Angela and Chris discuss with the mumble chat room all about passwords. Mostly things we don’t like about passwords, security questions, captchas, services and devices to store passwords.

Direct Download:

HD Download | Mobile Download | MP3 Download | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feeds

— Show Notes: —

Hi Angerz, and Chris

When Chris said he wanted some ideas about things that bug me on the internet during LAS preshow I was too lazy to open IRC and thought you guys would probably get it anyway, well surprise surprise you missed it, and I dont see how.

Its such a big issue you can probably do a whole show on it.

Its passwords! all aspects of passwords and not just passwords but logging’s too, I know we cant do without them but here is what bugs me:

1. People forget their passwords, before the good ol days of social networks, I setup a gallery for family photos so my family abroad could see them, the thing is they never logged in to use it and constantly forgot their passwords.
2. having to create a login for each site to download content or post comments is annoying
3. sites that have silly rules like username has to be between 8 and 13 characters long and contain the letter ‘n’, password is too long you password cant be longer than 5 characters, etc.
4. password management has become a nightmare, if you not using something to keep track of all your passwords how will you remember which sites you registered on and what username.password you used? and dont suggest have a common username and password you will get Alan(TechSnap) started on how thats a bad idea
5. Talking about techsnap the other thing is people using weak passwords and then get hacked
6. Security question, like this really ever helped anyone
7. image captures required when logging in, I can never read those stupid things
8. ‘Remeber me’, keeping people logged in is just silly once the browser window is closed they should have to log in again
9. browsers remembering passwords for you, why dont you just throw your security out the window

Chris, Im sorry I wasnt there for you buddy, but seriously how could you miss this one! I know I know you use last pass and its a non issue but having all your eggs (or nuts or balls, whatever you call them) in one basket is a bit risky especially since that basket belongs to someone else, if they trip and fall you might get hurt.

So Angerz, im sorry its a bit longwinded and if you already done a Faux on passwords I suppose its all in vain. Just thought I should give my 2 cent.

GX

• Mooltipass: Open Source Offline Password Keeper | Indiegogo

• Everykey Wants To Put Your Passwords On Your Wrist | TechCrunch

— December 7th Awards —

Tell us about your holiday traditions, feel free to share embarrassing family pictures, or show us the one thing you want this holiday season (consider including your Amazon wishlist!).

Send your pic and/or link, IRC nick and explanation to:

Email: angela@jupiterbroadcasting.com

• See more pics: https://instagram.com/jupiterbroadcasting#
• Sign up for Jupiter Signal: www.bit.ly/jupitersignal

Unfilter is on Patreon! https://www.patreon.com/unfilter

Tech Talk Today is on Patreon! https://www.patreon.com/jupitersignal

— Find the FauxShow! —

Facebook: https://www.facebook.com/thefauxshow
Twitter: https://www.twitter.com/angerz
G+: https://www.gplus.to/fauxshow
Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
Jupiter Radio: https://jblive.info
Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
Donations: https://original.jupiterbroadcasting.net/donate
Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Your Password | FauxShow 199 first appeared on Jupiter Broadcasting.

That Adobe breach we told you about? It’s about 10x worse than originally reported, we’ll share the details.

Plus PHP.net gets compromised, howto future proof your storage, and much much more!

On this week’s TechSNAP!

Thanks to:

Adobe breach worse than originally thought, number of impacted customers now atleast 38 million

• Adobe is continuing its flurry of password resets, which now extend to more than 38 million customers
• Adobe has also revised its original list of applications for which the source code was leaked to include the entire photoshop family of programs
• “This past weekend, AnonNews.org posted a huge file called “users.tar.gz” that appears to include more than 150 million username and hashed password pairs taken from Adobe” – This number apparently includes inactive and test accounts, the 38 million number mentioned earlier are those considered ‘Active’
• A company spokesperson said Adobe has no indication that there has been any unauthorized activity on any Adobe ID involved in the incident
• As part of its resolution of the breach, Adobe is offering customers a years worth of free credit monitoring… from Experian (See last weeks story about how Experian was caught selling personal data to identity thieves)
• Additional Coverage

PHP.net compromised, serves malware and is blocked by Google Safe Browsing

• On 24 Oct 2013 06:15:39 +0000 Google started saying www.php.net was hosting malware. The Google Webmaster Tools were initially quite delayed in showing the reason why and when they did it looked a lot like a false positive because we had some minified/obfuscated javascript being dynamically injected into userprefs.js.
• To summarise, the situation right now is that:
• JavaScript malware was served to a small percentage of php.net users from the 22nd to the 24th of October 2013.
• Neither the source tarball downloads nor the Git repository were modified or compromised.
• Two php.net servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.
• SSL access to php.net Web sites is temporarily unavailable until a new SSL certificate is issued and installed on the servers that need it.
• Over the next few days: php.net users will have their passwords reset. Note that users of PHP are unaffected by this: this is solely for people committing code to projects hosted on svn.php.net or git.php.net.
• As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net.
• All affected services have been migrated off those servers. We have verified that our Git repository was not compromised, and it remains in read only mode as services are brought back up in full.
• As it\’s possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately.

Researchers at Vicarious software claim to be able to defeat 90% of Captchas

• “Vicarious is developing machine learning software based on the computational principles of the human brain. Our first technology is a visual perception system that interprets the contents of photographs and videos in a manner similar to humans.“
• The claim that using this technology, they can defeat 0% of common anti-bot technology used to defect websites from automated usage
• While no paper or code has been shared, they provide a demonstration video that appears fairly compelling
• If their claim is true, this could be a huge setback for the internet
• Captchas are often used to prevent automated signups for services, to defend login systems from brute force attempts, and to moderate spam in online discussion and comment forums
• CAPTCHA creator Luis von Ahn of Carnegie Mellon University says “This is the 50th time somebody claims this. I don\’t really get how they think this is news :)”
• The writing from ScienceMag jumped on a skype call with the company and send them 4 sample captchas, a recaptcha and a paypal captcha were both solved, however another containing cyrillic characters was not (the company says they have not trained their system on non-latin characters yet), and one containing a checkerboard pattern was also not solved immediately.
• If this research got into the wrong hands, it could be used to defeat protection systems across the internet, flooding websites with spam, evading brute force protection systems and otherwise wreaking havoc

Feedback:

• ZFS Choices

  • iXsystems Amazon Store – buy a FreeNAS Mini and support JB at the same time

• freenas/zfs with raid many enclosures

• Software RAID vs LVM

Round Up:

• Announcing The Dark Mail Alliance – Founded by Silent Circle & Lavabit
• Keynote: Tradeoffs in Cyber Security – Cyber Security Symposium, University of North Carolina
• NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
• ShellCheck – a “Static” analyzer for shell script, finds many common flaws and mistakes
• How the NSA is infiltrating private networks
• Researcher exposes issues with online music charts like Spotify, how to make money with fake music + amazon EC2 instances, and how to get your rival’s account suspended
• Why you shouldn’t interupt a programmer
• FAA develops new guidelines for the use of Personal Electronic Devices during all phases of flight – Airlines must test each airframe and pass a safety approval process
• Bluecoat security blog Roundup of recent news
• HP sues seven optical drive manufacturers over alleged price fixing
• De-anonymizing users of french political forums
• Cyber Dialog 2013 – Canada Centre for Global Security Studies, University of Toronto
• Doing Strong Cryptography in the Browser

The post TrekSNAP | TechSNAP 134 first appeared on Jupiter Broadcasting.