Show Notes: linuxactionnews.com/191

The post Linux Action News 191 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/72

The post Learning, Failing, and Hacking the Industry: Danny Akacki | Jupiter Extras 72 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/62

The post Building an Open Source Community: Wirefall | Jupiter Extras 62 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/60

The post Pentesting Problems: Bryson Bort | Jupiter Extras 60 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/58

The post Mastering Cyber Security Basics: James Smith | Jupiter Extras 58 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/52

The post Cyber Security Mistakes You're Probably Making: Duncan McAlynn | Jupiter Extras 52 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/37

The post 411 DevSecOps: Karthik Gaekwad | Jupiter Extras 37 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/30

The post Threat Hunting 101 | Jupiter Extras 30 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/407

The post Old School Outages | TechSNAP 407 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Massive cyberattack hits Europe with widespread ransom demands

• New Ransomware Variant Compromises Systems Worldwide

• some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc

• MDDoc posts about a virus

• notes at SANS ISC InfoSec Forums

Google Says It Will No Longer Read Users’ Emails To Sell Targeted Ads

• Google will no longer scan emails in Gmail accounts in order sell targeted advertising, the company said Friday.

• Google’s blog post

• more than 3 million paying companies that use G Suite

• Bloomberg post on same topic

Does US have right to data on overseas servers? We’re about to find out

Feedback

• AES-256 encryption keys cracked by hands-off hack from Shawn via Twitter

• workflow and backup strategy advice

• Regarding DNS, I think Dan mentioned that he didn’t have any of the books he used to learn about it. Any suggestions about some good reading material on that topic? Thanks for the awesome show. – DNS and BIND is the name of the book

Round Up:

• How LZ4 works

• Know your Times Tables, but… do you know your “Hash Tables”?

• AWS Security Primer

The post Google Reads Your Email | TechSNAP 325 first appeared on Jupiter Broadcasting.

Why a stolen healthcare record is harder to track than you might think, Security pros name their must have tools & blame as a service, the new Cybersecurity hot product.

Plus great questions, a huge Round Up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

A day in the life of a stolen healthcare record

• “When your credit card gets stolen because a merchant you did business with got hacked, it’s often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach.”
• “I was reminded of this last month, after receiving a tip from a source at a cyber intelligence firm based in California who asked to remain anonymous. My source had discovered a seller on the darknet marketplace AlphaBay who was posting stolen healthcare data into a subsection of the market called “Random DB ripoffs,”
• “Eventually, this same fraudster leaked a large text file titled, “Tenet Health Hilton Medical Center,” which contained the name, address, Social Security number and other sensitive information on dozens of physicians across the country.”
• “Contacted by KrebsOnSecurity, Tenet Health officials said the data was not stolen from its databases, but rather from a company called InCompass Healthcare. Turns out, InCompass disclosed a breach in August 2014, which reportedly occurred after a subcontractor of one of the company’s service providers failed to secure a computer server containing account information. The affected company was 24 ON Physicians, an affiliate of InCompass Healthcare.”
• “The breach affected approximately 10,000 patients treated at 29 facilities throughout the U.S. and approximately 40 employed physicians,” wrote Rebecca Kirkham, a spokeswoman for InCompass.
• So who was the subcontractor that leaked the data? According to PHIprivacy.net (and now confirmed by InCompass), the subcontractor responsible was PST Services, a McKesson subsidiary providing medical billing services, which left more than 10,000 patients’ information exposed via Google search for over four months.
• Think about that for a minute. The information must have just been laying around on their website for it to be able to be found by Google search
• “Still, not all breaches involving health information are difficult to backtrack to the source. In September 2014, I discovered a fraudster on the now-defunct Evolution Market dark web community who was selling life insurance records for less than $7 apiece. That breach was fairly easily tied back to Torchmark Corp., an insurance holding company based in Texas; the name of the company’s subsidiary was plastered all over stolen records listing applicants’ medical histories.”
• “Health records are huge targets for fraudsters because they typically contain all of the information thieves would need to conduct mischief in the victim’s name — from fraudulently opening new lines of credit to filing phony tax refund requests with the Internal Revenue Service. Last year, a great many physicians in multiple states came forward to say they’d been apparently targeted by tax refund fraudsters, but could not figure out the source of the leaked data. Chances are, the scammers stole it from hacked medical providers like PST Services and others.”
• As we have previously discussed, a stolen credit card may be worth a few dollars, even high end corporate cards rarely fetch more than $10 or $15 each. Health care records are worth upwards of $100 each.
• “Sensitive stolen data posted to cybercrime forums can rapidly spread to miscreants and ne’er-do-wells around the globe. In an experiment conducted earlier this month, security firm Bitglass synthesized 1,568 fake names, Social Security numbers, credit card numbers, addresses and phone numbers that were saved in an Excel spreadsheet. The spreadsheet was then transmitted through the company’s proxy, which automatically watermarked the file. The researchers set it up so that each time the file was opened, the persistent watermark (which Bitglass says survives copy, paste and other file manipulations), “called home” to record view information such as IP address, geographic location and device type.”
• “The company posted the spreadsheet of manufactured identities anonymously to cyber-crime marketplaces on the Dark Web. The result was that in less than two weeks, the file had traveled to 22 countries on five continents, was accessed more than 1,100 times. “Additionally, time, location, and IP address analysis uncovered a high rate of activity amongst two groups of similar viewers, indicating the possibility of two cyber crime syndicates, one operating within Nigeria and the other in Russia,” the report concluded.“

Security pros name their must have tools

• Network World asked some “security pros” from around the industry to name their must have tools
• Lawyers Without Borders uses Intralinks VIA to securely share files
• Yell.com (a yellow pages site) uses Distil Networks’ bot detection and mitigation service to prevent content theft and avoid excess load from web scraper bots
• SureScripts.com (online perscription service) uses Invincea FreeSpace Enterprise for endpoint security. “stops advanced end user attacks (spear phishing, drive-by downloads, etc.) via containment, and stops our machines from getting infected
• a biotechnology company uses EMC Syncplicity to secure and distribute content to mobile devices. “It is an amazing mobile app that offers a great user experience and also offers the security and control we need as a therapeutics company with lots of sensitive information”
• A private health insurance software application provider uses Forum Sentry API gateway to protect its API from malactors. “Forum Sentry enabled us to securely expose our APIs to our private health insurance funds, third parties and internal clients and has provided a policy-based platform that is easy to maintain and extend – all while reducing development time and resources”
• Firehouse Subs, a large restaurant chain uses Netsurion’s Managed PCI to manage their Payment Card Industry Data Security Standard compliance. “Netsurion simplifies PCI for myself, and our franchisees, allowing us to maintain focus on other portions of our business”
  • A software vendor that makes heavy uses of Software as a Service (SaaS) relies on Adallom for SaaS to monitor, provides visibility into, and protection of SaaS applications.
  • Iowa Vocational Rehabilitation Services, raved about the configurability and reliability of NCP’s enterprise VPN solution
• I am sorry, when I started writing this news item for TechSNAP, I thought the list was going to be useful
• These were not the kinds of tools I was expecting
• Instead it just shows a random reporter who knows nothing about Cyber Security, asking a bunch of random businesses who know nothing about Cyber Security and just buy magic software and services what they think
• If your approach to cyber security is: buy some magic software, then you’re in trouble
• Cyber Security is a mindset, and requires defense in depth. It is about doing as much as can be done, and more importantly, planning for when that turns out to not be enough.
• What you really need is a cyber security disaster kit, like the one you have in your house in the event of a nature disaster. All of the things you need to survive until the mess is cleaned up.
• What companies really need, is to do cyber security fire drills, and have better fire alarms
• Software can’t solve everything, but it can help automate the task of getting the attention of a human at the right time

Intel launches new line of E7 v3 Haswell-EX processors

• Intel has announced its new E7-8800 and E7-4800 line of processors, featuring:
• 20% more cores/threads
• 20% more Last-Level Cache
• Benchmarks show actual 15-20% gains over the E7-4890 v2
• Support for DDR3 or DDR4 memory (not at the same time). “Support for the two differing memory types comes by way of Intel’s C112 and C114 scalable memory buffers.”
• 1.5 TB of ram per socket, quad channel, 102 GB/s memory bandwidth
• This means a 4 socket motherboard can have 6TB of ram, and an 8 socket board can have 12TB of ram
• 32 PCI-E 3.0 lanes per socket
• The highest end versions also feature QPI links at 9.6 GT/s (the previous maximum was 8.0 GT/s)
• E7-4xxx models are designed for 4 socket motherboards, while the E7-8xxx models are for 8 socket motherboards
• Models include:
  • E7-4809 v3 – 8x 2.00 GHz + HT, 20MB LLC
  • E7-4820 v3 – 10x 1.90 GHz + HT, 25MB LLC
  • E7-4830 v3 – 12x 2.10 GHz (Turbo: 2.70 GHz) + HT, 30MB LLC
  • E7-4850 v3 – 14x 2.20 GHz (Turbo: 2.80 GHz) + HT, 35MB LLC
  • E7-8860 v3 – 16x 2.20 GHz (Turbo: 3.20 GHz) + HT, 40MB LLC
  • E7-8880 v3 – 18x 2.30 GHz (Turbo: 3.10 GHz) + HT, 45MB LLC
  • E7-8890 v3 – 18x 2.50 GHz (Turbo: 3.30 GHz) + HT, 45MB LLC
  • E7-8891 v3 – 10x 2.80 GHz (Turbo: 3.50 GHz) + HT, 45MB LLC
  • E7-8893 v3 – 4x 3.20 GHz (Turbo: 3.50 GHz) + HT, 45MB LLC
• “Want!”

Feedback:

• Looking for a better/different back-up solution.

• Question about NAS versus SAN

• A response to the docker criticism in Episode 212 “Dormant Docker Disasters”

• The concept of a Virtual/Logical DMZ?

Round Up:

• Actively exploited WordPress bug puts millions of sites at risk
• Learn about how Windows kernel exploits work with the “HackSys Extreme Vulnerable Driver”
• PillPack.com online pharmacy vulnerability could have allowed anyone to view your entire perscription history, with only your name a birthdate
• Network reconnaissance without actually probing the network, using DNS
• Hospira Lifecare PCA infusion pump has telnet enabled with no password, allows anyone to root it with a tcp connection
• Boeing 787 dreamliner generator control units contain software bug that causes them to fail after 248 days of uptime
• Microsoft bangs the cybersecurity drum with Advanced Threat Analytics
• How to make two C binaries with the same MD5 hash – Why you shouldn’t trust MD5
• Understanding Docker Security and Best Practices
• Netflix open sources FIDO – Fully Integrated Defense Operation
• Docker vs the container world: Techies rally around CoreOS-led spec
• Lab of a Pen Tester — Dumping Windows 8.1 passwords in plain text
• System Crash for Starbucks Leads to Free Coffee for Some
• L3 cache mapping on Sandy Bridge CPUs
• Google Can’t Ignore The Android Update Problem Any Longer
• Researcher finds another method of bypassing Google’s password alert feature
• Windows 10 to do away with Patch Tuesday
• “unnamed FreeBSD Developer: OMG!!! I found a place where an ex-employee went to the repo, checked out the distribution tarball of freeipmi… unpacked it… edited the Makefiles, re-tarred it up and checked it back in under same name…”

The post Blame as a Service | TechSNAP 213 first appeared on Jupiter Broadcasting.

Is it possible to make a truly private phone call anymore? The answer might surprise you. Cisco and Level 3 battle a huge SSH botnet & how to Build a successful Information Security career.

Plus a great batch of your questions, a rocking round up, and much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

How to make secret phone calls

• “There’s a lot you can find in the depths of the dark web, but in 2013, photographer and artist Curtis Wallen managed to buy the ingredients of a new identity”
• “After purchasing a Chromebook with cash, Wallen used Tor, virtual marketplaces, and a bitcoin wallet to purchase a fake driver’s license, insurance card, social security number, and cable bill, among other identifying documents. Wallen saw his new identity, Aaron Brown, as more than just art: Brown was a political statement on the techno-surveillance age.”
• The article sets out the steps required to conduct untraceable phone calls
• The instructions are based on looking at how CIA OpSec was compromised by cell phones in the cases of the 2005 extraordinary rendition of Hassan Mustafa Osama in Italy and their surveillance of Lebanese Hezbollah
• “using a prepaid “burner” phone, posting its phone number publicly on Twitter as an encrypted message, and waiting for your partner to decrypt the message and call you at a later time”
• Analyze your daily movements, paying special attention to anchor points (basis of operation like home or work) and dormant periods in schedules (8-12 p.m. or when cell phones aren’t changing locations);
• Leave your daily cell phone behind during dormant periods and purchase a prepaid no-contract cell phone (“burner phone”);
• After storing burner phone in a Faraday bag, activate it using a clean computer connected to a public Wi-Fi network;
• Encrypt the cell phone number using a onetime pad (OTP) system and rename an image file with the encrypted code. Using Tor to hide your web traffic, post the image to an agreed upon anonymous Twitter account, which signals a communications request to your partner;
• Leave cell phone behind, avoid anchor points, and receive phone call from partner on burner phone at 9:30 p.m.—or another pre-arranged “dormant” time—on the following day;
• Wipe down and destroy handset.
• “The approach is “very passive” says Wallen. For example, “Posting an image to Twitter is a very common thing to do, [and] it’s also very common for image names to have random numbers and letters as a file name,” he says. “So, if I’ve prearranged an account where I’m going to post an encrypted message, and that message comes in the form of a ‘random’ filename, someone can see that image posted to a public Twitter account, and write down the filename—to decrypt by hand—without ever actually loading the image. Access that Twitter account from Tor, from a public Internet network, and there’s hardly any trace that an interaction even happened.””
• “This is not easy, of course. In fact, it’s really, comically hard. “If the CIA can’t even keep from getting betrayed by their cell phones, what chance do we have?””
• “Central to good privacy, says Wallen, is eliminating or reducing anomalies that would pop up on surveillance radars, like robust encryption or SIM card swapping. To understand the risks of bringing unwanted attention to one’s privacy practices, Wallen examined the United States Marine Corps’ “Combat Hunter” program, which deals with threat assessment through observation, profiling, and tracking.”
• “Anomalies are really bad for what I’m trying to accomplish—that means any overt encryption is bad, because it’s a giant red flag,” Wallen said. “I tried to design the whole system to have as small a footprint as possible, and avoid creating any analyzable links.”
• “I was going out and actually buying phones, learning about different ways to buy them, to activate them, to store them, and so on,” said Wallen, who eventually bought a burner phone from a Rite Aid. “I kept doing it until I felt like I’d considered it from every angle.”
• “After consulting on commercially available Faraday bags, Wallen settled on the Ramsey Electronics STP1100”
• Wallen cautions his audience about taking his instructions too literally. The project, he says, “was less about arriving at a necessarily practical system for evading cell phone tracking, than it was about the enjoyment of the ‘game’ of it all. In fact, I think that it is so impractical says a lot.”
• “Bottom line,” he adds. “If your adversary is a nation state, don’t use a cellphone.”
• Guide to creating and using One-Time Pads
• John Oliver: Government Surveillance — Interview with Edward Snowden

Cisco and Level 3 battle a huge SSH botnet

• “Talos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Internet. Although our research efforts help inform and protect Cisco customers globally, sometimes it is our relationships that can multiply this impact. Today Cisco and Level 3 Communications took action to help ensure a significantly larger portion of the Internet is also protected.”
• “The behavior consists of large amounts of SSH brute force login attempts from 103.41.124.0/23, only attempting to guess the password for the root user, with over 300,000 unique passwords. Once a successful login is achieved the brute forcing stops. The next step involves a login from a completely different IP ranges owned by shared hosting companies based out of the United States. After login is achieved a wget request is sent outbound for a single file which has been identified as a DDoS rootkit. “
• “Once the rootkit is installed additional instructions are downloaded via an XOR encoded file from one of the C2 servers. The config file is largely constructed of a list of IP addresses that are being denied and filenames, and files to be deleted.”
• “At times, this single attacker accounted for more than 35% of total Internet SSH traffic”
• Level 3 then worked to block the malicious traffic
• “Our goal, when confirming an Internet risk, is to remove it as broadly as possible; however, before removing anything from the Internet, it is important to fully understand the impact that may have to more benign hosts. To do this, we must understand more details of the attacker’s tools and infrastructure.”
• “As part of the process, Level 3 worked to notify the appropriate providers regarding the change. On March 30th SSHPsychos suddenly pivoted. The original /23 network went from a huge volume of SSH brute force attempts to almost no activity and a new /23 network began large amounts of SSH brute forcing following the exact same behavior associated with SSHPsychos. The new network is 43.255.190.0/23 and its traffic was more than 99% SSH immediately after starting communication. The host serving the malware also changed and a new host (23.234.19.202) was seen providing the same file as discussed before a DDoS Rootkit.”
• “Based on this sudden shift, immediate action was taken. Talos and Level 3 decided to remove the routing capabilities for 103.41.124.0/23, but also add the new netblock 43.255.190.0/23. The removal of these two netblocks introduced another hurdle for SSHPsychos, and hopefully slows their activity, if only for a short period.”
• “For those of you who have Linux machines running sshd on the open Internet, be sure to follow the best practice of disabling root login in your sshd config file. That step alone would stop this particular attacker from being successful in your environment.”
• Remote root login should never be allowed anyway
• Hopefully this will send a clear message to the providers that allow these type of attackers to operate on their network. If you don’t clean up your act, you’ll find large swaths of your IP space unusable on the public internet.

How to Build a Successful Information Security Career

• A question I often get is “how do I get into InfoSec”
• Myself, not actually being an InfoSec professional, and never having really worked in that space, do not have the answer
• Luckily, someone who is in that space, finally wrote it all down
• “One of the most important things for any infosec professional is a good set of inputs for news, articles, tools, etc.”
  • So, keep watching TechSNAP
• Basic Steps:
• Education (Sysadmin, Networking, Development)
• Building Your Lab (VMs, VPSs from Digital Ocean)
• You Are Your Projects (Build something)
• Have a Presence (Website, Blog, Twitter, etc)
• Certifications (“Things have the value that others place on them”)
• Networking With Others (Find a mentor, be an intern)
• Conferences (Go to Conferences. Speak at them)
• Mastering Professionalism (Dependability, Well Written, Good Speaker)
• Understanding the Business (Businesses want to quantify risk so they can decide how much should be spent on mitigating it)
• Having Passion (90% of being successful is simply getting 100,000 chances to do so. You get chances by showing up)
• Becoming Guru
• It is a very good read, broken down into easy to understand steps, with the justification for each requirement, as well as some alternatives, because one size does not fit all
• Related, but Roundup is already full enough: How to Avoid a Phone Call from Brian Krebs – The Basics of Intrusion Detection and Prevention with Judy Novak

Feedback:

• Data Delivery/Syncing over WAN

• TOR Question

• Upgrading password hash algorithm

Round Up:

• Announcing Git Large File Storage (LFS)
• Amazon EFS
• One in seven employees will self corporate passwords for $150 or less
• Hidden backdoor API to root privileges in Apple OS X
• Vulnerability in Firefox forced Mozilla to disable opportunistic encryption
• The FBI Has Its Own Secret Brand of Malware
• AT&T Call Center staff sold hundres of thousands of customer records to criminals
• Expired SSL certificate
• Google lets the Root CA certificate that issues the smtp.gmail.com certificate expire
• Congress must end mass NSA surveillance with next Patriot Act vote
• Greenwald criticized universities which open up their campuses to government agencies in exchange for funding
• 8 Ways You Didn’t Know Hackers Could Steal Your Identity
• Apple did not remove CNNIC Root CA from trust lists in latest security update
• Every Wi-Fi Router Should Look Like The USS Enterprise
• IT Security in a nutshell

The post Day-0 of an InfoSec Career | TechSNAP 209 first appeared on Jupiter Broadcasting.

This week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD’s IPSEC stack. We’ll learn what he’s adding, what needed to be fixed and how we’ll benefit from the changes. As always, answers to your emails and all of this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSD panel at Phoenix LUG

• The Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD
• It had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience
• They covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy
• It was a good “real world” example of things potential switchers are curious to know about
• They closed by concluding that more diversity is always better, and even if you’ve got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea

Book of PF signed copy auction

• Peter Hansteen (who we’ve had on the show) is auctioning off the first signed copy of the new Book of PF
• All the profits from the sale will go to the OpenBSD Foundation
• The updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD’s versions (which still use ALTQ, among other differences)
• If you’re interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf – and the money will also go to a good cause
• Michael Lucas has challenged Peter to raise more for the foundation than his last book selling – let’s see who wins
• Pause the episode, go bid on it and then come back!

FreeBSD Foundation goes to EuroBSDCon

• Some people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report
• They also sponsored four other developers to go
• The foundation was there “to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD”
• They also have a second report from Kamil Czekirda
• A total of $2000 was raised at the conference

OpenBSD 5.6 released

• Note: we’re doing this story a couple days early – it’s actually being released on November 1st (this Saturday), but we have next week off and didn’t want to let this one slip through the cracks – it may be out by the time you’re watching this
• Continuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6
• It includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features
• 5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it
• You can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial for that)
• ALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed
• This will serve as a “transitional” release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd and from BIND to Unbound
• Sendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions
• As always, 5.6 comes with its own song and artwork – the theme this time was obviously LibreSSL
• Be sure to check the full changelog (it’s huge) and pick up a CD or tshirt to support their efforts
• If you don’t already have the public key releases are signed with, getting a physical CD is a good “out of bounds” way to obtain it safely
• Here are some cool images of the set
• After you do your installation or upgrade, don’t forget to head over to the errata page and apply any patches listed there

Interview – John-Mark Gurney – jmg@freebsd.org / @encthenet

Updating FreeBSD’s IPSEC stack

News Roundup

Clang in DragonFly BSD

• As we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang on i386/amd64 almost exclusively
• Some DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly
• We’d love to see more BSDs switch to Clang/LLVM eventually, it’s a lot more modern than the old GCC most are using

reallocarray(): integer overflow detection for free

• One of the less obvious features in OpenBSD 5.6 is a new libc function: “reallocarray()”
• It’s a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost
• Theo and a few other developers have already started a mass audit of the entire source tree, replacing many instances with this new feature
• OpenBSD’s explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too

Switching from Linux blog

• A listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux
• After over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome)
• So far, he’s put up a few posts about his initial thoughts, some documentation he’s going through and his experiments so far
• It’ll be an ongoing series, so we may check back in with him again later on

Owncloud in a FreeNAS jail

• One of the most common emails we get is about running Owncloud in FreeNAS
• Now, finally, someone made a video on how to do just that, and it’s even jailed
• A member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend
• If you’re looking for an easy way to back up and sync your files, this might be worth a watch

Feedback/Questions

• Ernõ writes in
• David writes in
• Kamil writes in
• Torsten writes in
• Dominik writes in

Mailing List Gold

• That’s not our IP
• Is this thing on?

• All the tutorials are posted in their entirety at bsdnow.tv
• The OpenBSD router, dpb, PXE autoinstall and patched ISO building tutorials have all been updated for 5.6
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – tell us how we’re doing or what you’d like to see in future episodes
• You can usually watch live Wednesdays at 2:00PM Eastern (18:00 UTC), but…
• We’ll be in California at MeetBSD next week, so there will be a prerecorded episode
• Speaking of conferences, the operatingsystems.io event has gotten a few more BSD speakers – check it out if you’re in London on November 25th

The post IPSECond Wind | BSD Now 61 first appeared on Jupiter Broadcasting.