Show Notes: podcast.asknoahshow.com/70

The post Small Business Theme Hour | Ask Noah 70 first appeared on Jupiter Broadcasting.

Show Notes: podcast.asknoahshow.com/69

The post When you're ready to scale, so is Linux. | Ask Noah 69 first appeared on Jupiter Broadcasting.

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Converting a MIddle School to Linux

OBS – Open Broadcaster Software

OBS Studio (formerly known as OBS Multiplatform) is a complete rewrite of the original OBS from the ground up, with the main goals being multiplatform support, a more thorough feature set, and a much more powerful API. While still in its early stages, releases are currently available for Windows, Mac and Linux.

ZeeVee TV

ZeeVee is leading the way in developing video distribution platforms that ensure the highest quality video – on any display device – leveraging existing or new cable infrastructure.
ZeeVee engineers and manufactures innovative products that challenge the status quo and leverage industry standards to distribute HD to Ultra-HD/4K video. Simply and Rapidly.
ZeeVee is leading convergence of AV and IP, bringing to market innovative, cost effective and easy to install IP video distribution platforms.

• Global manufacturer of video and signal distribution technology for ProAV and IT markets
• Only manufacturer today that can deliver multimedia content across any network – coax, fiber, and CATx and from any source – HDMI, component, composite, VGA or HD-SDI
• Award-winning SD to HD to Ultra-HD/4K solutions delivering innovative, cost effective and easy to install distribution platforms
• World-class customer support (pre and post sale)
• ZeeVee is installed in thousands of facilities worldwide, across multiple industries, where there is a need to transport HD to Ultra-HD/4K video
• Made in the United States
• Industry leading warranties
• Robust features are included in every ZeeVee model

Logitech C920

Connect with everyone in Full HD 1080p on Skype, or in fluid HD 720p on FaceTime for Mac.

Also make high-quality video calls with Google Hangouts and video-calling clients. Even chat with your Facebook® friends with video calling powered by Skype or Facebook Messenger.

• Logitech C930e

6 Best Linux Distributions For Educational Use – LinuxAndUbuntu

For those in Education, there are quite a number of specialized Linux distributions that are geared towards education.

— PICKS —

Runs Linux

Real-Time Graphics in Pixar Film Production, Runs Linux

• Thanks to Eno_ who Spotted this and submitted it right away

Desktop App Pick

peek: Simple animated Gif screen recorder for GNOME 3

A simple tool that allows you to record short animated GIF images from your screen.

Currently only Linux with X11 is supported. Other Unix like systems using X11
should work as well. It is planned to also support Wayland and maybe other
operating systems in the future.

Spotlight

micro: A modern and intuitive terminal-based text editor

Micro is a terminal-based text editor that aims to be easy to use and intuitive, while also taking advantage of the full capabilities
of modern terminals. It comes as one single, batteries-included, static binary with no dependencies, and you can download and use it right now.

New Linux Show: User Error

• User Error | Jupiter Broadcasting

— NEWS —

• Ting data price drop
• Ting drops data prices to $10 GB beyond the first gig

​Florida Man Arrested for Allegedly Hacking Key Linux Servers | Motherboard

A_ustin allegedly broke into several named servers, including “Odin1,” “Zeus1,” and “Pub3,” as well as Linux Kernel Organization founder Peter Anvin’s private email server, and installed the “Phalanx” rootkit—a backdoor that would allow him to connect to the infected computer and install additional software on the target—and the “Ebury” trojan, which harvested credentials of those logging into the infected computer. He also allegedly used his unauthorized administrative privileges to insert messages that would display when the servers restarted._

• Bloke accused of Linux kernel.org hack nabbed during traffic stop • The Register

Austin was released from jail on payment of $50,000 in bail money, and will have to appear in court in San Francisco at 0930 on September 21 before the Honorable Sallie Kim. If found guilty, he faces a possible sentence of 40 years in prison and $2m in fines.

Linux.Rex.1, a new Linux Trojan the creates a P2P BotnetSecurity Affairs

The botnet composed of machines infected by the Linux.Rex.1 is a P2P botnet, each node of the malicious network is able to share data with peers by using a protocol implemented by the malware authors.

• Linux.Rex.1

A multifunctional self-replicating Trojan for Linux written in Go. The Trojan implements the ВРЕ protocol to share data with other P2P botnet’s nodes and is launched as a node that receives and processes RPC messages. Probably, this malware program’s modification is still under development because it generates a large number of debugging messages recorded to the /dev/null device.

OpenOffice, after years of neglect, could shut down

As LibreOffice soars, OpenOffice management considers retiring the project.

GNOME web-API dependent apps have another run-in with changing services

GNOME Maps and GNOME Weather have both recently had bad luck with online service providers who either discontinues or changes data APIs with crippling results for their users. Maybe it’s time to acknowledge that APIs are unstable and unreliable, and build for expectation of failure instead.

PC-BSD Evolves into TrueOS

We are proud to announce that the PC-BSD project has evolved into TrueOS: a modern, cutting-edge distribution of FreeBSD focused on security, simplicity, and stability for desktops, servers, and beyond! TrueOS harnesses the best elements of PC-BSD, combines it with security technologies from OpenBSD, and layers it on top of FreeBSD to provide a complete system for modern machines.

FreeNAS 10-BETA is Now Available!

Mail Bag

• https://slexy.org/view/s2D4l86gIO

• https://slexy.org/view/s2KR8IUt4F

• https://slexy.org/view/s2MfqaYkJO

@ChrisLAS what was the lightbulb that the listener sent you that doesn't require internet connection? Can't find in the show notes

— biffbiffbiff (@biffbiffbiff) August 30, 2016

Call Box

• Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux
• Ryan Sipes – ryanleesipes
• System76 – system76

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post Linux Gets Schooled | LAS 433 first appeared on Jupiter Broadcasting.

Noah & Emma set out to switch as many users to Linux as possible. Our team documents their competition to switch the most people to Linux within two hours in the Pacific Northwest!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Runs Linux:

• Rover controlling software from the ESA, Runs Linux – Starts at 5:09s

• The Time the UI is up on screen

ESA astronaut Tim Peake will take part in an experiment dubbed ‘SUPVIS-M’ (Supervisory Control of Mars Yard Rover) in which he will operate, from the International Space Station (ISS), a UK-built rover – Bridget – located in the Airbus Mars Yard in Stevenage, UK.

• Source: [Runs Linux] Rover controlling software – ESA – Starts at 5:09s : LinuxActionShow

Getting started with Linux:

1. Obtain the Ubuntu Install image from ubuntu.com

2. Write the Ubuntu installation image to a USB flash media device. On PC use Etcher or Rufus & on a mac, use Etcher. Be careful to make sure the flash drive is chosen in this step.

3. Once that is finished, eject the drive and insert the drive into your PC/Mac

4. When booting the PC/Mac press F2 (or your computer’s hotkey to access the boot menu), or if you’re running a newer version of Windows such as 8 or 10 boot into Windows, press start, go to advanced start options, choose UEFI Settings, Disable secureboot. Boot back into Windows repeat the steps to get back into UEFI and choose to boot off of the USB device.

5. Play around with the live demo system and if you enjoy it, follow the on screen instructions to install Ubuntu either as a secondary option to MacOS X or Windows, or as the only option, whichever you prefer.

The post Linux Switch Competition | LAS 415 first appeared on Jupiter Broadcasting.

This week, Chris & allan are both out of town at different shenanigans, but they recorded a sneaky episode for you in which they recap the Target breach, from when the news broke to the lessons learned and everything in between!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Episode Links:

• Cleaning up our Mess | TechSNAP 141
• Target XPoSed | TechSNAP 145
• Tarnished Chrome | TechSNAP 146
• Google’s Automated Outage | TechSNAP 147
• Targeting the HVAC | TechSNAP 148
• Internet Over Packet Loss | TechSNAP 162

The post On Target | TechSNAP 264 first appeared on Jupiter Broadcasting.

This week LTS has a new meaning as we reflect on a couple of weeks with Ubuntu 16.04 & why we’re dumping it.

We pick up the mood with some exclusive LinuxFest Northwest clips, projects updates & another clip that was never meant to air.

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show

• Star Fox Intro – YouTube

• PSA: Fan-made Star Fox cartoon recalls best of ‘70s sci-fi animation

Follow Up / Catch Up

Firefox 46 Released, Finally Brings GTK3 Integration – OMG! Ubuntu!

Among the changes to ship in Firefox 46:

• GTK3 integration on Linux
• Security improvements of the Just In Time (JIT) compiler
• Improved decoding of unencrypted H.264 & AAC media
• Better WebRTC performance
• Responsive web mode dev feature now easier to access

Firefox and Thunderbird: A Fork in the Road

Firefox and Thunderbird have reached a fork in the road: it’s now the right time for them to part ways on both a technical and organizational level.

Magic happens with the Ubuntu tablet

The second the Ubuntu Tablet connects to the wireless mouse, it switches over to desktop mode. That’s when the real “magic” happens. All of a sudden I’m working on a tablet that is in full multitasking mode. Windows act like windows…in the traditional sense

TING

• Ting – mobile that makes sense

LFNW 2016 The Stuff You Didn’t See in LAS

Speakers from all areas of tech, and talks covering the full gamut of experience, from newbie to guru.

• Clips from our crazy Saturday

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Linux Academy

• Linux Academy | Linux and AWS Online Training

Ubuntu 16.04 Review Follow Up

• Issues we ran into over the weekend
• Instability we have seen on multiple machines
• Why we are not using 16.04 anymore.

Support Jupiter Broadcasting on Patreon

The post Long Term Disappointment | LINUX Unplugged 142 first appeared on Jupiter Broadcasting.

Our biggest live event yet, from the floor of LinuxFest Northwest 2016. We chat about the future of Linux desktop software, old friends from the past stop by & the switch competition is on!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

— PICKS —

Runs Linux

• Our new broadcast rig(s) Run Linux!

— NEWS —

Ubuntu 16.04 LTS brings big changes to the Linux desktop

The Ubuntu desktop has seen very little change since Ubuntu 14.04 LTS was released two years ago. That’s about to change with today’s launch of Ubuntu 16.04 LTS—code-named “Xenial Xerus”—which brings big changes and welcome polish to the classic Unity 7 desktop.

• Ubuntu GNOME 16.04 LTS Officially Released with GNOME 3.18, Snappy Support

Ubuntu GNOME 16.04 LTS launches today with the GNOME 3.18 desktop environment.

• Xubuntu 16.04 LTS and Lubuntu 16.04 LTS Released, Get Three Years of Support

According to the announcement, release highlights include new community wallpapers, and the replacement of the Ubuntu Software Centre app with the GNOME Software graphical package manager.

• Ubuntu Studio 16.04 LTS Released with a Warning, New Project Leader

A new project leader has been elected, Set Hallström, which took over the project on April 21, 2016, the day of the official release of Ubuntu 16.04 LTS

• Mythbuntu 16.04 LTS Out Now as a Point Release for 14.04 LTS, Gets MythTV 0.28

“Mythbuntu 16.04 has been released. This is a point release on our 14.04 LTS release. If you are already on 14.04, you can get these same updates via the normal update process. This is our third LTS release and will be supported until shortly after the 18.04 release.,” reads the announcement.

• Canonical Releases LXD 2.0 Next-Generation Container Hypervisor for Ubuntu 16.04

“After a year and a half of intense work by the LXD team, LXD 2.0 has been released today! LXD 2.0 is our first production-ready release and also a Long Term Support release, meaning that we will be supporting it with frequent bugfix releases until the 1st of June 2021,” said Stéphane Graber, technical lead for LXD, Canonical.

Is This Really The Ubuntu 16.10 Codename? (Answer: It Is)

“Y is for …Yakkety yakkety yakkety yakkety yakkety yakkety yakkety yakkety yak. Naturally.”

Google Summer of Code 2016 Projects Announced

Noah v. Emma: Switching People to Linux

• Noah vs Emma Card

• Can not already be running Linux.

• Must agree to install Linux, or have Linux installed
• Will take place Sat during Linux Fest NW (Location TBD)
• Two Hours to Complete

Call Box

• Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post LinuxFest Northwest 2016 | LAS 414 first appeared on Jupiter Broadcasting.

This week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that’s bribing the world & Researchers find a flaw in the visa database.

All that plus a packed feedback, roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

FBI says APT6 has pwning the government for the last 5 years

• The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard
• The official advisory is available on the Open Threat Exchange website
• The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.
• In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks “in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011.” Domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, but it’s unclear if the hackers have been pushed out or they are still inside the hacked networks.
• Looks like they were in for years before they were caught, god knows where they are,” Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, and who has reviewed the alert, told Motherboard. “Anybody who’s been in that network all this long, they could be anywhere and everywhere.
• “This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe,” Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, told me. (Baumgartner declined to say whether the group was Chinese or not, but said its targets align with the interest of a state-sponsored attacker.)
• Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.” APT6 is ”likely a nation-state sponsored group based in China,” according to FireEye, which ”has been dormant for the past several years.”
• Another researcher at a different security company, who spoke on condition of anonymity because he wasn’t authorized to speak publicly about the hacker’s activities, said this was the “current campaign of an older group,” and said there “likely” was an FBI investigation ongoing. (Several other security companies declined to comment for this story.) At this point, it’s unclear whether the FBI’s investigation will lead to any concrete result. But two years after the US government charged five Chinese military members for hacking US companies, it’s clear hackers haven’t given up attacking US targets.

Unaoil: the company that bribed the world

• After a six-month investigation across two continents, Fairfax Media and The Huffington Post are revealing that billions of dollars of government contracts were awarded as the direct result of bribes paid on behalf of firms including British icon Rolls-Royce, US giant Halliburton, Australia’s Leighton Holdings and Korean heavyweights Samsung and Hyundai.
• A massive leak of confidential documents, and a large email, has for the first time exposed the true extent of corruption within the oil industry, implicating dozens of leading companies, bureaucrats and politicians in a sophisticated global web of bribery.
• The investigation centres on a Monaco company called Unaoil.
• Following a coded ad in a French newspaper, a series of clandestine meetings and midnight phone calls led to our reporters obtaining hundreds of thousands of the Ahsanis’ leaked emails and documents.
• The leaked files expose as corrupt two Iraqi oil ministers, a fixer linked to Syrian dictator Bashar al-Assad, senior officials from Libya’s Gaddafi regime, Iranian oil figures, powerful officials in the United Arab Emirates and a Kuwaiti operator known as “the big cheese”.
• Western firms involved in Unaoil’s Middle East operation include some of the world’s wealthiest and most respected companies: Rolls-Royce and Petrofac from Britain; US companies FMC Technologies, Cameron and Weatherford; Italian giants Eni and Saipem; German companies MAN Turbo (now know as MAN Diesal & Turbo) and Siemens; Dutch firm SBM Offshore; and Indian giant Larsen & Toubro. They also show the offshore arm of Australian company Leighton Holdings was involved in serious, calculated corruption.
• The leaked files reveal that some people in these firms believed they were hiring a genuine lobbyist, and others who knew or suspected they were funding bribery simply turned a blind eye.
• The files expose the betrayal of ordinary people in the Middle East. After Saddam Hussein was toppled, the US declared Iraq’s oil would be managed to benefit the Iraqi people. Today, in part one of the ‘Global Bribe Factory’ expose, that claim is demolished.
• It is the Monaco company that almost perfected the art of corruption.
• It is called Unaoil and it is run by members of the Ahsani family – Monaco millionaires who rub shoulders with princes, sheikhs and Europe’s and America’s elite business crowd.
• How they make their money is simple. Oil-rich countries often suffer poor governance and high levels of corruption. Unaoil’s business plan is to play on the fears of large Western companies that they cannot win contracts without its help.
• Its operatives then bribe officials in oil-producing nations to help these clients win government-funded projects. The corrupt officials might rig a tender committee. Or leak inside information. Or ensure a contract is awarded without a competitive tender.
• On a semi-related note, another big story for you to go read:
• How to hack an Election from someone who has done it, more than once

Researchers find flaw in Visa database

• No, not that kind of Visa, the other one.
• Systems run by the US State Department, that issue Travel Visas that are required for visitors from most countries to be admitted to the US
• This has very important security considerations, as the application process for getting a visa is when most security checks are done
• Cyber-defense experts found security gaps in a State Department system that could have allowed hackers to doctor visa applications or pilfer sensitive data from the half-billion records on file, according to several sources familiar with the matter –- though defenders of the agency downplayed the threat and said the vulnerabilities would be difficult to exploit.
• Briefed to high-level officials across government, the discovery that visa-related records were potentially vulnerable to illicit changes sparked concern because foreign nations are relentlessly looking for ways to plant spies inside the United States, and terrorist groups like ISIS have expressed their desire to exploit the U.S. visa system, sources added
• After commissioning an internal review of its cyber-defenses several months ago, the State Department learned its Consular Consolidated Database –- the government’s so-called “backbone” for vetting travelers to and from the United States –- was at risk of being compromised, though no breach had been detected, according to sources in the State Department, on Capitol Hill and elsewhere.
• As one of the world’s largest biometric databases –- covering almost anyone who has applied for a U.S. passport or visa in the past two decades -– the “CCD” holds such personal information as applicants’ photographs, fingerprints, Social Security or other identification numbers and even children’s schools.
• “Every visa decision we make is a national security decision,” a top State Department official, Michele Thoren Bond, told a recent House panel.
• Despite repeated requests for official responses by ABC News, Kirby and others were unwilling to say whether the vulnerabilities have been resolved or offer any further information about where efforts to patch them now stand.
• State Department documents describe CCD as an “unclassified but sensitive system.” Connected to other federal agencies like the FBI, Department of Homeland Security and Defense Department, the database contains more than 290 million passport-related records, 184 million visa records and 25 million records on U.S. citizens overseas.
• “Because of the CCD’s importance to national security, ensuring its data integrity, availability, and confidentiality is vital,” the State Department’s inspector general warned in 2011.

Feedback:

• SSH key protection

• Router Thoughts from Allan

• rmh from the chatroom asks…

Round Up:

• Microsoft Sues Justice Department Over Client Data Gag Orders
• Root cause analysis of a recent Flash zero day
• Exclusive: Canadian Police Obtained BlackBerry’s Global Decryption Key
• After an outage, an Australian mobile provider credited customers with a single day of unlimited data usage. One customer managed to use 994 GB of mobile usage in a single day
• Sophisticated bribe scheme gets game company with access to antivirus whitelist to falsely list malware was trusted
• Microsoft releases optional Windows update to mitigate “mousejacking”, where an attacker can take over your wireless mount and keyboard from up to 100 meters away
• Github commits can now be GPG signed to prove their authenticity
• If you can’t break crypto, break the client. Recovery of plaintext from iMessage
• Renting a movie on your iOS device might free up some space for you
• The Italian Ministry of Economical Progress has revoked “HackingTeam”’s licence to export their Galileo remote control software outside of the EU, must ask special permission for each sale
• Laziness remains the greatest enemy of password security
• The “All Prior Art” project seems to machine generate every possible patent and release it under a creative commons license, so it can never be patented by anyone else. The ultimate reverse patent troll?
• How to identify a vehicle at risk of collisions

The post One Key to Rule Them All | TechSNAP 263 first appeared on Jupiter Broadcasting.

Find out why everyone’s just a little disappointed in Badlock, the bad security that could be connected to the Panama Papers leak & the story of a simple delete command that took out an entire hosting provider.

Plus your batch of networking questions, our answers & a packed round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Badlock vulnerability disclosed

• The badlock vulnerability was finally disclosed on Tuesday after 3 weeks of hype
• It turns out to not have been as big a deal as we were lead to believe
• The flaw was not in the SMB protocol itself, but in the related SAM and LSAD protocols
• The flaw itself is identified as https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2118
• It affects all versions of Samba clear back to 3.0
• “Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases are available”
• “Please be aware that Samba 4.1 and below are therefore out of support, even for security fixes. There will be no official security releases for Samba 4.1 and below published by the Samba Team or SerNet (for EnterpriseSAMBA). We strongly advise users to upgrade to a supported release.”
• See the Samba Release Planning page for more details about support lifetime for each branch
• Microsoft releases MS16-047 but rated it only “Important”, not “Critical”
• The patch fixes an “elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels. An attacker could then impersonate an authenticated user”
• Microsoft was also careful to note: “Only applications and products that use the SAM or LSAD remote protocols are affected by this issue. The SMB protocol is not vulnerable.”
• It seems most of the “badlock” bugs were actually in Samba itself, rather than the protocol as we were lead to believe
• “There are several MITM attacks that can be performed against a variety of protocols used by Samba. These would permit execution of arbitrary Samba network calls using the context of the intercepted user. Impact examples of intercepting administrator network traffic:”
• Samba AD server – view or modify secrets within an AD database, including user password hashes, or shutdown critical services.
• standard Samba server – modify user permissions on files or directories.
• There were also a number of related CVEs that are also fixed:
  • CVE-2015-5370 3.6.0 to 4.4.0: Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. It is unlikely but not impossible to trigger remote code execution, which may result in an impersonation on the client side.
  • CVE-2016-2110 3.0.0 to 4.4.0: The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. Which has implications on encrypted LDAP traffic.
  • CVE-2016-2111 3.0.0 to 4.4.0: When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel’s endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.
  • CVE-2016-2112 3.0.0 to 4.4.0: A man in the middle is able to downgrade LDAP connections to no integrity protection. It’s possible to attack client and server with this.
  • CVE-2016-2113 4.0.0 to 4.4.0: Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).
  • CVE-2016-2114 4.0.0 to 4.4.0: Due to a bug Samba doesn’t enforce required smb signing, even if explicitly configured. In addition the default for the active directory domain controller case was wrong.
  • CVE-2016-2115 3.0.0 to 4.4.0: The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection. Samba doesn’t enforce SMB signing for this kind of SMB connections by default, which makes man in the middle attacks possible.
• Additional Coverage: Threadpost – Badlock vulnerability falls flat against its type
• “As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services.”
• “Red Hat security strategist Josh Bressers said Badlock could have been much worse, especially if it had turned out to be a memory corruption issue in SMB as some had surmised. Such a scenario would have cleared a path for remote code execution, for example.”
• Additional Coverage: sadlock.org

Panama Papers: Mossack Fonseca

• Eleven million documents were leaked from one of the world’s most secretive companies, Panamanian law firm Mossack Fonseca.
• They show how Mossack Fonseca has helped clients launder money, dodge sanctions and avoid tax.
• The documents show 12 current or former heads of state and at least 60 people linked to current or former world leaders in the data.
• Eleven million documents held by the Panama-based law firm Mossack Fonseca have been passed to German newspaper Sueddeutsche Zeitung, which then shared them with the International Consortium of Investigative Journalists. BBC Panorama is among 107 media organisations – including UK newspaper the Guardian – in 76 countries which have been analysing the documents.
• There are many conspiracy theories about the source of the Panama Papers leak. One of the more prominent theories today blames the CIA.
• Bradley Birkenfeld is “the most significant financial whistleblower of all time,” and he has opinions about who’s responsible for leaking the Panama Papers rattling financial and political power centers around the world.
• Wikileaks is also getting attention today for blaming USAID and George Soros for the leaks.
• What little is known about the source of the leak comes from details published by German newspaper Suddeutsche Zeitung. Communicating via encrypted chat in late 2014, the source warned his or her life was “in danger” but that they had data from law firm Mossack Fonseca that they wanted to share. When asked how much data they had, the source replied “more than you have ever seen,” according to the newspaper.
• Regardless, the front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed.
• Mossack Fonseca’s client portal is also vulnerable to the DROWN attack, a security exploit that targets servers supporting the obsolete and insecure SSL v2 protocol. The portal, which runs on the Drupal open source CMS, was last updated in August 2013, according to the site’s changelog.
• On its main website Mossack Fonseca claims its Client Information Portal provides a “secure online account” allowing customers to access “corporate information anywhere and everywhere”. The version of Drupal used by the portal has at least 25 vulnerabilities, including a high-risk SQL injection vulnerability that allows anyone to remotely execute arbitrary commands. Areas of the portal’s backend can also be accessed by guessing the URL structure, a security researcher noted.
• Mossack Fonseca’s webmail system, which runs on Microsoft’s Outlook Web Access, was last updated in 2009, while its main site runs a version of WordPress that is three months out of date. A further vulnerability makes it possible to easily access files uploaded to the backend of Mossack Fonseca’s site simply by guessing the URL.
• Mossack Fonseca’s emails were also not transport encrypted, according to privacy expert Christopher Soghoian who noted the company did not use the TLS security protocol.
• Who leaked the Panama Papers? A famous financial whistleblower says: CIA. / Boing Boing
• Wikileaks Accuses US Of Funding Panama Papers Putin Expose | The Daily Caller
• Panama Papers: The security flaws at the heart of Mossack Fonseca (Wired UK)
• Additional Coverage: The Register – Mossack Fonseca website found vulnerable to SQL injection
• Additional Coverage: Forbes
• Additional Coverage: WordFence
• Additional Coverage: Slashdot
• In general, it seems there were so many flaws in the website we may never know which one was used to compromise the server

I accidently rm -rf /’d, and destroyed my entire company

• “I run a small hosting provider with more or less 1535 customers and I use Ansible to automate some operations to be run on all servers. Last night I accidentally ran, on all servers, a Bash script with a rm -rf {foo}/{bar} with those variables undefined due to a bug in the code above this line.”
• “All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script).
  How I can recover from a rm -rf / now in a timely manner?”
• There is not usually any easy way to recover from something like this
• That is why you need backups. Backups are not just a single copy of your files in another location, you need time series data, in case you need to go back more than the most recent backup
• It is usually best to not have your backups mounted directly, for exactly this reason
• Even if you will never rm -rf /, an attacker might run rm -rf /backup/*
• While cleaning up after an attacker attempted to use a Linux kernel exploit against my FreeBSD machine in 2003, I accidently rm -rf /’d in a roundabout way, Trying to remove a symlink to / that had a very funky name (part of the exploit iirc), i used tab complete, and instead of: rm -rf badname, it did rm -rf badname/, which deletes the target of the symlink, which was /.
• Obviously this was my fault for using -r for a symlink, since I only wanted to delete one thing
• When the command took too long, I got worried, and when I saw ‘can’t delete /sbin/init’, I panicked and aborted it with control+c
• Luckily, I had twice daily backups with bacula, to another server. 30 minutes later, everything was restored, and the server didn’t even require a reboot. The 100+ customers on the machine never noticed, since I stopped the rm before it hit /usr/home
• There are plenty of other examples of this same problem though
• Steam accidently deletes ALL of your files
• Bryan Cantrill tells a similiar story from the old SunOS days
• Discussion continues and talks about why rm -rf / is blocked by on SunOS and FreeBSD
• Additional Coverage: ServerFault
• When told to dd the drive to a file, to use testdisk to try to recover files, the user reports accidentally swapping if= and of=, which likely would just error out if the input file didn’t exist, but it might also mean that this entire thing is just a troll. Further evidence: rm -rf / usually doesn’t work on modern linux, without the –no-preserve-root flag

Feedback:

• NAS or SAN?
• Full SSD ZFS array

Round Up:

• “FreeBSD Mastery: Advanced ZFS” has been released as ebook for $9.99, print version in a few weeks
• Book features a fancy “Wrap Around” cover, the secret art not revealed yet
• How to not get pwned on Windows: Don’t run any virtual machines, open any web pages, Office docs, hyperlinks
• OpenWhisperSystems has integrated its Signal Protocol public key encryption systems into WhatsApp, now fully end-to-end encrypted with identity verification
• FBI bought previously undisclosed zeroday to crack the iPhone 5c
• After Apple claims to have fixed iOS 1970 bug in February, researchers demo a new remote version, bricks your device 20 minutes after connecting to their rouge WiFi, if your battery doesn’t catch fire first…
• 0-day exploits more than double as attackers prevail in security arms race
• Proving apps don’t take data security seriously, new website uses Tinder’s official API to let you spy on other users
• Google’s monthly Android update fixes Linux kernel flaw from 2014 that was being used to root Android devices
• Nest pulls the plug on the Resolv Hub, leaving owners who were promised a lifetime service subscription with a $299 paperweight
• The entire Turkish citizenship database appears to have been hacked and leaked online
• Python, Go, and PHP (before 5.6), failed to check for self-signed, expired, or worse revoked SSL certificates, also older versions may still accept RC4 and weak DH (logjam)
• Cellebrite, the company originally rumoured to have helped the FBI crack the iPhone, set to release a road side ‘textalyzer’, to determine if you were using your cell phone at the time of an accident
• Google’s new “BeyondCorp” security model, all networks are untrusted, users earn trust with good behaviour, devices earn trust with known good state
• All the resources in the world are not use if you don’t know how to use them

The post rm -rf $ALLTHETHINGS/ | TechSNAP 262 first appeared on Jupiter Broadcasting.

Find out about another hospital that accidentally took advantage of free encryption, researchers turn up a DDoS on the root DNS servers & the password test you never want to take.

Plus your batch of networking questions, our answers & a packed round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researchers at VeriSign investigate DDoS on root DNS servers

• Researchers from VeriSign, the company that runs the .com and .net registries, and operations 2 of the 13 critically import root DNS servers, will be giving a talk at a conference detailing their investigation into the attack
• Their findings suggest the attack, which took place in November of 2015, was not directed at the root name servers directly, but was an attempt to down two chinese websites
• The attack had some interesting patterns, likely caused by design decisions and mistakes made by the programmer of the botnet that was used in the attack
• The provide a video showing a breakdown of the attack
• It was interesting to learn that Randall Munroe (of XKCD fame) actually came up with the best way to visualize the distribution of IP addresses, with a grid where sequential numbers are in adjacent squares
• Only IP addresses in the first 128 /8 netbooks were used. The use of 128/8 specifically suggests an less than or equal, rather than an equal was used during the comparison of IP addresses
• It is not clear why a larger set of addresses were not used
• The attack seemed to use 3 or 4 different groups of bots, sending spoofed DNS requests
• Two of the larger groups of bots sequentially cycled through the 2.0.0.0/8 through 19.0.0.0/8 subnets at different speeds
• Attacks were not seen from the 10.0.0.0/8 and 127.0.0.0/8 networks, for obvious reasons
• However, a delay in the attacks sourced from 11.0.0.0/8 suggests that the botnet attempted to use the entire 10 block, but the packets just never left the source networks
• “The researchers also note that Response Rate Limiting was an effective mitigation in countering up to 60 percent of attack traffic. RRL is a feature in the DNS protocol that mitigates amplifications attacks where spoofed DNS queries are used to target victims in large-scale DDoS attacks.”
• “In addition to RRL, the researchers said attack traffic was easily filterable and through filtering were able to drop response traffic for the attack queries, leaving normal traffic untouched. One of the limitations with this approach is that it’s a manual process”

Virus hits Medstar hospital network, Hospital forced to shutdown systems

• “The health system took down some its computers to prevent the virus from spreading, but it’s not clear how many computers — or hospitals — are affected”
• “A statement by the health system said that all facilities remain open, and that there was “no evidence of compromised information.””
• “The not-for-profit healthcare system operates ten hospitals across the Washington and Baltimore region, with more than a hundred outpatient health facilities. According to the system’s website, it has more than 31,000 employees and serves hundreds of thousands of patients annually.”
• “One visitor to the hospital told ZDNet that staff switched the computers off after learning about the virus. The person, who was visiting a patient in one of the healthcare system’s Washington DC hospital, said the computers were powered off for more than an hour, with all patient orders lost, the person said.”
• “It’s not clear exactly what kind of malware was used in Monday’s cyberattack. A spokesperson for MedStar Health did not immediately respond to a request for comment.”
• An FBI spokesperson confirmed that it was “aware of the incident and is looking into the nature and scope of the matter.”
• Additional Coverage: Threat Post
• After a few days, the medical network was recovering
• “The healthcare provider said the attack forced it to shut down its three main clinical information systems, prevented staff from reviewing patient medical records, and barred patients from making medical appointments. In a statement issued Wednesday, it said that no patient data had been compromised and systems were slowly coming back online.”
• “Clinicians are now able to review medical records and submit orders via our electronic health records. Restoration of additional clinical systems continues with priority given to those related directly to patient care”
• “While the hospital still won’t officially confirm the attacks were ransomware related, The Washington Post along with other news outlets are reporting that employees at the hospital received pop-up messages on their computer screens seeking payment of 45 Bitcoins ($19,000) in exchange for a digital key that would decrypt data”
• “The MedStar cyberattack is one of many hospitals in recent months targeted by hackers. Last week, Kentucky-based Methodist Hospital paid ransomware attackers to unlock its hospital system after crypto-ransomware brought the hospital’s operations to a grinding halt. Earlier this year Los Angeles-based Hollywood Presbyterian Medical Center paid 40 Bitcoin ($17,000) to attackers that locked down access to the hospital’s electronic medical records system and other computer systems using crypto-ransomware.”
• As long as hospitals continue to pay out, this will only grow to be a worse problem
• “Medical facilities don’t give security the same type of attention that other verticals do,” said Craig Williams, senior technical leader for Cisco Talos. “They are there to heal people and cure the sick. Their first priority is not to take care of an IT environment. As a result it’s likely the hackers have been out there for quite some time and realized that there are a lot (healthcare) sites that have a lot of base vulnerabilities.”
• As you might expect: 1400 vulnerabilities to remain unpatched in medical supply system
• Additional Coverage
• In related news:
• Canadian hospital website compromised serves up the Angler malware kit to visitors
• The site is for a hospital in a small city that serves a mostly rural area. Happens to be where I grew up, and the hospital I was born in
• The hospital site is run on Joomla, and is running version 2.5.6, which has many known vulnerabilities. The latest version of Joomla is 3.4.8
• “Like many site hacks, this injection is conditional and will appear only once for a particular IP address. For instance, the site administrator who often visits the page will only see a clean version of it, while first timers will get served the exploit and malware.”
• The obvious targets are “staff, patients and their families and visitors, as well as students”
• The hospital became a teaching facility for McMaster University’s Faculty of Health Sciences in 2009
• “The particular strain of ransomware dropped here is TeslaCrypt which demands $500 to recover your personal files it has encrypted. That payment doubles after a week.”

CNBC Password Tester — How not to do it

• CNBC has a post about constructing secure passwords
• The basic idea was that you submit your password, and it tells you how strong it is
• There are obvious problems with this idea. Why are you giving out your password anyway?
• Of course, the CNBC site is served in plain text (which is fine for a news site), but it means your password is sent to them in the clear
• Worse, they had the site adding all of the submitted passwords to a google spreadsheet, also in the clear
• Because the password was submitted as a GET variable, and was in the URL, it was also included in the referral information sent to all of the advertising networks in the CNBC site, including DoubleClick, ScoreCardResearch, something hosted at Amazon AWS, and any other widgets on the site (Facebook, Gigya)
• If you actually did want to build a tool like this, at least use javascript to perform the calculations on the users’ device and never transmit their passwords
• Of course, users should never type the password into another website. This is the definition if a phishing attack
• The page has since been removed
• Additional Coverage

Feedback:

• pfSense question ALERT!
• OpenVPN vs IPSec VPN
• leaky DNS

Round Up:

• Finnish supercomputer suffers largest unplanned outage in years, provides post mortem
• Mattel hit by fake CEO scam, for $3 million. Managed to get it back because the next day was a bank holiday in China
• Google offers a free DDoS shield to news papers and other sites that seek to expose corruption, and may face state-level DDoS attacks attempting to silence them
• EFF Proposes “DRM Non-Aggression Pact” as part of W3C standard for DRM. Asks signatories to agree not to go after security researchers or those making ‘compatible’ technologies
• Amazon Updates Its Policies To Ban USB Type-C Cables That Are Not Fully Spec Compliant
• TrendMicro A/V software accidently exposes debugging console that can be exploited
• US Federal court warns of scammers trying to get people to pay hefty fines for missing fake jury duty
• HID Networking Door Controllers have remote root vulnerability, hilarity ensues
• A Romanian ex-minister faces jail time after embezzling the windfall from the 47% discount Microsoft gave the government for a 5 year deal to use MS Office in all Schools and Public Institutions
• New SideStepper exploit allows Man-in-the-Middle attacks against iOS devices, requires phishing or otherwise tricking the user
• Enders Analysis ad blocker study finds ads take up 79% of mobile data transfer
• Operating Blockbuster, an investigation into the Sony Pictures Entertainment wiper hack
• How Wi-Fi Works

The post Holding Hospitals Hostage | TechSNAP 261 first appeared on Jupiter Broadcasting.

New Ransomware locks your bootloader & makes you pay to boot. Malware with built in DRM? We’ll share the story of this clever hack.

Plus some great questions, our answers, a packed round up & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

New Petya malware encrypts the Master Boot Record then BSoDs your machine

• “Malware experts from German security firm G DATA have found a new type of lock-ransomware that uses a DOS-level lock screen to prevent users from accessing their files”
• Unlike some other malware, the researchers did not come up with the name, the malware has its own website and logo, where you pay the ransom
• I am not sure “DOS-level” makes sense as a term, but ok
• “Lock-ransomware, also known as lockers, is the first type of ransomware that existed before the rise of crypto-ransomware. This type of ransomware doesn’t encrypt files, but merely blocks the user’s access to his data”
• “The latest lock-ransomware discovered by security researchers is the Petya ransomware, which was seen spread via spear-phishing campaigns aimed at human resource departments. HR employees are sent an email with a link to a file stored on Dropbox, where an applicant’s CV can be downloaded. This file is an EXE file named portfolio-packed.exe, which if executed, immediately crashes the system into a standard Windows blue screen of death.”
• “As soon as the user restarts the PC after the blue screen, the computer will enter a fake check disk (CHKDSK) process that, after it finishes, will load Petya’s lock screen. Restarting the computer over and over will always enter this screen”
• “This screen provides a link to the ransomware’s payment site, hosted on Tor. After the user purchases a decryption key, he can enter it at the bottom of the DOS lock screen. Petya claims to encrypt the user’s files, but G DATA says they can’t verify its claims, and that this is presumably a lie.”
• “UPDATE: Trend Micro’s researchers also took a look at Petya and they confirm that the ransomware does encrypt files, while also revealing it alters the MBR , preventing users from entering in Safe Mode, and it ask for a 0.99 Bitcoin (~$400) ransom”
• The encryption of the boot sector is very simple, the data is just XOR’d with the value 0x37 (the ascii code for the number 7): Animated GIF
• Additional Coverage: Threat Post

New USB Thief trojan found in the wild

• Researchers at ESET have identified a new trojan being spread on USB sticks, called “USB Thief”
• What makes this malware so unique is how it protects itself from analysis by researchers
• “Each instance of this trojan relies on the particular USB device on which it is installed and it leaves no evidence on the compromised system. Moreover, it uses a very special mechanism to protect itself from being reproduced or copied, which makes it even harder to detect.”
• “It depends on the increasingly common practice of storing portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt on USB drives. The malware takes advantage of this trend by inserting itself into the command chain of such applications, in the form of a plugin or a dynamically linked library (DLL). And therefore, whenever such an application is executed, the malware will also be run in the background.”
• “The malware consists of six files. Four of them are executables and the other two contain configuration data. To protect itself from copying or reverse engineering, the malware uses two techniques. Firstly, some of the individual files are AES128-encrypted; secondly, their filenames are generated from cryptographic elements. The AES encryption key is computed from the unique USB device ID, and certain disk properties of the USB drive hosting the malware. Hence, the malware can only run successfully from that particular USB device.”
• So when researchers copied the malware to a VM to try to dissect it, it stopped working, as it could no longer decrypt its payload
• “It was quite challenging to analyze this malware because we had no access to any malicious USB device. Moreover, we had no dropper, so we could not create a suitably afflicted USB drive under controlled conditions for further analysis.”
• “Only the submitted files can be analyzed, so the unique device ID had to be brute-forced and combined with common USB disk properties. Moreover, after successful decryption of the malware files, we had to find out the right order of the executables and configuration files, because the file copying process to get the samples to us had changed the file creation timestamp on the samples.”
• “Finally, the payload implements the actual data-stealing functionality. The executable is injected into a newly created “%windir%\system32\svchost.exe -k netsvcs” process. Configuration data includes information on what data should be gathered, how they should be encrypted, and where they should be stored. The output destination must always be on the same removable device. In the case we analyzed, it was configured to steal all data files such as images or documents, the whole windows registry tree (HKCU), file lists from all of the drives, and information gathered using an imported open-source application called “WinAudit”. It encrypts the stolen data using elliptic curve cryptography.”
• “In addition to the interesting concept of self-protecting multi-stage malware, the (relatively simple) data-stealing payload is very powerful, especially since it does not leave any evidence on the affected computer. After the USB is removed, nobody can find out that data was stolen. Also, it would not be difficult to redesign the malware to change from a data-stealing payload to any other malicious payload.”

Six people charged in hacked lottery terminal scam

• “Connecticut prosecutors say the group conspired to manipulate automated ticket dispensers to run off “5 Card Cash” tickets that granted on-the-spot payouts in the US state.”
• “According to the Hartford Courant, a group of shop owners and employees setup the machines to process a flood of tickets at once, which caused a temporary display freeze. This allowed operators to see which of the tickets about to be dispensed would be winning ones, cancel the duff ones, and print the good ones.”
• “While those reports were being processed, the operator could enter sales for 5 Card Cash tickets,” the newspaper reports. “Before the tickets would print, however, the operator could see on a screen if the tickets were instant winners.”
• “The Courant says that the lottery commission wised up to the scheme back in November when it heard that people were winning the 5 Card Cash game at a higher-than-expected rate. The game was temporarily halted. The paper notes that more arrests are expected in the case.”
• In Ontario, there are special provisions for when an employee of the store wants to buy a lottery ticket, specifically to deal with crimes of this nature
• The other common lottery crime was replacing a customer large payout winning ticket with a smaller one. The employee would buy a number of tickets, keep the small winners ($10), and swap them for the larger winning tickets of unsuspecting customers when they came in to cash them
• It is now common place for there to be an automated lottery checking machine that is used directly by the customer.
• The ticket machines in Ontario also play an audible tune when a winning ticket is scanner, much to the annoyance of people who have to work there all day, but it ensures that customers are not ripped off

Feedback:

• Mail Backup
• DB2 on copy-on-write filesystem.
• Server Rebooting After Updates
• Is Krebs on holiday? No new posts since last week. How am I supposed to do this show without Krebs?

Round Up:

• vncroulette.com
• Node.js package manger vulnerable to malicious packages
• ​Microsoft and Canonical partner to bring Ubuntu to Windows 10
• Intel will move away from the Tick/Tock development cycle, the three stage process will be the standard now
• Congress attempts to pass law requiring ID to buy a “burner” phone. Likely fails to understand the entire issue — I predict this does nothing to solve the problem, but causes more people to be unable to get a phone at all
• Researcher exploits flaw in Valve’s Steam game review process, bypassing it to upload “Watch Paint Dry: The Game”
• Security flaw in “TrueCaller” Android app exposes data of millions of users
• The iPhone may be easier to hack than expected, as the unlock count it not stored as securely as previously thought
• Amazon releases guide to developing for its Echo platform using a Raspberry Pi
• CloudFlare is asking tor to implement a “prove you are human” plugin or face being blocked
• The Mastermind — Atavist

The post Pay to Boot | TechSNAP 260 first appeared on Jupiter Broadcasting.

Ang and Mike discuss business operational tools, practices & common issues, how Ang got her kids started on computers, good languages to get started with & she makes a pretty poignant comment about Linux. Mike discusses TarDisk & whether or not he recommends it & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

Hoopla:

• TarDisk Review | dominickm.com
• PyCharm

WTR’s:

• Code Saves Time | WTR 48 | Jupiter Broadcasting
• Technology For Connection | WTR 43 | Jupiter Broadcasting
• Sharing with Intent | WTR 45 | Jupiter Broadcasting

The post Linux: Bug or Feature? | CR 188 first appeared on Jupiter Broadcasting.

Spending time on the open road taught us a lot of lessons, really fast. We share some of our favorites with you, thank some who helped with gear for the trip…

And then discuss our rather nasty leak.

The Rover has been parked (mostly) since the trip, and there is a bit of wear. We’ll probably spend the next couple of videos tackling these challanes. We start with one of our most pressing.

Plus check out the Hyperlapses of Chris at work recording a bunch of shows this weekend!

The post Lessons, Thanks, and a Water Leak | Rover Log 13 first appeared on Jupiter Broadcasting.

Live from the floor of LinuxCon 2015 we capture Bruce Schneier’s take on hacking attribution, how HP enthusiastically supports Linux internally & our impressions of the big convention.

Plus how Docker is going big this year & which type of Linux event is right for you.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

• Not much to link this week, LinuxCon is the content for this week!

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

Support Jupiter Broadcasting on Patreon

The post Connecting the Docks | LINUX Unplugged 106 first appeared on Jupiter Broadcasting.

Jupiter Broadcasting has a reach of millions, over seven hours of content produced a week, and all from a garage studio.

In this episode get a behind the scenes tour of Jupiter Broadcasting\’s HD virtual studio.

Find out how, with a few tricks, Chris can turn around an 1+ hour HD episode in just a matter of hours. It\’s all done live, and on a budget!

Direct Download:

HD Download | Mobile Download | MP3 Download | Ogg Download | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | Ogg Feed | iTunes HD Feed

Notes:

Previous Tours:
– Behind The Scenes of our HD Studio Part 1
– Behind The Scenes of our HD Studio Part 2
– Behind The Scenes of our HD Studio Part 3
– Behind The Scenes of our HD Studio Part 4

Gear:

[asa default]B001OI2Z4Q[/asa]
[asa default]B001CN9GEA[/asa]
[asa default]B0039QWR5I[/asa]

• Reflecmedia Green Screen – DVeStore

The post Garage Broadcasting PT1 | In Depth Look first appeared on Jupiter Broadcasting.

Bryan and Chris try out Wells Banana Bread Beer and pair it with their meal that taste like Thanksgiving, but is not actually Thanksgiving! Can the guys handle the raw banana flavor?

PLUS – Bryan gets back at Chris for the Man Sculpting Incident from a few episodes back!

The post Wells Banana Bread Beer Review | Beer is Tasty first appeared on Jupiter Broadcasting.

We’re building an HD studio for online content creation as we go! This is part 3 of our “documentary” of the process. Find out what we use, and why to make our shows!

Catch Part 2 here.

The post Behind The Scenes of our HD Studio Part 3 first appeared on Jupiter Broadcasting.