Show Notes/Links: linuxunplugged.com/265

The post Privacy Priorities| LINUX Unplugged 265 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | Video Feed | iTunes Feed

Become a supporter on Patreon:

Links

• Well-capitalized Seattle start-up seeks Unix developers – Google Groups
• Remember when Amazon only sold books? – LA Times
• Amazon CEO Jeff Bezos sold more than $1 billion worth of stock this week – The Verge
• Pranksters create fake Apple store at subway station with 50 people waiting in line / Boing Boing
• Seriously, don’t drop your iPhone X
• NOW L-Tryptophan 500 mg,120 Veg Capsules: Health & Personal Care
• Best Naturals Inositol 1000mg 120 Tablets – also called vitamin B8: Health & Personal Care

The post Dongs and Noodles | User Error 34 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | Video Feed | iTunes Feed

Become a supporter on Patreon:

— Links —

• StartPage Search Engine
• Bug 745032 – Mouse Tracking ‘Laggy’ on Wayland, and mouse movements cause frame drops in other OpenGL applications
• Wonder why your GNOME Shell feels jerky or stuttery? You may be a victim of this “bug” : linux
• [x-post] “Fedora 25 performance” | Hi GNOME team please address the performance issues in your shell! : gnome
• Fedora 25 performance : Fedora

• JupiterBroadcasting/CasterSoundboard: A soundboard for hot-keying and playing back sounds. (For podcasting)
• djfun/audio-visualizer-python: a little GUI tool to render visualization videos of audio files
• build.snapcraft.io – JupiterBroadcasting/CasterSoundboard builds

• Amazon.com: Anker PowerCore+ 20100 USB-C, Ultra-High Capacity Premium Portable Charger
• Amazon.com: TriLink USB-C to Micro USB Adapter [2 Pack] Anti-lost Keychain USB Type-C to Micro USB Convert Connector
• Amazon.com: iVoler 75W USB Type C Charger with Power Delivery, 60W USB-C Port + 15W 3 USB Ports
• Amazon.com: Lenovo GX20M33579 USB-C 45W AC Adapter
• Amazon.com: USB C Power Bank RAVPower 20100 Portable Charger QC 3.0 Qualcomm Quick Charge 3.0 20100mAh Input & Output Type C Battery Pack
• Amazon.com: Targus 45W USB Type-C Laptop AC Wall Charger
• Amazon.com: Type C Car Charger, Maxboost 35W w/ Quick Charge 2.0 Technology

gnome-shell-perf-tool —perf-iters=3 —perf=core —replace > perf.txt 2<&1

The post Double Sided Tape | User Error 10 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | Video Feed | iTunes Feed

Become a supporter on Patreon:

— Links —

On the 20th anniversary of its IPO, Amazon’s market cap stands at $459 billion. Walmart’s? $228 billion. https://t.co/i2RQI0TQ2Y pic.twitter.com/Vz4sp0GvhI

— Recode (@Recode) May 15, 2017

• Recode on Twitter: “On the 20th anniversary of its IPO, Amazon’s market cap stands at $459 billion. Walmart’s? $228 billion. https://t.co/i2RQI0TQ2Y https://t.co/Vz4sp0GvhI”
• Amazon’s 49,000% Gain: The Most ‘Super’ of ‘Superstocks’ Since 1926 – MoneyBeat – WSJ
• Amazon is now worth two Walmarts – Recode
• Arc dark chrome theme – Chrome Web Store

The post Here's the Thing | User Error 9 first appeared on Jupiter Broadcasting.

Encryption & privacy took quite a beating this week in the wake of the Paris attacks. We come to its defense. Your ISP heard you like backdoors, so they put a backdoor in your backdoor, the story of the social RAT & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

The Paris Attacks Were An Intelligence Community Failure, Not An ‘Encryption’ Problem

• Less than two months ago that Techdirt noted that, having lost the immediate battle for US legislation to backdoor encryption, those in the intelligence community knew they just needed to bide their time until the next big terrorist attack.
• Here was the quote from Robert Litt — the top lawyer for the Office of the Director of National Intelligence from September:

“the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

• In the wake of the tragic events in Paris last week encryption has continued to be a useful bogeyman for those with a voracious appetite for surveillance expansion. Like clockwork, numerous reports were quickly circulated suggesting that the terrorists used incredibly sophisticated encryption techniques, despite no evidence by investigators that this was the case. These reports varied, the New York Times even having to pull one such report offline.

• Other claims the attackers had used encrypted Playstation 4 or WhatsApp communications.

• Over the past few days, Techdirt has been highlighting the fever pitch of pundits and officials trampling over themselves to blame Ed Snowden, blame encryption and demand (and probably get) new legislation to try to mandate backdoors to encryption.

• It now appears that the attackers communicated via unencrypted SMS and did little to hide their tracks.

• Ryan Gallagher at the Intercept notes, some of the attackers were already known to law enforcement and the intelligence community as possible problems. But they were still able to plan and carry out the attacks. Even more to the point, Gallagher points out that after looking at the 10 most recent high profile terrorist attacks, the same can be said for each of them

• The Intercept has reviewed 10 high-profile jihadi attacks carried out in Western countries between 2013 and 2015…, and in each case some or all of the perpetrators were already known to the authorities before they executed their plot.

• Are ISIS Geeks Using Phone Apps, Encryption to Spread Terror? – NBC News

• Paris Terrorists Used Double ROT-13 Encryption – Schneier on Security
• Signs Point to Unencrypted Communications Between Terror Suspects
• After Endless Demonization Of Encryption, Police Find Paris Attackers Coordinated Via Unencrypted SMS | Techdirt
• The Limits of The Panopticon — why the surveillance state failed
  

Backdoor in cable modem, contains backdoor

• Security researcher Bernardo Rodrigues was invited to give a talk at a security conference, and he decided to research the topic of Cable Modem security
• Unlike talks from years ago, this wasn’t about how to get free cable internet, but instead about “the security of the cable modems, the technology used to manage them, how the data is protected and how the ISPs upgrade the firmwares. Spoiler Alert: everything’s really really bad.”
• “While researching on the subject, I found a previously undisclosed backdoor on ARRIS cable modems, affecting many of their devices including TG862A, TG862G, DG860A. As of this writing, Shodan searches indicate that the backdoor affects over 600.000 externally accessible hosts and the vendor did not state whether it’s going to fix it yet.”
• “ARRIS SOHO-grade cable modems contain an undocumented library (libarris_password.so) that acts as a backdoor, allowing privileged logins using a custom password”
• “ARRIS password of the day is a remote backdoor known since 2009. It uses a DES encoded seed (set by the ISP using the arrisCmDoc30AccessClientSeed MIB) to generate a daily backdoor password. The default seed is MPSJKMDHAI and guess what – many ISPs won’t bother changing it at all.”
• “The backdoor account can be used to enable Telnet and SSH remotely via the hidden HTTP Administrative interface “https://192.168.100.1/cgi-bin/tech_support_cgi” or via custom SNMP MIBs”
• “The default password for the SSH user ‘root’ is ‘arris’. When you access the telnet session or authenticate over SSH, the system spawns the ‘mini_cli’ shell asking for the backdoor password”
• “Yes, they put a backdoor in the backdoor (Joel from Dlink is sure to be envy). The undocumented backdoor password is based on the last five digits from the modem’s serial number. You get a full busybox shell when you log on the Telnet/SSH session using these passwords.”
• The researchers marketing solution for the vulnerability? A old fashion keygen complete with chiptunes and ascii art
• The vulnerability was disclosed to CERT on 2015-09-13, and CERT has a 45 disclosure policy. The vendor has yet to correct the issue
• Ohh, and it seems there are more backdoors

The Story of the Social RAT-in-the-Browser

• A Remote Access Trojan (RAT) is a malicious malware that runs on your computer giving unlimited access to a cybercriminal who can then steal information or install other malicious software.
• They are able to operate under the radar of traditional security measures because a RAT’s installation mechanism is usually attached to a legitimate program, allowing an intruder to do just about anything on the targeted computer including, access confidential information, such as credit card and social security numbers, activate a system’s video or webcam, distribute malware, or alter files.
• RATs have been used by countries and hacktivists for many years, however recently, we’ve seen this remote access attack vector migrate to online banking fraud.
• These specific RATs, termed RAT-in-the-Browser (RitB), give cybercriminals access to banking credentials and account information.
• One of the reasons these Trojans have spread so rapidly is because banks often use traditional security measures such as device fingerprinting to validate a device’s reputation, assigning ‘risk’ to new or untrustworthy devices and assigning ‘trust’ to known user devices.
• RitB sessions are, therefore, often successful since these detection tools won’t find anything unusual.
• A Social RitB, adding another layer of complexity, as fraudsters are beginning to use social engineering to carry out remote access attacks. All a fraudster needs to do is convince a user to install a standard remote support tool on their computer — for example, Ammyy, UltraVNC, AeroAdmin, or RemotePC — and use it to perpetrate online banking fraud.
• This type of banking fraud is simple for cybercriminals to carry out since it doesn’t require the technical knowhow needed to develop malware and is easy to infect users through various exploitation mechanisms.
• Here’s how it works: a fraudster calls a user and convinces him or her that he or she is an employee of a reputable organization (i.e. an Internet service provider or bank), explains to the user that there is a security issue on his computer and then fools the user into downloading and installing a remote support tool (or gives the fraudster access to an existing tool already installed). The fraudster then convinces the user to login to his or her bank account for a quick ‘security check.’ And voilà, the attacker is in and can submit a fraudulent transaction. This is a relatively easy process for the criminal that requires far less technical know-how and monetary expenditure than a regular RitB attack.

Feedback:

• The Loopback Interface

• ZFS License and Linux

• account specific email accounts

• Respond on alternative to Active Directory

Round-Up:

• Telegram cracked down on 78 ISIS-related channels in 12 languages this week
• DDoS and the Internet’s liability problem
• French airport still uses Windows 3.1, has to go to ebay to get spare parts. Stopped all flights when it crashed
• A behind the scenes look at Facebook’s release engineering, and how they use bittorrent
• Police body cams found pre-installed with notorious Conficker worm
• Bypassing SMEP with vDSO on Linux
• Ads found emitting inaudible sounds from your Phone, Tablet, TV and PC, and listening on other devices to link your devices together
• Introducing “Chuckle” a tool to exploit lack of SMB signing
• Hardware signing of Docker instances with Yubikey
• LinkedIn fixes XSS that could have been used to spread a worm
• CoreOS Launches Clair, An Open-Source Tool For Monitoring Container Security
• It is way too easy to hack the hospital
• Tunnel all of your traffic over ICMP Echo requests and replies
• TubeMogul replaced 31 EC2 x2-large instances with 2 SuperMicro servers
• 15 sites to practice your pentesting skills
• Media Jacking — Tricking people into giving you access to their webcam

The post Double ROT-13 | TechSNAP 241 first appeared on Jupiter Broadcasting.