Adobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.

Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

New flash zero day found being exploited in the wild, no patch yet

• The new exploit is being used in some versions of the Angler exploit kit (the new top dog, replacing former champ blackhole)
• The exploit kit currently uses three different flash exploits:
• CVE-2014-8440 – which was added to the exploit kit only 9 days after being patched
• CVE-2015-0310 – Which was patched today
• and a 3rd new exploit, which is still being investigated
• Most of these exploit kits rely on reverse engineering an exploit based on the patch or proof of concept, so the exploit kits only gain the ability to inflict damage on users after the patch is available
• However, a 0 day where the exploit kit authors are the first to receive the details, means that even at this point, researchers and Adobe are not yet sure what the flaw is that is being exploited
• Due to a bug in the Angler exploit kit, Firefox users were not affected, but as of this morning, the bug was fixed and the Angler kit is now exploiting Firefox users as well
• Additional Coverage – Krebs On Security
• Additional Coverage – PCWorld
• Additional Coverage – Malware Bytes
• Additional Coverage – ZDNet

How was your credit card stolen

• Krebs posts a write up to answer the question he is asked most often: “My credit card was stolen, can you help me find out how”
• Different ways to get your card stolen, and your chance of proving it:
• Hacked main street merchant, restaurant (low, depends on card use)
• Processor breach (nil)
• Hacked point-of-sale service company/vendor (low)
• Hacked E-commerce Merchant (nil to low)
• ATM or Gas Pump Skimmer (high)
• Crooked employee (nil to low)
• Lost/Stolen card (high)
• Malware on Consumer PC (very low)
• Physical record theft (nil to low)
• “I hope it’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorized charges, and to report that activity as quickly as possible.”
• Luckily, since most consumers enjoy zero liability, they do not have to worry about trying to track down the source of the fraud
• With the coming change to Chip-and-Pin in the US, the liability for some types of fraud will shift from the banks to the retailers, which might see some changes to the way things are done
• Banks have a vested interest in keeping the results of their investigations secret, whereas a retailer who is the victim of fraudulent cards, may have some standing to go after the other vendor that was the source of the leak
• Machine Learning for Fraud Detection

15% of business cloud accounts are hacked

• Research by Netskope, a cloud analysis company, finds that only one in ten cloud apps are secure enough for enterprise use
• In their survey, done using network probes, gateways, and other analysis techniques (rather than asking humans), they found that the average large enterprise uses over 600 cloud applications
• Many of these applications were not designed for enterprise use, and lack features like 2 factor authentication, hierarchical access control, “group” features, etc
• The report also found that 8% of files uploaded to cloud storage provides like Google Drive, Dropbox, Box.com etc, were in violoation of the enterprises’ own Data Loss Prevention (DLP) policies.
• The downloading numbers were worst, 25% of all company files in cloud providers were shared with 1 or more people from outside the company. 12% of outsiders had access to more than 100 files.
• Part of the problem is that many “cloud apps” used in the enterprise are not approved, but just individual employees using personal accounts to share files or data
• When the cloud apps are used that lack enterprise features that allow the IT and Security teams to oversee the accounts, or when IT doesn’t even know that an unapproved app is being used, there is no hope of them being able to properly manage and secure the data
• Management of the account life cycle: password changes, password resets, employees who leave or are terminated, revoking access to contractors when their project is finished, etc, is key
• If an employee just makes a dropbox share, adds a few other employees, then adds an outside contractor that is working on a project, but accidently shares all files instead of only specific project files, then fails to remove that person later on, data can leak.
• When password resets are managed by the cloud provider, rather than the internal IT/Security team, it makes it possible for an attacker to more easily use social engineering to take over an account
• Infographic
• Report

Feedback:

• ZFS me timbers

• Allan’s Modified Lenovo

• Sharing a large movie collection over the internet

• RAID alternatives for a bug

Round Up:

• Yes, Every Freeware Download Site is Serving Crapware (Here’s the Proof)
• CERT-UK offers a new best practices guide to combat social engineering
• FBI seeks to legally hack you if you are using TOR or a VPN
• Java patches 19 security holes (13 with 10/10 exploitability score). Make sure you are running at least 7u75 or 8u31
• NSA says it has proof DPRK was behind Sony hack, because they had already hacked the DPRK
• Government health care website quietly sharing personal data
• Steam shell script bug causes it to rm -rf /
• NSA Preps America for Future Battle
• Diary of an NSA Intern
• Password reuse causes spike in Hotel Rewards fraud
• The Sorry State of In-Flight Wi-Fi
• Technical mistake, not terrorist DDoS downed french media websites
• Blackhat, the movie, gets the technobabble mostly right
• All you need is a clipboard, or a stethoscope

The post Dude Where's My Card? | TechSNAP 198 first appeared on Jupiter Broadcasting.

Dropbox receives a major storage and functionally update, is this enough to overlook the services glaring issues? Twitch.tv is now bigger than CNN & Red Hat sees a major executive abruptly leave.

Plus the new improvements to BitTorrent Sync & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Dropbox Beefs Up Its Pro Feature Set, Now Offering 1TB Of Storage For $10/Month

Many Dropbox users start out as Basic users, but the company increasingly has been trying to get customers to upgrade and pay for storage. In 2011, the company launched Dropbox for Business, which has seen a fair amount of success in the years since. Dropbox says that it’s used within 4 million companies and 97 percent of Fortune 500 businesses, although not all of those companies are paying customers.

Until today, those so-called “prosumers” were paying $10 a month for 100 GB of storage, but they had a feature set that was pretty similar to the company’s Basic offering.

Dropbox is looking to offer Pro users a lot more storage and a lot more features than their Basic brethren, which it hopes will give a lot more people a reason to upgrade.

Dropbox Pro now offers 10x the storage that users previously got, boosting available capacity for each of its users to 1 TB for $10 a month. By doing so, Dropbox is matching pricing for Google Drive, which lowered its prices for a TB of storage earlier in the spring.

Another feature that is now available to Pro users is the ability to remotely wipe files from your Dropbox folder if your laptop happens to get lost or stolen. By doing so, any Dropbox files or folders that were connected to that device will no longer be accessible the next time that the computer, phone, or other device comes online. And if the device is recovered, users can easily reconnect it to their account.

Dropbox previously offered 200 GB for $20 a month and 500 GB for $50 a month, but with the increase in storage to 1 TB, it’s decided to drop those tiers. As a result, in the short term it could make slightly less money from users who paid a premium for their storage plans.

However, the company could easily make up the difference by increasing the number of Pro users who sign up.

BitTorrent Sync Gets New Interface, Links for Sharing

Version 1.4 is designed to fundamentally change the way users interact with the app by simplifying the sharing process. In that vein, Sync for Windows and OS X have a redesigned user interface to make it easier for sharing via a new workflow and customizable folder list for folders.

You can now right-click on a folder, select “Share with BitTorrent Sync” and then choose either Email (a preformatted message will show up and you’ll need to input the email addresses), Copy (the link will be put in your clipboard), or QR code (for mobile scanning).

The sender can set a given link to expire after a number of days or after a certain number of times it is used, and can also require confirmation to ensure that only the receiver can sync the data in question (this is on by default but can be turned off for less important transfers). If the receiver doesn’t have Sync version 1.4, the webpage will prompt them to install it.

Twitch is now bigger than CNN, MSNBC, and MTV during prime time | The Verge

The New York Times had a great data-driven article this morning about just how big Twitch has become. One year ago the video game live-streaming platform wasn’t even equal to HLN in size. Fast-forward to this summer and Twitch is bigger during prime-time hours than CNN, E!, or MSNBC, with occasional spikes that put it above MTV as well.

Right now Twitch has about 715,000 concurrent viewers during prime time, but will quickly eclipse that if its growth continues apace.

Samsung’s Gear S smartwatch doesn’t need a phone to get online or make calls

The Gear S (not Solo) has a twist: there’s a 3G modem inside.

That means that even when outside the range of a Bluetooth-connected phone or WiFi, it can still send and receive messages or make calls.

It has a 2-inch AMOLED screen plus a dual-core 1GHz CPU inside along with GPS, heart rate and motion sensors, all powered by a 300mAh battery Samsung says can last up to two days.

It runs Tizen instead of Android Wear.

In the run up to IFA next week Samsung is also introducing the Gear Circle headset.

The Gear Circle has a magnetic clasp so it fits around your neck while not in use, a touch sensor and battery with up to 11 hours of talk time.

Pairs with a phone over Bluetooth, letting users hear notifications, use voice commands or listen to music through the earbuds.

Both devices will go on sale in October, although there’s no word on a price for either.

Red Hat CTO unexpectedly quits, amid rumors of executive ‘friction’

No-one among the rank and file at Red Hat seem to have seen this coming. In a move the Linux giant’s staffers said was “shocking” and a “punch in the gut,” long-time Red Hat chief technology officer Brian Stevens has resigned.

In a short press release, the company announced: “Brian Stevens will step down as CTO.”

Stevens, whose Red Hat page was taken down minutes after the news was released, had been with Red Hat since 2001. Before that he had been the CTO at Mission Critical Linux, and a senior architect at Digital Equipment Company (DEC), where he worked on Digital’s Unix operating system, Digital Unix. Today it lives on as HP’s Tru64. In technical circles, he’s perhaps best known for his work on the X Window System

Some Red Hat employees speculated that Stevens may have left because friction between Stevens and Cormier.

Paul Cormier is Red Hat’s president of products and technologies.

They observed that CTO office had been moved out from underneath Cormier’s control some time back. However, no one said that was any kind of current feud that might have lead to this move.

Others suggested that perhaps Steven wanted to move up to a CEO slot and that would never happen within the company.

Movies ● GOG.com

The post Dropbox, the Cheap Date | Tech Talk Today 50 first appeared on Jupiter Broadcasting.

Microsoft tips off law enforcement based on contents of a users OneDrive, Docker lands some serious cash, Twitch gets down with the DMCA and then how to make the easiest, best, BBQ chicken.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Docker closes in on funding round of over $40 million

Docker, the container management startup that’s caught a __whole lot of buzz __in the enterprise tech industry, is finalizing a significant funding round worth between $40 million to $75 million, according to two sources familiar with the situation. The company is said to be valued at roughly $400 million, these sources said, but the deal is still a few weeks away from being completed.

This past January, Docker landed $15 million in a Series B investment round, bringing the company’s then total amount of funding to $26 million.

Twitch implements YouTube-like system for blocking copyrighted audio | Polygon

In an announcement, Twitch says it has partnered with software company Audible Magic, which works with the music industry, “to scan past and future [videos-on-demand] for music owned or controlled by” its clients. If that scan identifies a recorded video that infringes upon a copyright claim, the video’s audio will be muted for a 30-minute block in which that song appears.

• Here’s an example of what that looks like.

The practice only applies to pre-recorded video on demand, Twitch says. The company won’t be scanning live broadcasts, nor will it automatically take content down.

China anti-trust regulator conducts new raids on Microsoft, Accenture

A Chinese anti-trust regulator conducted new raids on Microsoft Corp (MSFT.O) and partner in China Accenture PLC (ACN.N), the agency said on its website on Wednesday, after saying last week Microsoft is under investigation for anti-trust violations.

The State Administration for Industry and Commerce (SAIC) raided offices in Beijing and three other cities.

Microsoft has been suspected of violating China’s anti-monopoly law since June last year in relation to problems with compatibility, bundling and document authentication for its Windows operating system and Microsoft Office software, the SAIC said last week.

China is intensifying efforts to bring companies into compliance with an anti-monopoly law enacted in 2008, having in recent years taken aim at industries as varied as milk powder and jewelry.

Microsoft’s Windows ‘Threshold’ expected to add virtual desktops, drop charms | ZDNet

First up, as reported by Brad Sams at Neowin.net, Microsoft is moving toward adding virtual desktops to Threshold, the Windows release expected in the spring of 2015.

The other UI change coming to Threshold is the elimination of the Charms Bar, as first reported by Winbeta.org.

Existing “modern” Windows 8 apps will get title bars that include menus that have the charms components listed.

Microsoft tip leads to child porn arrest in Pennsylvania

A tip-off from Microsoft has led to the arrest of a man in Pennsylvania who has been charged with receiving and sharing child abuse images.

It flagged the matter after discovering that an image involving a young girl had been allegedly saved to the man’s OneDrive cloud storage account.

Microsoft’s terms and conditions for its US users explicitly state that it has the right to deploy “automated technologies to detect child pornography or abusive behavior that might harm the system, our customers, or others”.

Following the most recent case, Mark Lamb from the company’s Digital Crimes Unit released a statement.

“Child pornography violates the law as well as our terms of service, which makes clear that we use automated technologies to detect abusive behaviour that may harm our customers or others,” he wrote.

“In 2009, we helped develop PhotoDNA, a technology to disrupt the spread of exploitative images of children, which we report to the National Center for Missing and Exploited Children as required by law.”

PhotoDNA creates a unique signature for each image, similar to a fingerprint, to help pictures be matched.

This is done by converting the picture into black-and-white, resizing it and breaking it into a grid. Each grid cell is then analysed to create a histogram describing how the colours change in intensity within it, and the information obtained becomes its “DNA”.

Google also uses PhotoDNA, alongside its own in-house technologies, to detect child abuse images. In addition, the software is used by Facebook and Twitter, among others.

Best Easy BBQ Chicken

The Night Before:

• Combine vegetable stock, salt, water and ice in something large enough to hold your chicken, like a cooler with some room to spare (for more ice if needed for ex).
• Place the thawed chicken (with innards removed) breast side down in brine.
• Refrigerate or set in cool area (with ice) for 8 to 16 hours. Turn once if you can half way. No bigs.

Cookin:

Prep that bird:

• Take that bird out of the brine, rinse it, and pat it down dry. With some paper towls.
• Put that bird on the Beer butt holder / “poultry holder”.
• Flavor that bird.
• Oil that bird. I like to use Garlic oil, or butter, or bacon grease.

Prep the BBQ

• Start your coals if you use those. I have a link to a great stater below.
• Really don’t use lighter fluid.
• Spread the coals out evenly.

Cook that bird

(length of cook time we vary depending on bird size)

• Cover that bird in a foil dome. Make it legit tight, the steam trapped in there is our helper.
• Do this before you put it on the BBQ, its hard and HURTS if you do it while its sitting on top of fire.
• Try to hold the BBQ around 400F. Don’t stress it too much, that’s our target area.
• Cook until clear juices are noticeable, and it smells cooked. If you have a probe you are shooting for 165F – 175F. Or if you can pull a leg off with little effort.

Equipment:

• Amazon.com: Emeril by All-Clad E9649064 Pre-Seasoned Cast Iron Vertical Poultry Roaster Cookware
• Amazon.com : Weber 6415 Small 7-1/2-Inch-by-5-inch Aluminum Drip Pans, Set of 10
• Amazon.com : Igloo 14.8 Quart Playmate Cooler with Industrial Diamond Plate Exterior Design : Sports & Outdoors
• Amazon.com : Weber 7417 FireStarters Lighter Cubes, 24 Count : Charcoal Starters
• Amazon.com : Mantova Garlic Extra Virgin Olive Oil 34 Oz

The post Microsoft Snoops Too | Tech Talk Today 40 first appeared on Jupiter Broadcasting.