Show Notes: coder.show/474

The post Horton Hears a Linux User | Coder Radio 474 first appeared on Jupiter Broadcasting.

Show Notes: error.show/81

The post Larry Two-tails | User Error 81 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/382

The post Domestic Disappointments | TechSNAP 382 first appeared on Jupiter Broadcasting.

Show Notes: unfilter.show/285

The post Gowdy Gettin' Rowdy | Unfilter 285 first appeared on Jupiter Broadcasting.

Show Notes: unfilter.show/284

The post Team America, Space Police | Unfilter 284 first appeared on Jupiter Broadcasting.

The post Iran Pullout | Unfilter 279 first appeared on Jupiter Broadcasting.

Video Feed | MP3 Feed | HD Torrent | iTunes

Become an Unfilter supporter on Patreon:

The post Rocket Man | Unfilter 252 first appeared on Jupiter Broadcasting.

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

— Show Notes —

Episode Links

• Judicial Watch: New Abedin Emails Reveal Top Clinton Foundation Executive Doug Band Sought Diplomatic Passport from Clinton State Department – Judicial Watch
• Bears in the Midst: Intrusion into the Democratic National Committee »
• ThreatConnect follows Guccifer 2.0 to Russian VPN Service
• Exclusive: Congressional leaders were briefed a year ago on hacking of Democrats – sources | Reuters
• Meet the 2016 presidential debate moderators
• Oil Halts Four-Day Slide as Putin Presses for OPEC Freeze Deal – Bloomberg
• FBI releases report on its investigation into Hillary Clinton’s use of a private email server – LA Times
• FBI releases Hillary Clinton email investigation documents – The Washington Post
• F.B.I. Papers Offer Closer Look at Hillary Clinton Email Inquiry – The New York Times
• President Obama just extended the “state of emergency” that’s existed for 15 years – Vox
• Hillary Clinton’s Team Lost a Laptop Full of Her Emails in the Actual Mail – The Daily Beast
• Feds pin brazen kernel.org intrusion on 27-year-old programmer | Ars Technica
• Clinton tells FBI she could not recall all briefings on preserving documents | Reuters
• Confrontations Flare as Obama’s Traveling Party Reaches China – The New York Times
• Fox News on Twitter: “Clinton recall problems. https://t.co/jq9uBozlUH”
• Meet the mastermind behind Clinton’s massive email coverup | New York Post
• After Snubbing Obama, China Gives Putin Red Carpet Treatment, Warns Against Protectionism At G-20 | Zero Hedge
• Barack Obama and Vladimir Putin in tense G20 standoff as the famously hostile pair fail to reach a breakthrough on Syria
• Despite 10,000 civilian casualties in Yemen — 13 per day — U.S. reaffirms support for Saudi Arabia – Salon.com
• Liz Kreutz on Twitter: “”One thing you know from my doctor letter is I have seasonal allergies,” Clinton joked after returning to the gaggle following her cough”
• Liz Kreutz on Twitter: “Clinton says her allergies are “better” today. “I just upped my antihistamine,” she told reporters just now on the plane”
• Terry ex-Dem #MAGA on Twitter: “@ABCLiz these are the probing questions “reporters” asked #CrookedHillary. Journalism is dead https://t.co/lmRdC8NRch”
• Inside Bill Clinton’s nearly $18 million job as ‘honorary chancellor’ of a for-profit college – The Washington Post
• Hillary Clinton Has Parkinson’s Disease, Physician Confirms
• Defective Motor Control of Coughing in Parkinson’s Disease (ATS Journals)
• MSNBC Cuts Live Coverage As Hillary Has “One Of The Worst Coughing Fits Ever” – Blames ‘Seasonal Allergies’ | Zero Hedge
• Hillary Clinton says coughing fit is an ‘allergic reaction’ to Trump | Daily Mail Online
• Exclusive: Clinton charities ignore law requiring them to disclose millions from foreign donors – Longform story
• Greta Van Susteren to leave Fox News, Brit Hume named anchor of ‘On the Record’ – Business Insider
• 10 prominent doctors question Hillary’s health
• Hacking Hillary: A complete timeline of 2016 coughing fits – The American MirrorThe American Mirror
• ‘Crooked Hillary’ nickname isn’t going away: Glenn Reynolds
• Wow! Hillary’s Mysterious Handler Pops Up on Plane During Coughing Fit
• Parkinson’s Disease: Other Medical Concerns: Pneumonia
• Islamic State issues new call for attacks in the West, all non-believers ‘legitimate targets’ • The Foreign Desk
• Clinton Camp Cuts Off Press When Asked About Poll Showing Her Trailing Trump – Breitbart
• Confirmed by Trump insider: ‘Trump TV’ is Plan B after election | Washington Examiner
• Clinton claims she didn’t know emails marked ‘C’ were confidential | New York Post
• BREAKING=> Julian Assange: Wikileaks May Start Releasing Hillary Clinton Email Teasers Next Week (VIDEO)
• New ISIS Military Commander Was Trained by State Department as Recently as 2014 | PJ Media
• US gave $1.7 billion to Iran as hostages were released, four times original amount | Circa News – Learn. Think. Do.
• Exclusive: How Edward Snowden Escaped | National Post
• Nancy Pelosi Urges Paul Ryan to Ban Republicans From Using Hacked Documents – NYTimes.com
• Costa Rica has been running on 100% renewable energy for 2 months straight – ScienceAlert
• New Snowden leaks reveal “collect it all” surveillance was born in the UK | Ars Technica UK
• ISIS loses all territory along Syria-Turkey border – World – CBC News
• The G20 Photo-Op Says A Lot | MarketSlant
• G20 summit in China yields diplomatic windfall for Moscow | Russia Beyond The Headlines
• Was the G20 Summit in China really a success of Russian diplomacy? | Russia Direct
• U.S., Russia ‘not there yet’ on Syria deal: State Department | Reuters
• U.S. investigates Russian plan to disrupt the 2016 election
• Saudi-Russian oil strategy is doomed to fail

The post The Hunt for Red November | Unfilter 203 first appeared on Jupiter Broadcasting.

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

— Show Notes —

Episode Links:

Unfilter 200 Poster

• Hillary Clinton and Paul Ryan could make a deal, says ex-WH aide
• Edward Snowden is making so much money in US speaking fees | New York Post
• FBI-US Attorney Probe Of Clinton Foundation Is Underway | The Daily Caller
• What Julian Assange’s War on Hillary Clinton Says About WikiLeaks
• BREAKING: WikiLeaks Founder Reveals “Google is directly engaged with Hillary Clinton’s campaign” – USAPoliticsNow
• Vladimir Putin Has Already Won Our Election | Observer
• Clinton Foundation donors page is now blocked: ‘This is a weird thing’ | BizPac Review
• Report: Multiple FBI Investigations Into Clinton Foundation Corruption Are Underway | PJ Media
• Suspected Russian DNC hackers also hit GOP, researchers say – POLITICO
• JUST IN: Julian Assange ‘Wanted Dead Or Alive’ By U.S. Government | EndingFed News Network
• ‘Guccifer 2.0’ Suspended From Twitter After Latest Hack of Democrats
• Anthony Weiner caught in new flirty online chat | New York Post
• Russia May Be Preparing New Offensive in Ukraine
• Imam, associate shot dead outside New York City mosque | Fox News
• Trump Is Wrong, NAFTA Was Not Bill Clinton’s Creation
• PressTV-Clintons give 96% of donations to own org.
• Secret Ledger in Ukraine Lists Cash for Donald Trump’s Campaign Chief – NYTimes.com
• We Finally Know Why The Olympic Diving Pool Turned Green
• In Bungled Spying Operation, NSA Targeted Pro-Democracy Campaigner
• Vice President Joe Biden’s son joins Ukraine gas company – BBC News
• Company In Which US Vice President Joe Biden’s Son Is Director Prepares To Drill Shale Gas In East Ukraine | Global Research – Centre for Research on Globalization
• Controversies – California Bill Criminalizing Media Reporting of Undercover Videos Alarms Free Speech Advocates – AllGov – News
• Nigel Farage aide held in US on money laundering, extortion & fraud charges — RT UK
• Soros hacked, thousands of Open Society Foundations files released online — RT America
• Full list of Soros NGOs manipulating elections in all EU member states – Linkis.com
• Jack Posobiec on Twitter: “SMOKING GUN: SOROS FUNDS #BLACKLIVESMATTER #SOROSLEAKS https://t.co/KrLAW17LLw”
• J-Mask {107} on Twitter: “Almost a third of the members of the European Parliament are “proven or likely Open Society allies”. #SorosLeaks https://t.co/ujqVvs4h7D”
• Julian Assange Says, Google Works With Hillary Clinton – Open Media News
• George Soros Hacked, Over 2,500 Internal Docs Released Online | Zero Hedge
• Wikileaks Published Dozens of Malware Links in Email Dump
• We know how this’ll turn out already: Feds debate releasing Clinton’s FBI interview — Puppet Masters — Sott.net
• Wrong chemical dumped into Olympic pools made them green, smelly—and unsafe | Ars Technica
• State Department to turn over recovered emails from Clinton’s private server | Fox News
• DNC Creates ‘Cybersecurity Board’ Without Any Cybersecurity Experts – Slashdot
• Canada’s immigration detention program to get $138M makeover – Montreal – CBC News
• Giuliani appears to make error in speech backing Trump | Fox News
• Ed Snowden Explains Why Hackers Published NSA’s Hacking Tools | Techdirt
• Edward Snowden on Twitter: “The undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak.”
• NSA hack and auction ‘a warning from Russia’, says Edward Snowden | TheINQUIRER
• Soros Hack Reveals Plot Behind Europe’s Refugee Crisis; Media Manipulation; Cash For “Social Justice” | Zero Hedge
• Court bars feds from prosecuting medical pot cases | KOMO
• The West escalates with Russia: Make no mistake, a second Cold War is now official NATO policy – Salon.com
• Gary Johnson Debates Update: Money Pours In, Campaign Takes Aim At 5 Polls
• Everything you need to know about the NSA hack (but were afraid to Google) | TechCrunch
• Trump shakes up campaign, demotes top adviser – The Washington Post
• ‘Shadow Brokers’ Claim to be Selling NSA Malware, in What Could Be Historic Hack | Foreign Policy
• News from The Associated Press
• Russian Military Forces Staging Near Ukraine
• Federal Judge Says Real-Time Cell Location Info — Whether Obtained With A Stingray Or Not — Requires The Use Of A Warrant | Techdirt
• Manafort helped Ukraine party secretly pay US lobbyists: report | TheHill
• Verizon has a plan to make the Android bloatware problem worse | Ars Technica
• Steve Bannon, Kellyanne Conway join Donald Trump campaign – Business Insider
• Campaign 2016 updates – Hillary Clinton: Donald Trump isn’t going to change – LA Times
• The making of Schlitterbahn’s Verrückt waterslide: Too much, too fast? | The Wichita Eagle
• The making of Schlitterbahn’s Verrückt waterslide: Too much, too fast? | The Wichita Eagle
• Russian Bombers Are Flying ISIS Missions From Iranian Air Base – ABC News
• ISIS captures 5 villages from ‘moderates’ as Al-Nusra continues shelling Aleppo – Russia’s MoD — RT News
• 96 Percent Of Hillary’s Charitable Donations Went To Clinton Foundation | The Daily Caller

The post Weapons of Mass Distraction | Unfilter 200 first appeared on Jupiter Broadcasting.

Atom-sized storage could change the face of data and memory, Opera gets sold, Tesla is in some hot water, Netflix beams up Star Trek, hackers claim to have gone after Pokémon Go servers & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Links:

• Earth-like planets among 100+ identified by UH, astronomers and NASA – YouTube
• Opera browser sold to a Chinese consortium for $600 million
• Netflix will stream CBS’ new Star Trek series all around the world | The Verge
• Germany Will Now Require ‘Black Boxes’ In Self-Driving Cars
• The first self-driving car fatality proves nothing | John Naughton | Opinion | The Guardian
• AutoPilot – note to drivers and Consumer Reports | Tesla Motors Club
• Elon Musk on Tesla’s Auto Pilot and Legal Liability – YouTube
• Atom-sized storage could change the face of data and memory
• Hackers: We Attacked Pokemon Go Servers | News & Opinion | PCMag.com
• Beware the fake Pokémon Go apps | TechCrunch
• Raspberry Shake Your Personal Seismograph by Angel Rodriguez — Kickstarter

The post Atomic Memory | TTT 252 first appeared on Jupiter Broadcasting.

Find out about another hospital that accidentally took advantage of free encryption, researchers turn up a DDoS on the root DNS servers & the password test you never want to take.

Plus your batch of networking questions, our answers & a packed round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researchers at VeriSign investigate DDoS on root DNS servers

• Researchers from VeriSign, the company that runs the .com and .net registries, and operations 2 of the 13 critically import root DNS servers, will be giving a talk at a conference detailing their investigation into the attack
• Their findings suggest the attack, which took place in November of 2015, was not directed at the root name servers directly, but was an attempt to down two chinese websites
• The attack had some interesting patterns, likely caused by design decisions and mistakes made by the programmer of the botnet that was used in the attack
• The provide a video showing a breakdown of the attack
• It was interesting to learn that Randall Munroe (of XKCD fame) actually came up with the best way to visualize the distribution of IP addresses, with a grid where sequential numbers are in adjacent squares
• Only IP addresses in the first 128 /8 netbooks were used. The use of 128/8 specifically suggests an less than or equal, rather than an equal was used during the comparison of IP addresses
• It is not clear why a larger set of addresses were not used
• The attack seemed to use 3 or 4 different groups of bots, sending spoofed DNS requests
• Two of the larger groups of bots sequentially cycled through the 2.0.0.0/8 through 19.0.0.0/8 subnets at different speeds
• Attacks were not seen from the 10.0.0.0/8 and 127.0.0.0/8 networks, for obvious reasons
• However, a delay in the attacks sourced from 11.0.0.0/8 suggests that the botnet attempted to use the entire 10 block, but the packets just never left the source networks
• “The researchers also note that Response Rate Limiting was an effective mitigation in countering up to 60 percent of attack traffic. RRL is a feature in the DNS protocol that mitigates amplifications attacks where spoofed DNS queries are used to target victims in large-scale DDoS attacks.”
• “In addition to RRL, the researchers said attack traffic was easily filterable and through filtering were able to drop response traffic for the attack queries, leaving normal traffic untouched. One of the limitations with this approach is that it’s a manual process”

Virus hits Medstar hospital network, Hospital forced to shutdown systems

• “The health system took down some its computers to prevent the virus from spreading, but it’s not clear how many computers — or hospitals — are affected”
• “A statement by the health system said that all facilities remain open, and that there was “no evidence of compromised information.””
• “The not-for-profit healthcare system operates ten hospitals across the Washington and Baltimore region, with more than a hundred outpatient health facilities. According to the system’s website, it has more than 31,000 employees and serves hundreds of thousands of patients annually.”
• “One visitor to the hospital told ZDNet that staff switched the computers off after learning about the virus. The person, who was visiting a patient in one of the healthcare system’s Washington DC hospital, said the computers were powered off for more than an hour, with all patient orders lost, the person said.”
• “It’s not clear exactly what kind of malware was used in Monday’s cyberattack. A spokesperson for MedStar Health did not immediately respond to a request for comment.”
• An FBI spokesperson confirmed that it was “aware of the incident and is looking into the nature and scope of the matter.”
• Additional Coverage: Threat Post
• After a few days, the medical network was recovering
• “The healthcare provider said the attack forced it to shut down its three main clinical information systems, prevented staff from reviewing patient medical records, and barred patients from making medical appointments. In a statement issued Wednesday, it said that no patient data had been compromised and systems were slowly coming back online.”
• “Clinicians are now able to review medical records and submit orders via our electronic health records. Restoration of additional clinical systems continues with priority given to those related directly to patient care”
• “While the hospital still won’t officially confirm the attacks were ransomware related, The Washington Post along with other news outlets are reporting that employees at the hospital received pop-up messages on their computer screens seeking payment of 45 Bitcoins ($19,000) in exchange for a digital key that would decrypt data”
• “The MedStar cyberattack is one of many hospitals in recent months targeted by hackers. Last week, Kentucky-based Methodist Hospital paid ransomware attackers to unlock its hospital system after crypto-ransomware brought the hospital’s operations to a grinding halt. Earlier this year Los Angeles-based Hollywood Presbyterian Medical Center paid 40 Bitcoin ($17,000) to attackers that locked down access to the hospital’s electronic medical records system and other computer systems using crypto-ransomware.”
• As long as hospitals continue to pay out, this will only grow to be a worse problem
• “Medical facilities don’t give security the same type of attention that other verticals do,” said Craig Williams, senior technical leader for Cisco Talos. “They are there to heal people and cure the sick. Their first priority is not to take care of an IT environment. As a result it’s likely the hackers have been out there for quite some time and realized that there are a lot (healthcare) sites that have a lot of base vulnerabilities.”
• As you might expect: 1400 vulnerabilities to remain unpatched in medical supply system
• Additional Coverage
• In related news:
• Canadian hospital website compromised serves up the Angler malware kit to visitors
• The site is for a hospital in a small city that serves a mostly rural area. Happens to be where I grew up, and the hospital I was born in
• The hospital site is run on Joomla, and is running version 2.5.6, which has many known vulnerabilities. The latest version of Joomla is 3.4.8
• “Like many site hacks, this injection is conditional and will appear only once for a particular IP address. For instance, the site administrator who often visits the page will only see a clean version of it, while first timers will get served the exploit and malware.”
• The obvious targets are “staff, patients and their families and visitors, as well as students”
• The hospital became a teaching facility for McMaster University’s Faculty of Health Sciences in 2009
• “The particular strain of ransomware dropped here is TeslaCrypt which demands $500 to recover your personal files it has encrypted. That payment doubles after a week.”

CNBC Password Tester — How not to do it

• CNBC has a post about constructing secure passwords
• The basic idea was that you submit your password, and it tells you how strong it is
• There are obvious problems with this idea. Why are you giving out your password anyway?
• Of course, the CNBC site is served in plain text (which is fine for a news site), but it means your password is sent to them in the clear
• Worse, they had the site adding all of the submitted passwords to a google spreadsheet, also in the clear
• Because the password was submitted as a GET variable, and was in the URL, it was also included in the referral information sent to all of the advertising networks in the CNBC site, including DoubleClick, ScoreCardResearch, something hosted at Amazon AWS, and any other widgets on the site (Facebook, Gigya)
• If you actually did want to build a tool like this, at least use javascript to perform the calculations on the users’ device and never transmit their passwords
• Of course, users should never type the password into another website. This is the definition if a phishing attack
• The page has since been removed
• Additional Coverage

Feedback:

• pfSense question ALERT!
• OpenVPN vs IPSec VPN
• leaky DNS

Round Up:

• Finnish supercomputer suffers largest unplanned outage in years, provides post mortem
• Mattel hit by fake CEO scam, for $3 million. Managed to get it back because the next day was a bank holiday in China
• Google offers a free DDoS shield to news papers and other sites that seek to expose corruption, and may face state-level DDoS attacks attempting to silence them
• EFF Proposes “DRM Non-Aggression Pact” as part of W3C standard for DRM. Asks signatories to agree not to go after security researchers or those making ‘compatible’ technologies
• Amazon Updates Its Policies To Ban USB Type-C Cables That Are Not Fully Spec Compliant
• TrendMicro A/V software accidently exposes debugging console that can be exploited
• US Federal court warns of scammers trying to get people to pay hefty fines for missing fake jury duty
• HID Networking Door Controllers have remote root vulnerability, hilarity ensues
• A Romanian ex-minister faces jail time after embezzling the windfall from the 47% discount Microsoft gave the government for a 5 year deal to use MS Office in all Schools and Public Institutions
• New SideStepper exploit allows Man-in-the-Middle attacks against iOS devices, requires phishing or otherwise tricking the user
• Enders Analysis ad blocker study finds ads take up 79% of mobile data transfer
• Operating Blockbuster, an investigation into the Sony Pictures Entertainment wiper hack
• How Wi-Fi Works

The post Holding Hospitals Hostage | TechSNAP 261 first appeared on Jupiter Broadcasting.

From the road we debate the merits of more boots on the ground in Syria, who is funding ISIS & why that really matters. Also how employers monitor their staff’s technology usage & a recap of the weeks news you need to know about.

Plus a special guest co-host & much more!

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

— Episode Links —

• Boehner resigns: scholars see trouble ahead for GOP
• Obama, Putin Will Meet About Syria – Defense One
• Endgame: Putin Plans To Strike ISIS With Or Without The U.S. | Zero Hedge
• Watch The Latest Russian War Preparations In Syria: Satellite Imagery Update | Zero Hedge
• India Retracts Proposal on Encryption for Social Media Data After Outcry – The New York Times
• David Cameron faces legal challenge over Syria airstrikes | World news | The Guardian
• Obama and Putin’s planned UN meeting already rife with miscommunications | US news | The Guardian
• U.S. Gives Africa $36.5 Mil to Train More Doctors at U.N.’s Request – Judicial Watch

The post United States of Syria | Unfilter 159 first appeared on Jupiter Broadcasting.

High ranking members of the intelligence community have come forward and stated the Obama administration is manipulating ISIS intelligence reports and targets & the most likely reason is troubling.

Russia is caught supplying Assad with weapons, China is flexing its muscles & a lot more!

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

— Episode Links —

• Ezgi Basaran, “Former CIA officer says US policies helped create IS.” Al-Monitor, 2 September 2014. https://www.al-monitor.com/pulse/politics/2014/09/turkey-usa-iraq-syria-isis-fuller.html#.

• A 2008 US Army-commissioned RAND report outlines a ‘Divide and Rule’ strategy for US engagement in the region, noting that the strategy “focuses on exploiting fault lines between various SJ (Salafi-jihadi) groups to turn them against each other…” The report calls for the US to “capitalize on the Shia-Sunni conflict by taking the side of the conservative Sunni regimes… and working with them against all Shiite empowerment movements in the Muslim world” while as well maintaining “a strong strategic relationship with the Iraqi Shiite government.” The report confirms that the ‘Divide and Rule’ strategy was already being deployed in Iraq “to create divisions in the jihadist camp. Today in Iraq such a strategy is being used at the tactical level,” by forming “temporary alliances” with al-Qaeda affiliated “nationalist insurgent groups.” Although they have directly fought against the US for four years and “cooperated with al-Qaeda against US forces,” these groups are now being supported to exploit “the common threat that al-Qaeda now poses to both parties.” Christopher G. Pernin et al., “Unfolding the Future of the Long War.” RAND Corporation, 2008. https://www.rand.org/content/dam/rand/pubs/monographs/2008/RAND_MG738.pdf; Nafeez Ahmed, “Pentagon report predicted West’s support for Islamist rebels would create ISIS.” Insurge Intelligence, 22 May 2015. https://medium.com/insurge-intelligence/secret-pentagon-report-reveals-west-saw-isis-as-strategic-asset-b99ad7a29092; Early on during the invasion the US covertly supplied arms to al-Qaeda affiliated insurgents while propping up a Shia-dominated government. Pakistani defense sources confirmed to Asia Times that ‘former Ba’ath party’ loyalists were being supplied Pakistani-manufactured weapons by the US. These ‘former Ba’ath party’ loyalists were being recruited and trained by al-Qaeda in Iraq under the leadership of Abu Musab Zarqawi. The arms “could not be destined for the Iraqi security forces because US arms would be given to them”, a source told Asia Times’ Pakistan bureau chief Syed Saleem Shahzad, who was “known for his exposes of the Pakistani military” according to the New Yorker, and was murdered in 2011. Syed Saleem Shahzad, “US fights back against ‘rule by clerics.'” Asia Times, 15 February, 2005. https://www.atimes.com/atimes/Middle_East/GB15Ak02.html; Nafeez Ahmed, “Caught red-handed.” The Raw Story, 23 September, 2005. https://rawstory.com/news/2005/CAUGHT_RED__0923.html; Nafeez Ahmed, “How the west created the Islamic State.” Insurge Intelligence, 11 September 2014. https://medium.com/insurge-intelligence/how-the-west-created-the-islamic-state-dbfa6f83bc1f; According to a report for the US Joint Special Operations University (JSOU) and Strategic Studies Department titled “Dividing Our Enemies”, post-invasion Iraq strategy relied upon pursuing public legitimacy through social welfare programs while simultaneously delegitimizing local enemies by escalating intra-insurgent violence, even though this would harm civilians. The report notes that Iraq post-invasion was “an interesting case study of fanning discontent among enemies, leading to ‘red-against-red’ [enemy-against-enemy] firefights,” this strategy however “involves no effort to win over those caught in the crossfire of insurgent and counterinsurgent warfare, whether by bullet or broadcast. On the contrary, this underside of the counterinsurgency coin is calculated to exploit or create divisions among adversaries for the purpose of fomenting enemy-on-enemy deadly encounters.” The ‘enemies’ included jihadis, Ba’athists, as well as peaceful Sufis. “Evidence of factional fighting between the residents came to light with nightly gun battles not involving coalition forces. These firefights between insurgent factions represented the impact of U.S. psychological operations (PSYOP), which took advantage of and deepened the intra-insurgent forces. The PSYOP contingent cleverly crafted programs to exploit Zarqawi’s murderous activities and to broadcast them countrywide, thereby diminishing his folk-hero image among Iraqis. Although the jihadis and Baathists shared hostility to the U.S. military forces surrounding Fallujah, their mutual antipathy to each other presented an opportunity to turn them against each other.” Thomas H. Henriksen, “Dividing Our Enemies.” Joint Special Operations University (JSOU), November 2005. https://www.globalsecurity.org/military/library/report/2005/0511_jsou-report-05-5.pdf; Nafeez Ahmed, “How the west created the Islamic State.” Insurge Intelligence, 11 September 2014. https://medium.com/insurge-intelligence/how-the-west-created-the-islamic-state-dbfa6f83bc1f; US employs the “Salvadorian Option” for Iraq utilizing Shi’ite paramilitaries to lethally quell Sunni uprisings. Michael Hirsh and John Barry, “The Salvador Option.” Newsweek, 9 January 2005. https://web.archive.org/web/20050110030928/https://www.msnbc.msn.com/id/6802629/site/newsweek/; Mona Mahmood et al., “Revealed: Pentagon’s link to Iraqi torture centres.” The Guardian, 6 March 2013. https://www.theguardian.com/world/2013/mar/06/pentagon-iraqi-torture-centres-link; Mona Mahmood, et al., “From El Salvador to Iraq: Washington’s man behind brutal police squads.” The Guardian, 6 March 2013. https://www.theguardian.com/world/2013/mar/06/el-salvador-iraq-police-squads-washington; According to the UK based monitoring group Action on Armed Violence (AOAV) Iraq topped the worlds ‘most dangerous’ places list in June of 2015. “Iraq tops ‘most dangerous’ place in world list.” RT, 22 June 2015. https://www.rt.com/uk/268810-top-ten-dangerous-countries/.

• Craig Whitlock, “U.S. secretly backed Syrian opposition groups, cables released by WikiLeaks show.” Washington Post, 17 April 2011. https://www.washingtonpost.com/world/us-secretly-backed-syrian-opposition-groups-cables-released-by-wikileaks-show/2011/04/14/AF1p9hwD_story.html; “US trains activists to evade security forces.” AFP, 8 April 2011. https://www.activistpost.com/2011/04/us-trains-activists-to-evade-security.html; Ron Nixon, “U.S. Groups Helped Nurture Arab Uprisings.” The New York Times, 14 April 2011. https://www.nytimes.com/2011/04/15/world/15aid.html?pagewanted=1&_r=2&emc=eta1.

• Greg Miller et al., “Secret CIA effort in Syria faces large funding cut.” Washington Post, 12 June 2015. https://www.washingtonpost.com/world/national-security/lawmakers-move-to-curb-1-billion-cia-program-to-train-syrian-rebels/2015/06/12/b0f45a9e-1114-11e5-adec-e82f8395c032_story.html; David E. Sanger, “Rebel Arms Flow Is Said to Benefit Jihadists in Syria.” The New York Times, 14 October 2012. https://www.nytimes.com/2012/10/15/world/middleeast/jihadists-receiving-most-arms-sent-to-syrian-rebels.html?pagewanted=all&_r=1&.

• “They trained us to ambush regime or enemy vehicles and cut off the road. They also trained us on how to attack a vehicle, raid it, retrieve information or weapons and munitions, and how to finish off soldiers still alive after an ambush.” “Syria: Arming the Rebels.” Frontline, 27 May 2014. https://www.pbs.org/wgbh/pages/frontline/syria-arming-the-rebels/; The Conventions offer protections to wounded combatants, and prisoners of war must be humanely treated at all times. “Reference Guide to the Geneva Conventions.” Society of Professional Journalists. https://www.spj.org/gc-index.asp#woundedcombatants.

• Josh Rogin, “America’s Allies Are Funding ISIS.” The Daily Beast, 14 June 2014. https://www.thedailybeast.com/articles/2014/06/14/america-s-allies-are-funding-isis.html; “Biden: Turks, Saudis, UAE funded and armed Al Nusra and Al Qaeda.” Mideast Shuffle, 4 October 2014. https://mideastshuffle.com/2014/10/04/biden-turks-saudis-uae-funded-and-armed-al-nusra-and-al-qaeda/; “General Dempsey acknowledges U.S. Arab allies funding ISIS.” C-SPAN, 20 September 2014. https://www.c-span.org/video/?c4509231/general-dempsey-acknowledges-us-arab-allies-funding-isis; All of this was coordinated out of US-led operation rooms in Turkey and Jordan, Eric Schmitt, “C.I.A. Said to Aid in Steering Arms to Syrian Opposition.” The New York Times, 21 June 2012. https://www.nytimes.com/2012/06/21/world/middleeast/cia-said-to-aid-in-steering-arms-to-syrian-rebels.html?_r=0; Mark Hosenball, “Exclusive: Obama authorizes secret U.S. support for Syrian rebels.” Reuters, 1 August 2012. https://www.reuters.com/article/2012/08/01/us-usa-syria-obama-order-idUSBRE8701OK20120801; Adam Entous, et al., “A Veteran Saudi Power Player Works To Build Support to Topple Assad.” The Wall Street Journal, 25 August 2013. https://www.wsj.com/articles/SB10001424127887323423804579024452583045962; FSA commander: “We are collaborating with the Islamic State and the Nusra Front”, Elise Knutsen, “Frustration drives Arsal’s FSA into ISIS ranks.” The Daily Star, September 8, 2014. https://cached.newslookup.com/cached.php?ref_id=394&siteid=2319&id=8144452&t=1410149280; US-backed SRF commander: “If the people who support us tell us to send weapons to another group, we send them. They [Jabhat al-Nusra] asked us a month ago to send weapons to Yabroud so we sent a lot of weapons there. When they asked us to do this, we do it.” Isabel Hunter, “‘I am not fighting against al-Qa’ida… it’s not our problem’, says West’s last hope in Syria.” The Independent, April 2nd, 2015. https://www.independent.co.uk/news/world/middle-east/i-am-not-fighting-againstalqaida-itsnot-our-problem-says-wests-last-hope-in-syria-9233424.html; US-backed commander Okaidi: “My relationship with the brothers in ISIL is good… I communicate almost daily with brothers in ISIL… the relationship is good, even brotherly… They [al-Nusra] did not exhibit any abnormal behavior, which is different from that of the FSA.” Joshua Landis, “US Key Man in Syria Worked Closely with ISIL and Jabhat al-Nusra.” https://twitter.com/joshua_landis/status/504610185952784384; Then US Ambassador to Syria Robert Ford admits US-backed rebels collaborated with ISIS and al-Qaeda, Brad Hoff. Levant Report, May 25th, 2015. https://levantreport.com/tag/robert-ford/.

• Nafeez Ahmed, “Pentagon report predicted West’s support for Islamist rebels would create ISIS: Anti-ISIS coalition knowingly sponsored violent extremists to ‘isolate’ Assad, rollback ‘Shia expansion.'” Insurge Intelligence, 22 May 2015. https://medium.com/insurge-intelligence/secret-pentagon-report-reveals-west-saw-isis-as-strategic-asset-b99ad7a29092; Nafeez Ahmed, “Ex-intel officials: Pentagon report proves US complicity in ISIS.” Insurge Intelligence, 2 June 2015. https://medium.com/insurge-intelligence/ex-intel-officials-pentagon-report-proves-us-complicity-in-isis-fabef96e20da.

The post Manipulated ISIS Intelligence | Unfilter 158 first appeared on Jupiter Broadcasting.

Red Hat highlights how leaky many open source RSA implementations are, Netflix releases Sleepy Puppy & the Mac is definitely under attack.

Plus some quick feedback, a rockin’ roundup & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

NetFlix releases new open source security tool, Sleepy Puppy

• Sleepy Puppy is a delayed XSS (Cross-Site Scripting) vulnerability scanner
• In a typical XSS scan, and attacker (or the scanner program) attempts to send a script as part of some user input (the comment on a blog or something like that, or via a URL variable). This content is then shown to that user, and often times, other users. If I can make a bit of my javascript run on your computer, when you visit someone else’s site, I have achieved XSS
• There are a number of scanners out there, and they “fuzz test” all of the inputs and variables they can find, and attempt to get some code they submit to be returned to them
• This new tool from NetFlix addresses second level vulnerabilities, and beyond
• What if an attacker injects the code on the website, and the website mitigates this, but some other application, internal or public facing, also uses the data from the database, and it then ends up being vulnerable to the XSS
• Sleepy Puppy is a “XSS payload management framework”, it generates unique code snippets for each injection, so that when a successful XSS happens, it can be tracked back to its source, even if that is outside of the application where the exploit took place
• “Delayed XSS testing is a variant of stored XSS testing that can be used to extend the scope of coverage beyond the immediate application being tested. With delayed XSS testing, security engineers inject an XSS payload on one application that may get reflected back in a separate application with a different origin.”
  • Show Diagram
• “Here we see a security engineer inject an XSS payload into the assessment target (App #1 Server) that does not result in an XSS vulnerability. However, that payload was stored in a database (DB) and reflected back in a second application not accessible to the tester. Even though the tester can’t access the vulnerable application, the vulnerability could still be used to take advantage of the user. In fact, these types of vulnerabilities can be even more dangerous than standard XSS since the potential victims are likely to be privileged types of users (employees, administrators, etc.)”
• SleepyPuppy ships with a default set of assessments includes, so is ready to use out of the box

Researchers announce new iOS vulnerability: brokenchain

• The vulnerability allows a piece of malware to access the keychain in iOS, and copy your saved passwords and other secret keys
• These keys can then be exfiltrated via SMS or HTTP etc
• When the malware attempts to access the keychain, iOS presents a dialog asking them user to allow or deny the action, but the malware can simulate a tap on the screen and accept the dialog
• Further, some malware seems to be able to cause the popup to appear off screen, so the user never even sees it
• “Special-crafted commands can be triggered by malware — or even an image or video — which causes OS X to display a prompt to click an Allow button. But rather than relying on users clicking on a button that appears unexpectedly, the button is displayed very briefly off the edge of the screen or behind the dock, and is automatically pressed using a further command. It is then possible to intercept a user’s password and send it to the attacker via SMS or any other means.”
• “Apple has been told about the vulnerability. The company has not only failed to issue a fix yet, but has not even responded to Jebara and Rahbani.”
• Ars Technica found that parts of the vulnerability have existed since 2011, and have been used actively
• “DevilRobber, the then new threat caught the attention of security researchers because it commandeered a Mac’s graphics card and CPU to perform the mathematical calculations necessary to mine Bitcoins, something that was novel at the time. Less obvious was the DevilRobber’s use of the AppleScript programming language to locate a window requesting permission to access the Keychain and then simulate a mouse click over the OK button.”
• “The same technique was being used by the Genieo adware installer to gain access to a Safari extensions list that’s protected inside the Mac Keychain.”
• The same day, another group of researchers independently found the same vulnerability
• Windows UAC has a bunch of defenses against apps users accidentally accepting or malware auto-clicking the authorization popups. Maybe we need the same in mobile OSes
• “Mac users should remember that the technique works only when invoked by an application already installed on their systems. There is no evidence the technique can be carried out through drive-by exploits or attacks that don’t require social engineering and end-user interaction. Still, the weakness is unsettling, because it allows the same app requesting access to the keychain to unilaterally approve it and to do so quickly enough for many users to have no idea what has happened. And by default, OS X will grant the access without requiring the user to enter a password. The Mac keychain is the protected place storing account passwords and cryptographic keys.”
• Maybe the solution is to require the unlock code or password in order to authorize access to sensitive areas like the keychain
• “I think that Apple needs to isolate that particular window,” Reed told Ars on Wednesday. “They need to pull that particular window out of the window list … in a way that an app can’t tell it’s on the screen and get its location.”

Factoring RSA keys with TLS Forward Secrecy

• “Back in 1996, Arjen Lenstra described an attack against an optimization (called the Chinese Remainder Theorem optimization, or RSA-CRT for short). If a fault happened during the computation of a signature (using the RSA-CRT optimization), an attacker might be able to recover the private key from the signature (an “RSA-CRT key leak”). At the time, use of cryptography on the Internet was uncommon, and even ten years later, most TLS (or HTTPS) connections were immune to this problem by design because they did not use RSA signatures.”
• “This changed gradually, when forward secrecy for TLS was recommended and introduced by many web sites.”
• “We evaluated the source code of several free software TLS implementations to see if they implement hardening against this particular side-channel attack, and discovered that it is missing in some of these implementations. In addition, we used a TLS crawler to perform TLS handshakes with servers on the Internet, and collected evidence that this kind of hardening is still needed, and missing in some of the server implementations: We saw several RSA-CRT key leaks, where we should not have observed any at all.”
• “An observer of the private key leak can use this information to cryptographically impersonate the server, after redirecting network traffic, conducting a man-in-the-middle attack. Either the client making the TLS handshake can see this leak, or a passive observer capturing network traffic. The key leak also enables decryption of connections which do not use forward secrecy, without the need for a man-in-the-middle attack. However, forward secrecy must be enabled in the server for this kind of key leak to happen in the first place, and with such a server configuration, most clients will use forward secrecy, so an active attack will be required for configurations which can theoretically lead to RSA-CRT key leaks.”
• “Does this break RSA? No. Lenstra’s attack is a so-called side-channel attack, which means that it does not attack RSA directly. Rather, it exploits unexpected implementation behavior. RSA, and the RSA-CRT optimization with appropriate hardening, is still considered secure.“
• While it appears that OpenSSL and NSS properly implement the hardening, some other products do not
• It seems RedHat discovered this issue some time ago, and reported it to a number of vendors
• Oracle patched OpenJDK back in April
• “None of the key leaks we observed in the wild could be attributed to these open-source projects, and no key leaks showed up in our lab testing, which is why this additional hardening, while certainly desirable to have, does not seem critical at this time.”
• “Once the necessary data is collected, the actual computation is marginally more complicated than a regular RSA signature verification. In short, it is quite cheap in terms of computing cost, particularly in comparison to other cryptographic attacks.”
• Then the most important question came up
• “Does this vulnerability have an name? We think that “RSA-CRT hardening” (for the countermeasure) and “RSA-CRT key leaks” (for a successful side-channel attack) is sufficiently short and descriptive, and no branding is appropriate. We expect that several CVE IDs will be assigned for the underlying vulnerabilities leading to RSA-CRT key leaks. Some vendors may also assign CVE IDs for RSA-CRT hardening, although no key leaks have been seen in practice so far.”
• Crypto Rundown, Hardened:
  • GnuPG
  • NSS
  • OpenSSL 1.0.1l
  • OpenJDK8 (after the April patch)
  • cryptlib (hardening disabled by default)
• Unhardened:
  • GNUTLS (via libgcrypt and Nettle)
  • Go 1.4.1
  • libgcrypt (1.6.2)
  • Nettle (3.0.0)
  • ocaml-nocrypto (0.5.1)
  • OpenSwan (2.6.44)
  • PolarSSL (1.3.9)
• Technical Record [PDF]

Feedback

• Reply to the pfSense question from episode 229
• Where to get news on vulnerabilities and urgent patches

Round Up:

• China and Russia cross-referencing OPM data, other hacks to out US spies
• The Zero Trust Initiative, making it possible to trust your vendors
• Hackers Stole the Biggest Number of Apple Accounts Ever with iOS Malware Researcher Post
• The police body camera business is not about camera, but overpriced cloud storage. 300 Cameras: $180,000. 5 year contract for storage: $889,000
• Pre-Installed Android Malware Raises Security Risks in Supply Chain
• AppLock, a popular Android app that claims to securely store photos, videos, and other content, turns out to just hide the files in a non-default location. It also has a weak pin reset feature, meaning it provides basically no security to its 100 million users
• Android ransomware uses XMPP chat to call home, claims it’s from NSA
• The Government should pay bug bounties and not attack security researchers
• Department of Justice being sued by Reuters for not fulfilling FoIA requests re: fake news stories with embedded malware used in 2007
• If documents are not for public release, try not posting them on the public Internet

The post Leaky RSA Keys | TechSNAP 231 first appeared on Jupiter Broadcasting.

A leak from the top of the Obama Administration forecasts the US’s intentions to strike back at China after the recent OPM hack. We’ll share what we know so far. Germany is cracking down on reports that cover intelligence leaks, and we debunk the big cyber scares of the week.

Plus a snapshot at some of the economies around the world, new “calls” for lone wolf attacks, and an update on the 2016 race!

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

— Episode Links —

• Hacked e-mails: Boeing wants its drones to hack computers from the sky – The Washington Post
• Even the Department of Homeland Security Says the CISA “Cybersecurity” Bill Will HURT Security and Destroy Privacy Washington’s Blog
• The Obama administration just posted the entire Iran nuclear deal online
• Jimmy Carter: The U.S. Is an “Oligarchy With Unlimited Political Bribery”
• New Leak Confirms the Secretive Trans-Pacific Partnership Is a Horrorshow | Motherboard
• Wikileaks Latest Info-Dump Shows, Again, That The NSA Indeed Engages In Economic Espionage Against Allies | Techdirt
• Women posed as fake brides to scam ISIS out of $3000 | Naked Security
• Encryption a growing threat to security (Opinion) – CNN.com
• BBC presenter gets caught brushing hair on live TV, stays impressively cool
• Planned Parenthood Opponents Talk Government Shutdown After Bill Fails : It’s All Politics : NPR
• After 27 Years, Reporter Who Exposed ECHELON Finds Vindication in Snowden Archive
• MH370 search live: ‘Convincing evidence’ plane was downed in Indian Ocean – Malaysian offical – Telegraph
• Turkey finally joins the ISIS fight. Should we be worried? – World – CBC News
• Turkey joins US-led coalition against ISIS, provides jets & air bases — RT News

The post Cyber Retaliation | Unfilter 153 first appeared on Jupiter Broadcasting.

In the fight against ISIS, the FBI is making the case for US tech companies to build-in backdoors to their encryption across the board. At the same time new legislation compels social media companies to report all terrorism related activities. We’ll look at the big picture & the trends that have been leading to this.

Plus the first possible olive branch has been extended to Edward Snowden, an update on Greece, the NYSE goes down & much more!

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

— Episode Links —

• Hacking Team says data breach put its cyberweapons in the hands of terrorists
• ‘Any govt that uses US military software is vulnerable’ – frmr MI5 officer on German missile ‘hack’ : unfilter
• FBI chief: Terrorist group turning to encrypted communications – The Washington Post
• More than 61% of Greeks say ‘No’ in crucial bailout referendum – final tally — RT News
• Emails show US officials knew of Clinton’s private email address – CSMonitor.com
• FBI & Homeland Security Now 0 For 41 In Predicting Imminent Terrorist Attacks On The US | Techdirt
• NYSE repoens after trading stopped amid United Airlines, WSJ.com tech issues | Fox News

The post Encryption McCarthyism | Unfilter 150 first appeared on Jupiter Broadcasting.

Was “the biggest” recent government hack in history the result of out of date software & crappy detection systems? We share the details.

Plus a look back at the best Star Trek games of all time, a browser extension that reads that Terms of Service for you & Kaspersky labs gets hacked!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Why the “biggest government hack ever” got past the feds | Ars Technica
• Kaspersky Lab admits that it was hacked by a nation state – Business Insider
• A People’s History of Star Trek Video Games | Geek and Sundry
• Terms of Service; Didn’t Read

The post Embarrassed Einstein | Tech Talk Today 182 first appeared on Jupiter Broadcasting.

Preparing for a camping trip in the woods has never been more stressful, we debate how much tech to take. Plus the US suspects China breached about 4 million government records, Steam Machines get a ship date & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• U.S. Suspects Hackers in China Breached About 4 Million People’s Records, Officials Say – WSJ
• Meet Cinch!– The ultimate pop-up tent with solar power & LED by Jake Jackson — Kickstarter
• Apple Still Negotiating With Music Labels Over Streaming Terms Days Before WWDC Launch – Mac Rumors
• Review #Jolla #SailfishOS: [News] New Sailfish OS phone manufacturer confirmed
• Steam Machines, Steam Link, & Steam Controller Launching November 10th
• Spotify Client 1.x beta for Linux has been release… – The Spotify Community
• Skype for Web (Beta) in US and UK | Skype Blogs – – Skype Blogs
• Jupiter Broadcasting Meetup (Seattle, WA) – Meetup
• Support Tech Talk Today creating DAILY PODCASTS
• Portable Generators – Power Practical

The post Solar Freaking Tents! | Tech Talk Today 179 first appeared on Jupiter Broadcasting.

What’s really the key to detecting a breach before its become much too late? We’ll share some key insights, plus a technical breakdown of China’s great cannon & the new New French Surveillance Law that should be a warning to us all.

Plus a great round up, fantastic questions, our answers & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Security analytics: The key for breach detection

• “Although security spending is at an all-time high, security breaches at major organizations are also at an all-time high, according to Gartner, Inc. The impact of advanced attacks has reached boardroom-level attention, and this heightened attention to security has freed up funds for many organizations to better their odds against such attacks.”
• “Breach detection is top of mind for security buyers and the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level,” said Eric Ahlm, research director at Gartner. “Security analytics platforms endeavor to bring situational awareness to security events by gathering and analyzing a broader set of data, such that the events that pose the greatest harm to an organization are found and prioritized with greater accuracy.”
• The approach that seems to be in favour at the moment is: security information and event management (SIEM)
• “While most SIEM products have the ability to collect, store and analyze security data, the meaning that can be pulled from a data store (such as the security data found in a SIEM) depends on how the data is reviewed. How well a SIEM product can perform automated analytics — compared with user queries and rules — has become an area of differentiation among SIEM providers.”
• “User behavior analytics (UBA) is another example of security analytics that is already gaining buyer attention. UBA allows user activity to be analyzed, much in the same way a fraud detection system would monitor a user’s credit cards for theft. UBA systems are effective at detecting meaningful security events, such as a compromised user account and rogue insiders. Although many UBA systems can analyze more data than just user profiles, such as devices and geo-locations, there is still an opportunity to enhance the analytics to include even more data points that can increase the accuracy of detecting a breach.”
• “As security analytics platforms grow in maturity and accuracy, a driving factor for their innovation is how much data can be brought into the analysis. Today, information about hosts, networks, users and external actors is the most common data brought into an analysis. However, the amount of context that can be brought into an analysis is truly boundless and presents an opportunity for owners of interesting data and the security providers looking to increase their effectiveness.”
• “Analytics systems, on average, tend to do better analyzing lean, or metadata-like, data stores that allow them to quickly, in almost real-time speed, produce interesting findings. The challenge to this approach is that major security events, such as breaches, don’t happen all at once. There may be an early indicator, followed hours later by a minor event, which in turn is followed days or months later by a data leakage event. When these three things are looked at as a single incident that just happens to span, say, three months, the overall priority of this incident made up of lesser events is now much higher, which is why “look backs” are a key concept for analytics systems.”
• “Ultimately, how actual human users interface with the outputs of large data analytics will greatly determine if the technology is adopted or deemed to produce useful information in a reasonable amount of time,” said Mr. Ahlm. “Like other disciplines that have leveraged large data analytics to discover new things or produce new outputs, visualization of that data will greatly affect adoption of the technology.”
• It will be interesting to see where the industry goes with these new concepts

China’s Great Cannon

• “This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.”
• “On March 16, GreatFire.org observed that servers they had rented to make blocked websites accessible in China were being targeted by a Distributed Denial of Service (DDoS) attack. On March 26, two GitHub pages run by GreatFire.org also came under the same type of attack. Both attacks appear targeted at services designed to circumvent Chinese censorship. A report released by GreatFire.org fingered malicious Javascript returned by Baidu servers as the source of the attack. Baidu denied that their servers were compromised.”
• “Several previous technical reports have suggested that the Great Firewall of China orchestrated these attacks by injecting malicious Javascript into Baidu connections. This post describes our analysis of the attack, which we were able to observe until April 8, 2015.”
• “We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.”
• The report is broken down into a number of sections
• Section 2 locates and characterizes the Great Cannon as a separate system;
• Section 3 analyzes DDoS logs and characterizes the distribution of affected systems;
• Section 4 presents our attribution of the Great Cannon to the Government of China;
• Section 5 addresses the policy context and implications;
• Section 6 addresses the possibility of using the Great Cannon for targeted exploitation of individual users.
• I wonder what the next target of the Great Cannon of China will be

New French Surveillance Law

• “The new French Intelligence Bill has provoked concern among many of the country’s lawmakers, as well as international NGOs.”
• “According to French Human Rights Defender Jacques Toubon, the legislation contravenes the rulings of the European Court of Human Rights”
• “Despite boasting the support of France’s two major political parties, the Union for a Popular Movement (UMP) and the Socialist Party (PS), the Intelligence Bill has come in for some strong criticism in France, and it is now also beginning to raise eyebrows abroad.”
• “Many international NGOs, have condemned the vague and general nature of the bill. Designed to legalise certain surveillance practices, the bill would also broaden the powers of the security services, giving them the authority to ask private operators to follow and report on the activity of internet users. The debate over using terrorism as an excuse for internet surveillance is already raging in France, since Paris decided to “block” access to certain sites in the wake of the 7 January attacks.”
• “But the new bill goes even further. If adopted, it will allow investigators and government agents to intercept private emails and telephone conversations in the name of security, if they are directly linked to an investigation. Agents would be allowed to use new technologies wherever they deem necessary, including microphones, trackers and spy cameras. They would also be able to intercept conversations typed on a keyboard in real time. All these interceptions would be authorised by the Prime Minister, without the prior approval of a judge, and would be authorised after the fact by a new administrative authority, the National Commission for the Control of Intelligence Techniques (CNCTR).”
• “Seven companies, including web hosting and technology companies OVH, IDS, and Gandi have said in a letter to the French prime minister Manuel Valls that they will be pushed into de facto “exile” if the French government goes ahead with the “real-time capture of data” by its intelligence agencies.”
• Letter to French Prime Minister (in French)
• This has caused a very large backlash from the IT community
• Especially some of the large Internet and Server providers like Gandi, OVH, IDS, Ikoula and Lomaco who have threatened to leave France if the law passes
• OVH and Gandi threaten to move their operations, customers, tax revenue, and most importantly, 1000s of high tech jobs
• Hopefully this sends a clear warning to the US and other countries who are considering or proposing similar legislation, or who’s intelligence agencies have run amok
• “The companies argued that being required by the law to install “black boxes” on their networks will “destroy a major segment of the economy,” and if passed it will force them to “move our infrastructure, investments, and employees where our customers will want to work with us.” Citing a figure of 30-40 percent of foreign users, the companies say their customers come to them “because there is no Patriot Act in France,” France’s surveillance bill (“projet de loi relatif au renseignement”) allows the government’s law enforcement and intelligence agencies to immediately access live phone and cellular data for anyone suspected of being linked to terrorism. These phone records can be held for five years.”
• Tech firms threaten mass exodus from franch of new mass suveillance law
• Additional Coverage
• Hacker News

Feedback:

• hardening SSH? on your server and port forwarding email SPAM mail attack analysis….

• Chaining SSH connections | BSD Now

• Creating a snapshot in the middle of file being written.

• An Allan cameo

• FreeBSD Mastery: ZFS (in-progress draft) | Tilted Windmill Press

Some twitter comics:

• A population study of companies identifying the phenotype of a next generation
• An examination of strategic play versus action, concluding that action whilst important was not the key
• An examination of predictability, demonstrating that there was many knowable things which often failed to exploit
• Using weak signals to identify when ‘war’ (i.e. industrialisation) was likely to start in different tech fields
• Not one of my graphs but a neat profile from @DanHushon which make my top list

Second Set:

• Everything you need to know about Knowledge & Expertise
• The Enterprise IT Adoption cycle
• The Entire History of Cloud in one handy 2 x 2
• Build or use? Everything you need to know about Cloud in a handy 2×2
• The Entire history of product development in a handy table
• The future history of technology with helpful hints

Round Up:

• Cash register maker used same password – 166816 – non-stop since 1990
• When the security community eats its own — How the hype around intrusions and compromises can cause problems
• United Airlines prevents security analyst from boarding after tweet
• US Blocks Intel from selling Xeon chips to Chinese Supercomputer Project over concerns they are being used in nuclear tests
• Match.com uses HTTP only login page exposing millions of users’ passwords to those sniffing traffic
• Chinese hacker group going after air gapped computers
• Privilege Escalation via Docker
• US Arms Export restrictions cause Rapid7 to have to manually verify licenses for Metasploit for users outside of the US and Canada. All foreign governmental agencies are no longer allowed to be issued licenses.
• NASA asks to keep an unencrypted options in HTTP/2 because scientific data needs to be cachable
• Adversaries need credentials more than malware. Deny them by avoiding the sins of Windows credential administration

The post The French Disconnection | TechSNAP 211 first appeared on Jupiter Broadcasting.

Microsoft signals to Windows pirates that they’ll receive free legitimate upgrades to Windows 10, Tim Cook spills details about Steve Jobs & Nvidia really impresses!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Windows 10 Launching This Summer in 190 Countries and 111 Languages

Today at the renewed Windows Hardware Engineering Community (WinHEC) summit in Shenzhen, China, I had the honor of speaking about Windows 10 and the innovation and opportunity it offers our valued partners. China is a global epicenter for innovation and we’re excited to be working with the area’s leading hardware and software companies to develop ground-breaking devices and consumer experiences that will help shape the future of Windows 10.

Microsoft tackles China piracy with free upgrade to Windows 10 | Reuters

Microsoft Corp is making its biggest push into the heavily pirated Chinese consumer computing market this summer by offering free upgrades to Windows 10 to all Windows users, regardless of whether they are running genuine copies of the software.

The move is an unprecedented attempt by Microsoft to get legitimate versions of its software onto machines of the hundreds of millions of Windows users in China. Recent studies show that three-quarters of all PC software is not properly licensed there.

Terry Myerson, who runs Microsoft’s operating systems unit, announced the plan at the WinHEC technology conference in Shenzhen, China.

Tim Cook On Apple’s Future: Everything Can Change Except Values | Fast Company

In an exclusive Q&A, the current CEO discusses the Watch, how Steve Jobs informs Apple’s future, and how Apple lives “outside the box.”

• The Steve Jobs You Didn’t Know: Kind, Patient, And Human | Fast Company | Business + Innovation

Nvidia GeForce GTX Titan X Review

Although the GTX Titan was great for gaming, that wasn’t the sole purpose of the GPU, which was equipped with 64 double-precision cores for 1.3 teraflops of double-precision performance. Previously only found in Tesla workstations and supercomputers, this feature made the Titan ideal for students, researchers and engineers after consumer-level supercomputing performance.

Nvidia Announces Drive PX, Its Self-Driving Car Platform

A developer kit for Nvidia’s self-driving car platform, the Drive PX, will go on sale in May for $10,000, Nvidia CEO Jen-Hsun Huang said today at the company’s GPU Technology Conference.

The post Dread Pirate Nadella | Tech Talk Today 146 first appeared on Jupiter Broadcasting.