We take a trip to the ends of the earth and hear some stories of tech support in Antarctica, cover a surprisingly reasonable new suggested standard for responsible disclosure & discuss Kreb’s latest adventures in the world of deep-insert credit card skimmers.

And of course your feedback, a fantastic round-up & so much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

• HD Video
• MP3 Audio
• YouTube
• HD Torrent

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Tales of an IT professional sailing around the Antarctic loop – sent in by Eric Miller

• CTD device – A CTD or Sonde is an oceanography instrument used to measure the conductivity, temperature, and pressure of seawater (the D stands for “depth,” which is closely related to pressure). The reason to measure conductivity is that it can be used to determine the salinity.

• Had to reinstall software for a winch to get it working

• Registered a new website and webmail and created a custom email solution so scientists would remotely access their email

security.txt – an RFC in the making

• Based on /.well-known/ of RFC5785 and similar in nature to robots.txt

• JSON was discussed, but dismissed

• CWE (Common Weakness Enumeration) will be used

• Versioning of security.txt by third parties

• Generation utilities have been created](https://github.com/EdOverflow/security-txt/issues/10)

Dumping Data from Deep-Insert Skimmers

• Deep-insert skimmers

• Romanian links to US crime

• European data skimmed from cards, then used in US because chip technology is not widely deployed there

• ‘wands’ inserted deep into the ATM to retrieve data

Feedback

• re Database migrations in Episode 332 jungle boogie writes in to mention Sqitch github by David Wheeler. JB says “This is a program written in perl and looks to have support for many databases”. JB also mentioned [pgBackRest](https://www.pgbackrest.org/] github

• Gary Foard writes in about a command line utility called shred. He uses to erase laptops from a live Linux disc. I checked the FreeBSD manual pages to check it’s there also, and it is – although I had to search for gshred instead of shred to find shred which I find weird. – See sysutils/coreutils in the FreeBSD Ports tree. – Dan notes: not recommended for erasing files any more. Not feasible for COW filesystems.

• prime62 mentioned on the TechSNAP sub-reddit mentioned some password hashing/salting resources: Salted Password Hashing – Doing it Right and The definitive guide to form-based website authentication

• Also seen on Reddit: There is no point [on max password lengths] since the field is hashed.

Round Up:

• Mobile operators deploying portable Cell-On-Wheels/Cell-On-Truck units along eclipse path to handle huge data usage of photos and streaming

• Security Keys

• 83601 is a supervisor number

• Brian Krebs Fan Creates New Cryptocurrency Miner for Linux Devices

• Random Thoughts – next release of OpenSSL see Password Strength

• Create randomly insecure VMs

• This algorithm cleverly recreates 3D objects from tiny 2D images