Well shit, thanks Gravy Analytics!
Gravy Analytics, a major location data broker, recently disclosed a data breach that may have exposed precise location information of millions of individuals. The breach, identified on January 4, 2025, involved unauthorized access to the company’s AWS cloud storage. A sample of the leaked data, shared on a Russian forum, contained over 30 million location points, including sensitive sites like the White House and military bases.
Gravy Analytics is investigating the breach to determine its scope and whether personal data was compromised. Preliminary findings suggest that if personal data is involved, it likely pertains to users of third-party services that supply data to Gravy Analytics.
This incident coincides with recent regulatory scrutiny. In December 2024, the Federal Trade Commission (FTC) filed a complaint against Gravy Analytics and its subsidiary, Venntel, for unlawfully collecting and selling user location data without consent, including data related to sensitive locations.
The breach underscores ongoing concerns about privacy and the security of personal data handled by data brokers. It highlights the potential risks associated with the collection and sale of location information, especially when such data can reveal sensitive or personal aspects of individuals’ lives.
From what I have read, if you had Apple’s “Allow Apps to Request to Track” off, you SHOULD be good. But I would have to look into it more.
Open source Remote Desktop software, hosted on Oracle, for free
Objective: Move from Anydesk (or other remote desktop software) and self host an Open Source Rustdesk server instance in Oracle Cloud Free Tier. More info about RustDesk can be found here:
- Create an VM instance in Oracle Free Tier, running Ubuntu
- Run Rustdesk Server as a Docker container
- Allow ports that Rustdesk uses to be routed to server container by adding ingress rules
- Using a dynamic DNS host to get a stable, accessible address
- Setting up target remote clients
Go to Oracle Cloud Free Tier at this website:
# Add Docker’s official GPG key:sudo apt-get updatesudo apt-get install ca-certificates curlsudo install -m 0755 -d /etc/apt/keyringssudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.ascsudo chmod a+r /etc/apt/keyrings/docker.asc# Add the repository to Apt sources:echo \“deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \$(. /etc/os-release && echo “$VERSION_CODENAME”) stable” | \sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullsudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo docker run hello-world
services:duckdns:image: lscr.io/linuxserver/duckdns:latestcontainer_name: duckdnsnetwork_mode: host #optionalenvironment:– PUID=1000 #optional– PGID=1000 #optional– TZ=America/Los_Angeles #optional– SUBDOMAINS=example #enter your subdomain here– TOKEN=12345 #enter your token here– UPDATE_IP=ipv4 #optional– LOG_FILE=false #optionalrestart: unless-stoppedhbbs:container_name: hbbsports:– 21115:21115– 21116:21116– 21116:21116/udp– 21118:21118image: rustdesk/rustdesk-server:latestcommand: hbbs -r #enter your full domain name here that points to your server, or the public IP of the instancevolumes:– ./docker/rustdesk:/rootrestart: unless-stoppedhbbr:container_name: hbbrports:– 21117:21117– 21119:21119image: rustdesk/rustdesk-server:latestcommand: hbbrvolumes:– ./docker/rustdesk:/rootrestart: unless-stoppedwatchtower:image: containrrr/watchtower:latestcontainer_name: watchtowernetwork_mode: bridgevolumes:– /var/run/docker.sock:/var/run/docker.sockenvironment:TZ: Americas/Los_Angelescommand: –cleanup –schedule “0 0 3 * * *” hbbr hbbs duckdnsrestart: always
Apple refreshes their security support document regarding smishing attacks for iPhone and iPad users
Apple has updated its security support document to help iPhone, iPad, and Mac users recognize and avoid social engineering schemes such as phishing messages and fake support calls. This update comes in response to reports of “smishing” attacks targeting Apple IDs, where users receive SMS messages attempting to steal their Apple ID credentials via a fake iCloud website.
Key guidelines from Apple include:
– Ignore suspicious messages and links.
– Apple will never ask for Apple ID passwords, verification codes, or request users to log into a website, disable security features, or use Apple Gift Cards for payments.
– Always contact Apple directly through official channels for support.
– Protect your Apple ID by using two-factor authentication and keeping contact information secure.
– Only download software from trusted sources.
– Avoid following links or opening attachments in unsolicited messages and do not respond to suspicious phone calls or messages claiming to be from Apple.
Apple emphasizes vigilance against scammers who use scare tactics to create urgency and seek login information and security codes. Users should avoid downloading unrecognized software and follow Apple’s advice on spotting and reporting suspicious activities.
Telegram Combolists and 361M Email Addresses
Looks like in HIBP (Have I Been Pwned) released a new notice that 122GB of user data (emails, passwords and associated websites) have been released via Telegram channel.
Basically use DIFFERENT passwords for every websites that you have an account on, and turn on multi factor authentication on websites if you have not already. Barring that, keep your eye out for any odd activity.
https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/
Okta releases info that they have seen an uptick in credential stuffing
Authentication service Okta is warning about the “unprecedented scale” of an ongoing campaign that routes fraudulent login requests through the mobile devices and browsers of everyday users in an attempt to conceal the malicious behavior.
I’m not too surprised that this happening. Combined with the fact most average users reuse passwords on various websites, this is definitely not a good thing.
UTM – an open source emulation software for Apple Silicon Macs
Well I stumbled on something interesting when I was trying to virtualize Windows Server 2019 on MacOS Sonoma 14.4.1: I completely forgot that it only runs on x86-x64 architecture and my simple mind forgot that I can run only ARM64 compatible OSes in Vmware Fusion. (shout out to the free player Vmware provides for us to use to play around with these things!)
Basically the reason for doing this was so I can learn and teach myself the ins and outs of Active Directory so I can put it in my home lab homework history.
Anyways I stumbled upon a software application called UTM: specifically made for MacOS and it allows EMULATION, which means I can run any OS architecture, albeit at a penalized state (aka not optimized). Apparently running with multiple cores would help speed up things, especially on my M2 based ARM64 processor.
The link is here: https://tcsfiles.blob.core.windows.net/documents/AIST3720Notes/WindowsServeronanM1Mac.html
Currently in Vmware Fusion I have Ubuntu 22.04 LTS and Windows 11 virtual machines sitting in the library, and while I am posting this getting UTM to install Windows Server 2019 and Kali Linux 2023. If there is a computer “issue”, there is usually a computer solution.
On the home network I have a separate hardware device running video transcodes in the form of a small form factor HP (HP ProDesk 400 G5 Desktop Mini i5-9500T 8GB DDR4) using Ubuntu 22.04 LTS and another NAS appliance running UnRaid (Intel Xeon CPU E31220 @ 3.10GHz with 15 SATA connections, 16GB DDR3 Single-bit ECC), which also hosts 18 Docker containers. Trying to figure out how to build out a Pi-hole/OpnSense device to supplement the built in firewall from the TP-Link Archer BE550. All configurations and ideas mostly came from serverbuilds.net.
Backblaze Network Stats
I usually read the Blackblaze Hard Drive Data stats on the blogs on the website, since I find the information useful and informative when it comes to buying hard drives for my personal NAS (network attached storage box) and I want to make sure the drives stay good and healthy for a long while (value aspect). I also look at https://shucks.top/ – great place to find cheaper per TB external drives that one can “shuck” to remove the drive out. While the aspect of removing drives from the casing can be a bit unnerving, it gets easier as one keeps on doing it. I actually got the idea from another Backblaze blog when the team over there had to resort to such measures when there was a hard drive shortage due to the floods in Thailand that one year, causing a surge in pricing since supplies where constrained.
Anyway, the new blog post I saw was from here: https://www.backblaze.com/blog/backblaze-network-stats/ – pretty good newbie guide for the masses to understand how Backblaze operates and what kind of connectivity they would like for their services.
P.S. – I am looking at probably changing up the simply layout of this website to start to segregate the blog posts. Might have more posts coming down the line and it is probably a good idea to segment the hobby of DJing and the professional side of IT related content on this website.
Another day, another data breach
Looks like PCWorld posted about an article about another data dump of user emails and passwords. Having this in hand, a nefarious actor can use this in a credential stuffing attack, just randomly using the combination of an email and using the password associated with it.
This is why it is best practice to have AT LEAST different passwords for every account you create online. Usually stored in a password manager like 1Password, Apple’s iCloud Keychain, or even Chrome or Firefox. Keep in mind your “eggs in one basket” is just as protected as the main password on the basket.
If an online account offers 2FA (or multi-factor authentication), use it. There is a huge push for passkeys, which use biometrics to confirm your identity. Most Android and Apple devices will allow you to sign up for them using the sensors built into the device.
More information about this latest data dump can be found here:
In addition to using haveibeenpwnd? website to identify if you have leaked PI (personal information) on the Internet, you can also use this search from CyberNews: https://cybernews.com/personal-data-leak-check/
Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller on Ubuntu 22.04.3 LTS
*Disclaimer* – While I got this all working in the end, it was a bit of trial and error to figure out exactly what to do. Did my research on a few forum posts and reading out the solutions. But some of it didn’t apply to the situation I was in. If you are like me and had r8168-dkms working previously, and pulled in a new update for Ubuntu 22.04 LTS, give the builtin driver r8169 a try. This advice would apply to Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller, it might also apply to other Realtek NICs, but I cannot verify if it would work on others or not.
Also this advice ASSUMES you are slightly comfortable with using terminal on Linux, via local machine or remote SSH. [[email protected]]
I believe it all started when I updated the main Ubuntu 22.04 to 22.04.2, I went searching through the internet to see why my Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller was no longer connecting to the wired network. This was a big deal to me because the system I was running this on was a headless server (thankfully still in the house) that I was trying to figure out why I could not remote SSH into it. (I also have AnyDesk installed on the operating system, for when I was lazy and didn’t get too familiar with terminal yet). Thankfully the WiFi NIC was still operable, so I was connecting a very small 5” monitor (https://www.amazon.com/gp/product/B07B8JNKT3?ie=UTF8&th=1) to the system, along with a keyboard and mouse to see what the heck was going on.
From what I was seeing online, it looks like the r8169 NIC driver (that comes default with the Ubuntu install) was not functioning correctly and I needed to run r8168-dkms on it, disabling the default driver. From what I could ascertain in the current situation, r8169 could not enable the Gigabit Ethernet NIC, so following the Debian commands for installing such a thing from the Linux repository “apt”:
sudo apt update
sudo apt install r8168-dkms
After running that command and sending off a “sudo reboot now” command in console to make sure that the configuration stays intact after a reboot, I saw it worked well and the connection was stable after a few hours.
I bring this all up because TODAY I decided to restart the server (again with a remote SSH terminal session) after pulling in new updates for Ubuntu using apt update and apt upgrade. My connection was closed by host, but it wasn’t coming back. Thinking the server froze up or some other issue, I force restarted it at the power button on the unit itself. SSH still wasn’t working. So I pulled up my trusty 5” monitor, keyboard and mouse and locally attached it all to see what was going on. Same issue as before, missing Ethernet connection from the status bar (top right) and from the settings menu. Again WiFi was still working, so I connected that to my guest WiFi in my place and started working on updating the Ethernet NIC driver.
Played the “search the Internet game for an answer”, I had a hunch that the r8168 driver wasn’t working correctly and decided to give the stock (built-in) Realtek r8169 driver a chance. In order for me to re-enable r8169, I had to purge and remove dependent packages and configurations like so:
sudo apt remove r8168-dkms
sudo apt remove — auto-remove r8168-dkms
sudo apt purge r8168-dkms
sudo apt purge — auto-remove r8168-dkms
Interestingly enough after a reboot, it didn’t automatically fix it after removing the r8168-dkms, so after poking around some more I put in two more commands:
rmmod r8169
sudo modprobe r8169
After typing in the last command, the server was able to recognize the Ethernet controller and immediately connected back to the wired network! Once I verified the connection was up and active, I disabled the WiFi once again on the machine to solely connect to the network through the Ethernet port.
P.S. – I did the command lspci in terminal to list out the hardware to verify exactly what make and model the Ethernet Controller was. By doing so I was able to use that info while searching around the Internet to figure out what the issue was in the first place.
This is all running on a HP ProDesk 400 G5 Desktop Mini i5-9500T.
Website sources I used mainly to try to figure out what the heck to do:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1876593