[OT] Job Posting

From: Benjamin Stewart 
------------------------------------------------------
Astec Industries, the company I work for, is searching for candidates for
an IT Help Desk position here in Chattanooga. It's mostly a Windows shop,
but we do use Linux occasionally where we can. Our IT department is a small
team, so there's lots of room to learn new skills, and every day is
different!

Send resumes to helpdeskapplicants@astecindustries.com

HR speak follows:

Don't believe the hype: Sony hack not 'unprecedented, ' experts say

From: Rod-Lists 
------------------------------------------------------
Posted for the security guys on the list
http://mashable.com/2014/12/08/sony-hack-unprecedented-undetectable/

Great quote some of you may have seen on Twitter

From: Christopher Rimondi 
------------------------------------------------------
"Best kind of engineers to work with: 40yo parents who actually know how
computers work. worst kind: 22yo kids who love javascript frameworks"

-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

Photo Doctor

From: Mike Harrison 
------------------------------------------------------

> On Dec 8, 2014, at 11:52 AM, stephen@averagesecurityguy.info wrote:
> 
> I have an old picture that is approximately 12x24 that needs to be scanned, retouched, and framed. The picture has been rolled up for years so it is hard to get it to lay flat and it has a number of creases in it. Any recommendations for someone local that does this kind of work? Feel free to reply off list.


Tracy at the Photo Doctor on Bailey Avenue. 

This is what he does, he does a lot of it. 

He’s done some very nice work for Nancy and myself. He’s good at it. He’s not cheap. 

But two blow-ups that I have that he did from small old photo’s look like museum grade mural. 

he’s also done work for my Dad (genealogy) and other friends.

"Tracy Knauss can be reached at the Photo Doctor at 629-5378.”

http://www.chattanoogan.com/2008/2/25/122616/Tracy-Knauss-Hang-Glider-Magician.aspx








fwd: [PhreakNIC] GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

From: Jon Nyx 
------------------------------------------------------
FYI; we're cleaning this up for the website & the ap later today. Hope
to see some of y'all at PhreakNIC 18 this weekend. Thus endeth the
PN18 ads.

~~jonnyX

PS - I wish I'd known about Hamfest Chattanooga; we'd love to have
that sort of content not just at PhreakNIC, but in the Nashville area
in general.

-----Forwarded Message-----
> From: Jon Nyx 
> Sent: Oct 28, 2014 12:26 PM
> To: phreaknic@googlegroups.com
> Subject: [PhreakNIC] Re: GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

> On Tuesday, October 28, 2014 12:18:05 PM UTC-5, Zachariah Gibbens wrote:
>
>> Has anyone planned a GPG keysigning party for PhreakNIC 18?

Yes indeed: https://phreaknic.info/content/cryptoparty

Here's the preliminary schedule we got from Alan Fey, the Freeside Atlanta
director, last night:

I marked with the times I *MAY/CAN** be there as *[Alan]* so at other
times, you should have some volunteers help keep things going.  *I'll make
every effort to pop-in when there's not a talk I want to see so I can make
sure volunteers have everyone setup and running well.  :)

Hey, let's drop Smashthestack Q&A in that case, because it's too similar to
NetKOH...no sense in replicating.

How does this look?

*[FRI]*

??? - 2pm: *[Alan]* I'm open to whatever during this time.  I am aiming for
arriving around noon, so I can probably get CryptoParty room kicked off
until the talk I want to see.  I will get folks interested in the
Panopticlick Golf - do you have a prize I could use for this?  I am liable
to pick up something colossally stupid from a gas station on the way up as
a prize, so hopefully you have something really cool we can pitch to the
cause.

2 - 3pm: I recommend that if you have a computer hooked into projector,
that we show 30C3 talks, or just have open discussion.  If there's nothing
else going on, queue up a 30C3 talk!  :)  I'll assemble a list of URLs of
talks I think would work well for our audience.

3 - 4pm: *[Alan] *I'll go ahead and do hands-on GPG setup or keysigning,
plus playing around with VPNs, plus get volunteers familiar with the
Panopticlick Golf game.  Once I show volunteers the basics, this stuff will
be ongoing

4 - 6pm: Let's have a screening of the Internet's Own Boy, the Aaron Swartz
documentary which is freely available on the Internet Archive.

6 - 7pm: *[Alan*] Browsing security plug-in review, general browser
security, possible discussion of Tor+Firefox

7 - 8pm: Open discussion, 30C3 talks, Panopticlick Golf, GPG, VPNs

8 - 9pm: *[Alan] *Steganography 101 can probably be pulled off in this time
frame.

9 - 10pm: I'm doing my own talk, so Open discussion, 30C3 talks,
Panopticlick Golf, GPG, VPNs

10pm+: *[Alan] *I'll go ahead and have make your own OnionPi router
running, plus the usual: Open discussion, 30C3 talks, Panopticlick Golf,
GPG, VPNs

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!

*[SAT]*

??? - 1pm:* [Alan] *I'll help kick things off by making sure the volunteers
are up to speed on running: Open discussion, 30C3 talks, Panopticlick Golf,
GPG, VPNs - if there's time, I'll make friends with Jitsi and discuss OTR

1 - 3pm: Another screening of the Internet's Own Boy, the Aaron Swartz
documentary?  If not, the usual Open discussion, 30C3 talks, Panopticlick
Golf, GPG, VPNs.

4 - 6pm: *[Alan] *I'll discuss Pond and Tahoe-LAFS, and perhaps we'll try
and make a Tahoe-LAFS grid if the people are willing and ready!

6 - 10pm: These talks are too awesome for me to miss!  Open discussion,
30C3 talks, Panopticlick Golf, GPG, VPNs.

10pm+: *[Alan] *Let's make an OnionPi router!  If people already have
theirs working, we'll switch focus to debugging or creating the Tahoe-LAFS
grid, and/or general discussion about operational security techniques and
*Other*.

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!

*[SUN]*

??? - 2pm: *[Alan] *Aside from Les' talk, I'll probably be hanging out in
the CryptoParty room, nursing a hangover.  :)  Ask me anything while we
quietly drink coffee and work on things.

2pm: Announcing Winner of Panopticlick Golf !!!

2pm+: I'll be wrapping up my stay and looking to get back to the ATL, last
bits of contact info exchange with all you fine people.

Ubiquity EdgeMax (ASG)

From: Mark Quering 
------------------------------------------------------
Hey all


I recently sold one of these units to a customer basically to give it a
try. Needless to say at the $100 price point I was pretty happy with the
device.

The unit has a pretty solid build quality. The web management interface is
a little rough out of the box. A firmware update helped quite a bit. I
haven't played in the CLI yet but I hear that EdgeOS is a fork of Vayatta.

The web interface worked well for a basic SOHO NAT setup with a few inbound
firewall rules. Been very stable for the two months it's been in a
production environment. I also did not get to fully test LAN to WAN
throughput of their network processor due to time constraints.

The only odd thing I noticed with the unit I deployed was that it generated
a fair bit of heat. More than I would expect. I also did not need to
contact support so I cannot speak to that aspect of the product. I would
say for the price it's definitely worth purchasing to play with.

Due to my experience with this product and good things I've heard here and
on other forums, I am seriously considering also offering their managed PoE
switches and AP's to my SMB offerings.


Best
Mark

On Wed, Oct 15, 2014 at 5:24 PM,  wrote:

> Send Chugalug mailing list submissions to
>         chugalug@chugalug.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> or, via email, send a message with subject or body 'help' to
>         chugalug-request@chugalug.org
>
> You can reach the person managing the list at
>         chugalug-owner@chugalug.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Chugalug digest..."
>
>
> Today's Topics:
>
>    1. Re: Ubiquity EdgeMax (ASG)
>    2. Re: Ubiquity EdgeMax (Dan Lyke)
>    3. Re: Storing Locations in MySQL (Ryan Bales)
>    4. Re: Storing Locations in MySQL (Ryan Bales)
>    5. Re: Storing Locations in MySQL (Dan Lyke)
>    6. Re: Ubiquity EdgeMax (Lynn Dixon)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 15 Oct 2014 16:39:54 -0400
> From: ASG 
> To: Chattanooga Unix Gnu Android Linux Users Group
>         
> Subject: Re: [Chugalug] Ubiquity EdgeMax
> Message-ID:
>         
> Content-Type: text/plain; charset="windows-1252"
>
> For $100 it?s worth a shot. What I would really love to find is something
> of the same size and price point that could run pfSense or m0n0wall. Anyone
> know of anything?
>
> Thanks,
>
>
> On Oct 15, 2014, at 4:21 PM, Dan Lyke  wrote:
>
> > On Wed, Oct 15, 2014 at 1:13 PM, ASG 
> wrote:
> >> Any of you folks have experience with these
> >> http://www.ubnt.com/edgemax/edgerouter-lite/. Looking at
> >> one for my home office/lab network.
> >
> > Guy a few cube openings down from me whose job involves setting up
> > router-ish stuff at our fiber deployments says great things about 'em.
> >
> > I've been super impressed with my UniFi APs.
> >
> > Dan
> > 

any info on new mac malware vector?

From: Rod-Lists 
------------------------------------------------------
http://www.net-security.org/malware

Process accounting

From: Christopher Rimondi 
------------------------------------------------------
I have been taking a deeper look at process accounting in linux recently.
Does anyone use acct (Deb)/psacct (RH) on their systems?

The log file is binary and I would like to find a convenient way to put it
into something human readable and ship it off the box. I am sure I could
work something out with dumping the output of various commands to a log
file. Also syslog-ng can be compiled to support it:

http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/en/syslog-ng-ose-v3.3-guide-admin-en/html/configuring-source-pacct.html

Anyone solve the issue differently or have a more elegant solution?

Thanks,

Chris

-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

Shellshock

From: David White 
------------------------------------------------------
I tried to send this email earlier in the day, but it bounced. Tweeted at
Mike and forwarded him the bounce.... hopefully this time it'll go through,
since my test message just worked.

Incidentally, that was my first attempt to email chugalug using my new
email address, so maybe something weird happened, or mail.geeklabs.com
thought I was a spammer or something. Anyway....

---------------------

Hey folks. I have a new (personal) email address, and here it is.

About Shellshock. This is becoming a nightmare!

I'm now following the OSS-SEC mailing list pretty carefully (I just
subscribed to it last night), and its pretty active right now.

Here's an email I sent to one of my previous clients that I occasionally
email helpful advice to for free:

*There is a LOT of discussion going on right now among the open source
community and developers.*

*As of now, there have been at least 5 releases, and 6 security issues
reported (1 after each security release, plus the original security issue
that was reported).*

*I'm now following the specific discussion on one of the main mailing lists
the developers are using.*

*I also recommend keeping an eye out for patches, and I also recommend
continuing to run updates on your systems as the updates come out.*

*As of now, a final patch hasn't been released. This is bad because
attackers know about the vulnerability.  Take a look
at http://serverfault.com/questions/632049/shellshock-how-do-i-know-if-my-server-is-compromised-suspicious-files-to-look
.*

*Not much we can do about it now, other than, if we were really concerned
about the security and integrity of our servers, shut them down completely
until the bug is fixed (which obviously isn't really an option).*

*I have read that SELinux would help (but not completely) in this type of
situation.*

*Also, I just quickly scanned this write-up by SANS, written several days
ago. They know what they're talking about, and I trust
them:https://isc.sans.edu/diary/Update+on+CVE-2014-6271%3A+Vulnerability+in+bash+(shellshock)/18707

(The
main website URL ishttps://isc.sans.edu/ , and it
looks like that's the latest post, although they've made a number of
updates to it, and there's several comments).*

*If you don't have any CGI Scripts, then just disable mod

Network topology/building a router

From: Dan Lyke 
------------------------------------------------------
Okay, that latest "Running Doom on a Canon Printer" exploit has me
thinking a little bit more about network security.

I've started running UFW on my Linux servers, which is awesome, but I
think what I'd really like is something that lets me do that on my
network generally:

* the printer doesn't get any traffic other than 631 (IPP) and maybe
80 and 443, and doesn't get to open connections except in response to
connects from those addresses.

* the webcam in the shop only gets inbound connections on port 80.

* some warning when other devices do things outside of their security
profiles. And even for the printer, it's one thing to apply those
rules, but I should be able to see what it's trying and optionally
allow it to do things like updates.

Any suggestions on where to start?

Dan

Anyone heard of this botnet expoit for linux?

From: Rod-Lists 
------------------------------------------------------
"Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals.

The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. 

Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet.

A post-infection indication is a payload named .IptabLes or. IptabLex located in the /boot directory. These script files run the .IptabLes binary on reboot."

http://www.net-security.org/secworld.php?id=17322

Protecting password files (was: Name Cheap under attack)

From: Dan Lyke 
------------------------------------------------------
On Mon, 1 Sep 2014 21:41:13 -0400 (EDT)
Rod-Lists  wrote:
> http://community.namecheap.com/blog/2014/09/01/urgent-security-warning-may-affect-internet-users/

So I'm a Namecheap user, and, I'm slightly embarrassed to say, my
Namecheap password was one I've used on a few other sites (it's a
mid-tier password).

Obviously, I instantly went and changed it to something that came from
"pwgen 32".

Buuuuutttt... I have three password strategies:

1. A few I remember. Obviously this is not something I can use
   everywhere.

2. A few machines have a "passwords.txt" file in their documents
   directory.

3. I also have shared Firefox password storage.

#3 is awesome, except that  Firefox has broken this at least once, so I
always feel like that if I lose my laptop drive I could lose
everything, *and* I don't actually know how secure things are.

#2 is great if I were smart enough to put that file in git, and *then*
if I actually trusted that the machine I stored the git repos on wasn't
ever going to get compromised.

I'm unwilling to use a third party service for this because the cloud
is another name for "on someone else's computers at the whims of
someone else's security policies", ie: the most nebulous bits of #3.

So: What's the right way to put a passphrase on that passwords.txt
that'll go into a git repo? Something so that I can update it from
multiple places, diffs and merges are all handled reasonably, it's
backed up in multiple places, but I'm not exposing my on-line life on
exposed hosts?

Dan

Name Cheap under attack

From: Rod-Lists 
------------------------------------------------------
http://community.namecheap.com/blog/2014/09/01/urgent-security-warning-may-affect-internet-users/

Netflix open sources internal threat monitoring tools

From: Rod-Lists 
------------------------------------------------------
I was wondering any of y'all heard of these tools or tried them?

http://www.networkworld.com/article/2599461/security/netflix-open-sources-internal-threat-monitoring-tools.html

Fwd: [PhreakNIC] CTF

From: Jon Nyx 
------------------------------------------------------
FYI

PS - "Keith" is this guy:

Keith Watson
Information Security Manager, College of Computing
Georgia Tech, Atlanta GA
http://www.cc.gatech.edu/~krwatson

Part of his day job is taking large botnets away from organized crime
outfits, studying them, and then disassembling them. We're very lucky
to have him helping with our con.

Dru Myers
Nashville2600 President, PhreakNIC founder and con chair, 1997-2001 & 2014


---------- Forwarded message ----------
From: Keith
Date: Tue, Aug 26, 2014 at 8:48 AM
Subject: [PhreakNIC] CTF
To: phreaknic@googlegroups.com


I've talked to GTRI (the people who put on the Hungry Hungry Hackers
CTF) and it looks like a go. I will have more info in the next week or
so.

H3 was this last weekend, it went great (8/22 & 8/23)
http://www.hungryhungryhackers.org/

We noticed at past events that people would leave the CTF after only a
few hours. We asked around and found that people want to compete but
are overwhelmed and don't know where to start.

This year we had two tracks, competition and educational. The
educational track had multiple speakers that did walk-throughs of
tools and how to solve some basic challenges. It went very well and
after the end of the educational track a bunch of them joined the
competition.

The CTF is Jeopardy style with about 60 challenges. In addition we had
ten stations setup with a FPGA hardware flags and a car hacking
station setup with CAN buss flags.

Craig Smith of TheiaLabs set up the car hacking station and was on
hand for the entire event. It was a combination CAN buss/WiFi hack.
Craid was alos handing out copies of the Car hacker's Handbook. You
can download the PDF here:

http://opengarages.org/handbook/

A lock picking challenge was also part of the CTF.

Once we do our post CTF debrief we'll start solidifying the PhreakNIC CTF.

Let me know of anything you would like to see in the CTF.

keith

--
You received this message because you are subscribed to the Google
Groups "PhreakNIC" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to phreaknic+unsubscribe@googlegroups.com.
To post to this group, send email to phreaknic@googlegroups.com.
Visit this group at http://groups.google.com/group/phreaknic.
To view this discussion on the web visit
https://groups.google.com/d/msgid/phreaknic/7ba33013-fc4b-460c-9742-6fb1a7703dd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Somewhat OT: ISSA meeting coming up

From: Mark Quering 
------------------------------------------------------
Hey all


For those of you who are security inclined (who isn't) the third quarterly
meeting of the local chapter of ISSA is coming up.

Info: http://chattanooga.issa.org/?p=1
Register: http://conta.cc/1pNTngS


-- 

Thanks;
Mark Quering

up:time
simply reliable technology
423.320.2744

building packages

From: Christopher Rimondi 
------------------------------------------------------
This question is probably 50% based on circumstance and 50% on personal
preference but I wanted to get opinions from people who have built OS
packages; debs, rpms, whatever.

What do you usually include in the package? Upstart scripts, user/group
creation, post install scripts? Other logic?

As a general philosophy: Less is more or more is more?

Thanks,

Chris

-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

Anyone want to start a ps2 connector based computer company?

From: Rod-Lists 
------------------------------------------------------
or maybe comtronix and serial mice?
Why the Security of USB Is Fundamentally Broken
http://www.wired.com/2014/07/usb-security/

Ed, you and I could be rich! ;)

Oh boy... We *ARE* criminals!!!

From: kitepilot@kitepilot.com
------------------------------------------------------
Linux Lands on NSA Watch List
http://www.eweek.com/security/linux-lands-on-nsa-watch-list.html

Fwd: Linux Journal: Awesome Tech Magazine or Extremist Forum?

From: Jonathan Calloway 
------------------------------------------------------


Begin forwarded message:

> From: Linux Journal 
> Subject: Linux Journal: Awesome Tech Magazine or Extremist Forum?
> Date: July 8, 2014 at 8:00:46 AM EDT
> To: jonathancalloway@epbfi.com
> Reply-To: Linux Journal =

>=20
> Linux Journal: Awesome Tech Magazine or Extremist Forum?
> =20
>=20
> NSA: Linux Journal is an "extremist forum" and its readers get flagged =
for extra surveillance
> by Kyle Rankin
> A new story published on the German site Tagesschau and followed up by =
BoingBoing and DasErste.de has uncovered some shocking details about who =
the NSA targets for surveillance including visitors to Linux Journal =
itself.
>=20
> While it has been revealed before that the NSA captures just about all =
Internet traffic for a short time, the Tagesschau story provides new =
details about how the NSA's XKEYSCORE program decides which traffic to =
keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, =
and the article reveals that Web searches for Tor and Tails--software =
I've covered here in Linux Journal that helps to protect a user's =
anonymity and privacy on the Internet--are among the selectors that will =
flag you as "extremist" and targeted for further surveillance. If you =
just consider how many Linux Journal readers have read our Tor and Tails =
coverage in the magazine, that alone would flag quite a few innocent =
people as extremist.
>=20
> While that is troubling in itself, even more troubling to readers on =
this site is that linuxjournal.com has been flagged as a selector! =
DasErste.de has published the relevant XKEYSCORE source code, and if you =
look closely at the rule definitions, you will see =
linuxjournal.com/content/linux* listed alongside Tails and Tor. =
According to an article on DasErste.de, the NSA considers Linux Journal =
an "extremist forum". This means that merely looking for any Linux =
content on Linux Journal, not just content about anonymizing software or =
encryption, is considered suspicious and means your Internet traffic may =
be stored indefinitely.
>=20
> One of the biggest questions these new revelations raise is why. Up =
until this point, I would imagine most Linux Journal readers had =
considered the NSA revelations as troubling but figured the NSA would =
never be interested in them personally. Now we know that just visiting =
this site makes you a target. While we may never know for sure what it =
is about Linux Journal in particular, the Boing Boing article speculates =
that it might be to separate out people on the Internet who know how to =
be private from those who don't so it can capture communications from =
everyone with privacy know-how. If that's true, it seems to go much =
further to target anyone with Linux know-how.
>=20
> It's bad news to all of us who use and read about Linux on a daily =
basis, but fortunately we aren't completely helpless. Earlier in the =
year I started a series on security, privacy and anonymity in my Hack =
and / column that included articles on how to use the Tor browser bundle =
and Tails. With either piece of software in place, you can browse Linux =
Journal (and the rest of the Internet) in private.
>=20
> Read this and other privacy-related stories at LinuxJournal.com.
>=20
> A Bundle of Tor
> Tails above the Rest: the Installation
> Tails above the Rest, Part II
> Are you an extremist?
> Dolphins in the NSA Dragnet
> Are you an extremist?
> Get the T-Shirt!
> Get the T-Shirt by itself or take advantage of our special (and =
temporary) offer and get a 1-year subscription with your shirt for just =
$10 more!
>=20
>=20
>=20
>  Follow us on Twitter | Like us on Facebook
> Copyright =A9 2013 Linux Journal, All rights reserved.
> Our mailing address is:
> Linux Journal
> 2121 Sage Road, Ste 395
> Houston, TX 77056
>  If you do not wish to receive further e-mails regarding Linux Journal =
products, please visit: =
http://linuxjournalservices.com/portal/unsubscribe/?V77Dxgls%2FB0Xo8NsY%2B=
qzRuMrEAEQbeqSA.=20
> =20
>=20