S1E1: "GHOSTv2: The Re-Hauntening"
|Previous Episode||Next Episode|
|S1E0: "The Return of the Ping"||S1E2: "hunter2"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2016-02-18 03:33:48||2016-02-29 05:16:00||aaron k.|
Apple vs. the FBI, IPMI/DRAC, and mostly the new glibc bug.
We also introduce fixed segments to the show with designated hosts. Let us know how you feel about the format change! (This allows us to give timestamps for each segment as well!)
- The iPhone/iOS bricks if you set the year to 1970.
- There’s news of it all over, and I’m sure there’s a patch coming if one doesn’t exist already to prevent it from happening to devices that haven’t been bricked- source is this, which mentions a patch in the next (presumably already released) iOS update. Anyways, this is presumably due to some sort of underrun and the Unix Epoch time (0 in Epoch time is January 1, 1970).
- Not only did malevolent actors hold a hospital at ransom with cryptoware/ransomware, but they paid it. We talk about it more in the notes.
- In the San Bernardino shooting case, the FBI are demanding that Apple provide them with an iPhone backdoor. Apple has responded. And the FBI has responded.
- But wait, there’s more! After we recorded, it seems our predictions are coming true – even before any sort of PoC was even delivered. Orwell must be spinning in his grave.
- The glibc vulnerability we talk about more in the notes.
I was drinking a PBR, Paden was drinking Pinnacle Vodka, and Jthan was drinking his homebrewed amber ale.
- IPMI/DRAC/etc. (3m37s)
- IPMI is an acronym for Intelligent Platform Management Interface.
- IPMI can do some pretty awesome things.
- DRAC is Dell Remote Access Controller.
- Some handy clients are ipmitool, FreeIPMI, IPMIview/IPMIcfg, and IPMIutil. There’s even a Nagios plugin (because of course there is). And hey, if you’re an LDAP nerd, there’s a Fusiondirectory plugin, too. And Jthan thought there “weren’t any Linux IPMI clients”. HAH.
- And yes, Victoria, there is indeed a Linux client for DRAC too. I recommend DRAC-KVM though, as it’s fully opensource and comes without all the bloat.
- And like I said, you can get KVM over IP/IP-KVM switches as well.
- Remember, it’s not just a toy to make you more lazy- it’s a valid uptime and maintenance tool that will save your company money.
- The Android encryption “spec” (10m42s) can be found here.
- Clickbait ahoy! (11m42s). There’s some solid tips, but we read (and talk about!) the entire article on-air so you know.
- Paden mentions these, 28m01s.
- I mention my shining glory.
- I still can’t believe the hospital paid the ransom (32m02s).
- The glibc bug is a mess. (41m20s)
- It’s very similar to GHOST (S0E1), except…
- It’s a much wider scope and not limited to several services.
- A fix has been incorporated, and is in glibc 2.23. It has been backported to most major distributions’ releases.
- It affects glibc versions 2.9-2.22.
- The following are the associated bug reports, mailing list posts, etc.:
- We neglected to mention it in the news segment, but GMail’s new padlock shit fucking sucks. It’s a terrible idea. (46m24s)
- Lastly, (51m28s) we have an article on our Cards Against Humanity deck, but we need more cards! So give us some suggestions!
We need some more topics! please get in touch and give us some suggestions!
- Now I’m wondering if at 4m27s Paden is giggling because it sounds like I’m saying “in Iraq somewhere”. I’m actually saying “in a rack somewhere”.
|Intro||Disco Medusae||Kevin MacLeod||click||CC-BY 3.0||Outro||Vadadora||Kevin MacLeod||click||CC-BY 3.0|