LTE – Jupiter Broadcasting

A special edition of the Unplugged show, Chris joins the Virtual LUG from the road & Noah and Wes host the show. They compare and contrast Fedora and Arch & the nice new features of Fedora 23.

Then everyone has their own perspective on home automation, from security to convenience. We have a great discussion about the broader ramifications of home automation.

Then we wrap it all up with some closing thoughts on using Linux & open source to live offline, like you’re online.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Pre-Show:

I’ve been tinkering with Numix Project on Ubuntu MATE 15.04.

I’ve been tinkering with Numix Project on Ubuntu MATE 15.04. Everything integrated very nicely indeed.

Feedback:

Support antergos: Backed by a friendly and helpful community, antergos is for everyone. – Salt – Bountysource

A modern, elegant, and powerful operating system based on one of the best Linux distributions available, Arch Linux. Users need not be linux experts nor developers in order to use antergos. From long-time linux users to linux users of only a few months, antergos is for everyone.

WANproxy : compress/deduplicate your network sessions : LinuxActionShow

Grand Forks Roadtrip Meetup

TING

Ting – mobile that makes sense

This guy’s light bulb performed a DoS attack on his entire smart house

The challenge of being a futurist pioneer is being Patient Zero for the future’s headaches.
In 2009, Raul Rojas, a computer science professor at the Free University of Berlin (and a robot soccer team coach), built one of Germany’s first “smart homes.” Everything in the house was connected to the Internet so that lights, music, television, heating and cooling could all be turned on and off from afar. Even the stove, oven, and microwave could be turned off with Rojas’s computer, which prevented some potential panic attacks about leaving an appliance on after exiting the house. One of the few things not connected in the house were the locks. Automated locks Rojas bought in 2009 are still sitting in a drawer waiting to be installed. “I was afraid of not being able to open the doors,” Rojas said in a phone interview.

About two years ago, Rojas’s house froze up, and stopped responding to his commands. “Nothing worked. I couldn’t turn the lights on or off. It got stuck,” he says. It was like when the beach ball of death begins spinning on your computer—except it was his entire home.

It wasn’t quite as bad as the “nightmare on connected home street” dreamed up by Wired last year, in which a fictional smart home’s obsolete technology gets loaded up with viruses and malware and starts misbehaving and uploading naked photos of its owner. Rojas—a professor who specializes in artificial intelligence—knows his way around a network well enough to cure his own home. And, when he investigated, it turned out that the culprit was a single, connected light bulb.
“I connected my laptop to the network and looked at the traffic and saw that one unit was sending packets continuously,” said Rojas. He realized that his light fixture had burned out, and was trying to tell the hub that it needed attention. To do so, it was sending continuous requests that had overloaded the network and caused it to freeze. “It was a classic denial of service attack,” says Rojas. The light was performing a DoS attack on the smart home to say, ‘Change me.’”
Rojas changed the bulb, which fixed the problem. But his issue points to other potential problems for homeowners who opt for connected devices.

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Fedora 23 Beta released!

The Fedora 23 Beta is here, right on schedule for our planned October final release! Want to help make Fedora 23 be the best release ever, or just want to get a sneak peek? Download the prerelease from our Get Fedora site and give it a whirl:

Get Fedora 23 Beta Workstation — a reliable, user-friendly, and powerful operating system for your laptop or desktop computer
Get Fedora 23 Beta Server — make use of the very latest server-based technologies available in the open source community
Get Fedora 23 Beta Cloud — build scale-out computing and utilize the next generation of container deployment technology
Get Fedora 23 Beta Spins — alternative desktops for Fedora
Get Fedora 23 Beta Labs — curated bundles of purpose-driven software and content

Linux Academy

Linux Academy | Linux and AWS Online Training

Live Offline Like Your Online (Powered by Linux) Part 2

Chris Follows up on using Linux to live offline.

Runs Linux from the people:

Send in a pic/video of your runs Linux.
Please upload videos to YouTube and submit a link via email or the subreddit.

Support Jupiter Broadcasting on Patreon

Post Show:

The post Completely Unplugged | LINUX Unplugged 111 first appeared on Jupiter Broadcasting.

Black Tank Battle and LTE Router | Rover Log #4

chris — Thu, 17 Sep 2015 18:12:52 +0000

Its was my worst nightmare. A major problem with the stinkin black tank, right before we hit the road.

Thankfully this sticky situation pushed us to learn some handing troubleshooting techniques and pick up a helpful gadget before we hit the road.

Plus a quick look at the LTE Router I’ll be using to crate a LAN, forward DNS, and manage the different Mifi connections for the trailer’s LAN.

This might very well be the last update before we hit the road!

We are looking for suggestions on where we can park overnight in Spokane, please email us: rover@jupiterbroadcasting.com

Track the Rover in real time: jupiterbroadcasting.com/rover

The post Black Tank Battle and LTE Router | Rover Log #4 first appeared on Jupiter Broadcasting.

Facebook Lobotomy | Tech Talk Today 53

chris — Fri, 05 Sep 2014 09:21:58 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Apple outlines the immediate improvements to iCloud security they’ll be making but the core issues are still rotting. Facebook is killing your cell & why we can’t wait to buy our NSA Nanny Cam!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Tim Cook: Apple to Add Security Alerts for iCloud Users, Broaden Two-Factor Authentication – Mac Rumors

Apple will add security alerts for iCloud users, broaden two-factor authentication and make a more aggressive effort to alert users about protecting their accounts, Apple CEO Tim Cook told the Wall Street Journal in his first interview since the recent hacking incident involving celebrities’ iCloud accounts.

To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for or restoring iCloud data.

Cook said the new notifications will begin in two weeks and will allow users to take action on potential hacking immediately, allowing them to either change the password to retake the account or alerting Apple’s security team. Cook echoed Apple’s previous press release on the hackings, stressing that the best prevention for future incidents are more human than technological.

Exclusive aerial footage of Apple’s mysterious white box next to ‘iPhone 6’ event site

The large white structure is being erected next to the Flint Center for the Performing Arts in Cupertino, Calif.

The included photos and video were captured by a DJI Phantom 2 Vision+ drone, offering a unique perspective on the mystery building.

Apple hasn’t used the Cupertino Flint Center venue for introducing new products since the late 1990s. The space is notable in Apple’s history for serving as the first public introduction of the Macintosh in 1984.

[DARPA Develops Implants that Treat Diseases and Depression Without Medication

](https://www.extremetech.com/extreme/188908-darpas-tiny-implants-will-hook-directly-into-your-nervous-system-treat-diseases-and-depression-without-medication)

DARPA, on the back of the US government’s BRAIN program, has begun the development of tiny electronic implants that interface directly with your nervous system and can directly control and regulate many different diseases and chronic conditions, such as arthritis, PTSD, inflammatory bowel diseases (Crohn’s disease), and depression. The program, called ElectRx (pronounced ‘electrics’), ultimately aims to replace medication with “closed-loop” neural implants, which constantly assess the state of your health, and then provide the necessary nerve stimulation to keep your various organs and biological systems functioning properly.

The ElectRx program will focus on a fairly new area of medical therapies called neuromodulation. As the name implies, neuromodulation is all about modulating your nervous system, to improve or fix an underlying problem. Notable examples of neuromodulation are cochlear implants, which restore hearing by directly modulating your brain’s auditory nerve system, and deep brain stimulation (DBS), which appears to be capable of curing/regulating various conditions (depression, Parkinson’s) by overriding erroneous neural spikes with regulated, healthy stimulation.

Facebook’s autoplay video feature is destroying cell phone bills – Sep. 3, 2014

Smartphone users could be at risk of maxing out their data plans if they don’t change this default setting in the Facebook app, which otherwise will automatically start streaming videos in the News Feed window.

The issue was flagged by consumer finance site MoneySavingExpert.com, which said it had “seen many complaints from people who have been stung with data bills after exceeding their monthly allowance and who believe it to be because of Facebook autoplaying videos.”

A Smart Nanny Cam With Facial Recognition and Air Pollution Sensors

It’s a nanny cam with upgraded intelligence: Not only can it send images to your phone via an app, it can also serve as a autonomous sentry, alerting you to strange activity in the house thanks to facial recognition and air-quality sensors.

It supplies users with a live, high-definition video feed of their house. The white-and-wood device—it almost looks like a little candle for your mantel—has a 135-degree viewing angle on the room it’s in, night vision, and two-way audio.

Likewise, for audio, Withings has programmed the device to discern between, say, a baby crying and a motorcycle engine. Whenever something is a awry, users get a push notification on their phone. If the user chooses to view the notification later, it gets saved in a timeline. (How far back the timeline goes will be based on a pay-for-space subscription model.)

These clever systems for detecting abnormalities also work with the Home’s air quality sensors. These pick up on volatile organic compounds, or harmful gases often released by cleaning products or building materials. When the Home alerts users about harmful chemicals, it also points out the likely culprit.

This allows you to isolate a problem area of the house.

Borderlands 2 Also Looks Like It’s Coming To Linux, UPDATE: Confirmed | GamingOnLinux

Michael Blair, Aspyr Media: Yes! BL2 Linux is absolutely real! We’ve been working hard on it for months and will talk about a release date as soon as possible.

Borderlands 2 · AppID: 49520 · Steam Database

The post Facebook Lobotomy | Tech Talk Today 53 first appeared on Jupiter Broadcasting.

Home Depot Credit Repo | TechSNAP 178

chris — Thu, 04 Sep 2014 18:57:14 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Home Depot is breached, and the scale could be much larger than the recent Target hack & we discuss the explosion of fake cell towers in the US, and whats behind it. Then the tools used in the recent celebrity photo leak & the steps that need to be taken.

Plus a great batch of your questions, our answers & much more!

Thanks to:

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Krebs: Banks report breach at Home Depot. Update: Almost all home depot stores hit

Sources from multiple banks have reported to Brian Krebs that the common retailer in a series of stolen credit cards appears to be Home Depot
Home Depots Spokesperson Paula Drake says: “I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
“Several banks contacted by this reporter said they believe this breach may extend back to late April or early May 2014. If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period”
“The breach appears to extend across all 2,200 Home Depot stores in the United States. Home Depot also operates some 287 stores outside the U.S. including in Canada, Guam, Mexico, and Puerto Rico”
Zip-code analysis shows 99.4% overlap between stolen cards and home depot store locations
This is important, as the fraud detection system at many banks is based on proximity
If a card is used far away from where the card holder normally shops, that can trigger the card being frozen by the bank
By knowing the zip code of the store the cards were stolen from, the criminal who buys the stolen card information to make counterfeit cards with, can use cards that are from the same region they intent to attack, increasing their chance of successfully buying gift cards or high value items that they can later turn into cash
The credit card numbers are for sale on the same site that sold the Target, Sally Beauty, and P.F. Chang’s cards
“How does this affect you, dear reader? It’s important for Americans to remember that you have zero fraud liability on your credit card. If the card is compromised in a data breach and fraud occurs, any fraudulent charges will be reversed. BUT, not all fraudulent charges may be detected by the bank that issued your card, so it’s important to monitor your account for any unauthorized transactions and report those bogus charges immediately.”
Some retailers, including Urban Outfitters, say they do not plan to notify customers, vendors or the authorities if their systems are compromised

Fake cell towers found operating in the US

Seventeen mysterious cellphone towers have been found in America which look (to your phone) like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose. Source: Popular Science
Mobile Handsets are supposed to warn the user when the tower does not support encryption, as all legitimate towers do support encryption, and the most likely cause of a tower not supporting encryption, is that it is a rogue tower, trying to trick your phone into not encrypting calls and data, so they can be eavesdropped upon
The rogue towers were discovered by users of the CryptoPhone 500, a Samsung SIII running a modified Android that reports suspicious activity, like towers without encryption, or data communications over the baseband chip without corresponding activity from the OS (suggesting the tower might be trying to install spyware on your phone)
“One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one near the South Point Casino in Las Vegas.”
“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”
Documents released last week by the City of Oakland reveal that it is one of a handful of American jurisdictions attempting to upgrade an existing cellular surveillance system, commonly known as a stingray.
The Oakland Police Department, the nearby Fremont Police Department, and the Alameda County District Attorney jointly applied for a grant from the Department of Homeland Security to “obtain a state-of-the-art cell phone tracking system,” the records show.
Stingray is a trademark of its manufacturer, publicly traded defense contractor Harris Corporation, but “stingray” has also come to be used as a generic term for similar devices.
According to Harris’ annual report, which was filed with the Securities and Exchange Commission last week, the company profited over $534 million in its latest fiscal year, the most since 2011.
Relatively little is known about how stingrays are precisely used by law enforcement agencies nationwide, although documents have surfaced showing how they have been purchased and used in some limited instances.
Last year, Ars reported on leaked documents showing the existence of a body-worn stingray. In 2010, Kristin Paget famously demonstrated a homemade device built for just $1,500.
According to the newly released documents, the entire upgrade will cost $460,000—including $205,000 in total Homeland Security grant money, and $50,000 from the Oakland Police Department (OPD). Neither the OPD nor the mayor’s office immediately responded to requests for comment.
One of the primary ways that stingrays operate is by taking advantage of a design feature in any phone available today. When 3G or 4G networks are unavailable, the handset will drop down to the older 2G network. While normally that works as a nice last-resort backup to provide service, 2G networks are notoriously insecure.
Handsets operating on 2G will readily accept communication from another device purporting to be a valid cell tower, like a stingray. So the stingray takes advantage of this feature by jamming the 3G and 4G signals, forcing the phone to use a 2G signal.
Cities scramble to upgrade “stingray” tracking as end of 2G network looms

The Nude Celebrity Photo Leak Was Made Possible By Law Enforcement Software That Anyone Can Get

Elcomsoft Phone Password Breaker requires the iCloud username and password, but once you have it you can impersonate the phone of the valid user, and have access to all of their iCloud information, not just photos
“If a hacker can obtain a user’s iCloud username and password, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.”
“It’s important to keep in mind that EPPB doesn’t work because of some formal agreement between Apple and Elcomsoft, but because Elcomsoft reverse-engineered the protocol that Apple uses for communicating between iCloud and iOS devices. This has been done before —Wired specifically refers to two other computer forensic firms called Oxygen and Cellebrite that have done the same thing — but EPPB seems to be a hacker’s weapon of choice. As long as it is so readily accessible, it’s sure to remain that way”
All of this still requires the attacker to know the celebrities username and password
This is where iBrute came in
A simple tool that takes advantage of the fact that when Apple built the ‘Find My iPhone’ service, they failed to implement login rate limiting
An attacker can sit and brute force the passwords at high speed, with no limitations
The API should block an IP address after too many failed attempts. This has now been fixed
Another way to deal with this type of attack is to lockout an account after too many failed attempts, to ensure a distributed botnet cannot do something like try just 3 passwords each from 1000s of different IP addresses
When it becomes obvious that an account is under attack, locking it so that no one can gain access to it until the true owner of the account can be verified and steps can be taken to ensure the security of the account (change the username?)
The issue with this approach is that Apple Support has proven to be a weak link in regards to security in the past. See TechSNAP Episode 70 .
Obviously, the iPhone to iCloud protocol should not depend of obscurity to provide security either. We have seen a number of different attacks against the iPhone based on reverse engineering the “secret” Apple protocols
Security is often a trade-off against ease-of-use, and Apple keeps coming down on the wrong side of the scale

Feedback:

Round Up:

The post Home Depot Credit Repo | TechSNAP 178 first appeared on Jupiter Broadcasting.

NSA Monster Mash | Tech Talk Today 42

chris — Thu, 14 Aug 2014 09:42:26 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Snowden warns of the NSA’s MonsterMind, a system built to automatically respond to cyber attacks. Google wants to put Now in business and the big improvements coming to LTE.

Plus Microsoft’s CEO gets dunked and more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Google Now for businesses reportedly on the table as HP chases a Google partnership

Google and HP have been discussing an enterprise partnership for the past year with little progress made, according to a new report. Topics have included a “Nexus tablet” with hardware encryption, as well as a version of Google Now for business data.

In fact, the report says that HP had also talked to Apple about a “Siri for enterprise,” which was nixed when the IBM deal was announced.

So Google needs to respond soon or businesses could find themselves locked into the iOS ecosystem before Android has its enterprise act together. HP is a potential partner with connections in the business IT market, and a Google Now for business data would be a feature that Apple couldn’t match. Details of its implementation are unclear at this point, as it’s not an official product, but would center around voice searches for information like financial data or product inventory. This raises several questions about whether Google would need access to data from businesses’ proprietary, private databases.

Meanwhile, HP is working on its own mobile voice search, which it is internally calling “Enterprise Siri.” It’s perhaps not the best sign for a product in development when its codename refers to the rival service it is copying.

HP Wanted To Make A Nexus Phone For Enterprise | Digital Trends

HP reportedly wanted to partner with Google to make a Nexus smartphone specifically aimed at business users. It would have incorporated several business-centric features, such as the ability to add high-end encryption. However, HP encountered internal resistance from Google, in particular from Andy Rubin, who was in charge of Android. Rubin was replaced by Sundar Pichai in March 2013

AT&T will send LTE media broadcasts to your phone in 2015

Verizon may be the first out of the gate with LTE-based media broadcasting in the US, but it won’t be the only game in town. AT&T’s John Stankey has revealed that his carrier will have its own Multicast service sometime in 2015. It’ll first launch in areas where AT&T can start immediately, but it should expand as the provider gets comfortable with both the technology and content partners.

Meet MonsterMind, the NSA Bot That Could Wage Cyberwar Autonomously | Threat Level | WIRED

The NSA whistleblower says the agency is developing a cyber defense system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. The program, called MonsterMind, raises fresh concerns about privacy and the government’s policies around offensive digital attacks.

Snowden tells WIRED in an extensive interview with James Bamford that algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.

Think of it as a digital version of the Star Wars initiative President Reagan proposed in the 1980s.

Snowden suggests MonsterMind could one day be designed to return fire—automatically, without human intervention—against the attacker.

Spotting malicious attacks in the manner Snowden describes would, he says, require the NSA to collect and analyze all network traffic flows in order to design an algorithm that distinguishes normal traffic flow from anomalous, malicious traffic.

“[T]hat means we have to be intercepting all traffic flows,” Snowden told WIRED’s James Bamford. “That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”

MonsterMind sounds much like the Plan X cyberwarfare program run by Darpa. The five-year, $110 million research program has several goals, not the least of which is mapping the entire internet and identifying every node to help the Pentagon spot, and disable, targets if needed. Another goal is building a system that allows the Pentagon to conduct speed-of-light attacks using predetermined and pre-programmed scenarios. Such a system would be able to spot threats and autonomously launch a response, the Washington Post reported two years ago.

It’s not clear if Plan X is MonsterMind or if MonsterMind even exists. The Post noted at the time that Darpa would begin accepting proposals for Plan X that summer. Snowden said MonsterMind was in the works when he left his work as an NSA contractor last year.

Bonus Friday Tech Talk Today w/Special Guest Angela

Microsoft’s CEO Dares Google, Amazon Execs In Ice Bucket Challenge

Today, Microsoft’s CEO Satya Nadella allowed the winning team from his company’s internal hackathon to pour a large amount of chilly dihydrogen monoxide onto his expecting pate.

Then, Nadella challenged Google and Amazon CEOs Larry Page andJeff Bezos to do the same. Bezos, like Nadella, doesn’t keep much on top. Page, on the other hand, has a more natural defense.

The post NSA Monster Mash | Tech Talk Today 42 first appeared on Jupiter Broadcasting.