We take a trip to the ends of the earth and hear some stories of tech support in Antarctica, cover a surprisingly reasonable new suggested standard for responsible disclosure & discuss Kreb’s latest adventures in the world of deep-insert credit card skimmers.

And of course your feedback, a fantastic round-up & so much more!

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

Tales of an IT professional sailing around the Antarctic loop – sent in by Eric Miller

  • CTD device – A CTD or Sonde is an oceanography instrument used to measure the conductivity, temperature, and pressure of seawater (the D stands for “depth,” which is closely related to pressure). The reason to measure conductivity is that it can be used to determine the salinity.

  • Had to reinstall software for a winch to get it working

  • Registered a new website and webmail and created a custom email solution so scientists would remotely access their email

security.txt – an RFC in the making

Dumping Data from Deep-Insert Skimmers

  • Deep-insert skimmers

  • Romanian links to US crime

  • European data skimmed from cards, then used in US because chip technology is not widely deployed there

  • ‘wands’ inserted deep into the ATM to retrieve data


Feedback

  • re Database migrations in Episode 332 jungle boogie writes in to mention Sqitch github by David Wheeler. JB says “This is a program written in perl and looks to have support for many databases”. JB also mentioned [pgBackRest](http://www.pgbackrest.org/] github

  • Gary Foard writes in about a command line utility called shred. He uses to erase laptops from a live Linux disc. I checked the FreeBSD manual pages to check it’s there also, and it is – although I had to search for gshred instead of shred to find shred which I find weird. – See sysutils/coreutils in the FreeBSD Ports tree. – Dan notes: not recommended for erasing files any more. Not feasible for COW filesystems.

  • prime62 mentioned on the TechSNAP sub-reddit mentioned some password hashing/salting resources: Salted Password Hashing – Doing it Right and The definitive guide to form-based website authentication

  • Also seen on Reddit: There is no point [on max password lengths] since the field is hashed.


Round Up:

Question? Comments? Contact us here!