A major flaw in SSL 3.0 has been discovered by Google & the web springs into action. The Double Irish is getting shut down & Google has something very sweet for us all!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback

Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.

SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

ImperialViolet – POODLE attacks on SSLv3

Fundamentally, the design flaw in SSL/TLS that allows this is the same as with Lucky13 and Vaudenay’s two attacks: SSL got encryption and authentication the wrong way around — it authenticates before encrypting.

The POODLE Attack and the End of SSL 3.0 | Mozilla Security Blog

SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information.

SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25. The code to disable it is landing today in Nightly, and will be promoted to Aurora and Beta in the next few weeks. This timing is intended to allow website operators some time to upgrade any servers that still rely on SSLv3.

“Double Irish” Tax Loophole Used By US Companies To Be Closed

The Irish Finance Minister announced on Tuesday that Ireland will no longer allow companies to register in Ireland unless the companies are also tax resident. This will effectively close off the corporate tax evasion scheme known as the “Double Irish” used by the likes of Google, Apple, and Facebook to route their earnings through their Irish holdings in order to garner an effective tax rate of, as in Google FY2013, 0.16%. Ireland’s new policy will take effect in 2015 for new companies. “For existing companies, there will be provision for a transition period until the end of 2020.”

GT Advanced COO sold $1.2M in shares before bankruptcy, Apple asks court to seal documents | 9to5Mac

There has been some indication that executives anticipated the bankruptcy with reports that the company’s CEO unloaded approximately $160,000 in stock days before the iPhone 6 launched without GT’s sapphire cover that was previously rumored to make an appearance on the device. Today, The Wall Street Journal reports that another GT Advanced executive, COO Daniel Squiller, sold $1.2 million of stock in May and “set up a plan under which he sold another $750,000 of shares over ensuing months before the company filed for bankruptcy.”

Details of Apple’s contracts with supplier GT Advanced have been trickling out since the company filed for Chapter 11 bankruptcy earlier this month. While asking courts for permission to “wind down” operations at its Arizona plant, the company called its agreement with Apple “oppressive and burdensome” and reportedly requested courts disclose more information about its relationship with Apple. The exact reason behind what lead to the bankruptcy filing is still unclear, but there has been speculation that it’s related to a final $139 million payment that was reportedly withheld by Apple.

Google Teases Android L Ahead of Rumored Nexus Launch

Among rumors that the newest Nexus devices will be announced as soon as tomorrow, Google Senior VP Sundar Pichai sent out this tweet earlier today:

Met some sweet new friends today.

The post Poodle Bytes your SSL | Tech Talk Today 76 first appeared on Jupiter Broadcasting.

A batch of Dropbox usernames and passwords hit the web, Court document reveal Apple’s $50 Million for product leak fine & Newsweek comes under fire.

Plus our thoughts on the return of PC market growth & much more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Change Your Password: Hackers Are Leaking Dropbox User Info

After first surfacing Reddit, several Pastebin files have been found to contain hundreds of Dropbox users’ usernames and passwords—and the anonymous poster claims that there are millions more to come.

• According to the Next Web, the leaked lists are meant to entice users to donate Bitcoin, at which point the purported hacker will release more users’ info. The message atop the list reads:
  

  Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts

  To see plenty more, just search on [redacted] for the term Dropbox hack.

  More to come, keep showing your support

• To put it another way: You need to change your password. Now. And then make sure that two-factor authentication is turned on.

Update 11:29pm:

• A spokesperson from Dropbox has provided us with the following statement:
  

  Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

• DROPBOX.COM HACKED First Teaser – Pastebin.com

• Two Factor Auth List

Court document reveals that Apple could fine sapphire glass manufacturer $50 Million for product leaks

GT Advanced Technologies filed for Chapter 11 bankruptcy protection last week and the court documents have revealed an interesting agreement with Apple. GT Advanced, who was contracted to make sapphire glass displays for Apple, stated that there was a clause in its contract that would see them fined upward of a $50 million (USD) penalty for any leaked products.

Man Pegged By Newsweek as Satoshi Nakamoto Plans Legal Action | NEWSBTC

Dorian Prentice Satoshi Nakamoto’s name became public — very public — in a highly sensationalized exposé entitled The Face Behind Bitcoin _written by journalist Leah McGrath Goodman, employed by _Newsweek.

Legal defense fund

Nakamoto, along with the Kirschner & Associates law firm, have started a website at NewsweekLied.com to ask for donations to help establish a defense fund in an ultimate lawsuit against Newsweek.

Yes. Bitcoin accepted.

You can read all the reasons that Dorian is angry here on the site’s background page, and it’s perfectly understandable where he’s coming from.

“Newsweek must be held accountable for its reckless reporting,” the site reads.

• Background — The Dorian Nakamoto Legal Defense Fund

With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED

Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the user’s IP address and skirting censorship. It’s also small enough to hide two in a pack of cigarettes.

Decline in PC Sales Starts to Slow; Largest Makers See Growth – NYTimes.com

IDC and Gartner on Wednesday released numbers on the worldwide demand for PCs that showed only a slight drop in demand, a distinct contrast to the trend of the last three years. This likely means, analysts said, that consumers may not be choosing tablets and smartphones over PCs to the same degree they had in the past. Soon, they said, the industry might see growth again.

It has come already for the biggest manufacturers. Companies like Lenovo, Hewlett- Packard and Dell all had good growth, particularly in a strong U.S. market.

In the United States, IDC said 17.3 million PCs were shipped, an increase of 4.3 percent from a year ago. Gartner put the number at 16.9 million, a rise of 4.2 percent. The top five companies were HP, Dell, Apple, Lenovo and Toshiba, both IDC and Gartner said.

• Stocks Benefiting From Increasing PC Sales Include Hewlett-Packard (NYSE: HPQ), Seagate Technology (NASDAQ: STX) – 24/7 Wall St.

The post Dropbox Those Passwords | Tech Talk Today 75 first appeared on Jupiter Broadcasting.