Show Notes: linuxunplugged.com/392

The post Dad's Deployments | LINUX Unplugged 392 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/336

The post Linus' Filesystem Fluster | LINUX Unplugged 336 first appeared on Jupiter Broadcasting.

Show Notes:

techtalk.today/278

The post Tech Talk Today 278 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Distrustful U.S. allies force spy agency to back down in encryption fight

• Some ISO delegates said much of their skepticism stemmed from the 2000s, when NSA experts invented a component for encryption called Dual Elliptic Curve and got it adopted as a global standard.

• In 2007, mathematicians in private industry showed that Dual EC could hide a back door, theoretically enabling the NSA to eavesdrop without detection. After the Snowden leaks, Reuters reported that the U.S. government had paid security company RSA $10 million to include Dual EC in a software development kit that was used by programmers around the world.

Viacom exposes crown jewels to world+dog in AWS S3 bucket blunder

• Researchers found a wide-open, public-facing misconfigured AWS S3 bucket containing pretty much everything a hacker would need to take down the company’s IT systems.

• “The contents of the repository appear to be nothing less than either the primary or backup configuration of Viacom’s IT infrastructure,” Vickery revealed today.

• The Amazon-hosted bucket could be accessed by any netizen stumbling upon it, and contained the passwords and manifests for Viacom’s servers, as well as the access key and private key for the corporation’s AWS account. Some of the data was encrypted using GPG, but that wouldn’t be an issue because the bucket also contained the necessary decryption keys.

Equifax sends customers to wrong website, not theirs, for help

• The credit management company Equifax has been sending customers to a fake “phishing” website for weeks, potentially causing them to hand over their personal data and full financial information to hackers.

• After the data breach was revealed earlier this month, Equifax established the domain www.equifaxsecurity2017.com to handle incoming customer questions and complaints. This website is not connected to Equifax’s main website.

• On Wednesday, a user reached out to Equifax on Twitter asking for assistance. The responding tweet sent the user to www.securityequifax2017.com, which is an impostor site designed to look like the Equifax splash page.

FinFisher government spy tool found hiding as WhatsApp and Skype

• This week (21 September), experts from cybersecurity firm Eset claimed that new FinFisher variants had been discovered in seven countries, two of which were being targeted by “man in the middle” (MitM) attacks at an ISP level – packaging real downloads with spyware.

• When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found.

• When downloaded, the software would install as normal – but Eset found it would also be covertly bundled with the surveillance tool.

Feedback

• Stored passwords & Amazon Fire Stick

+Hey Dan. What is a good and inexpensive tape backup drive for LTO tapes? What works for you best? Thx!

Round Up:

• HOW TO HACK A TURNED-OFF COMPUTER

• Passwords For 540,000 Car Tracking Devices Leaked Online

• In spectacular fail, Adobe security team posts private PGP key on blog

Apache Struts Vulnerability: More Than 3,000 Organizations At Risk Of Breach

• Facebook re-licenses React under MIT license after developer backlash

The post Patch Your S3it | TechSNAP 338 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

GUNPG encryption broken

• Fixed in Libgcrypt version 1.7.8

• The study – PDF

• obtain a very efficient full key recovery for RSA-1024

• For RSA-2048 the attack is efficient for 13% of keys (i.e. 1 in 8).

NASDAQ leaks test data

• Financial Times link- paywall

• A data glitch briefly made online games group Zynga more valuable than Goldman Sachs when prices of a host of Nasdaq-listed stocks including Amazon, Apple and Microsoft were reset to exactly $123.47.

• Prices on Nasdaq’s official website appeared unaltered but those shown on financial data services including Bloomberg, Thomson Reuters and Google Finance did display the price changes to $123.47.

• New York Stock Exchange data were unaffected. Typically, vendors discard the test prices when checks are done. While the reason this did not happen for Nasdaq on Monday is not known, there was speculation it was linked to changed timings on the eve of the US Independence Day holiday.

• “It was no error by Nasdaq,” the exchange operator said. “Some vendors took test data and put it out as live prices.”

• Nasdaq said the glitch did not affect any market trading, including after hours. However, traders in Hong Kong said they saw a handful of trades reported at those prices, although many deals were subsequently cancelled.

Taking Control of All .io Domains With a Targeted Registration

• Previous post same person – The Hidden Risks of Domain Extensions

• The .io domain has several top level DNS servers under .io (e.g. a1.io)

• Not so much an exploit as failure of TLD to protect its assets

• Hard part is finding the servers which can be registered and then registering them

• Dan notes that .org does not suffer as easily from this problem because all of the .org NS records are under a given domain: org.afilias-nst.info. (re dig NS org. @k.root-servers.net.)

In the what’s new category for Dan

• Two Samsung 850 EVO 500GB SSDs in ICY DOCK MB882SP-1S-3B converters so I can mount them in 3.5″ drive trays.

• ‘Divider Boxes’ from @LeeValleyTools, set of 5 for CAD$9.50.

• LTO-4 labels for my laser printer

• Inserted 2nd of 6 5TB drives to replace my 3TB drives.

• Uploaded two scripts for my Let’s Encrypt project to GitHub: collect-certs & check-for-new-certs

Feedback

• RISC is Good?

• ZFS checksum errors on DigitalOcean block storage volume

• Alternate e-mail hosting service

• Check Your Backups! You might learn pg_dump better

• Google, MX, email, $1?

• vim customization

Round Up:

• Let’s code a TCP/IP stack, 5: TCP Retransmission

• OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows? – as detailed in BSDNow Episode 199: Read the source, KARL

• Privileged Ports Cause Climate Change – “I’m going to hazard a guess that the same 16-24 core Xeon with ~256gb of RAM that probably hosts less than a hundred 768mb VMs could probably host thousands of user workloads if those workloads ran directly on the same kernel without the cost of a hypervisor or the bloat of containers.” – FreeBSD jails – each one runs on the same kernel

• Pokemon or Big Data

The post Unsecured IO | TechSNAP 327 first appeared on Jupiter Broadcasting.

MP3 Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show

• hyper-pokemon: Wondrous, tailor-made Pokémon themes for your Hyper terminal

Follow Up / Catch Up

KMail’s ‘Send Later’ caused PGP encrypted private emails to be sent in plain-text

KMail, an email client from the KDE Project, introduced a new feature in version 4.11 that lets users delay sending of emails until a scheduled later time. Unfortunately, this new feature wasn’t compatible with KMail’s existing OpenPGP implementation.

Fedora Workstation 26 and beyond

Below is a sampling of the things we are working on.

• Having that in place should allow us to create a solution where you only use the NVidia driver when you want the extra graphics power which will of course require significant work from Nvidia to enable it on their side so I can’t give a definite timeline for when all the puzzle pieces are in place. Just be assured we are working on it and talking regularly to NVidia about it. I will let you know here as soon as things come together.

• Another major project we been working on for a long time in Fleet Commander. Fleet Commander is a tool to allow you to manage Fedora and RHEL desktops centrally.

• All this features can be set and controlled on either a user level or a group level or organization wide due to the close integration we have with FreeIPA suite of tools. The data is stored inside your organizations LDAP server alongside other user information so you don’t need to have the clients connect to a new service for this, and while it is not there in this initial release we will in the future also support Active Directory.

• PipeWire now aims at unifying linux Audio and Video. The long term the goal is for PipeWire to not only provide handling of video streams, but also handle all kings of audio. Due to this Wim has been spending a lot of time making sure PipeWire can handle audio in a way that not only address the PulseAudio usecases, but also the ones handled by Jack today. A big part of the motivation for this is that we want to make Fedora Workstation the best place to create content and we want the pro-audio crowd to be first class citizens of our desktop.
  Fedora Workstation has been leading the charge in supporting HiDPI on Linux and we hope to build on that with the current work to enable fractional scaling support.
  Carlos Garnacho has been doing some great work recently improving the general performance of GNOME Shell.

• Essentially what we are doing is making it very simple for a Fedora maintainer to build a Flatpak of the application they maintain through the Fedora package building infrastructure and push that Flatpak into a central Flatpak registry.
  While playback these days have moved to streaming where locally installed codecs are of less importance for the consumption usecase

• Luckily we are at a crossroads now where a lot of widely used codecs have their essential patents expire (mp3, ac3 and more) while at the same time the industry focus seems to have moved to royalty free codec development moving forward (Opus, VP9, Alliance for Open Media). We have been spending a lot of time with the Red Hat legal team trying to clear these codecs, which resulted in mp3 and AC3 now shipping in Fedora Workstation.
  We been looking at this for a while now and hope to be able to start sharing information with users on which laptops they should get that will have good battery life under Fedora.

casync — A tool for distributing file system images

It combines the idea of the rsync algorithm with the idea of git-style content-addressable file systems, and creates a new system for efficiently storing and delivering file system images, optimized for high-frequency update cycles over the Internet.

Canonical Updates Snapcraft on Ubuntu with Support for Resuming Snap Downloads

The biggest change in the Snapcraft 2.31 release appears to be support for resuming the download of the core Snap when building classic Snaps when an error occurs because the package can’t be fetched. This could come in handy during tests and in CI when you package your apps as Snaps.

TING

• Ting – mobile that makes sense

Debian 9 “Stretch” released

Debian 9 is dedicated to the project’s founder Ian Murdock, who passed away on 28 December 2015.

elementary + GitHub – elementary OS – Medium

on GitHub!

Revolutionist76 – System76

Need some more RAM? Have another SSD to throw in? NO PROBLEM. We're not going to tell you what to do with YOUR PC! A revolution is coming… pic.twitter.com/b7ZJBy4q9G

— Not a Robot (@system76) June 19, 2017

Want cross-play with macOS or Linux? Vote for suggestions on feedback.minecraft.net!

Unfortunately, MCBC/MCPE/C++ Edition is currently only available on one desktop platform: Windows 10. Well, almost. Education Edition (an education-specialized port of Bedrock Codebase) runs on macOS, and I guess that a macOS Edition is quite likely to come in the future.

Another huge deal is that there is no Xbox Live for Android yet (surprisingly!) and Linux has no store, no update mechanism for closed source stuff etc, so we would need to make our own store and launcher just to sell there. That’s a massive amount of work, probably more than just porting issues.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Michael Hall Joins Us

Community Manager at endlessos.com

• Endless Community

• OSTree

The core OSTree model is like git in that it checksums individual files and has
a content-addressed-object store. It’s unlike git in that it “checks out” the
files via hardlinks, and they should thus be immutable. Therefore, another way
to think of OSTree is that it’s just a more polished version
Of Linux VServer hardlinks.

Linux Academy

• Linux Academy | Linux and AWS Online Training

aldyr comments on Moonlight

Linux can only be for the masses if you take up arms and make it for them. #revolutionist76 https://t.co/NvSALg4z1C pic.twitter.com/PaI6QcsbtV

— Christian Hergert (@hergertme) June 19, 2017

@ChrisLAS you can use moonlight on the entire desktop by pointing it at explorer.exe. and doesn't work on Grid cloud, requires a GTX,no aws

— Paul Demers (@PaulMDemers) June 15, 2017

The post Halls of Endless Linux | LINUX Unplugged 202 first appeared on Jupiter Broadcasting.

Lisha is the Executive director of Geeks without bounds, an accelerator for humanitarian projects. She has found a great way to mix her desire to do humanitarian work along with technology!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

• Geeks Without Bounds » Support “Canoe Net” in the Ecuadoran Amazon!
• Geeks Without Bounds (@GWOBorg) | Twitter
• Geeks Without Bounds
• Random Hacks (@randomhacks) | Twitter
• Random Hacks of Kindness
• Lisha Sterling (@lishevita) | Twitter
• Worried Monkey (@worriedmonk) | Twitter
• Taarifa – Building the infrastructure of nations :: Home
• LDLN: Off-Grid Communications for Disaster Relief Agencies
• Mailvelope
• Early Tech Obsession | WTR 30 | Jupiter Broadcasting

Full transcription of previous episodes can be found below:

Transcription:

ANGELA: This is Women’s Tech Radio.
PAIGE: A show on the Jupiter Broadcasting Network interviewing interesting women in technology. Exploring their roles and how they are successful in technology careers. I’m Paige.
ANGELA: And I’m Angela.
PAIGE: So, Angela, today we interviewed Lisha Sterling. She is the executive director for Geeks Without Bounds. She has a pretty awesome story where she started out actually doing humanitarian aid work, ended up in programing, and then wound back up in humanitarian aid work with programing. It’s a fascinating story. Geeks Without Bounds is a great program, and I’m super excited to have her on the show.
ANGELA: Me too. But before we get into the show, I want to tell you about DigitalOcean. If you go to digitalocean.com and you use the promo code heywtr, you can save $10.00, which turns out is a two month rental of a server. Right? Because it’s only $5.00 a month. They have datacenter locations in New York, San Francisco, Singapore, AMsterdam, and London. And basically, they’re a cloud hosting provider. You can spin up a cloud server in 55 seconds. That include 512 megabytes of RAM, 20 gigabytes SSDS, i CPU, and i terabyte transfer. And they also pay authors $100 to $200.00 to technical tutorials. So, if you happen to already use DIgitalOcean or want to try it, and then like it so much that you want to write about it, you can get paid for that. After, of course, you save on two months of service.
PAIGE: Yeah, and their tutorials are bar none some of the best on the internet. I even end up there for things not for my DIgitalOcean VPS, which by the way, with those SSDs is disgustingly fast.
ANGELA: So, if you use heywtr, you support Women’s Tech Radio. ANd turns out, if you did not remember to enter a promo code when you started DigitalOcean, just go try to put in in there.
PAIGE: Yeah. I actually did that and it totally worked for mine.
ANGELA: After the fact.
PAIGE: Like a couple years ago when Coder Radio had it. That was sweet.
ANGELA: Yep, so you can still use it. So heywtr. Go to digitalocena.com
PAIGE: Yeah. And we got started with our interview with Lisha by asking her to explain her current position and what she’s up to in technology.
LISHA: I’m the Executive Director at Geeks Without Bounds and we support humanitarian open source projects through a combination of hackathons and an accelerator program. So, my work these days sort of entangles both my early career in international aid work and charity work and my academic side. I studied Latin American studies in college. And the rest of my professional life, which has been software development and systems engineering. And now I get to use technology to do disaster response and humanitarian aid and international development work.
PAIGE: Wow. That’s a pretty awesome way to use technology.
ANGELA: Yeah it is.
PAIGE: So that sounds like a pretty big jump from, you know, international aid work into software development. Can you tell me the story of like how that came to be for you?
LISHA: Yeah. So, first off, being, you know, a privileged white kid, i had my first computer when I was eight years old. Actually, my dad got me two Timex Sinclair 1000s. One for his house and one for my moms’ house. And connected it up to the black and white TV and put rubber bands around it so that the extra 16K of memory wouldn’t disconnect while we programmed. And thus I began my journey as a new programer learning basic and then going there’s a thing called Assembly Language. And I got involved with a computer club and was your basic tomboy geek girl. Then I had my first kid when I was 17 and went off to El Salvador. Did aid work during the war and during the first year of the peace. Came back to the US, did a bunch of work with refugees. Had another kid. Decided that I should probably go to college. And since I’d been working with Central American and in Central America, it was obvious what I was going to study. I was going to study Latin American studies and go do more of the same sort of stuff. But being a mom with two small kids, I, and no real skills or degree, I was able to make $4.25 an hour and my childcare cost like $7.50 an hour. The math doesn’t add up.
ANGELA: No. Now that I have three, daycare just isn’t even an option.
LISHA: Yeah. So one of my friends from my young computing days, a young man that I dated when I was like 11 and 12, and our first date was actually to a tech conference at the Moscone Center.
ANGELA: That’s adorable.
LISHA: So, you know, we’re still friends as adults. And he said to me, why don’t you get a job as a programer? And I was like, you’re crazy. I don’t have a degree in CS. I can’t program. He’s like, don’t be stupid. Nobody cares about your CS degree. Just tell them you can program. Show them some code and they’ll let you do it. But his caveat came. You must charge $25 an hour. I was like, I can’t charge $25 an hour. He’s like, no if you do not charge $25 an hour I will never speak to you again.
ANGELA: Oh my goodness.
PAIGE: So I’m going to pause you there, because this is a really interesting question that I always dig around. Why could you not charge $25 an hour?
LISHA: Well, because I was getting $4.25 an hour. The idea-
ANGELA: Perceived value. Perceived value.
LISHA: Right. The idea that I was going to go to somebody and have balls enough to say, yeah I’m a programer. I don’t have any degrees or any proof that i can actually do this, but you should totally pay me $25 an hour for it.
ANGELA: Inferiority complex. Yep. I’m familiar with all of that.
LISHA: Yeah. Yeah. So, but, you know my friendship was on the line and my need to take care of my children was on the line. So I did it and just about keeled over the first time somebody said, yes we will hire you.
ANGELA: Wow.
PAIGE: What did it take to get your foot in the door? Was it really just like you friend said? You just showed up and were like, look I can program. Let’s go.
LISHA: Actually, yeah. It literally was that easy. So I went for low hanging fruit right at the start, since I was at community college at the time. And so at the time I was working as an administrative assistant for Sybase. This probably puts the timing into, into perspective.
PAIGE: Your choice of computerm, your choice of computer at the top made that pretty clear.
LISHA: Right. Right. Right. Yeah, so I was working for Sybase as an administrative assistant and had gotten the opportunity to play with web stuff there on the side. The first browsers were out, but nobody was really using them. So even at Sybase they were like, this is stupid. Why are you wasting your time with this? But of course I was going to college so I went to all of my professors and I said have you seen this thing called the web? You should check this out. You can put your research up and you can put your classwork stuff up.
PAIGE: Which is exactly what the web was originally built for, was to share research.
LISHA: Right. Exactly. And they said, oh wow that’s neat. And yeah could you do that for me. So that was how i got my foot in the door. ANd then, you know, I got a little bit braver and I went to the administrators of the Parelta College District. So I went to the administrators at the Parelta COllege District and said, you know, you guys should really have a better website. And they said, you know what, you’re right. And so I got to do some contracting for them. And then I found out about dice.com and atually the saem friend that told me that I had to charge $25 or neer speak to me again told me about Dice. And at the time, almost nobody knew about it and you had to get your Dice listings off of Gopher. And he told me, don’t tell anyone about this, because when everyone knows about it then it’s going to start getting harder to get jobs. So you’re not allowed to tell anybody about it. So, you know, there I was in the early ‘90s using Dice by Gopher. But I found some jobs and then recruiters started contacting me and I found that I could actually work from home, which by that time was actually the UC Berkeley family housing. I was able to basically pay for my own schooling with scholarships, pay for my kids’ daycare and private school with programming. And everybody kept saying why aren’t you studying computer science, and I would say I’m already working in computer science, why would I get a degree in it? But then eventually I finished my bachelor’s degree and I intended to on with grad school, but I had that moment where it’s like I need some time without poverty and working just enough hours to keep us afloat is, we’ve done that for a while. I need to spend some time working full time. And then work ended up eating my life for oh, 20 years.
PAIGE: So at that point you got a full time job in computer science somewhere?
LISHA: Yeah. At that time I ended up getting full time work. I worked, while in the mid-90s I worked at Wells Fargo Bank doing problem and change tracking during the Y2K reprograming stuff. Anybody who says that the Y2K thing was nothing, was not there to program all the fixes.
PAIGE: Yeah. It only wasn’t a thing because you guys were doing it.
ANGELA: Yeah.
LISHA: Right. Exactly. It wasn’t a thing because there were a lot of people working really hard to make sure it was not a thing. So I was there. I worked, i did random contracts for media companies and whatnot in the San Francisco Bay area. Amazon, I worked at Amazon in the UK. That kind of thing.
PAIGE: And then eventually stumbled back into Geeks Without Bounds?
LISHA: Yeah. So my first sort of hit between the eyes was 2001 and after 911 I said I’m not working on any more Microsoft or any more closed sourced from here on out. I’m only going to do open source, because I’ve already sold my soul and I’m not doing humanitarian work, at least I’m going to do code work that I care about. So from 2001 onward I was working almost exclusively on open source software. And then even that kind of hit me at some point. I’m like, I went to college so that I could do humanitarian work. Why am I still writing code? And so I decided to just quit everything and figure out what I was going to do with my life, when I grow up. And I declared myself an un-graduate student. If you’re familiar with the idea of unschooling, which is like homeschooling without a curriculum.
ANGELA: Yep.
LISHA: There’s also such a thing as un-college. And I don’t know, there might be somebody else in the world who came up the with idea at about the same time I did, or even before I did, but I came up with this sort of independently. Where I had been thinking about going back to grad school and then said why would I get myself into more debt? I’m going to un-grad school. So that’s what I did. And that ended up getting me into an organization called The School Factory, which is the fiscal sponsor for Geeks Without Bounds. And then that, of course, led me into Geeks Without Bounds. I started out as a volunteer. Then i was the developer coordinator. And then last year I became the executive director.
PAIGE: Congratulations.
ANGELA: Yeah.
LISHA: Thank you.
PAIGE: That’s a really awesome journey. It’s all over the map, but it’s very personal . And I love that about tech. It’s not a straight and narrow path.
LISHA: Yeah. Yeah. And there’s lots of ways you can come to tech and there’s lots of things you can do with the tech once you’re in it or playing with it. It’s not just one tool. It’s like all these different tools. It’s kind of like saying, what can you do with wood? Well, you can do all sorts of things with wood.
PAIGE: Right. What do you want to do with wood?
LISHA: RIght.
PAIGE: Yeah. So, I think a lot of people would hear you story and stay, well you kind of had perfect timing. You’re like in the Bill Gates timing era, where if you just caught on to the right thing at the right time you were good to go. How would you respond to somebody saying that in today’s climate? Oh, I couldn’t just show up and say I know how to code, pay me $25 an hour, let’s go, kind of a thing. Because I would argue that in some ways we’re kind of seeing that again, but what’s your thoughts?
LISHA: I think we’re absolutely seeing that again. I think that right now is a really good time to ride the wave of open source into your dream job. ANd so, a little shameless promotion here. At Geeks Without Bounds, one of the programs that we have is an internship program and we take novice developers who have, who have learned some programming skills but have either never gotten any job experience or they don’t know how to use GitHub and work in a team, or go through issue tracking and figure out how to pick a project out of the issues, you know, that kind of thing. We give them mentorship. We have them work on some of the humanitarian projects in our ecosystem and we try to shove them at as many other opportunities to get a real job as possible. Sometimes we also manage to get a grant here or there to get them a stipend, but most of them are sort of slave labor in exchange for lots of mentorship. And they’re code up on GitHub so that they can show it to other people. And we have had some really great success with people coming into that program. Doing some amazing work on one project or another over the course of three months, five months, six months, and then going on to get a real job in programming. We had one guy who had studied aeronautical engineering. Got all the way through his degree and realized that that was not what he wanted to do with his life and what he really wanted to do was be a programer.
PAIGE: That’s a big investment to make that shift.
LISHA: Exactly. And I snagged him and I was like, let me put you to work. And it was fantastic. He got projects that he really enjoyed working on. He learned a whole bunch of stuff very fast. He managed to get a stipend and then he got a paid internship and then, you know, he’s working full time as a developer in Chicago and, you know, you can totally do that. And you don’t have to have to have a bachelor’s degree to begin with either. Anybody really can do that.
PAIGE: So do you take a lot of people who have maybe done either a lot of self-taught stuff on the internet now or boot camp graduates? How do you people kind of end up ready to go into Geeks Without Bounds internships?
LISHA: All of the above. I’ve had people who were in their junior or senior year of college decide to spend the summer working on projects with us. I’ve had people that were totally and completely self-taught. And there’ve been people who’ve done some sort of boot camp like experience. So they knew a bit more about how to work in teams and things like that, but they just wanted to get some more work experience while they were looking for a job. They already knew how to look for a job, they just wanted to keep their, the code lines on GitHub up while they were looking for that job. So, yes.
PAIGE: And that’s, I mean that’s one of the biggest recommendations I give to anybody who’s going through boot camp is keep committing. Just keep getting it up there.
LISHA: Absolutely.
PAIGE: So that’s kind of the intern side of it. How about in the nonprofit side. How does a nonprofit get involved with you? Are they just finding you online? Are you doing events or something to kind of bring them in? What does that look like?
LISHA: We end up meeting people in all sorts of situations. Sometimes as conferences or at say disaster response drills. Sometime we’ll meet people there. Sometimes it’s literally look for who’s in the area that needs support right now. And sometimes people come to us. And then, basically we just kind of have lots of conversations and develop relationship over time and let people know that if they have challenges that they think that technology could help them with, that we are happy to help them craft that into a challenge that somebody can actually address. And when we’re crafting or curating challenges for hackathons, we try to create a challenge that can actually be addressed in a weekend. So there might be back story and a problem that clearly this is not going to be solved in a weekend, but here’s the backstory and here’s the piece we want to accomplish this weekend.
PAIGE: So you guys kind of handle the project managy end of that prepping it to go into the hackathon?
LISHA: Right. Exactly. And then, so once you get a starting point basically, if you’ve got, say an app that sort of is attempting to deal with the big pictures, um, then you can break that down into lots of different challenges and you can take that from one humanitarian hackathon to next to the next. And the great thing about that is that you start with a couple of people who got interested in the project at the first hackathon and maybe on those, maybe two people will stay on board and keep working on the project over time.
PAIGE: Which is one of the biggest challenges with hackathons is actually getting people to commit, almost.
LISHA: Exactly. So you take the project to the next hackathon. And let’s say four or five people work on it and one of those people decides they want to keep working on the project long term. So now you’ve just snowballed your team. You’ve got two people or three people instead of just the people from the original hackathon. And then you take it to the next one and it gets stickier. And the more work has been done and the larger the core team is, the stickier the ball gets as it goes from one hackathon to the next.
PAIGE: It builds momentum.
LISHA: Yeah. It builds momentum and you get to a certain point where you can actually have a whole hackathon where all the challenges that are being presented are all based around that one piece of software. So, for instance, one of the projects that started at a hackathon, Taarifa, that project has had multiple hackathons that are just about Taarifa. Where all of the challenges are all, either bug fixes or feature request for Taarifa that have ranged from improved the documentation to create a Swahili translation for all of the text, to fix the security bugs, to create new features. And that team is one of, one of the most amazing teams that we’re working with right now, actually. I’m pretty impressed with where that project has ended up. It’s being used by the World’s Bank in many countries in Africa. We at Geeks Without Bounds are part of a consortium that is being supported by HDAF, UK aid to put Taarifa into the water system in Tanzania in order to allow citizens to report to the government when water pumps and spigots and other water points are broken. And allows the government to keep track of what is working and what is broken in the water infrastructure everywhere in the country.
PAIGE: Crowdsourcing water maintenance. That’s awesome.
ANGELA: That is awesome.
LISHA: Exactly. Exactly. And Taarifa was originally developed for water management, actually. But now it’s being used for tracking education systems, healthcare systems, and this summer I’m going down to Ecuador to work with people from the Kofan community in Northern Ecuador in order to use Taarifa to track pollution and encroachment in the Amazon Jungle. So pretty awesome little piece of software there.
PAIGE: Yeah. So you have a formal commitment in your life to only work on open source software. Is that something that’s carried forward that Geeks Without Bounds is also doing when they’re doing these projects with nonprofits?
LISHA: Yes.
PAIGE: Are you largely open source, mostly? What’s the deal?
LISHA: It’s all open source. We specifically work on open source humanitarian projects. So open source projects that for whatever reason we can’t find a way to call it humanitarian, we don’t work on those. We’ve managed to find ways to call lots of ways humanitarian though. Today we were working in PGP email app for Firefox OS phones.
PAIGE: Wow.
LISHA: And I consider that to be a humanitarian issue because Firefox OS phones are marketed to low income people in developed countries. And to people in the least developed countries on the planet. So, in other words, Firefox OS phones are being marketed to vulnerable people. And as a system it doesn’t have the security and privacy pulls that an iPhone or an Android phone has. And at the moment there’s no guardian project for Firefox OS. So we’re trying to kick one off, basically.
PAIGE: Yeah. So I’m going to jump in just for anybody listening who doesn’t know, PGP is an email encryption program called Pretty Good Privacy. It’s kind of the de facto standard right now for email encryption. Usable by anybody. If you’re interested in having encrypted email, there’s tons of stuff online. And one of our former guests, uh Snubs, has some awesome tutorials on Hak5 about how to do that if you want to check it out. But yeah, so privacy and security.
LISHA: And for newbies to PGP who use hotmail or yahoo mail or Gmail, I would recommend looking up a program called Mailvelope. It’s a Firefox and Chrome plugin. So you just plug it into your browser and then it recognizes that you’re on a webmail site and it will allow you to encrypt your email in webmail. Which is pretty cool.
PAIGE: Yeah. That’s pretty awesome. I mean this project you’re involved with, I’m not going to lie, it touches my heart in a very special way. I think that technology can change the world if we let it. And I think getting more people involved at that level is just phenomenal. The way that you’re doing it is great. If people want to find you how do they do that? To find Geeks WIthout Bounds, to get involved either as a nonprofit or as a coder, whatever?
LISHA: Whatever, yeah. So we’re online at gwob.org.
ANGELA: Thank you for listening to this episode of Women’s Tech Radio. Remember, you can go to jupiterbroadcasting.com for the show notes and a full transcription, as well as the contact form. Drop down the show drop down to Women’s Tech Radio and send us your feedback or suggestions on who you’d like to hear on the show.
PAIGE: You can also check us out on iTunes and our RSS feed is linked at our show page on Jupiter Broadcasting. If you have a moment, please leave us a review on iTunes. Those help out the show and also lets us know what you think. And also, follow us @heywtr on Twitter. We’ll talk to you soon.

Transcribed by Carrie Cotter | Transcription@cotterville.net

The post Humanitarian Tech | WTR 31 first appeared on Jupiter Broadcasting.

Just when you thought openSSL was safe, we’ve got a whole new round of security flaws. Plus we’ll go inside a massive online carding shop.

Then it’s your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

OpenSSL and GnuTLS flaws

• A series of new vulnerabilities have been found in both SSL/TLS libraries
• Latest Versions:
• OpenSSL 0.9.8za.
• OpenSSL 1.0.0m.
• OpenSSL 1.0.1h.
• CVE-2014-0224 — An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
• CVE-2014-0221 — By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected.
• CVE-2014-0195 — A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected.
• CVE-2014-0198 — A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
• CVE-2010-5298 — A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
• CVE-2014-3470 — OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
• OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper \”Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack”. This issue was previously fixed in OpenSSL 1.0.1g.
• GnuTLS releases update to fix flaws as well
• CVE-2014-3466 — A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length
• Deeper analysis of the GnuTLS flaw

Inside a carding shop

• Bryan Krebs releases his expose on the inner workings of a professional carding shop
• This shop focused on ‘dumps’, full track data that can be written to blank cards, allowing the fraudster to take the card into a big box store, and buy large ticket items that can easily be sold for cash
• “The subject of this post is “McDumpals,” a leading dumps shop that first went online in late April 2013. “
• “Like many other dumps shops, McDumpals recently began requiring potential new customers to pay a deposit (~$100) via Bitcoin before being allowed to view the goods for sale. Also typical of most card shops, this store’s home page features the latest news about new batches of stolen cards that have just been added, as well as price reductions on older batches of cards that are less reliable as instruments of fraud.”
• Bryan has a great slideshow that shows some of the regions and retails that were compromised, and what the sets of cards sell for

Feedback:

• Forever Changing IP Address?

• Lan neutrality

• Can you give me an advice regarding zfs on my nas?!

• YouTube / Google Video and Net Neutrality

• Any Swedish Techsnap fans?

Round Up:

• Linux users at risk as ANOTHER critical GnuTLS bug found
• It\’s not Net Neutrality that\’s at stake, it\’s Cable Company Fuckery
• New Heartbleed attack hits Android devices and routers over Wi-Fi
• Malware creation breaks record 160,000 new samples per day
• Google Releases End-to-End Encryption Extension
• Insecure by design and trusted by default, the hell that is unpatchable embedded systems
• Linksys E4200 vulnerability allows attacker to bypass admin password
• New Soraya Malware includes Form Grabbing, Memory Scraping Functionality
• Heartbleed exploitable over enterprise wireless networks
• Vulnerabilities found in law enforcement surveillance systems
• Crucial launches new data center grade SSDs, but also new MX100 consumer line at under 50 cents per GiB

The post House of Credit Cards | TechSNAP 165 first appeared on Jupiter Broadcasting.

What is the Dark Mail Alliance? We’ll dig into how it’s more of a protocol, and a hope than an actual product. Now the time to replace email we’ll explain how you can help get the concept kickstarted.

Plus your follow up on upstart vs systemd, a brief SteamOS chat, and more!

Thanks to:

• Help the DigitalOcean community by submitting articles and get paid $50 per published piece!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

FU

• upstart vs. systemd in debian

• The future of Linux should be independent

• WebM on the HTML5 embed was missing sorry – Published early due to YouTube outage.

• On Ubuntu\’s user base being used as justification for lesser technology

• Lavabit\’s Dark Mail Initiative by Ladar Levison

Dark Mail Explained:

• Lavabit\’s Dark Mail Initiative by Ladar Levison — Kickstarter

The goal is to cleanup and release the source code that was used to power Lavabit as a f/oss project with support for dark mail added.

• Lavabit creator launches Kickstarter campaign for dark mail open-source project for encrypted email – The Next Web

Lavabit creator Ladar Levison has launched a Kickstarter campaign for the dark mail encrypted email initiative he\’s working on in partnership with Silent Circle.

The project is looking to raise $196,608 to take the Lavabit source code and turn it into a free and open-source project with the new dark mail protocol.

Mail Sack:

• Straw Poll Results
• Why people will not use darkmail… // Slexy 2.0

The post Dark Mail: A New Hope | LINUX Unplugged 13 first appeared on Jupiter Broadcasting.

It all started with a simple phishing attack, we’ll share the story about a small bank that had a major compromise, plus the Washington Post gets hacked…

A great batch of questions, our answers, and much much more!

Thanks to:

GoDaddy.com Use our code techsnap249 to get a .COM for $2.49.
UnitySync Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Direct Download: HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds: HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Attackers use DDoS attack on banks as cover to conduct APT attack on wire transfer switches, stealing millions of dollars

• Rather than attacks like we have previously discussed where the the fraudsters targeted individuals and companies with malware and then drained their bank accounts, this newer series of attacks has targeted the banks and credit unions directly
• Many of these attacks have been against smaller banks and credit unions because of their more limited IT security infrastructure
• It is unclear exactly how the attackers infiltrated the banks’ networks, but attacks similar to those against The Washington Post and The Onion are likely, fairly well executed spear phishing attacks
• Once the computer of someone inside the bank has been compromised, it can be loaded up with keyloggers, remote administration trojans and other malware
• The attacker can then use the ‘trusted’ computer to escalate their privileges, either directly, or by impersonating the person whos PC has been compromised, and sending more phishing emails internally
• Once a computer with access to the ‘wire transfer switch’ (usually an application) is compromised, the attacker can initiate a wire transfer from any account
• Individual bank accounts and bank employees often have limits on the amount they can transfer, however with escalated privileges, the attackers were able to increase or remote these limits in some cases
• Some banks have instituted anti-fraud systems that require a second employee to authorize any large wire transfer, however attackers had managed to compromise multiple employee accounts inside the bank, and were able to provide the secondary approval of their fraudulent transfers
• “In at least one instance, actors browsed through multiple accounts, apparently selecting the accounts with the largest balance”
• Then, to cover their tracks, the attackers launch a Distributed Denial of Service attack against the banks website, and/or online banking portal. This disruption is designed to keep the IT staff at the bank busy and keep attention of other bank employees away from the wire transfer system
• If successful, the DDoS attack distracts the bank long enough to prevent them clawing back the wire transfer. The bank has a much better chance of getting the money back if they can report the transfer as fraudulent within the first few minutes
• \”The service portal is down, the bank is losing money and reliability, and the security team is juggling the priorities of what to fix first. That\’s when the switch attack – which is very rare because those systems are not easily compromised [and require] high-privilege level in a more advanced persistent threat style case – takes place.\”
• Internet Crime Complaint Center (IC3) issues warning in Sept 2012
• Gartner Report
• Dell SecureWorks Report

Washington Post hacked by Syrian Electronic Army

• The attackers managed to modify specific pages of the Washington Post website to redirect traffic to the site of the attackers for about 30 minutes
• The Syrian Electronic Army (SEA) is a pro-Assad group known for hacking many twitter accounts, as well as other newspapers including The Financial Post, The Onion and the Associated Press
• SEA originally hacked an employee’s twitter account and used it to spread their message
• Some time after that, pages on the website started being redirected
• It is unclear if the employee’s credentials were used to execute the redirect attack
• The method of attack was exactly the same as that used against the Financial Post and The Onion, phishing emails appearing to come from other employees inside the same company, that redirected users to a fake email login page, that captured their credentials. It is unclear if WP uses gmail as the FP and the Onion did
• In a tweet, SEA claimed they had compromised ‘Outbrain’, a business partner of the newspaper that provides ‘content discovery’ mechanisms
• The tweet also claimed that this compromise gave them access to not only the WP, but also CNN and TIME Magazine
• The newspaper promptly disabled the Outbrain module and enacted other defensive measures
• Outbrain acknowledged the problem last Thursday. “We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely. We are working hard to prevent future attacks of this nature.”
• This type of attack is especially dangerous. If the SEA had redirected users to a site containing malware, rather than just their own site feature a political message in arabic, the results could have been much worse, and it could have gone on much longer before it was noticed
• This is the type of attack that is the most dangerous, it is like a watering hole attack, except it targets a mass audience, instead of a small one
• Additional Coverage

Feedback:

• Project Byzantium

• getvau.lt passwords

• Geek Choices

  • Switch: Netgear GS724T-300NAS
  • Router: Soekris net6501

• em0 watchdog timeout

Send us a Bitmessage: BM-GuGEaEtsqQjqgHRAfag5FW33Dy2KHUmZ

Round-Up:

• EFF wins court battle to release document showing FISC court ruled NSA Surveillance unconstitutional in 2011
• Poison Ivy RAT used in 3 new attacks
• Microsoft re-releases patch for vulnerability in Active Directory Federation Services after it caused many servers to stop working
• Twitter oauth token data leaked, attacker claims to have tokens for every twitter user, posts 15k tokens
• Microsoft pulls back patch for Exchange Server 2013, fixes Oracle bug that could allow a malicious .PDF to compromise the SERVER when viewed by a client with OWA
• Microsoft announces that in 6 months they will issue an update that will disable digital certificates with MD5 fingerprints. An optional version of the patch is available for testing, before the patch goes live on all supported OSs. Certifications should use SHA1 or SHA256 hashes
• Jekyll transforming malware developed by Georgia Institute of Technology passed through Apple iOS Review process undetected. Apparently the app was only tested by Apple for 7 seconds. Malware is able to post tweets, take photos, send email and SMS, and even attack other apps – all without the user’s knowledge
• Bruce Schneier’s comments on the Cryptopocalypse
• Trading on NASDAQ halted by unknown technical glitch
• Programming via voice recognition – developing a custom spoken language to express programming concepts like curley braces
• Groklaw shuts down because it can no longer trust the security of email

The post Little Phish Big Breach | TechSNAP 124 first appeared on Jupiter Broadcasting.

A huge amount of SIM cards are susceptible to an Over the Air attack, Allan’s got the details, Apple’s hacker outs himself, and the trouble with the Ubuntu forums!

Plus a batch of your questions, and much much more!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get private registration FOR FREE with a .COM! code: free5
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Security Researcher Claims Apple Developer Website Hack

• Apple\’s Developer Center first went offline last Thursday, and on Sunday, Apple revealed that it had been taken down as a precaution after a security breach. It is unclear who was responsible for the hacking, but a security researcher, Ibrahim Balic has suggested that he might be to blame for the outage.
• The company added that critical developer data had not been compromised and that they were working day n’ night to fix the vulnerability and bring the site back online.
• According to 9 to 5 Mac adds that, “In an email… Balic … is persistent in stating he did this for security research purposes and does not plan to use the information in any malicious manner.”
• The comment comes from independent security researcher Ibrahim Balic, who claims that his effort was not intended to be malicious and that he reported his findings to Apple just hours before the developer site was taken down by the company.
• Balic, who has reported 13 different bugs to Apple, originally discovered an iAd Workbench vulnerability on June 18 that allowed a request sent to the server to be manipulated. This security hole could be used to acquire the names and email addresses of iTunes users (even non-developers).
• After finding the loophole, Balic wrote a Python script to harvest data from the vulnerability and then displayed it in a YouTube video, which may have put him on Apple\’s radar.
• In addition to the iAd Workbench bug, Balic also discovered and submitted a report on a bug that caused the Dev Center site to be vulnerable to a stored XSS attack. While Balic says that it was possible to access user data by exploiting the Dev Center issue, he claims that he did not do so.
• New Details Emerge on Security Researcher Potentially Responsible for Dev Center Outage s
• Apple Outlines Plan for Bringing Developer Center Back Online
  Additional Coverage

Ubuntu Forums compromised

• The forums were defaced and the database compromised
• There were approximately 1.82 million registered accounts in the forum database
• Attackers have access to each of these user\’s username, password and email address
• The passwords were salted hashes, but by which algorithm was not made clear. Where these cryptographic hashes, or just md5(salt+md5(password)) or similar like some forum software?
• If you were a registered user, and reused that password anywhere else, you are likely going to have a bad time
• “Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach”
• Timeline:
• 2013-07-20 2011 UTC: Reports of defacement
• 2013-07-20 2015 UTC: Site taken down, this splash page put in place while investigation continues.
• 2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
• 2013-07-22: work on reinstalling the forums continues.

Feedback:

TechSNAP Bitmessage: BM-GuGEaEtsqQjqgHRAfag5FW33Dy2KHUmZ

• Voicemail from OSCON
• 389 Directory Server (Open Source LDAP)

The enterprise-class Open Source LDAP server for Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The 389 Directory Server can be downloaded for free and set up in less than an hour using the graphical console.

• Too many VMs in One Place?

• An Excellent Chance to Talk about FreeBSD for Allan!

• PPA for PHP5 : Ondřej Surý

• How does one learn how to become a PenTester?

  • Metaspolitable
  • Backtrack view by example
• Linux Drive Recovery | LAS s27e10 | Jupiter Broadcasting

Round Up:

• Feds Demand the Keys, Preparing for the Death of Public-Key Encryption
• The UNIX Issue of the Bell System Technical Journal turns 35 Spotted by Poul-Henning Kamp @bsdphk
• UK MP leading the charge for default blocking porn, has website hacked and filled with porn, accuses random blogger who comments on it of being behind the attack #doesnotknowhowtheinternetworks
• MIT Uses Machine Learning Algorithm To Make TCP Twice As Fast
• NSA says it cannot search its own emails to fulfill FOIA requests
• US-CERT releases advisory about DNS Amplification attacks, includes configuration suggestions to prevent your servers from being part of an attack
• True tales of white-hat hacking

The post Ethically Hacked | TechSNAP 120 first appeared on Jupiter Broadcasting.

Data protection in the cloud can mean a lot of different things. But what about in the context of software development? The guys tackle that question, and cover a great batch of your feedback.

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• H1B Feedback
• Alex’s email: I\’m interested in writing a mobile game.
• Adam Shares his JB App based on Shane’s
• Sean shares on open-source GUI prototyping tool
• Stephan asks about different OSS licenses
• Bryan’s Email: Feedback on the show

Data Protection in the Cloud

• Amazon: Some data lost in cloud outage is not recoverable

\”To be told four to six hours, and then just wait and wait and wait and nothing\’s happening for three days, was beyond frustrating and maddening,\” she said. Flores also said she noticed a difference in the way Amazon worked with large sites compared to smaller ones.

• Customer Data Reportedly Lost In Amazon EC2 Outage

\”A few days ago we sent you an email letting you know that we were working on recovering an inconsistent data snapshot of one or more of your Amazon EBS volumes,\” says the letter, quoted in the BI piece. \”We are very sorry, but ultimately our efforts to manually recover your volume were unsuccessful. The hardware failed in such a way that we could not forensically restore the data.\”

• How Microsoft handed the NSA access to encrypted messages | World news | The Guardian

Microsoft has collaborated closely with US intelligence services to allow users\’ communications to be intercepted, including helping the National Security Agency to circumvent the company\’s own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI\’s Data Intercept Unit to \”understand\” potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a \”team sport\”.

• Report: Microsoft collaborated closely with NSA – CNN.com

\”When we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request,\” Microsoft said in its statement Thursday.

Follow the show

• Email the show
• Join the Coder Radio Sbureddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post The 56k Solution | CR 58 first appeared on Jupiter Broadcasting.