HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researchers demonstrate how PINs and other info can be gathered through phone movement

• Team was able to crack four digit-PINs with 70 percent accuracy on the first try, with 100 percent accuracy by try number five

• A site accessed with malicious code can open the device to such sensor-based monitoring working in the background when browser tabs are left open.

• The team suggests a number of ways to help combat vulnerabilities, including regularly changing PINs and quitting out of any apps not currently in use

• Dan suggests: Simple way around this: randomize the display of numbers on the keypad. I think this should be standard for all PIN entry. I recall seeing this somewhere, years ago, but I don’t recall where. I’ve always wondered why I’ve never seen it again. If the numbers have a narrow field of vision, nobody can watch over your shoulder.

• A better article on the issue

• The PDF of the study

• From the PDF: . In the latest Apple Security Updates for iOS 9.3 (released in March 2016), Safari took a similar countermeasure by “suspending the availability of this [motion and orientation] data when the web view is hidden”x

Computer security is broken from top to bottom

• Robert Watson spoke at the very first BSDCan

• There are three main fundamental causes of insecurity: technology complexity, culture, an the economic incentives of the computer business.

Deep Dive starts with Dan’s first blog post about PostgreSQL

• PostgreSQL

• PostgreSQL < 9.6 has DATADIR is the same for all versions

• PostgreSQL 9.6+ on FreeBSD, each major version has it’s own DATADIR

• Installing in a FreeBSD jail means you can easily upgrading another jail, then start using it

Feedback

• 10 messages this past week. Requests for deep dives on PostgreSQL, DNS, ZFS, Jails.

• The guy who asked us about that free DNS service, wrote in to say he has no connection with them.

• Building pfsense box

• Suggestion for a Simple Inventory & Change Management Software

• Raidz-1 with hotspare vs raidz-2

Round Up:

• Hacker sets off all 156 emergency sirens in Dallas

• Allan Jude Interview with Wendell

• The TP-Link M5350 has a XSS exploit via text message. Responds with admin password in clear text. Original article in German

• Building a NAS

The post Cyber Liability | TechSNAP 314 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Internet privacy

• The House just voted to wipe out the FCC’s landmark Internet privacy protections

• Vote Summary

• Who represents You in the U.S. Congress

• Five Ways Cybersecurity Will Suffer If Congress Repeals the FCC Privacy Rules

• A VPN can stop internet companies from selling your data — but it’s not a magic bullet

• How ISPs can sell your Web history—and how to stop them

Alleged vDOS Owners Poised to Stand Trial

• Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline.

• On Sept. 8, 2016, KrebsOnSecurity published a story about the hacking of vDOS, a service that attracted tens of thousands of paying customers and facilitated countless distributed denial-of-service (DDoS) attacks over the four year period it was in business. That story named two young Israelis — Yarden Bidani and Itay Huri — as the likely owners and operators of vDOS, and within hours of its publication the two were arrested by Israeli police, placed on house arrest for 10 days, and forbidden from using the Internet for a month.

• According to a story published Sunday by Israeli news outlet TheMarker.com, the government of Sweden also is urging Israeli prosecutors to pursue formal charges.

• Law enforcement officials both in the United States and abroad say stresser services enable illegal activity, and they’ve recently begun arresting both owners and users of these services.

ZFS is what you want, even though you may not know – Dan talks about why he likes ZFS

• The following is an ugly generalization and must not be read in isolation
• Listen to the podcast for the following to make sense
• Makes sysadmin life easier
• treats the disks as a bucket source for filesystem
• different file system attributes for different purposes, all on the same set of disks
• Interesting things you didn’t know you could do with ZFS

Feedback

• Dealing with waste heat

• PostgreSQL vs MySQL

The following were referenced during the above Feedback segments:

• Dan has bought custom & standard size air filters for computers from these folks

• Dan’s first MySQL post from January 2000

• 17-Year-Old Corrects NASA Mistake In Data From The ISS

• Dan’s first PostgreSQL post from September 2000

Round Up:

• Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs

• Dishwasher has directory traversal bug

• Apple Says It Fixed CIA Vulnerabilities Years Ago

• Data breach disclosure 101: How to succeed after you’ve failed

• LastPass releases fix browser extension security flaws

• Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs

• 17-Year-Old Corrects NASA Mistake In Data From The ISS

• That Time I Trolled the Entire Internet

• Dan’s external Nagios instance

The post Privacy is Dead | TechSNAP 312 first appeared on Jupiter Broadcasting.