TechSNAP

Microsoft’s making radical changes to Windows 10, and a new type of speculative execution attack on Intel’s processors is targeting cloud providers.

Take down a Linux or FreeBSD box with just 2kpps of traffic, own Homebrew in 30 minutes, and infiltrate an entire network via the Inkjet printers. It’s a busy TechSNAP week.

Reddit’s Two Factor procedures fail, while Google’s prevents years of attacks. We’ll look at the different approaches, and discuss the fundamental weakness of Reddit’s approach. Plus a Spectre attack over the network, BGP issues take out Telegram, and more!

Some new tools will give you better insights into your system under extreme load, and we flash back to the days of AOL and discuss the new way social hackers are spreading malware. Plus the death of a TLD, the return of SamSam, and more!

Google and Amazon recently shutdown Domain Fronting. Their abrupt change has created a building backlash. We’ll explain what Domain Fronting is, how activists can use it to avoid censorship, and why large organizations are compelled to disable it. Plus how road navigation systems can be spoofed with $223 in hardware, and another bad Bluetooth bug.

Google's Cloud Platform suffers an outage, and iPhones in India get owned after a very specific attack. Plus how a malware author built a massive 18,000 strong Botnet in one day, and Cisco finds more "undocumented" root passwords.

Good progress is being made on post-quantum resilient computing. We’ll explain how they’re achieving it, the risks facing traditional cryptography. Plus how bad defaults led to the theft of military Drone docs, new attacks against LTE networks, more!

Allan Jude and Wes sit-down for a special live edition of the TechSNAP program. Joined by Jed and Jeff they have a wide ranging organic conversation. Special Guest: Allan Jude.

Netflix has learned the hard way how to utilize all the logs, we cover their lessons in their journey to build a fully observable system. Plus the Lazy State FPU bug that cropped up this week, backdoored Docker images, your questions, and more!

Microsoft puts a data center under the ocean, and they might be onto something. The Zip Slip vulnerability sneaks into your software, and VPNFilter turns out to be more complicated than first known. Plus the mass exploit of Drupalgeddon2 continues, we break down why, a batch of questions, and more.

We explain how the much hyped VPNFilter malware actually works, and its rather surprising sophistication. Plus a clear break down of the recent Kubernetes news, how a 40 year old tel-co protocol is being abused today, and a Git vulnerability you should know about.

We’ll explain how Speculative Store Bypass works, and the new mitigation techniques that are inbound. Plus this week’s security news has a bit of a theme, and we share some great war stories sent into the show.

The EFail hype-train has hit hypersonic speed, we’ll tap the breaks and explain who disclosed it, what it is, what it’s not, our recommendations, and early reactions. Plus things to consider when deciding on-premises vs a cloud deployment, and the all business gadget from 1971 that kicked off the consumer electronics revolution.

Our FreeNAS build is complete and Allan’s back to cover the final details. Plus the new GPU attack against Android phones, and a perfect example of poor IoT security.

We catch up with Allan Jude and he shares stories of hunting network bottlenecks, memories of old firewalls, and some classic ZFS updates. Plus the vulnerabilities found in Volkswagen cars, and the lengths a security research went to create the ultimate honeypot laptop.Special Guest: Allan Jude.

Hardware flaws that can’t be solved, human errors at the physical layer, and spoofing cellular networks with a $5 dongle.

We cover all the bases this week in our TechSNAP introduction to server monitoring. Why you should monitor, what you should monitor, the basics of Nagios, the biggest drawbacks of Nagios, its alternatives, and our lessons learned from the trenches.

Getting started or getting ahead in IT is a moving target, so we’ve crowd sourced some of the best tips and advice to help. Plus a tricky use of zero-width characters to catch a leaker, a breakdown of the new BranchScope attack, and a full post-mortem of the recent Travis CI outage.

It’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently. Plus a recent spat of data leaks suggest a common theme, Microsoft’s self inflicted Total Meltdown flaw, and playing around with DNS Rebinding attacks for fun.

Embarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet. Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

We cut through the noise and explain in clear terms what’s really been discovered. The botched disclosure of flaws in AMD products has overshadowed the technical details of the vulnerabilities, and we aim to fix that.. Plus another DNS Rebinding attack is in the wild and stealing Ethereum, Microsoft opens up a new bug bounty program, Expedia gets hacked, and we perform a TechSNAP checkup.

Netflix has a few tricks we can learn from, and the story of clever malware that was operating undetected since 2012. Plus we discuss Let's Encrypt’s Wildcard support and explain what ACME v2 is. Then we detail the bad position Samba 4 admins are in, and the real cause of these recent 1.7Tbps DDoS attacks.

The term serverless gets thrown around a lot, but what does it really mean? What are the benefits and the drawbacks? It’s a TechSNAP introduction to Serverless Architecture. Plus new research with ideas to dramatically improve private web browsing, the growing problem of tracking security vulnerabilities with CVE’s, and much more!

New variants, bad patches, busted microcode and devastated performance. It’s a TechSNAP Meltdown and Spectre check up. Plus Tesla gets hit by Monero Cryptojacking, and a dating site that matches people based on their bad passwords…. So we gave it a go!

The problems containers can’t solve, nasty security flaws in Skype and Telegram, and Cisco discovers they have a bigger issue on their hands then first realized. And the latest jaw-dropping techniques to extract data from air-gapped systems.

We save our FreeNAS Mini from the edge, and perform an emergency migration to much larger hardware. Plus 12 tips for secure authentication, the future of network security where there is no LAN, a botnet exploiting Android ADB, and your questions.

AutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon, and other places vulnerable to this automated attack. We’ll tell you all about it, and what these 400 lines of Python known as AutoSploit really do. Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof, and how to detect and prevent excessive port scan attacks.

We introduce you to Kubernetes, what problems it solves, why everyone is talking about it, and where it came from. Also who shouldn’t be using Kubernetes, and the problems you can run into when scaling it. Plus how you can store files in others DNS resolver cache, Project Zero finds a new BitTorrent client flaw, and more.

And start using configuration management. Embrace reproducibility of systems, and streamlined management with TechSNAP’s introduction to Configuration Management. Plus the news of the week that could impact your systems, feedback, and more.

The types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself, and the outlook for 2018. Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can. Then we run through the timeline of events, and the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions, and more!

The trials and tribulations of the long journey to TLS 1.3, and the “middleware” that’s keeping us from having nice things. Plus a pack of Leaky S3 bucket stories and the data that was exposed. Then we do a deep dive into some SMB fundamentals and practical tips to stay on top of suspicious network traffic.

Network Namespaces have been around for a while, but there may be be some very practical ways to use them that you’ve never considered. Wes does a deep dive into a very flexible tool. Plus what might be the world’s most important killswitch, the real dollar values for stolen credentials and the 19 year old attack that’s back.

Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about, and the new version of FreeNAS packs a lot of features for a point release. Plus an update on the show and what to expect, and we attempt something TechSNAP could never do as a video production, a live double FreeNAS upgrade!

We say farewell to Dan, but don't despair, we've still got a ton of great topics to cover as we say goodbye. We compare the handling of recent data breaches at imgur & DJI, share some in-depth guides on beefing up your security posture & see Dan off with some of your finest feedback and the world's tastiest roundup.

We get depressed over some new stats confirming our worst fears about the huge number of outdated and unpatched android systems. But, in some good news, Github wants to help you, and your open source projects, stay secure with their new Security Alerts feature. We discuss the details and what it needs to be relevant. Plus some handy tips for getting out of a sticky situation in git, a net neutrality PSA, and some big news from Dan.

We can't contain our excitement as we dive deep into the world of jails, zones & so-called linux containers. Dan shares his years of experience using the time-tested original bad boy of containers, FreeBSD jails. Wes breaks down cgroups, namespaces & explains how they come together to create a container. Plus we discuss similarities, differences, workflows & more! And of course your fantastic feedback, a record setting round-up & so much more!

You may think that’s a secure password field, but don’t be fooled! We’ve got the disturbing tale of some negligent websites & their fraudulent fonts. Then, some top tips to evaluate the security of your banking institutions & best practices for verbal passwords. Plus, a controversial discussion of opsec, obfuscation, security & you!

We've got some top tips to turn you from ssh-novice to port-forwarding master. Plus the latest on the confusing story of Kaspersky, the NSA & a bone-headed contractor. Then, our backup sense is tingling, with the story of $30,000 lost to a forgotten pin. And of course your fantastic feedback, a record setting round-up & so much more on this week's episode of TechSNAP!

We air Microsoft's dirty laundry as news leaks about their less than stellar handling of a security database breach, plus a fascinating story of deceit, white lies, and tacos; all par for the course in the world of social engineering, and we find out that so-called-smart cards might not be so smart, after it is revealed that millions are vulnerable to a crippling cryptographic attack & more!

We've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details & some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology & take a mini deep dive into the world of elliptic curve cryptography.

We try our hand at spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the strategic implications of responsible disclosure at the NSA. Plus, a few more reasons to be careful with what you post on social media & a fascinating discussion of the ethics of running a data breach search service.

We cover the problematic implications of SESTA, the latest internet regulations proposed in the US, plus some PR troubles for CBS's Showtime after cryptocoin mining software was found embedded in their webpage & Dan gets excited as we discuss why tape-powered backups are still important for many large organizations. And of course your feedback, a fantastic round-up & so much more on this week's episode of TechSNAP!

Distrustful US allies further delay the NSA’s new crypto, Viacom’s leaky buckets almost expose its entire IT infrastructure, plus a few more Equifax mishaps & a government spyware tool that might just be masquerading as your favorite app. And of course your feedback, a fantastic round-up & so much more on this week's episode of techsnap!

That Equifax hack? So last week! This weeks vulnerability is BlueBorne, a new attack on just about every bluetooth capable device. We've got the details, and what you need to know to get patched. Plus some of our favorite overlooked shell commands & a breakdown of the ACLUs recent lawsuit to protect your rights at the border.

Equifax got hacked, some top tips for staying safe & a debate over just who's to blame for vulnerable open source software. Then Google's breaking up with Symantec & we take a little time for Sysadmin 101, this time, ticketing systems.

We're extending your filesystems usefulness with extended attributes! We learn what they are & how they might be useful. Plus, we take a look behind the scenes of a major spambot operation & check in with Bruce Schneier on the state of internet privacy.

We discuss, and struggle to pronounce, the difficulties in deploying HTTP public key pinning & some possible alternatives you should consider. Then we get excited for (n+1)sec, a new protocol for distributed multiparty chat encryption & explore the nuances of setting up home VPN gateway!

We take a trip to the ends of the earth and hear some stories of tech support in Antarctica, cover a surprisingly reasonable new suggested standard for responsible disclosure & discuss Kreb's latest adventures in the world of deep-insert credit card skimmers. And of course your feedback, a fantastic round-up & so much more!

With some clever new card skimmer tech we’ve got one more reason to watch your wallet at the gas pump, plus a few handy recommendations for postgres migrations & Dan dives deep into his quest for the ultimate boot and nuke experience. Plus your feedback, a fantastic round-up & so much more!

We discuss just how hard, or not, responsible disclosure really is, share some sad news about the status of BTRFS on RHEL, a few more reasons to use ZFS. Then, we find out if our passwords have been cracked, reveal Dan’s password hashes live on air & more!