— Show Notes: —

Backup Blu-Ray Under Linux

Brought to you by: System76

[asa]B009LJM6HG[/asa]

Tools

• MakeMKV Linux is available

• MakeMKV – Make MKV from Blu-ray and DVD

MakeMKV is your one-click solution to convert video that you own into free and patents-unencumbered format that can be played everywhere.

• MakeMKV for Linux forum

• AUR (en) – makemkv

• MakeMKV software.opensuse.org:

• HandBrake: Open Source Video Transcoder

• Check your Seasons and Episode Details: At the TVDB

The Process

• Start Make MKV Before your load the disk
• Choose your titles – This is a tricky job under Linux. Most the time it’s obvious.
• Once its done the resulting MKV will be huge. You could keep this, it’s an unencumbered copy of the blu-ray, and is the same quality.
• Now add your new MKV file to HandBrake
• Choose your preset based on your needs.

*

– Picks –

Runs Linux:

• Steven Seagal, Runs Linux

• BONUS RUNS LINUX: Runs Linux – NSA xKeyScore. At least the largest F*ck-You to Personal Freedom is Open Source.

Android Pick:

• VLC Direct Pro Free

• VLC media player – ArchWiki

Run VLC with the parameter “–extraintf=http” to use both the desktop and web interface.

# vlc –extraintf=http

Desktop App Pick:

• MKV Extractor GUI extracts, edits and re-encapsulates .mkv files

• MKV Extractor Gui : Hizoka

• AUR (en) – mkv-extractor-gui

• Picks so far

• Madjo

Search our past picks:

• LASAppPicks

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

*

— NEWS —

• Mailpile – taking e-mail back
• Mailpile: private, secure, open source, locally-run email service | Ghacks

The developers will add support for OpenPGP signatures and encryption to the core of Mailpile, so that it can be used intuitively and without all the hassles usually involved in setting this up properly.

• LastPass Premium Plans To Be Bundled with Ubuntu Edge

Wayland Action Update

• Fedora porting GNOME to Wayland at long last

• A New Game Ported To Run On Wayland/Weston

• SailfishOS SDK update: Qt5, QtQuick2 and Wayland support

• RealVNC Remote Desktop Wants To Support Wayland

— /etc: Replacing Your Routers Firmware —

Brought to you by: Untangle

• Extraneous Network Services Leave Home Routers Unsecure

• www.dd-wrt.com | Unleash Your Router

• Converting a TP-Link TL-WR1043ND to DD-WRT – Joey Iodice

[asa]B002YLAUU8[/asa]

– Feedback: –

• The Ubuntu Edge Sweepstakes

• I failed the LAS Arch Challenge :-

• Home Storage Qs

• Moving to a Linux Web Server

• ApacheMySQLPHP – Community Ubuntu Documentation

• Two thoughts regarding your last show (LAS s28e01).

• Revisit Your Thoughts on Gnome

• Intel’s new Open PC?

• Send a Bitmessage to LAS:

BM-GuJRSMgViBNXnafzuRQL3tpHHFSJQ5Wm

— Chris’ Stash —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Opensource.com Caption Contest
  +Deadline: August 1 at 11:59 p.m. – be sure to reguster to enter
• Hell froze over, Matt’s on Facebook

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Backing up Blu-Ray on Linux | LAS s28e02 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/31076/universal-exploit-n-play-techsnap-95/ Thu, 31 Jan 2013 17:53:30 +0000 https://original.jupiterbroadcasting.net/?p=31076 It’s way past time to turn off Universal Plug and Play, we’ll give you the details on the exploit that only requires a single network packet.

The post Universal Exploit n’ Play | TechSNAP 95 first appeared on Jupiter Broadcasting.

]]>

It’s way past time to turn off Universal Plug and Play, we’ll give you the details on the exploit that only requires a single network packet.

Plus how we’ve built our VM storage setup, our favorite network monitoring tools, and much much more! In this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com

Use our code tech295 to get a .COM for $2.95.

Something else in mind? Use go28off2 to save 28% on your entire order!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Many consumer devices exposed via new uPnP exploits

• Universal Plug’n’Play is a networking protocol that allows your consumer devices (routers, printers, media servers, IP cameras, SmartTVs, home automation systems and network storage devices) to communicate and discover each other
• Most consumer devices come with uPnP enabled by default, and many devices lack a way to turn the feature off
• As with all consumer devices, a large portion of these do not include any update facilities and cannot be updated or patched
• Rapid7 security researcher HD Moore conducted a survey of all Internet addressable IPv4 addresses and found many more devices than expected
• He also found more than 10 different vulnerabilities across the various devices and implementations
• His survey found over 6900 unique products from 1500 manufacturers
• 81 million unique IP addresses responded to uPnP queries (2.2% of the internet, more IP addresses than are assigned to the entire country of Canada)
• over 20% (17 million) of those devices exposed the uPnP SOAP API to the Internet
• 73% of the devices were created using the 4 most popular SDKs, meaning the any exploits for one device and likely to affect a large portion of all devices, even from different manufacturers
• 332 unique products use MiniUPnPd 1.0, which is remotely exploitable
• 69% of all devices using MiniUPnPd where version 1.0 or older
• 23 million devices use a vulnerable version of libupnp that allows remote code execution
• uPnP is a 12 year old protocol, and has had security problems from the start, while it contains some systems for authentication, they are rarely implemented
• The main issue seems to be that many manufacturers are using older version of the SDK, or not updating their code base when developing newer devices, as well as not including update mechanisms in the products to allow them to be patched as vulnerabilities like these are found
• HD Moore commented that he was unable to find any previous CVE’s mentioning any of the uPnP SDKs that he found exploits for, meaning they have not been extensively tested, or that vulnerabilities were attributed to individual devices when they actually apply to all devices based on the same SDK
• Full Paper

---

New York Times hacked by Chinese

• The New York Times reports that for the last 4 months it has been under attack by Chinese hackers
• Using custom APT (Advanced Persistent Threat) malware, the attackers managed to steal passwords for reporters and other employees of the newspaper
• The attacks apparently started after the Times posted an investigation that found that relatives of Chinese Premier Wen Jiabao had amassed a fortune worth over a billion dollars from various business dealings
• The Chinese attackers routed their attacks through computers they had compromised at various US Universities, in an attempt to mask the source of the attack and evade detection
• Investigators were not able to determine how the attackers initially broke into the systems, but they suspect a spear-phishing attack was used to compromise an individual computer, then island hop from there
• Investigators identified 45 unique pieces of malware, all of which appeared to be custom and only 1 of which was detected by the Symantec Anti-virus system used at the Times
• “Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees”
• The official Chinese response was “Chinese laws prohibit any action including hacking that damages Internet security.”
• “damages Internet security” is sufficiently vague that it could mean anything from an individual user using a weak password to a security researcher disclosing a vulnerability
• Technically, targeted attacks do not necessarily “damage the security of the Internet”
• Consultants hired by the New York Times’ claim that no customer data was exposed
• This is not the first attack against the US media that appears to have come from the Chinese government
• Bloomberg News reported being attacked in a similar fashion in June after posting an article about relatives of Xi Jinping (General Secretary of the Communist Party, expected to become President in March 2013)
• New York Times Hack Started With A Simple Email Scam

---

Feedback:

• Tool to find network bottleneck
  • ntop
  • iftop
  • iperf
  • mtr
  • MRTG

• VM File Storage

• How to test a drive in FreeBSD before putting it into production?

• ZFS Concerns under Linux

• zpool key on a USB stick?

• Copy on Write question..

• Making Lemonade out of the Barracuda vulnerabilities

• Data Center Cabling Pr0n

• How to deal with name collisions in an email system?

• Compression vs. Uncompressed Benchmarks

• Hall of Shame question?

• Hall of Shame?? Go VOTE: Birmingham Metropolitan College

Chris is not sure if we should keep submitting plain text password offenders. While it is shameful, it’s also so common that if we put every organization guilty of this that we find out about in the Hall of Shame it will be huge. I think the Hall of Shame should be reserved for especially bad, unique and large in scope security blunders.

Limited TechSNAP 100 T-Shirt

• T-Shirt with or without Swearing?

Round-Up:

• Aaron Swartz protest: Anonymous hacks government websites, installs Asteroids
• Robert Watson’s (FreeBSD Core Team member) ACM paper on Mandatory Access Control, and why it is a better solution than SELinux. Attributes success of Sandboxing to code distributed via FreeBSD contributed by McAfee and others over the last 12 years with funding from DARPA
• New password cracker targets SCADA systems, including Siemens S7
• iXsystems, Inc. – Founder of PC-BSD Houses Servers in Own Yard Part 1
• TRENDNet Cams publicly exposed – Firmware BUG
  • List of unsecured web-cams in comments
• New Ruby on Rails JSON parser exploit, allows authentication bypass and SQL injection
• New malware poses as fake Adobe Flash update
• Trojaned SSH daemons in the wild, steals your passwords and sends them back to the attackers
• Java exploit used to attack Reporters without Borders website in a new watering hole attack
• Buffer overflow in VLC, specially crafted ASF movies could allow arbitrary code execution

The post Universal Exploit n’ Play | TechSNAP 95 first appeared on Jupiter Broadcasting.

]]>