We finally share our getting started with Linux stories. And it turns out, it was nearly a freak happenstance for both of us & some great stories from our community.

Plus the Safe Wifi campaign you need to know about, we discuss the new elementaryOS, an update on the Munich situation & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

We share how we got started with Linux

— PICKS —

Runs Linux

KIller Robot Runs Linux

Desktop App Pick

Bash Scanner – A fast way to scan your server for outdated software and potential exploits.

After an initial scan, you will be asked to create an account on the PatrolServer dashboard (which is totally optional, you are free to use the tool without an account). The benefit of creating a sustainable account is detailed reporting, together with documentation on how to secure your server.

• Submitted by SameerJubeh

Weekly Spotlight

Road Trip Playlist

Watch the adventures, productions, road trips, trails, mistakes, and fun of the Jupiter Broadcasting mobile studio.

• JB Road Trip Wishlist

• New name for the LAS mobile show…

• New Machine Tip

— NEWS —

Save WiFi/Individual Comments

Right now, the FCC is considering a proposal to require manufacturers to lock down computing devices (routers, PCs, phones) to prevent modification if they have a “modular wireless radio”[1][2]
or a device with an “electronic label”[3]. The rules would likely:

• Restrict installation of alternative operating systems on your PC, like GNU/Linux, OpenBSD, FreeBSD, etc.
• Prevent research into advanced wireless technologies, like mesh networking and bufferbloat fixes
• Ban installation of custom firmware on your Android phone
• Discourage the development of alternative free and open source WiFi firmware, like OpenWrt
• Infringe upon the ability of amateur radio operators to create high powered mesh networks to assist emergency personnel in a disaster.

• Prevent resellers from installing firmware on routers, such as for retail WiFi hotspots or VPNs, without agreeing to any condition a manufacturer so chooses.

• Save WiFi: Act Now To Save WiFi From The FCC | Hackaday

The folks at ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and other have put together the SaveWiFi campaign.

• Federal Register | Equipment Authorization and Electronic Labeling for Wireless Devices

Online comments end 09/08/2015.

Freya 0.3.1 is Here!

At the heart of this upgrade is the latest Hardware Enablement stack from Ubuntu 14.04.3. It includes version 3.19 of the Linux kernel and an updated Mesa that fixes the dreaded “double cursor” glitch. Workspaces in the Multitasking view also now work properly on Nvidia Optimus. The new hardware stack also brings better support for backlights and touchpads on certain laptops, a host of performance and power-related improvements, and support for 5th generation Intel processors. This release should also improve support for (U)EFI systems, especially when installing without an internet connection.

Munich Linux councillor: ‘We didn’t propose a switch back to Windows’

“There are several points of criticism concerning the notebooks of the councillors with very different reasons (not Linux in general). There are 80 councillors in the city. Their work and needs can’t be compared with the whole administration.”

Pfeiler denied that there was any kind of consensus towards a complete reverse migration, but rather suggests a retroactive fitting of Windows for certain specific purposes, adding that there was nothing to suggest that the Limux system was working anything other than well.

Feedback:

Mycroft Adds Linux Desktop Voice Controlled AI as Stretch Goal

• #VoiceOfMycroft

• New Machine Tip

• https://slexy.org/view/s2DJHp2hXG

Interoperable and Open
Optimized for the web
Scalable to any modern device at any bandwidth
Designed with a low computational footprint and optimized for hardware
Capable of consistent, highest quality, real-time video delivery; and
Flexible for both commercial and non-commercial content.

• https://slexy.org/view/s28zaxg5vu

• Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Friday:

• https://jblive.tv
• Network Calendar

The post How We Got Started With Linux | LAS 381 first appeared on Jupiter Broadcasting.

Home Depot is breached, and the scale could be much larger than the recent Target hack & we discuss the explosion of fake cell towers in the US, and whats behind it. Then the tools used in the recent celebrity photo leak & the steps that need to be taken.

Plus a great batch of your questions, our answers & much more!

Thanks to:

Become a supporter on Patreon:

— Show Notes: —

Krebs: Banks report breach at Home Depot. Update: Almost all home depot stores hit

• Sources from multiple banks have reported to Brian Krebs that the common retailer in a series of stolen credit cards appears to be Home Depot
• Home Depots Spokesperson Paula Drake says: “I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
• “Several banks contacted by this reporter said they believe this breach may extend back to late April or early May 2014. If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period”
• “The breach appears to extend across all 2,200 Home Depot stores in the United States. Home Depot also operates some 287 stores outside the U.S. including in Canada, Guam, Mexico, and Puerto Rico”
• Zip-code analysis shows 99.4% overlap between stolen cards and home depot store locations
• This is important, as the fraud detection system at many banks is based on proximity
• If a card is used far away from where the card holder normally shops, that can trigger the card being frozen by the bank
• By knowing the zip code of the store the cards were stolen from, the criminal who buys the stolen card information to make counterfeit cards with, can use cards that are from the same region they intent to attack, increasing their chance of successfully buying gift cards or high value items that they can later turn into cash
• The credit card numbers are for sale on the same site that sold the Target, Sally Beauty, and P.F. Chang’s cards
• “How does this affect you, dear reader? It’s important for Americans to remember that you have zero fraud liability on your credit card. If the card is compromised in a data breach and fraud occurs, any fraudulent charges will be reversed. BUT, not all fraudulent charges may be detected by the bank that issued your card, so it’s important to monitor your account for any unauthorized transactions and report those bogus charges immediately.”
• Some retailers, including Urban Outfitters, say they do not plan to notify customers, vendors or the authorities if their systems are compromised

Fake cell towers found operating in the US

• Seventeen mysterious cellphone towers have been found in America which look (to your phone) like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose. Source: Popular Science
• Mobile Handsets are supposed to warn the user when the tower does not support encryption, as all legitimate towers do support encryption, and the most likely cause of a tower not supporting encryption, is that it is a rogue tower, trying to trick your phone into not encrypting calls and data, so they can be eavesdropped upon
• The rogue towers were discovered by users of the CryptoPhone 500, a Samsung SIII running a modified Android that reports suspicious activity, like towers without encryption, or data communications over the baseband chip without corresponding activity from the OS (suggesting the tower might be trying to install spyware on your phone)
• “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one near the South Point Casino in Las Vegas.”
• “What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”
• Documents released last week by the City of Oakland reveal that it is one of a handful of American jurisdictions attempting to upgrade an existing cellular surveillance system, commonly known as a stingray.
• The Oakland Police Department, the nearby Fremont Police Department, and the Alameda County District Attorney jointly applied for a grant from the Department of Homeland Security to “obtain a state-of-the-art cell phone tracking system,” the records show.
• Stingray is a trademark of its manufacturer, publicly traded defense contractor Harris Corporation, but “stingray” has also come to be used as a generic term for similar devices.
• According to Harris’ annual report, which was filed with the Securities and Exchange Commission last week, the company profited over $534 million in its latest fiscal year, the most since 2011.
• Relatively little is known about how stingrays are precisely used by law enforcement agencies nationwide, although documents have surfaced showing how they have been purchased and used in some limited instances.
• Last year, Ars reported on leaked documents showing the existence of a body-worn stingray. In 2010, Kristin Paget famously demonstrated a homemade device built for just $1,500.
• According to the newly released documents, the entire upgrade will cost $460,000—including $205,000 in total Homeland Security grant money, and $50,000 from the Oakland Police Department (OPD). Neither the OPD nor the mayor’s office immediately responded to requests for comment.
• One of the primary ways that stingrays operate is by taking advantage of a design feature in any phone available today. When 3G or 4G networks are unavailable, the handset will drop down to the older 2G network. While normally that works as a nice last-resort backup to provide service, 2G networks are notoriously insecure.
• Handsets operating on 2G will readily accept communication from another device purporting to be a valid cell tower, like a stingray. So the stingray takes advantage of this feature by jamming the 3G and 4G signals, forcing the phone to use a 2G signal.
• Cities scramble to upgrade “stingray” tracking as end of 2G network looms

The Nude Celebrity Photo Leak Was Made Possible By Law Enforcement Software That Anyone Can Get

• Elcomsoft Phone Password Breaker requires the iCloud username and password, but once you have it you can impersonate the phone of the valid user, and have access to all of their iCloud information, not just photos
• “If a hacker can obtain a user’s iCloud username and password, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.”
• “It’s important to keep in mind that EPPB doesn’t work because of some formal agreement between Apple and Elcomsoft, but because Elcomsoft reverse-engineered the protocol that Apple uses for communicating between iCloud and iOS devices. This has been done before —Wired specifically refers to two other computer forensic firms called Oxygen and Cellebrite that have done the same thing — but EPPB seems to be a hacker’s weapon of choice. As long as it is so readily accessible, it’s sure to remain that way”
• All of this still requires the attacker to know the celebrities username and password
• This is where iBrute came in
• A simple tool that takes advantage of the fact that when Apple built the ‘Find My iPhone’ service, they failed to implement login rate limiting
• An attacker can sit and brute force the passwords at high speed, with no limitations
• The API should block an IP address after too many failed attempts. This has now been fixed
• Another way to deal with this type of attack is to lockout an account after too many failed attempts, to ensure a distributed botnet cannot do something like try just 3 passwords each from 1000s of different IP addresses
• When it becomes obvious that an account is under attack, locking it so that no one can gain access to it until the true owner of the account can be verified and steps can be taken to ensure the security of the account (change the username?)
• The issue with this approach is that Apple Support has proven to be a weak link in regards to security in the past. See TechSNAP Episode 70 .
• Obviously, the iPhone to iCloud protocol should not depend of obscurity to provide security either. We have seen a number of different attacks against the iPhone based on reverse engineering the “secret” Apple protocols
• Security is often a trade-off against ease-of-use, and Apple keeps coming down on the wrong side of the scale

Feedback:

• Server Setup: Windows Man Gone To The Darkside.

• ZFS Snapshots

• Puppet or CFEngine

• Question about online banking security

• PFSense Bandwidth Limiters Don’t Work with Squid Web Cache Package

Round Up:

• Watch Infected Windows Machines Interact with Each Other in a “Virus Farm” – We Can Has The Technology
• Prolexic (owned by Akamai) sounding alarm about IptabLes and IptabLex infections. Attackers are using unmaintained servers to launch large DDoS attacks
• WordPress 4.0 “Benny”
• Stick Figure’s guide to AES encryption
• Twitter now pays bounties for vulnerabilities
• Another WPS flaw, crack some wireless routers in a single try
• IEEE publishes paper “Avoiding the top 10 software security design flaws”
• Technical Difficulties with home delivery by drones
• Microsoft still struggling with last months patch tuesday patches
• Shortage of skilled security people leads to hiring problems for enterprises. Skilled people change jobs every 2-3 years for large pay bumps, leads to a lack of retained ‘institutionalized security’ and ‘operational knowledge’
• NameCheap reports bit russian list of usernames and passwords being used against accounts, some successful logins
• Intel announces new i7-5960x processor and new X99 chipset. 8 cores (16 with hyperthreading), 3ghz (turbo boost to 3.5ghz), 20mb cache, support for up to 64 gigabytes of DDR4 across 4 channels, 40 lanes of PCI-E 3.0, 10 SATA3 ports, 6 USB3 and 8x USB2
• Microsoft to defy federal court order and not turn over emails stored in europe to US authorities

The post Home Depot Credit Repo | TechSNAP 178 first appeared on Jupiter Broadcasting.

We’ve got the answer to life the universe and everything, plus why you need to get upset about ACTA, and patch your Linux Kernel!

All that and more, in this Q&A PACKED edition of TechSNAP!

Pick your code and save:
DOTCO9: .co domain for $17.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
    Subscribe...           --RSS-- TechSNAP HD TechSNAP Large     TechSNAP Mobile      TechSNAP MP3     TechSNAP OGG     --iTunes--     TechSNAP iTunes HD     TechSNAP iTunes Mobile     TechSNAP iTunes Large     TechSNAP iTunes MP3  

Show Notes: