Show Notes: linuxactionnews.com/151

The post Linux Action News 151 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/127

The post Linux Action News 127 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Google Will Survive SESTA. Your Startup Might Not.

• Requires unreliastic levels of censorship by platforms; not even the big players will be able to comply 100%

• Proponents consider startups to be outliers, which “will be successfully prosecuted, civilly and criminally under this law”.

• Proponents are overstating the effectiveness of filtering

• Proposed standards actually discourage platforms from filtering

Companies Look to an Old Technology to Protect Against New Threats

• Tape is an old techology. It is also highly reliable and stable

• Tape sales are increasing

• Yep, backup to NAS is great, but do you have different versions of your data?

CBS’s Showtime caught mining crypto-coins in viewers’ web browsers

• This isn’t about CBS. It’s about the potential for abuse by website owners

• Code unlikely to be official sanctioned / added by CBS; mure more likely it was a malicious third party or insider.

• The email address associated with the mining account is personal, not corporate

• Ethical issues for content providers to figure out

Feedback

• Funny sounds throughout the show

• Cox checking for credit score

Round Up:

• One week after

• SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors

• APFS AND HFS+ BENCHMARKS

• What’s New in PostgreSQL 10?

• a 160-terabits-per-second cable

The post Laying Internet Pipe | TechSNAP 339 first appeared on Jupiter Broadcasting.

A potential solution to Ransomware, the 15 year bug that cost CitiGroup $7 Million dollars, Dropbox’s new middle out compression & another flaw that affects all versions of Windows.

Plus your questions, our answers, a packed roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

CitiGroup hit with $7 million fine over software bug dating back to 1999

• CitiGroup, a large US Financial institution, is being fined for failing to properly report to the US Securities and Exchange Commission (SEC)
• According to the SEC, the error [PDF] resulted in the financial regulator being sent incomplete “blue sheet” information for a remarkable 15 years – from May 1999 to April 2014.
• The bank was required to send details of all stock transactions, and due to a bug, a number of branches were never included in those reports
• The details are quite amusing
• “The mistake was discovered by Citigroup itself when it was asked to send a large but precise chunk of trading data to the SEC in April 2014 and asked its technical support team to help identify which internal ID numbers they should run a request on.”
• “That team quickly noticed that some branches’ trades were not being included in the automated system and alerted those above them. Four days later a patch was in place, but it wasn’t until eight months later that the company received a formal report noting that the error had affected SEC reports going back more than a decade. The next month, January 2015, Citigroup fessed up to the SEC.”
• “It turned out that the error was a result of how the company introduced new alphanumeric branch codes. When the system was introduced in the mid-1990s, the program code filtered out any transactions that were given three-digit branch codes from 089 to 100 and used those prefixes for testing purposes.”
• So any transaction with a branch code in that range, was considered test data, and not reported to the government
• “But in 1998, the company started using alphanumeric branch codes as it expanded its business. Among them were the codes 10B, 10C and so on, which the system treated as being within the excluded range, and so their transactions were removed from any reports sent to the SEC.”
• “The SEC routinely sends requests to financial institutions asking them to send all details on transactions between specific dates as a way of checking that nothing untoward is going on. The coding error had resulted in Citigroup failing to send information on 26,810 transactions in over 2,300 such requests.”
• “The SEC was not impressed and said in a statement announcing the fine that the “failure to discover the coding error and to produce the missing data for many years potentially impacted numerous Commission investigations.””
• “Broker-dealers have a core responsibility to promptly provide the SEC with accurate and complete trading data for us to analyze during enforcement investigations,” said Robert Cohen, co-chief of the SEC enforcement division’s market abuse unit. “Citigroup did not live up to that responsibility for an inexcusably long period of time, and it must pay the largest penalty to date for blue sheet violations.”
• 7 Million seems like a relatively small fine for such a large screw up, but it does not appear to have been malicious.

New system to detect ransomware by looking at filesystem patterns

• “Our system is more of an early-warning system. It doesn’t prevent the ransomware from starting … it prevents the ransomware from completing its task … so you lose only a couple of pictures or a couple of documents rather than everything that’s on your hard drive, and it relieves you of the burden of having to pay the ransom,” said Nolen Scaife, a UF doctoral student and founding member of UF’s Florida Institute for Cybersecurity Research.
• “Attacks most often show up in the form of an email that appears to be from someone familiar. The recipient clicks on a link in the email and unknowingly unleashes malware that encrypts his or her data. The next thing to appear is a message demanding the ransom, typically anywhere from a few hundred to a few thousand dollars.”
• “It’s an incredibly easy way to monetize a bad use of software,” said Patrick Traynor, an associate professor in UF’s department of computer and information science and engineering at UF and also a member of the Florida Institute for Cybersecurity Research. He and Scaife worked together on developing CryptoDrop.
• “We ran our detector against several hundred ransomware samples that were live,” Scaife said, “and in those case it detected 100 percent of those malware samples and it did so after only a median of 10 files were encrypted.”
• “About one-tenth of 1 percent of the files were lost,” Traynor said, “but the advantage is that it’s flexible. We don’t have to wait for that anti-virus update. If you have a new version of your ransomware, our system can detect that.”
• Video – Extortion extinction: Ransomware
  
• It seems like it would be fairly trivial to detect the pattern that ransomware uses. I imagine most ransomware creates a new file, named original.ext.locked and then encrypts the contents of the original file, then removes the original
• It is possible newer ransomware could use new patterns, like renaming files and overwriting in place, or encrypting files in random order instead of walking the directory tree to make it harder to detect
• Additional Coveragge: Phys.org

Dropbox open sources Lepton image compression algorithm, save 22% by losslessly compressing JPEGs

• “Lepton achieves a 22% savings reduction for existing JPEG images, by predicting coefficients in JPEG blocks and feeding those predictions as context into an arithmetic coder. Lepton preserves the original file bit-for-bit perfectly. It compresses JPEG files at a rate of 5 megabytes per second and decodes them back to the original bits at 15 megabytes per second, securely, deterministically, and in under 24 megabytes of memory.”
• Speed seems very slow, compression is 5 MB/s, and decompression is 15 MB/s
• It is not clear if the encoding can be multithreaded across many cores to increase speed, like xz can do. Even without that, in most cases you would be dealing with many image files at once, but even compressing many files at once, that is quite slow
• “We have used Lepton to encode 16 billion images saved to Dropbox, and are rapidly recoding our older images. Lepton has already saved Dropbox multiple petabytes of space.”
• The article has a very good description of how JPEG encoding works
• “The DC coefficient (brightness in each 8×8 block) takes up a lot of room (over 8%) in a typical iPhone photograph so it’s important to compress it well. Most image formats put the DC coefficients before any AC coefficients in the file format. Lepton gets a compression advantage by coding the DC as the last value in each block. Since the DCs are serialized last, there is a wealth of information from the AC coefficients available to predict the DC coefficient. By defining a good and reproducible prediction, we can subtract the actual DC coefficient from the predicted DC coefficient, and only encode the delta. Then in the future we can use the prediction along with the saved delta to get the original DC coefficient. In almost all cases, this technique results in a significantly reduced number of symbols to feed into our arithmetic coder.”
• “Lepton can decompress significantly faster than line-speed for typical consumer and business connections. Lepton is a fully streamable format, meaning the decompression can be applied to any file as that file is being transferred over the network. Hence, streaming overlaps the computational work of the decompression with the file transfer itself, hiding latency from the user.”
• Because it can be streamed, this means that mobile devices could work via a proxy, that compresses all JPEG content before transmitting it to the mobile device, then an application on the mobile device could decompression it and display the resulting JPEG

Flaw in Windows Printing subsystem affects all versions of Windows

• “A remote code execution vulnerability exists when the Windows Print Spooler service does not properly validate print drivers while installing a printer from servers. An attacker who successfully exploited this vulnerability could use it to execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
• “Most organizations try to apply the principle of least privilege to the devices in their networks. This works pretty well for things like laptops or desktops since the hardware they use doesn’t change that often. However printers are a bit different. While they still need drivers, printers need to support virtually any user that wants to connect to them. As end-users move through a building, they naturally want to use the printer closest to them. Mobile users expect to be able to easily connect and use a printer when they come into the office. In addition, most organizations don’t standardize on a single printer, and will have multiple models and manufacturers often within a single network.”
• “So instead of having system administrators push all possible printer drivers to all workstations in the network, the solution was to develop a way to deliver the driver to a user device right before the printer is used. And this is where Point-and-Print showed up. This approach stores a shared driver on the printer or print server, and only the users of that printer receive the driver that they need. At first glance, this is a practical and simple solution to driver deployment. The user gets access to the printer driver they need without requiring an administrator – a nice win-win.”
• “By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and run under the SYSTEM user, with all the available privileges.”
• The researchers managed to dissect a firmware update for an existing printer, and modify it to infect Windows clients that load its driver with malware
• The malware allowed them access to the target Windows client, as the SYSTEM user
• They detail a number of other ways this vulnerability could be exploited:
• Watering hole attacks:
• Backdooring an existing printer or printer server.
• Microsoft print server: driver path: c:\windows\system32\spool\drivers*\3...
• Linux/BSD cups server: check for share driver print$ in the configuration.
• Multiple vendors support Point-and-Print on the printer itself
• Re-flash printer with backdoored drivers.
• Create a fake print server and broadcast with auto discovery.
• Privilege escalation:
• Use the add printer as a privileged escalation mechanism to get system access.
• Mitm attack to the printer and inject the backdoored driver instead of the real one.
• Going more global with IPP and Webpnp. Send users email with a link, when clicked, it attempts to connect to the (fake?) printer in question, and results in the driver being installed on the target computer
• There is more detail in the blog post about infecting a computer remotely
• Researcher blog post
• Microsoft released a fix for this vulnerability as part of the July patch Tuesday
• Official Microsoft Bulletin
• Additional Coverage: softpedia

Feedback:

• How secure is the passphrase?

• FreeNAS On the Go

• https://www.zfsbook.com — FreeBSD Mastery: Advanced ZFS

Round Up:

• Microsoft wins landmark appeal over seizure of foreign emails
• Over 6000 redis installs found exposed directly to the Internet with no authentication
• Comcast Expands Usage Caps
• From the researcher who brought us the MD5 collision story last week, “Bypass AllTheThings”, 5 Application Whitelisting bypasses for Windows in one binary
• BitTorrent Launches News Network at Republican Convention
• Sega Saturn DRM cracked, 23 years after launch. Play games from USB
• MIT’s anonymous online communications protocol Riffle could beat Tor at its own game
• NBC/Universal patents new way to detect bittorrent swarms. Originally applied for in 2009, not clear if the technology is current or useful
• Tor Project, a Digital Privacy Group, Reboots With New Board
• New password reuse checking tool. Enter your username and password and see which sites it is reused on.
• Terms of Mozilla/Yahoo deal from 2014 say that if Yahoo is sold, and Mozilla doesn’t like the new owner, they still get paid $375 million/year until 2019, even if they switch search/advertising to someone else
• WebhostingTalk.com and other forums breached, databases for same on underground forum
• Database left open to internet with no authentication, researcher able to access images of various doors, locks, RFID access panels, and the controller board of an alarm system

The post Ending Ransomware | TechSNAP 275 first appeared on Jupiter Broadcasting.

A series of events kick off this week that lay the foundation for a very productive Bitcoin summer, plus a popular Bitcoin gambling site sells for a record breaking amount, a Bitcoin Ponzi scheme is busted, your emails of the week, and a few surprises!

Downloads:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | Ogg Feed

— Feedback —

• Bitcoin Credit Score

• Bitcoin’s Deflation

• Voicemail

Erupter Follow Up:

• Raspberry Pi: USB Block Erupter Mining

Help spread the word on iTunes with a Rating and Review:

• iTunes – Plan B by Jupiter Broadcasting

Call or txt the Show:

1 (352) 587-5262

(352) 58-PLANB

— Discussion —

Stossel discusses the gold standard and bitcoin

• Bring Back a Gold Standard? | Fox Business Video

Economist Ben Powell and Laissez Faire Books executive editor Jeff Tucker on investing in gold and the bitcoin

SatoshiDice sells for 126,315 BTC

• Bitcoin company acquisitions begin: SatoshiDice sells for $11.5m

Blockchain-based betting game SatoshiDice has been sold for 126,315 BTC, which at the time of writing was worth around $11.47 million.

SEC Charges Texas Man in Bitcoin Ponzi Scheme

• SEC Charges Operator of Bitcoin Savings and Trust with Fraud

The SEC charged Shavers with violating the Securities Act of 1933 for unlawfully selling unregistered securities, as well as intentionally misleading and defrauding investors. Their alert provides an overview of Ponzi schemes — a fund that pays earlier investors with new investors\’ money, often promising returns far exceeding alternative opportunities. The SEC document also explains that virtual currencies may be seen as especially attractive to those looking to conduct fraud as a result of the perceived ability to remain anonymous. Importantly, the filing also notes, \”Any investment in securities in the United states remains subject to the jurisdiction of the seC regardless of whether the investment is made in U.S. dollars or a virtual currency.\”

• SEC.gov | SEC Charges Texas Man With Running Bitcoin-Denominated Ponzi Scheme

The Securities and Exchange Commission today charged a Texas man and his company with defrauding investors in a Ponzi scheme involving Bitcoin, a virtual currency traded on online exchanges for conventional currencies like the U.S. dollar or used to purchase goods or services online.

The SEC alleges that Shavers promised investors up to 7 percent weekly interest based on BTCST’s Bitcoin market arbitrage activity, which supposedly included selling to individuals who wished to buy Bitcoin “off the radar” in quick fashion or large quantities. In reality, BTCST was a sham and a Ponzi scheme in which Shavers used Bitcoin from new investors to make purported interest payments and cover investor withdrawals on outstanding BTCST investments.

Shavers also diverted investors’ Bitcoin for day trading in his account on a Bitcoin currency exchange, and exchanged investors’ Bitcoin for U.S. dollars to pay his personal expenses.

The SEC issued an investor alert today warning investors about the dangers of potential investment scams involving virtual currencies promoted through the Internet.

“Fraudsters are not beyond the reach of the SEC just because they use Bitcoin or another virtual currency to mislead investors and violate the federal securities laws,” said Andrew M. Calamari, Director of the SEC’s New York Regional Office.

• SEC investor alert PDF… Ponzi Schemes using Virtual Currencies

The Movie by Project Bitcoin

• Bitcoin: The Movie by Project Bitcoin — Kickstarter

A documentary about the socioeconomic impact that Bitcoin is making around the world. Comprised of interviews from global Bitcoin users

Bitcoin Pick

• LocalBitcoins.com: Fastest and easiest way to buy and sell bitcoins
• Satoshi Square

— Watch Live —

Tuesday 2pm PDT / 5pm EDT / 9pm GMT

• JbLive.tv

— Plan B Subreddit —

• Plan B Show

— Contact us —

• Chris on G+
• Drew on G+

— Music —

• Thanks to Ronald Jenkees and his fantastic track 7 Times

— Support the Show —

• Donate to the network with your worthless fiat or your fancy bitcoins!

• Tip address:

  1HE36CMdeYCF9N7rmpfa5BwKMGb1PfkNyD

The post Summer of Bitcoin | Plan B 16 first appeared on Jupiter Broadcasting.

Coming up on this week’s TechSNAP…

Researches have developed a way to tie your file sharing to your Skype account. We’ll share the details on how this works, and what you can do to prevent being tracked!

Plus we cover the Ultimate way to host your own email, and what happened when Chinese hackers took control of US Satellites!

All that and more, on this week’s episode of TechSNAP!

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
Subscribe... --RSS-- TechSNAP HD TechSNAP Large TechSNAP Mobile TechSNAP MP3 TechSNAP OGG --iTunes-- TechSNAP iTunes HD TechSNAP iTunes Mobile TechSNAP iTunes Large TechSNAP iTunes MP3

[ad#shownotes]

Show Notes: