Episode 263: Log4Shell Security Alert! - a podcast by Noah J. Chelliah

-- During The Show --
00:45 Steve's OpenSuse ExperienceSplash Screen
Kernel Panic03:10 Caller Ed
Best VM serverProxmox (https://www.proxmox.com/en/)
Libvirt (https://libvirt.org/) + Cockpit (https://cockpit-project.org/)Ovirt (https://www.ovirt.org/)
08:08 Sleuth AskedIs there software to send and receive audio over the network that work on phones and Linux machines? My usecase is I want to listen to podcasts from antennapod on my computer and to monitor jitsi and mumble from my phone.
Alsa MixerIceCast (https://icecast.org/)
09:58 TwoBit AskedStill using the Google Glass?
Yes10:43 Docker Server - Mathieu
TLS/HTTPS is more than a certHAProxy (https://www.haproxy.org/)/Nginx Reverse Proxy
Check documentation for the projectSecurity is more than closing ports
LetsEncrypt (https://letsencrypt.org/)19:25 Archiving Emails? - Jose
Download an archive + Thunderbird23:26 SIP Questions - Andrew
3CX SBC (https://www.3cx.com/docs/3cx-tunnel-session-border-controller/)Upgrade Router to PFSense/OPNSense
28:10 Pick of the WeekCasaOS (https://www.casaos.io/)
Help Net Security Article (https://www.helpnetsecurity.com/2021/12/13/casaos-home-cloud-system/)Based on Docker
Easy Self Hosted Services30:23 Gadget of the Week
M5stick (https://shop.m5stack.com/products/m5stickc-plus-esp32-pico-mini-iot-development-kit?variant=35275856609444)$14 ESP32 Dev Kit
32:52 Centos 8 EOLZDNet Article (https://www.zdnet.com/article/centos-linux-8-is-about-to-die-what-do-you-do-next/)
CentOS EOL Dec 31 2021Zero Day security patches until Jan 31 2022
OptionsRed Hat Proper
Free Red Hat Developer License'sCentOS Stream (https://www.centos.org/centos-stream/)
Alma Linux (https://almalinux.org/)Cloud Linux OS
Rocky Linux38:00 Toyota Makes Keyfob a Service
The Drive Article (https://www.thedrive.com/news/43329/toyota-made-its-key-fob-remote-start-into-a-subscription-service)Requiring subscription to use local keyfob functions
40:38 Pop!_OS 21.10 ReleasedSystem76 Blog Post (https://blog.system76.com/post/670564272872488960/popos-2110-has-landed)
Tech preview of Pop!_OS 21.10 for the RaspberryPiSystem Refresh feature
Lots of new features42:44 Main Segment - log4j Vulnerability
CVE-2021-44228Remote Code Execution
Actively being exploited in the wildUsed in embedded and IOT devices as well
Minecraft Exploit Example (https://www.youtube.com/watch?v=7qoPDq41xhQ)2.14.1 and earlier vulnerable
Fixed in Log4j 2.15.0Github Attack Surface List (https://github.com/YfryTchsGD/Log4jAttackSurface)
Responsible disclosure was not followedAlternative mitigations available
Flip the environmental variable ES JAVA OPTS= -D log4j2.formatMsgNoLookups=TrueCloudflare Mitigation (https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/)
Help Net Security Article (https://www.helpnetsecurity.com/2021/12/12/week-in-review-apache-log4j-0day-exploited-kali-linux-2021-4-released-patch-tuesday-forecast/)Fortune Article (https://fortune.com/2021/12/13/cyber-security-log4j-hacker-breach/)
We Live Securtiy Article (https://www.welivesecurity.com/2021/12/13/log4shell-vulnerability-what-we-know-so-far/)The Next Web Article (https://thenextweb.com/news/log4j-bug-internet-open-source-contributors-analysis)
-- The Extra Credit Section --For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard!
This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/263)Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah)
Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com)-- Stay In Touch --
Find all the resources for this show on the Ask Noah DashboardAsk Noah Dashboard (http://www.asknoahshow.com)
Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!Altispeed Technologies (http://www.altispeed.com/)
Contact Noahlive [at] asknoahshow.com-- Twitter --
Noah - Kernellinux (https://twitter.com/kernellinux)Ask Noah Show (https://twitter.com/asknoahshow)
Altispeed Technologies (https://twitter.com/altispeed)

Further episodes of Ask Noah Show

Further podcasts by Noah J. Chelliah

Website of Noah J. Chelliah