Show Notes: linuxactionnews.com/213

The post Linux Action News 213 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/429

The post Starlink's Linux Secrets | LINUX Unplugged 429 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/369

The post Another Pass at Bypass | TechSNAP 369 first appeared on Jupiter Broadcasting.

RSS Feeds:

HD Video Feed | MP3 Feed | iTunes Feed

Become a supporter on Patreon:

Episode Links

• LineageOS 15.1 is finally here — We’ve been working hard these months to get this new version available; the changes that were done in upstream (AOSP) are huge: Project Treble changed the way hardware is managed in Android, so all the OEM-abandoned platforms that are supported by Lineage had to be adapted for the new platform.
• XDA article
• Unity 8 running on 18.04
• Ubuntu metrics collection will be opt-in when upgrading to 18.04 — “Upgrading users would need to purposely “opt-in” to this behaviour, as that wasn’t
  explicitly asked in the past.
• Collecting user data while protecting user privacy — The technique varies a lot in exactly how it’s applied, but the basic concept is that for any question, there’s a random chance that the answerer should lie in their response.
• Signal Foundation is born thanks to $50M from WhatsApp co-founder — Today, we are launching the Signal Foundation, an emerging 501(c)(3) nonprofit created and made possible by Brian Acton, the co-founder of WhatsApp, to support, accelerate, and broaden Signal’s mission of making private communication accessible and ubiquitous.
• First RISC-V board available to pre-order —
  HiFive Unleashed is the ultimate RISC-V developer board. Featuring the world’s first and only Linux-capable, multi-core, RISC-V processor — the Freedom U540 — the HiFive Unleashed ushers in a brand new era for RISC-V.
• HiFive Unleashed launch FOSDEM 2018 Video
• Tech Talk Today is back — Elon Musk bet the future of SpaceX on the Falcon Heavy launch. On Thursday SpaceX launched a pair of prototype satellites intended to form the basis for Starlink, a constellation of satellites that are designed to beam broadband internet down to Earth.

The post Linux Action News 42 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— Join us For War Stories Night! —

• Call In 1-855-450-NOAH
• Saturday, November 18th
• Listen Live
• Watch Live

— The Cliff Notes —

• Cheap Ham Radio
• Best Ham Radio for the Money
• Automatic Packet Reporting System
• ARRL Find a Club
• ARRL November Sweepstakes Competition
• Question Pool
• SnapShooter.io
• VoxTeleSys

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Owning Your Communications | Ask Noah 34 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Using VPN for all WAN traffic

• “I have a server with 2 1GB NICs, an un-managed switch, and a single gateway. Ideally, I would like WAN traffic routed through a PIA VPN
  using openVPN, and LAN traffic to be routed locally without a VPN.”

• Unmanaged switch isn’t ideal, but it’s far from bad.

• Assuming the server will act as firewall / gateway

• NIC #1 to router/modem, NIC #2 to switch with a static IP (say 10.1.1.1)

• run a DHCP server on there, handing out 10.1.1.1 as the default gateway, DNS as you see fit

• everything from LAN will go out via NIC #2 of server

• server connects to VPN provider via OpenVPN. There are options on to set the default gateway. This is the gateway which the server will use. All traffic leaving your network will go out to that destination.

• Not having used PIA, but I’ll guess you want your OpenVPN connection to accept their configuration settings (dns, etc) and use that on your server while it is running OpenVPN.

A Protocol For Distributed Multiparty Chat Encryption

• review by nccgroup.

• The protocol has the following security properties for group messaging:

• Confidentiality: the conversation is not readable to an outsider

• Forward secrecy: conversation history remains unreadable to an outsider even if participants’ encryption keys are compromised
• Deniable authentication: Nobody can prove your participation in a chat
• Authorship: A message recipient can be assured of the sender’s authenticity even if other participants in the room try to impersonate the sender
• Room consistency: Group chat participants are confident that they are in the same room
• Transcript consistency: Group chat participants are confident that they are seeing the same sequence of messages

I’m giving up on HPKP

• what is HTTP PKP?

• https://securityheaders.io – belongs to author

• Be Afraid Of HTTP Public Key Pinning (HPKP)

• Certificate Authority Authorisation – Later this year all CAs will be required to check a new DNS record called CAA before issuing a certificate – you can set a DNS record that specifies which CA you authorise to issue certs for your domain

• Certificate Transparency – Once CT is a requirement no CA will be able to issue a certificate in secret without the owner of the domain knowing about it because it will be present in publicly visible CT logs. See crt.sh

• OCSP leaks information

• What is OCSP (Online Certificate Status Protocol)?

Feedback

• Database migrations in Episode 332

• Extra skimming prevention tip

• Let’s Encrypt uses ~/.well-known/ directory – referenced in How It Works, but not named and explicity named in the Integration Guide

Round Up:

• Write a hash table in C

• BGP leak causes Internet outages in Japan and beyond

• The Right Way to Manage Secrets with AWS

• How to Incrementally Move an Ecommerce Site to HTTPS

• Google Removes 300 Apps Used to Launch DDoS Attacks From Play Store

• Hardening Framework Components

• 10% of the Internet Is Encrypted with Lava Lamps

The post HPKP: Hard to Say, Hard to Use | TechSNAP 334 first appeared on Jupiter Broadcasting.

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Signal Messenger is Secure

They conclude that it is impossible to say if Signal meets its goals, as there are none stated, but say their analysis proves it satisfies security standards adding “we have found no major flaws in its design, which is very encouraging”.

New MacBook Doesn’t Run Linux

The three primary issues here are:
1) The input devices are on SPI, not USB. Apple’s ACPI tables don’t provide the GPIO mappings for these things via the standard mechanisms, so the chipset driver won’t bind. You then still need another driver for the SPI controller, and there’s an out of tree one at https://github.com/cb22/macbook12-spi-driver/ . Longer term, the kernel needs to be able to parse Apple’s ACPI tables and that driver needs merging.

2) Apple’s NVME hardware uses the wrong PCI device class, possibly because it’s not entirely NVME compatible (trying to read 64 bits of mmio register space in one go will fail, for instance). Linux has a specific entry for the older Apple NVME devices, and that may need to be broadened.

3) Having source ID checking enabled when doing IRQ remapping results in the system hanging on boot. It’s unclear what the underlying problem is.
– mjg59 @ https://news.ycombinator.com/item?id=12924051

LinuxFest Northwest founder honored with Cascadia Community Builder Award

In 1968, The Great Northern Railroad hired Bill, then a student at Western Washington University, because of his computer experience, which at that time consisted of using punched cards and perforated paper tapes. Bill became interested in Linux and the open source community in the late 1990s. With a few other computer nerds, he helped start the Bellingham Linux User Group in 1998 and its first LinuxFest in 2000. As BLUG and LFNW’s Treasurer, Bill has been involved with organizing and community outreach ever since.

“Linuxfest Northwest reaches a huge number of people,” said Emily Dunham, who serves on the award committee. “Bill is a great example of what the award is about.” The award committee hopes that Bill Wright’s tireless work will continue to inspire other free software activists in the Cascadia region.

Budgie withdrawn from Open Build Service

Please note that as of Budgie 11, support will be withdrawn for the OBS repositories for the Budgie Desktop for openSUSE and Fedora.

This will ensure that the Solus project is no longer maintaining external repositories for Budgie Desktop. As a desktop environment, it is vital that it is well tested, and well integrated, into other distributions.

Unfortunately, in the 3 years that the OBS repo has been maintained by the Solus team (Ikey, personally), nobody has stepped forward to maintain the repos, and we’ve seen no news of remaining downstreams trying to integrate Budgie into their parent repos (Budgie Desktop wiki in openSUSE says to use the OBS repo)

The Linux Foundation’s Core Infrastructure Initiative Renews Funding for Reproducible Builds Project

The grant extends the contribution to include Debian developers Chris Lamb, Mattia Rizzolo, Ximin Luo and Vagrant Cascadian, as well as extending funding for Holger Levsen. Furthermore, this contribution adds support for Ed Maste, working with FreeBSD.

While anyone can inspect the source code of free software for malicious flaws, most Linux distributions provide binary (or compiled) packages to end users. The motivation behind “reproducible” builds is to allow verification that no flaws have been introduced during the compilation process by endeavouring that identical binary packages are generated from a given source. This prevents the installation of backdoor-introducing malware on developers’ machines as an attacker would need to simultaneously infect all developers attempting to reproduce the build.

“Ensuring that no flaws are introduced during the build process greatly improves software security and control,” said Lamb. “Our work has already made significant progress in Debian GNU/Linux, and we are making our tools available for Fedora, Guix, Ubuntu, OpenWrt and other distributions.

Linux Desktop 0-day from a NES emulator?

A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete “scripting” inside a music player. NSF files are music files from the Nintendo Entertainment System

This exploit abuses a vulnerability in the gstreamer-0.10 plug-in for playing NSF music files. These music files are not like most other music files that your desktop can play. Typical music files are based on compressed samples and are decoded with a bunch of math. NSF music files, on the other hands, are played by actually emulating the NES CPU and sound hardware in real time. Is that cool or what? The gstreamer plug-in creates a virtual 6502 CPU hardware environment and then plays the music by running a bit of 6502 code for a little while and then looking at the resulting values in the virtualized sound hardware registers and then rendering some sound samples based on that.

• NES Classic joins the “can it run Linux” club

TING

• Ting – mobile that makes sense

PSA: KDE Neon users are requested to perform a full reinstall

The package archive used by KDE neon was incorrectly configured allowing anyone to upload packages to it. There is no reason to think that anyone actually did so but as a precaution we have emptied the archives and removed ISOs built before this date. The archive is being rebuilt and ISOs regenerated.

Solution:
Upgrade to the latest packages once rebuilt.

You can bypass linux disk encryption authentication by pressing the enter key for 70 seconds

An error in the implementation of the Cryptsetup utility used for encrypting hard drives allows an attacker to bypass the authentication procedures on some Linux systems just by pressing the Enter key for around 70 seconds. This results in the attacked system opening a shell with root privileges.

Encrypted data is safe, but attackers can get root privileges on targeted systems.

• Major Linux security hole gapes open | ZDNet

Can Linux containers save IoT from a security meltdown?

Security is a selling point for these products, and for good reason. The Mirai botnet that recently attacked the Dyn service and blacked out much of the U.S. Internet for a day brought Linux-based IoT into the forefront — and not in a good way. Just as IoT devices can be turned to the dark side via DDoS, the devices and their owners can also be the victimized directly by malicious attacks.

In this final, future-looking segment of our IoT series, we look at two Linux-based, Docker-oriented container technologies that are being proposed as solutions to IoT security. Containers might also help solve the ongoing issues of development complexity and barriers to interoperability that we explored in our story on IoT frameworks.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

The End of the General Purpose Operating System

• Going Serverless: AWS and Compelling Science Fiction

• Re-Imagining the Container Stack to Optimize Space and Speed

• The cloud’s most open option for containers

Linux Academy

• Linux Academy | Linux and AWS Online Training

Doing Business with Linux

• Free Geek Toronto

• Other Free Geek locations – Wikipedia

• Microsoft partner claims Windows 10 a better choice for Munich

Semi-automatic document scanning with Paperwork

• Paperwork Github
• Paperless: Scan and index paper documents

Post Show

+ [fix-windows-privacy: new tool to automate getting your privacy back on Windows 10](https://modzero.github.io/fix-windows-privacy/)

The post Uncontained Human Error | LINUX Unplugged 171 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Source Code for IoT Botnet ‘Mirai’ Released

• “The source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.”
• “The leak of the source code was announced Friday on the English-language hacking community Hackforums. The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.”
• “Vulnerable devices are then seeded with malicious software that turns them into “bots,” forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.”
• A quote from the person who released the code: “When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai wrote. “I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”
• “Sources tell KrebsOnSecurity that Mirai is one of at least two malware families that are currently being used to quickly assemble very large IoT-based DDoS armies. The other dominant strain of IoT malware, dubbed “Bashlight,” functions similarly to Mirai in that it also infects systems via default usernames and passwords on IoT devices.”
• “According to research from security firm Level3 Communications, the Bashlight botnet currently is responsible for enslaving nearly a million IoT devices and is in direct competition with botnets based on Mirai.”
• “Infected systems can be cleaned up by simply rebooting them — thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot.”
• It is surprising that the botnets are not changing the default passwords to prevent reinfection by competing botnets. Of course, if you are scanning using the new secret password, every honeypot is going to get that password and be able to recapture your devices
• “In the days since the record 620 Gbps DDoS on KrebsOnSecurity.com, this author has been able to confirm that the attack was launched by a Mirai botnet. As I wrote last month, preliminary analysis of the attack traffic suggested that perhaps the biggest chunk of the attack came in the form of traffic designed to look like it was generic routing encapsulation (GRE) data packets, a communication protocol used to establish a direct, point-to-point connection between network nodes. GRE lets two peers share data they wouldn’t be able to share over the public network itself. One security expert who asked to remain anonymous said he examined the Mirai source code following its publication online and confirmed that it includes a section responsible for coordinating GRE attacks.”
• “My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems.”
• “On the not-so-cheerful side, there are plenty of new, default-insecure IoT devices being plugged into the Internet each day. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day, Gartner estimates.”

A tale of a dns packet

• “BIND is the most used DNS server on the internet. It is the standard system for name resolutions on UNIX platforms and is used in 10 of the 13 root servers of the Name Domain System on the internet. Basically, it is one of the main function of the entire Internet.”
• “The tests done by ISC (Internet Systems Consortium) discovered a critical error when building a DNS response.”
• “This assertion can be triggered even if the apparent source address isn’t allowed to make queries (i.e. doesn’t match ‘allow-query’)”
• “Following the tradition of having errors in the necessary software for the survival of humanity, CVE-2016-2776 came to light. With details of the problem basically nowhere to be found, nor what was the mysterious “Specifically Constructed Request”, we decided to see what exactly was modified in the repository of Bind9.”
• “Now that we are convinced that msg->reserved is potentially dangerous when 500 < msg->reserved <= 512, it is time to see how we can manipulate this variable. Tracking the use of dns_message_renderreserve() in lib/dns/message.c we find that msg->reserved is used to track how many bytes will be necessary to write the Additional RR (OPT, TSIG y SIG(0)) once the response is finished rendering on dns_message_renderend().”
• “The most direct way we’ve found of manipulating an Additional RR included on the response is sending a query with a TSIG RR containing an invalid signature. When this happens, the server echoes practically all the record when responding.”
• “The following script sends a query A to the server with a TSIG large enough so as to make the server reserve 501 bytes on msg->reserved when writing the response.”
• “When it gets to dns_message_renderbegin() we have the context we’ve looked for: msg->reserved on 501 and r.length on 512. The if condition which should throw ISC_R_NOSPACE in the patch is not triggered.”
• And BIND crashes
• “We can see now with the instruction immediately after the validation why it was so important to consider DNS_MESSAGE_HEADERLEN. Immediately after validating that the buffer has the sufficient space to store msg->reserved bytes, it allocates DNS_MESSAGE_HEADERLEN (12) bytes in it. In other words it didn’t check if after reserving msg->reserved, there is enough space to store 12 bytes more. What happens in the end is that when returning from the function, the available space on buffer is of 500 bytes (buffer->length – buffer->used = 512 – 12 = 500) but we’re reserving 501.”
• “This leaves the integrity of the isc_buffer_t msg->buffer structure corrupt: now msg->buffer->used is BIGGER than msg->buffer->length. All the ingredients are here, we just need to put them in the oven.”
• “Publishing a fix about a lethal bug where you would have to patch the whole internet, doesn’t leave a lot of time to find elegant solutions. So if you review the fix it’s possible that a new similar bug appears in dns_message_renderbegin(). while the use of msg->reserved is quite limited. It continues being a complex software. Meanwhile msg->reserved is still being used, the existence of a bug like CVE-2016-2776 is quite probable.”

4 ways to hack ATMs

• “We have already told you about a number of hacker groups jackpotting money from ATMs. Now you can see it with your own eyes! Our experts shot four videos of ATM hack demos.”
• Method 1: Fake processing center
• Disconnect the network cable for the ATM, and connect it to your rogue device (a Raspberry Pi will do)
• When the ATM asks “the bank” (your rpi) if it is ok you give the person money, always say yes

• “The box is used to control the cash trays and send commands to the ATM, requesting money from the chosen tray. It’s as simple as that: The attacker can now use any card or input any PIN code, and the rogue transactions will look legitimate.”

• Method 2: A remote attack on several ATMs
• “This method involves an insider working in the target bank. The criminal purchases a key from the insider that opens the ATM chassis. The key does not give an attacker access to the cash trays, but it exposes the network cable. The hacker disconnects the ATM from the bank’s network and plugs in a special appliance that sends all of the data to their own server.”
• “Networks connecting ATMs are often not segmented (separated for security), and ATMs themselves can be configured incorrectly. In that case, with such a device a hacker could compromise several ATMs at once, even if the malicious device is connected to only one of them.”
• This method works when the network cables are not exposed

• Then the rest is the same as Method 1

• Method 3: The black box attack
• In this attack, the bad guys directly connect their black box to the cash trays, and send them the commands to spit out the money
• “As previously described, the attacker obtains the key to the ATM chassis and accesses it, but this time puts the machine into maintenance mode. Then the hacker plugs a so-called black box into the exposed USB port. A black box in this case is a device that allows an attacker to control the ATM’s cash trays.”

• “While the attacker tampers with the ATM, its screen displays a service message like “Maintenance in progress” or “Out of service,” although in reality the ATM can still draw cash. Moreover, the black box can be controlled wirelessly via a smartphone. The hacker just taps a button on the screen to get the cash and then disposes of the black box to hide the evidence that the machine was compromised.”

• Method 4: Malware attack
• “There are two ways to infect a target ATM with malware: by inserting a malware-laced USB drive into the port (requiring the key to the ATM chassis) or by infecting the machine remotely, having first compromised the bank’s network.”
• “If the target ATM is not protected against malware or does not employ whitelisting, a hacker can run malware to send commands to the ATM and make it dispense cash, repeating the attack until the cash trays are empty.”
• “Of course, not all ATMs are hackable. The attacks described above are feasible only if something is misconfigured. It could be that the bank’s network is not segmented, or authentication is not required when the ATM’s software exchanges data with the hardware, or there is no whitelist for apps, or the network cable is easily accessible.”

• So there are a number of ways to address these issues
• Method 1 and 2 should normally be defeated by proper use to SSL/TLS. Of course you want the messages exchanged with the bank’s processing center to be encrypted, integrity checked (guaranteed not to have been modified by the bad guy), but TLS also provides authentication, assurance that the remote end is actually the trusted bank, not a bad guy. The ATM should have a list of trusted certificates, and refuse to process transactions with any other party.
• Method 3 requires some way to establish trust between the ATM software, and the cash box hardware. Even if the messages between the computer and the cash box were encrypted, authenticated, and integrity checked, the issue is that the private key used to ‘sign’ the messages to the cashbox would need to be stored on the ATM computer. Maybe the commands to the cash box should be signed by the bank’s processing center.
• To solve Method 4 will require software whitelisting. If the ATM will only run software signed by the trusted certificates of the bank or ATM manufacturer, then it is much harder for the bad guys to get their malware to work on the ATM

Feedback:

• MySQL Replication

• Hard drive fail. Help, please.

• Good ZFS Question

Round Up:

• N.S.A. Contractor Arrested in Possible New Theft of Secrets
• Backdoored D-Link Router Should be Trashed, Researcher Says
• Encryption App Signal Wins Fight Against FBI Subpoena And Gag Order
• Apparently every browser did TLS 1.2 wrongg
• BadKernel Vulnerability Affects One in 16 Android Smartphones
• New credit cards with auto-changing CVVs appearing in France and Poland
• Spotify Free Service Caught Dropping Malware on User Browsers
• Hack warnings prompt cyber ‘security fatigue’
• Major Outage Knocks Out All Top Phone Providers on the East Coast
• UNIX recovery master class
• Fax machines’ custom Linux allows dial-up hack
• The worst phonetic alphabet

The post Open Source Botnet | TechSNAP 287 first appeared on Jupiter Broadcasting.

Find out why everyone’s just a little disappointed in Badlock, the bad security that could be connected to the Panama Papers leak & the story of a simple delete command that took out an entire hosting provider.

Plus your batch of networking questions, our answers & a packed round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Badlock vulnerability disclosed

• The badlock vulnerability was finally disclosed on Tuesday after 3 weeks of hype
• It turns out to not have been as big a deal as we were lead to believe
• The flaw was not in the SMB protocol itself, but in the related SAM and LSAD protocols
• The flaw itself is identified as https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2118
• It affects all versions of Samba clear back to 3.0
• “Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases are available”
• “Please be aware that Samba 4.1 and below are therefore out of support, even for security fixes. There will be no official security releases for Samba 4.1 and below published by the Samba Team or SerNet (for EnterpriseSAMBA). We strongly advise users to upgrade to a supported release.”
• See the Samba Release Planning page for more details about support lifetime for each branch
• Microsoft releases MS16-047 but rated it only “Important”, not “Critical”
• The patch fixes an “elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels. An attacker could then impersonate an authenticated user”
• Microsoft was also careful to note: “Only applications and products that use the SAM or LSAD remote protocols are affected by this issue. The SMB protocol is not vulnerable.”
• It seems most of the “badlock” bugs were actually in Samba itself, rather than the protocol as we were lead to believe
• “There are several MITM attacks that can be performed against a variety of protocols used by Samba. These would permit execution of arbitrary Samba network calls using the context of the intercepted user. Impact examples of intercepting administrator network traffic:”
• Samba AD server – view or modify secrets within an AD database, including user password hashes, or shutdown critical services.
• standard Samba server – modify user permissions on files or directories.
• There were also a number of related CVEs that are also fixed:
  • CVE-2015-5370 3.6.0 to 4.4.0: Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. It is unlikely but not impossible to trigger remote code execution, which may result in an impersonation on the client side.
  • CVE-2016-2110 3.0.0 to 4.4.0: The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. Which has implications on encrypted LDAP traffic.
  • CVE-2016-2111 3.0.0 to 4.4.0: When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel’s endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.
  • CVE-2016-2112 3.0.0 to 4.4.0: A man in the middle is able to downgrade LDAP connections to no integrity protection. It’s possible to attack client and server with this.
  • CVE-2016-2113 4.0.0 to 4.4.0: Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).
  • CVE-2016-2114 4.0.0 to 4.4.0: Due to a bug Samba doesn’t enforce required smb signing, even if explicitly configured. In addition the default for the active directory domain controller case was wrong.
  • CVE-2016-2115 3.0.0 to 4.4.0: The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection. Samba doesn’t enforce SMB signing for this kind of SMB connections by default, which makes man in the middle attacks possible.
• Additional Coverage: Threadpost – Badlock vulnerability falls flat against its type
• “As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services.”
• “Red Hat security strategist Josh Bressers said Badlock could have been much worse, especially if it had turned out to be a memory corruption issue in SMB as some had surmised. Such a scenario would have cleared a path for remote code execution, for example.”
• Additional Coverage: sadlock.org

Panama Papers: Mossack Fonseca

• Eleven million documents were leaked from one of the world’s most secretive companies, Panamanian law firm Mossack Fonseca.
• They show how Mossack Fonseca has helped clients launder money, dodge sanctions and avoid tax.
• The documents show 12 current or former heads of state and at least 60 people linked to current or former world leaders in the data.
• Eleven million documents held by the Panama-based law firm Mossack Fonseca have been passed to German newspaper Sueddeutsche Zeitung, which then shared them with the International Consortium of Investigative Journalists. BBC Panorama is among 107 media organisations – including UK newspaper the Guardian – in 76 countries which have been analysing the documents.
• There are many conspiracy theories about the source of the Panama Papers leak. One of the more prominent theories today blames the CIA.
• Bradley Birkenfeld is “the most significant financial whistleblower of all time,” and he has opinions about who’s responsible for leaking the Panama Papers rattling financial and political power centers around the world.
• Wikileaks is also getting attention today for blaming USAID and George Soros for the leaks.
• What little is known about the source of the leak comes from details published by German newspaper Suddeutsche Zeitung. Communicating via encrypted chat in late 2014, the source warned his or her life was “in danger” but that they had data from law firm Mossack Fonseca that they wanted to share. When asked how much data they had, the source replied “more than you have ever seen,” according to the newspaper.
• Regardless, the front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed.
• Mossack Fonseca’s client portal is also vulnerable to the DROWN attack, a security exploit that targets servers supporting the obsolete and insecure SSL v2 protocol. The portal, which runs on the Drupal open source CMS, was last updated in August 2013, according to the site’s changelog.
• On its main website Mossack Fonseca claims its Client Information Portal provides a “secure online account” allowing customers to access “corporate information anywhere and everywhere”. The version of Drupal used by the portal has at least 25 vulnerabilities, including a high-risk SQL injection vulnerability that allows anyone to remotely execute arbitrary commands. Areas of the portal’s backend can also be accessed by guessing the URL structure, a security researcher noted.
• Mossack Fonseca’s webmail system, which runs on Microsoft’s Outlook Web Access, was last updated in 2009, while its main site runs a version of WordPress that is three months out of date. A further vulnerability makes it possible to easily access files uploaded to the backend of Mossack Fonseca’s site simply by guessing the URL.
• Mossack Fonseca’s emails were also not transport encrypted, according to privacy expert Christopher Soghoian who noted the company did not use the TLS security protocol.
• Who leaked the Panama Papers? A famous financial whistleblower says: CIA. / Boing Boing
• Wikileaks Accuses US Of Funding Panama Papers Putin Expose | The Daily Caller
• Panama Papers: The security flaws at the heart of Mossack Fonseca (Wired UK)
• Additional Coverage: The Register – Mossack Fonseca website found vulnerable to SQL injection
• Additional Coverage: Forbes
• Additional Coverage: WordFence
• Additional Coverage: Slashdot
• In general, it seems there were so many flaws in the website we may never know which one was used to compromise the server

I accidently rm -rf /’d, and destroyed my entire company

• “I run a small hosting provider with more or less 1535 customers and I use Ansible to automate some operations to be run on all servers. Last night I accidentally ran, on all servers, a Bash script with a rm -rf {foo}/{bar} with those variables undefined due to a bug in the code above this line.”
• “All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script).
  How I can recover from a rm -rf / now in a timely manner?”
• There is not usually any easy way to recover from something like this
• That is why you need backups. Backups are not just a single copy of your files in another location, you need time series data, in case you need to go back more than the most recent backup
• It is usually best to not have your backups mounted directly, for exactly this reason
• Even if you will never rm -rf /, an attacker might run rm -rf /backup/*
• While cleaning up after an attacker attempted to use a Linux kernel exploit against my FreeBSD machine in 2003, I accidently rm -rf /’d in a roundabout way, Trying to remove a symlink to / that had a very funky name (part of the exploit iirc), i used tab complete, and instead of: rm -rf badname, it did rm -rf badname/, which deletes the target of the symlink, which was /.
• Obviously this was my fault for using -r for a symlink, since I only wanted to delete one thing
• When the command took too long, I got worried, and when I saw ‘can’t delete /sbin/init’, I panicked and aborted it with control+c
• Luckily, I had twice daily backups with bacula, to another server. 30 minutes later, everything was restored, and the server didn’t even require a reboot. The 100+ customers on the machine never noticed, since I stopped the rm before it hit /usr/home
• There are plenty of other examples of this same problem though
• Steam accidently deletes ALL of your files
• Bryan Cantrill tells a similiar story from the old SunOS days
• Discussion continues and talks about why rm -rf / is blocked by on SunOS and FreeBSD
• Additional Coverage: ServerFault
• When told to dd the drive to a file, to use testdisk to try to recover files, the user reports accidentally swapping if= and of=, which likely would just error out if the input file didn’t exist, but it might also mean that this entire thing is just a troll. Further evidence: rm -rf / usually doesn’t work on modern linux, without the –no-preserve-root flag

Feedback:

• NAS or SAN?
• Full SSD ZFS array

Round Up:

• “FreeBSD Mastery: Advanced ZFS” has been released as ebook for $9.99, print version in a few weeks
• Book features a fancy “Wrap Around” cover, the secret art not revealed yet
• How to not get pwned on Windows: Don’t run any virtual machines, open any web pages, Office docs, hyperlinks
• OpenWhisperSystems has integrated its Signal Protocol public key encryption systems into WhatsApp, now fully end-to-end encrypted with identity verification
• FBI bought previously undisclosed zeroday to crack the iPhone 5c
• After Apple claims to have fixed iOS 1970 bug in February, researchers demo a new remote version, bricks your device 20 minutes after connecting to their rouge WiFi, if your battery doesn’t catch fire first…
• 0-day exploits more than double as attackers prevail in security arms race
• Proving apps don’t take data security seriously, new website uses Tinder’s official API to let you spy on other users
• Google’s monthly Android update fixes Linux kernel flaw from 2014 that was being used to root Android devices
• Nest pulls the plug on the Resolv Hub, leaving owners who were promised a lifetime service subscription with a $299 paperweight
• The entire Turkish citizenship database appears to have been hacked and leaked online
• Python, Go, and PHP (before 5.6), failed to check for self-signed, expired, or worse revoked SSL certificates, also older versions may still accept RC4 and weak DH (logjam)
• Cellebrite, the company originally rumoured to have helped the FBI crack the iPhone, set to release a road side ‘textalyzer’, to determine if you were using your cell phone at the time of an accident
• Google’s new “BeyondCorp” security model, all networks are untrusted, users earn trust with good behaviour, devices earn trust with known good state
• All the resources in the world are not use if you don’t know how to use them

The post rm -rf $ALLTHETHINGS/ | TechSNAP 262 first appeared on Jupiter Broadcasting.

Ubuntu publishes their roadmap for the next few releases & we discuss what the future might hold for “Ubuntu Personal”. Plus the major challenges Linux gaming is facing.

Then we’ve got insights from the experts on building robust wifi for your home, enterprise or even large events… Powered by Linux!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

• Windows 10 is unfinished | gbl08ma’s personal website

Catch Up:

T – 242d!

It’s only 242 days until April 1st, 2016, the month where another great Ubuntu Long Term Support (LTS) release will be born. Ubuntu 16.04 will be the most sophisticated release of Ubuntu so far.

In my old/new role as Canonical’s Shepherd for all things related to Ubuntu Client (meaning Ubuntu, Phones, Tablets and everything related), I wanted to take a few moments and share our current plans for the remaining time until Ubuntu 16.04.

Canonical Publishes Impressive Roadmap for All of Their Ubuntu Products

“The chart shows Ubuntu as the center of gravity for everything that revolves around it. We will be seeing a solid 15.10 leading to the Long Term Support release 16.04. I personally expect some improvements around the Dash and general usability improvements for users with high resolution screens in addition to the work that’s done to polish and stabilize Ubuntu to the level an LTS release deserves,” wrote Olli Ries.

The chart itself is very interesting, but above all else, it shows that Ubuntu for regular users is still pretty much the focus of their efforts. The Ubuntu community is afraid that Canonical is putting too much work into the mobile space or containers, but in the end, everything they do seems to come back to the desktop.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Drop Ubuntu Software Centre and Adopt GNOME Software

GlobalVision Powers SELF 2015 Wifi with Linux

GlobalVision setup and ran the WIFI and Internet access for the SouthEast Linux Fest 2014 held in Charlotte, NC. The event had a little over 600 attendees over a 3 day weekend. We worked directly with the hotel hosting the event to run the cable in the event area to prevent hazards or from guests seeing or tripping over them. GlobalVision arranged to get a temporary dedicated Internet line to allow for faster speeds for event guests. Next we brought all of the gear needed for the network and had it set up and running in just a few hours. After the event was over GlobalVision removed everything and restore the area to the original look and feel.

• GlobalVision | Greenville High Speed Internet & Phone Service

GlobalVision offers a full range of services for businesses large or small. Our connectivity solutions include fiber, Metro Ethernet, T-1, and fixed wireless internet, as well as voice options ranging from traditional phone service to the best VoIP phones. With our state-of-the-art data and collocation center, we also provide data storage and recovery, hosting, server space, and application hosting.

Linux Academy

• Linux Academy | Linux and AWS Online Training

Should We Drop the dream of Linux Gaming?

Gaming on Linux struggles to take off. With Windows seeming less and less “evil” is it time to accept having a Windows install around if you want to game, and let Linux focus on its strengths?

• Shadow of Mordor: Performance Tests

The result leaves nothing to speculation:

• Max FPS: 81.40 on Windows vs 50.87 on Ubuntu [ 62% of the Windows Performance ]
• Average FPS: 55.83 on Windows vs 30.16 on Ubuntu [ 54% of the Windows Performance ]
• Lowest FPS: 31.65 on Windows vs 6.84 on Ubuntu [ 22 % of the Windows Performance ]
• Amplitude (Max vs Min FPS) : 49.75 on Windows vs 44.03 on Ubuntu

As you can see the game runs about half as fast as the Windows version on average

• Shadow of Mordor Performance: Windows 10 vs. Ubuntu Linux – Phoronix

• Steam gamers already use Windows 10 more than all Linux distros combined | PCWorld

That’s what the July 2015 Steam hardware and software survey reveals, at least, as first spotted by Windows Central.

Windows dominates among Steam users, with 44.91 percent using Windows 7 64-bit, and 31.65 percent using Windows 8.1 64-bit. According to the numbers, Windows 10 64-bit can already be found on 2.21 percent of Steam users‘ systems, with the **32-bit variant found on another 0.09 percent. **

By contrast, the most-used Mac operating system among Steam gamers is OS X “Yosemite” 10.10.3 at 1.10 percent, though when you take all available versions of Yosemite into account, it’s found on 2.4 percent of all systems. All four tracked Linux OSes combined account for a mere 0.55 percent of use.

TING

• Ting – mobile that makes sense

The big LAS Experiment

• Latest Linux Action Show Taken Down By CondeNast

• OK, I love this show, but Noah’s camera is really distracting………

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

Support Jupiter Broadcasting on Patreon

The post Miles of WiFi | LINUX Unplugged 104 first appeared on Jupiter Broadcasting.

Microsoft is in hot water with authorities in China and it could be worse than your being told. Plus Mozilla has a new CEO & then we cover a series of tech stories from down under that you’ve just got to hear!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

China Investigates Microsoft – WSJ

Two people familiar with the inquiry said Chinese corporate regulatory officials made surprise visits to Microsoft’s offices in four Chinese cities.

According to Reuters and the South China Morning Post, the company is being investigated by the State Administration for Industry and Commerce, which raided Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu on Monday.

China’s State Administration for Industry and Commerce acts as the nation’s corporate registry and has some marketing and antitrust responsibilities. It couldn’t be reached for comment late Monday.

AIC officials sometimes pay visits to industries under official scrutiny that don’t result in formal probes.

Microsoft had been in the Chinese government’s cross hairs before this week. China’s powerful state-run television broadcaster ran a report in June that questioned the security of the company’s new Windows 8 computer operating system.

The broadcast quoted Chinese experts who argued that Microsoft cooperated with the U.S. government to carry out cyberspying.

Other U.S. companies have also been under scrutiny in the country. China’s state broadcaster also raised questions about the security of the iPhone in July, allegations that Apple Inc.

In late May, the Chinese authorities banned government institutions from using Windows 8

• Microsoft targeted in apparent Chinese antitrust probe | Reuters
• Microsoft’s Chinese burn riddle: Antitrust g-men swoop on offices • The Register
• Chinese regulators drop in on Microsoft | ZDNet
• Microsoft Faces Mysterious Inquiry by Chinese Government | Paul Thurrotts WinInfo content from Windows IT Pro

Chris Beard Named CEO of Mozilla

Chris Beard has been appointed CEO of Mozilla Corp. The Mozilla board has reviewed many internal and external candidates — and no one we met was a better fit.

Chris first joined Mozilla in 2004, just before we shipped Firefox 1.0 – and he’s been deeply involved in every aspect of Mozilla ever since. During his many years here, he at various times has had responsibility for almost every part of the business, including product, marketing, innovation, communications, community and user engagement.

Leaked discussion paper reveals Australian online piracy crackdown in full swing

The federal government is proposing that internet service providers (ISPs), such as Telstra, Optus and iiNet, take measures to discourage or reduce online copyright infringement, according to a leaked copy of its discussion paper.

According to the document, first obtained by news website Crikey, the government also wants to give itself the power to prescribe specific measures that would see internet providers discourage online copyright infringement. This is in the cases where the industry does not develop effective schemes or commercial arrangements.

It is also proposing that universities be “captured” by the safe harbour scheme that currently governs internet service providers. This stipulates financial damages can be levied against carriage service providers who breach four categories, including providing connections to copyright material and referring users to an online location where it exists via a link.

In the document, signed by Attorney-General George Brandis and Communications Minister Malcolm Turnbull, the government cited its unratified trade obligations with the US – known as the** “Trans-Pacific Partnership Agreement”** – to pursue its reforms.

It essentially overrules a decision by the High Court in 2012, which found that internet service providers could not be found liable for authorising an act by a subscriber that infringes copyright.

Although the discussion paper hasn’t been released yet, a speedy response from industry and the public is expected, with submissions closing on August 25.

Aussie hackers get Doom working on an ATM- The Inquirer

HACKERS IN AUSTRALIA have succeeded in running classic first person shooter game Doom on a bank cash machine.

The ATM, which runs Windows XP Embedded, can be controlled using the device’s buttons, with the game appearing on the screen in place of the message telling you the size of your overdraft.

At the moment, weapons selection is done through the arrow buttons to the side of the screen, and the group already has plans to get the number keys up and running.

• Playing Doom on an ATM – YouTube

Close Encounters Of The Radio Kind? Mystery Bursts Baffle Astronomers : NPR

Back in 2007, astronomers detected an incredibly brief, incredibly strong radio wave burst in Australia. And now, on the opposite side of the world, astronomers have detected a second blast of similar proportions. Meaning that A) the first one wasn’t a fluke, and B) we have absolutely no idea what’s causing them.

This second ultrafast flash of radio waves was discovered by the Arecibo radio telescope in Puerto Rico, which had been putting out its feelers in hopes of discovering neutron stars. Instead, it got the second instance of so-called fast radio bursts (FRBs), which finally allowed astronomers to rule out cosmic noise and formally report them. Because unlike the radio signals we usually detect, these radio waves “show every sign of having come from far outside our galaxy.”

• Arecibo captures its first ‘fast radio burst’ | Cornell Chronicle
• No One Knows What’s Causing These Mysterious Radio Bursts From Space

Emails:

Stephen writes:

IBM Typerwriter

Yes, I remember that IBM typewriter. That typewriter was so popular that they were often stolen from offices. Some police forces had special teams to investigate thefts.

Sebastian writes:

USB flux capacitor

Hey Chris I saw this on twitter and it just lit a light in my soul, remembering the good old day
Flux Capacitor charger turns any ride into a DeLorean time machine

FauxShow Awards show – How do you watch JB? Send a pic, your IRC Nick, and anything you’d like to add to angela@jupiterbroadcasting.com

The post China Pays Microsoft a Visit | Tech Talk Today 34 first appeared on Jupiter Broadcasting.