Show Notes: linuxunplugged.com/402

The post Our Worst Idea Yet | LINUX Unplugged 402 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/389

The post The Future of HTTP | TechSNAP 389 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | Video Feed | iTunes Feed

Become a supporter on Patreon:

Links

• Neo Hobo – YouTube
• Shop powerstation AC – Free Shipping | mophie
• Amazon.com: YTX14-BS High Performance – Maintenance Free – Sealed AGM Motorcycle Battery: Automotive
• Amazon.com: Battery Tender 021-1163 5W Solar Maintainer: Automotive
• YouTubers Beg Fans: Leave Videos On in the Background
• WhatToMine – Crypto coins mining profit calculator compared to Ethereum
• Awesome Miner – A Windows application to manage and monitor mining of Bitcoin, Litecoin and other cryptocurrencies
• Uber Elevate | The Future Of Urban Air Transport

The post Neo-Hobo | User Error 43 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Extended File Attributes – What?

• Extended File Attributes Rock! – article from 2011

• Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem (such as permissions or records of creation and modification times). from Wikipedia

• Different namespaces (or attribute spaces if you will), often system and user. You can use the user namespace as non-root.

• Use them for your own purposes, e.g.backup tags, reminders

• If you rely upon them, make sure your archive & restore tools suppor them. – test test test

• Most Linux and BSD modern file systems have had this capability for years. So does Mac OS X. Apart from minor interface differences, the feature works identically on all three systems.

• We mention this mostly to prompt ideas, perhaps you’ve been trying to solve a problem and suddenly this information will show you the solution you’ve been waiting for.

On internet privacy, be very afraid

• In the internet era, consumers seem increasingly resigned to giving up fundamental aspects of their privacy for convenience in using their phones and computers, and have grudgingly accepted that being monitored by corporations and even governments is just a fact of modern life.

• In fact, internet users in the United States have fewer privacy protections than those in other countries. In April, Congress voted to allow internet service providers to collect and sell their customers’ browsing data. By contrast, the European Union hit Google this summer with a $2.7 billion antitrust fine.

• Right now, the answer is basically anything goes. It wasn’t always this way. In the 1970s, Congress passed a law to make a particular form of subliminal advertising illegal because it was believed to be morally wrong. That advertising technique is child’s play compared to the kind of personalized manipulation that companies do today.

• …. The result is that there are more controls over government surveillance in the U.S. than in Europe. On the other hand, Europe constrains its corporations to a much greater degree than the U.S. does.

Inside the Massive 711 Million Record Onliner Spambot Dump

• The mechanics of this spambot

• The one I’m writing about today is 711m records which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe. This blog posts explains everything I know about it.

• I’ll take a stab at it and say that there’s not many legitimate drivers using the New South Wales toll road system with Russian email addresses!

• A random selection of a dozen different email addresses checked against HIBP showed that every single one of them was in the LinkedIn data breach.

• Yet another file contains over 3k records with email, password, SMTP server and port (both 25 and 587 are common SMTP ports):

• This immediately illustrates the value of the data: thousands of valid SMTP accounts give the spammer a nice range of mail servers to send their messages from. There are many files like this too; another one contained 142k email addresses, passwords, SMTP servers and ports.

Feedback

• ZFS Comments & Question see How I Learned to Stop Worrying and Love RAIDZ

• Upgrading Bacula

• “Can you please provide the Amazon link to the product Dan mentioned at the beginning of show #334” – Cinolink HA008 USB 2.0 to SATA Converter Adapter Cable for 2.5″/3.5″ Hard Drive Disk HDD and SSD, with On/Off Switch, Power Adapter Included – not yet used but it did arrive

Round Up:

• Internet providers could easily snoop on your smart home

• The very dirty history of on-demand video technology

• Hardening Docker Hosts with User Namespaces

Zsh Configuration From the Ground Up

The post Extended Usefulness | TechSNAP 335 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages

• Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed

• Spiral Toys xCEO denies voice recordings stolen

• CloudPets left their database exposed publicly to the web without so much as a password to protect it.

• There are references to almost 2.2 million voice recordings of parents and their children exposed by databases that should never have contained production data.

• CloudPets has absolutely no password strength rules

• The CloudPets Twitter account has also been dormant since July last year so combined with the complete lack of response to all communications, it looks like operations have well and truly been shuttered.

Spammers expose their entire operation through bad backups

• Today we release details on the inner workings of a massive, illegal spam operation. The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected. Spammergate: The Fall of an Empire

• The data from this well-known, but slippery spamming operation, was discovered by Chris Vickery, a security researcher for MacKeeper and shared with Salted Hash, Spamhaus, as well as relevant law enforcement agencies.

• Vickery also discovered thousands of warm-up email accounts used by RCM to skirt anti-spam measures

• RCM’s data breach also exposed 2,199 IP addresses used for public-faced activities; as well as the group’s internal assets. This is in addition to the 60 IP blocks RCM has identified for activities in the past, as well as current and future operations; and the 140 active DNS servers that are rotated frequently.

• Based on campaign logging documents, the data breach also exposed more than 300 active MX records. In just two spreadsheets alone, RCM recorded nearly 100,000 domains used for their campaigns.

• If an offer doesn’t inbox (meaning it is rejected, or otherwise dumped into a spam or junk folder), or a given domain is blacklisted, RCM goes back to a list of thousands of domains and selects another to restart the process.

Feedback

• Using ZFS mirrors on a motherboard without RAID support

• Rack Noise

• Big heatsink
• Vendor
• IP address question
• Changing volume sizes in bacula?

Round Up:

• Vault 7: CIA Hacking Tools Revealed

• Google: We’re hiking bug bounties because finding security flaws is getting tougher

• Xbox, Skype, Outlook, and more recover from Microsoft Account issues

• Secure computing for journalists – use your phone, use iOS

• EFF to Court: Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution

• Changes to Ragel in Response to the Cloudflare Incident

• Arbitrary code execution in TeX distributions

• Operation Rosehub

The post Bad Boy Backups | TechSNAP 309 first appeared on Jupiter Broadcasting.

One of the worlds most prolific spammers gets profiled & the technical details are fascinating. New Apple malware is getting everyones attention, but why iOS trusts the code is really the more fascinating story, we’ll explain.

Plus a great batch of questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

MeetBSD

• MeetBSD2014 – UCL all of the things

Spammers are always developing new tactics

• Prolific spammer Michael Persaud has been caught sending spam yet again
• The 37-year-old from San Diego was the first spammer to have been criminally prosecuted, 13 years ago
• By following a string of clues in the details used to register 1100 new domains used to send spam, researcher Ron Guilmette was able to track the source of the spam back to Persuad
• What makes this case specially interesting was the technique used to send the spam
• The chain of events starts with a block of IP addresses getting added to a blacklist, and the owner of those IP addresses being notified of the fact
• The owner of the IP addresses was adamant that the spam was not coming from their network, as they do not host any spammers
• When Cisco provided evidence that the spam was in fact coming from their IP addresses, further investigation revealed that that block of addresses was not actually in use
• The block of IPs was not being announced via BGP by the owner of the IP space, thus the IPs were dormant (unannounced)
• The spammers had looked around the internet, found ranges of dormant IP addresses, and announced those themselves, in effect moving the hosting for that IP range to their hosting provider, instead of that of the owner
• This allowed the spammers to send spam from ‘clean’ IP addresses, that had never been used to send spam before
• The spammer in question claims he did not know the IP addresses were hijacked, that the ISP he was using was selling him ‘stolen’ IPs without his knowledge
• Persuad made this seem like a common occurrence, but it isn’t, and the researchers are not buying it

• “In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers. In 2000, Persaud admitted to one felony count (PDF) of stealing from the U.S. government, after being prosecuted for fraud related to some asbestos removal work that he did for the U.S. Navy”

• Spam Nation: The Inside Story of Organized Cybercrime – from Global Epidemic to Your Front Door Audiobook | Brian Krebs | Audible.com

Google launches new network security testing tool: nogotofail

• SSL/TLS has seen a number of major vulnerabilities lately, including Heartbleed, Apple’s goto fail, GNUTLS and NSS both having certificate verification flaws, and most recently the POODLE vulnerability
• To help researchers and administrators test for these vulnerabilities, Google has released nogotofail, a new testing tool
• “allows developers to set up an infrastructure through which they can run known attacks against the target application. It has the ability to execute various attacks that require man-in-the-middle position, which is one of the key components of many of the known attacks on SSL/TLS, including POODLE, BEAST and others“
• “The core of nogotofail is the on path network MiTM named nogotofail.mitm that intercepts TCP traffic. It is designed to primarily run on path and centers around a set of handlers for each connection which are responsible for actively modifying traffic to test for vulnerabilities or passively look for issues. nogotofail is completely port agnostic and instead detects vulnerable traffic using DPI instead of based on port numbers. Additionally, because it uses DPI, it is capable of testing TLS/SSL traffic in protocols that use STARTTLS“
• The tool can be deployed on Clients, Routers, and VPNs to automatically detect connections between clients and servers that are vulnerable to any of the known flaws
• Project on GitHub

Feedback:

• Homeserver / SSH / Permissions or SPOUSAL APPROVAL

• Printers with public IPs?

• 10Gb NIC query

• ZFS on Linux and ECC RAM?

• Healthcare vendor negligent of POODLE

• Daniel Blair on Twitter: “Hey @ChrisLAS I am wearing my #TechSNAP 100th episode shirt while getting interviewed after #innovateordiedays https://t.co/4UwbBTJ0sl #rep”

Round-Up:

• WireLurker Mac OS X Malware Found, Shut Down
• New, harder to detect version of the Backoff Point-of-Sales malware found in the wild. Old version still infecting more than 1000 point of sales systems
• FBI Holds Secret Meeting To Scare Congress Into Backdooring Phone Encryption
• Linksys patches more routers for flaw found in July. Flaws Include allowing attackers to steal password database
• Secure Messaging Scorecard | Electronic Frontier Foundation
• Next weeks Microsoft Patch Tuesday will be a big one, 16 patches covering IE, Windows, Exchange, Office and more
• Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite
• American Express proposes new tokenized payment cards, unique code for each merchant, transaction type, or device.

The post Apple Approved Malware | TechSNAP 187 first appeared on Jupiter Broadcasting.

Angela and Chris cover 190lbs burgers, extreme bacon towers, 1000 cheese mountains, the problem with spam and much much more!

Direct Download:

HD Download | Mobile Download | MP3 Download | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feeds

Show Notes:

Epic Meal Time: https://www.youtube.com/watch?v=FCxFn3sAw68

1000 cheeses: https://kotaku.com/5925728/a-whooper-with-1000-slices-of-cheese-will-horrify-and-disgust-you/gallery/1?utm_campaign=socialflow_kotaku_twitter&utm_source=kotaku_twitter&utm_medium=socialflow

Bento Lunches: https://www.laptoplunches.com/bento-menus-season/Spring/

SPAM: https://www.foxnews.com/health/2012/01/31/spam-meat-tied-to-diabetes-risk-in-native-americans-study-finds/

Sugar: https://rheumatic.org/sugar.htm

10 Incredible Food Facts: https://listverse.com/2007/12/17/top-10-incredible-food-facts/

Bugs in Food: https://www.losethebackpain.com/blog/2012/07/21/bugs-in-food/

Utterly disgusting: https://listverse.com/2009/07/22/10-more-utterly-disgusting-foods/

190lb burger: https://www.youtube.com/watch?v=XqIWPvCgi9g

1050 Bacon Slices: https://en.rocketnews24.com/2012/04/19/we-order-whopper-with-1050-bacon-strips-struggle-to-level-comically-huge-burger/

Bacon Pancakes: https://cdn.blogs.babble.com/family-kitchen/files/bacon-and-pancakes/2.jpg

Ice Cream Cake: https://www.chinadaily.com.cn/english/doc/2006-01/17/content_512867.htm

Ice Cream Cake https://www.odditycentral.com/news/canada-makes-worlds-largest-ice-cream-cake.html

Phallic foods: https://www.forkparty.com/29889/43-phallic-foods-pics/647d4fbd98636b840fd9d26b60b88a4c

Mail Sack:

Blake writes:

Hey I have head Chris mention Bitcoin on his shows and i have been looking into it but still am a little fuzzy on the whole system. could you please make it a section of one of Jupiter Broadcasting\’s shows. It would be really interesting to hear.

Mininessie writes:

I have a good Idea. Remember Jupiter at Nite a very popular show. I was wondering if you were to bring it back, and if so here is a way to do it. Choose one night a week to do it. Choosing a cohost wouldn\’t be a problem because live viewers would skype in and be your cohost. So what do you think?

John writes:

Perhaps there should be answering questions only episodes of Techsnap. i <3 Technsap.

Find FauxShow!

Facebook: https://www.facebook.com/thefauxshow
Twitter: https://www.twitter.com/angerz
G+: https://www.gplus.to/fauxshow
Dailybooth: https://www.dailybooth.com/thefauxshow

Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
Jupiter Radio: https://jblive.info

Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
Donations: https://original.jupiterbroadcasting.net/donate

Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Extreme Meal Time | FauxShow 104 first appeared on Jupiter Broadcasting.

How many times have your credentials been leaked online? Think your safe? Chris thought he was. In today’s episode he’ll find out how many times his information has been leaked online, and we tell you how you check for your self.

Plus we’ll cover how to build your own layered spam defense, and why you probably want to leave that USB thumb drive, on the ground!