This week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that’s bribing the world & Researchers find a flaw in the visa database.

All that plus a packed feedback, roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

FBI says APT6 has pwning the government for the last 5 years

• The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard
• The official advisory is available on the Open Threat Exchange website
• The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.
• In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks “in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011.” Domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, but it’s unclear if the hackers have been pushed out or they are still inside the hacked networks.
• Looks like they were in for years before they were caught, god knows where they are,” Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, and who has reviewed the alert, told Motherboard. “Anybody who’s been in that network all this long, they could be anywhere and everywhere.
• “This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe,” Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, told me. (Baumgartner declined to say whether the group was Chinese or not, but said its targets align with the interest of a state-sponsored attacker.)
• Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.” APT6 is ”likely a nation-state sponsored group based in China,” according to FireEye, which ”has been dormant for the past several years.”
• Another researcher at a different security company, who spoke on condition of anonymity because he wasn’t authorized to speak publicly about the hacker’s activities, said this was the “current campaign of an older group,” and said there “likely” was an FBI investigation ongoing. (Several other security companies declined to comment for this story.) At this point, it’s unclear whether the FBI’s investigation will lead to any concrete result. But two years after the US government charged five Chinese military members for hacking US companies, it’s clear hackers haven’t given up attacking US targets.

Unaoil: the company that bribed the world

• After a six-month investigation across two continents, Fairfax Media and The Huffington Post are revealing that billions of dollars of government contracts were awarded as the direct result of bribes paid on behalf of firms including British icon Rolls-Royce, US giant Halliburton, Australia’s Leighton Holdings and Korean heavyweights Samsung and Hyundai.
• A massive leak of confidential documents, and a large email, has for the first time exposed the true extent of corruption within the oil industry, implicating dozens of leading companies, bureaucrats and politicians in a sophisticated global web of bribery.
• The investigation centres on a Monaco company called Unaoil.
• Following a coded ad in a French newspaper, a series of clandestine meetings and midnight phone calls led to our reporters obtaining hundreds of thousands of the Ahsanis’ leaked emails and documents.
• The leaked files expose as corrupt two Iraqi oil ministers, a fixer linked to Syrian dictator Bashar al-Assad, senior officials from Libya’s Gaddafi regime, Iranian oil figures, powerful officials in the United Arab Emirates and a Kuwaiti operator known as “the big cheese”.
• Western firms involved in Unaoil’s Middle East operation include some of the world’s wealthiest and most respected companies: Rolls-Royce and Petrofac from Britain; US companies FMC Technologies, Cameron and Weatherford; Italian giants Eni and Saipem; German companies MAN Turbo (now know as MAN Diesal & Turbo) and Siemens; Dutch firm SBM Offshore; and Indian giant Larsen & Toubro. They also show the offshore arm of Australian company Leighton Holdings was involved in serious, calculated corruption.
• The leaked files reveal that some people in these firms believed they were hiring a genuine lobbyist, and others who knew or suspected they were funding bribery simply turned a blind eye.
• The files expose the betrayal of ordinary people in the Middle East. After Saddam Hussein was toppled, the US declared Iraq’s oil would be managed to benefit the Iraqi people. Today, in part one of the ‘Global Bribe Factory’ expose, that claim is demolished.
• It is the Monaco company that almost perfected the art of corruption.
• It is called Unaoil and it is run by members of the Ahsani family – Monaco millionaires who rub shoulders with princes, sheikhs and Europe’s and America’s elite business crowd.
• How they make their money is simple. Oil-rich countries often suffer poor governance and high levels of corruption. Unaoil’s business plan is to play on the fears of large Western companies that they cannot win contracts without its help.
• Its operatives then bribe officials in oil-producing nations to help these clients win government-funded projects. The corrupt officials might rig a tender committee. Or leak inside information. Or ensure a contract is awarded without a competitive tender.
• On a semi-related note, another big story for you to go read:
• How to hack an Election from someone who has done it, more than once

Researchers find flaw in Visa database

• No, not that kind of Visa, the other one.
• Systems run by the US State Department, that issue Travel Visas that are required for visitors from most countries to be admitted to the US
• This has very important security considerations, as the application process for getting a visa is when most security checks are done
• Cyber-defense experts found security gaps in a State Department system that could have allowed hackers to doctor visa applications or pilfer sensitive data from the half-billion records on file, according to several sources familiar with the matter –- though defenders of the agency downplayed the threat and said the vulnerabilities would be difficult to exploit.
• Briefed to high-level officials across government, the discovery that visa-related records were potentially vulnerable to illicit changes sparked concern because foreign nations are relentlessly looking for ways to plant spies inside the United States, and terrorist groups like ISIS have expressed their desire to exploit the U.S. visa system, sources added
• After commissioning an internal review of its cyber-defenses several months ago, the State Department learned its Consular Consolidated Database –- the government’s so-called “backbone” for vetting travelers to and from the United States –- was at risk of being compromised, though no breach had been detected, according to sources in the State Department, on Capitol Hill and elsewhere.
• As one of the world’s largest biometric databases –- covering almost anyone who has applied for a U.S. passport or visa in the past two decades -– the “CCD” holds such personal information as applicants’ photographs, fingerprints, Social Security or other identification numbers and even children’s schools.
• “Every visa decision we make is a national security decision,” a top State Department official, Michele Thoren Bond, told a recent House panel.
• Despite repeated requests for official responses by ABC News, Kirby and others were unwilling to say whether the vulnerabilities have been resolved or offer any further information about where efforts to patch them now stand.
• State Department documents describe CCD as an “unclassified but sensitive system.” Connected to other federal agencies like the FBI, Department of Homeland Security and Defense Department, the database contains more than 290 million passport-related records, 184 million visa records and 25 million records on U.S. citizens overseas.
• “Because of the CCD’s importance to national security, ensuring its data integrity, availability, and confidentiality is vital,” the State Department’s inspector general warned in 2011.

Feedback:

• SSH key protection

• Router Thoughts from Allan

• rmh from the chatroom asks…

Round Up:

• Microsoft Sues Justice Department Over Client Data Gag Orders
• Root cause analysis of a recent Flash zero day
• Exclusive: Canadian Police Obtained BlackBerry’s Global Decryption Key
• After an outage, an Australian mobile provider credited customers with a single day of unlimited data usage. One customer managed to use 994 GB of mobile usage in a single day
• Sophisticated bribe scheme gets game company with access to antivirus whitelist to falsely list malware was trusted
• Microsoft releases optional Windows update to mitigate “mousejacking”, where an attacker can take over your wireless mount and keyboard from up to 100 meters away
• Github commits can now be GPG signed to prove their authenticity
• If you can’t break crypto, break the client. Recovery of plaintext from iMessage
• Renting a movie on your iOS device might free up some space for you
• The Italian Ministry of Economical Progress has revoked “HackingTeam”’s licence to export their Galileo remote control software outside of the EU, must ask special permission for each sale
• Laziness remains the greatest enemy of password security
• The “All Prior Art” project seems to machine generate every possible patent and release it under a creative commons license, so it can never be patented by anyone else. The ultimate reverse patent troll?
• How to identify a vehicle at risk of collisions

The post One Key to Rule Them All | TechSNAP 263 first appeared on Jupiter Broadcasting.

In this episode, Noah joins Chris to talk about the whole hiring process & experiences they’ve had while also taking a look back into the past of the show to some of the more interesting topics on the matter.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Episode Links

• FizzBuzzed! | CR 62
• Get Yourself Tested | CR 90
• Interview Gauntlets of Pain | CR 150
• Post Apocalyptic Linux Desktop | CR 192

The post Tough Market | CR 201 first appeared on Jupiter Broadcasting.

That tech worker “shortage” Facebook and Microsoft keep telling you about is bogus. We’ll go over the study and reports that back that claim up. Then we dig into the rather understandable reasons why developers wages are being pushed down & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Feedback / Follow Up:

• Markdown website

• Have you heard of Hugo (static site generator written in golang)

• Thx to Wade too for sending in Hugo

• beyere5398 comments on Google’s Objective C | Coder Radio 129

• When Paris Went Dark: The City of Light under German Occupation, 1940-1944 Audiobook | Ronald C. Rosbottom | Audible.com

• The Martian Audiobook | Andy Weir | Audible.com

Dev Hoopla:

The Tech Worker Shortage Doesn’t Really Exist

“There’s no evidence of any way, shape, or form that there’s a shortage in the conventional sense,” says Hal Salzman, a professor of planning and public policy at Rutgers University. “They may not be able to find them at the price they want. But I’m not sure that qualifies as a shortage, any more than my not being able to find a half-priced TV.”

The post Get Back to the '50s | CR 130 first appeared on Jupiter Broadcasting.

Hiring can be a real pain in the butt. The guys share the horror stories from interviews they’ve conducted that went horribly wrong. Plus a few tips for getting a gig.

Then the guys chew on the dev hoopla of the week, and read some great emails.

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.
UnitySync Visit dirwiz.com/unitysync use code coder for an extended trial and a year of maintenance.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• George’s Email: Wants to Quit!
• Araon’s Email: I\’m pissed^H^H^H^H^H^Hannoyed at mobile app developers
• Mike’s Email: Speaking of Lawyers…

Dev World Hoopla

• Indian IT firm accused of discrimination against “stupid Americans”

Infosys allegedly achieved this ratio \”by directly discriminating against individuals who are not of South Asian decent in hiring, by abusing the H-1B visa process to bring workers of South Asian descent into the country rather than hiring qualified individuals already in the United States, and by abusing the B-1 visa system to bring workers of South Asian descent into the United States to perform work not allowed by their visa status rather than hiring individuals already in the United States to perform the work.\” Infosys \”used B-1 visa holders because they could be paid considerably lower wages than other workers including American-born workers,\” the lawsuit states.

• Stupid Americans

Interviewing

• Fizz Buzz Test

The \”Fizz-Buzz test\” is an interview question designed to help filter out the 99.5% of programming job candidates who can\’t seem to program their way out of a wet paper bag.
The text of the programming assignment is as follows:

• Fizz buzz – Wikipedia, the free encyclopedia

Fizz buzz (also known as bizz buzz, or simply buzz) is a group word game for children to teach them about division.[1] Players take turns to count incrementally, replacing any number divisible by three with the word \”fizz\”, and any number divisible by five with the word \”buzz\”.

• Coding Horror: Why Can\’t Programmers.. Program?

Like me, the author is having trouble with the fact that 199 out of 200 applicants for every programming job can\’t write code at all. I repeat: they can\’t write any code whatsoever.

Book Pick:

[asa]0735611319[/asa]

Follow the show

• Email the show
• Join the Coder Radio Subreddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post FizzBuzzed! | CR 62 first appeared on Jupiter Broadcasting.

All this week on J@N, we’re talking about technology that will fundamentally change the way that we interact with the world around us.

For the first round, we’re going to take a look at Near-Field Communication technology, and the concept of ‘digital wallets.’ Several big players in the tech industry appear to be getting behind this innovation, as well as at least one notable financial institution!

Could this technology replace our need for physical wallets, and even our car or house keys? Tune in to find out our thoughts on how this could reshape the future as we know it.

Show Feeds:

• HD Video RSS
• Large Video RSS
• iPod Video RSS
• MP3 RSS
• iTunes Feeds

[ad#shownotes]

Show Notes:

Download:

The post Digital Wallets | J@N | 5.17.11 first appeared on Jupiter Broadcasting.