Afleveringen

  • In this episode of Security Headlines we deep dive into fuzzing with Patrick Ventuzelo.

    topics that we cover:

    being niched in cyber security

    patricks background, doing pentests on telecom networks, doing security research on the android kernel for the french DoD, reverse engineering, development

    Zero days in the android kernel

    choicing a target when fuzzing

     blackbox and whitebox fuzzing

    fuzzing golang projects

    fuzzing rust projects

    setting up fuzzing enviroments

    webassembly security 

    fuzzing webassembly

    invalid web assembly opcodes

    the next generation of browser exploits

    javascript runtimes

    exploiting webassembly in the browser

    fuzzing blockchain applications

    how to write a fuzzer

    what to look for while fuzzing

    fuzzing javascript

    writing fuzzers in python

    ataris fuzzer for python code

    libfuzzer

    llvm

    analysing code repositories and finding bad patterns

    golang built in fuzzing(go-fuzz, fuzzing draft)

    fuzzing ethereum solidity smart contracts

    fuzz bench by google

    fuzzing the android kernel

    beacon fuzz

    reporting security bugs

    github security advisory

    favorite security conferences

    External links:

    https://fuzzinglabs.com/

    http://stackoverflow.com/questions/43153964/ddg#43154559

    https://www.youtube.com/channel/UCGD1Qt2jgnFRjrfAITGdNfQ

    telegram fuzzlab lab

    https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

  • Zijn er afleveringen die ontbreken?

    Klik hier om de feed te vernieuwen.

  • In this episode of Security Headlines, we are joined by Jay Townsend who is 

    maintaining several infosec tools such as the harvester and discover.

    The harvester is a very popular tool for doing Osint analysis. Tune into this episode 

    as we deep dive into Osint, the opensource information gathering realms.

    In this episode we cover:  

    what is osint and how can we use it?

    discover, lee baird

    the harvester

    dnsrecon

    bash

    python

    backtrack

    wifi security, wep

    wifi pineapple, bash bunny, hack5

    hack the box, try hack me, hack this site.org

    sysadmin, ansible

    finding passwords in log files

    how to apply security hardenings, systemctl hardenings 

    running weekly security scans

    bug bounties

    penetration tests

    finding old applications in production

    burpsuit

    using the harvester 

    harvester in kali linux, parrotsec, blackarch and debian

    porting the harvester to python 3

    screen-shooting websites with the harvester

    hidden features in the harvester

    fierce dns hacking

    dnsrecon

    how to perform osint analysis on yourself and others

    how to protect yourself against osint attacks

    using throw away email addresses

    how to use osint during penetration tests

    python development

    docker

    linux firmware, wifi drivers

    visual code 

    the latest windows exploits

    Links:

    https://en.wikipedia.org/wiki/PyCharm

    https://www.parrotsec.org/

    https://github.com/leebaird

    https://www.youtube.com/watch?v=F9UZdPokkhw

    https://github.com/laramies/theHarvester

    https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-windows-10-serioussam-vulnerability/

    https://en.wikipedia.org/wiki/Open-source_intelligence

    https://twitter.com/jay_townsend1

    https://bloodhound.readthedocs.io/en/latest/ 

    https://www.ansible.com/

  • In this episode of Security Headlines, Kolja Weber the creator of flokinet.is joins us. 

    In this episode we talk about:

    flokinet

    internet privacy

    german pirate party

    internet privacy laws

    Iceland

    starting an internet service provider

    running an internet service provider

    ipv4 addresses

    adoption of privacy friendly tools

    handling abuse requests 

    starting an internet service provider

    RIPE

    denial of service attacks

    mitigating denial of service attacks

    starting a privacy focused internet service provider

    DNS amplification attacks

    security

    free speech

    adoption of https, starttls and dkim

    external links:

    https://flokinet.is

    https://twitter.com/frelsisbaratta

    https://www.afrinic.net/

    https://ripe.net

    https://en.wikipedia.org/wiki/RIPE_NCC

    https://en.wikipedia.org/wiki/AFRINIC

    https://letsencrypt.org/

    https://www.qubes-os.org/

  • In this episode of Security Headlines, we are joined by Michael Dubell who co-founded Sweden's first student security  

    capture the flag team. What is capture the flag and how do you play it? How can you into hacking through the doors of playing  

    ctf's?  Michael started playing around with security as a teenager and the journey led him the capture the flag team, known  

    as "ChalmersCTF".

    Today, Michael is working with security during the day, and during the night he is developing the soon to   

    be released "bountrystrike"(which you can find on bountystrike.io) tool.

    Tune in as we talk about CTF, and a lot more!

    In this episode we cover:  

    halo one online

    wallhack

    war games

    hacking on forums

    hack this site

    over the wire

    https://www.hellboundhackers.org/

    chalmers  

    chalmers CTF

    how to start a "capture the flag" team  

    organizing capture the flag meetups

    beginner ctfs

    over the wire  

    the capture the flag scene in Sweden  

    over the wire  

    whitebox pentesting   

    bug bounties

    automating scanning and automating bug bounties

    vulnerability management   

    finding bugs in bug bounty programs   

     

    ## External links:   

    https://github.com/search?q=capture%20the%20flag%20writeups&type=Everything&repo=&langOverride=&start_value=1   

    https://github.com/zardus/ctf-tools       

    https://ctftime.org     

    https://chalmersctf.se/     

    https://overthewire.org   

    https://twitter.com/StevenVanAcker    

    https://bountystrike.io/    

    https://dubell.io/   

  • In this episode of Security Headlines, we are joined by one of the minds behind the OpenBSD project, Antoine Jacoutot.  He is responsible  

    for porting over 300 packages into OpenBSD. He is also involved in syspatch which handles security binary upgrades for OpenBSD.  

    Tune in, as we talk about development, security, programming, OpenBSD and a lot more!

    ##  Topics that we cover:   

    OpenBSD's community

    opensource   

    rcctl  

    init systems  

    classic BSD

    background daemons in OpenBSD   

    OpenBSD desktops in the wild   

    companies running OpenBSD

    writing shellcode

    openup

    binary patches in OpenBSD

    How OpenBSD handle security issues

    how security binary patches are carried out.   

    syspatch 

    porting software to OpenBSD  

    Gnome on OpenBSD   

    OpenBSDs future with Amazon AWS

    sysmerge  

    submitting feature requests to OpenBSD  

    tmux 

    advice for first-time OpenBSD users   

     

    ## External links:   

    https://www.OpenBSD.org/errata.html 

    https://bsdfrog.org/   

    https://twitter.com/ajacoutot

    https://OpenBSD.org   

    https://gnome.org

    https://www.OpenBSD.org/faq/ports/ports.html   

    https://man.OpenBSD.org/syspatch

    https://man.OpenBSD.org/sysmerge    

    https://github.com/ajacoutot    

    https://man.OpenBSD.org/rcctl    

  • In this episode of Security Headlines, we are joined by a great mind in the  

    memory security space. A spark was created when Theofilos peaked   

    into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during  

    his studies. He became fascinated by the world of writing exploits  

    and "smashing the stack" as we say in the hacking field.  He is a   

    brilliant guy when it comes to memory attack and he has co-written a   

    solution that solves the stack canary problem.   

    We had the chance to sit down with Theofilos Petsios and    

    get to hear his view on security, development and a lot more.  

    That you can tune into right here:  

    Stack canaries is a security mitigation technique that has been widely  

    adopted and you will find it in most systems today. But does it really work?  

    Topics that we touch upon in this episode:    

    Stack canaries   

    Address layer space randomization   

    Blind Return Oriented Programming (BROP)   

    Return Oriented Programming    

    Static code analysis    

    Rest in peace Andrea Bittau    

    security mitigations   

    Write Xor Execute(W^X)   

    Dynaguard   

    Where stack canaries fail and the operating systems approach to it.  

    hardening systems  

    where the future of security is going  

    CVE's over time   

    Memory corruption bugs   

    builtin security in the compilers    

    Security vs Overhead   

    Using memory in the Thread-local storage

    adoption of security mitigations   

    stack clash   

    Pin, Intel's dynamic binary instrumentation framework     

    Defense Advanced Research Projects Agency   

    whitepapers and Proof of concepts    

    Fuzzing    

    building better security tools    

    Cost vs benefit in the security field     

    Switching from userspace to kernel space mitigations   

    linters    

    secure codebases    

    formal verifications   

    "Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves"

    External links

    https://twitter.com/theofilospe   

    https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf

    https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf

    http://www.scs.stanford.edu/brop/   

    http://www.scs.stanford.edu/brop/bittau-brop.pdf   

    https://github.com/nettrino/DynaGuard    

    https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html   

    https://github.com/nezha-dt/nezha    

    https://llvm.org/docs/LibFuzzer.html     

    https://github.com/nettrino/vimconf  

    https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/

    https://youtu.be/Er44ur7wkXQ?t=44

  • Jonas Lejon is an amazing mind in the Swedish security world. A   

    great entrepreneur, hacker, and security-expert!   

    We had the pleasure of talking with him in this episode of Security Headlines.

    he wanted to specialize in security so he packed his bag and headed over  

    to the capital city to work more in-dept with security.  He wanted to   

    go deeper and deeper, so spent his extra hours learning the assembly programming 

    and getting into the low-level brain of the computer system.  He managed  

    to land a job working for the Swedish version of NSA.  

    Jonas now runs his own company called "Triop" and has a lot of fun side  

    projects that we dig into.

    In this episode we also cover:    

    Micro blogging  

    building search engines 

    bloggz dot se

    Getting over 20K users within a few weeks

    Twitter in the early days  

    Building Sweden's biggest micro-blogging platform

    testing in production   

    WordPress Security   

    bug bounties

    Finding security holes in Zoom

    writing about encryption and security

    fuzzing

    Hacking Bluetooth    

    ISOC-SE

    the swedish top level domains .se and .nu 

    the internet in Sweden     

    beatboxing 

    pentesting   

    enumerating existing users based on validation time 

    updated, security by default systems   

    network logging   

    Programming   

    leaving python 2

    Customizing Kali linux  

    Time-of-check to time-of-use attacks 

    writing exploits 

    ## External links: 

     

    https://triop.se   

    https://kryptera.se    

    https://web.archive.org/web/20081102073248/http://bloggz.se/     

    https://web.archive.org/web/20110630210858/http://bloggy.se/   

    https://en.wikipedia.org/wiki/Memcached     

    https://wpsec.com/    

    https://utvbloggen.se/    

    https://se.linkedin.com/in/jonaslejon    

    https://www.youtube.com/channel/UCI49rLPi_Lbbux5eo8ewLKA     

    https://en.wikipedia.org/wiki/Dave_Aitel     

    https://github.com/SofianeHamlaoui/Spike-Fuzzer     

    https://isoc.se/     

    https://internetstiftelsen.se/en/     

    https://www.netnod.se/     

    https://en.wikipedia.org/wiki/Kali_Linux     

    https://en.wikipedia.org/wiki/Arcade_Fire     

    https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use     

    https://github.com/juliocesarfort/public-pentesting-reports     

    https://www.hackerone.com/     

    https://www.bugcrowd.com/     

    https://twitter.com/jonasl     

  • In this episode of Security Headlines, we are joined by one of Gothenburg's security evangelist, Mr Johan Rydberg Moller.

    Johan is the cofounder of Gothenburg's own security conference *Security Fest*, sakerhetspodcasten - the first swedish security   

    podcast, hacker, explorer, and musician.  We get to hear the tale of how Johan got sucked into the world of hacking, that   

    has been his home for a lot of years now, as well as adventures with publicly disclosing security holes in some of   

    sweden's biggest websites.  This and a lot more in this episode of Security Headlines:   

    ## In this episode we cover:     

    learning web security when web security was a new thing

    Reporting security vulnerabilities.  

    life as a web developer. 

    finding security holes in the top 100 websites in Sweden.   

    PHP security

    cofounding assured

    starting the "security fest" conference   

    tattooing the conference logo

    starting the first Swedish security podcast

    pentesting

    gothenburg

    owasp

    web caching attacks

    ## External links          

    https://twitter.com/JohanRMoller   

    https://securityfest.com   

    https://sec-t.org   

    https://www.assured.se/     

    https://securitywithoutborders.org/blog.html      

    https://portswigger.net/burp     

    https://portswigger.net/research     

    https://www.youtube.com/watch?v=zP4b3pw94s0    

    https://www.theverge.com/2020/3/24/21192830/apple-safari-intelligent-tracking-privacy-full-third-party-cookie-blocking   

    https://soundcloud.com/johanrm   

    https://www.dagensmedia.se/medier/digitalt/soderhavet-kritiseras-for-sakerhetshal-6176181   

    https://sakerhetspodcasten.se/lyssna/   

    https://owasp.org/www-chapter-gothenburg/   

  • In this episode we are Joined by the developer, hacker and Code Siren founder Eijah.

    We walk down a road of 2 hours of honest conversation about Development, Morals,    

    working with McAfee, Hacking, Motivation, Mental Health, Security and a lot more! 

    Eija, an advocate for privacy and individual rights, quit a well paid job at rockstar games to start on a    

    journey pursuing what he loved. He went on a journey with the goal of creating technology that   

    enhance personal liberty and freedom.  The journey has had its bumps in the road but he as continued  

    marching forward, despite various problems.  Today, Eijah runs a software company called CodeSiren.

    Working on revolutionary technology

    In this episode we cover:  

    hacker spirit, engineer, tinkerer

    C++, Java

    Max payne 3, Red Dead Redemption, grand theft auto 5

    programming for the love of it

    game developer,

    Working at rockstar, life at rockstar

    life as a developer

    hacking blueray and finding the blueray device keys

    Large code bases, code maintenance, clean modular code

    your code is your documentation

    Xbox360 vs Playstation 3

    The failures of VPN companies, selling people's private companies.  

    Drinking pints, in Edinburgh

    Starting and developing demonsaw

    file sharing

    privacy

    traffic obfuscation and traffic subterfuge, bypassing deep packet inspection

    great firewall of china

    Surveillance

    Privacy

    Cryptography

    Censorship

    John Mcafee

    Being a senior programmer

    "My greatness stems from not having achieved what I am here to achieve" - Eijah

    ## External links:    

    https://twitter.com/demon_saw     

    https://codesiren.com     

    https://demonsaw.com     

    https://en.wikipedia.org/wiki/Commodore_VIC-20    

    https://darknetdiaries.com/episode/16/    

    https://en.wikipedia.org/wiki/Advanced_Encryption_Standard    

    https://en.wikipedia.org/wiki/CPU_time    

    https://forum.doom9.org/     

    https://www.reddit.com/domain/forum.doom9.org/        

    https://en.wikipedia.org/wiki/Hackers_(film)      

    https://en.wikipedia.org/wiki/Dunning-Kruger_effect       

    https://en.wikipedia.org/wiki/Impostor_syndrome     

    https://en.wikipedia.org/wiki/Allocator_(C%2B%2B)     

    https://en.wikipedia.org/wiki/PlayStation_technical_specifications    

    https://www.nextplatform.com/2019/01/24/unified-memory-the-final-piece-of-the-gpu-programming-puzzle/     

    https://www.youtube.com/watch?v=lTngMxmymX4     

    https://www.youtube.com/watch?v=fMfQQoHHLBA    

    https://steelpantherrocks.com/     

    https://www.youtube.com/watch?v=WjElZ-O9EpM      

  • In this episode of Security Headlines, we are joined by  

    the Hacker Johnny Xmas. Johnny is a very interesting character   

    with a lot of fun projects behind him.   

    Join us as we get to hear Johnny's stories as we deep dive 

    into this weeks episode of Security Headlines:

    ## Venmo

    After giving a talk about it and releasing software that made everyone  

    able to easily abuse this, Luckily venmo took action and limited the 

    amount of data avaliable. Johnny found a way to generate api keys with  

    just making a simple request to the 

    ## Bypassing Webb application firewalls   

    A lot of firewalls just focus on IP filtering which is a huge problem  

    when, in todays world it is really easy and cheap for a consumer   

    to aquire a large sets off ip addresses.  

    One provider of proxied ip addresses is Hola VPN that lets their free   

    users act as exit nodes that they sell using platforms such as luminate.

    Other people have adopted this approach but with mobile development toolkits.  

    ## Grimm    

    Johnny is currently working for the security engineering firm Grimm, a company known for its involvement in the ICS(Industrial control system) security work.  

    Currently working on developing 

    Grimm is currently hiring people, do you want to get paid to develop security training platforms ?

    then Grimm is the place for you!

    External links:   

    https://twitch.tv/j0hnnyxm4s

    https://twitter.com/J0hnnyXm4s/

    https://www.youtube.com/c/JohnnyXmas/

    https://github.com/johnnyxmas/Talk_Decks/tree/master/2019/Sorry%20about%20your%20WAF

    https://ghost.express/   

    https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html  

    https://www.twitch.tv/mr_horologist   

    https://twitter.com/cigarsec   

    https://www.icsvillage.com/   

    https://www.grimm-co.com/careers   

    https://en.wikipedia.org/wiki/Venmo   

    https://www.technowize.com/grindr-security-flaw-lets-anyone-hijack-user-accounts/

    https://en.wikipedia.org/wiki/Principle_of_least_privilege  

    https://en.wikipedia.org/wiki/Branched-chain_amino_acid  

    https://opihr.com/   

    https://en.wikipedia.org/wiki/Sub7

    https://nmap.org/book/man-nse.html  

    https://en.wikipedia.org/wiki/Less_Than_Jake   

    https://en.wikipedia.org/wiki/Oh,_Sleeper

    https://luminati.io/  

    https://selenium.dev/  

    https://blog.firosolutions.com

  • In this podcast episode of Security Headlines: Carl Lerche, Rust developer and

    maintainer of the popular Rust programming library Tokio joins us.

    He walks us through what Rust and Tokio is, how companies are building their stacks with Rust.

    This and a lot more on this episode of Security Headlines!

    Carl heard about this new programming language called Rust and wanted to check it out.

    What started as a hobby project led Carl down the rust path and he now works for Amazon as a

    Rust developer! Helping Amazon build stable infrastructure.

    We get to hear the story of how Tokio got started and how the Rust programming language has changed

    over the years.

    Since a large chunk of Tokio code is focusing on making it easy for developers to write asynchronous functions.

    And be able to write fast code that does not get stuck and lets the data flow.

    But how does non-blocking code really work? What differs Rust from the programming language Golang is

    Golangs, adoption of green threads instead of using regular threads.

    Carl walks us through how this works and how Rust tackles this problem "the Rust way".   

    Do you want to build reliable network services with Rust?

    Then Tokio is something you should check out, try out the new 0.3 release here:

    https://github.com/tokio-rs/tokio/releases/tag/tokio-0.3.1       

    In this episode we also cover:   

    slowing down syscalls to protect against Spectre

    async syscalls with io-uring

    building high-performance systems with non-blocking sockets

    writing code without syscalls

    getting started with Tokio

    async operating system api's 

    how to start coding with tokio

    External links:

    https://doc.rust-lang.org/stable/rust-by-example/

    https://discord.gg/tokio

    https://tokio.rs/

    https://twitter.com/carllerche

    https://github.com/tokio-rs/

    https://github.com/tokio-rs/io-uring

    https://blogs.oracle.com/linux/an-introduction-to-the-io_uring-asynchronous-io-framework

    https://www.howtogeek.com/338269/a-huge-intel-security-hole-could-slow-down-your-pc-soon/

    https://www.rustaceans.org/

    https://rust-lang.github.io/async-book/

    https://github.com/tokio-rs/mini-redis

    https://pop.system76.com/

    https://rust-analyzer.github.io/

    https://en.wikipedia.org/wiki/Epoll

    https://twitter.com/tokio_rs

    https://github.com/carllerche

  • HD is a very interesting character, founder of Metasploit, security researcher, phone phreak, ruby hacker

    and the founder of the company rumble!

    He joins us in this episode to tell us the story of Metasploit, making security research

    and internet scanning more accessible and normalized.

    HD picked up an interest in computers and the telephone system at an early age and

    spent his time reading ezines, 2600 and other magazines that talked about the force of technology and the

    creative exploring we know as hacking.

    The passion went from just making silly screen savers to starting to play with, the analog phone system.

    Phreaking away on the phone lines and using the knowledge to travel wherever he wanted, on the phone lines.

    In 2003, at the time where the internet still was young and the security research where kept in the dark.

    HD wanted to shine some light on this and instead of commercializing and building a proprietary product he

    created metasploit.  In order to make exploits easy to use and available for the business side and the hobbyist.  

    HD received a lot of push back for doing this. A lot of people did not want to make security tools and techniques  

    available for the wide majority to use.  They tried to get him fired, hares him and a lot more :/   

    This mob of angry people did not stop him from keep working at metasploit. Countless hours were spent porting   

    exploits to it. Making them easier to use and more accessible for everyone to use.    

    A couple of years later the metasploit project got bought up by the US-based company "rapid7"   

    which is home to several security related projects.   

    One of these interesting projects is Project Sonar. Project Sonar is continuously scanning and indexing   

    the entire internet.  Creating a huge map of every device on the internet that you can search on based on timestamps.   

    Like a modern-day time-machine for exploring devices on the internet.  This can be used for keeping track of   

    types of things, such as tracking Hillary Clinton's email server.     

    Exploring the internet on a larger scale like this of course does not come without finding a lot of interesting   

    things, HD tells us about the time he found a surgical robot that was being used for operating on people   

    with a publicly accessible web interface.   Luckily this was quickly reported and fixed!    

    Evolution is pushing innovation and scanning the entire internet, which was very hard to do a    

    while back is now not only cheap but can also be done in a couple of hours.    

    Today HD is the CEO of a company called Rumble, and has gone from exploring the public internet to   

    exploring the inner realms of intranets and internal networks.

    External links:   

    https://www.rumble.run/    

    https://www.metasploit.com/       

    https://www.rapid7.com/research/project-sonar/      

    https://en.wikipedia.org/wiki/SAINT_(software)          

    https://www.hdm.io/   

    https://github.com/hdm   

    https://2600.com/    

    https://en.wikipedia.org/wiki/WarVOX   

    https://zmap.io/   

  • In this episode, we talk with Maksymilian Arciemowicz, security research    

    that has found bugs in a large chunk of systems, active in the security field   

    since 2005. He is the founder and maintainer of cxsecurity which is a website   

    that index and host security vulnerabilities for everyone.   

    Cxsecurity is home to a lot of exploits and security research, in this episode   

    we get to hear the story of how it got created by its founder Maksymilian!   

    One of these types of communities is a mailing list called bugtraq.   

    Maksymilian learned how to find security bugs thanks to that mailing list and  

    soon after finding his first couple of bugs he teamed up with a friend to start a    

    website called *securityreason.com*. SecurityReason took the security research from the mailing list   

    and displayed it in a nice web interface.   

    The two founders wanted to go different ways, Maksymilian wanted the research to stay open and not    

    commercialize on it.   

    The website got shutdown and Maksymilian forked it into a new better version called cxsecurity.com!

    In nature, the power lays in the entity with the most muscles but on    

    the internet, the power is in the person with the most knowledge, the power comes  

    from the intellect. Whoever comes up with new ideas and is able to prove it wins    

    the intellectual battle, Maksymilian explains.   

    Since 2005 Maksymilian has been able to find security holes in:  

    * IPFilter in openbsd, which was used before they switched to   

    * Freebsd      

    * Magento   

    * Mac osx    

    * phpmyadmin    

    * PHP       

    * NetBSD        

    * Vsftpd       

    * apache      

    * Solaris        

    * Thunderbird       

    * Opera         

    * libc         

    and a lot more!

    We are super happy to have a true hacker spirit with us in this episode     

    on Security Headlines!

    In this episode, we cover topics such as:    

    How the security landscape has changed since 2005 and how easy it was    

    to hack back then.    

    Using regular expressions to make security research better and faster!    

    How to submit security exploits to software vendors.    

    CVE, lack of description       

    Stories from the heart of the security scene       

    Suricata and Artificial Intelligence      

    How to protect your systems.      

    Development and a lot more!      

    static code analyzer, he has written his own static code analyzer for PHP.   

    We of course sidetrack a bit into OpenBSD and when a person such as Maksymilian says:    

    *OpenBSD is the most secure operating system in the world*   

    We can just smile :)        

    External links:

    https://cxsecurity.com

    https://cifrex.org

    https://cxib.net

    https://www.exploit-db.com/history

  • Summary:    

    In this podcast episode of Security Headlines our host talks with Kristaps Dzonsons, a long time

    OpenBSD user, writer of beautiful software and deep water diver.

    We cover a lot of software development, security, the BSD space and of course diving.    

    Security is something that is very hard, we are all human and mistakes happen.

    In 2014 at a EuroBSD conference, Kristaps

    gave a great talk about what we should think about when we want to

    produce safe code.    

    One of the things he highlights is that ideally, we should:    

    Write defensive code, use a team of code auditors, QA

    Use up-to-date, audited libraries with a history of attention to security

    use a language with formal underpinnings and proof of correctness

    run on systems supporting your defensive strategy

    And while we're at it, we might as well ride our unicorns to work.

    Unfortunately this workflow is not yet adopted.  But since the tools are getting

    smarter and smarter, more and more people are adopting fuzzing and the ecosystem is evolving.

    There is a lot of reasons to be optimistic about the future!     

    One thing we can do to make our programs a bit safer is to look at each

    part of the program and ask ourselves, does this part really need

    privileges to do these things?   Luckily a great new innovation from OpenBSD comes riding

    in like a knight in shine armor, like a hero in a medieval movie.

    And its name is Pledge, pledge allows your program to easily predefined the access rights it

    needs and if it breaks the promise, the process dies.

    It's an easy to use way to approach the entire Mandatory Access Control swamp...      

    Pledge

    Originally implemented as Tame in OpenBSD, but rebranded as Pledge in OpenBSD's 5.9 release.

    Pledge makes security a lot easier for the developer!  If you want a function you have to

    only have the privileges of being able to open files or something similar. Pledge makes it super-easy for

    you as a developer to in 3 lines of code, in order to only allow a function to do what its suppose to do and

    nothing more, so when attackers come and manipulate your function to do other things, Pledge comes riding in

    and kills the process, no questions asked!

    Kristaps has implemented both Tame and Pledge into production and we get to hear his advice

    on how to do it.

    Pledge adoption is growing and growing, and you can use it with a large number of programming

    languages.  Just search for pledge and the programming language of your choice and someone has

    most likely made a library for it.

    External links:

    https://kristaps.bsd.lv/

    https://github.com/kristapsdz

    https://learnbchs.org/portability.html

    https://man.OpenBSD.org/acme-client.1

    https://kristaps.bsd.lv/kcgi/

    https://kristaps.bsd.lv/sqlbox/

    https://man.OpenBSD.org/pledge

    https://man.OpenBSD.org/unveil

    https://en.wikipedia.org/wiki/Scuba_diving

    https://en.wikipedia.org/wiki/Freediving

    https://kristaps.bsd.lv/openradtool/

    https://www.openrsync.org/

    https://asiabsdcon.org/

    https://www.eurobsdcon.org/

    https://www.bsdcan.org/

    https://bsd.lv/

    https://man.OpenBSD.org/sysmerge

    https://man.OpenBSD.org/OpenBSD-5.8/tame.2

    https://manpagez.com/man/3/sandbox_init/

    https://en.wikipedia.org/wiki/Systrace

    https://en.wikipedia.org/wiki/UFRaw

    https://en.wikipedia.org/wiki/Diving_reflex

  • Summary:   

    In this podcast episode, we interview Mischa Peters which is a long time   

    BSD user with a background in the world of data centers and ISP's.     

    One of his latest projects is OpenBSD Amsterdam which is a pure-hearted   

    OpenBSD virtual machine hosting provider.  That is running 100% OpenBSD,   

    it's even using OpenBSD's own hypervisor.  We deep dive into   

    OpenBSD Amsterdam, scripting with ssh, awk, and the basic tools, BSD, Hack-tic and    

    a lot more!    

    OpenBSD Amsterdam is one of the many interesting projects in the BSD space.   

    Being a pure hearted OpenBSD virtual machine provider.  The project launched as a hobby project by   

    Mischa Peters in 2018 and the first month already 40 people where interested in spinning up a virtual machine   

    with OpenBSD Amsterdam.   

    What makes it special is that it runs OpenBSD own Hypervisor, unlike the majority of hosting platforms that  

    run qemu/kvm or Xen.     

    So what you get is an OpenBSD virtual machine running on OpenBSD host. So it's OpenBSD all the way.    

    Mischa started playing around with this new hypervisor project for fun and wanted to do something   

    bigger with it, Having a background running servers in datacenters as well as running his on internet service  

    provider(High5) which he started in 1999.

    In this episode, we also get to know how it was to work for Xs4all in the 1990'ies. Xs4all is a Dutch internet  

    service provider that came out of the *Hack-tic* scene.   

    Which was a Dutch hacking community and magazine that where active between 1989 and 1994.    

    This scene has been very active, creating conferences, being a voice     

    for internet activism, suing the Church of Scientology and much more.     

    Mischa, like many others, got introduced to SunOS Unix systems in school and went deeper and deeper into the   

    Unix based rabbit hole. He ended up running Redhat and then found the wonderful world of BSD and   

    was liberated from Linux through the adoption of FreeBSD.     

    Mischa is the kind of person that handles the juggle between multiple projects demanding projects, a   

    day job, a family with kids, a much more.    

    We also talk about performing automated package management   

    on OpenBSD, doing kernel upgrades, and automating things with simple command-line scripting.   

    Sometimes Ansible is just a mess and the same thing can be done simpler with just a for loop   

    some ssh and some basic command line hacking.   

    Thanks to the OpenBSD Amsterdam project, a large chunk of cash has been donated to the OpenBSD   

    foundation which helps the development of OpenBSD moving further.     

    But most important: It's helping the adoption of OpenBSD!  

    Do you want to learn BSD?  Host your own email?  Setup Wireguard?   

    Then OpenBSD Amsterdam is a good start for you. 

    External links:

    https://openbsd.amsterdam

    https://rgz.ee/m/

    https://man.openbsd.org

    https://en.wikipedia.org/wiki/XS4ALL

    https://en.wikipedia.org/wiki/Hack-Tic

    https://why-vi.rocks

    https://en.wikipedia.org/wiki/SunOS

    https://www.osmocom.org/projects/retro-bbs/wiki/Livingston_Portmaster_3

    https://en.wikipedia.org/wiki/Joe

    https://high5.nl/gist/rdist.html

  • In this episode of Security Headlines, we jump into curl with   

    its founder and maintainer Daniel Stenberg.   

    We talk security, CI systems, creation of curl, Fuzzing, IRC bots and a lot more!  

    Few software developers never even get near to having one   

    of their projects being picked up by a larger community.   

    A project that started as a currency plugin to an IRC bot.  

    Spun off and ended up becoming bigger and bigger resulting in being 

    adopted by over 10 billion devices.  Well, this project is called   

    curl!  Curl is known to be the stable swizz army knife that can  

    be used for making various types of transfer requests.  

    Need to download a file? Curl is here for you        

    Need to test a socks5 proxy? Curl is here for you  

    Need to download an ezine over Gopher? Curl is here for you     

    Need to test a unix socket? Curl is here for you     

    In this episode of Security Headlines, we are joined by Daniel   

    Stenberg who is the founder and maintainer of Curl.   

    He has even been awarded a gold medal by the Swedish king for   

    his work with Curl.   

     External links:   

    https://curl.haxx.se/     

    https://curl.haxx.se/docs/security.html   

    https://en.wikipedia.org/wiki/CURL   

    https://twitter.com/bagder   

    https://www.wolfssl.com/     

    https://daniel.haxx.se/   

    https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:curl    

    https://en.wikipedia.org/wiki/Gopher_%28protocol%29    

    https://curl.haxx.se/mail/     

  • In this episode, we are all about FreeNas, the world's largest NAS system, running FreeBSD as its base.  

    The founder of FreeNas Olivier joins us, walking us throw how FreeNas started and how the system   

    has grown since its start in 2005. The conversation takes us through the jungle of FreeNas and we end up

    landing in Netflix's land of FreeBSD adoption and Olivier's latest project the BSD router project.    

    Sit back, relax, and enjoy this episode of Security Headlines.  

    We are back with another episode in the BSD theme episode!   

    In this podcast episode, we are talking about FreeNAS, the worlds biggest Network-attached storage(NAS)    

    operating system.   

    And we of course have the founder of FreeNAS with us, Olivier Cochard-Labbé!    

    Olivier started FreeNAS in 2005, with not a lot of knowledge on how to do it but with a determintation   

    of creating a multimedia system that he could use.    

    He wanted something small so he tried to compile   

    [busybox](https://en.wikipedia.org/wiki/BusyBox) but failed, he kept on trying and ran into FreeBSD!   

    He named the system FreeNAS and the first month he was able to get a bit over a thousand downloads, which 

    is very impressive for a new project.    

    The project grow and grow and it attracted a big community taking up to much of Olivier's time.   

    This became harder and harder, Especially when you have a family and a full-time   

    job and other hobbies to attend.   

    Olivier was getting more and more to do as the project became bigger.  One particular example of this   

    that he brings up is a security bug that was very severe and of course filed on a Friday. 

    The security hole was a critical one, FreeNAS allowed root console access from the web interface   

    without requiring authentication.      

    The company *iXsystems* offered to allocate some developers to work on FreeNAS and Olivier   

    handed over the FreeNAS project to them with the requirement that it shall remain free and opensource!      

    Olivier is currently working for Netflix, helping them stream movies to the world using    

    the raw power from the FreeBSD operating system that runs Netflix's Content Delivery Network.   

    Join us as we jump into the wonders of FreeNAS, the BSD router project, and a lot more!

    External links:   

    https://bsdrp.net/   

    https://www.freebsd.org/    

    https://www.freenas.org/   

    https://www.netflix.com/     

    https://yandex.com/     

    https://www.freebsd.org/doc/en/articles/nanobsd/index.html   

    https://en.wikipedia.org/wiki/M0n0wall     

    https://www.freshports.org/net/bird/   

    https://www.freebsd.org/doc/handbook/firewalls-ipf.html  

    https://www.openmediavault.org/   

    https://en.wikipedia.org/wiki/ZFS    

    https://en.wikipedia.org/wiki/WireGuard    

  • In modern stacks, a large chunk of applications run in container environments   

    such as docker and systemd-nspawn.  However, these applications are not built for security.   

    The security community has proven it again and again that privilege escalation attacks   

    are very serious with attacks such as Dirty Cow and CVE-2016-3135.   

    A way to tackle the problems of running applications with a low privilege user without   

    that application being able to interact with other running applications is to use *user namespaces*.      

    Using user namespaces you can hide process id's to the applications and provide a more sandboxed environment.   

      

    Alex wanted to the distribution of multiplatform applications easy 

    which led him to sandboxing and namespaces, today he   

    maintains the "chroot on steroids" project *bubblewrap* which is a sandbox platform for running    

    sandboxed applications in different namespaces.    

    Alex is also a long time user of Linux, with 20 years working for Redhat.   

    He started to code on the commodore 64 and has been a developer ever since. In school he  

    got introduced to Solaris and jumped deeper and deeper into Linux rabbit hole.   

    Working on Linux allows Alex to work from home in the suburbs of Stockholm  

    and work on programs that get used by a global user base.

    In this episode, we talk about how it has been to work on sandboxed   

    desktop applications and how flatpak has grown.    

    So far there a has been a handful of different CVE's for bubblewrap 

    that we talk about.

    Flatpak has gotten bigger and bigger and "flathub" has come to see the light

    , flathub is a place where all Linux users can get sandboxed desktop

    applications.

    Flathub is running on a stable Rust backend, Alex picked Rust to be the backend as one of his first larger Rust projects.  

    We of course talk about how Rust is becoming more part of our daily lives  

    as more and more applications are being ported to it, like librsvg journey from being written in C to now being a rust code base, as well as libraries  

    being written in Rust.  

    If you are maintaining an application with a graphical user interface and you target 

    an audience that is running Linux on the desktop, we recommend   

    that you get your application on flathub.   

    Here is a guide on how you can do that:   

    https://github.com/flathub/flathub/wiki/App-Submission

    This podcast was made possible with running zoom with flatpak:   

    $ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo   

    $ flatpak install flathub us.zoom.Zoom 

    $ flatpak run us.zoom.Zoom

    External links:  

    https://github.com/containers/bubblewrap  

    https://flathub.org/home 

    https://en.wikipedia.org/wiki/Slirp  

    https://github.com/rootless-containers/slirp4netns   

    https://podman.io/    

    https://github.com/GNOME/librsvg   

    https://blogs.gnome.org/alexl/ 

    https://twitter.com/gnomealex

    https://lkml.org/lkml/2016/3/9/555

    https://lwn.net/Articles/657744/  

    https://blog.firosolutions.com/   

       

  • Tarsnap is a backup service running with the slogan "Online backups for the truly paranoid".   

    The service has well earned its slogan as a secure backup option.   

    Created in 2006 by at the time FreeBSD's security officer Dr. Colin Percival, who was responsible for FreeBSD's security advisory.   

    Colin is not only a successful entrepreneur but also a dedicated FreeBSD user.   

    Colin has been getting his hands dirty with FreeBSD in the late 1990'ies when the firewall in his family house   

    running openbsd crashed due to disk failure. After changing the disk he did not manage to   

    figure out how to install OpenBSD so he went with FreeBSD.   While studying for his doctrine, he got concern   

    about security, that led him to use freebsd where he later jumped on as FreeBSD security officer.   

    Being the FreeBSD's security officer gave him knowledge of security holes before anyone else did and   

    he needed a secure backup solution for storing his files.   After some head scratching, he decided to   

    go the startup route and create his own backup solution. After getting several user requests about having  

    password-protected key storage, Collin created Tarsnap's secure cryptographical solution for 

    protecting keys called "Scrypt", which later got picked up by several opensource 

    projects such as the cryptocurrency project Litecoin.    

    Colin is a very intelligent and trustworthy person, to improve security when connecting   

    and staying connected between machines he creates spiped. Adding a layer of safety on top of just using regular   

    ssh, to mitigate attacks and weaknesses caused by OpenSSL.   

    Because scrypt has a heavy resource need, making it hard for attackers to crack, it became a more secure alternative then the standard hash functions we use in modern systems such as sha1 and md5.   

    The project started to growth and it was soon adopted by various larger companies   

    such as stripe.  

    If you are interested in finding and submitting bugs in Tarsnaps own code base, Colin has put up a Bug bounty

    rewarding the people that find all kinds of bugs in the code base, a fun fact is that a majority of the security bugs   

    that gets submitted is not found by security researchers looking for holes but by average developers looking at   

    the functions in the code.  

    Today Tarsnap runs on a large set of different systems by a diverse crowd, providing secure storage of   

    data thanks to its stable code base and amazon s3.  

    Colin also donates Tarsnap's December profit to the opensource community sponsoring the FreeBSD foundation, the EuroBSD  

    conference, the bsdcan conference, bsdnow podcast and several other projects.   

    We are super happy to have Colin as a guest on Security Headlines!

    External links:   

    https://github.com/Tarsnap/spiped  

    https://en.wikipedia.org/wiki/Tarsnap    

    https://en.wikipedia.org/wiki/Scrypt   

    https://www.Tarsnap.com/spiped.html   

    https://www.Tarsnap.com/kivaloo.html   

    https://github.com/Tarsnap/spiped  

    https://www.Tarsnap.com/open-source.html   

    https://github.com/mendsley/bsdiff   

    https://en.wikipedia.org/wiki/Paul_Graham_(programmer)   

    Stay up to date at:

    https://blog.firosolutions.com