In this episode, we talk about Certifigate (an Android vulnerability), another Lenovo oopsies, more Windows 10 privacy issues, the UNIX Rosetta Stone (by request of MOQ in our IRC channel, key management (by request of ‘‘chthnous’‘ in our IRC channel), making everyday crypto easier, and data recovery.
I mention Tripwire (which has since gone commercial), AIDE, and the bootloader-integrity-checker I mention that I couldn’t remember the name of is afick. Alternatively, if you’re using a Secure Boot-compatible UEFI machine, you can use that. Yes, even on GNU/Linux.
A common “Evil Maid Attack” tool is the USB Rubber Ducky. More information is here. Mostly used by skids and amateur pentesters, but it is at least rather extensible.
And yes, there are ways to protect yourself from NSA’s SSH attacks, see here.
I totally was able to edit out the weird sound on Jthan’s track. Boo-yah!
Windows 10’s privacy-infringing stuff is now backported into Windows 7 and 8. We weren’t aware of this at the time of recording.
ssh-keyscan is awesome. Usage is simple: ssh-keyscan <Host/IP address of server> >> ~/.ssh/known_hosts
I don’t mention it, but also handy is ssh-copy-id. It allows you to set up pubkey authentication for a user on a remote server in one step. Usage: ssh-copy-id <Host/IP address of server>. You’ll be prompted for your password, and subsequent connections will not use password auth.
I said “sfldd”. I meant “dcfldd”.
We forgot to talk about terminal servers and password cracking in S0E15 (should be released 09.27.2015), sorry! I’ve pushed them back into the topic list.