Podcast appearances and mentions of Kali Linux

If you like what you hear, please subscribe, leave us a review and tell a friend!

¿Estás pensando en pasarte a Linux pero no sabes por dónde empezar? En este episodio te explico, con humor y claridad, qué distribución de Linux se adapta mejor a ti según tu perfil: uso personal, profesional, si eres principiante o quieres trastear como un pro. Hablamos de Ubuntu, Linux Mint, Debian y Kali Linux, todo sin tecnicismos ni rollos raros. ¡Prepárate para descubrir que Linux no es solo para expertos y que tú también puedes lanzarte a probarlo!

Hauke, Jean und Micha sind heute dabei und reden über 20 Jahre Proxmox, PweDiePies Linux Video, SUSE ohne YAST und Kali-Linux verliert den Reposchlüssel. Und dabei wird natürlich der ein oder andere Umweg genommen.

We hit a milestone today as this is our 50th Podcast Episode! A Big thank you to You, our listeners for your continued support!* Kali Linux Users Face Update Issues After Repository Signing Key Loss* CISOs Advised to Secure Personal Protections Against Scapegoating and Whistleblowing Risks* WhatsApp Launches Advanced Chat Privacy to Safeguard Sensitive Conversations* Samsung Confirms Security Vulnerability in Galaxy Devices That Could Expose Passwords* Former Disney Menu Manager Sentenced to 3 Years for Malicious System AttacksKali Linux Users Face Update Issues After Repository Signing Key Losshttps://www.kali.org/blog/new-kali-archive-signing-key/Offensive Security has announced that Kali Linux users will need to manually install a new repository signing key following the loss of the previous key. Without this update, users will experience system update failures.The company recently lost access to the old repository signing key (ED444FF07D8D0BF6) and had to create a new one (ED65462EC8D5E4C5), which has been signed by Kali Linux developers using signatures on the Ubuntu OpenPGP key server. OffSec emphasized that the key wasn't compromised, so the old one remains in the keyring.Users attempting to update their systems with the old key will encounter error messages stating "Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature."To address this issue, the Kali Linux repository was frozen on February 18th. "In the coming day(s), pretty much every Kali system out there will fail to update," OffSec warned. "This is not only you, this is for everyone, and this is entirely our fault."To avoid update failures, users are advised to manually download and install the new repository signing key by running the command: sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpgFor users unwilling to manually update the keyring, OffSec recommends reinstalling Kali using images that include the updated keyring.This isn't the first time Kali Linux users have faced such issues. A similar incident occurred in February 2018 when developers allowed the GPG key to expire, also requiring manual updates from users.CISOs Advised to Secure Personal Protections Against Scapegoating and Whistleblowing Riskshttps://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727392520218001o5wvhttps://www.theregister.com/2025/04/28/ciso_rsa_whistleblowing/Chief Information Security Officers should negotiate personal liability insurance and golden parachute agreements when starting new roles to protect themselves in case of organizational conflicts, according to a panel of security experts at the RSA Conference.During a session on CISO whistleblowing, experienced security leaders shared cautionary tales and strategic advice for navigating the increasingly precarious position that has earned the role the nickname "chief scapegoat officer" in some organizations.Dd Budiharto, former CISO at Marathon Oil and Philips 66, revealed she was once fired for refusing to approve fraudulent invoices for work that wasn't delivered. "I'm proud to say I've been fired for not being willing to compromise my integrity," she stated. Despite losing her position, Budiharto chose not to pursue legal action against her former employer, a decision the panel unanimously supported as wise to avoid industry blacklisting.Andrew Wilder, CISO of veterinarian network Vetcor, emphasized that security executives should insist on two critical insurance policies before accepting new positions: directors and officers insurance (D&O) and personal legal liability insurance (PLLI). "You want to have personal legal liability insurance that covers you, not while you are an officer of an organization, but after you leave the organization as well," Wilder advised.Wilder referenced the case of former Uber CISO Joe Sullivan, noting that Sullivan's Uber-provided PLLI covered PR costs during his legal proceedings following a data breach cover-up. He also stressed the importance of negotiating severance packages to ensure whistleblowing decisions can be made on ethical rather than financial grounds.The panelists agreed that thorough documentation is essential for CISOs. Herman Brown, CIO for San Francisco's District Attorney's Office, recommended documenting all conversations and decisions. "Email is a great form of documentation that doesn't just stand for 'electronic mail,' it also stands for 'evidential mail,'" he noted.Security leaders were warned to be particularly careful about going to the press with complaints, which the panel suggested could result in even worse professional consequences than legal action. Similarly, Budiharto cautioned against trusting internal human resources departments or ethics panels, reminding attendees that HR ultimately works to protect the company, not individual employees.The panel underscored that proper governance, documentation, and clear communication with leadership about shared security responsibilities are essential practices for CISOs navigating the complex political and ethical challenges of their role.WhatsApp Launches Advanced Chat Privacy to Safeguard Sensitive Conversationshttps://blog.whatsapp.com/introducing-advanced-chat-privacyWhatsApp has rolled out a new "Advanced Chat Privacy" feature designed to provide users with enhanced protection for sensitive information shared in both private and group conversations.The new privacy option, accessible by tapping on a chat name, aims to prevent the unauthorized extraction of media and conversation content. "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp announced in its release.When enabled, the feature blocks other users from exporting chat histories, automatically downloading media to their devices, and using messages for AI features. According to WhatsApp, this ensures "everyone in the chat has greater confidence that no one can take what is being said outside the chat."The company noted that this initial version is now available to all users who have updated to the latest version of the app, with plans to strengthen the feature with additional protections in the future. However, WhatsApp acknowledges that certain vulnerabilities remain, such as the possibility of someone photographing a conversation screen even when screenshots are blocked.This latest privacy enhancement continues WhatsApp's long-standing commitment to user security, which began nearly seven years ago with the introduction of end-to-end encryption. The platform has steadily expanded its privacy capabilities since then, implementing end-to-end encrypted chat backups for iOS and Android in October 2021, followed by default disappearing messages for new chats in December of the same year.More recent security updates include chat locking with password or fingerprint protection, a Secret Code feature to hide locked chats, and location hiding during calls by routing connections through WhatsApp's servers. Since October 2024, the platform has also encrypted contact databases for privacy-preserving synchronization.Meta reported in early 2020 that WhatsApp serves more than two billion users across over 180 countries, making these privacy enhancements significant for a substantial portion of the global messaging community.Samsung Confirms Security Vulnerability in Galaxy Devices That Could Expose Passwordshttps://us.community.samsung.com/t5/Suggestions/Implement-Auto-Delete-Clipboard-History-to-Prevent-Sensitive/m-p/3200743Samsung has acknowledged a significant security flaw in its Galaxy devices that potentially exposes user passwords and other sensitive information stored in the clipboard.The issue was brought to light by a user identified as "OicitrapDraz" who posted concerns on Samsung's community forum on April 14. "I copy passwords from my password manager all the time," the user wrote. "How is it that Samsung's clipboard saves everything in plain text with no expiration? That's a huge security issue."In response, Samsung confirmed the vulnerability, stating: "We understand your concerns regarding clipboard behavior and how it may affect sensitive content. Clipboard history in One UI is managed at the system level." The company added that the user's "suggestion for more control over clipboard data—such as auto-clear or exclusion options—has been noted and shared with the appropriate team for consideration."One UI is Samsung's customized version of Android that runs on Galaxy smartphones and tablets. The security flaw means that sensitive information copied to the clipboard remains accessible in plain text without any automatic expiration or encryption.As a temporary solution, Samsung recommended that users "manually clear clipboard history when needed and use secure input methods for sensitive information." This stopgap measure puts the burden of security on users rather than providing a system-level fix.Security experts are particularly concerned now that this vulnerability has been publicly acknowledged, as it creates a potential "clipboard wormhole" that attackers could exploit to access passwords and other confidential information on affected devices. Users of Samsung Galaxy devices are advised to exercise extreme caution when copying sensitive information until a more comprehensive solution is implemented.Former Disney Menu Manager Sentenced to 3 Years for Malicious System Attackshttps://www.theregister.com/2025/04/29/former_disney_employee_jailed/A former Disney employee has received a 36-month prison sentence and been ordered to pay nearly $688,000 in fines after pleading guilty to sabotaging the entertainment giant's restaurant menu systems following his termination.Michael Scheuer, a Winter Garden, Florida resident who previously served as Disney's Menu Production Manager, was arrested in October and charged with violating the Computer Fraud and Abuse Act (CFAA) and committing aggravated identity theft. He accepted a plea agreement in January, with sentencing finalized last week in federal court in Orlando.According to court documents, Scheuer's June 13, 2024 termination from Disney for misconduct was described as "contentious and not amicable." In July, he retaliated by making unauthorized access to Disney's Menu Creator application, hosted by a third-party vendor in Minnesota, and implementing various destructive changes.The attacks included replacing Disney's themed fonts with Wingdings, rendering menus unreadable, and altering menu images and background files to display as blank white pages. These changes propagated throughout the database, making the Menu Creator system inoperable for one to two weeks. The damage was so severe that Disney has since abandoned the application entirely.Particularly concerning were Scheuer's alterations to allergen information, falsely indicating certain menu items were safe for people with specific allergies—changes that "could have had fatal consequences depending on the type and severity of a customer's allergy," according to the plea agreement. He also modified wine region labels to reference locations of mass shootings, added swastika graphics, and altered QR codes to direct customers to a website promoting a boycott of Israel.Scheuer employed multiple methods to conduct his attacks, including using an administrative account via a Mullvad VPN, exploiting a URL-based contractor access mechanism, and targeting SFTP servers that stored menu files. He also conducted denial of service attacks that made over 100,000 incorrect login attempts, locking out fourteen Disney employees from their enterprise accounts.The FBI executed a search warrant at Scheuer's residence on September 23, 2024, at which point the attacks immediately ceased. Agents discovered virtual machines used for the attacks and a "doxxing file" containing personal information on five Disney employees and a family member of one worker.Following his prison term, Scheuer will undergo three years of supervised release with various conditions, including a prohibition on contacting Disney or any of the individual victims. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Gimp 3 is finally here, after 7,10, 13, or 20 years of waiting, depending on who you ask. Blender 4.4 and Calibre 8 are out, Fedora 42 goes Beta, and Gnome 48 is available. Firefox finally brings back PWA, Linux 6.15 fixes a de-randomized security misfeature, and Asahi Lina has stepped back from Linux GPU development. For tips, we have the ifne command for if not empty, pw-metadata for getting and setting options in Pipewire, Lutris and Gamescope for running old Wine games on high resolution displays, and talk for old school text chatting in a terminal. You can find the show notes at https://bit.ly/41QPaBp and have a great week! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Jeff Massie, and Ken McDonald Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

video: https://youtu.be/DVABDjehaWM Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, there is just so much to talk about that we couldn't fit it all in the show. It is just a stacked week. And we're going to be starting things off with GNOME 48. That was released this week. Also, GIMP 3.0 was released. There's a new version of Kali Linux that's out. SteamOS 3.7.0 Preview has been released from Valve. And Pebble Watches are back. All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and open source world. So let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/5fb98f6c-a929-481f-8957-84b4ebecfb7f.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:41 GNOME 48 Released 06:08 GIMP 3.0 Released 12:08 Enlightenment 0.27.1 Released 14:31 Sandfly Security, agentless Linux security [ad] 16:26 elementary OS 8.0.1 Released 19:34 Two New PebbleOS Watches 24:00 Kali Linux 2025.1a Released 28:11 SteamOS 3.7.0 Preview Released 32:06 Support the show Links: GNOME 48 Released https://release.gnome.org/48/ (https://release.gnome.org/48/) https://youtu.be/F_JSFOo1LKQ (https://youtu.be/F_JSFOo1LKQ) GIMP 3.0 Released https://www.gimp.org/ (https://www.gimp.org/) https://www.gimp.org/news/2025/03/16/gimp-3-0-released/ (https://www.gimp.org/news/2025/03/16/gimp-3-0-released/) https://github.com/Diolinux/PhotoGIMP (https://github.com/Diolinux/PhotoGIMP) https://youtu.be/BQrW3hdrzH0 (https://youtu.be/BQrW3hdrzH0) Enlightenment 0.27.1 Released https://www.enlightenment.org/ (https://www.enlightenment.org/) https://www.enlightenment.org/news/2025-03-14-enlightenment-0.27.1 (https://www.enlightenment.org/news/2025-03-14-enlightenment-0.27.1) Sandfly Security, agentless Linux security [ad] https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) elementary OS 8.0.1 Released https://blog.elementary.io/os-8-0-1-available-now/ (https://blog.elementary.io/os-8-0-1-available-now/) Two New PebbleOS Watches https://ericmigi.com/blog/introducing-two-new-pebbleos-watches (https://ericmigi.com/blog/introducing-two-new-pebbleos-watches) https://store.repebble.com/ (https://store.repebble.com/) Kali Linux 2025.1a Released https://www.kali.org/blog/kali-linux-2025-1-release/ (https://www.kali.org/blog/kali-linux-2025-1-release/) Xfce 4.20 https://thisweekinlinux.com/291 (https://thisweekinlinux.com/291) KDE Plasma 6.2 https://thisweekinlinux.com/281 (https://thisweekinlinux.com/281) 6.1 https://thisweekinlinux.com/268 (https://thisweekinlinux.com/268) 6.0 https://thisweekinlinux.com/255 (https://thisweekinlinux.com/255) SteamOS 3.7.0 Preview Released https://steamcommunity.com/games/1675200/announcements/detail/529841158837240757 (https://steamcommunity.com/games/1675200/announcements/detail/529841158837240757) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)

This week Eric Hendricks joins us to help us solve problems, and bring some insight to RHEL 10 beta! -- During The Show -- 00:52 Intro Eric Hendricks ITGuyEric Red Hat Technical Marketer Fedora Podcast Host Steve's PSA - Spook (https://spook.boo/) Entities Other problems Help Steve Out - Firefox and authenticated proxy Mac OS breaking open source Gatekeeper 20:05 Threema for Messaging - Michael Technology is a tool for relationships Paid app Designed for private communication Checks a lot of boxes Network effect threematrix (https://github.com/bitbetterde/Threematrix) not updated recently Beeper 31:30 7 Inch Touch Screen Make the touch screen the primary display USB cable emulates a mouse Crash cart tech 35:07 News Wire Gnome 46.7 - gnome.org (https://discourse.gnome.org/t/gnome-46-7-released/25560) KDE Frameworks 6.9 - kde.org (https://kde.org/announcements/frameworks/6/6.9.0/) KDE Gear 24.12 - kde.org (https://kde.org/announcements/gear/24.12.0/) XFCE 4.20 - github.io (https://alexxcons.github.io/blogpost_14.html) QEMU 9.2 - qemu.org (https://wiki.qemu.org/ChangeLog/9.2) CentOS Stream 10 - centos.org (https://blog.centos.org/2024/12/introducing-centos-stream-10/) Red Hat has announced that CentOS Stream 10 is available. Kali Linux 2024.4 - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/kali-linux-20244-released-with-14-new-tools-deprecates-some-features/) Fedora Asahi 41 - forbes.com (https://www.forbes.com/sites/jasonevangelho/2024/12/17/fedora-asahi-remix-41-released-linux-on-your-apple-silicon-mac/) Fedora Asahi Remix 41 Released Pumakit - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/new-stealthy-pumakit-linux-rootkit-malware-spotted-in-the-wild/) Open Source Malware - helpnetsecurity.com (https://www.helpnetsecurity.com/2024/12/11/open-source-malware/) Boltz-1 - mit.edu (https://news.mit.edu/2024/researchers-introduce-boltz-1-open-source-model-predicting-biomolecular-structures-1217) 36:30 Self Hosting Hiccups SwiftFin app Jellyfin (https://jellyfin.org/) Nextcloud photo sync PhotoSync app Infuse app had to update the server side infuse plugin Immich (https://immich.app/) 47:10 RHEL 10 Public Beta Do Not install in production Relation between RHEL 10 Beta and CentOS 10 Special Interest Groups (SIGs) Get it for free with a developer account -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/420) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Eric Hendricks.

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠ --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support

video: https://youtu.be/ow1S0hWk0E0 On this weeks episode we're going to discuss malware that's so ruthless it's ready for a street fight. Welcome to Destination Linux, where we discuss the latest news, hot topics, gaming, mobile, and all things Open Source & Linux. Also this week, we're going to discuss Pentesting distro tools and running full Linux on your Android. Plus we got some Linux Gaming, and our Software Spotlight, and more. Now let's get this show on the road toward Destination Linux! Download as MP3 (https://aphid.fireside.fm/d/1437767933/32f28071-0b08-4ea1-afcc-37af75bd83d6/cb8b3a9a-06a5-438a-ab07-08c5f227e4ba.mp3) Support the show by becoming a patron at tuxdigital.com/membership (https://tuxdigital.com/membership) or get some swag at tuxdigital.com/store (https://tuxdigital.com/store) Hosted by: Ryan (DasGeek) = dasgeek.net (https://dasgeek.net) Jill Bryant = jilllinuxgirl.com (https://jilllinuxgirl.com) Michael Tunnell = michaeltunnell.com (https://michaeltunnell.com) Chapters: 00:00:00 Intro 00:01:02 Community Feedback 00:06:08 Kali Linux 00:22:25 News: New Malware Street Fighter Style 00:31:28 Hackers Target Teens 00:35:25 Spying Cars 00:38:02 Mobile News: Apple Gives Up On Pegasus Lawsuit 00:46:07 Gaming: Sword and Shield Idle 00:48:39 Software Spotlight: CSI Linux 00:56:01 Tip of the Week: Lindroid 01:00:16 Support the Show Links: Community Feedback https://tuxdigital.com/comments (https://tuxdigital.com/comments) https://tuxdigital.com/forum (https://tuxdigital.com/forum) Kali Linux https://www.kali.org/ (https://www.kali.org/) News: New Malware Street Fighter Style https://www.bleepingcomputer.com/news/security/new-linux-malware-hadooken-targets-oracle-weblogic-servers/ (https://www.bleepingcomputer.com/news/security/new-linux-malware-hadooken-targets-oracle-weblogic-servers/) https://www.scmagazine.com/news/akira-takes-in-42-million-in-ransom-payments-now-targets-linux-servers (https://www.scmagazine.com/news/akira-takes-in-42-million-in-ransom-payments-now-targets-linux-servers) Mobile News: Apple Gives Up On Pegasus Lawsuit https://www.moneycontrol.com/technology/apple-seeks-to-withdraw-legal-case-against-pegasus-spyware-creator-heres-why-article-12821708.html (https://www.moneycontrol.com/technology/apple-seeks-to-withdraw-legal-case-against-pegasus-spyware-creator-heres-why-article-12821708.html) Gaming: Sword and Shield Idle https://store.steampowered.com/app/2882710/SwordandShield_Idle/ (https://store.steampowered.com/app/2882710/Sword_and_Shield_Idle/) Software Spotlight: CSI Linux https://csilinux.com/ (https://csilinux.com/) https://hackernoon.com/csi-linux-linux-distribution-for-cyber-and-osint-investigation (https://hackernoon.com/csi-linux-linux-distribution-for-cyber-and-osint-investigation) Tip of the Week: Lindroid https://gist.github.com/AngelaCooljx/14ba722346da0479050be924d96e8c5e (https://gist.github.com/AngelaCooljx/14ba722346da0479050be924d96e8c5e) https://hackaday.com/2024/06/18/lindroid-promises-true-linux-on-android/ (https://hackaday.com/2024/06/18/lindroid-promises-true-linux-on-android/) Support the Show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://tuxdigital.com/store (https://tuxdigital.com/store) https://tuxdigital.com/discord (https://tuxdigital.com/discord)

video: https://youtu.be/_ZlIPhB-Fws Forum Discussion Thread (https://forum.tuxdigital.com/t/277-gnome-looks-for-leader-ubuntu-adds-snap-permissions-kali-linux-new-release-more-linux-news/6398) This week in Linux, we have a lot of cool news from the Ubuntu team announcing that they're going to have new Snap Permissions for users in 24.10. Also, the GNOME Foundation is doing a open search for their new Executive Director. And we have a lot of new releases, as well as some Linux gaming news with the Lutris creator joining the Playtron team. And we have a lot of Steam updates. All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and Open Source world. So let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/99876260-1a1e-4b3e-b854-8ca3334b7322.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:44 Ubuntu 24.10 to Enhance Snap Permissions Handling 06:27 GNOME Foundation Opens Search for New Executive Director 10:08 Linux Mint Tease ‘Improved' Default Cinnamon Theme 21:04 Kali Linux 2024.3 Released 25:53 Hyprland 0.43.0 Released 29:29 Lutris Creator joins Playtron for PlaytronOS 41:44 Steam Updates for Linux Gamers 46:30 Support the show Links: Ubuntu 24.10 to Enhance Snap Permissions Handling https://discourse.ubuntu.com/t/ubuntu-desktop-s-24-10-dev-cycle-part-5-introducing-permissions-prompting/47963 (https://discourse.ubuntu.com/t/ubuntu-desktop-s-24-10-dev-cycle-part-5-introducing-permissions-prompting/47963) GNOME Foundation Opens Search for New Executive Director https://foundation.gnome.org/2024/09/13/search-for-new-executive-director/ (https://foundation.gnome.org/2024/09/13/search-for-new-executive-director/) Linux Mint Tease ‘Improved' Default Cinnamon Theme https://blog.linuxmint.com/?p=4740 (https://blog.linuxmint.com/?p=4740) https://www.omgubuntu.co.uk/2024/09/linux-mint-new-default-cinnamon-theme-more (https://www.omgubuntu.co.uk/2024/09/linux-mint-new-default-cinnamon-theme-more) Kali Linux 2024.3 Released https://www.kali.org/blog/kali-linux-2024-3-release/ (https://www.kali.org/blog/kali-linux-2024-3-release/) Hyprland 0.43.0 Released https://hyprland.org/news/update43/ (https://hyprland.org/news/update43/) Lutris Creator joins Playtron for PlaytronOS https://www.patreon.com/posts/playtron-ubuntu-111705494 (https://www.patreon.com/posts/playtron-ubuntu-111705494) https://www.playtron.one/ (https://www.playtron.one/) Steam Updates for Linux Gamers https://steamcommunity.com/games/593110/announcements/detail/4599952112537386541 (https://steamcommunity.com/games/593110/announcements/detail/4599952112537386541) https://store.steampowered.com/news/app/593110/view/4605582245626919823 (https://store.steampowered.com/news/app/593110/view/4605582245626919823) https://www.gamingonlinux.com/2024/09/steam-families-has-officially-launched-with-a-big-steam-client-update/ (https://www.gamingonlinux.com/2024/09/steam-families-has-officially-launched-with-a-big-steam-client-update/) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://tuxdigital.com/store (https://tuxdigital.com/store)

Closed Network podcast Episode 37 -Surveillance, KYC, Data Breaches and Shennanigans * * * Show Notes Click Here! - https://forum.closednetwork.io/t/episode-37-collect-it-all-so-we-can-know-it-all/106 Website / Donations / Support - https://closednetwork.io Thank You Patreons! - Michael Bates - Privacy Bad Ass Richard G. - Privacy Bad Ass Support / Patreon / Donations: https://closednetwork.io/support/ BTC Lightning Donations - closednetwork@getalby.com TOP LIGHTNING BOOSTERS !!!! THANK YOU !!! - @bon - @wartiime - @sircussmedia - @lumor - @02zx - @sebas Thank You To Our Moderators: Unintelligentseven MaddestMax Join Our Matrix Channels! Main - https://matrix.to/#/#closedntwrk:matrix.org Off Topic - https://matrix.to/#/#closednetworkofftopic:matrix.org Join Our Mastodon server! https://closednetwork.social Follow Simon On The Socials Mastodon - https://closednetwork.social/@simon NOSTR - Public Address - npub186l3994gark0fhknh9zp27q38wv3uy042appcpx93cack5q2n03qte2lu2 Twitter - @ClosedNtwrk Email - simon@closednetwork.io * * * -- TOPICS -- Thomas Drake - NSA Whistleblower Exposing the NSA's Mass Surveillance of Americans | Cyberwar https://www.youtube.com/watch?v=tYVm62oEyWA News: - Federal Appeals Court Finds Geofence Warrants Are “Categorically” Unconstitutional https://www.eff.org/deeplinks/2024/08/federal-appeals-court-finds-geofence-warrants-are-categorically-unconstitutional Continued fallout from Snowflake hack - The biggest data breaches in 2024: 1 billion stolen records and rising https://techcrunch.com/2024/08/12/2024-in-data-breaches-1-billion-stolen-records-and-rising/?guccounter=1 Google Breaks Promise to Block Third-Party Cookies https://www.eff.org/deeplinks/2024/08/google-breaks-promise-block-third-party-cookies Switching from Windows to Linux https://ente.io/articles/switch-to-linux/ IT'S FOSS ! Open source tools to boost your productivity https://techcrunch.com/2024/08/11/a-not-quite-definitive-guide-to-open-source-alternative-software/ RockYou2024: 10 billion passwords leaked in the largest compilation of all time https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/ F*ck FireFox https://lunduke.locals.com/post/5871895/mozilla-firefox-goes-anti-privacy-pro-advertising https://www.mozilla.org/en-US/firefox/128.0/releasenotes/ Signal under fire for storing encryption keys in plaintext https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/ https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/ GrapheneOS Duress PIN/Password https://grapheneos.org/features#duress ChatGPT for Mac app flaw left users' chat history exposed https://www.bitdefender.com/blog/hotforsecurity/chatgpt-mac-app-flaw-left-users-history-exposed/ Windows Recall Remains Insecure, Researcher Says; Google Developing Similar Feature Latest Windows Recall preview remains vulnerable to cyberattacks, researcher says; Google plans similar feature for Pixel 9 devices. https://thecyberexpress.com/windows-recall-preview-remains-insecure/ Telecom Act Partially Notified: Govt to Get More Powers to Intercept and Stop Messages https://thewire.in/government/telecom-act-notified-partially-govt-to-get-more-powers-to-intercept-and-stop-messages On a brand new installation of Kali Linux, you can find the RockYou password list under: /usr/share/wordlists/rockyou.txt.gz To extract this list: gzip -d rockyou.txt.gz When the file is finished extracting, we should end up with: rockyou.txt https://www.sevenlayers.com/index.php/202-pentesting-101-passwords-and-wordlists

Welcome to Compromising Positions!The award-winning tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by Simon Painter a senior software engineer with nearly 20 years of experience in the industry and author of the book Functional Programming with C#.In this episode, There is no perfect cybersecurity but you could at least put a padlock on it! we look at how to get your first technical book published, what developers really need from the cybersecurity team (hint - its probability more than you are giving!) and what developers really think of security reviews!Key Takeaways:Everyone Has A Book In Them: Simon shares the 101 on how to get published with tech publishing legend, O'ReillyLearning Never Stops: Simon's MSc in Cybersecurity taught him that continuous learning is essential. If you're in a career rut, consider picking up a new skillBeyond Hackers: Infosec isn't just about thwarting hackers, sometimes it's about knowing what to do when someone ‘does a stupid!'No Padlocks, One Padlocks, 100 Padlocks, When Is it Enough?: Make yourself the ‘un-easy' target through automation tools like OWASP Zap, Burp Suite, and playing around with Kali Linux.Visibility And Collaboration For Happy Devs: Cybersecurity teams, step into the spotlight! Get involved in the code, engage with other teams, and demystify your work. Let's build bridges, not just firewalls!Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don't forget to ask yourself, ‘Am I the compromising position here?' Keywords: cybersecurity, devsecops, pentesting, kali linux, owasp, devs, software developmentSHOW NOTESSimon's Book, Functional Programming with C#Jeff's Book Recommendation, Grokking Artificial Intelligence AlgorithmsHow To Get The Community Edition of Immersive Labs (Try And Get Your Boss To Pay For The Full Thing - So Worth It!)Play Around With Hacking In a Safe Environment with HACK THE BOX and TRY HACK MEABOUT SIMON PAINTERWith nearly 20 years of software engineering experience across various industries, Simon is a Senior Software Developer at Müller UK & Ireland, one of the leading dairy companies in Europe. Simon is also a Microsoft Most Valuable Professional (MVP) since 2023, an O'Reilly technical book author, and a public speaker at IT events worldwide.His core competencies include C#, JavaScript, React.js, and Microsoft Azure, as well as ITIL and computer security.LINKS FOR SIMON PAINTERSimon's WebsiteSimon's Linkedin

https://youtu.be/VrAzEHPodrs Forum Discussion Thread (https://forum.tuxdigital.com/t/266-future-of-kde-kali-linux-kaspersky-virus-removal-more-linux-news/6257) This Week in Linux, we've got some exciting updates to share with you, from the growth of Linux in the gaming world to many new distro releases. We'll take a look at how you can shape the future of KDE and there's a new virus removal tool for Linux from the folks at Kaspersky. All of this and more on this episode so let's dive into Your Source for Linux GNews! Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/cce7f00b-a186-4af4-ad72-06ff7cf593cf.mp3) Sponsored by: LINBIT - thisweekinlinux.com/linbit (https://thisweekinlinux.com/linbit) Want to Support the Show? Become a Patron = https://tuxdigital.com/membership (https://tuxdigital.com/membership) Store = https://tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:30 Linux Over 2% on Steam Survey 02:14 You can help shape the Future of KDE 05:26 Kaspersky Virus Removal Tool for Linux 06:47 blendOS 4 Released 10:03 Kali Linux 2024.2 Released 11:58 Parrot OS 6.1 Released 13:36 Linux Mint will hide Unverified Flatpaks 17:20 NixOS 24.05 Released 19:22 Purism is “Profitable” . . . somehow

This Week in Linux, we've got some exciting updates to share with you, from the growth of Linux in the gaming world to many new distro releases. We'll take a look at how you can shape the future of KDE and there's a new virus removal tool for Linux from the folks at Kaspersky. All […]

We're breaking down the attack: how it works, how it was hidden, and why time was running out for the attacker.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:

Neste episódio, exploramos o dinâmico campo da cibersegurança, comparado a um jogo de xadrez onde equipes de Red e Blue desempenham papéis críticos na defesa e simulação de ataques cibernéticos. O Red Team foca em testar as defesas, utilizando uma gama de métodos e ferramentas, como phishing e Kali Linux, para identificar vulnerabilidades e aprimorar as medidas de segurança. Por outro lado, o Blue Team é responsável pela detecção, resposta e mitigação de ameaças, empregando tecnologias como inteligência artificial para melhorar a eficácia de suas estratégias. Jogos de guerra cibernéticos são destacados como exercícios essenciais, permitindo que as equipes simulem ataques em ambientes controlados, identifiquem lacunas nas defesas e aprimorem suas habilidades de detecção e resposta. A colaboração e o aprendizado contínuo entre as equipes, juntamente com o uso de tecnologias avançadas e o compromisso com a educação contínua, são enfatizados como elementos críticos para fortalecer a segurança digital e proteger os ativos digitais contra ameaças cibernéticas emergentes e futuras.

Stephen Sims shares his years of experience with us and shows us how we can make money hacking. But be careful - some of the options are not recommended. // Stephen's Social // YouTube: https://www.youtube.com/@OffByOneSecu... Twitter: / steph3nsims // Stephen Recommends // Programming Tools: Online Compiler, Visual Debugger, and AI Tutor for Python, Java, C, C++, and JavaScript: https://pythontutor.com/ PyCharm – Python IDE with Great IDA Pro Support:https://www.jetbrains.com/pycharm/ VS Code:https://code.visualstudio.com/ Patch Diffing: Windows Binary Index for Patch Diffing:https://winbindex.m417z.com/ BinDiff Tool for IDA Pro, Ghidra, or Binary Ninjahttps://www.zynamics.com/bindiff.html Diaphora Diffing Tool for IDA Prohttp://diaphora.re/ PatchExtract for Extracting MS Patches from MSU Formathttps://gist.github.com/wumb0/306f97d... Vulnerable Things to Hack HackSys Extreme Vulnerable Driver:https://github.com/hacksysteam/HackSy... WebGoat – Deliberately Insecure Application:https://owasp.org/www-project-webgoat/ Damn Vulnerable Web App:https://github.com/digininja/DVWA Buggy Web App:http://itsecgames.com/ Gruyere Cheesy Web App:https://google-gruyere.appspot.com/ Metasploitable:https://sourceforge.net/projects/meta... Damn Vulnerable iOS App:https://resources.infosecinstitute.co... OWASP Multillidae:https://github.com/webpwnized/mutillidae Online CTF's and Games: SANS Holiday Hack 2023 and Prior:https://www.sans.org/mlp/holiday-hack... https://www.holidayhackchallenge.com/... CTF Time – A great list of upcoming and previous CTF's!:https://ctftime.org/ YouTube Channels: / @davidbombal / @nahamsec / @offbyonesecurity / @_johnhammond / @ippsec https://www.youtube.com/@LiveOverflow... Free Learning Resources: SANS Free Resources – Webcasts, Whitepapers, Posters & Cheat Sheets, Tools, Internet Storm Center:https://www.sans.org/security-resources/ Shellphish - Heap Exploitation:https://github.com/shellphish/how2heap Exploit Database - Downloadable Vulnerable Apps and Corresponding Exploits:https://www.exploit-db.com/ Google Hacking Database (GHDB):https://www.exploit-db.com/google-hac... Google Cybersecurity Certificate:https://grow.google/certificates/cybe... Phrack Magazine:http://www.phrack.org/ Kali Linux:https://www.kali.org/get-kali/#kali-p... Slingshot Linux:https://www.sans.org/tools/slingshot/ Books & Articles: Gray Hat Hacking Series: https://amzn.to/3B1FeIK Hacking: The Art of Exploitation: https://amzn.to/3Us9Uts A Guide to Kernel Exploitation: https://amzn.to/3vfY8vu Smashing the Stack for Fun and Profit – Old, but a classic:https://inst.eecs.berkeley.edu/~cs161... Understanding Windows Shellcode – Old, but still good:https://www.hick.org/code/skape/paper... Great list of exploitation paper links from Shellphish!:https://github.com/shellphish/how2hea... // Stephen's previous videos with David // Free Exploit development training (beginner and advanced) • How to make Millions $$$ hacking zero... Buffer Overflow Hacking Tutorial (Bypass Passwords): • Buffer Overflow Hacking Tutorial (Byp... // David's SOCIAL // Discord: / discord X / Twitter: / davidbombal Instagram: / davidbombal LinkedIn: / davidbombal Facebook: / davidbombal.co TikTok: / davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos: sponsors@davidbombal.com apple ios android samsung exploit exploit development zero day 0day 1day dark web microsoft macos apple linux kali linux Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #android #ios #hacker

On this episode of TWIL (245), there is a new version of the Cinnamon desktop. KDE have announced the first Beta release of Plasma 6. Kali Linux has their end of the year release out. There is a new organization to further the development of AI in an open way. All of this and more […]

https://youtu.be/smYYJoiBe9s Forum Discussion Thread (https://forum.tuxdigital.com/t/245-cinnamon-desktop-kde-plasma-6-kali-linux-ai-alliance-23andme-hacked-amp-more-linux-news/6098) On this episode of TWIL (245), there is a new version of the Cinnamon desktop. KDE have announced the first Beta release of Plasma 6. Kali Linux has their end of the year release out. There is a new organization to further the development of AI in an open way. All of this and more on this episode of This Week in Linux, Your Source for Linux GNews! Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/6e78761f-ceb7-4e63-a3d2-7293df1dd637.mp3) Supported by: LINBIT = https://thisweekinlinux.com/linbit Want to Support the Show? Become a Patron = https://tuxdigital.com/membership Store = https://tuxdigital.com/store Chapters: 00:00 TWIL 245 Intro 00:28 Cinnamon 6.0 Desktop Released - [ link (https://blog.linuxmint.com/?p=4604) ] 02:11 KDE Plasma 6 Beta 1 Released - [ link (https://kde.org/announcements/megarelease/6/beta1/) ] 05:01 Kali Linux 2023.4 Released - [ link (https://www.kali.org/blog/kali-linux-2023-4-release/) ] 06:36 Global AI Alliance Announced - [ link (https://thealliance.ai/) ] 08:22 LINBIT - [ link (https://thisweekinlinux.com/linbit) ] 09:47 Zorin OS 17 Beta Released - [ link (https://blog.zorin.com/2023/12/04/a-sneak-peek-at-zorin-os-17/) ] 12:52 NixOS 23.11 Released - [ link (https://nixos.org/blog/announcements) ] 14:07 Red Hat's Work to Improve XWayland - [ link (https://www.phoronix.com/news/xwayland-run) ] 16:14 23AndMe Hacked - [ link (accessed-significant-number-of-files-about-users-ancestry/) ] 18:22 Steam Linux Marketshare Surges to Nearly 2% in November - [ link (https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam) ] 20:25 Outro

Can we save an old Arch install? We'll attempt a live rescue, then get into our tips for keeping your old Linux install running great.

In dieser Folge des c't uplink erzählen die Redakteure Niklas Dierking und Ronald Eikenberg, was man für Möglichkeiten hat, um mit Raspis eigene Hacking-Gadgets zu bauen. Denn: Damit hat man nicht nur Bastelspaß, sondern lernt und versteht auch ganz nebenbei, wie diverse Angriffstechniken eigentlich funktionieren. Die Palette reicht dabei vom selbstgebauten Hotspot mit Captive Portal auf Basis eines Raspberry Pi Pico W über individuell konfigurierbare BadUSB-Dongles mit Raspi Zero W bis hin zum Raspi 400 als Universalwerkzeug mit Kali Linux. Hilfreich sind diese Projekte nicht nur, um die eigenen (und nur die eigenen!) Systeme auf Lücken abzuklopfen, sondern auch für Mitarbeiterschulungen und Vorträge. Unser Titelthema "Hacker-Projekte mit Raspi" finden Sie in c't 27/2023.

In dieser Folge des c't uplink erzählen die Redakteure Niklas Dierking und Ronald Eikenberg, was man für Möglichkeiten hat, um mit Raspis eigene Hacking-Gadgets zu bauen. Denn: Damit hat man nicht nur Bastelspaß, sondern lernt und versteht auch ganz nebenbei, wie diverse Angriffstechniken eigentlich funktionieren. Die Palette reicht dabei vom selbstgebauten Hotspot mit Captive Portal auf Basis eines Raspberry Pi Pico W über individuell konfigurierbare BadUSB-Dongles mit Raspi Zero W bis hin zum Raspi 400 als Universalwerkzeug mit Kali Linux. Hilfreich sind diese Projekte nicht nur, um die eigenen (und nur die eigenen!) Systeme auf Lücken abzuklopfen, sondern auch für Mitarbeiterschulungen und Vorträge. Mit dabei: Niklas Dierking, Ronald Eikenberg Moderation: Jan Schüßler Unser Titelthema "Hacker-Projekte mit Raspi" finden Sie in c't 27/2023.

In dieser Folge des c't uplink erzählen die Redakteure Niklas Dierking und Ronald Eikenberg, was man für Möglichkeiten hat, um mit Raspis eigene Hacking-Gadgets zu bauen. Denn: Damit hat man nicht nur Bastelspaß, sondern lernt und versteht auch ganz nebenbei, wie diverse Angriffstechniken eigentlich funktionieren. Die Palette reicht dabei vom selbstgebauten Hotspot mit Captive Portal auf Basis eines Raspberry Pi Pico W über individuell konfigurierbare BadUSB-Dongles mit Raspi Zero W bis hin zum Raspi 400 als Universalwerkzeug mit Kali Linux. Hilfreich sind diese Projekte nicht nur, um die eigenen (und nur die eigenen!) Systeme auf Lücken abzuklopfen, sondern auch für Mitarbeiterschulungen und Vorträge. Mit dabei: Niklas Dierking, Ronald Eikenberg Moderation: Jan Schüßler Unser Titelthema "Hacker-Projekte mit Raspi" finden Sie in c't 27/2023.

Link to blog post This week's Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Howard Holton, CTO, GigaOm Thanks to today's episode sponsor, OffSec OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve All links and the video of this episode can be found on CISO Series.com  

US most breached country last quarter OpenAI blames DDoS attacks for ongoing ChatGPT outages Clop exploits SysAid vulnerability Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more.  Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.

US launches “Shields Ready” campaign Microsoft and Meta announced AI imagery rules App Defense Alliance moves under the Linux Foundation Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company's security. Sign up now at offsec.com/evolve

Singapore's Marina Bay Sands customer data stolen in cyberattack Atlassian bug escalated to 10.0 severity Fake Ledger Live app steals over $700,000 in crypto Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more.  Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, visit CISOseries.com.

Android Dropper-as-a-Service Bypasses Google's Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company's security. Sign up now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.

Okta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more.  Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.

Support the show

SHOW NOTES ►► https://tuxdigital.com/podcasts/this-week-in-linux/twil-231/

On This Week in Linux (231), we've got a jam-packed show for you. Libre Office 7.6 and Bodhi Linux 7.0 have been announced. Hold onto your hats, whatever color they may be, because Kali Linux 2023.3 is out. Then in desktop news, Budgie Desktop 10.8 has been released and we got some news for the […]

Today, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check episode #449 for more info on building your Kali preseed file, but essentially the last line in my file runs a kali.sh script to download/install all the pentest tools I want. The "missing link" part is I figured out how to get Kali to reboot and then run a script one time to complete all the post-install stuff. So at the bottom of my kali.sh is this: sudo wget https://somesite/kali-docker.sh -O /opt/kali-docker.sh sudo chmod +x /opt/kali-docker.sh sudo touch /flag sudo wget https://somesite/docker.service -O /etc/systemd/system/mydocker.service sudo systemctl daemon-reload sudo systemctl enable mydocker.service The contents of docker.service are: [Unit] Description=Docker install [Service] Type=simple ExecStart=/opt/kali-docker.sh [Install] WantedBy=multi-user.target The beginning and end snippets of kali-docker.sh are: #!/bin/bash flag_file="/flag" if [ -e "$flag_file" ]; then # get bbot sudo docker run -it blacklanternsecurity/bbot:stable --help # Do a bunch of other install things... rm "$flag_file" else echo "Script already ran before. Exiting" fi So essentially the work flow is: kali.sh runs, downloads and installs kali-docker.sh, and also installs a service that runs kali-docker.sh on each reboot. But when kali-docker.sh runs, it checks for the presence of a file called /flag. If /flag exists, all the post-install commands will run. If it does not exist, those commands won't run. Simple, yet genius I think!

This week Lamine Lachhab the Chief technical officer for the Scottish government joins the Ask Noah Show and we discuss open source and open data with the Scottish government. -- During The Show -- Last Week Electrical storm took out the studio Telos (https://www.telosalliance.com/) was amazing! Sorry about last week 01:50 Secure Phone and Apps - Larry Unplugged Up Phone (https://www.unplugged.com/upphone/) Great website Say the right things No details Start with GrapheneOS (https://grapheneos.org/) or LineageOS (https://lineageos.org/) 07:30 Kdenlive Snaps vs DEB - Rick Snap version of Kdenlive Unstable Similar experiences Altispeed has largely switched to Flatpak Like the idea of sandboxing Possible advantages of universal packages Please report upstream 16:48 Zyxel Switch - Charlie Zyxel Switch No support contracts Good "budget brand" Zyxel went down "cloud rabbit hole" TP Link makes good stuff Amazon Link (https://www.amazon.com/12-Port-Gigabit-Managed-Multi-Gig-XGS1210-12/dp/B084MH9P8Q/) 20:48 News Wire Wine 8.9 Gaming On Linux (https://www.gamingonlinux.com/2023/05/wine-89-released-with-more-pe-work-mono-80-and-more-wayland-updates/) GCC 11.4 GCC (https://gcc.gnu.org/pipermail/gcc/2023-May/241698.html) Linux 6.3.5 6.3.5 (https://www.phoronix.com/news/Linux-6.3.5-Released) MicroOS Desktop Open Suse (https://microos.opensuse.org/blog/2023-05-27-microOS-Desktop-is-changing-names/) Kali Linux 2023.2 Kali Blog (https://www.kali.org/blog/kali-linux-2023-2-release/) Fedora Onyx Gaming On Linux (https://www.gamingonlinux.com/2023/05/fedora-onyx-voted-in-as-a-new-official-fedora-linux-immutable-variant/) Qubes Fedora Templates Qubes OS (https://www.qubes-os.org/news/2023/05/26/fedora-38-templates-available/) CIQ Support HPC Wire (https://www.hpcwire.com/off-the-wire/ciq-extends-enterprise-grade-support-for-rocky-linux-9-2-and-8-8/) GobRAT The Hacker News (https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html) Falcon LLM Reuters (https://www.reuters.com/technology/abu-dhabi-makes-its-falcon-40b-ai-model-open-source-2023-05-25/) SambaNOVA SambaNova (https://sambanova.ai/blog/introducing-bloomchat-176b-the-multilingual-chat-based-llm/) 22:48 Lemine Lemke Interview Chief Technical Officer for the Scottish Government Funding agriculture How data and technology play a role How does open source play a role? Is open source an advantage or disadvantage in government? Open Data Examples of open data success What did open data enable the citizens to do? Where there issues with false data? Open source and education Oil to Wind NIMBYism Scottish Space Port 41:41 Podman Desktop Who is the target? Discover-ability is better in a UI Man Pages Container "long view" Containers and universal packaging overlap Red Hat Blog (https://www.redhat.com/en/blog/podman-desktop-10-next-gen-container-management-solution-streamlining-developers-container-operations) South East Linux Fest June 9th - 11th Join the Matrix Space Still looking for volunteers! -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/338) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

SHOW NOTES ►► https://tuxdigital.com/podcasts/this-week-in-linux/twil-220/

On this episode of This Week in Linux, we talk about my SCALE 20x Experience, the release of GNOME 44, Red Hat celebrating their 30th Anniversary, Kali Linux also celebrating a milestone and so much more on Your Weekly Source for Linux GNews! Chapters

Joe and Ray discuss how OSINT is used in offensive security scenarios, focusing on the importance of doing in-depth research. In order to properly use OSINT, Ray explains that it is essential to identify and map out the risks associated with an organization, as well as to do research to understand the company's structure, assets, and resources. He emphasizes that it is important to look at where the information lies, in order to get an idea of who the key people are within an organization. This could include looking for patterns in social media accounts, websites, and other sources to uncover insight on those individuals. Ray also advises that when doing the legwork, it is important to not only look at public sources, but to dig deeper. By using OSINT, companies can better understand their adversaries and develop a more effective security strategy. He further explains that it is important to constantly monitor the situation, as adversaries often change their tactics or target different areas. With the right tools and strategies in place, organizations can stay one step ahead of potential threats and be better prepared to respond. Links Discussed: Dehashed: https://www.dehashed.com HaveIBeenPwned: https://www.haveibeenpwned.com SecurityTrails: https://www.securitytrails.com View DNS: https://www.viewdns.info DNS Dumpster: https://www.dnsdumpster.com Snapchat Map: https://map.snapchat.com Trace Labs Kali: https://www.tracelabs.org/initiatives/osint-vm Raspberry Pis: https://www.raspberrypi.com/ Free Digital Ocean Credit: https://m.do.co/c/ab5f75969c8a Phone Infoga: https://github.com/sundowndev/phoneinfoga CSI Linux: https://csilinux.com/ Flare VM: https://github.com/mandiant/flare-vm Parrot OS: https://www.parrotsec.org/ Kali Linux: https://www.kali.org/ Axiom: https://github.com/pry0cc/axiom SANS SIFT: https://www.sans.org/tools/sift-workstation/ Volatility Framework: https://www.volatilityfoundation.org/ Shodan: https://www.shodan.io Michael Bazzell's Extreme Privacy: https://inteltechniques.com/book7.html Michael Bazzell's Website: https://inteltechniques.com/ Joe's Podcast with Michael Bazzell: https://osint.mobi/michael-bazzell-podcast Joe's Podcast with Justin Seitz: https://osint.mobi/justin-seitz-podcast Justin Seitz's Hunchly: https://www.hunchly.com Justin Seitz's Python for OSINT Training: https://www.automatingosint.com Imagga: https://imagga.com/ Infoga: https://github.com/The404Hacking/Infoga Joe's Podcast with Joe Vest: https://osint.mobi/red-team-podcast Contacting Rey: Twitter: https://twitter.com/reybango The OSINTion Links: https://linktr.ee/TheOSINTion Twitch: https://twitch.tv/theosintion YouTube: https://osint.mobi/youtube The OSINTion Training: On-Demand: https://academy.theosintion.com Live Training: https://www.theosintion.com/courses --- Send in a voice message: https://podcasters.spotify.com/pod/show/the-osintion/message Support this podcast: https://podcasters.spotify.com/pod/show/the-osintion/support

This hour we dig into Apple's encryption plan, a new version of KdenLive is out, Tor Bundled for Ukraine, and a new open source platform connects those in need with resources in their area. -- During The Show -- 00:45 Dakota's Weather Roads are ice rinks 02:15 2 Questions: IR Remote & Waking From Sleep - Gary IR Remote $150 or less buy used Used URC 450 Remote RF Base Mouse/Keyboard Waking up computer Different levels of sleep Reach out to System76 08:05 Email Management? - Heath Filter email as it comes in 11:40 Managing Multiple Online Accounts - Brandon Podman run per client podman run -d --name=client1-browser --security-opt seccomp=unconfined `#optional` -e PUID=1000 -e PGID=1000 -p 3000:3000 -v /path/to/config:/config --shm-size="1gb" --restart unless-stopped lscr.io/linuxserver/firefox:latest Multi Account Containers (https://support.mozilla.org/en-US/kb/containers) Noah's System 20:26 Minetest Feedback - Heidi Mine Test Liberapay (https://liberapay.com/celeron55/) Mine Test Mastodon (https://fosstodon.org/@Minetest) 22:40 News Wire Open Source on the Rise Yahoo (https://finance.yahoo.com/news/finos-survey-87-financial-services-140000199.html) ChatGPT can Hallucinate ARS Technica (https://arstechnica.com/information-technology/2022/12/openais-new-chatbot-can-hallucinate-a-linux-shell-or-calling-a-bbs/) CIQ Hires 2 People PR Web (https://www.prweb.com/releases/ciq_expands_open_source_expertise_with_two_new_hires_as_a_part_of_continued_growth/prweb19068971.htm) CERN & Fermilab Adopt Alma Linux The Register (https://www.theregister.com/2022/12/08/cern_fermilab_almalinux/) Komodo IDE EOL but Released as Open Source Its Foss (https://news.itsfoss.com/komodo-ide-open-source/) Homebrew Raises $9M for Tea Tech Crunch (https://techcrunch.com/2022/12/06/from-the-creator-of-homebrew-tea-raises-8-9m-to-build-a-protocol-that-helps-open-source-developers-get-paid/) New Crypto Jacking Malware Duo (https://duo.com/decipher/new-chaos-malware-targets-windows-and-linux-devices) New CXL Code submitted to Linux 6.2 Phoronix (https://www.phoronix.com/news/CXL-Linux-6.2) Unciv headed to Steam Gaming on Linux (https://www.gamingonlinux.com/2022/12/unciv-the-open-source-remake-of-civilization-v-is-heading-to-steam/) Kali Linux 2022.4 Bleeping Computer (https://www.bleepingcomputer.com/news/security/kali-linux-20224-adds-6-new-tools-azure-images-and-desktop-updates/) OpenShot 3.0 Open Shot (https://www.openshot.org/blog/2022/12/10/new_openshot_release_300/) Blender 3.4 Blender (https://wiki.blender.org/wiki/Reference/Release_Notes/3.4) Digikam 7.9 Digikam (https://www.digikam.org/news/2022-12-05-7.9.0_release_announcement/) KDE Gear 22.12 KDE (https://kde.org/announcements/gear/22.12.0/) Tor Browser 12.0 Tor Project (https://blog.torproject.org/new-release-tor-browser-120/) QT 6.5 David's Blog (https://blog.david-redondo.de/qt/kde/2022/12/09/wayland-native-interface.html) KaOS 2202.12 Linux IAC (https://linuxiac.com/kaos-2022-12/) Rocky Linux 9.1 Rocky Linux (https://rockylinux.org/news/rocky-linux-9-1-ga-release/) Linux 6.1 LTS Its Foss (https://news.itsfoss.com/linux-kernel-6-1-release/) New System76 Launch Keyboard System76 (https://system76.com/accessories/launch_heavy_sa_1/configure) 26:10 St. Vincent de Paul Web Site (https://stdepaul.org/) Web site to help homeless people Entire site is FOSS Invites people to make changes Reddit Post (https://www.reddit.com/r/opensource/comments/zkn7fa/an_attempt_to_significantly_reduce_homelessness/) Actively looking for help 100% of donations go to those in need Do you have a FOSS project that helps people? 36:25 Kdenlive 22.12 Release Announcement (https://kdenlive.org/en/2022/12/kdenlive-22-12-released/) OMG Ubuntu Article (https://www.omgubuntu.co.uk/2022/12/kdenlive-22-12-released) New Guide Marker System Remove white space feature Lots of other upgrades and features 43:14 Linux Libre 6.1 9 to 5 Linux (https://9to5linux.com/gnu-linux-libre-6-1-arrives-as-a-100-free-kernel-for-software-freedom-lovers) Completely "free" Linux Adjusts several drivers Deblobs several drivers Write in on why you use this 47:30 Tor Bundled for Ukraine Tor Project (https://blog.torproject.org/new-release-tor-browser-120/) EFF Cover Your Tracks (https://coveryourtracks.eff.org/) The Register (https://www.theregister.com/2022/12/12/tor_browser_12_released/) Albanian and Ukrainian support Tor vs VPN 53:11 Apple Rolls Encryption for iCloud EFF (https://www.eff.org/deeplinks/2022/12/victory-apple-commits-encrypting-icloud-and-drops-phone-scanning-plans) Do you trust Apple? -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/316) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

It's 5:05, on Monday, December 12 , 2022. This is your daily update of open source and cybersecurity news.This is Pokie Huang, coming from the 5:05 offices in New York City. Stories for today come from Katy Craig in california gives highlights from Fiscal Year 2023, The National Defense Authorization Act, Edwin Kwan in Australia reporting on Australia's largest telecommunication suggers privacy breach, Olimpiu Pop in Romania on Kali Linux newest released.We will start today with Mark Miller in New York city on why CVE and NVD do not workLet's get to it!

Coming up in this episode 1. Releasing it when it's ready 2. Exploitation Remotely 3. Exploitation Locally 4. Name Changes and Mergers 5. And Kali as we see it today The Video Version https://youtu.be/_ITBw2c3XaQ 0:00 Cold Open 1:04 Releasing When It's Ready 12:16 WHoppix vs. Auditor 14:40 WHAX, a Merger and Backtrack 17:50 Backtrack 4, 5 and Kali 23:09 Kali 2 Rolls Right Along 28:30 2020 to the Present 34:51 Kali as a Daily Driver? 1:03:25 Next Time: A Few Things Banter Fedora 37 is still in the works (https://fedoramagazine.org/fedora-linux-37-update/) Elementary 7 is still on the way too (https://blog.elementary.io/updates-for-october-2022/) Announcements Give us a sub on YouTube (https://linuxuserspace.show/youtube) You can watch us live on Twitch (https://linuxuserspace.show/twitch) the day after an episode drops. If you like what we're doing here, make sure to send us a buck over at https://patreon.com/linuxuserspace Kali Linux the History remote-exploit.org (https://web.archive.org/web/20011103174848/http://www.remote-exploit.org/) mutsonline (https://web.archive.org/web/20041204031803/http://www.whoppix.net/muts.html) whitehat.co.il - "This site (https://web.archive.org/web/20040408014912/http://whitehat.co.il/news.php) aims to create a repository of tools and information for Penetration testers and ethical hackers." Max Moser releases (https://web.archive.org/web/20040602170909/http://www.remote-exploit.org/) from his company's website, moser-informatik.ch (https://web.archive.org/web/20040609013958/http://www.moser-informatik.ch/?page=products&lang=eng) Whoppix based on Knoppix is released (https://web.archive.org/web/20041204023530/http://www.whoppix.net/index.html) with thanks from muts (https://web.archive.org/web/20041204035804/http://www.whoppix.net/thanks.html) muts announces (https://web.archive.org/web/20050709141020/http://www.whoppix.net/muts.html) that Whoppix has evolved into a new project - WHAX Max Moser's Auditor Security Collection had structure and stability (http://www.remote-exploit.org/articles/backtrack/) The merger of WHAX and Auditor Security Collection was put to the community (https://web.archive.org/web/20060108153041/http://forum.remote-exploit.org/viewtopic.php?p=5488#5488) The two projects finished the merger and became Backtrack (https://web.archive.org/web/20100114211335/http://www.backtrack-linux.org/) and were based on Slax (https://web.archive.org/web/20061013072357/http://www.remote-exploit.org/index.php/BackTrack). Offensive-Security.org was born (https://web.archive.org/web/20061027172140/http://www.offensive-security.com/about.html) and is the company backing Backtrack. Essentially a spinoff (https://web.archive.org/web/20061101034051/http://www.offensive-security.com/faq.html) of Moser's remote-exploit.org Backtrack 2 is released (https://web.archive.org/web/20070315153750/http://forums.remote-exploit.org/showthread.php?t=5681) Backtrack 3 is released (https://web.archive.org/web/20090529075045/http://www.remote-exploit.org/backtrack_devlog.html) Backtrack 4 was released (https://web.archive.org/web/20100114220541/http://www.backtrack-linux.org/backtrack/backtrack4-release/) Backtrack 5 dropped the Slax base and is now based on Ubuntu (https://web.archive.org/web/20110515012740/http://www.backtrack-linux.org:80/backtrack/backtrack-5-release/) Backtrack 5 R3 was released (https://web.archive.org/web/20120816161818/http://www.backtrack-linux.org/backtrack/backtrack-5-r3-released/) and was the last release of Backtrack ever. The Kali Teaser (https://web.archive.org/web/20130401012801/http://www.backtrack-linux.org/backtrack/kali-a-teaser-into-the-future/) Kali 1.0 (https://www.kali.org/blog/kali-linux-1-0-0-release/) Bleeding Edge Kali (https://www.kali.org/blog/bleeding-edge-kali-repositories/) Using the Linux Deploy app in Android, Kali could be installed (https://www.kali.org/blog/kali-linux-android-linux-deploy/) Kali gets a self destruct button (https://www.kali.org/blog/kali-linux-1-0-6-release/) Kali soars among the cloud. Amazon's cloud, anyway. (https://www.kali.org/blog/kali-linux-amazon-ec2-ami/) Metapackages are introduced (https://www.kali.org/blog/kali-linux-metapackages/) EFI boot capabilities are added (https://www.kali.org/blog/kali-linux-1-0-8-release/) Kali NetHunter was released (https://www.kali.org/blog/kali-linux-1-0-9a-release/) Official Docker images (https://www.kali.org/blog/official-kali-linux-docker-images/) Kali gets another rebase (https://www.kali.org/blog/kali-linux-2-0-release/) Windows Subsystem for Linux (https://www.kali.org/blog/kali-on-the-windows-subsystem-for-linux/) Wireguard VPN (https://www.kali.org/blog/wireguard-on-kali/) support is official Support for Vagrant (https://www.kali.org/blog/announcing-kali-for-vagrant/) Raspberry Pi 4 support (https://www.kali.org/blog/raspberry-pi-4-and-kali/) Revamp of the metapackages (https://www.kali.org/blog/major-metapackage-makeover/) Running Kali as non-root user (https://www.kali.org/blog/kali-default-non-root-user/) Kali Linux is spotted in the TV show Mr. Robot (https://www.kali.org/blog/mr-robot-arg-society/) kids.kali.org (https://web.archive.org/web/20210402010342/https://kids.kali.org/) was launched! Yes, it was for April fools. Unkaputtbar (https://www.kali.org/blog/unkaputtbar/) 2022.2 (https://www.kali.org/blog/kali-linux-2022-2-release/) brought Hollywood-Activate 2022.3 (https://www.kali.org/blog/kali-linux-2022-3-release/) is the latest release at the time of the recording More Announcements Want to have a topic covered or have some feedback? - send us an email, contact@linuxuserspace.show Kali Linux Links Kali Linux Web Page (https://www.kali.org/) Kali Linux Docs (https://www.kali.org/docs/) Kali Tools Docs (https://www.kali.org/tools/) Kali Forums (https://forums.kali.org/) Kali Discord (https://discord.kali.org/) Kali Blog (https://www.kali.org/blog/) About Kali Linux page (https://www.kali.org/features/) Kali for Arm (https://arm.kali.org/) Kali NetHunter (https://nethunter.kali.org/) Housekeeping Catch these and other great topics as they unfold on our Subreddit or our News channel on Discord. * Linux User Space subreddit (https://linuxuserspace.show/reddit) * Linux User Space Discord Server (https://linuxuserspace.show/discord) * Linux User Space Telegram (https://linuxuserspace.show/telegram) * Linux User Space Matrix (https://linuxuserspace.show/matrix) * Linux User Space Twitch (https://linuxuserspace.show/twitch) * Linux User Space Mastodon (https://linuxuserspace.show/mastodon) * Linux User Space Twitter (https://linuxuserspace.show/twitter) Next Time We will discuss a couple of topics and some feedback. Our next distro is Linux Lite (https://www.linuxliteos.com/) Come back in two weeks for more Linux User Space Stay tuned and interact with us on Twitter, Mastodon, Telegram, Matrix, Discord whatever. Give us your suggestions on our subreddit r/LinuxUserSpace Join the conversation. Talk to us, and give us more ideas. All the links in the show notes and on linuxuserspace.show. We would like to acknowledge our top patrons. Thank you for your support! Producer Bruno John Dave Co-Producer Johnny Tim Super User Advait Bjørnar CubicleNate Eduardo S. Jill and Steve LiNuXsys666 Nicholas Paul sleepyeyesvince

Coming up in this episode 1. Dropping out of the fediverse 2. The tiny text 3. Mozilla Watch 4. The community holds us ransom 5. Our app is faster than light 0:00 Cold Open 2:26 Press 'F' to Pay Respects 9:47 The Elm Mail System 10:56 Enter, PINE 11:44 PICO, the PIne COmposer 13:17 TIP Is not PICO 14:23 NANO's ANOther editor 14:57 "Lightning and the rest of 2000 17:37 2001, and the release of 1.0 18:49 2002-2015, Allegretta's gone and back again 21:37 The Drama in 2016 24:17 2016 to 2022, and my, how boring things got 25:13 About nano, and What's Next 31:26 Mozilla Watch 38:44 Feedback! 46:59 Community Focus: The Ransomware Files 48:57 App Focus: Warp 53:39 Next Time: Kali Linux 56:31 Stinger Banter Dan moves on Mastodon because the instance he is on is going away (https://ashfurrow.com/blog/mastodon-technology-shutdown/). So long, and thanks for all the fish. Announcements Give us a sub on YouTube (https://linuxuserspace.show/youtube) You can watch us live on Twitch (https://linuxuserspace.show/twitch) the day after an episode drops. History Series on Text Editors - GNU Nano GNU Nano (https://nano-editor.org) Dave Taylor's Elm Mail System (https://web.archive.org/web/20130417002359/http://www.intuitive.com/bio.shtml) Laurence Lundblade (https://web.archive.org/web/20110607212819/http://www.island-resort.com/pine.htm) and his cohorts were looking for something that had ease-of-use written all over it. Enter, Pine. The freeware-like (wayback.archive.org/web/20001201215500/http://www.washington.edu/pine/overview/legal.html) answer. "freeware-ish" label wasn't good enough. So, in 1999 (https://www.nano-editor.org/dist/v2.2/faq.html#1.3), Chris Allegretta, made changes to address that. TIP, which stood for TIP Is not Pico, 0.5.0 README (https://nano-editor.org/dist/old/). 2016 Looking for a new maintainer (https://lists.gnu.org/archive/html/nano-devel/2016-05/msg00012.html). Still looking (https://lists.gnu.org/archive/html/nano-devel/2016-05/msg00013.html) Nano leaves GNU in 2.6.0 (https://www.asty.org/whats-up-with-nano/) Debian acknowledged and accepted the change (https://packages.qa.debian.org/n/nano/news/20160620T181841Z.html). Come back to GNU in 2.7.0 (https://nano-editor.org/news.php). Latest release August 2, 2022 (https://nano-editor.org/news.php). More Announcements Want to have a topic covered or have some feedback? - send us an email, contact@linuxuserspace.show Mozilla Watch Firefox 106 is out! (https://www.mozilla.org/en-US/firefox/106.0/releasenotes/) .pdf support keeps getting better and better (https://9to5linux.com/mozilla-firefox-106-is-now-available-for-download-with-pdf-annotation-firefox-view) private browsing shortcut (https://blog.mozilla.org/en/mozilla/privacy-online-just-got-easier-with-todays-firefox-release/) Firefox view (https://support.mozilla.org/en-US/kb/how-set-tab-pickup-firefox-view) Housekeeping Catch these and other great topics as they unfold on our Subreddit or our News channel on Discord. * Linux User Space subreddit (https://linuxuserspace.show/reddit) * Linux User Space Discord Server (https://linuxuserspace.show/discord) * Linux User Space Telegram (https://linuxuserspace.show/telegram) * Linux User Space Matrix (https://linuxuserspace.show/matrix) Feedback Menno (Email) EViL keybindings could be an option for Emacs if you are used to Vi/Vim. Thanks for the tip! JonG (Email) Glad you caught your shout out and are enjoying the podcast. We're still fans of the SK Hynix stuff too. Ryan (Email) Thanks for the Gentoo tips. I am sure we will get to it sometime soon-ish. We appreciate your feedback and are glad you are enjoying the show. Community Focus The Ransomware Files (https://anchor.fm/ransomwarefiles) App Focus Warp (https://apps.gnome.org/app/app.drey.Warp/) Next Time We will discuss Kali Linux (https://www.kali.org) and the history. Come back in two weeks for more Linux User Space Stay tuned and interact with us on Twitter, Mastodon, Telegram, Matrix, Discord whatever. Give us your suggestions on our subreddit r/LinuxUserSpace Join the conversation. Talk to us, and give us more ideas. All the links in the show notes and on linuxuserspace.show. We would like to acknowledge our top patrons. Thank you for your support! Producer Bruno John Dave Co-Producer Johnny Sravan Tim Contributor Advait CubicleNate Eduardo S. Jill and Steve LiNuXsys666 Nicholas Paul sleepyeyesvince

How do you become a Cyber Security Expert? Hello and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we're going to talk about how to provide advice and mentoring to help people understand how to become a cybersecurity expert.  As always, please follow us on LinkedIn, and subscribe to our podcasts. As a security leader, part of your role is to develop your people.  That may not be written anywhere in your job description and will probably never be on a formal interview or evaluation, but after years of being entrusted with leadership positions, I have learned what differentiates true leaders from those who just accomplish a great deal is the making of the effort to develop your people. Now, you may have heard the phrase, "take care of your people," but I'll take issue with that.  I take care of my dog.  I take care of a family member who is sick, injured, or incapacitated.  Why?  Because they are not capable of performing all of life's requirements on their own.  For the most part, your people can do this.  If you are constantly doing things for people who could have otherwise done it themselves, you run the risk of creating learned helplessness syndrome.  People, and even animals, can become conditioned to not do what they otherwise could do out of a belief that someone else will do it for them.  I am NOT going to get political here, so don't worry about that.  Rather, I want to point out that effective leaders develop their people so that they may become independent actors and eventually become effective leaders themselves.  In my opinion, you should measure your success by the promotion rate of the people entrusted to you, not by your own personal career advancement or financial success. That brings me to the subject of today's podcast -- how do you counsel and mentor others on how to become a cyber security expert?  If you are listening to this podcast, there's a very good chance that you already are an expert in our field, but if not, keep listening and imagine that you are mentoring yourself, because these lessons can apply to you without having seek out a mentor.  Some people figure it out, and when asked their secret, they're like Bill Murray in the movie Stripes, "We trained ourselves, sir!"  But most of the time, career mastery involves learning from a number of others. Today on CISO Tradecraft we are going to analyze the question, " How do you become a Cyber Security Expert?"  I'm going to address this topic as if I were addressing someone in search of an answer.  Don't tune out early because you feel you've already accomplished this.  Keep listening so you can get a sense of what more you could be doing for your direct reports and any proteges you may have. Let's start at the beginning.  Imagine being a high school kid with absolutely zero work experience (other than maybe a paper route -- do kids still do that?)  You see someone that tells you they have a cool job where they get paid to ethically hack into computers.  Later on, you meet a second person that says they make really good money stopping bad actors from breaking into banks.  Somehow these ideas stick into your brain, and you start to say to yourself, you know both of those jobs sound pretty cool.  You begin to see yourself having a career in Cyber Security.  You definitely prefer it to jobs that require a lot of manual labor and start at a low pay.  So, you start thinking, "how I can gain the skills necessary to land a dream job in cyber security that also pays well?" At CISO Tradecraft we believe that there are really four building blocks that create subject matter experts in most jobs.  The four building blocks are: Getting an education Getting certifications Getting relevant job experience, and Building your personal brand So, let's explore these in detail. Number 1:  Getting an education.  When most people think about getting an education after high school, they usually talk about getting an associate's or a bachelor's degree.  If you were to look at most Chief Information Security Officers, you will see the majority of them earn a bachelor's degree in Computer Science, an Information Systems or Technology degree from a college of business such as a BS in Management of Information Systems (MIS) or Computer Information Systems, or more recently a related discipline such as a degree in Cyber Security. An associate degree is a great start for many, particularly if you don't have the money to pay for a four-year university degree right out of high school.  Tuition and debt can rack up pretty quickly, leaving some students deeply in debt, and for some, that huge bill is a non-starter.  Fortunately, community colleges offer quality educational opportunities at very competitive rates relative to four-year degree institutions.  For example, Baltimore County Community College charges $122 per credit hour for in-county residents.  A couple of miles away, Johns Hopkins University charges $2,016 per credit hour.  Now, that's a HUGE difference -- over 16 times if you do the math.  Now, Hopkins does have some wonderful facilities and excellent faculty, but when it comes to first- and second-year undergraduate studies, is the quality and content of the education THAT different?  Well, that's up to you to decide. The important take-away is, no one should decide NOT to pursue a cybersecurity education because of lack of money.  You can get started at any age on an associate degree, and that may give you enough to go on to get your first job.  However, if you want to continue on to bachelor's degree, don't give up.  Later I'll explain about a program that has been around since 2000 and has provided over 3,300 students with scholarships AND job placement after graduation. Back to those going directly for a bachelor's degree.  Now, the good news is that your chosen profession is likely to pay quite well, so not only are you likely to be able to pay off the investment you make in your education, but it will return dividends many times that which you paid, for the rest of your career.  Think of financing a degree like financing a house.  In exchange for your monthly mortgage payment, you get to enjoy a roof over your head and anything else you do with your home.  As a cybersecurity professional, in exchange for your monthly student loan payment, you get to earn well-above average incomes relative to your non-security peers, and hopefully enjoy a rewarding career.  And, like the right house, the value of your career should increase over time making your investment in your own education one of your best performing assets. Does this mean that you 100% need a bachelor's degree to get a job in cyber?  No, it does not.  There are plenty of cyber professionals that speak at Blackhat and DEF CON who have never obtained a college degree.  However, if ten applicants are going for an extremely competitive job and only seven of the ten applicants have a college degree in IT or Cyber, you shouldn't be surprised when HR shortens the list of qualified applicants to only the top five applicants all having college degrees.  It may not be fair, but it's common.  Plus, a U.S. Census Bureau study showed that folks who have a bachelor's degree make half a million dollars more over a career than those with an associate degree, and 1.6 times what a high school diploma holder may earn over a lifetime.  So, if you want more career opportunities and want to monetize your future, get past that HR checkbox that looks for a 4-year degree. Now, some people (usually those who don't want to do academic work) will say that a formal education isn't necessary for success.  After all, Bill Gates and Mark Zuckerberg were college dropouts, and they're both worth billions.  True, but that's a false argument that there's a cause-and-effect relationship there.  Both were undergraduates at Harvard University when they developed their business ideas.  So, if someone wants to assert a degree isn't necessary, counter with you'll agree once they are accepted into Harvard, and they produce a viable business plan as a teenager while attending classes. You see, completing four years of education in a field of study proves a few things.  I've interviewed candidates that said they took all of the computer science and cybersecurity courses they wanted and didn't feel a need to "waste time" with fuzzy studies such as history and English composition.  Okay, I'll accept that that person had a more focused education.  But consider the precedent here.  When a course looked uninteresting or difficult, that candidate just passed on the opportunity.  In the world of jobs and careers, there are going to be tasks that are uninteresting or difficult, and no one wants to do them, but they have to get done.  As a boss, do you want someone who has shown the pe  d completed it with an A (or maybe even a B), or do you want someone who passed when the going got a little rough?  The business world isn't academia where you're free to pick and choose whether to complete requirements.  Stuff has to get done, and someone who has a modified form of learned helplessness will most likely not follow through when that boring task comes due.   Remember I said I was going to tell you how to deal with the unfortunate situation where a prospective student doesn't have enough money to pay for college?  There are a couple of ways to meet that challenge.  It's time to talk to your rich uncle about paying for college.  That uncle is Uncle Sam.  Uncle Sam can easily finance your college so you can earn your degrees in Cyber Security.  However, Uncle Sam will want you to work for the government in return for paying for your education.  Two example scholarships that you could look into are the Reserve Officer Training Corps (ROTC) and Scholarship for Service (SFS).  ROTC is an officer accession program offered at more than 1,700 colleges and universities   across the United States to prepare young adults to become officers in the U.S. Military.  For scholarship students, ROTC pays 100% of tuition, fees, books, and a modest stipend for living expenses.  A successful degree program can qualify an Army second lieutenant for a Military Occupation Specialty (or MOS) such as a 17A Cyber Operations Officer, a 17B Cyber and Electronic Warfare Officer, or a 17D Cyber Capabilities Development Officer, a great start to a cybersecurity career. For the Navy, a graduating Ensign may commission as an 1810 Cryptologic Warfare Officer, 1820 Information Professional Officer, 1830 Intelligence Officer, or an 1840 Cyber Warfare Engineer.  The Navy uses designators rather than MOS's to delineate career patterns.  These designators have changed significantly over the last dozen years and may continue to evolve.  The Marine Corps has a 1702 cyberspace officer MOS.  Note that the Navy and the Marine Corps share a commissioning source in NROTC (Navy ROTC), and unlike the Army that has over 1,000 schools that participate in AROTC and the Air Force that has 1,100 associated universities in 145 detachments, there are only 63 Navy ROTC units or consortiums, although cross-town affiliates include nearly one hundred more colleges and universities. There are a lot of details that pertain to ROTC, and if you're serious about entering upon a military officer career, it's well worth the time and effort to do your research.  Not all ROTC students receive a scholarship; some receive military instruction throughout their four years and are offered a commission upon graduation.  Three- and four-year scholarship students incur a military obligation at the beginning of sophomore year, two-year scholarship students at the beginning of junior year, and one-year scholarship students at the start of senior year.  The military obligation today is eight years, usually the first four of which are on active duty; the rest may be completed in the reserves.  If you flunk out of school, you are rewarded with an enlistment rather than a commission.  These numbers were different when I was in ROTC, and they may have changed since this podcast was recorded, so make sure you get the latest information to make an informed decision. What if you want to serve your country but you're not inclined to serve in the military, or have some medical condition that may keep you from vigorous physical activity, or had engaged in recreational chemical use or other youthful indiscretions that may have disqualified you from further ROTC consideration?  There is another program worth investigating.   The National Science Foundation provides educational grants through the Scholarship For Service program or SFS for short.  SFS is a government scholarship that will pay up to 3 years of costs for undergraduate and even graduate (MS or PhD) educational degree programs.  It's understood that government agencies do not have the flexibility to match private sector salaries in cyber security.  However, by offering scholarships up front, qualified professionals may choose to stay in government service; hence SFS continues as a sourcing engine for Federal employees.  Unlike ROTC, a participant in SFS will incur an obligation to work in a non-DoD branch of the Federal government for a duration equal to the number of years of scholarship provided. In addition to tuition and education-related fees, undergraduate scholarship recipients receive $25,000 in annual academic stipends, while graduate students receive $34,000 per year.  In addition, an additional $6,000 is provided for certifications, and even travel to the SFS Job Fair in Washington DC. That job fair is an interesting affair.  I was honored to be the keynote speaker at the SFS job fair back in 2008.  I saw entities and agencies of the Federal government that I didn't even know existed, but they all had a cybersecurity requirement, and they all were actively hiring.  SFS students qualify for "excepted service" appointments, which means they can be hired through an expedited process.  These have been virtual the last couple of years due to COVID-19 but expect in-person events to resume in the future. I wrote a recommendation for a young lady whom I've known since she was born (her mom is a childhood friend of mine), and as an electrical engineering student in her sophomore year, she was selected for a two-year SFS scholarship.  A good way to make mom and dad happy knowing they're not going to be working until 80 to pay off their kid's education bills. In exchange for a two-year scholarship, SFS will usually require a student to complete a summer internship between the first and second years of school and then work two years in a government agency after graduation.  The biggest benefit to the Scholarship for Service is you can work at a variety of places.  So, if your dream is to be a nation state hacker for the NSA, CIA, or the FBI then this offers a great chance of getting in.  These three-letter agencies heavily recruit from these programs.  As I mentioned, there are a lot of other agencies as well.  You could find work at the State Department, Department of Health and Human Services, the Department of Education, the Federal Reserve Board, and I think I remember the United States Agency for International Development (USAID).  Federal executive agencies, Congress, interstate agencies, and even state, local, or tribal governments can satisfy the service requirement.  So, you can get paid to go to college and have a rewarding job in the government that builds a nice background for your career. How would you put all this together?  I spent nine years as an advisor to the National CyberWatch Center.  Founded as CyberWatch I in 2005, it started as a Washington D.C. and Mid-Atlantic regional effort to increase the quantity and quality of the information assurance workforce.  In 2009, we received a National Science Foundation award and grants that allowed the program to go nationwide.  Today, over 370 colleges and universities are in the program.  So why the history lesson? What we did was align curriculum between two-year colleges and four-year universities, such that a student who took the designated courses in an associate degree program would have 100% of those credits transfer to the four-year university.  That is HUGE.  Without getting into the boring details, schools would certify to the Committee on National Security Systems (CNSS) (formerly known as the National Security Telecommunications and Information Systems Security Committee or NSTISSC) national training standard for INFOSEC professionals known as NSTISSI 4011.  Now with the help of an SFS scholarship, a student with little to no financial resources can earn an associate degree locally, proceed to a bachelor's degree from a respected university, have a guaranteed job coming out of school, and HAVE NO STUDENT DEBT.  Parents, are you listening carefully?  Successfully following that advice can save $100,000 and place your child on course for success. OK, so let's fast forward 3 years and say that you are getting closer to finishing a degree in Cyber Security or Computer Science.  Is there anything else that you can do while performing a summer internship?    That brings us to our second building block.  Getting certifications.   Number Two:  Getting a Certification  Earning certifications are another key step to demonstrate that you have technical skills in cyber security.  Usually, technology changes rapidly.  That means that universities typically don't provide specialized training in Windows 11, Oracle Databases, Amazon Web Services, or the latest programming language.  Thus, while you may come out of a computer science degree with knowledge on how to write C++ and JavaScript, there are a lot of skills that you often lack to be quite knowledgeable in the workforce.  Additionally, most colleges teach only the free version of software.  In class you don't expect to learn how to deploy Antivirus software to thousands of endpoints from a vendor that would be in a Gartner Magic quadrant, yet that is exactly what you might encounter in the workplace.  So, let's look at some certifications that can help you establish your expertise as a cyber professional.  We usually recommend entry level certifications from CompTIA as a great starting point.  CompTIA has some good certifications that can teach you the basics in technology.  For example: CompTIA A+ can teach you how to work an IT Help Desk.  CompTIA Network+ can teach you about troubleshooting, configuring, and managing networks CompTIA Linux+ can help you learn how to perform as a system administrator supporting Linux Systems CompTIA Server+ ensures you have the skills to work in data centers as well as on-premises or hybrid environments. Remember it's really hard to protect a technology that you know nothing about so these are easy ways to get great experience in a technology.  If you want a certification such as these from CompTIA, we recommend going to a bookstore such as Amazon, buying the official study guidebook, and setting a goal to read every day.  Once you have read the official study guide go and buy a set of practice exam questions from a site like Whiz Labs or Udemy.  Note this usually retails for about $10.  So far this represents a total cost of about $50 ($40 dollars to buy a book and $10 to buy practice exams.)  For that small investment, you can gain the knowledge base to pass a certification.  You just need to pay for the exam and meet eligibility requirements. Now after you get a good grasp of important technologies such as Servers, Networks, and Operating Systems, we recommend adding several types of certifications to your resume.  The first is a certification in the Cloud.  One notable example of that is AWS Certified Solutions Architect - Associate.  Note you can find solution architect certifications from Azure and GCP, but AWS is the most popular cloud provider, so we recommend starting there.  Learning how the cloud works is extremely important.  Chances are you will be asked to defend it and you need to understand what an EC-2 server is, types of storage to make backups, and how to provide proper access control.  So, spend the time and get certified.  One course author who provides a great course is Adrian Cantrill.  You can find his course link for AWS Solutions Architect in our show notes or by visiting learn.cantrill.io.  The course costs $40 and has some of the best diagrams you will ever see in IT.  Once again go through a course like this and supplement with practice exam questions before going for the official certification. The last type of certifications we will mention is an entry cyber security certification.  We usually see college students pick up a Security+ or Certified Ethical Hacker as a foundation to establish their knowledge in cyber security.  Now the one thing that you really gain out of Security+ is a list of technical terms and concepts in cyber security.  You need to be able to understand the difference between Access Control, Authentication, and Authorization if you are to consult with a developer on what is needed before allowing access to a site.  These types of certifications will help you to speak fluently as a cyber professional.  That means you get more job offers, better opportunities, and interesting work.  It's next to impossible to establish yourself as a cyber expert if you don't even understand the technical jargon correctly. Number Three:  Getting Relevant Job Experience OK, so you have a college degree and an IT certification or two. What's next?  At this point in time, you are eligible for most entry level jobs.  So, let's find interesting work in Cyber Security.  If you are looking for jobs in cyber security, there are two places we recommend.  The first is LinkedIn.  Almost all companies post there and there's a wealth of opportunities.  Build out an interesting profile and look professional.  Then apply, apply, apply.  It will take a while to find the role you want.  Also post that you are looking for opportunities and need help finding your first role.  You will be surprised at how helpful the cyber community is.  Here's a pro tip:  add some hashtags with your post to increase its visibility. Another interesting place to consider is your local government.  The government spends a lot of time investing in their employees.  So go there, work a few years, and gain valuable experience.  You can start by going to your local government webpage such as USAJobs.Gov  and search for the Career Codes that map to cyber security.  For example, search using the keyword “2210” to find the job family of Information Technology Management where most cyber security opportunities can be found.  If you find that you get one of these government jobs, be sure to look into college repayment programs.  Most government jobs will help you pay off student loans, finance master's degrees in Cyber Security, or pay for your certifications.  It's a great win-win to learn the trade. Once you get into an organization and begin working your first job out of college, you then generally get one big opportunity to set the direction of your career.  What type of cyber professional do you want to be?  Usually, we see most Cyber Careerists fall into one of three basic paths.   Offensive Security Defensive Security Security Auditing The reason these three are the most common is they have the largest amount of job opportunities.  So, from a pure numbers game it's likely where you are to spend the bulk of your career.  Although we do recommend cross training.  Mike Miller who is the vCISO for Appalachia Technologies put out a great LinkedIn post on this where he goes into more detail.  Note we have a link to it in our show notes.  Here's some of our own thoughts on these three common cyber pathways: Offensive Security is for those that like to find vulnerabilities in things before the bad guys do.  It's fun to learn how to hack and take jobs in penetration testing and the red team.  Usually if you choose this career, you will spend time learning offensive tools like Nmap, Kali Linux, Metasploit, Burp Suite, and others.  You need to know how technology works, common flaws such as the OWASP Top Ten web application security risks, and how to find those vulnerabilities in technology.  Once you do, there's a lot of interesting work awaiting.  Note if these roles interest you then try to obtain the Offensive Security Certified Professional (OSCP) certification to gain relevant skill sets that you can use at work. Defensive Security is for the protectors.  These are the people who work in the Security Operations Center (SOC) or Incident Response Teams.  They look for anomalies, intrusions, and signals across the whole IT network.  If something is wrong, they need to find it and identify how to fix it.  Similar to Offensive Security professionals they need to understand technology, but they differ in the types of tools they need to look at.  You can find a defender looking at logs.  Logs can come from an Intrusion Detection System, a Firewall, a SIEM, Antivirus, Data Loss Prevention Tools, an EDR, and many other sources.  Defenders will become an expert in one of these tools that needs to be constantly monitored.  Note if you are interested in these types of opportunities look for cyber certifications such as the MITRE ATT&CK Defender (MAD) or SANS GIAC Certified Incident Handler GCIH to gain relevant expertise. Security Auditing is a third common discipline.  Usually reporting to the Governance, Risk, and Compliance organization, this role is usually the least technical.  This discipline is about understanding a relevant standard or regulation and making sure the organization follows the intent of the standard/regulation.  You will spend a lot of time learning the standards, policies, and best practices of an industry.  You will perform risk assessments and third-party reviews to understand how we certify as an industry.  If you would like to learn about the information systems auditing process, governance and management of IT systems, business processes such as Disaster Recovery and Business Continuity Management, and compliance activities, then we recommend obtaining the Certified Information Systems Auditor (CISA) certification from ISACA.   Ok, so you have a degree, you have certifications, you are in a promising job role, WHAT's Next?  If you want to really become an expert, we recommend you focus on… Number Four: Building your personal brand.   Essentially find a way to give back to the industry by blogging, writing open-source software, creating a podcast, building cybersecurity tutorials, creating YouTube videos, or presenting a lecture topic to your local OWASP chapter on cyber security.  Every time you do you will get smarter on a subject.  Imagine spending three hours a week reading books in cyber security.  If you did that for ten years, think of how many books you could read and how much smarter you would become.  Now as you share that knowledge with others two things happen:   People begin to recognize you as an industry expert.  You will get invited to opportunities to connect with other smart people which allows you to become even smarter.  If you spend your time listening to smart people and reading their works, it rubs off.  You will absorb knowledge from them that will spark new ideas and increase your understanding The second thing is when you present your ideas to others you often get feedback.  Sometimes you learn that you are actually misunderstanding something.  Other times you get different viewpoints.  Yes, this works in the financial sector, but it doesn't work in the government sector or in the university setting.  This feedback also helps you become smarter as you understand more angles of approaching a problem. Trust us, the greatest minds in cyber spend a lot of time researching, learning, and teaching others.  They all know G Mark's law, which I wrote nearly twenty years ago:  "Half of what you know about security will be obsolete in eighteen months." OK so let's recap a bit.  If you want to become an expert in something, then you should do four things. 1) Get a college education so that you have the greatest amount of opportunities open to you, 2) get certifications to build up your technical knowledge base, 3) find relevant job experiences that allow you to grow your skill sets, and 4) finally share what you know and build your personal brand.  All of these make you smarter and will help you become a cyber expert.   Thanks again for listening to us at CISO Tradecraft.  We wish you the best on your journey as you Learn to Earn.  If you enjoyed the show, tell one person about it this week.  It could be your child, a friend looking to get into cyber security, or even a coworker.  We would love to help more people and we need your help to reach a larger audience.  This is your host, G. Mark Hardy, and thanks again for listening and stay safe out there. References: https://www.todaysmilitary.com/education-training/rotc-programs  www.sfs.opm.gov  https://www.comptia.org/home  https://www.whizlabs.com/ https://www.udemy.com/ https://learn.cantrill.io/p/aws-certified-solutions-architect-associate-saa-c03  https://www.linkedin.com/feed/update/urn:li:activity:6965305453987737600/ https://www.offensive-security.com/pwk-oscp/  https://mitre-engenuity.org/cybersecurity/mad/ https://www.giac.org/certifications/certified-incident-handler-gcih/  https://www.ccbcmd.edu/Costs-and-Paying-for-College/Tuition-and-fees/In-County-tuition-and-fees.aspx https://www.educationcorner.com/value-of-a-college-degree.html  https://www.collegexpress.com/lists/list/us-colleges-with-army-rotc/2580/  https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104478/air-force-reserve-officer-training-corps/ https://www.netc.navy.mil/Commands/Naval-Service-Training-Command/NROTC https://armypubs.army.mil/pub/eforms/DR_a/NOCASE-DA_FORM_597-3-000-EFILE-2.pdf https://niccs.cisa.gov/sites/default/files/documents/SFS%20Flyer%20FINAL.pdf https://www.nationalcyberwatch.org/  

On this episode of This Week in Linux: Ubuntu 22.04.1 LTS, Kali Linux 2022.3, Rescuezilla 2.4, GitLab To Delete Dormant Projects?, JingOS & JingPad Discontinued?, CuteFishOS Disappears & Returns, AlmaLinux Community Election, System76 Galago Pro & Pine64 Pinebook Pro, yuzu: Nintendo Switch Emulator for Linux, Humble Resident Evil Bundle, all that and much more on […]

Philippe Humeau joins us this hour to talk about CrowdSec - an IDS/IPS that uses crowd sourced information to evaluate threats on your network! -- During The Show -- 01:00 New Red Hat CEO Matt Hicks New Red Hat CEO (https://www.redhat.com/en/about/press-releases/red-hat-names-matt-hicks-president-and-chief-executive-officer) 03:44 Remove all traces of a user on logout? - Wayne TailsOS (https://tails.boum.org/) Noah's hackish solution TempFS? RamDisk? SquashFS? 'Delete' isn't a thing (Inodes) PhotoRec (https://www.cgsecurity.org/wiki/PhotoRec) 09:30 Recommendations for hosting provider - Gary Gary's Site (https://www.shawanga.com/) Host Gator Self Host with Hugo Tied to Hosting provider 14:00 Listener responds about CAD on Linux - Heath FreeCAD (https://www.freecad.org/) LibreCAD (https://librecad.org/) TinkerCAD (https://www.tinkercad.com/) Run under Wine 15:30 More Info about Steve's Solar? - Ian Steve likes his EnPhase Solar (https://enphase.com/) setup Hacks Home Assistant Integration (https://github.com/briancmpbll/home_assistant_custom_envoy) 18:30 News Wire Linux Better on i9 Systems Ghacks (https://www.ghacks.net/2022/07/09/linux-is-performing-better-than-windows-11-according-to-this-benchmark-test/) UltimateXR XR Today (https://www.xrtoday.com/virtual-reality/ultimatexr-launches-free-open-source-unity-tool/) EMQX 5.0 EIN News (https://www.einnews.com/pr_news/580326713/emqx-5-0-released-the-ultra-scalable-open-source-mqtt-broker) Calibre 6.0 9 to 5 Linux (https://9to5linux.com/calibre-6-0-released-with-full-text-search-arm64-support-on-linux-qt-6-port) Budgie Desktop 10.6.2 Buddies of Budgie (https://blog.buddiesofbudgie.org/budgie-10-6-2-released/) Linux Mint 21 Beta 9 to 5 Linux (https://9to5linux.com/linux-mint-21-beta-is-now-available-for-download-heres-a-first-look) Debian GNU/Linux 11.4 9 to 5 Linux (https://9to5linux.com/debian-gnu-linux-11-4-bullseye-released-with-79-security-updates-and-81-bug-fixes) Kali Linux on Linode Help Net Security (https://www.helpnetsecurity.com/2022/07/11/linode-kali-linux/) Paladin Cloud Security-as-Code Virtualization Review (https://virtualizationreview.com/articles/2022/07/11/paladin-cloud.aspx) Android Zero Day XDA Developers (https://www.xda-developers.com/pixel-6-galaxy-s22-linux-kernel-vulnerability-root-android/) OrBit Malware Cyper Security News (https://cybersecuritynews.com/orbit-undetected-linux-malware/) CrowdSec Interview Philippe Ew-Mow from CrowdSec (https://www.crowdsec.net/) What is CrowdSec How CrowdSec works Domains and Hashes vs IP Address and Behavior How IPs are cleaned Reporting based on "identity" not IP Address IDS and IPS CrowdSec Agent and CrowdSec Console Open Source Cyber Threat Intelligence (CTI) CrowdSec API How does CrowdSec resolve IDS and IPS problems? Blocking Unique Attacks The 3 Tiers of Crowdsec CrowdSec and GDPR Using Crowdsec Bouncers (IPS) CrowdSec Best Practices Replay Mode Integration into Firewalls CrowdSec on OPNSense (https://www.crowdsec.net/blog/crowdsec-arrives-on-opnsense) Best place to get started/learn CrowdSec Docs (doc.crowdsec.net) 49:00 Thoughts on CrowdSec Noah has been playing with CrowdSec Can also identify and block malicious out going traffic 51:00 Interview with Matt Hicks Interview with Matt Hicks (YouTube) (https://www.youtube.com/watch?v=qWg5cRH9YQg) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/294) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Steve Ovens.

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit NetFoundry.io/TWIT canary.tools/twit - use code: TWIT

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit NetFoundry.io/TWIT canary.tools/twit - use code: TWIT

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit NetFoundry.io/TWIT canary.tools/twit - use code: TWIT

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit NetFoundry.io/TWIT canary.tools/twit - use code: TWIT

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit NetFoundry.io/TWIT canary.tools/twit - use code: TWIT

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit NetFoundry.io/TWIT canary.tools/twit - use code: TWIT