Show Notes: linuxactionnews.com/202

The post Linux Action News 202 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/357

The post The Little Distro That Could | LINUX Unplugged 357 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/342

The post Shrimps have SSHells | LINUX Unplugged 342 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/328

The post EPYC Netflix Stack | BSD Now 328 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/306

The post Comparing Hammers | BSD Now 306 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/306

The post Flipping FreeNAS for Fedora | LINUX Unplugged 306 first appeared on Jupiter Broadcasting.

Show Notes: coder.show/352

The post Self Driving Disaster | Coder Radio 352 first appeared on Jupiter Broadcasting.

Show Notes/Links: linuxunplugged.com/293

The post Netflix's Gift to Linux | LINUX Unplugged 293 first appeared on Jupiter Broadcasting.

Show Notes: coder.show/344

The post Cupertino's King Makers | Coder Radio 344 first appeared on Jupiter Broadcasting.

Show Notes: error.show/57

The post Free To Succeed? | User Error first appeared on Jupiter Broadcasting.

Show Notes: error.show/51

The post Universal Basic Disruption | User Error 51 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/382

The post Domestic Disappointments | TechSNAP 382 first appeared on Jupiter Broadcasting.

Show Notes:

techtalk.today/280

The post Tech Talk Today 280 first appeared on Jupiter Broadcasting.

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The post Netflix’s Dark Capacity | TechSNAP 359 first appeared on Jupiter Broadcasting.

Episode Links

• Pop!_OS Weekly Update: 17.10 Beta & New Community… — System76 is happy to welcome our new Community Manager: Sriram Ramkrishna, or ‘Sri’ as he likes to be called! His role will be to help create and evolve strong relationships between our upstream projects and the Free and Open Source community as well as continue our fabulous relationship with our customers through our social media channels.
• Ad-Blocker Ghostery Just Went Open Source — Many of Ghostery’s users struggled to understand the company’s old, complicated business model.
• Oculus brings Rift VR headsets back to life with a software fix — The fix is available from the Oculus Rift website, and includes a certificate that hasn’t expired. Oculus thanked owners for their patience in a Twitter message today, and co-founder Nate Mitchell apologized for the embarrassing lapse. Mitchell also promised Rift owners affected by the issues “will be provided with an Oculus store credit.”
• McAfee acquires VPN provider TunnelBear — TunnelBear hadn’t taken on any known outside funding, so McAfee is unlikely to have broken the bank over this acquisition. However, TunnelBear had also previously revealed that it is profitable, so was likely in position to wait until the offer was right.
• Netflix data: 70 percent of viewing happens on TVs — Netflix says 70 percent of its streams end up on connected TVs instead of phones, tablets or PCs.
• Lawmakers approve year-round Daylight Saving Time. — Lawmakers agree for more daylight, but Gov. Rick Scott still must sign and then the U.S. Congress must pass a law to move the Sunshine State into Daylight Savings Time year-round.

The post Their Ubuntu Breakup | T3 266 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Why TLS 1.3 isn’t in browsers yet

It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default.

Leaky S3 Buckets

• Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

“I had seen unencrypted flight logs, passports, drivers licenses, and identification cards,” Finisterre said, adding: “It should be noted that newer logs and PII [personally identifiable information] seemed to be encrypted with a static OpenSSL password, so theoretically some of the data was at least loosely protected from prying eyes.”

• Data on 123 million US households exposed – Naked Security

For a researcher at UpGuard, on 6 October the answer turned out to be an intriguing 36GB database file sitting in plain view_on an Amazon Simple Storage Service (S3) bucket uploaded by analytics company Alteryx._

• Massive US military social media spying archive left wide open in AWS S3 buckets • The Register

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing “dozens of terabytes” of social media posts and similar pages — all scraped from around the world by the US military to identify and profile persons of interest.

• Netflix/security_monkey: Security Monkey

Introduction to SMB for Network Security

Of all the common protocols a new analyst encounters, perhaps none is quite as impenetrable as Server Message Block (SMB). Its enormous size, sparse documentation, and wide variety of uses can make it one of the most intimidating protocols for junior analysts to learn. But SMB is vitally important: lateral movement in Windows Active Directory environments can be the difference between a minor and a catastrophic breach, and almost all publicly available techniques for this movement involve SMB in some way. While there are numerous guides to certain aspects of SMB available, I found a dearth of material that was accessible, thorough, and targeted towards network analysis. The goal of this guide is to explain this confusing protocol in a way that helps new analysts immediately start threat hunting with it in their networks, ignoring the irrelevant minutiae that seem to form the core of most SMB primers and focusing instead on the kinds of threats an analyst is most likely to see.

• StorageCrypter Ransomware: Security Threat or Clickbait?

The StorageCrypter Ransomware appears to be targeting NAS systems around the world but the facts surrounding it have been somewhat confusing.

Feedback

• DHCPDECLINE

• Please keep some BSD

Repairing a 1960s mainframe: Fixing the IBM 1401’s core memory and power supply

The IBM 1401 was a popular business computer of the early 1960s. It had 4000 characters of internal core memory with additional 12000 characters in an external expansion box. 2 Core memory was a popular form of storage in this era as it was relatively fast and inexpensive. Each bit is stored in a tiny magnetized ferrite ring called a core. (If you’ve ever heard of a “core dump”, this is what the term originally referred to.) The photo below is a magnified view of the cores, along with the red wires used to select, read and write the cores.4 The cores are wired in an X-Y grid; to access a particular address, one of the X lines is pulsed and one of the Y lines is pulsed, selecting the core where they intersect.

The post Trials of TLS | TechSNAP 350 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Mandiant researcher doxed by hackers

• HACKERS LEAK DATA FROM MANDIANT SECURITY RESEARCHER IN OPERATION #LEAKTHEANALYST

• The leaked data included more screenshots than documents. Images showed that the hackers might have gained access to the researcher’s Microsoft (Hotmail, OneDrive) and LinkedIn accounts. Earlier in the day, when Bleeping Computer was alerted of the leak, the researcher’s LinkedIn account had been defaced.

• No clear proof that anything more than a personal computer / personal accounts were breeched.

• Other news “sources” used headlines such as Hackers kick off #leaktheanalyst campaign by dumping data of $1bn security firm
  .

70,000 Memcached Servers Can Be Hacked Using Eight-Month-Old Flaws

• Original Talos blog post

• Background: January 2017, a series of Mongodb incidents wherein multiple competing groups were attacking the same servers which leads to the conclusion that there is no hope of actually recovering data, if there ever was in the first place.

• This prompted Talos to investigate memcached

Dan talks about upgrading ZFS arrays

• raidz arrays cannot be expanded. You have n devices; it stays N devices

• you can replace devices

• you can replace devices with bigger devices

• once they area all replaced, BANG, you have more space

• what options exist for replacing devices?

• Pull a drive, insert a new one, issue the zfs replace command.

• Insert a new drive, if you have space, issue the zfs replace command.

• But then Dan had a great idea the other night….

Feedback

• Hypervisor and ZFS setup for home

• PXE boot for imaging servers

• Cheap Managed Switch – Original question from Episode 318

Round Up:

• From the Netflix Technology Blog ChAP: Chaos Automation Platform

• Hacking Voting Machines at DEF CON 25

• real people’ don’t need end-to-end encryption

• FreeNAS 11.0 is Now Here

The post Netflix Lab Rats | TechSNAP 330 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | Video Feed | iTunes Feed

Become a supporter on Patreon:

Links

• XPS 13 Developer Edition
• rikailp – Twitch
• GeekGamerTV – Twitch
• MNGrrl comments on FCC Now Says There Is No Documented ‘Analysis’ of the Cyberattack It Claims Crippled Its Website in May
• Verizon accused of throttling Netflix and YouTube, admits to “video optimization”
• FCC Now Says There Is No Documented ‘Analysis’ of the Cyberattack It Claims Crippled Its Website in May
• Open Internet
• Super Nintendo Entertainment System: Super NES Classic Edition – Official site

The post Selling Your Soul | User Error 18 first appeared on Jupiter Broadcasting.

MP3 Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Linux Action News Episode 1

Canonical IPO is a go, Microsoft brings more Linux to Windows, OpenWRT, LEDE agree on Linux-for-routers peace plan & Google launches project Treble.

Linux On Windows Server: Linux Admin Scripts Will Now Run On Windows

Last week, at its developer conference Build 2017, Microsoft announced that it’s bringing Windows Subsystem for Linux to Windows Server. Apart from this, Windows Server will also be joining Windows Insider program. The other new features of Windows Server will be aligned with the next release of Windows 10.

• Windows Server for Developers: News from Microsoft Build 2017 – Hybrid Cloud Blog

I am pleased to share that we are also bringing the Windows Subsystem for Linux (WSL), commonly known as Bash on Windows, to Windows Server. This unique combination allows developer and application administrators to use the same scripts, tools, procedures and container images they have been using for Linux containers on their Windows Server container host. These containers use our Hyper-V isolation technology combined with your choice of Linux kernel to host the workload while the management scripts and tools on the host use WSL.

explainshell.com – match command-line arguments to their help text

write down a command-line to see the help text that matches each argument

• ShellCheck – shell script analysis tool

finds bugs in your shell scripts.

Linux Academy

• Linux Academy | Linux and AWS Online Training

SELF 2017 Registration, Schedule, Hotel Rooms, Parties, Carpools, and Room Shares

T- 1 Month. We're pleased to announce registration is up, our schedule is released, and MUCH much more! #self2017 https://t.co/Cout5ZEvCi

— SouthEast LinuxFest (@SELinuxFest) May 15, 2017

LINUX Unplugged Subreddit

CasterSoundboard: A soundboard for hot-keying and playing back sounds. (For podcasting)

audio-visualizer-python: a little GUI tool to render visualization videos of audio files

a little GUI tool to render visualization videos of audio files

Netflix confirms it is blocking rooted/unlocked devices, app itself is still working (for now)

Earlier today, Netflix started showing up as ‘incompatible’ on the Play Store for rooted and unlocked Android devices.

TING

• Ting – mobile that makes sense

magic-device-tool: A simple and feature full batch tool to handle installing/replacing Operating Systems (Ubuntu Phone / Ubuntu Touch, Android, LineageOS, Maru OS, Sailfish OS and Phoenix OS) on your mobile devices.

A simple and featureful tool to handle installing/replacing Operating Systems (Ubuntu Phone / Ubuntu Touch, Android, LineageOS, Maru OS, Sailfish OS, and Phoenix OS) on your mobile devices.

I just flashed LineageOS onto a OnePlus One (Bacon) using Magic Device Tool. Made the process so much easier. https://t.co/StMdp7ixOR

— Alan Pope (@popey) May 16, 2017

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Galago Pro – Review

Galago Pro is a 13.3” machine that weighs 2.87 lbs

Galago Pro comes with one USB-C with Thunderbolt, Ethernet, HDMI, SD Card slot and DisplayPort.

It also has a slot for a nano SIM card to get cellular connectivity while on the move. But I have been told the corresponding motherboard hardware bits are not installed.

• CPU Intel Core i7-7500 @ 2.70 Ghz
• GPU Intel HD Graphics 620
• RAM 8 GB
• Disk 256GB nvme
• Battery 36.2WH

The post That New User Smell | LINUX Unplugged 197 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Shadow Brokers steal hacking tools from NSA linked Equation Group

• “On Monday, a hacking group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA.”
• “The previously unknown group said that it broke into the cyberespionage organization known as the Equation Group and has now put the hacking tools that it acquired up for auction”
• “In addition to selling the hacking tools to whoever would end up as the highest bidder, the Shadow Brokers said that if it will be paid 1 million bitcoins, which currently carries a value of about $568 million, the cyberweapons will be publicly released”
• “To back up its claims, the Shadow Brokers uploaded what looks like attack code that focuses on the security systems of routers that direct computer traffic online. According to security experts, the code looks legitimate, affecting routers manufactured by three United States companies and two Chinese companies. Specifically, the companies involved are Cisco Systems, Fortinet, Juniper Networks, Shaanxi Networkcloud Information Technology and Beijing Topsec Network Security Technology.”
• “Last year, researchers from Kaspersky Lab described the Equation Group as one of the most advanced hacking groups in the world. The compressed data that accompanied the post by the Shadow Brokers had a size of just over 256 MB and is said to contain hacking tools that are dated as early as 2010 belonging to the Equation Group”
• Additional Coverage: The Intercept: The NSA Leak Is Real, Snowden Documents Confirm
• “Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.”
• This does not necessarily mean that the tools were stolen directly from the NSA, just that Shadow Brokers stole them from someone who had them. Maybe the Equation Group stole them, or maybe the NSA stole them from the Equation Group.
• “The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency.”
• “The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.” That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.”
• “SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA’s offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don’t always have the last word when it comes to computer exploitation.”
• “SECONDDATE is a tool designed to intercept web requests and redirect browsers on target computers to an NSA web server. That server, in turn, is designed to infect them with malware. SECONDDATE’s existence was first reported by The Intercept in 2014, as part of a look at a global computer exploitation effort code-named TURBINE. The malware server, known as FOXACID, has also been described in previously released Snowden documents.”
• “Snowden, who worked for NSA contractors Dell and Booz Allen Hamilton, has offered some context and a relatively mundane possible explanation for the leak: that the NSA headquarters was not hacked, but rather one of the computers the agency uses to plan and execute attacks was compromised. In a series of tweets, he pointed out that the NSA often lurks on systems that are supposed to be controlled by others, and it’s possible someone at the agency took control of a server and failed to clean up after themselves. A regime, hacker group, or intelligence agency could have seized the files and the opportunity to embarrass the agency.”
• Additional Coverage: SoftPedia: List of Equation Group Files Leaked by Shadow Brokers
• The list of names is quite amusing, likely computer generated by sticking two random words together. Reminds me of a domain-name generator I wrote when I was a teenager
• Additional Coverage: Wired: Of Course Everyone’s Already Using the Leaked NSA Exploits
• “All of which means anyone—curious kids, petty criminals, trolls—can now start hacking like a spy. And it looks like they are.”
• “Curious to learn if anyone was indeed trying to take advantage of the leak, Brendan Dolan-Gavitt—a security researcher at NYU—set up a honeypot. On August 18 he tossed out a digital lure that masqueraded as a system containing one of the vulnerabilities. For his experiment, Dolan-Gavitt used a Cisco security software bug from the leak that people have learned to fix with workarounds, but that doesn’t have a patch yet.”
• “Within 24 hours Dolan-Gavitt saw someone trying to exploit the vulnerability, with a few attempts every day since. “I’m not surprised that someone tried to exploit it,” Dolan-Gavitt says. Even for someone with limited technical proficiency, vulnerable systems are relatively easy to find using services like Shodan, a search engine of Internet-connected systems. “People maybe read the blog post about how to use the particular tool that carries out the exploit, and then either scanned the Internet themselves or just looked for vulnerable systems on Shodan and started trying to exploit them that way,” Dolan-Gavitt says. He explains that his honeypot was intentionally very visible online and was set up with easily guessable default passwords so it would be easy to hack.”
• “The findings highlight one of the potential risks that come with hoarding undisclosed vulnerabilities for intelligence-gathering and surveillance. By holding on to bugs instead of disclosing them so they can be patched, spy agencies like the NSA create a potentially dangerous free-for-all if their exploits are exposed.”
• Additional Coverage: Softpedia: Computer Science Professor Gives Failing Grade to Newly Leaked NSA Hacking Tool
• Additional Coverage: Stephen Checkoway: Equation Group Initial Impressions
• Additional Coverage: @musalbas: NSA’s BENIGNCERTAIN sends IKE packets to Cisco VPNs, then parses config and private keys from the response
• Additional Coverage: @thegrugq: speculation that the ShadowBrokers leak was from another Snowden is “completely wrong”
• Additional Coverage: Matt Blaze

Google Login Issue Allows Credential Theft

• Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials. or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process.
• A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don’t consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter.
• “Google’s login page accepts a vulnerable GET parameter, namely ‘continue’. As far as I can determine, this parameter undergoes a basic check,” Aidan Woods, the researcher who discovered the bug, wrote in an explanation of the flaw.
• The login page checks to ensure that the parameter points to .google.com/, but doesn’t determine which Google service the parameter is pointing to.
• “The application fails to verify the type of Google service that has been specified. This means that is is possible to seamlessly insert any Google service at the end of the login process.”
• Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user’s credentials.
• For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. Woods said an attacker also could send an arbitrary file to the target’s browser any time the login form is submitted.
• Exploiting the flaw should be simple, an “Attacker would not need to intercept traffic to exploit – they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter,”
• Woods opened three separate reports with Google about the vulnerability, but to no avail.
• In a message to Woods, Google representatives said they saw phishing as the only attack vector, and didn’t consider this a security problem.
• “The simplest action Google can take to address this would be to remove the redirect feature at login. If they want to retain that feature and also address this problem, they need to properly validate the contents of the parameter: Google needs to make sure the values they allow can’t be abused, and validate the allowed values are also safe themselves,” Woods said.
• “This could be done by building a whitelist of [sub-]domains, (including paths if necessary) that they wish to redirect to.”
• Aidan Woods: Google’s Faulty Login Pages

Researchers map the Netflix content delivery network, find 4669 servers

• “When you open Netflix and hit “play,” your computer sends a request to the video-streaming service to locate the movie you’d like to watch. The company responds with the name and location of the specific server that your device must access in order for you to view the film.”
• “For the first time, researchers have taken advantage of this naming system to map the location and total number of servers across Netflix’s entire content delivery network, providing a rare glimpse into the guts of the world’s largest video-streaming service.”
• “A group from Queen Mary University of London (QMUL) traced server names to identify 4,669 Netflix servers in 243 locations around the world. The majority of those servers still reside in the United States and Europe at a time when the company is eager to develop its international audience. The United States also leads the world in Netflix traffic, based on the group’s analysis of volumes handled by each server. Roughly eight times as many movies are watched there as in Mexico, which places second in Netflix traffic volume. The United Kingdom, Canada, and Brazil round out the top five.”
• “In March, Netflix did publish a blog post outlining the overall structure of its content delivery network, but did not share the total number of servers or server counts for specific sites.”
• “Last January, Netflix announced that it would expand its video-streaming service to 190 countries, and IHS Markit recently predicted that the number of international Netflix subscribers could be greater than U.S. subscribers in as few as two years.”
• “Steve Uhlig, the networks expert at Queen Mary University of London who led the mapping project, says repeating the analysis over time could track shifts in the company’s server deployment and traffic volumes as its customer base changes.”
• “Traditionally, content delivery services have chosen one strategy or the other. Akamai, for example, hosts a lot of content with Internet service providers, while Google, Amazon, and Limelight prefer to store it at IXPs. However, Uhlig’s group found that Netflix uses both strategies, and varies the structure of its network significantly from country to country.”
• “Timm Böttger, a doctoral student at QMUL who is a member of the research team, says he was surprised to find two Netflix servers located within Verizon’s U.S. network. Verizon and other service providers have argued with Netflix over whether they would allow Netflix to directly connect servers to their networks for free. In 2014, Comcast required Netflix to pay for access to its own network.”
• “Tellingly, the group did not find any Netflix servers in Comcast’s U.S. network. As for the mysterious Verizon servers? “We think it is quite likely that this is a trial to consider broader future deployment,” Böttger says. Netflix did not respond to a request for comment.”
• “Their search revealed that Netflix’s server names are written in a similar construction: a string of numbers and letters that include traditional airport codes such as lhr001 for London Heathrow to mark the server’s location and a “counter” such as c020 to indicate the number of servers at that location. A third element written as .isp or .ix shows whether the server is located within an Internet exchange point or with an Internet service provider.”
• “To study traffic volumes, the researchers relied on a specific section of the IP header that keeps a running tally of data packets that a given server has handled. By issuing multiple requests to these servers and tracking how quickly the values rose, the team estimated how much traffic each server was processing at different times of the day. They tested the servers in 1-minute intervals over a period of 10 days.”
• That counter is only 32 bit, and the larger Netflix servers push 80 gigabits per second (enough to wrap a 32 bit counter every 24 seconds)
• “The U.K. has more Netflix servers than any other European country, and most of those servers are deployed within Internet service providers. All French customers get their films streamed through servers stationed at a single IXP called France-IX. Eastern Europe, meanwhile, has no Netflix servers because those countries were only just added to the company’s network in January.”
• The researchers expected to see a lot more servers embedded in ISPs rather than at Internet exchanges. There are two reasons why this is not so: It would require more hardware, since machines at a specific ISP cannot service a second ISP, and: many ISPs like Comcast are resisting accepting Netflix CDN boxes
• “In March, the company said it delivers about 125 million total hours of viewing to customers per day. The researchers learned that Netflix traffic seems to peak just before midnight local time, with a second peak for IXP servers occurring around 8 a.m., presumably as Netflix uploads new content to its servers.”
• See Netflix and Fill – BSDNow 157 for more on how Netflix runs their FreeBSD powered CDN.

Feedback:

• Block windows connections Follow up

• IPv6, Firewall and Security confusion.

• Single disk ZFS for offsite backups

• A Different Take on Secure File Syncing

• DemonSaw DEFCON Talk

Round Up:

• FBI Director wants ‘adult conversation’ about backdooring encryption
• More on Sweet32 from Bruce Schneier and Matthew Green
• Over 18,000 Redis Instances Targeted by Fake Ransomware
• Proof that the dropbox hack is real
• Popular BitTorrent Client Transmission Gets Infected With Malware Again
• The Big Short: Taking a short stock position against companies when you find security flaws in their hardware/software
• FBI Warned State Election Board Systems of Hacks
• Samsung set to recall all Galaxy Note 7 devices over concerns that the batteries may explode
• Acer’s Predator 21 X puts a curved screen and dual GTX 1080s in a laptop
• Lenovos new Yoga Book is so thin it has to use a touch screen keyboard
• The story of how WoSign gave me an SSL certificate for GitHub.com
• Amazon experimenting with 30 hour flexible work week. Required hours are Mon-Thur 10am to 2pm. Pays less than full time, but same benefits as full time

The post The Shadow Knows | TechSNAP 282 first appeared on Jupiter Broadcasting.