Hacker Public Radio

A short episode about the reaching effects of breaches and accounts you may have forgotten about. New Marriot Breach: https://techcrunch.com/2022/07/06/marriott-breach-again/ Privacy Fix: How to Find Old Online Accounts from Consumer Reports: https://www.consumerreports.org/digital-security/how-to-find-old-online-accounts-a1266305698/ Has you email or phone number been in a breach? https://haveibeenpwned.com/ Cool Shit: Realtime Global Cyber Attack Map https://threatmap.checkpoint.com/

Map of Dublin showing the Temple Bar tourist area. A red arrow points to where you can change the profile. With the Configure Map > Profile selection menu open, a red square surrounds the Bus icon to indicate the "public transport" profile is now selected. The map now opens to show more information about public transport is now displayed on the map. This is highlighted with a red square. Clicking the bustop (highlighted with a red circle ) will show more information about the routes available at this location. Once the transport stop is selected, a list of all the routes that service this location are displayed. Along with other routes that are available within a short distance. Clicking any of the routes numbers/names will give a zoomed out map showing in red the route many of the stops towards it's source and destination.

My most used apps AIO Launcher AIO Launcher Termux: Terminal emulator with packages Termux: Terminal emulator with packages Connect to the home network Start a video encoding, or rip a DVD Vim editor Secure files pwgen -y 30 3: Generate three 30 character passwords with symbols Other confidential info hpr3484 :: My vim setup with GnuPG My vim setup with GnuPG QKSMS Messaging QKSMS Messaging: F-droid QKSMS Messaging: Github Firefox browser Firefox browser Opera browser Opera browser Brave browser Brave browser Clear Scanner PDF scanner and OCR Clear Scanner PDF scanner and OCR OCR: Optical character recognition Multiple folders Donation option Antennapod Antennapod Tusky Tusky for Mastodon K-9 mail client K-9 mail client Viber Viber Android and Fedora/Ubuntu desktop app App image Audio recorder Audio recorder: F-droid Audio recorder: Gitlab X-plore dual-pane file manager X-plore dual-pane file manager Librera E-book Reader: for PDF, EPUB

HPR News. Threat Analysis; your attack surface. Wireless key fobs compromised in European nations (France, Spain, and Latvia). On October 10, 2022, European authorities arrested 31 suspects across three nations. The suspects are believed to be related to a cybercrime ring that allegedly advertised an “automotive diagnostic solution” online and sent out fraudulent packages to their victims. The fraudulent packages contained malware and once installed onto the victims vehicle, the attackers were able to unlock the vehicle, start the ignition, then steal the vehicle without the physical key fob. European authorities confiscated over €1 million in criminal assets (malicious software, tools, and an online domain). Microsoft Office 365 has a broken encryption algorithm. Microsoft Office 365 uses an encryption algorithm called “Office 365 Message Encryption” to send and receive encrypted email messages. The messages are encrypted in an Electronic Codebook (ECB). The U.S. National Institute of Standards and Technology (NIST) reported, "ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal". Emails can be harvested today then decrypted later for future attacks. User Space. Netflix crackdown on freeloaders. Netflix is testing in Argentina, the Dominican Republic, El Salvador, Guatemala, and Honduras Chile, Costa Rica and Peru different efforts to crackdown on freeloaders. The term “freeloaders” covers the multiple users sharing a single Netflix account from different locations. Netflix plans to charge an additional $3.00 - $4.00 per subaccount. Samsung implements private blockchain to link user devices. While claiming the private blockchain, “has nothing to do with cryptomining”, the Knox Matrix security system links all your devices together in a private blockchain instead using a server based group verification system. The system, Knox Matrix, is suppose to allow devices to “manage themselves” by auto updating, caching updates for other devices then distributing the updates to other devices on the private blockchain. Toys for Techs. Juno Tablet: whois lookup DNS Twister Report Juno Tablet is a Beta product; overall it works with a few bugs. This is a non-refundable product, you will only get store credit. Price: $429.00 USD. Screen Size: 10.1” Screen Type: Full HD IPS screen 1920×1200 Capacitive touch, Capacitive (10-Point) MIPI-DSI. Refresh Rate: 60 Hz. CPU: Intel Jasper Lake Intel Celeron N5100 (4 Cores / 4 Threads) – 1.10GHz (Turbo 2.80 GHz) Graphics: Intel UHD Graphics, Frequency:

Overview Have you ever written a Bash script (or any shell script) where you generate a message like 'Found 42 files' and the day comes when it reports 'Found 1 files'? Have you been irritated by this? I have, and I go to lengths to deal properly with (English) plurals in my Bash scripts. Method 1 The simplest solution would be to use an 'if' statement: if [[ $fcount -eq 1 ]]; then echo "Found 1 file" else echo "Found $fcount files" fi This works, but to have to do it for every message would be a pain! Method 2 The next approach to this problem might be to write a Bash function. pluralise () { local singular="${1}" local plural="${2}" local count="${3}" if [[ $count -eq 1 ]]; then echo "$singular" else echo "$plural" fi } This can be called as follows: $ i=1; echo "Found $i $(pluralise "file" "files" $i)" Found 1 file $ i=42; echo "Found $i $(pluralise "file" "files" $i)" Found 42 files The string being displayed with echo contains a command substitution ('$(command)') which returns 'file' or 'files' depending on the value given. The first two arguments can be more complex than plain strings: $ i=1; echo "There $(pluralise "is 1 light" "are $i lights" $i)" There is 1 light $ i=4; echo "There $(pluralise "is 1 light" "are $i lights" $i)" There are 4 lights The pluralise function is available for download. Method 3 The GNU project has developed a set of utilities called the GNU gettext utilities consisting of tools and documentation for translation. This is a large subject which is not suitable for a short HPR episode such as this one. Among the tools is 'ngettext' which performs the function we have been discussing - choosing among plural forms. It also implements translations if desired (and translation files are provided as part of the software being developed). We will not discuss the translation topic here, but the choice of plurals is something that can be used in Bash scripts. The 'ngettext' tool takes three mandatory parameters: MSGID - the singular form of the text MSGID-PLURAL - the plural form of the text COUNT - the value used to make the singular/plural choice There are other optional parameters and options but they are not relevant here. The tool can be used in exactly the same way as the 'pluralise' example above. $ i=1; echo "There $(ngettext "is 1 light" "are $i lights" $i)" There is 1 light $ i=4; echo "There $(ngettext "is 1 light" "are $i lights" $i)" There are 4 lights Whether you use this or a Bash function is your choice. Conclusion I have been using ngettext in my scripts since I discovered it. If you also need to provide messages in your projects in other languages then this might be a good idea. I admit that my understanding of the GNU gettext project is superficial, so, on reflection it might be better to use a Bash function, since I don’t currently need all of the features GNU gettext provides. Links

table td.shrink { white-space:nowrap } New hosts Welcome to our new hosts: Paul J, m0dese7en, CCHits.net Team. Last Month's Shows Id Day Date Title Host 3696 Mon 2022-10-03 HPR Community News for September 2022 HPR Volunteers 3697 Tue 2022-10-04 Mis-information, Dis-information, and Fake News. You are a product and target for all of it. Lurking Prion 3698 Wed 2022-10-05 Spectrogram Klaatu 3699 Thu 2022-10-06 Old and new videogames/board games with guest binrc Celeste 3700 Fri 2022-10-07 Introduction to Batch Files Ahuka 3701 Mon 2022-10-10 ReiserFS - the file system of the future Paul J 3702 Tue 2022-10-11 Easter Ogg Dave Morriss 3703 Wed 2022-10-12 McCurdy House Tour operat0r 3704 Thu 2022-10-13 Follow up to hpr3685 :: B

This continues our look at batch files by demonstrating the use of the ECHO command. This command can be used to display things on the screen, or hide them, as you wish. Links: https://www.ahuka.com/dos-lessons-for-self-study-purposes/dos-lesson-16-practicing-batch-files-with-echo/

InfoSec; the language of security. What is Typosquatting and How Do Scammers Use it? Typosquatting, as an attack, uses modified or misspelled domain names to trick users into visiting fraudulent websites; the heart of this attack is domain name registration. Typosquatting is deployed by scammers to defraud unaware users. Attackers will attempt to: mimic login pages, redirect traffic, download malware, and extort users. Past Known Typosquatting Attacks. Several Malicious Typosquatted Python Libraries Found On PyPI Repository Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository Security advisory: malicious crate rustdecimal This Week in Malware-Malicious Rust crate, 'colors' Typosquats Solutions to Typosquatting. How to stop typosquatting attacks What Is a Checksum (and Why Should You Care)? PiHole Ubuntu font family DNS monitoring services. Link to dnstwister: https://dnstwister.report/ Link to whois: https://www.whois.com/whois Password Managers. Link to bitwarden: https://bitwarden.com/ Link to keepassxc: https://keepassxc.org/ Two-factor and Multifactor Authentication. First, authentication. This is the process of verifying the validity of something; in our case, user credentials/identity. The most common way to authenticate is: USERNAME and PASSWORD. This is just a single layer (single-factor authentication) and isn’t enough to discourage attackers. Second, 2FA (Two-factor Authentication). 2FA increases the difficulty for attackers by providing users an additional layer of security to accomplish authentication. Common 2FA methods are: TOTP/OTP (the One Time Password), Authenticator Applications (Bitwarden, KeePassXC,...), and Security Keys (Yubikey). This works similar to ATMs; to authenticate the user must provide both knowledge (account PIN) and a physical object (bank card). Last, but not least, MFA (Multifactor Authentication). Similar to 2FA, MFA offers users security with the addition of biometrics (fingerprint scan, retina scan, facial recognition, and voice recognition). Attackers must overcome the knowledge factor, Possession factor, Inherence/Biometric factor, Time factor, and sometimes Location factor. MORE helpful security information. FIDO Alliance Specifications. Field Guide to Two-Step Login.

I talk about my views on how much of an impact technological jumps used to make on gaming in previous decades vs this decade.

I struggle with insomnia, instead of dreading it - I rather enjoy it now...here's how!

Figure 1 - trash Click the thumbnail to see the full-sized image Figure 2 - close-up Click the thumbnail to see the full-sized image Figure 3 - screen Click the thumbnail to see the full-sized image Figure 3 - parts collected Click the thumbnail to see the full-sized image Figure 5 - scrap iron Click the thumbnail to see the full-sized image Figure 6 - size comparison Click the thumbnail to see the full-sized image

Brady and I discuss people and technology; where it was, where we are, and where we are going. Put on your philosophy hats! Podcast Stuff: Robert actually had an Atari 1200 XL: http://oldcomputers.net/atari-1200xl.html Ray Ban Smart Glasses: https://www.ray-ban.com/usa/electronics/RW4002%20UNISEX%20ray-ban%20stories%20%7C%20wayfarer-shiny%20black/8056597489478?fbclid=IwAR08oSxzKyvMfsPYKa1PtvVkda6rJtAlAyJ24pDFSCo03tIqaIxDnVC9IWw&cid=PM-SBI_080622-1.US-RayBanStories-EN-B-Related-Exact_RayBan_Related_ray+ban+camera+glasses&gclid=c6b5a6ec15e015a94bb7c5f91c52a69c&gclsrc=3p.ds&msclkid=c6b5a6ec15e015a94bb7c5f91c52a69c&utm_source=bing&utm_medium=cpc&utm_campaign=1.US-RayBanStories-EN-B-Related-Exact&utm_term=ray%20ban%20camera%20glasses&utm_content=RayBan_Related Google Glass is Back: https://www.google.com/glass/start/ Microsoft Research: https://www.microsoft.com/en-us/research/about-microsoft-research/ Microsoft Open Source Blog: https://cloudblogs.microsoft.com/opensource/ Microsoft Open Source Hardware: https://azure.microsoft.com/en-us/global-infrastructure/hardware-innovation/ Picks of the Week: Brady's Picks Defeating the Hacker: A non-technical guide to computer security by Robert Schifreen https://www.amazon.com/Defeating-Hacker-non-technical-computer-security/dp/0470025557 Robert's Pick: The Satanic Verses by Salman Rushdie https://en.wikipedia.org/wiki/The_Satanic_Verses Cool Shit: Realtime Global Cyber Attack Map https://threatmap.checkpoint.com/

Getting an installer Link to FreeBSD downloads Choose the correct arch for your system. amd64 is probably the one you want if you know nothing about computer architectures. you will have a lot of options: *-bootonly.iso is a netinstall image that is for burning to a CD *-disc1.iso is a supplementary CD image for *-bootonly.iso *-dvd1.iso is a complete DVD image with extra packages *-memstick.img is a complete image for burning to a USB stick *-mini-memstick.img is a netinstall image for burning to a USB stick I typically download and use one of the compressed memstick images. The mini image is fine but you probably want the regular memstick image if this is the first time you've ever installed FreeBSD. It alleviates some of the stress that comes with installing wireless drivers. To burn a memstick image, use the disk destroyer program: root@fbsd# xunz FreeBSD-13.1-RELEASE-amd64-memestick.img.xz root@fbsd# sudo dd if=./FreeBSD-13.1-RELEASE-amd64-memestick.img of=/dev/sdx status=progress root@fbsd# sudo eject /dev/sdx Initial installation pre-installation The standard steps for installing Linux apply: disable secure boot enable USB booting select boot device at startup time Because this is hardware specific, it's a homework assignment for the audience. Installation FreeBSD has a menu driven installer that walks the user through various steps: 1. set keymap (leave default if you don't know) 2. set hostname 3. select sets There are many sets to choose from. New users probably want to install all of them. I typically only install the lib32 set and add the rest later. 4. Partitioning bsdinstall makes it easy to partition your drives. The Auto(ZFS) option is probably what you want as the default UFS configuration is unjournaled. In the Auto(ZFS) menu, for a single hard drive installation, you want to stripe one disk. Select your hard drive. If you want full disk encryption, select the Encrypt Disks option. You also want to bump up the swap size to ram*1.5 as a general rule (so, for 4g of ram you will set 6g of swap, for 8g or ram you set 12g swap). If you selected Encrypt Disks, you should also select Encrypt Swap When you are done, proceed with the installation. You will gt a confirmation message asking if you want to destroy the disk(s) you selected. This is your last chance to go back. If you selected Encrypt Disks, you will be presented with a password prompt. This is the disk encryption password, not any user password. 5. Wait for sets to install 6. Configure root user After the sets are installed, you will set a root password. 7. Network Config If your wireless card is supported, all the hard parts are already done for you. If your wireless card is not supported, you might need to plug in an ethernet cable and compile the drivers into the kernel. Select your card (em* is ethernet, wifi cards are named after their drivers) If you choose wifi, the installer will scan for networks and give you a menu to select one. If the network is encrypted, you will be presented with a password prompt. 8. Time and date setup 9. Service setup You will be p

Follow up on hpr3685 :: Budget and an Android app I added a calendar from OpenOffice.org OpenOffice.org Template Budget sample with a calendar in LibreOffice (Download link)

CL4P-TP Claptrap Borderlands Lego Bricklink https://rmccurdy.com/.scripts/downloaded/CL4P-TP%20Claptrap%20Borderlands%20Bricklink.pdf https://rmccurdy.com/.scripts/downloaded/CL4P-TP%20Claptrap%20Borderlands%20Bricklink.xml Lightsabers (get mystery box or whatever boneyard etc because much cheaper if you really just want programable full pixel blade) https://www.crimsondawn.com/products/mystery-box?variant=33206141681741 I paid $268USD for Neopixel Proffie ( I think it's all xenopixel stuff nowadays ): https://darkwolfsabers.com/shop/ols/products/rgb-baslix-saber/v/RGB-BSL-SBR-NPX-PRF RGB's from LGT Store (60-70$) https://www.aliexpress.com/store/1101560967