S0E7: "The Isolation Chamber (pt. 1)"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2015-05-24 17:25:44 2015-05-17 06:53:13 brent s.
Verification
Format SHA256 GPG Audio File
MP3 d7e050a4d109fa1b0626a55db10f9a84854117d176d27c7c38cf5d109e7f2eba click click
OGG aac7a75a4f417d43cab81c684270e5fc97cd0c418b46bed39167b4a6dd9e491d click click

This episode, I go solo because Jthan is lame.

Notes

  • VENOM’s page is here. CVE is here. PoC is here.
    • It affects QEMU / KVM and Xen
    • Linode says they are not vulnerable (but their KVM beta program was, and has been patched per the comments of that article).
  • You can find more real-time interaction with us via our twitter or IRC (details/webchat client on our contact page).
    • As for live-streaming, we’re still looking into solutions on this. If you know of something that hooks into Mumble/Murmur server-side and spits out something like an RTSP stream, let us know!
      • When we have something worked out for live-streaming, we’ll announce it on our twitter.
  • As far as documentation via a wiki goes, I prefer MediaWiki (in case you couldn’t tell by viewing this in the wiki itself!).
    • For generating static documentation (and exporting to PDF), I like LibreOffice.
    • Encrypting plaintext files for e.g. credentials can be hard. I like Pass. It uses GPG to encrypt, and you can specify multiple people who have access to a given password store by simply adding their public key.
    • PHBs, or Pointy-Haired Bosses, is a reference to Dilbert.
    • For a great example of documentation, check out TLDP’s Howtos with LinuxDoc and the LDP Author Guide.
  • Making people care about security is probably a futile effort, but you know what they say about the weakest link in a chain.
  • This has an awesome introduction to steganography.
    • You can even steg tweets.
    • Some handy steganography tools (in GNU/Linux at least are OpenStego, StegHide, SNOW, Stepic
      • You can even convert text to image stegs (think along the lines of QR codes)! Check out PhotoCrypt.
    • You can find an archive/mirror of PoC||GTFO here
    • Just be sure you remember that stegs are not encryption, they’re obfuscation. With a little luck, they can even be automatically detected.
  • For my drive encryptions, I use cryptsetup with LUKS (via dm-crypt).
  • Social media can indeed be used as an alibi.

Errata

  • If you listen closely, you may hear the hum of my window A/C unit (and the distortion I caused trying to remove it as much as realistically possible). Sorry about that; I tried to edit it out best I could. Future episodes I’ll try to not keep it on while recording. :)
  • The episode we were supposed to talk about documentation in was S0E5.
  • VENOM does not affect VMWare despite what I had suspected.
  • Yay! Employers engaging in social media snooping actually is now illegal in six states.
  • The Internet is, indeed, 25 years old.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Peer Gynt Suite No. 1, Op. 46 - I. Morning Composed by Edvard Grieg (Performed by Czech National Symphony Orchestra) click Public Domain 1.0
Outro Naraina Kevin MacLeod click CC-BY 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.