The core developer of Kali Linux joins us to discuss the projects history, what keeps Kali Linux so relevant in the penetration testing industry, the future and the major misconceptions he wants to correct about the distro.

Plus we’ll explains all the recent KDE releases, and demo the latest state of the Plasma 5 desktop and tour a radio station that runs linux.

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Kali Linux Interview:

Brought to you by: System76

Mati (muts) Aharoni

Mati Aharoni is the founder and core developer of the Kali Linux project, as well as the CEO of Offensive Security. Over the past year, Mati has been developing a curriculum designed for users who wish to make the most out of the Kali Linux operating system. By bringing together several advanced features in the Kali OS and projecting them into useful and practical scenario based exercises, the Kali Linux workshop was born. The workshop is designed to be a fast-paced, crash course to the most advanced features in the distribution, giving attendees the ability and freedom to bend Kali Linux to fit their needs.

Questions for Mati:

• What made you to create/develop for Kali/Backtrack?

• Do you still work in the security / penetration testing filed?

• How do you think the industry has changed in the recent years?

• Do you ever feel concerned that Kali could raise the wrong kind of attention?

• Can you touch on the Backtrack to Kali transition?

• Could you talk about the move to Debian as the base?

• How big is the Kali Team?

• In our Subreddit you mentioned:

One of my personal crusades in the next few months is to try to increase awareness of the flexibility of Kali Linux and try to change people’s mindsets about what our project has to offer.

• Could you expand on that here?

• Ever have any questions for the Kali/Backtrack developers…?

Black Hat USA 2014 | The Kali Linux Dojo

The developers of Kali Linux present the first official all-day Kali Linux event at Black Hat USA 2014. Consisting of five, one-hour workshops, we will take you on a unique journey through Kali Linux while providing rare insights and an in-depth look at the most powerful features available in our advanced penetration-testing platform.

— Picks —

Runs Linux

Radio Station runs ALL Linux

Video edited entirely in Linux (Lightworks on Ubuntu 12.04 x64)

Desktop App Pick

mpv.io

a free, open source, and cross-platform media player
mpv is a fork of mplayer2 and MPlayer. It shares some features with the former projects while introducing many more.

• MPV 0.4.1 Brings Various Bug Fixes

Weekly Spotlight

Unreal Engine 4 Now Has Linux Demo Games To Try

Thanks to the community a bunch of demo games built in Unreal Engine 4 now work on 64bit Linux, so give it a try! The current Unreal Engine only supports 64bit Linux, so remember that if you plan to try the test games.

— NEWS —

KDE Frameworks 5 Has Been Officially Released

The KDE Community is proud to announce KDE Frameworks 5.0. Frameworks 5 is the next generation of KDE libraries, modularized and optimized for easy integration in Qt applications.

On Plasma 5 | Mart

We used to have a 6 months “big release” of all things KDE, called in the beginning just “KDE”, then “KDE SC”, but this release is not that anymore, because KDE grown a lot in the past years, is not just that anymore, and “a single release of everything” scales only so much.

So, when a new version will arrive? how do you check if new applications come? The development cycle will be much faster now: you can expect a new release of the KDE frameworks (so the libraries, not the applications) every month, while Plasma5 will be each 3 months instead for now.

• Getting Started/Using Project Neon to contribute to KDE – KDE TechBase

• wteng on Reddit ELI5: KDE SC, Plasma Next, QT5, etc?

• KDE – The community, similar to e.g. Mozilla.

• KDE Plasma Workspaces – The workspaces created by KDE. This is what you “log in” to, and what handles the windows, desktop, and panels. There are different KDE workspaces for different form factors, such as Plasma Desktop (most common one), Plasma Netbook, Plasma Mobile (replaced by Contour) etc. So instead of saying “I use KDE”, you probably want to say “I use [KDE] Plasma Desktop”, similar to how you would say “I use [Ubuntu] Unity” or “I use GNOME Shell”. Plasma 5 is the next generation of Plasma Workspaces. Plasma 2 and Plasma Next were temporary working names that people used to refer to Plasma 5.

• KDE Applications – Applications created using KDE libraries.

• KDE Frameworks – The libraries and software frameworks that allow you to create graphical applications. (Formerly called KDE Platform.)

• Qt – The application framework and graphical toolkit that KDE Frameworks is based on. There are non-KDE applications that use Qt, for example Google Earth, VLC, etc.

Until now there was still a big bundle consisting of the libraries, Plasma Desktop, and a lot of KDE applications that were released together regularly. This bundle was internally called KDE Software Compilation. It seems like KDE is moving away from having the same release schedule for everything, which is why you’ll see things like “New version of KDE Frameworks” etc. instead of “New version of KDE”.

To summarize:

If you like the workspace (the thing you log into and that handles your windows, desktop, widgets, panel, etc.), you should look forward to Plasma 5.

If you like a KDE application, like Dolphin, Okular, Krita, etc., you should be excited about the next version of that KDE application.

If you’re a developer, then you’ll probably enjoy the improvements in KDE Frameworks and Qt. There have been rather big changes in these underlying libraries that bring several benefits to users, such as modularization (less dependencies if you just want to e.g. install a KDE application) and performance, but you really shouldn’t worry too much about these.

When before you would tell people that you use KDE, now say e.g. “I use Plasma Desktop” when referring to the workspace, or “I use Dolphin” when you want to refer to a particular application (in this case Dolphin).

Desktop Containers – The Way Forward

• Sandboxed applications for GNOME | As far as I know

There’s quite a lot to be said about sandboxed applications, so this is the first of two posts on the subject.

• Desktop containers / app sandboxing to play a relevant role in Fedora Workstation | fedoraFTW | fedora = free open-source

Fedora Workstation is to have support for quite some technologies, including desktop containers and sandboxed applications.

Manjaro Linux Developers Experience A Mass Exodus [Updated]

“Manjaro will still exist and we have now some issues to deal with. We are sorry to all those projects trusting on us. This issue has grown now and not only our forum is now affect. The team is in direct contact with those forums and projects. It even went so far that people using our pictures and impersonate us. Not only me but other team members as well. Friends, we will pass this issue together and it also shows how strong we are, truly. I thank you all having you in my team and doing Manjaro together.”

• Statement: The future of Manjaro Linux

• Manjaro Linux Developers Experience A Mass Exodus

Feedback:

• Kernellinux – Runs Linux – YouTube

• Oscon meetup!

— Chris’ Stash —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged
• Articles by Matt Hartley
• BattleBlock Theater – Part 4 | Geek And The Gamer

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Kali Linux Interview | LAS 321 first appeared on Jupiter Broadcasting.

It’s great to be a malware author, if your selling to the government, Bypassing PayPal’s two-factor authentication is easier than you might think. Plus a great batch of your questions and our answers and much, much more!

Thanks to:

— Show Notes: —

Flaw in mobile app allows attackers to bypass PayPal two-factor authentication

• Researchers at Duo Security have produced a proof-of-concept app that is able to bypass the two-factor authentication when using the PayPal mobile app, allowing an attacker to transfer funds out of a PayPal account with only the username and password, without needing to provide the one-time password
• The PayPal bug was discovered by an outside researcher, Dan Saltman, who asked Duo Security for help validating it and communicating with the PayPal security team
• “PayPal has been aware of the issue since March and has implemented a workaround, but isn’t planning a full patch until the end of July”
• Currently, the PayPal mobile apps do not support 2 factor authentication, meaning if you have 2FA enabled on your PayPal account, you cannot use the mobile app
• The exploit tricks the PayPal app into ignoring the 2FA flag and allowing the mobile app to work anyway
• The researchers found that in the PayPal mobile app, the only thing preventing a 2FA enabled account from working was a flag in the response from the server
• After modifying that flag, it was found that the client could login, and transfer funds
• The check to prevent 2FA enabled accounts from logging in without the one-time passwords appears to only be enforced on the client, not the server as it should be
• Once logged in with a valid session_id, the proof-of-concept app is able to use the API to transfer funds
• “There are plenty of cases of PayPal passwords being compromised in giant database dumps, and there’s also been a giant rise in PayPal related phishing”
• It is not clear how large the bug bounty on this vulnerability will be

“Hacking Team”

• “Hacking Team” is an Italian company that develops “legal” spyware used by law enforcement and other government agencies all over the world
• They originally came to light in 2011 after WikiLeaks released documents from 2008 where Hacking Team was trying to sell its software to governments
• The software bills itself as “Offensive Security”, allowing LEAs to remotely monitor and control infected machines
• The software claims to be undetectable, however when samples were anonymously sent to AV vendors in July of 2012, most scanners added definitions to detect some variants of the malware
• In newly released research, Kaspersky has tracked the Command & Control (C2) servers used by “HackingTeam”
• The countries with the most C2 servers include the USA, Kazakhstan, Ecuador, the UK and Canada
• It is not clear if all of the C2 servers located in these countries are for the exclusive use of LEAs in those countries
• “several IPs were identified as “government” related based on their WHOIS information and they provide a good indication of who owns them.”
• The malware produced by Hacking Team has evolved to include modern malware for mobile phones
• Although this is rarely seen, if it is only used by LEAs rather than for mass infection, this is to be expected
• On a jail broken iOS device, the malware has the following features:
• Control of Wi-Fi, GPS, GPRS
• Recording voice
• E-mail, SMS, MMS
• Listing files
• Cookies
• Visited URLs and Cached web pages
• Address book and Call history
• Notes and Calendar
• Clipboard
• List of apps
• SIM change
• Live microphone
• Camera shots
• Support chats, WhatsApp, Skype, Viber
• Log keystrokes from all apps and screens via libinjection
• The Android version is heavily obfuscated, but it appears to target these specific applications:
• com.tencent.mm
• com.google.android.gm
• android.calendar
• com.facebook
• jp.naver.line.android
• com.google.android.talk
• The article also provides details about how mobile phones are infected. Connecting a phone to an already compromised computer can silently infect it. In addition, the research includes screenshots of the iOS “Infector”, that merely requires LEAs connect the phone to their computer, where they can manually infect it before returning it to the owner
• Additional Coverage – ThreatPost
• Additional Coverage – SecureList
• Additional Coverage – SecureList – Original article on HackingTeam from April 2013

Feedback:

• What is the point of SUDO?
  • SUDO Mastery

• Sending E-mail from a server

• How To Install and Setup Postfix on Ubuntu 14.04 | DigitalOcean

• How To Configure a Mail Server Using Postfix, Dovecot, MySQL, and SpamAssasin | DigitalOcean

• Securing data in a database with GnuPG or OpenSSL

Round Up:

• Google Starts Removing Search Results Under Europe’s ‘Right to be Forgotten’
• Malware authors targeting vendors of legitimate apps as new infection vector. By hacking the websites of legitimate applications used by plants that also employ ICS (Industrial Control Systems), such as power plants, they gain a way to get a foothold in secure networks.
• Nation States implicated in two airports hacked with spear-phishing emails
• Yeah, I trust that ATM, looks totally legit
• Intel offering x86 based robot kits designed to be augmented with 3d printed parts
• MIT researchers unveil 36 core ‘tile’ processor that uses a routed network to move data between cores
• Red Hat Assistant General Counsel posts analysis of Supreme Court’s patent ruling
• Intuit defeats patent troll that bested NewEgg, may finally put an end to the SSL+RC4 trials

The post Big Brother's Malware | TechSNAP 169 first appeared on Jupiter Broadcasting.

Our frank advice for switches to Linux. Despite what what the advocates would have you believe, there are some important consideration a potential Linux switcher should make. Our team of silverback Linux users shares their tips after years of using Linux.

Thanks to:

• Help the DigitalOcean community by submitting articles and get paid $50 per published piece!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Show Notes:

FU

• Positive in the Pragmatic Dimension

• OwnCloud Client + SSD + TRIM = Bad Day

• Subject Lets discus: meritocracy in the FOSS community

Switching Ain’t Easy, Don’t Fool Yourself

• Linux Desktop\’s Missed Opportunities

Two huge opportunities for the Linux desktop right now are the end of Windows XP support and the less than amazing reception of Windows 8 by casual users.

• Please help me to switch from widows

These may like silly stuff to wine about, but your little quarrel couple episodes ago with IRC on same topic, and I share your point of view. Windows is just too comfortable.

Mail Sack:

• noNeedTo edToPronouceMyNameCorrectly

The post Don’t Switch to Linux | LINUX Unplugged 15 first appeared on Jupiter Broadcasting.

The TSA is one of the stars in the US Government\’s security theater that keeps the public always fearing attack. In this week’s episode we’ll demonstrate how the media is used to manipulate public support for sweeping security changes.

Plus – We’ll unfilter some headlines, and cover your feedback from our first episode.

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | OGG Audio Feed | iTunes Feeds

ACT ONE: NEWS

• Army Readies Its Mammoth Spgy Blimp for First Flight
• U.S. Outgunned in Hacker War
• More Americans Worried About Cybarmegeddon Than Terrorism, Study Finds
  • Study Confirms The Government Produces The Buggiest Software
• FBI quietly forms secretive Net-surveillance unit
• Congress Proposes Giving Another $10 Million To ICE To Censor More Websites For Hollywood

ACT TWO: TSA Security Theater

• How much is being spend on the TSA’s?
  • According to the U.S. Department of Homeland Security Budget-in-Brief for Fiscal Year 2013 The 2013 President’s Budget for the Transportation Security Administration (TSA) is $7,644,585,000
  • The TSA accounts for 13% of the Department of Homeland Security\’s annual budget.
  • Down from The TSA\’s Fiscal Year 2012 President\’s Budget was $8,115,259,000 and the TSA accounted for 14% of the DHS annual budget
• TSA screeners are only being paid between $9.88 – $16.38 an hour according to payscale.com
• TSA Behavioral Detection Statistics: officers sidetracked 50,000 passengers in 2010 and arrested 300 passengers – none turned out to be terrorists
• TSA Scanners Might Not Catch Underwear Bombs & ID Thief Becomes a TSA \”Officer\”
• TSA Creator Says Dismantle, Privatize the Agency\”
• EDITORIAL: TSA’s \”power grope\”
• TSA Trials Expanding to Busses
• TSA Bus Trial Backfires
• Famed Hacker Arrested for Pot Possession En Route To SXSW by TSA Stop
• TSA’s “VIPER” program stumbles again\”

ACT THREE: Feedback

• Ubiquity Writes…

  Was hoping for a video show, LAS and SNAP are great because of that.

• Jim Writes…

  If you are going to be doing shows on political issues, you at least have to make some kind of attempt at balance. You are going to have to present arguments from all sides of the issue and you need guests on the show to argue the opposing sides.

• Ubiquity Writes.. (again)

  I think it\’s about time more people did discuss issues that do really matter. While not everyone may agree with topics that are political or religious, its discussion that needs to happen. I would suggest sticking to the facts as much as possible, and unfortunately there are many facts that challenge popular beliefs. One advantage of the IT industry is that most \”wise\” decisions are based on facts and statistics. I think of this content as educational, better for the greater good of people.

Unfilter on Reddit

Link List:

• It\’s Like An Advertisement For Airport Security Bomb Detecting Technology
• Al Qaeda Working To Surgically Implant Bombs In People & Even Pets!
• US politicians condemn leak of CIA\’s al-Qa\’ida sting operation

Song pick of the week: SONG: Mr. TSA: a Response to Having My Pants Pulled Down by the TSA Which was released under a Creative Commons License

The post Security Theater Critics | Unfilter 2 first appeared on Jupiter Broadcasting.

Facebook is fooled again, remote controlled voting machines, and Sony has another 93,000 accounts hacked, we’ll load you up on the details!

Then – We cover your best options for pimping your home network for speed!

HD Video | Large Video | Mobile Video | WebM | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
Subscribe... --RSS-- TechSNAP HD TechSNAP Large TechSNAP Mobile TechSNAP MP3 TechSNAP OGG --iTunes-- TechSNAP iTunes HD TechSNAP iTunes Mobile TechSNAP iTunes Large TechSNAP iTunes MP3

[ad#shownotes]

Show Notes: