In GOP Debate Cybersecurity the new National Security

From: Rod-Lists 
I'm only moderately monitoring politics at the moment. I'm by my standards, strangely politically disengaged at the moment.
But I saw this short blurb on Cybersecurity @ the GOP debates.

Debian MySQL Preseed question

From: asg 
I=E2=80=99m working with a script that installs MySQL on Debian with =
preseeded responses to the questions. One of the preseeded responses is:

mysql-server-5.5 mysql-server-5.5/really

OT: Graphics Design Jobs

From: asg 
I=E2=80=99ve got a friend who is going to school for graphics design =
work. He=E2=80=99s still got a couple of years of school left and is =
looking for full-time work while he finishes school. He=E2=80=99s =
willing to do anything but I=E2=80=99d like to help him find something =
design related. Internet searches are proving fruitless. Any of you =
folks know of companies in town that may be looking for someone trying =
to break into the graphics design business?

Stephen Haywood
Owner: ASG Consulting

Too Quiet

From: asg 
Haven=E2=80=99t seen much come across the list the last couple of days. =
I guess everyone is up to no good?

Stephen Haywood
Owner: ASG Consulting

Evidence links China to Github attack

From: Rod-Lists 

Four separate security researchers have said that international web traffic to sites that use analytics tools provided by search firm Baidu was being hijacked in China.
According to analysis published by Erik Hjelmvik of the firm Netresec, when browsers requested script from the Chinese firm's servers, as they normally would, malicious code was inserted into the reply.
"The upshot is that people from around the world... had their traffic redirected to swamp GitHub," Prof Alan Woodward of the University of Surrey told the BBC after verifying the research.

NTP's Fate Hinges On 'Father Time'

From: Rod-Lists 
In April, one of the open source code movement's first and biggest success stories, the Network Time Protocol, will reach a decision point. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks?

Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.

Anyone else get hit by the recent Panda update?

From: Rod-Lists 
A local business which got rid of most of its Macs just got bit by the recent Panda Security update.
Started to quarantine some important .dll's on windows machines.
Apparently it flagged itself as well.

OT: Job Posting

From: asg 
Not sure if any of this is Linux related but I saw this job add on =
LinkedIn today.


Stephen Haywood
Owner: ASG Consulting

Lenovo ships with malware

From: David White 

David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Organizations Worldwide

VPN on EPB Network

From: asg 
I=E2=80=99ve got an EdgeRouter Lite running on EPB home network. I=E2=80=99=
ve configured the router for an L2TP VPN according to Ubiquiti=E2=80=99s =
site but I can=E2=80=99t make a connection. An nmap scan against the =
router shows no response from the router on UDP ports 4500, 500, and =
1701. Does EPB block inbound access on the home network?


Stephen Haywood
Owner: ASG Consulting

GLIBC Vuln GHOST Vulnerability # CVE-2015-0235

From: Mike Harrison 

Another fun one. Hits a lot of systems and affects multiple programs. 

"During a code audit performed internally at Qualys, we discovered a
buffer overflow in the 

Firewalled at work: Network Security Question

From: Nick LaPorta 
Hey guys:

Long time lurker, first time poster. (Apologize for the length, longer than
I intended)

While I'm not a super user, as some on this list, I have built a few *nix
boxes/laptops, etc and would certainly classify myself as still a step
under intermediate, but not beginner.

Quick one (hopefully) for you all.  Recently (2 days ago) installed the
latest Debian distro on a Dell D630 - not sure what other details would be
needed here - and am having trouble connecting to the guest wireless
network here at work (Unum). Side note: I've never connected wirelessly. In
an effort to resolve the wireless broadcom driver issue, I needed access to
wget commands via web so I plugged into ethernet and after like 20 seconds,
got a notice that it was strictly forbidden since this wasn't a work asset
and my network activity was cut at that point.

The note I receive is:

"Your device, IP Address has been identified as exhibiting
unusal [sic] network activity by the Unum network security team.

This type of network activity is typically the result of having a virus,
worm, or malware on your device.

Your device is currently isolated from the network until this issue is

If this is a personal device it is your responsibility to correct the

So, are there any settings or things that I might be able to add to
circumvent these issues?  I've already submitted a ticket with the network
security team.

Also, to be clear, I don't intend on breaking any policies or rules over
this.  If it won't work, it won't work.  But, I wanted to give it a fair

Thanks All and love this community!

White House nudges Congress to revisit controversial 'CISPA-style' laws after Sony attack

From: Rod-Lists 
And with a center right Democrat in the WH and both House and Senate in republican hands this might pass.

President Obama has sent the strongest signal yet for the upcoming Congress to take up new controversial cybersecurity information sharing legislation next year.

IT security pros have pointed out holes with the North Korean Narrative.

The Sony Hack: The Problem Was The Users

From: Rod-Lists 

From an article at
In November 2005, Jason Spaltro, executive director of information security at Sony Pictures Entertainment, sat down in a conference room with an auditor who had just completed a review of his security practices.

The auditor told Spaltro that Sony had several security weaknesses, including insufficiently strong access controls, which is a key Sarbanes-Oxley requirement.

Furthermore, the auditor told Spaltro, the passwords Sony employees were using did not meet best practice standards that called for combinations of random letters, numbers and symbols. Sony employees were using proper nouns. (Sox does not dictate how secure passwords need to be, but it does insist that public companies protect and monitor access to networks, which many auditors and consultants interpret as requiring complex password-naming conventions.)

Summing up, the auditor told Spaltro, “If you were a bank, you’d be out of business.”

Frustrated, Spaltro responded, “If a bank was a Hollywood studio, it would be out of business.”

Spaltro argued that if his people had to remember those nonintuitive passwords, they’d most likely write them down on sticky notes and post them on their monitors. And how secure would that be?

After some debate, the auditor agreed not to note “weak passwords” as a Sox failure.

[OT] Job Posting

From: Benjamin Stewart 
Astec Industries, the company I work for, is searching for candidates for
an IT Help Desk position here in Chattanooga. It's mostly a Windows shop,
but we do use Linux occasionally where we can. Our IT department is a small
team, so there's lots of room to learn new skills, and every day is

Send resumes to

HR speak follows:

Don't believe the hype: Sony hack not 'unprecedented, ' experts say

From: Rod-Lists 
Posted for the security guys on the list

Great quote some of you may have seen on Twitter

From: Christopher Rimondi 
"Best kind of engineers to work with: 40yo parents who actually know how
computers work. worst kind: 22yo kids who love javascript frameworks"

Chris Rimondi | |

Photo Doctor

From: Mike Harrison 

> On Dec 8, 2014, at 11:52 AM, wrote:
> I have an old picture that is approximately 12x24 that needs to be scanned, retouched, and framed. The picture has been rolled up for years so it is hard to get it to lay flat and it has a number of creases in it. Any recommendations for someone local that does this kind of work? Feel free to reply off list.

Tracy at the Photo Doctor on Bailey Avenue. 

This is what he does, he does a lot of it. 

He’s done some very nice work for Nancy and myself. He’s good at it. He’s not cheap. 

But two blow-ups that I have that he did from small old photo’s look like museum grade mural. 

he’s also done work for my Dad (genealogy) and other friends.

"Tracy Knauss can be reached at the Photo Doctor at 629-5378.”

fwd: [PhreakNIC] GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

From: Jon Nyx 
FYI; we're cleaning this up for the website & the ap later today. Hope
to see some of y'all at PhreakNIC 18 this weekend. Thus endeth the
PN18 ads.


PS - I wish I'd known about Hamfest Chattanooga; we'd love to have
that sort of content not just at PhreakNIC, but in the Nashville area
in general.

-----Forwarded Message-----
> From: Jon Nyx 
> Sent: Oct 28, 2014 12:26 PM
> To:
> Subject: [PhreakNIC] Re: GPG Keysigning at PhreakNIC (At the CryptoParty Perhaps)

> On Tuesday, October 28, 2014 12:18:05 PM UTC-5, Zachariah Gibbens wrote:
>> Has anyone planned a GPG keysigning party for PhreakNIC 18?

Yes indeed:

Here's the preliminary schedule we got from Alan Fey, the Freeside Atlanta
director, last night:

I marked with the times I *MAY/CAN** be there as *[Alan]* so at other
times, you should have some volunteers help keep things going.  *I'll make
every effort to pop-in when there's not a talk I want to see so I can make
sure volunteers have everyone setup and running well.  :)

Hey, let's drop Smashthestack Q&A in that case, because it's too similar to sense in replicating.

How does this look?


??? - 2pm: *[Alan]* I'm open to whatever during this time.  I am aiming for
arriving around noon, so I can probably get CryptoParty room kicked off
until the talk I want to see.  I will get folks interested in the
Panopticlick Golf - do you have a prize I could use for this?  I am liable
to pick up something colossally stupid from a gas station on the way up as
a prize, so hopefully you have something really cool we can pitch to the

2 - 3pm: I recommend that if you have a computer hooked into projector,
that we show 30C3 talks, or just have open discussion.  If there's nothing
else going on, queue up a 30C3 talk!  :)  I'll assemble a list of URLs of
talks I think would work well for our audience.

3 - 4pm: *[Alan] *I'll go ahead and do hands-on GPG setup or keysigning,
plus playing around with VPNs, plus get volunteers familiar with the
Panopticlick Golf game.  Once I show volunteers the basics, this stuff will
be ongoing

4 - 6pm: Let's have a screening of the Internet's Own Boy, the Aaron Swartz
documentary which is freely available on the Internet Archive.

6 - 7pm: *[Alan*] Browsing security plug-in review, general browser
security, possible discussion of Tor+Firefox

7 - 8pm: Open discussion, 30C3 talks, Panopticlick Golf, GPG, VPNs

8 - 9pm: *[Alan] *Steganography 101 can probably be pulled off in this time

9 - 10pm: I'm doing my own talk, so Open discussion, 30C3 talks,
Panopticlick Golf, GPG, VPNs

10pm+: *[Alan] *I'll go ahead and have make your own OnionPi router
running, plus the usual: Open discussion, 30C3 talks, Panopticlick Golf,

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!


??? - 1pm:* [Alan] *I'll help kick things off by making sure the volunteers
are up to speed on running: Open discussion, 30C3 talks, Panopticlick Golf,
GPG, VPNs - if there's time, I'll make friends with Jitsi and discuss OTR

1 - 3pm: Another screening of the Internet's Own Boy, the Aaron Swartz
documentary?  If not, the usual Open discussion, 30C3 talks, Panopticlick
Golf, GPG, VPNs.

4 - 6pm: *[Alan] *I'll discuss Pond and Tahoe-LAFS, and perhaps we'll try
and make a Tahoe-LAFS grid if the people are willing and ready!

6 - 10pm: These talks are too awesome for me to miss!  Open discussion,
30C3 talks, Panopticlick Golf, GPG, VPNs.

10pm+: *[Alan] *Let's make an OnionPi router!  If people already have
theirs working, we'll switch focus to debugging or creating the Tahoe-LAFS
grid, and/or general discussion about operational security techniques and

11p/midnight-ish: I will probably want to hang out socially with you fine
people at some point!


??? - 2pm: *[Alan] *Aside from Les' talk, I'll probably be hanging out in
the CryptoParty room, nursing a hangover.  :)  Ask me anything while we
quietly drink coffee and work on things.

2pm: Announcing Winner of Panopticlick Golf !!!

2pm+: I'll be wrapping up my stay and looking to get back to the ATL, last
bits of contact info exchange with all you fine people.