AT&T – Jupiter Broadcasting

Security experts at ESET have released the final two parts of their new research into the operations of the notorious Sednit hacking group.
The Sednit gang, also known as APT28, Fancy Bear, Pawn Storm and Sofacy, are highly experienced, and have been engaged in criminal activity since at least 2004. They have developed sophisticated attacks that bypass the typical network security at compromised organizations.
In parts two and three of their research, entitled En Route with Sednit: Observing the Comings and Goings and En Route with Sednit: A Mysterious Downloader respectively ESET’s threat analysts have taken a closer look at the software used by Sednit to spy on its targets and steal confidential information.
Sednit’s espionage toolkit is only deployed on targets deemed interesting to the hacking group after a period of reconnaissance.
The toolkit has three main components, made up of two spying backdoors (SEDRECO and XAGENT), and a network tool named XTUNNEL.
“Deploying both spying backdoors at the same time allows them to remain in contact if one of them becomes detected.”
Once in place, the SEDRECO backdoor trojan provides its remote operators with a variety of functions – including the ability to read and write files, turn on keylogging to furtively capture a user’s keypresses (and no doubt passwords), scour the victim computer’s hard drives and map network resources.
ESET’s research has further discovered that SEDRECO contains the capability to run external plugins, downloaded and executed as requested by a command-and-control (C&C) server under the hackers’ control.
A SEDRECO plugin identified by the researchers was found to share code with a module used by XAGENT, the other backdoor utilized by the Sednit gang.
XAGENT can exfiltrate information from compromised computers via HTTP and email, working alongside other components in the toolkit including USBSTEALER, which attempts to steal data from air-gapped computers.
During their investigations, ESET researchers were able to retrieve the complete Xagent source code intended to work under GNU/Linux operating system.
Although versions of XAGENT have been seen for Windows, Linux and iOS, ESET’s team of researchers believe that it would be surprising if there has not also been a version of XAGENT created for other operating systems, including Android.
The well-designed XAGENT malware is comprised of a series of modules providing varying functionalities, and the samples examined by ESET’s researchers indicate that the Sednit hacking gang adapts each attack for specific targets. This also, of course, avoids the risk of exposing all of XAGENT’s code to security researchers.
XTUNNEL, the network proxy tool used by the Sednit group to relay network traffic between a C&C server on the internet and infected computers on their local networks.
The researchers say that significant resources have been put into the development of XTUNNEL, SEDRECO and XAGENT, as they describe in En Route with Sednit: Observing the Comings and Goings:
“In order to perform its espionage activities, the Sednit group mainly relies on two backdoors, Xagent and Sedreco, which were intensively developed over the past years. Similarly, notable effort has been invested into Xtunnel, in order to pivot in a stealthy way. Overall, these three applications should be a primary focus to anyone wanting to understand and detect the Sednit group’s activities.”
The final focus of ESET researchers’ deep dive in the Sednit group is a special downloader called DOWNDELPH.
DOWNDELPH, which gets its name from being written in the Delphi programming language, is used in hacks orchestrated by the Sednit group to deploy the previously mentioned XAGENT and SEDRECO onto infected computers.
Once in place, DOWNDELPH downloads a configuration file from the internet, and fetches payloads from a series of command & control (C&C) servers.
The use of rootkit/bootkit technology to hide the activities of the Sednit group and the small number of deployments suggests one thing: this group of attackers wanted to do everything they could to avoid being noticed.

The chinese manufacturer vows to recall IoT devices used in attack

“A Chinese electronics firm pegged by experts as responsible for making many of the components leveraged in last week’s massive attack that disrupted Twitter and dozens of popular Web sites has vowed to recall some of its vulnerable products, even as it threatened legal action against this publication and others for allegedly tarnishing the company’s brand.”
How effective a recall will be is hard to say, since most of the devices were sold rebranded by other companies, not by the manufacturer directly
The major flaw with these devices is that the passwords that allow access via SSH cannot be changed, and their presence is not even visible from the web interface that most users are expected to use.
“I interviewed researchers at Flashpoint who discovered that one of the default passwords sought by machines infected with Mirai — username: root and password: xc3511 — is embedded in a broad array of white-labeled DVR and IP camera electronics boards made by a Chinese company called XiongMai Technologies. These components are sold downstream to vendors who then use them in their own products.”
“The scary part about IoT products that include XiongMai’s various electronics components, Flashpoint found, was that while users could change the default credentials in the devices’ Web-based administration panel, the password is hardcoded into the device firmware and the tools needed to disable it aren’t present.”
“Mirai is a huge disaster for the Internet of Things,” the manufacturer said in a separate statement emailed to journalists. “XM have to admit that our products also suffered from hacker’s break-in and illegal use.”
“At the same time, the Chinese electronics firm said that in September 2015 it issued a firmware fix for vulnerable devices, and that XiongMai hardware shipped after that date should not by default be vulnerable.”
“Since then, XM has set the device default Telnet off to avoid the hackers to connect,” the company said. “In other words, this problem is absent at the moment for our devices after Sep 2015, as Hacker cannot use the Telnet to access our devices.”
Additional Coverage:
In the meantime, it raises questions about how consumers can try to protect themselves
Senator Prods Federal Agencies on IoT Mess
“The co-founder of the newly launched Senate Cybersecurity Caucus is pushing federal agencies for possible solutions and responses to the security threat from insecure “Internet of Things” (IoT) devices, such as the network of hacked security cameras and digital video recorders that were reportedly used to help bring about last Friday’s major Internet outages.”
“In letters to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS), Virginia Senator Mark Warner (D) called the proliferation of insecure IoT devices a threat to resiliency of the Internet.”
“Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support,” Warner wrote to the agencies. “And buyers seem unable to make informed decisions between products based on their competing security features, in part because there are no clear metrics.”
“Because the producers of these insecure IoT devices currently are insulated from any standards requirements, market feedback, or liability concerns, I am deeply concerned that we are witnessing a ‘tragedy of the commons’ threat to the continued functioning of the internet, as the security so vital to all internet users remains the responsibility of none. Further, buyers have little recourse when, despite their best efforts, security failures occur”
Then some serious questions are raised, about interference with traffic
“In the FCC’s Open Internet Order, the Commission suggested that ISPs could take such steps only when addressing ‘traffic that constitutes a denial-of-service attack on specific network infrastructure elements,’” Warner wrote in his missive to the FCC. “Is it your agency’s opinion that the Mirai attack has targeted ‘specific network infrastructure elements’ to warrant a response from ISPs?”
“I have been asked by several reporters over the past few days whether I think government has a role to play in fixing the IoT mess. Personally, I do not believe there has ever been a technology challenge that was best served by additional government regulation.”
“However, I do believe that the credible threat of government regulation is very often what’s needed to spur the hi-tech industry into meaningful action and self-regulation. And that process usually starts with inquiries like these. So, here’s hoping more lawmakers in Congress can get up to speed quickly on this vitally important issue.”
Quote I saw on twitter the other day: “In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.”

Feedback:

Round Up

The post Nuclear IoT Toaster | TechSNAP 291 first appeared on Jupiter Broadcasting.

One NAT to Rule Them | LINUX Unplugged 153

chris — Tue, 12 Jul 2016 20:33:48 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Chris discovers he’s being snooped on by his ISP, we discuss some Linux friendly solutions solve the situation. Is Linux Mint 18 really the best Linux distro every? Or should Ubuntu 16.04 be getting more of the credit?

Plus our chat with a Matrix.org developer, Solus goes rolling, Unity on Windows & building a long-term financially sustainable open source product.

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Linux Mint 18: The best desktop — period | ZDNet

I’ve been using Linux desktops since the leading desktop front-end was Bash. Things have changed in those 25 years. Today, the best Linux desktop is the latest version of Linux Mint: Linux Mint 18 Sarah with the Cinnamon 3.0 interface.

Linux Mint 18 reviews roundup | InfoWorld

Latest Vivaldi Browser Snapshot Improves Tab Hibernation on GNU/Linux Distros

“Good news for Linux users! You can now hibernate tabs while the browser is running,” said Magnus Peter Langeland. “Choose Hibernate Tab to hibernate the selected tab or Hibernate Background Tabs to hibernate all other tabs in the window. Oh and remember, you cannot hibernate a tab while you are viewing its contents.”

ICSI Netalyzr — Command-line Client

Debug your Internet.

Any good Linux friendly VPN providers?

3G and 4G LTE Cell Coverage Map – OpenSignal

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

You Can Now Run Ubuntu Linux with the Unity Desktop on Top of Windows 10 – Updated

After doing all sorts of tricks in the CompizConfig Settings Manager (CSSM) GUI configuration tool for Compiz, and using a combination of VcXsrv and XLaunch, two applications for configuring and setting up a Windows X server, he has managed to run Ubuntu 14.04.4 LTS with the Unity desktop environment on top of Windows 10.

Linux’s AV Stack Adding Awesome Features

Beamforming in PulseAudio | Arun Raghavan

Beamforming as a concept is used in various aspects of signal processing including radio waves, but I’m going to be talking about it only as applied to audio. The basic idea is that if you have a number of microphones (a mic array) in some known arrangement, it is possible to “point” or steer the array in a particular direction, so sounds coming from that direction are made louder, while sounds from other directions are rendered softer (attenuated).

Practically speaking, it should be easy to see the value of this on a laptop, for example, where you might want to focus a mic array to point in front of the laptop, where the user probably is, and suppress sounds that might be coming from other locations. You can see an example of this in the webcam below. Notice the grilles on either side of the camera — there is a microphone behind each of these.

Introducing GStreamer VR Plug-ins and SPHVR – Lubosz’s Blog

Pronounced sphere, SPHVR is a python video player using gst-plugins-vr. Currently it is capable of opening a URL of an equirectangular mapped spherical video.

CopperheadOS – Secure Android

CopperheadOS currently supports the Nexus 5, Nexus 9, Nexus 5X and Nexus 6P.

TING

Ting – mobile that makes sense

Nylas N1

Nylas Pro

But right now, Nylas N1 is also free as in free beer, and that’s a problem. Due to its popularity, the API traffic for N1 users has dramatically eclipsed the combined volume of all other apps built on the Nylas Cloud APIs. We already sync several hundred terabytes of data for our users and are adding tens of thousands of new users each month. It’s costing us real dollars.

Does anyone here use Nylas?

Dekko Is Shaping Up Nicely for Desktop Convergence

Dekko developer Dan Chapman shared some images of a new, converged Dekko for the desktop on Google+, under the title “An all new Dekko is coming!”.

Linux Academy

Linux Academy | Linux and AWS Online Training

What’s Going on with Matrix.org?

Ruma – A Matrix homeserver written in Rust.

Matrix is an open specification for an online communication protocol. It includes all the features you’d expect from a modern chat platform including instant messaging, group chats, audio and video calls, searchable message history, synchronization across all your devices, and end-to-end encryption. Matrix is federated, so no single company controls the system or your data. You can use an existing server you trust or run your own, and the servers synchronize messages seamlessly. Learn more in the Introduction to Matrix.

Say Hello To Vector! — Medium

This week, we’re officially launching Vector, a forward-looking open source collaboration app, and the very first production-ready application built on top of the Matrix open standard. In fact Vector Web has been around for a bit, growing and being polished with the help of a passionate community of pioneers and they’ve done a great job of supporting us with useful feedback! And now the mobile apps are out! So today Vector is ready to be shared more widely as a proper beta.

Interview with Matrix Dev

Support Jupiter Broadcasting on Patreon

The post One NAT to Rule Them | LINUX Unplugged 153 first appeared on Jupiter Broadcasting.

Windows Exploit Edition | TechSNAP 274

chris — Thu, 07 Jul 2016 19:21:02 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

On this weeks episode we cover a UEFI firmware bug that is affecting computers including ThinkPads, tell you how your windows box can be totally pwned even if it’s fully encrypted & talk about the shortcomings of the MD5 checksum. Plus the feedback, the roundup & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

ThinkPwn, Lenovo and possible other vendors vulnerable to UEFI bug

“This code exploits 0day privileges escalation vulnerability (or backdoor?) in SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware. Vulnerability is present in all of the ThinkPad series laptops, the oldest one that I have checked is X220 and the neweset one is T450s (with latest firmware versions available at this moment). Running of arbitrary System Management Mode code allows attacker to disable flash write protection and infect platform firmware, disable Secure Boot, bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise and do others evil things.”
an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode
“Vulnerable code of SystemSmmRuntimeRt UEFI driver was copy-pasted by Lenovo from Intel reference code for 8-series chipsets.”
“Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability’s presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code”
Lenovo Advisory
The vulnerable code has also been found in HP Pavilion Laptops, some Gigabyte Motherboards (Z68, Z77, Z87, Z97), Fujitsu, and Dell.
Exploring and exploiting Lenovo firmware secrets
ThinkPWN, proof of concept exploit

From zero to SYSTEM on a fully encrypted Windows machine

“Whether you want to protect the operating system components or your personal files, a Full Disk Encryption (FDE) solution allows you to keep track of the confidentiality and integrity. One of the most commonly used FDE solutions is Microsoft Bitlocker®, which due to its integration with the Trusted Platform Module (TPM) as well as the Active Directory environment makes it both user-friendly and manageable in a corporate environment.
When the system is protected with a FDE solution, without a pre-boot password, the login or lock screen makes sure attackers with physical access are not able to gain access to the system.”
“In this post we will explain how an attacker with physical access to an active directory integrated system (e.g. through stealing) is able to bypass the login or lock screen, obtain a clear-text version of the user’s password and elevate his privileges to that of a local administrator or SYSTEM. This can be accomplished via two security vulnerabilities which affects all Windows versions (from Vista to 10) and abusing a standard “security” feature.”
“These two vulnerabilities, discovered with the help of my colleague Tom Gilis were reported to Microsoft however only one vulnerability is patched at the time of writing CVE-2016-0049 / MS16-014.
“The other one, which allows you to elevate your privileges to that of a local administrator or SYSTEM is still under investigation by Microsoft and is not yet disclosed here.”
Acknowledgement by Microsoft
Since the time of this post, the patch has been released. It turns out, it is MS16-072
You might remember MS16-072 from TechSNAP #272 as the Windows Update that broke Group Policies!
“Step 1 – Hibernation – Your friendly neighbourhood password dumper”
“Speaking for myself, and probably a lot of other users, shutting down a laptop has become a thing of the past. In order to be able to rapidly start using your system when travelling from one place to another, we put it into sleep (or hibernation) mode, essentially putting all processes on hold to be easily resumed when needed. Although in order to resume your session after sleep or hibernation, you’ll have to enter your password on the lock screen (or at least I hope so), the system has your password stored somewhere in memory in order to resume the different processes. We want the system to dump the contents of the memory on disk so we can recover it later. Hibernation is there to the rescue, but we need to be able to force the system into hibernation, creating the HIBERFIL.SYS.”
“Luckily, the default configuration of a laptop running Windows depicts going into hibernation if the battery hits a critical low. This feature, by default at set 5%, ensures you don’t lose any unsaved documents when your battery dies. Once we force the laptop into hibernation mode we reboot it and move to the next step”
“Step 2 – Bypassing the login or lock screen”
“If the computer is a member of an AD Domain, and the user has logged in on this machine before, so their password is cached locally, all an attacker needed to do is create a rogue Kerberos server with the targets user account’s password set to a value of choice and indicated as expired. Upon login attempt, Windows would then prompt the user to change the password before continuing”
“Once the password change procedure is completed, the cached credentials on the machine are updated with the new password set by the attacker. Because the system is not able to establish a secure connection, the password is not updated on the Kerberos server but still allows the attacker to login when the system no longer has an active network connection (using the cached credentials)”
So, since the attacker set the new password on the Domain Controller (not really, but the computer things they did), they know this password, and when they attempt to login with it, and windows cannot reach the domain controller, it uses this locally cached password, and allows them to login
“Although the authentication has been bypassed, we still only have the (limited) privileges of the victim’s account (taking into consideration this is not an local administrator). This is where the next step comes in, in which we explain how you can obtain full local administrative privileges just by using standard Windows functionalities and thus not relying on any vulnerable installed software.”
“Step 3 – Privilege escalation to SYSTEM”
“We know that the trust between the client and Domain Controller (DC) is not always properly validated, we have a working Active Directory set-up and we have a working rogue DC. The question is are there any other Windows functionality that is failing to properly validate the trust?”
“How about Group Policies? It works on all supported Windows versions. There is no need for any additional (vulnerable) software. No specific configuration requirements”
“There are 2 types of Group Policy Objects (GPO), Computer Configuration and User Configuration Policies.”
“Computer Configuration Policies are applied before logon, the machine account is used to authenticated to the DC in order to retrieve the policies and finally all policies are executed with SYSTEM privileges. Since we don’t know the machine account password using Computer Configuration Policies is not an option.”
“User Configuration Policies are applied after a user is logged in, user’s account is used to authenticated to the DC to retrieved the User Configuration Policies and the policies are either executed as the current logged-on user or as SYSTEM.”
“Now this last type of Policy is interesting because we know the password of the user as we reset it to our likings.”
“Let’s create a Scheduled Task GPO that will execute NetCat as SYSTEM and finally will connect to the listening NetCat service as a the current user.”
On Windows 7, Immediately game over, you own the system
“Windows 7 fails to validate if the DC from where the Group Policies are being applied is indeed a trusted DC. It is assumed that the user credentials are sufficient to acknowledge the trust relationship. In this attack all encrypted traffic remains intact and doesn’t require any modification whatsoever.”
On Windows 10, it didn’t work right out of the box
It turns out, the Rouge DC needs to have a user object matching the SID of the user that is logging in. Luckily, with Mimikatz, you can edit the SID of the user on the Rouge DC to make it match
Additional Coverage: Part 2
Slides
So, Microsoft has patched both of these vulnerabilities, and we are all safe again, right?
“Bypassing patch MS16-014: Yes, you’ve read it right! There is still a way to bypass the Windows Login screen and bypass Authentication More details will be released soon!”
The author has not released the details yet, as they are waiting on Microsoft to release another patch

The MD5 collision is here

“A while ago a lot of people visited my site (~ 90,000 ) with a post about how easy it is to make two images with same MD5 by using a chosen prefix collision. I used Marc Steven’s HashClash on AWS and estimated the the cost of around $0.65 per collision.”
“Given the level of interest I expected to see cool MD5 collisions popping up all over the place. Possibly it was enough for most people to know it can be done quite easily and cheaply but also I may have missed out enough details in my original post”
A 2014 blog post showed how to create two php scripts with the same MD5
An early 2015 blog post showed two JPGs with the same MD5
So, this version of the tools was able to make two different .jpg images, that had the same MD5 checksum, but different contents, while still being perfectly valid JPG images
The post included instructions and an Amazon AWS images to do the number crunching
That a later follow up post on how to do the same thing with executable files
Same Binaries Blog Post
This example shows a C binary that prints an Angel if a condition is true, and a Devil if it is false
It contains a bunch of filler that can be changed to make the hashes the same in a second version of the file, where the condition is false. The end result is a pair of binaries, with the same MD5 hash, but different output
Using this same technique, Casey Smith (@subtee) managed to make an Angel.exe that is a copy if mimikatz, a windows password dumping utility, and a devil.exe that just says ‘nothing to see here’
Demo of the attack
This means all I need to do is run this tool against my malware, and say, regedit.exe that is on the whitelist in Windows, and now I have a malware binary that will be trusted

Feedback:

Round Up:

The post Windows Exploit Edition | TechSNAP 274 first appeared on Jupiter Broadcasting.

Wolf in Hipster Clothing | TTT 229

chris — Tue, 12 Jan 2016 12:00:57 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The worst & best from CES in our estimation, the Valve backed HTC Vive VR gets ready for pre-order & T-Mobile’s CEO binges on the EFF.

Plus Netflix’s global expansion is astonishing, account sharing is cool & the secret of the codes.

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

Kickstarter of the Week:

PACE lid. Be prepared for whatever life throws your way. by Chris Way

The post Wolf in Hipster Clothing | TTT 229 first appeared on Jupiter Broadcasting.

Conspiracy Trackpad | TTT 208

chris — Thu, 27 Aug 2015 09:57:39 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

AT&T gets caught injecting ads into wifi, YouTube Gaming launches & the way the GCHQ obliterated the Guardian’s laptops may have revealed more than it intended.

Plus the real dirty secret behind Ashley Madison & more!

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

The post Conspiracy Trackpad | TTT 208 first appeared on Jupiter Broadcasting.

Open-source Market Penetration | Tech Talk Today 127

chris — Wed, 04 Feb 2015 11:12:10 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The FCC Chairman makes it clear, he plans to push for Title II classification of the Internet. Is Net Neutrality going to save us all? We’ll debate & discuss the mounting counter battle.

Plus Valve is about to reveal their openGL replacement & we take a look at an open source device that’s NSFW.

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

FCC Chairman Tom Wheeler: This Is How We Will Ensure Net Neutrality

After more than a decade of debate and a record-setting proceeding that attracted nearly 4 million public comments, the time to settle the Net Neutrality question has arrived. This week, I will circulate to the members of the Federal Communications Commission (FCC) proposed new rules to preserve the internet as an open platform for innovation and free expression. This proposal is rooted in long-standing regulatory principles, marketplace experience, and public input received over the last several months.

Broadband network operators have an understandable motivation to manage their network to maximize their business interests. But their actions may not always be optimal for network users. The Congress gave the FCC broad authority to update its rules to reflect changes in technology and marketplace behavior in a way that protects consumers. Over the years, the Commission has used this authority to the public’s great benefit.

AT&T previews lawsuit it plans to file against FCC over net neutrality | Ars Technica

AT&T seems resigned to the near-certainty that the Federal Communications Commission will reclassify broadband as a common carrier service in order to enforce net neutrality rules. But it isn’t going to let the decision stand without a legal challenge, and the company is already telling the world what it’s going to argue in court.

“I have no illusions that any of this will change what happens on February 26,” when the FCC is expected to vote, AT&T Federal Regulatory VP Hank Hultquist wrote in a blog post yesterday. “But when the FCC has to defend reclassification before an appellate court, it will have to grapple with these and other arguments. Those who oppose efforts at compromise because they assume Title II rests on bullet proof legal theories are only deceiving themselves.”

Toshiba releases super-secure Encrypted USB Flash Drive with hardware-based encryption

“Available in 4GB ($95), 8GB ($112), 16GB ($140) and 32GB ($200) capacities, the Toshiba Encrypted USB Flash Drive uses a built-in mini-keyboard to authenticate access, incorporating a rechargeable battery so the user can enter a secure code before plugging into a USB port. Users simply enter their secure PIN and plug the drive into any USB 2.0 port on a compatible device. Once access is granted, the drive ‘unlocks’ the media, permitting clearance to all of the content stored on the drive. When the drive is removed from a USB port, the drive automatically re-locks and encrypts the stored media”, says Toshiba.

Serious bug in fully patched Internet Explorer puts user credentials at risk | Ars Technica

A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users’ browsing sessions. Microsoft officials said they’re working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1.

The vulnerability is known as a universal cross-site scripting (XSS) bug. It allows attackers to bypass the same origin policy, a crucially important principle in Web application models that prevents one site from accessing or modifying browser cookies or other content set by any other site. A proof-of-concept exploit published in the past few days shows how websites can violate this rule when people use supported versions of Internet Explorer running the latest patches to visit maliciously crafted pages.

glNext: The Future of High Performance Graphics (Presented by Valve)

Join us for the unveiling of Khronos’ glNext initiative, the upcoming cross-platform graphics API designed for modern programming techniques and processors. glNext will be the singular choice for developers who demand peak performance in their applications. We will present a technical breakdown of the API, advanced techniques and live demos of real-world applications running on glNext drivers and hardware.

KICKSTARTER OF THE WEEK: The Mod – Multivibrating Open-Source Dildo | Indiegogo

The Mod is a great vibrator. It’s made from 100% silicone.
Its three powerful motors create amazing sensations, ranging from a lovely low
frequency rumble to patterns that move up and down the shaft. It is USB rechargeable,
and its built in buttons make it easy to control vibration patterns and
intensities.

The post Open-source Market Penetration | Tech Talk Today 127 first appeared on Jupiter Broadcasting.

Support Your Tor | Tech Talk Today 93

chris — Tue, 18 Nov 2014 10:33:07 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

A Uber exec is caught plotting against journalists, TOR considers crowdfunding after a rough 15-months & the FCC calls AT&T’s Net Neutrality bluff.

Plus our Kickstarter of the week & more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Uber Executive Suggests Digging Up Dirt On Journalists

A senior executive at Uber suggested that the company should consider hiring a team of opposition researchers to dig up dirt on its critics in the media — and specifically to spread details of the personal life of a female journalist who has criticized the company.

The executive, Emil Michael, made the comments in a conversation he later said he believed was off the record. In a statement through Uber Monday evening, he said he regretted them and that they didn’t reflect his or the company’s views.

Michael, who Kalanick described as “one of the top deal guys in the Valley” when he joined the company, is a charismatic and well-regarded figure who came to Uber from Klout. He also sits on a board that advises the Department of Defense.

Over dinner, he outlined the notion of spending “a million dollars” to hire four top opposition researchers and four journalists. That team could, he said, help Uber fight back against the press — they’d look into “your personal lives, your families,” and give the media a taste of its own medicine.

In a statement through an Uber spokeswoman, Michael said: “The remarks attributed to me at a private dinner — borne out of frustration during an informal debate over what I feel is sensationalistic media coverage of the company I am proud to work for — do not reflect my actual views and have no relation to the company’s views or approach. They were wrong no matter the circumstance and I regret them.”

The spokeswoman, Nairi Hourdajian, said the company does not do “oppo research” of any sort on journalists, and has never considered doing it. She also said Uber does not consider Lacy’s personal life fair game, or believe that she is responsible for women being sexually assaulted.

FCC calls AT&T’s fiber bluff, demands detailed construction plans | Ars Technica

Two days after AT&T claimed it has to “pause” a 100-city fiber build because of uncertainty over network neutrality rules, the Federal Communications Commission today asked the company to finally detail its vague plans for fiber construction.

Despite making all sorts of bold promises about bringing fiber to customers and claiming its fiber construction is contingent on the government giving it what it wants, AT&T has never detailed its exact fiber plans. For one thing, AT&T never promised to build in all of the 100 cities and towns it named as potential fiber spots. The company would only build in cities and towns where local leaders gave AT&T whatever it wanted. In all likelihood, only a small portion of the 100 municipalities were likely to get fiber, and nobody knows which ones.

Today, the FCC challenged AT&T to finally reveal some facts about its fiber plans in a letter to AT&T Senior VP Robert Quinn.

Ferris asked Quinn for a response by November 21. AT&T told Re/code that it is “happy to respond to the questions posed by the FCC in its review of our merger with DirecTV. As we made clear earlier this week, we remain committed to our DirecTV merger-related build-out plans.”

Tor eyes crowdfunding campaign to upgrade its hidden services

The Tor Project is currently considering a crowdfunding campaign to overhaul the network’s anonymous websites after years of design and security criticisms, Tor executive director Andrew Lewman told the Daily Dot.

In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened.

The details of such a campaign have yet to be revealed.

Hush | The World’s First Smart Earplugs by Hush — Kickstarter

Wireless noise masking earplugs that block out the world while still letting you hear the things that matter most.

The post Support Your Tor | Tech Talk Today 93 first appeared on Jupiter Broadcasting.

The Cost of Unlimited | Tech Talk Today 82

chris — Wed, 29 Oct 2014 09:26:45 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The FBI creates a fake Seattle Times website to trap a bad guy, but does this cross the line? We debate. The FTC goes after AT&T’s claims of “unlimited” data.

Plus more details surface in the NFC payments “war”, Windows 10 “borrows” more features, our kickstarter of the week & more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

FBI created fake Seattle Times Web page to nab bomb-threat suspect

The FBI in Seattle created a fake news story on a bogus Seattle Times web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.

The deception was publicized Monday when Christopher Soghoian, the principal technologist for the American Civil Liberties Union in Washington, D.C., revealed it on Twitter.

The EFF documents reveal that the FBI dummied up a story with an Associated Press byline about the Thurston County bomb threats with an email link “in the style of The Seattle Times,” including details about subscriber and advertiser information.

The link was sent to the suspect’s MySpace account. When the suspect clicked on the link, the hidden FBI software sent his location and Internet Protocol information to the agents. A juvenile suspect was identified and arrested June 14.

The revelation brought a sharp response from the newspaper.

“We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best.

“Not only does that cross a line, it erases it,” she said.

“Our reputation and our ability to do our job as a government watchdog are based on trust. Nothing is more fundamental to that trust than our independence — from law enforcement, from government, from corporations and from all other special interests,” Best said. “The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril.”

MCX Confirms Retailer Exclusivity for CurrentC Mobile Payments, but No Fines for Leaving Consortium

Much of the Apple news in recent days has centered around Apple Pay and what Tim Cook referred to on Monday as a “skirmish” in which several retailers backing a competing mobile payments initiative known as CurrentC have shut down NFC payment functionality in their stores to prevent customer use of Apple Pay, Google Wallet, and other similar services.

Numerous sources have indicated that retailers backing CurrentC are contractually prohibited from accepting alternative forms of mobile payments, and sources told The New York Times that retailers breaking those contracts would “face steep fines.”

Importantly, if a merchant decides to stop working with MCX, there are no fines.

FTC sues AT&T over ‘deceptive’ throttling of unlimited data customers | The Verge

The Federal Trade Commission is suing AT&T because the second-largest US carrier throttles speeds of its unlimited data customers, a policy that the FTC describes as “deceptive” and “unfair.” In a press release, the FTC said AT&T has “misled millions of its smartphone customers” by slowing down their data speeds after they’ve used up a certain amount of data in a single month. AT&T has failed to make its throttling policies clear enough, according to the complaint. “The issue here is simple: ‘unlimited’ means unlimited,” said FTC Chairwoman Edith Ramirez.

Update 11:15 AM PT: AT&T has given a statement to MacRumors in response to the FTC’s “baffling” complaint, stating that the allegations are “baseless” and that it has been “completely transparent” with customers.

“The FTC’s allegations are baseless and have nothing to do with the substance of our network management program. It’s baffling as to why the FTC would choose to take this action against a company that, like all major wireless providers, manages its network resources to provide the best possible service to all customers, and does it in a way that is fully transparent and consistent with the law and our contracts.

“We have been completely transparent with customers since the very beginning. We informed all unlimited data-plan customers via bill notices and a national press release that resulted in nearly 2,000 news stories, well before the program was implemented. In addition, this program has affected only about 3% of our customers, and before any customer is affected, they are also notified by text message.”

Microsoft borrows Mac trackpad gestures for Windows 10 | The Verge

n a keynote speech at TechEd Europe today, Microsoft’s Joe Belfiore demonstrated new trackpad features that will soon be available to Windows 10 testers. “In the past touch pads on Windows have really been done very differently because OEMs do them,” explained Belfiore. Microsoft introduced precision trackpads with the help of Intel in Windows 8 to improve the hardware situation, and now the focus is on gestures in software. “With Windows 10 we’re adding support for power users in a touch pad, where multiple finger gestures — which all of you power users learn — can make you really efficient.”

The new gestures include a three finger swipe down action to minimize all active Windows and three finger swipe up to bring them back. An interesting addition is the ability to use a three finger swipe up gesture to activate the new Task View feature of Windows 10. Not only does Task View look like OS X’s Mission Control (Exposé) feature, the three finger swipe up is the same gesture. Microsoft is also borrowing the three finger swipe left and right to activate switching between apps, something Apple uses to move between fullscreen Mac applications.

Kickstarter of the week: The Undress

The post The Cost of Unlimited | Tech Talk Today 82 first appeared on Jupiter Broadcasting.

AT&T’s Identity Giveaway! | Tech Talk Today 71

chris — Tue, 07 Oct 2014 09:58:41 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

An AT&T insider steals customer info, Samsung’s sales could be slipping by as much as 60% and Yahoo gets bit by Shellshock.

Plus our Kickstarter of the week & much more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

AT&T Hit By Insider Breach | Threatpost | The first stop for security news

AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users. The compromised data includes Social Security numbers and driver’s license numbers.

In a letter sent to the Vermont attorney general, AT&T officials said that the breach occurred in August and that the employee in question also was able to access account information for AT&T customers.

“We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver’s license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization,” said Michael A. Chiarmonte, director of finance billing operations at AT&T, in a letter to the Vermont AG.

The CPNI he referred to in the letter includes data that’s related to the services that consumers buy from the company. Chiarmonte said that the letter that the employee responsible for the breach no longer works for AT&T. It’s not clear from AT&T’s disclosure how many consumers have been affected by the breach or which other states may have citizens who are affected.

As a result of the breach, AT&T is offering affected customers a year of free credit monitoring, as has become customary in these incidents.

Samsung Warns Weak Q3 Earnings – Business Insider

Samsung warned Monday night that its third-quarter earnings will be weaker than expected.

The company said it would report an operating profit of $3.8 billion for the quarter ending in September — a decline of nearly 60 percent from the same time a year earlier. Sales fell to $44 billion, off 20 percent from a year ago. […]

The South Korean electronics giant said that while smartphone shipments increased, its operating margins fell because of higher marketing costs, fewer shipments of high-end phones and a lower average selling price for the devices.

The company said it is responding with a new smartphone lineup that will include new mid-range and low-end devices, which would make Samsung’s products more competitive in markets such as China.

Hackers Compromised Yahoo’s Servers Using Shellshock

The exploits were first discovered by security researcher, Jonathan Hall. Hall pointed to two Yahoo Games servers that had been exploited. After Yahoo was contacted by Security Week it issued the following statement:

A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network. Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.

Plex Launches On Xbox One

The Plex app for Xbox One is a new approach to Plex overall, with a landscape interface that Plex co-founder and Chief Product Officer Scott Olechowski says is admittedly due partly to design requirements set out by the Xbox team, but that also will make its way back to the wider suite of Plex software on other platforms, too.

“[Xbox] certainly kind of encouraged this landscape type scrolling, but the more we used this the more we realized how well it works,” he said. “You’ll see this approach taken in other places. The more we used it, the more we realized it’s more natural. We kind of fell in love with aspects of it, [and] over time we want to have a more consistent experience.”

Report: Microsoft Sells 100,000 Xbox Ones in China

The Xbox One, the first official video game console to launch in China in 14 years, has started its console life in the middle kingdom with a bang! According to Chinese news sources, the Xbox One sold over 100,000 units within the first week of sales.

KICK STATER OF THE WEEK: Granola Strolla – Portable Solar USB charger by Granola Strolla Inc. — Kickstarter

GranolaStrolla is a portable, affordable and easy to use solar charged batterypack able to charge USB devices as fast as a wall charger

The post AT&T's Identity Giveaway! | Tech Talk Today 71 first appeared on Jupiter Broadcasting.

NSA Monster Mash | Tech Talk Today 42

chris — Thu, 14 Aug 2014 09:42:26 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Snowden warns of the NSA’s MonsterMind, a system built to automatically respond to cyber attacks. Google wants to put Now in business and the big improvements coming to LTE.

Plus Microsoft’s CEO gets dunked and more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Google Now for businesses reportedly on the table as HP chases a Google partnership

Google and HP have been discussing an enterprise partnership for the past year with little progress made, according to a new report. Topics have included a “Nexus tablet” with hardware encryption, as well as a version of Google Now for business data.

In fact, the report says that HP had also talked to Apple about a “Siri for enterprise,” which was nixed when the IBM deal was announced.

So Google needs to respond soon or businesses could find themselves locked into the iOS ecosystem before Android has its enterprise act together. HP is a potential partner with connections in the business IT market, and a Google Now for business data would be a feature that Apple couldn’t match. Details of its implementation are unclear at this point, as it’s not an official product, but would center around voice searches for information like financial data or product inventory. This raises several questions about whether Google would need access to data from businesses’ proprietary, private databases.

Meanwhile, HP is working on its own mobile voice search, which it is internally calling “Enterprise Siri.” It’s perhaps not the best sign for a product in development when its codename refers to the rival service it is copying.

HP Wanted To Make A Nexus Phone For Enterprise | Digital Trends

HP reportedly wanted to partner with Google to make a Nexus smartphone specifically aimed at business users. It would have incorporated several business-centric features, such as the ability to add high-end encryption. However, HP encountered internal resistance from Google, in particular from Andy Rubin, who was in charge of Android. Rubin was replaced by Sundar Pichai in March 2013

AT&T will send LTE media broadcasts to your phone in 2015

Verizon may be the first out of the gate with LTE-based media broadcasting in the US, but it won’t be the only game in town. AT&T’s John Stankey has revealed that his carrier will have its own Multicast service sometime in 2015. It’ll first launch in areas where AT&T can start immediately, but it should expand as the provider gets comfortable with both the technology and content partners.

Meet MonsterMind, the NSA Bot That Could Wage Cyberwar Autonomously | Threat Level | WIRED

The NSA whistleblower says the agency is developing a cyber defense system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. The program, called MonsterMind, raises fresh concerns about privacy and the government’s policies around offensive digital attacks.

Snowden tells WIRED in an extensive interview with James Bamford that algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.

Think of it as a digital version of the Star Wars initiative President Reagan proposed in the 1980s.

Snowden suggests MonsterMind could one day be designed to return fire—automatically, without human intervention—against the attacker.

Spotting malicious attacks in the manner Snowden describes would, he says, require the NSA to collect and analyze all network traffic flows in order to design an algorithm that distinguishes normal traffic flow from anomalous, malicious traffic.

“[T]hat means we have to be intercepting all traffic flows,” Snowden told WIRED’s James Bamford. “That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”

MonsterMind sounds much like the Plan X cyberwarfare program run by Darpa. The five-year, $110 million research program has several goals, not the least of which is mapping the entire internet and identifying every node to help the Pentagon spot, and disable, targets if needed. Another goal is building a system that allows the Pentagon to conduct speed-of-light attacks using predetermined and pre-programmed scenarios. Such a system would be able to spot threats and autonomously launch a response, the Washington Post reported two years ago.

It’s not clear if Plan X is MonsterMind or if MonsterMind even exists. The Post noted at the time that Darpa would begin accepting proposals for Plan X that summer. Snowden said MonsterMind was in the works when he left his work as an NSA contractor last year.

Bonus Friday Tech Talk Today w/Special Guest Angela

Microsoft’s CEO Dares Google, Amazon Execs In Ice Bucket Challenge

Today, Microsoft’s CEO Satya Nadella allowed the winning team from his company’s internal hackathon to pour a large amount of chilly dihydrogen monoxide onto his expecting pate.

Then, Nadella challenged Google and Amazon CEOs Larry Page andJeff Bezos to do the same. Bezos, like Nadella, doesn’t keep much on top. Page, on the other hand, has a more natural defense.

The post NSA Monster Mash | Tech Talk Today 42 first appeared on Jupiter Broadcasting.

Microsoft Patents Exposed | Tech Talk Today 9

chris — Mon, 16 Jun 2014 09:29:53 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Finally Microsoft’s patent war chest against Android has been revealed, and we dig in.

Plus Apple, Cisco, and AT&T join Microsoft in a pushback against US government overreach, Steam summer sale rumors, and more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

— Headlines —

Apple, Cisco, AT&T join Microsoft in fight against global search warrant

Apple, Cisco and AT&T all filed amicus curiae briefs on Friday supporting Microsoft in its appeal of a decision requiring it to hand over data about an Irish customer to U.S. law enforcement officials. Verizon filed an amicus brief on Microsoft’s behalf on Tuesday.

In this case, U.S. magistrate judge James Francis IV decided that pursuant to the Stored Communication Act, Microsoft must provide law enforcement officials with the contents of an Irish customer’s email, which is stored on servers located in Dublin, Ireland. Microsoft and its peers argue the warrant defies both the Stored Communications Act and numerous international law constructs, including treaties the United States has in place with other countries — Ireland among them — regarding how to handle requests for data about each others’ citizens.

Chinese gov’t reveals Microsoft’s secret list of Android-killer patents

Microsoft has held to the line that it has loads of patents that are infringed by Google’s Android operating system. “Licensing is the solution,” wrote the company’s head IP honcho in 2011, explaining Microsoft’s decision to sue Barnes & Noble’s Android-powered Nook reader.

For the most part, they’ve remained secret. That’s led to a kind of parlor game where industry observers have speculated about what patents Microsoft might be holding over Android.

A list of hundreds of patents that Microsoft believes entitle it to royalties over Android phones, and perhaps smartphones in general, has been published on a Chinese language website.

The patents Microsoft plans to wield against Android describe a range of technologies.

They include lots of technologies developed at Microsoft, as well as patents that Microsoft acquired by participating in the Rockstar Consortium, which spent $4.5 billion on patents that were auctioned off after the Nortel bankruptcy.

The Chinese agency published two lists on a Chinese-language webpage

The longer list is divided into three sections: 73 patents that are said to be “standard-essential patents,” or SEPs, implemented in smartphones generally, followed by 127 patents that Microsoft says are implemented in Android. The final section includes another section of “non-SEP” assets, which includes 68 patent applications and 42 issued patents.

Many newer and previously unrevealed patents, like 8,255,379 “Customer Local Search,” 5,813,013 “Representing Recurring Events,” and 6,999,047 “Locating and tracking a user in a wireless network through environmentally profiled data.”

Steam Summer Sale – Start Date Leaked!

According to a leaked listing posted on “Neogaf” this year’s Steam Summer Sale will begin on June 19th and end on June 30th leaving most Steam users no more than a week.

Now none of these dates or listings have been confirmed however they do appear to coincide with recent posts on both the Stream’s Developer Network and also fit in with Valve’s International DOTA 2 Championship Schedule, not only that but other Game Sale sites such as “GreenManGaming” and “GOG (Good Old Games)” have started to have massive clear-out sales and bundles

— Security Update —

Massive security flaws allowed for Stratfor hack, leaked report reveals

In December 2011, a group of skilled hackers broke into the network of Strategic Forecasting, Inc. (Stratfor), compromising the personal data of some 860,000 customers, including a former U.S. vice president, CIA director, and secretary of state, among others.
The hackers, known collectively as AntiSec, exfiltrated approximately 60,000 credit card numbers and associated data, resulting in a reported $700,000 in fraudulent charges. Roughly 5 million internal emails were obtained by the hackers and later released by the whistleblower organization WikiLeaks as the “Global Intelligence Files.”

Based on confidential internal documents obtained by the Daily Dot and Motherboard, Stratfor employed substandard cybersecurity prior to the infiltration that left thousands of customers vulnerable to potential identity theft.

According to the documents, Stratfor engaged Verizon Business/Cybertrust to “conduct a forensic investigation” into the breach on Dec. 30, 2011
In a 66-page report filed Feb. 15, 2012, Verizon concludes in painful detail that Stratfor had insufficient control over remote access to vital systems, and that those systems were not protected by a firewall and lacked proper file integrity-monitoring.

For starters, at the time of the attack, no password management policy existed within Stratfor. Passwords were at times shared between employees, and nothing prevented the same passwords from being used on multiple devices.

“Users commonly use the same password to access email as the password to remotely access a system containing sensitive information,” the report states.

According to Verizon, no anti-virus software had been deployed on any of the examined systems, which left Stratfor “wide open to not only the more sophisticated and customized hacker attempts, but also to other viruses.”

Another “significant factor” in the breach was the design of Stratfor’s e-commerce environment, which facilitated the electronic transfer of payments by its customers. According to the report, this system was accessible, needlessly, from anywhere within the company’s network, “as well as the Internet directly.”

UglyGorilla Hack of U.S. Utility Exposes Cyberwar Threat

Somewhere in China, a man typed his user name, “ghost,” and password, “hijack,” and proceeded to rifle the computers of a utility in the Northeastern U.S.

He plucked schematics of its pipelines. He copied security-guard patrol memos. He sought access to systems that regulate the flow of natural gas. He cruised channels where keystrokes could cut off a city’s heat, or make a pipeline explode.

That didn’t appear to be his intention, and neither was economic espionage. While he was one of the Chinese officers the U.S. charged last month with infiltrating computers to steal corporate secrets, this raid was different. The hacker called UglyGorilla invaded the utility on what was probably a scouting mission, looking for information China could use to wage war.

UglyGorilla is one of many hackers the FBI has watched. Agents have recorded raids by other operatives in China and in Russia and Iran, all apparently looking for security weaknesses that could be employed to disrupt the delivery of water and electricity and impede other functions critical to the economy, according to former intelligence officials with knowledge of the investigation.

UglyGorilla’s surveillance sortie was one of dozens conducted on natural gas pipelines and electric utilities by People’s Liberation Army Unit 61398 over at least 14 months in 2012 and 2013, according to documents obtained by Bloomberg News and people involved in the investigations but who asked not to be named because they weren’t authorized to speak publicly.

Support Tech Talk Today creating DAILY PODCASTS

Hosts:

Chris:

The post Microsoft Patents Exposed | Tech Talk Today 9 first appeared on Jupiter Broadcasting.

Extreme WiFi Makeover | TechSNAP 52

chris — Thu, 05 Apr 2012 17:40:38 +0000

Find out what happens when the Internet Engineering Task Force is faced with unreliable hotel WiFi

And we’ve got the details on backdoor built into AT&T’s Microcell’s back door. Yep the back door, has a back door.

Plus some viewer feedback, and a war story straight from the headlines!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Limited time offer: $5.99 .coms, up to 5 domains! just use our code 599com7

Want to save money on your entire order? Use our code spring7 and save 15%!

Direct Download Links:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Show Notes:

Researchers disassemble an AT&T microcell and find that even AT&T’s backdoors have backdoors

A microcell is a small consumer device that increases the signal strength of your mobile connection be acting as a miniature cell tower in your house, using your broadband internet connection to connect back to the telco via a secure IPSEC tunnel
The device is fairly complex and includes two System-on-Chips (one Ralink, the other picoChip), a Xilinx FPGA, radio hardware and a GPS module. GPS is used both for radio timing and for determining the position of the box. The box is only ‘allowed’ to work when within the area nominally serviced by AT&T.
The device includes a nice little tamper-detection mechanism which uses a set of 6 possible jumpers (3 of which are marked in purple on the above photo) to detect when someone removes the covers. The specific jumper-settings are supposedly unique per device. However researches believe they have worked around this.
After opening the device, researchers were able to locate the serial console for the Ralink device fairly quickly.
At boot time, the device spews a lot of information, and allows you to interrupt the boot process by pressing a number to select a ‘bootloader shell’. The bootloader is u-boot.
Using the u-boot ‘md’ (memory display) command, we were able to dump the Ralink’s flash memory over the serial connection
+The Ralink SoC runs a 2.6.21 linux kernel. The kernel contains an lzma-compressed initramfs, which is the root filesystem for the device. It is mounted rw, but changes don’t persist between reboots
The system includes users for ssh and root, both of which have the same password. The password is non-dictionary, but after around 5 days of average processing, we were able to determine the password. This allows us to log-in to the device at the serial console
Topping it all is the ‘wizard’: It turns out that wizard is quite the magician. Its main trick is to provide a full backdoor to the device, allowing for full, remote, unauthenticated, root command execution on the box. You only need to know where to point your netcat
It is probably only intended to be used over the secure IPSEC tunnel which the picoChip SoC creates automatically. In other words, the microcell creates a tunnel back ‘home’ to AT&T headquarters, then they connect over this tunnel, and send packets to the wizard. Unfortunately, they set up the wizard to bind on 0.0.0.0 (an alias for all IP addresses), so the backdoor is accessible over the WAN interface, allowing anyone with access to control the device
The backdoor uses simple UDP packets to transmit requests and receive responses.
There are a number of operations supported, but the most useful one is called ‘BackdoorPacketCmdLine’. Yes. It’s actually called ‘Backdoor’. This command lets you execute any linux command. Execution is performed using the backticksh function.
The response packets are sent to a hard-coded UDP address: 234.2.2.7. In order to get around this, we can set up a ‘redirection’ in the iptables firewall running on the box, to make packets which would go to 234.2.2.7 instead go to our own host – allowing us to see the output of the commands we send.
Hardware Tear Down

FTC fines RockYou for making claims about user privacy and data security while storing user passwords in plaintext

In late 2009 social gaming site RockYou.com was breached and their database of 32 million email address and passwords was leaked online
The critical part of this story is that the passwords were stored in plain text, this was one of the largest such breaches of plain text passwords and results in some interesting studies on the patterns people use to select passwords
Unlike other breaches such as gawker, where the passwords were insecurely hashed, the analysis extended beyond just weak passwords that could easily have their hashes cracked, the passwords being in plain text meant that every password was exposed, giving researchers more insight into the more secure passwords as well
Further exacerbating the issue was the fact that 179,000 of the accounts that were exposed belonged to minors, and were collected in violation of the COPPA laws
The site was compromised via a fairly trivial SQL injection
the FTC specifically took issue with the security claims on RockYou.com’s website, and as part of the settlement, RockYou.com has been barred from making future deceptive claims about user privacy and data security, must submit to regular 3rd party security audits for the next 20 years, delete all user data illegally collected from minors and pay $250,000 in civil fines
Full settlement details
Nitpicking: the ZD article ends quite a quote “if you store your customers’ data in plain text, please go encrypt it”. Passwords should NOT be encrypted, encryption is reversible, and requires the same key to encrypt as to decrypt, meaning the system must have to key in order to store new passwords, and that same key can be used to decrypt all passwords, providing almost 0 additional security if that server is compromised. Passwords should always be hashed using a cryptographically secure hashing algorithm, such as a salted SHA256 or Blowfish hash
Slashdot coverage of original breach

Feedback:

Luke from the UK writes, asking us to spread the word about a petteition to Scrap Plans to Monitor all Emails and Web Usage
Andy writes, and wants to know how Allan backs up all his big data (lol)!

War Story:

What happens when the IETF (Internet Engineering Task Force) shows up for their conference at your hotel, and your wireless and wired internet is flaking? They fix it for you

Major players in the IETF showed up in Paris last week for the 83rd IETF meeting only to find the hotel’s wifi network almost entire unusable. The wired network was not much better, a situation exacerbated by the fact that the in room TV systems share the data connection.

“I’ve got what looks like a pretty good 802.11 connection, but am seeing about 30% packet loss. It’s really not usable from my room as it is currently performing,” noted attendee Ben Campbell.

“There was no WiFi signal when on the desk in front of the window in my room, but after some experiments, I discovered that the signal was quite good… on the ceiling of the bathroom,” emailed Marc Petit-Huguenin. “I have a Nexus S phone, so I taped it on the ceiling of the bathroom, and used tethering over Bluetooth to bridge the gap to the desk”

The hotel was also having power problems with network equipment of all types above the 27th floor

Attendees negotiated with the hotel and were given access to the network infrastructure, the IETF makeover team made a number of changes, included:

Decreasing the AP receiver sensitivity (changing the distance setting from “large” to “small”
Increasing the minimum data and multicast rate from 1Mbps to 2Mbps
Decreasing the transmit power from 20dBm to 10dBm
And, turning off the radios on numerous APs to reduce the RF noise
Installing netdisco and rancid and establishing a makeshift NOC to manage the network

(The network appears to have been setup by relative amateurs who assumed that jacking up the radio power would result in stronger connections, and who added too many APs without doing a proper site survey to determine where the APs should be placed)

There were also problems caused by the international spectrum of visitors, different countries allow different RF spectrum, and so some channels that are allowed in France and not allowed in the US, and vise versa.

US Apple Macs won’t associate to WIFI channel 13. This is something that the IETF has argued with Apple about–I believe it should be up to the AP to set the allowed channels and clients should be able to use them. I’m not worried about this in this case–folks should see other channels at acceptable signal strengths, and the Europeans, for example, will get a bit of a speed advantage

Later on, after the situation was less critical and they had time to better understand the existing network and develop a plan, a new scheme was developed:

Each floor now has approximately two access points on each of these four channels, with the channels staggered on adjacent floor. That design maximizes the distance between access points on the same channel. “I hope this will significantly improve the coverage in some rooms that had marginal or no signal while also improving the signal to noise ratio for all,” he said
In addition, he switched a couple of the single-radio Colubris access points on each floor from 2.4 to 5 GHz, which would let at least laptops make use of one of four channels on the much less crowded band.

Round Up:

Google reveals Project Glass(es)
Details of the FBIs takedown of LulzSec
Are 600,000 infected Macs with Flashback?
+More info on Flashback
Your xbox logs your credit card details
The details of any credit card ever used on your xbox can easily be stolen with physical access
even if the xbox has been reset to factory defaults
so, don’t sell your used xbox without DBANing the hard drive first. Also consider carefully where you take your xbox to get it repaired.
Microsoft says the attack is unlikely
Interview With Incarcerated NASA Hacker Jeremey Parker
ACTA Could be Passed in 10 Weeks; Take Action Before It’s Too Late
An example of what the future Internet might look like

The post Extreme WiFi Makeover | TechSNAP 52 first appeared on Jupiter Broadcasting.

Stuffed War Stories | TechSNAP 33

chris — Thu, 24 Nov 2011 22:57:28 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Microsoft’s flawed code signing infrastructure puts your machine at risk, find out how.

A batch of great audience submitted questions, and we share a few IT war stories!

All that and more, on this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

Subscribe via RSS and iTunes:

Fill out my Wufoo form!

Show Notes:

AT&T customer data targeted in attack

The attackers used automated scripts to attempt to determine if phone numbers were linked to AT&T online accounts
Attempts were made against approximately 1 million of AT&Ts 100 million customers
The attackers appeared to already have a database of usernames and passwords, and were attempting to use brute force to link those credentials to phone numbers, in order to gain access to the accounts
AT&T appears to lack any type of Intrusion Detection System, or automated defences that block an IP address after many failed login attempts. The millions of attempts were likely not launched from a single IP address, but it still should have been blocked well before 1 million accounts had attempts against them
AT&T does not believe attackers were able to gain access to any accounts, but they are still investigating

South Korea blocks young games after midnight

The so called Cinderella law blocks users under the age of 16 from accessing online games after midnight
The articles are unclear about exactly how this is accomplished, but it appears it is enforced by the online gaming sites themselves, and teens using accounts created with their parents identities are not blocked
In South Korea, most websites require you to enter your national ID card number. Comments on sites cannot be left anonymously (previously covered on TechSNAP 23 )
Is this a sign of the level of censorship we can look forward to in the future?

RSA 512bit SSL certificates abused in the wild

SSL Certificates signed by a few authorities (which have since had their trust revoked) have had their private keys factored
Once you poses the private key for an SSL certificate, you can use it to pretend to be that site, and use any other capabilities that the certificate has
It was originally thought that the private keys were merely stolen by malware, but it seems that factoring RSA 512 has become somewhat trivial, taking only a matter of days or weeks with a reasonable cluster of modern machines. With malware authors having access to large botnets, or cloud computing platforms like Amazon EC2, these certificates can no longer be considered safe
A number of other vulnerable certificates were identified, many coming from DigiNotar, the certificate authority that was compromised by attackers and has since has its trust revoked and gone out of business.
Most all SSL certificate authorities require at least a 2048bit RSA key for new certificates
A normal HTTPS SSL certificate only has the ability to sign outbound messages, encipher symmetric keys, and to verify its identity as a TLS Client or Server.
The problem with the certificates issued by the Digisign Server ID CA, is that they lacked the basic key usage definitions and constraints. This allowed the certificates to be used for any purpose, including signing software. The certificates also lacked a properly defined CRL (Certificate Revocation List), so they could not be revoked.
The factored certificates were used to code-sign malware to remove or lessen the warnings given by windows when the code is executed
The compromised certificates have been used as far back as March 2010, and Microsoft did not act until recently, revoking the trust in the CA. Microsoft will still accept 512bit certificates without proper use definition or constraints.

Feedback:

Q: Do you guys trust Internet aggregator services?
A: It depends on the level of security they employ. Most of these sites are not very forthcoming with details on how they secure your data, or even how they work. A better solution would be something like OAuth to allow you to grant only certain permissions to each specific site, and allow you to easily revoke a sites access to your accounts.

Q: SSH on Port 2222?
A: Using a different port does reduce the number of attacks from automated bots, but it will not stop anyone targeting you specifically. The solution is always to use a protection system such as DenyHosts, SSHGuard or Fail2Ban. Also, if it makes sense in your setup, disable password authentication entirely, and only use SSH keys. Note: you should still use DenyHosts to prevent an aggressive botnet from bogging down your SSH server so legitimate users cannot log in. This used to happen to one of my servers that had 250 ip addresses, the bots would attack each ip at the same time, creating 1000 ssh connections at once.

Q: Why not just one boot loader to rule them all?

Q: How do I get started in Tech Support?

War Story

Administering a Windows Server with your eyes closed

When ScaleEngine first started, we were in a much smaller local data center. One of the disadvantages to this data center was that they did not provide KVM Carts, in order to work on a server, you had to remove it from the rack, and take it over to a little desk in the corner with a monitor and keyboard, but no network connection. At our new data center, we have KVM carts we can take over to our rack to work on servers without disconnecting them. If we need to disassemble the server, they provide a nice large quiet work area with ample power, ethernet drops and free coffee.

I had just built two new Windows 2008 R2 servers for one of our clients, and had installed them in the rack. Got them up and running, and they were serving their websites fine. However, I was not able to connect via Remote Desktop. How had I forgotten to enable remote desktop…

I really did not feel like waiting for the server to shutdown (windows servers take an extremely long time to shut down, partly because they overwrite the entire swap file for security reasons), then removing the server from the rack again, waiting for it to boot up, change the settings, shutdown etc.

So, I grabbed our spare USB keyboard and connected it to the server in the rack. Balancing the keyboard on my left hand, while typing with only my right, with no monitor. I waited 30 seconds for windows to detect the keyboard, and then entered control+alt+delete to open the login prompt. I heard the drive start ticking as it loaded the desktop, so I gave it a few minutes. Once I was logged in, windows+r to open the run prompt, and started cmd.exe. Then I issued the following commands which I had arduously looked up on my old cell phones very limited browser.

netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
netsh firewall add portopening TCP 3389 RDesktop enable any

I issued each command twice, in case I might have made a typo, even though I was typing as carefully as I could, and slowly as I was doing it with one hand on an unsteady keyboard. Then to test it, I used pocketPutty on my cell phone, to SSH into one of my servers, and use netcat to see if port 3389 was open. It was. So I repeated the same procedure on the second windows server and again verified it via my cell phone before packing up and leaving the data center.

And that, is how I administered a pair of windows servers, with my eyes closed.

Round Up:

The post Stuffed War Stories | TechSNAP 33 first appeared on Jupiter Broadcasting.

Ultimate Backups | TechSNAP 26

chris — Thu, 06 Oct 2011 19:52:13 +0000

We’ll tell you about AT&T leaving Android open to a hack so easy, my two year old son could pull it off. Plus FireFox goes to battle with McAfee and is Bank of America Under attack?

Then – We delve into backups, from the fundamentals to the very best tools!

All that and more, in this week’s TechSNAP!

Direct Download Links:

Subscribe via RSS and iTunes:

[ad#shownotes]

Show Notes:

Security hole in AT&T Samsung Galaxy S II

Bug allows someone to bypass the security lockout screen, accessing the phone without the password
The flaw does not exist on the Sprint version of the Samsung Galaxy S , or the Epic Touch 4G
By pressing the lock button to wake the phone, and you will be prompted with the unlock screen. Allow the phone to go back to sleep, and immediately tap the lock button again, and you will have access to the phone
This feature is likely designed for the situation where you are waiting for some interaction on the phone and it falls asleep, if you press a button to wake it within a few seconds, it doesn’t prompt you to reunlock the phone. This is a useful feature, however, it should be predicated on the fact that you just recently unlocked the phone (don’t make me unlock the phone twice within 90 seconds, or something similar)
The flaw only effects phones that have been unlocked once since boot
Since the flaw only effects the AT&T version of the phone, it would seem it is based on software added to the phone by AT&T, which appears to cache your response to the unlock screen, and use it to bypass the screen when you re-wake the phone immediately after it goes to sleep.
Another example of the vendors messing with the core google product.
Users with Microsoft Exchange security policies don’t seem to be affected
Users can adjust the settings on their phone by accessing: Settings ->Location and Security->Screen unlock settings->Timeout and setting the value to Immediately, disabling the ‘feature’ that presents the vulnerablity.

Firefox advises users to disable McAfee Plugin

Firefox says the McAfee ScanScript plugin causes Stability and Security problems
The problem only seems to effect the new Firefox 7, it is likely caused by a compatibility problem with versions of ScanScript designed for older versions of Firefox
Firefox has started generating popup warnings to users using versions of McAfee older than 14.4.0 due to an incredibly high volume of crash reports
McAfee says it is working with Firefox to solve the issue for the next version of the software
McAfee is very popular in corporate environments and is often enforced with a Active Directory Group Policy that makes it nearly impossible for the end user to disable the virus scanner

Bank of America – Unexplained Outages – Is it an attack?

The Bank of America website has been degraded, slow, returning errors or down for more than 6 days
Bank of America (BofA) said its Web and mobile services have not been hit by hacking or denial-of-service attacks, however they would not disclose what has been causing the online problems.
Quote: “I just want to be really clear. Every indication [is that] recent performance issues have not been the result of hacking, malware or denial of service,” said BofA spokeswoman Tara Burke. “We’ve had some intermittent or sporadic slowness. We don’t break out the root cause.”
The problems began Friday morning, a day after BofA announced it would charge a $5 monthly fee for account holders using their debit cards
Additional Coverage

Feedback:

Continuing our Home Server Segment – This week we are covering backups.
Before we cover some of the solutions, we should look at some of the concepts and obstacles to creating proper backups. There are a number of different ways to back things up, but the most popular involves using multiple ‘levels’ of backup.

Full backup
This is a backup of every file (or a specific subset, or without specific exclusions) on a system.
This is the base of higher level backups, and is also known as a level 0 backup
Full backups are the biggest and take the slowest
Differential Backup
A differential backup is one that includes every file that has changed since the last full backup was started (this is important).
>It is very important the higher level backups always be based on the START time of the lower level backup, rather than the last modified, or finish time. During the last backup, if the file changed after it was backed up, but before that backup completed, we want to be sure to include it in the next backup
Differential backups require only the most recent full backup to restore
Incremental Backup
An incremental backup consists of every file that has changed since the start of the last backup of any level
Incremental backups are the smallest and fastest
Incremental backups can take the longest to restore, and can require access to each of the previous differential backups since last full backup, and that most recent full backup
Incremental backups offer the trade off, they take less time and less storage, however they slow the recovery process.
Incremental backups, due to their smaller size, make it easier to have ‘point of time’ backups of files, rather than just the most recent.
Some backup systems do away with the name designations, and allow even more granularity
A level 0 backup is a full backup
A level 1 is everything that has changed since the level 0
A level n is everything that has changed since the last level n–1 or higher
Systems such as the unix ‘dump’ utility, allow up level 9 backups
Some backup systems, such as Bacula, support ‘synthetic full backups’
A synthetic backup is when you use a full backup, plus more recent differential and incremental backups to create a new, more recent full backup.
This can be especially advantageous in remote and off site backup systems, where transferring the full data set over the network can be very slow and costly.
rsync
Not actually a backup tool, it just creates and synchronizes a copy of the files
Copies only the changes to the files, so is faster
snapshots
A point in time copy of the files in a filesystem (supported by LVM, UFS, ZFS, etc)
A good place to take a backup from, resolves issues with open files
bacula
Designed to backup a large number of machines
Quite a bit of setup (Directory, Storage Daemon, SQL Database, File Daemons (Clients))
Cross platform
Powerful deduplication system, and ‘base backups’
Support for Windows Volume Shadow Copy (snapshots of open files)
flexbackup
simple perl script that creates archives (tar, cpio, etc) with optional compression (gzip, bzip2, etc).
Uses the ‘find’ command to create multi-level backups based on modified date
backupmypc
rsync based
Supports FTP, SCP, RCP, & SMB for Windows
s very smart about how it handles portable devices that miss backups.
It’s magic is it’s de-dupe hard-link mojo that saves tons of space
Bit of a nerd project to get going, but is bullet proof once its in
TarSnap – BSD Encrypted Cloud Backup
Mondo Rescue – GPL disaster recovery solution
CrashPlan – Online Backup Software, Disaster Recovery
Allan’s AppFail.com article about backups

Round Up:

Jupiter Broadcasting stats

Firefox 42.66%
Chrome 29.73%
Internet Explorer 14.43%

The post Ultimate Backups | TechSNAP 26 first appeared on Jupiter Broadcasting.

AT&T – Jupiter Broadcasting

Apple’s Mob Move | Coder Radio 479

Rich Clownshow Services | Coder Radio 457

Just Say No to M1 | Coder Radio 440

Double Data Rate Trouble | LINUX Unplugged 369

5G Fundamentals | TechSNAP 418

Tech Talk Today 279

Show Notes: techtalk.today/279

Nuclear IoT Toaster | TechSNAP 291

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Feedback:

Round Up

One NAT to Rule Them | LINUX Unplugged 153

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Linux’s AV Stack Adding Awesome Features

Windows Exploit Edition | TechSNAP 274

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Feedback:

Round Up:

Wolf in Hipster Clothing | TTT 229

Direct Download:

RSS Feeds:

Show Notes:

Kickstarter of the Week:

Conspiracy Trackpad | TTT 208

Direct Download:

RSS Feeds:

Show Notes:

Open-source Market Penetration | Tech Talk Today 127

Direct Download:

RSS Feeds:

Show Notes:

KICKSTARTER OF THE WEEK: The Mod – Multivibrating Open-Source Dildo | Indiegogo

Support Your Tor | Tech Talk Today 93

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

The Cost of Unlimited | Tech Talk Today 82

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Kickstarter of the week: The Undress

AT&T’s Identity Giveaway! | Tech Talk Today 71

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

KICK STATER OF THE WEEK: Granola Strolla – Portable Solar USB charger by Granola Strolla Inc. — Kickstarter

NSA Monster Mash | Tech Talk Today 42

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Bonus Friday Tech Talk Today w/Special Guest Angela

Microsoft Patents Exposed | Tech Talk Today 9

Direct Download:

RSS Feeds:

Become a Tech Talk Today supporter on Patreon:

Show Notes:

— Headlines —

— Security Update —

Hosts:

Chris:

Extreme WiFi Makeover | TechSNAP 52

Thanks to:

Direct Download Links:

Support the Show:

Show Notes:

Feedback:

Show Notes:

techtalk.today/279