Show Notes: linuxactionnews.com/254

The post Linux Action News 254 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/60

The post Pentesting Problems: Bryson Bort | Jupiter Extras 60 first appeared on Jupiter Broadcasting.

Lenovo & HP are caught injecting malware even after you format the drive, Ubiquiti Networks is socially engineered out of 46 million & are we entering the era of Security Research Prohibition? We debate.

Plus a great batch of your questions, our answers, a rocking round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Lenovo and HP caught injecting Malware even after your wipe the machine

• A user on the Ars Technica forums discovered the malware being installed on his freshly re-formatted computer
• How is that possible, the entire disk was erased…
• Well, it turns out Microsoft has a solution for that, the “Windows Platform Binary Table
• Details on Microsoft’s “Windows Platform Binary Table”
• An area in the bios where you can stick some files, and they will be run with ‘SYSTEM’ privileges, after Windows (8+) starts
• They have access to the file system, even if the disk is encrypted with bitlocker, because the code is run after the file system is mounted
• “Microsoft’s Windows Platform Binary Table WPBT feature allows PC manufacturers and corporate IT to inject drivers, programs and other files into the Windows operating system from the motherboard firmware. The WPBT is stored in the firmware, and tells Windows where in memory it can find an executable called a platform binary to run. Said executable will take care of the job of installing files before the operating system starts.”
• “During operating system initialization, Windows will read the WPBT to obtain the physical memory location of the platform binary,” Microsoft’s documentation states. “The binary is required to be a native, user-mode application that is executed by the Windows Session Manager during operating system initialization. Windows will write the flat image to disk, and the Session Manager will launch the process.”
• “The LSE (Lenovo Service Engine) makes sure C:\Windows\system32\autochk.exe is Lenovo’s variant of the autochk.exe file; if Microsoft’s official version is there, it is moved out of the way and replaced. The executable is run during startup, and is supposed to check the computer’s file system to make sure it’s free of any corruption.”
• “Lenovo’s variant of this system file ensures LenovoUpdate.exe and LenovoCheck.exe are present in the operating system’s system32 directory, and if not, it will copy the executables into that directory during boot up. So if you uninstall or delete these programs, the LSE in the firmware will bring them back during the next power-on or reboot.”
• In the Microsoft documentation, they try to make it clear:
• “The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a “clean” configuration … Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions.”
• Which is funny, because the entire WPBT feature, “exposes Windows users to exploitable conditions”
• “Secure as possible? Not in this case: security researcher Roel Schouwenberg found and reported a buffer-overflow vulnerability in the LSE that can be exploited to gain administrator-level privileges.”
• “After Lenovo learned of this bug in April, it dawned on the company that its LSE was falling foul of Microsoft’s security guidelines for using the powerful WPBT feature. Two months later, in June, it pulled the whole thing: the LSE software is no longer included in new laptops.”
• Luckily, if you are not running Windows 8 or higher, your computer is not affected
• Note: This has been observed on desktop computers too, not just laptops
• Note Well: This is a “feature” of Windows, so every computer with Windows 8 or higher is actually vulnerable to having malicious code injected, there just might not be any code in your firmware, currently.
• Microsoft say: “If partners intentionally or unintentionally introduce malware or unwanted software though the WPBT, Microsoft may remove such software through the use of anti-malware software. Software that is determined to be malicious may be subject to immediate removal without notice.”
• However, since the file that gets executed only ever exists in memory, Microsoft’s malware scanner won’t find the WPBT binary, only the malware it drops into your system
• Lenovo used Windows anti-theft feature to install persistent crapware
• Lenovo Busted For Stealthily Installing Crapware Via BIOS On Fresh Windows Installs

Ubiquiti Networks loses 46 million in cyber bank heist

• “Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers”
• So, pretend to be the boss, and get a secretary, or the finance department to approve expenses or transfers
• The attack was disclosed as part of the company’s quarterly filings with the SEC
• “This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties,” Ubiquiti wrote. “As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred.”
• “The swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments”
• “Ubiquiti didn’t disclose precisely how it was scammed, but CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. For example, if the target company’s domain was “example.com” the thieves might register “examp1e.com” (substituting the letter “L” for the numeral 1) or “example.co,” and send messages from that domain.”
• “The FBI’s advisory on these scams urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.”
• “Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes are unlikely to set off spam traps, because these are targeted phishing scams that are not mass e-mailed. Also, the crooks behind them take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans.”
• These won’t be your typical phishing emails for of broken english and bad punctuation
• These will be highly researched scams designed to make you think you are communicating with the real person
• “On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software, such as Dyre and ZeuS. But in many ways, the BEC attack is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers. In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the BEC scam the crooks trick the victim into doing that for them.”
• Even two factor auth can be defeated here, because you are tricking someone into doing the transfer for you

We may be entering the era of Security Research Prohibition

• As if the Oracle nonsense last week was not bad enough, the Wassenaar Arrangement threatens to send us into the dark ages
• “The U.S. implementation of the rules, which govern the export of so-called intrusion software among other things, has been criticized sharply by lawyers, security researchers, and software vendors, who say that the proposed rules are too vague and threaten to chill legitimate security research and other activities.”
• “The rules that we got on May 20 are confusing to say the least. The Commerce Department didn’t have any experience with these kind of rules,” Nate Cardozo, a staff attorney at the EFF, said during a panel on Wassenaar at the Black Hat conference here Thursday. “They are really horrendously vague.”
• “The Bureau of Industry and Security at the Commerce Department proposed the rules in May and opened up a 60-day comment period. Many security researchers and attorneys submitted comments, and the BIS has said it will revise the rules and open them up for public comment again, a somewhat unusual move.“
• “The Wassenaar rules have been compared in many circles to the export controls on encryption software that came into effect in the 1990s in the U.S. There is an important lesson to be drawn from the way the crypto controls were handled.“ “We should learn how much those controls did the opposite of what was intended, which is weakening the security of the Internet as a whole”
• “Because the BIS rules as currently written are so vague about what constitutes intrusion software, things such as Metasploit and other common offensive tools could be regulated. And even sharing information about your own security research with a co-worker in another country could cause issues. Researchers are quite wary of these vagaries and worry that their day-to-day work may be restricted.“

Feedback:

• ICMP Traffic

• LVM -> ZFS follow-up

• Loading FreeBSD on a TP-Link Router with Serial Port
  • FreeBSD Wifi Build

• ZFS checksum errors don’t add up

Round Up:

• Snapdragon 820 is official: A look at its GPU
• Ad publishing networks purposely making sites slower to let ad slot auctions run longer, so they make more money
• Design flaw in Intel processors opens door to rootkits, researcher says
• RowHammer.js – most ingenious hack ever?
• MIT Researchers claim Gallium Nitride chips could cut energy consumption by 20%
• Samsung v-NAND claims 5,500 MB/s read, 1,800 MB/s write, 1,000,000 read IOPS, and 120,000 write IOPS, a 6.4 TB capacity rated for 32 TB/day of writes for 5 years
• US Decides how to retaliate against China’s hacking
• Comparing Expert and non-Expert security practices
• European Central Bank announces it was the victim of an attack
• Microsoft releases patch for actively exploited USB bug. Includes a tool to log when the exploit is attempted against you
• Defcon: How to fake death records – Kill anyone, online
• Defcon: 115 stupid things that have been put online
• Battery Status API could be used to track you online
• Multipath TCP used in Mobile networks in Korea allows devices to reach up to 1 gigabit/sec
• A final word

The post Export Grade Vulnerabilities | TechSNAP 228 first appeared on Jupiter Broadcasting.

Google & friends make a major commitment to monthly Android updates, we explore the details. Nabbing fingerprints from your mobile’s scanner, Apple Music gets 11 million users & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Apple Music Clocks More Than 11 Million Trial Customers | TechCrunch
• NSA tried Stuxnet cyber-attack on North Korea five years ago but failed | World news | The Guardian
• Hackers can remotely steal fingerprints from Android phones | ZDNet
• Under Pressure, Google Promises To Update Android Security Regularly : All Tech Considered : NPR
• Official Android Blog: An Update to Nexus Devices
• Samsung To Push Monthly Over-the-Air Security Updates For Android – Slashdot

The post Nexus Patch Tuesday | TTT 203 first appeared on Jupiter Broadcasting.

Shannon is a producer & podcast host on Hak5 and TekThing. She discusses her early obsession with technology & how she moved into the podcasting world.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

• Hak5 – Home
• TekThing
• Home – Shannon Morse
• Shannon Morse (@Snubs) | Twitter

Full transcription of previous episodes can be found below:

Transcription:

ANGELA: This is Women’s Tech Radio.
PAIGE: A show on the Jupiter Broadcasting Network interviewing interesting women in technology. Exploring their roles and how they are successful in technology. I’m Paige.
ANGELA: And I”m Angela.
PAIGE: So Angela, today we had an awesome opportunity to interview Shannon Morse. She’s a new media podcasting host. She’s known for the show Hak5 and also TekThing is her new show. We got to talk to her about how she got into everything, gaming, and all sorts of fun topics.
ANGELA: Yes, we sure did. And before we get into the interview, I’d like to mention Digital Ocean. If you go to digitalocean.com and use the promo code heywtr, you can save on simple cloud hosting dedictated to offering the most intuative and easy way to spin up a cloud server. You can create a cloud server in 55 seconds, and pricing plans start at only $5.00 a month. That’s 512 megabytes of RAM, 20 gigabytes SSD, 1 CPU, and 1 terabyte transfer. Digital Ocean has data center locations in New York, San Francisco, Singapore, Amsterdam, and London. And the interface is incredibly simple, intuitive. The control panel is awesome. It will help you design exactly what you need, which empowers users to replicate on large scales with the company’s straightforward API. Check out digitalocean.com by using promo code heywtr.
PAIGE: And we got started with our interview today by asking Shannon what’s she’s up to in tech these days.
SHANNON: So, I am a producer and host of several different tech shows on the internets, on YouTube and on RSS feeds all over the place. Specifically, my main shows right now are Hak5, H-A-K-5 over at Hak5.org, and TekThing, which is T-E-K Thing dot com. ANd both of these involve, well Hak is obviously about hacking and internet security. And then the TekThing show, that one is about technology in general for consumers.
PAIGE: So you’re like a new media entertainer? Would you fit into that category?
SHANNON: Yeah. Yeah, I guess you would say that. You know, I was just filling out my tax docs and I was like, uh, what do I put my profession as. I guess I’ll just pick journalism.
ANGELA: Yep, I know how that goes.
PAIGE: I get to fall under the consultant category for almost everything. So how did you get into that? New media is, such like a, if we can use that term, it’s such a new thing. It’s kind of all over the place. What started that for you?
SHANNON: Well, I’ve always been interested in technology and stuff like that. And then I didn’t discover podcasting or internet media until I was in college. So, it was probably like 2003 or 2004. And I was really, really in to video games at the time. Which, I still am even though I don’t have enough time to do it these days. And my friend and I discovered this podcast called Pure Ownage up in Canada.
PAIGE: Oh my god, I love Pure Ownage.
SHANNON: Yes, me too. I’m so excited that they’re working on their movie right now. I backed it on Kickstarter when they did that. Or Indiegogo. So, my best friend and I, we drove like 20 hours from Missouri all the way up to Canada for the weekend, just to see this live premier. I fell in love with the community, and I fell in love with like how there was no middle man between the host of the show and the characters and their fans. So you could just walk up to them and like chill at a bar after their live premier show. So, for me, it felt like it was the perfect middle ground of loving technology and being able to enjoy it with your fans as well.
PAIGE: That’s really — I would have never really thought of that end of it. That there’s no middle man between the fan and the person. Because I always think about it from the technology standpoint. To say there’s no — especially then — there was no middle man between me and the content. Like, that came right from the producers of the content to me as a consumer.
SHANNON: Yeah.
PAIGE: And back then they had to just host it on their site and you had to download it. There was no YouTube or anything.
SHANNON: Yeah. A lot of us who are working in podcasting, we don’t have agents or anything like that. So the only thing that’s holding us back from reaching out to people is actually getting out of our house and getting out from in front of the cameras and going outside into the sun and enjoying time with real people. So yeah, I fell in love with it. And then after that I just started talking to the right people. I ended up meeting the guys from Hak5 and they asked me if I wanted to move out to Virginia, as weird as that is. But I moved into the Hak house, as it was called back in day. ANd they invited me on the show after I did a little bit of camera work behind the scenes. At that time I just had a full-time job and I just kind of did it as a hobby. But eventually it turned into a big full-time gig. So I’m really happy that it did.
ANGELA: So, I obviously am into podcasting. We go to conventions in different places. Mainly local, like Washington, Oregon, California, but we did Ohio an Ohio fest for technology related stuff. I get a lot of people coming up to me saying, Angela. And I’m like hi, I don’t know you. But they know everything about me. You know, has that happened to you?
SHANNON: Yes. Very much so. Most likely it’s happened most often at a convention called DEFCON. Which is in Las Vegas. That’s the biggest hacker convention in the US and possibly the world. I’ll have to check my facts on that. But yeah, I’ll go there and I’m walking down to the room where we set up our booth and we do all of our interviews and everything. People will stop me and they’ll be like, oh my god congratulations on getting married. And I’m just like, I forgot I posted that publically. Thank you.
ANGELA: Right.
SHANNON: It’s a little awkward, but I’m like dude it’s so cool that people are willing to come up and be just be like, hey congrats, and I’m like cool, give me a hug.
ANGELA: Yeah. Yeah.
PAIGE: Yeah, I actually had that experience when I first met Angela, because I had been a follower of Jupiter Broadcasting for a long time and she post so prolifically about her kids and her awesome photography of her kids and I’m like, I feel like I just know you and we just met. It’s cool to get to know the person behind it, but definitely and interesting experience.
SHANNON: Yeah. Totally.
PAIGE: And like my experience with meeting Chris at the convention, because I was star struck. Before I asked him, I was like oh I’m so nervous. Maybe he’ll just give me some advice on podcasting and it will be great.
SHANNON: I don’t try to act too star struck whenever I meet other podcasters that I listen to all the time, but sometimes you just can’t help it.
ANGELA: Yeah, I’ve had people come up and their like, I don’t really know what to say. I’m like, but I’m — it’s really cool to actually meet you. It’s really neat.
PAIGE: Yeah, I have to make a confession that I was actually really nervous to ask Shannon to be on the show, because I have been watching Hak5 since before she came on Hak5 and I kind of watched her journey and that’s been really awesome to see. Especially because when it got started it was such a dude show and as a woman watching the show I was always like, yeah this is cool. And they had that one chick would kind of stop in and do some gaming stuff once in a while.
SHANNON: I’ll be honest, it was very intimidating when I first started on the show. I was not involved with the hacker community very at the time. And I was just kind of getting my feet wet into the whole process of learning all of the information that’s out there about hacking and internet security. But in the, god how long have I been doing this? Seven years? Oh my gosh, that’s a long time. So in the seven years that I’ve been doing this, I’ve learned so, so much. And I feel like a lot of this is, it’s just because I’ve gotten so involved and I made sure to ask the right questions. I come to it as a, no question is a stupid question. So I’m going to be person to ask that question, even though other people might look at me and think I’m stupid, I don’t care, because other people have those questions, but they’re afraid to ask them. I felt like I’ve grown so much just by being a part of this show and it’s been really informative for me. And I’m glad that I have some female fans out there. It makes me very happy.
ANGELA: What was your focus in college? Was it a technical degree?
SHANNON: It wasn’t, as weird as that is. I probably should have gone into theater at the time, but I didn’t, because I was obsessed with theater. I went into hospitality and restaurant administration. So I guess what I took out of college, mostly, was the business perspective. It helped me be a better public speaker, because we did a lot of presentations for our classes. And it also taught me a lot about how to run a business. So, we’ve been able to open up a store for Hak5 online. So we do a lot of ecommerce. We’ve also learned a lot about marketing and things like that.
PAIGE: So you said you’ve always been interested in technology. What did that look like as a kid for you?
SHANNON: Oh yeah. My dad had a computer in my nursery. He did. We didn’t have enough rooms in the house apparently. This is the story he’s told me. When I was a baby he just stuck his first computer, or one of his many computers, in my nursery and he would let me sit on his lap and pound at the keyboard until I figured out something that happened on the keyboard. So I’ve just been around computer my whole life. My dad was a really big influence on that for me. Also, for my Star Trek geekiness, because he watched it every single day after work, so I would sit down and watch it with him. I love my geeky influences. But yeah, I learned how to build computers when I was, probably an early teen, 11 or 12 I think was when I first built my computer with my dad. He got me into building websites when I was in middle school. So I learned a little bit about HTML and how to build a really simple anime fan gallery type website on GeoCities. So I learned a little bit there. I also got really involved with video gaming. I made a good group of friends at school who got me really obsessed with that kind of stuff. So it was just always a really good influence with me, like as far as the people that I was hanging out with. My dad was always there and he was always like, yeah come with me to the computer store. We’ll go to Best Buy and you can check out motherboards, back when they had motherboards.
PAIGE: Dude, you had the best dad ever.
SHANNON: He was awesome. He’s a great guy. He still gets really geeky with me. I’ll be like, let’s go to Fry’s and he’s like, yeah let’s go.
PAIGE: My friends call that Meca.
SHANNON: Oh yes.
PAIGE: So you did all this as a young person. And then why did you end up choosing hospitality instead?
SHANNON: A lot of it was because I really like working with people and I felt like if I went into a tech thing I wouldn’t get to work with people as much, like one on one or face to face. But I went into a lot of jobs during high school and during college where I managed restaurants or I was a server. I think I did assistant management at a Dominos Pizza for like five years. So it was really fun for me. I loved being able to make people happy and make perfect, perfect food for them and see the smile on their faces, and get really good tips out of it. So for me it was just all about really enjoying my job and being able to be around people. Because I’m a friendly person.
PAIGE: I had a very similar story where I was really involved in tech doing a lot of IT support and i kind of topped out desktop support and knew that the next step would kind of be to end up as a server monkey in a server farm, like just in the basement. I kind of had to transition. And the first interview I did where I was trying to transition, they were like well why would you want to leave this field? It’s lucrative, it’s good, it’s interesting. And I’m like, you know, I don’t want to just stare at server fans all day. I want to interact with other people.
SHANNON: Yeah.
PAIGE: Even if it’s in a non-technical space.
SHANNON: That’s why I love podcasting now, is because I can, I can use my tech experience that my dad’s taught me, and I can use what I can find online and through educational books that I can purchase and learn, and I can also use my theater obsession, and I kind of mixed the two together. And I can still talk to people face to face with interviews, and talking to fans, and going to conventions and stuff like that. So it’s the happy medium for all those different obsessions for me.
ANGELA: Mm-hmm.
PAIGE: What have been your biggest challenges with podcasting.
SHANNON: Being a woman.
PAIGE: Really?
SHANNON: Yeah, I think so. It’s been very tough for me to get over my own conflictions in my brain telling me, you know, whenever you’re around men who are in a certain technical community, they may talk down to you because you’re a female. Or if I am at a convention, I have to deal with people sexualzing me becuase I’m a woman and because I just happen to have girly parts. So it’s been very hard for me to get people to act mature whenever I’m talking on a show and I just happen to be wearing a shirt that has a little bit of cleavage or something like that. So, it’s been hard, but I think I’ve gotten to the point where I’m respected because I respect people just as much, and I’ve learned a lot about what I’m good at. ANd I also don’t lie to people. So, you know, whenever I’m on the show talking about a certain segment, I’ll tell them straight up. Hey, I”m not an expert in blah, blah, blah, but this is something that I studied and I know this is correct.
PAIGE: I’ve always been really impressed with your ability to kind of present a brand new topic and be humble about it, without being apologetic.
SHANNON: Yeah. Yeah.
PAIGE: That’s really key, especially for women. Our tendency is to be apologetic that we don’t know things. And it’s okay to not know everything, but it’s also okay to know what you know.
SHANNON: Yeah, I totally agree with you on that. And I’m totally willing on the show too to ask for support as well. Like, if there’s a certain thing that I run into, like a problem, which I’ll run into problems. Everybody does with technical aspects. I’ll ask the community. I’ll say hey has anybody else run into this problem. Can you answer this for me? Email and I’ll shout you out in the next show. So that way it’s rewarding for them and it’s rewarding for me to, because I love to learn. And I’m always willing to learn, because, you know, you can never learn everything that’s available in the world.
ANGELA: Have you done any kind of boot camp or any kind of online, specifically technical classes?
PAIGE: Yeah, like what’s your favorite resource for learning all the new stuff that you’re constantly teaching?
SHANNON: I’m a huge bookworm. So, if I can find an educational book that’s written by an expert in the field, I’m going to buy the book. I know that I could just Google it and probably find a great Wikipedia article about whatever I’m learning, but I prefer to use school textbooks.
PAIGE: I think you might be the first guest that’s said that.
SHANNON: I don’t know why, but I learn so much better whenever I can sit down and read a book. And I think it’s just because I’ve always been around books my whole life, so I’m a huge bookworm.
PAIGE: Yeah, I have to say, I kind of agree. Like when I really need to deep dive a topic, like I just recently had to start learning angularjs for my job, and trying to do it with the online tutorials I was getting some of it, but when I finally was like, okay I’m just going to get the O’Reilly book and sit down and plow through it, it all just comes together so much more richly.
SHANNON: Yeah, it’s really tough too with online articles, because a lot of them start at a, you know, a more advanced topic. When I choose to start my segments at a very beginner topic. So, if I’m just learning things, I can’t start from like halfway in, like the 201 series. I have to start with the 101 or else I don’t understand a thing. So I’m very logical. I’m very step-by-step and tutorial based. I like to teach people the same way that I like to teach myself.
PAIGE: Yeah, I have to say, I’ve definitely recommended you hack tip segments for several women trying to kind of get their head around some basic stuff for Linux.
SHANNON: Thank you.
PAIGE: Stuff like that.
SHANNON: I’m really happy to hear that.
ANGELA: Yeah, Paige is a huge advocate. She runs the Portland chapter of Women Who Code and does a lot of networking.
SHANNON: Oh that is awesome. Yeah, I’ve even had a few people email me and say, hey I’ve been using your hack tips as a series in my school or in my classroom. So it’s really, really inspiring whenever I have people email me and tell me that they’re using this to teach a younger generation.
PAIGE: So, what would you, I guess, I’m always interested because, especially with it being so accessible. Really, all you need is a computer, an internet connection, and some sort of microphone and you can get started podcasting. What would you say to people who are interested in sharing their knowledge in this way?
SHANNON: Definitely do it about something that you’re obsessed with. Not just something that you’re semi interested in and you kind of want to teach people about it, but something that you really know. Something that you’re willing to learn and really delve into and really become and expert on. Because if you’re not, it really come across in podcasting whenever somebody doesn’t know everything. And be willing to learn more too. And then as far as technical experience with podcasting, get a good mic. Audio is key. People won’t listen to a podcast if it doesn’t have good audio. And don’t worry about how many people are watching your show, because the ones that matter, they will be there from the beginning to the end. You don’t, it doesn’t matter if you have a million views. Don’t look at it as trying to make money, just look at it as sharing. Sharing something that you love.
PAIGE: The internet is an awesome place, because we’ve all taken the time to share.
SHANNON: I agree.
PAIGE: So we talked about your biggest challenges in podcasting. What keeps you in podcasting? What lights your fire about it?
SHANNON: For me, it’s really when I go to conventions or when I go to a meetup or something like that and I see a little boy or a little girl come up to me and be a a little bit shy about meeting me, but tell me that they’ve learned from me and they’ve been able to develope some of experience with whatever I’ve been teaching on the different shows. For me, it feels so good to know what I’m changing somebody’s view on technology. So it’s not just like, you know, when me and you grew up. It’s not like it feels geeky for them. Like, we’re look at as, looked down on, looked down up.
PAIGE: Yeah, I remember when geek wasn’t cool.
SHANNON: Yeah, it wasn’t cool back in our day, but now it’s more of a cool thing because you have these interesting people get into it that are so obsessed with it that we come across as like, I don’t know, BIll Nye’s. I remember watching Bill Nye in high school and thinking wow he’s so cool. He makes me so excited for science. I want to be that person. I want to be the person that gets these little kids excited about talking about internet security and hacking.
ANGELA: Yeah, exactly.
PAIGE: Right. Yeah, I’ve never seen anyone be able to light up a room about PGP the way that you can.
SHANNON: Yeah, I love seeing when a little nine year old girls comes up to me and her eyes light up, because she’s like oh my gosh I learned so much from you. I just makes me feel so good inside. And that’s really what keeps me going.
PAIGE: Yeah, I totally agree. Reaching out, helping the community, and just building it back. And I think hearing you talk at the beginning about how being involved in the community was what kind of jump started you into the knowledge and the place that you have in podcasting, this community, the hack community, the tech community is welcoming by in large. Like you said, no question is a bad question.
SHANNON: Yeah, absolutely. And I’ve had a few people look at me and just be like, you’re asking that question? And I’m like, yeah I am, because guess what, the five people behind me, they want to ask that question too, but they’re too afraid to raise their hands.
PAIGE: Yeah. No, exactly. I talk a lot — I teach an intro to JavaScript course and one of the biggest things I teach is ask questions and let me help you learn how.
SHANNON: Yeah, absolutely. Because you’re not going to learn if something goes over your head. You have to ask those questions.
PAIGE: Yeah, and don’t be afraid to ask how to ask the question too, because sometimes it’s just that you’re missing that, you know, you’re asking these questions and you’re just asking the wrong question. So go ahead and ask what should I know here. What am I missing?
SHANNON: Absolutely. Oh man, I wish I could have taken your course in college.
ANGELA: And so then, we talked briefly about your nickname. On Twitter your /Snubs, or I guess @snubs. And your website is snubsie.com.
SHANNON: Yeah.
ANGELA: Can you tell us how you got that nickname?
SHANNON: That was in high school. I was hanging out with my friend Danny and I was really into video games at the time. I was learning that I really needed to get a screen name. And I thought Shannon is not that great of a screen name so I need something cool. So one of my friends, he was like well what about Snubsie Boo. And I was like, that’s so cute. Snubsie Boo. So over time it just kind of shortened down to Snubs, because it’s easier to spell and it’s faster to type.
ANGELA: That works.
PAIGE: Sometimes what our friends lay on us, it just sticks.
SHANNON: It’s a boring question, or it’s a boring answer, but I get it all the time.
ANGELA: I think the first time I had to come up with a screen name was for Livejournal. Well first of all, it was actually AOL and I wanted Curly, but there were apparently 8,500, 700. Anyway, it wa Curly85647. When I got to choose one creatively in high school for Livejournal, I just Googled, I put a random word into Google, just picked a random word and then did it again with a different word and picked a second word and it ended up being Scaling Dynasty.
SHANNON: Oh, that’s cool.
ANGELA: I know.
PAIGE: That’s pretty cool, actually.
ANGELA: I know. It is cool. I haven’t used it anywhere else, but yeah.
PAIGE: My friends always get a little bit weirded out when they find out my online handle, because I’m kind of like a tomboy girl, backwards hats and everything, and my handle is Feather.
SHANNON: Aw, that’s adorable. I like it.
ANGELA: Yeah.
PAIGE: It works for me.
SHANNON: People get weirded out whenever I walk into like a Fry’s and I’m like, I want to build a computer. And I get these looks from the reps and they’re like, you sure you want to build a computer? Like, yes. I can do my manicures and pedicures and want to build a computer too.
ANGELA: Yeah.
PAIGE: Do you find that because you have a fairly feminine appearance, even for women in technology, that that sets you even farther apart?
SHANNON: Oh for sure. I did an experiment recently where, and it was just kind of a quiet experiment that I didn’t tell anybody about, but you can see it on TekThing if you look close enough. So, in one episode I wore a very floral shirt. It was very, like it had flowers all over it and it was pink and it very, very girly. I was talking about some kind of technical segment. I don’t remember what it was now, but I got a lot of harsh criticism on that episode. And I was like, well I know that I was teaching the correct facts, so I’m going to try something new on the next episode. So, on another episode of TekThing I decided to do another different shirt where I wore a gaming T-shirt. So it wasn’t flattering, it wasn’t girly at all. It was just a gaming T-shirt with a bunch of consoles on it. I got really, really good constructive feedback on that one. Nobody was negative. I was like, that’s strange. So I did it again, same thing. Isn’t that weird?
ANGELA: Wow.
PAIGE: Wow.
SHANNON: Yeah, isn’t that crazy. So I was like, huh. So, it totally has to do with how you show yourself on a show. And a lot of it is kind of sexist. And I don’t think it’s meant to be, but it’s just the way that we’ve grown up and the way that we perceive women as compared to men. So women generally are perceived as lesser or we don’t have as much education as men or as much experience. Not that I’m a feminist, necessarily, I might be sometimes. But, I’ve noticed a big difference depending on what i wear on the show.
ANGELA: Right. Well, and if you just put it into sentences that somebody reads, it’s like if the audience is thinking what does she know? She’s wearing flowers.
SHANNON: Exactly.
ANGELA: That sounds weird. But it was like, oh she might know something. She has a gaming shirt.
SHANNON: Yep.
ANGELA: That’s so bizarre.
SHANNON: It’s totally bizarre, but it’s true. And that’s the way our society has been taught.
PAIGE: It’s an unconscious bias and that’s the hardest part about it, is it is by and large an unconscious bias. I get treated very differently than most of my female counterparts because I wear baseball caps, I wear T-shirts and jeans, and most guys just treat me like one of the guys. So it’s kind of interesting because I feel sometimes like I get to be a double agent to like infiltrate and be like, advocate for women. And they’re like, but you’re one of the guys. What’s going on?
SHANNON: That’s hilarious. It’s terrible, but it’s hilarious.
ANGELA: Yeah.
PAIGE: But at the same time, it’s interesting because I’ll get the unconscious bias the other way where I show up to women’s event and because I don’t look very feminine, I can get the judgement in the other direction too.
SHANNON: Oh yeah, for sure.
PAIGE: It’s very interesting. Although, the geek community is more accepting of that.
ANGELA: Accepting, yes.
PAIGE: Which is good. Speaking of dressing, interestingly, one last thing that I’m’ always fascinated by, who’s your favorite character to cosplay?
SHANNON: Oh, heck yeah. Um, I would say Sailor Mars. She’s my favorite.
PAIGE: Oh, good call.
SHANNON: From Sailor Moon. If nobody has watched it, Sailor Moon is amazing. So good.
PAIGE: Yeah, you went old school.
SHANNON: Yes, it’s totally old school but I made my first Sailor Mars costume when I was in college and I loved it so much. I even dyed my hair black and I grew it out so it would look like Sailor Mars. There are pictures. There are pictures on the internet of my Sailor Mars cosplay on my Twitter.
ANGELA: Yeah, I was just going to say, who are you dressed as in your current Twitter picture?
SHANNON: Let’s see, my current Twitter I think is just my, oh yeah, that’s my Renaissance festival costume.
ANGELA: Yeah. Okay. Yeah, awesome.
SHANNON: I just decided to dress as a Ren Fair person.
PAIGE: I’m trying to put together my very first cosplay costume and it is a big reach, because I want to cosplay as Baymax from Big Hero 6.
ANGELA: Oh my gosh.
SHANNON: Cool.
PAIGE: But I’ve been a costumer for a long time. I do a lot of Renaissance fair and all that jazz. I like costuming, but this is an interesting. I want to do the blow up and figure out how to make it work.
SHANNON: That is really cool. I wish you tons of luck. It’s hard work, but it’s worth it.
ANGELA: i actually have a fan for material to blow it up.
PAIGE: All right. We’re going to have to talk.
ANGELA: Yeah. That’s great. It’s for a Hulk costume, but you could totally just use it for that.
PAIGE: Oh, that’s neat. I should look into that. So cosplay, what about cosplaying do you enjoy, Shannon?
SHANNON: I like being able to dress up and pretend to be somebody else. It’s the theater thing for me.
PAIGE: I always like the idea of be all you can be.
SHANNON: Yeah. Oh man, it’s so much fun.
PAIGE: Yeah, it’s very fun. I highly recommend that if you’ve never played dress up as an adult, you at least give it a go. At the very least it’s an interesting psychological experiment.
SHANNON: It is. It’s kind of like Halloween every single day.
PAIGE: Yeah, with less candy.
SHANNON: Yes, with less candy. Well, unless you buy it from the grocery store next door to the hotel like I do.
PAIGE: Feel like you might have done that.
SHANNON: Maybe.
ANGELA: Might be from experience.
PAIGE: Just one last question. You have mentioned that you go to conventions. What’s the next convention that you’re headed to?
SHANNON: Let’s see, the next one will be this summer. If will be DEFCON again. This will be, I think like my sixth DEFCON. Wow, that’s a lot.
PAIGE: Oh wow.
SHANNON: And after that, I’ll be going to Dragoncon for my first time this year, so I’m planning to cosplay at that one.
PAIGE: Are you skipping PAX this year?
SHANNON: No PAX, yeah no PAX for me.
PAIGE: Oh bummer.
SHANNON: Do you go to PAX? Maybe I should go.
PAIGE: Yeah, we’re up here in Seattle, so I’m planning to go to PAX this year. It will be my first year. It will be a good time.
SHANNON: It looks amazing. I have friends from Missouri that go to PAX and i’m like, oh man, I live so much closer, I need to go.
PAIGE: You really should come up.
SHANNON: I’ll take you up on that.
PAIGE: Awesome. Very cool. Well, thank you so much for joining us Shannon. This has been amazing. We’ll look forward to seeing you on your shows.
SHANNON: Thank you so much. And it was a pleasure talking to both of you.
ANGELA: Thank you for listening to this episode of Women’s Tech Radio. Remember, you can find a full transcription in the show notes at jupiterbroadcasting.com or also at heywtr.tumblr.com.
PAIGE: And also, any links to Shannon’s shows will be in the show notes. So if you want to check her out, go ahead and take a gander there. You can also find us on iTunes. Subscribe to the show there. Or if you prefer an RSS feed, it’s’ available at jupiterbroadcasting.com under the heywtr show. And you can also follow us on Twitter @heywtr. Thanks for listening.

Transcribed by Carrie Cotter | transcription@cotterville.net

The post Early Tech Obsession | WTR 30 first appeared on Jupiter Broadcasting.

We’ll be showing you how to set up a secure, SSL-only webserver. There’s also an interview with Eric Le Blan about community participation and FreeBSD’s role in the commercial server space. All that and more, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Password gropers take spamtrap bait

• Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
• He seems to have discovered another new weird phenomenon in his pop3 logs
• “yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia”
• Someone tried to log in to his service with an address that was known to be invalid
• The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose

Inside the Atheros wifi chipset

• Adrian Chadd – sometimes known in the FreeBSD community as “the wireless guy” – gave a talk at the Defcon Wireless Village 2014
• He covers a lot of topics on wifi, specifically on Atheros chips and why they’re so popular for open source development
• There’s a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
• Very technical talk; some parts might go over your head if you’re not a driver developer
• The raw video file is also available to download on archive.org
• Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things

Trip report and hackathon mini- roundup

• A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
• Mark Linimon mentions some of the future plans for FreeBSD’s release engineering and ports
• Bapt also has a BSDCan report detailing his work on ports and packages
• Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
• Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
• Christian Weisgerber talks about starting some initial improvements of OpenBSD’s ports infrastructure

DragonFly BSD 3.8.2 released

• Although it was already branched, the release media is now available for DragonFly 3.8.2
• This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
• It also includes some various other small fixes

Interview – Eric Le Blan – info@xinuos.com

Xinuos’ recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

• Back in episode 39, we covered a blog post about creating an OpenBSD gateway – partly based on our router tutorial
• This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
• He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
• The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.

Don’t encrypt all the things

• Another couple of interesting blog posts from Ted Unangst about encryption
• It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
• After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
• He also talks a bit about some PGP weaknesses and a possible future replacement
• He also has another, similar post entitled “in defense of opportunistic encryption“

New automounter lands in FreeBSD

• The work on the new automounter has just landed in 11-CURRENT
• With help from the FreeBSD Foundation, we’ll have a new “autofs” kernel option
• Check the SVN viewer online to read over the man pages if you’re not running -CURRENT
• You can also read a bit about it in the recent newsletter

OpenSSH 6.7 CFT

• It’s been a little while since the last OpenSSH release, but 6.7 is almost ready
• Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
• It includes some old code removal, some new features and some internal reworkings – we’ll cover the full list in detail when it’s released
• This version also officially supports being built with LibreSSL now
• Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system

Feedback/Questions

• David writes in
• Lachlan writes in
• Francis writes in
• Frank writes in
• Sean writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• We want to give a special thanks to our viewer Remy for writing the basis of today’s tutorial
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Final reminder: OpenBSD is moving to a new distributor in September (which is very soon!) so this is your last chance to buy any of their tshirts, CDs or posters – grab them now while you still can, and support the project

The post Engineering Nginx | BSD Now 51 first appeared on Jupiter Broadcasting.

Tonight on Jupiter@Nite, the boys go BLACK (hat) and review the latest news to surface from Hacker Cons around the world! We’ll show you the latest antics from Black Hat and DEFCON, where security protocols are run through the wringers. Are your cell phone call safe? Did your wallpaper app steal your Android information?

Tune in to find the glorious details!

Tonight’s Show Notes:

Download:

The post Hacker Con Round-Up | Jupiter@Nite | 8.02.10 first appeared on Jupiter Broadcasting.