It’s a good day for net Neutrality, Microsoft is getting competitive with Chrome & the DMCA is ugly & busted.

Plus a 3d Printed bus, Marvin gets named & our Kickstarter of the week!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Links

• U.S. Appeals Court Upholds Net Neutrality Rules In Full
• Microsoft shows how bad Chrome is for your laptop’s battery
• BitTorrent, Inc. Separates Out Sync Business to Focus on Media
• Google Sees DMCA Notices Quadruple In Two Years
• NASA Electric Research Plane Gets X Number, New Name
• Olli, a 3D printed, self-driving minibus, to hit the road in US

Kickstarter of the Week

• LELO HEX

The post Winning with Lelo Hex | TTT 249 first appeared on Jupiter Broadcasting.

We start from a town that has no internet and reflect on how quickly the last 8 years of progress feel very distant, then discuss the recent extreme examples of companies challenging Net Neutrality. Ballmer says Windows Phones should run Android apps & maybe he’s right?

Google’s Chromebooks make up half of US classroom devices. As parents, are we comfortable with Google having a lifetime of history on our kids?

Plus some follow up on a previous Kickstarter of the week with a special guest, the likely conclusion to a five year old tech story & the inside scoop on the Jupiter Broadcasting SWAG for the Holidays giveaway!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

— Episode Links —

• Town that has no cell phone service loses its primary Internet provider | Ars Technica
• AT&T vs. FCC, net neutrality: AT&T says it’s had to kill ideas | BGR
• Comcast Tests Net Neutrality By Letting Its Own Streaming Service Bypass Usage Caps | Techdirt
• Windows Server 2016 moving to per core, not per socket, licensing | Ars Technica
• Ballmer: Microsoft Mobile Should Focus On Android Apps Not Universal Apps – Slashdot
• Google’s Chromebooks make up half of US classroom devices
• Sticky disc makes any watch a smartwatch – BBC News
• Samsung finally agrees to pay Apple $548 million, with a few caveats | The Verge
• PopcornTimeCE/desktop · GitHub

The post Children of the Chromebook | TTT 225 first appeared on Jupiter Broadcasting.

Linux turns 24 years old, KDE ships a new Plasma, BlackBerry’s running Android & the great Google Now exodus.

Plus some big news for Jupiter Broadcasting & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Happy Birthday, Linux! An OS At 24 – Slashdot
• KDE – KDE Ships Plasma 5.4.0, Feature Release for August
• BlackBerry Passport Silver Edition captured on video running Android | CrackBerry.com
• Staff Exodus, Pressure From Microsoft, Apple Hit Google Now | Re/code
• Google Lobbied Against Real Net Neutrality In India, Just Like It Did In The States | Techdirt

The post Google Now? Maybe Later | TTT 207 first appeared on Jupiter Broadcasting.

The FCC Chairman makes it clear, he plans to push for Title II classification of the Internet. Is Net Neutrality going to save us all? We’ll debate & discuss the mounting counter battle.

Plus Valve is about to reveal their openGL replacement & we take a look at an open source device that’s NSFW.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

FCC Chairman Tom Wheeler: This Is How We Will Ensure Net Neutrality

After more than a decade of debate and a record-setting proceeding that attracted nearly 4 million public comments, the time to settle the Net Neutrality question has arrived. This week, I will circulate to the members of the Federal Communications Commission (FCC) proposed new rules to preserve the internet as an open platform for innovation and free expression. This proposal is rooted in long-standing regulatory principles, marketplace experience, and public input received over the last several months.

Broadband network operators have an understandable motivation to manage their network to maximize their business interests. But their actions may not always be optimal for network users. The Congress gave the FCC broad authority to update its rules to reflect changes in technology and marketplace behavior in a way that protects consumers. Over the years, the Commission has used this authority to the public’s great benefit.

AT&T previews lawsuit it plans to file against FCC over net neutrality | Ars Technica

AT&T seems resigned to the near-certainty that the Federal Communications Commission will reclassify broadband as a common carrier service in order to enforce net neutrality rules. But it isn’t going to let the decision stand without a legal challenge, and the company is already telling the world what it’s going to argue in court.

“I have no illusions that any of this will change what happens on February 26,” when the FCC is expected to vote, AT&T Federal Regulatory VP Hank Hultquist wrote in a blog post yesterday. “But when the FCC has to defend reclassification before an appellate court, it will have to grapple with these and other arguments. Those who oppose efforts at compromise because they assume Title II rests on bullet proof legal theories are only deceiving themselves.”

Toshiba releases super-secure Encrypted USB Flash Drive with hardware-based encryption

“Available in 4GB ($95), 8GB ($112), 16GB ($140) and 32GB ($200) capacities, the Toshiba Encrypted USB Flash Drive uses a built-in mini-keyboard to authenticate access, incorporating a rechargeable battery so the user can enter a secure code before plugging into a USB port. Users simply enter their secure PIN and plug the drive into any USB 2.0 port on a compatible device. Once access is granted, the drive ‘unlocks’ the media, permitting clearance to all of the content stored on the drive. When the drive is removed from a USB port, the drive automatically re-locks and encrypts the stored media”, says Toshiba.

Serious bug in fully patched Internet Explorer puts user credentials at risk | Ars Technica

A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users’ browsing sessions. Microsoft officials said they’re working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1.

The vulnerability is known as a universal cross-site scripting (XSS) bug. It allows attackers to bypass the same origin policy, a crucially important principle in Web application models that prevents one site from accessing or modifying browser cookies or other content set by any other site. A proof-of-concept exploit published in the past few days shows how websites can violate this rule when people use supported versions of Internet Explorer running the latest patches to visit maliciously crafted pages.

glNext: The Future of High Performance Graphics (Presented by Valve)

Join us for the unveiling of Khronos’ glNext initiative, the upcoming cross-platform graphics API designed for modern programming techniques and processors. glNext will be the singular choice for developers who demand peak performance in their applications. We will present a technical breakdown of the API, advanced techniques and live demos of real-world applications running on glNext drivers and hardware.

KICKSTARTER OF THE WEEK: The Mod – Multivibrating Open-Source Dildo | Indiegogo

The Mod is a great vibrator. It’s made from 100% silicone.
Its three powerful motors create amazing sensations, ranging from a lovely low
frequency rumble to patterns that move up and down the shaft. It is USB rechargeable,
and its built in buttons make it easy to control vibration patterns and
intensities.

The post Open-source Market Penetration | Tech Talk Today 127 first appeared on Jupiter Broadcasting.

A Uber exec is caught plotting against journalists, TOR considers crowdfunding after a rough 15-months & the FCC calls AT&T’s Net Neutrality bluff.

Plus our Kickstarter of the week & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Uber Executive Suggests Digging Up Dirt On Journalists

A senior executive at Uber suggested that the company should consider hiring a team of opposition researchers to dig up dirt on its critics in the media — and specifically to spread details of the personal life of a female journalist who has criticized the company.

The executive, Emil Michael, made the comments in a conversation he later said he believed was off the record. In a statement through Uber Monday evening, he said he regretted them and that they didn’t reflect his or the company’s views.

Michael, who Kalanick described as “one of the top deal guys in the Valley” when he joined the company, is a charismatic and well-regarded figure who came to Uber from Klout. He also sits on a board that advises the Department of Defense.

Over dinner, he outlined the notion of spending “a million dollars” to hire four top opposition researchers and four journalists. That team could, he said, help Uber fight back against the press — they’d look into “your personal lives, your families,” and give the media a taste of its own medicine.

In a statement through an Uber spokeswoman, Michael said: “The remarks attributed to me at a private dinner — borne out of frustration during an informal debate over what I feel is sensationalistic media coverage of the company I am proud to work for — do not reflect my actual views and have no relation to the company’s views or approach. They were wrong no matter the circumstance and I regret them.”

The spokeswoman, Nairi Hourdajian, said the company does not do “oppo research” of any sort on journalists, and has never considered doing it. She also said Uber does not consider Lacy’s personal life fair game, or believe that she is responsible for women being sexually assaulted.

FCC calls AT&T’s fiber bluff, demands detailed construction plans | Ars Technica

Two days after AT&T claimed it has to “pause” a 100-city fiber build because of uncertainty over network neutrality rules, the Federal Communications Commission today asked the company to finally detail its vague plans for fiber construction.

Despite making all sorts of bold promises about bringing fiber to customers and claiming its fiber construction is contingent on the government giving it what it wants, AT&T has never detailed its exact fiber plans. For one thing, AT&T never promised to build in all of the 100 cities and towns it named as potential fiber spots. The company would only build in cities and towns where local leaders gave AT&T whatever it wanted. In all likelihood, only a small portion of the 100 municipalities were likely to get fiber, and nobody knows which ones.

Today, the FCC challenged AT&T to finally reveal some facts about its fiber plans in a letter to AT&T Senior VP Robert Quinn.

Ferris asked Quinn for a response by November 21. AT&T told Re/code that it is “happy to respond to the questions posed by the FCC in its review of our merger with DirecTV. As we made clear earlier this week, we remain committed to our DirecTV merger-related build-out plans.”

Tor eyes crowdfunding campaign to upgrade its hidden services

The Tor Project is currently considering a crowdfunding campaign to overhaul the network’s anonymous websites after years of design and security criticisms, Tor executive director Andrew Lewman told the Daily Dot.

In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened.

The details of such a campaign have yet to be revealed.

Hush | The World’s First Smart Earplugs by Hush — Kickstarter

Wireless noise masking earplugs that block out the world while still letting you hear the things that matter most.

The post Support Your Tor | Tech Talk Today 93 first appeared on Jupiter Broadcasting.

Obama calls on FCC to make ‘strongest possible rules’ to protect net neutrality, but the realities of this move might not be appealing. We’ll look at Net Neutrality from all sides & explain what Title II means.

Plus a high level US Diplomat is accused of Spying, a new study claims extended Cannabis uses causes brain damage, an ISIS update & much more.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

— Show Notes —

News

Hillary Donor Under Investigation in Counterintelligence Probe

A former high-ranking diplomat and Clinton ally at the center of an FBI counterintelligence probe was a registered foreign agent for the Pakistani government up until just days before she was appointed to run the U.S. State Department’s Pakistan aid team.

The Washington Post reported last week that the State Department’s aid coordinator for Pakistan, Robin Raphel, is the subject of a counterintelligence investigation and has had her security clearance revoked.

The FBI has not specified the nature of the probe, although the Post indicated that it could be espionage-related. She was reportedly placed on administrative leave last month, and the State Department said she is no longer employed by the agency.

Raphel previously served as an assistant secretary of state under President Bill Clinton and rejoined the State Department in August 2009 to focus on Pakistan and Afghanistan aid issues. She is also close to Hillary Clinton and contributed $2,000 to her presidential campaign in 2007.

• FBI Investigation Of Robin Raphel – Business Insider

Robin Raphel, the ‘obstacle’ in India-U.S. ties – The Hindu

In 1995, U.S. diplomat Robin Raphel was the toast of the State department. President Bill Clinton appointed her the first Assistant Secretary of State for South Asia (the post later included Central Asia), and she was known to be close to him and Hillary Clinton, as she knew the U.S. President from his time at Oxford.

“Eventually, we have been vindicated by this investigation,” said an official who preferred not to be named, speaking about the just-announced U.S. federal probe against Ms. Raphel, “We repeatedly told the U.S. that Ms. Raphel’s position was anti-India, but it was also not in the U.S.’s interests.” As a diplomat Ms. Raphel was responsible for two other controversial policies: that of suggesting support for the Taliban takeover in Afghanistan in 1996, as a means of securing the U.S. company Unocal consortium’s pipeline plan in the region, as well as advocating dropping parts of the U.S.’s Pressler amendment that put strict oversight over aid to Pakistan. After she retired, Ms. Raphel joined consultancy group Cassidy & Associates and landed a massive $1.2 million contract from the Pakistan government under President Musharraf, to “improve Pakistan’s image” in the U.S. in 2007.

• Pakistan lobbyist Robin Raphel under lens for alleged spying – The Times of India

In Ukraine, Shelling and Convoys of Armed Trucks Threaten Cease-Fire – NYTimes.com

An October report revealed that cluster munitions, which blanket a target area with bomblets filled with deadly shrapnel, have been used by government troops and possibly pro-Russian rebels against civilian population centers during the fighting in eastern Ukraine. Evidence strongly indicates that Ukrainian troops stationed about 30 kilometers, or 19 miles, southwest of the city launched attacks on Donetsk earlier this month, including an attack that killed a Swiss employee of the International Red Cross.

A shaky cease-fire in eastern Ukraine looked ever more tenuous on Sunday as European monitors confirmed reports of unmarked military vehicles driving through rebel-held territory while Donetsk, the region’s biggest city, endured a nightlong artillery battle.

The monitoring group, the Organization for Security and Cooperation in Europe, said that long columns of unmarked military vehicles, some towing howitzers, were spotted over the weekend. The monitors did not speculate as to the origins of the trucks or the people inside them, but Ukrainian officials said the statements bolstered their claims that Russia was again arming and training separatists.

The O.S.C.E. reported that its observers had driven on Saturday past a column of more than 40 trucks on a highway outside Donetsk. The trucks were covered with tarpaulins and “without markings or number plates — each towing a 122 mm howitzer and containing personnel in dark green uniforms without insignia,” the O.S.C.E. statement said.

On Sunday, after what journalists in Donetsk described as the heaviest night of artillery shelling in and around the city in at least a month, the O.S.C.E. observers saw two more unmarked military columns. The observers noted 17 trucks in each column, some equipped with Grad ground-to-ground rocket launchers and others towing more howitzers.

Net Neutrality

Obama calls on FCC to make ‘strongest possible rules’ to protect net neutrality | Technology | The Guardian

President says ‘open internet is essential to way of life’ and comes out against so-called ‘fast lanes’ for higher-paying web users.

Dear Senator Ted Cruz, I’m going to explain to you how Net Neutrality ACTUALLY works – The Oatmeal

Net neutrality, Obama, FCC, Title II … Your ESSENTIAL guide to WTF is happening • The Register

• Put simply, because rules that were created by the FCC in 2010 in order to deal with the modern reality of the internet — the so-called Open Internet Order — were struck down [PDF] by the US courts following a challenge by Verizon.

That left a potentially huge gap that people are worried that cable companies will exploit. Without new rules, it is possible — in fact, likely — that your cable provider, who is most cases is also your internet provider, will find ways to profit from the video, audio and text sent through its wires to subscribers.

• The very fact that Verizon then went to the trouble of suing the FCC to get the existing rules that prevented it from discriminating on the basis of content overturned is, ironically, what is spurring people on to push the old 1934 law of “common carriers” onto the cable companies, so that they are legally prevented from touching the data and so from imposing a cable business model on the internet.

• The cable companies make the valid point that the legislation that they would be pulled under is ancient, outdated and in many respects goes against the general philosophy of less government regulation that help the internet to thrive in the first place.

• Wheeler added: “I am grateful for the input of the President and look forward to continuing to receive input from all stakeholders, including the public, members of Congress of both parties, including the leadership of the Senate and House committees, and my fellow commissioners.
  “Ten years have passed since the Commission started down the road towards enforceable Open Internet rules. We must take the time to get the job done correctly, once and for all, in order to successfully protect consumers and innovators online.”

• The resulting Telecommunications Act of 1996 did not really address how people gained access to the internet, however, or how companies that make that access to the web possible should be viewed.

There was one very small part — literally one paragraph — in the 128-page text that defined a new term, “advanced telecommunications capability”, as “high-speed, switched, broadband telecommunications capability that enables users to originate and receive high-quality voice, data, graphics, and video telecommunications using any technology.”

This is the Section 706 that is held up as the alternative to Title II for how to fit broadband providers into the law.

• Just how out of date is Title II?

• There are 76 sections to Title II, and those wanting to reclassify broadband under it want to retain just six sections. They are:
  • 201: Services and charges — companies have to charge a reasonable sum for the service
  • 202: Discrimination — you can’t discriminate over the service
  • 208: Complaints — people can complain
  • 222: Privacy — people’s privacy has to be respected
  • 254: Universal service — you have to provide the service across the country
  • 255: Disability access — make it possible for people with disabilities to use it

Put together, these six sections are pretty light on regulation, although parts of them are still horribly outdated.

• There is specific reference in 201 to the law not impacting the ability of common carriers to “furnishing reports of positions of ships at sea to newspapers of general circulation.”

• Section 202 reveals the startling sum of “$6,000 for each such offense and $300 for each and every day of the continuance of such offense.” At those rates, AT&T won’t exactly be trembling in its boots. In today’s currency, the legislation should read $100,000 for each offense and $5,000 per day.

• Am I The Only Techie Against Net Neutrality?

AT&T to “pause” 100-city fiber buildout because of net neutrality rules | Ars Technica

AT&T CEO Randall Stephenson said today that his company will “pause” investments in fiber networks until the net neutrality debate is over. The statement came two days after President Obama urged the Federal Communications Commission to reclassify broadband as a utility and impose bans on blocking, throttling, and paid prioritization.

“We can’t go out and invest that kind of money deploying fiber to 100 cities not knowing under what rules those investments will be governed,” Stephenson told investors, according to Reuters. “We think it is prudent to just pause and make sure we have line of sight and understanding as to what those rules would look like.” Stephenson was speaking at a Wells Fargo event.

High Note

Regular marijuana habit changes your brain, study says – CNN.com

Researchers found that compared to nonusers, people who smoked marijuana starting as early as age 14 have less brain volume, or gray matter, in the orbitofrontal cortex. That’s the area in the front of your brain that helps you make decisions.

“The younger the individual started using, the more pronounced the changes,” said Dr. Francesca Filbey, the study’s principal investigator and associate professor at the School of Behavioral and Brain Sciences at the University of Texas at Dallas. “Adolescence is when the brain starts maturing and making itself more adult-like, so any exposure to toxic substances can set the course for how your brain ends up.”

Unfilter Debunk

..a study that looked at a relatively large group of marijuana users …

The study, published Monday in the Proceedings of the National Academy of Sciences, used MRI scans to look at the brains of 62 non-marijuana users and 48 regular marijuana users, 27 of whom used marijuana but not other drugs.

• 21 of the 48 pot-smokers reported using other drugs aside from weed.

• Puzzlingly High Correlations in fMRI Studies of Emotion, Personality, and Social Cognition

Major contention surrounding studdies that use MRI methods

Functional magnetic resonance imaging (fMRI) studiesofemotion, personality, and social cognition have drawn much attention
in recent years, with high-profile studies frequently reporting extremely high (e.g., >.8) correlations between brain activation
and personality measures. We show that these correlations are higher than should be expected given the (evidently limited)
reliability of both fMRI and personality measures. The high correlations are all the more puzzling because method sections
rarely contain much detail about how the correlations were obtained. We surveyed authors of 55 articles that reported findings
of this kind to determine a few details on how these correlations were computed. More than half acknowledged using a strategy
that computes separate correlations for individual voxels and reports means of only those voxels exceeding chosen thresholds.
We show how this nonindependent analysis inflates correlations while yielding reassuring-looking scattergrams.

New pot shops on the block not always so popular | Business | Seattle News, Weather, Sports, Breaking News | KOMO News

DENVER (AP) – The booming new marijuana industry has an image problem. Not with government officials and the public – but with other businesses.

From crime fears to smell complaints, new marijuana retailers and growers face suspicion and sometimes open antagonism from their commercial neighbors, especially in Denver, which now has 200 marijuana retailers and dozens of pot growing and manufacturing facilities.

The strife went public last week along a once-forlorn stretch of highway south of downtown Denver now sprinkled with marijuana shops.

About two dozen pot shops along this stretch of Broadway, often dubbed “Broadsterdam,” had a marketing idea for the upcoming holiday shopping season. Why not join forces with neighboring antique shops to market the whole area as “The Green Mile”?

The pot shops called a meeting, expecting an enthusiastic response from neighboring businesses that have seen boarded-up storefronts replaced with bustling pot shops with lines out the door. Instead, the suggestion unleashed a torrent of anger from the antique shops.

“We don’t want to work with you,” said James Neisler, owner of Heidelberg Antiques. “Your customers, they’re the long-haired stinky types. They go around touching everything and they don’t buy anything.”

The post Net Neutrality Reality | Unfilter 122 first appeared on Jupiter Broadcasting.

Adobe’s latest flaw has being exploited by an advanced persistent threat, we’ve got the details, Heartbleed follow ups, and getting started with Virtualization.

Plus our thoughts on the fate of net neutrality, your questions, our answers, and much much more!

On this week’s episode of TechSNAP!

Thanks to:

— Show Notes: —

Adobe releases patch for critical Flash flaw affecting all OSs

• A new exploit has been discovered that works against all versions of Adobe Flash Player
• This is a zero-day exploit, meaning that even a fully patched computer can be exploited
• Adobe has since released the fix, and users are encouraged to apply the patch as soon as possible
• The attack used two different exploits, one general exploit against Flash and the other exploiting a flaw in Internet Explorer
• One of the malware files was detected by Kaspersky using a heuristic signature, but the other was new
• The exploits slightly alter the attack methodology if Windows 8 or newer is detected, to work around mitigations provided by the OS
• The first bit of malware (movie.swf) was generic, downloading more malware from a URL and running it
• The second bit of malware (include.swf) was very specific, targeting “Cisco MeetingPlace Express Add-In version 5”
• “This add-in is used by web-conference participants to view documents and images from presenter\’s screen. It should be noted that the exploit will not work if the required versions of Adobe Flash Player ActiveX and Cisco MPE are not present on the system”
• This suggests that the malware was written with a very specific target in mind, rather than designed to target the general Internet
• The malware was hosted on an official Syrian government website, although it appears that the site may have been compromised to store the files there
• Kaspersky was not able to examine the payload of the second exploit because the files had already been taken down from the website, and there is evidence to suggest there was a 3rd payload (stream.swf)
• “We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer.”
• “It\’s likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this.”
• CVE-2015-0515
• Adobe Security Bulletin
• Additional Coverage – ARS Technica
• Additional Coverage – Krebs on Security
• Since IE uses a separate version of Flash from other browsers (Firefox, Chrome, Opera, etc), Windows users will need to apply the patch twice, one to their browser and once to IE, which is used as a component in many other applications including Skype and Steam

Exploit used in the wild against all versions of Internet Explorer 6 through 11

• As part of the same attack from the previous story, an exploit for all versions of Internet Explorer was found
• The exploit was used as part of a watering hole attack
• CVE-2014-1776
• This was to be the first of many 0day exploits that will not be fixed on Windows XP, however Microsoft issued a statement and released the update for Windows XP , inspite of the fact that it is no longer supported

[Heartbleed Followups]

• The heartbleed bug was used to attack and compromise a number of blackhat and underground forums – Many sites were compromised, upgraded OpenSSL but did not revoke SSL certificates or reset passwords
• US-CERT issues advisory warning business and users to update their Apple AirPort devices that are vulnerable to Heartbleed
• CERT has issued an advisory about the NetSSL library failing to properly validate wildcard certificates
• Whitehouse comments, says they did not know about Heartbleed before hand
• Even heartbleed can’t convince people to change their passwords and stop reusing passwords
• Android 4.1.1 has not received OpenSSL patches yet

Feedback:

• Kids WiFi

• Looking for virtualization advice

• XP in a VM

• What advice do you have to help tech geeks find their dream job?

• Suggestion for Brett for backup

• Mondo Rescue – Disaster recovery solution

Round-Up:

• Sony\’s 185TB data tape puts your hard drive to shame
• CERT issues advisory about Toshiba Point-of-Sales systems using weak hashing algorithm for passwords
• SanDisk Announces 4TB SSDs, 8TB & 16TB SSDs to Follow
• Phishers hack email accounts and divert home loan funds
• AOL Finally Admits They Were Hacked
• MIT students raise half million dollars to give every undergraduate student $100 in bitcoins next semester in an effort to build the first true cryptocurrency economy
• FCC chairman \’won\’t hesitate\’ to regulate broadband like a utility if proposed rules fail
• What the internet might look like without Net Neutrality
• Netflix researching “large-scale peer-to-peer technology” for streaming
• This trend shows with Net Neutrality is important — Sonic.net comments on net neutrality
• CISPA 3.0 introduced to the senate
• AT&T’s possible acquisition of DirecTV increases net neutrality concerns

The post Not Neutrality | TechSNAP 161 first appeared on Jupiter Broadcasting.

The Mask, an advanced persistent threat is revealed, a slew of various home router models are actively being exploited, we’ll share the important details.

Plus some routing basics explained, and much much more.

On this week’s TechSNAP

Thanks to:

— Show Notes: —

Kaspersky discovered “The Mask” APT

• We got some hints about Careto (also know as “The Mask” or “The Masked APT”) a few weeks ago, and speculation suggested that the unusual native language of the attackers was Korean
• In an even bigger surprise, it turns out the attackers are Spanish speaking
• the Spanish-speaking attackers targeted government institutions, energy, oil & gas companies and other high-profile victims via a cross-platform malware toolkit
• Full Research PDF
• The APT has been going on since 2007 or earlier
• “More than 380 unique victims in 31 countries have been observed to date”
• “What makes “The Mask” special is the complexity of the toolset used by the
  attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, 32 and 64 bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (Apple iOS)”
• “The Mask also uses a customized attack against older versions of Kaspersky Lab products to hide in the system, putting them above Duqu in terms of sophistication and making it one of the most advanced threats at the moment. This and several other factors make us believe this could be a nation state sponsored campaign”
• “When active in a victim system, The Mask can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations”
• “The malware collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP files. There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government level encryption tools”
• “Overall, we have found exploits for Java, Flash SWF (CVE-2012-0773), as well as malicious plugins for Chrome and Firefox, on Windows, Linux and OS X. The names of the subdirectories give some information about the kind of attack they launch, for instance we can find /jupd where JavaUpdate.jar downloads and executes javaupdt.exe”
• “CVE-2012-0773 has an interesting history. It was originally discovered by French
  company VUPEN and used to win the “pwn2own” contest in 2012. This was the first
  known exploit to escape the Chrome sandbox. VUPEN refused to share the exploit
  with the contest organizers, claiming that it plans to sell it to its customers”
• “A Google engineer offered Bekrar (of VUPEN) $60,000 on top of the $60,000 he had already won for the Pwn2Own contest if he would hand over the sandbox exploit and the details so Google could fix the vulnerability. Bekrar declined and joked that he might consider the offer if Google bumped it up to $1 million, but he later told WIRED he wouldn’t hand it over for even $1 million.”
• This suggests that the threat actor may be a government
• However, Chaouki Bekrar denies the VUPEN exploit was used
• “Several attacks against browsers supporting Java have been observed.
  Unfortunately, we weren’t able to retrieve all the components from these attacks, as
  they were no longer available on the server at the time of checking”
• Also exploits CVE-2011-3544 against Java
• Additional Coverage

Linksys Router Malware

• Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware.
• Johannes B. Ullrich, CTO of the Sans Institute, told Ars he has been able to confirm that the malicious worm has infected around 1,000 Linksys E1000, E1200, and E2400 routers, although the actual number of hijacked devices worldwide could be much higher.
• A blog post Sans published shortly after this article was posted expanded the range of vulnerable models to virtually the entire Linksys E product line. Once a device is compromised, it scans the Internet for other vulnerable devices to infect.
• Compromised routers remain infected until they are rebooted. Once the devices are restarted, they appear to return to their normal state. People who are wondering if their device is infected should check for heavy outbound scanning on port 80 and 8080, and inbound connection attempts to miscellaneous ports below 1024.
• The attack begins with a remote call to the Home Network Administration Protocol (HNAP), an interface that allows ISPs and others to remotely manage home and office routers. The remote function is exposed by a built-in Web server that listens for commands sent over the Internet.
• Typically, it requires the remote user to enter a valid administrative password before executing commands, although previous bugs in HNAP implementations have left routers vulnerable to attack.
• After using HNAP to identify vulnerable routers, the worm exploits an authentication bypass vulnerability in a CGI script.
• Infected devices are highly selective about the IP ranges they will scan when searching for other vulnerable routers. The sample Ullrich obtained listed just 627 blocks of /21 and /24 subnets.
• The discovery comes a week after researchers in Poland reported an ongoing attack used to steal online banking credentials, in part by modifying home routers\’ DNS settings.
• The phony domain name resolvers listed in the router settings redirected victims\’ computers, tablets, and smartphones to fraudulent websites masquerading as an authentic bank service; the sites would then steal the victims\’ login credentials.
• The objective behind this ongoing attack remains unclear. Given that the only observable behavior is to temporarily infect a highly select range of devices, one possible motivation is to test how viable a self-replicating worm can be in targeting routers.
• Two days after this article was published, Linksys representatives issued the following statement:

Linksys is aware of the malware called “The Moon” that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers. The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default. Customers who have not enabled the Remote Management Access feature are not susceptible to this specific malware.
+ Additional Coverage Internet Storm Center
+ These are not the only routers that have problems
+ Home Routers pose the biggest threat to consumer security
+ An old backdoor from 2005 was found in brand new Cisco home “Gigabit Security Routers”
+ As the covered last year, 40-50 million routers have uPnP flaw
+ Yesterday, researchers found a stack overflow bug in Linksys WRT120N routers
+ The new protocol that proposes to make “security” easier on the next generation of home routers may cause more harm than good
+ Asus Routers are also vulnerable including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R

Feedback:

• Do you do disk or filesystem level encryption? If so, how do you manage the keys?

• confused about default routes

• Migrating ZFS

  • ZFS Replication

• Smart Wire Modems

• \”I just don\’t want to see the internet just walled off in different areas of the world\”

Round Up:

• Email attack on Vendor was source of Target breach
• Target\’s cybersecurity team raised concerns months before hack
• Schneier on Security: My Talk on the NSA
• Are 400gbps DDoS attacks the new normal?
• Verizon seeks payment for carrying Netflix traffic, WSJ reports
• RAID reliability calculator
• More than 2000 Tesco.com accounts leaked
• The History of Data Storage
• Important Kickstarter Security Notice
• FreeBSD PEFS file system security audit
• Tour of the Verizon Terremark Data Center
• Intel introduces new 15 core Xeon CPU, Xeon E7-8893 v2 (LGA2011), 3.4 GHz (3.7 GHz turbo), 37.5 MB cache, 1536 GB max ram, 8 way system would have 240 logical CPUs
• US Health care sector vulnerable to Hackers

The post 7 Year Malware | TechSNAP 150 first appeared on Jupiter Broadcasting.

A major blow was dealt to Net Neutrality when the court struck down the ruling preventing ISPs from abusing their monopolies and prioritizing some traffic over others. However, things might not be as bad as it sounds, we’ll dig in.

On Friday Obama is set to announce his reforms to the NSA, today the presidential review Panel testified to the Senate on their recommendations for reform and we’ve dug through the reports, watched the testimony, and will arm you with the facts before the spin goes into overdrive..

Then it’s your feedback, or follow up, and much much more.

On this week’s Unfilter.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

— Show Notes —

NSA is CRAZY

• NSA review panel casts doubt on bulk data collection claims | World news | theguardian.com

Similarly, Michael Morell, a former deputy CIA director, told the committee that so-called “metadata” about a phone conversation inherently entailed information about the substance of the communication. “There is quite a bit of content in metadata,” Morrell said. “There’s not a sharp distinction between metadata and content. It’s more of a continuum.”

Morrell added that the bulk collection of domestic phone data “has not played a significant role in preventing any terrorist attacks to this point,” further undercutting a major rationale offered by the NSA since the Guardian first revealed the bulk phone-data collection in June, thanks to leaks by Edward Snowden.

But, Morell added, “that is a different statement than saying the program has not been important.” Morrell said that bulk collection can provide a reassurance that there is no domestic nexus to foreign terrorist plots detected by other NSA efforts.

**“It is absolutely true that 215 has not by itself disrupted prevented terrorist attacks in the United States,** but that doesn’t mean it’s not important going forward, said Morell, using a shorthand for the bulk phone metadata collection. ”Many of us have never suffered a fire in our homes but many of us have homeowners insurance."

• Three Leaks, Three Weeks, and What We’ve Learned About the US Government’s Other Spying Authority: Executive Order 12333 | Electronic Frontier Foundation

A _Washington Post _article reveals that the National Security Agency has been siphoning off data from the links between Yahoo and Google data centers, which include the fiber optic connections between company servers at various points around the world. While the user may have an encrypted connection to the website, the internal data flows were not encrypted and allowed the NSA to obtain millions of records each month, including both metadata and content like audio, video and text. This is not part of the PRISM collection under Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act or the business records program under Section 215 of the Patriot Act, but a separate program called MUSCULAR under what appears to be Executive Order 12333 (“12333”).

• Executive Order 12333

On December 4, 1981 President Ronald Reagan signed Executive Order 12333, an Executive Order intended to extend powers and responsibilities of US intelligence agencies and direct the leaders of U.S. federal agencies to co-operate fully with CIA requests for information.[1] This executive order was entitled United States Intelligence Activities.

It was amended by Executive Order 13355: Strengthened Management of the Intelligence Community, on August 27, 2004. On July 30, 2008, President Bush issued Executive Order 13470[2] amending Executive Order 12333 to strengthen the role of the DNI

• N.S.A. Devises Radio Pathway Into Computers – NYTimes.com

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

– Thanks for Supporting Unfilter –

This Week’s New Supporters:

• Kyle T

• Vincent C

• James M

• Matt B

• Matt C

• Christopher N

• Eryk W

• Samuel B

• Philip S

• Tony

• Bobby C

• Seth

• Aidan M

• Sean Z

• Tzadik

• Thanks to our 328 Unfilter supporters!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience. ‘

• Supporter perk: Exclusive BitTorrent Sync share of our production and non-production clips, notes, and more since the NSA scandal broke in episode 54. The ultimate Unfiltered experience, just got more ultimate.

• Supporter Perk: Past 5 supporters shows, in a dedicated bittorrent sync folder.

Net Neutrality is Now a Zombie:

• Net neutrality is half-dead: Court strikes down FCC’s anti-blocking rules | Ars Technica

While it could still be appealed to the Supreme Court, the order today would allow pay-for-prioritization deals that could let Verizon or other ISPs charge companies like Netflix for a faster path to consumers.

The court left part of the Open Internet Order intact, however, saying that the FCC still has “general authority” to regulate how broadband providers treat traffic.

• How the FCC screwed up its chance to make ISP blocking illegal | Ars Technica

The FCC’s problem was that several years before its 2010 Open Internet Order, it classified ISPs as information services instead of telecommunications services, exempting them from common carrier rules. As Ars wrote in 2010, the common carriage part of US communications law is “the one that said public networks like the telephone must be open to all comers at the same rate and could not discriminate. Even though the old AT&T ran a private network, the company had to complete everyone’s calls; blocking critics from using the network was illegal.”

If the FCC said broadband providers were common carriers, it would be easier to dictate the terms under which they must pass traffic from content providers to home Internet users. Because the FCC didn’t go the common carriage route but still enacted anti-blocking and anti-discrimination rules, the commission had to do some legal gymnastics to justify the Open Internet Order.

• The ruling PDF

• The Master Switch: The Rise and Fall of Information Empires Audiobook | Tim Wu | Audible.com

Most consider the Internet Age to be a moment of unprecedented freedom in communications and culture. But as Tim Wu shows, each major new medium, from telephone to cable, arrived on a similar wave of idealistic optimism only to become, eventually, the object of industrial consolidation profoundly affecting how Americans communicate. Every once-free and open technology was in time centralized and closed, a huge corporate power taking control of the master switch. Today, as a similar struggle looms over the Internet, increasingly the pipeline of all other media, the stakes have never been higher. To be decided: who gets heard, and what kind of country we live in. Part industrial exposé, part meditation on the nature of freedom of expression, part battle cry to save the Internet’s best features, The Master Switch brings to light a crucial drama rife with indelible characters and stories, heretofore played out over decades in the shadows of our national life.

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Connect with Chase

The post Neutered Net Neutrality | Unfilter 81 first appeared on Jupiter Broadcasting.