HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

How not to avoid browser security warning

Verbal passwords

Obscurity is a Valid Security Layer

Feedback

• Kaspersky’s 7zip file

• Containers/Jails/Zones : Containers vs Zones vs Jails vs VMs, Container descriptions and security, Docker and the rise of popularity of containers, Papers We Love Zones and Jails

Round Up:

• https://www.crunchyroll.com/ Cloudflare configuration compromised

• New York Times via dark web

• USB Stick with Heathrow Security and Queen’ Data Found on London Street see also Met Police Special Escort Group

• Google to ditch public key pinning in Chrome

• Performing & Preventing SSL Stripping: A Plain-English Primer

• Researchers turn LG’s Hom-Bot vacuum cleaner into a real-time spying device

The post SSL Strippers | TechSNAP 344 first appeared on Jupiter Broadcasting.

Adobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.

Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

New flash zero day found being exploited in the wild, no patch yet

• The new exploit is being used in some versions of the Angler exploit kit (the new top dog, replacing former champ blackhole)
• The exploit kit currently uses three different flash exploits:
• CVE-2014-8440 – which was added to the exploit kit only 9 days after being patched
• CVE-2015-0310 – Which was patched today
• and a 3rd new exploit, which is still being investigated
• Most of these exploit kits rely on reverse engineering an exploit based on the patch or proof of concept, so the exploit kits only gain the ability to inflict damage on users after the patch is available
• However, a 0 day where the exploit kit authors are the first to receive the details, means that even at this point, researchers and Adobe are not yet sure what the flaw is that is being exploited
• Due to a bug in the Angler exploit kit, Firefox users were not affected, but as of this morning, the bug was fixed and the Angler kit is now exploiting Firefox users as well
• Additional Coverage – Krebs On Security
• Additional Coverage – PCWorld
• Additional Coverage – Malware Bytes
• Additional Coverage – ZDNet

How was your credit card stolen

• Krebs posts a write up to answer the question he is asked most often: “My credit card was stolen, can you help me find out how”
• Different ways to get your card stolen, and your chance of proving it:
• Hacked main street merchant, restaurant (low, depends on card use)
• Processor breach (nil)
• Hacked point-of-sale service company/vendor (low)
• Hacked E-commerce Merchant (nil to low)
• ATM or Gas Pump Skimmer (high)
• Crooked employee (nil to low)
• Lost/Stolen card (high)
• Malware on Consumer PC (very low)
• Physical record theft (nil to low)
• “I hope it’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorized charges, and to report that activity as quickly as possible.”
• Luckily, since most consumers enjoy zero liability, they do not have to worry about trying to track down the source of the fraud
• With the coming change to Chip-and-Pin in the US, the liability for some types of fraud will shift from the banks to the retailers, which might see some changes to the way things are done
• Banks have a vested interest in keeping the results of their investigations secret, whereas a retailer who is the victim of fraudulent cards, may have some standing to go after the other vendor that was the source of the leak
• Machine Learning for Fraud Detection

15% of business cloud accounts are hacked

• Research by Netskope, a cloud analysis company, finds that only one in ten cloud apps are secure enough for enterprise use
• In their survey, done using network probes, gateways, and other analysis techniques (rather than asking humans), they found that the average large enterprise uses over 600 cloud applications
• Many of these applications were not designed for enterprise use, and lack features like 2 factor authentication, hierarchical access control, “group” features, etc
• The report also found that 8% of files uploaded to cloud storage provides like Google Drive, Dropbox, Box.com etc, were in violoation of the enterprises’ own Data Loss Prevention (DLP) policies.
• The downloading numbers were worst, 25% of all company files in cloud providers were shared with 1 or more people from outside the company. 12% of outsiders had access to more than 100 files.
• Part of the problem is that many “cloud apps” used in the enterprise are not approved, but just individual employees using personal accounts to share files or data
• When the cloud apps are used that lack enterprise features that allow the IT and Security teams to oversee the accounts, or when IT doesn’t even know that an unapproved app is being used, there is no hope of them being able to properly manage and secure the data
• Management of the account life cycle: password changes, password resets, employees who leave or are terminated, revoking access to contractors when their project is finished, etc, is key
• If an employee just makes a dropbox share, adds a few other employees, then adds an outside contractor that is working on a project, but accidently shares all files instead of only specific project files, then fails to remove that person later on, data can leak.
• When password resets are managed by the cloud provider, rather than the internal IT/Security team, it makes it possible for an attacker to more easily use social engineering to take over an account
• Infographic
• Report

Feedback:

• ZFS me timbers

• Allan’s Modified Lenovo

• Sharing a large movie collection over the internet

• RAID alternatives for a bug

Round Up:

• Yes, Every Freeware Download Site is Serving Crapware (Here’s the Proof)
• CERT-UK offers a new best practices guide to combat social engineering
• FBI seeks to legally hack you if you are using TOR or a VPN
• Java patches 19 security holes (13 with 10/10 exploitability score). Make sure you are running at least 7u75 or 8u31
• NSA says it has proof DPRK was behind Sony hack, because they had already hacked the DPRK
• Government health care website quietly sharing personal data
• Steam shell script bug causes it to rm -rf /
• NSA Preps America for Future Battle
• Diary of an NSA Intern
• Password reuse causes spike in Hotel Rewards fraud
• The Sorry State of In-Flight Wi-Fi
• Technical mistake, not terrorist DDoS downed french media websites
• Blackhat, the movie, gets the technobabble mostly right
• All you need is a clipboard, or a stethoscope

The post Dude Where's My Card? | TechSNAP 198 first appeared on Jupiter Broadcasting.

The shutdown showdown marches on, as both sides double up on the hothead nonsensical rhetoric. But behind the scenes the debate is taking a new direction. A cool analysis of the situation reveals several options are available to settle the standoff. We’ll look at those options, and why big money is preparing for default.

Plus a critical look at the unlimited amounts of money about flow into American politics, the recent military raids in africa, your feedback, our follow up and much much more.

— Complementary Supporters Show: Unfilter 70 Supporters Show MP3 —

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

— Show Notes —

NSA is CRAZY

• Ex-NSA/CIA chief Hayden jokes of putting Snowden on kill list

“I must admit in my darker moments over the past several
months, I’d also thought of nominating Mr. Snowden, but it was
for a different list,” Hayden said during a cybersecurity
panel hosted by the Washington Post.

As the audience laughed, US lawmaker Rep. Mike Rogers, chairman
of the House Intelligence Committee, offered Hayden his support:
“I can help you with that,” he said.

• NSA’s $1.5 Billion Data Center Waylaid by Electrical Nightmare | Wired Enterprise | Wired.com

“The failures that occurred during testing have been mitigated. A project of this magnitude requires stringent management, oversight and testing before the government accepts any building,” an NSA spokeswoman told WIRED by email.

But the Wall Street Journal reports that there is disagreement about whether the proposed solutions will work. The Army Corps of Engineers is overseeing construction of the data center, and the electrical system itself was built by architecture firm KlingStubbins, which is a joint venture of three companies: Balfour Beatty Construction, DPR Construction and Big-D Construction Corp. Although the contractors have a fix in place, the cause of the surges — known as “arc fault failures” — is unknown.

• Obama administration decides NSA spying is ‘essential,’ but oversight of NSA is not

While the National Security Agency (NSA) has largely escaped the government shutdown, the panel investigating NSA spying practices haseffectively been frozen. Politico reports that as of Friday, the five-member Review Group on Intelligence and Communications Technologies lost its staff to the furlough associated with the government shutdown.

The group, which is largely comprised of intelligence community and White House insiders, was initially scheduled to remain running during the furlough. However, former acting CIA director Michael Morell declined to attend a scheduled meeting Tuesday, citing the shutdown: “While the work we’re doing is important, it is no more important than — and quite frankly a lot less important — than a lot of the work being left undone by the government shutdown, both in the intelligence community and outside the intelligence community.”

The U.S. Supreme Court is poised to strike down a law prohibiting unlimited campaign contributions.

• Supreme Court Again Weighs Spending Limits in Campaigns – NYTimes.com

“The latest case would go even further than Citizens United,” he said. “It would say anything goes: there are no rules in terms of how to finance campaigns.”

The challengers take issue with separate overall limits of $48,600 every two years for individuals’ contributions to all federal candidates and $74,600 to political party committees. (Federal law continues to ban direct contributions to candidates or political parties from corporations and unions.)

“These limits,” said Erin E. Murphy, a lawyer for Mr. McCutcheon, “simply seek to prevent individuals from engaging in too much First Amendment activity.”

– Thanks for Supporting Unfilter –

This Week’s New Supporters:

• Carl M

• Tyler B

• iglun

• Wes M

• Nicholas S

• Karl M

• Curtis J

• Fredrik L

• Tyler T

• Chewbatrij

• Thomas Y

• Alberto B

• Buskivuski

• Jason D

• Thanks to our 202 Unfilter supporters!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience. ‘

• Finally a Supporter

Shutdown Showdown

• Back in force: Debt limit deniers

“Tough luck,” these people say. The nation spends too much as it is. Blocking a debt ceiling increase will provide the radical shock therapy the nation desperately needs to start living within its means.

“We have 10 times as much tax revenue as we’ve got annual interest on the debt obligations,” Rep. Mo Brooks (R-Ala.) said in an interview, offering the key talking point of the debt limit denial caucus. “So if the president does not want us to default on our credit or obligations, we won’t.”

Other members say they based entire campaigns on not boosting the borrowing limit.

“I ran on not raising the debt ceiling,” said Rep. Ted Yoho (R-Fla.). “We will not default. And I think it’s a lot of hype that gets spun in the media.”

• China’s Watching: Stop talking about default

If the dollar were suddenly to lose reserve status, the United States of America would face catastrophic inflation. All the dollars that the Federal Reserve has been creating, at about $85 billion each month, would begin to be dumped right on our heads, and the dollar would become virtually worthless.

More importantly, China has moved aggressively to replace the dollar with its Yuan in all its many, many international trades, including those in Saudi Arabia, Russia, South Korea, Australia, and many other traditional U.S. trading partners. China, with vigorous support from Russia and reluctant support from the other mega-economies in Asia, especially India and Japan, is using treaties which require acceptance of payments in their currency, the Yuan.

• John McCain Calls Out Tea Party Lies, Says GOP “Did the American People a Great Disservice”

“To think that we are going to repeal Obamacare, which would have required 67 Republican votes, of course, was a false premise, and I think did the American people a great disservice by convincing them that somehow we could.”

• US House Revives ‘Supercommittee’ as Debt Default Looms | Defense News | defensenews.com

The chamber voted mostly along party lines, 224–197, to create the “Bicameral Working Group on Deficit Reduction and Economic Growth.” The proposed 20-lawmaker panel would comprise 10 members from each chamber and would be tasked with recommending discretionary spending cuts, “changes in the statutory limit on public debt” and identifying other spending cuts.

Republicans want spending cuts and domestic entitlement program changes in return for a debt-ceiling increase. They say most modern presidents, including Obama twice, have negotiated over the borrowing limit.

• The 5 creepiest things about how the Koch brothers engineered the shutdown

This weekend, The New York Times revealed how the Koch Brothers and Reagan Attorney General Ed Meese engineered this here shutdown we’re dealing with right now, and how they’d been planning it ever since Obama was reelected.

• Banks prepare ‘war rooms’ in case US defaults on debt

The Dow slid nearly 160 points Tuesday, wiping out any gains it made in the past month.

Oh no… GMO?

• Look at who is funding the fight against labeling GMO foods

• Whos Funding the YES labling

Feedback:

• Bitmessage Address: BM-GuQ4gqmBeW8CYpSo3Htg2pBrBdHbvpe7

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Connect with Chase

The post The Default Solution | Unfilter 70 first appeared on Jupiter Broadcasting.

In just the last week the situation in Cyprus has gone from outrageous to disastrous. We’ll break it down, and discuss the impacts the world changing event could have on the global economy.

And – Did you know the Internet is currently undergoing the “largest attack in history” that’s according to the BBC, and why the FBI has disclosed Real-Time Gmail Spying Powers as a “Top Priority” for 2013.

Plus Mayor Bloomberg begins personally financing a $12 Million Dollar Ad Campaign for Gun Checks, our follow up, your feedback, and much much more.

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

Pay With Bitcoin

— Show Notes —

Global internet slows after “biggest attack in history”

• BBC News – Global internet slows after ‘biggest attack in history’

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.

• Cyberattack on anti-spam group Spamhaus has ripple effects

Spam-fighting organization Spamhaus said Wednesday that it had been buffeted by a massive distributed denial-of-service (DDoS) attack since mid-March, apparently from groups angry at being blacklisted by the Geneva-based group.

“It is a small miracle that we’re still online,” Spamhaus researcher Vincent Hanna said in an interview.

FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013

• Andrew Weissmann: FBI wants real-time Gmail, Dropbox spying power.

That’s because a 1994 surveillance law called the Communications Assistance for Law Enforcement Act only allows the government to force Internet providers and phone companies to install surveillance equipment within their networks. But it doesn’t cover email, cloud services, or online chat providers like Skype. Weissmann said that the FBI wants the power to mandate real-time surveillance of everything from Dropbox and online games (“the chat feature in Scrabble”) to Gmail and Google Voice. “Those communications are being used for criminal conversations,” he said.

Mayor Bloomberg Unveils $12 Million Ad Campaign for Gun Checks

• Mayor Bloomberg, NRA, gun legislation – latimes.com

New York Mayor Michael R. Bloomberg, a fierce proponent of restrictions on firearms, said he will bankroll a $12-million TV advertising blitz in 13 states to pressure individual senators from both parties during the two-week congressional recess.

Thanks for Supporting Unfilter:

Make Good: Sorry if we gave the wrong impression about ‘MERICA raw-dogging it in Iraq.

• US news media has devolved to ‘carnival act’

Chris Hedges, author, columnist and former Pulitzer-Prize winning journalist for The New York Times spoke with RT about how FCC deregulation during the Clinton administration allowed a handful of corporations to dominate US media.

Thanks to

• Damon L
• Trevor J
• Benjamin M
• Richard G – Who nailed the last $7.99 for now!
• Rusty switched to bitcoins, tip of the hat to our first bitcoin supporter!

• Thanks to our 59 Unfilter supporters!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience.

Cyprus’ Gone Wild

• Cyprus controls expected to hit foreign transactions

With banks due to reopen on Thursday after nearly two weeks, Finance Minister Michael Sarris said capital controls will be “within the realms of reason” and a business leader said he had been told they would affect only international transactions.

• Cypriot Youth Rise Up In Pictures: “They Just Got Rid Of All Our Dreams”

They’ve just gotten rid of all our dreams, everything we’ve worked for, everything we’ve achieved up until now, what our parents have achieved,"

• Cyprus central bank ousts CEO of troubled Bank of Cyprus

CEO Yiannis Kypri said he was summoned to the Central Bank early on Wednesday and asked to submit his resignation.

“The reason I was given was that, based on the resolution decree recently passed by parliament and upon demands of the troika, an administrator had been appointed at the Bank,” Kypri said in a written statement.

• Have The Russians Already Quietly Withdrawn All Their Cash From Cyprus?

No one knows exactly how much money has left Cyprus’ banks, or where it has gone. The two banks at the centre of the crisis – Cyprus Popular Bank, also known as Laiki, and Bank of Cyprus – have units in London which remained open throughout the week and placed no limits on withdrawals. Bank of Cyprus also owns 80 percent of Russia’s Uniastrum Bank, which put no restrictions on withdrawals in Russia. Russians were among Cypriot banks’ largest depositors.

• Russia Loses Out as Cyprus Reaches Deal

“I think the Russians were understandably disappointed with this turn of events. They have had a long, successful and happy history and association and this has come partly as a shock despite the fact that many of these things had been rumored,” Cyprus’ finance minister, Michael Sarris, said early on Monday in Brussels.

• Europe threatens Cyprus with bankruptcy in power struggle with Russia

On Thursday the European Central Bank told Cyprus yesterday to find funding to secure a €10 billion ($12.9 billion) European Union (EU) bailout by Monday, or face a cut-off of ECB credit and the bankruptcy of Cyprus’ banks and government.

• The Cypriot government should instead have learned from Iceland

The Cypriot government should instead have learned from Iceland: taken over the banks, isolated the bad loans, protected deposits, imposed losses on the wealthy, and used a publicly owned banking sector to rebuild the domestic economy. That would have offered its citizens a better future, almost certainly outside the eurozone. But it would have also encroached on private capital’s privileges and clearly couldn’t be tolerated.

• Protests in Cyprus over bailout deal – YouTube

Protests have followed the agreement which called for Popular Bank, the country’s second biggest bank, to be closed down and the imposition of austerity measures.

US’ System Setup to Protect the Bankers?

• SEC Nom’s HUGE Conflict of Interest – Protect The Bankers? – YouTube

U.S. attorney nominated by President Barack Obama to lead the SEC. Her financial disclosures say that upon leaving New York-based Debevoise & Plimpton LLP, the law firm will give her $42,500 a month in retirement pay for life, or more than $500,000 a year."*

Mary Jo White, Obama’s nominee who will likely be confirmed as head of the SEC- the government agency in charge of regulating the banks- may not have the people’s best interests at hand. She’ll be paid a “retirement for life” from her former white-collar defense law firm that defends bankers.

China’s navy holds landing exercises near disputed islands

• China navy seeks to wear out Japanese ships in disputed waters

“The operational goal in the East China Sea is to wear out the Japanese Maritime Self Defence Force and the Japan Coast Guard,” said James Holmes, a maritime strategy expert at the Newport, Rhode Island U.S. Naval War College.

• China’s navy holds landing exercises near disputed islands

China’s increasingly powerful navy paid a symbolic visit to the country’s southernmost territorial claim deep in the South China Sea this week as part of military drills in the disputed Spratly Islands involving amphibious landings and aircraft.

• Chinese navy exercises ‘surprise’ neighbours – YouTube

Military tension is rising elsewhere in Asia. A Chinese naval taskforce has reached the southernmost part of the South China Sea, which it claims as its own – to the annoyance of neighbouring nations.

Fed pushes big bro drones despite public outcry in US

• Smile & Wave! Fed pushes big bro drones despite public outcry in US – YouTube

It appears the sky is the limit for U.S. law enforcement, with aerial surveillance drones set to be used domestically. But Capitol Hill has met some firm resistance to the plans. RT’s Gayane Chichyakyan reports on the attempts to fight back against the federal project.

Feedback:

• zSpaceman Updates His Bingo Board Even Better for Printing!

• With new high tech color technlogy

• Black and White

• For Chase – Peter Griffin – You know what really grinds my gears?

• Thanks to Joel who also emailed in a clip!

• Kicking out the UN Inspectors was all Bush Needed

• IRS Star Trek Parody… WTF Guys?

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase on Twitter

The post Cyprus Gone Wild | Unfilter 43 first appeared on Jupiter Broadcasting.

We’re being warned again that a Cyber-9/11 could be around the corner, and that action must be taken now. Plus the latest on the would be terrorist plot to bomb the Federal Reserve, and why it looks like Marijuana legalization has a chance, we’ll tell you where.

Then in ACT 2: While the media focuses on the performance of the Fight Night, we’re focusing on the substance of the debate and what we can expect from next Monday.

And then in ACT3: We asked for your feedback, and BOY did you deliver! We’ll bust through our largest batch of feedback yet, and share our thoughts.

All that and a heck of a lot more, on this week’s Unfilter!

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Get Unfilter on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Show Notes:

ACT ONE:

• Panetta warns of “cyber-Pearl Harbor”
  • How the hacker bogeyman is coming to get you
• Cyberattacks Could Become as Destructive as 9/11
• Pentagon Chief Reveals \’Classified\’ Cyber Threats … That You Read in August
• Bank Hacks: Iran Blame Game Intensifies

• Reid vows fresh effort to pass stalled cybersecurity bill in November

• City Of Burlington Has Entire Bank Account Emptied By Hackers

• \’Historic\’ DDoS Attacks Against Major U.S. Banks Continue

• Would-Be Terrorist Tried to Bomb New York Federal Reserve Bank

• Man arrested in plot to blow up Federal Reserve bank in New York
• Arrest in Plot to Blow Up Federal Reserve Bank

• Make a Bomb in the Kitchen of Your Mom

• Marijuana legalization on ballot in 3 states, but Justice Department remains silent

• Record-High 50% of Americans Favor Legalizing Marijuana Use

Drone Update:

• Drone strike in South Yemen kills seven Al-Qaeda suspects

• US drones kill up to 80% civilians – Pakistan Interior Minister *Submitted by cuank in our subreddit

ACT TWO: FIGHT NIGHT

• The lame rules for presidential debates: a perfect microcosm of US democracy
• PolitiFact | Fact-checking the town hall debate
• Presidential debate transcript, questions, Oct. 16, 2012

ACT THREE: FEEDBACK

• School Dinners
• Feedback on Unfilter
• Prefers the four host format
• rakudave\’s thoughts on the show
• rnd42\’s feedback
• Serf\’s thoughts on the show
• A follow-up to the story I included in my voice message…

Follow the Team:

Call us: 1.425.312.1756

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase on Twitter

The post Half Ton Entrapment | Unfilter 22 first appeared on Jupiter Broadcasting.