Show Notes: linuxunplugged.com/465

The post Too Nixy for My Shirt | LINUX Unplugged 465 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/244

The post Linux Action News 244 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/454

The post Double Distro Details | LINUX Unplugged 454 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/231

The post Linux Action News 231 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/215

The post Linux Action News 215 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/210

The post Linux Action News 210 first appeared on Jupiter Broadcasting.

Show Notes: chooselinux.show/25

The post Tails + Virtualization | Choose Linux 25 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/408

The post Apollo's ARC | TechSNAP 408 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/299

The post The NAS Fleet | BSD Now 299 first appeared on Jupiter Broadcasting.

##Headlines
###scp client multiple vulnerabilities

• Overview
• SCP clients from multiple vendors are susceptible to a malicious scp server performing
  unauthorized changes to target directory and/or client output manipulation.
• Description
• Many scp clients fail to verify if the objects returned by the scp server match those
  it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate
  flaw in the client allows the target directory attributes to be changed arbitrarily.
  Finally, two vulnerabilities in clients may allow server to spoof the client output.
• Impact
• Malicious scp server can write arbitrary files to scp target directory, change the
  target directory permissions and to spoof the client output.
• Details

The discovered vulnerabilities, described in more detail below, enables the attack
described here in brief.

• 1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim’s home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:

user@local:~$ scp user@remote:readme.txt .
readme.txt 100% 494 1.6KB/s 00:00
user@local:~$

• 2. Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.
• *) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.

###FreeBSD 12.0 vs. DragonFlyBSD 5.4 vs. TrueOS 18.12 vs. Linux On A Tyan EPYC Server

Last month when running FreeBSD 12.0 benchmarks on a 2P EPYC server I wasn’t able to run any side-by-side benchmarks with the new DragonFlyBSD 5.4 as this BSD was crashing during the boot process on that board. But fortunately on another AMD EPYC server available, the EPYC 1P TYAN Transport SX TN70A-B8026, DragonFlyBSD 5.4.1 runs fine. So for this first round of BSD benchmarking in 2019 are tests of FreeBSD 11.2, FreeBSD 12.0, DragonFlyBSD 5.4.1, the new TrueOS 18.12, and a few Linux distributions (CentOS 7, Ubuntu 18.04.1 LTS, and Clear Linux) on this EPYC 7601 server in a variety of workloads.

DragonFlyBSD 5.4.1 ran fine on this Tyan server and could boot fine unlike the issue encountered on the Dell PowerEdge R7425 for this particular BSD. But on the Tyan server, DragonFlyBSD 5.2.2 wouldn’t boot so only this latest DragonFlyBSD release series was used as part of the comparison.

• A summary of the operating systems tested for this EPYC 7601 OS benchmark comparison included:

• DragonFlyBSD 5.4.1 – The latest release of Matthew Dillon’s operating system while using the HAMMER2 file-system and GCC 8.1 compiler that is now the default system compiler for this BSD.

• FreeBSD 11.2 – The previous stable release of FreeBSD. Installed with a ZFS file-system.

• FreeBSD 12.0 – The latest stable release of FreeBSD and installed with its ZFS option.

• TrueOS 18.12 – The latest release of the iX systems’ FreeBSD derivative. TrueOS 18.12 is based on FreeBSD 13.0-CURRENT and uses ZFS by default and was using the Clang 7.0.1 compiler compared to Clang 6.0.1 on FreeBSD 12.0.

• CentOS Linux 7 – The latest EL7 operating system performance.

• Ubuntu 18.04.1 LTS – The latest Ubuntu Long Term Support release.

• Clear Linux 27120 – The latest rolling release as of testing out of Intel’s Open-Source Technology Center. Clear Linux often reflects as close to the gold standard for performance as possible with its insanely tuned software stack for offering optimal performance on x86_64 performance for generally showing best what the hardware is capable of.

Throughout all of this testing, the Tyan 2U server was kept to its same configuration of an AMD EPYC 7601 (32 cores / 64 threads) at stock speeds, 8 x 16GB DDR4-2666 ECC memory, and 280GB Intel Optane 900p SSD benchmarks.

##News Roundup
###National Inventors Hall of Fame honors creators of Unix

Dennis Ritchie (Posthumous) and Ken Thompson: UNIX Operating System
Thompson and Ritchie’s creation of the UNIX operating system and the C programming language were pivotal developments in the progress of computer science. Today, 50 years after its beginnings, UNIX and UNIX-like systems continue to run machinery from supercomputers to smartphones. The UNIX operating system remains the basis of much of the world’s computing infrastructure, and C language – written to simplify the development of UNIX – is one of the most widely used languages today.

###Die IPV4, Die

Imagine, it is 2019. Easy, ha? Imagine, it is 2019 and you want to turn off IPv4. Like, off off. Really off. Not disabling IPv6, but disabling IPv4.

• Two steps back

You might be coming here wondering, why would anybody want to do what we are asking to be done. Well, it is dead simple: We are running data centers (like Data Center Light) with a lot of IPv6 only equipment. There simply is no need for IPv4. So why would we want to have it enabled?
Also, here at ungleich, we defined 2019 as the year to move away from IPv4.

• The challenge

Do you like puzzles? Competitions? Challenges? Hacking? Well. If ANY of this is of your interest, here is a real challenge for you:
We offer a 100 CHF (roughly 100 USD) for anyone who can give us a detailed description of how to turn IPv4 completely off in an operating system and allowing it to communicate with IPv6 only. This should obviously include a tiny proof that your operating system is really unable to use IPv4 at all. Just flushing IPv4 addresses and keeping the IPv4 stack loaded, does not count.

###GhostBSD 18.12 released

GhostBSD 18.12 is an updated iso of GhostBSD 18.10 with some little changes to the live DVD/USB and with updated packages.

• What has changed since 18.10
• removed default call of kernel modules for AMD and Intel
• replaced octopkg by software-station
• added back gop hacks to the live system
• added ghostbsd-drivers and ghostbsd-utils
• we updated the packages to the latest build

###And Now for a laugh : #unixinpictures

##Beastie Bits

• We are now closer to the Y2038 bug than the Y2K bug
• OpenBSD Enterprise use
• AT&T Unix Books
• Process title and missing memory space
• The History of a Security Hole
• unbound-adblock: The ultimate network adblocker!
• FreeBSD’s name/value pairs library
• Pid Rollover
• Booting OpenBSD kernels in EFI mode with QEMU
• OpenBSD CVS commit: Make mincore lie
• BSDCan 2019 CfP ending January 19 – Submit!
• OpenZFS User Conference – April 18-19
• FreeBSD Journal is a free publication now

##Feedback/Questions

• Chris – Boot environments and SSDs
• Jonathan – Bytes issued during a zpool scrub
• Bostjan – ZFS Record Size and my mistakes

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post EPYC Server Battle | BSD Now 281 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/391

The post Firecracker Fundamentals | TechSNAP 391 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• LineageOS – LineageOS Android Distribution
• F-Droid – Free and Open Source Android App Repository
• yeriomin/YalpStore: Download apks from Google Play Store

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Kickin' Harder Than a Sensei | Ask Noah 20 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• Ubuntu Mate – The Best Distro Ever
• Register4Less
• Gandi
• Free Web Templates

How to Restart LightDM

• Press CTRL + ALT + F2
• Log in
• sudo restart lightdm
• Press CTRL + ALT + F5

How to kill a process

• Press CTRL + ALT + F2
• Log in
• ps -aux | grep myprogramiwantokill
• Take note of the process ID, we will assume 1234
• sudo kill -9 1234

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post /home/Dumpster | Ask Noah 19 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• How to automate your system administration tasks with Ansible | Opensource.com
• Netflix Throttle Megathread : verizon
• Why do enterprise environments typically choose to deploy Red Hat or CentOS instead of Ubuntu or Debian? [X-Post /r/sysadmin] : linux
• Google Glass 2.0 Is a Startling Second Act | WIRED
• Hostwinds Web Hosting Services

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Switching London to Linux | Ask Noah 18 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• PSA: Errors after updating libdb – Fedora Magazine
• Projects/FleetCommander – GNOME Wiki!
• Amazon.com: AMD Radeon RX 480 4GB GDDR5 PCI Express 3.0 Gaming Graphics Card

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Fedora 26 Fleet Commander | Ask Noah 17 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• Turn VPS into QCOW2 File
• Setup a Virtual host on Centos 6
• io Domains Compromised
• Video for Linux Control Panel
• Magewell USB HDMI Capture Interface

— Noobs Corner —

• Check out the Ask Noah Dashboard

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Libvirt on QEMU | Ask Noah 16 first appeared on Jupiter Broadcasting.

We review Solus OS, a new distribution from scratch with it’s own GTK-based desktop called Budgie. Budgie is the flagship desktop of the Solus Operating System & we give you our first impressions.

Plus projects like Jolla & Canonical’s convergence have been doomed from the start, the big changes coming to GTK, the Plasma desktop gets another great release, highlights from the 2015 kernel summit & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

Solus Project

View post on imgur.com

— PICKS —

Runs Linux

D-Link’s Komfy Switch with Camera, Runs Linux

D-Link’s Linux-powered, WiFi-enabled “Komfy Switch with Camera” also includes a cloud service, sensors for temperature, humidity, and CO2, and IFTT support.

Desktop App Pick

Pitivi 0.95

Hey everyone! It’s time for a new Pitivi release, 0.95. This one packs a lot of bugfixes and architectural work to further stabilize the GES backend. In this blog post, I’ll give you an overview of the new and interesting stuff this release brings, coming out from a year of hard work.

Weekly Spotlight

Nmap 7 Release Notes

The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 7.00 from https://nmap.org/. It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012. Nmap turned 18 years old in September this year and celebrates its birthday

— NEWS —

Jolla files for debt restructuring

Jolla Ltd, the mobile company from Finland today announced that its latest financing round which aimed to end in November, has been postponed and the company needs to adjust its operations accordingly. At the same time the company has filed for a debt restructuring program in Finland, to ensure the continuity of its business. Jolla will also temporarily lay off a big part of its personnel.

• Jolla Goes For Debt Restructuring

Months after the smartphone company Jolla announced its split and intent to focus on Sailfish OS licensing, its financial situation has not improved. Jolla’s latest financing round has been delayed and so they have had to file for debt restructuring in Finland. As part of that, the company is temporarily laying off a big part of its personnel (Google translation of Finnish original). Jolla co-founder Antti Saarnio said, “Our operating system Sailfish OS is in great shape currently and it is commercially ready. Unfortunately the development until this point has required quite a lot of time and money (PDF). To get out of this death valley we need to move from a development phase into a growth phase. At the same time we need to adapt our cost levels to the new situation. One of the main actions is to tailor the operating system to fit the needs of different clients. We have several major and smaller potential clients who are interested in using Sailfish OS in their projects.”

A GTK+ update

You may have noticed that GTK+ master has a large number of changes in the CSS area. As some like to put it:

Oh NO! they’re breaking themes again!

• GTK+ 3.19.2, More CSS Changes For The Toolkit

KDE Ships Plasma 5.5 Beta Release

In response to feedback, we’ve rewritten support for legacy applications not using the StatusNotifier standard for system tray icons.

The 2015 Kernel Summit Highlights

Power-management knobs

Rafael Wysocki started off his 2015 Kernel Summit session by noting that
every generation of hardware promises to be more power-efficient than its
predecessor. But that efficiency is not always experienced by users. In
an ideal world, systems should run in the most power-efficient mode
whenever possible and only employ the less-efficient modes when performance
requirements demand it. Real-world systems, though, tend not to run as
efficiently as they can. Rafael came with a proposal that, he thought,
might improve the situation, but it’s not clear that the idea will be
implemented.

Benchmarking and performance trends

Mel took over to say that, from his point of view (watching
over performance for SUSE), there have not been that many scheduler
problems. His biggest complaint, instead, was with the Intel “pstate”
driver, which handles CPU frequency and voltage management on Intel
processors. This driver, he said, is making poor decisions. CPUs never
seem to go above the minimum frequency on lightly-loaded machines, with
results that look like a 10-20% scheduler performance regression,
but are really due to pstate. This is, he said, a serious issue; we are at
a point where we are extremely efficient at doing nothing, but not so good
at actually doing work. As a result, a lot of users are disabling pstate
altogether.

QEMU 2.5-RC0 Released, Supports VirtIO-GPU 3D Mode

QEMU-side of the work for supporting 3D with VirtIO-GPU. With the Linux 4.4 kernel there is now the new DRM driver for supporting VirtIO GPU DRM with 3D support.

Feedback:

• https://slexy.org/view/s21KIUdqEt

• https://slexy.org/view/s2vE0gP3qK

Rover Log Playlist

Watch the adventures, productions, road trips, trails, mistakes, and fun of the Jupiter Broadcasting mobile studio.

• Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Friday:

• https://jblive.tv
• Network Calendar

The post The Evolution of Solus | LAS 392 first appeared on Jupiter Broadcasting.

We explain the Venom vulnerability, what the impact is & the steps major providers are taking to protect themselves.

Plus strategies to mitigate Cyber Intrusions, a truly genius spammer, great questions, a huge round up & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

VENOM: Virtualized Environment Neglected Operations Manipulation

• A flaw in the way qemu emulates floppy disks could allow an attacker to break out of a virtual machine and take over the host
• “This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”
• This vulnerability affects qemu, KVM, VirtualBox, and some types of Xen, because they all share the same qemu floppy emulation code
• Unaffected hypervisors include: VMWare, Hyper-V, Bochs, and bhyve
• The issue has been assigned the identifier CVE-2015-3456
• “Since the VENOM vulnerability exists in the hypervisor’s codebase, the vulnerability is agnostic of the host operating system (Linux, Windows, Mac OS, FreeBSD, etc.).”
• “It needs to be noted that even if a guest does not explicitly have a virtual floppy disk configured and attached, this issue is exploitable. The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled.”
• “The guest operating system communicates with the FDC by sending commands such as seek, read, write, format, etc. to the FDC’s input/output port. QEMU’s virtual FDC uses a fixed-size buffer for storing these commands and their associated data parameters. The FDC keeps track of how much data to expect for each command and, after all expected data for a given command is received from the guest system, the FDC executes the command and clears the buffer for the next command. This buffer reset is performed immediately at the completion of processing for all FDC commands, except for two of the defined commands. An attacker can send these commands and specially crafted parameter data from the guest system to the FDC to overflow the data buffer and execute arbitrary code in the context of the host’s hypervisor process.”
• “The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase.”
• “After verifying the vulnerability, CrowdStrike responsibly disclosed VENOM to the QEMU Security Contact List, Xen Security mailing list, Oracle security mailing list, and the Operating System Distribution Security mailing list on April 30, 2015.
• After a patch was developed CrowdStrike publicly disclosed VENOM on May 13, 2015. Since the availability of the patch, CrowdStrike has continued to work with major users of these vulnerable hypervisors to make sure that the vulnerability is patched as quickly as possible.”
• CrowdStrike blog about the disclosure
• “While it seems obvious that infrastructure providers could be impacted, there are many other less obvious technologies that depend on virtualization. For example, security appliances that perform virtual detonation of malware often run these untrusted files with administrative privileges, potentially allowing an adversary to use the VENOM vulnerability to bypass, crash or gain code execution on the very device designed to detect malware.”
• “CrowdStrike would also like to publicly recognize Dan Kaminsky, Chief Scientist at White Ops, who is a renowned researcher with extensive experience discovering and disclosing major vulnerabilities. Dan provided invaluable advice to us throughout this process on how best to coordinate the release of open source patches across the numerous vendors and users of these technologies.”
• Xen Advisory
• Amazon Statement
• Digital Ocean statement
• Redhat Advisory
• Working PoC exploit
• This has refocused attention on some older work to exploit qemu/KVM, like this from DEFCON / BlackHat 2011
• Or this paper from a Google researcher from 2007: An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments
• There is also some backlash against the naming and glamorization of vulnerabilities, as seen with the recent announcement of AnalBleed

Strategies to Mitigate Targeted Cyber Intrusions – From the Australian Signals Directorate

• The Australian equivalent to the NSA has published a study on the top 35 mitigation methods to protect networks for targeted cyber attacks
• They say that 85% of all network intrusions could be prevented if organizations adopted just the top 4 recommendations
• These 4 recommendations are:
  • Use application whitelisting, to prevent malicious software from being able to run
  • Install application updates (especially java, flash, PDF readers, browsers, etc)
  • Install OS updates (quickly!), Do not use Windows XP
  • Do not give administrator privileges to more people than absolutely required
• Video: Catch, Patch, and Match
• Table: The full list of 35 mitigation strategies
• How to employ the top 4 mitigations in a Linux environment
• The ASD even goes so far as to rank each mitigation strategy by its effectiveness, how much users will resist/complain, how much work it will be to setup, and how much work it will be to maintain.
• “Once organisations have implemented the Top 4 mitigation strategies, first on the computers of users who are most likely to be targeted by cyber intrusions and then on all computers and servers, additional mitigation strategies can be selected to address security gaps until an acceptable level of residual risk is reached. “
• Of these, only the application whitelisting is likely to rise the ire of the average end user
• Additional Coverage – SecureList
• The list of 35 mitigation methods can be roughly divided into 4 categories:
• Administrative — Training, physical security
• Networking — These measures are easier to implement at a network hardware level
• System administration — The OS contains everything needed for implementation
• Specialized security solutions — Specialized security software is applicable
• Kaspersky SecureList has broken its analysis of the ASD publication down into 4 parts in its Security Encyclopedia:
• Part 1. How to mitigate APTs. Applied theory
• Part 2. Top-4 mitigation strategies which address 85% of threats
• Part 3. Strategies outside the Top-4. For real bulletproof defense
• Part 4. Forewarned is Forearmed: the Detection Strategy against Advanced Persistent Threats (APTs)
• Gartner: Best Practices for Mitigating Advanced Persistent Threats

Mumblehard — Muttering spam from your servers

• “Several thousand computers running the Linux and FreeBSD operating systems have been infected over the past seven months with sophisticated malware that surreptitiously makes them part of a renegade network blasting the Internet with spam”
• The virus consisted of perl code packed into an ELF binary
• During a 7 month monitoring period, Eset researchers saw 8,867 IP addresses connect to one of the command and control servers
• “The Mumblehard malware is the brainchild of experienced and highly skilled programmers. It includes a backdoor and a spam daemon, which is a behind-the-scenes process that sends large batches of junk mail.”
• “These two main components are written in Perl and they’re obfuscated inside a custom “packer” that’s written in assembly, a low-level programming language that closely corresponds to the native machine code of the computer hardware it runs on. Some of the Perl script contains a separate executable with the same assembly-based packer that’s arranged in the fashion of a Russian nesting doll. The result is a very stealthy infection that causes production servers to send spam and may serve other nefarious purposes.”
• “Malware targeting Linux and BSD servers is becoming more and more complex,” researchers from Eset wrote. “The fact that the authors used a custom packer to hide the Perl source code is somewhat sophisticated. However, it is definitely not as complex as the Windigo Operation we documented in 2014. Nonetheless, it is worrying that the Mumblehard operators have been active for many years without disruption.”
• The way the malware was architected, it polled a list of Command and Control servers, accepting commands from any of them
• The list included some legitimate sites, to throw researchers off
• “A version of the Mumblehard spam component was uploaded to the VirusTotal online malware checking service in 2009, an indication that the spammer program has existed for more than five years. The researchers were able to monitor the botnet by registering one of the domain names that Mumblehard-infected machines query every 15 minutes.”
• At some point, one of the domains on the command and control list became available, so the researchers registered it and directed all of the infected machines to talk to their own command and control server
• The communications with the C&C servers was cleverly hidden in what look like PHP Session cookies, and in the fake browser user-agent strings
• One of the giveaways is the fact that the base browser user-agent string is for Firefox 7.0.1 on Windows 7
• Part of the version string would be replaced with the command id, http status, and number of bytes downloaded by the infected machine
• “The Eset researchers still aren’t certain how Mumblehard is installed. Based on their analysis of the infected server, they suspect the malware may take hold by exploiting vulnerabilities in the Joomla and WordPress content management systems. Their other theory is that the infections are the result of installing pirated versions of the DirecMailer program.”
• Eset research PDF

Feedback:

• Jupiter Broadcasting Meetup

• zfs send (and receive)

• What really is DevOps?

• Is my FreeNAS open?

• answer to question last week

Round-Up:

• Cybersecurity Firm May Have Hacked Its Own Clients To Extort Them Additional Coverage – CNN Money
• Enterprise SSDs may start to lose data if left powered off for even just a few days
• RHEL 7 will break with its typical long term backporting strategy, and update GTK3/Gnome3 mid-cycle
• Interesting issue with PHP Hash comparisons could result in many vulnerability announcements in the coming weeks. In php: 0e == 0 (or 0e), so hashes could falsely match
• Military Strategy: A West Point Teacher’s Last Letter to His Cadets
• Brian Krebs Discusses Investigative Security Journalism – Indepth interview with Norse “Dark Matters” blog
• Top cyber attack vectors for critical SAP systems
• Proof of concept Linux rootkit uses processor and memory of GPU to hide from operating system
• Beware the ticking Internet of Things security time bomb
• Ad network compromised, spreads “nuclear exploit kit”
• Australia outlaws warrant canaries
• Dropbox updates Terms of Service, users ourside North America will be served from Ireland instead of the USA
• Virus Scanners need to be more than just a GUI with a big “SAFE” label on them
• Intels new Core M 5Y71 keeps pace with its Core i5 cousins
• Adallom is not a Bureaucracy checkbox
• What year is this: Researcher Richard Bejtlich posts an excerpt from a novel about computer security, guess when it was written
• Bug Bounty Program | United Airlines

The post Venomous Floppy Legacy | TechSNAP 214 first appeared on Jupiter Broadcasting.

Venom is claimed to be the new Heartbleed threatening datacenters around the world but is it legit?

The new 4k Blu-Ray spec is revealed & the YotaPhone 2 with an E-ink display back is coming to a country near you!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

‘Venom’ Security Vulnerability Threatens Most Datacenters

A new vulnerability found in open source virtualization software QEMU, which is run on hardware in datacenters around the world (CVE-2015-3456). “The cause is a widely-ignored, legacy virtual floppy disk controller that, if sent specially crafted code, can crash the entire hypervisor. That can allow a hacker to break out of their own virtual machine to access other machines — including those owned by other people or companies.” The vulnerable code is used in Xen, KVM, and VirtualBox, while VMware, Hyper-V, and Bochs are unaffected. “Dan Kaminsky, a veteran security expert and researcher, said in an email that the bug went unnoticed for more than a decade because almost nobody looked at the legacy disk drive system, which happens to be in almost every virtualization software.” The vulnerability has been dubbed “Venom,” for “Virtualized Environment Neglected Operations Manipulation.”

• VENOM Vulnerability

Ultra HD Blu-ray specification now complete, logo unveiled – CNET

The Blu-ray Disc Association (BDA) has announced the Ultra HD Blu-ray (4K) specification is now complete and has also revealed the next-gen format’s official logo.

The BDA says the format incorporates a 3,840×2,160-pixel resolution, expanded color range support, high dynamic range (HDR) and high frame rate content (read 60fps). As well as the promise of up-to-date video, UHD Blu-ray will also support “next-generation immersive, object-based sound formats.”

YotaPhone 2 adds white color option to AMOLED + E-ink display hardware, Lollipop update rolling out

YotaPhone 2 sports a completely functional 4.7-inch E-ink display with always-on capabilities on its back.

As for the planned North American debut of the unique YotaPhone 2, the company says its Indiegogo campaign to help bring it to the US will kick off on May 19th with early bird pricing for the first backers ahead of its summer release.

ASUS confirms next-gen Android Wear ZenWatch coming early Q3, improved 4-day battery life

ASUS reportedly confirmed that the device will feature improved battery life, up from 2 days on the first-gen ZenWatch to 4 days on the upcoming version. That still falls short of the company’s goal to offer 7-days battery life, according to the report.

The company added that it expects to sell less than a million units of its smartwatch this year.

The post Venomous Snakeoil | Tech Talk Today 170 first appeared on Jupiter Broadcasting.

Coming up this time on the show, we’ll be talking to Sean Bruno. He’s been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We’ve also got answers to viewer-submitted questions and all this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

AsiaBSDCon 2015 schedule

• Almost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up
• This year’s conference will be between 12-15 March at the Tokyo University of Science in Japan
• The first and second days are for tutorials, as well as the developer summit and vendor summit
• Days four and five are the main event with the presentations, which Kris and Allan both made the cut for once again
• Not counting the ones that have yet to be revealed (as of the day we’re recording this), there will be thirty-six different talks in all – four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD
• Summaries of all the presentations are on the timetable page if you scroll down a bit

FreeBSD foundation updates and more

• The FreeBSD foundation has posted a number of things this week, the first of which is their February 2015 status update
• It provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform
• There’s a FOSDEM recap and another update of their fundraising goal for 2015
• They also have two new blog posts: a trip report from SCALE13x and a featured “FreeBSD in the trenches” article about how a small typo caused a lot of ZFS chaos in the cluster
• “Then panic ensued. The machine didn’t panic — I did.”

OpenBSD improves browser security

• No matter what OS you run on your desktop, the most likely entry point for an exploit these days is almost certainly the web browser
• Ted Unangst writes in to the OpenBSD misc list to introduce a new project he’s working on, simply titled “improving browser security”
• He gives some background on the W^X memory protection in the base system, but also mentions that some applications in ports don’t adhere to it
• For it to be enforced globally instead of just recommended, at least one browser (or specifically, one JIT engine) needs to be fixed to use it
• “A system that is ‘all W^X except where it’s not’ is the same as a system that’s not W^X. We’ve worked hard to provide a secure foundation for programs; we’d like to see them take advantage of it.”
• The work is being supported by the OpenBSD foundation, and we’ll keep you updated on this undertaking as more news about it is released
• There’s also some discussion on Hacker News and Undeadly about it

NetBSD at Open Source Conference 2015 Tokyo

• The Japanese NetBSD users group has once again invaded a conference, this time in Tokyo
• There’s even a spreadsheet of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around)

• If you just can’t get enough strange devices running BSD, check the mailing list post for lots of pictures

• Their next target is, as you might guess, AsiaBSDCon 2015 – maybe we’ll run into them

Interview – Sean Bruno – sbruno@freebsd.org / @franknbeans

Cross-compiling packages with poudriere and QEMU

News Roundup

The Crypto Bone

• The Crypto Bone is a new device that’s aimed at making encryption and secure communications easier and more accessible
• Under the hood, it’s actually just a Beaglebone board, running stock OpenBSD with a few extra packages
• It includes a web interface for configuring keys and secure tunnels
• The source code is freely available for anyone interested in hacking on it (or auditing the crypto), and there’s a technical overview of how everything works on their site
• If you don’t want to teach your mom how to use PGP, buy her one of these(?)

BSD in the 2015 Google Summer of Code

• For those who don’t know, GSoC is a way for students to get paid to work on a coding project for an open source organization
• Good news: both FreeBSD and OpenBSD were accepted for the 2015 event
• FreeBSD has a wiki page of ideas for people to work on
• OpenBSD also has an ideas page where you can see some of the initial things that might be interesting
• If you’re a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it
• Who knows, you may even end up on the show if you work on a cool project
• GSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you’d like to hack on

pfSense 2.3 roadmap

• The pfSense team has posted a new blog entry, detailing some of their plans for future versions
• PPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions
• PBIs are scheduled to be replaced with native pkgng packages
• Version 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely
• 3.0 will focus on having a REST API, and separating the GUI from the actual implementation of the configuration
• The ultimate goal is to have pfSense be a package you can just install on top of a regular FreeBSD Install

PCBSD 10.1.2 security features

• PCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post
• A new “personacrypt” utility is introduced, which allows for easy encryption and management of external drives for your home directory
• Going along with this, it also has a “stealth mode” that allows for one-time temporary home directories (but it doesn’t self-destruct, don’t worry)
• The LibreSSL integration also continues, and now packages will be built with it by default
• If you’re using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update
• They’ve also been working on introducing some new options to enable tunneling your traffic through Tor
• There will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week
• A small disclaimer: remember that many things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity
• Look forward to Kris wearing a Tor shirt in future episodes

Feedback/Questions

• Antonio writes in
• Chris writes in
• Van writes in
• Stu writes in

Mailing List Gold

• H
• Pay up, mister Free
• Heritage protected
• Blind leading the blind
• What are the chances

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Next week’s episode will be prerecorded since we’ll be at AsiaBSDCon in Tokyo
• Be sure to say hello if you’re at the event – we’ve got at least two interviews confirmed already

The post Just Add QEMU | BSD Now 79 first appeared on Jupiter Broadcasting.