MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

Unifi UAP AC Pro

Deploy the UniFi AC Pro AP indoors or outdoors, in wireless networks requiring maximum performance. Sporting a weatherproof design, the UniFi AC Pro AP features simultaneous, dual-band, 3×3 MIMO technology and convenient 802.3af PoE/802.3at PoE+ compatibility.

Symetrix 528e Voice Processor

The 528Eis a complete, self-contained voice processor that performs six separate functions: microphone preamplification, de-essing (sibilance removal), compression/limiting, downward expansion, parametric EQ, and voice symmetry alignment. All six processors may be used simultaneously. Although we call the 528E Features:Works with any microphone (or line input)Enhances vocal intelligibility Increases perceived loudness and “presence”Great for voices as well as instruments and effects Reduces off-mic noise Reliable, proven design

Private Internet Access Tested in Court

While many VPN providers say they do not log their users’ activities in order to protect anonymity, it’s not often their claims get tested in the wild. However, a criminal complaint filed by the FBI this week notes that a subpoena sent to Private Internet Access resulted in no useful data being revealed about a suspected hoaxer.

— Noobs Corner —

Get in touch – let us know if you’d be interested in a comprehensive video guide “Getting Started with Linux! Email us today asknoah@jupiterbroadcasting.com

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commerical IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Origins | Ask Noah 1 first appeared on Jupiter Broadcasting.

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

File Server with dedicated controller

• 2U rackmount design, 8 x hot-swappable SATA/SAS drive bays, 1 x slim CD-ROM bay, 1 x FDD bay, 4 x 80mm middle fans,
• Switch: Power ON/OFF x 1, System reset x 1 ,Indicator: Power ON/OFF x 1, HDD x 1, NETWORK X 2, Connector: One front accessible USB port
• Motherboard Compatibility: Support EEB (12″x13″), CEB(12″x10.5″), ATX (12″x9.6″), Micro ATX (9.6″ x 9.6″)
• Power Supply Options: Standard 2U ATX power supply, Dimensions ( W x D x H ):19″ x 25.5″ x 3.5″ (483mm x 650mm x 88mm)

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Getting Started with Arch / Antergergos

• Yubikey on Arch
• Install packer and then do this: Install or Remove a Package in Antergos
• Manually Install a Package on Arch without Packer

Feedback on this?

TING

• Ting – mobile that makes sense

Links to other things we talked about this episode

• Electro Voice RE-20 – Amazon

• PreSonus AudioBox USB 2×2 Audio Interface

• Mikrotik RB941-2nD-TC

Linux Academy

• Linux Academy | Linux and AWS Online Training

Linux Academy students can now make their profile public and share their #Cloud Credentials with professional certifications pic.twitter.com/bpdATTag90

— LinuxAcademy.com (@linuxacademyCOM) September 20, 2016

Altispeed Technologies

Altispeed Technologies, the current employer of Noah is dedicated to providing creative solutions in an evolving world of technology by leveraging Linux and open source. If you’re looking for managed services such as networking, wireless, or Voip give us a call or click today!

• What did you think of this episode? If it spun off into it’s own show would you support it? Let us know what you think

The post Dial Up Linux | LINUX Unplugged 164 first appeared on Jupiter Broadcasting.

Amazon has a new TLS implementation & the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.

Some fantastic questions, a big round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Amazon releases s2n, a new TLS implementation

• s2n (signal2noise) is a brand new implementation of the TLS protocol in only ~6000 lines of code
• It has been fully audited, and will be re-audited once per year, paid for by Amazon
• It does not replace OpenSSL, as it only implements the TLS protocol (libssl) not the crypto primitives and algorithms (libcrypto). s2n can be built against any of the various libcrypto implementations, including: OpenSSL, LibreSSL, BoringSSL, and the Apple Common Crypto framework
• The API appears to be very easy to use, and prevent many common errors
• The client side of the library is not ready for use yet
• Features:
  • “s2n encrypts or erases plaintext data as quickly as possible. For example, decrypted data buffers are erased as they are read by the application.”
  • “s2n uses operating system features to protect data from being swapped to disk or appearing in core dumps.”
  • “s2n avoids implementing rarely used options and extensions, as well as features with a history of triggering protocol-level vulnerabilities. For example there is no support for session renegotiation or DTLS.”
  • “s2n is written in C, but makes light use of standard C library functions and wraps all memory handling, string handling, and serialization in systematic boundary-enforcing checks.”
  • “The security of TLS and its associated encryption algorithms depends upon secure random number generation. s2n provides every thread with two separate random number generators. One for “public” randomly generated data that may appear in the clear, and one for “private” data that should remain secret. This approach lessens the risk of potential predictability weaknesses in random number generation algorithms from leaking information across contexts. “
• One of the main features is that, instead of having to specify which set of crypto algorithms you want to prefer, in what order, as we have discussed doing before for OpenSSL (in apache/nginx, etc), to can either use ‘default’, which will change with the times, or a specific snapshot date, that corresponds to what was the best practise at that time
• Github Page
• Additional Coverage – ThreatPost
• It will be interesting to see how this compares with the new TLS API offered by LibreSSL, and which direction various applications choose to go.

How the NSA’s XKEYSCORE works

• “The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.”
• “XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.”
• “The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.”
• “In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.”
• You might expect some kind of highly specialized system to be required to do all of this, but that is not the case:
• “XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.”
• The security of the system is also not as good as than you might imagine:
• “Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.”
• “When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.”
• “There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.”
• The system is not well designed, and could likely have been done better with existing open source tools, or commercial software designed to classify web traffic
• “When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.”
• Your traffic is analyzed and will probably match a number of classifiers. The most specific classifier is added as a tag to your traffic. Eventually (3-5 days), your actual traffic is deleted to make room for newer traffic, but the metadata (those tags) are kept for 30-45 days
• “This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.””
• “One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.”
• “To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).”
• “Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.”
• All of this information is based on the Snowden leaks, and is from any years ago
• “If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.”
• Part 2 of Article

[SoHo Routers full of fail]

Home Routers that still support RIPv1 used in DDoS reflection attacks

• RIPv1 is a routing protocol released in 1988 that was deprecated in 1996
• It uses UDP and so an attacker can send a message to a home router with RIP enabled from a spoofed IP address, and that router will send the response to the victim, flooding their internet connection
• ““Since a majority of these sources sent packets predominantly of the 504-byte size, it’s pretty clear as to why they were leveraged for attack purposes. As attackers discover more sourc­es, it is possible that this vector has the potential to create much larger attacks than what we’ve observed thus far,” the advisory cautions, pointing out that the unused devices could be put to work in larger and more distributed attacks.”
• “Researchers at Akamai’s Prolexic Security Engineering and Research Team (PLXsert) today put out an advisory about an attack spotted May 16 that peaked at 12.9 Gbps. Akamai said that of the 53,693 devices that responded to RIPv1 queries in a scan it conducted, only 500 unique sources were identified in the DDoS attack. None of them use authentication, making them easy pickings.”
• Akamai identified Netopia 2000 and 3000 series routers as the biggest culprits still running the vulnerable and ancient RIPv1 protocol on devices. Close to 19,000 Netopia routers responded in scans conducted by Akamai, which also noted that more than 5,000 ZET ZXv10 and TP-Link TD-8000 series routers collectively responded as well. Most of the Netopia routers, Akamai said, are issued by AT&T to customers in the U.S. BellSouth and MegaPath also distribute the routers, but to a much lesser extent.

Home Routers used to host Malware

• Home routers were found to be hosting the Dyre malware
• Symantec Research Paper of Dyre
• Affected routers include MikroTik and Ubiquiti’s AirOS, which are higher end routers geared towards “power user” and small businesses
• “We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS,” said Bryan Campbell, lead threat intelligence analyst at Fujitsu. “The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.”
• “Campbell said it’s not clear why so many routers appear to be implicated in the botnet. Perhaps the attackers are merely exploiting routers with default credentials (e.g., “ubnt” for both username and password on most Ubiquiti AirOS routers). Fujitsu also found a disturbing number of the systems in the botnet had the port for telnet connections wide open.”

Feedback:

• ZFS with 4K drives?

• ZFS Replication Between FreeNAS and Linux

• Splitting a pool

• DNS Transfer Email Downtime Followup

• FreeBSD Mastery: ZFS — Not just about ZFS

Round Up:

• Hacked OPM and Background Check Contractors Lacked Logs, DHS Says
• How Facebook stores 900 million new photos per day, using Blu-Ray disks Video
• Software developers are failing to implement crypto correctly, data reveals
• Windows 10 will share all of your WiFi passwords with your Outlook (and optionally Facebook) Contacts. Access points can opt out by adding ‘_optout’ to the SSID
• Cisco to buy security firm OpenDNS for $635 million
• Your F5 BIG-IP load balancer is not affected by the Redhat 4.x/5.x bug that might make it reboot during the leap second We are sorry your BIG-IP rebooted during the leap second
• DYN reports possible routing hiccup caused by leap second Turns out it was just someone accidently routing all traffic to Amazon AWS via their AS
• Someone is cutting fiber optic cables in California
• IKEA presents how they patched 3500 RHEL servers for the shellshock vulnerability in only 2.5 hours
• Scaling the Address Resolution Protocol for Large Data Centers (SARP)
• SSLv3 now officially deprecated
• Cisco UCDM (Unified Communications Domain Manager) has a default static password for a root account

The post Ripping me a new Protocol | TechSNAP 221 first appeared on Jupiter Broadcasting.

The Belkin router apocalypse takes users offline all over the world, Infected ATMs spit out money on cue, plus isolating your network, a great batch of your questions & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

Belkin router apocolypse, world wide outage of almost all Belkin routers

• “Starting approximately midnight on October 7, Belkin began experiencing an issue with a service configured in certain Belkin router models that causes a failure when it checks for general network connectivity by pinging a site hosted by Belkin.”
• It seems Belkin routers check to see if “the internet is up” by pinging or connecting to heartbeat.belkin.com. When this service went down, all of those routers decided the internet was ‘down’, and stopped letting customers use the Internet, despite the fact that the rest of the Internet was fine
• “One of our cloud services associated with maintaining router operations was negatively impacted by a change made in our data center that caused a false denial of service. Normal operations were restored by 3PM PST, but some users might still need to reset their router and/or cable modem to regain connectivity. Moving forward, we will continue to monitor, improve and validate the system to ensure our routers continue to work properly in the event connectivity to our cloud environment is not available. “
• The fact that the routers rely on only a single signal, a response from heartbeat.belkin.com, to determine if the internet is working, seems wrong.
• Even so, it doesn’t explain why the routers ‘give up’ and stops users accessing the Internet
• It appears this has to do with the DNS Resolver in the Router, which stops attempting to resolve addresses when it cannot reach the Belkin site. Users to manually change their DNS servers to Google Public DNS or OpenDNS had their service restored
• What if the Belkin site goes down? (Like it did). What if there is a routing or transit issue? What if access to the Belkin site is blocked in your country?
• “If your service has not yet been restored, please unplug your router and plug it back in after waiting 1 minute. Wait 5 more minutes and the router should reconnect.”
• There were rumours that this issue was caused by a firmware update. Belkin denies this, although it is not clear if they had pushed a firmware update around the same time or not
• Interesting: Apparently Belkin’s call center got a high volume of calls. How many users call their Router manufacturer when they have an issue, rather than their ISP? My Cisco router/modem only had my ISPs phone number on it.
• Belkin Status Page
• Belkin Community Forums
• Additional Coverage: Internet Storm Center

Infected ATMs spit out money on queue, without debiting anyones bank account

• “What do you need in order to withdraw cash from an ATM?”
• First, you need to have a debit or credit card, which acts as a key to your bank account
• Second, you must know the PIN code associated with the card; otherwise, the bank wouldn’t approve the transaction.
• Finally, you need to have some money in your account that you can withdraw.
• Or, you just need a bootable CD
• “However, hackers do things differently: they don’t need cards, PIN codes or bank accounts to get money. In reality, all they need is an ATM with some cash in it and a special piece of software.”
• “criminals were somehow able to physically access the ATMs so that they could install the malware via a bootable CD on an embedded Windows machine”
• “The trojan that was used had complex abilities. First, when activated inside of the ATM, it had the ability to turn off the McAfee Solidcare AV software so that it could do its job with ease”
• “Second, to avoid accidental detection, Tyupkin trojan had the ability to stay in a standby mode for an entire week and activate only Sunday and Monday nights.”
• “Third, it had the ability to disable the local network in the case of an emergency, so that the bank could not remotely connect to the ATM to check on what was happening with it.”
• “All an attacker has to do is merely approach an infected ATM and enter a special PIN code in order to access the secret menu that will allow him to make cash withdrawals or control the trojan (for example, to delete it).”
• “To make a withdrawal the person has to know the appropriate commands, as well as a special formula that will calculate a session key — some kind of a two-factor authentication. If both codes are correct, then a second menu will appear that allows the criminal to choose the cassette number and make a withdrawal.”
• “Although one can only dispense 40 banknotes per transaction, it’s possible to dispense any amount of money by simply performing the actions several times over.”

Pair arrested for exploiting flaw in Casino slot machines

• John Kane, a gambling addict, and an accomplice, Andre Nestor, exploited a bug in Game King video poker slot machines
• “It turned out the Game King’s endless versatility was also its fatal flaw. In addition to different game variants, the machine lets you choose the base level of your wagers: At the low-limit Fremont machines, you could select six different denomination levels, from 1 cent to 50 cents a credit”
• “The key to the glitch was that under just the right circumstances, you could switch denomination levels retroactively. That meant you could play at 1 cent per credit for hours, losing pocket change, until you finally got a good hand—like four aces or a royal flush. Then you could change to 50 cents a credit and fool the machine into re-awarding your payout at the new, higher denomination. “
• “Performing that trick consistently wasn’t easy—it involved a complicated misdirection that left the Game King’s internal variables in a state of confusion. But after seven hours rooted to their seats, Kane and Nestor boiled it down to a step-by-step recipe that would work every time. “
• It turns out John Kane was very familiar with the slot machine in question:
• “he blew half a million dollars in 2006 alone—a pace that earned him enough Player’s Club points to pay for his own Game King to play at his home on the outskirts of Vegas, along with technicians to service it. (The machine was just for fun—it didn’t pay jackpots.)“ He’s played more than anyone else in the United States, says his lawyer, Andrew Leavitt. I’m not exaggerating or embellishing. It’s an addiction.”
• Game King 5.0 was released in 2002, however it contained a series of subtle errors in program number G0001640 that evaded laboratory testing and source code review.
• “The bug survived like a cockroach for the next seven years. It passed into new revisions, one after another, ultimately infecting 99 different programs installed in thousands of IGT machines around the world. As far as anyone knows, it went completely undetected until late April 2009, when John Kane was playing at a row of four low-limit Game Kings outside the entrance to a Chinese fast food joint”
• “Kane had some idea of how the glitch operated but hadn’t been able to reliably reproduce it. Working together, the two men began trying different combinations of play, game types, and bet levels, sounding out the bug like bats in the dark.”
• The pair eventually sorted out the details, and managed to get more than $750,000 out of various slot machines before being arrested

Feedback:

• Building a FreeBSD storage backend for my cloud
  • High Availably Storage Technology
  • FreeBSD Wiki about GlusterFS

• Home hybrid router replacement

• Server Isolation

• What to do when cafes have terrible network the security

Round up:

• Adobe is Spying on Users, Collecting Data on Their eBook Libraries
• Shell Shock proof-of-concepts against various applications, also includes one-liners to test your bash against each different vulnerability
• Funny post over at OpenBSD misc@ mailing list: User doesn’t quite understand how bash vulnerability checks work
• Marriott fined $600K by FCC for Wi-Fi blocking scam – Android Authority
• Defense contractor Raytheon gets patent for ‘smart mouse’ technology, based on smart grip technology for guns, authenticate the user by the way they hold their mouse
• Popular electricity smart meters in Spain can be hacked, researchers say
• Backblaze updates Drive Reliability numbers, still lacking some detail
• SQL Injection Vulnerability in ‘Yahoo! Contributors Network’
• JPMorgan Chase breach exposes data on 83 million customers. No credit card or social security data was taken. However, security experts remain skeptical that this breach is as low-impact as the bank is suggestion

The post Belkin Heartbeat Stops | TechSNAP 183 first appeared on Jupiter Broadcasting.

A CloudFlare outage takes down three quarter of a million sites, we’ll tell you what went wrong.

Some old school malware gets the job done, Allan’s cool toys from Japan, a big batch of your questions our answers, and much more on this week’s TechSNAP.

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Support the Show: