AniNIX | News

IoT Security

2019-12-23T12:40:00Z

The AniNIX uses IoT devices as part of the Geth automation project, and as such we're watching IoT security threads. If folks aren't aware, there's a fight brewing between FFTF / EFF and facial recognition, and they're going after Ring hard.
-

Countries like China (and America a little bit) are looking at using facial recognition for a social credit score a la "Black Mirror". https://www.youtube.com/watch?v=CLo3e1Pak-Y -
Ring started a campaign to get police officers to push Ring cameras in homes in return for access to their Neighbors community. https://www.eff.org/deeplinks/2019/08/five-concerns-about-amazon-rings-deals-police -
FFTF started a campaign to ban facial recognition. https://www.banfacialrecognition.com/ -
The rest of the security community has also found facial recognition unreliable. https://www.securityweek.com/massive-errors-found-facial-recognition-tech-us-study -
Ring was exposed as having issues with bootstrapping and other security issues. https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security -
Some Ring accounts were breached with credential stuffing. https://latesthackingnews.com/2019/12/23/hackers-continue-to-dump-weak-ring-doorbell-credentials-online/ -
FFTF started a No-Ring campaign. https://www.ringsafetywarning.com/ -
EFF has issued a formal rebuff. https://www.eff.org/deeplinks/2019/12/ring-throws-customers-under-bus-after-data-breach

- -

This is likely to get worse before it gets better. If you are deploying Ring cameras (like we did before all this dropped), make sure you're at least following a few good practices. (More here: https://www.businessinsider.com/how-to-protect-amazon-ring-against-hackers-spying-2019-12#7-make-sure-your-ring-software-is-up-to-date-7) -

Only deploy the Ring cameras external to the home. -
Turn on 2FA. -
Isolate your cameras on a guest wifi network. -
Make sure your Ring account's email is signed up on https://haveibeenpwned.com/.

Warrant Canary

2019-12-10T12:28:00Z

We want everyone to know that, despite recent law enforcement and Senate cries that they can't do their job without backdoors into encrypted communications (source: https://www.eff.org/deeplinks/2019/12/senate-judiciary-committee-wants-everyone-know-its-concerned-about-encryption), the AniNIX is committed to protecting your communications with our network.

- We do offer proxies of some semipublic information to outside sources -- Discord and GitHub (http://github.com/AniNIX) -- but our internal services over SSH, IRCS, and HTTPS are hardened and audited.

- We are now additionally offering a warrant canary. This is a GPG-based device for users to know that our communications have not been compromised. If you are cybersecurity-minded, please watch the linked repo.

FFTF Security Pledge

2018-04-06T14:30:00Z

Fight for the Future and Demand Progress have published a Security Pledge in the wake of the Facebook failures. This pledge includes the following tenants: give users access and control over their data, strong data protections, limit data collection, equal protections for all, and resist improper government access and surveillance. The AniNIX will be taking on this pledge.

Recent WebSec Audit

2018-03-17T02:46:00Z

We recently underwent a security audit with High-Tech Bridge's free Web Security suite. With some remediation, we now earn an A- on Web security and an A+ on SSL security. If you're looking for a free method to test your webserver, take a look at them. Please be aware that they don't respect Let's Encrypt, so be aware your scores may suffer.Click here for the SSL scan report.

Hardware Diagnostics

2018-02-07T13:23:00Z

We are noticing significant performance degradation from the integrated Marvell controller on the AniNIX::Forge2 frame. Due to cost reasons, the AniNIX is not locally highly available for some components -- we don't have another hypervisor to transfer VM's to. As such, the AniNIX services will be offline from 1700 to 2000 CST today while we route around the failing controller. We thank you for your patience, and we will be online from Discord to answer questions.

Congressional Resolution of Disapproval

2018-01-16T00:00:00Z

In the resistance to the FCC vote, we have a foothold in the Senate. Watch Markey's resolution of dissatisfaction in the FCC as it passes through the Senate. Remember: You are the resistance.

Spectre/Meltdown Patching

2018-01-05T12:30:10Z

Meltdown and Spectre are nasty speculative-execution vulnerabilities impacting most processors from ARM, Intel, and AMD -- patches are just now being released by the distributions. We are taking emergency patching tonight around 2200 Central. Patch your systems regularly over the next couple months, and insure IoT devices are behind a Geth overlay or some similar barrier.

Licensing Under WTFPL

2017-05-31T12:30:10Z

The AniNIX is now licensed under WTFPL. Feel free to redistribute our products as you'd like. Only the AniNIX name and core icon are not covered by this license.

Wannacry Has Changed

2017-05-19T12:30:10Z

WannaCry Ransomware is now infecting thousands upon thousands of Windows systems. Most researchers are recommending disabling SMBv1, even though some killswitches and decryption software exist. We now provide a PowerShell script in the ExploitChecks repository to identify if SMBv1 is still enabled. If you need a decryption package, see Wanakiwi. Download here.

IDS Changes

2017-02-17T14:10:00Z

We will be updating our intrusion detection paradigm with experimental Cerberus prevention. Attacks against the aninix.net domain will result in permanent and complete firewall bans at the network edge. Make sure your attack tools ignore this domain if you want to access our services.

CVE-2016-4484

2016-11-16T16:26:00Z

This bug allows an attacker with physical or remote access to grab a root shell via attacking dm-crypt. Use the following one-liner to patch. "sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub; grub-mkconfig -o /boot/grub/grub.cfg; grub-install --target=i386-pc /dev/sda"

Rule 41

2016-9-23T16:00:00Z

The EFF has identified a provision in recent legislation that would allow US federal government to search for warrants in any district that may have carried the communication. This means the federal government can search for a favorable judge to go after Tor users and other privacy advocates. This legislation for Tor users and those running Tor, VPN, or remote-access services. The warrants could be used to hack into private machines and rummage for incriminating evidence. Join the fight to stop this legislation.

Trademarking

2016-9-13T16:00:00Z

The AniNIX is currently filing for Class 009, 038, and 041 trademarks for the name and logo. Please do not create or distribute new products using this name without prior written permission from the admins.

Caution on Windows!

2016-8-3T16:00:00Z

Be careful installing Windows 10 Updates, particularly the Anniversary Update. It may delete your Linux installs! The AniNIX has disabled the Windows Update service on all Windows hosts and will only update immediately after a backup cycle.