Show Notes: linuxunplugged.com/457

The post Automated Chaos | LINUX Unplugged 457 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/428

The post RAID Reality Check | TechSNAP 428 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/407

The post Old School Outages | TechSNAP 407 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/395

The post The ACME Era | TechSNAP 395 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/391

The post Firecracker Fundamentals | TechSNAP 391 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/389

The post The Future of HTTP | TechSNAP 389 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/382

The post Domestic Disappointments | TechSNAP 382 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/378

The post Two-Factor Fraud | TechSNAP 378 first appeared on Jupiter Broadcasting.

Amazon has gone to war on multiple fronts, and is asking for you to enlist. But we’ll cut through the crap and discuss what’s really at play. Plus Xiaomi gets caught red handed spying on their users, the Bitcoin hijack that’s super impressive & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Xiaomi phones send user data to remote servers: F-Secure

At first, F-Secure did not configure an Mi Cloud (Xiaomi’s equivalent of Apple’s iCloud that stores user data) account and simply inserted a sim card, connected the phone to Wi-Fi, turned on GPS, added a contact and made and received a call and exchanged messages. The company found that the phone number of contacts added to the phone book and from SMS messages received were also forwarded. The phone follows a similar pattern even when one configures an Mi Cloud account.

“Next we connected to and logged into Mi Cloud, the iCloud-like service from Xiaomi. Then we repeated the same test steps as before. This time, the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number,” writes F-Secure in its blog.

Xiaomi Makes its iMessage-Like Service Optional

Xiaomi is making the cloud messaging service that is automatically activated on its devices optional for user

• As a Google+ update from Hugo Barra, the former Google executive who is Xiaomi’s Global VP, explained:

These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change.

After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging.

Amazon wants you to ask Hachette’s CEO for lower e-book prices

• An Important Kindle request

Amazon Gets Increasingly Nervous

John Scalzi on Amazon/Hachette

John Scalzi:

Amazon is not your friend. Neither is any other corporation. It and they do what they do for their own interest and are more than willing to try to make you try believe that what they do for their own benefit is in fact for yours. It’s not. In this particular case, this is not about readers or authors or anyone else but Amazon wanting eBooks capped at $9.99 for its own purposes. It should stop pretending that this is about anything other than that. Readers, authors, and everyone else should stop pretending it’s about anything other than that, too.

Disney Disc Preorders Disappear From Amazon

Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins

Researchers at Dell’s SecureWorks security division say they’ve uncovered a series of incidents in which a bitcoin thief redirected a portion of online traffic from no less than 19 Internet service providers, including data from the networks of Amazon and other hosting services like DigitalOcean and OVH, with the goal of stealing cryptocurrency from a group of bitcoin users.

Though each redirection lasted just 30 second or so, the thief was able to perform the attack 22 times, each time hijacking and gaining control of the processing power of a group of bitcoin miners, the users who expend processing power to add new coins to the currency’s network.

The attacker specifically targeted a collection of bitcoin mining “pools”

The redirection technique tricked the pools’ participants into continuing to devote their processors to bitcoin mining while allowing the hacker to keep the proceeds. At its peak, according to the researchers’ measurements, the hacker’s scam was pocketing a flow of bitcoins and other digital currencies including dogecoin and worldcoin worth close to $9,000 a day.

The Dell researchers believe the bitcoin thief used a technique called BGP hijacking, which exploits the so-called border gateway protocol, the routing instructions that direct traffic at the connection points between the Internet’s largest networks. The hacker took advantage of a staff user account at a Canadian internet service provider to periodically broadcast a spoofed command that redirected traffic from other ISPs, starting in February and continuing through May of of this year.

In fact, the BGP bitcoin-stealing exploits represent less of a new vulnerability in bitcoin than the persistent fragility of the internet itself, Dell’s researchers say. If one Canadian ISP can be used to redirect large flows of the Internet to steal a pile of cryptocurrency, other attackers could just as easily steal massive drifts of Internet data for espionage or pure disruption. The Dell researchers suggest that companies set up monitoring through a service like BGPmon, which can detect BGP hijacking attacks. B

Dutch government funds safe Dorpbox alternative Localbox

submitted by clementl

This links to a page where you can download the server. It’s written in PHP with Symfony.

The downside is that there are only clients for Windows, Android and iOS. They are planning to release the source of those in this fall.

The post Amazon's Strongarm | Tech Talk Today 41 first appeared on Jupiter Broadcasting.

25k UNIX systems spread infections to over half a million Windows boxes, and the method of attack simply put, is brilliant we’ll share the details!

Google DNS gets hijacked we’ll explain how, and then a great big batch of your question, a rocking round up, and much much more!

On this week’s TechSNAP!

Thanks to:

— Show Notes: —

Allan’s Trip

• bhyvecon Tokyo – Slides and Videos

• AsiaBSDCon 2014

• iXsystems G+ Photo Album

• AsiaBSDCON 2014 Recap | iXsystems, Inc.

Operation Windigo

• The attack leverages previously compromised (how is unknown) servers, and using them to scan for other hosts to compromise, serve malware, infect sites hosted on the compromised servers with malware, and to send spam

• Victims have included cPanel and Kernel.org (the official Linux kernel archive)

• “The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,”

• During an analysis of stolen credentials, the researchers found:

  • 66% of the stolen passwords contained only alpha numeric characters

  • 41% of the stolen credentials were for the root user

• Remote login as root should never be allowed. Disable root login over SSH and login as a regular user and use su or sudo. If you use sudo you should read Sudo Mastery and probably SSH Mastery too.

• The researchers also found 23 victims running Windows 98, and 1 running Windows 95

• “We found an official mirror of CentOS packages infected with Linux/Ebury. Fortunately, no package files were seemingly altered by the malicious operators. However knowing that Linux RPM packages are cryptographically signed such tampering is probably infeasible”

• However, amateur administrators have been conditioned to accept unknown GPG keys for CentOS repositories.

• When users visit an infected site, Windows users are given malware, Mac users are served ads for dating sites, and iPhone users are served ads for “strong pornography”, likely as these are each the most profitable way to exploit such users

• The operators maintain control on the infected servers by installing a backdoor in the OpenSSH instance. The backdoor provides them with a remote root shell even if local credentials are changed on the infected host

• The attackers used a number of techniques to remain stealthy:

  • Use Unix pipes as much as possible when deploying their backdoor to avoid landing files on the filesystem

  • Leave no trace in log files when using the backdoor

  • Change original signatures in the package manager for the modified file

  • Avoid exfiltrating information when a network interface is in promiscuous mode

  • Use POSIX shared memory segments with random system user owners to store stolen credentials

  • Inject code at runtime into three OpenSSH binaries instead of modifying the original OpenSSH files on disk

  • Change OpenSSH daemon configuration in memory instead of on disk

• Centralize their backdoor in a library instead of an executable (libkeyutils.so)

• Researcher PDF

Google Public DNS (8.8.8.8) suffers brief BGP hijack redirecting it to Venezuela

• At approximately 17:23 UTC on March 15th, a router on the British Telecom Latin America network (BT LATAM, AS 7908) in Venezuela began announcing 8.8.8.8/32

• A /32 prefix is unusual, most BGP routers will not propagate such short prefixes, only passing routes of /24 or larger. This resulted in the bad route not spreading as far, however because routing tables always take the ‘most specific’ match, it resulted in more of the traffic being rerouted than would have normally been the case

• This resulted in most all traffic in Venezuela and Brazil, among other networks, including a University Network in Florida, to be misdirected to a server in Venezuela

• The false BGP (Border Gateway Protocol) announcement was retracted 23 minutes later

• It is possible that this was an effort by the Venezuelan government to intercept traffic bound for the Google Public DNS service, and it was accidently leaked upstream, disrupting the internet outside of Venezuela

• Similar cases have happened in Pakistan and other countries attempting to block Youtube and other services

• The network that sent the request, Madory said, “leaked other internal routes earlier in the day. So I suppose someone was tinkering with the network over the weekend. We see routing goof-ups like this almost every day.”

• Additional Coverage

• There are BCPs and RFCs that cover ways to prevent this kind of hijacking, by only allowing ASs to announce prefixes they control, however there is a lot of administrative overhead, especially when an ISP announces routes for its customers

• There is another system, RPKI, that allows a network to specify which AS numbers are allowed to announce an IP block, as well as specifying the maximum prefix length, to prevent someone from announcing a more specific prefix (like in this case)

• However RPKI has not yet received wide adoption

• Providers ignore routing and DNS security

Feedback:

• Follow Up to HIPAA Question

• Better answer for David with wifi latency

• Soooo, I got one of those \”Your computer is infected\” scam calls a little bit ago.

• Single server, SSH multiple users over LAN and SFTP single user over internet

• Wifi Security Fix

• Sharing Resources Between 2 or more computers

• Unraid to Freenas

• SSH Config Exmaple

Round Up:

• In sudden announcement, US to give up control of DNS root zone

• Snowden gives TED talk — “Here\’s how we take back the Internet”

• File advertised as MtGox data archive is actually bitcoin stealing malware

• Why people get malware

• Google Hangouts, Gmail Chat And Google Spreadsheets Go Down

• Full disclosure mailing list shuts down after member requests some content be redacted

• NTP Amplification DDoS Attacks Increasing

• Weev (posted link to AT&T iPad activation database that was left publically accessible) is in jail because the government can’t understand what he did. \”He had download the entire iOS system on his computer, he had to decrypt it, he had to do all of these things I don\’t even understand,\” Assistant US Attorney Glenn Moramarco argued

• Tech Giants Knew About Prism All Along, the NSA\’s Top Lawyer Says

• Hashing MAC addresses does not really improve privacy. The limit address space means calculating the hash table of every possible MAC address only takes minutes

• New development model, Unreal Engine 4 with source code (on Github) will be available to everyone for $19/month and 5% of gross sales revenue

• Survey finds 16% of websites running old vulnerable versions of PHP. The vuln only applies to CGI type installations, which many of these may not be. Also, it is possible that some of these are redhat/centos installations which are patched but have frozen version numbers

The post Worst Server Practices | TechSNAP 154 first appeared on Jupiter Broadcasting.

Attackers use BGP to redirect and monitor Internet traffic, 42 Million dating site passwords leaked, and the data center that could be coming to a town near you.

Plus a great batch of your questions, our answers, and much much more!

On this week’s TechSNAP!

Thanks to:

Show Notes:

Attackers compromise core routers and redirect internet traffic

• Attackers have managed to compromise some routers running BGP (Border Gateway Protocol), and cause them to inject additional hops into some routes on the Internet, allowing them to execute man-in-the-middle (MitM) attacks and/or monitor some users’ traffic
• Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year
• “[The attacker is] getting one side of conversation only,” Cowie said. “If they were to hijack the addresses belonging to the webserver, you’re seeing users requests—all the pages they want. If they hijack the IP addresses belonging to the desktop, then they’re seeing all the content flowing back from webservers toward those desktops. Hopefully by this point everyone is using encryption.”
• In one attack the hop starting in Guadalajara, Mexico and ending in Washington, D.C., included hops through London, Moscow and Minsk before it’s handed off to Belarus, all because of a false route injected at Global Crossing, now owned by Level3
• “In a second example, a provider in Iceland began announcing routes for 597 IP networks owned by a large U.S. VoIP provider; normally the Icelandic provider Opin Kerfi announces only three IP networks, Renesys said. The company monitored 17 events routing traffic through Iceland”
• Renesys does not have any information on who was behind the route hijacking

Cupid Media Hack Exposed 42M Passwords

• The data stolen from Southport, Australia-based dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe, PR Newswire and the National White Collar Crime Center (NW3C), among others.
• Plain text passwords for more than 42 million accounts
• Andrew Bolton, the company’s managing director. Bolton said the information appears to be related to a breach that occurred in January 2013.
• When Krebs told Bolton that all of the Cupid Media users I’d reached confirmed their plain text passwords as listed in the purloined directory, he suggested I might have “illegally accessed” some of the company’s member accounts. He also noted that “a large portion of the records located in the affected table related to old, inactive or deleted accounts.”
• > “The number of active members affected by this event is considerably less than the 42 million that you have previously quoted,” Bolton said.
• The danger with such a large breach is that far too many people reuse the same passwords at multiple sites, meaning a compromise like this can give thieves instant access to tens of thousands of email inboxes and other sensitive sites tied to a user’s email address.
• Facebook has been mining the leaked Adobe data for information about any of its own users who might have reused their Adobe password and inadvertently exposed their Facebook accounts to hijacking as a result of the breach.
• The Date of Birth field is a ‘datetime’ rather than just a ‘date’, and seems to include a random timestamp, maybe from when the user signed up
• Additional Coverage

Feedback:

• Need some help with a HP Server question

• Don\’t be Evil

  • DNS Made Easy

• ZFS on Linux for Production

• Legal mumbo jumbo at the bottom of emails.

Round Up:

• DoctorBeet\’s Blog: LG Smart TVs logging USB filenames and viewing info to LG servers
• Gartner says OpenStack lacks clarity and will be hard to sell
• Swansea police pay ransom to open files locked by hackers
• Allan Jude Interviewed about ScaleEngine on BSD Talk podcast
• Not all USB power is created equal
• Sears teams up with Ubiquity Critical Environments to convert disused Sears Auto Centers into hyper-local data centers

[asa]B00GHME0RE[/asa]

The post Scenic BGP Route | TechSNAP 137 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Radeon KMS commited

• Committed by Jean-Sebastien Pedron
• Brings kernel mode setting to -CURRENT, will be in 10.0-RELEASE (ETA 12/2013)
• 10-STABLE is expected to be branched in October, to begin the process of stabilizing development
• Initial testing shows it works well
• May be merged to 9.X, but due to changes to the VM subsystem this will require a lot of work, and is currently not a priority for the Radeon KMS developer
• Still suffers from the syscons / KMS switcher issues, same as Intel video
• More info: https://wiki.freebsd.org/AMD_GPU

VeriSign Embraces FreeBSD

• “BSD is quite literally at the very core foundation of what makes the Internet work”
• Using BSD and Linux together provides reliability and diversity
• Verisign gives back to the community, runs vBSDCon
• “You get comfortable with something because it works well for your particular purposes and can find a good community that you can interact with. That all rang true for us with FreeBSD.”

fetch/libfetch get a makeover

• Adds support for SSL certificate verification
• Requires root ca bundle (security/root_ca_nss)
• Still missing TLS SNI support (Server Name Indication, allows name based virtual hosts over SSL)

FreeBSD Foundation Semi-Annual Newsletter

• The FreeBSD Foundation took the 20th anniversary of FreeBSD as an opportunity to look at where the project is, and where it might want to go
• The foundation sets out some basic goals that the project should strive towards:
  • Unify User Experience
    • “ensure that knowledge gained mastering one task translates to the next”
    • “if we do pay attention to consistency, not only will FreeBSD be easier to use, it will be easier to learn”
  • Design for Human and Programmatic Use
    • 200 machines used to be considered a large deployment, with high density servers, blades, virtualization and the cloud, that is not so anymore
    • “the tools we provide for status reporting, configuration, and control of FreeBSD just do not scale or fail to provide the desired user experience”
    • “The FreeBSD of tomorrow needs to give programmability and human interaction equal weighting as requirements”
  • Embrace New Ways to Document FreeBSD
    • More ‘Getting Started’ sections in documentation
    • Link to external How-Tos and other documentation
    • “upgrade the cross-referencing and search tools built into FreeBSD, so FreeBSD, not an Internet search engine, is the best place to learn about FreeBSD”
• Spring Fundraising Campaign, April 17 – May 31, raised a total of $219,806 from 12 organizations and 365 individual donors. In the same period last year we raised a total of $23,422 from 2 organizations and 53 individuals
• Funds donated to the FreeBSD Foundation have been used on these projects recently:
• Capsicum security-component framework
• Transparent superpages support of the FreeBSD/ARM architecture
• Expanded and faster IPv6
• Native in-kernel iSCSI stack
• Five New TCP Congestion Control Algorithms
• Direct mapped I/O to avoid extra memory copies
• Unified Extensible Firmware Interface (UEFI) boot environment
• Porting FreeBSD to the Genesi Efika MX SmartBook laptop (ARM-based)
• NAND Flash filesystem and storage stack
• Funds were also used to sponsor a number of BSD focused conferences: BSDCan, EuroBSDCon, AsiaBSDCon, BSDDay, NYCBSDCon, vBSDCon, plus Vendor summits and Developer summits
• It is important that the foundation receive donations from individuals, to maintain their tax exempt status in the USA. Even a donation of $5 helps make it clear that the FreeBSD Foundation is backed by a large community, not only a few vendors
• Donate Today

The place to B…SD

Ohio Linuxfest, Sept. 13-15, 2013

• Very BSD friendly
• Kirk McKusick giving the keynote
• BSD Certification on the 15th, all other stuff on the 14th
• Multiple BSD talks

LinuxCon, Sept. 16-18, 2013

• Dru Lavigne and Kris Moore will be manning a FreeBSD booth
• Number of talks of interest to BSD users, including ZFS coop

EuroBSDCon, Sept. 26-29, 2013

• Tutorials on the 26 & 27th (plus private FreeBSD DevSummit)
• 43 talks spread over 3 tracks on the 28 & 29th
• Keynote by Theo de Raadt
• Hosted in the picturesque St. Julians Area, Malta (Hilton Conference Centre)

Interview – Peter Hessler – phessler@openbsd.org / @phessler

Using BGP to distribute spam blacklists and whitelists

• Q: Tell us about yourself and your previous contributions to OpenBSD
• Q: What is BGP spamd
• Q: What made you start the project?
• Q: Why use BGP? What are the pros/cons versus the standard DNS distribution model?
• Q: (How) can others make use of the project?
• Q: How can other contribute to the project?
• Q: What else are you working on?

Tutorial

Using stunnel to hide your traffic from Deep Packet Inspection

• Live demo between two hosts
• Tunnel any insecure traffic over SSL/TLS
• Allows you to bypass Intrusion Detection Systems

News Roundup

NetBSD 6.1.1 released

• First security/bug fix update of the NetBSD 6.1 release branch
• Fixes 4 security vulnerabilities
• Adds 4 new sysctls to avoid IPv6 DoS attacks
• Misc. other updates

Sudo Mastery

• MWL is a well-known author of many BSD books
• Also does SSH, networking, DNSSEC, etc.
• Next book is about sudo, which comes from OpenBSD (did you know that?)
• Available for preorder now at a discounted price

Documentation Infrastructure Enhancements

• Gábor Kövesdán has completed a funded project to improve the infrastructure behind the documentation project
• Will upgrade documentation from DocBook 4.2 to DocBook 4.5 and at the same time migrate to proper XML tools.
• DSSSL is an old and dead standard, which will not evolve any more.
• DocBook 5.0 tree added

FreeBSD FIBs get new features

• FIBs (as discussed earlier in the interview) are Forward Information Bases (technical term for a routing table)
• The FreeBSD kernel can be compiled to allow you to maintain multiple FIBs, creating separate routing tables for different processes or jails
• In r254943 ps(1) is extended to support a new column ‘fib’, to display which routing table a process is using

FreeNAS 9.1.0 and 9.1.1 released

• Many improvements in nearly all areas, big upgrade
• Based on FreeBSD 9-STABLE, lots of new ZFS features
• Cherry picked some features from 10-CURRENT
• New volume manager and easy to use plugin management system
• 9.1.1 released shortly thereafter to fix a few UI and plugin bugs

BSD licensed “patch” becomes default

• bsdpatch has become mature, does what GNU patch can do, but has a much better license
• Approved by portmgr@ for use in ports
• Added WITH_GNU_PATCH build option for people who still need it

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post BGP & BSD | BSD Now 1 first appeared on Jupiter Broadcasting.

A BGP hack reroutes the traffic of banks, Amazon and many others. We’ll explain how this can happen, and why we don’t see it more often.

Plus an Interview with Brendan Gregg author of a new book that focuses on Systems Performance in the Enterprise and the Cloud, plus a big batch of your questions, our answers, and much much more!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get private registration FOR FREE with a .COM! code: free5
UnitySync Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.

BGP hijack used to redirect traffic destin for online banking

• On 24 July 2013 a number of specific IP addresses were maliciously mis-routed to an ISP in the Netherlands
• This is especially unusual because most all BGP routes are /24 or larger (because routers only have so much RAM in which to hold the routing table for the entire Internet), and most of these were specific /32s (a single IP address).
• This might be considering a mistake or something, however the owners of the specific IP addresses suggest otherwise:
  • AMAZON-AES – Amazon.com, Inc.
  • AS-7743 – JPMorgan Chase & Co.
  • ASN-BBT-ASN – Branch Banking and Trust Company
  • BANK-OF-AMERICA Bank of America
  • CEGETEL-AS Societe Francaise du Radiotelephone S.A
  • FIRSTBANK – FIRSTBANK
  • HSBC-HK-AS HSBC HongKong
  • PFG-ASN-1 – The Principal Financial Group
  • PNCBANK – PNC Bank
  • REGIONS-ASN-1 – REGIONS FINANCIAL CORPORATION
• The ISP, NedZone.nl normally announced about 30 prefixes of various sizes between /18 and /24, but on the date in question, they were announcing 369, most all of which were smaller than /24 (usually the smallest that would be announced)
• It is most likely this was caused by a malicious customer, rather than NedZone or one of it’s Employees
• The attack appears to have been an attempt to run a MITM attack against online banking
• RIPE AS Dashabout for AS25459, showing list of prefixes announced in the last 30 days
• HE BGP Looking Glass AS25459 Prefixes

Digital Ocean Cloud ‘Droplets’ found to be reusing same SSH private keys

• While using Digital Ocean’s cloud server to write a comparison of Ansible and Salt, two different administration/orchestration tools, Joshua Lund discovered that many of his ‘Droplets’ had the same SSH fingerprint
• While rapidly creating and destroying Droplets, he ended up with the same ip address, and noticed that he did not receive an SSH fingerprint mismatch, warning him that this server is not the same as the one that resided at this IP address previously
• Upon further investigation he found that the SSH keys appeared to be part of the base image, rather than being generated on first boot
• While this was likely a simple oversight while creating the images, or an attempt to make the droplets boot faster by foregoing the SSH key generation, it is a significant security issue
• This means someone could replace your droplet with their own and have the same SSH private key (and therefore fingerprint), if you or one of your old users connected to your old IP which now belonged to someone else, they could capture your password or otherwise perform a MITM attack
• The issue was reported to Digital Ocean and they responded the same day
• The immediate fix did not resolve all instances of the issue, but within 7 days the issue had been resolved
• Digital Ocean then started working with their customers to have them replace their SSH host keys with unique ones
• 6 weeks later a public security advisory was issued
• If you do not install the OS your self, it may be a good idea to regenerate the SSH keys as part of the initial setup process
• Official Advisory
• On a future Episode of TechSNAP we’ll talk about SSHFP DNS records and maintaining a system wide ssh_known_hosts file

Interview with Brendan Gregg

[asa]0133390098[/asa]

Feedback:

• Starting out as a Sysadmin

• Question about a home webserver

• How do I double check my encryption?

• Backing up a live VM

• FreeNAS Crashing

• Hitting the sweet spot on a low power home server?

Directory Dive:

• Central User Management? Check out Zentyal

• LDAP + SMB4 + Windows = Win

• What graphical remote desktop software do you recommend?

Round Up:

• XKeyscore – NSA program allows analysts to search vast databases of emails, online chats and the browsing histories
• Feds tell Web firms to turn over user account passwords | Politics and Law – CNET News
• Canada’s hangup with foreign owned telcos
• Google gives AT&T the boot, will supply 7000 US Starbucks locations with WiFi starting next month
• College students misdirect an $80 million Yacht with GPS spoofing
• Russia proposes ban on foul language on the internet with a law named \”On the protection of children from information harmful to their health and development\”
• A look at LZ4 in ZFS

The post Grand Theft BGP | TechSNAP 121 first appeared on Jupiter Broadcasting.

It’s been called the largest DDoS attack in history, we’ll bust past the hype and explain how a DNS Reflection attack works.

Plus a privacy surprise in Blackberry 10, the return of an old segment, a big back of your questions, and so much more!

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!

Support the Show:

   

Support the Show: