Show Notes: techsnap.systems/383

The post The Power of Shame | TechSNAP 383 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Google Will Survive SESTA. Your Startup Might Not.

• Requires unreliastic levels of censorship by platforms; not even the big players will be able to comply 100%

• Proponents consider startups to be outliers, which “will be successfully prosecuted, civilly and criminally under this law”.

• Proponents are overstating the effectiveness of filtering

• Proposed standards actually discourage platforms from filtering

Companies Look to an Old Technology to Protect Against New Threats

• Tape is an old techology. It is also highly reliable and stable

• Tape sales are increasing

• Yep, backup to NAS is great, but do you have different versions of your data?

CBS’s Showtime caught mining crypto-coins in viewers’ web browsers

• This isn’t about CBS. It’s about the potential for abuse by website owners

• Code unlikely to be official sanctioned / added by CBS; mure more likely it was a malicious third party or insider.

• The email address associated with the mining account is personal, not corporate

• Ethical issues for content providers to figure out

Feedback

• Funny sounds throughout the show

• Cox checking for credit score

Round Up:

• One week after

• SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors

• APFS AND HFS+ BENCHMARKS

• What’s New in PostgreSQL 10?

• a 160-terabits-per-second cable

The post Laying Internet Pipe | TechSNAP 339 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Distrustful U.S. allies force spy agency to back down in encryption fight

• Some ISO delegates said much of their skepticism stemmed from the 2000s, when NSA experts invented a component for encryption called Dual Elliptic Curve and got it adopted as a global standard.

• In 2007, mathematicians in private industry showed that Dual EC could hide a back door, theoretically enabling the NSA to eavesdrop without detection. After the Snowden leaks, Reuters reported that the U.S. government had paid security company RSA $10 million to include Dual EC in a software development kit that was used by programmers around the world.

Viacom exposes crown jewels to world+dog in AWS S3 bucket blunder

• Researchers found a wide-open, public-facing misconfigured AWS S3 bucket containing pretty much everything a hacker would need to take down the company’s IT systems.

• “The contents of the repository appear to be nothing less than either the primary or backup configuration of Viacom’s IT infrastructure,” Vickery revealed today.

• The Amazon-hosted bucket could be accessed by any netizen stumbling upon it, and contained the passwords and manifests for Viacom’s servers, as well as the access key and private key for the corporation’s AWS account. Some of the data was encrypted using GPG, but that wouldn’t be an issue because the bucket also contained the necessary decryption keys.

Equifax sends customers to wrong website, not theirs, for help

• The credit management company Equifax has been sending customers to a fake “phishing” website for weeks, potentially causing them to hand over their personal data and full financial information to hackers.

• After the data breach was revealed earlier this month, Equifax established the domain www.equifaxsecurity2017.com to handle incoming customer questions and complaints. This website is not connected to Equifax’s main website.

• On Wednesday, a user reached out to Equifax on Twitter asking for assistance. The responding tweet sent the user to www.securityequifax2017.com, which is an impostor site designed to look like the Equifax splash page.

FinFisher government spy tool found hiding as WhatsApp and Skype

• This week (21 September), experts from cybersecurity firm Eset claimed that new FinFisher variants had been discovered in seven countries, two of which were being targeted by “man in the middle” (MitM) attacks at an ISP level – packaging real downloads with spyware.

• When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found.

• When downloaded, the software would install as normal – but Eset found it would also be covertly bundled with the surveillance tool.

Feedback

• Stored passwords & Amazon Fire Stick

+Hey Dan. What is a good and inexpensive tape backup drive for LTO tapes? What works for you best? Thx!

Round Up:

• HOW TO HACK A TURNED-OFF COMPUTER

• Passwords For 540,000 Car Tracking Devices Leaked Online

• In spectacular fail, Adobe security team posts private PGP key on blog

Apache Struts Vulnerability: More Than 3,000 Organizations At Risk Of Breach

• Facebook re-licenses React under MIT license after developer backlash

The post Patch Your S3it | TechSNAP 338 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

ACLU & EFF SUE OVER WARRANTLESS PHONE AND LAPTOP SEARCHES AT U.S. BORDER

• Some folks feel that biometic data is not covered by US 5th Amendment (the right to non-self-incrimination)

• recent Reddit post YSK: Facial scans, iris scans, and your fingerprints are not protected by the fifth amendment and therefore not secure.

• Regent University Law Professor James Duane gives viewers startling reasons why they should always exercise their 5th Amendment rights when questioned by government officials – Don’t Talk to the Police

30 interesting commands for the Linux shell

Equifax is so last week. Everybody go home and take a shower and change your underwear, because… This week’s hair on fire emergency is now upon us, and we’re going to need you fresh, at your desk, for… Well, for all eternity, I guess

• A new attack vector exposes almost every connected Bluetooth device.

Feedback

• re Episode 328 consider iRedMail

• SSL – more than encryption

Round Up:

• The sudden death and eternal life of Solaris

• Boeing 787 In Flight Entertainment System Security fun!

• Lenovo Wasn’t Paying Attention: 750,000 Laptops Had Spyware

• U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage
  

• Equifax Argentina admin/admin for credentials

• Windows 0-day is exploited to install creepy Finspy malware (again)

• wait…..I can just…make PDFs with whatever want show up on the FCC’s site? – also

The post FCC’s Free Offsite Storage | TechSNAP 337 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The Equifax Breach: What You Should Know

• Also driver license

• Equifax blames open-source software for its record-breaking security breach

• APACHE FOUNDATION REFUTES INVOLVEMENT IN EQUIFAX BREACH

• “An Apache spokeswoman told Reuters on Friday that it appeared Equifax had not applied patches for flaws discovered this year.”

Sysadmin 101: Ticketing

Chrome’s Plan to Distrust Symantec Certificates

Feedback

• Fake lawsuit phone call scam phone call

+Recent Time Warner breach

• re Episode 335 Uses for extended attributes

• Internet in the boonies

• If you like both command-line and 1Password

Round Up:

• Andy Rubin apologizes for Essential’s ‘humiliating’ customer data leak

+Low-tech privacy breach earns Aetna lawsuit for revealing HIV patients

• A Comparison of Linux Container Images

• Instagram alerts high-profile users their data may have been accessed

• Water Lily personal turbine

• Recursive Filesystem Entries

The post Equihax | TechSNAP 336 first appeared on Jupiter Broadcasting.

MP3 Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Equifax blames open-source software for its record-breaking security breach

It’s far more likely that — if the problem was indeed with Struts — it was with a separate but equally serious security problem in Struts, first patched in March.

• A critical Apache Struts security flaw makes it ‘easy’ to hack Fortune 100 firms

Linus Torvalds Wants Hackers to Join Linux Before They Attack Linux

Torvalds also noted that as a technical person he is impressed by the ingenuity of the people who attack Linux code.

“There are smart people doing bad things. I wish they were on our side, and they could help us,” Torvalds said. “Where I want us to go is to get as many smart people as we can before they turn to the dark side.

“We would improve security that way and get those who are interested in security to come to us before they attack us,” he added.

GNOME 3.26: Wayland vs. X.Org Performance – Boot Times, Power Use, Memory Use & Gaming

• Wayland loads the desktop slightly faster
• no real significant difference in memory and battery consumption
• On benchmarks that can use Wayland directory there is no significant difference between Mutter using Wayland or Xorg
• On benchmarks forced to use XWayland Xorg is like 5 times more frames per second.

Linux Academy

• Linux Academy | Linux and AWS Online Training

Mailspring – The best free email app

A fast and maintained fork of Nylas Mail – the best free email app for Mac, Linux, and Windows.

Hi there! My name is Ben Gotow, and I’m one of the original authors of Nylas Mail. My company, Foundry 376, is re-launching Nylas Mail because I believe it can be—and should have been—the best new mail client in a decade.

Manjaro Linux has a Laptop

Powered with 7th Generation Intel Core Processors, up to 32GB RAM and dual drive bays, the Spitfire can take whatever you can throw at it. And keep going.

With a super-light all-aluminum chassis, and a killer 1080p IPS display, the Spitfire can run Manjaro at blazing speed.

Key features are:

• 7th Gen Intel® Core CPUs (i5-7200u or i7-7500u)
• INTEL® HD GRAPHICS 610/620
• Backlit Keyboard
• Silver Aluminium Chassis
• DDR4 Memory Support up to 32 GB of RAM
• Ultra thin: just 17.8mm!
• Full HD IPS 1920 x 1080
• SuperFast SSDs (up to 500 GB)
• SuperSpeed USB 3.0
• HDMI Output Connection
• Mini Display Port
• 1.0MP Webcam
• Wireless Fitted as Standard

Ubuntu GNOME Shell in Artful: Day 11

However, as I mentioned when talking about our new Ubuntu Shell theme, GDM, as being a system-wide component, will keep using our Ubuntu style with no easy way to change it. The theme name is indeed hardcoded in the Shell for good reasons (for instance, there is the fear that user themes, changing the css, may end up being outdated, and potentially can break the Shell and GDM, leaving the user with no UI at all). We were distro-patching this by changing gnome-shell.css by our ubuntu.css style.

It would mean as well people switching to the vanilla session or GNOME classic had no way (apart from recompiling) to change the current GDM theme.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Hacking IoT Devices with Kali Linux

Remember BackTrack Linux?

The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing:

• WHAX: a Slax-based Linux distribution developed by Mati Aharoni, a security consultant. Earlier versions of WHAX were called _Whoppix_[6] and were based on Knoppix.
• Auditor Security Collection: a Live CD based on Knoppix developed by Max Moser which included over 300 tools organized in a user-friendly hierarchy.

The overlap with Auditor and WHAX in purpose and in collection of tools partly led to the merger.

Note: BackTrack Linux is no longer being maintained. Please check www.kali.org

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution

Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.

TING

• Ting – mobile that makes sense

Official Kali Linux Downloads

We generate fresh Kali Linux image files every few months, which we make available for download. This page provides the links to download Kali Linux in its latest official release. For a release history, check our Kali Linux Releases page. Please note: You can find unofficial, untested weekly releases at https://cdimage.kali.org/kali-weekly/.

netdiscover: netdiscover

To discover the IP’s on an internal network, we will usually want to scan a range of IP addresses. In netdiscover, we can use the -r switch (for range) and then in CIDR notation provide it the network range we want it to scan. In the command below, we are asking netdiscover to find all the live hosts with IP addresses between 192.168.1.1 to 192.168.1.255. We do this by typing;

netdiscover -r 192.168.1.0/24

OpenVAS – OpenVAS – Open Vulnerability Assessment System

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

Metasploit Framework | Kali Linux

In keeping with the Kali Linux Network Services Policy, no network services, including database services, run on boot as a default, so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support.

The post Hacking Devices with Kali Linux | LINUX Unplugged 214 first appeared on Jupiter Broadcasting.