In light of the orwellian nightmare we've built ourselves into, now is a good time for the CSClub to pick up the slack it usually picks and teach people how to be safe out there.

=Topics, and slides=

This information is fuzzy and subject to change. Do not trust it.

sharvey, m4, and nguenthe are adminning this term's series

Though the topics are diverse, the ones we will favour actually running are seminars that are short, to the point, and give a specific skill(set).

Note: might be worth organizing this better by theme -sharvey

* sharvey on ''Why Should You Care About Security and Privacy''
* ?????? on ''Snowden Roundup'' (sharvey might be able to get some people from CrySP to discuss this; perhaps a panel followed by a Q&A?)
* yd2dong on ''Traffic Mixing''
* ?????? on ''Security Proofs: How Many Joules does the NSA Have?''
* ?????? on ''Full Disk Encryption''
* ?????? on ''SSH''
* ?????? on ''Tunnelling and VPNs''
* ?????? on ''Your Wifi Network is Insecure'' (cover: aircrack-ng and reaver. maybe nmap and metasploit)
* [mailto:stephen.palmateer@gmail.com Stephen Palmateer] of KWLUG on ''Tor'' (vs i2p vs Freenet vs /r/darknet?)
* [mailto:silver@callysto.com Sean Howard] on ''How your ISP owns you'' (UW grad, ex Watsfic president, currently working for sentex.ca, knows details of Bell's network infrastructure and where the chokepoints are)
* nguenthe on ''[http://www.cypherpunks.ca/otr OTR]'' -- or IanG if we can get him!
* nablack and m4farrel with a security demo + open ended question session
* m4farrel on ''Secrets of a DDoS''
* wlritchi on ''Reversing SBeam and pnwing ur phone''
* mtrberzi on ''GPG, Keyservers, and You'' and with a keysigning party to boot
* v2buterin on ''Bitcoin and Bitmessage'' (maybe? pretty please?)
* IST Security:
** [mailto:pmatlock@uwaterloo.ca Patrick Matlock] on some combination or subset of oauth, identity, data privacy ([https://uwaterloo.ca/secretariat/policies-procedures-guidelines/policy-8 Policy 8]), and web pentesting
*** csrf
*** script injections
*** ....
** [mailto:tlabach@uwaterloo.ca Terry Labach] on [http://ist.uwaterloo.ca/~tlabach/safer/ safer web browsing]
** [mailto:cpbell@uwaterloo.ca Colin Bell]?
* Sapphyre?
* Hatguy!
* ?????? on ''Passwords'' (touch on [http://xkcd.com/936/ security proofs], hashapass/pwdhash, alternatives to passwords (biometrics, one time pads, challenge-response, ssh keys), NOT SHARING YOUR DAMN PASSWORDS ACROSS SITES (cite: the ps3 attack, the linkedin attack, the ....) and how to use jacktheripper)
* ?????? on ''Browser Fingerprinting''
* ?????? on ''Filesystem Forensics and the Dangers of Log-Structured Data Storage'' (live demo!) (I would bother zablache, but he's graduated and in Seattle)
* ?????? on ''SSL: It's Broken''
* ?????? on ''Storytime: Exporting "Munitions"''
* ?????? on ''Stegonography'' (might be able to get sharvey's SO to cover this)
* ?????? on ''Digital Watermarks''
* ?????? on ''[http://lockwiki.com/index.php/Main_Page Locks]''
* ?????? on ''Getting root in 5 minutes with physical access'' (cover how to boot single-user in all versions of Windows, OS X, Linux, and when that fails how to pull a drive and crack the password with l0phtcrack (Win32) or simply editing /etc/shadow (*nix))
* ?????? on ''What is Identity'' (maybe toss this out to WPIRG?) with info on how sites and overlords (facebook, google) identify you, and how to split your identity digitally
* ?????? on ''Physical Security'' (locks, safes, etc.)

And remember kids, '''''educational-use only'''''

=WPIRG cross promotion=

[http://wpirg.org WPIRG] wants to cross-promote a "privacy forum" with us. They are imagining as an expert panel + QA session, during November. Probably the ideal distribution is csc events on the technical side ("how to shot pgp", "how to make tls go", "wat is passwurd") with WPIRG on the human-scale and politics side, with advertising to both of our cohorts for all events. Some ideas for expert participants:
* [https://cs.uwaterloo.ca/~iang/ Ian Goldberg] (sharvey)
* [http://www.michaelgeist.ca/tags/privacy Michael Geist]
* ????
* Terry Labach (this sort of thing is, actually, directly within his job description)
* [http://thoughtcrime.org Marlie Moxinspike]

=Related work and Telling Evidence=

====Related Work====
[https://ssd.eff.org/ EFF's Surveillance Self-Defense Guide]

[https://www.encrypteverything.ca/ Pirate Party's EncryptEverything]

[http://cm.bell-labs.com/who/ken/trust.html Ken Thompson - Reflections on Trusting Trust]

====Evidence====
http://readwrite.com/2010/08/04/google_ceo_schmidt_people_arent_ready_for_the_tech

====IMPORTANT MEDIA====
3 Dead Trolls in a Baggie - The Privacy Song
MC Frontalot - Secrets from the Future

[http://www.xkcd.com/538/ XKCD: Security]
[http://xkcd.com/936/ XKCD: Password Strength]

=Past by Term=
===Fall 2013===
...

Security Workshops

2013-09-22T03:48:24Z

Nguenthe:

2013-09-22T01:22:37Z

Nguenthe: /* Design */

As of Fall'13, m4burns, nguenthe, and others are interested in starting a low-overhead CSC mentorship program.
This is currently in the '''planning''' stage, more to come as it rolls out. The CSC is very good at disseminating high quality information, or at least arguing over it until it's figured out, but only for the very small subset of office regulars in a very particularly stringent culture.

The purposes are:
# Promote involvement and activity in the CSC, and support community formation with low overhead. (The CSC usually has a strong core of office regulars, but their reach ends at the office door, and when they graduate, their knowledge goes)
# Give our extended, non-office-regular membership a way to get something out of the club besides webspace
# Wash out the formation of Old Boys Clubs
# Give long-term CSC members experience tutoring and guiding. Make them remember that everyone was a noob once.
# Give noobier members someone they can call for help with any issues

Sample activities that members could do under the guise of this program:
# Tutoring
# Mock interviews
as well as just having access to someone with more experience than you.

===Design===

The program will simply be a postings board (https://csclub.uwaterloo.ca/mentoring), where people can post their availability and/or desire for mentorship.

Mentors can take on up to three mentees at a time, and can choose how many they want at a time (including zero, if they want to temporarily cancel their involvement, say during co-op or a busy term).

Mentors can themselves have mentors: mentored students can come in and get help. Hopefully after a year or two a useful mentorship will simply evolve into a friendship.

Participants provide some subset of:
* preferred contact methods
* program and year
* interests / courses

Pairings will be made by ..............?

===Rules===

Many of the other mentorship programs have some sort of ethics code. We (being m4 and nick) want to minimize bureaucracy, but will need some way to chastise or get rid of bad mentors that's better than just pulling the rug out from under them and their mentees. Perhaps we should just start it and add rules if we feel they are absolutely necessary as issues crop up.

For now:
# You must be a CSC member to use the postings board. The bar for participation in mentorship is the same bar for being a CSC member.
# Pairings will be dissolved in an account expires (or if an account is deleted, i.e. one term after it expires?)
# [https://uwaterloo.ca/secretariat/policies-procedures-guidelines/policy-71 Do not do your mentees homework for them]

===Competition===

There are other mentorship programs floating around campus. We might both learn from or overlap awkwardly with them. Below is meant to be a full list, but may be missing entries:

{|
!Program!!Notes!!Status
|-
|[https://cs.uwaterloo.ca/wics/mentoring WiCS]
|For women only. For pairing upper years with first years only. Onerous monthly written reports from '''all''' participants, intimidating (but perhaps necessary) ethics code
|?? (does anyone know how much traction they have?)

|-
|[https://uwaterloo.ca/women-in-engineering/mentorship-program Women in Engineering]||Lots of warm-fuzzy soft-skills advice. Not much detail on their site about what they actually do. Onerity: low? Seems similar to the design we were envisioning, though again they are only interested in pairing first years with upper years.||Seems active: they host workshop events https://uwaterloo.ca/women-in-engineering/events

|-
|[https://www.eng.uwaterloo.ca/askanengalumni/ AskEngAlumni]||For engineers||Seems dead?

|-
|[http://www.ddclub.uwaterloo.ca/admissions/mentorship.php DDC]||For double-degree students. Similar in scope to CSC-mentorship.|| ???????

|-
|[https://developers.google.com/open-source/organizations GSoC]||What does GSoC do? How do they handle churn and dropouts and ethics?||Very popular and busy and big and '''''funded'''''.

|-
|[http://asclub.uwaterloo.ca/ ActSci Club]||They don't have a mentorship program, they have mentorship events where the first n (n~=20) frosh that sign up get to have a mock interview by the senior asclub members, and then they all drink bubble tea||Busy!
|}