Show Notes/Links: linuxunplugged.com/277

The post Skipping Fedora 31 | LINUX Unplugged 277 first appeared on Jupiter Broadcasting.

One of the worlds most prolific spammers gets profiled & the technical details are fascinating. New Apple malware is getting everyones attention, but why iOS trusts the code is really the more fascinating story, we’ll explain.

Plus a great batch of questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

MeetBSD

• MeetBSD2014 – UCL all of the things

Spammers are always developing new tactics

• Prolific spammer Michael Persaud has been caught sending spam yet again
• The 37-year-old from San Diego was the first spammer to have been criminally prosecuted, 13 years ago
• By following a string of clues in the details used to register 1100 new domains used to send spam, researcher Ron Guilmette was able to track the source of the spam back to Persuad
• What makes this case specially interesting was the technique used to send the spam
• The chain of events starts with a block of IP addresses getting added to a blacklist, and the owner of those IP addresses being notified of the fact
• The owner of the IP addresses was adamant that the spam was not coming from their network, as they do not host any spammers
• When Cisco provided evidence that the spam was in fact coming from their IP addresses, further investigation revealed that that block of addresses was not actually in use
• The block of IPs was not being announced via BGP by the owner of the IP space, thus the IPs were dormant (unannounced)
• The spammers had looked around the internet, found ranges of dormant IP addresses, and announced those themselves, in effect moving the hosting for that IP range to their hosting provider, instead of that of the owner
• This allowed the spammers to send spam from ‘clean’ IP addresses, that had never been used to send spam before
• The spammer in question claims he did not know the IP addresses were hijacked, that the ISP he was using was selling him ‘stolen’ IPs without his knowledge
• Persuad made this seem like a common occurrence, but it isn’t, and the researchers are not buying it

• “In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers. In 2000, Persaud admitted to one felony count (PDF) of stealing from the U.S. government, after being prosecuted for fraud related to some asbestos removal work that he did for the U.S. Navy”

• Spam Nation: The Inside Story of Organized Cybercrime – from Global Epidemic to Your Front Door Audiobook | Brian Krebs | Audible.com

Google launches new network security testing tool: nogotofail

• SSL/TLS has seen a number of major vulnerabilities lately, including Heartbleed, Apple’s goto fail, GNUTLS and NSS both having certificate verification flaws, and most recently the POODLE vulnerability
• To help researchers and administrators test for these vulnerabilities, Google has released nogotofail, a new testing tool
• “allows developers to set up an infrastructure through which they can run known attacks against the target application. It has the ability to execute various attacks that require man-in-the-middle position, which is one of the key components of many of the known attacks on SSL/TLS, including POODLE, BEAST and others“
• “The core of nogotofail is the on path network MiTM named nogotofail.mitm that intercepts TCP traffic. It is designed to primarily run on path and centers around a set of handlers for each connection which are responsible for actively modifying traffic to test for vulnerabilities or passively look for issues. nogotofail is completely port agnostic and instead detects vulnerable traffic using DPI instead of based on port numbers. Additionally, because it uses DPI, it is capable of testing TLS/SSL traffic in protocols that use STARTTLS“
• The tool can be deployed on Clients, Routers, and VPNs to automatically detect connections between clients and servers that are vulnerable to any of the known flaws
• Project on GitHub

Feedback:

• Homeserver / SSH / Permissions or SPOUSAL APPROVAL

• Printers with public IPs?

• 10Gb NIC query

• ZFS on Linux and ECC RAM?

• Healthcare vendor negligent of POODLE

• Daniel Blair on Twitter: “Hey @ChrisLAS I am wearing my #TechSNAP 100th episode shirt while getting interviewed after #innovateordiedays https://t.co/4UwbBTJ0sl #rep”

Round-Up:

• WireLurker Mac OS X Malware Found, Shut Down
• New, harder to detect version of the Backoff Point-of-Sales malware found in the wild. Old version still infecting more than 1000 point of sales systems
• FBI Holds Secret Meeting To Scare Congress Into Backdooring Phone Encryption
• Linksys patches more routers for flaw found in July. Flaws Include allowing attackers to steal password database
• Secure Messaging Scorecard | Electronic Frontier Foundation
• Next weeks Microsoft Patch Tuesday will be a big one, 16 patches covering IE, Windows, Exchange, Office and more
• Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite
• American Express proposes new tokenized payment cards, unique code for each merchant, transaction type, or device.

The post Apple Approved Malware | TechSNAP 187 first appeared on Jupiter Broadcasting.

The guys discuss what the heck is going on with the price of Bitcoin, and what you can expect. The cost of running the bitcoin network is coming up against the price of the coin, we’ll discuss how these two elements are coming to a head.

Plus: The big theme from the Bitcoin London conference, the ridiculous anti-Crypto currency rhetoric from the G8 summit, your questions, and more!

Downloads:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | Ogg Feed

— Support the Show —

If you enjoyed this episode, found value or information from it, please consider contributing using Bitcoin. Each episode gets its own unique Bitcoin address so by tipping you\’re not only making our continued efforts possible but telling us what you liked. Our episode specific address is listed at the bottom of the show notes.

— Feedback —

• Difficulty, Altcoins, Mining, etc

• Bitcoin in Germany

• BFL Selling ASIC chips in bulk

Help spread the word on iTunes with a Rating and Review:

• iTunes – Plan B by Jupiter Broadcasting

Call or txt the Show:

1 (352) 587-5262

(352) 58-PLANB

— Discussion —

• Bitcoin at the G8 Summit (pg 60)

Written by “John Lyons, chief executive, International Cyber Security Protection Alliance”

As world leaders gather at the G8 summit in Northern Ireland this year, they will be considering and debating some of the most pressing global issues of our time. Those that specialise in the cyberspace arena hope that they will also have time to address the deeply worrying trends that threaten the economic and social benefits that the internet can deliver to humankind.

As highlighted by the latest initiative of the United States to arrest some of the suspects that were involved in Liberty Reserve (a group indicted for money laundering that ran a $6 billion worldwide operation out of Costa Rica), alternative payment mechanisms, such as Bitcoin and a host of others, can enable criminal and terrorist groups to launder money and fund their operations.
Governments around the world could take two measures that would have a significant
and long-lasting effect on the ability of online criminals to secure their ill-gotten gains: 1. Outlaw alternative payment mechanisms for trading currencies online; and 2. Introduce legislation to confiscate the proceeds of online crime.

If treasuries and financial institutions around the world were to block those transactions and permit only legitimate currencies to be used on the internet through regulated payment service providers and cards (such as Visa, MasterCard and American Express), then the flow of many billions of dollars to criminal groups would be stemmed. Furthermore, if those same countries introduced, if necessary, additional legislation to confiscate the proceeds of such online crime, these funds could be either returned to those who had been defrauded or used to fund international projects that could bring about a more safe and secure internet environment for all citizens.

If the leaders of the European Union and United States could be convinced to take a lead on these initiatives, that would be a huge contribution to making the internet a safe place for financial transactions. At the same time, it would also strike a blow against those who would try to destroy the fabric of our the world’s well-being.

• We\’re FUNDED on Kickstarter! Here are the Stretch Goals

It\’s hard to believe, but in less than two weeks, our Kickstarter campaign was funded. We planned this out so we can do a quality documentary, but an increased production budget means a much better film. With our stretch goals, we can span the country and even the globe to talk with the world\’s experts on bitcoin, crypto currency, and currency in general.

Bitcoin London Happening Now:

• Twitter / btclondon: @vessenes 1200 attendees @ …

@vessenes 1200 attendees @ San Jose, 60% members of @BTCFoundation outside US. #metrics for #Bitcoin #btclondon

• Regulation Means The Bitcoin Gold Rush Will Not Happen In The US, Say Experts | TechCrunch

Europe is better positioned as a better place to create Bitcoin-based startups than the US. That was the message coming out of Bitcoin London today, the first major conference in London to cover startups, investors and business models. Covering the broad sweep of businesses, technologists and institutions involved in the Bitcoin space, the conference heard that the US may have made a fatal strategic mistake in classifying Bitcoin as if it were money so early on in its development.

What has emerged is that Bitcoin is being treated in many different ways: as money, as an asset class, as the first highly secure P2P global information exchange, as a technology platform and even as a if it were a startup entity in its own right

• Winklevoss twins work to make Bitcoin more legit with SEC filing | Internet & Media – CNET News

The \”Winklevoss Bitcoin Trust\” aims to give commodity buyers more exposure to Bitcoins. According to Business Insider, the trust will apparently operate like an exchange-traded fund, which is an investment fund that can be traded like a stock.

\”The investment objective of the Trust is for the Shares to reflect the performance of the Blended Bitcoin Price of Bitcoins, less the expenses of the Trust\’s operations,\” the filing reads. \”The Shares are designed for investors seeking a cost-effective and convenient means to gain exposure to Bitcoins with minimal credit risk.\”

• BBC News – Winklevoss twins plan $20m Bitcoin trust fund

The Winklevoss Bitcoin Trust will initially sell $20m (£13m) worth of shares to investors, according to a filing with the US regulators.

• Winklevoss Twins Make Best Case Against Bitcoin Fund – Bloomberg

Their company, Math-Based Asset Services LLC, filed forms with the U.S. Securities and Exchange Commission yesterday.

OMG THE PRICE!!one!!

• Bitcoin Hash Rate
• Bitcoin Mining Operating Margin

• BTC Guild Selling Block Erupter USBs

Litecoin Update:

• Trading in BTC for LTC?

• Receive a notification when Litecoin starts trading on Mt. Gox

Forget about constantly checking news about Litecoin and Mt. Gox. Instead, register your Email and receive a notification when Litecoin starts being traded in Mt. Gox.

• WikiLeaks now has a Litecoin specific section on their donation page

Bitcoin Pick

• Bitcoinium

— Watch Live —

Tuesday 2pm PDT / 5pm EDT / 9pm GMT

• JbLive.tv

— Plan B Subreddit —

• Plan B Show

— Contact us —

• Chris on G+
• Drew on G+

— Music —

• Thanks to Ronald Jenkees and his fantastic track 7 Times

— Support the Show —

• Donate to the network with your worthless fiat or your fancy bitcoins!

The post Blame it on Mt. Gox | Plan B 13 first appeared on Jupiter Broadcasting.