Episode 15 – WannaCry!

Welcome to Episode 15

News
WannaCry?
http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html
http://thehackernews.com/2017/05/smb-windows-hacking-tools.html
https://insights.hpe.com/articles/you-can-build-your-own-lte-network-over-wi-fi-frequencies-well-not-quite-yet-1705.html

Facebook offering “vulnerable teens” to advertisers shows it is willing to be used as a weapon

Announcements
Jason has a new mic!

Chat
Strong beer
Old fashioned mix?
Main topic
Protecting against ransomeware
Recovering from ransomeware
Where can you find us?
www.ironsysadmin.com
https://www.facebook.com/ironsysadmin
https://www.youtube.com/channel/UCsLgL5c-US8XWPuXHHszNzA

Apple iTunes
Stitcher!

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 14 – Sec in your devops!

Welcome to Episode 14

News
http://thehackernews.com/2017/05/windows-rce-exploit.html
http://fortune.com/2017/05/07/android-listening
https://www.forbes.com/sites/thomasbrewster/2017/05/03/massive-google-gmail-phish-many-victims/#6af6ce8342a1
https://arstechnica.com/security/2017/05/mac-users-installing-popular-dvd-ripper-get-nasty-backdoor-instead

Announcements
Derbycon tickets are on sale!  And gone
Chat
Main topic
Devops for security

Securing your devops

Where can you find us?
www.ironsysadmin.com
https://www.facebook.com/ironsysadmin
https://www.youtube.com/channel/UCsLgL5c-US8XWPuXHHszNzA

Apple iTunes
Stitcher!

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 13 – Incident Response.

Welcome to Episode 13

News
https://arstechnica.com/security/2017/04/chrome-firefox-and-opera-users-beware-this-isnt-the-apple-com-you-want/
this is horrifying.
https://developers.slashdot.org/story/17/04/23/0339211/flawed-online-tutorials-led-to-vulnerabilities-in-software
https://tech.slashdot.org/story/17/04/23/0027207/should-archiveorg-ignore-robotstxt-directives-and-cache-everything
http://everythingsysadmin.com/2017/04/dnscontrol-blogpost.html
Announcements
Pareon donors are awesome!
Chat
Kubernetes, Amazon ECS.  Jeepin!

Main topic
Incident Response
https://en.wikipedia.org/wiki/Incident_management_(ITSM)

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 12 – Disaster!

Welcome to Episode 12!

News
https://www.digitalocean.com/company/blog/update-on-the-april-5th-2017-outage/
https://www.theregister.co.uk/2017/04/06/microsoft_windows_10_creators_update/?mt=1491577380488
https://thehackernews.com/2017/03/samsung-galaxy-s8-facial-unlocking.html
https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1
https://arstechnica.com/security/2017/04/booby-trapped-word-documents-in-the-wild-exploit-critical-microsoft-0day/

Chat
Kubernetes
Jeeps!
What’s this mastodon thing?

Main topic
DR!

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Episode 11 – OpenStack!

Welcome to Episode 11!

News
https://www.undrground.org/node/178
https://www.cnet.com/news/samsung-galaxy-s8-launch-note-7-note-8-battery-blowup-what-change/
http://time.com/4709302/alcohol-heart-disease-risk/  BECAUSE BEER IS GOOD FOR YOU!
https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-sell-your-web-browsing-history-to-advertisers

Announcements
Ep12, live stream and stuffs.

Chat
openshift origin  http://www.openshift.org

Main topic
Open all the stacks with @fultonj
So what the heck is openstack?
Why wouldn’t i just use Amazon EC2?
What’s Trible-O?
HyperConverge!
Ceph

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Watch this episode on Youtube. https://youtu.be/V9kSZKp31Tc

Episode 10 – Trouble in the Cloud

Welcome to Episode 10

News
https://www.bloomberg.com/news/articles/2017-03-08/microsoft-pledges-to-use-arm-server-chips-threatening-intel-s-dominance

Firefox 52 will be the last version of Firefox for Windows XP and Vista


https://www.cnet.com/news/look-out-windows-android-is-catching-up/
https://www.wired.com/2017/03/atari-chip-set-off-bitter-war-among-neuroscientists/?mbid=nl_3817_p2&CNDID=21798766
http://www.nature.com/nature/journal/v543/n7644/full/nature21371.html
NIST’s new password rules – what you need to know
https://xkcd.com/936/

Announcements
Feedback
@Gangrif and @Xenophage make a great pair that will titillate ones’s ears! They cover things in the ops and
infosec news categories and topics that are relatable or at least interesting to discuss. It’s not your typical
format of a podcast, but that is what makes it refreshing.

Keep up the great content guys!

Patreon, you guys are awesome
$10 tier.
The face!

Youtube stream for this episode! https://youtu.be/EeD5y34oKNY

Chat

Main topic
Trouble in the cloud, The 2/28/2017 US East 1 S3 outage
https://aws.amazon.com/message/41926/
An Amazon employee was troubleshooting a problem with their S3 billing mechanisms.
A mistake made in an established playbook, took down systems that were not intended to be taken down
The downtime which was intended only for billing systems, took down systems essential in both reads and writes to he S3 API.
This required that some systems be rebooted.
Reboots on the Index and Placement subsystems (two of the systems mentioned as accidentally rebooted) had not been performed for years
Due to the dependencies between these systems, the restarts took quite some time.
The downtime caused some backlog of requests, and these needed to be processed when the systems were once again operational

Remediation
The core issues here were the amount of systems un-intentionally taken offline, and the fact that systems that depended on eachother were taken down at the same time.
Amazon has made changes to their tools to help pervent systems from dropping below service affecting thresholds.
They are also working to remove some of the inter-dependencies.

On top of everything, the the S3 status page depended on the health of the S3 service in order to operate.
This made it difficult for customers to view the status of S3.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 9 – Linux Hardening

Welcome Episode 9

News
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
http://fortune.com/2017/02/21/google-site-search-discontinued/ (sorry for the obnoxious auto-play)

Cellebrite can now unlock iPhone 6 and 6+, also extract data from array of popular apps


https://www.bloomberg.com/news/articles/2017-02-23/social-media-is-driving-americans-insane

Announcements
http://www.patreon.com/ironsysadmin
Plans for ironsysadmin.com

LVHackers Round 2: Security Bugaloo

Wednesday, Mar 1, 2017, 6:00 PM

Two Rivers Brewing
542 Northampton St Easton, PA

17 Hackers Went

Holy crap, it’s less than a week away. Guess I should tell y’all why it’s going to be an amazing night.6-7pmDinner, Drinks, MARIO KART.7pmBen Heise – Domain Fronting: Redirect Like A Boss.https://twitter.com/benheiseFor more information on Domain Fronting:https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-frontin…

Check out this Meetup →

Chat
http://www.liverpoolecho.co.uk/news/liverpool-news/signs-your-child-computer-hacker-12626527
rpgKids


Main topic
Basic Linux Security
build environment
updates
local firewall
disable root ssh logins
Is sudo a blessing, a risk, or a curse?
Totally a facebook post.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 8 – Choosing a cloud or service provider

News
http://www.computerworld.com/article/3162416/data-center/booted-up-in-1993-this-server-still-runs-but-not-for-much-longer.html

Internet Backbone Provider Cogent Blocks Pirate Bay and other “Pirate” Sites


https://www.macrumors.com/2017/02/09/2017-iphones-wireless-charging/
https://arstechnica.com/tech-policy/2017/02/justice-naps-man-jailed-16-months-for-refusing-to-reveal-passwords/
https://www.trustedsec.com/blog/office-365-advanced-threat-protection-features-shortfalls/

Announcements
http://www.patreon.com/ironsysadmin
We have a domain now!  www.ironsysadmin.com
And an email address!  podcast -at- ironsysadmin.com
http://www.infosanity.org/

Chat
Internet in the docker in the cloud in the docker
Alpine? (docker image)
VM Providers : https://lowendbox.com/

Main topic
Picking a cloud, or service host
Cost
Service Type
web host
service host
iaas
Host your own?
Cloud Maturity
Insecure Stigma
How have things progressed

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Episode 7 – Cloud Wrap-up

News

Dell’s Has Sold ‘Tens of Millions’ Dollars’ Worth of Project Sputnik Laptops


http://lineageos.org/Yes-this-is-us/
https://mobile.slashdot.org/story/17/01/26/2030201/microsoft-reportedly-working-on-a-lightweight-version-of-windows-known-as-cloud-shell
http://www.macworld.com/article/3161757/techology-business/the-week-in-apple-news-ios-10-3-public-beta-apple-vs-qualcomm-night-shift-for-macos-sierra-and-more.html
— Related —
https://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/

Main topic
cloud services follow-up
vendor lock in
level of control, vs ease of use
you’ll totally save an FTE
And money, youll save money.
No, you wont.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 6 – What To Do When You’re In Over Your Head

News
https://yro.slashdot.org/story/17/01/10/238223/why-you-shouldnt-trust-geek-squad
https://hardware.slashdot.org/story/17/01/10/1428219/fitbit-buys-vector-romanian-startups-existing-smartwatches-wont-receive-software-updates-anymore
https://hardware.slashdot.org/story/17/01/13/1457242/half-the-work-people-do-can-be-automated-says-mckinsey
https://it.slashdot.org/story/17/01/13/1444233/security-experts-rebut-the-guardians-report-that-claimed-whatsapp-has-a-backdoor
https://security.web.cern.ch/security/venom.shtml
http://rhelblog.redhat.com/2017/01/13/docker-0-day-stopped-cold-by-selinux/

It turns out that halfway clever phishing attacks really, really work

Main topic
What do you do when you’re in over your head?
Are you over-thinking the problem?
is there someone you can turn to for help?
google is your friend
a good toolset can help
Intro to Sysadmin Wrap-Up
Ep3 – So you wanna be a sysadmin?
Ep4 – Managing expectations
Ep5 – Time Management
Lehigh Valley Infosec Meetup:

Inaugural Lehigh Valley Infosec Meetup

Wednesday, Feb 1, 2017, 6:00 PM

Two Rivers Brewing
542 Northampton St Easton, PA

18 Hackers Went

Join our merry band of miscreants as we kick off the first edition of our monthly Lehigh Valley Infosec Meetup. Come hungry and get some dinner / drinks so they don’t think we’re freeloaders.6:00 – Food / Networking=============================7:00Speaker: randoh (@dakacki)Talk Title: Opening Remarks: Welcome. The world is not ending.Synopsis…

Check out this Meetup →

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/