With Mike’s move to Florida in progress he joins us via phone for a run through of the major JetBrains subscription hoopla, transitioning from a tester to a developer & that big poaching scandal comes to an expensive close!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

Hoopla

How I went from a tester to a developer role

• How JetBrains Lost Years of Customer Loyalty in Just a Few Hours

Yesterday’s big news, at least for many developers, is that JetBrains – maker of popular tools like IntelliJ and ReSharper – is moving to a software-as-a-service subscription model for their products.

Previously, buying a JetBrains product got you a perpetual license and a year of upgrades. Once the license expired, any software you had received under that license would continue to work, but you would need to buy another license to get further upgrades. It was a simple model that worked just fine for many people, and most customers upgraded every year.

Starting November 2, though, that all stops. After that date, JetBrains will no longer sell these perpetual licenses. Instead, you can rent access to their software on a month-by-month basis.

• Introducing JetBrains Toolbox, easier access to your coding tools, more control and flexibility, and a lower entry price | JetBrains Company Blog

As of November 2, 2015, we will introduce JetBrains Toolbox—a collection of our popular desktop tools (IDEs, utilities and extensions) available on a monthly or yearly subscription basis. With JetBrains Toolbox, you can pick and choose one or more tools that best suit your current needs, or go for the ‘All products’ plan that comes with special savings. You decide what to put in your Toolbox and for how long.

• All Products $ 19.90 /month

• kreay’s top comments on reddit )

My indie (personal) IntelliJ purchase was $100/year. Now it’s $120/year (except for the first-year upgrade hook of $10 off) and it now turns off after each year.

Don’t Build a Billion-Dollar Business. Really.

Apple, Google, and other tech giants will pay $415 million in poaching scandal settlement

Feedback

• Which direction?

• New Monitor

The post Subscription Lock-in | CR 169 first appeared on Jupiter Broadcasting.

Lenovo has shipped PCs with man-in-the-middle adware that breaks HTTPS connections. We’ll go into the details & this discuss if this is a deal breaker for our panel.

A great article points out its not just Samsung that’s listening to you & an unboxing and first impressions of the $70 WinBook TW700 tablet.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated] | Ars Technica

Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there’s something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

It’s not just Samsung TVs — lots of other gadgets are spying on you — Fusion

But Samsung’s televisions are far from the only seeing-and-listening devices coming into our lives. If we’re going to freak out about a Samsung TV that listens in on our living rooms, we should also be panicking about a number of other emergent gadgets that capture voice and visual data in many of the same ways.

Revealed: The experts Apple hired to build an electric car | 9to5Mac

In the last few weeks we’ve heard about a poaching war between Apple and Tesla, a couple hires by Apple from the auto industry, and a whole lot of speculation followed by reports that Apple has a team of hundreds working on an electric vehicle. But who exactly is working on the project at Apple?

Winbook TW700 Tablet – Windows 8.1 with full-size USB port, IPS Display, and one year of FREE Microsoft Office 365

• HD IPS Display
• Bluetooth/Wifi
• 2 USB Ports – 1 full size, 1 micro.2 Megapixel front and back camera
• MicroHDMI port and MicroSD slot
• Includes One year of Office 365 – for your TW700 AND a PC or Mac

Ubuntu on the Winbook TW700

I recently stopped by Houston’s new MicroCenter (they recently moved into a new store), and walked out of the store with their WinBook TW700 tablet for about $40. This tablet is built around Intel’s Bay Trail Atom architecture, sporting a 1.33GHz quad core Atom processor, Windows 8.1, and a free (1) year subscription to Office 365. This little tablet only has a 7″ screen, 1GB of RAM, and 16GB of internal storage, but the Micro-SD slot and a full sized USB 2.0 port sealed the deal for me.

The post Lenovo smells Superfishy | Tech Talk Today 136 first appeared on Jupiter Broadcasting.

It’s great to be a malware author, if your selling to the government, Bypassing PayPal’s two-factor authentication is easier than you might think. Plus a great batch of your questions and our answers and much, much more!

Thanks to:

— Show Notes: —

Flaw in mobile app allows attackers to bypass PayPal two-factor authentication

• Researchers at Duo Security have produced a proof-of-concept app that is able to bypass the two-factor authentication when using the PayPal mobile app, allowing an attacker to transfer funds out of a PayPal account with only the username and password, without needing to provide the one-time password
• The PayPal bug was discovered by an outside researcher, Dan Saltman, who asked Duo Security for help validating it and communicating with the PayPal security team
• “PayPal has been aware of the issue since March and has implemented a workaround, but isn’t planning a full patch until the end of July”
• Currently, the PayPal mobile apps do not support 2 factor authentication, meaning if you have 2FA enabled on your PayPal account, you cannot use the mobile app
• The exploit tricks the PayPal app into ignoring the 2FA flag and allowing the mobile app to work anyway
• The researchers found that in the PayPal mobile app, the only thing preventing a 2FA enabled account from working was a flag in the response from the server
• After modifying that flag, it was found that the client could login, and transfer funds
• The check to prevent 2FA enabled accounts from logging in without the one-time passwords appears to only be enforced on the client, not the server as it should be
• Once logged in with a valid session_id, the proof-of-concept app is able to use the API to transfer funds
• “There are plenty of cases of PayPal passwords being compromised in giant database dumps, and there’s also been a giant rise in PayPal related phishing”
• It is not clear how large the bug bounty on this vulnerability will be

“Hacking Team”

• “Hacking Team” is an Italian company that develops “legal” spyware used by law enforcement and other government agencies all over the world
• They originally came to light in 2011 after WikiLeaks released documents from 2008 where Hacking Team was trying to sell its software to governments
• The software bills itself as “Offensive Security”, allowing LEAs to remotely monitor and control infected machines
• The software claims to be undetectable, however when samples were anonymously sent to AV vendors in July of 2012, most scanners added definitions to detect some variants of the malware
• In newly released research, Kaspersky has tracked the Command & Control (C2) servers used by “HackingTeam”
• The countries with the most C2 servers include the USA, Kazakhstan, Ecuador, the UK and Canada
• It is not clear if all of the C2 servers located in these countries are for the exclusive use of LEAs in those countries
• “several IPs were identified as “government” related based on their WHOIS information and they provide a good indication of who owns them.”
• The malware produced by Hacking Team has evolved to include modern malware for mobile phones
• Although this is rarely seen, if it is only used by LEAs rather than for mass infection, this is to be expected
• On a jail broken iOS device, the malware has the following features:
• Control of Wi-Fi, GPS, GPRS
• Recording voice
• E-mail, SMS, MMS
• Listing files
• Cookies
• Visited URLs and Cached web pages
• Address book and Call history
• Notes and Calendar
• Clipboard
• List of apps
• SIM change
• Live microphone
• Camera shots
• Support chats, WhatsApp, Skype, Viber
• Log keystrokes from all apps and screens via libinjection
• The Android version is heavily obfuscated, but it appears to target these specific applications:
• com.tencent.mm
• com.google.android.gm
• android.calendar
• com.facebook
• jp.naver.line.android
• com.google.android.talk
• The article also provides details about how mobile phones are infected. Connecting a phone to an already compromised computer can silently infect it. In addition, the research includes screenshots of the iOS “Infector”, that merely requires LEAs connect the phone to their computer, where they can manually infect it before returning it to the owner
• Additional Coverage – ThreatPost
• Additional Coverage – SecureList
• Additional Coverage – SecureList – Original article on HackingTeam from April 2013

Feedback:

• What is the point of SUDO?
  • SUDO Mastery

• Sending E-mail from a server

• How To Install and Setup Postfix on Ubuntu 14.04 | DigitalOcean

• How To Configure a Mail Server Using Postfix, Dovecot, MySQL, and SpamAssasin | DigitalOcean

• Securing data in a database with GnuPG or OpenSSL

Round Up:

• Google Starts Removing Search Results Under Europe’s ‘Right to be Forgotten’
• Malware authors targeting vendors of legitimate apps as new infection vector. By hacking the websites of legitimate applications used by plants that also employ ICS (Industrial Control Systems), such as power plants, they gain a way to get a foothold in secure networks.
• Nation States implicated in two airports hacked with spear-phishing emails
• Yeah, I trust that ATM, looks totally legit
• Intel offering x86 based robot kits designed to be augmented with 3d printed parts
• MIT researchers unveil 36 core ‘tile’ processor that uses a routed network to move data between cores
• Red Hat Assistant General Counsel posts analysis of Supreme Court’s patent ruling
• Intuit defeats patent troll that bested NewEgg, may finally put an end to the SSL+RC4 trials

The post Big Brother's Malware | TechSNAP 169 first appeared on Jupiter Broadcasting.

Mike and Chris discuss how, even when a laptop seems like the obvious choice, sometimes a desktop may be a better fit. Then, will the fate of Microsoft be slowly and embarrassingly slipping into irrelevance?

And of course your fantastic feedback and much, much more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes: —

Follow up / Feedback

• The Coding Project Manager
• Riegning Execs In
• The Fall of Android– Reality or Fiction?
• Oracle’s Java API code protected by copyright, appeals court rules
• Laptop Saga Part 3
• Becoming a coder

• Celebrate Coder Radio Episode 100!

Dev Hoopla

• ASUS PB278Q 27-Inch WQHD LED-lit PLS Professional Graphics Monitor

• System Build – PCPartPicker

The post Has Microsoft Lost Its Mojo? | CR 102 first appeared on Jupiter Broadcasting.

After three months building pressure the Ukraine is exploding this week, as anti-government protests turn more and more violent. Now the United States and Russia find themselves in a pissing match over who is more just to influence the revolution. The propaganda is flying, and we’ll break it down and discuss the real reasons the people are taking to the streets.

New Snowden leaks reveal the NSA tracked WikiLeaks supporters, legal bud gets a money boost from the feds, Syria is heating back up, and much much more.

On this week’s episode of, Unfilter.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

— Show Notes —

NSA is Crazy

• Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters – The Intercept

The efforts – detailed in documents provided previously by NSA whistleblower Edward Snowden – included a broad campaign of international pressure aimed not only at WikiLeaks founder Julian Assange, but at****what the U.S. government calls “the human network that supports WikiLeaks.” The documents also contain internal discussions about targeting the file-sharing site Pirate Bay and hacktivist collectives such as Anonymous.

• Utah Mulls Measures to Help, Limit NSA Data Center – ABC News

“The end game here is to limit the encroachment on our 4th Amendment rights,” Roberts told the Daily Herald of Provo. “We’d love to see Congress fix that on their own, but I don’t have a lot of faith in that happening. So this is a state effort to take a step in that direction.”

He does have supporters, though, including the Libertas Institute, a libertarian-leaning think tank in Utah.

• Libertas Institute of Utah | Individual Liberty, Private Property, Free Enterprise

Advancing the cause of liberty in Utah

– Thanks for Supporting Unfilter –

• Thanks to our 335 Unfilter supporters!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience. ‘

• Supporter perk: Exclusive BitTorrent Sync share of our production and non-production clips, notes, and more since the NSA scandal broke in episode 54. The ultimate Unfiltered experience, just got more ultimate.

• Supporter Perk: Past 5 supporters shows, in a dedicated bittorrent sync folder.

Ukraine mayhem

• Kiev drone footage: Aerial view of burning Maidan amid Ukranian riots – YouTube

• Ukraine parliament to work on constitution bill

Opposition leaders, backed by protesters in the streets, want a return to a constitution enacted in 2004 that would move substantial powers over the government from the president to parliament – a proposal rejected by President Viktor Yanukovich and his supporters, who have had a majority in the legislature.

• Ukraine: Deadly clashes around parliament in Kiev

The proposals would curb the powers of President Viktor Yanukovych, but the opposition say they were blocked from submitting their draft, meaning no debate could take place.

• Ukraine Facing Civil War: Lviv Declares Independence from Yanukovich Rule

The development came after clashes between police and protesters left at least 25 people dead in capital Kiev.

Ukrainian police yesterday moved in to clear a protest camp in Kiev’s Independence Square, known as the Maidan, the heart of anti-government demonstrations sparked by President Yanukovich’s rejection of a trade and investment deal with the European Union last November.

• Rioters seize over 1,500 guns in Ukraine mayhem – security services

Ukraine’s security service has announced it is launching a counter-terror operation. Radicals have seized over 1,500 firing arms and 100,000 bullets in the last 24 hours, the service said.

Reacting to the “conscious, purposeful use of force by means of arson, killings, kidnapping and terrorizing people,” which Yakimenko treats as “terrorist acts,” the Security Service and Anti-terrorist center of Ukraine have decided to launch a counter-terrorist operation.

• Venezuelan opposition leader Lopez due in court after surrendering

The man the government blames for the deaths is opposition leader Leopoldo Lopez, who turned himself in to authorities on Tuesday.

• This one map helps explain Ukraine’s protests

What’s happening in Ukraine is complicated and driven by many factors: the country’s history as an unhappy component of the Soviet Union, its deep economic woes, a sense of cultural fondness for the West, wide discontent with government corruption, two decades of divided politics and a sense that Yanukovych caved to Putin.

No single datapoint could capture or explain all of that. But the map below comes perhaps as close as anything could. It shows Ukraine, color-coded by the country’s major ethnic and linguistic divisions. Below, I explain why this map is so important and why it helps to tell Ukraine’s story. The short version: Ukraine’s politics have long been divided into two major factions by the country’s demographics. What’s happening right now is in many ways a product of that division, which has never really been reconciled.

Roughly speaking, about four out of every six people in Ukraine are ethnic Ukrainian and speak the Ukrainian language. Another one in six is ethnic Russian and speaks Russian. The last one-in-six is ethnic Ukrainian but speaks Russian. This map shows where each of those three major groups tend to live. (I’m rounding a bit on the numbers; about five percent of Ukrainians are minorities who don’t fit in any of those three categories.)

Here’s why this matters for what’s happening in Ukraine now: Since it declared independence in 1991, the country has been politically divided along these ethnic-linguistic lines. In national elections, people from districts dominated by that majority group (Ukrainian-speakers who are ethnically Ukrainian) tend to vote for one candidate. And people from districts with lots of ethnic Russians or Russian-speakers tend to vote for the other candidate.

Bonus Round

• Obama administration clears banks to accept funds from legal marijuana dealers

The Obama administration on Friday gave the banking industry the green light to finance and do business with legal marijuana sellers, a move that could further legitimize the burgeoning industry.

For the first time, legal distributors will be able to secure loans and set up checking and savings accounts with major banks that have largely steered clear of those businesses. The decision eliminates a key hurdle facing marijuana sellers, who can now legally conduct business in 20 states and the District.

• As Syria threat expands, Obama mulls options

They are also are looking at newer, more far-reaching options, including drone strikes on extremists and more forceful action against Assad, whom President Barack Obama told to leave power 30 months ago.

Obama’s top aides plan to meet at the White House before week’s end to examine options, according to administration officials.

• Homeland Security is seeking a national license plate tracking system – The Washington Post

The national license-plate recognition database, which would draw data from readers that scan the tags of every vehicle crossing their paths, would help catch fugitive illegal immigrants, according to a DHS solicitation. But the database could easily contain more than 1 billion records and could be shared with other law enforcement agencies,

A spokeswoman for DHS’s Immigration and Customs Enforcement agency (ICE) stressed that the database “could only be accessed in conjunction with ongoing criminal investigations or to locate wanted individuals.”

Top Story in the unfilter Subreddit

Feedback:

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Connect with Chase

The post Insane In The Ukraine | Unfilter 86 first appeared on Jupiter Broadcasting.

Attackers use BGP to redirect and monitor Internet traffic, 42 Million dating site passwords leaked, and the data center that could be coming to a town near you.

Plus a great batch of your questions, our answers, and much much more!

On this week’s TechSNAP!

Thanks to:

Show Notes:

Attackers compromise core routers and redirect internet traffic

• Attackers have managed to compromise some routers running BGP (Border Gateway Protocol), and cause them to inject additional hops into some routes on the Internet, allowing them to execute man-in-the-middle (MitM) attacks and/or monitor some users’ traffic
• Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year
• “[The attacker is] getting one side of conversation only,” Cowie said. “If they were to hijack the addresses belonging to the webserver, you’re seeing users requests—all the pages they want. If they hijack the IP addresses belonging to the desktop, then they’re seeing all the content flowing back from webservers toward those desktops. Hopefully by this point everyone is using encryption.”
• In one attack the hop starting in Guadalajara, Mexico and ending in Washington, D.C., included hops through London, Moscow and Minsk before it’s handed off to Belarus, all because of a false route injected at Global Crossing, now owned by Level3
• “In a second example, a provider in Iceland began announcing routes for 597 IP networks owned by a large U.S. VoIP provider; normally the Icelandic provider Opin Kerfi announces only three IP networks, Renesys said. The company monitored 17 events routing traffic through Iceland”
• Renesys does not have any information on who was behind the route hijacking

Cupid Media Hack Exposed 42M Passwords

• The data stolen from Southport, Australia-based dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe, PR Newswire and the National White Collar Crime Center (NW3C), among others.
• Plain text passwords for more than 42 million accounts
• Andrew Bolton, the company’s managing director. Bolton said the information appears to be related to a breach that occurred in January 2013.
• When Krebs told Bolton that all of the Cupid Media users I’d reached confirmed their plain text passwords as listed in the purloined directory, he suggested I might have “illegally accessed” some of the company’s member accounts. He also noted that “a large portion of the records located in the affected table related to old, inactive or deleted accounts.”
• > “The number of active members affected by this event is considerably less than the 42 million that you have previously quoted,” Bolton said.
• The danger with such a large breach is that far too many people reuse the same passwords at multiple sites, meaning a compromise like this can give thieves instant access to tens of thousands of email inboxes and other sensitive sites tied to a user’s email address.
• Facebook has been mining the leaked Adobe data for information about any of its own users who might have reused their Adobe password and inadvertently exposed their Facebook accounts to hijacking as a result of the breach.
• The Date of Birth field is a ‘datetime’ rather than just a ‘date’, and seems to include a random timestamp, maybe from when the user signed up
• Additional Coverage

Feedback:

• Need some help with a HP Server question

• Don\’t be Evil

  • DNS Made Easy

• ZFS on Linux for Production

• Legal mumbo jumbo at the bottom of emails.

Round Up:

• DoctorBeet\’s Blog: LG Smart TVs logging USB filenames and viewing info to LG servers
• Gartner says OpenStack lacks clarity and will be hard to sell
• Swansea police pay ransom to open files locked by hackers
• Allan Jude Interviewed about ScaleEngine on BSD Talk podcast
• Not all USB power is created equal
• Sears teams up with Ubiquity Critical Environments to convert disused Sears Auto Centers into hyper-local data centers

[asa]B00GHME0RE[/asa]

The post Scenic BGP Route | TechSNAP 137 first appeared on Jupiter Broadcasting.

We’ve got the answer to life the universe and everything, plus why you need to get upset about ACTA, and patch your Linux Kernel!

All that and more, in this Q&A PACKED edition of TechSNAP!

Pick your code and save:
DOTCO9: .co domain for $17.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
    Subscribe...           --RSS-- TechSNAP HD TechSNAP Large     TechSNAP Mobile      TechSNAP MP3     TechSNAP OGG     --iTunes--     TechSNAP iTunes HD     TechSNAP iTunes Mobile     TechSNAP iTunes Large     TechSNAP iTunes MP3  

Show Notes: