SOPA – Jupiter Broadcasting

Internet Toll Booth | Unfilter 27

chris — Thu, 29 Nov 2012 22:24:00 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Starting next week a bitter struggle between world super powers for control of the Internet will begin, we bring you up to speed on it, and update you on the efforts underway domestically to combat cyber boogeyman from the future.

Bradley Manning\’s treatment in custody will be heard in court, and we have the details. Plus We’ll update you on a few important stories that have repercussions around the world.

Then in ACT3: You sent in some tough questions, and we do our best to respond.

All that and a heck of a lot more, in this week’s episode of… Unfilter!

Direct Download:

RSS Feeds:

Get Unfilter on your Android:

Browser Affiliate Extension:

Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Show Notes:

ACT ONE:

Senators Make Bid To End Indefinite Detention In NDAA

https://www.huffingtonpost.com/2012/11/28/indefinite-detention-ndaa-senate_n_2207794.html?ncid=edlinkusaolp00000003

ACT TWO: Locking Down the Net

ACT THREE: FEEDBACK

Grab our theme song:
[asa]B002K2OJGC[/asa]

Follow the Team:

Call us: 1.425.312.1756

The post Internet Toll Booth | Unfilter 27 first appeared on Jupiter Broadcasting.

The Fluoride Question | Unfilter 9

chris — Fri, 13 Jul 2012 18:22:10 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Some call it one of the most significant public health advances in history, others call it a dangerous toxic substance. In this episode we look at the Fluoride debate.

And a new generation of technology is empowering our cars, but what is being done to safeguard your privacy?

Plus: Your feedback, and our follow up.

Direct Download:

RSS Feeds:

Show Notes:

ACT ONE:

ACT TWO:

ACT THREE: Feedback

Rutger Writes…
Archie wrote in to say he felt we were hard on farmers last episode.

Picks of the week:

Song pick of the week:
For You by Staind UK Link

Follow the Team:

Filterfree.ME show Blog
Chris on Twitter
Follow DanFilterFree on identi.ca if you want to know when he is at the Syracuse Innovators Guild if you want to stop by send him a PM and he will make sure the door is unlocked
Chase’s Geek Stuff
Michael Vail\’s Website

The post The Fluoride Question | Unfilter 9 first appeared on Jupiter Broadcasting.

Richard Stallman | GNU/LAS | s20e10

chris — Sun, 11 Mar 2012 13:39:41 +0000

Richard Stallman joins us to celebrate our 200th episode, and we ask him about his hard stance on proprietary software and the unethical people who make a living from it.

Plus: His thoughts on everything from App stores to the Raspberry Pi.

And so much more!

All this week on, The Linux Action Show!

Thanks to

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20%

February $7.99 .co and .com code: cofeb7 and free Private Registration with a domain purchase or transfer code: march9

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Show Notes:

NEWS:

Richard Stallman:

What’s Bryan Doin?

Chris’ Stash:

My In Depth Look at the Spark Tablet Hardware
Richard Stallman photo source
2007 LAS interview with Mark Shuttleworth, sass some pretty telling things in retrospect.
therealawesomesauce’s LAS Montage for episode 200!

Find us on Google+

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting on Facebook

Jupiter Broadcasting Forum:

Jupiter Colony

Catch the show LIVE Sunday 10am Pacific / 5pm UTC:

The post Richard Stallman | GNU/LAS | s20e10 first appeared on Jupiter Broadcasting.

SOPA Report | FauxShow 73

chris — Sat, 21 Jan 2012 07:43:35 +0000

Angela and Chris re-cap the web\’s unified protest of SOPA and PIPA, and highlight some of the more creative ways sites displayed their outrage.

Plus what\’s changed since the protests. And a quick look at ACTA and OPEN, are they the next SOPA, or even worse?

Direct Download:

HD Download | Mobile Download | MP3 Download

Show Notes

https://blog.reddit.com/2012/01/technical-examination-of-sopa-and.html
https://www.savetheinternet.com/pipa-whiplist
https://www.google.com/landing/takeaction/
https://latimesblogs.latimes.com/technology/2012/01/sopa-blackout-sopa-and-pipa-lose-three-co-sponsors-in-congress.html
https://latimesblogs.latimes.com/technology/2012/01/sopa-blackout-who-is-joining-the-protest.html
https://twitpic.com/88ueqz
Hitler reacts to SOPA.
SOPA & PIPA message from Capt. Jean-Luc Picard
https://www.quickmeme.com/meme/35qwxd/
Anonymous – Don\’t Mess With Us
https://mashable.com/2012/01/19/doj-megaupload-anonymous/
https://a4.sphotos.ak.fbcdn.net/hphotos-ak-ash4/405609_2605008455123_1552234156_32516316_334758957_n.jpg
https://techland.time.com/2012/01/20/10-sites-skewered-by-anonymous-including-fbi-doj-u-s-copyright-office/
https://www.pcworld.com/article/248468/congress_puts_sopa_pipa_on_hold.html
https://mashable.com/2012/01/17/sopa-dangerous-opinion/
https://www.washingtonpost.com/business/technology/sopa-action-delayed/2012/01/20/gIQAFxYhDQ_story.html
https://blog.auctionbytes.com/cgi-bin/blog/blog.pl?/pl/2012/1/1326895607.html
https://craphound.com/images/Super-PIPA-SOPA1.gif
https://theoatmeal.com/sopa https://images.plurk.com/20b2c1b2103a55fceb57d23e259c620c.gif
https://inhabitat.com/wp-content/blogs.dir/1/files/2012/01/SOPA-Blackout-Success-1-537×326.jpg
https://www.buzzfeed.com/mattcherette/25-people-who-thought-sopa-was-about-soap
https://thinkgeek.com/blog/2012/01/feeling-more-productive-yet.html?cpg=tw
https://www.screenshots.com/sopa-pipa/
https://images.plurk.com/f67512b1a83f3939166dedbc6ecb1e20.jpg

The post SOPA Report | FauxShow 73 first appeared on Jupiter Broadcasting.

Cyber Bank Heist | TechSNAP 41

chris — Thu, 19 Jan 2012 19:34:30 +0000

Find out how hackers robbed a bank for nearly $6 million dollars over the Internet, the Zappos security breach, the fall of the koobface botnet, and what happened to Megaupload.

Plus we look back at the web’s SOPA protest this week, and see where things stand.

All that, and much more, on this week’s episode of TechSNAP!

Thanks to:
GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
DOTCO9: .co domain for $17.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

Subscribe via RSS and iTunes:

Show Notes:

Cyber Bank Heist Nets 5.3 Million Dollars

During the first three days of the new year, while the bank was closed for the holiday, thieves accessed a compromised computer at the South African Postbank and used it to transfer large sums of money in to accounts they had opened over the past few months
They then used the compromised computer, and the credentials of a teller and a call center employee, to raise the withdrawal limits on their accounts
By 9am January first, numerous money mules started making trips to ATMs in Gauteng, KwaZulu-Natal and the Free State, unhindered by withdrawal limits
Withdrawals stopped around 6am January 3rd before the bank reopened and the compromise was detected
In total, approximately 42 Million South African Rand were stolen (approximately 5.3 million USD, although some news stories reported the figure as 6.7 million USD). This appears to be around 1% of the entire holdings of the government operated bank
The National Intelligence Agency (NIA) is investigating as Postbank is a government institution
Sources report that the bank’s fraud detection system failed to detect the extremely large withdrawals, and the fraud was not discovered until employees returned to the bank from the new years holiday
Observers question way such low level employees (Teller, Call Center Agent) had the required access to raise the withdrawal limits
Investigators have not yet determined if the computers and passwords were compromised by the employees unwittingly, or if they were involved in the heist
Local Coverage

Koobface operators go underground as researchers disclose their identities

The koobface malware mostly targetted facebook users, prompting users to download a newer version of flash in order to watch a non-existent video. Rather than the expected flash update, the users would be infected with malware
The malware operators made large sums of money by using the botnet of infected computers to perpetrate click fraud against pay-per-click advertising networks. “Through the use of pay-per-click and pay-per-install affiliate programs, Koobface was able to earn over US$2 million between June 2009 and June 2010 by forcing compromised computers to install malicious software and engage in click fraud”
Facebook and some researchers they had been working with released their findings, including the identities, social media accounts and other information that had gathered on those behind the malware
Within days of that disclosure, the attackers had shut down their C&C servers and rapidly began destroying the evidence against them. They also appear to have gone in to hiding (likely to avoid prosecution or extradition)
With the shutdown of the C&C servers, and the disappearance of the operators, new infections of Koobface have dropped to near zero
Researchers question if exposing the operators was the right thing to do
Canadian Researchers released paper on Koobface in 2010 . Rather than releasing the identities of the attackers, Infowar Monitor handed the information over to Canadian Law Enforcement
Additional Coverage

Shoe Retailer Zappos Hacked, 24 million customers compromised

Zappos, and online shoe retailer owned by Amazon, was compromised last week
Attackers gained access to the customer database after compromising a Zappos server in Kentucky, and using it to Island Hop into the internal network
The Zappos customer database contained the names, email addresses, scrambled passwords, billing and shipping addresses, phone numbers and the last four digits of credit cards numbers
It is unclear what is meant by ‘scrambled’ password, hopefully secure hashing
Zappos states rather clearly, and repeatedly, that their secure payment processing servers were not compromised, and that credit card and transaction data remains secure
Hopefully this means that Zappos takes their PCI-DSS compliance seriously, and the payment servers are isolated from the internet network that was invaded via the compromised server
Even without the full credit card data the information from this compromised could be used quite successfully in spear phishing attacks
Zappos has reset and expired all customers passwords, forcing customers to choose new passwords
Zappos has disabled its phone systems in anticipation of an extremely high volume of support inquiries
Zappos Announcement

Researcher reveals that stuxnet did not use a vulnerability in SCADA

Researcher Ralph Langner presented his findings at the S4 Conference on SCADA Systems
In his presentation, he revealed that the stuxnet worm, while possessing many 0-day exploits to gain access to the protected computer systems, used a design flaw in the SCADA system, rather than an exploit to perform the attack
Langner postulates that the design of the Stuxnet worm was not to destroy the centrifuges, but to undetectably disrupt the process, making production impossible
The Stuxnet worm takes advantage of the fact that the input process image of the PLC is read/write rather than read only, so the Stuxnet work simply plays back the results of a known good test to the controller, while actually feeding the centrifuge bad instructions, resulting in unexplained undesired results
Langner used his analysis to criticize both Siemens and the U.S. Department of Homeland Security for failing to take the security issues more seriously

Round Up:

The post Cyber Bank Heist | TechSNAP 41 first appeared on Jupiter Broadcasting.

SQL Injections | TechSNAP 40

chris — Thu, 12 Jan 2012 18:53:27 +0000

We’ll explain how SQL Injections work, plus cover tools you can use to passively discover details about everyone connected to your network.

And Adobe blames some researches for THEIR security mistakes, we’ll explain.

All that and more, on this week’s episode of TechSNAP!

Direct Download Links:

Subscribe via RSS and iTunes:

Show Notes:

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Zero day Adobe Reader vulnerability uses to target defense contractors

An extremely targeted attack was carried out against major players in the defense industry using a previously unknown zero-day vulnerability in Adobe Reader
Only 20 or so machines were targeted, spread across a number of different companies
Specially crafted .PDF files that exploited the vulnerability to execute code on the victim’s machine were sent to a very specific list of email addresses, rather than the typical spam of phishing style attack. This was likely meant to prevent the zero day vulnerability from being discovered so it could continue to be used
The payload of the exploit was the Sykipot Trojan
From analysis of the exploit , it appears to be based on previous research and a proof of concept released by Felipe Andreas Manzano in 2009
Adobe made a point of reminding security researchers that their publicly disclosed proof of concepts are often used as free R&D by cyber criminals. TechSNAP would like to remind Adobe that the point of publicly disclosing the research is free R&D to help/force Adobe to patch the vulnerabilities
The vulnerability was apparently reported to Adobe by Lockheed Martin after they discovered they had been compromised
Adobe announced the vulnerability on December 6th, and released the patch on January 10th
Previous TechSNAP Coverage
CVE Announcement

New version of the P0f network finger printing tool

The tool passively analyzes incoming network transmissions and determines the operating system and other information about the remote machine with a fairly high degree of accuracy
The feature of note with the newly rewritten version is that it can detect many types of forgery, alerting you when the remote machine is who what it claims to be
The tool also features the ability to analyze some application layer protocols such as HTTP
One of the features I the ability to detect user agent forging (spam bots pretending to be running firefox or MSIE)
It is also able to detect some other aspects of the connection, such as NAT, load balancing, PPPoE (common for DSL), VPNs, Transparent and other irregular Proxies, and even tor
This tool could be very useful for fraud screening purposes, ecommerce sites can detect when the user is attempting to mask their identity and flag the orders for additional investigation
This tool could also be used as part of a firewall or man-in-the-middle attack, to detect technologies such as VPNs and block them, in an effort to have users connect without the additional security so they can be spied upon

Verizon Business Consulting analyzes second wave attacks against RSA customers

Typical attacks using email spear-phishing to attempt to place trojans and keyloggers on machines of SecurID users
The objective is to log the username, password and the temporary PIN generated by the SecurID Token
Once a small number of these PINs are obtained, the attackers may be able to successfully clone the SecureID Token to generate valid PINs at will, allowing them to compromise the targets easily
The unconfirmed list of companies who have been targeted includes: Lockheed Martin, Northrop Grumman, The International Monetary Fund, and L–3 Communications
RSA continues to claim that the security of the SecurID tokens has not been compromised, but after being subjected to much pressure by customers, has agreed to replace the tokens of any customers who request it

Feedback:

Q: (EBeyer) You talk about it a lot on the show, and it is one of the most common security vulnerabilities on the web, but what is SQL Injection?

A: An SQL Injection attack is caused by careless coding during the construction of an application that uses an SQL database. Through some fault or other, the attacker is able to “inject” code in to the SQL statement.

The most classic example of this comes from this very poor example of a login script:

SELECT * FROM users WHERE username = ‘$username’ AND password = ‘$password’

During normal operations, which would work as expected. However, if someone were to attempt to login with a username of say, “allan’ –” the executed SQL query would be:

SELECT * FROM users WHERE username = ‘allan’ –‘ AND password = ‘$password’

Where – is the SQL comment indicator, causing the rest of the query to be ignored. This would allow someone to login as any user without knowing the users password

A further example, they could use the username “‘; DROP TABLE users; –”

Causing the resultant SQL query to be:

SELECT * FROM users WHERE username = ‘’; DROP TABLE users; –’ AND password = ‘$password’

Which would find 0 users, then delete the entire users database table.

That is why it is important to ‘sanitize inputs’. What this means is that you must remove or escape characters with special meanings, so that they are not interpreted. Each programming language provides ways to do this, but amateurs and sloppy coders often forget or miss cases where input from the user is executed without being sanitized.
PHP for example, provides a number of methods of sanitizing the input , including the mysql_escape_string() function which attempts to escape any meta characters, but does not consider the character set. It has been deprecated and should be replaced by mysql_real_escape_string() which requires an active connection to the MySQL database (required anyway if you are going to run a query), and takes the character set, database settings and server configuration in to consideration. You can also use Prepared Statements , where the SQL query is defined with the variables, and then those variables are replaced at execution time, where they are escaped properly.

Round-Up:

The post SQL Injections | TechSNAP 40 first appeared on Jupiter Broadcasting.

Simulated Cyber War | TechSNAP 36

chris — Thu, 15 Dec 2011 20:35:34 +0000

Find out how the 2012 Olympics are preparing for cyper war, we’ll answer a great batch of questions.

And Allan’s embarrassing tech war story!

All that and more, on this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Free Private Registration

GoDaddy Offer Code: techsnap17
Link: https://www.godaddy.com/domainaddon/private-registration.aspx?isc=techsnap17

$1.99 hosting for the first 3 months

GoDaddy Offer Code: techsnap11

Direct Download Links:

Subscribe via RSS and iTunes:

Show Notes:

Big Oil the next big target for cyber attacks?

The IT Manager for Royal Dutch Shell told the World Petroleum Conference that their company has been receiving an ever increasing number of cyber attacks against its infrastructure.
The attacks are said to be motivated by commercial interest, as well as political and criminal interests.
If attackers managed to gain access to critical control systems, they would be able to manipulate valves and pumps, and cause unimaginable damage, physical, monetary and environmental.
British Petroleum said they had seen a large increase in cyber attacks after the US Golf Oil Spill disaster.
This is only further evidence that industrial control systems need to be completely isolated from the internet, not protected by just a firewall, but entirely isolated. Even then, threats such as stuxnet or duqu can be introduced by portable media such as USB flash drives. Physical and System security needs to be taken much more seriously.

Olympic Control Center prepares for simulated Cyber Attacks

The new Olympic Control Center in Canary Wharf that will provide support and management for the IT infrastructure of the 2012 Olympics in London is preparing for a variety of Simulated Cyber Attacks in order to improve their preparedness for the Olympic games.
The simulated attacks will include a Denial of Service attack, which they plan to mitigate by using a distributed website, and viruses and other malware getting in to the organizers’ computers.
The computer network is used to store and record scores from the games and feed information to the public and the media.
The operations Center has a staff of 180 permanent employees.
“Another key principle is to keep mission-critical games systems quite isolated from anything web-facing. So very much partitioned and separated, thus making it hard for an external attack to succeed.”
The company running the Operations Center is Atos, a very large multinational IT services company. However Atos has had issues of its own.
In the autumn of 2008, Atos Origin was the subject of a government enquiry after a memory stick with passwords and user names for an important government computer system was found in a car park. BBC Coverage

War Story

Allan’s rm -rf / war story (Sovereign)

When I was in high school and college, I ran an IRC shell provider. It started out as one little home brew server on a 128kbit colocation, and grew to its peak of 9 dedicated servers in 4 data centers. As you can imagine, there were plenty of times where people tries to attack, hack or root my servers. It always made me laugh when they tried the latest Redhat exploit against my FreeBSD 4.x machine.

One such exploit involved a symbolic link to / with a obfuscated name (If I recall correctly, it was dot space space and then some unicode characters). As part of the cleanup, I went to remove the offending symlink. Because of the special characters etc in the name, I used the shell’s tab complete feature. Out of admittedly bad habit I used rm -rf rather than just rm, and either the shell or I put a trailing / on the symlink, so rather than removing the symlink, the shell resolved the symlink and started to execute the equivalent of rm -rf /. I knew something was wrong after a second or two when the command prompt did not return, and before I could figure out what was going on, I saw error messages about how /bin/tcsh could not be removed because it was in use, and that the kernel would not be deleted because it was flagged ‘system immutable’. I felt the blood drain out of my face and I quickly broke out in a cold sweat. I immediately hit control+c to prevent any further damage, but things were pretty far gone. /etc and /bin were gone, save for my shell because it was in use. So, without even ls, it was a little difficult to even tell what was left. This server had about 100 customers on it, and a decent uptime (175 days or so if I recall correctly).

Luckily, because of proper disaster planning on my part, daily Bacula backups of that server existed on our central backup server. A few commands to the bacula console and I was restoring /etc, /boot and /bin. Then I did a verify/compare operation to determine what other files may have been deleted, and restored them as well. Amazingly, all of this was pulled off without a reboot, and without a single complaint from a customer. Total time from disaster to recovery was less than 1 hour, and I managed to maintain the uptime.

Feedback

Q: (Matt) I listened to TechSnap – 28 and 34 about the ZFS Server Build. Now I’m a little confused, How is Allan’s ZFS server configured? If ZFS will do all the RAID stuff and he’s using RAID Z2 for the RAID–6 option then why are his drives on an Adaptec RAID controller and how is the Adaptec configured? Are you using a big RAID–0?

A: We’ve gotten this question quite a bit, because using a RAID controller is contrary to what I said during the TechSNAP 28 ZFS episode. In this case, I did not have a choice, I needed a controller that was supported under BSD, so I went with the Adaptec. The motherboard’s onboard Intel controller only has 6 ports, and 2 of those are used for the dedicated OS drives, which are mirrored in FreeBSD software using GEOM. The adaptec had the added advantage to their unique solution for battery backup. I have configured the Adaptec to pass-thru each drive directly to ZFS without any RAID, and then ZFS deals with the drives individually, making the RAID Z2 array. As I said during the initial episode, you don’t want to back your ZFS with a RAID device, because you lose control, and some ZFS features, like the ability to swap a device out. If I had done a big RAID–0 device exposed to ZFS, I could not have created the RAID Z2 array, because it requires at least 3 devices. Also, if one drive in a RAID–0 dies, the entire array is lost, so that would not be very good either.
*

Q: (Graham) I am looking to do a Raid set up but I would like to know if need two hard drives to be the same make or model or can they be two hard drives of the same size?

A: While the two drives do not have to be the same model, size, or even manufacturer, it is best if they are. Then you are striping or mirroring, the performance is mostly dictated by the slower of the two drives, so identical drives means that one drive is not constantly waiting for the other. There are also be issues with timing when the drives have drastically different performance. However, depending on your configuration, sometimes it is possible to make use of the additional performance of one of the drives. The FreeBSD software RAID driver GEOM’s mirroring mode supports different balancing methods, including: load, prefer, round-robin and split.
*

Q: (Bill) Currently I am designing/developing a client/server communications platform. I would love to make the project Open Source when I start developing the code but I am concerned about potential security implications. The plan is to use a user auth system so users can easily contact each other. This is making my security senses tingle because if you have the code for the auth system you could it break down easily. I would love to hear your opinions about this as there are ways it could be done but they could kill ease of use.

A: If you rely on nothing more than the fact that no one knows how your security system works (called Security Through Obscurity), then it is not really security at all. Rather than writing your own authentication system, it might be best to use an existing library, depending on what exactly you are trying to authenticate against. Standard libraries for cryptography like AES, SHA and Blowfish, and authenticity libraries like GPG and SSL/TLS. In the end, being open source allows other developers to spot any mistakes you make, and either notify you about them, or contribute patches to resolve them.

Round-Up:

Holiday Reading:

[asa default]0307269930[/asa]
[asa default]0765323117[/asa]

Audible Audio Book Version

Fill out my Wufoo form!

The post Simulated Cyber War | TechSNAP 36 first appeared on Jupiter Broadcasting.

STOP SOPA! | TechSNAP 32

chris — Thu, 17 Nov 2011 19:50:19 +0000

The Internet is facing its greatest challenge yet, we explain why the fight against online piracy has taken a turn towards Internet censorship.

PLUS – Steam and NASA were hacked this week, find out how bad the fallout is, and why Private browsing mode, might not be that private!

All that and more, on this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

New special offer: techsnap11 $1.99 per month Economy Hosting for 3 months! – Expires Dec 31st 2011.

Direct Download Links:

Subscribe via RSS and iTunes:

Fill out my Wufoo form!

Show Notes:

Romanian hacker accused of breaking into NASA

Authorities of the Romania Directorate for Investigating Organized Crime and Terrorism (DIICOT) have arrested a 26 year old who is accused to breaking in to multiple servers at NASA
The authorities claim that the attacker destroyed protected data and restricted access to it, resulting in a loss of over $500,000
Charges against Robert Butyka include:
obtaining unauthorized access and causing severe disruptions to a computer system
modifying, damaging and restricting access to data without authorization
possession of hacking programs
“Through criminal activity, the accused severely affected the operation of computer servers by introducing, modifying and damaging electronic data and restricting access to it,” DIICOT said in a statement.
He is to be tried in Romania, as there has been no extradition request.

Valve: Hackers Accessed Steam Users’ Encrypted Passwords, Credit Cards

Attackers managed to gain access to the user database
The database contained: username, email address, hashed and salted password, game purchase history, billing address, and encrypted credit card data.
Valve had not yet determined if the database had been copied or viewed
Valve originally believed that only the user forums had been compromised, but during the investigation it was determined that the compromised extended to all user data
Valve reports that they have not noticed an increase in login attempts and have not received any reports of misused credit cards. This suggests that the data was either not taken, or is sufficiently protected to delay its use.
If the database was taken, I would expect to see a spear phishing attack, using the name, username and email address of the users to ask them to ‘reset’ their steam password.
All forum accounts will require a password reset, however valve is not forcing a password reset on all steam accounts.

Private Browsing may not be as private as advertised

Private Browsing mode stops the browser from recording history, and isolates your cookies, not sending cookies from regular browsing mode, and removing the new cookies when you leave private mode.
Research has found that many plugins do not respect private mode, especially Adobe Flash, which has its own separate cookie system. This means a site that you visited in private mode, could read those cookies even in regular mode, and vice versa . Flash has since been fixed, make sure you upgrade.
Chrome and Internet Explorer have taken to automatically disabling plugins in private mode

Feedback:

Roger Writes… 3 Questions for you guys…
Allan does use windows, for gaming, and for doing the podcast
For a list of the advantages of ZFS, you should watch the ZFS episode of TechSNAP. For the other file systems, really you can only compare them against another file system. UFS has advantages over ext2/3, specifically with its ability to store millions of files in a single directory.
For checking your email over 3G/4G, you should still use SSL in your phone’s mail client.
Arturo writes… Degree or Certs?

Round Up:

We already have dns level blocking of websites in Belgium. This is what you get when going to the piratebay…
Facebook confirms images of porn and violence, is investigating UPDATE: Facebook identifies those behind coordinated spam attack
[Duqu computer virus Detected by Iran civil defense organization (https://thehackernews.com/2011/11/duqu-computer-virus-detected-by-iran.html)
Researchers are fairly confident that Duqu was written by the same group as Stuxnet, and that is has more capabilities than we know about
Ebury, a new SSH trojan
Microsoft spends $7.5m on IP addresses
Bind 9 has a potential 0 day exploit

SOPA Box:

The post STOP SOPA! | TechSNAP 32 first appeared on Jupiter Broadcasting.

SOPA – Jupiter Broadcasting

Internet Toll Booth | Unfilter 27

Direct Download:

RSS Feeds:

Get Unfilter on your Android:

Browser Affiliate Extension:

Show Notes:

ACT ONE:

ACT TWO: Locking Down the Net

ACT THREE: FEEDBACK

The Fluoride Question | Unfilter 9

Direct Download:

RSS Feeds:

Show Notes:

ACT ONE:

ACT TWO:

ACT THREE: Feedback

Picks of the week:

Richard Stallman | GNU/LAS | s20e10

Thanks to

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20%

Direct Download:

RSS Feeds:

Support the Show:

Show Notes:

Runs Linux:

Android Pick:

Universal Pick:

Random Distro Of The Day

Linux Action Show Subreddit

NEWS:

Richard Stallman:

What’s Bryan Doin?

Chris’ Stash:

Find us on Google+

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting Forum:

Catch the show LIVE Sunday 10am Pacific / 5pm UTC:

SOPA Report | FauxShow 73

Direct Download:

Show Notes

Cyber Bank Heist | TechSNAP 41

Direct Download Links:

Show Notes:

Round Up:

SQL Injections | TechSNAP 40

Direct Download Links:

Show Notes:

Feedback:

Round-Up:

Simulated Cyber War | TechSNAP 36

Free Private Registration

$1.99 hosting for the first 3 months

Direct Download Links:

Show Notes:

War Story

Feedback

Round-Up:

Holiday Reading:

STOP SOPA! | TechSNAP 32

Direct Download Links:

Show Notes:

Feedback:

Round Up:

SOPA Box: