S1E3: "Fuzzy-Wuzzy Was a Bugbear (Was He?)"
|Previous Episode||Next Episode|
|S1E2: "hunter2"||S1E4: "A Challenger Appears!"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2016-03-17 02:26:50||2016-03-28 04:14:43||aaron k.|
Windows auto-updating, fuzzing, git (yes, again), and more of the ongoing Apple vs. FBI case. We also talk about BYOD (Bring Your Own Devices).
Starts at 00m32s.
- Several major websites were hit by ransomware.
- The Fortune rag says it might be China. I typically disagree with these sort of things…
- But there is some compelling evidence supporting it.
- We talk a bit more about ransomware back in S1E1, and how you should really start implementing backups (that are RO at rest!).
- There’s also a git vulnerability. We talk more about it in the notes.
- Windows 7, 8 etc. are auto-upgrading to Windows 10. We talk more about this in notes.
Starts at 1m30s.
I was drinking a PBR (yes, I know. Again.), Paden was drinking Buckeye Vodka, and Jthan was drinking Upslope Pale Ale.
- I’m pretty sure the “free upgrade” to Windows 10 was a precursor to the nigh-forced upgrade.
- We touch upon some reasons why this is actually a bad idea, despite our hard-on for keeping software updated.
- Mac OS X does this but on a policy level. This is an example of the packaging changes I talk about.
- Fuzzing is fun! (8m40s)
- There are a lot of fuzzers out there. AFL is a nice one. Keyfuzz is a keyboard driver fuzzer! Wfuzz is a fuzzer for websites. ZZUF is a generic input fuzzer for applications, etc. There are a lot of fuzzers out there. For testing netkit, though, I’d definitely start with the BlackHat preso on it.
- Of course, just doing a
netcat somebox.with.telnet.open 23 < /dev/urandomis always fun- see how long it takes before the thing crashes (or the target severs the connection)!
- The beginner’s guide to fuzzing is here.
- Git is awesome (15m00s)
- Jthan’s $dayjob is switching from gitolite to GitLab.
- Git’s CVEs are CVE-2016-2324 and CVE-2016-2315.
- If you’re a heavy user of git (and/or GitHub), you may find this pretty useful.
- I mention some severe issues with using GitHub.
- Use the Git daemon if you want to share code.
- If you need to totally remove a file from your git repository, this is handy.
- The FBI vs. Apple case is still a big deal. (20m48s)
- “Bring Your Own Devices” can be an issue (29m15s)
- There are multiple cases of USB sticks used as a vector.
- I state that Tunnelblick is the “best” OpenVPN option for Mac OS X, but my boss (which I just found out listens to the show, apparently) mentioned Viscosity. It’s a bit prettier and easier to use, and was definitely worth a mention. I had totally forgotten about it! Unlike Tunnelblick, however, it’s not free/libre (9USD). They also, apparently, have a Windows port (which Tunnelblick does not- and the OpenVPN-provided GUI for Windows is atrocious). Another alternative is Shimo.
|Intro||The Curtain Rises||Kevin MacLeod||click||CC-BY 3.0||Outro||Allada||Kevin MacLeod||click||CC-BY 3.0|
Categories Season One
There are currently no comments on this article.