S3E12: "Let Me AIX You A Question, Forge"

Posted 2018-08-13 03:59
Modified 2018-08-12 23:06
Comments 0

Forge joins us as a stand-in for Jthan to talk/rant/rave (and provide some valid criticism and honest & informative answers to questions we have) about IBM’s AIX platform.

• News
• Notes
• Sysbadministration Award
• Errata
• Music

News

• Bitfi has released a pseudo-cryptowallet it claims is “unhackable”…
  • (alternate source)
  • And we all know what happens when you say that (I’d link to a specific thread, but just search his timeline — there are too many).
  • (Cybergibbons already gained root access on the device.)
• A Steam vulnerability (now fixed) in their new chat system (which has voice chat rolled in) allowed others to listen through your mic without your knowledge/permission.
• Criminals breach a bank twice within 8 months and steal 2.4 million USD.
• Yet ANOTHER RCE vuln in Intel’s AMT.
• The TLS eSNI draft proposal has been released.
• It is possible to geographically track a cellphone without using GPS or triangulation!
• A man is put in jail for contempt charges because he did not unlock his cellphone.
• Various military docs were leaked from an FTP server using… default creds.
  • (Alternate source)
• In case you didn’t hear yet, Reddit was compromised
  • (Reddit’s announcement)

Notes

Starts at 1m39s.

I was drinking water and Jefferson’s Reserve Bourbon. Paden was drinking nothing. Jthan Forge was drinking water.

• AIX is the fanboyism justified? Does it deserve the hype?
  • It has K(orn)SH as the shell.
  • It is hella expensive — you pay for the hardware, the software’s just bundled on it (and is written and tailored specifically to that hardware).
  • Forge mentions SMIT (pronounced ‘smitty’).
  • We mention nmon more than once, and the associated Linux port.
    • The macro-ridden Excel spreadsheet nmon report analyzer/parser is here.
    • There are others, of course, that are available.
  • For more handy AIX commands, you may want to reference this handy article that Forge tossed our way.
  • As much as Forge and Paden dislike the experience of running AIX, the features it provides for hot rollover with disks, the LVM layouts, etc. are much more cleaner and comfortable.
  • I was trying to reference this ship.
  • Forge and I take a brief detour to talk about HP-UX.
  • We compare IBM AIX to their PowerKVM line.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (1h12m08s)

An admin was compromised because his iLO login was exposed to the WAN unfirewalled. (iLO is HP’s equivalent of IMPI, DRAC, etc.)

Errata

• I was surprised to learn that AIX even has python 3.7.0 (as of the time of release of this episode)! Granted, through a third-party (to my knowledge), but it IS available.

Music

Author r00t^2
Categories Season Three