Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

— Show Notes —

Links

• Sessions met with top Russian official twice – CNNPolitics.com
• Obama administration reportedly raced to preserve intelligence on possible contact between Russians and Trump associates | Fox News
• Dopamine Puppets | Scott Adams’ Blog
• Mike Pence used private email for state business
• Kushner and Flynn Met With Russian Envoy in December, White House Says – NYTimes.com
• Straight From the Clinton Playbook: Russia Blamed For Murder of DNC Staffer
• Estranged wife: Biden son wasted money on drugs, prostitutes | Fox News
• DC Lobbyist Will Hire Actors to Reenact Seth Rich’s Murder | Washingtonian
• GOP Wants To Eliminate Obama’s Slush Fund – World News Politics
• Huckabee Rails Against DOJ ‘Slush Fund’: ‘Worse Than a Mafia Shakedown’ | Fox News Insider
• Report: Obama Admin Funneled Billions Into Left-Wing Activist Groups | Daily Wire
• BREAKING: Obama’s SECRET SLUSH FUND DISCOVERED- What He Did With It Is TERRIFYING
• GOP wants to eliminate shadowy DOJ slush fund bankrolling leftist groups | Fox News
• Justice’s Liberal Slush Fund – WSJ
• China Was Bill Clinton’s Russia – WSJ
• Sessions Bugged Too? – Vessel News
• Fox News – Breaking News Updates | Latest News Headlines | Photos & News Videos
• Former U.S. intelligence chief rejects Trump wiretap accusation | Reuters
• Saudi Arabia Stealing 65% of Yemen’s Oil in Collaboration with Total: Report – American Herald Tribune
• How Congress responded to Trump’s request to investigate the Obama administration – CNNPolitics.com
• Video emerges of Trump’s ‘Oval Office row’ with Bannon | Daily Mail Online
• schubert_9e_additional_cases_ch04_03.pdf
• Obama Advisor Rhodes Is Wrong: The President Can Order A Wiretap, And Why Trump May Have The Last Laugh | Zero Hedge
• Justin Hendrix on Twitter: “1/ The wiretaps that Donald Trump “just found out” about have been reported for weeks. I’m going to summarize here some of the discussion.”
• EXCLUSIVE: FBI ‘Granted FISA Warrant’ Covering Trump Camp’s Ties To Russia
• After Michael Flynn’s Resignation, Surveillance Defenders Suddenly Care About Wiretap Abuse
• White House supports renewal of spy law without reforms: official | Reuters
• Mika Tearfully Tells Viewers of Trump: ‘If People out There Feel Nervous, We Do Too’ :: Grabien News
• Comey Asks Justice Dept. to Reject Trump’s Wiretapping Claim – The New York Times
• CIA, DOJ sued over leaks of classified info about former NSA Flynn | Fox News
• Washington Goes Nuts – WSJ
• 2014-10-23 Branch Direction Meeting notes
• WikiLeaks Releases Alleged CIA Hacking Secrets – NBC News
• Wiretapping Word-Thinking | Scott Adams’ Blog
• Obama to McCain: ‘The Election’s Over’ – YouTube
• Imgur: The most awesome images on the Internet
• Vault7 – Home
• org-chart.png (1800×2700)
• WikiLeaks publishes massive trove of CIA spying files in ‘Vault 7’ release | The Independent
• WikiLeaks claims CIA targeted iPhones, Microsoft and turned Samsung TVs into microphones in global hacking programme – Mirror Online
• Wikileaks: CIA ‘Stole’ Russian Malware, Uses It to ‘Misdirect Attribution’ of Cyber Attacks
• CIA planned to hack cars and trucks to carry out undetectable assassinations claims WikiLeaks – Mirror Online
• The New York Times on Twitter: “WikiLeaks release said CIA had program to use Samsung smart TVs as covert listening devices https://t.co/w7PX4XGrbW”
• Newest Remote Car Hacking Raises More Questions About Reporter’s Death – WhoWhatWhy
• The Ron Paul Institute for Peace and Prosperity : The Left’s Great Russian Conspiracy Theory
• WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents – The New York Times
• WikiLeaks CIA ‘Year Zero’ dump reveals covert hacking tools | Circa News – Learn. Think. Do.
• CIA Has an “Impressive List” of Ways to Hack Into Your Smartphone, WikiLeaks Files Indicate
• Watch: MSNBC’s Andrea Mitchell thrown out of Tillerson meeting while asking about Russia – TheBlaze
• Guardian: FBI Asked For Warrant to Monitor Trump Aides | Mother Jones
• Obama Administration Rushed to Preserve Intelligence of Russian Election Hacking – The New York Times
• Intercepted Russian Communications Part of Inquiry Into Trump Associates – The New York Times
• House intelligence chief has seen no evidence to back Trump wiretap charge | Reuters

The post Vault 7 Unlocked | Unfilter 228 first appeared on Jupiter Broadcasting.

A research team finds various ways to attack LastPass, how to use a cocktail of current Android exploits to own a device & hacking a point of sale system using poisoned barcodes!

Plus some great questions, our answers, a rockin roundup & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Even the last pass will be stolen

• “During one of Alberto’s red team pentests, he gained access to several machines and found that all of them had files with references to LastPass. He came to me and told me it would be cool to check how LastPass works and if it was possible to steal LastPass credentials. 10% of our time is for research so we made that our small project.”
• “We found how creds where stored locally and wrote a Metasploit plugin so he could use it to extract vault contents from all the compromised machines. Thanks to the module, he was able to obtain SSH keys to critical servers and the pentest was a success.”
• They tested three different scenarios:
• Client side attacks: A post-exploitation scenario in which an attacker has certain access to the victim’s machine (no root access needed)
• LastPass side attacks: A scenario in which LastPass employees, attackers compromising their servers, or anyone MiTMing the connection is the attacker
• Attacks from the outside: Attackers that are not on the client nor on LastPass servers side.
• They used a number of different approaches
  • Using cookies
  • Abusing account recovery to obtain the encryption key
  • Bypassing 2 factor authentication
• “URLs/Icons are encoded, not encrypted: This means that there is no privacy. If you like shady pr0n or you are registered in questionable forums, anyone looking at your encrypted vault will know it. Also, if you reset your password in some site and update the LastPass vault account when prompted for it, the unique reset password URL may be stored as well. If the webmaster did not a good job of expiring the unique link, you gave LastPass the link to reset your password again.”
• “Credentials often encrypted with ECB mode: ECB is a weak encryption method that should never be used. LastPass will know if you are reusing passwords from looking at the cipher text. This is bad because LastPass can go check any of the existing password dumps out there, see if you are registered in one of the hacked sites”
• “what would happen if we google “extensions.lastpass.loginpws”. You guessed it! People are sharing their encrypted LastPass credentials with the rest of the world without their knowledge. You can also find credentials in pastebin. The best part is that now you know how to decrypt them and everything you need is right there.”
• Recommendations For you:
• Use the binary version of the plugin
• Do not store the master password
• Activate the new Account Recovery over SMS
• Audit your vault for malicious JS payloads
• Don’t use “password reminder”
• Activate 2FA
• Add country restrictions
• Disallow TOR logins
• Recommendations For LastPass
• Get rid of custom_js!
• Encrypt the entire vault in one chunk
• Don’t use ECB
• Use PBKDF2 between client and LastPass also
• Use cert pinning
• Embrace open source
• Adopt a retroactive, cash rewarded bug bounty program
• Additional Coverage

Google AOSP Email App HTML Injection

• The Google AOSP Email App is vulnerable to HTML Injection on the email body.
• It allows a remote attacker to be able to send a crafted email with a payload that redirects the user to a target url as soon as he opens the email.
• This issue is not related with the email provider configured on the app but with the incorrect filter of potential dangerous tags on the client side.
• The researchers sent an email with the HTML tag meta using the attribute http-equiv refresh to redirect the user to the target URL.
• This vulnerability has a dangerous potential for phishing attacks. With a bit of creativity, a convincing phishing scenario is plausible.
• Other vectors like using intent-based URI are also another possibility. Just this week we learned that in MobilePwn2Own, an exploit was showcased that explores a vulnerability in Javascript V8 engine in Chrome, where a user just needs to browse to a page and it installs a apk without any kind of user interaction.
• During the MobilePwn2Own demo of the V8 engine vulnerability, security researcher Guang Gong showed how easy it was to take advantage of an Android device.

“As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone.” While a BMX game is relatively harmless in the grand scheme of things, a lot more damage could have been done.

• This exploit combined with the Email app vulnerability is a very dangerous combo.
• This app is available in all Android versions up to Kitkat(4.4.4). This application exists because up until Gmail for Android 5.0, it was the only way to configure other email providers (Exchange Servers, Yahoo,Hotmail,etc) on Android
• From Android Lolipop (5.0) upwards , the AOSP app no longer exists in the system.
• Since probably that are still a lot of users using the AOSP Email App the researchers decided to contact Google regarding this issue.
• Google replied they don’t have plans for the fix of this vulnerability.
• Users from Android Ice Cream Sandwich (4.0.3) upwards, should migrate the accounts from the AOSP Email App to the Gmail App, since the Gmail App version 5.0+ is supported.
• Users with previous Android versions should upgrade to Ice Cream Sandwich (4.0.3) or above where possible or use a different email client.

One Barcode Spols the Whole Bunch

• This week’s PanSec 2015 Conference in Tokyo where researchers with Tencent’s Xuanwu Lab demonstrated a number of attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
• The attacks, dubbed BadBarcode, are relatively simple to carry out, and the researchers behind the project said it’s difficult to pinpoint whether the scanners or host systems need to be patched, or both—or neither.
• “We do not know what the bad guys might do. BadBarcode can execute any commands in the host system, or [implant] a Trojan,” said Yang Yu, who collaborated with colleague Hyperchem Ma. Yu, last year, was rewarded with a $100,000 payout from Microsoft’s Mitigation Bypass Bounty for a trio of ASLR and DEP bypasses. “So basically you can do anything with BadBarcode.”
• Yu said his team was able to exploit the fact that most barcodes contain not only numeric and alphanumeric characters, but also full ASCII characters depending on the protocol being used.
• Barcode scanners, meanwhile, are essentially keyboard emulators and if they support protocols such as Code128 which support ASCII control characters, an attacker could create a barcode that is read and opens a shell on the computer to which the commands are sent.
• Yu and Ma said during their presentation that Ctrl+ commands map to ASCII code and can be used to trigger hotkeys, which registered with the Ctrl+ prefix, to launch common dialogues such as OpenFile, SaveFile, PrintDialog. An attacker could use those hotkeys to browse the computer’s file system, launch a browser, or execute programs.
• Yu suggest that barcode scanner manufacturers no enable additional features beyond standard protocols by default, nor should they transmit ASCII control characters to the host device by default.

• Hosts in IoT environments, meanwhile, should think twice about using barcode scanners that emulate keyboards, and should disable system hotkeys, Yu said.

• Slides

Feedback:

• Linux Bare Metal Incremental Backup

• ZFS Question…. Yes another freaking ZFS ?

• A couple questions

• Great Network software called Comcast

Round-Up:

• Here’s a Spy Firm’s Price List for Secret Hacker Techniques
• The Great Firewall of Santa Cruz – A fun CS homework assignment
• It’s time to secure your Amazon account with two-factor authentication
• Stanford professor releases draft of textbook “A Graduate Course in Applied Cryptography”
• Flying a cylon raider — hacking without your favourite tools
• Ngrok, a tool to make island hopping easier, proxy any servers from a foreign internal network to your own network via a compromised host
• Platform Independant, Position Independant ASM for loading a .DLL
• Windows Driver Signing Bypass, by: Derusbi, an infamous piece of malware. The oldest identified version was compiled in 2008. It was used on well-known hacks such as the Mitsubishi Heavy Industries hack discovered in October 2011 or the Anthem hack discovered in 2015
• Intel’s 72-Core ‘Knight’s Landing’ Xeon Phi Supercomputer Chip Cleared For Takeoff
• Analysis of GHOST, one of the earlier “named” vulnerabilities
• Gmail will soon warn you when an unencrypted message arrives
• A Boeing 737 tailstrike was cased by: a typo when the flight crew entering the weight on an iPad
• Reverse engineering iOS9 with Javascript
• Kaspersky issues its 2016 security predictions, “IT’S THE END OF THE WORLD FOR APTs AS WE KNOW THEM”
• Sign up for Tinder clone to get laid, instead get screwed

The post A Keyboard Walks into a Barcode | TechSNAP 242 first appeared on Jupiter Broadcasting.

You won\’t believe how cheap a botnet is these days, then we play a game from your leaked Adobe passwords.

Plus we answer uber batch of your questions, and our answers all that much much more, on this week’s episode of TechSNAP!

Thanks to:

Show Notes:

Cost of stolen identities at all time low due to excessive supply

• There is so much supply of stolen identities that the going price for a US identity has fallen to a record low $25
• Foreign identities are worth only $40
• Credentials for a bank account with between $70,000 and $150,000 costs a mere $300
• \”Fullz,\” or personal identities, went for $40 per U.S. stolen ID and $60 for a stolen overseas ID in 2011 when Dell SecureWorks last studied pricing in the underground marketplace.
• Now those IDs are 33 to 37 percent cheaper.
• Pricing trends are interesting, says Raj Samani, CTO of McAfee. But they also can be misleading, he says, because prices are all over the map.
• “You can have varying prices depending on the sources you go to.\”
• McAfee in its June cybercrime study found a DDoS-for-hire service for $2 per hour, and another for $3 per hour, for instance, he says.
• Dell SecureWorks found DDoS services anywhere from $3- to $5 per hour, $90- to $100 per day, and $400 to $600 a month.
• The cost of getting a website hacked runs from $100 to $300, with more experienced black hat hackers charging more for their services. In an interesting twist, the researchers found that these attackers stipulated that they don\’t hack government or military websites.
• Doxing services—where a hacker steals as much information as they can about a victim or target via social media, social engineering, or Trojan infection—ranges from $25 to $100.
• Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250.

Adobe top passwords crossword

• For once, we can have a little fun with a major site being compromised
• The website is a crossword puzzle, made up of some of the top passwords that have been bruteforced or guessed from the ‘encrypted’ Adobe database
• The ‘clues’ are peoples password hints
• Because Adobe did not use a ‘salt’, all users who had the same password, had the same encrypted password, so by combining the password hints of all of the users with the same password, it gets much easier to guess common passwords
• It seems many people use names of people they know, parents and grandparents using children seems excessively prevalent
• Top 100 actual passwords

Feedback:

• Setting up a pfsense/FreeNAS box. FreeNAS within pfsense, or vice versa?

• Back that *** up

• How to reaching my home-server without port-forwarding

Submit your best of stories for the end of the year special

• Stories from 2013 that Went BIG or went BUST?

Round Up:

• Stories from 2013 that Went BIG or went BUST? : techsnap

• Windows 8.1 on 3711 floppy disks

• Kevin Mitnick: How to Troll the FBI
• Hacking sprees against government agencies a widespread problem List of Agencies includes US Army, DoE, and DHHS, vector was Cold Fusion (same as the Adobe hack)
• GitHub resets user passwords following rash of account hijack attacks
• [Video] Brendon Gregg @ LISA13 – Blazing Performance with Flame Graphs
• Without a disruptive technology, experts warn Super Computing will plateau
• My SaaS vendor told me this is a bullet proof vest
• Fun with .bashrc

The post Password Decryption Games | TechSNAP 138 first appeared on Jupiter Broadcasting.

Attackers use BGP to redirect and monitor Internet traffic, 42 Million dating site passwords leaked, and the data center that could be coming to a town near you.

Plus a great batch of your questions, our answers, and much much more!

On this week’s TechSNAP!

Thanks to:

Show Notes:

Attackers compromise core routers and redirect internet traffic

• Attackers have managed to compromise some routers running BGP (Border Gateway Protocol), and cause them to inject additional hops into some routes on the Internet, allowing them to execute man-in-the-middle (MitM) attacks and/or monitor some users’ traffic
• Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year
• “[The attacker is] getting one side of conversation only,” Cowie said. “If they were to hijack the addresses belonging to the webserver, you’re seeing users requests—all the pages they want. If they hijack the IP addresses belonging to the desktop, then they’re seeing all the content flowing back from webservers toward those desktops. Hopefully by this point everyone is using encryption.”
• In one attack the hop starting in Guadalajara, Mexico and ending in Washington, D.C., included hops through London, Moscow and Minsk before it’s handed off to Belarus, all because of a false route injected at Global Crossing, now owned by Level3
• “In a second example, a provider in Iceland began announcing routes for 597 IP networks owned by a large U.S. VoIP provider; normally the Icelandic provider Opin Kerfi announces only three IP networks, Renesys said. The company monitored 17 events routing traffic through Iceland”
• Renesys does not have any information on who was behind the route hijacking

Cupid Media Hack Exposed 42M Passwords

• The data stolen from Southport, Australia-based dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe, PR Newswire and the National White Collar Crime Center (NW3C), among others.
• Plain text passwords for more than 42 million accounts
• Andrew Bolton, the company’s managing director. Bolton said the information appears to be related to a breach that occurred in January 2013.
• When Krebs told Bolton that all of the Cupid Media users I’d reached confirmed their plain text passwords as listed in the purloined directory, he suggested I might have “illegally accessed” some of the company’s member accounts. He also noted that “a large portion of the records located in the affected table related to old, inactive or deleted accounts.”
• > “The number of active members affected by this event is considerably less than the 42 million that you have previously quoted,” Bolton said.
• The danger with such a large breach is that far too many people reuse the same passwords at multiple sites, meaning a compromise like this can give thieves instant access to tens of thousands of email inboxes and other sensitive sites tied to a user’s email address.
• Facebook has been mining the leaked Adobe data for information about any of its own users who might have reused their Adobe password and inadvertently exposed their Facebook accounts to hijacking as a result of the breach.
• The Date of Birth field is a ‘datetime’ rather than just a ‘date’, and seems to include a random timestamp, maybe from when the user signed up
• Additional Coverage

Feedback:

• Need some help with a HP Server question

• Don\’t be Evil

  • DNS Made Easy

• ZFS on Linux for Production

• Legal mumbo jumbo at the bottom of emails.

Round Up:

• DoctorBeet\’s Blog: LG Smart TVs logging USB filenames and viewing info to LG servers
• Gartner says OpenStack lacks clarity and will be hard to sell
• Swansea police pay ransom to open files locked by hackers
• Allan Jude Interviewed about ScaleEngine on BSD Talk podcast
• Not all USB power is created equal
• Sears teams up with Ubiquity Critical Environments to convert disused Sears Auto Centers into hyper-local data centers

[asa]B00GHME0RE[/asa]

The post Scenic BGP Route | TechSNAP 137 first appeared on Jupiter Broadcasting.

The business of selling 0day exploits is booming, we’ll explain how this shady market works, and how a couple guys turned a Verizon Network Extender into a spy listening post.

A huge batch of your questions…

And much much more, on This week’s TechSNAP!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get private registration FOR FREE with a .COM! code: free5
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Yahoo to start recycling disused email addresses, introduces new security feature to prevent abuse

• Yahoo’s email server has been running for a very very long time
• As such, many of the best usernames are taken, even though many of them have not been used in a decade
• So, Yahoo plans to start recycling those addresses that are no longer used
• The obvious problem with a move like this is that if there are any accounts still tied to this old email address, the new owner can request a password reset to the email address that they now control, and take over that account
• Yahoo’s Developers have come up with a rather ingenious way to prevent this, although the implementation is dependant on the 3rd party services to implement it (Facebook already has)
• Yahoo’s mail servers will now respect the non-standard header ‘Require­-Recipient­-Valid­-Since’
• The idea is that when Facebook sends a password reset email, they include this header with the date that the facebook account was created, if the yahoo email address is NEWER than that date, it may not belong to the same person any more, and yahoo will send a bounce message back to Facebook, rather than delivering the email
• This prevents someone from acquiring the disused email address and performing the password reset
• Yahoo has created an IETF Draft specification for this header, if ratified, it will become an internet standard and be added to the IANA Permanent Message Header Field registry
• It is not yet clear if other services such as Twitter will implement this
• It seems unlikely that Online Banking and other services will implement this system, so make sure all of your online services have a valid current email address, preferably one you plan to keep for the long term
• Yahoo Developers Blog

The business of selling 0day exploits is booming

• There are a number of businesses selling zero day exploits including: Vupen in Montpellier, France; Netragard in Acton, Mass.; Exodus Intelligence in Austin, Tex.; and ReVuln in Malta
• There is as a Virginia startup called Endgame, apparently involving a former director of the NSA which is doing a lot of undisclosed business with the US Government
• The USA, Israel, Britain, Russia, India and Brazil spend staggering amounts of money buying these exploits
• Many other countries including North Korea, a number of Middle Eastern intelligence agencies, Malaysia and Singapore are also in the market
• These exploits have value both offensively and defensively, if you know the details of a zero day exploit, you can better protect yourself from others who may know about it as well
• However if you report it to the vendor so it gets patched, you protect everyone, but lose the offensive value
• The average zero-day exploits goes undetected for 312 days, before it gets used enough that AV vendors notice it and it gets reported and patched
• Services like Vupen charge $100,000/year for access to their catalogue, with varying prices of the actual exploits
• Netragard only sells to US clients, and reports that the average flaw now sells from $35,000 to $160,000
• In years past, rather than selling these flaws to companies like Vupen and ReVuln, who then sell them to governments, security researchers would report them to vendors like Microsoft and Google, just for the recognition and sometimes a t-shirt
• Many vendors now have bug bounty programs to reward researchers for reporting vulnerabilities, rather than keeping them, using them or selling them
• To counter this, Microsoft recently raised its bug bounty reward program, now up to $150,000

Feedback:

TechSNAP Bitmessage: BM-GuGEaEtsqQjqgHRAfag5FW33Dy2KHUmZ

• A few weeks ago someone asked about creating a system to automatically route all of their traffic over TOR. A FreeBSD developer has created a simple system to do just that

• Runs FreeBSD? Mcafee Sidewinder enterprise firewall

• Submit the best security finds and the biggest fails to the pwnies – Awards Ceremony to be held at Blackhat USA 2013

• laptop/live-sd for cautious traveler

• Google\’s solution if you get hit by a bus.

• Roll Your Own CrashPlan

• pfSense Freezing

• Needs to start at square one to remotely login into his FreeNAS

• Seafile the OSS Dropbox Killer?

• Basically another Question

• Just wondering if either of you has used \’verified execution\’ or \’veriexec\’?

  • I have never used it, but there has been a lot of interesting discussion of it at BSD Conferences, and if I was trying to make an exceptionally secure system, it would definitely be something I would consider implementing
  • Introduction to Verified Exec – Brett Lymn – BSDCan 2012
  • Extension to veriexec to use digital signatures – Alistair Crooks – EuroBSDCon 2012
  • And for some other considerations to building a secure appliance: FreeBSD, Capsicum, GELI and ZFS as key components of a security applaince – Pawel Jakub Dawidek – BSDCan 2013

Round Up:

• Russia cites Snowden type leaks as basis for government control of the Internet
• Blackberry 10 devices send your email passwords in the clear back to BlackBerry HQ
• The EFF awards Yahoo a gold star for fighting to preserve users’ privacy against government spying
• 9 traits of a veteran network admin
• DuckDuckGo provides privacy, but only from advertisers, not governments
• Turning a Verizon Network Extender into a spy listening post
• Amazon 1 button sniffing your HTTPS traffic?
• Why collecting all data does not work – Lessons from Medical Tests
• Network Solutions posted on facebook that they were experiencing a large DDOS at 10:57 – Followup post said issue was resolved at 13:22
• Who has the most Web Servers – Updated July 2013
• Google backs up your wifi passwords in plain text?

The post Exploit Brokers | TechSNAP 119 first appeared on Jupiter Broadcasting.

Researchers find exploits for popular game engines, putting both clients and servers at risk, we’ll share the details.

Plus TerraCom epic privacy breach, a recap from BSDcan 2013, your questions our answers, and much much more!

On this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! 32% off your ENTIRE first order just use our code go32off3 until the end of the month!

Support the Show:

   

Support the Show:

   

Support the Show: