Show Notes: linuxunplugged.com/442

The post Liberty Leaks and Lies | LINUX Unplugged 442 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/421

The post Server Savior Squad | LINUX Unplugged 421 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/339

The post BSD Fundraising | BSD Now 339 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/342

The post Shrimps have SSHells | LINUX Unplugged 342 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/328

The post EPYC Netflix Stack | BSD Now 328 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/330

The post 'Tis the SSHession | LINUX Unplugged 330 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/322

The post Happy Birthday, Unix | BSD Now 322 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/304

The post Prospering with Vulkan | BSD Now 304 first appeared on Jupiter Broadcasting.

##Headlines
###OpenBSD 6.4 released

• See a detailed log of changes between the 6.3 and 6.4 releases.
• See the information on the FTP page for a list of mirror machines.
• Have a look at the 6.4 errata page for a list of bugs and workarounds.
• signify(1) pubkeys for this release:
• base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA
• fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97
• pkg: RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA

###GhostBSD 18.10 RC2 Announced

This second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet.

• What has changed since RC1

• Removed drm-stable-kmod and we will let users installed the propper drm-*-kmod

• Douglas Joachin added libva-intel-driver libva-vdpau-driver to supports accelerated some video driver for Intel

• Issues that got fixed

• Bug #70 Cannot run Octopi, missing libgksu error.

• Bug #71 LibreOffice doesn’t start because of missing libcurl.so.4

• Bug #72 libarchive is a missing dependency

Again thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother.

• Updating from RC1 to RC2:

• sudo pkg update -f

• sudo pkg install -f libarchive curl libgksu

• sudo pkg upgrade

• Where to download:

• All images checksum, hybrid ISO(DVD, USB) and torrent are available here: https://www.ghostbsd.org/download

• [ScreenShots]

• https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png

• https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png

###OpenSSH 7.9 has been released and it has support for OpenSSL 1.1

Changes since OpenSSH 7.8
=========================

This is primarily a bugfix release.

New Features
------------
 * ssh(1), sshd(8): allow most port numbers to be specified using
   service names from getservbyname(3) (typically /etc/services).
 * ssh(1): allow the IdentityAgent configuration directive to accept
   environment variable names. This supports the use of multiple
   agent sockets without needing to use fixed paths.
 * sshd(8): support signalling sessions via the SSH protocol.
   A limited subset of signals is supported and only for login or
   command sessions (i.e. not subsystems) that were not subject to
   a forced command via authorized_keys or sshd_config. bz#1424
 * ssh(1): support "ssh -Q sig" to list supported signature options.
   Also "ssh -Q help" to show the full set of supported queries.
 * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
   client and server configs to allow control over which signature
   formats are allowed for CAs to sign certificates. For example,
   this allows banning CAs that sign certificates using the RSA-SHA1
   signature algorithm.
 * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
   revoke keys specified by SHA256 hash.
 * ssh-keygen(1): allow creation of key revocation lists directly
   from base64-encoded SHA256 fingerprints. This supports revoking
   keys using only the information contained in sshd(8)
   authentication log messages.

Bugfixes
--------

 * ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
   attempting to load PEM private keys while using an incorrect
   passphrase. bz#2901
 * sshd(8): when a channel closed message is received from a client,
   close the stderr file descriptor at the same time stdout is
   closed. This avoids stuck processes if they were waiting for
   stderr to close and were insensitive to stdin/out closing. bz#2863
 * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
   forwarding timeout and support X11 forwarding indefinitely.
   Previously the behaviour of ForwardX11Timeout=0 was undefined.
 * sshd(8): when compiled with GSSAPI support, cache supported method
   OIDs regardless of whether GSSAPI authentication is enabled in the
   main section of sshd_config. This avoids sandbox violations if
   GSSAPI authentication was later enabled in a Match block. bz#2107
 * sshd(8): do not fail closed when configured with a text key
   revocation list that contains a too-short key. bz#2897
 * ssh(1): treat connections with ProxyJump specified the same as
   ones with a ProxyCommand set with regards to hostname
   canonicalisation (i.e. don't try to canonicalise the hostname
   unless CanonicalizeHostname is set to 'always'). bz#2896
 * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
   key authentication using certificates hosted in a ssh-agent(1)
   or against sshd(8) from OpenSSH <7.8.

Portability
-----------

 * All: support building against the openssl-1.1 API (releases 1.1.0g
   and later). The openssl-1.0 API will remain supported at least
   until OpenSSL terminates security patch support for that API version.
 * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
   apparently required by some glibc/OpenSSL combinations.
 * sshd(8): handle getgrouplist(3) returning more than
   _SC_NGROUPS_MAX groups. Some platforms consider this limit more
   as a guideline.

##News Roundup

###MeetBSD 2018: The Ultimate Hallway Track

Founded in Poland in 2007 and first hosted in California in 2008, MeetBSD combines formal talks with UnConference activities to provide a level of interactivity not found at any other BSD conference. The character of each MeetBSD is determined largely by its venue, ranging from Hacker Dojo in 2010 to Intel’s Santa Clara headquarters this year. The Intel SC12 building provided a beautiful auditorium and sponsors’ room, plus a cafeteria for the Friday night social event and the Saturday night FreeBSD 25th Anniversary Celebration. The formal nature of the auditorium motivated the formation of MeetBSD’s first independent Program Committee and public Call for Participation. Together these resulted in a backbone of talks presented by speakers from the USA, Canada, and Poland, combined with UnConference activities tailored to the space.

• MeetBSD Day 0

Day Zero of MeetBSD was a FreeBSD Developer/Vendor Summit hosted in the same auditorium where the talks would take place. Like the conference itself, this event featured a mix of scheduled talks and interactive sessions. The scheduled talks were LWPMFS: LightWeight Persistent Memory Filesystem by Ravi Pokala, Evaluating GIT for FreeBSD by Ed Maste, and NUMA by Mark Johnston. Ed’s overview of the advantages and disadvantages of using Git for FreeBSD development was of the most interest to users and developers, and the discussion continued into the following two days.

• MeetBSD Day 1

The first official day of MeetBSD 2018 was kicked off with introductions led by emcee JT Pennington and a keynote, “Using TrueOS to boot-strap your FreeBSD-based project” by Kris Moore. Kris described a new JSON-based release infrastructure that he has exercised with FreeBSD, TrueOS, and FreeNAS. Kris’ talk was followed by “Intel & FreeBSD: Better Together” by Ben Widawsky, the FreeBSD program lead at Intel, who gave an overview of Intel’s past and current efforts supporting FreeBSD. Next came lunch, followed by Kamil Rytarowski’s “Bug detecting software in the NetBSD userland: MKSANITIZER”. This was followed by 5-Minute Lightning Talks, Andrew Fengler’s “FreeBSD: What to (Not) Monitor”, and an OpenZFS Panel Discussion featuring OpenZFS experts Michael W. Lucas, Allan Jude, Alexander Motin, Pawel Dawidek, and Dan Langille. Day one concluded with a social event at the Intel cafeteria where the discussions continued into the night.

• MeetBSD Day 2

Day Two of MeetBSD 2018 kicked off with a keynote by Michael W. Lucas entitled “Why BSD?”, where Michael detailed what makes the BSD community different and why it attracts us all. This was followed by Dr. Kirk McKusick’s “The Early Days of BSD” talk, which was followed by “DTrace/dwatch in Production” by Devin Teske. After lunch, we enjoyed “A Curmudgeon’s Language Selection Criteria: Why I Don’t Write Everything in Go, Rust, Elixir, etc” by G. Clifford Williams and, “Best practices of sandboxing applications with Capsicum” by Mariusz Zaborski. I then hosted a Virtualization Panel Discussion that featured eight developers from FreeBSD, OpenBSD, and NetBSD. We then split up for Breakout Sessions and the one on Bloomberg’s controversial article on backdoored Supermicro systems was fascinating given the experts present, all of whom were skeptical of the feasibility of the attack. The day wrapped up with a final talk, “Tales of a Daemontown Performance Peddler: Why ‘it depends’ and what you can do about it” by Nick Principe, followed by the FreeBSD 25th Anniversary Celebration.

• Putting the “meet” in MeetBSD

I confess the other organizers and I were nervous about how well one large auditorium would suit a BSD event but the flexible personal space it gave everyone allowed for countless meetings and heated hacking that often brought about immediate results. I watched people take ideas through several iterations with the help and input of obvious and unexpected experts, all of whom were within reach. Not having to pick up and leave for a talk in another room organically resulted in essentially a series of mini hackathons that none of us anticipated but were delighted to witness, taking the “hallway track” to a whole new level. The mix of formal and UnConference activities at MeetBSD is certain to evolve. Thank you to everyone who participated with questions, Lightning Talks, and Panel participation. A huge thanks to our sponsors, including Intel for both hosting and sponsoring MeetBSD California 2018, Western Digital, Supermicro, Verisign, Jupiter Broadcasting, the FreeBSD Foundation, Bank of America Merrill Lynch, the NetBSD Foundation, and the team at iXsystems.

See you at MeetBSD 2020!

###Setup DragonflyBSD with a desktop on real hardware ThinkPad T410
+Video Demo

Linux has become too mainstream and standard BSD is a common thing now? How about DragonflyBSD which was created as a fork of FreeBSD 4.8 in conflict over system internals. This tutorial will show how to install it and set up a user-oriented desktop. It should work with DragonflyBSD, FreeBSD and probably all BSDs.
Some background: BSD was is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install!
I did try two BSD distros before called GhostBSD and TrueOS and you can check out my short reviews. DragonflyBSD comes like FreeBSD bare bones and requires some work to get a desktop running.

• Download image file and burn to USB drive or DVD

• First installation

• Setting up the system and installing a desktop

• Inside the desktop

• Install some more programs

• How to enable sound?

• Let’s play some free games

• Setup WiFi

• Power mode settings

• More to do?

You can check out this blog post if you want a much more detailed tutorial. If you don’t mind standard BSD, get the GhostBSD distro instead which comes with a ready-made desktop xcfe or mate and many functional presets.

• A small summary of what we got on the upside:

  • Free and open source operating system with a long history
  • Drivers worked fine including Ethernet, WiFi, video 2D & 3D, audio, etc
  • Hammer2 advanced file system
  • You are very unique if you use this OS fork

• Some downsides:

• Less driver and direct app support than Linux

• Installer and desktop have some traps and quirks and require work

###Porting Keybase to NetBSD

Keybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it’s also hooked up to the network of all other Keybase users, so you don’t have to work very hard to maintain big keychains. Pretty cool!
So, this evening, I tried to get it to all work on NetBSD.
The Keybase client code base is, in my opinion, not very well architected… there exist many different Keybase clients (command line apps, desktop apps, mobile apps) and for some reason the code for all of them are seemingly in this single repository, without even using Git submodules. Not sure what that’s about.
Anyway, “go build”-ing the command line program (it’s written in Go) failed immediately because there’s some platform-specific code that just does not seem to recognize that NetBSD exists (but they do for FreeBSD and OpenBSD). Looks like the Keybase developers maintain a Golang wrapper around struct proc, which of course is different from OS to OS. So I literally just copypasted the OpenBSD wrapper, renamed it to “NetBSD”, and the build basically succeeded from there! This is of course super janky and untrustworthy, but it seems to Mostly Just Work…
I forked the GitHub repo, you can see the diff on top of keybase 2.7.3 here: bccaaf3096a
Eventually I ended up with a ~/go/bin/keybase which launches just fine. Meaning, I can main() okay. But the moment you try to do anything interesting, it looks super scary:

charlotte@sakuracity:~/go/bin ./keybase login
▶ WARNING Running in devel mode
▶ INFO Forking background server with pid=12932
▶ ERROR unexpected error in Login: API network error: doRetry failed,
attempts: 1, timeout 5s, last err: Get
https://localhost:3000/_/api/1.0/merkle/path.json?last=3784314&load_deleted=1&load_reset_chain=1&poll=10&sig_hints_low=3&uid=38ae1dfa49cd6831ea2fdade5c5d0519:
dial tcp [::1]:3000: connect: connection refused

There’s a few things about this error message that stuck out to me:

• Forking a background server? What?
• It’s trying to connect to localhost? That must be the server that doesn’t work …

Unfortunately, this nonfunctional “background server” sticks around even when a command as simple as ‘login’ command just failed:

charlotte@sakuracity:~/go/bin ps 12932
  PID TTY STAT    TIME COMMAND
  12932 ?   Ssl  0:00.21 ./keybase --debug --log-file
  /home/charlotte/.cache/keybase.devel/keybase.service.log service --chdir
  /home/charlotte/.config/keybase.devel --auto-forked 

I’m not exactly sure what the intended purpose of the “background server” even is, but fortunately we can kill it and even tell the keybase command to not even spawn one:

charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --standalone
   --standalone                         Use the client without any daemon support.

And then we can fix wanting to connect to localhost by specifying an expected Keybase API server – how about the one hosted at https://keybase.io?

charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --server
   --server, -s                         Specify server API.

Basically, what I’m trying to say is that if you specify both of these options, the keybase command does what I expect on NetBSD:

charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io login
▶ WARNING Running in devel mode
Please enter the Keybase passphrase for dressupgeekout (6+ characters): 

charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io id dressupgeekout
▶ WARNING Running in devel mode
▶ INFO Identifying dressupgeekout
✔ public key fingerprint: 7873 DA50 A786 9A3F 1662 3A17 20BD 8739 E82C 7F2F
✔ "dressupgeekout" on github:
https://gist.github.com/0471c7918d254425835bf5e1b4bcda00 [cached 2018-10-11
20:55:21 PDT]
✔ "dressupgeekout" on reddit:
    
      My Keybase proof [reddit:dressupgeekout = keybase:dressupgeekout] (D4emf2X3JH5vi4R-FvelGoUUkPGg4oQCk5XvYpZy0F8) from      KeybaseProofs    
    
[cached 2018-10-11 20:55:21 PDT]

###Initial implementation of draft-ietf-6man-ipv6only-flag

This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.

If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.

The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.

Further changes to tcpdump (contrib code) are availble and will
be upstreamed.

Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).

We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set.  Also we might want to start
IPv6 before IPv4 in the future.

All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.

Dear 6man, you have running code.

Discussed with: Bob Hinden, Brian E Carpenter

##Beastie Bits

• Running FreeBSD on macOS via xhyve
• Auction Winners
• OpenSSH Principals
• OpenBSD Foundation gets a second Iridium donation from Handshake
• NetBSD machines at Open Source Conference 2018 Kagawa
• Absolute FreeBSD now shipping!
• NextCloud on OpenBSD
• FreeBSD 12.0-BETA2 Available
• DTrace on Windows ported from FreeBSD
• HELBUG fall 2018 meeting scheduled – Thursday the 15th of November
• 35C3 pre-sale has started
• Stockholm BSD User Meeting: Tuesday Nov 13, 18:00 – 21:30
• Polish BSD User Group: Thursday Nov 15, 18:30 – 21:00

##Feedback/Questions

• Greg – Interview suggestion for the show
• Nelson – Ghostscript vulnerabilities
• Allison – Ports and GCC

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Ghostly Releases | BSD Now 270 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/382

The post Domestic Disappointments | TechSNAP 382 first appeared on Jupiter Broadcasting.

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Feedback

• Continuous Integration Survey : CoderRadio

I’m looking into upgrading my CI setup and am having a hard time finding one cloud solution that does all of the following:

• Rails
• Xamarin
• Node / JavaScript in General
• iOS Native

Hoopla

Win32-OpenSSH: Win32 port of OpenSSH

This is the port of OpenBSD’s excellent OpenSSH[0] to Linux and other
Unices.

Amazon introduces paid subscriptions for Alexa skills

This is the first time third-party developers will be able to implement a direct means of monetizing their skills themselves, but it’s not the first time developers have earned money from their skills.

This is going to be a true test of my self-control…. #mac #iMacPro #CoderRadio — @ChrisLAS https://t.co/HijlT66h2u

— Michael Dominick (@dominucco) December 15, 2017

The more I look at the #iMacPro the more I think it might actually be the #MacPro devs have been whining for sans upgradability

— Michael Dominick (@dominucco) December 15, 2017

Apple TV, Google Chromecast return to Amazon – CNET

The e-commerce powerhouse adds five Apple TV and Chromecast devices to its online store, offering an olive branch to both Google and Apple.

Pick of the Week

Welp this one is goin on the soundboard @dominucco!https://t.co/nBGgTPbK94

From Sandalot in our Discord server

— Chris Fisher (@ChrisLAS) December 14, 2017

The post Mike’s New Ride | CR 288 first appeared on Jupiter Broadcasting.

RSS Feeds:

HD Video Feed | MP3 Feed | iTunes Feed

Become a supporter on Patreon:

Episode Links

• Introducing Amazon Linux 2 — Amazon Linux 2 provides a modern execution environment with LTS Kernel (4.9) tuned for optimal performance on Amazon Web Services (AWS), systemd support, and newer tooling (gcc 7.2.1, glibc 2.25, binutils 2.27).
• Amazon Linux 2 Benchmarks — With Amazon AWS this week having released Amazon Linux 2 LTS I was excited to put this updated cloud-focused operating system through some performance tests to see how it stacks up with the more well known Linux distributions.
• OpenSSH coming to Windows 10 — The software giant is now adding a native OpenSSH client to Windows 10. It’s available immediately as a beta option in the Fall Creators Update for Windows 10, and it’s easy to enable.
• Not just the client — we also shipped OpenSSH’s sshd server, but it’s a little tricky to configure right now. Expect a blog post this week. * This is not production-ready in the current version of Windows 10 (hence the “(Beta)” in the label), but we hope to be soon.
• Mozilla faces blowback after slipping Mr Robot plugin into Firefox — Firefox users noticed a strange new plug-in popping up in their browsers. A new plug-in called Looking Glass found its way into each instance of the new Firefox Quantum browser. It was disabled by default, but users were still alarmed to see a plugin they hadn’t installed.
• Steve Klabnik on Twitter — I am pretty upset with my employer, @mozilla, today
• Carol Nichols, Rus Dev on Twitter — “Mozilla wasn’t paid for the Mr. Robot tie-in”
• Intel to slap hardware lock on Management Engine code to thwart downgrade attacks — From version 12 onward, ME-equipped chips will defend against patch rollbacks.
• Conservancy update on fight with Law Center — Today, Conservancy filed for summary judgment in SFLC’s trademark cancellation action. As I understand from our lawyers, summary judgment is a mechanism to ask a Court to expediently handle a matter where the facts are straightforward and, as a matter of law, there is no plausible way that the party filing for summary judgment won’t prevail.
• TechSNAP reboot — Systems, Network, and Administration Podcast. Every week TechSNAP covers the stories that impact those of us in the tech industry, and all of us that follow it. Every episode we dedicate a portion of the show to answer audience questions, discuss best practices, and solving your problems.

The post Linux Action News 32 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

OpenSSH CLI escape sequences

• Notes from when Dan was experimenting with this: Only work if ~ is the first character you type; typing something, then backspace, then ~ will not invoke the escape sequence. Must be the first character after ENTER.

Kaspersky Confirms It Downloaded Classified Docs, Blames NSA Contractor’s Dumb Mistake

• According to Kaspersky, the fault rests of the shoulders of the NSA contractor, who allegedly brought home government surveillance tools and then decided to activate their consumer antivirus software

• The analyst’s computer was infected with malware while Kaspersky’s product was disabled

• When Kaspersky’s product was re-enabled, the user apparently scanned their system multiple times

• A 7-zip archive of documents was retrieved for analysis because the user had set the software to send reports of malicious detections.

‘I Forgot My PIN’: An Epic Tale of Losing $30,000 in Bitcoin

• Spent $3,000 to buy 7.4 bitcoins. Saved them to Trezor hardware wallet. Wrote down a 24-word recovery key. Saved a PIN.

• Paper went missing

• Could not remember PIN

• Tried many times.

• Tried an exploit…..

Feedback

• Backup to tapes

• Feedback on Krack Updates

  • KRACK Test Python Script

• It is worth reporting malware etc?

Round Up:

• grafana – Datasources as configuration

• curl statistics made simple: davecheney/httpstat (written in GO) refers to reorx/httpstat (written in Python) which is in FreeBSD Ports as net/py-httpstat – Dan tweeted his test case

• Gentoo system ransomware’d

• Backblaze Hard Drive Stats for Q3 2017

• ​A flaw in Google’s bug database exposed private security vulnerability reports – original blog post

• Staging Best Practices

• Protocol standards not publicly available

• Oracle ZFS man calls for Big Red to let filesystem upstream into Linux – sounds like Oracle wants to get ZFS into Linux

• Things You Can Do on the Dark Web That Aren’t Illegal

The post Low Security Pillow Storage | TechSNAP 343 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The Ethics of Running a Data Breach Search Service

• HIBP – have i been pwned?

Is the NSA Doing More Harm Than Good in Not Disclosing Exploits?

Post a boarding pass on Facebook, get your account stolen

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

• See also Israel hacked Kaspersky, then tipped the NSA that its tools had been breached

Feedback

• CERN using tapes

• New to FreeBSD – rc scripts see also Practical rc.d scripting in BSD & man rc.subr & man periodic & daemontools

• Steam Reporting Zero Free Space on ZFS disk

• SSH Reverse Tunnel Gateway Port

• Tapes – beware of Maxell

Round Up:

• On Oct 5 High Sierra update fixes bug which exposed the passwords of encrypted Apple File System See also the original post from Sep 27

• When you turn something off, it really should be off

• disqus.com – Security Alert: User Info Breach

• U.S. lawmakers want to restrict internet surveillance on Americans

• Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs

The post Spy Tapes | TechSNAP 340 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Links

• Virtual Private Surveillance | TechSNAP 248
• Internet of Threats | TechSNAP 249
• Pay to Boot | TechSNAP 260
• Insecure Socket Layer | TechSNAP 265
• Curl Sleeper Agent | TechSNAP 266
• Signature Bloatware Updates | TechSNAP 270
• Internet Power Struggle | TechSNAP 277

The post Best of 2016 | TechSNAP 298 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Unix Trifecta — Patch Your Shit

• This week saw the trifecta, critical vulnerabilities in 3 of the most important and widely used server applications
• CVE-2016-8610 – OpenSSL: A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power with very little bandwidth usage, and may be able to use this technique in a leveraged Denial of Service attack.
• The flaw is in the way OpenSSL handles “SSL Alerts”. The SSL alert protocol is a way to communicate problems within a SSL/TLS session. Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages.
  • CVE-2016-8864 – Bind: A remote attacker who could cause a server to make a query deliberately chosen to trigger the failed assertions could cause named(8) to stop, resulting in a Denial of Service condition to its clients.
  • A defect in BIND’s handling of responses containing a DNAME answer could cause a resolver to exit after encountering an assertion failure in db.c or resolver.c.
  • CVE-2016-8858 – OpenSSH: A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory. Note that the default MaxStartups setting on FreeBSD will limit the effectiveness of this attack.
• During the SSH handshake procedure, the client and server exchanges the supported encryption, MAC and compression algorithms along with other information to negotiate algorithms for initial key exchange, with a message named SSH_MSG_KEXINIT.
• When processing the SSH_MSG_KEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place.
• Patches for most OSes should be out by now, make sure you install them.

LessPass, an open source, storage-less password manager? Or is it…

• “Managing your Internet passwords is not easy. You probably use a password manager to help you. The system is simple, the tool generates random passwords whenever you need them and save them into a file protected with a strong password. This system is very robust, you only need to remember one password to rule them all! Now you have a unique password for each site on the Internet.”
• But, there are some shortcomings to that type of password manager
• How do I synchronize this file on all my devices?
• How do I access a password on my parents’ computer without installing my password manager?
• How do I access a password on my phone, without any installed app?
• To solve this, LessPass does it differently
• “The system uses a pure function, i.e. a function that given the same parameters will always give the same result. In our case, given a login, a master password, a site and options it will returns a unique password”
• “No need to save your passwords in an encrypted file. You just need to access the tool to recalculate a password from information that you know (mostly the login)”
• There are some issues though.
  • Some sites have different password complexity requirements, such as banks that limit the length of your password, or require a PIN that is all digits
  • Some sites obviously do not hash passwords correctly, and do not allow some characters
  • What if you want to, or need to, change your password?
• LessPass has a solution for all of these, where you specify “password profile”, to remember the different complexity settings to generate the valid password
• To manage to change the password, there is also a counter, that starts at 1, and you increment to get a different password.
• Of course now, you have to remember: your login, your master password, the password complexity profile for each site, and how many times you have changed your password on that site
• So, they have a “connected” version, that remembers each site, your login, the password profile, and your password change counter.
• There are obviously some privacy concerns, and security concerns here.
• How do you restrict access in the connected version, with a username and password? Is that password the same or different from your master password. Is your profile data encrypted per user?
• Of course, being an open source project, there is the option to self-host, which eliminates a number of those concerns
• “You can host your own LessPass database if you do not want to use the official one. The requirement for self-hosting is to have docker and docker-compose installed on your machine.”
• The fact that the installation instructions are curl | bash (written the other way around, so that when you stick sudo in front of it it works), does raise some other concerns
• This leaves a few problems:
  • You can never change your master password, as it will effectively change all of your passwords
  • It is still technically possible for someone to brute force your master password. Each attempt will require them to do the full PBKDF2 run, but 8192 rounds will take only a small fraction of a second, and it can be parallelized quite well. If someone does compromise your master password (via brute force, or with a keylogger, or whatever), they have access to all of your passwords, but worse, they even have access to your ‘new’ passwords, if you change your password, it just changes the ‘count’ parameter, so I could generate your next 10 gmail passwords and keep them for later.
  • The key-derivation seems weak, 8192 rounds of PBKDF2 is likely not enough. LastPass uses 100,000 rounds for its server-side key-derivation. FreeBSD’s GELI disk encryption uses a number of rounds that will take approximately 2 seconds, which on modern machines is over 1 million rounds. The issue is that changing this number in the future will change all of your passwords. At a minimum, it should be part of the password profile, so you can select a different value for each site, so you can change the default for new sites in the future, and increase the strength of the password for one site by changing the password.
  • LessPass cannot deal with SSO (Single Sign On). There are a number of sites for which I have the same password, because they all authenticate against the same LDAP database (or ActiveDirectory). LessPass ONLY allows you to use its derived passwords, which might not always work.
• There are definitely some interesting aspects to LessPass, especially being able to self host, but, I don’t think I’ll be switching to it.

A very valuable vulnerability

• It all started with a facebook post by Colin Percival: “I think I just accidentally exploited a “receive arbitrarily large amounts of money” security vulnerability. Oops.”
• Colin Percival is a security and cryptography expert, and a former FreeBSD Security Officer
• Colin’s day job is running Tarsnap – backups for the truly paranoid.
• To accept payments for his business, he uses Stripe – a credit card processing service, which also allows him to accept bitcoins
• “While I very firmly wear a white hat, it is useful to be able to consider things from the perspective of the bad guys, in order to assess the likelihood of a vulnerability being exploited and its potential impact. For the subset of bad guys who exploit security vulnerabilities for profit — as opposed to selling them to spy agencies, for example — I imagine that there are some criteria which would tend to make a vulnerability more valuable:”
  • the vulnerability can be exploited remotely, over the internet;
• the attack cannot be blocked by firewalls;
  • the attack can be carried out without any account credentials on the system being attacked;
  • the attack yields money (as opposed to say, credit card details which need to be separately monetized);
  • once successfully exploited, there is no way for a victim to reverse or mitigate the damage; and
  • the attack can be performed without writing a single line of code.
• “Much to my surprise, a few weeks ago I stumbled across a vulnerability satisfying every one of these criteria.”
• “The vulnerability — which has since been fixed, or else I would not be writing about it publicly — was in Stripe’s bitcoin payment functionality. Some background for readers not familiar with this: Stripe provides payment processing services, originally for credit cards but now also supporting ACH, Apple Pay, Alipay, and Bitcoin, and was designed to be the payment platform which developers would want to use; in very much the way that Amazon fixed the computing infrastructure problem with S3 and EC2 by presenting storage and compute functionality via simple APIs, Stripe fixed the “getting money from customers online” problem. I use Stripe at my startup, Tarsnap, and was in fact the first user of Stripe’s support for Bitcoin payments: Tarsnap has an unusually geeky and privacy-conscious user base, so this functionality was quite popular among Tarsnap users.”
• “Despite being eager to accept Bitcoin payments, I don’t want to actually handle bitcoins; Tarsnap’s services are priced in US dollars, and that’s what I ultimately want to receive. Stripe abstracts this away for me: I tell Stripe that I want $X, and it tells me how many bitcoins my customer should send and to what address; when the bitcoin turns up, I get the US dollars I asked for. Naturally, since the exchange rate between dollars and bitcoins fluctuates, Stripe can’t guarantee the exchange rate forever; instead, they guarantee the rate for 10 minutes (presumably they figured out that the exchange rate volatility is low enough that they won’t lose much money over the course of 10 minutes). If the “bitcoin receiver” isn’t filled within 10 minutes, incoming coins are converted at the current exchange rate.”
• “For a variety of reasons, it is sometimes necessary to refund bitcoin transactions: For example, a customer cancelling their order; accidentally sending in the wrong number of bitcoins; or even sending in the correct number of bitcoins, but not within the requisite time window, resulting in their value being lower than necessary. Consequently, Stripe allows for bitcoin transactions to be refunded — with the caveat that, for obvious reasons, Stripe refunds the same value of bitcoins, not the same number of bitcoins. (This is analogous to currency exchange issues with credit cards — if you use a Canadian dollar credit card to buy something in US dollars and then get a refund later, the equal USD amount will typically not translate to an equal number of CAD refunded to your credit card.)”
• The vulnerability lay in the exchange rate handling. As I mentioned above, Stripe guarantees an exchange rate for 10 minutes; if the requisite number of bitcoins arrive within that window, the exchange rate is locked in. So far so good; but what Stripe did not intend was that the exchange rate was locked in permanently — and applied to any future bitcoins sent to the same address. This made a very simple attack possible:
  • Pay for something using bitcoin.
  • Wait until the price of bitcoin drops.
  • Send more bitcoins to the address used for the initial payment.
  • Ask for a refund of the excess bitcoin.
• “Because the exchange rate used in step 3 was the one fixed at step 1, this allowed for bitcoins to be multiplied by the difference in exchange rates; if step 1 took place on July 2nd and steps 3/4 on August 2nd, for example, an arbitrary number of bitcoins could be increased by 30% in a matter of minutes. Moreover, the attacker does not need an account with Stripe; they merely need to find a merchant which uses Stripe for bitcoin payments and is willing to click “refund payment” (or even better, is set up to automatically refund bitcoin overpayments).”
• “Needless to say, I reported this to Stripe immediately. Fortunately, their website includes a GPG key and advertises a vulnerability disclosure reward (aka. bug bounty) program; these are two things I recommend that every company does, because they advertise that you take security seriously and help to ensure that when people stumble across vulnerabilities they’ll let you know. (As it happens, I had Stripe security’s public GPG key already and like them enough that I would have taken the time to report this even without a bounty; but it’s important to maximize the odds of receiving vulnerability reports.) Since it was late on a Friday afternoon and I was concerned about how easily this could be exploited, I also hopped onto Stripe’s IRC channel to ask one of the Stripe employees there to relay a message to their security team: “Check your email before you go home!””
• “Stripe’s handling of this issue was exemplary. They responded promptly to confirm that they had received my report and reproduced the issue locally; and a few days later followed up to let me know that they had tracked down the code responsible for this misbehaviour and that it had been fixed. They also awarded me a bug bounty — one significantly in excess of the $500 they advertise, too.”
• “As I remarked six years ago, Isaac Asimov’s remark that in science “Eureka!” is less exciting than “That’s funny…” applies equally to security vulnerabilities. I didn’t notice this issue because I was looking for ways to exploit bitcoin exchange rates; I noticed it because a Tarsnap customer accidentally sent bitcoins to an old address and the number of coins he got back when I clicked “refund” was significantly less than what he had sent in. (Stripe has corrected this “anti-exploitation” of the vulnerability.) It’s important to keep your eyes open; and it’s important to encourage your customers to keep their eyes open, which is the largest advantage of bug bounty programs — and why Tarsnap’s bug bounty program offers rewards for all bugs, not just those which turn out to be vulnerabilities.”
• “And if you have code which handles fluctuating exchange rates… now might be a good time to double-check that you’re always using the right exchange rates.”
• A very interesting attack, that was only found because someone accidentally did the wrong thing

Feedback:

• ipV6 vs Mirai

• Freenas replication

• Freenas 10 question

• Backup & LUKS

• Chromecast across subnets

• A user wrote in about the mention of BCP38 the other week, and asked what other best practises there are: here is a list

Round Up:

• Windows Atom Tables popped by security researchers
• The Million-Key Question—Investigating the Origins of RSA Public Keys
• Microsoft stops selling Windows 7 and Windows 8.1 to computer makers i
• Researchers make high performance battery from junkyard scraps
• Why Windows hack is being blamed on Russia-linked group
• “Decimeter-Level Localization with a Single WiFi Access Point” — Locating a device to within 4 inches using only 1 WiFi access point
• Stealth Cell Tower
• Kaspersky quarterly DDoS report: 70-80% of botnets consist of Linux devices, most attacks last under 4 hours.
• Level 3 drops its packets for hours, causing Internet traffic jam
• Microsoft Reimagines Open Source Cloud Hardware
• Pagliano Emails Detail Attempts to Hack Clinton Unsecure Email Server 10 Times in Two Days in November 2010 – U.S. Secret Service Informed of Hacking Attempts – Judicial Watch
• Teenager accidentally DDoSes 911 system

The post Unix Security Trifecta | TechSNAP 292 first appeared on Jupiter Broadcasting.

A common vulnerability is impacting Firefox, LibreOffice, and others, the 7 problems with ATM security, and the Enterprise grade protection defeated with a batch script.

Plus some great questions, our answers, a rockin roundup, and much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The 7 problems with ATM security

• Kaspersky presents a list of the 7 reasons why ATMs are so easily compromised, based on a talk given at the SAS2016 conference
• “Automated teller machines (ATM) have always a been a big target for criminals. In the past hunting for ATMs included some heavy tools like a cutting torch or explosives. However with the dawn of the Digital Age, everything has changed. Nowadays culprits can ‘jackpot’ an ATM without such special effects.”

1. ATMs are basically just computers (PCs)
2. That PC is likely running an old operating system (in early 2014, 95% of all ATMs still ran Windows XP)
3. The software other than the OS is also likely vulnerable. Many ATMs still have the bundled version of flash that came with stock Windows XP, which now has 9000 known vulnerabilities
4. ATMs have no software integrity control, no antivirus solutions, no authentication of an app that sends commands to cash dispenser.
5. Weak physical security for the PC part of the ATM. While the deposit box and cash dispenser are armored against attack, the PC is usually only hidden behind some thin plastic. “There is no money in that part of the ATM”
6. ATM control PCs have standard interfaces, that are not secured. Let me just plug this USB stick into your ATM, now it is my ATM
7. ATMs are increasingly directly connected to the Internet. You can find ATMs on Shodan

• ATMs are not replaced very often, so upgrades to the physical protections of the PC component will likely not happen very soon
• When was the last time you saw an ATM down for software updates?
• Maybe if the criminals keep stealing large amounts of money, the banks will be more interested in replacing the ATMs
• This of course doesn’t cover the private ATMs you often see in convenience stores

FireEye Detection Evasion and Whitelisting of Arbitrary Malware

• Researchers at Blue Frost Security have developed a way to evade the dynamic analysis of the FireEye suite of security appliances
• The FireEye appliance works by starting untrusted binaries and applications in virtualization and observing what they do
• If the application is found to be malicious, it is blocked
• Only applications allowed by the FireEye device can be run on the protected computers
• “The analysis engine evasion allows an attacker to completely bypass FireEye’s virtualization-based dynamic analysis on Windows and add arbitrary binaries to the internal whitelist of binaries for which the analysis will be skipped until the whitelist entry is wiped after a day”
• “FireEye is employing the Virtual Execution Engine (VXE) to perform a dynamic analysis. In order to analyze a binary, it is first placed inside a virtual machine. A Windows batch script is then used to copy the binary to a temporary location within the virtual machine, renaming it from “malware.exe” to its original file name.”
• “No further sanitization of the original filename is happening which allows an attacker to use Windows environment variables inside the original filename which are resolved inside the batch script. Needless to say this can easily lead to an invalid filename, letting the copy operation fail.”
• Let’s take the filename FOO%temp%BAR.exe which results in:
• copy malware.exe “%temp%\FOOC:\Users\admin\AppData\Local\TempBAR.exe”
• The filename, directory name, or volume label syntax is incorrect.
• “The batch script continues and tries to execute the binary under its new name which of course will fail as well because it does not exist.”
• “Afterwards the behavioral analysis inside the virtual machine is started which is running for a certain amount of time looking for malicious behavior. Since the binary was not started in the virtual machine in the first place, an empty virtual machine will be analyzed and no malicious behavior will be detected.”
• “Once a binary was analyzed and did not show any malicious behavior, its MD5 hash is added to an internal list of binaries already analyzed. If a future binary which is to be analyzed matches an MD5 hash in this list, the analysis will be skipped for that file. The MD5 hash will stay in the white list until it is wiped after day.”
• The issue was reported to FireEye on September 14th, and responded quickly
• FireEye released updates for some of its products on October 5th and 15th
• On December 31st FireEye published their Q4 security advisory
• FireEye Security Advisory
• On January 14th, FireEye asked that BFS delay publication of the vulnerability for another 30 days, as too many clients had not yet installed the update

Libgraphite Vulnerabilities Impact Firefox, OpenOffice, and Others

• Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library
• Which is used for font processing in Linux, Firefox, OpenOffice, and other major applications.
• The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary code execution.
• A second vulnerability is an exploitable heap overflow.
• Finally, the last two vulnerabilities result in denial of service situations.
• To exploit these vulnerabilities, an attacker simply needs the user to run a Graphite-enabled application that renders a page using a specially crafted font that triggers one of these vulnerabilities.
• Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts).
• Graphite is a package that can be used to create “smart fonts” capable of displaying writing systems with various complex behaviors.
• Basically Graphite’s smart fonts are just TrueType Fonts (TTF) with added extensions.
• The issues that Talos identified include the following:

• An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service.
• A specially crafted font can cause a buffer overflow resulting in potential code execution.
• An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash.

• If a malicious font is provided then an arbitrary length buffer overflow can occur when handling context items.
• The first denial of service issue results from a NULL pointer dereference.

• The second denial of service issue results from an out of bounds read that can not only cause a DoS, but it can also cause a leak of information. When reading an invalid font where the local table size is set to 0, an out of bounds read will occur.

• Known Vulnerable Versions:

• Libgraphite 2-1.2.4

• Firefox 31-42
• Firefox ESR before 38.6.1

Feedback:

• Booting on ZFS

• Open Source Security Systems?

• openHAB

• OpenSSL vs OpenSSH

• pfSense Question

Make sure you patch your linux machines for the glibc vulnerability

• In-Depth Analysis
• Additional Coverage
• FreeBSD base unaffected, but update your linux emulation ports

Round Up:

• Why you should side with Apple, not the FBI, in the San Bernardino iPhone case
• Distribution packages considered insecure
• Google Cloud Platform Blog: Google and Red Hat announce cloud-based scalable file servers
• ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
• U.S. Hacked Into Iran’s Critical Civilian Infrastructure For Massive Cyberattack, New Film Claims
• IRS warns of a 400% increase in phishing and malware for this tax year
• Hospital paid hackers 40 bitcoins to get its network back
• “changing the date to May 1970 or earlier can prevent your iOS device from turning on after a restart” Public WiFi + Rouge NTP server = Bucket of bricked iPhones
• Bitcoin startup Butterfly Labs settles with FTC for $38.6M, but it can’t pay
• Mine 30% more bitcoins be allowing errors
• First tech expert on NSA Advisory board: Steve Bellovin, co-director of Columbia’s Cybersecurity and Privacy Center, and author of such papers as “Keys Under Doormats”, a spectacular broadside against government backdoors in crypto
• Ringo Starr’s twitter account hacked after email address of digital marketing manager compromised
• Cryptolocker-like malware found signed with real code-signing certificate, likely stolen
• Backblaze releases 2015Q4 study on hard drive reliability, and why they use Seagate drives

The post Weaponized Comic Sans | TechSNAP 254 first appeared on Jupiter Broadcasting.

In this special episode of LAS, we go off the rails as we buckle down & prep for our visit to SCaLE live on the air! Plus picks, your feedback & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

— PICKS —

Runs Linux

• This Viewers Car Runs Linux

Desktop App Pick

reep.io | peer-to-peer filesharing made easy

With reep.io you can transfer files directly to another browser.
Just point to a file you want to share. Your peer will then be able to download this file
directly from you. No data is stored on a server in-between.

Weekly Spotlight

GalliumOS – A fast and lightweight Linux distro for ChromeOS devices

A fast and lightweight Linux distro for ChromeOS devices.

Brought to you by: System76

Feedback:

• EasyTag Forks
• Gnome Boxes

SCaLE Planning

• SCaLE 14x

SCaLE 14x: The Southern California Linux Expo is upon us again! I’m looking forward to seeing & sharing with everyone in the free software community in Southern California this year; last year was a blast.

SCaLE 14x is January 21-24, 2016 at the Pasadena Convention Center

Equipment Chris is bringing:

• GoPro Hero 4
• Zoom SGH-6 Shotgun Mic
• Zoom H4n

Thanks to Ryan (@techhelper1)

• Offered the use of his 99 Cadillac Seville while at SCALE

Thanks to Brian

• Offered his long driveway, which might or might not work.

Post-Show

• SyncThing

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post Pre SCaLE LAS | LAS 401 first appeared on Jupiter Broadcasting.

We celebrate 400 episodes of the Linux Action Show, show you how easy it is to setup your own free phone system, never flash another USB stick again & the big Ubuntu rumors.

Plus the openSSH bug you need to patch, the Steam Link SDK, Gnome 3 changes & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Noah Calls /home

AsterisksNOW

Install Asterisk and start building custom telephony applications with AsteriskNOW. AsteriskNOW makes it easy to create custom telephony solutions by automatically installing the “plumbing.” It’s a complete Linux distribution with Asterisk, the DAHDI driver framework, and, the FreePBX administrative GUI. Much of the complexity of Asterisk and Linux is handled by the installer, the yum package management utility and the administrative GUI. With AsteriskNOW, application developers and integrators can concentrate on building solutions, not maintaining the plumbing.

SIP Desk Phone

Part of the Cisco Small Business Pro Series, the SIP-based Cisco SPA504G 4-Line IP Phone (Figure 1) has been tested to ensure comprehensive interoperability with equipment from voice over IP (VoIP) infrastructure leaders, enabling service providers to quickly roll out competitive, feature-rich services to their customers.

Grandstream PBX

1GHz ARM Cortex A8 application processor, large memory (512MB DDR RAM, 4GB NAND Flash), and dedicated high performance multi-core DSP array for advanced voice processing
Integrated 2 PSTN trunk FXO ports, 2 analog telephone FXS ports with lifeline capability in case of power outage, and up to 50 SIP trunk accounts
Gigabit network port(s) with integrated PoE, USB, SD card; integrated NAT router with advanced QoS support
Hardware DSP based 128ms-tail-length carrier-grade line echo cancellation (LEC), hardware based caller ID/call progress tone and smart automated impendance matching for various countries
Supports up to 500 SIP endpoint registrations, up to 60 concurrent calls (up to 40 SRTP encrypted concurrent calls), and up to 32 conference attendees
– Flexible dial plan, call routing, site peering, call recording, central control panel for endpoints, integrated NTP server, and integrated LDAP contact directory
– Automated detection and provisioning of IP phones, video phones, ATAs, gateways, SIP cameras, and other endpoints for easy deployment
– Strongest-possible security protection using SRTP, TLS, and HTTPS with hardware encryption accelerator

— PICKS —

Runs Linux

My gym runs linux!

I was working out this morning, and the IT guy was messing with the exercise bike next to me. I noticed the CentOs boot screen, and when I inquired further, I found out that all the equipment uses linux! Looks like our penguin buddy is trying to work off those holiday pounds.

• M3 Indoor Cycle

Desktop App Pick

netboot.xyz

View post on imgur.com

netboot.xyz is a way to select various operating system installers or utilities from one place within the BIOS without the need of having to go retrieve the media to run the tool. iPXE is used to provide a user friendly menu from within the BIOS that lets you easily choose the OS you want along with any specific types of versions or bootable flags.

You can remote attach the ISO to servers, set it up as a rescue option in Grub, or even set up your home network to boot to it by default so that it’s always available.

• Digital Ocean – netboot.xyz

netboot.xyz – never flash a thumb drive again!

Weekly Spotlight

Open-AudIT – The network inventory, audit, documentation and management tool.

Open-AudIT is an application to tell you exactly what is on your network, how it is configured and when it changes.

LAS Shirt at SCALE – Teespring

— NEWS —

Bug that can leak crypto keys just fixed in widely used OpenSSH

View post on imgur.com

The vulnerability resides only in the version end users use to connect to servers and not in versions used by servers. A maliciously configured server could exploit it to obtain the contents of the connecting computer’s memory, including the private encryption key used for SSH connections. The bug is the result of code that enables an experimental roaming feature in OpenSSH versions 5.4 to 7.1

• OpenSSH 7.1p2

Gnome Settings design update

A major feature of the latest settings designs is a rethink of the GNOME Settings “shell” (that is, the overall framework of the settings application). We want to move from the current model, that uses an icon grid and fixed window size, to one that uses a list sidebar for navigation, and has a resizeable window.

• System 6 Ex 2

Steam Link SDK AKA Steam Link Native Apps

View post on imgur.com

We have released an SDK for native application development!
https://github.com/ValveSoftware/steamlink-sdk

• The Steam Link hardware is a single core ARMv7 processor using the hard-float ABI, running at 1 GHz, with neon instruction support.
• Approximately 256 MB of available RAM.
• 500 MB of usable flash storage.
• Custom Linux firmware based on kernel 3.8
• glibc 2.19.

View post on imgur.com

New Ubuntu Convergence Device Will Be Demoed Next Month

Canonical will demo at least one new Ubuntu convergence device at next month’s Mobile World Congress next month, we’ve learned.

Feedback:

• https://slexy.org/view/s20lrCrSh4
• https://slexy.org/view/s2wcBsKt0X
• https://slexy.org/view/s20AM6fJjb
• Chris’ call out for the community to help him with his background for the Linux Action

Were you around for today’s (10 January 2016) live show? If not, you should seriously consider taking some time with us on Sunday and watch the live show. Not only will you get more content, but you’ll be able to interact with Chris and Noah.
One of the things that came up today was Chris talking about his background in today’s episode.

Brought to you by: System76

• Semi-Official SCaLE 14x Jupiter Broadcasting thread : LinuxActionShow

Register! and use the coupon code LAS40 for a 40% discount; thanks /u/irabinovitch!

SCaLE 14x: The Southern California Linux Expo is upon us again! I’m looking forward to seeing & sharing with everyone in the free software community in Southern California this year; last year was a blast.

SCaLE 14x is January 21-24, 2016 at the Pasadena Convention Center

Thanks to Ryan (@techhelper1)

• Offered the use of his 99 Cadillac Seville while at SCALE

Thanks to Brian

• Offered his long driveway, which might or might not work.

Catch the show LIVE SUNDAY:

• 12PM Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

• Driving in the snow and Leavenworth was Fun

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post LAS 400 Phones Home | LAS 400 first appeared on Jupiter Broadcasting.

A Critical OpenSSH flaw can expose your private keys, a new WiFi spec for IoT devices, that has all the classic issues & Intel’s SkyLake bug.

Plus your feedback, our answers, a rockin’ round up & so much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Critical OpenSSH flaw can expose your private keys and other client memory

• Two major issues have been identified in OpenSSH
• CVE-2016-0777: An information leak (memory disclosure) can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys.
• Vendor contributed code for a feature called Roaming, was added in OpenSSH 5.4, that allowed broken SSH sessions to be resumed. The server side code for this was never activated, only the commercial SSH server supported it.
• However, the Roaming feature is on by default, and due to a but a malicious server can exploit the bug to read memory from the client when it tries to connect to the server
• This includes the ability to steal your SSH private keys
• “The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers.”
• Because OpenSSH checks the host key of the remote server, if you are connecting to trusted servers, there is no risk
• You can disable the feature by adding the following line to your /etc/ssh/ssh_config: UseRoaming no
• The feature can also be disabled on a per-user basis using: ~/.ssh/config
• The patch just disabled this feature by default
• CVE-2016-0778
• A buffer overflow (leading to file descriptor leak), can also be exploited by a rogue SSH server, but due to another bug in the code is possibly not exploitable, and only under certain conditions (not the default configuration), when using ProxyCommand, ForwardAgent or ForwardX11.
• Both of these vulnerabilities are fixed in OpenSSH 7.1p2
• It is not clear if the roaming support will be removed entirely
• Researcher Post

Bug in Intel Skylake CPUs means complex workloads can hang the machine

• Intel has confirmed that its Skylake processors suffer from a bug that can cause a system to freeze when performing complex workloads.
• The bug was reportedly discovered and tested by the the community at hardwareluxx.de and passed onto GIMPS (Great Internet Mersenne Prime Search), which conducted further testing. Both groups passed their findings onto Intel.
• Intel states:

“Intel has identified an issue that potentially affects the 6th Gen Intel Core family of products. This issue only occurs under certain complex workload conditions, like those that may be encountered when running applications like Prime95. In those cases, the processor may hang or cause unpredictable system behaviour.”

• Intel has developed a fix, and is working with hardware partners to distribute it via a BIOS update.
• No reason has been given as to why the bug occurs, but it’s confirmed to affect both Linux and Windows-based systems.
• While the bug was discovered using Prime95, it could affect other industries that rely on complex computational workloads, such as scientific and financial institutions.
• Recently, Intel’s Haswell and early Broadwell processors suffered from a TSX (Transactional Synchronization Extensions) bug. Rather than recall the parts, Intel disabled the TSX instructions via a microcode update delivered via new motherboard firmware.
• Additional Coverage

New WiFi spec for IoT devices, WiFi HaLow likely has all the classic issues

• “The new protocol is based on the 802.11ah standard from the IEEE and is being billed as Wi-Fi HaLow by the Wi-Fi Alliance. Wi-Fi HaLow differs from the wireless signal that most current devices uses in a couple of key ways. First, it’s designed as a low-powered protocol and will operate in the range below one gigahertz. Second, the protocol will have a much longer range than traditional Wi-Fi, a feature that will make it attractive for use in applications such as connecting traffic lights and cameras in smart cities.”
• There is also talk of using it for wearables, I suppose as a replacement for bluetooth
• “Wi-Fi HaLow is well suited to meet the unique needs of the Smart Home, Smart City, and industrial markets because of its ability to operate using very low power, penetrate through walls, and operate at significantly longer ranges than Wi-Fi today,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance.
• “But, as with any new protocol or system, Wi-Fi HaLow will carry with it new security considerations to face. And one of the main challenges will be securing all of the various implementations of the protocol. Device manufacturers all implement things in their own way and in their own time, a practice that has led to untold security vulnerabilities and innumerable billable hours for security consultants. Security experts don’t expect Wi-Fi HaLow to be the exception.”
• “While the standard could be good and secure, implementations by different vendors can have weaknesses and security issues. This is common to all protocols,” said Cesar Cerrudo, CTO of IOActive Labs, who has done extensive research on the security of a wide range of smart devices and smart city environments
• Who could possibly be worse at implementing security, than the vendors and government contractors that would be used for a “smart city”
• “Many of the devices that may use the new protocol–which isn’t due for release for a couple of years–are being manufactured by companies that aren’t necessarily accustomed to thinking about threat modeling, potential attacks, and other issues that computer hardware and software makers have had to face for decades. That could lead to simple implementation problems that attackers can take advantage of.”
• This seems to call for a nice clean BSD licensed implementation, although even then, everyone using the same implementation could be just as risky
• Plus, as we have seen, most vendors will ship an old insecure version, rather than the latest, and won’t update the implementation as they iterate their product
• The extended range of HaLow also means that attackers can come from much further away, making it harder to physically protect devices
• “Each new iteration in technology brings with it fresh security and privacy considerations, and the proliferation of connected non-computing devices is no different. The concept of a voice-enabled hub that controls your home’s climate, entertainment, and other systems is now a reality, as is the ability to send an email from your refrigerator. That’s all well and good, until these smart devices start doing really dumb things.”

Feedback:

• Will ZFS work for me?
• HTTP/2 Thoughts?
• UK Government Web Portal Hijacked by Russian Casino Spammers – (I just discovered this)

Round Up:

• US Intelligence director’s personal e-mail, phone hacked
• Seagate announces 10TB helium hard drive, 7 platters, 14 heads
• Why Is Comcast Interrupting My Web-Browsing To Upsell Me On A New Modem?
• Police say they can decrypted Blackberry PGP encrypted emails
• Cisco patches more hard-coded passwords
• Ontario court rules that police “Tower Dumps” violate the Canadian Charter of Rights and Freedoms
• Fixstars Releases 13 TB SSD for Specific Application Workloads
• Apple OS X memory management bug means your porn lives in your video card
• Daily Telegraph Installs Workplace Monitors On Journalists’ Desks

The post Internet of Threats | TechSNAP 249 first appeared on Jupiter Broadcasting.