Video Feed | MP3 Feed | HD Torrent | iTunes

Become an Unfilter supporter on Patreon:

— Show Notes —

Links:

• Judge Andrew Napolitano: The incredible new chapter in the Hillary Clinton chronicles | Fox News
• Exclusive: Secret witness in Senate Clinton probe is ex-lobbyist for Russian firm | Article [AMP] | Reuters
• ‘What About Bill?’ Sexual Misconduct Debate Revives Questions About Clinton – The New York Times
• Kaspersky: Yes, we obtained NSA secrets. No, we didn’t help steal them | Ars Technica
• Keystone pipeline spills 210,000 gallons of oil on eve of permitting decision for TransCanada – The Washington Post
• How Trump walked into Putin’s web | News | The Guardian
• Pentagon Says It’s Staying In Syria, Even Though ISIS Appears Defeated : Parallels : NPR
• This Is The FBI Informant For Uranium One | The Daily Caller
• Cannabis is Canada’s moment to lead the world – The Globe and Mail
• Page not found – Anonymous
• No, We Didn’t Just See The First Marijuana Overdose Death
• Trump administration updates demands as NAFTA talks continue – LA Times
• Trump administration threatens to shut down Palestinian delegation in Washington – LA Times
• The Uncounted – The New York Times
• ‘I Want This for George’ – POLITICO Magazine
• Special counsel sends wide-ranging request for documents to Justice Department
• Kushner’s attorney accuses senators of playing ‘gotcha’
• Al Franken: Second woman accuses senator of groping her in 2010
• Eight women say Charlie Rose sexually harassed them — with nudity, groping and lewd calls – The Washington Post
• paul mcleary on Twitter: “There are over 1,700 US troops in Syria, including over 600 Marines. A few more than the 500 total the DoD has claimed, Pentagon documents s… https://t.co/FAtO0rDU1R”
• Three CBS employees accuse Charlie Rose of sexual harassment – CBS News
• Charlie Rose fired by CBS, PBS and Bloomberg over sexual misconduct allegations – NBC News
• ‘CBS This Morning’ is ‘begging’ Oprah to fill in for Charlie Rose | Page Six
• Political media engulfed by sexual harassment crisis | TheHill
• CNN Senior Reporter Apologizes For Tweet on Sexual Harassment
• In Yemen’s “60 Minutes” Moment, No Mention That the U.S. Is Fueling the Conflict
• 60 Minutes, barred from Yemen, still got the footage – CBS News
• How Yemen’s civil war is starving its children – 60 Minutes Videos – CBS News
• Amazon.com: The Master Switch: The Rise and Fall of Information Empires (Audible Audio Edition): Tim Wu, Marc Vietor, Audible Studios: Books

The post What if Net Neutrality Dies? | Unfilter 260 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Malware hosted in your browser

• Last show, we talked about malware, blocking it via URLs, and malware which spoofs the domain names, thereby bypassing many URL-based filters.
• This show, we have an instance of malware which completely defeats all of the above, in a very simple and clever way.
• A common way to steal credentials is hosting a webpage which looks a lot like the real thing. Google, Facebook, Paypal, etc are all targets of this. It is simple to do. Just throw up a web page, and start directing people to it.
• Lots of ways to defeat this with conventional tools
• This method bypasses all those tools
• Tom Scott tweeted about malware he received via email.
• when you click on the link, you get what appears to be a Google Login page.
• The URI is of the form: data:text/html,https…… lots of spaces <script src=date:text/html;…. etc
• However, it is hosted entirely within your browser
• Matt Hughes reportrd that Andriod actually tries to autofill his Google account credentials on that data URI
• This has been around at least a year, and was written about by linkcabin
  spoofs the login page by hosting it in your browser.
• Suprisingly common and is often using to phish Google or Paypal

Bug Bounty – GitHub Enterprise SQL Injection

• This story involves responsible research and disclosure by Orange Tsai
• GitHub Enterprise is the on-premises version of GitHub.com that you can deploy a whole GitHub service in your private network for businesses
• You can get 45-days free trial and download the VM from enterprise.github.com.
• Code is downloaded, configured, and observations begin.
• GitHub uses a custom library to obfuscate their source code. If you search for ruby_concealer.so on Google, you will find a snippet in a gist.
• The first two days are getting the VM running etc.
• Day 3-5 are learning Rails by code reviewing.
• On 6, an SQL Injection is found

Feedback:

• Hiring senior sysadmins who listen to TechSNAP and BSDNow

War Story:

• Broken out-going mail from cellphone

Round Up:

• BSDCan Call for Papers
• PGCON Call for Papers
• FTC Sues D-Link Over Insecure Routers, Cameras
• TV anchor says live on-air ‘Alexa, order me a dollhouse’ – guess what happens next

The post Internet of Voice Triggers | TechSNAP 302 first appeared on Jupiter Broadcasting.

The blast from the past everyone on mobile is freaking out about, the great halving in Bitcoin is complete & Ashley Madison comes clean.

Plus Huawei gets tough, YouTubers gets exposed & Angela nearly dies!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Links:

• 5 Charts That Show Pokémon GO’s Growth in the US
• Sore Legs Become Pandemic As Pokémon Go Players Accidentally Get Exercise
• Pokemon Go is a huge security risk – adam reeve
• Niantic Inc. Raises $20 Million in Financing from The Pokémon Company, Google and Nintendo
• Block 420000 has been mined. Mining reward is now 12.5 BTC per block. The second halvening is now complete! : Bitcoin
• What to Expect When the Bitcoin Halving Happens – CoinDesk
• It’s China meets East Texas, as Huawei files patent lawsuit against T-Mobile | Ars Technica
• Ashley Madison admits using fembots to lure men into spending money | Ars Technica
• Sharing your Netflix password is now a federal crime, court rules – Story
• FTC: Warner Bros. paid YouTubers for positive reviews

Kickstarter of the Week:

• Omnicharge: Smart & Compact Portable Power Bank | Indiegogo

The post Sex, Lies & YouTube | TTT 251 first appeared on Jupiter Broadcasting.

The FTC found Google is abusing their monopoly position, but buried their case in 2013. We share the revealing details. Facebook has big plans for Messenger, Augmented VR gets teased…

Then our Kickstarter of the week might just blow your mind!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

FTC Report: Google Purposely Demoted Competing Shopping Sites

Google deliberately blacklisted competing shopping search sites, despite the company’s past claims that it doesn’t target competitors this way, according to new details of the US Federal Trade Commission investigation into Google on anti-trust charges, found by the Wall Street Journal.

The WSJ obtained a 160 page FTC staff report from the investigation, finding that the FTC should move ahead with an anti-trust lawsuit on several fronts. Our own summary of the WSJ story can be found on our sister-site, Search Engine Land. FTC commissioners ultimately chose to settle with Google in 2013 rather than pursue legal action.

Inside the U.S. Antitrust Probe of Google – WSJ

Officials at the Federal Trade Commission concluded in 2012 that Google Inc. used anticompetitive tactics and abused its monopoly power in ways that harmed Internet users and rivals, a far harsher analysis of Google’s business than was previously known.

Facebook Plans To Turn Messenger Into A Platform | TechCrunch

At first, Facebook will focus on how third parties can build ways for content and information to flow through Messenger. Depending on the success of the early experiments, Facebook may then mull bringing more utilities to Messenger.

Watch Magic Leap’s Video Of Seamless Augmented Reality Office Game Play | TechCrunch

The company isn’t saying whether the video above is pure concept, or an example of live software running on its platform (the involvement of Weta tends to suggest the former), but it did confirm to TechCrunch that it is the source of the YouTube upload. If they can make good on this kind of promise, than the initial excitement and big funding rounds will start to make a lot more sense.

Amazon just got permission from the FAA to start testing its delivery drones in the US | The Verge

The FAA has issued a special “experimental airworthiness certificate” to Amazon, allowing the company to conduct outdoor research, testing, and training of its Prime Air delivery drones.

Spark Electron: Cellular dev kit with a simple data plan by Spark IO — Kickstarter

The M2M world was set up for the types of companies that make industrial products like shipping containers, vending machines, and ATMs. These old-school industries still have old-school practices. If you want to get some M2M SIM cards, you’ve got to get on the phone with somebody. You need an account manager, you’ve got to sign a bunch of paperwork, and it’ll be months before you even see a price sheet. The industry is set up for big, established companies that already know how to navigate telcos, not for individuals. And if you’re not in the club already, it’s hard to gain entrance.

Linux Action Show at LFNW | Teespring

We are releasing another set of LAS shirts in preparation for LinuxFest Northwest which is at the end of April 2015! We hope to color Bellingham Technical College with LAS supporters donning their favorite Linux podcast!

The post Google Got Caught | Tech Talk Today 147 first appeared on Jupiter Broadcasting.

The FBI creates a fake Seattle Times website to trap a bad guy, but does this cross the line? We debate. The FTC goes after AT&T’s claims of “unlimited” data.

Plus more details surface in the NFC payments “war”, Windows 10 “borrows” more features, our kickstarter of the week & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

FBI created fake Seattle Times Web page to nab bomb-threat suspect

The FBI in Seattle created a fake news story on a bogus Seattle Times web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.

The deception was publicized Monday when Christopher Soghoian, the principal technologist for the American Civil Liberties Union in Washington, D.C., revealed it on Twitter.

The EFF documents reveal that the FBI dummied up a story with an Associated Press byline about the Thurston County bomb threats with an email link “in the style of The Seattle Times,” including details about subscriber and advertiser information.

The link was sent to the suspect’s MySpace account. When the suspect clicked on the link, the hidden FBI software sent his location and Internet Protocol information to the agents. A juvenile suspect was identified and arrested June 14.

The revelation brought a sharp response from the newspaper.

“We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best.

“Not only does that cross a line, it erases it,” she said.

“Our reputation and our ability to do our job as a government watchdog are based on trust. Nothing is more fundamental to that trust than our independence — from law enforcement, from government, from corporations and from all other special interests,” Best said. “The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril.”

MCX Confirms Retailer Exclusivity for CurrentC Mobile Payments, but No Fines for Leaving Consortium

Much of the Apple news in recent days has centered around Apple Pay and what Tim Cook referred to on Monday as a “skirmish” in which several retailers backing a competing mobile payments initiative known as CurrentC have shut down NFC payment functionality in their stores to prevent customer use of Apple Pay, Google Wallet, and other similar services.

Numerous sources have indicated that retailers backing CurrentC are contractually prohibited from accepting alternative forms of mobile payments, and sources told The New York Times that retailers breaking those contracts would “face steep fines.”

Importantly, if a merchant decides to stop working with MCX, there are no fines.

FTC sues AT&T over ‘deceptive’ throttling of unlimited data customers | The Verge

The Federal Trade Commission is suing AT&T because the second-largest US carrier throttles speeds of its unlimited data customers, a policy that the FTC describes as “deceptive” and “unfair.” In a press release, the FTC said AT&T has “misled millions of its smartphone customers” by slowing down their data speeds after they’ve used up a certain amount of data in a single month. AT&T has failed to make its throttling policies clear enough, according to the complaint. “The issue here is simple: ‘unlimited’ means unlimited,” said FTC Chairwoman Edith Ramirez.

Update 11:15 AM PT: AT&T has given a statement to MacRumors in response to the FTC’s “baffling” complaint, stating that the allegations are “baseless” and that it has been “completely transparent” with customers.

“The FTC’s allegations are baseless and have nothing to do with the substance of our network management program. It’s baffling as to why the FTC would choose to take this action against a company that, like all major wireless providers, manages its network resources to provide the best possible service to all customers, and does it in a way that is fully transparent and consistent with the law and our contracts.

“We have been completely transparent with customers since the very beginning. We informed all unlimited data-plan customers via bill notices and a national press release that resulted in nearly 2,000 news stories, well before the program was implemented. In addition, this program has affected only about 3% of our customers, and before any customer is affected, they are also notified by text message.”

Microsoft borrows Mac trackpad gestures for Windows 10 | The Verge

n a keynote speech at TechEd Europe today, Microsoft’s Joe Belfiore demonstrated new trackpad features that will soon be available to Windows 10 testers. “In the past touch pads on Windows have really been done very differently because OEMs do them,” explained Belfiore. Microsoft introduced precision trackpads with the help of Intel in Windows 8 to improve the hardware situation, and now the focus is on gestures in software. “With Windows 10 we’re adding support for power users in a touch pad, where multiple finger gestures — which all of you power users learn — can make you really efficient.”

The new gestures include a three finger swipe down action to minimize all active Windows and three finger swipe up to bring them back. An interesting addition is the ability to use a three finger swipe up gesture to activate the new Task View feature of Windows 10. Not only does Task View look like OS X’s Mission Control (Exposé) feature, the three finger swipe up is the same gesture. Microsoft is also borrowing the three finger swipe left and right to activate switching between apps, something Apple uses to move between fullscreen Mac applications.

Kickstarter of the week: The Undress

The post The Cost of Unlimited | Tech Talk Today 82 first appeared on Jupiter Broadcasting.

Steam rolls out a big overhaul that leaves us quite impressed, the FTC goes after Butterfly Labs for scamming their customers, and Chris shares his personal story.

Plus the bugs biting iOS 8 users, 4k TV gets cheaper & much more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Steam Is Getting A Massive Overhaul

The revision—which Valve is calling the Steam Discovery Update and which goes live today—will implement a number of big changes including a revamped recommendations system, a queue in which you can swipe through new games based on what you’ve played and liked before, and a new program called Steam Curators that will allow anyone to take the role of tastemaker, recommending games to the public and accumulating followers based on their tastes.

We have made great efforts to increase the number of titles we can publish on Steam, which means more choices for customers,” Valve UI designer Alden Kroll said in a press release. “This update introduces multiple features and functionality to help customers explore Steam’s growing catalog and find the games they are most interested in playing.”

iOS 8 Users Report Slow Wi-Fi, Battery Drains | News & Opinion

“Wi-Fi problems on iPad Air, iPad mini with Retina display and iPhone 5S after upgrading to iOS 8,” an Apple user wrote in a Saturday post on the Apple forums. “I am thinking about going back to my iPad 2 with iOS 7.1.2 that is working perfectly until the Wi-Fi issues are resolved.”

Wi-Fi woes were not the only thing plaguing iOS 8 users. Others reported battery-drain issues. “My battery drains very fast (100 percent to zero in about 4 hours with minimal usage), started happening right after I upgraded to iOS 8. Issue started happening both on my iPhone 5S and on my iPad Air after iOS 8 upgrade,” one user wrote.

Feds say Bitcoin miner maker Butterfly Labs ran “systematic deception” | Ars Technica

The Federal Trade Commission has filed a civil lawsuit against Butterfly Labs (BFL), an embattled Kansas-based Bitcoin miner manufacturer. The FTC alleges that the company engaged in fraudulent and deceptive practices.

Federal authorities believe that the three named members of the company’s board of directors—Jody Drake (aka Darla Drake), Nasser Ghoseiri, and Sonny Vleisides—spent millions of corporate revenue on all kinds of things, including saunas and guns, while ignoring many customer orders that went unfulfilled or were significantly delayed.

“The FTC alleges that one corporate defendants and three individual defendants have taken in over $50 million by operating a scheme that required consumers to pre-pay for machines that would allow consumers to ‘mine’ for Bitcoins, a new virtual currency,” the complaint states. “Defendants either never delivered these machines or delivered them so late that they became obsolete.”

Vizio takes 4K mainstream with launch of $999.99 P-Series TV | The Verge

Vizio has just announced that the P-Series 4K LED HDTV line we first saw way back at CES is now available. And it starts at only $999.99 for the 50-inch model,

4K content is getting easier to come by, too; Netflix is still your primary source, but its catalog is growing (albeit slowly) and Amazon plans to offer 4K video later this year. Both of those apps can be streamed on the P-Series. The main takeaway is this: 4K TVs aren’t new, but Vizio is here now. And when a $999 4K TV has floor space at Walmart, that’s (hopefully) going to push companies to move even faster in getting 4K movies and TV shows out there.

The post Bitcoin Trolls | Tech Talk Today 63 first appeared on Jupiter Broadcasting.

Researchers develop a new way to protect your passwords after they’ve been stolen, the little credit card scam making big money…

Then it’s a great batch of your questions, a rockin round up, and much much more!

On this week’s TechSNAP.

Thanks to:

— Show Notes: —

Researchers are NYU develop PolyPassHash, hard to crack password store

• PolyPassHash is designed to make it significantly harder to crack users’ passwords in the event the password database is leaked
• The system uses SSSS (Shamir’s Secret Sharing Scheme ) which is a system for dividing a secret key (in this case used to encrypt the password database) into many pieces, and requiring only a specific number of those pieces to be combined to return the key
• In the wikipedia example, the secret key is divided into 6 parts and the algorithm defined such that 3 of the parts must be combined in order to return the secret
• The SSSS algorithm is extensible, it allows the number of pieces that the secret is divided into to grow as long as the threshold (the number of pieces required to decrypt) is key fixed
• The SSSS algorithm is also flexible, allowing for some people (say the system administrator) to have more than 1 share
• In the Python reference implementation the threshold is set to 10
• This means that 10 pieces of the secret are required in order to decrypt the password file
• Each regular user’s password is 1 share of the secret, so when that user provides the correct password, 1 share is available
• In the reference implementation, there are 3 administrator users, each of who’s password is 5 shares of the secret, meaning the correct passwords for any 2 of the administrators will be able to decrypt the password database
• Currently PolyPassHash uses just the SHA256 of the users’ password and a random salt, rather than using sha256crypt() which does more than 1 SHA256 round on the password, and uses different mixes of the password and salt
• The drawback with PolyPassHash is that after a reboot, it is not possible for anyone to login until a sufficient number of users have entered the correct password to return the required number (the threshold) of shares to decrypt the password hashes
• There is a proposed solution to this, involving shortening the SSSS key such that some of the hash (the last few bytes) are not encrypted, and using that to authenticate the first few users until sufficient users have successfully logged in to decrypt the password database
• This compromises the security of the passwords because part of the plain hash is leaked, and it also means that an incorrect password could allow a user to login after a reboot before the threshold has been met
• PolyPassHash also has support for thresholdless accounts (accounts that do not have any shares), in order to protect larger systems (like Facebook or Gmail) where an attack may have compromised enough accounts to have sufficient shares to decrypt the entire database. In this case, only administrator (or maybe power user) accounts would have shares
• PolyPassHash also has support for other authentication systems, including things like biometrics, ssh keys, and smart cards, but also external systems like OAuth or OpenID (thresholdless accounts)
• In the case of SSH keys, instead of a password, the share of the SSSS is encrypted with the public key, and the user uses their SSH private key to decrypt the share
• New users cannot be added until the threshold has been reached, since the secret is required to generate a new share of the secret
• Research Paper

Who is behind sub-$15 credit card scam

• A service called ‘BLS Web Learn’ has been identified as being behind a scam that charged numerous credit and debit cards small fees of less than $15
• The scam centers around small charges that appear on your credit card bill, usually for small random amounts such as $9.84, $10.37, or $12.96
• The line item includes a toll free number (as most charges do), and you are encouraged by your bank to call this number and try to identify the charge and resolve any issues with the seller directly, rather than filing a chargeback
• In this case, since the card holder never ordered anything or authorized the charge, the service refunds the small amount
• They make their money off all of the people who don’t notice the small charge
• Unlike many scams, because they maintain the assertion that they are a legitimate business, and refund the charge when a cardholder complains, they do not rack up a large number of chargebacks, and their account with the credit card processor is not red flagged or shut down
• Krebs have investigated a similar case before, which appeared to be based in Malta
• The name of the ‘online learning’ company, and the credit card processor are different, but the scam seems very much the same
• The payment processor, BlueSnap, lists its offices in Massachusetts, California, Israel, Malta and London. Interestingly, the payment network used by the previous scam, Credorax, also lists offices in Massachusetts, Israel, London and Malta

Feedback:

• Who should play Allan Jude in Allan Jude: The Movie

• XP Fail

• Picture of the XP mess

• Checksum your SaaS

• Ubuntu Manpage: debsums – check the MD5 sums of installed Debian packages

• Mulitple Domain Names pointing to same IP address

• The debate continues re: ZFS and ECC

  • ECC is not required, but using non-ECC increases the risk of data loss. Using ECC RAM is the cheapest way to increase the uptime and reliability of the system

• Metal_Geek Needs help: I need help recovering data from a LUKS encrypted partition.

Round-Up:

• How Dropbox Knows When You’re Sharing Copyrighted Stuff
• TarSnap response to similar situation
• New wireless technology MU-MIMO promises to speed up congested WiFi networks
• How WhatsApp Grew to Nearly 500 Million Users, 11,000 cores, and 70 Million Messages a Second
• Dating site spams people, if you actually click through you might get the database password
• EU passes net neutrality law, votes to end throttling, site blocking
• Sophos researcher talks about Secure Credit Card Transactions
• Hack of Boxee.tv exposes password data, messages for 158,000 users
• Being an expert sucks
• Exclusive – NSA infiltrated RSA security more deeply than thought: Study
• FTC settles case about company who claimed to secure data with SSL but did not verify certificates
• Visual explaination of how SQL joins work

The post Not Sharing The Secret | TechSNAP 156 first appeared on Jupiter Broadcasting.

Find out what happens when the Internet Engineering Task Force is faced with unreliable hotel WiFi

And we’ve got the details on backdoor built into AT&T’s Microcell’s back door. Yep the back door, has a back door.

Plus some viewer feedback, and a war story straight from the headlines!

Thanks to: