Fear and Linux in Las Vegas | LAS 429

Fear and Linux in Las Vegas | LAS 429

Noah’s back from Defcon! He shares his experience at this infamous conference, his Linux in the wild sightings & his surprising takeaway.

Plus Btrfs’ RAID 5/6 code has been found “unsafe”, the FossHub compromise, an Internet of Things failure that struck close to home & more!

Thanks to:


DigitalOcean


Ting


Linux Academy

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

— Show Notes: —


System76

Brought to you by: Linux Academy

Noah Visits Defcon

Hackers Fool Tesla S’s Autopilot to Hide and Spoof Obstacles

In a series of tests they plan to detail in a talk later this week at the Defcon hacker conference, they found that they could use off-the-shelf radio-, sound- and light-emitting tools to deceive Tesla’s autopilot sensors, in some cases causing the car’s computers to perceive an object where none existed, and in others to miss a real object in the Tesla’s path.

Hacking Hotel Keys and Point of Sale Systems at DEFCON

Hecker is scheduled to talk about his research at the DEFCON security conference in a talk where he will also reveal flaws in the magnetic stripe approach used in point-of-sale (POS) systems. In an interview ahead of the talk, Hecker detailed some of his key findings and the widespread risks.

— PICKS —

Runs Linux

This Sewer Camera that my plumber used, Runs Linux

Desktop App Pick

Lifeograph

Private offline journal, encrypted note taking.

Features

  • Search and play audio/video from YouTube
  • Search tracks of albums by album title
  • Search and import YouTube playlists
  • Create and save local playlists
  • Download audio/video
  • Convert to mp3 & other formats (requires ffmpeg or avconv)
  • View video comments
  • Works with Python 3.x
  • Works with Windows, Linux and Mac OS X
  • Requires mplayer or mpv
  • This project is based on mps, a terminal based program to search, stream and download music. This implementation uses YouTube as a source of content and can play and download video as well as audio. The pafy library handles interfacing with YouTube.

Spotlight

Stellarium 0.15.0 has been released

New big features

  • We introduce a major internal change with the StelProperty system.
  • This allows simpler access to internal variables and therefore more ways of operation.

  • Most notably this version introduces an alternative control option via RemoteControl, a new webserver interface plugin.

  • We also introduce another milestone towards providing better astronomical accuracy for historical applications:

  • experimental support of getting planetary positions from JPL DE430 and DE431 ephemerides. This feature is however not fully tested yet.

The major changes:

  • Added StelProperty system
  • Added new plugin for exhibitions and planetariums – Remote Control
  • Added new skycultures: Macedonian, Ojibwe, Dakota/Lakota/Nakota,
    Kamilaroi/Euahlayi
  • Updated code of plugins
  • Added Bookmarks tool and updated AstroCalc tool
  • Added new functions for Scripting Engine and new scripts
  • Added Miller Cylindrical Projection
  • Added updates and improvements in DSO and star catalogues (include initial
    support of The Washington Double Star Catalog)
  • azimuth lines (also targeting geographic locations) in ArchaeoLines plugin
  • Many fixes and improvements…

— NEWS —

PSA – Do not download Classic SHELL! read comments (MBR overwrite!!) mbr.rootkit

MBR Error Screen

Classic Shell itself wasn’t compromised. FossHub was and some download links were replaced by another program, not signed, that do only one thing: overwrite the MBR. It’s not an infected version of Classic Shell, Audacity or whatever, it’s only a small program that targets your MBR. If at the end of the installation process nothing happens beside a short cmd window then you have downloaded the malware.

“In short, a network service with no authentication was exposed to the internet,” the hacker told Softpedia in an email. “We were able to grab data from this network service to obtain source code and passwords that led us further into the infrastructure of FOSSHub and eventually gain control of their production machines, backup and mirror locations, and FTP credentials for the caching service they use, as well as the Google Apps-hosted email.”

Corrupt .exe’s downloads of both Audacity and Classic Shell have been removed from FossHub.com after being found laden with a Master Boot Record-overwriting Trojan.

Never Trust a Found USB Drive, Black Hat Demo Shows Why

“Despite the dangers of hackers, viruses and other bad things, almost half of those who found one of our flash drives plugged it into a computer,” Bursztein said.

Btrfs RAID 5/6 Code Found To Be Very Unsafe & Will Likely Require A Rewrite

“more or less fatally flawed, and a full scrap and rewrite to an entirely different raid56 mode on-disk format may be necessary to fix it. And what’s even clearer is that people /really/ shouldn’t be using raid56 mode for anything but testing with throw-away data, at this point. Anything else is simply irresponsible.”

MeetBSD California 2016

Mail Bag

  • http://slexy.org/view/s2NuBRmc2H

  • http://slexy.org/view/s2usaSqiSk

  • http://slexy.org/view/s2vRzbEICz

  • Audio Only for Live Show?

Call Box

Catch the show LIVE SUNDAY:

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Question? Comments? Contact us here!