Chattanooga
Unix
Gnu
Android
Linux
Users
Group

 

Hot Topics:

Sponsoring:

Anyone at BSides Knoxville?

From: Bret McHone 
------------------------------------------------------
The subject says it all. Is anyone here at the BSides Knoxville cyber
security conference?

Thanks,
Bret

Chattanooga cybersecurity job opportunities

From: Know Juan 
------------------------------------------------------
My company is currently recruiting for a few full time cybersecurity
positions that are open in my group.

Competitive compensation and pretty solid benefits.

If you're interested, or know anyone who might be - please contact me off
list for full details.

Docker Question

From: "Kite, Mike" 
------------------------------------------------------

Friends,
  I have a close friend who's recently widowed and her hubby was a web developer.  He was hosting several websites, we think using Docker.  After his death, a couple of power-failure events knocked all of them offline.  I have to think they were being manually started.  And I think they're hibernating on his iMac.  He was too good at security, so getting this much info took me too much hacking, which is not my forte, nor are web-apps, I'm a sysadmin.

So, anybody got advice as to how to find these docker-ized web apps?  Start them?  Move them to another host?


Thanks all!

OT: Security Analyst Job in Nashville

From: Stephen Haywood 
------------------------------------------------------
I've got a friend looking for a Security Analyst in Nashville, details are
here:
https://www.premisehealthjobs.com/job/franklin/security-analyst-1/1388/1834=
168

Requirements

   - 4+ year=E2=80=99s work experience
   - 1+ years as Security Analyst
   - Experience in Linux administration
   - Basic understanding of TCP/IP networking, such as: IP addressing,
   subnet masks, basic IP routing, TCP/UDP
   - Strong understanding of security operations concepts: perimeter
   defense, BYOD management, data loss protection, insider threat, kill cha=
in
   analysis, risk assessment, and security metrics
   - Strong understanding of IT operations: help desk, end-point
   management, and server management
   - Ability to analyze data and communicate findings to users, technical
   staff and upper management.
   - Attention to detail
   - Good written and verbal communication skills
   - Ability to effectively network, participate in interdepartmental
   teams, and develop key working relationships

Preferred Qualifications:

   - BS degree in Engineering, Computer Science, Information Security, or
   Information Systems preferred
   - Professional certifications such as Security+, Network+, CCNA, CEH,
   GCIH, GCIA, CCNA, or CISSP
   - Experience with 1 or more programming or scripting language such as
   Python, Bash, VBScript
   - Strong understanding of basic visualization techniques
   - Advanced Expertise in at least one of the following: o Splunk,
   Arcsight or other SIEM and logging technologies o Incident Response o
   Malware Reversing o Network Forensics
   - Hands-on advanced level experience with both closed and open source
   SOC technologies to include: o Log management, analytics, and correlatio=
n
   platforms o SIEM solutions o Forensics toolsets o Pen-Test Frameworks &
   Toolsets o Vulnerability Management Solutions (Nessus, Qualys, Nexpose,
   etc.) o Endpoint Security Toolsets o UTM products
   - Experience in an incident detection and response oriented security
   monitoring environment
   - Knowledge of installing, configuring, and maintaining network and
   security monitoring solutions
   - Experience with Windows PowerShell and Perl scripting
   -

--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co

OT: Secure Application Development

From: asg 
------------------------------------------------------
All,

  The company I work for offers secure application development training =
classes. The class can be be run as a 2-day on-site class or as a =
web-based class. The theory of the class is language agnostic but the =
examples are all in .NET or Java. I know a number of you are developers =
and you or your company may be interested in doing a class like this. =
You can get more details here: =
https://www.appsecconsulting.com/training/secure-web-application-developme=
nt/

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Rural Technology Fund

From: asg 
------------------------------------------------------
All,

  A guy I know in the infosec community, Chris Sanders, started a =
non-profit to put technology into rural schools. In particular, they =
give raspberry pi kits to teachers in rural classrooms. If any of you =
are upgrading your RPis from 2 to 3 and would like to donate your RPi 2 =
please get in touch with them.

http://ruraltechfund.org/raspberrypi/#
http://ruraltechfund.org/contact-us/

You can follow @RuralTechFund on Twitter if you do that sort of thing.

Phil Shapiro, this could make a good story for you and help them spread =
the word about what they are doing.

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info



StartCom Feedback From Eddy Nigg

From: Mike Harrison 
------------------------------------------------------

Chugalug, 

It may not address all of your/our concerns, but StartCom and Eddy Nigg (and probably actually was Eddy, we’ve chatted before..) directly answered my request about the FUD website (Kimchi) and auth server in China. It’s a better answer than you’ll get from anyone else in that position. 


------------------------------------------------------------------------------------------

Dear Mr. Harrison,

Thanks a lot for your comments that truly come from your love to StartCom.

But don’t panic, like every big company (IBM, Cisco, Oracle, Microsoft etc.) that has set up branch offices and R&D centers in China, StartCom is the No. 6 biggest CA in the world and today has also setup branch office and R&D center in China, our Chinese R&D team chose Qihoo 360 to provide secure hosting service since this company is the No.1 Antivirus and web security provider in China and in the world that public listed in NYSE.

We are always trying to improve and try support continued growth which isn't always easy to sustain. With that we hope to provide you and all our customers a useful service.

-- 
Regards 
 
Signer: 	Eddy Nigg, COO/CTO StartCom Ltd.

Sudo Auditing

From: asg 
------------------------------------------------------
Any of you guys know of a tool that can audit a sudoers file for stupid =
mistakes? Things like a user or group having ALL:ALL permissions or no =
password. Or groups like www-data having sudo permissions?

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Separate Network for iSCSI Traffic

From: Stephen Haywood 
------------------------------------------------------
Since I'm actually participating in the Chugalug discussion today, I
thought I'd throw this out there. I'm doing a pentest right now and the
client has an iSCSI server with no auth on the internal user network. My
test box is also on the internal user network. I was able to mount the
iSCSI LUN on my Linux box.

After accessing the LUN I realized it was holding VMware VMs for their ESXi
server. I was able to download the Domain Controller VM to my box mount the
vmdk files and pull out the ntds.dit and SYSTEM files. From there I was
able to extract the Domain hashes.

Moral of the story: iSCSI should be on a PHYSICALLY separate network for
security and performance reasons. If you have no choice but to have your
iSCSI on the same network, then use authentication.

--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co

ICS Security Summit 2016

From: Know Juan 
------------------------------------------------------
Any of you guys(/gals?) planning on going to this?

https://www.sans.org/event/ics-security-summit-2016

Linode Password Reset

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://blog.linode.com/2016/01/05/security-notification-and-linode-mana
ger-password-reset/

I know a couple of you on list have Linodes, I haven't received my email
notification as of yet, but this came across my screen...

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWjBQQAAoJEMP+wtEOVbcd9M0IAK43kUzqOvt7fzio5d+lggo2
us1MjazY8xvEEs3O4l8Xf0YE8bbgnJzhkwavyyNkD84oboNflJPTYIe2ktTIhCaK
ud5cmrYZnRS8xKxPpxmcoULNuvBms9rYyVu9WwLKw0ykdv+xDCpJ6hZKfgJtVbGY
3YlOvPzJ5QVmELPa/DgXpRsCE8Z5YuqAyUxPxW1GiV3YytyM0oCe2nfXzmq0skcR
L2PL5ZhDOBI1w5Y2TRjAQpyUGTcxBm3spBS8ZqnvbjPWcI/JpKrSSt+nAKAq1siv
ZI8ErydOvIMPQ7GEiU/IoO55+eXjT4jSRlA+kpC/n6oHk2ET7JswoEZ2lPMsBrc=
=1rAr
-----END PGP SIGNATURE-----

Upstart Help

From: asg 
------------------------------------------------------
I=E2=80=99m working through this tutorial, =
https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applic=
ations-with-uwsgi-and-nginx-on-ubuntu-14-04,  and I=E2=80=99m stuck on =
the Create an Upstart Script section. I=E2=80=99ve written the script =
but when I try to sudo start zkm, I get a generic Job Failed to Start =
message. I=E2=80=99ve looked in /var/log/upstart but there is not a log =
file for my service. I=E2=80=99ve added console output to the .conf file =
but it still only displays the generic message. I=E2=80=99ve also =
checked the .conf file syntax with init-checkconf and the syntax is ok. =
Are there any other log files to check or any other methods to find out =
what is causing the service to fail to start?

Here is the .conf file I=E2=80=99m working with.

description "uWSGI server instance configured to serve zkm."
console output

start on runlevel [2345]
stop on runlevel [!2345]

setuid www-data
setgid www-data

env PATH=3D/var/www/zkm
chdir /var/www/zkm
exec uwsgi --ini zkm.ini

Thanks,

--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Mozilla foundation thinking kicking thunderbird to the curb.

From: Rod-Lists 
------------------------------------------------------

I like this post on slash about. Some think Mozilla trying to kill XUL in favor of HTML5 tech.
Others seem to think that Microsoft and Google funding them that those two mail providers may have something to do with it.


http://news.slashdot.org/comments.pl?sid=8417651&cid=51036971
Mozilla, I have actually donated to you in the past, but I have to admit my faith and continued donations are really starting to waiver lately.

Don't get me wrong; its not because of the Australis and UI changes that many people complain about. I actually enjoy those changes, the cross-platform consistency it brought. That's not the issue.

The issue to me is that I feel like you're slowly abandoning your principles:

Incorporation of 3rd party proprietary services such as Pocket and Hello (the calling through Telefonica) seem to give up on principles of open source and control of data
Including ads in my new tab window is annoying, and possibly a privacy/security risk depending on where those ads are sourced from (they're not hosted on mozilla servers I'd guess; so do you trust the servers you're pulling from?).
Support of the DRM plugins/codecs for video. I know the argument was that you didn't really want to do it but were forced to, but how about principles? What can we do as a movement to try to push for open codecs again? I haven't received email updates on what you're doing to support that.
Now, giving up on Thunderbird, which is not just well known and liked, but I think its key selling point is ENCRYPTED PRIVATE email. By necessity, you can't do crypto (encrypted and signed emails) unless its in a mail client. If you want to send a webclient your private key, you're missing the point.
If you need money, tell us how it is. Lay out your plan for the next 3 years (a very specific vision!), estimate a figure of money, and maybe we can crowdsource it to happen. I think people are less likely to donate if they can't get clarity into what the money is used for (I know I'm that way).

I think that plan/vision needs to say more specifics like: we're campaigning against all kinds of ads, especially ones that track you and hurt your privacy; we're abandoning 3rd party proprietary things built in to our browser; we're re-focusing on our needs on your security and privacy. We're going to have the most secure browser on the planet, implementing the following list of protocols and standards, we're researching some new protocols and standards and working with the community on them. We're going 64 bit on Windows to take full advantage of performance and security extensions in modern OSes. We're going to make crypto more easy and transparent, both TLS in the browser, but especially we're going to refocus our efforts on Thunderbird and making your email safe with built in idiot-proof PGP encryption and signing. We're also going to work with web vendors to start implementing their own encryption, meaning when you get a notice from your bank, we expect it to be signed by your bank's encryption key and it all happens automagically to keep you safe.

If I don't start seeing more concrete things like this working for the betterment of the internet and my security and privacy on the internet, then my donation dollars will start looking for other projects. I want to know you're working for me, and not using me only to generate money.

Headless VM Server

From: asg 
------------------------------------------------------
I=E2=80=99m building a new VM server and want to try to use Ubuntu and =
KVM. Can anyone recommend a good web-based KVM manager?

Thanks,

--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




EPB Gigabit

From: asg 
------------------------------------------------------
Yesterday, I upgraded my EPB account to 1Gbps instead of 100Mbps. EPB =
made the changes on their end and said they wouldn=E2=80=99t take effect =
until midnight. This morning I=E2=80=99m still running at 100Mbps. The =
tech person at EPB says the equipment is provisioned properly but that =
it is auto negotiating a 100M link with my router. I have a Ubiquiti =
EdgeRouter Lite so I know it is capable of 1Gbps. I plugged my laptop =
directly into the EPB jack in my house and the laptop negotiated a 100M =
connection as well. When I plug my laptop into my gigabit switch, it =
negotiates a 1Gbps connection. Any other things I should try before =
calling EPB back?

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info




Ubiquiti Networks and their gear

From: "Alex Smith (K4RNT)" 
------------------------------------------------------
Hello guys,

I'm doing some consulting for a friend who is moving into a trailer on
their parents property, and I would like to suggest a wi-fi bridge using
Ubiquiti products.

Any suggestions on what I should look at from their product line for a
point-to-point bridge? No special security is required, I'm just looking at
the hardware and CPE.

So far I'm looking at the Rocket M, the NanoBeam M and the LiteBeam M5.

I haven't asked the distance from the house the trailer will be, but I'm
assuming it's less than 500 meters, too long for an Ethernet trunk and a
fiber link will probably be out of the question, since that would involve
digging a conduit.

Thanks in advance for the advice.

" 'With the first link, the chain is forged. The first speech censured, the
first thought forbidden, the first freedom denied, chains us all
irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and
warning... The first time any man's freedom is trodden on, we=E2=80=99re al=
l
damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG
episode "The Drumhead"
- Alex Smith
- Kent, Washington (metropolitan Seattle area)

Chattanooga ISSA After Hours Event

From: Christopher Rimondi 
------------------------------------------------------
All,

Our Chattanooga ISSA chapter will be having an after hours event on Tuesday
October 20th. For all those interested in attending here is link:

http://chattanooga.issa.org/?p=312

Thanks,

Chris

-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

Let's Encrypt

From: Michael Scholten 
------------------------------------------------------
Anyone see look at this yet? https://letsencrypt.org/ A free and open CA.

Just heard about them on Steve Gibson's Security Now podcast...

Nexus Device

From: asg 
------------------------------------------------------
All,

  I am taking an Android exploit development class next week and I am =
trying to get my hands on a  cheap Nexus device. Anyone got one they are =
willing to let go for cheap or willing to let me borrow and abuse for a =
week or two?

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info



iPhone 5s For Sale

From: asg 
------------------------------------------------------
All,

  I have a 16GB, Space Gray, iPhone 5s with a cracked screen for sale. =
If any of you are interested, let me know.

Thanks,
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
stephen@averagesecurityguy.info