Show Notes: linuxunplugged.com/454

The post Double Distro Details | LINUX Unplugged 454 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/387

The post Tumbling Into the New Year! | LINUX Unplugged 387 first appeared on Jupiter Broadcasting.

A new major security breach at a large health insurance firm could expose 10s of millions, a phone phishing scam anyone could fall for & we celebrate our 200th episode with your TechSNAP stories.

Then its a storage spectacular Q&A & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Security breach at health insurance firm Anthem, could expose 10s of millions

• “Anthem Inc., the nation’s second largest health insurer, disclosed Wednesday that hackers had broken into its servers and stolen Social Security numbers and other personal data from all of its business lines. “
• “Anthem didn’t specify how many consumer records may have been breached, but it did say all of the company’s business units are affected. The figures from Anthem’s Web site offer a glimpse at just how big this breach could be: “With nearly 69 million people served by its affiliated companies including more than 37 million enrolled in its family of health plans, Anthem is one of the nation’s leading health benefits companies.””
• “The company said it is conducting an extensive IT forensic investigation to determine what members are impacted.”
• It is reported that Anthem has hired Mandiant to investigate the attack
• Exposed data:
• Full Name
• date of birth
• member ID
• Social Security number
• address
• phone numbers
• email addresses
• employment information
• “According to Anthem’s statement, the impacted (plan/brands) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. The company said impacted members will receive notice via mail which will advise them of the protections being offered to them as well as any next steps.”
• “Anthem said once the attack was discovered, the company immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”
• More detailed information is not available yet, but I am sure we’ll be following this story in the weeks to come
• Additional Coverage – ThreatPost
• Additional Coverage

Hacked hotel phones used in bank phishing scam

• “A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south. Such attacks are not new, but this one is a timely reminder that phishers increasingly are using lures blasted out via SMS as more banks turn to text messaging to communicate with customers about account activity.”
• “The above-mentioned phishing attacks were actually a mix of scams known as “SMiShing” — phishing lures sent via SMS text message — and voice phishing or “vishing,” where consumers are directed to call a number that answers with a voice prompt spoofing the bank and instructing the caller to enter his credit card number and expiration date”
• It seems Holiday Inn’s telephone switching system may have been hacked, and used to record and exfiltrate the stolen information
• It is likely the hotel also lost out on business from customers actually trying to reach the hotel, and instead getting fake voice prompts for various banks
• “According to Jan Volzke, Numbercop’s chief executive, these scams typically start on a Saturday afternoon and run through the weekend when targeted banks are typically closed.”
• ““Two separate Holiday Inns getting hijacked in such short time suggests there is a larger issue at work with their telephone system provider,” he said. “That phone line is probably sitting right next to the credit card machine of the Holiday Inn. In a way this is just another retail terminal, and if they can’t secure their phone lines, maybe you shouldn’t be giving them your credit card.”
• “A front desk clerk who answered the line on Tuesday said the hotel received over 100 complaints from people who got text messages prompting them to call the hotel’s main number during the time it was hacked.”
• “Numbercop says the text message lures were sent using email-to-SMS gateways, but that the company also has seen similar campaigns sent from regular in-network numbers (prepaid mobile phones e.g.), which can be harder to catch. In addition, Volzke said, phishers often will target AT&T and Verizon users for use in furthering these schemes.”
• Volzke says it’s unfortunate that more financial institutions aren’t communicating with their customers via mobile banking apps. “Banking apps are among the most frequently downloaded and used apps,” Volzke said. “If the user has an app from the bank installed, then if the bank really has something to say they should use the in-app messaging method, not text messages which can be spoofed and are not secure. And yet we see almost no bank making use of this.”
• “Regardless of whether you communicate with your bank via text message, avoid calling phone numbers or clicking links that appear to have been sent via text message from your bank. Also, be extremely wary of any incoming calls from someone calling from your bank. If you think there may be an issue with your account, your best bet is to simply call the number on the back of your credit or debit card.”
• Example call recording from Numbercop

Your TechSNAP Story

• TechSNAP 200

• TechSNAP 200 – FreeNAS Deployed!

• Episode 200 – Thx Allan!

• TechSNAP 200 : How its helped

• Episode 200 – Thx for BSD!

• TechSNAP Changed my Life!

• How has TechSNAP affected me?

• For 200 episode TechSnap

Feedback:

• Network Switches

• Adopted Drive Solution

• QUESTION: ZFS riskiness

• ELI5 Storage: Blocks, Extents, Pages …

Round-Up:

• Forget North Korea – Russian Hackers Are Selling Access To Sony Pictures, Claims US Security Firm
• Why Gmail has better security than your bank does
• Warning – Microsofts Outlook app for iOS breaks your company security
• More flash updates, 16.0.0.305 fixes CVE-2015-0313 through CVE-2015-0330, 15 of the 18 could lead to code execution
• Slew of Flash zero day exploits dominate malware landscape, new exploid kit emerges called Hanjuan
• The problem with crypto-challenges – a challenge constructed of known various bad practises and algorithms, is still hard to crack, does not prove security
• Fix for ‘Fancybox’ plugin for WordPress resolved zero day exploit seen in the wild
• Universal Cross site scripting vulnerability in IE could be used for Phishing or injecting malware into legitimate sites
• More serious bugs found in Siemens “RuggedCom” switches, one allows administrative and settings changes without authentication
• Google designs new SSL warning messages after more research into the subject. The hypothesis of their researched failed, but important lessons were learned

The post Your TechSNAP Story | TechSNAP 200 first appeared on Jupiter Broadcasting.

Microsoft goes all in on Android & we breakdown the big questions behind the apps. Intel announces wireless docking at the chipset level & Canada’s covert operation of tracking downloads and uploads all over the world is revealed.

Plus a few tangents & the biggest “disruption” of the year!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Microsoft Launches Outlook For iOS And Android Based On Its Acompli Acquisition

Microsoft today launched Outlook for Android and iOS phones and tablets, based on the application it acquired when it bought Acomplilast December. These new applications will go live in their respective app stores over the course of the next few hours.

• Microsoft Office now available for Android tablets – Liliputing

Microsoft says its mobile Office apps should run on devices with Android 4.4 or later, 1GB of RAM or more, and ARM-based processors. Support for Intel chips is in the works and Microsoft says it plans to add support for Intel-based tablets within the next few months.

Peeing My Way Around New York City With Airpnp, The App For Bathroom Emergencies – BuzzFeed News

Airpnp is the worst-designed app I’ve ever used. It’s also the most profound.

• Vacation Rentals, Homes, Apartments & Rooms for Rent – Airbnb

AnandTech | Intel Announces Broadwell vPro Processors: Wireless Docking and More

ntel Wireless Docking could be the most exciting new feature. Using four channels of 802.11ad at 60 GHz radio frequency, Intel claims a total bandwidth of 7 Gbps. All data passed between the dock and device is protected with 128-bit AES hardware encryption, and two monitors plus USB 3.0 are supported. Intel has not yet provided information yet about supported resolutions, however they do provide an impressive video demonstrating a video file streaming from a USB stick to a laptop from the wireless dock, then back to the wireless dock for display.

This docking implementation is particularly interesting as it is implemented at the chipset level instead of the OS level. Intel’s low level control of peripherals allows them to enable no-brainer functionality such as closing the laptop lid and not entering sleep mode after establishing the dock connection.

Canada Casts Global Surveillance Dragnet Over File Downloads – The Intercept

The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files.

Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated – Slashdot

A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its “Phantom” series that will prohibit flight within 25 kilometers of the capital.

The post Canadian On Tap | Tech Talk Today 124 first appeared on Jupiter Broadcasting.