HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researchers demonstrate how PINs and other info can be gathered through phone movement

• Team was able to crack four digit-PINs with 70 percent accuracy on the first try, with 100 percent accuracy by try number five

• A site accessed with malicious code can open the device to such sensor-based monitoring working in the background when browser tabs are left open.

• The team suggests a number of ways to help combat vulnerabilities, including regularly changing PINs and quitting out of any apps not currently in use

• Dan suggests: Simple way around this: randomize the display of numbers on the keypad. I think this should be standard for all PIN entry. I recall seeing this somewhere, years ago, but I don’t recall where. I’ve always wondered why I’ve never seen it again. If the numbers have a narrow field of vision, nobody can watch over your shoulder.

• A better article on the issue

• The PDF of the study

• From the PDF: . In the latest Apple Security Updates for iOS 9.3 (released in March 2016), Safari took a similar countermeasure by “suspending the availability of this [motion and orientation] data when the web view is hidden”x

Computer security is broken from top to bottom

• Robert Watson spoke at the very first BSDCan

• There are three main fundamental causes of insecurity: technology complexity, culture, an the economic incentives of the computer business.

Deep Dive starts with Dan’s first blog post about PostgreSQL

• PostgreSQL

• PostgreSQL < 9.6 has DATADIR is the same for all versions

• PostgreSQL 9.6+ on FreeBSD, each major version has it’s own DATADIR

• Installing in a FreeBSD jail means you can easily upgrading another jail, then start using it

Feedback

• 10 messages this past week. Requests for deep dives on PostgreSQL, DNS, ZFS, Jails.

• The guy who asked us about that free DNS service, wrote in to say he has no connection with them.

• Building pfsense box

• Suggestion for a Simple Inventory & Change Management Software

• Raidz-1 with hotspare vs raidz-2

Round Up:

• Hacker sets off all 156 emergency sirens in Dallas

• Allan Jude Interview with Wendell

• The TP-Link M5350 has a XSS exploit via text message. Responds with admin password in clear text. Original article in German

• Building a NAS

The post Cyber Liability | TechSNAP 314 first appeared on Jupiter Broadcasting.

The theoretical Android flaw becomes reality, a simple phishing scam hits some major companies & why your PIN has already been leaked.

Plus great questions, our answers, a rocking round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

W2 Phishing scams hit a number of companies

• “Payday lending firm Moneytree is the latest company to alert current and former employees that their tax data — including Social Security numbers, salary and address information — was accidentally handed over directly to scam artists”
• “Seattle-based Moneytree sent an email to employees on March 4 stating that “one of our team members fell victim to a phishing scam and revealed payroll information to an external source.”
• “Moneytree was apparently targeted by a scam in which the scammer impersonated me (the company co-founder) and asked for an emailed copy of certain information about the Company’s payroll including Team Member names, home addresses, social security numbers, birthdates and W2 information,” Moneytree co-founder Dennis Bassford wrote to employees.”
• Why that would even be a reasonable request, I don’t know
• “Unfortunately, this request was not recognized as a scam, and the information about current and former Team Members who worked in the US at Moneytree in 2015 or were hired in early 2016 was disclosed. The good news is that our servers and security systems were not breached, and our millions of customer records were not affected. The bad news is that our Team Members’ information has been compromised.”
• Moneytree joins a growing list of companies disclosing to employees that they were duped by W2 phishing scams, which this author first warned about in mid-February. Earlier this month, data storage giant Seagate acknowledged that a similar phishing scam had compromised the tax and personal data on thousands of current and past employees.
• “On March 1, Seagate Technology learned that the 2015 W-2 tax form information for current and former U.S.-based employees was sent to an unauthorized third party in response to the phishing email scam. The information was sent by an employee who believed the phishing email was a legitimate internal company request.”
• “W2 information is highly prized by fraudsters involved in tax refund fraud, a multi-billion dollar problem in which thieves claim a large refund in the victim’s name, and ask for the funds to be electronically deposited into an account the crooks control.”
• “For better or worse, most companies that have notified employees about a W2 phish this year are offering employees the predictable free credit monitoring, which is of course useless to prevent tax fraud and many other types of identity theft. But in a refreshing departure from that tired playbook, Moneytree says it will be giving employees an extra $50 in their next paycheck to cover the initial cost of placing a credit freeze (for more information on the different between credit monitoring and a freeze and why a freeze might be a better idea, check out Credit Monitoring vs. Freeze and How I Learned to Stop Worrying and Embrace the Security Freeze).”
• ““When something like this happens, the right thing to do is to disclose what you know as soon as possible, take care of the people affected, and learn from what went wrong. To make good on that last point, we will be ramping up our information security efforts company-wide, because we never want to have to write an email like this to you again”.”

New exploit developed for Android Stagefright

• “Security researchers have successfully exploited the Android-based Stagefright bug and remotely hacked a phone, which may leave millions devices vulnerable to attack.”
• “Israeli software research company NorthBit claimed it had “properly” exploited the Android bug that was originally described as the “worst ever discovered”.”
• “The exploitation, called Metaphor, is detailed in a research paper (PDF) from NorthBit and also a video showing the exploit being run on a Nexus 5. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.”
• “The Stagefright vulnerability was first highlighted by security firm Zimperium in July 2015. The hack was said to be able to execute remote code on Android devices and could possibly affect up to 95 percent of Android devices.”
• “A second critical vulnerability exploited issues in .mp3 and .mp4 files, which when opened were claimed to be able to remotely execute malicious code, was dubbed Stagefright 2.0 in October.”
• The flaws were originally thought to not be easily exploitable, but this new research provides a simple remote exploit case
• “The researchers from NorthBit say they have been able to create an exploit that can be used against Stagefright on Android 2.2, 4.0, 5.0 and 5.1. Other versions are not affected.”
• Android 5.0 and above are protected by ASLR, however “Dabah claims the exploit “depicts a way to bypass” address space layout randomisation (ASLR)”
• “”We managed to exploit it to make it work in the wild,” Dabah said. The research paper reads: “Breaking ASLR requires some information about the device, as different devices use slightly different configurations which may change some offsets or predictable addresses locations.”
• “”I would be surprised if multiple professional hacking groups do not have working Stagefright exploits by now. Many devices out there are still vulnerable, so Zimperium has not published the second exploit in order to protect the ecosystem”.”
• Researcher PDF
• I am glad my phone runs Android 6.0.1 with the March 2016 Security Updates applied

PIN analysis

• “There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit pin code. Out of these ten thousand codes, which is the least commonly used?”
• “People are notoriously bad at generating random passwords. I hope this article will scare you into being a little more careful in how you select your next PIN number. Are you curious about what the least commonly used PIN number might be?”
• “I was able to find almost 3.4 million four digit passwords. Every single one of the of the 10,000 combinations of digits from 0000 through to 9999 were represented in the dataset”
• “A staggering 26.83% of all passwords could be guessed by attempting the top 20 combinations”
• “The first “puzzling” password I encountered was 2580 in position #22. What is the significance of these digits? Why should so many people select this code to make it appear so high up the list?”
• This turns out to be straight down the middle of a telephone style number pad. Not the same as on on a computer, but most ABMs use the telephone style
• “Another fascinating piece of trivia is that people seem to prefer even numbers over odd, and codes like 2468 occur higher than a odd number equivalent, such as 1357”
• “Statistically, one third of all codes can be guessed by trying just 61 distinct combinations! The 50% cumulative chance threshold is passed at just 426 codes (far less than the 5,000 that a random uniformly distribution would predict)”
• The most unpopular pin is: 8068
• “Warning Now that we’ve learned that, historically, 8068 is (was?) the least commonly used password 4-digit PIN, please don’t go out and change yours to this! Hackers can read too! They will also be promoting 8068 up their attempt trees in order to catch people who read this (or similar) articles.”
• “Many of the high frequency PIN numbers can be interpreted as years, e.g. 1967 1956 1937 … It appears that many people use a year of birth (or possibly an anniversary) as their PIN. This will certainly help them remember their code, but it greatly increases its predictability”
• Pins that start with 19 dominate the top 10%, and all appear within the top 20%
• The heatmap also shows that people tend to use Birthdays a lot as well (MMDD)

Feedback:

• Techsnap feedback
• Network printing
• Linux printing using CUPS (Raspberry Pi)
• OPNsense?

Round Up:

• Hands-on with Intel’s Skull Canyon NUC, the most powerful game-ready mini-PC
• Microsoft has lost their audit data on all Certificate Authorities
• tcpdump is amazing – Julia Evans
• A study by Rutgers University and Microsoft has found that hard drives are more prone to failure due to high levels of humidity [PDF] than high temperature
• U.S. army developing encrypted radar waveform
• AMEX warns customers about breach at third party service provider, in 2013
• Big-name sites hit by rash of malicious ads spreading crypto ransomware
• Inside NIST, how time servers work
• I stayed in a hotel with Android lightswitches and it was just as bad as you’d imagine
• How quickly and easily a card skimmer can be installed
• Hurricane Electric Hosted DNS

The post Metaphorically Exploited | TechSNAP 258 first appeared on Jupiter Broadcasting.

Bittorrent client Transmission gets hit with Ransomware, Facebook pays out $15k to a hacker & Microsoft is bringing SQL to Linux. It’s a HUGE edition of Tech Talk Today!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Episode Links

• IRS Suspends Insecure ‘Get IP PIN’ Feature
• Facebook Fixes Bug That Allowed You to Reset Anyone’s Password
• Justice Department Asks Judge to Review Pro-Apple Ruling in iPhone Case – WSJ
• First Mac Ransomware Found in Transmission BitTorrent Client – Mac Rumors
• WNYT.com – Virtual dissections help college students stay on the ‘cutting edge’
• Linux Action Show
• Microsoft is bringing SQL Server to Linux | TechCrunch

Kickstarter of the Week

• LMcable | The world’s first IOS & Android Common Connector by LMcable
• Amazon.com: [Apple MFI Certified] dodocool® 2-in-1 lighting to usb cable(8 pin connector) Micro USB Charging Data Cable (3ft/ 1m) for iPhone 6 ,iphone5,samsung (Yellow): Cell Phones & Accessories

The post Garbled Transmission | TTT 235 first appeared on Jupiter Broadcasting.

What’s taking the states so long to catch up to the rest of the civilized world and dip the chip? Turns out it’s really complicated, we explain. Plus keeping a Hospital secure is much more than following HIPAA, and an analysis of Keybase malware.

Plus great questions, our answers, and much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The great American EMV fake-out

• “Many banks are now issuing customers more secure chip-based credit cards, and most retailers now have card terminals in their checkout lanes that can handle the “dip” of chip-card transactions (as opposed to the usual swipe of the card’s magnetic stripe).”
• But how many people have been to a retailer and ended up swiping their chip card?
• “Comparatively few retailers actually allow chip transactions: Most are still asking customers to swipe the stripe instead of dip the chip. This post will examine what’s going on here, why so many merchants are holding out on the dip, and where this all leaves consumers”
• “Visa CEO Charles W. Scharf said in an earnings call late last month that more than 750,000 locations representing 17 percent of the U.S. face-to-face card-accepting merchant base are now enabled to handle chip-based transactions, also known as the EMV. Viewed another way, that means U.S. consumers currently can expect to find chip cards accepted in checkout lines at fewer than one in five brick-and-mortar merchants.”
• This leaves the question of why more retailers are not using the chip. In Canada, and the EU, almost all transactions use chip-and-pin
• “New MasterCard and Visa rules that went into effect Oct. 1, 2015 put merchants on the hook to absorb 100 percent of the costs of fraud associated with transactions in which the customer presented a chip-based card yet was not asked or able to dip the chip. The chip cards encrypt the cardholder data and are far more expensive and difficult for card thieves to clone.”
• “Some merchants — particularly the larger ones — want to turn the often painful experience of training customers how to use the chip cards and terminals into someone else’s problem.” “They see [chip cards] as just slowing down lines and chose to wait until consumers learned what to do — and do it quickly — at someone else’s store”
• It seems that even with the liability shift, which Visa and Mastercard hopes would push merchants to be ready on time, many merchants have not completed upgrades to their payment systems and cash registers. Apparently many of the acquiring banks have long queues to ‘certify’ the upgraded software, further causing delays
• “Visa said based on recent client surveys it expects 50% of face-to-face card accepting merchants to have chip card transactions enabled by the end of this year. But even 50 percent adoption can mask a long tail of smaller merchants who will put off as long as they can the expensive software and hardware upgrades for accepting chip transactions.”
• In Canada, the transition was fairly quick, although this might be due to the fact that many people use debit cards that already required a pin, so the change for the customer was just inserting the card rather than swiping it
• “The United States is the last of the G20 nations to move to more secure chip-based cards. As late as the United States is on EMV implementation globally, the process of merchants shifting to all-EMV transactions is still going to take several more years. Visa has said it typically took about three years after the liability shifts in other countries before 90% of payment card transactions were “chip-on-chip,” or generated by a chip card used at a chip-based terminal.”
• “Historically, software was developed by terminal manufacturers and some-few contract programmers who kept up with the old-school operating systems, software development kits and so on for each terminal manufacturer. It was so easy that merchants and processors installed specialized tweaks that created countless variants in the marketplace.”
• Now the software is more complicated, as it involves correctly implementing cryptography, and the terminal vendors seem to be struggling to keep up
• “There are very few EMV software developers who understand the U.S. market”
• “There’s an invisible hand at work that is about to kick everyone in the pants and accelerate U.S. dipping into EMV slots,” Crowley said. “If you use a chip card at a point of sale that says swipe — and you later say that wasn’t me – there’s very little a merchant can do to dispute that charge. It’s going to happen because what people aren’t thinking about is the friendly fraud. When people are made aware that if I swipe and I have a chip card, that lunch can be free if I’m a bad consumer.”
• Note that this is still fraud, and you could go to jail
• “If you’re curious about chip card swipe adoption in your area, take an informal survey: My own decidedly unscientific survey involved a shopping spree one recent morning to no fewer than seven different retail locations, which revealed exactly seven different chip-capable payment terminals instructing customers to “Please Swipe Card.””
• Does typing your pin really take much longer than signing the receipt?

Securing Hospitals

• Researchers working for a hospital were able to compromise both Patient Monitors and the Drug Dispensary
• “The research results from our assessment of 12 healthcare facilities, 2 health care data facilities, 2 active medical devices from one manufacturer, and 2 web applications that remote adversaries can easily deploy attacks that target and compromise patient health. We demonstrated that a variety of deadly remote attacks were possible within these facilities, of which four attack scenarios are presented in this report.”
• “One overarching finding of our research is that the industry focuses almost exclusively on the protection of patient health records, and rarely addresses threats to or the protection of patient health from a cyber threat perspective. The background, motivating factors, nuances, and misunderstandings that perforate the healthcare industry with regard to security are discussed at length in this report. In summary, we find that different adversaries will target or pursue the compromise of patient health records, while others will target or pursue the compromise of patient health itself.”
• “The two major flaws in the healthcare industry with regard to threat model are that 1) the focus is almost entirely on protecting patient records, and 2) the measures taken address only unsophisticated adversaries: essentially, only one of the adversaries listed above — the Individual or Small Group adversary highlighted above in yellow. The industry is aware and speaks to Organized Crime and Nation State adversaries, but underestimates their sophistication and motivation. The strategies aim to curtail blanket, untargeted (i.e., indiscriminate) attacks to obtain patient healthcare records, and ignores the motivations and strategies that would be employed if targeting patient health or specific victims’ health records. These motivations and scenarios are highlighted in red in the above table”
• The protection of health records has been the focus for quite some time, even before records were computerized, but it seems the industry has not “noticed” that medical devices have been connected to the network, and are insufficiently protected from attack
• Devices compromised during the testing were: an insulin infusion pump, a patient monitor station, and a barcode reader
• The following attack surfaces / areas of vulnerability were identified:
  • Patient Health
  • Patient Records
  • Service Availability
  • Community Confidence and Trust
  • R&D, Intellectual Property
  • Business Advantage
  • Hospital Finances
  • Hospital Reputation
  • Physician Reputation
• PDF Report, 71 pages

KeyBase malware analysis

• “The usage of a rather simple keylogger malware has gone through the roof after its builder got leaked online last summer”
• “KeyBase is a spyware family that can capture keystrokes, steal data from the user’s clipboard, and take screenshots of the victim’s desktop at regular intervals”
• “Caught red-handed, its author promised to stop working on the malware, closed down the website from where he was selling KeyBase for $50 / €45, and abandoned the project.”
• “Researchers also discovered that while KeyBase’s control panel was secured with authentication, the folder in which images were sent for storage was not, meaning that after all this time, they could easily put together a simple script and find all the KeyBase panels available online.”
• “Using this simple method, Palo Alto staff discovered 62 Web domains where the KeyBase control panel was installed, 82 different control panels, and 125,083 screenshots from 933 Windows computers.”
• “Of all infected computers, 216 were workstations in corporate environments, 75 were personal computers, and 134 were used for both. 43 of the 933 computers also included details from more than one user, meaning they were shared assets, used by multiple family members or work colleagues.”
• “Taking a look at the screenshots, researchers discovered images depicting banking portals, invoices, blueprints, video camera feeds, email inboxes, social media accounts, financial documents, booking software, and many more.”
• Both personal and corporate banking details were seen, as well as a Hotel reservation system
• “The set for educational institutions wasn’t notably attributable to any one panel, but equally distributed. What made it stand out though is that the same tactic for delivering the KeyBase phish was applied here and “Admissions” people were targeted. These individuals are constantly sent Word or PDF documents, allegedly from parents, so it’s no surprise they would open the malicious files”
• “In the original KeyBase report, Palo Alto revealed that the malware’s creator managed to infect himself during the keylogger’s tests, and had his activities recorded through screenshots and then sent to the Web control panel. This apparently happened again, and 16 of the actors behind this new wave of KeyBase infections also managed to infect their computers. The screenshots saved from their PCs shows that while a few were just curious script kiddies, some of the other hackers were actually professionals involved in highly-targeted campaigns.”
• These screenshots provide interesting insight into the attackers
• “This next actor’s resolution was such that the screenshots only captured the top left portion of his or her screen; however, it was enough to make some interesting observations on tactics. The actor appears to be trying to engage in romance scams with multiple women, along with preying on seniors through dating sites”
• “Our analysis provides a unique opportunity to see the entire life cycle of a malware infection. Commonly, we’d see the first image in a set to be the KeyBase executable or malicious document all the way through until the Anti-Virus alerts of an infection. Sometimes that happened all within one screenshot.”

Feedback:

• Read Only File Server?

• How much Power Does a Server use at Home ?

• pfSense on TP-LINK?

• Software Freedom Conservancy condemns Ubuntu including ZFS

Round Up:

• MouseJack Technical Details
• How To Kill A Supercomputer: Dirty Power, Cosmic Rays, and Bad Solder — In the IBM Blue Gene, After weeks of searching, the culprit was uncovered: the solder used to make the boards carrying the processors. Radioactive lead in the solder was found to be causing bad data in the L1 cache
• FBI Insists It’s Not Trying To Set A Precedent, But Law Enforcement Is Drooling Over Exactly That Possibility
• OpenSSL to release new versions on March 1st to fix “high” severity issues
• Google Is Lighting Up Dark Fiber All Over the Country
• Asus Settles FTC Charges re: security vulnerabilities and negligent practices related to Asus routers and accompanying services, Agrees To 20 Years Of Supervision
• Judge confirms what many suspected: Feds hired CMU to break Tor
• Linux Mint site hacked, ISOs injected with malware. This is why posting an MD5 checksum on the site is not good enough
• Researchers manage to disarm SimpliSafe Wireless Home Security System
• glibc vulnerability worse than thought, “a skeleton key of unknown strength”
• Rumor: IBM gobbles Bruce Schneier, Resilient for $100m

The post Dip the Chip | TechSNAP 255 first appeared on Jupiter Broadcasting.

Target stores suffer a massive breach, we’ll round up everything you need to know. In light of recent events some of us have called for greater use of Encryption, but are we too late? Has the Internet already been broken? We’ll discuss.

Plus a batch of your questions, our answers, and much more!

Thanks to:

— Show Notes: —

Target PoS systems breached, more than 40 million credit and debit cards may have been compromised

• “Target confirmed the breach and in a statement said 40 million credit and debit cards were accessed starting the day before Thanksgiving and that hackers had access to the company’s systems until Dec. 15”
• “According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores”
• Because the breach was of the PoS system, the attackers have the full ‘track data’ from the magnetic stripe and could encode that data on blank cards (or gift cards) and use them to make fraudulent purchases
• If the attackers also managed to capture PIN numbers of debit cards, they could also program new cards in order to make cash withdrawals at ATMs
• It is not yet clear how the attackers compromised the Point-of-Sales systems
• Official Statement
• Additional Coverage
• Additional Coverage

PHK: We made this mess…

• Prolific software developer Poul-Henning Kamp (Varnish, FreeBSD, md5crypt) talks about how more encryption is not the answer, how the people who created and use the Internet need to fight politics with politics
• “And that \”we\” is people like you and me, people who connected computers, people who wrote software, people who ran ISPs, and people who told everybody and their grandmother how great the Internet was. … without thinking it fully through.“ “In particular without fully thinking through what people who are not like us might use the Internet for.”
• “Any attempt from now on to claw back the privacy which have been illegally removed from our lives, will be met by similar fierce resistance.”
• “Resistance from the military industrial complex, for whom \”Cyberwar\” and \”Total Situational Awareness\” is the new cash-cow.”
• “A lot of the \”we\”, are currently arguing that adding more encryption will solve the problem, but they are deceiving nobody but themselves: More encryption only means that more encryption will be broken, backdoored, trojaned or otherwise circumvented .”
• “If you think you can solve political problems with technical means, you\’re going to fail: Politicians have armies and police forces, you do not.”
• Also talks about how Jordan Hubbard (founder of the FreeBSD project) accidentically invented spam and warned that it needed to be controlled, as well as other examples of events the presaged the technical problems of the modern Internet

Krebs: RDP and weak passwords still a huge problem

• “Businesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers”
• Many servers have remote administration tools enabled, like SSH or in the case of Windows servers, RDP
• Just like the constant barrage of attacks against an SSH server, RDP is also subjected to constant brute force attack, however these servers are often less well defended
• Worse yet, there are still prolific numbers of servers with easily guessed username/password combinations remote1/Remote1 and sisadmin/sisadmin
• Krebs profiles a service advertised on cybercrime forums that sells credentials to these compromised servers
• “Prices range from $3 to $10 based on a variety of qualities, such as the number of CPUs, the operating system version and the PC’s upload and download speeds”
• Looking at the owners of the IP addresses, Krebs even wrote a little seasonal jingle

Feedback:

• Cleaning your server
• NAS Enclosure : techsnap
  • Ask iXsystems about a FreeNAS Mini starting at only $795
• Roll Over Social Buttons

Round Up:

• Research shows how MacBook Webcams can spy on their users without warning
• Dell SecureWorks analysis of Cryptolocker suggests the authors made at least $300,000 and possibly over $1 million in random
• Stolen Passwords as Art in Germany
• Inside Microsoft’s Digital Crimes Unit
• The NSA may never know the full extent of the Snowden leaks
• As you might expect, the UK Internet Filter has many false positives and an even greater number of misses
• IEC develops new standardized laptop power adapter
• IETF to work on making a new version of TLS that is easier to implement, harder to implement incorrectly, and easier to use for additional applications
• Video – LISA13: Managing access using SSH keys (by the Inventor of SSH)
• GitHub takes down satirical C+ equality language repo

The post Cleaning up our Mess | TechSNAP 141 first appeared on Jupiter Broadcasting.

We’ve got the details on a critical flaw in the chip and pin credit card system. The future of secure hashing, doing proper backups with rsync, and how squirrels and sharks take down the Internet.

Plus a big batch of your questions, and our answers.

All that and more, on this week’s TechSNAP

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

BONOUS ROUND PROMO:

Get your .COMs just $5.99 per year up to 3 domains! Additional .COMs just $7.99 per year!
CODE: 599tech

Expires 10/31/12

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show:

   

Support the Show:

   

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

   
Subscribe via RSS and iTunes:
Subscribe... --RSS-- TechSNAP HD TechSNAP Large TechSNAP Mobile TechSNAP MP3 TechSNAP OGG --iTunes-- TechSNAP iTunes HD TechSNAP iTunes Mobile TechSNAP iTunes Large TechSNAP iTunes MP3

Show Notes: