NTP's Fate Hinges On 'Father Time'

From: Rod-Lists 
In April, one of the open source code movement's first and biggest success stories, the Network Time Protocol, will reach a decision point. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks?

Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.

Anyone else get hit by the recent Panda update?

From: Rod-Lists 
A local business which got rid of most of its Macs just got bit by the recent Panda Security update.
Started to quarantine some important .dll's on windows machines.
Apparently it flagged itself as well.

OT: Job Posting

From: asg 
Not sure if any of this is Linux related but I saw this job add on =
LinkedIn today.


Stephen Haywood
Owner: ASG Consulting

Lenovo ships with malware

From: David White 


David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Organizations Worldwide

VPN on EPB Network

From: asg 
I=E2=80=99ve got an EdgeRouter Lite running on EPB home network. I=E2=80=99=
ve configured the router for an L2TP VPN according to Ubiquiti=E2=80=99s =
site but I can=E2=80=99t make a connection. An nmap scan against the =
router shows no response from the router on UDP ports 4500, 500, and =
1701. Does EPB block inbound access on the home network?


Stephen Haywood
Owner: ASG Consulting

GLIBC Vuln GHOST Vulnerability # CVE-2015-0235

From: Mike Harrison 



Another fun one. Hits a lot of systems and affects multiple programs. 

"During a code audit performed internally at Qualys, we discovered a
buffer overflow in the 

Firewalled at work: Network Security Question

From: Nick LaPorta 
Hey guys:

Long time lurker, first time poster. (Apologize for the length, longer than
I intended)

While I'm not a super user, as some on this list, I have built a few *nix
boxes/laptops, etc and would certainly classify myself as still a step
under intermediate, but not beginner.

Quick one (hopefully) for you all.  Recently (2 days ago) installed the
latest Debian distro on a Dell D630 - not sure what other details would be
needed here - and am having trouble connecting to the guest wireless
network here at work (Unum). Side note: I've never connected wirelessly. In
an effort to resolve the wireless broadcom driver issue, I needed access to
wget commands via web so I plugged into ethernet and after like 20 seconds,
got a notice that it was strictly forbidden since this wasn't a work asset
and my network activity was cut at that point.

The note I receive is:

"Your device, IP Address xx.xxx.xx.xx has been identified as exhibiting
unusal [sic] network activity by the Unum network security team.

This type of network activity is typically the result of having a virus,
worm, or malware on your device.

Your device is currently isolated from the network until this issue is

If this is a personal device it is your responsibility to correct the

So, are there any settings or things that I might be able to add to
circumvent these issues?  I've already submitted a ticket with the network
security team.

Also, to be clear, I don't intend on breaking any policies or rules over
this.  If it won't work, it won't work.  But, I wanted to give it a fair

Thanks All and love this community!

White House nudges Congress to revisit controversial 'CISPA-style' laws after Sony attack

From: Rod-Lists 
And with a center right Democrat in the WH and both House and Senate in republican hands this might pass.

President Obama has sent the strongest signal yet for the upcoming Congress to take up new controversial cybersecurity information sharing legislation next year.

IT security pros have pointed out holes with the North Korean Narrative.

The Sony Hack: The Problem Was The Users

From: Rod-Lists 

From an article at cio.com
In November 2005, Jason Spaltro, executive director of information security at Sony Pictures Entertainment, sat down in a conference room with an auditor who had just completed a review of his security practices.

The auditor told Spaltro that Sony had several security weaknesses, including insufficiently strong access controls, which is a key Sarbanes-Oxley requirement.

Furthermore, the auditor told Spaltro, the passwords Sony employees were using did not meet best practice standards that called for combinations of random letters, numbers and symbols. Sony employees were using proper nouns. (Sox does not dictate how secure passwords need to be, but it does insist that public companies protect and monitor access to networks, which many auditors and consultants interpret as requiring complex password-naming conventions.)

Summing up, the auditor told Spaltro, “If you were a bank, you’d be out of business.”

Frustrated, Spaltro responded, “If a bank was a Hollywood studio, it would be out of business.”

Spaltro argued that if his people had to remember those nonintuitive passwords, they’d most likely write them down on sticky notes and post them on their monitors. And how secure would that be?

After some debate, the auditor agreed not to note “weak passwords” as a Sox failure.


[OT] Job Posting

From: Benjamin Stewart 
Astec Industries, the company I work for, is searching for candidates for
an IT Help Desk position here in Chattanooga. It's mostly a Windows shop,
but we do use Linux occasionally where we can. Our IT department is a small
team, so there's lots of room to learn new skills, and every day is

Send resumes to helpdeskapplicants@astecindustries.com

HR speak follows:

Don't believe the hype: Sony hack not 'unprecedented, ' experts say

From: Rod-Lists 
Posted for the security guys on the list

Great quote some of you may have seen on Twitter

From: Christopher Rimondi 
"Best kind of engineers to work with: 40yo parents who actually know how
computers work. worst kind: 22yo kids who love javascript frameworks"

Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

Photo Doctor

From: Mike Harrison 

> On Dec 8, 2014, at 11:52 AM, stephen@averagesecurityguy.info wrote:
> I have an old picture that is approximately 12x24 that needs to be scanned, retouched, and framed. The picture has been rolled up for years so it is hard to get it to lay flat and it has a number of creases in it. Any recommendations for someone local that does this kind of work? Feel free to reply off list.

Tracy at the Photo Doctor on Bailey Avenue. 

This is what he does, he does a lot of it. 

He’s done some very nice work for Nancy and myself. He’s good at it. He’s not cheap. 

But two blow-ups that I have that he did from small old photo’s look like museum grade mural. 

he’s also done work for my Dad (genealogy) and other friends.

"Tracy Knauss can be reached at the Photo Doctor at 629-5378.”


fwd: [PhreakNIC] GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

From: Jon Nyx 
FYI; we're cleaning this up for the website & the ap later today. Hope
to see some of y'all at PhreakNIC 18 this weekend. Thus endeth the
PN18 ads.


PS - I wish I'd known about Hamfest Chattanooga; we'd love to have
that sort of content not just at PhreakNIC, but in the Nashville area
in general.

-----Forwarded Message-----
> From: Jon Nyx 
> Sent: Oct 28, 2014 12:26 PM
> To: phreaknic@googlegroups.com
> Subject: [PhreakNIC] Re: GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

> On Tuesday, October 28, 2014 12:18:05 PM UTC-5, Zachariah Gibbens wrote:
>> Has anyone planned a GPG keysigning party for PhreakNIC 18?

Yes indeed: https://phreaknic.info/content/cryptoparty

Here's the preliminary schedule we got from Alan Fey, the Freeside Atlanta
director, last night:

I marked with the times I *MAY/CAN** be there as *[Alan]* so at other
times, you should have some volunteers help keep things going.  *I'll make
every effort to pop-in when there's not a talk I want to see so I can make
sure volunteers have everyone setup and running well.  :)

Hey, let's drop Smashthestack Q&A in that case, because it's too similar to
NetKOH...no sense in replicating.

How does this look?


??? - 2pm: *[Alan]* I'm open to whatever during this time.  I am aiming for
arriving around noon, so I can probably get CryptoParty room kicked off
until the talk I want to see.  I will get folks interested in the
Panopticlick Golf - do you have a prize I could use for this?  I am liable
to pick up something colossally stupid from a gas station on the way up as
a prize, so hopefully you have something really cool we can pitch to the

2 - 3pm: I recommend that if you have a computer hooked into projector,
that we show 30C3 talks, or just have open discussion.  If there's nothing
else going on, queue up a 30C3 talk!  :)  I'll assemble a list of URLs of
talks I think would work well for our audience.

3 - 4pm: *[Alan] *I'll go ahead and do hands-on GPG setup or keysigning,
plus playing around with VPNs, plus get volunteers familiar with the
Panopticlick Golf game.  Once I show volunteers the basics, this stuff will
be ongoing

4 - 6pm: Let's have a screening of the Internet's Own Boy, the Aaron Swartz
documentary which is freely available on the Internet Archive.

6 - 7pm: *[Alan*] Browsing security plug-in review, general browser
security, possible discussion of Tor+Firefox

7 - 8pm: Open discussion, 30C3 talks, Panopticlick Golf, GPG, VPNs

8 - 9pm: *[Alan] *Steganography 101 can probably be pulled off in this time

9 - 10pm: I'm doing my own talk, so Open discussion, 30C3 talks,
Panopticlick Golf, GPG, VPNs

10pm+: *[Alan] *I'll go ahead and have make your own OnionPi router
running, plus the usual: Open discussion, 30C3 talks, Panopticlick Golf,

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!


??? - 1pm:* [Alan] *I'll help kick things off by making sure the volunteers
are up to speed on running: Open discussion, 30C3 talks, Panopticlick Golf,
GPG, VPNs - if there's time, I'll make friends with Jitsi and discuss OTR

1 - 3pm: Another screening of the Internet's Own Boy, the Aaron Swartz
documentary?  If not, the usual Open discussion, 30C3 talks, Panopticlick
Golf, GPG, VPNs.

4 - 6pm: *[Alan] *I'll discuss Pond and Tahoe-LAFS, and perhaps we'll try
and make a Tahoe-LAFS grid if the people are willing and ready!

6 - 10pm: These talks are too awesome for me to miss!  Open discussion,
30C3 talks, Panopticlick Golf, GPG, VPNs.

10pm+: *[Alan] *Let's make an OnionPi router!  If people already have
theirs working, we'll switch focus to debugging or creating the Tahoe-LAFS
grid, and/or general discussion about operational security techniques and

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!


??? - 2pm: *[Alan] *Aside from Les' talk, I'll probably be hanging out in
the CryptoParty room, nursing a hangover.  :)  Ask me anything while we
quietly drink coffee and work on things.

2pm: Announcing Winner of Panopticlick Golf !!!

2pm+: I'll be wrapping up my stay and looking to get back to the ATL, last
bits of contact info exchange with all you fine people.

Ubiquity EdgeMax (ASG)

From: Mark Quering 
Hey all

I recently sold one of these units to a customer basically to give it a
try. Needless to say at the $100 price point I was pretty happy with the

The unit has a pretty solid build quality. The web management interface is
a little rough out of the box. A firmware update helped quite a bit. I
haven't played in the CLI yet but I hear that EdgeOS is a fork of Vayatta.

The web interface worked well for a basic SOHO NAT setup with a few inbound
firewall rules. Been very stable for the two months it's been in a
production environment. I also did not get to fully test LAN to WAN
throughput of their network processor due to time constraints.

The only odd thing I noticed with the unit I deployed was that it generated
a fair bit of heat. More than I would expect. I also did not need to
contact support so I cannot speak to that aspect of the product. I would
say for the price it's definitely worth purchasing to play with.

Due to my experience with this product and good things I've heard here and
on other forums, I am seriously considering also offering their managed PoE
switches and AP's to my SMB offerings.


On Wed, Oct 15, 2014 at 5:24 PM,  wrote:

> Send Chugalug mailing list submissions to
>         chugalug@chugalug.org
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> or, via email, send a message with subject or body 'help' to
>         chugalug-request@chugalug.org
> You can reach the person managing the list at
>         chugalug-owner@chugalug.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Chugalug digest..."
> Today's Topics:
>    1. Re: Ubiquity EdgeMax (ASG)
>    2. Re: Ubiquity EdgeMax (Dan Lyke)
>    3. Re: Storing Locations in MySQL (Ryan Bales)
>    4. Re: Storing Locations in MySQL (Ryan Bales)
>    5. Re: Storing Locations in MySQL (Dan Lyke)
>    6. Re: Ubiquity EdgeMax (Lynn Dixon)
> ----------------------------------------------------------------------
> Message: 1
> Date: Wed, 15 Oct 2014 16:39:54 -0400
> From: ASG 
> To: Chattanooga Unix Gnu Android Linux Users Group
> Subject: Re: [Chugalug] Ubiquity EdgeMax
> Message-ID:
> Content-Type: text/plain; charset="windows-1252"
> For $100 it?s worth a shot. What I would really love to find is something
> of the same size and price point that could run pfSense or m0n0wall. Anyone
> know of anything?
> Thanks,
> On Oct 15, 2014, at 4:21 PM, Dan Lyke  wrote:
> > On Wed, Oct 15, 2014 at 1:13 PM, ASG 
> wrote:
> >> Any of you folks have experience with these
> >> http://www.ubnt.com/edgemax/edgerouter-lite/. Looking at
> >> one for my home office/lab network.
> >
> > Guy a few cube openings down from me whose job involves setting up
> > router-ish stuff at our fiber deployments says great things about 'em.
> >
> > I've been super impressed with my UniFi APs.
> >
> > Dan
> > 

any info on new mac malware vector?

From: Rod-Lists 

Process accounting

From: Christopher Rimondi 
I have been taking a deeper look at process accounting in linux recently.
Does anyone use acct (Deb)/psacct (RH) on their systems?

The log file is binary and I would like to find a convenient way to put it
into something human readable and ship it off the box. I am sure I could
work something out with dumping the output of various commands to a log
file. Also syslog-ng can be compiled to support it:


Anyone solve the issue differently or have a more elegant solution?



Chris Rimondi | http://twitter.com/crimondi | securitygrit.com


From: David White 
I tried to send this email earlier in the day, but it bounced. Tweeted at
Mike and forwarded him the bounce.... hopefully this time it'll go through,
since my test message just worked.

Incidentally, that was my first attempt to email chugalug using my new
email address, so maybe something weird happened, or mail.geeklabs.com
thought I was a spammer or something. Anyway....


Hey folks. I have a new (personal) email address, and here it is.

About Shellshock. This is becoming a nightmare!

I'm now following the OSS-SEC mailing list pretty carefully (I just
subscribed to it last night), and its pretty active right now.

Here's an email I sent to one of my previous clients that I occasionally
email helpful advice to for free:

*There is a LOT of discussion going on right now among the open source
community and developers.*

*As of now, there have been at least 5 releases, and 6 security issues
reported (1 after each security release, plus the original security issue
that was reported).*

*I'm now following the specific discussion on one of the main mailing lists
the developers are using.*

*I also recommend keeping an eye out for patches, and I also recommend
continuing to run updates on your systems as the updates come out.*

*As of now, a final patch hasn't been released. This is bad because
attackers know about the vulnerability.  Take a look
at http://serverfault.com/questions/632049/shellshock-how-do-i-know-if-my-server-is-compromised-suspicious-files-to-look

*Not much we can do about it now, other than, if we were really concerned
about the security and integrity of our servers, shut them down completely
until the bug is fixed (which obviously isn't really an option).*

*I have read that SELinux would help (but not completely) in this type of

*Also, I just quickly scanned this write-up by SANS, written several days
ago. They know what they're talking about, and I trust

main website URL ishttps://isc.sans.edu/ , and it
looks like that's the latest post, although they've made a number of
updates to it, and there's several comments).*

*If you don't have any CGI Scripts, then just disable mod

Network topology/building a router

From: Dan Lyke 
Okay, that latest "Running Doom on a Canon Printer" exploit has me
thinking a little bit more about network security.

I've started running UFW on my Linux servers, which is awesome, but I
think what I'd really like is something that lets me do that on my
network generally:

* the printer doesn't get any traffic other than 631 (IPP) and maybe
80 and 443, and doesn't get to open connections except in response to
connects from those addresses.

* the webcam in the shop only gets inbound connections on port 80.

* some warning when other devices do things outside of their security
profiles. And even for the printer, it's one thing to apply those
rules, but I should be able to see what it's trying and optionally
allow it to do things like updates.

Any suggestions on where to start?