Episode 12 – Disaster!

Welcome to Episode 12!

News
https://www.digitalocean.com/company/blog/update-on-the-april-5th-2017-outage/
https://www.theregister.co.uk/2017/04/06/microsoft_windows_10_creators_update/?mt=1491577380488
https://thehackernews.com/2017/03/samsung-galaxy-s8-facial-unlocking.html
https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1
https://arstechnica.com/security/2017/04/booby-trapped-word-documents-in-the-wild-exploit-critical-microsoft-0day/

Chat
Kubernetes
Jeeps!
What’s this mastodon thing?

Main topic
DR!

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Episode 11 – OpenStack!

Welcome to Episode 11!

News
https://www.undrground.org/node/178
https://www.cnet.com/news/samsung-galaxy-s8-launch-note-7-note-8-battery-blowup-what-change/
http://time.com/4709302/alcohol-heart-disease-risk/  BECAUSE BEER IS GOOD FOR YOU!
https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-sell-your-web-browsing-history-to-advertisers

Announcements
Ep12, live stream and stuffs.

Chat
openshift origin  http://www.openshift.org

Main topic
Open all the stacks with @fultonj
So what the heck is openstack?
Why wouldn’t i just use Amazon EC2?
What’s Trible-O?
HyperConverge!
Ceph

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Watch this episode on Youtube. https://youtu.be/V9kSZKp31Tc

Episode 10 – Trouble in the Cloud

Welcome to Episode 10

News
https://www.bloomberg.com/news/articles/2017-03-08/microsoft-pledges-to-use-arm-server-chips-threatening-intel-s-dominance

Firefox 52 will be the last version of Firefox for Windows XP and Vista


https://www.cnet.com/news/look-out-windows-android-is-catching-up/
https://www.wired.com/2017/03/atari-chip-set-off-bitter-war-among-neuroscientists/?mbid=nl_3817_p2&CNDID=21798766
http://www.nature.com/nature/journal/v543/n7644/full/nature21371.html
NIST’s new password rules – what you need to know
https://xkcd.com/936/

Announcements
Feedback
@Gangrif and @Xenophage make a great pair that will titillate ones’s ears! They cover things in the ops and
infosec news categories and topics that are relatable or at least interesting to discuss. It’s not your typical
format of a podcast, but that is what makes it refreshing.

Keep up the great content guys!

Patreon, you guys are awesome
$10 tier.
The face!

Youtube stream for this episode! https://youtu.be/EeD5y34oKNY

Chat

Main topic
Trouble in the cloud, The 2/28/2017 US East 1 S3 outage
https://aws.amazon.com/message/41926/
An Amazon employee was troubleshooting a problem with their S3 billing mechanisms.
A mistake made in an established playbook, took down systems that were not intended to be taken down
The downtime which was intended only for billing systems, took down systems essential in both reads and writes to he S3 API.
This required that some systems be rebooted.
Reboots on the Index and Placement subsystems (two of the systems mentioned as accidentally rebooted) had not been performed for years
Due to the dependencies between these systems, the restarts took quite some time.
The downtime caused some backlog of requests, and these needed to be processed when the systems were once again operational

Remediation
The core issues here were the amount of systems un-intentionally taken offline, and the fact that systems that depended on eachother were taken down at the same time.
Amazon has made changes to their tools to help pervent systems from dropping below service affecting thresholds.
They are also working to remove some of the inter-dependencies.

On top of everything, the the S3 status page depended on the health of the S3 service in order to operate.
This made it difficult for customers to view the status of S3.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 9 – Linux Hardening

Welcome Episode 9

News
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
http://fortune.com/2017/02/21/google-site-search-discontinued/ (sorry for the obnoxious auto-play)

Cellebrite can now unlock iPhone 6 and 6+, also extract data from array of popular apps


https://www.bloomberg.com/news/articles/2017-02-23/social-media-is-driving-americans-insane

Announcements
http://www.patreon.com/ironsysadmin
Plans for ironsysadmin.com

LVHackers Round 2: Security Bugaloo

Wednesday, Mar 1, 2017, 6:00 PM

Two Rivers Brewing
542 Northampton St Easton, PA

17 Hackers Went

Holy crap, it’s less than a week away. Guess I should tell y’all why it’s going to be an amazing night.6-7pmDinner, Drinks, MARIO KART.7pmBen Heise – Domain Fronting: Redirect Like A Boss.https://twitter.com/benheiseFor more information on Domain Fronting:https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-frontin…

Check out this Meetup →

Chat
http://www.liverpoolecho.co.uk/news/liverpool-news/signs-your-child-computer-hacker-12626527
rpgKids


Main topic
Basic Linux Security
build environment
updates
local firewall
disable root ssh logins
Is sudo a blessing, a risk, or a curse?
Totally a facebook post.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 8 – Choosing a cloud or service provider

News
http://www.computerworld.com/article/3162416/data-center/booted-up-in-1993-this-server-still-runs-but-not-for-much-longer.html

Internet Backbone Provider Cogent Blocks Pirate Bay and other “Pirate” Sites


https://www.macrumors.com/2017/02/09/2017-iphones-wireless-charging/
https://arstechnica.com/tech-policy/2017/02/justice-naps-man-jailed-16-months-for-refusing-to-reveal-passwords/
https://www.trustedsec.com/blog/office-365-advanced-threat-protection-features-shortfalls/

Announcements
http://www.patreon.com/ironsysadmin
We have a domain now!  www.ironsysadmin.com
And an email address!  podcast -at- ironsysadmin.com
http://www.infosanity.org/

Chat
Internet in the docker in the cloud in the docker
Alpine? (docker image)
VM Providers : https://lowendbox.com/

Main topic
Picking a cloud, or service host
Cost
Service Type
web host
service host
iaas
Host your own?
Cloud Maturity
Insecure Stigma
How have things progressed

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Episode 7 – Cloud Wrap-up

News

Dell’s Has Sold ‘Tens of Millions’ Dollars’ Worth of Project Sputnik Laptops


http://lineageos.org/Yes-this-is-us/
https://mobile.slashdot.org/story/17/01/26/2030201/microsoft-reportedly-working-on-a-lightweight-version-of-windows-known-as-cloud-shell
http://www.macworld.com/article/3161757/techology-business/the-week-in-apple-news-ios-10-3-public-beta-apple-vs-qualcomm-night-shift-for-macos-sierra-and-more.html
— Related —
https://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/

Main topic
cloud services follow-up
vendor lock in
level of control, vs ease of use
you’ll totally save an FTE
And money, youll save money.
No, you wont.

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 6 – What To Do When You’re In Over Your Head

News
https://yro.slashdot.org/story/17/01/10/238223/why-you-shouldnt-trust-geek-squad
https://hardware.slashdot.org/story/17/01/10/1428219/fitbit-buys-vector-romanian-startups-existing-smartwatches-wont-receive-software-updates-anymore
https://hardware.slashdot.org/story/17/01/13/1457242/half-the-work-people-do-can-be-automated-says-mckinsey
https://it.slashdot.org/story/17/01/13/1444233/security-experts-rebut-the-guardians-report-that-claimed-whatsapp-has-a-backdoor
https://security.web.cern.ch/security/venom.shtml
http://rhelblog.redhat.com/2017/01/13/docker-0-day-stopped-cold-by-selinux/

It turns out that halfway clever phishing attacks really, really work

Main topic
What do you do when you’re in over your head?
Are you over-thinking the problem?
is there someone you can turn to for help?
google is your friend
a good toolset can help
Intro to Sysadmin Wrap-Up
Ep3 – So you wanna be a sysadmin?
Ep4 – Managing expectations
Ep5 – Time Management
Lehigh Valley Infosec Meetup:

Inaugural Lehigh Valley Infosec Meetup

Wednesday, Feb 1, 2017, 6:00 PM

Two Rivers Brewing
542 Northampton St Easton, PA

18 Hackers Went

Join our merry band of miscreants as we kick off the first edition of our monthly Lehigh Valley Infosec Meetup. Come hungry and get some dinner / drinks so they don’t think we’re freeloaders.6:00 – Food / Networking=============================7:00Speaker: randoh (@dakacki)Talk Title: Opening Remarks: Welcome. The world is not ending.Synopsis…

Check out this Meetup →

Intro and Outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 5 – Time Management

News
https://tech.slashdot.org/story/16/12/27/1427215/with-cyanogen-dead-googles-control-over-android-is-tighter-than-ever

https://apple.slashdot.org/story/16/12/27/0157226/apple-publishes-its-first-ai-research-paper

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-new-green-screen-of-death-on-latest-windows-10-builds/

http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/

Main topic
Handling incoming tasks
task lists?
issue/request trackers?
Email/inbox
mundane/repetitive tasks

Intro and Outro mysic credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

Episode 4 – Managing Expectations

Holiday Hack:
http://www.holidayhackchallenge.com

News
http://thehackernews.com/2016/12/yahoo-data-breach-billion.html
https://hardware.slashdot.org/story/16/12/15/2051214/verizon-changes-its-mind-and-will-kill-samsungs-galaxy-note-7-on-january-5th
https://hardware.slashdot.org/story/16/12/15/1929243/fitbit-wont-kill-off-pebble-services-at-least-until-2018
http://sysadvent.blogspot.com/2016/12/day-6-no-more-on-call-martyrs.html
https://linux.slashdot.org/story/16/12/16/0229207/zero-days-hitting-fedora-and-ubuntu-open-desktops-to-a-world-of-hurt
Main topic
Dont be too proud – we all started somewhere
you’re probably going to have to take support calls
maybe as your primary role
You’re probably going to be on-call
You’re probably going to have to deal with “idiots”
They’re not really idiots.

http://theoatmeal.com/comics/unhappy

Intro and Outro mysic credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/

 

Episode 3 – So You Wanna Be A Sysadmin

News
http://www.securityweek.com/disgruntled-gamer-likely-behind-october-us-hacking-expert
http://thehackernews.com/2016/11/acquisition-oracle-dyn.html
http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/
https://linux.slashdot.org/story/16/12/04/0142242/devuans-systemd-free-linux-hits-beta-2
Main topic
So you want to be a sysadmin

 

Intro and outro music credit: Tri Tachyon, Digital MK 2
http://freemusicarchive.org/music/Tri-Tachyon/