S0E7: "The Isolation Chamber (pt. 1)"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2015-05-24 17:25:44 2015-05-17 06:53:13 brent s.
Verification
Format SHA256 GPG Audio File
MP3 01a325cbc4b481773ac0e3ea160d3f72bc5c40536d27b7f354ed891dde49003e click click
OGG a161a6f6dcd88af83f30f7b4a0bf1793b64bb089cdaae72d328d8fac19a5d288 click click

This episode, I go solo because Jthan is lame.

Notes

  • VENOM’s page is here. CVE is here. PoC is here.
    • It affects QEMU / KVM and Xen
    • Linode says they are not vulnerable (but their KVM beta program was, and has been patched per the comments of that article).
  • You can find more real-time interaction with us via our twitter or IRC (details/webchat client on our contact page).
    • As for live-streaming, we’re still looking into solutions on this. If you know of something that hooks into Mumble/Murmur server-side and spits out something like an RTSP stream, let us know!
      • When we have something worked out for live-streaming, we’ll announce it on our twitter.
  • As far as documentation via a wiki goes, I prefer MediaWiki (in case you couldn’t tell by viewing this in the wiki itself!).
    • For generating static documentation (and exporting to PDF), I like LibreOffice.
    • Encrypting plaintext files for e.g. credentials can be hard. I like Pass. It uses GPG to encrypt, and you can specify multiple people who have access to a given password store by simply adding their public key.
    • PHBs, or Pointy-Haired Bosses, is a reference to Dilbert.
    • For a great example of documentation, check out TLDP’s Howtos with LinuxDoc and the LDP Author Guide.
  • Making people care about security is probably a futile effort, but you know what they say about the weakest link in a chain.
  • This has an awesome introduction to steganography.
    • You can even steg tweets.
    • Some handy steganography tools (in GNU/Linux at least are OpenStego, StegHide, SNOW, Stepic
      • You can even convert text to image stegs (think along the lines of QR codes)! Check out PhotoCrypt.
    • You can find an archive/mirror of PoC||GTFO here
    • Just be sure you remember that stegs are not encryption, they’re obfuscation. With a little luck, they can even be automatically detected.
  • For my drive encryptions, I use cryptsetup with LUKS (via dm-crypt).
  • Social media can indeed be used as an alibi.

Errata

  • If you listen closely, you may hear the hum of my window A/C unit (and the distortion I caused trying to remove it as much as realistically possible). Sorry about that; I tried to edit it out best I could. Future episodes I’ll try to not keep it on while recording. :)
  • The episode we were supposed to talk about documentation in was S0E5.
  • VENOM does not affect VMWare despite what I had suspected.
  • Yay! Employers engaging in social media snooping actually is now illegal in six states.
  • The Internet is, indeed, 25 years old.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Peer Gynt Suite No. 1, Op. 46 - I. Morning Composed by Edvard Grieg (Performed by Czech National Symphony Orchestra) click Public Domain 1.0
Outro Naraina Kevin MacLeod click CC-BY 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories (Pilot Season)

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.