[10:57] <Iuser> morning
[11:11] <floridagram> <Ivoriesablaze> I use yumi... Man, im so far behind in the conversation
[11:11] <floridagram> <Ivoriesablaze> But I use it as an all purpose boot disk, like not just for linux, but I have repair tools, security tools, etc on there as well
[11:20] <Iuser> If I had checksummed my distro, I would not have had so much trouble making a usb drive
[11:20] <Iuser> YUMI showed a percentage of completion and spotted two broken files
[11:23] <Iuser> rufus and UUI did not
[11:24] <floridagram> <Ivoriesablaze> normally, if i get the image from the site itself, i don't bother with checksums, though the linuxmint issue from last year should probably rethink that
[11:26] <Iuser> It was a good lesson for me...leave nothing to chance
[11:32] <floridagram> <Ivoriesablaze> Why not? Surprises are fun! ^_^
[11:33] <Iuser> Especially when they take days to correct...ach!
[11:38] <Iuser> Hopefully this channel can help me avoid some 'suprises'.
[11:43] <Iuser> Thanks for the chat, be back this afternoon/evening.
[12:46] <floridagram> <AdamOutler> Any ideas as to what comes after Zesty Zapus?
[13:01] <floridagram> <ahoneybun> There's a wiki page about all the current guesses
[13:01] <floridagram> <ahoneybun> Can't remember where it's at though
[13:03] <floridagram> <SivaMachina> https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
[13:47] <maxolasersquad> ProTip: If you have a publicly facing Linux machine, install fail2ban. If you use fail2ban, make sure you have the recidive jail enabled.
[13:47] <maxolasersquad> The recidive jail took me from multiple hacking attemps every minute, to sometimes going up to two hours without a hacking attempt.
[14:44] <floridagram> <AdamOutler> Max, you can change the ports as well.  For example SSH on port 2222 reduces hacking to almost nothing.
[14:45] <floridagram> <KMyers> @AdamOutler, From my experience, changing the SSH port offers a minimal increase in security.
[14:46] <floridagram> <AdamOutler> Multiple per minute to maybe 1 per hour.  It is substantial.
[14:46] <floridagram> <AdamOutler> Most of the attempts are not full port scans.  They are looking for n3wbs with a root:root login
[14:46] <floridagram> <KMyers> Setting up a port knocking system is a pain in the @$$ but it works the best
[14:47] <floridagram> <AdamOutler> No, that's just too much work.  ssh -p 2222 me@myserver
[14:48] <floridagram> <AdamOutler> I also have email set up so I know when a login occurred.
[15:03] <floridagram> <KMyers> Damn @AdamOutler - you really need to update your sshd
[15:41] <floridagram> <AdamOutler> What do you mean?
[15:41] <floridagram> <KMyers> Check your SSH Login Folder
[15:42] <floridagram> <AdamOutler> Har har
[15:42] <floridagram> <KMyers> ?
[15:43] <floridagram> <AdamOutler> Unfortunately you didn't get the secret key right.
[15:44] <floridagram> <AdamOutler> The email is keyed
[15:44] <floridagram> <KMyers> Give me credit for trying... at least it made you give it a 2nd look
[15:44] <floridagram> <AdamOutler> Yeah.
[15:44] <floridagram> <KMyers> I am sure you were thinking "Oh Shit" when you saw it, until you opened the email
[15:44] <floridagram> <AdamOutler> Yep
[15:46] <floridagram> <AdamOutler> I did get your IP though, thanks for that.
[15:47] <floridagram> <KMyers> It is the IP for my personal VPN, not really a secret
[15:47] <floridagram> <AdamOutler> Ah
[15:59] <maxolasersquad> AdamOutler, I run my web project on differing ports, but I prefer to keep my ssh on 22 for ease.
[16:00] <maxolasersquad> We where playing with ansible to deploy and destroy VMs on our hosting provider and had one hacked because we hadn't really worked out any of the security.
[16:00] <maxolasersquad> The bash logs showed them trying to get access to other machines, but it was isolated, nowhere to go, nothing to do, and as an unprivileged user.
[16:00] <floridagram> <AdamOutler> @maxolasersquad This is one occasion where I endorse security by obscurity.  It adds an extra layer which weeds out the "ssh commonUser:commonPass@host" spam.
[16:01] <maxolasersquad> Security through obscurity isn't bad when added on as a layer, and not relied upon.
[16:02] <maxolasersquad> In a battlefield I'd rather be a well hidden bag of meat, than in an orange colored tank with florescent, "I'm here", signs.
[16:03] <floridagram> <KMyers> Security Tip #1 : Using a short 2 letter password increases security exponentially as many brute force password cracking tools start at 3 letters
[16:03] <floridagram> <AdamOutler> haha.  Word. As a security professional, I encounter "security by obscurity" as a bad word continuously.  But it does have its place.
[16:03] <floridagram> <AdamOutler> ahhahah
[16:13] <maxolasersquad> https://danielmiessler.com/study/security-by-obscurity "Obscurity is a Valid Security Layer"
[16:13] <floridagram> <KMyers> One sec, looking for an article
[16:27] <floridagram> <KMyers> https://usnews.today/2017/02/24/computer-security-tips-to-help-you-keep-safe-online/
[16:41] <floridagram> <AdamOutler> Wrong gloves, keith
[16:42] <floridagram> <KMyers> BTW, refresh it f you dont see Tip 5
[16:42] <floridagram> <AdamOutler> Everyone knows hackers wear fingerless gloves
[16:43] <floridagram> <AdamOutler> The social bar on your site is mesing with my ability to read.
[16:43] <floridagram> <AdamOutler> and ability to type, apparently.\
[17:35] <floridagram> <govatent> Btw did you guys see the cloud flair situation
[17:35] <floridagram> <KMyers> I did