Iron Sysadmin Podcast

Welcome to Episode 14

News
http://thehackernews.com/2017/05/windows-rce-exploit.html
http://fortune.com/2017/05/07/android-listening
https://www.forbes.com/sites/thomasbrewster/2017/05/03/massive-google-gmail-phish-many-victims/#6af6ce8342a1
https://arstechnica.com/security/2017/05/mac-users-installing-popular-dvd-ripper-get-nasty-backdoor-instead

Announcements
Derbycon tickets are on sale!  And gone
Chat
Main topic
Devops for security

Securing your devops

Where can you find us?
www.ironsysadmin.com
https://www.facebook.com/ironsysadmin
https://www.youtube.com/channel/UCsLgL5c-US8XWPuXHHszNzA
https://www.twitter.com/ironsysadmin
Apple iTunes
Stitcher!

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Welcome to Episode 13

News
https://arstechnica.com/security/2017/04/chrome-firefox-and-opera-users-beware-this-isnt-the-apple-com-you-want/
this is horrifying.
https://developers.slashdot.org/story/17/04/23/0339211/flawed-online-tutorials-led-to-vulnerabilities-in-software
https://tech.slashdot.org/story/17/04/23/0027207/should-archiveorg-ignore-robotstxt-directives-and-cache-everything
http://everythingsysadmin.com/2017/04/dnscontrol-blogpost.html
Announcements
Pareon donors are awesome!
Chat
Kubernetes, Amazon ECS.  Jeepin!

Main topic
Incident Response
https://en.wikipedia.org/wiki/Incident_management_(ITSM)

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Welcome to Episode 12!

News
https://www.digitalocean.com/company/blog/update-on-the-april-5th-2017-outage/
https://www.theregister.co.uk/2017/04/06/microsoft_windows_10_creators_update/?mt=1491577380488
https://thehackernews.com/2017/03/samsung-galaxy-s8-facial-unlocking.html
https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1
https://arstechnica.com/security/2017/04/booby-trapped-word-documents-in-the-wild-exploit-critical-microsoft-0day/

Chat
Kubernetes
Jeeps!
What’s this mastodon thing?

Main topic
DR!

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Welcome to Episode 11!

News
https://www.undrground.org/node/178
https://www.cnet.com/news/samsung-galaxy-s8-launch-note-7-note-8-battery-blowup-what-change/
http://time.com/4709302/alcohol-heart-disease-risk/  BECAUSE BEER IS GOOD FOR YOU!
https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-sell-your-web-browsing-history-to-advertisers

Announcements
Ep12, live stream and stuffs.

Chat
openshift origin  http://www.openshift.org

Main topic
Open all the stacks with @fultonj
So what the heck is openstack?
Why wouldn’t i just use Amazon EC2?
What’s Trible-O?
HyperConverge!
Ceph

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Watch this episode on Youtube. https://youtu.be/V9kSZKp31Tc

Welcome to Episode 10

News
https://www.bloomberg.com/news/articles/2017-03-08/microsoft-pledges-to-use-arm-server-chips-threatening-intel-s-dominance
https://mspoweruser.com/firefox-52-will-last-version-firefox-windows-xp-vista/
https://www.cnet.com/news/look-out-windows-android-is-catching-up/
https://www.wired.com/2017/03/atari-chip-set-off-bitter-war-among-neuroscientists/?mbid=nl_3817_p2&CNDID=21798766
http://www.nature.com/nature/journal/v543/n7644/full/nature21371.html
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/
https://xkcd.com/936/

Announcements
Feedback
@Gangrif and @Xenophage make a great pair that will titillate ones’s ears! They cover things in the ops and
infosec news categories and topics that are relatable or at least interesting to discuss. It’s not your typical
format of a podcast, but that is what makes it refreshing.

Keep up the great content guys!

Patreon, you guys are awesome
$10 tier.
The face!

Youtube stream for this episode! https://youtu.be/EeD5y34oKNY

Chat

Main topic
Trouble in the cloud, The 2/28/2017 US East 1 S3 outage
https://aws.amazon.com/message/41926/
An Amazon employee was troubleshooting a problem with their S3 billing mechanisms.
A mistake made in an established playbook, took down systems that were not intended to be taken down
The downtime which was intended only for billing systems, took down systems essential in both reads and writes to he S3 API.
This required that some systems be rebooted.
Reboots on the Index and Placement subsystems (two of the systems mentioned as accidentally rebooted) had not been performed for years
Due to the dependencies between these systems, the restarts took quite some time.
The downtime caused some backlog of requests, and these needed to be processed when the systems were once again operational

Remediation
The core issues here were the amount of systems un-intentionally taken offline, and the fact that systems that depended on eachother were taken down at the same time.
Amazon has made changes to their tools to help pervent systems from dropping below service affecting thresholds.
They are also working to remove some of the inter-dependencies.

On top of everything, the the S3 status page depended on the health of the S3 service in order to operate.
This made it difficult for customers to view the status of S3.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Welcome Episode 9

News
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
http://fortune.com/2017/02/21/google-site-search-discontinued/ (sorry for the obnoxious auto-play)
https://www.cyberscoop.com/cellebrite-iphone-6-ufed-samsung-galaxy-facebook-messenger-snapchat/
https://www.bloomberg.com/news/articles/2017-02-23/social-media-is-driving-americans-insane

Announcements
http://www.patreon.com/ironsysadmin
Plans for ironsysadmin.com
https://www.meetup.com/LVHackers/events/237389393/

Chat
http://www.liverpoolecho.co.uk/news/liverpool-news/signs-your-child-computer-hacker-12626527
https://newbiedm.com/rpgkids/

​
Main topic
Basic Linux Security
build environment
updates
local firewall
disable root ssh logins
Is sudo a blessing, a risk, or a curse?
Totally a facebook post.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

News
http://www.computerworld.com/article/3162416/data-center/booted-up-in-1993-this-server-still-runs-but-not-for-much-longer.html
https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
https://www.macrumors.com/2017/02/09/2017-iphones-wireless-charging/
https://arstechnica.com/tech-policy/2017/02/justice-naps-man-jailed-16-months-for-refusing-to-reveal-passwords/
https://www.trustedsec.com/blog/office-365-advanced-threat-protection-features-shortfalls/

Announcements
http://www.patreon.com/ironsysadmin
We have a domain now!  www.ironsysadmin.com
And an email address!  podcast -at- ironsysadmin.com
http://www.infosanity.org/

Chat
Internet in the docker in the cloud in the docker
Alpine? (docker image)
VM Providers : https://lowendbox.com/

Main topic
Picking a cloud, or service host
Cost
Service Type
web host
service host
iaas
Host your own?
Cloud Maturity
Insecure Stigma
How have things progressed

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

News
http://www.omgubuntu.co.uk/2017/01/dell-talk-linux-laptops-distros-sales
http://lineageos.org/Yes-this-is-us/
https://mobile.slashdot.org/story/17/01/26/2030201/microsoft-reportedly-working-on-a-lightweight-version-of-windows-known-as-cloud-shell
http://www.macworld.com/article/3161757/techology-business/the-week-in-apple-news-ios-10-3-public-beta-apple-vs-qualcomm-night-shift-for-macos-sierra-and-more.html
— Related —
https://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/

Main topic
cloud services follow-up
vendor lock in
level of control, vs ease of use
you’ll totally save an FTE
And money, youll save money.
No, you wont.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

News
https://yro.slashdot.org/story/17/01/10/238223/why-you-shouldnt-trust-geek-squad
https://hardware.slashdot.org/story/17/01/10/1428219/fitbit-buys-vector-romanian-startups-existing-smartwatches-wont-receive-software-updates-anymore
https://hardware.slashdot.org/story/17/01/13/1457242/half-the-work-people-do-can-be-automated-says-mckinsey
https://it.slashdot.org/story/17/01/13/1444233/security-experts-rebut-the-guardians-report-that-claimed-whatsapp-has-a-backdoor
https://security.web.cern.ch/security/venom.shtml
http://rhelblog.redhat.com/2017/01/13/docker-0-day-stopped-cold-by-selinux/
http://boingboing.net/2017/01/13/it-turns-out-that-halfway-clev.html

Main topic
What do you do when you’re in over your head?
Are you over-thinking the problem?
is there someone you can turn to for help?
google is your friend
a good toolset can help
Intro to Sysadmin Wrap-Up
Ep3 – So you wanna be a sysadmin?
Ep4 – Managing expectations
Ep5 – Time Management
Lehigh Valley Infosec Meetup:
https://www.meetup.com/LVHackers/events/236879867/

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

News
https://tech.slashdot.org/story/16/12/27/1427215/with-cyanogen-dead-googles-control-over-android-is-tighter-than-ever

https://apple.slashdot.org/story/16/12/27/0157226/apple-publishes-its-first-ai-research-paper

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-new-green-screen-of-death-on-latest-windows-10-builds/

http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/

Main topic
Handling incoming tasks
task lists?
issue/request trackers?
Email/inbox
mundane/repetitive tasks

Intro and Outro mysic credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/