Show Notes: linuxunplugged.com/463

The post Humble Beginnings | LINUX Unplugged 463 first appeared on Jupiter Broadcasting.

Show Notes: extras.show/86

The post Brunch with Brent: Quentin Stafford-Fraser | Jupiter Extras 86 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/121

The post Linux Action News 121 first appeared on Jupiter Broadcasting.

Show Notes: coder.show/346

The post Serverless Squabbles | Coder Radio 346 first appeared on Jupiter Broadcasting.

Episode Links:

linuxactionnews.com/75

The post Linux Action News 75 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Distrustful U.S. allies force spy agency to back down in encryption fight

• Some ISO delegates said much of their skepticism stemmed from the 2000s, when NSA experts invented a component for encryption called Dual Elliptic Curve and got it adopted as a global standard.

• In 2007, mathematicians in private industry showed that Dual EC could hide a back door, theoretically enabling the NSA to eavesdrop without detection. After the Snowden leaks, Reuters reported that the U.S. government had paid security company RSA $10 million to include Dual EC in a software development kit that was used by programmers around the world.

Viacom exposes crown jewels to world+dog in AWS S3 bucket blunder

• Researchers found a wide-open, public-facing misconfigured AWS S3 bucket containing pretty much everything a hacker would need to take down the company’s IT systems.

• “The contents of the repository appear to be nothing less than either the primary or backup configuration of Viacom’s IT infrastructure,” Vickery revealed today.

• The Amazon-hosted bucket could be accessed by any netizen stumbling upon it, and contained the passwords and manifests for Viacom’s servers, as well as the access key and private key for the corporation’s AWS account. Some of the data was encrypted using GPG, but that wouldn’t be an issue because the bucket also contained the necessary decryption keys.

Equifax sends customers to wrong website, not theirs, for help

• The credit management company Equifax has been sending customers to a fake “phishing” website for weeks, potentially causing them to hand over their personal data and full financial information to hackers.

• After the data breach was revealed earlier this month, Equifax established the domain www.equifaxsecurity2017.com to handle incoming customer questions and complaints. This website is not connected to Equifax’s main website.

• On Wednesday, a user reached out to Equifax on Twitter asking for assistance. The responding tweet sent the user to www.securityequifax2017.com, which is an impostor site designed to look like the Equifax splash page.

FinFisher government spy tool found hiding as WhatsApp and Skype

• This week (21 September), experts from cybersecurity firm Eset claimed that new FinFisher variants had been discovered in seven countries, two of which were being targeted by “man in the middle” (MitM) attacks at an ISP level – packaging real downloads with spyware.

• When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found.

• When downloaded, the software would install as normal – but Eset found it would also be covertly bundled with the surveillance tool.

Feedback

• Stored passwords & Amazon Fire Stick

+Hey Dan. What is a good and inexpensive tape backup drive for LTO tapes? What works for you best? Thx!

Round Up:

• HOW TO HACK A TURNED-OFF COMPUTER

• Passwords For 540,000 Car Tracking Devices Leaked Online

• In spectacular fail, Adobe security team posts private PGP key on blog

Apache Struts Vulnerability: More Than 3,000 Organizations At Risk Of Breach

• Facebook re-licenses React under MIT license after developer backlash

The post Patch Your S3it | TechSNAP 338 first appeared on Jupiter Broadcasting.

RSS Feeds:

HD Video Feed | MP3 Feed | iTunes Feed

Become a supporter on Patreon:

Episode Links

• GNOME officially on board for the Librem 5 — The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone.
• Replicant expands list of supported devices — A few months have passed since the initial Replicant 6.0 release and it’s time for another one. This release more than doubles the number of supported devices and contains a few important fixes and improvements.
• UBports release OTA 2 — The UBports project is excited to announce the immediate availability of Ubuntu Touch 15.04 OTA-2.
  This is a huge release for the Ubuntu Touch platform, bringing new supported devices, new features, and many bug fixes.
• Launching Pipewire! — Pipewire is the latest creation of GStreamer co-creator Wim Taymans. The original reason it was created was that we realized that as desktop applications would be moving towards primarly being shipped as containerized Flatpaks we would need something for video similar to what PulseAudio was doing for Audio.
• EFF quits W3C over Encrypted Media Extensions — In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing “Encrypted Media Extensions,” an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the use of its patent pool, its staff support, and its moral authority to the idea that browsers can and should be designed to cede control over key aspects from users to remote parties.
• Facebook finally caves on react.js license — Next week, we are going to relicense our open source projects React, Jest, Flow, and Immutable.js under the MIT license. We’re relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don’t want to hold back forward progress for nontechnical reasons.
• Red Hat Announces Broad Expansion to Open Source Patent Promise — The expanded Patent Promise, while consistent with Red Hat’s prior positions, breaks new ground in expanding the amount of software covered and otherwise clarifying the scope of the promise. Red Hat believes its updated Patent Promise represents the broadest commitment to protecting the open source software community to date.

The post Linux Action News 20 first appeared on Jupiter Broadcasting.

Finally Microsoft’s patent war chest against Android has been revealed, and we dig in.

Plus Apple, Cisco, and AT&T join Microsoft in a pushback against US government overreach, Steam summer sale rumors, and more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

— Headlines —

Apple, Cisco, AT&T join Microsoft in fight against global search warrant

Apple, Cisco and AT&T all filed amicus curiae briefs on Friday supporting Microsoft in its appeal of a decision requiring it to hand over data about an Irish customer to U.S. law enforcement officials. Verizon filed an amicus brief on Microsoft’s behalf on Tuesday.

In this case, U.S. magistrate judge James Francis IV decided that pursuant to the Stored Communication Act, Microsoft must provide law enforcement officials with the contents of an Irish customer’s email, which is stored on servers located in Dublin, Ireland. Microsoft and its peers argue the warrant defies both the Stored Communications Act and numerous international law constructs, including treaties the United States has in place with other countries — Ireland among them — regarding how to handle requests for data about each others’ citizens.

Chinese gov’t reveals Microsoft’s secret list of Android-killer patents

Microsoft has held to the line that it has loads of patents that are infringed by Google’s Android operating system. “Licensing is the solution,” wrote the company’s head IP honcho in 2011, explaining Microsoft’s decision to sue Barnes & Noble’s Android-powered Nook reader.

For the most part, they’ve remained secret. That’s led to a kind of parlor game where industry observers have speculated about what patents Microsoft might be holding over Android.

A list of hundreds of patents that Microsoft believes entitle it to royalties over Android phones, and perhaps smartphones in general, has been published on a Chinese language website.

The patents Microsoft plans to wield against Android describe a range of technologies.

They include lots of technologies developed at Microsoft, as well as patents that Microsoft acquired by participating in the Rockstar Consortium, which spent $4.5 billion on patents that were auctioned off after the Nortel bankruptcy.

The Chinese agency published two lists on a Chinese-language webpage

The longer list is divided into three sections: 73 patents that are said to be “standard-essential patents,” or SEPs, implemented in smartphones generally, followed by 127 patents that Microsoft says are implemented in Android. The final section includes another section of “non-SEP” assets, which includes 68 patent applications and 42 issued patents.

Many newer and previously unrevealed patents, like 8,255,379 “Customer Local Search,” 5,813,013 “Representing Recurring Events,” and 6,999,047 “Locating and tracking a user in a wireless network through environmentally profiled data.”

Steam Summer Sale – Start Date Leaked!

According to a leaked listing posted on “Neogaf” this year’s Steam Summer Sale will begin on June 19th and end on June 30th leaving most Steam users no more than a week.

Now none of these dates or listings have been confirmed however they do appear to coincide with recent posts on both the Stream’s Developer Network and also fit in with Valve’s International DOTA 2 Championship Schedule, not only that but other Game Sale sites such as “GreenManGaming” and “GOG (Good Old Games)” have started to have massive clear-out sales and bundles

— Security Update —

Massive security flaws allowed for Stratfor hack, leaked report reveals

In December 2011, a group of skilled hackers broke into the network of Strategic Forecasting, Inc. (Stratfor), compromising the personal data of some 860,000 customers, including a former U.S. vice president, CIA director, and secretary of state, among others.
The hackers, known collectively as AntiSec, exfiltrated approximately 60,000 credit card numbers and associated data, resulting in a reported $700,000 in fraudulent charges. Roughly 5 million internal emails were obtained by the hackers and later released by the whistleblower organization WikiLeaks as the “Global Intelligence Files.”

Based on confidential internal documents obtained by the Daily Dot and Motherboard, Stratfor employed substandard cybersecurity prior to the infiltration that left thousands of customers vulnerable to potential identity theft.

According to the documents, Stratfor engaged Verizon Business/Cybertrust to “conduct a forensic investigation” into the breach on Dec. 30, 2011
In a 66-page report filed Feb. 15, 2012, Verizon concludes in painful detail that Stratfor had insufficient control over remote access to vital systems, and that those systems were not protected by a firewall and lacked proper file integrity-monitoring.

For starters, at the time of the attack, no password management policy existed within Stratfor. Passwords were at times shared between employees, and nothing prevented the same passwords from being used on multiple devices.

“Users commonly use the same password to access email as the password to remotely access a system containing sensitive information,” the report states.

According to Verizon, no anti-virus software had been deployed on any of the examined systems, which left Stratfor “wide open to not only the more sophisticated and customized hacker attempts, but also to other viruses.”

Another “significant factor” in the breach was the design of Stratfor’s e-commerce environment, which facilitated the electronic transfer of payments by its customers. According to the report, this system was accessible, needlessly, from anywhere within the company’s network, “as well as the Internet directly.”

UglyGorilla Hack of U.S. Utility Exposes Cyberwar Threat

Somewhere in China, a man typed his user name, “ghost,” and password, “hijack,” and proceeded to rifle the computers of a utility in the Northeastern U.S.

He plucked schematics of its pipelines. He copied security-guard patrol memos. He sought access to systems that regulate the flow of natural gas. He cruised channels where keystrokes could cut off a city’s heat, or make a pipeline explode.

That didn’t appear to be his intention, and neither was economic espionage. While he was one of the Chinese officers the U.S. charged last month with infiltrating computers to steal corporate secrets, this raid was different. The hacker called UglyGorilla invaded the utility on what was probably a scouting mission, looking for information China could use to wage war.

UglyGorilla is one of many hackers the FBI has watched. Agents have recorded raids by other operatives in China and in Russia and Iran, all apparently looking for security weaknesses that could be employed to disrupt the delivery of water and electricity and impede other functions critical to the economy, according to former intelligence officials with knowledge of the investigation.

UglyGorilla’s surveillance sortie was one of dozens conducted on natural gas pipelines and electric utilities by People’s Liberation Army Unit 61398 over at least 14 months in 2012 and 2013, according to documents obtained by Bloomberg News and people involved in the investigations but who asked not to be named because they weren’t authorized to speak publicly.

Support Tech Talk Today creating DAILY PODCASTS

Hosts:

Chris:

• Twitter ChrisLAS
• Google+ +ChrisFisher

The post Microsoft Patents Exposed | Tech Talk Today 9 first appeared on Jupiter Broadcasting.

Obama keeps a list of drone targets, the Flame virus goes after the middle east, and some tuna have some real radiation problems. It must be an Unfilter news round up!

Tune in to find out which stories are crap, and which are legit. Plus we breakdown the real story behind the Flame virus, and have a good laugh at the big media’s hype of it.

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | OGG Audio Feed | iTunes Feeds

ACT ONE: The Flame in Which we Burn

• Germany sets new solar power record, institute says
  • SolarCity \”is a web-based application that uses Esri mapping software to calculate solar potential for rooftops\” is an app from Code for America that is pseudo open source
• Meet \’Flame,\’ The Massive Spy Malware Infiltrating Iranian Computers
• Technology Patent Wars Sign of Robust Innovation, Patent Office Claims The things people tell themselves so that they can feel good about their job.

ACT TWO: He’s Making a List…

• Secret ‘Kill List’
• US Drone Strikes Increase in Pakistan: 31 Killed Since Wednesday
• To avoid counting civilian deaths, Obama re-defined \”militant\” to mean \”all military-age males in a strike zone\”
• Syria Catagory
• Iran Catagory
• Wesley Clark

ACT THREE: Feedback

• Watch the Euro Category for Important Eurozone Updates
• Dan\’s plea for more help on all the Jupiter Broadcasting Reddit communities especially the Unfilter sub Reddit

Unfilter on Reddit

Link List:

• Israel Blamed For Extremely Strong Computer Virus Plaguing The Middle East
• CNN: Obama\’s Secret Kill List – YouTube
• Bush Used Playing Cards
• Al Qaeda In Yemen | FRONTLINE | PBS
• President Obama at 2012 AIPAC Policy Conference – YouTube
• Syracuse Innovators Guild

Song pick of the week:

• Smash the Control Machine by Otep from the album Smash the Control Machine

The post The Kill List | Unfilter 3 first appeared on Jupiter Broadcasting.

We review openSUSE 12.1, find out how hard this release spanks every distribution out there, and the ways openSUSE 12.1 sets the bar for every future release!

Plus: Barnes & Noble reveals Microsoft dirty tricks, our quick review of Desura, and booms of the week for embed Linux devices.

And so much more!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Special GoDaddy Offer: LINUX11

$1.99 per month Economy Hosting for 3 months!

Subscribe…— The Linux Action Show! —iTunes MP3iTunes Large VideoiTunes iPod VideoLarge Video RSSiPod Video RSSMP3 Audio RSSOgg Audio RSS— ALL SHOWS —iTunes Large VideoiTunes MP3Large Video RSSMP3 Audio RSSOGG Audio RSS— PODCAST NETWORKS —StitcherMiroZuneiTunes
   

-SHOW NOTES-