Show Notes: linuxactionnews.com/237

The post Linux Action News 237 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/176

The post Linux Action News 176 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/386

The post Perilously Precocious Predictions | LINUX Unplugged 386 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/378

The post All in One Pi | LINUX Unplugged 378 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/332

The post The BSD Hyperbole | BSD Now 332 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/134

The post Linux Action News 134 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/308

The post Mumbling with OpenBSD | BSD Now 308 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/304

The post Prospering with Vulkan | BSD Now 304 first appeared on Jupiter Broadcasting.

MP3 Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show

• A Raspberry Pi robot that helps people make their grocery list.

Follow Up / Catch Up

Technology Industry Leaders Join Forces to Increase Predictability in Open Source Licensing

To provide greater predictability to users of open source software, Red Hat, Facebook, Google and IBM today each committed to extending the GPLv3 approach for license compliance errors to the software code that each licenses under GPLv2 and LGPLv2.1 and v2.

As I say in the article, I'm seriously thrilled that companies are participating in this dialog and upping their commitment to enforce in a way that is friendly to the long term success of #freesoftware https://t.co/rRVbEOvug5

— karen sandler (@o0karen0o) November 28, 2017

• Facebook, Google, IBM, Red Hat give GPL code scofflaws 60 days to behave – or else

In a blog post, Re7d Hat explained that legal proceedings generally produce poor results in the free software and open-source community and that litigation should almost always be avoided.

Lemonade-stand: A handy guide to financial support for open source

“I do open source work, how do I find funding?”

Linux Academy

• Linux Academy | Linux and AWS Online Training

Ubuntu 17.10: Return of the GNOME

In light of the GNOME switch, this release seems like more of a homecoming than an entirely new voyage.

Lynis Follow Up from Founder of CISOfy

Few additions you might find useful to know:
– Lynis celebrated its 10 year birthday this month
– Lynis can also run as non-privileged user. In that case, the log/report is stored in /tmp.

— Michael Boelen (@mboelen) November 23, 2017

Texas Linux Fest Call for Papers

We are proud to officially announce Texas Linux Fest 2018, scheduled for June 8 and 9 at the AT&T Conference Center in Austin, Texas.

Fedora 25 enters End of Life status in a little over 2 weeks. Upgrade to Fedora 26 or Fedora 27 to ensure your system is updated and secure https://t.co/FTl9EFwZd8

— Fedora Project (@fedora) November 27, 2017

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

• An Introduction to DigitalOcean Spaces

Is the Front line of the Web Firefox?

Do Linux users need to boycott Chrome?

• DRM’s Dead Canary: How We Just Lost the Web, What We Learned from It, and What We Need to Do Next | Electronic Frontier Foundation

EFF has been fighting against DRM and the laws behind it for a decade and a half, intervening in the US Broadcast Flag, the UN Broadcasting Treaty, the European DVB CPCM standard, the W3C EME standard and many other skirmishes, battles and even wars over the years. With that long history behind us, there are two things we want you to know about DRM:

1. Everybody on the inside secretly knows that DRM technology is irrelevant, but DRM law is everything; and
2. The reason companies want DRM has nothing to do with copyright

TING

• Ting – mobile that makes sense

Gentoo Challenge Check In

The post Hacking the Community | LINUX Unplugged 225 first appeared on Jupiter Broadcasting.

RSS Feeds:

HD Video Feed | MP3 Feed | iTunes Feed

Become a supporter on Patreon:

Episode Links

• GNOME officially on board for the Librem 5 — The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone.
• Replicant expands list of supported devices — A few months have passed since the initial Replicant 6.0 release and it’s time for another one. This release more than doubles the number of supported devices and contains a few important fixes and improvements.
• UBports release OTA 2 — The UBports project is excited to announce the immediate availability of Ubuntu Touch 15.04 OTA-2.
  This is a huge release for the Ubuntu Touch platform, bringing new supported devices, new features, and many bug fixes.
• Launching Pipewire! — Pipewire is the latest creation of GStreamer co-creator Wim Taymans. The original reason it was created was that we realized that as desktop applications would be moving towards primarly being shipped as containerized Flatpaks we would need something for video similar to what PulseAudio was doing for Audio.
• EFF quits W3C over Encrypted Media Extensions — In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing “Encrypted Media Extensions,” an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the use of its patent pool, its staff support, and its moral authority to the idea that browsers can and should be designed to cede control over key aspects from users to remote parties.
• Facebook finally caves on react.js license — Next week, we are going to relicense our open source projects React, Jest, Flow, and Immutable.js under the MIT license. We’re relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don’t want to hold back forward progress for nontechnical reasons.
• Red Hat Announces Broad Expansion to Open Source Patent Promise — The expanded Patent Promise, while consistent with Red Hat’s prior positions, breaks new ground in expanding the amount of software covered and otherwise clarifying the scope of the promise. Red Hat believes its updated Patent Promise represents the broadest commitment to protecting the open source software community to date.

The post Linux Action News 20 first appeared on Jupiter Broadcasting.

Find out about another hospital that accidentally took advantage of free encryption, researchers turn up a DDoS on the root DNS servers & the password test you never want to take.

Plus your batch of networking questions, our answers & a packed round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researchers at VeriSign investigate DDoS on root DNS servers

• Researchers from VeriSign, the company that runs the .com and .net registries, and operations 2 of the 13 critically import root DNS servers, will be giving a talk at a conference detailing their investigation into the attack
• Their findings suggest the attack, which took place in November of 2015, was not directed at the root name servers directly, but was an attempt to down two chinese websites
• The attack had some interesting patterns, likely caused by design decisions and mistakes made by the programmer of the botnet that was used in the attack
• The provide a video showing a breakdown of the attack
• It was interesting to learn that Randall Munroe (of XKCD fame) actually came up with the best way to visualize the distribution of IP addresses, with a grid where sequential numbers are in adjacent squares
• Only IP addresses in the first 128 /8 netbooks were used. The use of 128/8 specifically suggests an less than or equal, rather than an equal was used during the comparison of IP addresses
• It is not clear why a larger set of addresses were not used
• The attack seemed to use 3 or 4 different groups of bots, sending spoofed DNS requests
• Two of the larger groups of bots sequentially cycled through the 2.0.0.0/8 through 19.0.0.0/8 subnets at different speeds
• Attacks were not seen from the 10.0.0.0/8 and 127.0.0.0/8 networks, for obvious reasons
• However, a delay in the attacks sourced from 11.0.0.0/8 suggests that the botnet attempted to use the entire 10 block, but the packets just never left the source networks
• “The researchers also note that Response Rate Limiting was an effective mitigation in countering up to 60 percent of attack traffic. RRL is a feature in the DNS protocol that mitigates amplifications attacks where spoofed DNS queries are used to target victims in large-scale DDoS attacks.”
• “In addition to RRL, the researchers said attack traffic was easily filterable and through filtering were able to drop response traffic for the attack queries, leaving normal traffic untouched. One of the limitations with this approach is that it’s a manual process”

Virus hits Medstar hospital network, Hospital forced to shutdown systems

• “The health system took down some its computers to prevent the virus from spreading, but it’s not clear how many computers — or hospitals — are affected”
• “A statement by the health system said that all facilities remain open, and that there was “no evidence of compromised information.””
• “The not-for-profit healthcare system operates ten hospitals across the Washington and Baltimore region, with more than a hundred outpatient health facilities. According to the system’s website, it has more than 31,000 employees and serves hundreds of thousands of patients annually.”
• “One visitor to the hospital told ZDNet that staff switched the computers off after learning about the virus. The person, who was visiting a patient in one of the healthcare system’s Washington DC hospital, said the computers were powered off for more than an hour, with all patient orders lost, the person said.”
• “It’s not clear exactly what kind of malware was used in Monday’s cyberattack. A spokesperson for MedStar Health did not immediately respond to a request for comment.”
• An FBI spokesperson confirmed that it was “aware of the incident and is looking into the nature and scope of the matter.”
• Additional Coverage: Threat Post
• After a few days, the medical network was recovering
• “The healthcare provider said the attack forced it to shut down its three main clinical information systems, prevented staff from reviewing patient medical records, and barred patients from making medical appointments. In a statement issued Wednesday, it said that no patient data had been compromised and systems were slowly coming back online.”
• “Clinicians are now able to review medical records and submit orders via our electronic health records. Restoration of additional clinical systems continues with priority given to those related directly to patient care”
• “While the hospital still won’t officially confirm the attacks were ransomware related, The Washington Post along with other news outlets are reporting that employees at the hospital received pop-up messages on their computer screens seeking payment of 45 Bitcoins ($19,000) in exchange for a digital key that would decrypt data”
• “The MedStar cyberattack is one of many hospitals in recent months targeted by hackers. Last week, Kentucky-based Methodist Hospital paid ransomware attackers to unlock its hospital system after crypto-ransomware brought the hospital’s operations to a grinding halt. Earlier this year Los Angeles-based Hollywood Presbyterian Medical Center paid 40 Bitcoin ($17,000) to attackers that locked down access to the hospital’s electronic medical records system and other computer systems using crypto-ransomware.”
• As long as hospitals continue to pay out, this will only grow to be a worse problem
• “Medical facilities don’t give security the same type of attention that other verticals do,” said Craig Williams, senior technical leader for Cisco Talos. “They are there to heal people and cure the sick. Their first priority is not to take care of an IT environment. As a result it’s likely the hackers have been out there for quite some time and realized that there are a lot (healthcare) sites that have a lot of base vulnerabilities.”
• As you might expect: 1400 vulnerabilities to remain unpatched in medical supply system
• Additional Coverage
• In related news:
• Canadian hospital website compromised serves up the Angler malware kit to visitors
• The site is for a hospital in a small city that serves a mostly rural area. Happens to be where I grew up, and the hospital I was born in
• The hospital site is run on Joomla, and is running version 2.5.6, which has many known vulnerabilities. The latest version of Joomla is 3.4.8
• “Like many site hacks, this injection is conditional and will appear only once for a particular IP address. For instance, the site administrator who often visits the page will only see a clean version of it, while first timers will get served the exploit and malware.”
• The obvious targets are “staff, patients and their families and visitors, as well as students”
• The hospital became a teaching facility for McMaster University’s Faculty of Health Sciences in 2009
• “The particular strain of ransomware dropped here is TeslaCrypt which demands $500 to recover your personal files it has encrypted. That payment doubles after a week.”

CNBC Password Tester — How not to do it

• CNBC has a post about constructing secure passwords
• The basic idea was that you submit your password, and it tells you how strong it is
• There are obvious problems with this idea. Why are you giving out your password anyway?
• Of course, the CNBC site is served in plain text (which is fine for a news site), but it means your password is sent to them in the clear
• Worse, they had the site adding all of the submitted passwords to a google spreadsheet, also in the clear
• Because the password was submitted as a GET variable, and was in the URL, it was also included in the referral information sent to all of the advertising networks in the CNBC site, including DoubleClick, ScoreCardResearch, something hosted at Amazon AWS, and any other widgets on the site (Facebook, Gigya)
• If you actually did want to build a tool like this, at least use javascript to perform the calculations on the users’ device and never transmit their passwords
• Of course, users should never type the password into another website. This is the definition if a phishing attack
• The page has since been removed
• Additional Coverage

Feedback:

• pfSense question ALERT!
• OpenVPN vs IPSec VPN
• leaky DNS

Round Up:

• Finnish supercomputer suffers largest unplanned outage in years, provides post mortem
• Mattel hit by fake CEO scam, for $3 million. Managed to get it back because the next day was a bank holiday in China
• Google offers a free DDoS shield to news papers and other sites that seek to expose corruption, and may face state-level DDoS attacks attempting to silence them
• EFF Proposes “DRM Non-Aggression Pact” as part of W3C standard for DRM. Asks signatories to agree not to go after security researchers or those making ‘compatible’ technologies
• Amazon Updates Its Policies To Ban USB Type-C Cables That Are Not Fully Spec Compliant
• TrendMicro A/V software accidently exposes debugging console that can be exploited
• US Federal court warns of scammers trying to get people to pay hefty fines for missing fake jury duty
• HID Networking Door Controllers have remote root vulnerability, hilarity ensues
• A Romanian ex-minister faces jail time after embezzling the windfall from the 47% discount Microsoft gave the government for a 5 year deal to use MS Office in all Schools and Public Institutions
• New SideStepper exploit allows Man-in-the-Middle attacks against iOS devices, requires phishing or otherwise tricking the user
• Enders Analysis ad blocker study finds ads take up 79% of mobile data transfer
• Operating Blockbuster, an investigation into the Sony Pictures Entertainment wiper hack
• How Wi-Fi Works

The post Holding Hospitals Hostage | TechSNAP 261 first appeared on Jupiter Broadcasting.

We share our best stories from 2016’s SCALE14x. From the highlights to the bar fights we talk about what it’s like to attend one of the largest community driven Linux events in the world.

Plus the Linux Trojan that’s snapping screenshots & recording audio, Linux Mint is building their own X-Apps, your live calls & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

• Linux Academy Weekly Roundup

SCALE 14x Report

Mark Shuttleworth Keynote and UbuCon

• Free Software in the age of App Stores: https://youtu.be/ybuwdpnEbZU?t=22m50s
• The case for snap packages: https://youtu.be/ybuwdpnEbZU?t=37m17s
• Demo of Snap Packages was great
• AT&T’s latest Linux choice may profoundly shape Ubuntu

AT&T has struck a deal with Canonical that could shape the future of the platform currently “owning” the cloud…

Cory Doctorow Keynote

• Why Cory Doctorow refuses to predict the future (like, seriously) | Opensource.com

SCALE 14x Floor

• Huge floor, lots of great exhibitors

LAS 400 Meetup

• Crazy big meetup, thanks everyone!

ScALE Pictures

• Expo Hall 1
• Expo Hall 2
• Expo Hall 3
• Expo Hall 4
• Ham Radio Presence at ScALE
• Facebook / OpenRack Project
• Facebook / OpenRack Project
• Facebook / OpenRack Project
• Facebook / OpenRack Project
• Anyone know what kind of car Linus Torvalds Rives?
• Indian Dinner Friday Night
• Dinner Sat Night at Mongolian Grill
• Key Signing Party
• Sat Night Ham Radio Dinner

Some Great sessions to watch

• 4 Years in the Trenches with Linux/QEMU/libvirt – YouTube
• From Sys Admin to Netflix SRE – YouTube
• Essential Linux Security – YouTube

— PICKS —

Runs Linux

Nintendo 64 RUNS LINUX!

Uploaded Linux kernel to N64 memory using GameShark Pro with parallel port interface in about 2 minutes. Modified kernel in approx. 1 week of work. Immediately runs out of memory, but could probably be fixed with further modifications.

• Home – mupen64plus

Desktop App Pick

My recommended GNOME Extension

• Chris’ Gnome Work Desktop

This is a listing of twenty extensions for GNOME that I personally use and recommend.
As of this post all them work flawlessly on the latest release of GNOME which is 3.18.2.

Weekly Spotlight

Yarock – Linux music player

Yarock is a modern looking music player, packed with features, that doesn’t depend on any specific desktop environment.
Yarock is designed to provide an easy and pretty music browser based on cover art.
Yarock is easy to build with a minimal set of dependancies, and offers the choose of differents audio back-end.

Lollypop

A GNOME music player.

— NEWS —

Snap-Happy Trojan Targets Linux Servers

Researchers at Dr.Web on Tuesday revealed details of the Trojan Linux.Ekoms.1, which takes screen shots and records audio to acquire sensitive and personal information, mostly from Linux servers.

• Trojan for Linux takes screenshots — Dr.Web – innovation anti-virus security technologies. Comprehensive protection from Internet threats.
• Linux.Ekoms.1 the Linux trojan that takes screenshotsSecurity Affairs
• Linux Trojan Takes Screenshots Every 30 Seconds | SecurityWeek.Com

The Linux Mint Monthly News – January 2016

X-Apps will be a collection of generic GTK3 applications using traditional interfaces which can be used as default desktop components in Cinnamon, MATE and Xfce.

Release OBS Multiplatform 0.13.0

This project is a rewrite of what was formerly known as “Open Broadcaster
Software”, software originally designed for recording and streaming live
video content, efficiently.

Semaphor to Give Team Collaboration Privacy

Semaphor helps teams improve their productivity by keeping members focused, informed, and connected. Teams can join group conversations, private message team members, share files, and install trusted third-party integrations knowing their privacy is protected at every step. Following the same privacy-centric design as all SpiderOak solutions, Semaphor uses a Zero Knowledge architecture that ensures nothing leaves a computer or mobile device until after it is encrypted and is never decrypted until it is unlocked with keys only located on individuals’ devices.

KDE neon Website Now Live

@jriddell and friends at @fosdem launching Neon ! pic.twitter.com/ILsoJ4qve2

— Rohan Garg (@rohangarg) January 30, 2016

Serving the freshest packages of KDE software. Developers’ archive with packages built from KDE Git available now, stable archive with packages built from released tars coming soon.

• Kubuntu founder Jonathan Riddell to announce project Neon at FOSDEM | CIO

The @kdecommunity at the @KdeNeon launch party tonight pic.twitter.com/TDVBRoCacu

— jriddell (@jriddell) January 30, 2016

• This initial release of KDE neon is based on the current standard release of Ubuntu 15.10 to better prepare this new project for the upcoming 16.04 long-term release.
• Currently we only have packages built for the developer edition of KDE neon from the KDE Git archives. Packages and installation media for the user edition of KDE neon will be proudly offered shortly.
• KDE neon (@KdeNeon) | Twitter

Feedback:

Brought to you by: System76

• Chris’ call out for the community to help him with his background for the Linux Action

Were you around for today’s (10 January 2016) live show? If not, you should seriously consider taking some time with us on Sunday and watch the live show. Not only will you get more content, but you’ll be able to interact with Chris and Noah.
One of the things that came up today was Chris talking about his background in today’s episode.

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post The Stories of SCALE14x | LAS 402 first appeared on Jupiter Broadcasting.

We take a look back at some of the big stories of 2015, at least, as we see it.

Plus the round up & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Episode 227: Oracle’s EULAgy #oraclefanfic

• Oracle Chief Security Officer, Mary Ann Davidson, makes a blog post railing against reverse engineering and security research
• Claims Oracle is pretty good at finding bugs in their own code, and doesn’t need anyone else’s help, and that is violates their EULA
• The blog post was quickly taken down, but this is the Internet, it doesn’t work like that

Episode 196: Sony’s Hard Lessons

• Bruce Schneier walks us through what we can learn from the hack of Sony’s corporate network

Episode 217: An Encryptioner’s Conscience

• A recurring theme: firmware is terrible
• Replace your router with something that runs a real OS
• Luckily, more and more routers finally have enough hardware to run a minimal Linux or BSD install
• Smaller APU and Atom machines can run full OS or appliance software like pfSense

Episode 211: The French Disconnection

• Episodes recorded live in the studio always have a different feel to them, especially when it happens to be the 4th anniversary of the show
• The top story in this episode was about how to detect when your network has been breached
• Some great detail, and discussion of the Target and Sony hacks as examples of what to do, and what not to do

Episode 212: Dormant Docker Disasters

• The man who broke the music business
• Detailing the infinalside story of how some of the most popular music albums made it onto the internet before they were even in stores
• Again, in person episodes are always special

Episode 237: A Rip in NTP

• Recap of my visit to the OpenZFS

Round Up:

• Maltrail, a new MIT licensed open source malicious traffic detection system
• Making malware that is harder to detect, breaks some disassemblers
• “Firestorm”, a new vulnerability in “next generation” firewalls
• CryptoWall 4 – The Evolution Continues
• McAfee Enterprise Security Manager failed to manage own security. Authentication bypass vulnerability found
• Tutorial: How to reverse unknown protocols using Netzob
• Don’t be a victim of Tax Refund Fraud in 2016, Krebs has tips to protect yourself
• Tutorial: Fake WiFi Access Point, create a rough AP or an “Evil Twin”

The post Snappy New Year! | TechSNAP 247 first appeared on Jupiter Broadcasting.

The Trans Pacific Partnership, Obama’s big legacy making deal is signed. Early details about how it handles copyright law, the pharma industry & labor have been leaked. We dig into how the TPP will impact online intellectual property & consumers.

Plus deeper look at Russia’s involvement in Syria, a high note & much more!

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

Show Notes:

— Episode Links —

• U.S. Weaponry Is Turning Syria Into Proxy War With Russia – The New York Times

CIA Weapons now flooding into Syria since Russian support began.

The American-made TOW antitank missiles began arriving in the region in 2013, through a covert program run by the United States, Saudi Arabia and other allies to help certain C.I.A.-vetted insurgent groups battle the Syrian government.
The weapons are delivered to the field by American allies, but the United States approves their destination. That suggests that the newly steady battlefield supply has at least tacit American approval, now that Russian air power is backing President Bashar al-Assad.
“By bombing us, Russia is bombing the 13 ‘Friends of Syria’ countries,” he said, referring to the group of the United States and its allies that called for the ouster of Mr. Assad after his crackdown on political protests in 2011.

The C.I.A. program that delivered the TOWs (an acronym for tube-launched, optically tracked, wire-guided missiles) is separate from — and significantly larger than — the failed $500 million Pentagon program that was canceled last week after it trained only a handful of fighters. That was unsuccessful largely because few recruits would agree to its goal of fighting only the militant Islamic State and not Mr. Assad.

Rebel commanders scoffed when asked about reports of the delivery of 500 TOWs from Saudi Arabia, saying it was an insignificant number compared with what is available. Saudi Arabia in 2013 ordered more than 13,000 of them. Given that American weapons contracts require disclosure of the “end user,” insurgents said they were being delivered with Washington’s approval.

• ‘MH17 crash’ test simulation video: Il-86 plane cockpit hit with BUK missile – YouTube
• Dutch Safety Board simulates MH17 being hit by BUK missile – YouTube
• Dutch Safety Board MH17 final report (FULL VIDEO) – YouTube

The post What is the TPP | Unfilter 162 first appeared on Jupiter Broadcasting.

Exclusive interviews from the floor of LinuxFest Northwest 2015, meet the man who brought Netflix to Linux & changed the WINE project forever, how Intel builds the MinnowBoard for Linux, the state of ZFS on Linux & how we had so much fun it just might be illegal.

Plus a quick look at the new KDE Plasma update, Telegram’s surprising popularity & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

Instant Messaging in Fedora Workstation 2 | Brno’s hat

Telegram – I was really surprised by the popularity of Telegram. I personally don’t know anyone who uses it, but it looks like it could be the new #1 IM service for open source enthusiasts as Jabber was in the last decade. It’s the only (at least a bit popular) modern IM service that is trying to be open and focused on privacy. It has a Linux desktop app written in Qt. You can find it in Copr although it’s not packaged very well and the app is missing an icon. I’m not sure how easy it would be for the package to make it into the official repositories. The website says they’re using slightly modified Qt which could make it difficult. There is also a plugin for Pidgin which doesn’t support advanced features, but works well for simple chat communication (again available in Copr). If we pick Pidgin as the default browser again, we should have this plugin pre-installed since Telegram seems to be becoming more and more popular.

• Instant Messaging in Fedora Workstation | Brno’s hat

• Instant Messaging in Fedora Workstation

Catch Up:

• KDE – KDE Ships Plasma 5.3, New Feature Release

• Angela’s Yoga Update

LinuxFest Northwest 2015

Bellingham, WA • April 25th & 26th

• Want to attend future JB events in Seattle, or your area? Join our group: Jupiter Broadcasting Meetup – Meetup

TING

• Ting – mobile that makes sense

OpenZFS

OpenZFS was announced in September 2013 as the truly open source successor to the ZFS project. Our community brings together developers from the illumos, FreeBSD, Linux, and OS X platforms, and a wide range of companies that build products on top of OpenZFS.

• ZFS on Linux

Linux Academy

• Linux Academy | Linux and AWS Online Training

minnowboard.org

MinnowBoard and MinnowBoard MAX are a Intel(r) Atom(tm) processor based boards which introduces Intel(r) Architecture to the small and low cost embedded market for the developer and maker community. They offer exceptional performance, flexibility, openness and standards.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

OLD: How To Use Netflix In Ubuntu Through Wine (PPA Available)

Netflix is finally working on Linux! No, there’s no native Linux Netflix application, but with a patched Wine build, you can now use Netflix under Linux.

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

Support Jupiter Broadcasting on Patreon

The post How The Fest Was Fun | LINUX Unplugged 90 first appeared on Jupiter Broadcasting.

If we could rebuild the Internet from scratch, what would we change? It’s more than just a thought experiment. We’ll share the details about real world research being done today!

Plus we dig through the Sony hack, answer a ton of great question & a rocking roundup!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

Reinventing Computers And The Internet From Scratch, For The Sake Of Security

• DARPA funded research is looking at how we might design the Internet if we had to do it over again
• Many decisions that were made 30 and 40 years ago when UNIX and TCP/IP were designed, may be done differently today
• The overall project has a number of sub-projects:
  • CRASH – Clean-Slate Design of Resilient, Adaptive, Secure Hosts
  • MRC – Mission-Oriented Resilient Clouds
  • CTSRD – Clean Slate Trustworthy Secure Research and Development (Custard)
• BERI: Bluespec Extensible RISC Implementation: a open-source hardware-software research and teaching platform: a 64-bit RISC processor implemented in the high-level Bluespec hardware description language (HDL), along with compiler, operating system, and applications
• CHERI: capability hardware enhanced RISC instructions: hardware-accelerated in-process memory protection and sandboxing model based on a hybrid capability model
• TESLA: temporally enforced security logic assertions: compiler-generated runtime instrumentation continuously validating temporal security properties
• SOAAP: security-oriented analysis of application programs: automated program analysis and transformation techniques to help software authors utilize Capsicum and CHERI features
• The goal is to design newer secure hosts and networks, without having to maintain backwards compatibility with legacy systems, the biggest problem with changing anything on the Internet
• This is why there are still things like SSLv3 (instead of just TLS 1.2+), why we have not switched to IPv6, and why spam is still such a large problem
• I for one would definitely like to replaced SMTP, but no one has yet devised a plan for a system that the world could transition to without breaking legacy email while we wait for the rest of the world to upgrade
• “Corporations are elevating security experts to senior roles and increasing their budgets. At Facebook, the former mantra “move fast and break things” has been replaced. It is now “move slowly and fix things.””
• For performance reasons, when hardware and programming languages were designed 30 and 40 years ago, it was decided that security would be left up to the programmer
• The CHERI project aim to change this, by implementing ‘Capabilities’, a sandboxing and security mechanism into the hardware, allowing the hardware rather than the software to enforce protections, preventing unauthorized access or modification of various regions of memory by malicious or compromised applications.
• CHERI, and the software side of the project, Capsicum, are based on FreeBSD, but are also being ported to Linux, where Google plans to make extensive use of it in its Chrome and Chromium browsers.
• Additional Coverage

Sony Internal Network Hacked

• No, this is not Episode 3 of TechSNAP, Sony was hacked, again
• Hackers identifying the selves as Guardians of Peace (GOP) claim to have stolen as much as 100TB of data from Sony
• One questions how they managed to exfiltrate such a huge amount of data without being noticed. A full 1 GBPS internet connection would have to run at full capacity for 10 days to move that much data. It seems a lot of the data was likely compressible, but unreleased movies etc would not be
• At this point, only about 40GB of data has been leaked, mostly internal documents
• “The data dump includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationale for leaves of absence. There are spreadsheets containing the salaries of 6,800 global employees, along with Social Security numbers for 3,500 U.S. staff. And there is extensive documentation of the company’s operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives.”
• When will companies learn that a spread sheet is not a secure place to store sensitive information
• In a memo to Employees Sony Pictures Entertainment chiefs Michael Lynton and Amy Pascal said “While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession,”
• Additional Coverage – CNET – 47,000 Social Security Numbers leaked, Celebrity Data included
• Additional Coverage – Sony Employees receive email threats: “your family will be in danger”
• Additional Coverage – BuzzFeed – Inside the Sony Data
• Additional Coverage – Gizmodo – Sony hack worse than thought
• Additional Coverage – Washington Post
• Additional Coverage – Edgadget
• Additional Coverage – The Verge
• George Clooney predicted the Sony Hack in December (in a now leaked email)
• Additional Coverage – BitDefender – Take Aways from the Sony Hack
• Additional Coverage – ArsTechnica – Attackers also stole certificates to sign malware

Feedback:

• Jupiter Dev Summit on Monday the 15th

• Remotely activate/disable firewall rules?

• AuthPF (works, especially remotely)

• FreeNAS/ZFS Filesystem Relationships

• Screenshot

• Naming software bugs like storms

• [ways to use as much bandwidth a possible? ](https://www.reddit.com/r/techsnap/comments/2oftzo/ways_to_use_as_much_bandwidth_a_p
  ossible/)

• Malware Authorship Language

• 31C3 – The 31st Chaos Communication Congress Who will be there?

Round Up:

• Sony hack: Studio Tries to Disrupt Downloads of its Stolen Files
• Brian Krebs interviewed on 60 Minutes
• Reset Linux Root Password
• Payment Processor “Charge Anywhere” transmitted some data in plain text, finds malware on their network stealing the data
• Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
• Fabrice Bellard (FFMPEG, QEMU, etc) introduces BPG, a replacement for JPG based on HEVC, better image quality in smaller size. Javascript based decoder means all browsers can render the images already
• Ron Wyden (D-OR) Introduces bill to prevent FBI backdoors — “The Secure Data Act would ban agencies from making manufacturers alter their products to allow easier surveillance or search”
• Man arrested for trying to sell detailed plans for next US Air Craft Carrier to Egypt
• DMCA should be altered to allow tinkering with hardware
• Flaw in Mantis bug tracker allow attackers and spammers to bypass captchas
• Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
• Why you should only trust open source for your sensitive emails

The post Signed by Sony | TechSNAP 192 first appeared on Jupiter Broadcasting.

The Feds want Apple to break iOS encryption using an 18th-century law & it certainly fails the sniff test. Sony is playing the victim after it’s recent breach & the hype is reaching new levels of absurd. Plus the decade old iTunes lawsuit that could feature testimony from Steve Jobs, we’ll tell you how.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Feds want Apple’s help to defeat encrypted phones, new legal case shows

Prosecutors invoke 18th-century All Writs Act to get around thorny problem.

Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.

In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.

Ars is publishing the documents in the California case for the first time in which a federal judge in Oakland specifically notes that “Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.”

The two orders were both handed down on October 31, 2014, about six weeks after Apple announced that it would be expanding encryption under iOS 8, which aims to render such a data handover to law enforcement useless. Last month, The Wall Street Journal reported that DOJ officials told Apple that it was “marketing to criminals” and that “a child will die” because of Apple’s security design choices.

Apple did not immediately respond to Ars’ request for comment.

DOJ is uing an Antiquated 1789 ‘All Writs Act’ To Try To Force Phone Manufacturers To Help Unlock Encrypted Phones

Ars went in person to the Oakland courthouse on Wednesday to obtain the documents and is publishing both the government’s application and the judge’s order for the first time here. The All Writs Act application and order are not available via PACER, the online database for federal court records.

“This Court has the authority to order Apple, Inc., to use any capabilities it may have to unlock the iPhone,” Garth Hire, an assistant US attorney, wrote to the court and cited the All Writs Act.

Cyber Ring Stole Secrets For Gaming US Stock Market

Reuters has the scoop this morning on a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to the report, the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers’ reach within the target organization: sending phishing email messages to other employees.

Sony hires Mandiant after cyber attack, FBI starts probe | Reuters

Sony Pictures Entertainment has hired FireEye Inc’s Mandiant forensics unit to clean up a massive cyber attack that knocked out the studio’s computer network nearly a week ago, three people with knowledge of the matter said on Sunday.

• New evidence points to North Korean involvement in Sony Pictures hack | The Verge

New evidence is emerging that suggests North Korea may be behind the hack. The Wall Street Journal is reporting that researchers investigating the hack have found the malicious code to be almost exactly the same as the code used in a March 2013 attack on a series of South Korean banks and broadcasters, an attack widely believed to have been conducted by North Korea. Re/code had previously reported that Sony was investigating a North Korean connection, but this new analysis is the most definitive evidence unearthed so far.

• Sony Restored After Hacking, Nears Deal For NYPD Docu ‘The Seven Five’ | Deadline

Sony Pictures has gotten its computer systems back online, with emails and everything else up and running again.

Google sold more Chromebooks to US schools than Apple did iPads in Q3

According to the latest data from IDC, Google, for the first time ever, has overtaken Apple in United States schools. The research firm claims that Google shipped 715,000 Chromebooks to schools in the third quarter, while Apple shipped 702,000 iPads to schools. Chromebooks as a whole now account for a quarter of the educational market (via FT).

Chromebooks start at $199, while last year’s iPad Air, with educational discounts applied, costs $379. The research firm also says that many school corporations prefer the full keyboard found on Chromebooks instead of the touchscreen found on iPads. Some schools that use iPads, however, supply students with a keyboard case as well, but that only further increases the cost of iPads compared to Chromebooks.

Apple faces trial in decade-old iTunes DRM lawsuit | ITworld

Plaintiffs in the Apple iPod iTunes antitrust litigation complain that Apple married iTunes music with iPod players, and they want $350 million in damages. The lawsuit accuses Apple of violating U.S. and California antitrust law by restricting music purchased on iTunes from being played on devices other than iPods and by not allowing iPods to play music purchased on other digital music services. Late Apple founder Steve Jobs will reportedly appear via a videotaped statement during the trial, scheduled to begin Tuesday morning in U.S. District Court for the Northern District of California.

The original January 2005 complaint in the case references a music distribution industry that no longer exists nearly a decade later. The document refers to iTunes competitors Napster, Buy.com, Music Rebellion and Audio Lunch Box, along with digital music players from Gateway, Epson, RCA and e.Digital.

The opening paragraphs of the complaint talk about defunct CD seller Tower Records.

Apple has monopoly market power, lawyers for plaintiff Thomas Slattery wrote. “Apple has rigged the hardware and software in its iPod such that the device will not directly play any music files originating from online music stores other than Apple’s iTunes music store,” they wrote.

Apple removed DRM (digital rights management) from iTunes in early 2009, so the lawsuit covers iPods purchased from Apple between September 2006 and March 2009.

The post Ghosts of DRM Past | Tech Talk Today 99 first appeared on Jupiter Broadcasting.

Belkin users go offline all over the world due to a router design flaw, Facebook has a private chat app in the works, Adobe spies on you & Comcast gets a customer fired for complaining about their service.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Borked Belkin routers leave many unable to get online | Ars Technica

Owners of Belkin routers around the world are finding themselves unable to get online today. Outages appear to be affecting many different models of Belkin router, and they’re hitting customers on any ISP, with Time Warner Cable and Comcast among those affected. ISPs, inundated with support calls by unhappy users, are directing complaints to Belkin’s support line, which appears to have gone into meltdown in response.

The reason for the massive outages is currently unknown. Initial speculation was that Belkin pushed a buggy firmware update overnight, but on a reddit thread about the problem, even users who claim to have disabled automatic updates have found their Internet connectivity disrupted.

Update: Belkin has given us the following statement:

Starting approximately midnight on October 7, Belkin began experiencing an issue with a service configured in certain Belkin router models that causes a failure when it checks for general network connectivity by pinging a site hosted by Belkin.

If your service has not yet been restored, please unplug your router and plug it back in after waiting 1 minute. Wait 5 more minutes and the router should reconnect. If you have any further issues, please contact our support at (800) 223-5546.

Facebook Readies App Allowing Anonymity – NYTimes.com

The company is working on a stand-alone mobile application that allows users to interact inside of it without having to use their real names, according to two people briefed on Facebook’s plans, who spoke on the condition of anonymity because they were not authorized to discuss the project.

The point, according to these people, is to allow Facebook users to use multiple pseudonyms to openly discuss the different things they talk about on the Internet; topics of discussion which they may not be comfortable connecting to their real names.

There are many unknowns as to how the new app will interact, if at all, with Facebook’s main site. It is unclear if the app will allow anonymous photo sharing, or how friend interactions and existing friend connections will work.

Adobe spies on reading habits over unencrypted web because your ‘privacy is important’ • The Register

Adobe confirmed its Digital Editions software insecurely phones home your ebook reading history to Adobe — to thwart piracy.

And the company insisted the secret snooping is covered in its terms and conditions.

Version 4 of the application makes a note of every page read, and when, in the digital tomes it accesses, and then sends that data over the internet unencrypted to Adobe.

Adobe explained that the data it collects is for digital rights management (DRM) mechanisms that may be demanded by publishers to combat piracy, and gave a detailed list of what and why it needs such specific information:

• User ID: The user ID is collected to authenticate the user.
• Device ID: The device ID is collected for digital right management (DRM) purposes since publishers typically restrict the number of devices an eBook or digital publication can be read on.
• Certified app ID: The Certified App ID is collected as part of the DRM workflow to ensure that only certified apps can render a book, reducing DRM hacks and compromised DRM implementations.
• Device IP: The device IP is collected to determine the broad geo-location, since publishers have different pricing models in place depending on the location of the reader purchasing a given eBook or digital publication.
• Duration for which the book was read: This information is collected to facilitate limited or metered pricing models where publishers or distributors charge readers based on the duration a book is read. For example, a reader may borrow a book for a period of 30 days. While some publishers/distributers charge for 30-days from the date of the download, others follow a metered pricing model and charge for the actual time the book is read.
• Percentage of the book read: This information is collected to allow publishers to implement subscription models where they can charge based on the percentage of the book read. For example, some publishers charge only a percentage of the full price if only a certain percentage of the book is read.

Additionally, the following data is provided by the publisher as part of the actual license and DRM for the ebook:

• Date of purchase or download
• Distributor ID and Adobe content server operator URL
• Metadata of the book provided by publisher (including title, author, publisher list price, ISBN number)

Complain About Comcast, Get Fired From Your Job – Slashdot

When you complain to your cable company, you certainly don’t expect that the cable company will then contact your employer and discuss your complaint. But that’s exactly what happened to one former Comcast customer who says he was fired after the cable company called a partner at his accounting firm. Be careful next time when you exercise your first amendment rights.

• From the article:

At some point shortly after that call, someone from Comcast contacted a partner at the firm to discuss Conal. This led to an ethics investigation and Conal’s subsequent dismissal from his job; a job where he says he’d only received positive feedback and reviews for his work.

Comcast maintained that Conal used the name of his employer in an attempt to get leverage. Conal insists that he never mentioned his employer by name, but believes that someone in the Comcast Controller’s office looked him up online and figured out where he worked.
When he was fired, Conal’s employer explained that the reason for the dismissal was an e-mail from Comcast that summarized conversations between Conal and Comcast employees.

But Conal has never seen this e-mail in order to say whether it’s accurate and Comcast has thus far refused to release any tapes of the phone calls related to this matter._

The post Comcast Carries Grudge | Tech Talk Today 72 first appeared on Jupiter Broadcasting.

We embrace Daylight saving time with a special call-in edition of Coder Radio. Topics include a chat with one of the developers behind the online JavaScript assembly emulator, the encroachment of DRM in everyday life, and why Mozilla’s Persona has been put out to pasture and the difficult problem that creates for developers.

Plus your feedback, and much more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes: —

Feedback

• Git workflow with bitbucket
• Stypi

Open Mic:

• yasp

• Keurig Will Use DRM In New Coffee Maker To Lock Out Refill Market

• RubyGems.org Amazon Bill (+$7000)…

• Mozilla cutting support for Persona

• Five reasons Microsoft could become a top Android smartphone company

• Identity at Mozilla

• Identity/Firefox Accounts – MozillaWik i
• Our live doc

The post Persona Non Grata | CR 92 first appeared on Jupiter Broadcasting.

A disastrous fire strikes a major data player, and then we explain Island Hopping, and how attackers use it to exploit a network.

Then it’s a great batch of your questions, a rockin round up, and much much more.

Thanks to:

— Show Notes: —

Fire Destroys Iron Mountain Data Warehouse in Buenos Aires

• Although it’s unclear how the fire started, it spread quickly and took hours to control.
• Nine first-responders were killed during the blaze, while two are missing, and seven others are reported injured.
• By the time the fire was put out, the building “appeared to be ruined” according to news reports.
• Among the data stored there were several archives containing corporate and central bank records, a potentially huge loss that could have some surprisingly far reaching consequences.
• Just last month, for instance, the United States Supreme Court decided to hear a case on whether creditors could seek historic bank records from Argentina regarding the country’s default in 2001. Whether or not such files have now been destroyed is unknown.
• The Buenos Aires facility apparently was supposed to have had a team of private firefighters at the facility. That’s in addition to the sprinkler systems, and automatic containment mechanisms designed to stop fires from spreading through the building.
• According to local reports, it appears that the storage facility this occurred at was primarily used to store physical, paper records, not digital data. Iron Mountain has yet to release any further statements on the issue, so it’s unclear if there are any digital copies of these records. There is no mention of backup copies however in either Iron Mountain’s original press release, or in any of the statement’s from Argentine officials.
• Even with paper records (or maybe especially?), it is important to have backups, stored off-site

What happens with digital rights management in the real world?

• This article attempts to skip over the usual arguments about DRM, Copyright vs Fair Use, Morality, etc.
• Instead it focuses on what has actually happened with DRM in the real world
• The only reason most DRM works at all, is the legal protection it gets from the Government
• DRM is fundamentally technically flawed, as it relies on encrypting the valuable data, but having to give the keys to decrypt it to the attacker
• “A good analogue to this is inkjet cartridges. Printer companies make a lot more money when you buy your ink from them, because they can mark it up like crazy. So they do a bunch of stuff to stop you from refilling your cartridges and putting them in your printer. Nevertheless, you can easily and legally buy cheap, refilled and third-party cartridges for your printer. “
• This is no so with DRM, because it enjoys legal protections in the form of laws like the DMCA which make breaking DRM, even without committing any copyright infringement, illegal
• “Here\’s another thing about security: it’s a process, not a product (hat tip to Bruce Schneier!)”
• “Here is where DRM and your security work at cross-purposes. The DMCA\’s injunction against publishing weaknesses in DRM means that its vulnerabilities remain unpatched for longer than in comparable systems that are not covered by the DMCA. That means that any system with DRM will on average be more dangerous for its users than one without DRM.“
• “However, various large and respected security organisations say they knew about the Sony Rootkit months before the disclosure, but did not publish because they feared punishment under the DMCA”
• “But there can be no real security in a world where it is illegal to tell people when the computers in their lives are putting them in danger. In other words, there can be no real security in a world where the DMCA and its global cousins are still intact.”
• “You see, contrary to what the judge in Reimerdes said in 2000, this has nothing to do with whether information is free or not – it\’s all about whether people are free.”

Defense Contractors Say They Remain Vulnerable To Cyber-Attack

• The ThreatTrack Security defense contractor survey focused on a unique population of IT managers and staffers responsible for securing networks for organizations fulfilling U.S. government defense contracts.
• One quarter of those polled work for organizations with IT security budgets of $1 million to $10 million, and another 23% for organizations with budgets exceeding $10 million
• 88% believe “the government provides adequate guidance and support to contractors to ensure sensitive data is secure and protected against cyber-attacks.”
• Despite the high level of confidence regarding the government’s security guidance, almost two-thirds (62%) of IT managers polled worry that their companies are vulnerable to targeted malware attacks.
• The survey uncovered sharp differences in security attitudes and practices between defense contractors and the overall enterprise community.
• For instance, senior leaders within defense contractors far less frequently engage in risky behavior, such as opening phishing emails, lending work computers to family members or using company-owned PCs to visit pornographic websites harboring malware.
• And though their level of anxiety over vulnerability to cybercrimes isn’t too different – 62%
  among contractors and 68.5% in the enterprise – their reasons differ.
  Enterprise executives said they fear they lack adequate protection (based on a June 2013 ThreatTrack Security survey), while contractors worry more about the frequency and complexity of malware attacks.
• The survey also found contractors take more precautions against cyber-attacks than their general enterprise counterparts, which is a positive discovery considering the nature of their work.
• Asked about the most difficult aspects of defending their organizations from advanced malware, 61% of respondents cited the volume of attacks and 59% pointed to malware complexity. The number of people concerned about other aspects drops dramatically, with
  34% blaming the ineffectiveness of anti-malware tools and 29% saying they don’t have enough budget for the right tools.
• Also notable: More than a quarter of respondents (26%) said their staffs don’t have enough highly skilled IT security experts, including malware analysts.
• Based on the survey’s findings, the Snowden affair has had a profound impact on how defense contractors hire and train employees who handle sensitive information. Snowden’s leaks have caused contractors to restrict IT administrative rights and be more alert to any potential misbehavior by employees regarding data access.
• 55% of respondents said employees now get more cybersecurity-awareness training, 52% said they have reviewed and/or re-evaluated employee data-access privileges, and 47% said they are on higher alert for “potential misbehavior or anomalous network activity.”
• In addition, 41% said they have implemented stricter hiring practices, and 39% have curtailed
  IT administrative rights. Respondents who said nothing has changed were in the minority, though they still amounted to nearly one quarter (23%) of participants.

Feedback:

• Best Way of Archiving Terabytes of Video?
• Managing ssh keys
• Island hopping
• Dell Poweredge 1800
• Major European ISP hacks users (ACTA?) MITM attacs

Join us LIVE on Sunday for LAS 300 10am Pacific / 1pm Eastern / 6pm UTC

Round Up:

• Bye-bye, Vaio — Sony sells PC business, with buyer to focus on Japan
• Where digital secrets go to die
• Steve Jobs and Sony
• AT&T Video Archives: The UNIX operating system Japanese Enterprise UNIX Systems
• Watch The Guardian destroy Snowden hard drives with power tools
• Canadian spy agency tracked travelers via their WiFi in aborted trial program PDF
• China has almost twice as many Internet users as the U.S. has people
• Hackers steal professors pay cheque by hacking university HR database
• Tim Berners-Lee: we need to re-decentralise the web
• Big Data is a big load of BS most of the time
• Intel may be selling tablet processors below cost to break into the market
• Encryption failure modes

The post Island Hopping Explained | TechSNAP 149 first appeared on Jupiter Broadcasting.