What’s really the key to detecting a breach before its become much too late? We’ll share some key insights, plus a technical breakdown of China’s great cannon & the new New French Surveillance Law that should be a warning to us all.

Plus a great round up, fantastic questions, our answers & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Security analytics: The key for breach detection

• “Although security spending is at an all-time high, security breaches at major organizations are also at an all-time high, according to Gartner, Inc. The impact of advanced attacks has reached boardroom-level attention, and this heightened attention to security has freed up funds for many organizations to better their odds against such attacks.”
• “Breach detection is top of mind for security buyers and the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level,” said Eric Ahlm, research director at Gartner. “Security analytics platforms endeavor to bring situational awareness to security events by gathering and analyzing a broader set of data, such that the events that pose the greatest harm to an organization are found and prioritized with greater accuracy.”
• The approach that seems to be in favour at the moment is: security information and event management (SIEM)
• “While most SIEM products have the ability to collect, store and analyze security data, the meaning that can be pulled from a data store (such as the security data found in a SIEM) depends on how the data is reviewed. How well a SIEM product can perform automated analytics — compared with user queries and rules — has become an area of differentiation among SIEM providers.”
• “User behavior analytics (UBA) is another example of security analytics that is already gaining buyer attention. UBA allows user activity to be analyzed, much in the same way a fraud detection system would monitor a user’s credit cards for theft. UBA systems are effective at detecting meaningful security events, such as a compromised user account and rogue insiders. Although many UBA systems can analyze more data than just user profiles, such as devices and geo-locations, there is still an opportunity to enhance the analytics to include even more data points that can increase the accuracy of detecting a breach.”
• “As security analytics platforms grow in maturity and accuracy, a driving factor for their innovation is how much data can be brought into the analysis. Today, information about hosts, networks, users and external actors is the most common data brought into an analysis. However, the amount of context that can be brought into an analysis is truly boundless and presents an opportunity for owners of interesting data and the security providers looking to increase their effectiveness.”
• “Analytics systems, on average, tend to do better analyzing lean, or metadata-like, data stores that allow them to quickly, in almost real-time speed, produce interesting findings. The challenge to this approach is that major security events, such as breaches, don’t happen all at once. There may be an early indicator, followed hours later by a minor event, which in turn is followed days or months later by a data leakage event. When these three things are looked at as a single incident that just happens to span, say, three months, the overall priority of this incident made up of lesser events is now much higher, which is why “look backs” are a key concept for analytics systems.”
• “Ultimately, how actual human users interface with the outputs of large data analytics will greatly determine if the technology is adopted or deemed to produce useful information in a reasonable amount of time,” said Mr. Ahlm. “Like other disciplines that have leveraged large data analytics to discover new things or produce new outputs, visualization of that data will greatly affect adoption of the technology.”
• It will be interesting to see where the industry goes with these new concepts

China’s Great Cannon

• “This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.”
• “On March 16, GreatFire.org observed that servers they had rented to make blocked websites accessible in China were being targeted by a Distributed Denial of Service (DDoS) attack. On March 26, two GitHub pages run by GreatFire.org also came under the same type of attack. Both attacks appear targeted at services designed to circumvent Chinese censorship. A report released by GreatFire.org fingered malicious Javascript returned by Baidu servers as the source of the attack. Baidu denied that their servers were compromised.”
• “Several previous technical reports have suggested that the Great Firewall of China orchestrated these attacks by injecting malicious Javascript into Baidu connections. This post describes our analysis of the attack, which we were able to observe until April 8, 2015.”
• “We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.”
• The report is broken down into a number of sections
• Section 2 locates and characterizes the Great Cannon as a separate system;
• Section 3 analyzes DDoS logs and characterizes the distribution of affected systems;
• Section 4 presents our attribution of the Great Cannon to the Government of China;
• Section 5 addresses the policy context and implications;
• Section 6 addresses the possibility of using the Great Cannon for targeted exploitation of individual users.
• I wonder what the next target of the Great Cannon of China will be

New French Surveillance Law

• “The new French Intelligence Bill has provoked concern among many of the country’s lawmakers, as well as international NGOs.”
• “According to French Human Rights Defender Jacques Toubon, the legislation contravenes the rulings of the European Court of Human Rights”
• “Despite boasting the support of France’s two major political parties, the Union for a Popular Movement (UMP) and the Socialist Party (PS), the Intelligence Bill has come in for some strong criticism in France, and it is now also beginning to raise eyebrows abroad.”
• “Many international NGOs, have condemned the vague and general nature of the bill. Designed to legalise certain surveillance practices, the bill would also broaden the powers of the security services, giving them the authority to ask private operators to follow and report on the activity of internet users. The debate over using terrorism as an excuse for internet surveillance is already raging in France, since Paris decided to “block” access to certain sites in the wake of the 7 January attacks.”
• “But the new bill goes even further. If adopted, it will allow investigators and government agents to intercept private emails and telephone conversations in the name of security, if they are directly linked to an investigation. Agents would be allowed to use new technologies wherever they deem necessary, including microphones, trackers and spy cameras. They would also be able to intercept conversations typed on a keyboard in real time. All these interceptions would be authorised by the Prime Minister, without the prior approval of a judge, and would be authorised after the fact by a new administrative authority, the National Commission for the Control of Intelligence Techniques (CNCTR).”
• “Seven companies, including web hosting and technology companies OVH, IDS, and Gandi have said in a letter to the French prime minister Manuel Valls that they will be pushed into de facto “exile” if the French government goes ahead with the “real-time capture of data” by its intelligence agencies.”
• Letter to French Prime Minister (in French)
• This has caused a very large backlash from the IT community
• Especially some of the large Internet and Server providers like Gandi, OVH, IDS, Ikoula and Lomaco who have threatened to leave France if the law passes
• OVH and Gandi threaten to move their operations, customers, tax revenue, and most importantly, 1000s of high tech jobs
• Hopefully this sends a clear warning to the US and other countries who are considering or proposing similar legislation, or who’s intelligence agencies have run amok
• “The companies argued that being required by the law to install “black boxes” on their networks will “destroy a major segment of the economy,” and if passed it will force them to “move our infrastructure, investments, and employees where our customers will want to work with us.” Citing a figure of 30-40 percent of foreign users, the companies say their customers come to them “because there is no Patriot Act in France,” France’s surveillance bill (“projet de loi relatif au renseignement”) allows the government’s law enforcement and intelligence agencies to immediately access live phone and cellular data for anyone suspected of being linked to terrorism. These phone records can be held for five years.”
• Tech firms threaten mass exodus from franch of new mass suveillance law
• Additional Coverage
• Hacker News

Feedback:

• hardening SSH? on your server and port forwarding email SPAM mail attack analysis….

• Chaining SSH connections | BSD Now

• Creating a snapshot in the middle of file being written.

• An Allan cameo

• FreeBSD Mastery: ZFS (in-progress draft) | Tilted Windmill Press

Some twitter comics:

• A population study of companies identifying the phenotype of a next generation
• An examination of strategic play versus action, concluding that action whilst important was not the key
• An examination of predictability, demonstrating that there was many knowable things which often failed to exploit
• Using weak signals to identify when ‘war’ (i.e. industrialisation) was likely to start in different tech fields
• Not one of my graphs but a neat profile from @DanHushon which make my top list

Second Set:

• Everything you need to know about Knowledge & Expertise
• The Enterprise IT Adoption cycle
• The Entire History of Cloud in one handy 2 x 2
• Build or use? Everything you need to know about Cloud in a handy 2×2
• The Entire history of product development in a handy table
• The future history of technology with helpful hints

Round Up:

• Cash register maker used same password – 166816 – non-stop since 1990
• When the security community eats its own — How the hype around intrusions and compromises can cause problems
• United Airlines prevents security analyst from boarding after tweet
• US Blocks Intel from selling Xeon chips to Chinese Supercomputer Project over concerns they are being used in nuclear tests
• Match.com uses HTTP only login page exposing millions of users’ passwords to those sniffing traffic
• Chinese hacker group going after air gapped computers
• Privilege Escalation via Docker
• US Arms Export restrictions cause Rapid7 to have to manually verify licenses for Metasploit for users outside of the US and Canada. All foreign governmental agencies are no longer allowed to be issued licenses.
• NASA asks to keep an unencrypted options in HTTP/2 because scientific data needs to be cachable
• Adversaries need credentials more than malware. Deny them by avoiding the sins of Windows credential administration

The post The French Disconnection | TechSNAP 211 first appeared on Jupiter Broadcasting.

Microsoft takes 4 years to fix a nasty bug, how to bypass 2 factor authentication in the popular ‘Authy’ app.

Hijacking a domain with photoshop, hardware vs software RAID revisited, tons of great questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Microsoft took 4 years to recover privileged TLS certificate addresses

• The way TLS certificates are issued currently is not always foolproof
• In order to get a TLS certificate, you must prove you own the domain that you are attempting to request the certificate for
• Usually, the way this is done is sending an email to one of the administrative addresses at the domain, like postmaster@, hostmaster@, administrator@, or abuse@
• The problem comes when webmail services, like hotmail, allow these usernames to be registered
• That is exactly what happened with Microsoft’s live.be and live.fi
• A Finnish man reported to Microsoft that he had been able to get a valid HTTPS certificate for live.fi by registering the address hostmaster@live.fi
• It took Microsoft four to six weeks to solve the problem
• Additional Coverage – Ars Technica
• When this news story came out, another man, from Belgium, came forward to say he reported the same problem with live.be over 4 years ago
• “After the Finnish man used his address to obtain a TLS certificate for the live.fi domain, Microsoft warned users it could be used in man-in-the-middle and phishing attacks. To foreclose any chance of abuse, Microsoft advised users to install an update that will prevent Internet Explorer from trusting the unauthorized credential. By leaving similar addresses unsecured, similar risks may have existed for years.”

Bypass 2 factor authentication in popular ‘Authy’ app

• Authy is a popular reusable 2 factor authentication API
• It allows 3rd party sites to easily implement 2 factor authentication
• Maybe a little too easily
• When asked for the verification code that is sent to your phone after a request to Authy is received, simply entering ../sms gives you access to the application
• The problem is that the 3rd party sites send the request, and just look for a ‘success’ response
• However, because the input is interpreted in the URL, the number you enter is not fed to: https://api.authy.com/protected/json/verify/1234/authy_id as it is expected to be
• But rather, the url ends up being: https://api.authy.com/protected/json/verify/../sms/authy_id
• Which is actually interpreted by the Authy API as: https://api.authy.com/protected/json/sms/authy_id
• This API call is the one used to actually send the code to the user
• This call sends another token to the user and returns success
• The 3rd party application sees the ‘success’ part, and allows the user access
• It seems like a weak design, there should be some kind of token that is returned and verified, or the implementation instructions for the API should be explicit about checking “token”:”is valid” rather than just “success”:true
• Also, the middleware should probably not unescape and parse the user input

Hijacking a domain

• An article where a reporter had a security researcher steal his GoDaddy account, and document how it was done
• A combination of social engineering, publically available information, and a photoshopped government ID, allowed the security researcher to take over the GoDaddy account, and all of the domains inside of it
• This could allow:
• an attacker to inject malware into your site
• redirect your email, capturing password reset emails from other services
• redirect traffic from your website to their own
• issue new SSL certificates for your sites, allowing them to perform man-in-the-middle attackers on your visitors with a valid SSL certificate
• Some of the social engineering steps:

  • Create a fake Social Media profile in the name of the victim (with the fake picture of them)

  • Create a gmail address in the name of the victim

  • Call and use myriad plausible excuses why you do not have the required information:
  • please provide your pin #? I don’t remember setting up a pin number
  • my assistant registered the domain for me, so I don’t have access to the email address used
  • my assistant used the credit card ending in: 4 made up numbers
  • create a sense of urgency: “I apologized, both for not having the information and for my daughter yelling in the background. She laughed and said it wasn’t a problem”
  • GoDaddy requires additional verification is the domain is registered to a business, however, since many people make up a business name when they register a domain, it is very common for these business to not actually exist, and there are loopholes
  • Often, you can create a letter on a fake letterhead, and it will be acceptable
• In the end, Customer Support reps are there to help the customer, it is usually rather difficult for them to get away with refusing to help the customer because they lack the required details, or seem suspicious
• GoDaddy’s automated system sends notifications when changes are made, however in this case it is often too later, the attacker has already compromised your account
• GoDaddy issued a response: “GoDaddy has stringent processes and a dedicated team in place for verifying the identification of customers when a change of account/email is requested. While our processes and team are extremely effective at thwarting illegal requests, no system is 100 percent efficient. Falsifying government issued identification is a crime, even when consent is given, that we take very seriously and will report to law enforcement where appropriate.”
• It appears that Hover.com (owned by Tucows, the same company that owns Ting) is one of the only registrars that does not allow photo ID as a form of verification, stating “anyone could just whip something up in Photoshop.”
• GoDaddy notes that forging government ID (in photoshop or otherwise) is illegal

Feedback:

• Securing apache server

• How to set up SSH server for anonymous web surfing

• Latest iPod skimming device found at cashpoints

• ZFS vs Hardware RAID

• ZFS Snapshots & MySQL Backups

• Android ZFS Monitor app

• ZFS Monitor – on Google Play

Round Up:

• Cisco will ship equipment to dead drops for its most sensitive clients, to avoid NSA interception and tampering
• “Evolution Market” a digital underground shop selling everything illegal, has shut down, apparently the founders made of with 12 million in bitcoin
• Cisco still in the process of patching FREAK SSL flaw from January
• Facebook Develops ‘Yosemite’ Open Server Chassis with Intel
• HiltonHonors reward program offering 1000 points for changing your password before April 1st
• Safari’s Private Browsing Mode Saves URLs In an Easily Accessible File
• OpenSSL announces patch for multiple vulnerabilities
• GCHQ admits to hacking ISPs and other systems
• Researchers to demo new persistent bios rootkit at CanSecWest.
• Target reaches huge settlement with security breach victims – CBS News
• Convicted tax fraudster fugitive caught by authorities

The post Two Factor Falsification | TechSNAP 206 first appeared on Jupiter Broadcasting.

We look back on some of the rants and events of 2014. Whether it’s systemd, mir, tox, ubuntu or anything else, we covered lots of major events this year!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

FU:

• Episode 63 – For Forks Sake
• Episode 30 – Talkin’ Tox
• Episode 60 – Calm Before the Storm
• Episode 66 – Firefox gets Unplugged
• Episode 33 – Graphical Civil War

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

• Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

The post Best of LUP 2014 | LINUX Unplugged 72 first appeared on Jupiter Broadcasting.

Facebook admits to manipulating users emotions for research, the first review of the privacy protecting Blackphone hits the web and how you can create your own secure phone today.

Plus a quick review of The Internet’s Own Boy: The Story of Aaron Swartz and more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

— Headlines —

Facebook Manipulated 689,003 Users’ Emotions For Science – Forbes

A recent study shows Facebook playing a whole new level of mind gamery with its guinea pigs users. As first noted by The New Scientist and Animal New York, Facebook’s data scientists manipulated the News Feeds of 689,003 users, removing either all of the positive posts or all of the negative posts to see how it affected their moods. If there was a week in January 2012 where you were only seeing photos of dead dogs or incredibly cute babies, you may have been part of the study.

The researchers, led by data scientist Adam Kramer, found that emotions were contagious. “When positive expressions were reduced, people produced fewer positive posts and more negative posts; when negative expressions were reduced, the opposite pattern occurred,”

“These results indicate that emotions expressed by others on Facebook influence our own emotions, constituting experimental evidence for massive-scale contagion via social networks.”

The experiment ran for a week — January 11–18, 2012 — during which the hundreds of thousands of Facebook users unknowingly participating may have felt either happier or more depressed than usual, as they saw either more of their friends posting ’15 Photos That Restore
Our Faith In Humanity’ articles or despondent status updates about losing jobs, getting screwed over by X airline, and already failing to live up to New Year’s resolutions. “Probably nobody was driven to suicide,” tweeted one professor linking to the study, adding a “#jokingnotjoking” hashtag.

In it’s initial response to the controversy around the study — a statement sent to me late Saturday night — Facebook doesn’t seem to really get what people are upset about, focusing on privacy and data use rather than the ethics of emotional manipulation and whether Facebook’s TOS lives up to the definition of “informed consent” usually required for academic studies like this.

“This research was conducted for a single week in 2012 and none of the data used was associated with a specific person’s Facebook account,” says a Facebook spokesperson. “We do research to improve our services and to make the content people see on Facebook as relevant and engaging as possible.

Serious Android crypto key theft vulnerability affects 10% of devices

The vulnerability resides in the Android KeyStore, a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers.

By exploiting the bug, attackers can execute malicious code that leaks keys used by banking and other sensitive apps, virtual private network services, and the PIN or finger patterns used to unlock handsets.

There are several technical hurdles an attacker must overcome to successfully exploit the vulnerability. Android is fortified with modern software protections, including data execution prevention and address space layout randomization, both of which are intended to make it much harder for hackers to execute code when they identify security bugs.

Exclusive: A review of the Blackphone, the Android for the paranoid

The Blackphone is the first consumer-grade smartphone to be built explicitly for privacy. It pulls together a collection of services and software that are intended to make covering your digital assets simple—or at least more straightforward. The product of SGP Technologies, a joint venture between the cryptographic service Silent Circle and the specialty mobile hardware manufacturer Geeksphone, the Blackphone starts shipping to customers who preordered it sometime this week. It will become available for immediate purchase online shortly afterward.

• A two-year subscription to Silent Circle’s secure voice and video calling and text messaging services, plus three one-year “Friend and Family” Silent Circle subscriptions that allow others to install the service on their existing smartphones;
• Two years of 1GB-per-month Disconnect virtual private network service, plus Disconnect’s anonymizing search as part of the phone’s web browser;
• Two years of SpiderOak cloud file storage and sharing, with a limit of five gigabytes a month.

PrivatOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.

The good

• Excellent Security Center feature of PrivatOS does what stock Android should do, giving you fine control over app permissions.
• Bundled Silent Voice and Silent Text services anonymize and encrypt communications so no one can eavesdrop on voice, video, and text calls at all.
• Bundled Kismet Smart Wi-Fi Manager keeps phone from connecting to unfriendly networks.
• Disconnect VPN and Search keep web trackers away from your phone, anonymize your searches and Internet traffic.

The bad

• The phone’s performance, while acceptable, is mediocre (even though it isn’t the phone’s selling point).
• Silent Phone calling ran into trouble when network switched between calls, and the user interface may baffle some users.

The ugly

• A custom OS means no Google Play library or any of the other benefits of the Google ecosystem, spotty support for sideloaded apps, and reliance on Amazon or other third-party app stores. Such is the price of privacy.

The first units of the $629 handset to ship are for European LTE users, and U.S. units will follow. In both cases, preorder production runs come first, then units for those who have not already ordered the device.

M66B/XPrivacy

XPrivacy – The ultimate, yet easy to use, privacy manager

https://www.xprivacy.eu/

Xposed Installer | Xposed Module Repository

Xposed is a framework for modules that can change the behavior of the system and apps without touching any APKs. That’s great because it means that modules can work for different versions and even ROMs without any changes (as long as the original code was not changed too much). It’s also easy to undo. As all changes are done in the memory, you just need to deactivate the module and reboot to get your original system back. There are many other advantages, but here is just one more: Multiple modules can do changes to the same part of the system or app. With modified APKs, you to decide for one. No way to combine them, unless the author builds multiple APKs with different combinations.

Smarter Wi-Fi Manager – Android Apps on Google Play

Smarter Wi-Fi Manager improves the security and privacy of your device by only enabling Wi-Fi in locations where you actually use it. Instead of letting your device advertise the name of your home network or try to connect to anyone who has left an access point set to the default name just because you once used a friends network who didn’t configure it, Smarter Wi-Fi Manager will turn it off when you’re not near somewhere you’ve used Wi-Fi before.

The Internet’s Own Boy: The Story of Aaron Swartz

The Internet’s Own Boy depicts the life of American computer programmer, writer, political organizer and Internet activist Aaron Swartz. It features interviews with his family and friends as well as the internet luminaries who worked with him. The film tells his story up to his eventual suicide after a legal battle, and explores the questions of access to information and civil liberties that drove his work.

The post Facebook Manipulates YOU! | Tech Talk Today 17 first appeared on Jupiter Broadcasting.

Two developers from the TOX project, an open source secure Skype killer join us to discuss their new project, the future, and how they hope to become your new messaging system.

Plus getting more battery life out of a Linux laptop, the Steam problem, and your feedback.

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Show Notes:

FU

• Thoughts on \’How To Linux\’

• Linux how-to Community Help

• Outlook inertia

Tox

• Tox (ProjectTox) on Twitter

• irungentoo/ProjectTox-Core · GitHub

• NaCl: Networking and Cryptography library

NaCl (pronounced \”salt\”) is a new easy-to-use high-speed software library
for network communication, encryption, decryption, signatures, etc. NaCl\’s goal is to provide all of the core operations needed to build higher-level cryptographic tools.

• Crypto Fails — Telegram\’s Cryptanalysis Contest

• Project Tox Google Summer of Code

• Submit your questions for the TOX developers

Mailsack:

• openSUSE has better battery life than Arch on the same rig?

• Non-Free Software

The post Talkin' Tox | LINUX Unplugged 30 first appeared on Jupiter Broadcasting.

Much more than just a touch of Ubuntu, we take a deep dive into the Ubuntu Touch Preview and how they’ve pulled it off, the surprising components of Android that are being used, and why it means Ubuntu Touch will be on hundreds of popular devices soon.

Plus we’ve got an explanation of Linus’ recent blow up, the big news for Btrfs, some Steam secrets revealed…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Use our code linux295 to get a .COM for $2.95.

28% off your ENTIRE order just use our code go28off3 until the end of the month!

Download:

HD Video | Mobile Video | Ogg Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show: