Show Notes: techsnap.systems/398

The post Proper Password Procedures | TechSNAP 398 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• Zoneminder – Open Source Security Cameras
• Home Assistant – Open Source Home Automation
• NMap – Open Source Network Scanning
• Metasploit – Open Source Exploit Scanner
• Tripwire – Open Source Intrusion Detection System
• VoxTeleSys

Vote for your favorite Distro

• Vote For Your Distro!

Join us for the AMA Episode

• Ask Noah anything you want about any topic personal or tech!
• Call In 1-855-450-NOAH
• Monday, December 25th
• Listen Live
• Watch Live

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Hacking on Linux | Ask Noah 40 first appeared on Jupiter Broadcasting.

It’s another historic week documented by the Unfilter show. The Obama administration signs an “executive agreement” with Iran, but we ask what the limitations of an “executive agreement” are, and what the downsides to the deal might be.

Plus the head of the FBI pushes to crack encryption, and track ISIS via twitter, the OPM hack is even worse than previously reported, and an updates on the NSA.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

— Episode Links —

• Valley of the Wolves (TV series) – Wikipedia, the free encyclopedia
  
• j9wrir.jpg (1024×768)
• Cyber Berkut | Кибер Беркут
• OpEd: Film Producer/Director’s Analysis of ISIS “Fraud” Video | Your News Wire
• Staged ISIS Beheading Video Released by Russian Hackers – YouTube
• CBD compound in cannabis could treat diabetes, researchers suggest
• How Much Damage Can the OPM Hackers Do With a Million Fingerprints? – NationalJournal.com
• Privacy talk at DEF CON canceled under questionable circumstances | CSO Online
• Reddit CEO Ellen Pao resigns following community uprising — RT USA
• TTIP: a corporate lobbying paradise | Corporate Europe Observatory
• Leaked Google Data Makes Company More Transparent Than It Wants To Be | TechCrunch
• Hillary Clinton Tells Israeli Billionaire and Mega-Donor She Will Support Israel, Fight Palestinian Movement | Alternet

The post Obama's Iran Plan | Unfilter 151 first appeared on Jupiter Broadcasting.

Interviews and awesome gear from the floor of SouthEast LinuxFest 2014. We round up the highlights of Linux from the south!

Plus some Firefox news we’re stoked about, and we take another step closer to becoming a commandline ninja…

And so much more!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

SouthEast LinuxFest 2014):

Brought to you by: System76

• SouthEast LinuxFest | Linux and in the GNU/South

June 20-22, 2014
Sheraton Charlotte Airport
Charlotte, NC

• Foundstone – A division of McAfee

Our Foundstone practice is one of the world’s foremost authorities on information security. Whether through strategic consulting, technology consulting, education, or a combination of all three, McAfee Foundstone delivers strategic solutions to security challenges, going well beyond a short-term fix. Our security experts make sure you have the right processes and procedures in place, the most effective tools to support those processes and procedures, and the education to make it all work together effectively and seamlessly.

• Alan Hicks (AlanHicks) on Twitter

• Slackware Linux Essentials, 2nd Edition: David Cantrell, Logan Johnson, Alan Hicks Chris Lumens: 9781571763389: Amazon.com: Books

This Book in designed to get you started with Slackware Linux operating system. It`s not meant to cover every single aspect of the distribution, but rather to show what it is capable of and give you a basic working knowledge of the system.

• Linux Professional Institute (LPI)

• ThinkPenguin.com | Penguin Laptops, Desktops, and Accessories with Linux & GNU Support

• D. Richard Hipp

• Well-Known Users Of SQLite

A few of the better-known users of SQLite are shown below in alphabetical order. There is no complete list of projects and companies that use SQLite. SQLite is in the public domain and so many groups use SQLite in their projects without ever telling us.

Dwayne Richard Hipp (born April 9, 1961) is the architect and primary author of SQLite as well as Fossil SCM.

Tweets from the floor:

Lots of neat looking toys at the archlinux ARM table #self2014 pic.twitter.com/WTb051XaYr

— imabug (@imabug) June 21, 2014

Docker(.io) #self2014 pic.twitter.com/ki04aXxVjV

— imabug (@imabug) June 21, 2014

ZFS 101 #self2014 pic.twitter.com/TT39FRv1q0

— imabug (@imabug) June 21, 2014

And there was much rejoicing #self2014 pic.twitter.com/yBrtRAekhj

— imabug (@imabug) June 21, 2014

• icculus.org/self2014

— Picks —

Runs Linux

Goofy-looking security guard robot runs Linux

Desktop App Pick

autojump

autojump is a faster way to navigate your filesystem. It works by maintaining a database of the directories you use the most from the command line. The autojump -s command shows you the current contents of the database. You need to work a little bit before the database becomes usable

Weekly Spotlight

ArchAssault

The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source. While our Arch Linux base is primarily untouched, there are times were we have to fork a package to be able to better support our vast selection of tools. All of our packages strive to maintain the Arch Linux standards, methods and philosophies.

— NEWS —

This Firefox OS-powered streaming stick is Mozilla’s answer to Chromecast

Google\’s Chromecast streaming stick could soon get competition from an unexpected source: Mozilla has secretly been working with a partner on a Chromecast-like streaming stick that is powered by Firefox OS. The project was supposed to be under wraps for at least a few more weeks, but Thursday, news started to leak out when a Mozilla evangelist tweeted a photo of a prototype of the device.

A fully open TV casting prototype device running #FirefoxOS. Open boot loader and all. pic.twitter.com/bZ0Uz8P0Zs

— Christian Heilmann (@codepo8) June 19, 2014

Maynard is a Wayland based Lightweight Desktop Environment Designed for the Raspberry Pi and Lower-end Hardware

This Wayland implementation is based on Weston + GTK, and is using the hardware video scaler (HVS) found in Broadcom BCM2835 to make everything nice and smooth. Although this is still work in progress, you can to try it on your Raspberry Pi

AMD Planning Open Source GameWorks Competitor, Mantle for Linux

(51:45) _When asked about AMD input on SteamOS and its commitment to the gamers that see that as the future, Huddy mentioned that AMD was considering, but not promising, bringing the Mantle API to Linux. If the opportunity exists, says Huddy, to give the gamer a better experience on that platform with the help of Mantle, and developers ask for the support for AMD, then AMD will at the very least \”listen to that.\” It would incredibly interesting to see a competitor API in the landscape of Linux where OpenGL is essentially the only game in town.

_

XCOM: Enemy Unkown Released For Linux

Steam Summer Sale ends June 30th

Feedback:

• Texas Linux Fest

• Try out sailfish OS

• ‘Jolla Launcher’ Community Alpha testing begins next week

— Chris\’ Stash —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged
• Articles at Datamation
• Super Meat Boy – Part 1 | Geek And The Gamer

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post SouthEast LinuxFest Highlights | LAS 318 first appeared on Jupiter Broadcasting.

Encryption might be less secure than originally thought, EasyDNS suffers an attack and comes up with a clever solution…

Plus the big story for Windows users, a batch of your questions, our answers, and much more!

On this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get 32% off a new order code: go32off3
UnitySync Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.

Encryption is less secure than originally thought

• The problem is that information-theoretic analyses of secure systems have generally used the wrong notion of entropy.
• Shannon entropy is based on the average probability that a given string of bits will occur in a particular type of digital file, that the characteristics of the data traffic will quickly converge to the statistical averages
• But in cryptography, the real concern isn’t with the average case but with the worst case
• A codebreaker needs only one reliable correlation between the encrypted and unencrypted versions of a file in order to begin to deduce further correlations
• “We thought we’d establish that the basic premise that everyone was using was fair and reasonable,” says Ken Duffy
• When researchers started using other notions of entropy (developed since Shannon entropy in the 1950s), which give greater weight to improbable outcomes, they found that slight deviations from perfect uniformity in source files significantly weakened the protection provided by encryption
• “as a consequence, the wireless card readers used in many keyless-entry systems may not be as secure as previously thought.”
• A computer turned loose to simply guess correlations between the encrypted and unencrypted versions of a file would make headway much faster than previously expected.
• “It’s still exponentially hard, but it’s exponentially easier than we thought,” Duffy says. One implication is that an attacker who simply relied on the frequencies with which letters occur in English words could probably guess a user-selected password much more quickly than was previously thought. “Attackers often use graphics processors to distribute the problem,” Duffy says. “You’d be surprised at how quickly you can guess stuff.”
• The Shannon Limit Explained
• Research Paper

Redhat introduces the ‘Red Hat Software Collections 1.0’

• Red Hat Enterprise Linux provides ‘long term support’ for all of the included packages. This means that the version of PHP that is included in the original distribution is maintained for the entire life of that version of RHEL. Of course security fixes are backported, but new features are not. This is both a blessing and a curse, new features and new bugs do not break your production stack, but those new features are not available to you
• The Red Hat Software Collection “Helps Users Build and Deploy Web Applications Through Dynamic Languages and Databases”
• The Collection provides:
• Ruby 1.9.3 with Rails 3.2.8
• Python version 2.7 and 3.3
• PHP version 5.4
• Perl version 5.16.3
• node.js version 0.10
• MariaDB version 5.5
• MySQL version 5.5
• PostgreSQL version 9.2
• “Red Hat Software Collections 1.0 Beta is available now for use with Red Hat Enterprise Linux 6 to customers and partners with select active Red Hat Enterprise Linux Server, Red Hat Enterprise Linux Workstation or developer-related subscriptions.”
• Users without subscriptions or using CentOS, can use IUS a community powered repository of updated software
• “The IUS Community Project is aimed at providing up to date and regularly maintained RPM packages for the latest upstream versions of PHP, Python, MySQL and other common software”

• EasyDNS DDoS in progress
• EasyDNS article explaining their history of dealing with DDoS attacks and their proposed solutions for customers
• They highly recommend that if your site is mission critical, that you use more than 1 DNS provider, to eliminate any single point of failure (SPoF)
• During a previous DDoS attack, they actively worked with their competitors, DNSMadeEasy and DNSimple to mitigate the issues and develop filters to prevent the specific type of attack
• Allan has used DNSMadeEasy for 10 years to handle high DNS loads and the fastest possible response times (anycast means low latency), Managed DNS with automatic Failover for critical domains, and secondary DNS for 100s of hosted domains
• EasyDNS has introduced a new feature called Proactive Nameservers – If you use EasyDNS has your domain registrar, for a monthly fee you can have them automatically adjust your list of active DNS servers based on availability
• The service will automatically removing downed name servers and replacing them with backups that are not publicly displayed until they are used
• This means that the attackers do not know where your backup name servers are, they only get added into the mix if the attack is large enough to disrupt your main name servers
• This service is designed to allow you to automate the use of multiple DNS providers, eliminating any SPoF
• EasyDNS has also introduced a feature to sync your DNS records to Amazon Route53 as a backup

Feedback:

• Questions for A & C

  • Case study: Switching from Linux to FreeBSD

• AD Replacement

• External Drive Array & FreeNAS?

• pkgng

• vBSDCon.com

Round Up:

• The NSA Is Commandeering the Internet – Bruce Schneier
• Android Java API ‘SecureRandom’ method does not generate secure random numbers or keys, leads to theft of bitcoins
• Health care law implementation delayed because insurance industry software cannot calculate and sum a patients out-of-pocket expenses
• Why I am not afraid of the Factoring Cryptopocalypse
• IBM Buys Israel/US Cybersecurity Specialist Trusteer For $800M-$1B
• UK Piracy filtering takes out legitimate sites like the RadioTimes and TorrentFreak
  
• Jamming Wars – With the increase in survailence will we see an increase in jamming tech, and laws against its use
• PuTTy 0.63 released fixes 4 critical security vulnerabilities

The post Encryption Prediction | TechSNAP 123 first appeared on Jupiter Broadcasting.

A huge amount of SIM cards are susceptible to an Over the Air attack, Allan’s got the details, Apple’s hacker outs himself, and the trouble with the Ubuntu forums!

Plus a batch of your questions, and much much more!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get private registration FOR FREE with a .COM! code: free5
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Security Researcher Claims Apple Developer Website Hack

• Apple\’s Developer Center first went offline last Thursday, and on Sunday, Apple revealed that it had been taken down as a precaution after a security breach. It is unclear who was responsible for the hacking, but a security researcher, Ibrahim Balic has suggested that he might be to blame for the outage.
• The company added that critical developer data had not been compromised and that they were working day n’ night to fix the vulnerability and bring the site back online.
• According to 9 to 5 Mac adds that, “In an email… Balic … is persistent in stating he did this for security research purposes and does not plan to use the information in any malicious manner.”
• The comment comes from independent security researcher Ibrahim Balic, who claims that his effort was not intended to be malicious and that he reported his findings to Apple just hours before the developer site was taken down by the company.
• Balic, who has reported 13 different bugs to Apple, originally discovered an iAd Workbench vulnerability on June 18 that allowed a request sent to the server to be manipulated. This security hole could be used to acquire the names and email addresses of iTunes users (even non-developers).
• After finding the loophole, Balic wrote a Python script to harvest data from the vulnerability and then displayed it in a YouTube video, which may have put him on Apple\’s radar.
• In addition to the iAd Workbench bug, Balic also discovered and submitted a report on a bug that caused the Dev Center site to be vulnerable to a stored XSS attack. While Balic says that it was possible to access user data by exploiting the Dev Center issue, he claims that he did not do so.
• New Details Emerge on Security Researcher Potentially Responsible for Dev Center Outage s
• Apple Outlines Plan for Bringing Developer Center Back Online
  Additional Coverage

Ubuntu Forums compromised

• The forums were defaced and the database compromised
• There were approximately 1.82 million registered accounts in the forum database
• Attackers have access to each of these user\’s username, password and email address
• The passwords were salted hashes, but by which algorithm was not made clear. Where these cryptographic hashes, or just md5(salt+md5(password)) or similar like some forum software?
• If you were a registered user, and reused that password anywhere else, you are likely going to have a bad time
• “Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach”
• Timeline:
• 2013-07-20 2011 UTC: Reports of defacement
• 2013-07-20 2015 UTC: Site taken down, this splash page put in place while investigation continues.
• 2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
• 2013-07-22: work on reinstalling the forums continues.

Feedback:

TechSNAP Bitmessage: BM-GuGEaEtsqQjqgHRAfag5FW33Dy2KHUmZ

• Voicemail from OSCON
• 389 Directory Server (Open Source LDAP)

The enterprise-class Open Source LDAP server for Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The 389 Directory Server can be downloaded for free and set up in less than an hour using the graphical console.

• Too many VMs in One Place?

• An Excellent Chance to Talk about FreeBSD for Allan!

• PPA for PHP5 : Ondřej Surý

• How does one learn how to become a PenTester?

  • Metaspolitable
  • Backtrack view by example
• Linux Drive Recovery | LAS s27e10 | Jupiter Broadcasting

Round Up:

• Feds Demand the Keys, Preparing for the Death of Public-Key Encryption
• The UNIX Issue of the Bell System Technical Journal turns 35 Spotted by Poul-Henning Kamp @bsdphk
• UK MP leading the charge for default blocking porn, has website hacked and filled with porn, accuses random blogger who comments on it of being behind the attack #doesnotknowhowtheinternetworks
• MIT Uses Machine Learning Algorithm To Make TCP Twice As Fast
• NSA says it cannot search its own emails to fulfill FOIA requests
• US-CERT releases advisory about DNS Amplification attacks, includes configuration suggestions to prevent your servers from being part of an attack
• True tales of white-hat hacking

The post Ethically Hacked | TechSNAP 120 first appeared on Jupiter Broadcasting.

MySQL had a bad week, we’ll run down the list of the recently disclosed vulnerabilities, the SSH server that allows an attacker full root access, and a GPU password cracking monster.

Plus a big batch of your questions, and so much more!

Thanks to:

Use our code tech295 to get a .COM for $2.95.

Something else in mind? use go20off5 to save 20% on your entire order!

$4.99 SSL certificates, just use our code 499ssl2. Expires 12-31-12!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show: