Log4Shell Security Alert!
Ask Noah HD Video
English - December 14, 2021 16:34 - 445 MB Video - ★★★★★ - 1 ratingTechnology Education How To linux howto ubuntu fedora red hat linux servers sysadmin community call in radio Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Log4Shell has set the internet on fire this week. Noah and Steve dig into the details of this vulnerability as well as discuss what you can do to mitigate it. Pop_OS 21.10 is out, Toyota make their keyfob a service, and CentOS 8 goes EOL.
-- During The Show --
00:45 Steve's OpenSuse Experience
Splash Screen
Kernel Panic
03:10 Caller Ed
Best VM server
Proxmox
Libvirt + Cockpit
Ovirt
08:08 Sleuth Asked
Is there software to send and receive audio over the network that work on phones and Linux machines? My usecase is I want to listen to podcasts from antennapod on my computer and to monitor jitsi and mumble from my phone.
Alsa Mixer
IceCast
09:58 TwoBit Asked
Still using the Google Glass?
Yes
10:43 Docker Server - Mathieu
TLS/HTTPS is more than a cert
HAProxy/Nginx Reverse Proxy
Check documentation for the project
Security is more than closing ports
LetsEncrypt
19:25 Archiving Emails? - Jose
Download an archive + Thunderbird
23:26 SIP Questions - Andrew
3CX SBC
Upgrade Router to PFSense/OPNSense
28:10 Pick of the Week
CasaOS
Help Net Security Article
Based on Docker
Easy Self Hosted Services
30:23 Gadget of the Week
M5stick
$14 ESP32 Dev Kit
32:52 Centos 8 EOL
ZDNet Article
CentOS EOL Dec 31 2021
Zero Day security patches until Jan 31 2022
Options
Red Hat Proper
Free Red Hat Developer License's
CentOS Stream
Alma Linux
Cloud Linux OS
Rocky Linux
38:00 Toyota Makes Keyfob a Service
The Drive Article
Requiring subscription to use local keyfob functions
40:38 Pop!_OS 21.10 Released
System76 Blog Post
Tech preview of Pop!_OS 21.10 for the RaspberryPi
System Refresh feature
Lots of new features
42:44 Main Segment - log4j Vulnerability
CVE-2021-44228
Remote Code Execution
Actively being exploited in the wild
Used in embedded and IOT devices as well
Minecraft Exploit Example
2.14.1 and earlier vulnerable
Fixed in Log4j 2.15.0
Github Attack Surface List
Responsible disclosure was not followed
Alternative mitigations available
Flip the environmental variable ES JAVA OPTS= -D log4j2.formatMsgNoLookups=True
Cloudflare Mitigation
Help Net Security Article
Fortune Article
We Live Securtiy Article
The Next Web Article
-- The Extra Credit Section --
For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard!
This Episode's Podcast Dashboard
Phone Systems for Ask Noah provided by Voxtelesys
Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix
-- Stay In Touch --
Find all the resources for this show on the Ask Noah Dashboard
Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!
Contact Noah
live [at] asknoahshow.com
-- Twitter --