Well shit, thanks Gravy Analytics!
Gravy Analytics, a major location data broker, recently disclosed a data breach that may have exposed precise location information of millions of individuals. The breach, identified on January 4, 2025, involved unauthorized access to the company’s AWS cloud storage. A sample of the leaked data, shared on a Russian forum, contained over 30 million location points, including sensitive sites like the White House and military bases.
Gravy Analytics is investigating the breach to determine its scope and whether personal data was compromised. Preliminary findings suggest that if personal data is involved, it likely pertains to users of third-party services that supply data to Gravy Analytics.
This incident coincides with recent regulatory scrutiny. In December 2024, the Federal Trade Commission (FTC) filed a complaint against Gravy Analytics and its subsidiary, Venntel, for unlawfully collecting and selling user location data without consent, including data related to sensitive locations.
The breach underscores ongoing concerns about privacy and the security of personal data handled by data brokers. It highlights the potential risks associated with the collection and sale of location information, especially when such data can reveal sensitive or personal aspects of individuals’ lives.
From what I have read, if you had Apple’s “Allow Apps to Request to Track” off, you SHOULD be good. But I would have to look into it more.
Open source Remote Desktop software, hosted on Oracle, for free
Objective: Move from Anydesk (or other remote desktop software) and self host an Open Source Rustdesk server instance in Oracle Cloud Free Tier. More info about RustDesk can be found here:
General overview of the steps I have taken to achieve this:
- Create an VM instance in Oracle Free Tier, running Ubuntu
- Run Rustdesk Server as a Docker container
- Allow ports that Rustdesk uses to be routed to server container by adding ingress rules
- Using a dynamic DNS host to get a stable, accessible address
- Setting up target remote clients
Go to Oracle Cloud Free Tier at this website:
Most of the inspiration to do this was from this youtube video, in which I made a few changes.
– Go through setup, adding in credit card info (which they will not charge as long as you do not go past the free tier limits, which you will not with this instance running)
– Please note your cloud account name, and your username, which is your email address that you have setup.
– Create a VM instance, I recommend Ubuntu linux version 22.02 or higher.
– When you create this instance, MAKE SURE TO DOWNLOAD the private and public key for the instance. You will use this to SSH into Ubuntu. There is no password. IF YOU FORGET THIS, you will have to delete the instance and make another one since there is no way to get the private key after the VM is spun up.
– give a name to your VNIC, change your internal IP address to the VM, and a name for your subnet.
– Now it is time to SSH into the VM Ubuntu instance
– For my own sake, I am on MacOS and I used the app Shellfish, and I was able to attach the private key to the login.
– user name would be “ubuntu”, and no password. The public IP address would be listed in the instance information from Oracle Cloud. That is what you would SSH into.
– In Windows, you can use PuTTY and attach the private key
– In Terminal on MacOS (and Linux) you can attach the key within the login info in as “ssh <SSH-key> ubuntu@<oracle-cloud-ip-address>”
– Once remote into the terminal session, first thing is to run “sudo apt update && sudo apt upgrade”
– This is to run updates to the Ubuntu image before doing anything else.
– Now it is time to install Docker, Docker Compose, DuckDNS (your choice) and RustDesk.
– With DuckDNS and Rustdesk, we will use a compose.yaml file (which interacts with Docker Compose). This file will pull down the containers and start them automatically.
Docker is installed using the Docker documentation and pasting it in the terminal window. (documentation here: https://docs.docker.com/engine/install/ubuntu/)
– Using apt, copy paste these commands in the SSH terminal and wait for them to complete:
—
# Add Docker’s official GPG key:sudo apt-get updatesudo apt-get install ca-certificates curlsudo install -m 0755 -d /etc/apt/keyringssudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.ascsudo chmod a+r /etc/apt/keyrings/docker.asc# Add the repository to Apt sources:echo \“deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \$(. /etc/os-release && echo “$VERSION_CODENAME”) stable” | \sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullsudo apt-get update
—
Install the lastest Docker package:
—
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
—
Verify installation is succesful by running this command:
—
sudo docker run hello-world
—
– Now this is the part where we create a docker-compose file
– type in this command “sudo touch compose.yaml”
– then type “sudo nano compose.yaml”
The following is what I have pasted in my YAML file. Edit as you see fit.
– An explanation of what is going on in my YAML file
– duckdns to point a DNS to an IP address of your choice (more info here: https://www.duckdns.org/about.jsp)
– Make sure to create a free DuckDNS account, create a subdomain, and take note of the token. You would need to add the value on the compose YAML file.
– hbbs and hbbr are the Rustdesk servers that need to be run to allow self-hosting. hbbs is the service that gets the client’s IP address to know where to make the direct connection. hbbr is the service that allows relaying if direct connection cannot be established.
– hbbs would need the -r switch to point to the IP address of the instance, in this one I used the DuckDNAS subdomain which points straight back to where hbbs resides
– Watchtower is used to auto-update containers daily at 3am.
– the YAML file will pull down all the containers, install them, and run.
—
services:duckdns:image: lscr.io/linuxserver/duckdns:latestcontainer_name: duckdnsnetwork_mode: host #optionalenvironment:– PUID=1000 #optional– PGID=1000 #optional– TZ=America/Los_Angeles #optional– SUBDOMAINS=example #enter your subdomain here– TOKEN=12345 #enter your token here– UPDATE_IP=ipv4 #optional– LOG_FILE=false #optionalrestart: unless-stoppedhbbs:container_name: hbbsports:– 21115:21115– 21116:21116– 21116:21116/udp– 21118:21118image: rustdesk/rustdesk-server:latestcommand: hbbs -r #enter your full domain name here that points to your server, or the public IP of the instancevolumes:– ./docker/rustdesk:/rootrestart: unless-stoppedhbbr:container_name: hbbrports:– 21117:21117– 21119:21119image: rustdesk/rustdesk-server:latestcommand: hbbrvolumes:– ./docker/rustdesk:/rootrestart: unless-stoppedwatchtower:image: containrrr/watchtower:latestcontainer_name: watchtowernetwork_mode: bridgevolumes:– /var/run/docker.sock:/var/run/docker.sockenvironment:TZ: Americas/Los_Angelescommand: –cleanup –schedule “0 0 3 * * *” hbbr hbbs duckdnsrestart: always
—
– Make sure to save the compose.yaml file when you exit.
– Now it is time to run the containers in Docker
– Start running them by typing in “sudo docker-compose up -d”
– the -d switch will allow you to run the containers in detached mode, allowing you to close your SSH session without shutting off the containers.
– You can verify at any time that the containers are running by using the command “sudo docker ps”
– Once everything is running, double check the key files that gets generated at “./docker/rustdesk”. The files should be named id_ed25519 and id_ed25519.deb.
– Use the cat command “cat id_ed25519.deb” and note the output
– The output is the public key for the asymmetric encryption for Rustdesk connections.
– This key would be inputted in the “Settings-Network” section of RustDesk client, in the same area where the server ID info would be put in.
Poke holes in your VPS firewall!
– Fastest way is to go to your Oracle Cloud console instance page and look at the details of your instance. Click the name of your subnet (under the section “Primary VNIC”).
– Click Default Security List
– Add ingress rules, with source 0.0.0.0/0, TCP protocol and destination port range of 21115-21119
– second rule would be the same, but with UDP protocol and destination port 21116
– Double check DuckDNS is pointing to correct public IP of the instance.
– Using ping will resolve an IP address, but only once! The second ping will show unreachable. This is okay.
Install client on your own computer, and configure it.
Below would be the instructions if I was walking a client on how to set it up so I can start remote desktop services without me being physically there.
If you wanted just temporary, attended access (like a one time look), you can adapt these instructions by just downloading the Rustdesk client, and then just putting in the ServerID in settings, network. From there you would just need the computer ID and the one time password to remote in.
Minimum to get client to install on their system to enable permanent remote unattended desktop access
– Open web browser, go to rustdesk.com/download
– Have them download the client that matches their computer
– Have them open the file
– If on Mac, drag Rustdesk to Application folder and open it
– Enable all permissions before continuing
– If on Windows, run the RustDesk exe file
– Install it as a service to prevent UAC from interfering with it.
– If on Linux, they can figure it out themselves
– Go to settings by clicking the 3 dots next to ID number
– Go to Network and have them type in the ID Server address
– This will require elevated permissions to do this
– The ID server in my case is something.something.com, but please input what you have setup
– Everything can be blank for now
– Go to security settings and make sure to ENABLE remote configuration modification.
– This is important so you can change settings on the application itself.
– Have the client tell you what their ID number is, and the one time password to remote into the system.
– Once that is achieved, go ahead ahead and use a permanent password, set up 2FA (optional) and enter the server public key for encryption
With RustDesk client installed, you can verify that it is connecting to your relay server if the bottom of the window says “ready”
Use the above install info to install on another computer you want to remote to.
Once that is all done and it works…you are good!
Here is a few other things I have done. Totally optional, but this is just my preferences.
– I have my own FQDN. I use that instead of the duckDNS.org one since it doesn’t look pretty. This is easily achievable by creating a CNAME that points to the subdomain of duckDNS.org.
– I use Cloudflare as my DNS record holder, but make sure to TURN OFF proxy for the DNS subdomain. For some reason, the proxied data does not carry over to the hbbs container in the VPS. But an unproxied connection works fine.
– In my linux instance I did an APT INSTALL MC since I wanted to use Midnight Commander to look through the server in a semi GUI fashion. Totally not necessary (especially if you like to use the ls command), but I was thinking why not?
– Another thing to keep in mind is that Oracle can reclaim idle resources back when you are on the always free tier. This does not apply if you have a card on file and do the “Pay As You Go” model. The PAYG allows you to avoid this issue, and if you don’t go past your free limits (you probably won’t), you won’t get charged.
– However if you do not want to give out your card, you can follow this link to generate load on your VM instance so it won’t show idle.
Apple refreshes their security support document regarding smishing attacks for iPhone and iPad users
Apple has updated its security support document to help iPhone, iPad, and Mac users recognize and avoid social engineering schemes such as phishing messages and fake support calls. This update comes in response to reports of “smishing” attacks targeting Apple IDs, where users receive SMS messages attempting to steal their Apple ID credentials via a fake iCloud website.
Key guidelines from Apple include:
– Ignore suspicious messages and links.
– Apple will never ask for Apple ID passwords, verification codes, or request users to log into a website, disable security features, or use Apple Gift Cards for payments.
– Always contact Apple directly through official channels for support.
– Protect your Apple ID by using two-factor authentication and keeping contact information secure.
– Only download software from trusted sources.
– Avoid following links or opening attachments in unsolicited messages and do not respond to suspicious phone calls or messages claiming to be from Apple.
Apple emphasizes vigilance against scammers who use scare tactics to create urgency and seek login information and security codes. Users should avoid downloading unrecognized software and follow Apple’s advice on spotting and reporting suspicious activities.
Telegram Combolists and 361M Email Addresses
Looks like in HIBP (Have I Been Pwned) released a new notice that 122GB of user data (emails, passwords and associated websites) have been released via Telegram channel.
Basically use DIFFERENT passwords for every websites that you have an account on, and turn on multi factor authentication on websites if you have not already. Barring that, keep your eye out for any odd activity.
https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/
Okta releases info that they have seen an uptick in credential stuffing
Authentication service Okta is warning about the “unprecedented scale” of an ongoing campaign that routes fraudulent login requests through the mobile devices and browsers of everyday users in an attempt to conceal the malicious behavior.
I’m not too surprised that this happening. Combined with the fact most average users reuse passwords on various websites, this is definitely not a good thing.
UTM – an open source emulation software for Apple Silicon Macs
Well I stumbled on something interesting when I was trying to virtualize Windows Server 2019 on MacOS Sonoma 14.4.1: I completely forgot that it only runs on x86-x64 architecture and my simple mind forgot that I can run only ARM64 compatible OSes in Vmware Fusion. (shout out to the free player Vmware provides for us to use to play around with these things!)
Basically the reason for doing this was so I can learn and teach myself the ins and outs of Active Directory so I can put it in my home lab homework history.
Anyways I stumbled upon a software application called UTM: specifically made for MacOS and it allows EMULATION, which means I can run any OS architecture, albeit at a penalized state (aka not optimized). Apparently running with multiple cores would help speed up things, especially on my M2 based ARM64 processor.
The link is here: https://tcsfiles.blob.core.windows.net/documents/AIST3720Notes/WindowsServeronanM1Mac.html
Currently in Vmware Fusion I have Ubuntu 22.04 LTS and Windows 11 virtual machines sitting in the library, and while I am posting this getting UTM to install Windows Server 2019 and Kali Linux 2023. If there is a computer “issue”, there is usually a computer solution.
On the home network I have a separate hardware device running video transcodes in the form of a small form factor HP (HP ProDesk 400 G5 Desktop Mini i5-9500T 8GB DDR4) using Ubuntu 22.04 LTS and another NAS appliance running UnRaid (Intel Xeon CPU E31220 @ 3.10GHz with 15 SATA connections, 16GB DDR3 Single-bit ECC), which also hosts 18 Docker containers. Trying to figure out how to build out a Pi-hole/OpnSense device to supplement the built in firewall from the TP-Link Archer BE550. All configurations and ideas mostly came from serverbuilds.net.
Backblaze Network Stats
I usually read the Blackblaze Hard Drive Data stats on the blogs on the website, since I find the information useful and informative when it comes to buying hard drives for my personal NAS (network attached storage box) and I want to make sure the drives stay good and healthy for a long while (value aspect). I also look at https://shucks.top/ – great place to find cheaper per TB external drives that one can “shuck” to remove the drive out. While the aspect of removing drives from the casing can be a bit unnerving, it gets easier as one keeps on doing it. I actually got the idea from another Backblaze blog when the team over there had to resort to such measures when there was a hard drive shortage due to the floods in Thailand that one year, causing a surge in pricing since supplies where constrained.
Anyway, the new blog post I saw was from here: https://www.backblaze.com/blog/backblaze-network-stats/ – pretty good newbie guide for the masses to understand how Backblaze operates and what kind of connectivity they would like for their services.
P.S. – I am looking at probably changing up the simply layout of this website to start to segregate the blog posts. Might have more posts coming down the line and it is probably a good idea to segment the hobby of DJing and the professional side of IT related content on this website.
Another day, another data breach
Looks like PCWorld posted about an article about another data dump of user emails and passwords. Having this in hand, a nefarious actor can use this in a credential stuffing attack, just randomly using the combination of an email and using the password associated with it.
This is why it is best practice to have AT LEAST different passwords for every account you create online. Usually stored in a password manager like 1Password, Apple’s iCloud Keychain, or even Chrome or Firefox. Keep in mind your “eggs in one basket” is just as protected as the main password on the basket.
If an online account offers 2FA (or multi-factor authentication), use it. There is a huge push for passkeys, which use biometrics to confirm your identity. Most Android and Apple devices will allow you to sign up for them using the sensors built into the device.
More information about this latest data dump can be found here:
In addition to using haveibeenpwnd? website to identify if you have leaked PI (personal information) on the Internet, you can also use this search from CyberNews: https://cybernews.com/personal-data-leak-check/
Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller on Ubuntu 22.04.3 LTS
*Disclaimer* – While I got this all working in the end, it was a bit of trial and error to figure out exactly what to do. Did my research on a few forum posts and reading out the solutions. But some of it didn’t apply to the situation I was in. If you are like me and had r8168-dkms working previously, and pulled in a new update for Ubuntu 22.04 LTS, give the builtin driver r8169 a try. This advice would apply to Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller, it might also apply to other Realtek NICs, but I cannot verify if it would work on others or not.
Also this advice ASSUMES you are slightly comfortable with using terminal on Linux, via local machine or remote SSH. [[email protected]]
I believe it all started when I updated the main Ubuntu 22.04 to 22.04.2, I went searching through the internet to see why my Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller was no longer connecting to the wired network. This was a big deal to me because the system I was running this on was a headless server (thankfully still in the house) that I was trying to figure out why I could not remote SSH into it. (I also have AnyDesk installed on the operating system, for when I was lazy and didn’t get too familiar with terminal yet). Thankfully the WiFi NIC was still operable, so I was connecting a very small 5” monitor (https://www.amazon.com/gp/product/B07B8JNKT3?ie=UTF8&th=1) to the system, along with a keyboard and mouse to see what the heck was going on.
From what I was seeing online, it looks like the r8169 NIC driver (that comes default with the Ubuntu install) was not functioning correctly and I needed to run r8168-dkms on it, disabling the default driver. From what I could ascertain in the current situation, r8169 could not enable the Gigabit Ethernet NIC, so following the Debian commands for installing such a thing from the Linux repository “apt”:
sudo apt update
sudo apt install r8168-dkms
After running that command and sending off a “sudo reboot now” command in console to make sure that the configuration stays intact after a reboot, I saw it worked well and the connection was stable after a few hours.
I bring this all up because TODAY I decided to restart the server (again with a remote SSH terminal session) after pulling in new updates for Ubuntu using apt update and apt upgrade. My connection was closed by host, but it wasn’t coming back. Thinking the server froze up or some other issue, I force restarted it at the power button on the unit itself. SSH still wasn’t working. So I pulled up my trusty 5” monitor, keyboard and mouse and locally attached it all to see what was going on. Same issue as before, missing Ethernet connection from the status bar (top right) and from the settings menu. Again WiFi was still working, so I connected that to my guest WiFi in my place and started working on updating the Ethernet NIC driver.
Played the “search the Internet game for an answer”, I had a hunch that the r8168 driver wasn’t working correctly and decided to give the stock (built-in) Realtek r8169 driver a chance. In order for me to re-enable r8169, I had to purge and remove dependent packages and configurations like so:
sudo apt remove r8168-dkms
sudo apt remove — auto-remove r8168-dkms
sudo apt purge r8168-dkms
sudo apt purge — auto-remove r8168-dkms
Interestingly enough after a reboot, it didn’t automatically fix it after removing the r8168-dkms, so after poking around some more I put in two more commands:
rmmod r8169
sudo modprobe r8169
After typing in the last command, the server was able to recognize the Ethernet controller and immediately connected back to the wired network! Once I verified the connection was up and active, I disabled the WiFi once again on the machine to solely connect to the network through the Ethernet port.
P.S. – I did the command lspci in terminal to list out the hardware to verify exactly what make and model the Ethernet Controller was. By doing so I was able to use that info while searching around the Internet to figure out what the issue was in the first place.
This is all running on a HP ProDesk 400 G5 Desktop Mini i5-9500T.
Website sources I used mainly to try to figure out what the heck to do:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1876593