Archive for the ‘netflix’ Category
Email Russ at russ AT thetechiegeek DOT com
Email Tracy at tracy AT thetechiegeek DOT com
Leave us a voice mail at 1-206-339-1575
FreeLinuxBox.org helps your un-needed Linux box find a needy home
The contest drawing was at 7PM Eastern on 4/16/12
Show 100 Grand Prize – ClickFree 500GB Portable Backup Drive
Show 100 First Prize – SanDisk Cruzer 32GB USB 2.0 Flash Drive
Coat Hanger HDTV Antenna!
The Scale of the Universe 2
Astronomy Picture of the Day Archive
Subscribe to Astronomy Picture of the Day and get it delivered to your email
SimpleSysInfo retrieve information from your computer
SIW – System Information for Windows
Geo IP Tool
16 Linux Server Monitoring Commands You Really Need To Know
Nmon – a nice monitoring tool for Linux
Miro cross-platform video and music player
Tech News Today
Buzz Out Load coming to an end
PirateBox Takes File-Sharing Off The Radar and Offline
No joke: YouTube gets its first live comedy show
8 Microsoft Word Shortcuts You Probably Don’t Know
How Linus Torvalds Helped Bust a Microsoft Patent
NTR Free Cloud
FBI Can’t Crack Android Pattern-Screen Lock
Lost Phone app
Triplog GPS Mileage Tracker
Mike Tech Show
TaskManager.xls is a simple taskmanager implemented in Excel
Run and RunOnce Registry Keys
New Tabs At End Chrome Extension
Totally Cool Tech
MP3tag under Wine
Monitor your Website’s Uptime with Google Docs
treeprint (download for Windows XP and older)
Karen’s Directory Print
Build A CFL Based Continuous Light Source
Russ’s camera is a Canon T3i
Mr. Beer Home Brewing Kit
Gmail Adds Follow-up Tags for Outgoing Mail
How to Remotely Shut Down or Restart Windows PCs
Ultra Virus Killer – Malware Removal and System Repair Multi-Tool
Roll Your Own Flexi-Ties to Secure and Store Frequently Used Cables
How to Create a Custom Ubuntu Live CD or USB the Easy Way
Popcorn Contains More Antioxidants Than Fruits and Vegetables
Anonymous says it’s going after a Mexican Drug Cartel, we’ll share you the amazing details!
Plus: Our tips for controlling remote downloads, and why all I’m going to want for Christmas is hard drives!
All that and more, on this week’s TechSNAP!
Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
Direct Download Links:
Subscribe via RSS and iTunes:
- Anonymous claims one of its members was kidnapped at a street protest
- Anonymous claims it will start releasing details about journalists, taxi drivers, police officers and government officials who are on the Cartel’s payroll, if the kidnap victim is not released by November 5th (Guy Fawkes Day)
- No information about the person who was allegedly kidnapped has been released
- Anonymous hopes that releasing this information, the government will be able to pursue the allegedly corrupt officials. However, depending on the type of information, it is unlikely that the evidence provided would be enough to convict someone.
- There are serious concerns that the release or even the threat of the release of such information could result in a violent backlash from the Cartel.
- It would seem that anyone who’s name appears on the lists released by anonymous would be in serious danger. A case of mistaken identity or speculation could result in the death of an innocent person.
- Anonymous has claimed it would attack a number of entities, including the NYSE and Facebook, a large number of these attacks have never taken place, or were unsuccessful and never mentioned again.
- At least 50 different companies were targeted by attackers attempting to steal research and development documents and other sensitive information.
- The attacks started in July, and continued through September, it is also believed that the same attackers were targeting NGOs and the auto industry earlier this year.
- The attacks where spear phishing attacks, a specialized form of the common email attack. Unlike a typical phishing scam, where an attacker poses as your bank and attempts to get you to enter your login credentials and other personal information in to a fake site designed to mimic the look of your banks site, a spear phishing attack specifically targets individuals, using information that is known about them and where they work. Spear Phishing attacks also commonly involve impersonating someone you might expect to receive such an email from.
- The emails sent in this case often took the form of meeting invitations with infected attachments. In other cases when the messages were broadcast to many victims, they took the form of security bulletins, usually riding on actual vulnerability announcements for common software such as Adobe Reader and Flash Player. It also seems the attackers attached the infected files in 7Zip format, to evade many spam filters and virus scanners that block or scan .zip files. The attackers also took to encrypting the zip files with a password, and providing that password in the email, again to avoid virus scanners on the inbound mail servers.
- This attackers used PoisonIvy, a common backdoor trojan written by one or more persons who speak Mandarin. The Trojan also contained the address of a Command and Control (C&C) server used to feed it additional instructions.
- Once the attackers made their way in to the network through one or more infected machines, they leveraged that access to eventually gain permissions to copy sensitive documents and upload them to an external server where they could then be recovered.
- One of the command and control servers was a VPS operated in the United States, owned by a Chinese individual from Hebei province. Investigators have not been able to determine if this individual was part of the attacks, if anyone else had access to the VPS, or if he was acting on behalf of another group. It is possible the server was compromised, or that it could have been made to look like that was the case.
- Symantec says that there were a number of different groups attacking these companies during this time span, some using a custom developed backdoor called ‘Sogu’ and using specially crafted .doc and .pdf files. There is no word on if these additional attacks were also successful.
- Full Report
- Remote Downloads?
- Q: I have a question regarding downloads, in particular, remote downloads.
- A: There are a number of options, ranging in capability and ease of use.
- rTorrent – A command line torrent client, works great over SSH (especially when combined with Screen). This is what Allan uses to seed the Linux Action Show torrents.
- uTorrent – uTorrent (microTorrent) is available for windows, mac and linux. It offers an optional web UI (the web UI is the only option for linux) for remotely controlling the torrents, and can also automatically start downloading torrents when they are placed in a specified directory. uTorrent also incorporates an RSS reader.
- wget – is a standard command line downloading tool included in most GNU Linux distros. Also available for windows
- curl – A library and utility for dealing with http, it is a common feature of most web hosting servers, and easily integrates with PHP. You could write a short PHP script that would download files to the report server when prompted (possibly by an email or access from your mobile phone)
- Windows Kernel Zero Day Vulnerability Found in Duqu Installer
- Stop Online Piracy Act Introduced in the House
- Data points to China as source of March RSA breach, wider attacks
- Authorities Seize Duqu’s C&C Servers in India
- AWS Load Balancer Sends 2 Million Netflix API Reqs To Wrong Customer
- Mac OS X Trojan steals processing power to produce Bitcoins
How many times have your credentials been leaked online? Think your safe? Chris thought he was. In today’s episode he’ll find out how many times his information has been leaked online, and we tell you how you check for your self.
Plus we’ll cover how to build your own layered spam defense, and why you probably want to leave that USB thumb drive, on the ground!
Direct Download Links:
Subscribe via RSS and iTunes:
- Groupon’s Indian subsidiary Sosasta.com accidentally published an SQL dump of it’s users table, including email addresses and passwords. The file was indexed and cached by google, so even once it was taken down, it was still visible.
- This raises the question as to why the passwords were ever stored in plain text, instead of as salted hashes
- Does the North American version of Groupon also store user passwords in plain text?
- Leaked data was found by a security researching using a google search query for “filetype:sql” “password” and “gmail”
- Once Sosasta was notified of the issue, they started sending out emails to their customers recommending that they change their password. This is definitely the wrong approach, the passwords were leaked, in plain text. All accounts should have had their passwords forcibly reset and a password reset email sent to the customer. Otherwise, customers may have their account compromised before they can change their password, and customers who no longer use the service will have their personal information exposed.
- a “Highly sophisticated cyber attack” was used to compromise the database of the forums for Bioware’s Neverwinter Nights.
- Stolen data included username, password, email, and birth date
- How many users were effected was not specified
- EA says no credit card information was in the stolen database
- Sega was also compromised, 1.29 million customers had their data exposed via the website of the European unit’s “Sega Pass” website.
- Again, username, password, email and birth date were exposed, but it appears that no financial information was leaked.
TechSNAP reminds you: use a different password for every service. We know it’s hard, but cleaning up behind an identity thief is worse.
- 60% of Government or Contractor employees who found a USB stick or CD on the ground outside their office plugging the device in to their computer.
- 90% of the employees installed the software if it had an official looking logo on it.
- This is reminiscent of the StuxNet worm, which targeted isolated computers that were not on the Internet. It is believed that they were infected via a hardware device containing the payload.
- 15% of iPhones could be unlocked in fewer than 10 tries using the most common pin codes
- The most common first character in a pin number is 1
- The most common second character is 2
- The values 1980 through 2000 make up a huge portion of the top 100 pin codes, meaning if you know or can guess a users date of birth, you can increase your chance of cracking their code
- Other popular codes include repeating digits or patterns, such as 2222 or 1212, or lines drawn on the input screen, such as 2580, 0852 or 1241
- Another popular value is 5683, which didn’t seem to fit any pattern until you realize that is spells ‘love’ with standard phone letter substitution.
- This means that if you know the users birthday and relationship status, you can increase your chance of cracking their pin code just by applying a little statistical analysis. If you can shoulder surf them, and further reduce the pool of possible codes, you can almost guarantee success.
- Users tend to reuse passwords, if you guess their phone password, there is a good chance that is also their ATM pin. Either way, the exact same techniques can be applied to ATM, Voicemail and other pin codes.
Bonus props this week to:
Q: (Bob) How did Chris and Allan meet
A: Chris and Allan first met in April 2009 when Jupiter Broadcasting moved their IRC chat to GeekShed.net. In January 2010 Allan won a closed beta invite to Star Trek Online during a STOked trivia contest on IRC. During the ramp up to open beta, JupiterColony.com was receiving so much traffic that it was suspended by the web host, and was moved to ScaleEngine.com. Later on, Allan guest hosted a few episodes of the Linux Action Show while Bryan was away, and they went so well that Chris and Allan decided to start their own show.
Q: (Leon) How do you handle spam filtering on your servers?
A: For my web hosting customers, we use 4 main mail servers (running Exim with mail time SpamAssassin). The four mail servers ensure that incoming mail is always received, even if one or more of our servers is down at any time. These servers automatically run the incoming mail through the SpamAssassin scoring system, and if the spam score exceeds a specific threshold, then the mail is automatically rejected at SMTP time (so no bounce message is generated, an error is returned to the original sending server, this prevents misdirected bounces from spammers using forged from addresses). If the spam score is borderline, we do ‘grey listing’, temporarily rejecting the spam so it will be retried in a little while, this gives the DNS blacklists we use time to catch up, and most spammers never bother with retries. If the spam score is low enough then the mail is accepted. Once mail has arrived at one of our edge servers, it is then queued and sent on to our mailbox server, where it is sorted and delivered to the actual mailboxes of our users. SpamAssassin is run on the mail again, and users-specific settings determine what happens to the mail. Spam can be flagged (subject prefix, messages added as attachments to protect outlook from preview attacks) or directed to a spam folder.
Netflix shares insight on it’s cloud infrastructure
Netflix transitions to high availability storage systems
Researchers say Massive Botnet is Indestructible
DropBox CEO: Lone hacker downloaded data from ‘fewer than a hundred’ accounts
Spamming Becoming Financially Infeasible
LinuxCoin – Bitcoin Live Linux CD – LOVES IT!
Article: Buying lunch with bitcoin – Submitted by Angela
Chris’ early bitcoin farm
Chris’ cheap and low power miner hardware.
Article: Bitcoin Comes Out Swinging off the Ropes