241: "Not Dead Yet" With Weldon Dodd of Rewind Tech - Denver, CO
/Topics:
-To start the new year, we are very pleased to be joined on our first live show of 2018 by Weldon Dodd of Rewind Technology in Denver, CO. Weldon hangs with the crew as another host in case Sam goes missing again.
https://rewindtech.com
-Some things never change, the old HCS land grab jokes are in full swing
-Joe discusses the first zero day exploit of 2018, actually launched via tweet on New Year's Eve. Check out the IOHIDeous narrative on GitHub, kind of interesting! The vulnerability exists in a process called IOHIDUserClient which the macOS limits to having only a single instance at any given time, which happens to be spawned by WindowServer. So in order to exploit the vulnerability, we need to kill the WindowServer process. But terminating it requires admin privileges and essentially reboots the GUI, so this is not a viable mode of exploitation. But it turns out that by logging out the user, WindowServer releases its IOHIDUserClient temporarily, giving the exploit enough time to spawn its own instance of IOHIDUserClient and leverage it to compromise the system. The exploit can use "launchctl reboot logout" which does not display a warning dialog. The exploit can also use an AppleScript command to send loginwindow an event called "AppleEventReallyLogOut" (osascript -e 'tell application "loginwindow" to «event aevtrlgo»'), and loginwindow apparently doesn't care who sent the event, but it does display a dialog box as if the user selected "Log Out" from the Apple menu.
-Jerry wonders if this will be on the CCP test
-Sam recalls a story working after hours at a client when the alarm goes off
-Weldon shares his story of a Promise RAID gone wrong. Friends don't let clients pull drives out of RAID drive bays. It also leads to a further discussion about how to handle RAID solutions and future expansion.
-A handy virtualization app for Synology, which Sam has used in conjunction with CrashPlan, is Docker: https://www.synology.com/en-us/dsm/feature/docker
-Jerry is busy building Minecraft worlds on Synology. He ends up needing a volume formatted as Btrfs. Read more here: https://www.synology.com/en-us/dsm/Btrfs
-Time Machine and Synology has had a spotty past
-Sam discusses a Wi-Fi upgrade in NYC and replaced aging equipment with Ubiquiti Unifi. He also has some advice on utilizing a Cloud Key.
-He also mentions a handy workaround to test network settings remotely while still needing to reconnect to the remote computer. Joe recalls a similar solution for another problem.
-Jerry talks about the Unifi In Wall units that he has set up recently: https://inwall.ubnt.com
Thanks as always to our Patreon sponsors!
Listen to the outtakes and learn the origin of this picture!