Hello again, Kyle Fox here. This week we have some big news from the tools people over at Kali Linux, a major YouTube channel takeover, a short look into the Software Defined Radio scene, and an extra large helping of news in the roundup.
Kali Linux Turns 10 and Releases Enterprise Security Distribution Kali Purple
Ten years ago Kali Linux brought us all the offensive security tools under one roof, with everything setup so that you could dive into using them. Before then putting together an offensive security Linux installation involved downloading gzipped-tar files and a bit of compiling, not exactly an easy start. While it was heralded as a danger to all of information security, the walls did not fall and it turned out to be a really helpful tool in the security toolbox.
Side Trek: As the Raspberry Pi shortage continues, lots of makers and tinkerers have been looking for alternatives. You may note that I linked to a platform called the BeagleBone Black above, this is a platform that may be more suited for many Linux + MCU style setups. While the Raspberry Pi runs on a set-top-box series of embedded processors, the BeagleBone series runs on the TI Sitara AM335x series of chips. These chips are designed to be embedded application processors and come with all the IO you would expect from a microcontroller, including a pair of dedicated microcontroller cores called Programmable Realtime Units (PRUs) as well as application processor interfaces such as Ethernet and HDMI. The BeagleBone Black runs Linux pretty well.
Linus Tech Tips has its YouTube Channel Taken Over by Crypto Scammers
Despite a push by Google to get large YouTube channel managers to transition to MFA, the LTT channel was taken over by crypto scammers. The attackers used specialized malware that is set up to steal the session cookies for YouTube from targets. This presents a fairly big weakness for YouTube creators because any channel manager can navigate from their own YouTube account to a managed channel in three clicks (Click on your avatar, click on Switch Account, click on the desired account) without any sort of re-authentication. And because this is available to normal users, it is also available to anyone who has stolen those users session cookies.
Hopefully this incident can serve as a warning for creators that they need to up their defensive security game, including using unique accounts for large channel managers and deploying more endpoint security. But one can also argue that Google needs to provide more security for YouTube creators, including the option to force re-authentication on an account switch as well as more granular permissions, enhanced backstops on channel actions and perhaps more audit tools.
Software Defined Radio Keeps Chugging Along Behind the Scenes
While were on the subject of microcontrollers, I just want to put a shout-out to ESPHome here. This project strives to create software to allow you to use ESP based wireless microcontrolers to integrate sensors, buttons, outputs and the like into your home automation setup, sometimes with only a bit of yaml.
Piggybacking on my recommendation of the YouTube channel Technology Connections from last time, this week I am recommending Transport Evolved, a channel detailing the world of cleaner, greener, safer, and smarter transport.