Lenovo & Google are victims of DNS hijacking, we’ll share the details, Everyone wants you to secure your data, just not from them & how Turbotax profits from Cyber tax fraud!

Plus a great batch of your questions, a fantastic round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Attackers Hijack Lenovo Domain, Spoof Website and Intercept Company Emails

• The lenovo.com website was replaced with a slideshow of some random person
• The attack was apparently carried about by members of LizardCircle (or LizardSquad)
• The identity of the person in the slideshow is unclear, but reports suggest they are two members of another hacking group (Hack The Planet) that have been trying to undermine LizardSquad for months
• The pictures on the Lenovo site suggest that the webcam of the target may have been compromised
• It seems the Lizard Squad was able to compromise webnic.cc, a large domain name registrar via a remote command injection vulnerability
• They then reported installed a rootkit and took over the registrars infrastructure
• Using this access, they were able to change the authoritative nameservers for the Lenovo.com domain to their own, and post the defacement page
• This allow allowed them to intercept all incoming email sent to @lenovo.com addresses
• They apparently used CloudFlare to host the site, and CloudFlare engineers eventually returned control of the site to Lenovo, while the DNS changes propagated
• The attackers apparently also got access to the ‘auth codes’ required to transfer ownership of the domain to another registrar
• Same attack also compromised google.com.vn domain in Vietnam
• Additional Coverage: Krebs On Security
• Additional Coverage: Ars Technica

Everyone wants you to secure your data, just not from them

• Bruce Schneier writes a blog post about security and privacy
• Google and Facebook was your data to be secure, on their server, so they can analyze it
• Your government wants you to have security communications, as long as they have the magic keys to decrypt it, but other governments do not
• “Governments are no different. The FBI wants people to have strong encryption, but it wants backdoor access so it can get at your data. UK Prime Minister David Cameron wants you to have good security, just as long as it’s not so strong as to keep the UK government out. And, of course, the NSA spends a lot of money ensuring that there’s no security it can’t break.”
• Schneier also quotes Whitfield Diffie (pioneering cryptographer, co-developed the Diffie-Hellman key exchanged used in SSH and TLS): “You can’t have privacy without security, and I think we have glaring failures in computer security in problems that we’ve been working on for 40 years. You really should not live in fear of opening an attachment to a message. It ought to be confined; your computer ought to be able to handle it. And the fact that we have persisted for decades without solving these problems is partly because they’re very difficult, but partly because there are lots of people who want you to be secure against everyone but them. And that includes all of the major computer manufacturers who, roughly speaking, want to manage your computer for you. The trouble is, I’m not sure of any practical alternative.”
• Corporations want access to your data for profit; governments want it security purposes, be they benevolent or malevolent. But Diffie makes an even stronger point: we give lots of companies access to our data because it makes our lives easier.
• Bruce wrote in his recent book: Data and Goliath: “Convenience is the other reason we willingly give highly personal data to corporate interests, and put up with becoming objects of their surveillance. As I keep saying, surveillance-based services are useful and valuable. We like it when we can access our address book, calendar, photographs, documents, and everything else on any device we happen to be near. We like services like Siri and Google Now, which work best when they know tons about you. Social networking apps make it easier to hang out with our friends. Cell phone apps like Google Maps, Yelp, Weather, and Uber work better and faster when they know our location. Letting apps like Pocket or Instapaper know what we’re reading feels like a small price to pay for getting everything we want to read in one convenient place. We even like it when ads are targeted to exactly what we’re interested in. The benefits of surveillance in these and other applications are real, and significant.”
• “Last week, we learned that the NSA broke into the Dutch company Gemalto and stole the encryption keys for billions ­ yes, billions ­ of cell phones worldwide. That was possible because we consumers don’t want to do the work of securely generating those keys and setting up our own security when we get our phones; we want it done automatically by the phone manufacturers. We want our data to be secure, but we want someone to be able to recover it all when we forget our password.”
• “We’ll never solve these security problems as long as we’re our own worst enemy. That’s why I believe that any long-term security solution will not only be technological, but political as well. We need laws that will protect our privacy from those who obey the laws, and to punish those who break the laws. We need laws that require those entrusted with our data to protect our data. Yes, we need better security technologies, but we also need laws mandating the use of those technologies.”
• I think at some level, part of the onus needs to be on the user as well, you are responsible for managing your passwords and security.
• Transcript: NSA Director Mike Rogers vs. Yahoo! on Encryption Back Doors | Just Security

The rise of tax refund fraud

• Fraudsters made billions of dollars last year by filing fake federal tax refund requests in the names of millions of unsuspecting Americans
• The IRS added a number of security measures and better automated screening, which drove the fraudsters to focus on state-level tax fraud
• “Anti-fraud Improvements by IRS Fuel Up To 3700 Percent Rise in Phony State Filings”
• “Earlier this month, TurboTax was forced to briefly suspend state tax refund filings while it investigated the source of the unprecedented fraud spike”
• To learn more about what was going on, Krebs interviewed Indu Kodukula, chief information security officer at Intuit
• “The IRS has gotten much better than a few years ago from the perspective of fighting fraud,” Kodukula said. “We think what’s happening is that as a result the fraudsters are starting to target the states.”
• In the 2014 tax season, the Treasury Inspector General for Tax Administration (TIGTA) found that the IRS identified and confirmed 28,076 fraudulent tax returns involving identity theft. That was down significantly from a year earlier (PDF), when the IRS identified and confirmed 85,385 fraudulent tax returns involving identity theft
• “But there are 46 states in the Union where taxpayers can file what’s called an ‘unlinked return,’ meaning they can file a state return without having a file a federal return at the same time. So when the [tax fraudsters] file an unlinked return, it leaves the state at its own disposal to fight this fraud, and we think that’s what has taken the states by surprise this year.”
• “States allow unlinked returns because most taxpayers owe taxes at the federal level but are due refunds from their state. Thus, unlinked returns allow taxpayers who owe money to the IRS to pay some or all of that off with state refund money.”
• “Unlinked returns typically have made up a very small chunk of Intuit’s overall returns, Kodukula said. However, so far in this year’s tax filing season, Intuit has seen between three and 37-fold increases in unlinked, state-only returns. Convinced that most of those requests are fraudulent, the company now blocks users from filing unlinked returns via TurboTax.”
• “It’s very hard to imagine a fundamental demographic shift that could cause that kind of pattern,” Kodukula said. “Our thought is that the vast majority of this is clearly not legitimate activity.”
• The traditional way that income tax fraud has been perpetrated was to steal the identity of an individual, then create an online tax account on their behalf and file the fraudulent return
• However, there has been a spike in compromised tax accounts, most appear to be because of password reuse
• We have seen many sites being compromised in the last few years, like LinkedIn, and Adobe. When huge piles of passwords like that are dropped on the Internet, the attackers try those same username/email and password combinations on other sites, like tax preparation sites
• “Over the past one-and-a-half years, we started to see much more of this type type of account takeover attack, where a customer’s TurboTax credentials were compromised at another site,” Kodukula said, describing wave after wave of attempts by fraudsters to log in at TurboTax using huge lists of credentials leaked in the wake of breaches at other companies.
• Currently, about 60 percent of the returns flagged as likely fraudulent by Intuit appear to come from SIRF, while the other 40 percent are the result of account takeovers, Kodukula said. But the account takeover attacks are definitely growing in frequency and intensity, he said.
• “From the list validation attacks we’ve seen, we know the credentials came from somewhere else,” he added. “When you look at credentials that have never been used in our system [trying to log in] it’s a pretty good indicator that those are credentials not from our space.”
• Security experts (including Krebs) have long called on TurboTax to implement two-step authentication for customers to help address the account takeover the problem of password re-use by consumers. Earlier this month, Intuit announced it would be implementing this very feature, although the company’s choice of approaches may fall short of what many security experts think of when they talk about real two-step or two-factor authentication.
• Krebs’ article also has some links and guidance for those who fall victim to this type of attack
• A week after the above interview, Krebs interviewed Robert Lee, a security business partner at Intuit’s consumer tax group until his departure from the company in July 2014
• Kreb’s 2nd Interview
• Lee said that he and his team at Intuit developed sophisticated fraud models to help Intuit quickly identify and close accounts that were being used by crooks to commit massive amounts of SIRF fraud.
• But Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company’s service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns
• “If I sign up for an account and file tax refund requests on 100 people who are not me, it’s obviously fraud,” Lee said in an interview with KrebsOnSecurity. “We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts.”
• “The Federal Trade Commission (FTC) said it received 332,646 identity theft complaints in the calendar year 2014, and that almost one-third of them — the largest portion — were tax-related identity theft complaints. Tax identity theft has been the largest ID theft category for the last five years.”
• Lee said the scammers who hijack existing TurboTax accounts most often will use stolen credit cards to pay the $25-$50 TurboTax fee for processing and sending the refund request to the IRS.
• But he said the crooks perpetrating SIRF typically force the IRS — and, by extension, U.S. taxpayers — to cover the fee for their bogus filings. That’s because most SIRF filings take advantage of what’s known in the online tax preparation business as a ‘refund transfer’, which deducts TurboTax’s filing fee from the total amount of the fraudulent refund request. If the IRS then approves the fraudulent return, TurboTax gets paid.
• “The reason fraudsters love this system is because they don’t even have to use stolen credit cards to do it,” Lee said. “What’s really going on here is that the fraud business is actually profitable for Intuit.”
• Lee confirmed Kodukula’s narrative that Intuit is an industry leader in sending the IRS regular reports about tax returns that appear suspicious. But he said the company eventually scaled back those reports after noticing that the overall fraud the IRS was reporting wasn’t decreasing as a result of Intuit’s reporting: Fraudsters were simply taking their business to Intuit’s competitors.
• “We noticed the IRS started taking action, and because of this, we started to see not only our fraud numbers but also our revenue go down before the peak of tax season a couple of years ago,” Lee recalled. “When we stopped or delayed sending those fraud numbers, we saw the fraud and our revenue go back up.”
• “Then, there was a time period where we didn’t deliver that information at all,” he said. “And then at one point there was a two-week delay added between the time the information was ready and the time it was submitted to the IRS. There was no technical reason for that delay, but I can only speculate what the real justification for that was.”
• KrebsOnSecurity obtained a copy of a recording made of an internal Intuit conference call on Oct. 14, 2014, in which Michael Lyons, TurboTax’s deputy general counsel, describes the risks of the company being overly aggressive — relative to its competitors — in flagging suspicious tax returns for the IRS.
• “As you can imagine, the bad guys being smart and savvy, they saw this and noticed it, they just went somewhere else,” Lyons said in the recording. “The amount of fraudulent activity didn’t change. The landscape didn’t change. It was like squeezing a balloon. They recognized that TurboTax returns were getting stopped at the door. So they said, ‘We’ll just go over to H&R Block, to TaxSlayer or TaxAct, or whatever.’ And all of a sudden we saw what we call ‘multi-filer activity’ had completely dropped off a cliff but the amount that the IRS reported coming through digital channels and through their self reported fraud network was not changing at all. The bad guys had just gone from us to others.”
• That recording was shared by Shane MacDougall, formerly a principal security engineer at Intuit. MacDougall resigned from the company last week and filed an official whistleblower complaint with the U.S. Securities and Exchange Commission, alleging that the company routinely placed profits ahead of ethics. MacDougall submitted the recording in his filing with the SEC.
• “Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn’t do anything that would ‘hurt the numbers’,” MacDougall wrote in his SEC filing. “Complainant repeatedly offered solutions to help stop the fraud, but was ignored.”
• Robert Lanesey, Inuit’s chief communications officer, said Intuit doesn’t make a penny on tax filings that are ultimately rejected by the IRS.
• “Revenue that comes from reports included in our suspicious activity reports to the IRS has dropped precipitously as we have changed and improved our reporting mechanisms,” Lanesey said. “When it comes to market share, it doesn’t count toward our market share unless it’s a successful return. We’ve gotten better and we’ve gotten more accurate, but it’s not about money.”
• Williams added that it is not up to Intuit to block returns from being filed, and that it is the IRS’s sole determination whether to process a given refund request.
• “We will flag them as suspicious, but we do not get to determine if a return is fraud,” Williams said. “It’s the IRS’s responsibility and ultimately they make that decision. What I will tell you is that of the ones we report as suspicious, the IRS rejects a very high percentage, somewhere in the 80-90 percent range.”
• It will be interesting to see how this story develops

Feedback:

• pfSense “advanced” routing question

• Transfer a huge files while it is being created (Linux shell scripting?)

• Lets encrypt

• PHK on HTTP/2

• Allan’s Tetris lamps are driving me crazy.

Round Up:

• Intel Security warns of six Social Engineering techniques being used against businesses
• Remote Code Execution (as root) vulnerability in all versions of Samba (windows file sharing daemon for UNIX-like operating systems)
• SSL-busting code that threatened Lenovo users found in a dozen more apps
• Some of todays hackers are more sophisticated than you think
• Replacing my 10+ years old home router
• Ad blocking software PrivDog, may actually be worse than Superfish
• Moxie Marlinspike – GPG, with its old technology, bad design, and small userbase, is dead; it’s time for a more usable encryption system
• The most vulnerable operating systems and applications of 2014
• FCC approves net neutrality rules, reclassifies broadband as a utility
• Tens of thousands of home routers all using the same SSH private key, defeating the security provided by the private key
• Intel To Rebrand Atom Chips Along Lines of Core Processors
• Facebook posts results of its research into SSL Interception against Facebook visitors

The post TurboHax | TechSNAP 203 first appeared on Jupiter Broadcasting.

Adobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.

Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

New flash zero day found being exploited in the wild, no patch yet

• The new exploit is being used in some versions of the Angler exploit kit (the new top dog, replacing former champ blackhole)
• The exploit kit currently uses three different flash exploits:
• CVE-2014-8440 – which was added to the exploit kit only 9 days after being patched
• CVE-2015-0310 – Which was patched today
• and a 3rd new exploit, which is still being investigated
• Most of these exploit kits rely on reverse engineering an exploit based on the patch or proof of concept, so the exploit kits only gain the ability to inflict damage on users after the patch is available
• However, a 0 day where the exploit kit authors are the first to receive the details, means that even at this point, researchers and Adobe are not yet sure what the flaw is that is being exploited
• Due to a bug in the Angler exploit kit, Firefox users were not affected, but as of this morning, the bug was fixed and the Angler kit is now exploiting Firefox users as well
• Additional Coverage – Krebs On Security
• Additional Coverage – PCWorld
• Additional Coverage – Malware Bytes
• Additional Coverage – ZDNet

How was your credit card stolen

• Krebs posts a write up to answer the question he is asked most often: “My credit card was stolen, can you help me find out how”
• Different ways to get your card stolen, and your chance of proving it:
• Hacked main street merchant, restaurant (low, depends on card use)
• Processor breach (nil)
• Hacked point-of-sale service company/vendor (low)
• Hacked E-commerce Merchant (nil to low)
• ATM or Gas Pump Skimmer (high)
• Crooked employee (nil to low)
• Lost/Stolen card (high)
• Malware on Consumer PC (very low)
• Physical record theft (nil to low)
• “I hope it’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorized charges, and to report that activity as quickly as possible.”
• Luckily, since most consumers enjoy zero liability, they do not have to worry about trying to track down the source of the fraud
• With the coming change to Chip-and-Pin in the US, the liability for some types of fraud will shift from the banks to the retailers, which might see some changes to the way things are done
• Banks have a vested interest in keeping the results of their investigations secret, whereas a retailer who is the victim of fraudulent cards, may have some standing to go after the other vendor that was the source of the leak
• Machine Learning for Fraud Detection

15% of business cloud accounts are hacked

• Research by Netskope, a cloud analysis company, finds that only one in ten cloud apps are secure enough for enterprise use
• In their survey, done using network probes, gateways, and other analysis techniques (rather than asking humans), they found that the average large enterprise uses over 600 cloud applications
• Many of these applications were not designed for enterprise use, and lack features like 2 factor authentication, hierarchical access control, “group” features, etc
• The report also found that 8% of files uploaded to cloud storage provides like Google Drive, Dropbox, Box.com etc, were in violoation of the enterprises’ own Data Loss Prevention (DLP) policies.
• The downloading numbers were worst, 25% of all company files in cloud providers were shared with 1 or more people from outside the company. 12% of outsiders had access to more than 100 files.
• Part of the problem is that many “cloud apps” used in the enterprise are not approved, but just individual employees using personal accounts to share files or data
• When the cloud apps are used that lack enterprise features that allow the IT and Security teams to oversee the accounts, or when IT doesn’t even know that an unapproved app is being used, there is no hope of them being able to properly manage and secure the data
• Management of the account life cycle: password changes, password resets, employees who leave or are terminated, revoking access to contractors when their project is finished, etc, is key
• If an employee just makes a dropbox share, adds a few other employees, then adds an outside contractor that is working on a project, but accidently shares all files instead of only specific project files, then fails to remove that person later on, data can leak.
• When password resets are managed by the cloud provider, rather than the internal IT/Security team, it makes it possible for an attacker to more easily use social engineering to take over an account
• Infographic
• Report

Feedback:

• ZFS me timbers

• Allan’s Modified Lenovo

• Sharing a large movie collection over the internet

• RAID alternatives for a bug

Round Up:

• Yes, Every Freeware Download Site is Serving Crapware (Here’s the Proof)
• CERT-UK offers a new best practices guide to combat social engineering
• FBI seeks to legally hack you if you are using TOR or a VPN
• Java patches 19 security holes (13 with 10/10 exploitability score). Make sure you are running at least 7u75 or 8u31
• NSA says it has proof DPRK was behind Sony hack, because they had already hacked the DPRK
• Government health care website quietly sharing personal data
• Steam shell script bug causes it to rm -rf /
• NSA Preps America for Future Battle
• Diary of an NSA Intern
• Password reuse causes spike in Hotel Rewards fraud
• The Sorry State of In-Flight Wi-Fi
• Technical mistake, not terrorist DDoS downed french media websites
• Blackhat, the movie, gets the technobabble mostly right
• All you need is a clipboard, or a stethoscope

The post Dude Where's My Card? | TechSNAP 198 first appeared on Jupiter Broadcasting.

Just when you thought openSSL was safe, we’ve got a whole new round of security flaws. Plus we’ll go inside a massive online carding shop.

Then it’s your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

OpenSSL and GnuTLS flaws

• A series of new vulnerabilities have been found in both SSL/TLS libraries
• Latest Versions:
• OpenSSL 0.9.8za.
• OpenSSL 1.0.0m.
• OpenSSL 1.0.1h.
• CVE-2014-0224 — An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
• CVE-2014-0221 — By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected.
• CVE-2014-0195 — A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected.
• CVE-2014-0198 — A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
• CVE-2010-5298 — A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
• CVE-2014-3470 — OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
• OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper \”Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack”. This issue was previously fixed in OpenSSL 1.0.1g.
• GnuTLS releases update to fix flaws as well
• CVE-2014-3466 — A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length
• Deeper analysis of the GnuTLS flaw

Inside a carding shop

• Bryan Krebs releases his expose on the inner workings of a professional carding shop
• This shop focused on ‘dumps’, full track data that can be written to blank cards, allowing the fraudster to take the card into a big box store, and buy large ticket items that can easily be sold for cash
• “The subject of this post is “McDumpals,” a leading dumps shop that first went online in late April 2013. “
• “Like many other dumps shops, McDumpals recently began requiring potential new customers to pay a deposit (~$100) via Bitcoin before being allowed to view the goods for sale. Also typical of most card shops, this store’s home page features the latest news about new batches of stolen cards that have just been added, as well as price reductions on older batches of cards that are less reliable as instruments of fraud.”
• Bryan has a great slideshow that shows some of the regions and retails that were compromised, and what the sets of cards sell for

Feedback:

• Forever Changing IP Address?

• Lan neutrality

• Can you give me an advice regarding zfs on my nas?!

• YouTube / Google Video and Net Neutrality

• Any Swedish Techsnap fans?

Round Up:

• Linux users at risk as ANOTHER critical GnuTLS bug found
• It\’s not Net Neutrality that\’s at stake, it\’s Cable Company Fuckery
• New Heartbleed attack hits Android devices and routers over Wi-Fi
• Malware creation breaks record 160,000 new samples per day
• Google Releases End-to-End Encryption Extension
• Insecure by design and trusted by default, the hell that is unpatchable embedded systems
• Linksys E4200 vulnerability allows attacker to bypass admin password
• New Soraya Malware includes Form Grabbing, Memory Scraping Functionality
• Heartbleed exploitable over enterprise wireless networks
• Vulnerabilities found in law enforcement surveillance systems
• Crucial launches new data center grade SSDs, but also new MX100 consumer line at under 50 cents per GiB

The post House of Credit Cards | TechSNAP 165 first appeared on Jupiter Broadcasting.

The Department of Defence has signalled it’s dramatically increasing the size of its Cyber Command, but things are never as simple as it sounds.

You might have heard that this new “comprehensive” immigration reform being worked on hinges on increased border security that relies heavily on drones to hunt illegal immigrants. We look at the numbers.

And why the US might be in hot water over it’s excessive use of drones around the world very soon.

Speaking of the cloud…

A new report details the major invasion British internet users\’ privacy on popular \’cloud\’ services.

Plus your feedback, our follow up, and much much more in this week’s Unfilter.

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Get Unfilter on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Show Notes:

ACT ONE:

• British internet users\’ personal information on major \’cloud\’ storage services can be spied upon routinely by US authorities

• Likes the one ACT

• US Defense Department ramps up recruitment for cyber army t
• Will the US wage cyber war on its enemies?
• Feds stumbling after Anonymous launches \’Operation Last Resort\’
• PressTV – US, Israel constantly conducting cyber attacks against Iran: Eric Draitser

• FBI is increasing pressure on suspects in Stuxnet inquiry

• Immigration Reform: Five Years Later What\’s New?

• John McCain in immigration spotlight

• On immigration, Obama talks tough to Congress

• New border security relies heavily on drones to hunt illegal immigrants

• U.N. Drone Investigator: If Facts Lead to U.S. War Crimes, So Be It

• Finally: The UN Will Investigate Drone Strikes

• Ex-CIA Agent, Whistleblower John Kiriakou Sentenced to Prison While Torturers He Exposed Walk Free

• Thoughts on the Show

• Health roundup: Food fraud reports rising, group says

• Food Fraud Database | foodfraud.org

• Chicken wing shortage threatens Super Bowl Sunday!!!!!!one!

• Rumored bird shortage sparks buying frenzy – CNN

Follow the Team:

Call us: 1.425.312.1756

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase on Twitter

The post Drone Patrol | Unfilter 35 first appeared on Jupiter Broadcasting.

Was Aaron Swartz a source for Wikileaks? Was this the reason for the intensity of the response to such a minor crime? A Texas Senator think so, we’ll share the details. Plus the highlights from Hillary Clinton’s time in the hot seat, North Korea threatens the US and the rise of food fraud.

Plus some ideas on the future, your feedback, and much more on this week’s episode of, Unfilter.

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Get Unfilter on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Show Notes:

ACT ONE:

• Fast Food Chains \’Meat\’ Standards

• ADHD diagnoses on the rise in minority kids and those in high-income families

• ADHD diagnosis rates up 24 percent over decade

• Aaron Swartz, Wikileaks, & Senator John Cornyn – YouTube

• Clinton angrily defends handling of Benghazi attack

• Hillary Clinton Wrangles With Senators Over Benghazi Attacks

• EXCLUSIVE: Group Finds More Fake Ingredients in Popular Foods – ABC News

• Food fraud on the rise – CNN

• North Korea nuclear tests: Kim Jong-Un responds to U.N. sanctions with new nuclear tests.

• Personal mission to ban assault weapons

• John Kerry: \’No one should mistake our resolve\’ on Iran\’s nuclear program

FEEDBACK

Guns

• Second amendment under attack?
• Gun Debate Provoked Some Thoughts
• Why do you need an assault weapon?

Not about Guns

• Sweden Perspective
• Calling out Chris
• British Benefit System

Follow the Team:

Call us: 1.425.312.1756

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase on Twitter

The post Hillary’s Finale | Unfilter 34 first appeared on Jupiter Broadcasting.