Jan 9, 2018
Topics:
-To start the new year, we are very pleased to be joined on our
first live show of 2018 by Weldon Dodd of Rewind Technology in
Denver, CO. Weldon hangs with the crew as another host in
case Sam goes missing again.
https://rewindtech.com
-Some things never change, the old HCS land grab jokes are in full swing
-Joe discusses the first zero day exploit of 2018, actually
launched via tweet on New Year's Eve. Check out the IOHIDeous
narrative on GitHub, kind of interesting! The
vulnerability exists in a process called IOHIDUserClient which the
macOS limits to having only a single instance at any given time,
which happens to be spawned by WindowServer. So in order to exploit
the vulnerability, we need to kill the WindowServer process. But
terminating it requires admin privileges and essentially reboots
the GUI, so this is not a viable mode of exploitation. But it turns
out that by logging out the user, WindowServer releases its
IOHIDUserClient temporarily, giving the exploit enough time to
spawn its own instance of IOHIDUserClient and leverage it to
compromise the system. The exploit can use "launchctl reboot
logout" which does not display a warning dialog. The exploit can
also use an AppleScript command to send loginwindow an event called
"AppleEventReallyLogOut" (osascript -e 'tell application
"loginwindow" to «event aevtrlgo»'), and loginwindow apparently
doesn't care who sent the event, but it does display a dialog box
as if the user selected "Log Out" from the Apple menu.
-Jerry wonders if this will be on the CCP test
-Sam recalls a story working after hours at a client when the alarm goes off
-Weldon shares his story of a Promise RAID gone wrong. Friends don't let clients pull drives out of RAID drive bays. It also leads to a further discussion about how to handle RAID solutions and future expansion.
-A handy virtualization app for Synology, which Sam has used in conjunction with CrashPlan, is Docker: https://www.synology.com/en-us/dsm/feature/docker
-Jerry is busy building Minecraft worlds on Synology. He ends up needing a volume formatted as Btrfs. Read more here: https://www.synology.com/en-us/dsm/Btrfs
-Time Machine and Synology has had a spotty past
-Sam discusses a Wi-Fi upgrade in NYC and replaced aging equipment with Ubiquiti Unifi. He also has some advice on utilizing a Cloud Key.
-He also mentions a handy workaround to test network settings remotely while still needing to reconnect to the remote computer. Joe recalls a similar solution for another problem.
-Jerry talks about the Unifi In Wall units that he has set up recently: https://inwall.ubnt.com
Thanks as always to our Patreon sponsors!
Listen to the outtakes and learn the origin of this picture!