Show Notes: selfhosted.show/73

The post 100 Days of HomeLab | Self-Hosted 73 first appeared on Jupiter Broadcasting.

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Noah’s Last Ubuntu Straw

• redshift-gtk-git

— PICKS —

Runs Linux

The NES Classic, Runs Linux

Unless you want to desolder flash memory from the motherboard, looks like it's impossible to add new games to NES Classic. pic.twitter.com/jc99WSrNJj

— Peter Brown (@PCBrown) November 2, 2016

• GPL is Included in the on screen menu: https://www.youtube.com/watch?v=UOZ38n1QZ3Y&t=16m35s

• The NES Classic is a $60 Single Board Computer Running Linux – Slashdot

With a quad-core ARM Cortex-A7, 256 MB of RAM, and 512 MB of NAND Flash, it is typical of the hardware found in Linux single board computers, like the Raspberry Pi 2. Surprisingly for Nintendo, there does not seem to be any custom components in it, and it looks like it even does run Linux.

• Brutal Doom 64 mod – Mod DB

Desktop App Pick

SSH Power Tool

The SSH Power Tool (sshpt) enables you to execute commands and upload files to many servers simultaneously via SSH without using pre-shared keys. Uploaded files and commands can be executed directly or via sudo. Connection and command execution results are output in standard CSV format for easy importing into spreadsheets, databases, or data mining applications.

Advantages

Since sshpt does not utilize pre-shared SSH keys it will use provided credentials for all outgoing SSH connections. This has many advantages:

• Can be used immediately: No need to spend enormous amounts of time setting up pre-shared keys.
• More secure: A server with pre-shared keys is a huge security risk. It literally holds the keys to the castle! With sshpt you can perform all the same tasks as with pre-shared keys with less risk to your infrastructure.
• More compliant: Executing commands as root via pre-shared keys makes it hard to figure out after-the-fact who did what (root as a shared account). When an administrator (or user!) uses sshpt to execute commands it is much easier to figure out “who did what and when” from an auditing standpoint.

Spotlight

Gruik.

It’s a free & open-source note-taking service. A space where you can store notes, tutorials, code snippets… by writing them in markdown and then keep them private or public.

Stickers – Super Key Sticker with Any LAS Sticker While They Last!

Super Key Sticker with Any LAS Sticker While They Last!

ChrisLAS Rocks Cali

Meetup with Chris in Cali!

— NEWS —

• Ting data price drop
• Ting drops data prices to $10 GB beyond the first gig

LessPass

Stop wasting time synchronize your encrypted vault.
Remember one master password to access your passwords, anywhere, anytime.
No sync needed.

It’s official: Oracle will appeal its “fair use” loss against Google

Oracle’s post-trial motions, which the district court judge rejected, indicate the tack it might try to take on appeal. It could focus on jury instructions that it viewed as improper, or Oracle could simply argue that the evidence presented at trial was so overwhelming that no reasonable jury could have found in Google’s favor.

VoCore2: $4 Coin-sized Linux Computer with WiFi

Coin-sized Linux computer & smart router, target to make wireless life easier, fully open source.

• Move over Raspberry Pi, here is a $4, coin-sized, open-source Linux computer | ZDNet

VoCore2 is an open source Linux computer and a fully-functional wireless router that is smaller than a coin. It can also act as a VPN gateway for a network, an AirPlay station to play lossless music, a private cloud to store your photos, video, and code, and much more.

The Lite version of the VoCore2 features a 580MHz MT7688AN MediaTek system on chip (SoC), 64MB of DDR2 RAM, 8MB of NOR storage, and a single antenna slot for Wi-Fi that supports 150Mbps.

All this for $4.

Spend $12 and go for the full VoCore2 option and you get the same SoC, but you get 128MB of DDR2 RAM, 16MB of NOR storage, two antenna slots supporting 300Mbps, an on-board antenna, and PCIe 1.1 support.

Both versions of the VoCore2 have a power consumption of 74mA at standby, and 230mA at full speed. With this low power consumption, a small 9800mAh battery pack can power it for more than four days.

Feedback:

To celebrate the awesome traffic we've been getting, if you add #SwitchTo76 to your order notes, we'll waive your ground shipping! #Linux pic.twitter.com/jxUQEvEEyd

— System76 (@system76) October 31, 2016

Mail Bag

• Name: Name: Andrew D

• Subject: Chris was right

I think Chris’ stance on Lenovo being the problem and how they should be ashamed for building a non linux compatible machine was off target. Yes Intel are the issue here, but not Lenovo.

If Microsoft or any other company goes to a hardware manufacturer asked for a feature or specification to make their product stand out (like in this case better battery life), then there is no reason why that hardware manufacturer should not do that.

Just because it makes it makes it Linux incompatible seems to be the uproar here.

I didn’t see people grabbing pitchforks when the Raspberry Pi 1 and 2 etc didn’t have standard windows support from the ARM processor.

Noah was dead right with this one. It’s disappointing that the last words on the topic were ‘Shame on Lenovo, they will never make that mistake ever again. +1 for the good guys’

Apart from that, loved the rest of it.

• Name: James S

• Subject: F.LUX approval by me

Hello, this is James from past las chatrooms and i recently saw where both of you use flux and i have been having back and other pain and was wondering if this would help. Doubtful to most, but between using flux and staying out of the sunlight considering the medications i am on i thought i would give it a try.

What have i got to lose right? I am in process of saving money for starting up a linux laptop business and i want to express my sincerest thanks to the developers of this program as well as you at jb for putting this flux program into the spotlight. I no longer have much joint back or shoulder pain and though i was having seizures and falls i have had none since Monday of last week. Thanks to you and the developers i am leading a new life. Thanks so much!

Call in: 1-877-347-0011

New Show: User Error

• User Error | Jupiter Broadcasting

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux
• Altispeed Technologies
• System76 – system76

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post Noah Switches to Arch | LAS 442 first appeared on Jupiter Broadcasting.

Is the “Dark Cloud” hype, or a real technology? Using DNS tunneling for remote command and control & the big problem with 1-Day exploits.

Plus your great question, our answers, a breaking news roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

APT Groups still successfully exploiting Microsoft Office flaw patched 6 months ago

• “A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East.”
• “CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft’s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1.”
• “The error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods.”
• One of the groups using the exploit targeted the Japanese military industrial complex
• “In December 2015, Kaspersky Lab became aware of a targeted attack against the Japanese defense sector. In order to infect victims, the attacker sent an email with an attached DOCX file exploiting the CVE-2015-2545 vulnerability in Microsoft Office using an embedded EPS (Encapsulated Postscript) object. The EPS object contained a shellcode that dropped and loaded a 32-bit or 64-bit DLL file depending on the system architecture. This, in turn exploited another vulnerability to elevate privileges to Local System (CVE-2015-1701) and download additional malware components from the C&C server.”
• “The C&C server used in the attack was located in Japan and appears to have been compromised. However, there is no indication that it has ever been used for any other malicious purpose. Monitoring of the server activity for a period of several months did not result in any new findings. We believe the attackers either lost access to the server or realized that it resulted in too much attention from security researchers, as the attack was widely discussed by the Japanese security community.”
• The report details a number of different teams, with different targets
• Some or all of the teams may be related
• “The attackers used at least one known 1-day exploit: the exploit for CVE-2015-2545 – EPS parsing vulnerability in EPSIMP32.FLT module, reported by FireEye, and patched by Microsoft on 8 September 2015 with MS15-099. We are currently aware of about four different variants of the exploit. The original one was used in August 2015 against targets in India by the Platinum (TwoForOne) APT group.”
• Kaspersky Lab Report

Krebs investigates the “Dark Cloud”

• “Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes.”
• “In this post, we’ll examine a large collection of hacked computers around the world that currently serves as a criminal cloud hosting environment for a variety of cybercrime operations, from sending spam to hosting malicious software and stolen credit card shops.”
• How do you keep your site online while hosting it on hacked machines you do not control
• How do you keep the data secure? Who is going to pay for stolen credit cards when they can just hack one of the compromised machines hosting your site?
• “I first became aware of this botnet, which I’ve been referring to as the “Dark Cloud” for want of a better term, after hearing from Noah Dunker, director of security labs at Kansas City-based vendor RiskAnalytics. Dunker reached out after watching a Youtube video I posted that featured some existing and historic credit card fraud sites. He asked what I knew about one of the carding sites in the video: A fraud shop called “Uncle Sam,” whose home page pictures a pointing Uncle Sam saying “I want YOU to swipe.””
• “I confessed that I knew little of this shop other than its existence, and asked why he was so interested in this particular crime store. Dunker showed me how the Uncle Sam card shop and at least four others were hosted by the same Dark Cloud, and how the system changed the Internet address of each Web site roughly every three minutes. The entire robot network, or “botnet,” consisted of thousands of hacked home computers spread across virtually every time zone in the world, he said.”
• So, most of these hacked machines are likely just “repeaters”, accepting connections from end users and then relaying those connections back to the secret central server
• This also works fairly well as a DDoS mitigation mechanism
• “the Windows-based malware that powers the botnet assigns infected hosts different roles, depending on the victim machine’s strengths or weaknesses: More powerful systems might be used as DNS servers, while infected systems behind home routers may be infected with a “reverse proxy,” which lets the attackers control the system remotely”
• “It’s unclear whether this botnet is being used by more than one individual or group. The variety of crimeware campaigns that RiskAnalytics has tracked operated through the network suggests that it may be rented out to multiple different cybercrooks. Still, other clues suggests the whole thing may have been orchestrated by the same gang.”
• A more indepth report on the botnet is expected next week
• “If you liked this story, check out this piece about another carding forum called Joker’s Stash, which also uses a unique communications system to keep itself online and reachable to all comers.”

Wekby APT gang using DNS tunneling for C&C

• “Palo Alto Networks is reporting a shift in malware tactics used by the APT group Wekby that has added a rare but effective new tool to its bag of tricks. Wekby attackers are turning to the technique known as DNS tunneling in lieu of more conventional HTTP delivery of command and controls for remote access control of infected computer networks.”
• “Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after those exploits are available, such as in the case of HackingTeam’s Flash zero-day exploit.”
• “The malware used by the Wekby group has ties to the HTTPBrowser malware family, and uses DNS requests as a command and control mechanism. Additionally, it uses various obfuscation techniques to thwart researchers during analysis. Based on metadata seen in the discussed samples, Palo Alto Networks has named this malware family ‘pisloader’.”
• “The initial dropper contains very simple code that is responsible for setting persistence via the Run registry key, and dropping and executing an embedded Windows executable. Limited obfuscation was encountered, where the authors split up strings into smaller sub-strings and used ‘strcpy’ and ‘strcat’ calls to re-build them prior to use. They also used this same technique to generate garbage strings that are never used. This is likely to deter detection and analysis of the sample.”
• “The payload is heavily obfuscated using a return-oriented programming (ROP) technique, as well as a number of garbage assembly instructions. In the example below, code highlighted in red essentially serves no purpose other than to deter reverse-engineering of the sample. This code can be treated as garbage and ignored. The entirety of the function is highlighted in green, where two function offsets are pushed to the stack, followed by a return instruction. This return instruction will point code execution first at the null function, which in turn will point code execution to the ‘next_function’. This technique is used throughout the runtime of the payload, making static analysis difficult.”
• “The malware is actually quite simplistic once the obfuscation and garbage code is ignored. It will begin by generating a random 10-byte alpha-numeric header. The remaining data is base32-encoded, with padding removed. This data will be used to populate a subdomain that will be used in a subsequent DNS request for a TXT record.”
• “The use of DNS as a C2 protocol has historically not been widely adopted by malware authors.”
• “The use of DNS as a C2 allows pisloader to bypass certain security products that may not be inspecting this traffic correctly.”
• “The C2 server will respond with a TXT record that is encoded similar to the initial request. In the response, the first byte is ignored, and the remaining data is base32-encoded. An example of this can be found below.”
• The Malware also looks for specific flags in the DNS response, to prevent it being spoofed by a DNS server not run by the authors. Palo Alto Networks has reverse engineered the malware and found the special flags
• The following commands, and their descriptions are supported by the malware:
  • sifo – Collect victim system information
  • drive – List drives on victim machine
  • list – List file information for provided directory
  • upload – Upload a file to the victim machine
  • open – Spawn a command shell
• “The Wekby group continues to target various high profile organizations using sophisticated malware. The pisloader malware family uses various novel techniques, such as using DNS as a C2 protocol, as well as making use of return-oriented programming and other anti-analysis tactics.”
• Palo Alto Networks Report

Feedback:

• Colo

• Snapshot best practices

• SELinux is cruel to animals

• Work in IT, got this in the mail today.

• Parts of a computer labeled by someone who thinks they know how a computer works

Round up:

• Tor To Use Distributed RNG To Generate Truly Random Numbers
• Skimmers Found at Walmart: A Closer Look
• Foxconn replaces ‘60,000 factory workers with robots’
• FBI warns of wireless keystroke loggers that look like harmless USB chargers
• A third of new cellular customers last quarter were cars
• NIST publishes guide on: Security for Full Virtualization Technologies
• Google aims to kill passwords by the end of this year
• DARPA gives out 7 multi-million dollar grants for research into DDoS mitigation
• Fox ‘Stole’ a Game Clip, Used it in Family Guy & DMCA’d the Original
• Analog malicious hardware, how to slip a backdoor into a chip
• Microsoft promises to stop tricking people into upgrading to Windows 10 when they clearly do not want to
• Google might name and shame slow-to-update Android vendors
• Foul-mouthed worm takes control of wireless ISPs around the globe

The post PIS Poor DNS | TechSNAP 268 first appeared on Jupiter Broadcasting.

Could Google be about to roll out its own mobile service, that only works with the Nexus 6? We’ll discuss the fascinating possibilities.

Plus Chris gives an update on his health quest, efforts to sleep better & a trick to get some exercise in.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

WSJ: Google’s Carrier Experiment Could Launch This Month

In fact, sources told the WSJ that it would only work with the latest Nexus 6 phone.

The service will switch between Wi-Fi, Sprint and T-Mobile. A pretty tough piece of networking when you consider that Sprint is a CDMA network and T-Mobile is a GSM network. Because of all the network hopping, Google needs to tweak the hardware and software of devices that use its network. This is why the Nexus 6 will be the device of choice, Google can’t get in to tweak the settings of phones from other manufacturers.

Google’s carrier ambitions are more of an experiment into what can be accomplished than a full-on assault on carriers. So don’t expect to start seeing Google running ads with unlimited data, text and voice offers anytime soon.

Self-Driving Cars Will Be In 30 US Cities By the End of Next Year – Slashdot

Automated vehicle pilot projects will roll out in the U.K. and in six to 10 U.S. cities this year, with the first unveiling projected to be in Tampa Bay, Florida as soon as late spring. The following year, trial programs will launch in 12 to 20 more U.S. locations, which means driverless cars will be on roads in up to 30 U.S. cities by the end of 2016. The trials will be run by Comet LLC, a consulting firm focused on automated vehicle commercialization. … they’re focusing on semi-controlled areas and that the driverless vehicles will serve a number of different purposes—both public and private. The vehicles themselves—which are all developed by Veeo Systems—will even vary from two-seaters to full-size buses that can transport 70 people. At some locations, the vehicles will drive on their own paths, occasionally crossing vehicle and pedestrian traffic, while at others, the vehicles will be completely integrated with existing cars.

Republicans’ “Internet Freedom Act” would wipe out net neutrality | Ars Technica

US Rep. Marsha Blackburn (R-TN) this week filed legislation she calls the “Internet Freedom Act” to overturn the Federal Communications Commission’s new network neutrality rules.

sweatthesweetstuff — Lauren Lomsdalen, Healthy Living Coach

It’s my mission to help you realize your potential and live a happy healthy life! It’s time to stop dieting once and for all! Learn how to make healthy habits that last so you can look and feel your best, and have more energy to do the things you love! That’s where I come in. There’s a lot of contradictory information out there and it can get confusing. Not to worry, I’ll help you sort through the cobwebs and find what’s right for you!

The post The Podcast Diet | Tech Talk Today 141 first appeared on Jupiter Broadcasting.