fwd: [PhreakNIC] GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

From: Jon Nyx 
FYI; we're cleaning this up for the website & the ap later today. Hope
to see some of y'all at PhreakNIC 18 this weekend. Thus endeth the
PN18 ads.


PS - I wish I'd known about Hamfest Chattanooga; we'd love to have
that sort of content not just at PhreakNIC, but in the Nashville area
in general.

-----Forwarded Message-----
> From: Jon Nyx 
> Sent: Oct 28, 2014 12:26 PM
> To: phreaknic@googlegroups.com
> Subject: [PhreakNIC] Re: GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

> On Tuesday, October 28, 2014 12:18:05 PM UTC-5, Zachariah Gibbens wrote:
>> Has anyone planned a GPG keysigning party for PhreakNIC 18?

Yes indeed: https://phreaknic.info/content/cryptoparty

Here's the preliminary schedule we got from Alan Fey, the Freeside Atlanta
director, last night:

I marked with the times I *MAY/CAN** be there as *[Alan]* so at other
times, you should have some volunteers help keep things going.  *I'll make
every effort to pop-in when there's not a talk I want to see so I can make
sure volunteers have everyone setup and running well.  :)

Hey, let's drop Smashthestack Q&A in that case, because it's too similar to
NetKOH...no sense in replicating.

How does this look?


??? - 2pm: *[Alan]* I'm open to whatever during this time.  I am aiming for
arriving around noon, so I can probably get CryptoParty room kicked off
until the talk I want to see.  I will get folks interested in the
Panopticlick Golf - do you have a prize I could use for this?  I am liable
to pick up something colossally stupid from a gas station on the way up as
a prize, so hopefully you have something really cool we can pitch to the

2 - 3pm: I recommend that if you have a computer hooked into projector,
that we show 30C3 talks, or just have open discussion.  If there's nothing
else going on, queue up a 30C3 talk!  :)  I'll assemble a list of URLs of
talks I think would work well for our audience.

3 - 4pm: *[Alan] *I'll go ahead and do hands-on GPG setup or keysigning,
plus playing around with VPNs, plus get volunteers familiar with the
Panopticlick Golf game.  Once I show volunteers the basics, this stuff will
be ongoing

4 - 6pm: Let's have a screening of the Internet's Own Boy, the Aaron Swartz
documentary which is freely available on the Internet Archive.

6 - 7pm: *[Alan*] Browsing security plug-in review, general browser
security, possible discussion of Tor+Firefox

7 - 8pm: Open discussion, 30C3 talks, Panopticlick Golf, GPG, VPNs

8 - 9pm: *[Alan] *Steganography 101 can probably be pulled off in this time

9 - 10pm: I'm doing my own talk, so Open discussion, 30C3 talks,
Panopticlick Golf, GPG, VPNs

10pm+: *[Alan] *I'll go ahead and have make your own OnionPi router
running, plus the usual: Open discussion, 30C3 talks, Panopticlick Golf,

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!


??? - 1pm:* [Alan] *I'll help kick things off by making sure the volunteers
are up to speed on running: Open discussion, 30C3 talks, Panopticlick Golf,
GPG, VPNs - if there's time, I'll make friends with Jitsi and discuss OTR

1 - 3pm: Another screening of the Internet's Own Boy, the Aaron Swartz
documentary?  If not, the usual Open discussion, 30C3 talks, Panopticlick
Golf, GPG, VPNs.

4 - 6pm: *[Alan] *I'll discuss Pond and Tahoe-LAFS, and perhaps we'll try
and make a Tahoe-LAFS grid if the people are willing and ready!

6 - 10pm: These talks are too awesome for me to miss!  Open discussion,
30C3 talks, Panopticlick Golf, GPG, VPNs.

10pm+: *[Alan] *Let's make an OnionPi router!  If people already have
theirs working, we'll switch focus to debugging or creating the Tahoe-LAFS
grid, and/or general discussion about operational security techniques and

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!


??? - 2pm: *[Alan] *Aside from Les' talk, I'll probably be hanging out in
the CryptoParty room, nursing a hangover.  :)  Ask me anything while we
quietly drink coffee and work on things.

2pm: Announcing Winner of Panopticlick Golf !!!

2pm+: I'll be wrapping up my stay and looking to get back to the ATL, last
bits of contact info exchange with all you fine people.

Ubiquity EdgeMax (ASG)

From: Mark Quering 
Hey all

I recently sold one of these units to a customer basically to give it a
try. Needless to say at the $100 price point I was pretty happy with the

The unit has a pretty solid build quality. The web management interface is
a little rough out of the box. A firmware update helped quite a bit. I
haven't played in the CLI yet but I hear that EdgeOS is a fork of Vayatta.

The web interface worked well for a basic SOHO NAT setup with a few inbound
firewall rules. Been very stable for the two months it's been in a
production environment. I also did not get to fully test LAN to WAN
throughput of their network processor due to time constraints.

The only odd thing I noticed with the unit I deployed was that it generated
a fair bit of heat. More than I would expect. I also did not need to
contact support so I cannot speak to that aspect of the product. I would
say for the price it's definitely worth purchasing to play with.

Due to my experience with this product and good things I've heard here and
on other forums, I am seriously considering also offering their managed PoE
switches and AP's to my SMB offerings.


On Wed, Oct 15, 2014 at 5:24 PM,  wrote:

> Send Chugalug mailing list submissions to
>         chugalug@chugalug.org
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> or, via email, send a message with subject or body 'help' to
>         chugalug-request@chugalug.org
> You can reach the person managing the list at
>         chugalug-owner@chugalug.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Chugalug digest..."
> Today's Topics:
>    1. Re: Ubiquity EdgeMax (ASG)
>    2. Re: Ubiquity EdgeMax (Dan Lyke)
>    3. Re: Storing Locations in MySQL (Ryan Bales)
>    4. Re: Storing Locations in MySQL (Ryan Bales)
>    5. Re: Storing Locations in MySQL (Dan Lyke)
>    6. Re: Ubiquity EdgeMax (Lynn Dixon)
> ----------------------------------------------------------------------
> Message: 1
> Date: Wed, 15 Oct 2014 16:39:54 -0400
> From: ASG 
> To: Chattanooga Unix Gnu Android Linux Users Group
> Subject: Re: [Chugalug] Ubiquity EdgeMax
> Message-ID:
> Content-Type: text/plain; charset="windows-1252"
> For $100 it?s worth a shot. What I would really love to find is something
> of the same size and price point that could run pfSense or m0n0wall. Anyone
> know of anything?
> Thanks,
> On Oct 15, 2014, at 4:21 PM, Dan Lyke  wrote:
> > On Wed, Oct 15, 2014 at 1:13 PM, ASG 
> wrote:
> >> Any of you folks have experience with these
> >> http://www.ubnt.com/edgemax/edgerouter-lite/. Looking at
> >> one for my home office/lab network.
> >
> > Guy a few cube openings down from me whose job involves setting up
> > router-ish stuff at our fiber deployments says great things about 'em.
> >
> > I've been super impressed with my UniFi APs.
> >
> > Dan
> > 

any info on new mac malware vector?

From: Rod-Lists 

Process accounting

From: Christopher Rimondi 
I have been taking a deeper look at process accounting in linux recently.
Does anyone use acct (Deb)/psacct (RH) on their systems?

The log file is binary and I would like to find a convenient way to put it
into something human readable and ship it off the box. I am sure I could
work something out with dumping the output of various commands to a log
file. Also syslog-ng can be compiled to support it:


Anyone solve the issue differently or have a more elegant solution?



Chris Rimondi | http://twitter.com/crimondi | securitygrit.com


From: David White 
I tried to send this email earlier in the day, but it bounced. Tweeted at
Mike and forwarded him the bounce.... hopefully this time it'll go through,
since my test message just worked.

Incidentally, that was my first attempt to email chugalug using my new
email address, so maybe something weird happened, or mail.geeklabs.com
thought I was a spammer or something. Anyway....


Hey folks. I have a new (personal) email address, and here it is.

About Shellshock. This is becoming a nightmare!

I'm now following the OSS-SEC mailing list pretty carefully (I just
subscribed to it last night), and its pretty active right now.

Here's an email I sent to one of my previous clients that I occasionally
email helpful advice to for free:

*There is a LOT of discussion going on right now among the open source
community and developers.*

*As of now, there have been at least 5 releases, and 6 security issues
reported (1 after each security release, plus the original security issue
that was reported).*

*I'm now following the specific discussion on one of the main mailing lists
the developers are using.*

*I also recommend keeping an eye out for patches, and I also recommend
continuing to run updates on your systems as the updates come out.*

*As of now, a final patch hasn't been released. This is bad because
attackers know about the vulnerability.  Take a look
at http://serverfault.com/questions/632049/shellshock-how-do-i-know-if-my-server-is-compromised-suspicious-files-to-look

*Not much we can do about it now, other than, if we were really concerned
about the security and integrity of our servers, shut them down completely
until the bug is fixed (which obviously isn't really an option).*

*I have read that SELinux would help (but not completely) in this type of

*Also, I just quickly scanned this write-up by SANS, written several days
ago. They know what they're talking about, and I trust

main website URL ishttps://isc.sans.edu/ , and it
looks like that's the latest post, although they've made a number of
updates to it, and there's several comments).*

*If you don't have any CGI Scripts, then just disable mod

Network topology/building a router

From: Dan Lyke 
Okay, that latest "Running Doom on a Canon Printer" exploit has me
thinking a little bit more about network security.

I've started running UFW on my Linux servers, which is awesome, but I
think what I'd really like is something that lets me do that on my
network generally:

* the printer doesn't get any traffic other than 631 (IPP) and maybe
80 and 443, and doesn't get to open connections except in response to
connects from those addresses.

* the webcam in the shop only gets inbound connections on port 80.

* some warning when other devices do things outside of their security
profiles. And even for the printer, it's one thing to apply those
rules, but I should be able to see what it's trying and optionally
allow it to do things like updates.

Any suggestions on where to start?


Anyone heard of this botnet expoit for linux?

From: Rod-Lists 
"Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals.

The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. 

Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet.

A post-infection indication is a payload named .IptabLes or. IptabLex located in the /boot directory. These script files run the .IptabLes binary on reboot."


Protecting password files (was: Name Cheap under attack)

From: Dan Lyke 
On Mon, 1 Sep 2014 21:41:13 -0400 (EDT)
Rod-Lists  wrote:
> http://community.namecheap.com/blog/2014/09/01/urgent-security-warning-may-affect-internet-users/

So I'm a Namecheap user, and, I'm slightly embarrassed to say, my
Namecheap password was one I've used on a few other sites (it's a
mid-tier password).

Obviously, I instantly went and changed it to something that came from
"pwgen 32".

Buuuuutttt... I have three password strategies:

1. A few I remember. Obviously this is not something I can use

2. A few machines have a "passwords.txt" file in their documents

3. I also have shared Firefox password storage.

#3 is awesome, except that  Firefox has broken this at least once, so I
always feel like that if I lose my laptop drive I could lose
everything, *and* I don't actually know how secure things are.

#2 is great if I were smart enough to put that file in git, and *then*
if I actually trusted that the machine I stored the git repos on wasn't
ever going to get compromised.

I'm unwilling to use a third party service for this because the cloud
is another name for "on someone else's computers at the whims of
someone else's security policies", ie: the most nebulous bits of #3.

So: What's the right way to put a passphrase on that passwords.txt
that'll go into a git repo? Something so that I can update it from
multiple places, diffs and merges are all handled reasonably, it's
backed up in multiple places, but I'm not exposing my on-line life on
exposed hosts?


Name Cheap under attack

From: Rod-Lists 

Netflix open sources internal threat monitoring tools

From: Rod-Lists 
I was wondering any of y'all heard of these tools or tried them?


Fwd: [PhreakNIC] CTF

From: Jon Nyx 

PS - "Keith" is this guy:

Keith Watson
Information Security Manager, College of Computing
Georgia Tech, Atlanta GA

Part of his day job is taking large botnets away from organized crime
outfits, studying them, and then disassembling them. We're very lucky
to have him helping with our con.

Dru Myers
Nashville2600 President, PhreakNIC founder and con chair, 1997-2001 & 2014

---------- Forwarded message ----------
From: Keith
Date: Tue, Aug 26, 2014 at 8:48 AM
Subject: [PhreakNIC] CTF
To: phreaknic@googlegroups.com

I've talked to GTRI (the people who put on the Hungry Hungry Hackers
CTF) and it looks like a go. I will have more info in the next week or

H3 was this last weekend, it went great (8/22 & 8/23)

We noticed at past events that people would leave the CTF after only a
few hours. We asked around and found that people want to compete but
are overwhelmed and don't know where to start.

This year we had two tracks, competition and educational. The
educational track had multiple speakers that did walk-throughs of
tools and how to solve some basic challenges. It went very well and
after the end of the educational track a bunch of them joined the

The CTF is Jeopardy style with about 60 challenges. In addition we had
ten stations setup with a FPGA hardware flags and a car hacking
station setup with CAN buss flags.

Craig Smith of TheiaLabs set up the car hacking station and was on
hand for the entire event. It was a combination CAN buss/WiFi hack.
Craid was alos handing out copies of the Car hacker's Handbook. You
can download the PDF here:


A lock picking challenge was also part of the CTF.

Once we do our post CTF debrief we'll start solidifying the PhreakNIC CTF.

Let me know of anything you would like to see in the CTF.


You received this message because you are subscribed to the Google
Groups "PhreakNIC" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to phreaknic+unsubscribe@googlegroups.com.
To post to this group, send email to phreaknic@googlegroups.com.
Visit this group at http://groups.google.com/group/phreaknic.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.

Somewhat OT: ISSA meeting coming up

From: Mark Quering 
Hey all

For those of you who are security inclined (who isn't) the third quarterly
meeting of the local chapter of ISSA is coming up.

Info: http://chattanooga.issa.org/?p=1
Register: http://conta.cc/1pNTngS


Mark Quering

simply reliable technology

building packages

From: Christopher Rimondi 
This question is probably 50% based on circumstance and 50% on personal
preference but I wanted to get opinions from people who have built OS
packages; debs, rpms, whatever.

What do you usually include in the package? Upstart scripts, user/group
creation, post install scripts? Other logic?

As a general philosophy: Less is more or more is more?



Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

Anyone want to start a ps2 connector based computer company?

From: Rod-Lists 
or maybe comtronix and serial mice?
Why the Security of USB Is Fundamentally Broken

Ed, you and I could be rich! ;)

Oh boy... We *ARE* criminals!!!

From: kitepilot@kitepilot.com
Linux Lands on NSA Watch List

Fwd: Linux Journal: Awesome Tech Magazine or Extremist Forum?

From: Jonathan Calloway 

Begin forwarded message:

> From: Linux Journal 
> Subject: Linux Journal: Awesome Tech Magazine or Extremist Forum?
> Date: July 8, 2014 at 8:00:46 AM EDT
> To: jonathancalloway@epbfi.com
> Reply-To: Linux Journal =

> Linux Journal: Awesome Tech Magazine or Extremist Forum?
> =20
> NSA: Linux Journal is an "extremist forum" and its readers get flagged =
for extra surveillance
> by Kyle Rankin
> A new story published on the German site Tagesschau and followed up by =
BoingBoing and DasErste.de has uncovered some shocking details about who =
the NSA targets for surveillance including visitors to Linux Journal =
> While it has been revealed before that the NSA captures just about all =
Internet traffic for a short time, the Tagesschau story provides new =
details about how the NSA's XKEYSCORE program decides which traffic to =
keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, =
and the article reveals that Web searches for Tor and Tails--software =
I've covered here in Linux Journal that helps to protect a user's =
anonymity and privacy on the Internet--are among the selectors that will =
flag you as "extremist" and targeted for further surveillance. If you =
just consider how many Linux Journal readers have read our Tor and Tails =
coverage in the magazine, that alone would flag quite a few innocent =
people as extremist.
> While that is troubling in itself, even more troubling to readers on =
this site is that linuxjournal.com has been flagged as a selector! =
DasErste.de has published the relevant XKEYSCORE source code, and if you =
look closely at the rule definitions, you will see =
linuxjournal.com/content/linux* listed alongside Tails and Tor. =
According to an article on DasErste.de, the NSA considers Linux Journal =
an "extremist forum". This means that merely looking for any Linux =
content on Linux Journal, not just content about anonymizing software or =
encryption, is considered suspicious and means your Internet traffic may =
be stored indefinitely.
> One of the biggest questions these new revelations raise is why. Up =
until this point, I would imagine most Linux Journal readers had =
considered the NSA revelations as troubling but figured the NSA would =
never be interested in them personally. Now we know that just visiting =
this site makes you a target. While we may never know for sure what it =
is about Linux Journal in particular, the Boing Boing article speculates =
that it might be to separate out people on the Internet who know how to =
be private from those who don't so it can capture communications from =
everyone with privacy know-how. If that's true, it seems to go much =
further to target anyone with Linux know-how.
> It's bad news to all of us who use and read about Linux on a daily =
basis, but fortunately we aren't completely helpless. Earlier in the =
year I started a series on security, privacy and anonymity in my Hack =
and / column that included articles on how to use the Tor browser bundle =
and Tails. With either piece of software in place, you can browse Linux =
Journal (and the rest of the Internet) in private.
> Read this and other privacy-related stories at LinuxJournal.com.
> A Bundle of Tor
> Tails above the Rest: the Installation
> Tails above the Rest, Part II
> Are you an extremist?
> Dolphins in the NSA Dragnet
> Are you an extremist?
> Get the T-Shirt!
> Get the T-Shirt by itself or take advantage of our special (and =
temporary) offer and get a 1-year subscription with your shirt for just =
$10 more!
>  Follow us on Twitter | Like us on Facebook
> Copyright =A9 2013 Linux Journal, All rights reserved.
> Our mailing address is:
> Linux Journal
> 2121 Sage Road, Ste 395
> Houston, TX 77056
>  If you do not wish to receive further e-mails regarding Linux Journal =
products, please visit: =
> =20


From: Christopher Rimondi 
We are hiring if you know anyone who fits this:


Ping me off list.

Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

OpenVPN on pfSense problems

From: David White 
So I sent the following email to the pfSense list a few minutes ago, but I
also thought I'd post the question here... I'm having trouble getting
OpenVPN working on pfSense (I think I'm cursed with OpenVPN - I've never
had a successful deployment of it, either stand-alone on CentOS or in

I'm not sure if the problem is on the server or on the client. I tend to
think that the problem is on the client's side.

Here's the email I sent:

I'm having trouble connecting my Windows 7 OpenVPN client to the pfSense
2.1.4 server. I have tried two different types of ciphers (BF-CBC and

This is a fresh 2.1.4 install with the server's settings generated using
the Wizard. I'm including my local config file. As you can see, I'm trying
to connect via username / password and not via SSL certificate.

*dev tun*
*cipher BF-CBC*
*auth SHA1*
*resolv-retry infinite*
*remote 1194 udp*
*lport 0*
*ca C:\nnh-vpn.crt*

It seems that the client is hitting the server, but for some reason, my
client isn't successfully connecting. Here's the last 50 entries in the
OpenVPN server's log (see end of this email).

I'm having trouble tracking down the log files on the client machine, so
perhaps this email should go to OpenVPN folks and not pfSense. But I'm
wondering if anyone on this list has any suggestions.


Jun 30 23:29:19openvpn[98461]: /sbin/ifconfig ovpns1 mtu
1500 netmask upJun 30 23:29:19openvpn[98461]:
/usr/local/sbin/ovpn-linkup ovpns1 1500 1558 initJun 30
23:29:19openvpn[99566]: UDPv4 link local (bound): [AF

Home Automation and more

From: Dave Brockman 
Hash: SHA1

Pretend you are designing your dream home (or perhaps are remodeling
and have all the walls torn down and have to run new electrical
service anyway), what would you put in?


Rack full of Linux servers/VMs goes without saying, so we're on-topic.
:)  I've already decided on multiple CAT-6A pulls through-out the
house.  I have been impressed enough with Unifi that I will be using
their wireless, controlled by a Debian VM.  I know some of you have
some awesome ideas.  Feel free to unicast if you don't want to share
on the public forum, but I would enjoy hearing those ideas.


- -- 
"Some things in life can never be fully appreciated nor understood
unless experienced firsthand. Some things in networking can never be
fully understood by someone who neither builds commercial networking
equipment nor runs an operational network." RFC 1925
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


Keren Elazari: Hackers: the Internet's immune system

From: David White 
I just watched this.

Not all hackers and security researchers break the law, but I found this
video fascinating, and it raises a lot of good points.