ecc – Jupiter Broadcasting

use a VPN & https, which would reduce the attack surface, but it’s not ‘perfect’.
Update from Forbes
Lots of stuff updated. Lots of stuff not. This is where it pays to know what you have in use and monitor your suppliers for notices.

Mobile carriers selling personal data

Mobile carriers sell users’ personal information to third parties

Western Digital Stuns Storage Industry with MAMR Breakthrough for Next-Gen HDDs

Western Digital Hard Drives Will Provide Over 40TB of Storage by 2025
new tech is MAMR – microwave-assisted magnetic recording instead of HAMR (Heat-assisted magnetic recording) with a laser
[Why MAMR over HAMR?]](https://www.extremetech.com/computing/257352-western-digital-reveals-mamr-technology-allow-40tb-hard-drives)

Feedback

Round Up:

The post HAMR Time | TechSNAP 341 first appeared on Jupiter Broadcasting.

Not Sharing The Secret | TechSNAP 156

chris — Thu, 03 Apr 2014 16:18:21 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Researchers develop a new way to protect your passwords after they’ve been stolen, the little credit card scam making big money…

Then it’s a great batch of your questions, a rockin round up, and much much more!

On this week’s TechSNAP.

Thanks to:

Direct Download:

RSS Feeds:

— Show Notes: —

Researchers are NYU develop PolyPassHash, hard to crack password store

PolyPassHash is designed to make it significantly harder to crack users’ passwords in the event the password database is leaked
The system uses SSSS (Shamir’s Secret Sharing Scheme ) which is a system for dividing a secret key (in this case used to encrypt the password database) into many pieces, and requiring only a specific number of those pieces to be combined to return the key
In the wikipedia example, the secret key is divided into 6 parts and the algorithm defined such that 3 of the parts must be combined in order to return the secret
The SSSS algorithm is extensible, it allows the number of pieces that the secret is divided into to grow as long as the threshold (the number of pieces required to decrypt) is key fixed
The SSSS algorithm is also flexible, allowing for some people (say the system administrator) to have more than 1 share
In the Python reference implementation the threshold is set to 10
This means that 10 pieces of the secret are required in order to decrypt the password file
Each regular user’s password is 1 share of the secret, so when that user provides the correct password, 1 share is available
In the reference implementation, there are 3 administrator users, each of who’s password is 5 shares of the secret, meaning the correct passwords for any 2 of the administrators will be able to decrypt the password database
Currently PolyPassHash uses just the SHA256 of the users’ password and a random salt, rather than using sha256crypt() which does more than 1 SHA256 round on the password, and uses different mixes of the password and salt
The drawback with PolyPassHash is that after a reboot, it is not possible for anyone to login until a sufficient number of users have entered the correct password to return the required number (the threshold) of shares to decrypt the password hashes
There is a proposed solution to this, involving shortening the SSSS key such that some of the hash (the last few bytes) are not encrypted, and using that to authenticate the first few users until sufficient users have successfully logged in to decrypt the password database
This compromises the security of the passwords because part of the plain hash is leaked, and it also means that an incorrect password could allow a user to login after a reboot before the threshold has been met
PolyPassHash also has support for thresholdless accounts (accounts that do not have any shares), in order to protect larger systems (like Facebook or Gmail) where an attack may have compromised enough accounts to have sufficient shares to decrypt the entire database. In this case, only administrator (or maybe power user) accounts would have shares
PolyPassHash also has support for other authentication systems, including things like biometrics, ssh keys, and smart cards, but also external systems like OAuth or OpenID (thresholdless accounts)
In the case of SSH keys, instead of a password, the share of the SSSS is encrypted with the public key, and the user uses their SSH private key to decrypt the share
New users cannot be added until the threshold has been reached, since the secret is required to generate a new share of the secret
Research Paper

Who is behind sub-$15 credit card scam

A service called ‘BLS Web Learn’ has been identified as being behind a scam that charged numerous credit and debit cards small fees of less than $15
The scam centers around small charges that appear on your credit card bill, usually for small random amounts such as $9.84, $10.37, or $12.96
The line item includes a toll free number (as most charges do), and you are encouraged by your bank to call this number and try to identify the charge and resolve any issues with the seller directly, rather than filing a chargeback
In this case, since the card holder never ordered anything or authorized the charge, the service refunds the small amount
They make their money off all of the people who don’t notice the small charge
Unlike many scams, because they maintain the assertion that they are a legitimate business, and refund the charge when a cardholder complains, they do not rack up a large number of chargebacks, and their account with the credit card processor is not red flagged or shut down
Krebs have investigated a similar case before, which appeared to be based in Malta
The name of the ‘online learning’ company, and the credit card processor are different, but the scam seems very much the same
The payment processor, BlueSnap, lists its offices in Massachusetts, California, Israel, Malta and London. Interestingly, the payment network used by the previous scam, Credorax, also lists offices in Massachusetts, Israel, London and Malta

Feedback:

Who should play Allan Jude in Allan Jude: The Movie
XP Fail
Picture of the XP mess
Checksum your SaaS
Ubuntu Manpage: debsums – check the MD5 sums of installed Debian packages
Mulitple Domain Names pointing to same IP address
The debate continues re: ZFS and ECC
- ECC is not required, but using non-ECC increases the risk of data loss. Using ECC RAM is the cheapest way to increase the uptime and reliability of the system
Metal_Geek Needs help: I need help recovering data from a LUKS encrypted partition.

Round-Up:

The post Not Sharing The Secret | TechSNAP 156 first appeared on Jupiter Broadcasting.

Time Signatures | BSD Now 23

chris — Thu, 06 Feb 2014 22:08:15 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We\’ll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we\’ve got a tutorial on how to run your own NTP server. News, your feedback and even… the winner of our tutorial contest! It\’s a big show, so stay tuned to BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD foundation\’s 2013 fundraising results

The FreeBSD foundation finally counted all the money they made in 2013
$768,562 from 1659 donors
Nice little blog post from the team with a giant beastie picture
\”We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon.\”
A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook)

OpenSSH 6.5 released

We mentioned the CFT last week, and it\’s finally here!
New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein\’s Curve25519 (now the default when both clients support it)
Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA
Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can\’t even attempt to login
New bcrypt private key type, 500,000,000 times harder to brute force
Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one
Portable version already in FreeBSD -CURRENT, and ports
Lots more bugfixes and features, see the full release note or our interview with Damien
Work has already started on 6.6, which can be used without OpenSSL!

Crazed Ferrets in a Berkeley Shower

In 2000, MWL wrote an essay for linux.com about why he uses the BSD license: \”It’s actually stood up fairly well to the test of time, but it’s fourteen years old now.\”
This is basically an updated version about why he uses the BSD license, in response to recent idiocy from Richard Stallman
Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL
Check out the full post if you\’re one of those people that gets into license arguments
The takeaway is \”BSD is about making the world a better place. For everyone.\”

OpenBSD on BeagleBone Black

Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi
A blog post about installing OpenBSD on a BBB from.. our guest for today!
He describes it as \”everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black\”
It goes through the whole process, details different storage options and some workarounds
Could be a really fun weekend project if you\’re interested in small or embedded devices

This episode was brought to you by

Interview – Ted Unangst – tedu@openbsd.org / @tedunangst

OpenBSD\’s signify infrastructure

Tutorial

Running an NTP server

News Roundup

Getting started with FreeBSD

A new video and blog series about starting out with FreeBSD
The author has been a fan since the 90s and has installed it on every server he\’s worked with
He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users
The first video is the installation, then he goes on to packages and other topics – 4 videos so far

More OpenBSD hackathon reports

As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience
He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work
This summary goes into detail about all the stuff he got done there

X11 in a jail

We\’ve gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can!
A new tunable option will let jails access /dev/kmem and similar device nodes
Along with a change to DRM, this allows full X11 in a jail
Be sure to check out our jail tutorial and jailed VNC tutorial for ideas
Ongoing Discussion

PCBSD weekly digest

10.0 \”Joule Edition\” finally released!
AMD graphics are now officially supported
GNOME3, MATE and Cinnamon desktops are available
PCBSD also got a mention in eweek

Feedback/Questions

Justin writes in: https://slexy.org/view/s21VnbKZsH
Daniel writes in: https://slexy.org/view/s2nD7RF6bo
Martin writes in: https://slexy.org/view/s2jwRrj7UV
Alex writes in: https://slexy.org/view/s201koMD2c
+ unofficial FreeBSD RPI Images
James writes in: https://slexy.org/view/s2AntZmtRU
John writes in: https://slexy.org/view/s20bGjMsIQ

All the tutorials are posted in their entirety at bsdnow.tv
The ssh tutorial has been updated with some new 6.5 stuff
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
Reminder: if you\’re on FreeBSD 8.3 for some reason, upgrade soon – it\’s reaching EOL
Reminder: if you\’re using pkgng, be sure to update to 1.2.6 for a security issue
The winner of the tutorial contest is… Dusko! We didn\’t get as many submissions as we wanted, but his Nagios monitoring tutorial was extremely well-done. It\’ll be featured in a future episode. Congrats! Send us a picture when it arrives.
Allan got his pillow in the mail as well, it\’s super awesome

The post Time Signatures | BSD Now 23 first appeared on Jupiter Broadcasting.

Cryptocrystalline | BSD Now 16

chris — Fri, 20 Dec 2013 10:53:55 +0000

We\’ll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller – one of the lead developers of OpenSSH – about some recent crypto changes in the project. If you\’re into data security, today\’s the show for you. The latest news and all your burning questions answered, right here on BSD Now – the place to B.. SD.

Thanks to:

iXsystems: This is what 80 cores and 1TB of RAM looks like!

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Secure communications with OpenBSD and OpenVPN

Starting off today\’s theme of encryption…
A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
Part 1 covers installing OpenBSD with full disk encryption (which we\’ll be doing later on in the show)
Part 2 covers the initial setup of OpenVPN certificates and keys
Parts 3 and 4 are the OpenVPN server and client configuration
Part 5 is some updates and closing remarks

FreeBSD Foundation Newsletter

The December 2013 semi-annual newsletter was sent out from the foundation
In the newsletter you will find the president\’s letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
The president\’s letter alone is worth the read, really amazing
Really long, with lots of details and stories from the conferences and projects

Use of NetBSD with Marvell Kirkwood Processors

Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
The IP-Plug is a \”multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger).\”
Really cool little NetBSD ARM project with lots of graphs, pictures and details

Experimenting with zero-copy network IO

Long blog post from Adrian Chad about zero-copy network IO on FreeBSD
Discusses the different OS\’ implementations and options
He\’s able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn\’t stopping there
Tons of details, check the full post

Interview – Damien Miller – djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Full disk encryption in FreeBSD & OpenBSD

Shows how to install both FreeBSD and OpenBSD with full disk encryption
We\’ll be using geli and bioctl and doing it step by step

News Roundup

OpenZFS office hours

Our buddy George Wilson sat down to take some ZFS questions from the community
You can see more info about it here

License summaries in pkgng

A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
Similar to pkgsrc\’s \”ACCEPTABLE_LICENSES\” setting, pkgng could let the user decide which software licenses he wants to allow
Maybe we could get a \”pkg licenses\” command to display the license of all installed packages
Ok bapt, do it

The post Cryptocrystalline | BSD Now 16 first appeared on Jupiter Broadcasting.