Show Notes: linuxactionnews.com/191

The post Linux Action News 191 first appeared on Jupiter Broadcasting.

Show Notes: selfhosted.show/17

The post Where Do I Start? | Self-Hosted 17 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/403

The post Keeping Systems Simple | TechSNAP 403 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Mandiant researcher doxed by hackers

• HACKERS LEAK DATA FROM MANDIANT SECURITY RESEARCHER IN OPERATION #LEAKTHEANALYST

• The leaked data included more screenshots than documents. Images showed that the hackers might have gained access to the researcher’s Microsoft (Hotmail, OneDrive) and LinkedIn accounts. Earlier in the day, when Bleeping Computer was alerted of the leak, the researcher’s LinkedIn account had been defaced.

• No clear proof that anything more than a personal computer / personal accounts were breeched.

• Other news “sources” used headlines such as Hackers kick off #leaktheanalyst campaign by dumping data of $1bn security firm
  .

70,000 Memcached Servers Can Be Hacked Using Eight-Month-Old Flaws

• Original Talos blog post

• Background: January 2017, a series of Mongodb incidents wherein multiple competing groups were attacking the same servers which leads to the conclusion that there is no hope of actually recovering data, if there ever was in the first place.

• This prompted Talos to investigate memcached

Dan talks about upgrading ZFS arrays

• raidz arrays cannot be expanded. You have n devices; it stays N devices

• you can replace devices

• you can replace devices with bigger devices

• once they area all replaced, BANG, you have more space

• what options exist for replacing devices?

• Pull a drive, insert a new one, issue the zfs replace command.

• Insert a new drive, if you have space, issue the zfs replace command.

• But then Dan had a great idea the other night….

Feedback

• Hypervisor and ZFS setup for home

• PXE boot for imaging servers

• Cheap Managed Switch – Original question from Episode 318

Round Up:

• From the Netflix Technology Blog ChAP: Chaos Automation Platform

• Hacking Voting Machines at DEF CON 25

• real people’ don’t need end-to-end encryption

• FreeNAS 11.0 is Now Here

The post Netflix Lab Rats | TechSNAP 330 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

New password guidelines say everything we thought about passwords is wrong

• No more periodic password changes

• No more imposed password complexity

• Mandatory validation of newly created passwords against a list of commonly-used, expected, or compromised passwords.

• We recommend you use a password manager, use a different password on every login

• Rainbow tables used to convert hashes to passwords

Enterprise hard disks are faster and use more power, but are they more reliable?

• The enterprise disks also use more power: 9W idle and 10W operational, compared to 7.2W idle and 9W operational for comparable consumer disks.

• If you have one or two spindles, that’s no big deal, but each Backblaze rack has 20 “storage pods” with 60 disks each. An extra 2.2kW for an idle rack is nothing to sniff at.

• Other HGST models are also continuing to show impressive longevity, with three 4TB models and one 3TB model both boasting a sub-1 percent annualized failure rate.

Don’t trust OAuth: Why the “Google Docs” worm was so convincing

• Access to all your mail

• access to any of your google hangout chats

• access to all your contacts

• makes a good case for encryption/decryption at the client

• OAuth

Feedback

• Intel AMT bug

• bhyve VGA pass-through see also mailing list post

• Amazing, and keep it up!

• Borg Backup see Borg Documentation

  • Borg demonstration

• inexpensive, managed switches

Round Up:

• Why Security Backdoors are Bad (Common Sense Version)

• How to remote hijack computers using Intel’s insecure chips: Just use an empty login string

• Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

• NASA wants YOU (to make its Fortran code run faster)

The post All Drives Die | TechSNAP 318 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

SQUIRRELMAIL REMOTE CODE EXECUTION VULNERABILITY

• improperly santized parameters

• Invoking sendmail binary from with PHP

• Dawid Golunski disclosed the vulnerability

• FreeBSD version is newer than articles states is latest release

Anonymous domain purchases

• Anonymity has long been practiced for activism. Many famous authors have published under a pseudonym.

• Domain name is from Laos, but company is based in St Kitts.

• What are the risks with trusting this group?

Net Neutrality Alive and Well in Canada: CRTC Crafts Full Code With Zero Rating Decision

• Very strong decision and very postive for Canadian consumers.

Feedback

• Advice on a virtualization server

• Short oveview of DNS – phone book analogy

Round Up:

• reverse engineer of the Apple File System

• How Swat.io migrated from MySQL to PostgreSQL in 2 yearsPosted

• And this is why you secure ssh on web facing servers…

• Dan’s switch replacement turned into a rewire

• Used this for WIFI until things worked

• Nearly done

• Cable Comb

• The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage

The post PHP Steals Your Nuts | TechSNAP 316 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Malware found preinstalled on 38 Android phones used by 2 companies

• Malicious apps were surreptitiously added somewhere along the supply chain.

• Check Point didn’t disclose the names of the companies that owned the infected phones. One of the affected parties was a “large telecommunications company” and the other was a “multinational technology company.”

• It’s interesting how this came on out March 10 and the WikiLeaks notice about compromised cellphones came out a few days earlier. Coincidence?

“Vault 7” by WikiLeaks

• A total of 8,761 documents have been published as part of ‘Year Zero’, the first in a series of leaks the whistleblower organization has dubbed ‘Vault 7.’ WikiLeaks said that ‘Year Zero’ revealed details of the CIA’s “global covert hacking program,” including “weaponized exploits” used against company products including “Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”

• Among the more notable disclosures which, if confirmed, “would rock the technology world”, the CIA had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

• NOTE: From what I’ve read, this compromise involves first compromising the phone in question and as such is not an attack on the apps themselves.

• Kreb’s coverage

• Krebs says: “The documents for the most part don’t appear to include the computer code needed to exploit previously unknown flaws in these products, although WikiLeaks says those exploits may show up in a future dump. This collection is probably best thought of as an internal corporate wiki used by multiple CIA researchers who methodically found and documented weaknesses in a variety of popular commercial and consumer electronics.”

• Krebs also says: “Some of the exploits discussed in these leaked CIA documents appear to reference full-on, remote access vulnerabilities. However, a great many of the documents I’ve looked at seem to refer to attack concepts or half-finished exploits that may be limited by very specific requirements — such as physical access to the targeted device.”

• See also Espionage vs. Surveillance

• Best advice: patch your shit, secure physical access, it is not as bad as WikiLeaks is making it out to be.

Feedback

• VLANing vs. subnetting

• [Just getting into freebsd](https://slexy.org/view/s2GHEJe0zR

• Bacula disk autochanger

• Blocking ip from attempting connections to postfix email server

  • https://techarena51.com/index.php/confiigure-fail2ban-block-brute-force-ips-scanning-postfix-logs/

  • WordPress and Fail2ban

Round Up:

• Year 2036/2038 problems

• Vibrator Maker To Pay Millions Over Claims It Secretly Tracked Use

• These are the 24 Senators that introduced a bill to let telecoms sell your private internet history

• EFF Applauds Amazon For Pushing Back on Request for Echo Data

• If Your iPhone is Stolen, These Guys May Try to iPhish You

• internet-connected backup drive was not password protected – contains military data

• Congratulations @freebsdfndation for the @Intel partnership and $250,000 donation!

• The CIA’s “Development Tradecraft DOs and DON’Ts”

• Nintendo Switch ships with unpatched 6-month-old WebKit vulnerabilities

• exploit toolkit for the Nintendo Switch

+Silent Data Corruption Is Real

The post Don’t Panic & P your S | TechSNAP 310 first appeared on Jupiter Broadcasting.

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Links

• Penguin Powered Production | LAS 417
• The High Price of Purism | LAS 405
• 13 Inches of Freedom | LAS 419
• Android TV Showdown! | LAS 428
• OpenMediaVault vs FreeNAS | LAS 436
• Linux Switch Competition | LAS 415

The post Forward Momentum | LAS 449 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Akamai’s quarterly State of the Internet report: The Krebs Attack

• “Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated.”
• Akamai: “The same data we’ve shared here was made available to Krebs for his own reporting and we received permission to name him and his site in this report.”
• “Akamai said the attack on Sept. 20 was launched by just 24,000 systems infected with Mirai, mostly hacked Internet of Things (IoT) devices such as digital video recorders and security cameras.”
• “The first quarter of 2016 marked a high point in the number of attacks peaking at more than 100 Gbps,” Akamai stated in its report. “This trend was matched in Q3 2016, with another 19 mega attacks. It’s interesting that while the overall number of attacks fell by 8% quarter over quarter, the number of large attacks, as well as the size of the biggest attacks, grew significantly.”
• “The magnitude of the attacks seen during the final week were significantly larger than the majority of attacks Akamai sees on a regular basis,” Akamai reports. “In fact, while the attack on September 20 was the largest attack ever mitigated by Akamai, the attack on September 22 would have qualified for the record at any other time, peaking at 555 Gbps.”
• Krebs has also made a .csv of the data available: “An observant reader can probably correlate clumps of attacks to specific stories covered by Krebs. Reporting on the dark side of cybersecurity draws attention from people and organizations who are not afraid of using DDoS attacks to silence their detractors.” In case any trenchant observant readers wish to attempt that, I’ve published a spreadsheet here (in .CSV format) which lists the date, duration, size and type of attack used in DDoS campaigns against KrebsOnSecurity.com over the past four years.”
• Some comments about the “mega” attacks on Kreb’s site:
• “We haven’t seen GRE really play a major role in attacks until now. It’s basically a UDP flood with a layer-7 component targeting GRE infrastructure. While it’s not new, it’s certainly rare.”
• “Overall, Columbia was the top source of attack traffic. This is surprising, because Columbia has not been a major source of attack traffic in the past. While Columbia only accounted for approximately 5% of the traffic in the Mirai-based attacks, it accounted for nearly 15% of all source IPs in the last four attacks. A country that was suspiciously missing from both top 10 lists was the u.s. With regards to Mirai, this may be due to a comparative lack of vulnerable and compromised systems, rather than a conscious decision not to use systems in the u.s.”
• “There are a few distinctive programming characteristics we initially discovered in our lab, and later confirmed when the source code was published, which have helped identify Mirai-based traffic. At the end of the day what Mirai really brings to the table is a reasonably well written and extensible code base. It’s unknown as to what Mirai may bring in the foreseeable future but it is clear that it has paved the way for other malicious actors to create variants that improve on its foundation.”
• The full report can be downloaded here
• Some other data from the report:
• “Last quarter we reported a 276% increase in NTP attacks compared with Q2 of 2015. This quarter, we analyzed NTP trends over two years and have noticed shrinking capabilities for NTP reflection.” — It is good to finally see NTP falling off the attack charts as it gets patched up
• “Web application attack metrics around the European Football Cup Championship Game and the Summer Games, as analyzed in the Web Application Attack Spotlight, show us that while malicious actors take advantage of high-profile events, there’s also a lull that indicates they might like to watch them.” (see page 26)
• Application Layer DDoS attacks (GET/HEAD/POST/PUT etc) account for only 1.66% of DDoS attacks. Most attacks are aimed at the infrastructure layer (IP and TCP/UDP)
• “Repeat DDoS Attacks by Target / After a slight downturn in Q2 2016, the average number of DDoS attacks increased to an average of 30 attacks per target, as shown in Figure 2-13. This statistic reflects that once an organization has been attacked, there is a high probability of additional attacks.”
• SQL Injection (49%) and Local File Inclusion (40%) make up the greatest share of attacks against web applications

Is your server (N)jinxed ?

• A flaw in the way Debian (and Ubuntu) package nginx, can allow your server to be compromised.
• The flaw allows an attacker who has managed to gain control of a web application, like wordpress, to escalate privileges from the www-data user to root.
• “Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root.”
• “The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account as it would allow them to escalate their privileges further to root access and fully compromise the system.”
• The attack flow works as follows:
  • Compromise a web application
  • Run the exploit as the www-data user
  • Compile your privilege escalation shared library /tmp/privesclib.c
  • Install your own low-priv shell (maybe /bin/bash, or an exploit) as /tmp/nginxrootsh
  • Take advantage of the permissions mistake where /var/log/nginx is writable by the www-data user, and replace error.log with a symlink to /etc/ld.so.preload
  • Wait for nginx to be restarted or rehashed by logrotate
  • When nginx is restarted or rehashed, it creates the /etc/ld.so.preload file
  • Add the /tmp/privesclib.so created earlier to /etc/ld.so.preload
  • Run sudo, which will now load /tmp/privesclib.so before other libraries, running the code
  • sudo will not allow the www-data user to do any commands, but before sudo read its config file, it ran privesclib.so, which made /tmp/nginxrootsh setuid root for us
  • Run /tmp/nginxrootsh as any user, and you now have a shell as the root user
  • The now own the server
• Video Proof of Concept
• Fixes:
• Debian: Fixed in Nginx 1.6.2-5+deb8u3
  • Ubuntu 14.04 LTS: 1.4.6-1ubuntu3.6
  • Ubuntu 16.04 LTS: 1.10.0-0ubuntu0.16.04.3
  • Ubuntu 16.10: 1.10.1-0ubuntu1.1
• Make sure your log directory is not writable by the www-data user

Hacking 27% of the web via WordPress Auto-update

• “At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. Recently we discovered a major vulnerability that could have caused a mass compromise of the majority of WordPress sites.”
• “The vulnerability we describe below may have allowed an attacker to use the WordPress auto-update function, which is turned on by default, to deploy malware to up to 27% of the Web at once.”
• “The server api.wordpress.org has an important role in the WordPress ecosystem: it releases automatic updates for WordPress websites. Every WordPress installation makes a request to this server about once an hour to check for plugin, theme, or WordPress core updates. The response from this server contains information about any newer versions that may be available, including if the plugin, theme or core needs to be updated automatically. It also includes a URL to download and install the updated software.”
• “Compromising this server could allow an attacker to supply their own URL to download and install software to WordPress websites, automatically. This provides a way for an attacker to mass-compromise WordPress websites through the auto-update mechanism supplied by api.wordpress.org. This is all possible because WordPress itself provides no signature verification of the software being installed. It will trust any URL and any package that is supplied by api.wordpress.org.”
• “We describe the technical details of a serious security vulnerability that we uncovered earlier this year that could compromise api.wordpress.org. We reported this vulnerability to the WordPress team via HackerOne. They fixed the vulnerability within a few hours of acknowledging the report. They have also awarded Wordfence lead developer Matt Barry a bounty for discovering and reporting it.”
• “api.wordpress.org has a GitHub webhook that allows WordPress core developers to sync their code to the wordpress.org SVN repository. This allows them to use GitHub as their source code repository. Then, when they commit a change to GitHub it will reach out and hit a URL on api.wordpress.org which then triggers a process on api.wordpress.org that brings down the latest code that was just added to GitHub.”
• “The URL that GitHub contacts on api.wordpress.org is called a ‘webhook’ and is written in PHP. The PHP for this webhook is open source and can be found in this repository. We analyzed this code and found a vulnerability that could allow an attacker to execute their own code on api.wordpress.org and gain access to api.wordpress.org. This is called a remote code execution vulnerability or RCE.”
• “If we can bypass the webhook authentication mechanism, there is a POST parameter for the GitHub project URL that is passed unescaped to shell_exec which allows us to execute shell commands on api.wordpress.org. This allows us to compromise the server.”
• There is security built into the system. Github hashes the JSON data with a shared secret, and submits the hash with the data. The receiving side then hashes the JSON with its copy of the shared secret. If the two hashes match, the JSON must have been sent by someone who knows the shared secret (ideally only api.wordpress.com and github)
• There is a small catch
• “GitHub uses SHA1 to generate the hash and supplies the signature in a header: X-Hub-Signature: sha1={hash}. The webhook extracts both the algorithm, in this case ‘sha1’, and the hash to verify the signature. The vulnerability here lies in the fact the code will use the hash function supplied by the client, normally github. That means that, whether it’s GitHub or an attacker hitting the webhook, they get to specify which hashing algorithm is used to verify the message authenticity”
• “The challenge here is to somehow fool the webhook into thinking that we know the shared secret that GitHub knows. That means that we need to send a hash with our message that ‘checks out’. In other words it appears to be a hash of the message we’re sending and the secret value that only api.wordpress.org and GitHub know – the shared secret.”
• “As we pointed out above, the webhook lets us choose our own hashing algorithm. PHP provides a number of non-cryptographically secure hashing functions like crc32, fnv32 and adler32, which generate a 32bit hash vs the expected 160 bit hash generated by SHA1. These hashing functions are checksums which are designed to catch data transmission errors and be highly performant with large inputs. They are not designed to provide security.”
• So instead of having to brute force a 160 bit hash (1.46 with 48 zeros after it) you only have to brute force 32 bits (4 billion possibilities). But it gets even easier
• “Of these weak algorithms, the one that stood out the most was adler32, which is actually two 16 bit hashing functions with their outputs concatenated together. Not only are the total number of hashes limited, but there’s also significant non-uniformity in the hash space. This results in many hashes being the same even though they were supplied with different inputs. The distribution of possible checksum values are similar to rolling dice where 7 is the most likely outcome (the median value), and the probability of rolling any value in that range would work its way out from the median value (6 and 8 would have the next highest probability, and on it goes to 2 and 12).”
• “The proof of concept supplied in the report utilizes the non-uniformity by creating a profile of most common significant bytes in each 16 bit hash generated. Using this, we were able to reduce the amount of requests from 2^32 to approximately 100,000 to 400,000 based on our tests with randomly generated keys.”
• “This is a far more manageable number of guesses that we would need to send to the webhook on api.wordpress.org which could be made over the course of a few hours. Once the webhook allows the request, the attack executes a shell command on api.wordpress.org which gives us access to the underlying operating system and api.wordpress.org is compromised.”
• “From there an attacker could conceivably create their own update for all WordPress websites and distribute a backdoor and other malicious code to more than one quarter of the Web. They would also be able to disable subsequent auto-updates so that the WordPress team would lose the ability to deploy a fix to affected websites.”
• “We confidentially reported this vulnerability on September 2nd to Automattic and they pushed a fix to the code repository on September 7th. Presumably the same fix had been deployed to production before then.”
• “We still consider api.wordpress.org a single point of failure when distributing WordPress core, plugins and theme updates. We have made attempts to start a conversation with members of Automattic’s security team about improving the security posture of the automatic update system, but we have not yet received a response.”

Feedback:

• Network Test

• SLOW FreeNAS FIXED

• Obligatory ZFS question / feature request

• ZFS replication for backup

Round Up:

• cURL Author: People email me asking for support with their Car’s infotainment system
• Another malicious link that can cause any iOS device to freeze & require a hard reset
• Walmart testing using the blockchain to track food recalls
• Attacking the Washington, D.C. Internet Voting System
• Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers
• Mapping Malware Attack Methodology to Controls
• CocaCola moves most of their data to the cloud, but won’t store its secret formula in the cloud.
• Kaspersky OS: Antivirus Firm Launches Its Own “Hackproof” OS, Based On Microkernel
• Oracle acquires DNS provider Dyn
• Exploit Code Released for NTP Vulnerability
• Vulnerability in InPage publishing software used in attacks against banks

The post Turkey.deb | TechSNAP 294 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Modified USB ethernet adapter can steal windows and mac credentials

• “Security researcher Rob Fuller has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested).”
• Thesis: “If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out”
• “The researcher used USB-based Ethernet adapters, for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it’s connected to.”
• “The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device. This means that even if a system is locked out, the device still gets installed”
• “Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list.”
• “When installing the new (rogue) plug-and-play USB Ethernet adapter, the computer will give out the PC credentials needed to install the device. Fuller’s modified device includes software that intercepts these credentials and saves them to an SQLite database. The password is in its hashed state, but this can be cracked using currently available technology. The researcher’s modified device also includes a LED that lights up when the credentials have been recorded.”
• So, just like in a spy movie, you plug in the device, wait until the light comes on, and you have stolen the credentials
• “An attacker would need physical access to a device to plug in the rogue USB Ethernet adapter, but Fuller says the average attack time is 13 seconds.”
• The attack was tested against versions of Windows as far back as Windows 98 SE, and as modern as Windows 10 Enterprise and OS X El Capitan
• The device pretends to be an ethernet adapter, and provides access to a ‘network’, where a DHCP server tells you to install this proxy configuration
• “This means that by plugging in the device it quickly becomes the gateway, DNS server, WPAD server and others”
• It gives you the hashes password for the logged in user, which you can then crack offline, and return later and login with the known password
• Researcher blog

Zstandard, a new compression algorithm from Facebook

• Unlike the new Dropbox algorithm that is designed specifically for jpeg images, this is a general purpose algorithm, designed to replace gzip
• “Today, the reigning data compression standard is Deflate, the core algorithm inside Zip, gzip, and zlib. For two decades, it has provided an impressive balance between speed and space, and, as a result, it is used in almost every modern electronic device (and, not coincidentally, used to transmit every byte of the very blog post you are reading). Over the years, other algorithms have offered either better compression or faster compression, but rarely both. We believe we’ve changed this.”
• There are three standard metrics for comparing compression algorithms and implementations:
  • Compression ratio: The original size (numerator) compared with the compressed size (denominator), measured in unitless data as a size ratio of 1.0 or greater.
• Compression speed: How quickly we can make the data smaller, measured in MB/s of input data consumed.
• Decompression speed: How quickly we can reconstruct the original data from the compressed data, measured in MB/s for the rate at which data is produced from compressed data.
• “The type of data being compressed can affect these metrics, so many algorithms are tuned for specific types of data, such as English text, genetic sequences, or rasterized images. However, Zstandard, like zlib, is meant for general-purpose compression for a variety of data types. To represent the algorithms that Zstandard is expected to work on, in this post we’ll use the Silesia corpus, a data set of files that represent the typical data types used every day.”
• The post compares the best of the modern compression algorithms, lz4 (what ZFS uses), zstd (Facebook’s new thing), libz (gzip, what your browser uses for webpages), and xz (what most unix distros have switched to for compressing tar and log files)
• In the comparison, LZ4 does not compress the data as much, but does so at almost 450 MB/s, while zlib compresses more, but only 23 MB/s. XZ compresses even better, but at only 2.3 MB/s
• zstd gets about the same compression as zlib, but at almost 6 times the speed (136 MB/s)
• Decompression is similar: LZ4: 2165 MB/s, zstd: 536 MB/s, zlib: 281 MB/s, xz: 63 MB/s
• When comparing the command line tools, zstd is about 5x faster at compression, and 3.6x faster at decompression
• As with gzip and xz, zstd also supports different ‘levels’ of compression. Although instead of having a range from 1 to 9, it instead offers a range of 1-22 (which suggests that additional levels might be added in the future)
• It looks like it can get xz levels of of compression if turned up high enough
• “By design, zlib is limited to a 32 KB window, which was a sensible choice in the early ’90s. But, today’s computing environment can access much more memory — even in mobile and embedded environments.

Zstandard has no inherent limit and can address terabytes of memory (although it rarely does). For example, the lower of the 22 levels use 1 MB or less. For compatibility with a broad range of receiving systems, where memory may be limited, it is recommended to limit memory usage to 8 MB. This is a tuning recommendation, though, not a compression format limitation.”

I forgot the password for my consumer grade NAS

• “I got my WD My Book World Edition II NAS out of the closet. The reason it went in the closet is that I locked myself out of SSH access, and in the meantime I forgot most of its passwords.”
• “I miraculously still remember the password to my regular user, but the admin password is nowhere to be found and you need the old one to change it. So I start poking around to see if there is any way to recover it.”
• “One of the most common vulnerabilities on these thingies is allowing anyone to download a “config backup” that includes all the juicy passwords, and indeed, this screen looks promising”
• The download was just base64 encoded random data. Definitely encrypted
• “Mandatory Open Source releases usually have LICENSE files or some other indication of what libraries are being used, so he’s hoping to find some clue on what they used.”
• Apparently WD releases everything, including the php script that generates the config download
• “Looks like it’s a tarball encrypted with something called encodex and a fixed password”
• “So we got the config file. Is it over? Nope. No passwords in it. This system does everything wrong. it’s unsalted MD5. Then it is stored a second time as a plain MD5 anyway”
• I have never seen anyone do that before. I didn’t even know that would work…
• So they reversed the process and uploaded a new configuration file with the hash of a known password (faster than brute forcing). Why is this allowed by a non-admin user anyway?
• “Great. Fun. Is it enough? No! I locked myself out of ssh access too, by adding an unmatchable AllowUsers directive to my sshd_config.”
• “First realization, the whole webgui runs as root. Look at ChangeWebAdmin above, it calls passwd and reads /etc/shadow!”
• So, when you upload a new config, it just decrypts it and runs the untar, as root
• “plus the fact that it’s probably a BusyBox implementation of tar might mean that the oldest trick in the book works: creating an archive with a fully-qualified /etc/sshd_config file in it and hope it gets extracted directly at the absolute path.”
• “No luck. Second try: we see that it’s extracted in /tmp, what if we call it ../etc/sshd_config? No luck with that neither.”
• “But hey… we can extract as much as we want in /tmp and nothing will get deleted between a run and the next! So let’s try with a convenient symlink :). First we plant a root => / symlink, and now that /tmp/root points to / we try calling our file root/etc/sshd_config and hope it gets extracted inside the symlink”
• And, we’re in. The sshd_config has been replaced with one uploaded by a unprivileged user.
• “This is all nice, but I started from a vantage point: I remembered a user login. Can we do something from scratch?”
• “For example, extracting the config… It didn’t look like that PHP file had any access control, is it possible that… Oh God.”
• “If we can crack any user password from the MD5, we can go from zero to root”
• “All actions are actually unauthenticated. If you are not logged in the NAS will answer with a HTTP 302 Redirect… AND THEN PROCEED HANDLING THE REQUEST and sending the output. As if you were logged in. That’s a first for me.”
• “Let me repeat this: if you are not logged in, the only thing the system will do is add a redirect to the login page in the HTTP Headers and carry on, obeying whatever you are telling it to do.”
• Most browsers will respect the header, and redirect you to the login page, and ignore the excess content that was included in the response (like a config backup, or downloading a file, or doing any action what-so-ever
• “So with the admin password reset trick above, we can get a full escalation from unauth to admin+root. Pwn’d. (The hardest thing was emulating the browser request with curl well enough to upload the file.)”
• “So yeah, don’t expose these thingies on the Internet and don’t worry too much if you lose the passwords ;-)”
• And in the end, the mystery was solved: “Turns out all the password fields except the login form have maxlength=16, so when resetting the password I pasted it from the password manager and it got cut without me knowing”

Feedback:

• When to use a L2ARC or SLOG with ZFS

  • “FreeBSD Mastery: ZFS” and “FreeBSD Mastery: Advanced ZFS”

• Managing multiple pfsense boxes

• Open Source Home Networking

Round Up:

• Sophos AV false positive detection ruins the weekend for some Windows users
• Apple does not have courage, it is stiffling innovation and locking down its walled garden
• Over 40 million usernames, passwords from 2012 breach of Last.fm surface
• Are you part of the DDoS problem?
• Google Online Security Blog: Moving towards a more secure web
• Person who allegedly hacked Kernel.org in 2011 arrested, faces up to 40 years in prison and $2 million in fines
• Intel Sells Majority Stake in McAfee Security Unit to TPG – The New York Times
• Swedish router manufacturer will not patch gaping security hole, says it is up to the ISPs that deploy the routers
• HP To Spin-off And Merge Software Biz With Micro; Q3 Profit Up
• Warner brother’s DMCA bots accidently issue takedown requests for legitimate sources of its films including Amazon, Sky Cinema, and its own website
• Google Removes SmeshApp Allegedly Used by Pakistan’ ISI to Spy on Indian military

The post I Can't Believe It's Not Ethernet | TechSNAP 283 first appeared on Jupiter Broadcasting.

Mike shares his recent Linux switch experience & why he thinks it might stick this time. We chew on Verizon buying Yahoo & the grief Marissa Mayer is getting.

Plus we congratulate the winner of last week’s challenge & announce the next one!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Hoopla:

Verizon to acquire Yahoo’s operating business

Dear Yahoos,

Moments ago, we announced an agreement with Verizon to acquire Yahoo’s operating business.

• Sad Yahoo Sale Confirms That Marissa Mayer Failed

Whatever her future role, the Verizon sale is a blunt admission that Mayer’s grand resuscitation plan for Yahoo failed. She tried valiantly to inject some life into the company—with acquisitions, layoffs, splashy hires, and a way-too-late emphasis on mobile, among other strategies—but ultimately, it wasn’t enough.

Bad press from just the last few months:

• Yahoo CEO Marissa Mayer Thoroughly Failed on Promise to Not Screw Up Tumblr – Breitbart
• Marissa Mayer: A Case Study In Poor Leadership – Forbes
• As Marissa Mayer fails, Yahoo goes on the block – Deduced Reckoning
• Faith in Yahoo shaken as CEO Marissa Mayer’s turnaround plan fails – Times of India
• Marissa Mayer Has Become A Symbol Of Silicon Valley’s Disastrous Tokenism – Breitbart
• Failed Yahoo CEO Marissa Mayer Could Get $55M Parachute
• Marissa Mayer Yahoo CEO Under Attack
• Is Yahoo’s Mayer still ‘amazing’ or simply ‘failed’? – MarketWatch

Coding Challenge

Going through #CoderRadio coding contest submissions @ChrisLAS @Xaccary pic.twitter.com/qTgO85SdgM

— Michael Dominick (@dominucco) July 23, 2016

• Kyle’s Python Solution

Episode 215 Katy Perry Coding Challenge

I have a Pery colorful coding challenge for #CoderRadio fans this week @ChrisLAS

— Michael Dominick (@dominucco) July 25, 2016

• Make Mike an app that creates a Youtube playlist of or otherwise allows him to play his favorite Katy Perry music videos: Dark Horse, Roar, This is How We Do, Teenage Dream, Last Friday Night, International + + Smile and Unconditionally.
• The app must take advantage of the browser having his Youtube Red account cached for commercial viewing or he must be able to auth with his Youtube Red account to achieve the same.
• All solutions must be tablet friendly

Rocking the Ratel

The post Real Life on the Ratel | CR 215 first appeared on Jupiter Broadcasting.

Noah & Emma set out to switch as many users to Linux as possible. Our team documents their competition to switch the most people to Linux within two hours in the Pacific Northwest!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Runs Linux:

• Rover controlling software from the ESA, Runs Linux – Starts at 5:09s

• The Time the UI is up on screen

ESA astronaut Tim Peake will take part in an experiment dubbed ‘SUPVIS-M’ (Supervisory Control of Mars Yard Rover) in which he will operate, from the International Space Station (ISS), a UK-built rover – Bridget – located in the Airbus Mars Yard in Stevenage, UK.

• Source: [Runs Linux] Rover controlling software – ESA – Starts at 5:09s : LinuxActionShow

Getting started with Linux:

1. Obtain the Ubuntu Install image from ubuntu.com

2. Write the Ubuntu installation image to a USB flash media device. On PC use Etcher or Rufus & on a mac, use Etcher. Be careful to make sure the flash drive is chosen in this step.

3. Once that is finished, eject the drive and insert the drive into your PC/Mac

4. When booting the PC/Mac press F2 (or your computer’s hotkey to access the boot menu), or if you’re running a newer version of Windows such as 8 or 10 boot into Windows, press start, go to advanced start options, choose UEFI Settings, Disable secureboot. Boot back into Windows repeat the steps to get back into UEFI and choose to boot off of the USB device.

5. Play around with the live demo system and if you enjoy it, follow the on screen instructions to install Ubuntu either as a secondary option to MacOS X or Windows, or as the only option, whichever you prefer.

The post Linux Switch Competition | LAS 415 first appeared on Jupiter Broadcasting.

Our biggest live event yet, from the floor of LinuxFest Northwest 2016. We chat about the future of Linux desktop software, old friends from the past stop by & the switch competition is on!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

— PICKS —

Runs Linux

• Our new broadcast rig(s) Run Linux!

— NEWS —

Ubuntu 16.04 LTS brings big changes to the Linux desktop

The Ubuntu desktop has seen very little change since Ubuntu 14.04 LTS was released two years ago. That’s about to change with today’s launch of Ubuntu 16.04 LTS—code-named “Xenial Xerus”—which brings big changes and welcome polish to the classic Unity 7 desktop.

• Ubuntu GNOME 16.04 LTS Officially Released with GNOME 3.18, Snappy Support

Ubuntu GNOME 16.04 LTS launches today with the GNOME 3.18 desktop environment.

• Xubuntu 16.04 LTS and Lubuntu 16.04 LTS Released, Get Three Years of Support

According to the announcement, release highlights include new community wallpapers, and the replacement of the Ubuntu Software Centre app with the GNOME Software graphical package manager.

• Ubuntu Studio 16.04 LTS Released with a Warning, New Project Leader

A new project leader has been elected, Set Hallström, which took over the project on April 21, 2016, the day of the official release of Ubuntu 16.04 LTS

• Mythbuntu 16.04 LTS Out Now as a Point Release for 14.04 LTS, Gets MythTV 0.28

“Mythbuntu 16.04 has been released. This is a point release on our 14.04 LTS release. If you are already on 14.04, you can get these same updates via the normal update process. This is our third LTS release and will be supported until shortly after the 18.04 release.,” reads the announcement.

• Canonical Releases LXD 2.0 Next-Generation Container Hypervisor for Ubuntu 16.04

“After a year and a half of intense work by the LXD team, LXD 2.0 has been released today! LXD 2.0 is our first production-ready release and also a Long Term Support release, meaning that we will be supporting it with frequent bugfix releases until the 1st of June 2021,” said Stéphane Graber, technical lead for LXD, Canonical.

Is This Really The Ubuntu 16.10 Codename? (Answer: It Is)

“Y is for …Yakkety yakkety yakkety yakkety yakkety yakkety yakkety yakkety yak. Naturally.”

Google Summer of Code 2016 Projects Announced

Noah v. Emma: Switching People to Linux

• Noah vs Emma Card

• Can not already be running Linux.

• Must agree to install Linux, or have Linux installed
• Will take place Sat during Linux Fest NW (Location TBD)
• Two Hours to Complete

Call Box

• Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post LinuxFest Northwest 2016 | LAS 414 first appeared on Jupiter Broadcasting.

We’ll tell you about the real world pirates that hacked a shipping company, the open source libraries from Mars Rover found being used in malware & Microsoft’s solution for that after-hack hangover.

Plus great questions, a packed round up & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pirates hacked Shipping Company to find valuable cargo

• As described in Verizon’s most recent Data Breach Digest, a collection of cyber-security case studies the company’s RISK Team helped investigate and solve sometime in the past year, a reputable global shipping conglomerate started having peculiar problems with sea pirates.
• The shipping company was telling Verizon that pirates were boarding their vessels at regular intervals.
• Equipped with a barcode reader (and weapons, of course), searching specific crates, emptying all the high-value cargo, and making off with the loot within minutes of launching their attacks.
• All of this made the shipping company think there was something strange and hired the RISK Team to track down the source of a possible leak.
• The RISK Team quickly narrowed down the problem to the firm’s outdated custom-built CMS, which featured an insecure upload script.
• As the Verizon team explained, a hacker, either part of the sea pirates group or hired by them, had uploaded a Web shell via this insecure form. In turn, this shell was uploaded inside a Web-accessible directory.
• To make things worse, that particular folder also had “execute” permissions.
• Using this access to the shipping firm’s database, the hacker pulled down BoLs (bills of lading), future shipment schedules, and ship routes so the pirates could plan their attack and identify crates holding valuable content.
• Fortunately, the hacker wasn’t that skilled. Verizon says that the attacker used a Web shell that didn’t support SSL, meaning that all executed commands were recorded in the Web server’s log.
• The RISK Team was able to recreate a historic timeline of all the hacker’s actions and identify exactly what he looked at and where he sent the files.
• Verizon’s RISK Team states:

“These threat actors, while given points for creativity, were clearly not highly skilled,” the RISK Team explains. “For instance, we found numerous mistyped commands and observed that the threat actors constantly struggled to interact with the compromised servers.”

• Additionally, as a sign of their lack of skills, the attacker also didn’t use a proxy or VPN and exposed their home IP address.
• The rest of the Verizon threat digest report
• Direct PDF Download

Open source libraries from Mars Rover found being used in malware

• According to Palo Alto Networks, on December 24, 2015, India’s Ambassador to Afghanistan received a spear-phishing email that contained a new malware variant, which, if downloaded and installed, would have opened a backdoor on the official’s computer.
• India has been a trustworthy business partner for Afghanistan, helping the latter build its new Parliament complex, the Salma Dam, along with smaller transportation, energy, and infrastructure projects.
• Because of this tight collaboration between the two, it is normal that other nations or interest groups may want to know what the two countries are planning together.
• The Ambassador’s email was spoofed and made to look like it was coming from India’s Defense Minister, Manohar Parrikar. Attached to the email was an RTF file.
• Palo Alto researchers say that this file contained malicious code to exploit the CVE-2010-3333 Office XP vulnerability, resulting in the download of a file named “file.exe” from the newsumbrealla[.]net domain.
• This file was automatically launched into execution and was a simple malware payload dropper that was tasked with downloading the real threat, a new trojan that the researchers christened Rover.
• This malware was given the “Rover” name because it relied on the OpenCV and OpenAL open source libraries, both used in the software deployed with the famous Mars Rover exploration robot.
• OpenCV is a library used in computer vision applications and image processing while OpenAL is a cross-platform library for working with multichannel audio data.
• Its capabilities included the ability to take screenshots of the desktop in BMP format and send them to the C&C server every 60 minutes, logging keystrokes and uploading the data to the C&C server every 10 seconds, and scanning for Office files and uploading them to the C&C server every 60 minutes.
• Additionally, there was also a backdoor component that allowed attackers to send commands from the C&C server and tell Rover to take screenshots or start recording video (via webcam) and audio (via microphone) whenever the attacker wanted to.
• “Though ‘Rover’ is an unsophisticated malware lacking modern malware features, it seems to be successful in bypassing traditional security systems and fulfilling the objectives of the threat actor behind the campaign in exfiltrating information from the targeted victim,” Palo Alto researchers explain.
• Rover is largely undetected by today’s antivirus engines, and despite not coming with that many features, it is successful at keeping a low profile, exactly what cyber-espionage groups need from their malware to begin with.
• New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan – Palo Alto Networks Blog

Microsoft brings post-breach detection features to Windows

• Microsoft announced its new post-breach enterprise security service called Windows Defender Advanced Threat Protection, which will respond to these advanced attacks on companies’ networks.
• The company found that it currently takes an enterprise more than 200 days to detect a security breach, and 80 days to contain it. When there is such a breach, the attackers can steal company data, find private information, and damage the brand and customer trust in the company.
• For example, a social engineering attack might encourage a victim to run a program that was attached to an e-mail or execute a suspicious-looking PowerShell command. The Advanced Persistent Threat (APT) software that’s typically used in such attacks may scan ports, connect to network shares to look for data to steal, or connect to remote systems to seek new instructions and exfiltrate data. Windows Defender Advanced Threat Protection can monitor this behavior and see how it deviates from normal, expected system behavior. The baseline is the aggregate behavior collected anonymously from more than 1 billion Windows systems. If systems on your network start doing something that the “average Windows machine” doesn’t, WDATP will alert you.
• The whole thing is cloud-based with no need for any on-premises server. A client on each endpoint is needed, which would presumably be an extended version of the Windows Defender client.
• Windows Defender Advanced Threat Protection is under development, though it is currently available to some early-adopter customers.
• This service will help enterprises to detect, investigate and respond to advanced attacks on their networks.
• Microsoft said that it is building on the existing security defenses Windows 10 offers today, and the new service will provide a post-breach layer of protection to the Windows 10 security stack.
• With the client technology built into Windows 10 along with the cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.
• To avoid Windows 7 becoming “the new Windows XP,” the company is being rather more aggressive in applying pressure on users to upgrade to Windows 10 sooner rather than later.
• WDATP is going to be part of that same push to Windows 10, and it won’t be available for older operating systems.
• Windows Defender Advanced Threat Protection uses cloud power to figure out you’ve been pwned | Ars Technica

Feedback:

• The main difference between a router and a switch.

• Penetration Testing

• Expanding 4 drive zed pool

• Allan’s Internet

Round Up:

• SSD reliability in the real world: Google’s experience
• Google suggests new “tall” hard drive form factor
• Comcast’s “Home Security System” product defeated by simple tape recorder and battery
• The story of some aweful IoT lightbulbs
• Samsung ships the world’s highest capacity SSD, with 15TB of storage
• ITU gives first-stage approval to 40Gbps FTTH standard
• Thieves Nab IRS PINs to Hijack Tax Refunds
• Cyber Criminals face same talent shortages that security firms do
• IBM researcher finds PDF library used by Microsoft Edge has serious exploits
• Abusing a wifi chip to micro-broadcast color TV signals

The post Fixing the Barn Door | TechSNAP 257 first appeared on Jupiter Broadcasting.

How Groupon made the switch to FreeBSD & why. Researches extract keys from a hardware module & Intel’s new CPU backed malware protection.

Plus your questions, a great roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Researchers manage to exfiltrate keys from an HSM

• “The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.”
• An HSM (hardware security module) is a dedicated device that is meant to safely store private encryption keys. They usually also provide crypto processing
• Rather than allowing a user to have access to a secret key, the user instead passes the file, message, certificate or whatever to the HSM, and it then signs or encrypts the payload and returns it to the user
• The idea is that the user never has access to the keys this way
• This is how all Certificate Authorities work
• “HSMs may possess controls that provide tamper evidence such as logging and alerting and tamper resistance such as deleting keys upon tamper detection.”
• Researchers found a flaw in the SafeNet HSMs
• “PKCS#11 is a very complex standard with dozens of APIs and wide-range of cryptographic operations, called “mechanisms” for everything from encryption to random number generation. Safenet vulnerability involves the key derivation mechanisms. These are used to create a cryptographic key as a function of another key”
• “For example BIP-32 for Bitcoin proposes the notion of hierarchical-deterministic wallets where a family of Bitcoin addresses are derived from a single “seed” secret. Designed properly, key-derivation provides such an amplification effect while protecting the primary secret. Even if a derived key is compromised, the damage is limited. One can not work their way back to the seed. But when designed improperly, the derived key has a simple relationship to the original secret and leaks information about it.”
• “Related-key cryptanalysis is the specific branch specializing in these attacks. It turns out that for Safenet HSMs, we do not need to dig very deep into cryptanalytic results. There are at least two mechanisms that are easy to exploit and work generically against a wide-class of algorithms: extract-key-from-key and XOR-base-and-data.”
• “Extract-key-from-key is defined in section 6.27.7 of PKCS#11 standard version 2.30. It may as well have been renamed “extract-substring” as the analog of standard operation on strings. This derivation scheme creates a new key by taking a contiguous sequence of bits at desired offset and length from an existing key.”
• So, with access to the HSM, you can define a new key, as a sub-string of the secret key. In the case of the example here, they used the first 2 bytes of the AES256 key as a new key
• They then used that key in a SHA256-HMAC to encrypt a chosen plaintext
• They were then able to take that plaintext, and brute force the key offline (knowing that it was only 2 bytes)
• Repeat this 16 times, for all 32 bytes, and you have now recovered the entire AES256 key
• “Surprisingly this works not only against symmetric keys such as AES or generic HMAC secrets but also against elliptic-curve private keys (RSA, plain DSA and Diffie-Hellman were not affected.) This is an implementation quirk: these mechanisms are typically intended for symmetric-keys only. For elliptic-curve keys, the byte array being truncated is the secret scalar part of the key. For example the “secret” component for a Bitcoin ECDSA key is a discrete logarithm in secp256k1. Internally that discrete logarithms is just stored as 32-byte scalar value, and extract-key-from-key can be used to successively reveal chunks of that scalar value.”
• “XOR-base-and-data suffers from a very similar problem. This operation derives a new key by XORing user-chosen data with original secret key. While there are cryptographic attacks exploiting that against specific algorithms such as 3DES, a design choice made by Safenet leads to simpler key recovery attack that works identically against any algorithm: when the size of data is less than size of the key, result is truncated to data size. XORing 256-bit AES key with one-byte data results in one-byte output. That provides another avenue for recovering a key incrementally: we derive new HMAC key by XORing with successively longer sequences of zero bytes, with only the last segment of new key left to brute-force at each step.”
• “Regardless of the authentication mode, the client must have a logged in session with HSM to use existing keys. It is enough then for an attacker to compromise the client machine in order to extract keys. That may sound like a high barrier or even tautological- “if your machine is compromised, then your keys are also compromised.” But protecting against that outcome is precisely the reason for using cryptographic hardware in the first place. We offload key management to special-purpose, tamper-resistant HSMs because we do not trust our off-the-shelf PC to sufficiently resist attacks. The assumption is that even if the plain PC were compromised, attackers only have a limited window for using HSM keys and only as long as they retain persistence on the box, where they risk detection. They can not exfiltrate keys to continue using them after their access has been cut off. That property both limits damage and gives defenders time to detect/respond. A key extraction vulnerability such as this breaks that model. With a vulnerable HSM, temporary control over client (or HSM credentials, for that matter) allows permanent access to key outside the HSM.”
• “The vulnerability applies to all symmetric keys, along with elliptic curve private-keys. There is one additional criteria required for exploitation: the key we are trying to extract must permit key-derivation operations. PKCS#11 defines a set of boolean attributes associated with stored objects that describe usage restrictions. In particular CKA_DERIVE determines whether a key can be used for derivation. A meta-attribute CKA_MODIFIABLE determines whether other attributes (but not all of them) can be modified. Accordingly an object that has CKA_DERIVE true or CKA_MODIFIABLE true— which allows arbitrarily changing the former attribute— is vulnerable.”
• “Latest firmware update from Safenet addresses the vulnerability by removing weak key-derivation schemes. This is the more cautious approach. It is preferable to incremental tweaks such as attempting to set a minimum key-length, which would not be effective.”
• Very interesting research, there is much more detail in the blog post

Operations at Group On, dealing with bit rot

• In this free sample article from the latest edition of the “FreeBSD Journal”, Sean Chittenden of GroupOn tells the story of how the company dealt with switching from Linux to FreeBSD to have ZFS protect their important databases backed by SSDs
• It turns out, if your organization is already supporting more than one flavour of Linux, supporting FreeBSD is not any more work
• FreeBSD brought a lot of new things to the table, not just ZFS, but DTrace, easy custom kernels, fast custom package sets with poudriere, but also, never having to fsck again.
• “now it’s one of the bigger items that no one missed or even talks about anymore. Imagine running a fsck(1) on a near line backup server with 288TB of storage.”
• “One of the challenges of organizational change: personal anxiety from either learning something new, or trusting something new in production”
• GroupOn used a number of 30 minute video call sessions to ease their database team into FreeBSD, with short demonstrations and open Q&A sessions
• They filled in the missing bits by hiring external trainers to come in and give a one week crash course on FreeBSD to the entire operations team
• In the end, the article is a good guide to adopting any technical change at a moderately sized organization, and talks about both the technical and personal challenges of such a change
• Video from BayLISA on same topic

CheckPoint unveils new CPU-level malware protection called SandBlast

• “The new software monitors CPU activity looking for anomalies that indicate that attackers are using sophisticated methods that would go unnoticed with traditional sandboxing technology”
• “Traditional sandboxes, including Check Point’s, determine whether files are legitimate by opening them in a virtual environment to see what they do. To get past the sandboxes attackers have devised evasion techniques, such as delaying execution until the sandbox has given up or lying dormant until the machine it’s trying to infect reboots”
• “SandBlast thwarts the evasion technique called Return Oriented Programming (ROP), which enables running malicious executable code on top of data files despite protection offered by Data Execution Prevention (DEP), a widespread operating system feature whose function is to block executable code from being added to data files.”
• “ROP does this by grabbing legitimate pieces of code called gadgets and running them to force the file to create new memory page where malicious shell code can be uploaded to gain execution privileges. This process has the CPU responding to calls that return to addresses different from where they started.”
• “SandBlast has a CPU-level detection engine that picks up on this anomaly and blocks the activity. The engine is available either on an appliance in customers’ data centers or as a cloud service running out of Check Point’s cloud. The engine relies on features of Intel’s Haswell CPU architecture”
• It is interesting to see this new processor feature being used to detect attacks, but I wonder if it can also be used the other way around, to monitor a system for regular activity
• “Check Point is also introducing a feature called Threat Extraction which makes it safe to open documents quickly before they can be run through the sandbox. It converts Word documents do PDF files, which neutralizes malware they may contain. It can convert PDF files to PDF files as well to reach the same end.”
• A way to ‘cleanse’ common over-featured file formats of unwanted features like macros, embedded javascript, etc seems like a very useful way to combat malicious files

Feedback

• letsencrypt.org Launches Q4 2015

• GPG sign email without passphrase

Round Up:

• Inspired by TV Show, engineers from Dropbox develop BSD licensed losslessh264 codec that can compress video and jpeg images losslessly. “22% reduction in file size for JPEG images without any notable loss in image quality”
• China Forces Developers Of Great Wall Circumvention Tools To Delete Their Software
• Municipal ISP created 5 years ago, now offers 10gbps connections in Salisbury, North Carolina for only $400/month, and 50/50 for just $45/month
• Save WiFi/Individual Comments
• Clean Application Compartmentalization with SOAAP [PDF]
• Wikipedia discovers scammers are charging to ‘protect’ profiles
• Goofy phishing attack forgets what it was actually advertising
• Inside Malvertising digs into the issue and looks at why it is so hard to fix
• OpenSSL Security – A year in review
• Want some database passwords? Easy

The post Hardware Insecurity Module | TechSNAP 232 first appeared on Jupiter Broadcasting.

We finally share our getting started with Linux stories. And it turns out, it was nearly a freak happenstance for both of us & some great stories from our community.

Plus the Safe Wifi campaign you need to know about, we discuss the new elementaryOS, an update on the Munich situation & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

We share how we got started with Linux

— PICKS —

Runs Linux

KIller Robot Runs Linux

Desktop App Pick

Bash Scanner – A fast way to scan your server for outdated software and potential exploits.

After an initial scan, you will be asked to create an account on the PatrolServer dashboard (which is totally optional, you are free to use the tool without an account). The benefit of creating a sustainable account is detailed reporting, together with documentation on how to secure your server.

• Submitted by SameerJubeh

Weekly Spotlight

Road Trip Playlist

Watch the adventures, productions, road trips, trails, mistakes, and fun of the Jupiter Broadcasting mobile studio.

• JB Road Trip Wishlist

• New name for the LAS mobile show…

• New Machine Tip

— NEWS —

Save WiFi/Individual Comments

Right now, the FCC is considering a proposal to require manufacturers to lock down computing devices (routers, PCs, phones) to prevent modification if they have a “modular wireless radio”[1][2]
or a device with an “electronic label”[3]. The rules would likely:

• Restrict installation of alternative operating systems on your PC, like GNU/Linux, OpenBSD, FreeBSD, etc.
• Prevent research into advanced wireless technologies, like mesh networking and bufferbloat fixes
• Ban installation of custom firmware on your Android phone
• Discourage the development of alternative free and open source WiFi firmware, like OpenWrt
• Infringe upon the ability of amateur radio operators to create high powered mesh networks to assist emergency personnel in a disaster.

• Prevent resellers from installing firmware on routers, such as for retail WiFi hotspots or VPNs, without agreeing to any condition a manufacturer so chooses.

• Save WiFi: Act Now To Save WiFi From The FCC | Hackaday

The folks at ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and other have put together the SaveWiFi campaign.

• Federal Register | Equipment Authorization and Electronic Labeling for Wireless Devices

Online comments end 09/08/2015.

Freya 0.3.1 is Here!

At the heart of this upgrade is the latest Hardware Enablement stack from Ubuntu 14.04.3. It includes version 3.19 of the Linux kernel and an updated Mesa that fixes the dreaded “double cursor” glitch. Workspaces in the Multitasking view also now work properly on Nvidia Optimus. The new hardware stack also brings better support for backlights and touchpads on certain laptops, a host of performance and power-related improvements, and support for 5th generation Intel processors. This release should also improve support for (U)EFI systems, especially when installing without an internet connection.

Munich Linux councillor: ‘We didn’t propose a switch back to Windows’

“There are several points of criticism concerning the notebooks of the councillors with very different reasons (not Linux in general). There are 80 councillors in the city. Their work and needs can’t be compared with the whole administration.”

Pfeiler denied that there was any kind of consensus towards a complete reverse migration, but rather suggests a retroactive fitting of Windows for certain specific purposes, adding that there was nothing to suggest that the Limux system was working anything other than well.

Feedback:

Mycroft Adds Linux Desktop Voice Controlled AI as Stretch Goal

• #VoiceOfMycroft

• New Machine Tip

• https://slexy.org/view/s2DJHp2hXG

Interoperable and Open
Optimized for the web
Scalable to any modern device at any bandwidth
Designed with a low computational footprint and optimized for hardware
Capable of consistent, highest quality, real-time video delivery; and
Flexible for both commercial and non-commercial content.

• https://slexy.org/view/s28zaxg5vu

• Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Friday:

• https://jblive.tv
• Network Calendar

The post How We Got Started With Linux | LAS 381 first appeared on Jupiter Broadcasting.

Google’s datacenter secrets are finally being revealed & we’ll share the best bits. Why The US Government is in no position to teach anyone about Cyber Security, how you can still get hacked offline, A batch of great questions, a huge round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

After years of wondering, we can finally find out about Google’s Data Center Secrets

• “Google has long been a pioneer in distributed computing and data processing, from Google File System to MapReduce to Bigtable and to Borg. From the beginning, we’ve known that great computing infrastructure like this requires great datacenter networking technology.”
• “For the past decade, we have been building our own network hardware and software to connect all of the servers in our datacenters together, powering our distributed computing and storage systems. Now, we have opened up this powerful and transformative infrastructure for use by external developers through Google Cloud Platform.”
• ““We could not buy, for any price, a data-center network that would meet the requirements of our distributed systems,” Vahdat said. Managing 1,000 individual network boxes made Google’s operations more complex, and replacing a whole data center’s network was too disruptive. So the company started building its own networks using generic hardware, centrally controlled by software. It used a so-called Clos topology, a mesh architecture with multiple paths between devices, and equipment built with merchant silicon, the kinds of chips that generic white-box vendors use. The software stack that controls it is Google’s own but works through the open-source OpenFlow protocol.“
• “At the 2015 Open Network Summit, we are revealing for the first time the details of five generations of our in-house network technology.”
• “Our current generation — Jupiter fabrics — can deliver more than 1 Petabit/sec of total bisection bandwidth. To put this in perspective, such capacity would be enough for 100,000 servers to exchange information at 10Gb/s each, enough to read the entire scanned contents of the Library of Congress in less than 1/10th of a second.”
• “We use a centralized software control stack to manage thousands of switches within the data center, making them effectively act as one large fabric, arranged in a Clos topology”
• “We build our own software and hardware using silicon from vendors, relying less on standard Internet protocols and more on custom protocols tailored to the data center”
• “Putting all of this together, our datacenter networks deliver unprecedented speed at the scale of entire buildings. They are built for modularity, constantly upgraded to meet the insatiable bandwidth demands of the latest generation of our servers. They are managed for availability, meeting the uptime requirements of some of the most demanding Internet services and customers. Most importantly, our datacenter networks are shared infrastructure. This means that the same networks that power all of Google’s internal infrastructure and services also power Google Cloud Platform. We are most excited about opening this capability up to developers across the world so that the next great Internet service or platform can leverage world-class network infrastructure without having to invent it.”
• ““The amount of bandwidth that we have to deliver to our servers is outpacing even Moore’s Law,” Vahdat said. Over the past six years, it’s grown by a factor of 50. In addition to keeping up with computing power, the networks will need ever higher performance to take advantage of fast storage technologies using flash and non-volatile memory, he said.”
• “For full details you’ll have to wait for a paper we’ll publish at SIGCOMM 2015 in August”
• Official Google Cloud Platform Blog Post

The US Government is in no position to teach anyone about Cyber Security

• “Why should anyone trust what the US government says on cybersecurity when they can’t secure the systems they have full control over?”
• “IRS employees can use ‘password’ as a password? No wonder they get hacked”
• As I have long said, you have to assume the worst until you can prove otherwise: “The effects of the massive hack of the Office of Personnel Management (OPM) continue to ripple through Washington DC, as it seems every day we get more information about how the theft of millions of government workers’ most private information is somehow worse than it seemed the day before. (New rule: if you read about a hack of a government or corporate database that sounds pretty bad, you can guarantee it be followed shortly thereafter by another story detailing how the same hack was actually much, much “worse than previously admitted.”)”
• “It’d be one thing if this incompetence was exclusively an OPM problem, but despite the government trying to scare private citizens with warnings of a “cyber-Armageddon” or “cyber-Pearl Harbor” for years, they failed to take even the most basic steps to prevent massive data loss on their own systems. As OTI’s Robyn Greene writes, 80-90% of cyber-attacks could be prevented or mitigated with basic steps like “encrypting data, updating software and setting strong passwords.””
• Of course, using Multi-Factor Authentication would help a lot too
• “The agency that has been singled out for some of the worst criticism in recent years is the Department of Homeland Security, the agency that is supposedly in charge of securing all other government systems. The New York Times reported this weekend that the IRS’s systems still allow users to set their passwords to “password,” along with other hilariously terrible mistakes. “
• “Instead of addressing their own problems and writing a bill that would force the government to upgrade all its legacy systems, implement stronger encryption across federal agencies and implement basic cybersecurity best practices immediately, members of both parties have been pushing dangerous “info-sharing” legislation that will end with much more of citizens’ private data in the hands of the government. And the FBI wants tech companies to install “backdoors” that would give the government access to all encrypted communications – thereby leaving everyone more vulnerable to hackers, not less. Two “solutions” that won’t fix any of the glaring problems staring them in the face, and which may make things a lot worse for ordinary people.”
• There are plenty of examples of large networks that are fairly well secured, so it isn’t impossible to secure a large network. However, the number of insecure government and corporate networks suggests that more needs to be done.
• The solution isn’t something sold by a vendor, it is the same stuff security experts have been preaching for decades:
  • Need to know — Only those who actually need data should have access to it. Lets not just store everything in a giant shared network drive with everyone having read/write access to it
  • Patching — Software has flaws. These flaws get fixed and then become public (sometimes the other way around, the dreaded Zero-Day flaw). If you do not patch your software quickly, you increase the chance of the flaw being used against you
  • Strong Authentication — Password complexity requirements can be annoying, because they are often too vague. Requiring a number, a lower case letter, an upper case letter, and a symbol isn’t necessarily as secure as a passphrase which is longer. Worse, many systems do not securely store the passwords, making them less secure
  • Multi-Factor Authentication — Requiring more than one factor, to ensure that if an attacker does shoulder surf, key log, phish, or otherwise gain access to someones password, that they cannot access the secure data
  • Encryption — This one is hard, as many solutions turn out to not be good enough. “The harddrive on my laptop is encrypted”, this is fine, except if the attacker gets access while your machine is powered on and logged in. Sensitive data should be offlined when it is not in use, rather than being readily accessible in its decrypted form
  • Logging — Knowing who accessed what, and when is useful after-the-fact. Having an intelligence system that looks for anomalies in this data can help you detect a breach sooner, and maybe stop it before the baddies make off with your data
  • Auditing — A security appliance like the FUDO to only allow access to secure systems when such access is recorded. This way the actions of all contractors and administrators are recorded on video, and there is no way to access the protected systems except through the FUDO.
• As we discussed before in TechSNAP 214, there are other techniques that can be used to help safeguard systems, including whitelisting software, and only allowing approved applications on sensitive systems. The key is deciding which protections to use where, while generating the least amount of ‘user resistance’

Google Project Zero researcher discloses 15 new vulnerabilities

• Researcher Mateusz Jurczyk has disclosed 15 new remote code execution vulnerabilities
• The most interesting of these including a flaw in Adobe Reader and Windows that appears to get past all known exploit defenses.
• “The extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far.”
• “Any of the 15 vulnerabilities Jurczyk pulled from this old but seemingly unexplored area could trigger remote code execution or privilege escalation in Adobe Reader or the Windows kernel.”
• Researcher Blog
• Video of Exploit
• PDF of Slides
• Project Zero has also published some other interesting vulnerabilities recently
• Owning Internet Printing — A Case Study in Modern Software Exploitation
• Microsoft’s MemoryProtector feature actually counters Microsoft’s new extended ASLR protections
• “It is possible to use a timing attack on MemoryProtector to reveal the offset used by High-Entropy Bottom-Up Randomization, thus completely bypassing it.”
• Analysis and Exploitation of an ESET Vulnerability — Do we understand the risk vs. benefit trade-offs of security software?
  
• In-Console-Able — Developing a sandbox escape chain for Chrome

Feedback:

• Somewhat nervous: how to mitigate Samsung SSD firmware + Linux major corruption risk?

• To delta sync or not to delta sync

• Changing domain registrars and want to maximize email up-time

• Keys

Round Up:

• Samsung deliberately disabling Windows Update
• Adobe issues out-of-band patch for Flash Player after zero-day exploit is discovered being used in the wild
• Google reveals that it was forced to hand over journalist’s data during wikileaks grand jury investigation
• As many as 1 in 3 servers in data centers are powered on but not doing anything
• Chinese may have had access to US Security Clearance data for over a year
• Bruce Schneier: China and Russia Almost Definitely Have the Snowden Docs
• Default Authorized SSH key found in many Cisco security appliances
• Richard Bejtlich: If you can’t keep hackers out, find and remove them faster
• Snowden leak shows NSA and GCHQ attacked security software vendors
• Stealing your GPG private key using a cell phone and an AM radio
• Secunia will block access to vulnerabilities less than 9 months old for non-members after they “frequently encounter organizations engaged in wrongful use of Secunia Advisories”
• Great tool for building regular expressions, better than most in that it supports lookbehind, which most basic javascript implementations do not
• Many Android apps do HTTPS wrong, or not at all
• US Navy Warfare Systems command paid $9.1 million to get security updates for 100,000 Windows XP and 2003 computers. Contract could be worth up to $30 million and extend to 2017
• Sony has killed off the Aibo robots, making replacement parts hard to come by. This raises questions about the next generation of robots. Softbank is soon to release a “Child” robot called Pepper. What will people do when spare parts for their child can only be gotten by cannibalizing other children?
• Google, Mozilla, Webkit, and Microsoft team up to launch ‘Webassembly’ a new binary format for web applications
• HP’s Adventures with the Zero-Day Initiative and bug bounties
• 5 intrusion vectors that cannot be spotted by going offline
• Cryptography jokes

The post Homeland Insecurity | TechSNAP 220 first appeared on Jupiter Broadcasting.

Sam from the Moka project stops by to chat about the business of making Linux look better. Then we get into the role open source plays in self driving cars.

Plus we bust some of the FUD around Munich’s much reported plan to abandon Linux and switch back to Windows.

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

• BTRFS Wiki
• XFS: A high-performance journaling filesystem
• OpenZFS

FU:

• Apples and elementaries

• Tell Noah that he can put those Chromeboxes into production

• Flash drive distros

• Digital Ocean Server in 36 seconds!

• Announcing NYC3 With IPv6 Support | DigitalOcean

Moka Project

Joined by “snwh” aka Sam Hewitt

Moka started as a single Linux desktop icon theme, but over time it has gradually evolved into an entire project & brand identity that provides quality designs to people.

Moka is about personalization and its goal is to provide an assortment of style options to allow you to customize your experience. Moka’s suite of themes is a “style layer” for your favourite OS – you can use your favourites and layer Moka right on top.

Robocars | Erich Eickmeyer

Munich Disappointed with Linux, Plans to Switch Back to Windows [Updated]

German media is reporting that city officials were looking into productivity figures of local departments and acknowledged that many employees actually experienced issues with Linux. That wasn’t the case before 2004, when Windows was powering all PCs, a local source said.

• Linux in Munich: City Council defends LiMux against mayor | The H Open Source

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

• Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

Post-Show

• Is rolling really the future? (possible LU topic) : LinuxActionShow

• sam_vde comments on Is rolling really the future? (possible LU topic)

The post Microsoft's Munich Man | LINUX Unplugged 54 first appeared on Jupiter Broadcasting.

Chase makes the decision to switch to Linux and Chris helps him get started. Learn how to install Linux from a thumb drive using Windows.

Plus we answer some basic fundamental differences between Windows and Linux.

Thanks to:

Direct Download:

HD Video | Video | HD Torrent | MP3 Audio | OGG Audio | YouTube

RSS Feeds:

HD Video Feed | HD Torrent Feed | MP3 Feed | OGG Feed

Become a HowTo Linux supporter on Patreon:

Show Notes:

Links:

Rufus – Create bootable USB drives the easy way

Rufus is an utility that helps format and create bootable USB flash drives, such as USB keys/pendrives, memory sticks, etc.

• It can be especially useful for cases where:

• you need to create USB installation media from bootable ISOs (Windows, Linux, UEFI, etc.)

• you need to work on a system that doesn\’t have an OS installed
• you need to flash a BIOS or other firmware from DOS
• you want to run a low-level utility

Support HowTo Linux on Patreon

The post Switching to Linux | HowTo Linux 1 first appeared on Jupiter Broadcasting.

XP support ends today and we’ll celebrate the occasion by debating what prevents technical users switching to Linux, address some common myths, and set a course for our new howto show.

Plus why Chase and Matt are wrong about DS9, blaming choice, your feedback, and more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Show Notes:

FU

• Thoughts on Leo\’s Anti-Linux Spill

• Linux is easier for new users to use

How Hard Is It to Switch to Linux?

I was tired of things breaking from nowhere, or being frustrated with certain second-rate apps, and even though I learned a lot—and I LOVED the command line and package management—it just was too much trouble for me day-to-day. I never thought I\’d see Windows as an OS that \”just works,\” but compared to Linux, it really fit that bill in my experience.

What does a beginner need to know before switching to Ubuntu? – Ask Ubuntu

What are the first things I have to do when I completed the installation?

The post Windows eXPired | LINUX Unplugged 35 first appeared on Jupiter Broadcasting.