Show Notes: selfhosted.show/73

The post 100 Days of HomeLab | Self-Hosted 73 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/220

The post Linux Action News 220 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/72

The post Learning, Failing, and Hacking the Industry: Danny Akacki | Jupiter Extras 72 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/60

The post Pentesting Problems: Bryson Bort | Jupiter Extras 60 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/58

The post Mastering Cyber Security Basics: James Smith | Jupiter Extras 58 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Massive cyberattack hits Europe with widespread ransom demands

• New Ransomware Variant Compromises Systems Worldwide

• some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc

• MDDoc posts about a virus

• notes at SANS ISC InfoSec Forums

Google Says It Will No Longer Read Users’ Emails To Sell Targeted Ads

• Google will no longer scan emails in Gmail accounts in order sell targeted advertising, the company said Friday.

• Google’s blog post

• more than 3 million paying companies that use G Suite

• Bloomberg post on same topic

Does US have right to data on overseas servers? We’re about to find out

Feedback

• AES-256 encryption keys cracked by hands-off hack from Shawn via Twitter

• workflow and backup strategy advice

• Regarding DNS, I think Dan mentioned that he didn’t have any of the books he used to learn about it. Any suggestions about some good reading material on that topic? Thanks for the awesome show. – DNS and BIND is the name of the book

Round Up:

• How LZ4 works

• Know your Times Tables, but… do you know your “Hash Tables”?

• AWS Security Primer

The post Google Reads Your Email | TechSNAP 325 first appeared on Jupiter Broadcasting.

Our live meta coverage of the last super Tuesday event in the 2016 race. We pull in all the network feeds & we analyze the media’s coverage of this event. Hillary declares herself the winner, Trump goes on the attack & the media plays down Bernie.

These episodes are a special event, grab a beverage and jump in!

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

— Show Notes —

Episode Links

• Russian military latest – Putin’s armed forces announce plan for 2,000 summer exercises | World | News | Daily Express
• Slapped down: David Cameron faces hostility in TV interrogation | Politics | The Guardian
• The Classified Double Standard | Observer
• Daughter of Bill Clinton’s Pal is Covering Campaign for Bloomberg
• Obama adviser lashes out at Fox News amid questions over deleted footage | Fox News
• USA: Killing of Pregnant Afghan Women Was “Appropriate” | loonwatch.com
• An Open Letter to Senator Chuck Grassley: Don’t Give Up on Venue Reform — Digital Freedom — Medium
• Bernie and Jane Sanders house: A guided tour
• Three Minnesota Men Convicted of Conspiring to Join ISIS – NBC News
• Disgraceful Bill Clinton Tells Non-College Whites their Glory Days are Over – TruthFeed
• Special Forces Team Rescued From Colorado’s 14,000-Foot Longs Peak – NBC News
• Russian FM: US Asks Russia Not to Attack al-Qaeda in Syria — News from Antiwar.com
• Exclusive: Snowden Tried to Tell NSA About Surveillance Concerns, Documents Reveal | VICE News
• Calif. sees record high voter registrations going into primary | TheHill
• ISIS’s Mobile App Developers Are in Crisis Mode | Motherboard
• The Clinton Foundation, a $100 Billion Slush-fund? — Medium
• 3 Years Later, the Snowden Leaks Have Changed How the World Sees NSA Surveillance | Electronic Frontier Foundation
• President Bill Clinton Lost Nuclear Codes While in Office, New Book Claims – ABC News
• State: Clinton aide email wait would last 75 years – CNNPolitics.com
• Hillary Clinton Has Clinched Democratic Nomination, Survey Reports – NYTimes.com
• Sanders Campaign Statement – Bernie Sanders
• Perfect End to Democratic Primary: Anonymous Superdelegates Declare Winner Through Media
• Russia Just Accused U.S. of Protecting Al-Qaeda’s Army in Syria — ‘U.S. Told us Not to Hit al-Nusra’ – The Free Thought Project
• BUSTED: AP & Clinton Caught Colluding For “Secret Win”
• Clinton money email uses images labeled ‘secret win’ – LA Times
• GPS Interference Notam For Southwest – AVweb flash Article
• Trump to Give Major Hillary Speech Monday | The Weekly Standard
• Twitter Moments: Hillary Clinton declares that she is the nominee
• EXCLUSIVE: Clinton Foundation Got $100M From ‘Blood Minerals’ Firm
• SAVAGED: David Cameron Crumbles At Live Brexit Townhall
• We Finally Know the Source of That Massive E. Coli Outbreak

The post Hillary's Secret Win | Unfilter 191 first appeared on Jupiter Broadcasting.

Windows exploits for sale at a great price, how the Internet works, yes, seriously & it’s awesome!

Plus we solve some of your problems, a great roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Windows 0-day exploit for sale, only $90,000

• “A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM”
• That actually seems like a low price, the vulnerability must not be quite the ‘game over’ scenario you might expect
• The claim is that the exploit will be sold to only one person, and will include the source code and a working demo
• Two videos of the exploit in action have been posted
• The first show the exploit working against a fully patched (May) Windows 10
• The second show the exploit bypassing all EMET mitigations
• “How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time”
• The reason for the lower price is likely this:
• “This type of flaw is always going to be used in tandem with another vulnerability to successfully deliver and run the attacker’s malicious code”
• To exploit this flaw, you need to have access to the victim’s machine. It cannot be exploited against a remote unsuspecting victim
• Of course, there are lots of malware droppers and exploit kits that provide this functionality
• “The seller claims his exploit works on every version of Windows from Windows 2000 on up to Microsoft’s flagship Windows 10 operating system.”
• “Jeff Jones, a cybersecurity strategist with Microsoft, said the company was aware of the exploit sales thread, but stressed that the claims were still unverified. Asked whether Microsoft would ever consider paying for information about the zero-day vulnerability, Jones pointed to the company’s bug bounty program that rewards security researchers for reporting vulnerabilities. According to Microsoft, the program to date has paid out more than $500,000 in bounties.”
• Microsoft does pay for bugs, but maybe not as much as the black market does
• “Microsoft heavily restricts the types of vulnerabilities that qualify for bounty rewards, but a bug like the one on sale for $90,000 would in fact qualify for a substantial bounty reward. Last summer, Microsoft raised its reward for information about a vulnerability that can fully bypass EMET from $50,000 to $100,000. Incidentally, Microsoft said any researcher with a vulnerability or who has questions can reach out to the Microsoft Security Response Center to learn more about the program and process.”
• Zerodium’s pay scale for Microsoft LPE bugs is “up to $30,000”
• The biggest factor in the actual value of an exploit to the buyer, is its longevity. How long before Microsoft figures out what the issue is and patches it
• This can be directly proportional to how widely the exploit is used. The more people it is used against, the more likely researchers will be able to get their hands on it and figure out what the problem is
• Additional Coverage

ArsTechnica: How the internet works

• “But how does it work? Have you ever thought about how that cat picture actually gets from a server in Oregon to your PC in London? We’re not simply talking about the wonders of TCP/IP or pervasive Wi-Fi hotspots, though those are vitally important as well. No, we’re talking about the big infrastructure: the huge submarine cables, the vast landing sites and data centres with their massively redundant power systems, and the elephantine, labyrinthine last-mile networks that actually hook billions of us to the Internet.”
• The article starts out by looking at submarine cables between the US and the UK
• The amount of shielding on a cable actually depends on how deep it will be deployed. The deeper it is, the less shielding is required. The biggest threat is international shipping.
• “At a 3 mile depth, cable diameter is just 17mm, akin to a marker pen encased by a thick polyethylene insulating sheath. A copper conductor surrounds multiple strands of steel wire that protect the optical fibres at the core, which are inside a steel tube less than 3mm in diameter and cushioned in thixotropic jelly. Armoured cables have the same arrangement internally but are clad with one or more layers of galvanised steel wire, which is wrapped around the entire cable.”
• “Without the copper conductor, you wouldn’t have a subsea cable. Fibre-optic technology is fast and seemingly capable of unlimited bandwidth, but it can’t cover long distances without a little help. Repeaters—effectively signal amplifiers—are required to boost the light transmission over the length of the fibre optic cable. This is easily achieved on land with local power, but on the ocean bed the amplifiers receive a DC voltage from the cable’s copper conductor. And where does that power come from? The cable landing sites at either end of the cable.”
• “Although the customers wouldn’t know it, TGN-A is actually two cables that take diverse paths to straddle the Atlantic. If one cable goes down, the other is there to ensure continuity. The alternative TGN-A lands at a different site some 70 miles (and three terrestrial amplifiers) away and receives its power from there, too. One of these transatlantic subsea cables has 148 amplifiers, while the other slightly longer route requires 149.”
• “To power the cable from this end, we’ve a positive voltage and in New Jersey there’s a negative voltage on the cable. We try and maintain the current—the voltage is free to find the resistance of the cable. It’s about 9,000V, and we share the voltage between the two ends. It’s called a dual-end feed, so we’re on about 4,500V each end. In normal conditions we could power the cable from here to New Jersey without any support from the US.”
• So what happens when a cable is damaged?
• “Once the cable has been found and returned to the cable-repair ship, a new piece of undamaged cable is attached. The ROV [remotely operated vehicle] then returns to the seabed, finds the other end of the cable and makes the second join. It then uses a high-pressure water jet to bury the cable up to 1.5 metres under the seabed”
• “Repairs normally take around 10 days from the moment the cable repair ship is launched, with four to five days spent at the location of the break. Fortunately, such incidents are rare: Virgin Media has only had to deal with two in the past seven years.”
• So once these cables are installed, they are expected to last 25+ years. Of course, if you installed a cable 5 years ago, you are likely to be disappointed with its speed. This is where new technology comes into play, by just replacing the optics at either end of the cable, you can get more data through the same fibres
• “DWDM (Dense Wavelength Division Multiplexing) technology is used to combine the various data channels, and by transmitting these signals at different wavelengths—different coloured light within a specific spectrum—down the fibre optic cable, it effectively creates multiple virtual-fibre channels. In doing so the carrying capacity of the fibre is dramatically increased.”
• DWDM allows between 40 and 160 channels to be combined down a single fibre. So suddenly those 4 strands that could only carry 10 gigabits per second each a few years ago, can carry 400, or 6.4 terabits per second
• The Tata cable featured in the article has a capacity of up to 10 terabits per pair, for a total of 40 terabits.
• “Enter one of the two battery rooms and instead of racks of Yuasa UPS support batteries—with a form factor not too far removed from what you’ll find in your car—the sight is more like a medical experiment. Huge lead-acid batteries in transparent tanks, looking like alien brains in jars, line the room. Maintenance-free with a life of 50 years, this array of 2V batteries amounts to 1600Ah, delivering a guaranteed four hours of autonomy.”
• “There are six generators—three per data centre hall. Each generator is rated to take the full load of the data centre, which is 1.6MVA. They produce 1,280kW each. The total coming into the site is 6MVA, which is probably enough power to run half the town. There is also a seventh generator that handles landlord services. The site stores about 8,000 litres of fuel, enough to last well over 24 hours at full load. At full fuel burn, 220 litres of diesel an hour is consumed, which, if it were a car travelling at 60mph, would notch up a meagre 1.24mpg—figures that make a Humvee seem like a Prius.”
• The article goes on to talk about SLAs and how the fibre network manages quality of service:
• “Latency commitments have to be monitored proactively, too, for customers like Citrix, whose portfolio of virtualisation services and cloud applications will be sensitive to excessive networking delays. Another client that appreciates the need for speed is Formula One. Tata Communications handles the event networking infrastructure for all the teams and the various broadcasters.”
• The article then goes on to talk about getting that connectivity to your house, the “last mile”
• Each of the various technologies is discussed, ADSL, VDSL (78mbps), DOCSIS3 (200mbps, but could go up to 600mbps, with DOCSIS 3.1 offering 10gbps), FTTC, and FTTH
• Of course, they also discuss Wireless and Mobile connectivity
• “Ars will have another in-depth feature on the complexities of managing and rolling out cellular networks soon”, we’ll look forward to that
• “First it was a few plucky cafes and pubs, and then BT turned its customers’ routers into open Wi-Fi hotspots with its “BT with Fon” service. Now we’re moving into major infrastructure plays, such as Wi-Fi across the London Underground and Virgin’s curious “smart pavement” in Chesham, Buckinghamshire. For this project, Virgin Media basically put a bunch of Wi-Fi access points beneath manhole covers made of specially made radio-transparent resin. Virgin maintains a large network of ducts and cabinets across the UK that are connected to the Internet—so why not add a few Wi-Fi access points to share that connectivity with the public?”
• So what is next for the last mile?
• “The next thing on the horizon for Openreach’s POTS network is G.fast, which is best described as an FTTdp (fibre to distribution point) configuration. Again, this is a fibre-to-copper arrangement, but the DSLAM will be placed even closer to the premises, up telegraph poles and under pavements, with a conventional copper twisted pair for the last few tens of metres.”
• “The idea is to get the fibre as close to the customer as possible, while at the same time minimising the length of copper, theoretically enabling connection speeds of anywhere from 500Mbps to 800Mbps. G.fast operates over a much broader frequency spectrum than VDSL2, so longer cable lengths have more impact on its efficiency. However, there has been some doubt whether BT Openreach will be optimising speeds in this way as, for reasons of cost, it could well retreat to the green cabinet to deliver these services and take a hit on speed, which would slide down to 300Mbps.”
• “So, there we have it: the next time you click on a YouTube video, you’ll know exactly how it gets from a server in the cloud to your computer. It might seem absolutely effortless—and it usually is on your part—but now you know the truth: there are deadly 4,000V DC submarine cables, 96 tonnes of batteries, thousands of litres of diesel fuel, millions of miles of last-mile cabling, and redundancy up the wazoo.”
• “The whole setup is only going to get bigger and crazier, too. Smart homes, wearable devices, and on-demand TV and movies are all going to necessitate more bandwidth, more reliability, and more brains in jars. What a time to be alive.”

Feedback:

• Building Your Own Wireless Router

• ICAP Trap

• Proper Backups

• FreeNAS File Transfer Slowdown.

  • dd if=/dev/zero of=zerofile bs=1m count=10k
  • Press control+t for progress output

Round Up:

• Lenovo Yoga Laptops Are Among PCs That Need To Lose This Application
• 93% of phishing emails sent in March contained ransomware
• TeamViewer denies hack after PCs hijacked, PayPal accounts drained Developing: Reddit thread on Teamspeak
• The government can keep your files forever, and use them against you later. This may have impact if eventually the government gains the ability to break the encryption used on your drive
• Jackpot! NASA Just Released 56 Patented Technologies Into the Public Domain
• Hackers extort ransom after finding bugs, call it a public service
• Cluster of “megabreaches” compromises a whopping 642 million passwords
• Microsoft issues headsup about new self propogating ransomware
• More vulnerability in ImageMagick and GraphicsMagick
• Ars Technica provides guide to picking a VPN server
• Google Is Teaching Its Driverless Cars How to Be Bigger Assholes on the Road

The post 10,000 Cables Under the Sea | TechSNAP 269 first appeared on Jupiter Broadcasting.

Our special live coverage of the New Hampshire primary, our meta coverage of the event that follows the important moments of the night & catches you up on the extras you need to know about.

Plus we wrap with a look at the big money that could be coming to Cybersecurity.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

— Episode Links —

• Donald Trump and Bernie Sanders Win the New Hampshire Primaries – The New York Times
• New Hampshire primary: It looks like curtains for the Chris Christie candidacy | Mulshine | NJ.com
• Will Marco Rubio survive his mauling by Chris Christie? – LA Times
• In New Hampshire, Hillary Clinton sounds both tone deaf and human: ‘This is hard for me’ – LA Times
• No. 1 issue for New Hampshire voters may surprise you
• Here’s What New Hampshire Voters Are Most Afraid Of

The post Primarily New Hampshire | Unfilter 175 first appeared on Jupiter Broadcasting.

The US Government is offering free penetration tests, with a catch, we break down the VTech Breakin & the only sure way to protect your credit online.

Plus great questions, a big round up with breaking news & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

• TechSNAP SWAG for the Holidays

— Show Notes: —

Department of Homeland Security giving “critical infrastructure” firms free penetration tests

• “The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies — mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help “critical infrastructure” companies shore up their computer and network defenses against real-world adversaries. And it’s all free of charge (well, on the U.S. taxpayer’s dime).”
• It seems like big banks and oil companies could afford to pay for such services, but, at least the penetration tests are happening
• “KrebsOnSecurity first learned about DHS’s National Cybersecurity Assessment and Technical Services (NCATS) program after hearing from a risk manager at a small financial institution in the eastern United States. The manager was comparing the free services offered by NCATS with private sector offerings and was seeking my opinion. I asked around to a number of otherwise clueful sources who had no idea this DHS program even existed.”
• “DHS declined requests for an interview about NCATS, but the agency has published some information about the program. According to DHS, the NCATS program offers full-scope penetration testing capabilities in the form of two separate programs: a “Risk and Vulnerability Assessment,” (RVA) and a “Cyber Hygiene” evaluation. Both are designed to help the partner organization better understand how external systems and infrastructure appear to potential attackers.”
• “The RVA program reportedly scans the target’s operating systems, databases, and Web applications for known vulnerabilities, and then tests to see if any of the weaknesses found can be used to successfully compromise the target’s systems. In addition, RVA program participants receive scans for rogue wireless devices, and their employees are tested with “social engineering” attempts to see how employees respond to targeted phishing attacks.”
• “The Cyber Hygiene program — which is currently mandatory for agencies in the federal civilian executive branch but optional for private sector and state, local and tribal stakeholders — includes both internal and external vulnerability and Web application scanning.”
• “The reports show detailed information about the organization’s vulnerabilities, including suggested steps to mitigate the flaws. DHS uses the aggregate information from each client and creates a yearly non-attributable report. The FY14 End of Year report created with data from the Cyber Hygiene and RVA program is here (PDF).”
• Manual testing was required to identify 67 percent of the RVA vulnerability findings (as opposed to off-the-shelf, automated vulnerability scans)
• More than 50 percent of the total 344 vulnerabilities found during the scans last year earned a severity rating of “high” (40 percent) or “critical” (13 percent)
• RVA phishing emails resulted in a click rate of 25 percent.
• 46% of RVAs resulted in an EASILY GUESSABLE CREDENTIALS finding
• “I was curious to know how many private sector companies had taken DHS up on its rather generous offers, since these services can be quite expensive if conducted by private companies. In response to questions from this author, DHS said that in Fiscal Year 2015 NCATS provided support to 53 private sector partners. According to data provided by DHS, the majority of the program’s private sector participation come from the energy and financial services industries — with the latter typically at regional or smaller institutions such as credit unions”
• Asking the penetration testing industry what it thought about the DHS offering a free service, Dave Aitel is chief technology officer at Immunity Inc., a Miami Beach, Fla. based security firm that offers many of the same services NCATS bundles in its product said: “DHS is a big player in the ‘regulation’ policy area, and the last thing we need is an uninformed DHS that has little technical expertise in the areas that penetration testing covers,” Aitel said. “The more DHS understands about the realities of information security on the ground – the more it treats American companies as their customers – the better and less impactful their policy recommendations will be. We always say that Offense is the professor of Defense, and in this case, without having gone on the offense DHS would be helpless to suggest remedies to critical infrastructure companies”
• “Even if the DHS team doing the work is great, part of the value of an expensive penetration test is that companies feel obligated to follow the recommendations and improve their security,” he said. “Does the data found by a DHS testing team affect a company’s SEC liabilities in any way? What if the Government gets access to customer data during a penetration test – what legal ramifications does that have? This is a common event and pre-CISPA it may carry significant liability”
• “Aitel, a former research scientist at the National Security Agency (NSA), raised another issue: Any vulnerabilities found anywhere within the government — for example, in a piece of third party software — are supposed to go to the NSA for triage, and sometimes the NSA is later able to use those vulnerabilities in clandestine cyber offensive operations”
• But what about previously unknown vulnerabilities found by DHS examiners? “This may be less of an issue when DHS uses a third party team, but if they use a DHS team, and they find a bug in Microsoft IIS (Web server), that’s not going to the customer – that’s going to the NSA,” Aitel said.
• Alan Paller, director of research at the SANS Institute sees a potential problem
• “The NCATS program could be an excellent service that does a lot of good but it isn’t,” Paller said. “The problem is that it measures only a very limited subset of of the vulnerability space but comes with a gold plated get out of jail free card: ‘The US government came and checked us.’ They say they are doing it only for organizations that cannot afford commercial assessments, but they often go to organizations that have deep enough pockets.”
• I can definitely see this being used as an excuse to spend LESS on network security

Break at VTech (toy manufacturer) exposes pictures and chatlogs of millions of children and parents

• “The hacked data includes names, email addresses, passwords, and home addresses of 4,833,678 parents who have bought products sold by VTech, which has almost $2 billion in revenue. The dump also includes the first names, genders and birthdays of more than 200,000 kids”
• “What’s worse, it’s possible to link the children to their parents, exposing the kids’ full identities and where they live, according to an expert who reviewed the breach for Motherboard”
• “This is the fourth largest consumer data breach to date, according to the website Have I Been Pwned, the most well known repository of data breaches online, which allows users to check if their emails and passwords have been compromised in any publicly known hack”
• “The hacker who claimed responsibility for the breach provided files containing the sensitive data to Motherboard last week. VTech then confirmed the breach in an email on Thursday, days after Motherboard reached out to the company for comment”
• VTech told Motherboard: “We were not aware of this unauthorized access until you alerted us”
• “On November 14 [Hong Kong Time] an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database”
• “On Friday, I asked the hacker what the plan was for the data, and they simply answered, “nothing.” The hacker claims to have shared the data only with Motherboard, though it could have easily been sold online.”
• “When pressed, VTech did not provide any details on the attack. But the hacker, who requested anonymity, told Motherboard that they gained access to the company’s database using a technique known as SQL injection. Also known as SQLi, this is an ancient, yet extremely effective, method of attack where hackers insert malicious commands into a website’s forms, tricking it into returning other data”
• Related: Motherboard: The histroy of SQL injection, the hack that will never go away
• “The passwords were not stored in plaintext, but “hashed” or protected with an algorithm known as MD5, which is considered trivial to break”
• It is not clear if they mean plain MD5 or md5crypt (the former being REALLY bad)
• “Moreover, secret questions used for password or account recovery were also stored in plaintext, meaning attackers could potentially use this information to try and reset the passwords to other accounts belonging to users in the breach—for example, Gmail or even an online banking account”
• Also, “VTech doesn’t use SSL web encryption anywhere, and transmits data such as passwords completely unprotected”, so breaching the database might not even be strictly necessary to gain access to the information
• Additional Coverage: Motherboard followup
• Additional Coverage: ZDNet
• Additional Coverage: TheRegister
• Related: Researcher claims to have hacked “Hello Barbie” toys

Why putting a preemptive freeze on your credit profile is better than credit monitoring

• “Krebs has frequently urged readers to place a security freeze on their credit files as a means of proactively preventing identity theft. Now, a major consumer advocacy group is recommending the same: The U.S. Public Interest Research Group (US-PIRG) recently issued a call for all consumers to request credit file freezes before becoming victims of ID theft.”
• “Each time news of a major data breach breaks, the hacked organization arranges free credit monitoring for all customers potentially at risk from the intrusion. But as I’ve echoed time and again, credit monitoring services do little if anything to stop thieves from stealing your identity. The best you can hope for from these services is that they will alert you when a thief opens or tries to open a new line of credit in your name.”
• “But with a “security freeze” on your credit file at the four major credit bureaus, creditors won’t even be able to look at your file in order to grant that phony new line of credit to ID thieves.”
• “These constant breaches reveal what’s wrong with data security and data breach response. Agencies and companies hold too much information for too long and don’t protect it adequately,” the organization wrote in a report (PDF) issued late last month. “Then, they might wait months or even years before informing victims. Then, they make things worse by offering weak, short-term help such as credit monitoring services.”
• “Whether your personal information has been stolen or not, your best protection against someone opening new credit accounts in your name is the security freeze (also known as the credit freeze), not the often-offered, under-achieving credit monitoring. Paid credit monitoring services in particular are not necessary because federal law requires each of the three major credit bureaus to provide a free credit report every year to all customers who request one. You can use those free reports as a form of do-it-yourself credit monitoring.”
• Related: Krebs: FAQ on Credit File Freezes
• Additional Coverage: Krebs: OPM Credit Monitoring vs Freeze
• One of the things that stops working once you put a security freeze on your credit file, is credit monitoring
• A Krebs reader wrote in: “I just received official notification that I am affected by the OPM data breach. I attempted to sign up for credit monitoring services with the OPM’s contractor ID Experts at opm.myidcare.com, but was denied these services because I have a credit security freeze. I was told by ID Experts that the OPM’s credit monitoring services will not work for accounts with a security freeze.”
• “This supports my decision to issue a security freeze for all my credit accounts, and in my assessment completely undermines the utility and value of the OPM’s credit monitoring services when individuals can simply issue a security freeze. This inability to monitor a person’s credit file when a freeze is in place speaks volumes about the effectiveness of a freeze in blocking anyone — ID protection firms or ID thieves included — from viewing your file.”
• “Removing a security freeze to enable credit monitoring is foolhardy because the freeze offers more comprehensive protection against ID theft. Credit monitoring services are useful for cleaning up your credit file after you’re victimized by ID thieves, but they generally do nothing to stop thieves from applying for and opening new lines of credit in your name.”
• Lifting a freeze to enable credit monitoring is like….
  • installing flash to watch a flash video about the evils of flash
  • leaving your doors and windows unlocked so that burglars can set off your indoor motion sensors
  • taking your gun off safety to check and see if it’s loaded
• Additional Coverage: Credit monitoring used to secretly track ex-wife’s financial moves
• “Many of these third party credit monitoring services also induce people to provide even more information than was leaked in the original breach. For example, ID Experts — the company that OPM has paid $133 million to offer credit monitoring for the 21.5 million Americans affected by its breach — offers the ability to “monitor thousands of websites, chat rooms, forums and networks, and alerts you if your personal information is being bought or sold online.” But in order to use this service, users are encouraged to provide bank account and credit card data, passport and medical ID numbers, as well as telephone numbers and driver’s license information.”

Feedback:

• Proxmox and ZFS

• Autofs and cifs

• ZFS/BSD/QNAP

• Which BSD? // Slexy 2.0

Round Up:

• Large Systems Administrators Conference: It Was Never Going to Work, So Let’s Have Some Tea
  
• OpenSSL Security Advisory — 1.0.2e, 1.0.1q, 1.0.0t, 0.9.8zh released. Reminder: 1.0.0t and 0.9.8zh are EoL December 31, 2015
• Sneaky Microsoft renamed its data slurper before sticking it back in Windows 10
• HGST releases new 10TB spinning disks
• Popular Google Chrome extensions are constantly tracking you per default
• “PortFail” exposes VPN users’ real IP addresses
• FTTH last-mile through your water pipes – in photos
• Security Advisory: Remote exploitation of an information disclosure vulnerability in Oral B’s Triumph Toothbrush 9900 with SmartGuide management system allows attackers to obtain sensitive information
• Google Deceptively Tracks Students’ Internet Browsing, EFF Says in FTC Complaint
• The wrong way to use passwords
• Drug Pump Maker Denies Security Patch to Researcher Who Found Vulnerabilities
• Fans trying to buy Adele tickets are presented with other customers data, apparently because the system was ‘overloaded’
• Lenovo patches serious vulnberabilities in its PC system update tool
• More than 900 different devices found to have the same SSH host keys
• Detecting malware through DNS queries: a Kali Pi / Snort project
• Pulling off arbitrary code execution in Super Mario World
• 3 Attacks on Cisco TACACS+: Bypassing the Cisco’s auth
• A device that knows your next amex card number before you do. Renewed/replaced Amex card numbers are predictable if you know your previous number
• the Soviet Union’s KGB developed software to predict sneak attacks from the U.S., which almost triggered a war In 1983
• I’ve build my own crypto system…

The post SpyFi Barbie | TechSNAP 243 first appeared on Jupiter Broadcasting.

CISA is working its way through the system, we highlight some reasons to be concerned & the role Facebook might be playing. Plus the European Parliament rejects amendments protecting net neutrality & some TalkTalk hack follow up.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

— Episode Links —

• Despite Concerns, Cybersecurity Bill Heads to Vote | Al Jazeera America
• Senior Former Intelligence Official Admits That ‘The Point’ Of CISA Is Surveillance | Techdirt
• Petition: Facebook betrayed us by secretly lobbying for cyber-surveillance bill / Boing Boing
• Ex-NSA Chief’s Cybersecurity Startup Draws Funding – WSJ
• TalkTalk hack: Police arrest teenager (15) in Northern Ireland – BelfastTelegraph.co.uk
• TalkTalk says it was “not legally required” to encrypt leaked customer data | Ars Technica UK
• European Parliament rejects amendments protecting net neutrality | The Verge
• Exclusive: Wal-Mart seeks to test drones for home delivery, pickup | Reuters

The post Drone Shipping Wars | TTT 221 first appeared on Jupiter Broadcasting.

Google’s has launched ‘Project Fi’, a new MVNO. We debate whether the merits of the service. Plus Iran exaggerations, a new cybersecurity bill, apple rejecting pebble, dropbox notes & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Official Google Blog: Say hi to Fi: A new way to say hello

Google’s MVNO is called Project Fi, costs $20/month + $10/GB for data in US and abroad, available for Nexus 6, runs on Sprint and T-Mobile networks

• How Google’s Project Fi pricing stacks up to the competition | Ars Technica

Security Companies Accused of Exaggerating Iran’s Cyberthreats Against the US

A widely-read report accusing Iran of hundreds of thousands of cyberattacks against the U.S. is being criticized as hugely inaccurate as well as motivated by marketing and politics, according to a new whitepaper and critics around the security industry. The original report, solicited by a conservative think tank and published by Norse in the lead up to the RSA Security Conference, hit the front page of the New York Times by calling handshakes and network scans “sophisticated cyberattacks.”

House passes cybersecurity bill | TheHill

The House on Wednesday passed the first major cybersecurity bill since the calamitous hacks on Sony Entertainment, Home Depot and JPMorgan Chase.

Passed 307-116, the Protecting Cyber Networks Act (PCNA), backed by House Intelligence Committee leaders, would give companies liability protections when sharing cyber threat data with government civilian agencies, such as the Treasury or Commerce Departments.

“This bill will strengthen our digital defenses so that American consumers and businesses will not be put at the mercy of cyber criminals,” said House Intelligence Committee Chairman Devin Nunes (R-Calif.).

“Apple now rejecting applications with Pebble support”

We have just had the latest version of our SeaNav US iOS app rejected by Apple because we support the Pebble Smartwatch and say so in the app description and meta-data (we also state in the review notes that “This application was approved for use with the Pebble MFI Accessory in the Product Plan xxxxxx-yyyy (Pebble Smartwatch)”. See copy of rejection reason below.

SeaNav US has previously been approved by Apple with no problem, we have had Pebble support in SeaNav for nearly 2 years and there are no changes to our support for the Pebble in this version. What are Apple doing? Have they gone Apple Watch crazy? What can we do?

Amazon to deliver parcels to Audi boots in Germany

It is not clear when the service might become more widely available but Amazon said the pilot was a “first step” towards allowing all Prime customers to order goods to their vehicles, regardless of the vehicle brand.

Dropbox’s Collaborative Note-Taking Service, Dropbox Notes, Heads Into Beta Testing

Earlier this month, Dropbox was spotted testing an early version of an online note-taking service dubbed “Project Composer,” which appeared to have roots in the company’s 2014 acquisition of collaborative docs startup HackPad. Now Dropbox is rolling out this new service into private beta as “Dropbox Notes” and is inviting teams to sign up.

Onion Omega: Build Hardware with JavaScript, Python, PHP by Onion — Kickstarter

The post Apple's Pebble Prejudice | Tech Talk Today 162 first appeared on Jupiter Broadcasting.

Is the ISIS Cyber Division responsible for a spree of hack attacks across America? We’ll review the smattering of defacements throughout the week linked to ISIS. An Obama administration official leaks Israel’s spying, Iran talks heats up & Ted Cruz lies through his teeth on air.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

CISA Security Bill: An F for Security But an A+ for Spying | WIRED

When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance.

On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.”

“CISA goes far beyond [cybersecurity], and permits law enforcement to use information it receives for investigations and prosecutions of a wide range of crimes involving any level of physical force,” reads the letter from the coalition opposing CISA. “The lack of use limitations creates yet another loophole for law enforcement to conduct backdoor searches on Americans—including searches of digital communications that would otherwise require law enforcement to obtain a warrant based on probable cause. This undermines Fourth Amendment protections and constitutional principles.”

Israel Denies Spying on Iran Nuclear Talks – NYTimes.com

Three top Israeli ministers on Tuesday denied a report that their intelligence services had spied on the closed-door negotiations over Iran‘s nuclear program, as tensions continued to mount between Washington and Jerusalem.

“There is no such thing as Israel spying on the Americans,” the defense minister, Moshe Yaalon, said at a pre-Passover toast, according to a transcript provided by his office. Mr. Yaalon said he had checked and found no complaint from the United States to Israeli intelligence services about such spying. “There is a strict prohibition on that,” he said.

NSA shared Americans’ private communications with Israel: Snowden

Former U.S. intelligence analyst Edward Snowden has accused the U.S. National Security Agency of routinely passing private, unedited communications of Americans to Israel, an expert on the intelligence agency said Wednesday.

James Bamford, writing in the New York Times, said Snowden told him the intercepts included communications of Arab- and Palestinian-Americans whose relatives in Israel and the Palestinian territories could become targets based on the information.

“It’s one of the biggest abuses we’ve seen,” Bamford quoted Snowden as saying.

Snowden said the material was routinely transferred to Unit 8200, a secretive Israeli intelligence organization.

Bamford cited a memorandum of understanding between the NSA and its Israeli counterpart outlining transfers that have occurred since 2009.

Leaked by Snowden and first reported by the British newspaper the Guardian, it said the material included “unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content.”

• Israel stole classified US information and used it to help congressional Republicans – Vox

The Wall Street Journal‘s Adam Entous dropped a huge story Tuesday morning: Israel acquired classified US information while spying on the Iranian nuclear negotiations, and leaked the stolen information about the emerging deal to American lawmakers in an attempt to sabotage the Obama administration’s outreach to Tehran.

US House Votes 348-48 To Arm Ukraine, Russia Warns Lethal Aid Will “Explode The Whole Situation” | Zero Hedge

Yesterday, in a vote that largely slid under the radar, the House of Representatives passed a resolution urging Obama to send lethal aid to Ukraine, providing offensive, not just “defensive” weapons to the Ukraine army – the same insolvent, hyperinflating Ukraine which, with a Caa3/CC credit rating, last week started preparations to issue sovereign debt with a US guarantee, in essence making it a part of the United States (something the US previously did as a favor to Egypt before the Muslim Brotherhood puppet regime was swept from power by the local army).

The resolution passed with broad bipartisan support by a count of 348 to 48.

According to DW, the measure urges Obama to provide Ukraine with “lethal defensive weapon systems” that would better enable Ukraine to defend its territory from “the unprovoked and continuing aggression of the Russian Federation.”

“Policy like this should not be partisan,” said House Democrat Eliot Engel, the lead sponsor of the resolution. “That is why we are rising today as Democrats and Republicans, really as Americans, to say enough is enough in Ukraine.”

Engel, a New York Democrat, has decided that he knows better than Europe what is the best option for Ukraine’s people – a Europe, and especially Germany, which has repeatedly said it rejects a push to give western arms to the Ukraine army, and warned that Russia under President Vladimir Putin has become “a clear threat to half century of American commitment to an investment in a Europe that is whole, free and at peace. A Europe where borders are not changed by force.”

This war has left thousands of dead, tens of thousands wounded, a million displaced, and has begun to threaten the post-Cold War stability of Europe,” Engel said.

Odd, perhaps the US state department should have thought of that in a little over a year ago when Victoria Nuland was plotting how to most effectively put her puppet government in charge of Kiev and how to overthrow the lawfully elected president in a US-sponsored coup.

Then again, one glance at the Rep. Engel’s career donors provides some explanation for his tenacity to start another armed conflict and to escalate what he himself defines as a cold war into a warm one.

Cruz’s Wife Heidi to Take Unpaid Leave From Goldman – Bloomberg Business

Heidi Cruz, a managing director at Goldman
Sachs Group Inc. in Houston, has taken an unpaid leave from her
private wealth-management job to help with her husband’s
campaign for the U.S. presidency, a person familiar with the
matter said.

Ted Cruz, 44, a Republican senator from Texas, said on
Twitter early Monday morning that he plans to run for president
in the 2016 election. Heidi Cruz’s leave will last the duration
of the campaign, said the person, who asked not to be identified
speaking about Cruz’s employment.

Heidi Cruz, 42, a Harvard Business School graduate who
worked in President George W. Bush’s administration, joined
Goldman Sachs in 2005 and was promoted to managing director, the
firm’s second-highest rank, in 2012. She serves as regional head
of the Houston office in the private wealth-management unit,
which serves individuals and families who have on average more
than $40 million with the firm.

The post Who's Following ISIS | Unfilter 138 first appeared on Jupiter Broadcasting.

Chris reviews his Dell touch screen, and how it’s performed under Linux. Then the Mumble room shares their touch screen experience under multiple workloads.

Plus the secret US cybersecurity report that recommends strong encryption, a strong contrast to David Cameron’s platform to build in backdoors. He’s meeting with Obama to push that agenda forward, and we’ll bring you up to date and debate the impact.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Secret US cybersecurity report: encryption vital to protect private data

A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough.

The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.

Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.

One of the biggest issues in protecting businesses and citizens from espionage, sabotage and crime – hacking attacks are estimated to cost the global economy up to $400bn a year – was a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”, it said.

An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA.

I wanted to address kinda a question you posed on the Tech Talk Today Episode 117

• What David Cameron just proposed would endanger every Briton and destroy the IT industry – Boing Boing

But there is the problem of more open platforms, like GNU/Linux variants, BSD and other unixes, Mac OS X, and all the non-mobile versions of Windows. All of these operating systems are already designed to allow users to execute any code they want to run. The commercial operators — Apple and Microsoft — might conceivably be compelled by Parliament to change their operating systems to block secure software in the future, but that doesn’t do anything to stop people from using all the PCs now in existence to run code that the PM wants to ban.

More difficult is the world of free/open operating systems like GNU/Linux and BSD. These operating systems are the gold standard for servers, and widely used on desktop computers (especially by the engineers and administrators who run the nation’s IT). There is no legal or technical mechanism by which code that is designed to be modified by its users can co-exist with a rule that says that code must treat its users as adversaries and seek to prevent them from running prohibited code.

Google Glass sales halted but firm says kit is not dead

Google is ending sales of its Google Glass eyewear.

The company insists it is still committed to launching the smart glasses as a consumer product, but will stop producing Glass in its present form.

Instead it will focus on “future versions of Glass” with work carried out by a different division to before.

The Explorer programme, which gave software developers the chance to buy Glass for $1,500 (£990) will close.

The programme was launched in the United States in 2013.

Dell S2240T Touch Panel H6V56 21.5-Inch Screen LED-lit Monitor

• Sleek and stylish – Edge-to-edge glass gives the Dell 21.5″ touch monitor a clean finish that boasts of fine craftsmanship.
• Natural, direct and intuitive, the Dell 21.5″ touch monitor offers you a fast and easy way to use your applications. Tap, slide, swipe, turn, pinch and stretch with your fingers -it?s that simple and intuitive when used with Windows 8.1
• Enabling touch is easy! Simply connect a USB cable from your PC to the monitor’s USB upstream port, and use either an HDMI, DVI or VGA cable to project images onscreen

Dell S2240T 21.5″ monitor

• Diagonal Viewable Size: 21.5″ (18.77″ horiz., 10.56″ vert.)
• Display Type: Multi-touch full HD LED
• Resolution: Full HD 1920 x 1080 (60Hz)
• Aspect Ratio: 16:9 (widescreen)
• Contrast Ratio: 3,000:1 (typical), 8 million:1 (dynamic, max)
• Max Viewing Angle: 178° vertical (typical), 178° horizontal (typical)
• Brightness: 250 cd/m2 (typical)
• Color Gamut: CIE1931 (72%)
• Response Time: 25 ms (typical), 12 ms (typical) with Overdrive
• Pixel Pitch: 0.248 x 0.248 mm
• Connectivity: HDMI, DVI, VGA

The Bad:

• Dat gap. There is a noticeable gap between display and glass.
• At least on Linux: If you unplug the USB while the computer is running, the desktop session gets all kinds of confused.
• 1080p is perhaps a bit small for a lot of people looking for a display in 2015.

The Good:

• Responsive touch
• Good picture, not amazing. But good.
• Super easy to setup, just plug in the USB cable for touch
• The stand is perfect. It stays firm, but is easy to move. It feels a bit like magic.

The post You Can Touch This | Tech Talk Today 118 first appeared on Jupiter Broadcasting.

Senior anonymous government officials have officially unofficially linked North Korea to the Sony Entertainment hack. We discuss the failure of proper reporting that has forced Sony to pull “The Interview” & how this story is now being covered.

Plus TorrentLocker Ransomware makes a comeback & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

U.S. Said to Find North Korea Ordered Cyberattack on Sony – NYTimes.com

American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.

Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was debating whether to publicly accuse North Korea of what amounts to a cyberterrorism attack.

While intelligence officials have concluded that the cyberattack was both state-sponsored and far more destructive than any seen before on American soil, there are still differences of opinion over whether North Korea was aided by Sony insiders with knowledge of the company’s computer systems, senior administration officials said.

• The Evidence That North Korea Hacked Sony Is Flimsy | WIRED

Sony Just Canceled The Pre mire Of ‘The Interview’ – Business Insider

Sony Pictures has decided to cancel the Dec. 25 release of “The Interview” after major theaters said they wouldn’t screen the movie.

“We have decided not to move forward with the planned December 25 theatrical release of ‘The Interview,'” the company said in a statement.

Reaction To the Sony Hack Is ‘Beyond the Realm of Stupid’

North Korea may really be behind the Sony hack, but we’re still acting like idiots. Peter W. Singer, one of the nations foremost experts on cybersecurity, says Sony’s reaction has been abysmal. “Here, we need to distinguish between threat and capability—the ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can’t believe I’m saying this. I can’t believe I have to say this.”

• Sony Has ‘No Further Release Plans’ for ‘The Interview’ | Variety

Sony Pictures Entertainment has chosen to stand down for “The Interview,” deciding against releasing the Seth Rogen–James Franco comedy in any form — including VOD or DVD, as U.S. officials reportedly link Sony’s massive cyber attack to North Korea.

“Sony Pictures has no further release plans for the film,” a spokesman said Wednesday.

Judge rules videotaped Steve Jobs deposition to remain out of public eye

District Court Judge Yvonne Gonzalez Rogers sided with both Apple and plaintiffs in her ruling, saying Jobs’ testimony in the iPod iTunes antitrust case, taped months before his death in 2011, should not be handled as judicial record and will therefore not be made public.

For its part, Apple noted the court has a duty to protect witness testimony. If the Jobs Deposition were made public, it might set a dangerous precedent for the release of videotaped testimony from other high-profile witnesses in future cases. For witnesses in compromising situations, the prospect of having their sworn statements broadcast out of court would likely dissuade testimony, hindering the legal process.

On Tuesday, a jury found Apple not guilty of locking customers in to a monopoly digital music ecosystem with iPod, iTunes and FairPlay digital rights management. Plaintiffs in the case sought $350 million in damages, an amount that would have been tripled to more than $1 billion under U.S. antitrust law.

Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

Cybercriminals behind the TorrenLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections worldwide, of which over 9,000 were from Australia.
If you’re a Windows user in Australia who’s had their files encrypted by hackers after visiting a bogus Australia Post website, chances are you were infected by TorrentLocker and may have contributed to the tens of thousands of dollars likely to have come from Australia due to this digital shakedown racket.

The post Cyber Hitmen | Tech Talk Today 108 first appeared on Jupiter Broadcasting.

A new cybersecurity bill is working its way through the system looks a lot like previous attempts and raises the same privacy concerns, we’ll cover the details.

Plus Samsung gets into VR and the Potato Salad Kickstarter that’s already earned $70k USD.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

Senate Panel Passes Cybersecurity Bill Despite NSA Fears

The Cybersecurity Information Sharing Act, advanced in a 12-3 vote, would make it easier for businesses and the government to share information with each other about cyberattacks. Business groups argue that legal barriers are preventing them from getting the information they need to stop hackers.

But the privacy groups are still worried that the legislation could encourage a company such as Google to turn over vast batches of emails or other private data to the government. The information would go first to the Homeland Security Department, but could then be shared with the NSA or other intelligence agencies.

“Instead of reining in NSA surveillance, the bill would facilitate a vast flow of private communications data to the NSA,” the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, and dozens of other privacy groups wrote in a letter to senators last month.

Exclusive: Samsung’s virtual reality headset will be called Gear VR, launch at IFA 2014 | SamMobile

A month ago, Engadget exclusively reported on Samsung’s upcoming VR device, which is being developed in collaboration with Facebook’s Oculus VR. Today, we can confirm that Samsung is indeed working on a virtual reality device, and it’s called the “Gear VR”. Samsung will be announcing the device, alongside the Galaxy Note 4, at IFA 2014.

Instead of making a completely standalone virtual reality headset, Samsung has developed a modular design, which allows the user to dock in a Galaxy device into the Gear VR using USB 3.0. Virtual reality effect is achieved through head tracking, and instead of equipping the headset with sensors, Gear VR makes use of the smartphone’s accelerometer, gyroscope and processing power to track head motion.

You might say that this is exactly like Google’s Cardboard VR headset, which was handed out to I/O 14 attendees, and you would be right! The main concept behind Gear VR is the same. However, the Gear VR is much more comfortable to wear, thanks to the elastic head band and soft padded cushions on each side of the device, and Samsung’s implementation is also much better than that of Google’s Cardboard.

The hardware of the device is being developed by Samsung alone, but the software is being developed in cooperation with Oculus VR

Potato Salad by Zack Danger Brown — Kickstarter

• Potato salad on Kickstarter: The project has raised more than $40,000.

Last week, Zack Brown posted a Kickstarter page titled simply “Potato Salad.”

“I’m making potato salad,” Brown wrote. Then, in case anybody was confused or skeptical or more inclined to support the preparation of a German-style potato salad than a mayo-heavy American version, he clarified: “Basically I’m just making potato salad. I haven’t decided what kind yet.”

His goal: $10.

Manjaro Linux Developers Experience A Mass Exodus

• Follow up: Manjaro Linux Developers Experience A Mass Exodus

Feedback:

• Waze claiming anonymize user data is probably arguably laughable.

The post Return of CISPA | Tech Talk Today 23 first appeared on Jupiter Broadcasting.

Could Netflix be classified as a cyber security threat, or is this being overblown? Having Dynamic DNS problems? You can thank Microsoft, they played cowboy and shut down the No-IP service.

Plus Newegg starts accepting Bitcoin, another big open source adoption and more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

Netflix Could Be Classified As a ‘Cybersecurity Threat’ Under New CISPA Rules | Motherboard

The cybersecurity bill making its way through the Senate right now is so broad that it could allow ISPs to classify Netflix as a “cyber threat,” which would allow them to throttle the streaming service’s delivery to customers.

“A ‘threat,’ according to the bill, is anything that makes information unavailable or less available. So, high-bandwidth uses of some types of information make other types of information that go along the same pipe less available,” Greg Nojeim, a lawyer with the Center for Democracy and Technology, told me. “A company could, as a cybersecurity countermeasure, slow down Netflix in order to make other data going across its pipes more available to users.”

The general uproar surrounding the bill could have led to the postponement of its markup—it was originally set to be discussed by Feinstein’s Intelligence Committee last week, but was pushed back. No word on when it’ll be taken up by the committee, but considering that the bill has been in the works behind closed doors for several months now, don’t expect it to die without first getting some very serious consideration on Capitol Hill.

Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains

Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.

Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm).

In a complaint Microsoft filed under seal on June 19, Microsoft attorneys said No-IP is “functioning as a major hub for 245 different types of malware circulating on the Internet.” The document said abuse of the service has been the subject of recent blog posts by both OpenDNS and Cisco Systems.

Monday’s seizure was the tenth major malware disruption Microsoft has participated in. The actions typically combine surprise technical and legal procedures that eradicate or significantly disrupt major botnets.

South Korea gives up on Microsoft – Giving Open Sauce a chance

According to a government statement, South Korea wants to break from its Microsoft dependency and move to open source software by 2020″

In a statement the government said that it will invigorate open source software in order to solve the problem of dependency on certain software. The government has invested in Windows 7 to replace XP, but it does not want to go through the same process in 2020 when the support of the Windows 7 service is terminated.

Facebook Added ‘Research’ To User Agreement 4 Months After Emotion Manipulation Study

The study came to light recently when he and his two co-researchers from Cornell University and University of California-SF published their study describing how users’ moods changed when Facebook curated the content of their News Feeds to highlight the good, happy stuff (for the lucky group) vs. the negative, depressing stuff

Four months after this study happened, in May 2012, Facebook made changes to its data use policy, and that’s when it introduced this line about how it might use your information: “For internal operations, including troubleshooting, data analysis, testing, research and service improvement.”

Newegg.com – BITCOIN ACCEPTED

• Twitter / Newegg: We’re proud to announce…

We're proud to announce our acceptance of @Bitcoin via @BitPay. Learn more at https://t.co/2jxwhQQ92U #neweggbitcoin https://t.co/tRD4VO0MIU

— Newegg (Official) (@Newegg) July 1, 2014

We’re proud to announce our acceptance of @Bitcoin via @BitPay. Learn more at https://bit.ly/1qcn4Jo #neweggbitcoin

• 1-800-FLOWERS.COM Partners with Coinbase to Accept Bitcoin

Beginning this fall, 1-800-FLOWERS will be adding bitcoin as a payment option across its extensive family of gifting sites, including 1-800-FLOWERS.COM, FannieMay.com, Cheryl’s.com, ThePopcornFactory.com, 1-800-Baskets.com, FruitBouquets.com, and Stockyards.com.

Time Machine:

Today in Tech:

23 Years ago In 1991 — Finnish Prime Minister Harri Holkeri made the world’s first GSM call over a privately operated network to Vice Mayor Kaarina Suonio in Tampere. The Prime Minister used Nokia gear on GSM’s original 900MHz band.

The post Microsoft Cyber Terrorism | Tech Talk Today 18 first appeared on Jupiter Broadcasting.

We’ll cover how the most common type of VPN has been cracked wide open. Plus what to look for when renting a server, and what’s involved in managing a dedicated box.

Plus a batch of your questions!

All that and more on this week’s TechSNAP!

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show:

   

Show Notes: