Bittorrent client Transmission gets hit with Ransomware, Facebook pays out $15k to a hacker & Microsoft is bringing SQL to Linux. It’s a HUGE edition of Tech Talk Today!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Episode Links

• IRS Suspends Insecure ‘Get IP PIN’ Feature
• Facebook Fixes Bug That Allowed You to Reset Anyone’s Password
• Justice Department Asks Judge to Review Pro-Apple Ruling in iPhone Case – WSJ
• First Mac Ransomware Found in Transmission BitTorrent Client – Mac Rumors
• WNYT.com – Virtual dissections help college students stay on the ‘cutting edge’
• Linux Action Show
• Microsoft is bringing SQL Server to Linux | TechCrunch

Kickstarter of the Week

• LMcable | The world’s first IOS & Android Common Connector by LMcable
• Amazon.com: [Apple MFI Certified] dodocool® 2-in-1 lighting to usb cable(8 pin connector) Micro USB Charging Data Cable (3ft/ 1m) for iPhone 6 ,iphone5,samsung (Yellow): Cell Phones & Accessories

The post Garbled Transmission | TTT 235 first appeared on Jupiter Broadcasting.

Researches find an 18 year old bug in Windows thats rather nasty, we’ve got the details. A new perspective on the bug bounty arms race & the security impact of Wifi on a plane.

Plus great feedback, a bursting round up & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Cylance finds “SPEAR” a new spin on an 18 year old Windows vulnerability

• In 1997 Aaron Spangler discovered a flaw in Windows
• By causing a user to navigate to a file://1.2.3.4/ url in Internet Explorer, the user’s windows credentials would be sent to the remote server, to attempt to login to it
• “Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password”
• “It’s a serious issue because stolen credentials can be used to break into private accounts, steal data, take control of PCs and establish a beachhead for moving deeper into a targeted network.”
• “Software from at least 31 companies including Adobe, Apple, Box, Microsoft, Oracle and Symantec can be exploited using this vulnerability”
• “Redirect to SMB is most likely to be used in targeted attacks by advanced actors because attackers must have control over some component of a victim’s network traffic.”
• “Less sophisticated attackers could launch Redirect to SMB attacks on shared WiFi access points at locations such as coffee shops from any computer, including mobile devices. We successfully tested this attack on a home network using a Nexus 7 loaded with all required tools.”
• “While the user credentials sent over SMB are commonly encrypted, the encryption method used was devised in 1998 and is weak by today’s standards. A stronger hashing algorithm being used on these credentials would decrease the impact of this issue, but not as much as disabling automatic authentication with untrusted SMB servers. With roughly $3,000 worth of GPUs, an attacker could crack any 8-character password consisting of letters (upper and lower case) as well as numbers in less than half a day.”
• “Microsoft has yet to release a patch to fix the Redirect to SMB vulnerability. The simplest workaround is to block outbound traffic from TCP 139 and TCP 445 — either at the endpoint firewall or at the network gateway’s firewall (assuming you are on a trusted network). The former will block all SMB communication, which may disable other features that depend on SMB. If the block is done at the network gateway’s firewall, SMB features will still work inside the network, but prevent authentication attempts with destinations outside the network. See the white paper for other mitigation steps.”
• “Microsoft did not resolve the issue reported by Aaron Spangler in 1997. We hope that our research will compel Microsoft to reconsider the vulnerabilities and disable authentication with untrusted SMB servers. That would block the attacks identified by Spangler as well as the new Redirect to SMB attack.”
• Cylance Whitepaper (PDF)

Given enough money, all bugs are shallow

• Eric Raymond, in The Cathedral and the Bazaar, famously wrote: “Given enough eyeballs, all bugs are shallow.”
• “The idea is that open source software, by virtue of allowing anyone and everyone to view the source code, is inherently less buggy than closed source software. He dubbed this “Linus’s Law”.”
• “However, the Heartbleed SSL vulnerability was a turning point for Linus’s Law, a catastrophic exploit based on a severe bug in open source software. How catastrophic? It affected about 18% of all the HTTPS websites in the world, and allowed attackers to view all traffic to these websites, unencrypted… for two years.”
• “OpenSSL, the library with this bug, is one of the most critical bits of Internet infrastructure the world has – relied on by major companies to encrypt the private information of their customers as it travels across the Internet. OpenSSL was used on millions of servers and devices to protect the kind of important stuff you want encrypted, and hidden away from prying eyes, like passwords, bank accounts, and credit card information.”
• “This should be some of the most well-reviewed code in the world. What happened to our eyeballs, man?”
• “In reality, it’s generally very, very difficult to fix real bugs in anything but the most trivial Open Source software. I know that I have rarely done it, and I am an experienced developer. Most of the time, what really happens is that you tell the actual programmer about the problem and wait and see if he/she fixes it”
• “Even if a brave hacker communities to read the code, they’re not terribly likely to spot one of the hard-to-spot problems. Why? Few open source hackers are security experts”
• “There’s a big difference between usage eyeballs and development eyeballs.”
• “Most eyeballs are looking at the outside of the code, not the inside. And while you can discover bugs, even important security bugs, through usage, the hairiest security bugs require inside knowledge of how the code works.”
• Peer reviewing code is a lot harder than writing code.
• “The amount of code being churned out today – even if you assume only a small fraction of it is “important” enough to require serious review – far outstrips the number of eyeballs available to look at the code”
• “There are not enough qualified eyeballs to look at the code. Sure, the overall number of programmers is slowly growing, but what percent of those programmers are skilled enough, and have the right security background, to be able to audit someone else’s code effectively? A tiny fraction”
• “But what’s the long term answer to the general problem of not enough eyeballs on open source code? It’s something that will sound very familiar to you, though I suspect Eric Raymond won’t be too happy about it.”
• “Money. Lots and lots of money.”
• “Increasingly, companies are turning to commercial bug bounty programs. Either ones they create themselves, or run through third party services like Bugcrowd, Synack, HackerOne, and Crowdcurity. This means you pay per bug, with a larger payout the bigger and badder the bug is.”
• However, adding more money to the equation might actually make things worse
• “There’s now a price associated with exploits, and the deeper the exploit and the lesser known it is, the more incentive there is to not tell anyone about it until you can collect a major payout. So you might wait up to a year to report anything, and meanwhile this security bug is out there in the wild – who knows who else might have discovered it by then?”
• “If your focus is the payout, who is paying more? The good guys, or the bad guys? Should you hold out longer for a bigger payday, or build the exploit up into something even larger? I hope for our sake the good guys have the deeper pockets, otherwise we are all screwed.”
• I like that Google addressed a few of these concerns by making Pwnium, their Chrome specific variant of Pwn2Own, a) no longer a yearly event but all day, every day and b) increasing the prize money to “infinite”. I don’t know if that’s enough, but it’s certainly going in the right direction.
• “Money turns security into a “me” goal instead of an “us” goal“
• “Am I now obligated, on top of providing a completely free open source project to the world, to pay people for contributing information about security bugs that make this open source project better? Believe me, I was very appreciative of the security bug reporting, and I sent them whatever I could, stickers, t-shirts, effusive thank you emails, callouts in the code and checkins. But open source isn’t supposed to be about the money… is it?”
• “Easy money attracts all skill levels — The submitter doesn’t understand what is and isn’t an exploit, but knows there is value in anything resembling an exploit, so submits everything they can find.”
• “But I have some advice for bug bounty programs, too”:
• “You should have someone vetting these bug reports, and making sure they are credible, have clear reproduction steps, and are repeatable, before we ever see them.”
• “You should build additional incentives in your community for some kind of collaborative work towards bigger, better exploits. These researchers need to be working together in public, not in secret against each other”.
• “You should have a reputation system that builds up so that only the better, proven contributors are making it through and submitting reports”.
• “Encourage larger orgs to fund bug bounties for common open source projects, not just their own closed source apps and websites. At Stack Exchange, we donated to open source projects we used every year. Donating a bug bounty could be a big bump in eyeballs on that code.”

FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen

• The Federal Aviation Administration (FAA) faces cybersecurity challenges in at least three areas:
• (1) protecting air-traffic control (ATC) information systems,
• (2) protecting aircraft avionics used to operate and guide aircraft
• (3) clarifying cybersecurity roles and responsibilities among multiple FAA offices
• “FAA has taken steps to protect its ATC systems from cyber-based threats; however, significant security-control weaknesses remain that threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace systems”
• “Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems. As part of the aircraft certification process, FAA’s Office of Safety (AVS) currently certifies new interconnected systems through rules for specific aircraft and has started reviewing rules for certifying the cybersecurity of all new aircraft systems.”
• “FAA officials and experts we interviewed said that modern aircraft are also increasingly connected to the Internet, which also uses IP-networking technology and can potentially provide an attacker with remote access to aircraft information systems. According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors. FAA officials and cybersecurity and aviation experts we spoke to said that increasingly passengers in the cabin can access the Internet via onboard wireless broadband systems.”
• “Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented. The experts said that if the cabin systems connect to the cockpit avionics systems (e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin. The presence of personal smartphones and tablets in the cockpit increases the risk of a system’s being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems”
• One would hope that the cockpit avionics are separated from the onboard entertainment and wifi systems by more than just a firewall. Even if they are not, a properly configured firewall is very difficult to compromise.
• Additional Coverage – BatBlue
• It seems that the authors of this report were not experts on the subject, and when interviewing experts on the topic, they asked questions like “is there any way to get around a firewall”

Feedback:

• Why does Allan hate CloudFlare?

• Hardware for pfSense

• Best Virtualizer for a few Linux VMs?

• No www or Yes www

Round Up:

• Remote Code Execution Via HTTP Request In IIS On Windows
• Snowden explains why you should use passphrases instead of passwords
• Florida middle schooler arrested, charged with hacking cybercrimes .
• After patch, details emerge about a number of Apple flaws (OS X and iOS) including Darwin Nuke, nVidia driver vulnerabilities, and a kqueue bug
• IBM claims new areal density record with 220TB tape tech
• LA Schools seeking refund after iPad rollout fails miserably
• Hacked French network exposed its own passwords during TV interview
• OEM designs have big impact on Intel Core M performance
• briankrebs on Twitter: “RT @RichardKarash: @SwiftOnSecurity @briankrebs There’s no hope for retail security! At a retail checkout yesterday: https://t.co/mUr9tcw8nD”
• Design vs User Experience

The post SMBTrapped in Microsoft | TechSNAP 210 first appeared on Jupiter Broadcasting.

Google pays out over $75k in bug bounties for flaws just in Chrome, and 159 of them are critical, we’ll share the details. HTC reveals the ultimate selfie phone, and maybe a new a category of cell phone accessory, we’ll debate.

Plus our speculation on an upcoming tech event & a handy trick!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

HTC’s Desire Eye wants to be the king of selfies | The Verge

Now HTC is announcing the Desire Eye, a mid-range phone that the company says will be the selfie phone to rule them all. It will be available from AT&T later this year at a price that’s yet to be determined. Where all other smartphones have their best cameras on the back of the phone, the Desire Eye has the same camera on the front as it does on the back. It’s a 13-megapixel camera — the highest resolution front-facing camera to date — and features autofocus, a dual LED flash on both the front and back of the phone, and 1080p video recording.

It has a 5.2-inch, 1080p display that looks great and has wide viewing angles. It has the same Qualcomm Snapdragon 801 processor paired with 2GB of RAM as HTC’s flagship One M8. Its soft-touch plastic finish isn’t as premium as the all-metal chassis’ of the M8 or iPhone 6.

It’s IPX7 water resistant, so it can be dunked under a meter of water for up to 30 minutes without issue.

There’s a mode to take a picture with both the front and rear cameras at the same time, a la FrontBack, and an ultra-gimmicky mode that lets you insert yourself into a scene using both cameras. You can also merge your face with another person’s face to create a mutant selfie.

HTC Re camera Preview – CNET

The little periscope-shaped camera (right-angle flashlight and asthma inhaler are also suitable) is designed so that you stop watching and recording life through your smartphone’s screen and get in on the experience instead.

At the business end you have an f2.8 lens with an ultrawide 146-degree angle of view with a 1/2.3-inch 16-megapixel CMOS sensor behind it. That sensor is bigger than what you’d find in most smartphones, but average for point-and-shoot cameras and most POV/action cams.

The Re connects to your smartphone via Wi-Fi and Bluetooth. Launch the Re app (which will be available for Android and iOS later this year) and it initiates the connection process via Wi-Fi. Once connected you can control the camera, view and transfer content and change settings. With the app you can also activate a time-lapse mode so you can take a series of photos over a period of time (you set the frequency and length of time) and turn them into a movie.

Along with the tripod mount on the bottom you’ll find a Micro-USB port and a microSD card slot for storage. An 8GB card is included, but the camera supports cards up to 128GB.

Though HTC pitches the Re more as a lifestyle cam like Polaroid’s Cube than a rugged action cam for extreme sports, the body is waterproof to 1 meter (3.3 feet) for up to 30 minutes without an additional housing.

The HTC Re camera will be coming to the US first in late October/early November and the UK in November. It’ll cost $199 and somewhere around £160-£170 in the UK.

Google Patches Chrome for 159 Security Vulnerabilities

In total, Google is patching 159 security vulnerabilities in Chrome 38, which is one of the highest numbers of security-related fixes for any single browser ever released. Going a step further, Google noted that it also made “113 relatively minor fixes” that it found with its open-source Memory Sanitizer application. Other browser vendors likely might have also counted the 113 memory fixes in their security totals, so for argument’s sake, let’s say that Chrome 38 fixes 272 security related issues.

As part of the security updates, Google is paying out $75,633.70 in bug bounties to a number of security researchers for properly reporting issues to Google. The top award is a $27,633.70 award paid to Jüri Aedla for a vulnerability identified as CVE-2014-3188. That vulnerability could lead to remote code execution and is triggered by a number of bugs in the Google V8 JavaScript engine and the Inter-Process Communication (IPC) function.

‘It’s been way too long’: Apple sends out invites for Thursday, October 16th iPad & Mac event | 9to5Mac

Apple has just announced a keynote address for Thursday, October 16th to take place at the Town Hall auditorium on its Infinite Loop Campus in Cupertino, California. Invitations to select members of the media and special guests indicate that the event will, as always, begin at 10 AM Pacific time/1 PM Eastern Time.

• Free OpenSource Dyslexia Font – OpenDyslexic

The post Google Bugs Pay You! | Tech Talk Today 73 first appeared on Jupiter Broadcasting.

Facebook just paid out their biggest bug bounty yet, we’ll tell you about the flaw was so major it warranted a $33k bounty. Plus it’s been a bad week for Chrome security…

Then it’s a big batch of your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

Facebook pays out biggest bug bounty ever, $33,500 after researcher gets ‘keys to the kingdom’

• Reginaldo Silva, a Brazilian security researcher, found a remote execution flaw in Facebook and was able to perform various functions including coping the /etc/passwd file, getting him a list of the users that exist on the system, and could have changed the URL for the Google OpenID provider, in order to execute MitM attacks on users logging in to Facebook using their Gmail accounts
• The original flaw was found in September 2012, when the researcher discovered an XXE (XML External Entity) bug in a Drupal blogs OpenID provider
• After finding the flaw in OpenID, he tried the attack successfully against StackExchange
• Later he also tried it against Google, while it worked, he was not able to read any files or make any network connections. For this he received his first bug bounty, $500 from Google
• During the original investigation, he could not find a valid Facebook OpenID endpoint
• Some time later, while investigating the Facebook password reset system, he discovered they still used OpenID for Gmail users to reset their passwords
• Using the newly discovered endpoint, he still was not able to launch his attack, because Facebook only communicated with Google, and for the attack to work he needed to communicate with his malicious OpenID provider
• After more reading of the OpenID spec, he found what he was looking for and was able to cause Facebook to contact his server, parse his malicious XML and cause Facebook’s servers to run code of his choosing
• From this he was able to get a copy of the /etc/passwd from the server
• Researcher’s Blog Post
• Facebook Security Team Blog Post
• Facebook Extends Bug Bounty Program

Security companies remove information about target breach from the Internet

• One we had previously covered:
• “On Dec. 18, a malicious software sample was submitted to ThreatExpert.com, a Symantec-owned service. But the public report the service generated vanished. “
• However, as is often the case with the internet, someone (Krebs ftw) had a copy of the report and posted it
• “iSight Partners, a Dallas-based cybersecurity company that is working with the U.S. Secret Service, published a series of questions and answers on its website related to the attacks on point-of-sale devices at U.S retailers. That too vanished on Thursday.”
• “Intel-owned McAfee redacted on Tuesday a blog post from last week that contained technical detail similar to the ThreatExpert.com report”
• When queried, a Symantec spokeswoman said “we took the initiative to remove it because we didn’t want the information to compromise the ongoing investigation.”
• Alex Holden, founder of Hold Security, who worked with Brian Krebs on the Adobe breach, said it was the right move for Symantec to pull the report, as attackers might have been able to use the information to compromise other point-of-sale devices at other retailers
• “I was surprised that this information was posted on the Internet in the first place,” Holden said. “Besides having a Target machine’s name and its IP address, system structure and drive mapping, it discloses a very vital set of credentials setup specifically for exploitation of the device.”
• As many as six other U.S. companies are believed to be victims of point-of-sale related attacks, where malware intercepts unencrypted card details. So far, only Target and high-end retailer Neiman Marcus have acknowledged the attacks.

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates

• While Chrome itself is updated automatically by Google, that update process also includes Chrome’s extensions, which are updated by the extension owners.
• This means that it’s up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.
• Ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens.
• Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions.
• Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.
• A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the “Add to Feedly” extension.
• One morning, the extension author got an e-mail offering “4 figures” for the sale of his Chrome extension. The extension was only about an hour’s worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account.
• A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links.
• This isn’t a one-time event, either. About a month ago, I had a very simple Chrome extension called “Tweet This Page” suddenly transform into an ad-injecting machine and start hijacking Google searches.
• Google has stated that Chrome’s extension policy is due to change in June 2014. The new policy will require extensions to serve a single purpose.
• Chromium Blog: Keeping Chrome Extensions Simple

• FauxShow Sticker Awards

Feedback:

• Allan’s home network setup
  • VLAN A – Home network (upstairs), plus hidden WiFi SSID, only has access to personal ZFS server
  • VLAN B – Office network, WiFi, connections machines work
  • VLAN C – Management network, switches, IPMI, PDUs etc
  • VLAN D – Guest Wireless
  • VLAN E – DMZ for servers
  • Personal ZFS server has separate interfaces on VLAN A and B
  • FreeBSD PF Firewall is only machine that can route between the VLANs
  • DMZ is not used yet, will be once 1000mbps unmetered Fibre connection arrives
  • Gear Used: Netgear GS724T 24port gig-e switch.
• Dropbox De-dupe BS
  • How Tarsnap Works
• Authentication for Linux
• IBM SMartCloud Mini War Story
• jupiterbroadcasting on Instagram
• BSD Now tutorial contest, win a hand-made FreeBSD Pillow

Round Up:

• Network Solutions, the original domain name registrar, appears to be automatically enrolling customers in a $1850/year “WebLock Security Service”, you must call to opt-out
• FreeBSD 10.0-RELEASE Announcement
• Developer finds Chrome eavesdropping bug
• Target restarts push for Chip&Pin protected cards (Common in Europe and Canada) after failed adoption 10 years ago
• IBM says goodbye to x86 forever, sells server lines to Lenovo
• Backblaze publishes reliability numbers of different models of hard drive
• The Most (and Least) Reliable Hard Drive Brands
• Researchers tell Congess Healthcare.gov is insecure, researchers able to get 70,000 records in only 4 minutes
• Kids, this is story of How I Met… my VPS hacked.
• 16 Million German users infected with malware that steals passwords, email addresses and other sensitive data
• More from last week, a Documentary on the first trans-atlantic telephone cable
• How a DNS query works Get DNSMadeEasy Hosting
• EasyDNS wins case and blocks London Police takedown order, domain transered

The post Tarnished Chrome | TechSNAP 146 first appeared on Jupiter Broadcasting.

Getting money into Bitcoin has come under attack this week, we’ll run down the stories that paint a troubling picture for Bitcoin, but as of yet seem to have left the decentralized currency unscathed.

Plus we’ll chat with Donncha O\’Cearbhaill, who worked with Coinbase on disclosing multiple vulnerabilities, and ask what his experience was working with their bug bounty program.

And your emails, the good news for Litecoin, and more!

Downloads:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | Ogg Feed

— Support the Show —

If you enjoyed this episode, found value or information from it, please consider contributing using Bitcoin. Each episode gets its own unique Bitcoin address so by tipping you\’re not only making our continued efforts possible but telling us what you liked. Our episode specific address is listed at the bottom of the show notes.

— Feedback —

• Mining to Live

• USB ASIC Mining

• I think that bitcoin crashes are a good thing

Help spread the word on iTunes with a Rating and Review:

• iTunes – Plan B by Jupiter Broadcasting

Call or txt the Show:

1 (352) 587-5262

(352) 58-PLANB

— Discussion —

• Coinbase – Owning a Bitcoin Exchange Bug Bounty Program

• Bitcoin network recovering from DDoS attack

Last week, the Bitcoin network suffered from a denial-of-service attack that forced the core development team to patch the core reference design.

• Bitcoin-Qt / bitcoind version 0.8.3 released

• Why we have been slow and taking longer than usual to process orders. Hint, banks don\’t like Bitcoins.

• Elizabeth Warren Wants HSBC Bankers Jailed for Money Laundering

• Report: HSBC allowed money laundering that likely funded terror, drugs

• Citibank will no longer process any transfers to Mt Gox due to association with Liberty

They laundered $680 Billion of Cartel Money.

\”Between 2006 and 2009, according to DOJ, HSBC failed to monitor $670 billion in wire transfers and $9.4 billion in cash transactions from its Mexico bank operations.\”

• HSBC to pay $1.92 billion in money-laundering settlement – Dec. 10, 2012

• Mt.Gox – Temporary Hiatus on U.S. Dollar Withdrawals

Over the past weeks Mt. Gox has experienced rising volumes of deposits and withdrawals from established and upcoming markets interested in Bitcoin. This increased volume has made it difficult for our bank to process the transactions smoothly and within a timely manner, which has created unnecessary delays for our global customers. This is especially so for those in the United States who are requesting wire transfer withdrawals from their accounts.

• BitPay Exchange Rate Temporarily not Determined by Mt. Gox Price

Exchanges Worth Checking Out:

• Bitstamp – buy and sell bitcoins
• CampBX Bitcoin Trading Platform

Watching the Price on the Go:

• Bitcoin Exchange Rate Mining
• Bitcoin Alert

• Bitcoin 24/7

• Bitcoin Foundation Receives Cease And Desist Order From California – Forbes

Directly following last month\’s Bitcoin 2013 conference event in San Jose, CA that brought decent revenue into the state, California\’s Department of Financial Institutions decided to issue a cease and desist warning to conference organizer Bitcoin Foundation for allegedly engaging in the business of money transmission without a license or proper authorization.

Recently, the State of Illinois also issued a cease and desist letter to mobile payments processor Square for failing to have the proper licensing in accordance with the state’s Transmitters of Money Act. Prepaid card provider NetSpend and six other payments companies also received Illinois cease and desist orders. If this practice grows among states, it could have a potentially significant “chilling effect” on financial services innovation, especially upon lawful businesses that are designing infrastructure to support and grow the Bitcoin technology.

• Donate to GPGTools with Bitcoin

Litecoin Update:

• Litecoin-0.6.9.2 FINAL

• Mt. Gox Shines Light on Litecoin

In the update, Mt. Gox mentioned that the exchange\’s new trading engine is \”finished, smokin\’ fast, and is currently undergoing bench tests.\” As part of the engine\’s upgrade, Mt. Gox announced that it will be supporting Litecoin (LTC) in July:

As risky as it is to invoke the name of Litecoin (LTC???), we must apologize for not keeping everyone up to date. The fact is that the current situation means a continued delay, but for good reasons. We\’re looking at July right now, though that depends on a few things. Mainly, we want to do things correctly from the beginning.

— Watch Live —

Tuesday 2pm PDT / 5pm EDT / 9pm GMT

• JbLive.tv

— Plan B Subreddit —

• Plan B Show

— Contact us —

• Chris on G+
• Drew on G+

— Music —

• Thanks to Ronald Jenkees and his fantastic track 7 Times

— Support the Show —

• Donate to the network with your worthless fiat or your fancy bitcoins!

The post Bitcoin vs The Banks | Plan B 12 first appeared on Jupiter Broadcasting.

How attackers can defeat an RSA token in as little as 15 minutes, FBI has taken down an online fraud ring, we’ve got the details. And a botched software update that shutdown a bank for days.

Plus some great audience questions and our answers.

All that and more on this week’s TechSNAP!

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Limited time offers:

$1.99/mo economy hosting for 3 months – special offer!
Code:  199tech
Expires:  June 30, 2012

$3.99 .US domain!
Code:  399us4

Support the Show:

Show Notes: