Google has big plans for Fiber, Microsoft goes to court over Windows 10 auto-updates, Dropbox adds fancy new features & coding with physical blog.

Plus our Kickstarter of the week & much more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Links:

• Research Blog: Project Bloks: Making code physical for kids
• Infant With Brain Growing Outside His Skull Saved By Pioneering Surgery
• This is the world’s first 1,000-core processor
• Google Fiber’s wireless plans take shape with purchase of a gigabit ISP | Ars Technica
• Microsoft draws flak for pushing Windows 10 on PC users | The Seattle Times
• Dropbox launches a new way to scan documents with your phone, and other sharing features | TechCrunch
• Amazon to Add Dozens of Brands to Dash Buttons, but Do Shoppers Want Them? – WSJ
• Knocki: Make Any Surface Smart by Knocki — Kickstarter

The post Internet of Knocks | TTT 250 first appeared on Jupiter Broadcasting.

Windows exploits for sale at a great price, how the Internet works, yes, seriously & it’s awesome!

Plus we solve some of your problems, a great roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Windows 0-day exploit for sale, only $90,000

• “A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM”
• That actually seems like a low price, the vulnerability must not be quite the ‘game over’ scenario you might expect
• The claim is that the exploit will be sold to only one person, and will include the source code and a working demo
• Two videos of the exploit in action have been posted
• The first show the exploit working against a fully patched (May) Windows 10
• The second show the exploit bypassing all EMET mitigations
• “How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time”
• The reason for the lower price is likely this:
• “This type of flaw is always going to be used in tandem with another vulnerability to successfully deliver and run the attacker’s malicious code”
• To exploit this flaw, you need to have access to the victim’s machine. It cannot be exploited against a remote unsuspecting victim
• Of course, there are lots of malware droppers and exploit kits that provide this functionality
• “The seller claims his exploit works on every version of Windows from Windows 2000 on up to Microsoft’s flagship Windows 10 operating system.”
• “Jeff Jones, a cybersecurity strategist with Microsoft, said the company was aware of the exploit sales thread, but stressed that the claims were still unverified. Asked whether Microsoft would ever consider paying for information about the zero-day vulnerability, Jones pointed to the company’s bug bounty program that rewards security researchers for reporting vulnerabilities. According to Microsoft, the program to date has paid out more than $500,000 in bounties.”
• Microsoft does pay for bugs, but maybe not as much as the black market does
• “Microsoft heavily restricts the types of vulnerabilities that qualify for bounty rewards, but a bug like the one on sale for $90,000 would in fact qualify for a substantial bounty reward. Last summer, Microsoft raised its reward for information about a vulnerability that can fully bypass EMET from $50,000 to $100,000. Incidentally, Microsoft said any researcher with a vulnerability or who has questions can reach out to the Microsoft Security Response Center to learn more about the program and process.”
• Zerodium’s pay scale for Microsoft LPE bugs is “up to $30,000”
• The biggest factor in the actual value of an exploit to the buyer, is its longevity. How long before Microsoft figures out what the issue is and patches it
• This can be directly proportional to how widely the exploit is used. The more people it is used against, the more likely researchers will be able to get their hands on it and figure out what the problem is
• Additional Coverage

ArsTechnica: How the internet works

• “But how does it work? Have you ever thought about how that cat picture actually gets from a server in Oregon to your PC in London? We’re not simply talking about the wonders of TCP/IP or pervasive Wi-Fi hotspots, though those are vitally important as well. No, we’re talking about the big infrastructure: the huge submarine cables, the vast landing sites and data centres with their massively redundant power systems, and the elephantine, labyrinthine last-mile networks that actually hook billions of us to the Internet.”
• The article starts out by looking at submarine cables between the US and the UK
• The amount of shielding on a cable actually depends on how deep it will be deployed. The deeper it is, the less shielding is required. The biggest threat is international shipping.
• “At a 3 mile depth, cable diameter is just 17mm, akin to a marker pen encased by a thick polyethylene insulating sheath. A copper conductor surrounds multiple strands of steel wire that protect the optical fibres at the core, which are inside a steel tube less than 3mm in diameter and cushioned in thixotropic jelly. Armoured cables have the same arrangement internally but are clad with one or more layers of galvanised steel wire, which is wrapped around the entire cable.”
• “Without the copper conductor, you wouldn’t have a subsea cable. Fibre-optic technology is fast and seemingly capable of unlimited bandwidth, but it can’t cover long distances without a little help. Repeaters—effectively signal amplifiers—are required to boost the light transmission over the length of the fibre optic cable. This is easily achieved on land with local power, but on the ocean bed the amplifiers receive a DC voltage from the cable’s copper conductor. And where does that power come from? The cable landing sites at either end of the cable.”
• “Although the customers wouldn’t know it, TGN-A is actually two cables that take diverse paths to straddle the Atlantic. If one cable goes down, the other is there to ensure continuity. The alternative TGN-A lands at a different site some 70 miles (and three terrestrial amplifiers) away and receives its power from there, too. One of these transatlantic subsea cables has 148 amplifiers, while the other slightly longer route requires 149.”
• “To power the cable from this end, we’ve a positive voltage and in New Jersey there’s a negative voltage on the cable. We try and maintain the current—the voltage is free to find the resistance of the cable. It’s about 9,000V, and we share the voltage between the two ends. It’s called a dual-end feed, so we’re on about 4,500V each end. In normal conditions we could power the cable from here to New Jersey without any support from the US.”
• So what happens when a cable is damaged?
• “Once the cable has been found and returned to the cable-repair ship, a new piece of undamaged cable is attached. The ROV [remotely operated vehicle] then returns to the seabed, finds the other end of the cable and makes the second join. It then uses a high-pressure water jet to bury the cable up to 1.5 metres under the seabed”
• “Repairs normally take around 10 days from the moment the cable repair ship is launched, with four to five days spent at the location of the break. Fortunately, such incidents are rare: Virgin Media has only had to deal with two in the past seven years.”
• So once these cables are installed, they are expected to last 25+ years. Of course, if you installed a cable 5 years ago, you are likely to be disappointed with its speed. This is where new technology comes into play, by just replacing the optics at either end of the cable, you can get more data through the same fibres
• “DWDM (Dense Wavelength Division Multiplexing) technology is used to combine the various data channels, and by transmitting these signals at different wavelengths—different coloured light within a specific spectrum—down the fibre optic cable, it effectively creates multiple virtual-fibre channels. In doing so the carrying capacity of the fibre is dramatically increased.”
• DWDM allows between 40 and 160 channels to be combined down a single fibre. So suddenly those 4 strands that could only carry 10 gigabits per second each a few years ago, can carry 400, or 6.4 terabits per second
• The Tata cable featured in the article has a capacity of up to 10 terabits per pair, for a total of 40 terabits.
• “Enter one of the two battery rooms and instead of racks of Yuasa UPS support batteries—with a form factor not too far removed from what you’ll find in your car—the sight is more like a medical experiment. Huge lead-acid batteries in transparent tanks, looking like alien brains in jars, line the room. Maintenance-free with a life of 50 years, this array of 2V batteries amounts to 1600Ah, delivering a guaranteed four hours of autonomy.”
• “There are six generators—three per data centre hall. Each generator is rated to take the full load of the data centre, which is 1.6MVA. They produce 1,280kW each. The total coming into the site is 6MVA, which is probably enough power to run half the town. There is also a seventh generator that handles landlord services. The site stores about 8,000 litres of fuel, enough to last well over 24 hours at full load. At full fuel burn, 220 litres of diesel an hour is consumed, which, if it were a car travelling at 60mph, would notch up a meagre 1.24mpg—figures that make a Humvee seem like a Prius.”
• The article goes on to talk about SLAs and how the fibre network manages quality of service:
• “Latency commitments have to be monitored proactively, too, for customers like Citrix, whose portfolio of virtualisation services and cloud applications will be sensitive to excessive networking delays. Another client that appreciates the need for speed is Formula One. Tata Communications handles the event networking infrastructure for all the teams and the various broadcasters.”
• The article then goes on to talk about getting that connectivity to your house, the “last mile”
• Each of the various technologies is discussed, ADSL, VDSL (78mbps), DOCSIS3 (200mbps, but could go up to 600mbps, with DOCSIS 3.1 offering 10gbps), FTTC, and FTTH
• Of course, they also discuss Wireless and Mobile connectivity
• “Ars will have another in-depth feature on the complexities of managing and rolling out cellular networks soon”, we’ll look forward to that
• “First it was a few plucky cafes and pubs, and then BT turned its customers’ routers into open Wi-Fi hotspots with its “BT with Fon” service. Now we’re moving into major infrastructure plays, such as Wi-Fi across the London Underground and Virgin’s curious “smart pavement” in Chesham, Buckinghamshire. For this project, Virgin Media basically put a bunch of Wi-Fi access points beneath manhole covers made of specially made radio-transparent resin. Virgin maintains a large network of ducts and cabinets across the UK that are connected to the Internet—so why not add a few Wi-Fi access points to share that connectivity with the public?”
• So what is next for the last mile?
• “The next thing on the horizon for Openreach’s POTS network is G.fast, which is best described as an FTTdp (fibre to distribution point) configuration. Again, this is a fibre-to-copper arrangement, but the DSLAM will be placed even closer to the premises, up telegraph poles and under pavements, with a conventional copper twisted pair for the last few tens of metres.”
• “The idea is to get the fibre as close to the customer as possible, while at the same time minimising the length of copper, theoretically enabling connection speeds of anywhere from 500Mbps to 800Mbps. G.fast operates over a much broader frequency spectrum than VDSL2, so longer cable lengths have more impact on its efficiency. However, there has been some doubt whether BT Openreach will be optimising speeds in this way as, for reasons of cost, it could well retreat to the green cabinet to deliver these services and take a hit on speed, which would slide down to 300Mbps.”
• “So, there we have it: the next time you click on a YouTube video, you’ll know exactly how it gets from a server in the cloud to your computer. It might seem absolutely effortless—and it usually is on your part—but now you know the truth: there are deadly 4,000V DC submarine cables, 96 tonnes of batteries, thousands of litres of diesel fuel, millions of miles of last-mile cabling, and redundancy up the wazoo.”
• “The whole setup is only going to get bigger and crazier, too. Smart homes, wearable devices, and on-demand TV and movies are all going to necessitate more bandwidth, more reliability, and more brains in jars. What a time to be alive.”

Feedback:

• Building Your Own Wireless Router

• ICAP Trap

• Proper Backups

• FreeNAS File Transfer Slowdown.

  • dd if=/dev/zero of=zerofile bs=1m count=10k
  • Press control+t for progress output

Round Up:

• Lenovo Yoga Laptops Are Among PCs That Need To Lose This Application
• 93% of phishing emails sent in March contained ransomware
• TeamViewer denies hack after PCs hijacked, PayPal accounts drained Developing: Reddit thread on Teamspeak
• The government can keep your files forever, and use them against you later. This may have impact if eventually the government gains the ability to break the encryption used on your drive
• Jackpot! NASA Just Released 56 Patented Technologies Into the Public Domain
• Hackers extort ransom after finding bugs, call it a public service
• Cluster of “megabreaches” compromises a whopping 642 million passwords
• Microsoft issues headsup about new self propogating ransomware
• More vulnerability in ImageMagick and GraphicsMagick
• Ars Technica provides guide to picking a VPN server
• Google Is Teaching Its Driverless Cars How to Be Bigger Assholes on the Road

The post 10,000 Cables Under the Sea | TechSNAP 269 first appeared on Jupiter Broadcasting.

Pregnant Woman Mode is coming to a wifi router near you & we discuss the launch of Apple’s first 24/7 radio station.

Plus we explain why NSA phone records surveillance are turned back on early, the 11 attacks on San Francisco-area Internet lines & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

— Episode Links —

• Beats 1 Radio officially goes live on iOS 8.4, Apple publishes schedule on Tumblr | 9to5Mac
• Here’s a very unofficial way to listen to Beats 1 on Android devices | The Verge
• Beats 1 Tweets
• With ‘Pregnant Woman Mode,’ Chinese Router Maker Begins Marketing To Paranoids | Techdirt
• Surveillance Court Rules That N.S.A. Can Resume Bulk Data Collection – The New York Times
• FBI investigating 11 attacks on San Francisco-area Internet lines
• Researchers Use Femtosecond Lasers To Display Touchable Images In The Air | TechCrunch

The post Organic Chinese Wifi | TTT 191 first appeared on Jupiter Broadcasting.

Why boring technology might be the better choice, Google revokes & China chokes, why you want to create an account at irs.gov before crooks do it for you.

Plus your great IT questions, a rocking round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Why you should choose boring technology

• The basic premise is that in building technology, specifically web sites and web services, there is often a bias towards using the latest and greatest technology, rather than the same old boring stuff
• This often turns out to bite you in the end. Look at people who based their site or product on FoundationDB, which was recently bought and shutdown by Apple
• Look at one of the most popular sites on the internet, Facebook, originally written in PHP and MySQL, and still largely remains based on those same old technologies
• “The nice thing about boringness (so constrained) is that the capabilities of these things are well understood. But more importantly, their failure modes are well understood.”
• “Anyone who knows me well will understand that it’s only with a overwhelming sense of malaise that I now invoke the spectre of Don Rumsfeld, but I must.“
• “When choosing technology, you have both known unknowns and unknown unknowns”
• The Socratic paradox
• A known unknown is something like: we don’t know what happens when this database hits 100% CPU.
• An unknown unknown is something like: geez it didn’t even occur to us that writing stats would cause GC pauses.
• “Both sets are typically non-empty, even for tech that’s existed for decades. But for shiny new technology the magnitude of unknown unknowns is significantly larger, and this is important.”
• The advantage to using boring technology is that more people understand how it works, more people understand how it fails, more people have come before you, tried to do something similar to what you are doing
• You won’t find the answer on Stack Overflow if you are the first person to try it
• “One of the most worthwhile exercises I recommend here is to consider how you would solve your immediate problem without adding anything new. First, posing this question should detect the situation where the “problem” is that someone really wants to use the technology. If that is the case, you should immediately abort.”
• People like new toys and new challenges
• Businesses should try to avoid new costs, and new risks
• Adding a new technology is not a bad thing, but first consider if the goal can be accomplished with what you already have

Google revokes CNNIC root certificate trust

• On March 20th Google security engineers noticed a number of unauthorized certificates being used for gmail and other google domains
• The certificates were issued by a subordinate CA, MCS Holdings
• “Established in 2005, MCS (Mideast Communication Systems) offers Value Added Distribution focusing on Networking and Automation businesses.”
• MCS Holdings makes Firewalls and other network appliances
• MCS got its subordinate CA certificate from CNNIC (Chinese Internet Network Information Center)
• “CNNIC is included in all major root stores and so the misissued certificates would be trusted by almost all browsers and operating systems. Chrome on Windows, OS X, and Linux, ChromeOS, and Firefox 33 and greater would have rejected these certificates because of public-key pinning, although misissued certificates for other sites likely exist.”
• Google added the MCS certificate to its revocation list so it would no longer be trusted
• “CNNIC responded on the 22nd to explain that they had contracted with MCS Holdings on the basis that MCS would only issue certificates for domains that they had registered. However, rather than keep the private key in a suitable HSM, MCS installed it in a man-in-the-middle proxy. These devices intercept secure connections by masquerading as the intended destination and are sometimes used by companies to intercept their employees’ secure traffic for monitoring or legal reasons. The employees’ computers normally have to be configured to trust a proxy for it to be able to do this. However, in this case, the presumed proxy was given the full authority of a public CA, which is a serious breach of the CA system”
• Google accepted the explanation as the truth, but is unsatisfied with the situation
• “This explanation is congruent with the facts. However, CNNIC still delegated their substantial authority to an organization that was not fit to hold it.”
• CNNIC has specific obligations it must fulfill in order to be a trusted CA
• The CA/Browser Forum sets the policies agreed upon for signing new trusted certificates
• Mozilla has an existing policy that enumerates the possible problems and their immediate and potential consequences
• “Update – April 1: As a result of a joint investigation of the events surrounding this incident by Google and CNNIC, we have decided that the CNNIC Root and EV CAs will no longer be recognized in Google products. This will take effect in a future Chrome update. To assist customers affected by this decision, for a limited time we will allow CNNIC’s existing certificates to continue to be marked as trusted in Chrome, through the use of a publicly disclosed whitelist. While neither we nor CNNIC believe any further unauthorized digital certificates have been issued, nor do we believe the misissued certificates were used outside the limited scope of MCS Holdings’ test network, CNNIC will be working to prevent any future incidents. CNNIC will implement Certificate Transparency for all of their certificates prior to any request for reinclusion. We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place.”
• CNNIC has released an official statement calling Google’s actions “unacceptable”
• Mozilla is considering similar actions:
• Reject certificates chaining to CNNIC with a notBefore date after a threshold date
• Request that CNNIC provide a list of currently valid certificates and publish that list so that the community can recognize any back-dated certs
• Allow CNNIC to re-apply for full inclusion, with some additional requirements (to be discussed on this list)
• If CNNIC’s re-application is unsuccessful, then their root certificates will be removed
• The Mozilla community feels that CNNIC needs more than a slap on the wrist, to ensure other CAs (and Governments) get the message that this type of behaviour is unacceptable
• Google reiterates the need for the Certificate Transparency project
• “Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. It also makes it possible to identify certificate authorities that have gone rogue and are maliciously issuing certificates.”
• Additional Coverage – Ars Technica

Signup for an account at irs.gov before crooks do it for you

• “If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.”
• “Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service (IRS). Kasper said he sought the transcript after trying to file his taxes through the desktop version of TurboTax, and being informed by TurboTax that the IRS had rejected the request because his return had already been filed.”
• “Kasper said he phoned the IRS’s identity theft hotline (800-908-4490) and was told a direct deposit was being made that very same day for his tax refund — a request made with his Social Security number and address but to be deposited into a bank account that he didn’t recognize.”
• The fraudster filed the new return using nearly identical data to the correct information that the victim had filed the previous year
• The victim suspects that the fraudster was able to use the irs.gov portal to view his previous returns and extract information from them to file the fraudulent return
• The fraudster files a corrected W-2 to adjust the withholding amount, to get a bigger refund
• The story goes on into details about the case, including the college student that was used as a money mule
• “The IRS’s process for verifying people requesting transcripts is vulnerable to exploitation by fraudsters because it relies on static identifiers and so-called “knowledge-based authentication” (KBA) — i.e., challenge questions that can be easily defeated with information widely available for sale in the cybercrime underground and/or with a small amount of searching online.”
• In addition, Americans who have not already created an account at the Social Security Administration under their Social Security number are vulnerable to crooks hijacking SSA benefits now or in the future. For more on how crooks are siphoning Social Security benefits via government sites, check out this story.
• In Canada, to get access to your CRA Account, a passcode is mailed to you, at the current address the government already has on file for you
• In order to gain access to your account, you also must answer more specific questions than just KBAs, usually including things like “the number from line 350 of your 2013 tax return”

Feedback:

• I heard Allan likes ZFS

• ultimate travel router?

• Linux Server Management

• freenas backup sanity check

Round Up:

• Facebook successfully tests laser internet drones
• “Not Invented Here” is bad, but “Never Invent Here” is worse
• A Few Thoughts on Cryptographic Engineering: Truecrypt report
• Personal details of a number of world leaders were accidently emailed to Asian Cup organizers by Australian immigration department, the leaders were not notified of the disclosure
• New Firefox version says “might as well” to encrypting all Web traffic
• Firefox contains mp3 playback vulnerability, could lead to code execution
• N.J. school district’s ‘bitcoin hostage” problem caused by weak passwords, firewall holes | NJ.com
• Vulnerable hotel Wifi puts guests at risk
• What every stackoverflow question looks like
• Vulnerability in python scripts shipped as part of SELinux allow attackers to execute commands as root

The post Any Cert Will Do | TechSNAP 208 first appeared on Jupiter Broadcasting.

Like a magic pony with one more trick, Comcast announces it will magically turn on 2Gbps Internet Service to some areas that recently had Google Fiber installed. Does Comcast’s sudden ability to deliver this service perfectly demonstrate how real competition is all thats needed to save the net?

Plus TrueCrypt’s audit wraps up, Ford is chasing a dream & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Comcast leapfrogs Google Fiber with new 2Gbps internet service | The Verge

One way to answer critics and competitors alike is to simply do better, and for once Comcast is doing exactly that. The US cable giant is today announcing a new 2Gbps broadband service, which it will start rolling out in Atlanta from next month. There’s no price yet, but Comcast says it will be symmetrical — meaning you’ll upload just as quickly as you can download — and it won’t be limited “just to certain neighborhoods.”

Ford Is Chasing Tesla And Uber Into The Future – BuzzFeed News

Ford CEO Mark Fields says the legacy car manufacturer is trying to think like a startup.

U.S. Smartphone Use in 2015 | Pew Research Center’s Internet & American Life Project

10% of Americans own a smartphone but do not have broadband at home, and 15% own a smartphone but say that they have a limited number of options for going online other than their cell phone. Those with relatively low income and educational attainment levels, younger adults, and non-whites are especially likely to be “smartphone-dependent.”

A Few Thoughts on Cryptographic Engineering: Truecrypt report

The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

Microsoft will adopt open document standards following government battle | ITProPortal.com

Microsoft has confirmed it will start supporting the Open Documents Format (ODF) in the next update to Office 365, following a lengthy battle against the UK government.

Jupiter Broadcasting Meetup

Jupiter Broadcasting is interested in semi-frequent listener meetups, events in your area, and more. We’ll use this group to organize events.

The post Magical 2Gbit Internet | Tech Talk Today 152 first appeared on Jupiter Broadcasting.

The Internet suffers from some growing pains, we explain how some old assumptions have come back to haunt us, victims of a cyberheist go after the bank that failed them, and we go deep on the Synology crypto-malware.

Then it’s a great big batch of your emails and much more!!

Thanks to:

Become a supporter on Patreon:

— Show Notes: —

Internet suffers growing pains as global routing table exceeds 500,000 entries

• High end routers use a special system called TCAM Ternary Content-Addressable Memory to store the routing tables for faster lookups
• CAM memory works different than regular memory, basically working like an associative array, or hash, where the information can be looked up based on a ‘key’ or ‘tag’. Rather than the data living at a specific address in memory, and the application having to keep track of that address, the application can simply ask for the data stored with a specific key
• A TCAM works similar, except it is ternary, meaning it has three possible states. Similar to binary, except in addition to on and off bits, it has a ‘do not care’ bit. This makes it perfect for storing routing information, because network addresses are binary addresses split into two parts, the network part (that the router cares about), and the host part (that the router does not care about)
• So using a TCAM, a router can lookup the destination address for any network by simply requesting the data stored with the key of the destination network address
• Because of the way TCAMs work, they have to be of a fixed size. The default on some older internet core routers is too small to hold the current global routing table
• On some routers, if the TCAM gets full, the router can callback to software routing mode, where it has to search the entire routing table in regular memory for the most specific matching network address. This is much slower, and uses a lot of CPU time, which most core routers have very little of
• To resolve this issue, the size of the TCAM must be changed (if there is enough memory in the device to support a larger size), and the router must be reloaded, causing downtime
• This issue is further complicated by a manufacturing defect with the memory in the routers and on the line cards, which can fail catastrophically during a reboot, leaving the device unbootable or unable to access the network via the line card. Cisco: Memory Component Issues page
• This issue was brought up at NANOG – North American Network Operators Group on May 6th
• Heads Up on the FreeBSD mailing list
• Cisco announced the problem ahead of time
• Cisco: How to adjust the TCAM allocation on Catalyst 6500 and 7600

Tennessee based company sues bank over cyberheist

• Tennessee Electric was the target of a cyberheist, where Russian or Ukrainian based mal-actors took over their corporate bank account and proceeded to siphon $327,804 out of the companies accounts at TriSummit Bank
• The company had an agreement with their bank, that the bank would phone and verify all transfers of funds
• The company only became aware that they had been the victims of a heist when they were called by Brian Krebs
• “According to the complaint, the attackers first struck on May 8, after Tennessee Electric’s controller tried, unsuccessfully, to log into the bank’s site and upload that week’s payroll batch (typically from $200,000 to $240,000 per week). When the controller called TriSummit to inquire about the site problems, the bank said the site was probably undergoing maintenance and that the controller was welcome to visit the local bank branch and upload the file there. The controller did just that, uploading four payroll batches worth $202,664.47”
• “On May 9, Tennessee Electric alleges, TriSummit Bank called to confirm the $202,664.47 payroll batch — as per an agreement the bank and the utility had which called for the bank to verbally verify all payment orders by phone. But according to Tennessee Electric, the bank for some reason had already approved a payroll draft of $327,804 to be sent to 55 different accounts across the United States — even though the bank allegedly never called to get verification of that payment order.”
• “Tennessee Electric alleges that the bank only called to seek approval for the fraudulent batch on May 10, more than a day after having approved it and after I contacted Tennessee Electric to let them know they’d been robbed by the Russian cyber mob.”
• Tennessee Electric’s account appears to have been compromised using a Man-in-the-Browser attack
• Malware on the computer changed what was displayed to the user when they visited the online banking site
• “the controller for the company said she was asked for and supplied the output of a one-time token upon login.”
• The man-in-the-browser virus will then return either a modified version of the regular account balance page (only, showing the amount the user expects there to be in the account, basically adding back the stolen monies)
• In this case, the virus returned a “down for maintenance” page
• Asking the user to try again in a few minutes may allow the attacker access to a series of one-time tokens, allowing them to complete more transactions
• TriSummit Bank was able to get back $135,000 of the stolen funds, leaving the company out almost $200,000.
• The company is now suing the bank for that money and the interest they would have earned on it
• Unlike personal accounts, corporate bank accounts do not enjoy the same liability protection from unauthorized transactions that personal accounts do
• Krebs also mentions his Online Banking Best Practises for Businesses

Synolocker for sale, plus in-depth look at how it works

• F-Secure does an in-depth look at how Synolocker encrypts your files
• F-Secure was looking to see if there were many similarities between CryptoLocker and SynoLocker, but found that there were not
• It appears that SynoLocker may be using better encryption, and uses a unique key pair per victim, which will most likely prevent an online service like the one that is rescuing the files on CryptoLocker victims
• SynoLocker appears to take additional steps to ensure that the original file is only destroyed
• It appears the author of the Synolocker virus is looking to get out of the business
• Posted online that the website will be closing soon, and if you want the keys to decrypt your data you better pay soon
• If you updated DSM software to try to fix the vulnerability, then you’ll need to use a custom tool to decrypt your data
• The author is also willing to sell the remain ~5500 decryption keys to someone else for 200 bitcoins
• It seems he wants to get out before he gets caught, but is willing to let someone else attempt to continue selling the decryption keys (which sold for 0.6 bitcoin previously)

Feedback:

• Allan’s Firefox OS phone

• Job possibilities and lack of a college degree

• Building a private cloud for IaaS

• HP takes OpenVMS off deathrow

Round Up:

• Google spends a ton of money just to keep sharks from eating its underwater cables
• Researchers at French graduate school Eurecom find firmware plagued by poorly implemented encryption and badly hidden backdoors, find 38 unique vulnerabilities across 123 different devices – Paper from USENIX – Available Monday Aug 18th
• Snowden: The NSA, not Assad, took Syria off the Internet in 2012
• Why spam and scam emails are so poorly written
• Microsoft Black Tuesday Patches Bring Blue Screens of Death
• Biggest security risk for your iPhone is connecting it to a computer or enabling wifi sync
• Russia PM’s Twitter hacked, posts ‘I am resigning’
• Chinese smartphone steals your data
• Password guessing bots fall for a spam trap
• Understanding Targeted malware attacks by looking at those against NGOs by the Chinese government

The post The Day the Routers Died | TechSNAP 175 first appeared on Jupiter Broadcasting.

Microsoft and Adobe have a boatload of emergency fixes, the Replicant project finds a nasty backdoor in popular Android devices & the exploit that weaponize your webcam that’s one attachment away.

Plus a great big batch of your questions, and our answers. All that and much, much more!

Thanks to:

— Show Notes: —

• GroffTheBSDGoat
• Twitter
• Google+
  • GoatBoF

Microsoft and Adobe release flood of critical patches

• “Microsoft: eight bulletins, two critical – addressing 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework”
• The first critical issue that involves IE MS14-029 we’re learning about for the first time today. Researchers with Google’s Security Team have already spotted limited instances of one of the vulnerabilities (CVE-2014-1815) being targeted, which means this should probably be No. 1 on users’ patching agendas.
• The batch of patches also includes a second critical security update for IE MS14-021 that addresses a previously disclosed vulnerability in versions 6 through 11 of the browser.
• “Missing from the updates are patches for vulnerabilities dug up at March’s Pwn2Own hacking competition, including three IE vulnerabilities that bypassed sandboxes and compromised the underlying system”
• “In a blog entry yesterday the company pointed out that it has extended its requirement for consumer customers to update to 8.1 from today until June 10 but that after that date, like it promised, those who haven’t updated will not receive security updates.”
• “Adobe: released two updates today, fixing critical issues in Reader and Acrobat XI (11.0.06), Strung together the wrong way, they could cause a crash and potentially let an attacker take control of an affected system.”
• “Along with a surprise Flash issue. The Flash Player update involves version 13.0.0.206 of the software and earlier versions for Windows, Macintosh and Linux. The issues were not previously made clear in a security bulletin but address vulnerabilities discovered by Keen Team and other researchers that could result in arbitrary code execution and ultimately let an attacker take control of the affected system.”
• Adobe also released a minor security hotfix for Adobe Illustrator CS6 today, fixing a stack overflow vulnerability – something also marked critical by the company – that could lead to remote code execution.

Open Source Android fork Replicant finds and closes backdoor

• While working on Replicant, a fully free/libre version of Android, they discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system.
• This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone\’s storage. On several phone models, this program runs with sufficient rights to access and modify the user\’s personal data.
• Today\’s phones come with two separate processors: one is a general-purpose applications processor that runs the main operating system, e.g. Android; the other, known as the modem, baseband, or radio, is in charge of communications with the mobile telephony network.
• These systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device. The spying can involve activating the device\’s microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator\’s network, making the backdoors nearly always accessible.
• A technical description of the issue, as well as the list of known affected devices is available at the Replicant wiki.

Heartbleed certificate regeneration done wrong in large number of cases

• Netcraft did a survey of SSL certificates to see how Heartbleed affected SSL certificates
• There are 3 required steps to properly replace the SSL certificate
  • Generate a new private key
  • Get issued a new certificate with the new key
  • Revoke the old certificate so it can no longer be used
• They found that 43% of certificates had been reissued
• However they found that only 20% of certificates had been revoked (meaning 23% replaced their certificate but did not revoke the old one, so the old one can still be used by an attacker to perform a man-in-the-middle attack)
• Worse, they found that 7% of certificates had been reissued with the SAME private key, meaning if the private key was stolen, the new certificate is compromised as well
• So in total, only 14% of sites had taken all three steps required to replace their possibly compromised certificates

Feedback:

• Stumble into an exploit, get a job offer. Thanks Jupiter Broadcasting.

• ssh root login for zfs send

  • Allan’s WIP FreeBSD Handbook article to resolve said problem
  • Allan’s fork to zxfer tool to make zfs replication easier

• Disk setup in FreeNAS

  • 6.3.12 Replacing a failed drive

• DevOps

• Second Opinion on security concerns

• Test Google Fiber – use my iperf server!

• Net neutrality

Round Up:

• ‘Blackshades’ Trojan Users Had It Coming — Krebs on Security 97 arrested linked to malware used to capture nude pictures of Miss Teen USA
• Malware Hunting with Mark Russinovich Troubleshooting with Mark Russinovich
• Another Internet Explorer Zero Day Surfaces
• How to properly use traceroute to troubleshoot the internet
• CVE-2014-1761 – Flaw in MS Office RTF parser allows attckers to execute arbitrary code, exploited in the wild since March 2014
• EXE2DOC tool turns any executable into a MS Work Doc exploit
• Emory Accidentally Sends Reformat Request to All Windows PCs
• Sailor hacked 30 public and private organizations, including the US Navy, the Department of Homeland Security, AT&T, and Harvard University while aboard aircraft carrier USS Harry S. Truman
• Why You Should Ditch Adobe Shockwave — Krebs on Security
• James Mickens at Monitorama 2014
• Who owns the media?
• Facebook and CMU design system to detect fake SSL certificates. Of 3.5 million SSL connections made to Facebook during a four-month period starting last December, the team determined that 6,845, or 0.2 percent, used a phony certificate.
• eBay compromised, forcing password reset on all accounts
• Do they mean “hashed” when they say “encrypted”?
• BSDCan: LibreSSL – the first 30 days – slides
• BSDCan: LibreSSL – the first 30 days – video

The post Attachments of Mass Destruction | TechSNAP 163 first appeared on Jupiter Broadcasting.

We\’ll cover Dropbox’s two-factor authentication flaw, how “Team Telecom” forced fibre providers to enable surveillance, the FBI’s warning about phishing attacks.

A great big batch of your questions our answers, and much much more!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get private registration FOR FREE with a .COM! code: free5
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Mentioned this Episode:

[asa]0312605536[/asa]
[asa]0307279391[/asa]
[asa]B000BKUSS8[/asa]

Dropbox flaw allows attackers to circumvent two-factor authentication

• If an attacker is able to get the username and password for your dropbox account, they can access your account even if you have enabled two-factor authentication
• Dropbox does not verify the email address used to signup for a new account, because of this, the attacker can signup for a new account with your email address and just append a dot to the end of the domain name
• Login to this new account and enable 2 factor authentication
• Save the ‘emergency override code’, used in case you lose your phone
• Logout and login to the victim account, when prompted for the one-time password, click “I lost my phone”
• Enter the emergency override code (it is the same for both accounts)
• It is not clear why having the dot at the end of the email (valid) is enough to make the account unique, but does not make the override code unique

US Government established “Team Telecom” to force foreign owned fibre providers to allow the government access to the data transitting them

• In 2003 the “Network Security Agreement” was signed between the US Government and Global Crossing, one of the largest internet transit providers, connecting 200 major cities in 27 nations on four continents
• “In months of private talks, the team of lawyers from the FBI and the departments of Defense, Justice and Homeland Security demanded that the company maintain what amounted to an internal corporate cell of American citizens with government clearances”
• The FCC would hold up approval of cable licenses until such agreements were in place
• The agreements required the transit providers to maintain a “Network Operations Center” (NOC) on U.S. soil. This NOC must be staffed with U.S. citizens pre-screened by the government and operating under gag orders, preventing the employees for sharing the information even with their bosses.
• Originally a US company, Global Crossing filed for Chapter 11 bankruptcy protection in 2002
• A deal was setup where a partnership between Singapore Technologies Telemedia and Hong Kong-based Hutchison Whampoa would buy Global Crossing
• The Hong Kong side of the partnership was pressured by the US Government and eventually withdrew. The US was worried that the Chinese Government would gain access to the US’s surveillance requests
• Singapore Technologies Telemedia eventually agreed to buy the majority stake in Global Crossing and that half of the new board of directors would consist of American citizens with security clearances
• This agreement has been used as a template for other foreign owned telcos and applied as foreign investors bought existing telcos from US investors
• In 2011 Global Crossing was sold to US Telecom giant Level3, however ST Telemedia maintained a minority stake, resulting in another round of review by “Team Telecom”
• A spokesman for Level 3 Communications declined to comment for this article
• Tapping undersea cables has been a key component of US intelligence collection since WWII, the US Navy used to have a number of submarines specifically outfitted for tapping undersea copper phone lines to listen to sensitive traffic in the Soviet Union
• Infographic

FBI issues formal warning about targetted spear phishing

• Many of the very large compromises that we have covered lately were made possible by the attacker establishing an initial beachhead on a single machine, via spear phishing
• The compromises at The Onion and the Financial Times were both explained in detail after the fact and showed just how much damage an attacker can do once they get inside the network, and how easily they can get inside the network with spear phishing
• Many in the defense and aerospace industries have been targeted by highly sophisticated spear phishing campaigns, including professionally produced .pdf flyers for fake conferences that took advantage of flaws in Adobe Acrobat to infect the system
• According to research by AV vendor Trend Micro, 91% of all targeted attacks involved spear phishing in the initial phases
• Training firm PhishMe says their clients usually start at around 60% susceptibility, but training reduces this to single digits
• The PhiseMe system works by sending your users different types of phishing emails, including links, attachments, etc
• When the user falls for the phishing attempt, they are redirected to training pages, teaching them what they did wrong
• Enhanced versions will even disguise themselves to look like your company\’s page, and prompt users to enter sensitive information. If they do, they are admonished and given further training
• This type of ongoing proactive training seems like the only real way to increase security, because typical training does not seem to work

MIT Media lab rolls out ‘Immersion’ tool to allow you to visualize your email metadata

• Logs in to your gmail via OAuth
• Looks at only the headers (To, From, CC, and timestamp)
• Builds a visualization of your ‘social graph’
• After you view the report, you have the option to allow them to save it, or ask them to erase it
• If you save a snapshot of your social graph, it is automatically deleted after 30 days

Feedback:

• Don’t mount an iSCSI device in two places at once

• File Server Woes

• Starting in Networking Tech?

• What happens if you get hit by a bus?

• NIC Driver Woes in FreeBSD

  • Get a different intel NIC, some of the onboard ones are less good
  • service netif restart; service routing restart

• pfSense Wifi Xtreme

TechSNAP Bitmessage: BM-GuGEaEtsqQjqgHRAfag5FW33Dy2KHUmZ

Round Up:

• Attacker who compromised .pk domain root last year, claims to have access to Pakistan’s Federal Investigation Agency (FIA)’s servers that contain files on every citizen
• The problems with debugging software on mars
• Password sharing compromises 24,000 nintendo accounts – More than 15 million login attempts were made, but only those accounts that had a common password with some other unknown (likely related) service were compromised
• 911 dispatch system in Detroit goes down, backup does not kick in. Apparently the backup had not been tested in over 2 years
• Federal Judge rejects “states secrets” claim, allows EFF case against illegal surveillance (originally filed against the GW Bush administration) to proceed
• Root SSH key for Emergency Broadcasting Systems compromised
• Audit finds US Economic Development Administration destroyed hardware after minor malware infection, including uninfected systems, printers, cameras and mice
• Team of famous security researchers write amicus brief in defense of weev in his trial against AT&T for accessing data they accidently placed on their public website
• Android master key vulnerability checker now online
• ARM’s response to high efficency – lower power: one chip for each, use as needed
• PirateBay founder brokep starts encrypted messaging service
• PC-BSD Now Uses a CDN

The post Phish and Chips | TechSNAP 118 first appeared on Jupiter Broadcasting.

A series of leaks have blown the lid of the NSA’s massive surveillance dragnet of the Internet forcing the Federal Government to come clean to the world. We’ll dig into the new revelations, how this could be technically be done, and then we’ll expose the lapdog media’s attempt manipulate the narrative.

Plus an update on the situation in Turkey, your feedback, and much much more!

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

— Show Notes —

Turkey protests

• Turkish Protesters Use Fireworks to Battle Cops – ABC News

Protesters in Turkey’s ancient city of Istanbul fought running battles with police today, sending fireworks into police lines while being forced back with tear gas, rubber bullets and water cannon.

• Turkish protesters clash with police in Istanbul – in pictures | World news | guardian.co.uk

Unrest continues as riot police return to Taksim Square, which has been occupied by protesters for more than a week, in Istanbul, Turkey’s largest city

NSA Data Center Nears Completion

• NSA’s secret Utah data center

. The NSA is currently finishing construction on its Utah Data Center, a new $1.2 billion storage facility near Salt Lake City. When it’s finished, the data center will be able to hold and process five zettabytes of data, according to NPR.

– Thanks for Supporting Unfilter –

This Week’s New Supporters:

• Christopher M
• Chris S
• Matt S
• Darren G
• Paul C
• Paul A H III
• Robert H
• Charles S
• Todd R

• Thanks to our 90 Unfilter supporters!

• Supporters Show Changes

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience.

PRISM

• NSA slides explain the PRISM data-collection program – The Washington Post

Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA), the U.S. intelligence community can gain access to the servers of nine Internet companies for a wide range of digital data. Documents describing the previously undisclosed program, obtained by The Washington Post, show the breadth of U.S. electronic surveillance capabilities in the wake of a widely publicized controversy over warrantless wiretapping of U.S. domestic telephone communications in 2005. These slides, annotated by The Washington Post, represent a selection from the overall document, and certain portions are redacted. Read related article.

• New NSA leak: BOUNDLESSINFORMANT documents the extent of NSA spying around the world – Boing Boing

The Boundless Informant documents show the agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013.

• Obama defends surveillance effort as ‘trade-off’ for security | Reuters

“You can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience,” Obama said. “We’re going to have to make some choices as a society. … There are trade-offs involved.”

• He told you so: Bill Binney talks NSA leaks – YouTube

In the wake of multiple leaks regarding the data mining programs PRISM and Boundless Informant, whistleblowers are coming out in droves to talk about the unprecedented government surveillance on the American public. RT Correspondent Meghan Lopez had a chance to sit down with NSA whistleblower William Binney to talk about the latest developments coming out of the NSA case. Binney is a 32 year veteran of the NSA, where he helped design a top secret program he says helps collect data on foreign enemies. He is regarded as one of the best mathematicians and code breakers in NSA history. He became an NSA whistleblower in 2002 when he realized the program he helped create to spy no foreign enemies was being used on Americans.

• Edward Snowden: “I am not here to hide” – CBS News

Edward Snowden has surfaced again, according to a local Hong Kong newspaper, telling them he has no intention of hiding from whatever may come next.

• Majority Of Americans Okay With NSA Dragnet… Or, Wait, Not Okay With It; Depending On How You Ask | Techdirt

Pew’s more thorough poll does alert us to the fact that a majority of the population is either ambivalent to the NSA’s actions – or completely unaware. Only 27% of respondents claim to be following the story closely, with those polling as opposed to the NSA’s data harvesting holding a slight lead over those who support these efforts. This low level of engagement isn’t uncommon and has helped to ensure that questionable Bush-era policies remain in place years down the road, in some cases being expanded by the current administration

• Two months ago, in a Senate Integlligence Hearing, Sen. Ron Wyden asked the Director of National Intelligence James Clapper: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” His response: “No, sir.”

But one of the Senate’s staunchest critics of the surveillance programs put Clapper in the crosshairs, accusing him of not being truthful in March when he asked during a Senate hearing whether the NSA collects any data on millions of Americans. Clapper said it did not. Officials generally do not discuss classified information in public settings, reserving discussion on top-secret programs for closed sessions with lawmakers where they will not be revealed to adversaries.

• Court finds NSA surveillance unconstitutional. Administration’s response: keep the ruling secret and carry on

It turns out that Foreign Intelligence Surveillance Court in 2011 found that the NSA’s surveillance under the FISA Amendments Act to be unconstitutional. Why doesn’t anyone know this? Because the decision was kept secret:

• George Takei Fears NSA Spying Programs Having Lived in an Interment Camp

“We were rounded up simply because we happened to look like the people who bombed Pearl Harbor. And we were put in prison camps with barbed wire and machine guns pointed at us. It was a horrific violation of our Constitution.”

Because of that experience, Takei is particularly wary of the government’s powers being abused. “We know where this can go,” he said. “We have to be ever vigilant against overstepping of the fundamental ideals of our democracy.”

• Edward Snowden: how the spy story of the age leaked out | World news | The Guardian

Snowden, aged 29, had flown to Hong Kong from Hawaii, where he had been working for the defence contractor Booz Allen Hamilton at the National Security Agency, the biggest spy surveillance organisation in the world. Since Monday morning, he has gone underground. Hong Kong-based journalists, joined by the international press, have been hunting for him.

• Total Information Awareness

The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA).

US Concerned Over Military Equipment Built in China

• Some U.S. military parts imported from China – CBS News

The cybersecurity issues aren’t the only U.S. concern has about China. The Pentagon is growing increasingly worried about relying on military components made in China.

Feedback:

• Why are Americans so special?

• How Germany Monitors Computers

• Struggles W/Mental Health has Thoughts on Guns

• Do you still use Google?

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase on Twitter

The post The NSA PRISM | Unfilter 54 first appeared on Jupiter Broadcasting.

We’ve got the details on a critical flaw in the chip and pin credit card system. The future of secure hashing, doing proper backups with rsync, and how squirrels and sharks take down the Internet.

Plus a big batch of your questions, and our answers.

All that and more, on this week’s TechSNAP

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

BONOUS ROUND PROMO:

Get your .COMs just $5.99 per year up to 3 domains! Additional .COMs just $7.99 per year!
CODE: 599tech

Expires 10/31/12

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show: