Preparing for a camping trip in the woods has never been more stressful, we debate how much tech to take. Plus the US suspects China breached about 4 million government records, Steam Machines get a ship date & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• U.S. Suspects Hackers in China Breached About 4 Million People’s Records, Officials Say – WSJ
• Meet Cinch!– The ultimate pop-up tent with solar power & LED by Jake Jackson — Kickstarter
• Apple Still Negotiating With Music Labels Over Streaming Terms Days Before WWDC Launch – Mac Rumors
• Review #Jolla #SailfishOS: [News] New Sailfish OS phone manufacturer confirmed
• Steam Machines, Steam Link, & Steam Controller Launching November 10th
• Spotify Client 1.x beta for Linux has been release… – The Spotify Community
• Skype for Web (Beta) in US and UK | Skype Blogs – – Skype Blogs
• Jupiter Broadcasting Meetup (Seattle, WA) – Meetup
• Support Tech Talk Today creating DAILY PODCASTS
• Portable Generators – Power Practical

The post Solar Freaking Tents! | Tech Talk Today 179 first appeared on Jupiter Broadcasting.

Why a stolen healthcare record is harder to track than you might think, Security pros name their must have tools & blame as a service, the new Cybersecurity hot product.

Plus great questions, a huge Round Up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

A day in the life of a stolen healthcare record

• “When your credit card gets stolen because a merchant you did business with got hacked, it’s often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach.”
• “I was reminded of this last month, after receiving a tip from a source at a cyber intelligence firm based in California who asked to remain anonymous. My source had discovered a seller on the darknet marketplace AlphaBay who was posting stolen healthcare data into a subsection of the market called “Random DB ripoffs,”
• “Eventually, this same fraudster leaked a large text file titled, “Tenet Health Hilton Medical Center,” which contained the name, address, Social Security number and other sensitive information on dozens of physicians across the country.”
• “Contacted by KrebsOnSecurity, Tenet Health officials said the data was not stolen from its databases, but rather from a company called InCompass Healthcare. Turns out, InCompass disclosed a breach in August 2014, which reportedly occurred after a subcontractor of one of the company’s service providers failed to secure a computer server containing account information. The affected company was 24 ON Physicians, an affiliate of InCompass Healthcare.”
• “The breach affected approximately 10,000 patients treated at 29 facilities throughout the U.S. and approximately 40 employed physicians,” wrote Rebecca Kirkham, a spokeswoman for InCompass.
• So who was the subcontractor that leaked the data? According to PHIprivacy.net (and now confirmed by InCompass), the subcontractor responsible was PST Services, a McKesson subsidiary providing medical billing services, which left more than 10,000 patients’ information exposed via Google search for over four months.
• Think about that for a minute. The information must have just been laying around on their website for it to be able to be found by Google search
• “Still, not all breaches involving health information are difficult to backtrack to the source. In September 2014, I discovered a fraudster on the now-defunct Evolution Market dark web community who was selling life insurance records for less than $7 apiece. That breach was fairly easily tied back to Torchmark Corp., an insurance holding company based in Texas; the name of the company’s subsidiary was plastered all over stolen records listing applicants’ medical histories.”
• “Health records are huge targets for fraudsters because they typically contain all of the information thieves would need to conduct mischief in the victim’s name — from fraudulently opening new lines of credit to filing phony tax refund requests with the Internal Revenue Service. Last year, a great many physicians in multiple states came forward to say they’d been apparently targeted by tax refund fraudsters, but could not figure out the source of the leaked data. Chances are, the scammers stole it from hacked medical providers like PST Services and others.”
• As we have previously discussed, a stolen credit card may be worth a few dollars, even high end corporate cards rarely fetch more than $10 or $15 each. Health care records are worth upwards of $100 each.
• “Sensitive stolen data posted to cybercrime forums can rapidly spread to miscreants and ne’er-do-wells around the globe. In an experiment conducted earlier this month, security firm Bitglass synthesized 1,568 fake names, Social Security numbers, credit card numbers, addresses and phone numbers that were saved in an Excel spreadsheet. The spreadsheet was then transmitted through the company’s proxy, which automatically watermarked the file. The researchers set it up so that each time the file was opened, the persistent watermark (which Bitglass says survives copy, paste and other file manipulations), “called home” to record view information such as IP address, geographic location and device type.”
• “The company posted the spreadsheet of manufactured identities anonymously to cyber-crime marketplaces on the Dark Web. The result was that in less than two weeks, the file had traveled to 22 countries on five continents, was accessed more than 1,100 times. “Additionally, time, location, and IP address analysis uncovered a high rate of activity amongst two groups of similar viewers, indicating the possibility of two cyber crime syndicates, one operating within Nigeria and the other in Russia,” the report concluded.“

Security pros name their must have tools

• Network World asked some “security pros” from around the industry to name their must have tools
• Lawyers Without Borders uses Intralinks VIA to securely share files
• Yell.com (a yellow pages site) uses Distil Networks’ bot detection and mitigation service to prevent content theft and avoid excess load from web scraper bots
• SureScripts.com (online perscription service) uses Invincea FreeSpace Enterprise for endpoint security. “stops advanced end user attacks (spear phishing, drive-by downloads, etc.) via containment, and stops our machines from getting infected
• a biotechnology company uses EMC Syncplicity to secure and distribute content to mobile devices. “It is an amazing mobile app that offers a great user experience and also offers the security and control we need as a therapeutics company with lots of sensitive information”
• A private health insurance software application provider uses Forum Sentry API gateway to protect its API from malactors. “Forum Sentry enabled us to securely expose our APIs to our private health insurance funds, third parties and internal clients and has provided a policy-based platform that is easy to maintain and extend – all while reducing development time and resources”
• Firehouse Subs, a large restaurant chain uses Netsurion’s Managed PCI to manage their Payment Card Industry Data Security Standard compliance. “Netsurion simplifies PCI for myself, and our franchisees, allowing us to maintain focus on other portions of our business”
  • A software vendor that makes heavy uses of Software as a Service (SaaS) relies on Adallom for SaaS to monitor, provides visibility into, and protection of SaaS applications.
  • Iowa Vocational Rehabilitation Services, raved about the configurability and reliability of NCP’s enterprise VPN solution
• I am sorry, when I started writing this news item for TechSNAP, I thought the list was going to be useful
• These were not the kinds of tools I was expecting
• Instead it just shows a random reporter who knows nothing about Cyber Security, asking a bunch of random businesses who know nothing about Cyber Security and just buy magic software and services what they think
• If your approach to cyber security is: buy some magic software, then you’re in trouble
• Cyber Security is a mindset, and requires defense in depth. It is about doing as much as can be done, and more importantly, planning for when that turns out to not be enough.
• What you really need is a cyber security disaster kit, like the one you have in your house in the event of a nature disaster. All of the things you need to survive until the mess is cleaned up.
• What companies really need, is to do cyber security fire drills, and have better fire alarms
• Software can’t solve everything, but it can help automate the task of getting the attention of a human at the right time

Intel launches new line of E7 v3 Haswell-EX processors

• Intel has announced its new E7-8800 and E7-4800 line of processors, featuring:
• 20% more cores/threads
• 20% more Last-Level Cache
• Benchmarks show actual 15-20% gains over the E7-4890 v2
• Support for DDR3 or DDR4 memory (not at the same time). “Support for the two differing memory types comes by way of Intel’s C112 and C114 scalable memory buffers.”
• 1.5 TB of ram per socket, quad channel, 102 GB/s memory bandwidth
• This means a 4 socket motherboard can have 6TB of ram, and an 8 socket board can have 12TB of ram
• 32 PCI-E 3.0 lanes per socket
• The highest end versions also feature QPI links at 9.6 GT/s (the previous maximum was 8.0 GT/s)
• E7-4xxx models are designed for 4 socket motherboards, while the E7-8xxx models are for 8 socket motherboards
• Models include:
  • E7-4809 v3 – 8x 2.00 GHz + HT, 20MB LLC
  • E7-4820 v3 – 10x 1.90 GHz + HT, 25MB LLC
  • E7-4830 v3 – 12x 2.10 GHz (Turbo: 2.70 GHz) + HT, 30MB LLC
  • E7-4850 v3 – 14x 2.20 GHz (Turbo: 2.80 GHz) + HT, 35MB LLC
  • E7-8860 v3 – 16x 2.20 GHz (Turbo: 3.20 GHz) + HT, 40MB LLC
  • E7-8880 v3 – 18x 2.30 GHz (Turbo: 3.10 GHz) + HT, 45MB LLC
  • E7-8890 v3 – 18x 2.50 GHz (Turbo: 3.30 GHz) + HT, 45MB LLC
  • E7-8891 v3 – 10x 2.80 GHz (Turbo: 3.50 GHz) + HT, 45MB LLC
  • E7-8893 v3 – 4x 3.20 GHz (Turbo: 3.50 GHz) + HT, 45MB LLC
• “Want!”

Feedback:

• Looking for a better/different back-up solution.

• Question about NAS versus SAN

• A response to the docker criticism in Episode 212 “Dormant Docker Disasters”

• The concept of a Virtual/Logical DMZ?

Round Up:

• Actively exploited WordPress bug puts millions of sites at risk
• Learn about how Windows kernel exploits work with the “HackSys Extreme Vulnerable Driver”
• PillPack.com online pharmacy vulnerability could have allowed anyone to view your entire perscription history, with only your name a birthdate
• Network reconnaissance without actually probing the network, using DNS
• Hospira Lifecare PCA infusion pump has telnet enabled with no password, allows anyone to root it with a tcp connection
• Boeing 787 dreamliner generator control units contain software bug that causes them to fail after 248 days of uptime
• Microsoft bangs the cybersecurity drum with Advanced Threat Analytics
• How to make two C binaries with the same MD5 hash – Why you shouldn’t trust MD5
• Understanding Docker Security and Best Practices
• Netflix open sources FIDO – Fully Integrated Defense Operation
• Docker vs the container world: Techies rally around CoreOS-led spec
• Lab of a Pen Tester — Dumping Windows 8.1 passwords in plain text
• System Crash for Starbucks Leads to Free Coffee for Some
• L3 cache mapping on Sandy Bridge CPUs
• Google Can’t Ignore The Android Update Problem Any Longer
• Researcher finds another method of bypassing Google’s password alert feature
• Windows 10 to do away with Patch Tuesday
• “unnamed FreeBSD Developer: OMG!!! I found a place where an ex-employee went to the repo, checked out the distribution tarball of freeipmi… unpacked it… edited the Makefiles, re-tarred it up and checked it back in under same name…”

The post Blame as a Service | TechSNAP 213 first appeared on Jupiter Broadcasting.

An AT&T insider steals customer info, Samsung’s sales could be slipping by as much as 60% and Yahoo gets bit by Shellshock.

Plus our Kickstarter of the week & much more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

AT&T Hit By Insider Breach | Threatpost | The first stop for security news

AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users. The compromised data includes Social Security numbers and driver’s license numbers.

In a letter sent to the Vermont attorney general, AT&T officials said that the breach occurred in August and that the employee in question also was able to access account information for AT&T customers.

“We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver’s license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization,” said Michael A. Chiarmonte, director of finance billing operations at AT&T, in a letter to the Vermont AG.

The CPNI he referred to in the letter includes data that’s related to the services that consumers buy from the company. Chiarmonte said that the letter that the employee responsible for the breach no longer works for AT&T. It’s not clear from AT&T’s disclosure how many consumers have been affected by the breach or which other states may have citizens who are affected.

As a result of the breach, AT&T is offering affected customers a year of free credit monitoring, as has become customary in these incidents.

Samsung Warns Weak Q3 Earnings – Business Insider

Samsung warned Monday night that its third-quarter earnings will be weaker than expected.

The company said it would report an operating profit of $3.8 billion for the quarter ending in September — a decline of nearly 60 percent from the same time a year earlier. Sales fell to $44 billion, off 20 percent from a year ago. […]

The South Korean electronics giant said that while smartphone shipments increased, its operating margins fell because of higher marketing costs, fewer shipments of high-end phones and a lower average selling price for the devices.

The company said it is responding with a new smartphone lineup that will include new mid-range and low-end devices, which would make Samsung’s products more competitive in markets such as China.

Hackers Compromised Yahoo’s Servers Using Shellshock

The exploits were first discovered by security researcher, Jonathan Hall. Hall pointed to two Yahoo Games servers that had been exploited. After Yahoo was contacted by Security Week it issued the following statement:

A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network. Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.

• Yahoo! got hacked this morning… Hooray for Shellshock! : technology

• Shellshock: Romanian hackers are accessing Yahoo servers, claims security expert

Plex Launches On Xbox One

The Plex app for Xbox One is a new approach to Plex overall, with a landscape interface that Plex co-founder and Chief Product Officer Scott Olechowski says is admittedly due partly to design requirements set out by the Xbox team, but that also will make its way back to the wider suite of Plex software on other platforms, too.

“[Xbox] certainly kind of encouraged this landscape type scrolling, but the more we used this the more we realized how well it works,” he said. “You’ll see this approach taken in other places. The more we used it, the more we realized it’s more natural. We kind of fell in love with aspects of it, [and] over time we want to have a more consistent experience.”

• Report: Microsoft Sells 100,000 Xbox Ones in China

The Xbox One, the first official video game console to launch in China in 14 years, has started its console life in the middle kingdom with a bang! According to Chinese news sources, the Xbox One sold over 100,000 units within the first week of sales.

KICK STATER OF THE WEEK: Granola Strolla – Portable Solar USB charger by Granola Strolla Inc. — Kickstarter

GranolaStrolla is a portable, affordable and easy to use solar charged batterypack able to charge USB devices as fast as a wall charger

The post AT&T's Identity Giveaway! | Tech Talk Today 71 first appeared on Jupiter Broadcasting.