Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

NBC website compromised, malicious code injected

• The official website of US broadcasting and media giant NBC was found to contain a malicious iframe pointing visitors to the RedKit Exploit Kit
• The exploit kit used one of the vulnerabilities patched in Java 7u11 (released January 13th, although the issue was not fully fixed until Java 7 u13 on February 1st), as well as a .PDF exploit to drop the Citadel banking Trojan, a variant of the Zeus botnet only ever sold to the russian underground, to prevent infiltration by authorities and security companies
• This attack could have been much worse if it has used one of the newer vulnerabilities that had not been patched until u15 (February 19th) or u17 (March 4th)
• Many users are likely still using somewhat outdated versions of java due to the rapid release and the inefficacy of the java updater, and the addition of the .PDF exploit ensured a wider vulnerability
• The attackers likely had ongoing access for a time, as the URL target of the iframe changed rapidly to avoid blocking of the delivery sites
• One of the domains used in the iframe was an internationalized domain name, which translated from russian to my-new-sploit.com
• The version of the Citadel trojan used in the exploit was only recognized by 3 of the 46 virus scanners on virustotal.com on the date of the attack
• The infection was also detected on other NBC sites such as latenightwithjimmyfallon.com and jeylenosgarage.com, so it was likely an exploit against the CMS
• These trusted sites are especially valuable as attack vectors for malware authors, because of their huge traffic volumes and the fact that users expect the large trusted sites to be free of malware or other risk
• Facebook’s malware scanner detected something was wrong (since iframes of .jar and .pdf files are usually only seen in attacks), and blocked users from posting links to NBC.com (We have discussed Facebook malware scan that is part of their spider that fetches the preview images)
• The malware was first detected by researchers at 16:43 CET on the 21st, it is unclear how long the injection was on the site before it was discovered
• The malware was removed from the site by 21:28 CET
• Researchers Post
• Additional Coverage

---

Bit9’s cloud security app compromised, 32 pieces of malware whitelisted

• Bit9 is a security company whose main product is an application control software, which basically monitors all of the applications and processes running on a server or end-user device, and reports any unusual activity (applications not on the cloud maintained whitelist)
• Customers of Bit9 include the US government, banks, oil and energy companies, defence contractors and 30 companies from the Fortune 100 list
• Attackers managed to compromise one or more virtual machines at the company and gained access to a code signing certificate, subsequently using it to sign 32 pieces of malware, effectively whitelisting them
• It turns out, due to an “operational oversight” a “handful” of computers at Bit9 did not run Bit9’s own software, so the intrusion was not detected or prevented
• As such, Bit9 claims that the compromise was not due to a problem with their software
• Bit9’s investigation suggests that only three of their customers were affected by the illegitimately signed malware
• Bit9 revoked the certificate that was used to sign the malware (and probably all previously whitelisted binaries, Bit9 claims it was no longer actively using the stolen certificate, but that it was still valid), got a new certificate and resigned the whitelisted apps, and patched their software to blacklist anything signed with the revoked certificate
• It is interesting to note that the most often touted features of the Bit9 system is that it stops new and unknown malware, because it only allows approved applications to run, the opposite of traditional anti-virus applications, which rely on a blacklist of known malware. In this case, it might have been that the compromised caused Bit9 to allow known malware that would have been stopped by traditional anti-virus to run on the target systems
• Bit9 is not saying which of its customers were targeted, but based on other information and the list of industries Bit9 said were not targeted, it appears to have been a defence contractor
• Official Update Announcement
• Bit9 says the attackers originally compromised their systems in July of 2012 view an SQL injection flaw in software that was running on an internet accessible web server
• From the web server, the attackers were able to compromise two legitimate user accounts, and eventually use those to access a virtual machine that contains the private keys for the code-signing certificate
• The virtual machine that was compromised was shut down a few days later, the compromise undetected
• In January that virtual machine was started again, and the compromise was eventually detected
• Bit9 says evidence suggests that they were not the ultimate target of the attack, but rather just a stepping stone to eventually compromise one of their customers
• Bit9’s audit showed that the source code for their software was not accessed or modified
• The attackers later executed a watering hole attack (similar to the mobile developer forum attack that compromised twitter, facebook, apple and microsoft) against the 3 target Bit9 customers
• The attack used a java vulnerability to execute the HiKit and Unixhome backdoors, two of the binaries that had been signed with the stolen Bit9 certificate. Rather than these being blocked by Bit9 as intended, because they had been signed by Bit9, they were whitelisted and allowed to run in the highly secured network of the defense contractors
• Krebs on Security Coverage – Part 1 Part 2
• Security Ledger coverage

---

Oracle issues another emergency Java patch after McRAT exploits new 0-day in the wild

• The fix covers CVE–2013–1493 and CVE–2013–0809
• The latter vulnerability is in the colour management system of Java 2D and allows an attack to use a specially crafted image file to execute a memory corruption attack. The attack targets the JVM’s internal data structures and overwrites the areas of memory that control whether the security manager to enabled or not
• The exploit has been seen in the wild, successful exploited to drop the McRAT trojan
• The security company that discovered the exploit reported that the McRAT trojan was communicating with the same Command and Control server that was used in an earlier attack against security company Bit9
• FireEye blog post
• Additional Coverage
• The issue was originally reported on February 1st, Oracle claimed that was too late to be included in the February 19th patch. Oracle planned to sit on the update until the next scheduled update in April, but once it was being exploited in the wild they were forced to release this update
• Java Security bulletin
• Security Explorations has reported 7 more java vulnerabilities since February 25th
• Oracle has rejected issue #54 claiming it is not a vulnerability, but the polish firm and US-CERT disagree, Security Explorations has sent additional details and proof of concept to help Oracle understand the vulnerability
• Oracle has issued tracking numbers for issues #56–60 but clarifies that the issues are not ‘confirmed’ yet
• This seems to signal an increasing resistance from Oracle and acknowledge and fix the bugs that researchers report, until it is too late and they are being actively exploited

---

Feedback

• Patch management for workstations

• Archive and storing the web

• Named-Based Virtual Hosting vs Virtual interfaces?

• Career Change Help

• What happens if my Nginx Reverse Proxy Goes Down?

• Keeping my IT an Dept Sane

• Watching TechSNAP on the Projector

Round Up:

• Is code.org all hype? or can anyone learn to code?
• Seagate will stop making 7200pm laptop drives (focus on hybrid hdd/ssd drives and 5400 hdds)
• NYC District Attorney says nearly all crimes involve computers in some way
• Servers compromised at Evernote – Username, email and hashed passwords stolen – Forced password reset
• Microsoft Azure storage outage caused by expired certificate
• Icelandic electronics retailer Elko’s website accidently explosed resumes of all applications over the last 7 years

The post 100% Uptime | TechSNAP 100 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/27436/starting-a-job-fauxshow-116/ Wed, 14 Nov 2012 22:45:26 +0000 https://original.jupiterbroadcasting.net/?p=27436 Angela and Chris talk about some of the things to think about when starting a new job. They discuss some of Angela’s recent experiences.

The post Starting A Job | FauxShow 116 first appeared on Jupiter Broadcasting.

]]>



Angela and Chris talk about some of the things to think about when starting a new job. They discuss some of Angela’s recent experiences after being a stay-at-home mom for 3 years.

Direct Download:

HD Download | Mobile Download | MP3 Download | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feeds

   

Show Notes:

To help you get through the holidays:

Herbal Aire Aromatherapy Diffuser:
[asa]B009WQNC7Q[/asa]

Bacon Tie:
[asa]B005QDKIF8[/asa]

For the kids (and kids at heart):
[asa]B0021WOGZA[/asa]

Mail Sack:

Jacob writes:

I\’m about to publish my third book and plan on doing the audio version of it over the next few days. When complete would you like to incorporate it into your radio stream? I\’m releasing it under a creative commons license. Despite the fact that it\’s a fantasy book for my daughter\’s birthday I\’ve included a few allusions to Linux throughout the book. I\’ve got different ways of using names like Red Hat, Fedora, Knoppix, and Debian within the book.

Let me know if you still need content for the radio stream. I\’ll send you a link to the book once it\’s up.

Adam writes:

I was just looking at my bank statement and realised my bank does the rather pleasant thing of charging me £1.25 every time amazon.com takes money from me because they\’re in the US! Do you know if there\’s anyway to set up the payment through amazon.co.uk? Otherwise I\’m thinking I might cancel the monthly subscription and just pay the year up front via paypal.

Cheers,
Adam (barblewarble)

Blake writes:

I just wanted to let you know that I was tuned in to the live stream election night. You were my primary source for election coverage. I had your live stream going in the back ground and I also watched a few websites. I thought your coverage was superb. I would like to see more of this type of live coverage from Jupiter Broadcasting. Techsnap could cover large tech announcements in this way.

On another note I think it would get great if you would cover how technology and social media affected the election coverage.

Thanks for great coverage of the election. I look forward to more events like this.

Update on AvatarContinuum: Jupiter Broadcasting avatars: https://www.avatarcontinuum.com/avatars_jupb.html

Find FauxShow!

LIVE: https://jblive.tv – 8pm Pacifc – 11pm Eastern – 3am UTC
Facebook: https://www.facebook.com/thefauxshow
Twitter: https://www.twitter.com/angerz
G+: https://www.gplus.to/fauxshow
Dailybooth: https://www.dailybooth.com/thefauxshow
Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
Jupiter Radio: https://jblive.info
Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
Donations: https://original.jupiterbroadcasting.net/donate
Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Starting A Job | FauxShow 116 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/22881/dream-job-awards-fauxshow-102/ Wed, 08 Aug 2012 21:26:19 +0000 https://original.jupiterbroadcasting.net/?p=22881 Angela and Chris share the dream jobs of FauxShow viewers! From space, to gaming, and some downright silly ones.

The post Dream Job Awards | FauxShow 102 first appeared on Jupiter Broadcasting.

]]>



Angela and Chris share the dream jobs of FauxShow viewers! From space, to gaming, and some downright silly ones.

Direct Download:

HD Download | Mobile Download | MP3 Download | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feeds

   

Show Notes:

Links from Awards:

Jewkesman: https://www.youtube.com/jewkesman
mininessie: https://mininessie.deviantart.com/gallery
Remy: https://raymii.org
stnet: https://www.stnet.nu
Nean: https://www.youtube.com/neanrts
rikai: https://www.youtube.com/rikailp

Mail Sack:

Will you do some more Beer is Tasty episodes? So many beers, so little time! Thanks guys.
Past and current supporter,
Tim

Not to sure if you\’ll use it but i made a jupiter broadcasting youtube background, its modeled after the home page of jupiterbroadcasting and i hope you\’ll enjoy it, feel free to not use it if you want https://i.imgur.com/2o6qp.png
ps: change the background html notation to #efefef if in use
pss: this was created on linux, with gimp
-ilikepie

Perhaps there should be answering questions only episodes of Techsnap. i <3 Technsap
-John

I have three points I want to make:
First, I just got caught up with the last couple Faux Shows this evening, since I wasn\’t able to catch them live. I will have you know that I\’ve already read eight books this year, thank you very much! To clarify, the ones shown for the award is the second half of the Dark Tower series bought for me by my then-girlfriend/now-fiancée cougha while agocough, so I\’ve made it a particular project to read them.
Which brings me to my second point: Do you know how frustrating it is to watch a Faux Show not live? I keep thinking about what I would say in the chat, but it would be totally without context and people there would think I\’m totally crazy (crazier?). Faux Shows live, with the best lower third on the Internet, is a far superior viewing experience! (Now shamelessly plug the live stream ).
Third, and totally unrelated, people have mentioned in casual conversation before that it would be awesome if you guys could do a LAS from the Ubuntu booth at CES. I know finances are a little tight, but if you\’re even thinking about it in any way, here\’s a tip: You can register for the show for free until August 31. That\’s right, totally free! Now, you\’d still have to come up with lodging, food, and any other accommodations, but this would be one thing not to worry about. Even if you don\’t decide to go, you can still register and get all your info into their system so that in future years it will alert you to the free registration period (as well as their emails and anything else you may or may not be interested in).
-cbojar

Find FauxShow!

Facebook: https://www.facebook.com/thefauxshow
Twitter: https://www.twitter.com/angerz
G+: https://www.gplus.to/fauxshow
Dailybooth: https://www.dailybooth.com/thefauxshow

Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
Jupiter Radio: https://jblive.info

Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
Donations: https://original.jupiterbroadcasting.net/donate

Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Dream Job Awards | FauxShow 102 first appeared on Jupiter Broadcasting.

]]>