amazon Alexa?

Amazon’s Alexa is an intelligent personal assistant that is capable of many things such as, “voice interaction, music playback, making to-do lists, setting alarms, streaming podcasts, playing audiobooks, and providing weather, traffic, and other real time information, such as news”. Alexa is also compatible with a wide variety of other home automation products and hopes to be the main hub where commands are issued. Most devices allow wake words like “Echo” to be used, while some others require buttons to be pushed or tapped.

amazon-echo-dot-tap-family-alexa-speakers

The image above is Amazon’s main echo line up, but does not include the Echo Show, Dash Wand, and Echo Look. Many other third party manufacturers also create devices that the Alexa voice platform can run on.

Just like your phone, Alexa can become smarter through the addition of apps, otherwise known as skills. They can add lots of interesting functionality and improve the user experience greatly. Skills are made using the Alexa Skills Kit, which is publicly available to anyone looking to develop for it.

Home automation is also a big feature that Alexa has. It can interface with products from a wide variety of manufacturers, including Belkin Wemo, ecobee, IFTTT, Insteon, LIFX, LightwaveRF, Nest Thermostats, Philips Hue, SmartThings, Wink, and Yonomi.

If you have an Android phone, you can use Tasker or IFTTT in order to control parts of your house with Alexa. You can see me turning on my computer with no additional hardware with these two services in a previous post.

As you can see, Alexa is a growing platform that has unlimited potential that needs more and more developers to improve. I suggest you go to https://developer.amazon.com/alexa-skills-kit/tutorials in case you wish to learn how to build your own personalized skill.

Cybersecurity Hacking Topics

This month I taught a cyber security class that had two sessions, each a week long. In both of them we went over the topics listed below…

  • Setting up a virtual machine
  • Booting a Linux distro designed for penetration testing/hacking (Kali-Linux)
  • Using an external wireless card (TP-Link TL-WN722N)
  • Putting the wireless card into monitor mode with airmon-ng, scanning for networks using airodump-ng
  • Capturing WPA handshake by death all devices
  • Navigating Linux filesystem and starting Fluxion shell script
  • Using pyrit to check a WPA handshake and hostapd to spoof/duplicate a network
  • Using SSL and launching a webserver in the background to capture passwords/check them against the handshake with aircrack-ng
  • Scanning a network to see all available devices with cSploit and nMap
  • Performing Man in the Middle attacks and session hijacking with cSploit, NetCut, and Network Spoofer
  • Different types of network security – WEP, WPA, WPA2
  • Dangers of keeping WPS enabled on your router
  • Password managers and their importance to keep you safe online
  • Security patches and update to safeguard from viruses and ransomware
  • Router settings (often 192.168.1.1) and changing its default password to something more secure
  • AdBlock and HTTPS everywhere extension to avoid insecure connections
  • Importance of backing up computers in case of hardware failure or virus attack
  • Creating a guest SSID in order to create a wall between personal devices and foreign devices
  • Updating all browsers to newest version to not be vulnerable on the web
  • Importance of 2 factor authentication on main accounts
  • Identifying and avoiding phishing attempts
  • Using a VPN on public WiFi networks
  • DNS and what its used for
  • How to setup an alternative DNS service (OpenDNS) and block/filter certain content and sites
  • Changing router settings to replace DNS and add port forwarding or blocking
  • Using Wake-On-Lan to turn on a PC remotely
  • Using the Metasploit framework to deploy a Trojan APK to an Android device
  • Setting up a reverse HTTPS listener and waiting for the app to connect to launch meterpreter
  • Using various meterpreter commands to control the device remotely
  • Using the Metasploit GUI, Armitage in order to run exploits against other machines
  • Hail-Mary attack to try all possible exploits to gain access to meterpreter
  • Learned about online anonymity through Tor onion routing protocol and the use of online decentralized cryptocurrency
  • DDOS and DOS attacks with LOIC (Low Orbit Ion Cannon)
  • Brute force online logins with Burp Suite

I think it was a rewarding experience for me as a teacher and I hope I inspired more kids to take on ethical hacking.