Airlines Don’t Encrypt Your Passenger Data for E-Tickets - ThreatWire

Apple Fixes their FaceTime Bug, and Finds More Issues in the process, airlines are found not encrypting your passenger data, and detailed and accurate GPS data was being sold off! All that coming up now on ThreatWire. #threatwire #hak5

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

Our Site → https://www.hak5.org

Shop → https://www.hakshop.com

Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1

Support → https://www.patreon.com/threatwire

Contact Us → http://www.twitter.com/hak5

Threat Wire RSS → https://shannonmorse.podbean.com/feed/

Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999

Host: Shannon Morse → https://www.twitter.com/snubs

Host: Darren Kitchen → https://www.twitter.com/hak5darren

Host: Mubix → http://www.twitter.com/mubix

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

Links:

Apple Facetime Update:

https://arstechnica.com/information-technology/2019/02/apple-pushes-fix-for-facepalm-possibly-its-creepiest-vulnerability-ever/

https://support.apple.com/en-us/HT209520

https://support.apple.com/en-us/HT209521

https://www.zdnet.com/article/ios-12-1-4-fixes-iphone-facetime-spying-bug/

https://www.businessinsider.com/apple-security-audit-on-group-facetime-bug-discovers-second-flaw-2019-2

https://twitter.com/benhawkes/status/1093581737924259840

https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/

https://techcrunch.com/2019/02/07/apple-glassbox-apps/

Airline Systems:

https://www.wandera.com/mobile-security/airline-check-in-risk/

https://threatpost.com/flaw-in-multiple-airline-systems-exposes-passenger-data/141596/

https://www.cyberscoop.com/airlines-ticketing-email-hackers-wandera-southwest/

Cell Carriers:

https://motherboard.vice.com/en_us/article/j575dg/what-a-gps-data-is-and-why-wireless-carriers-most-definitely-shouldnt-be-selling-it

https://motherboard.vice.com/en_us/article/a3b3dg/big-telecom-sold-customer-gps-data-911-calls

https://motherboard.vice.com/en_us/article/43z3dn/hundreds-bounty-hunters-att-tmobile-sprint-customer-location-data-years

Photo credit:

https://upload.wikimedia.org/wikipedia/commons/d/d5/N731SW_Southwest.jpg

Best Gaming TVs, New 49 Inch Dell U4919DW Monitor, Pocketalk Translator vs. Google Translate!!! - TekThing 215

Best Gaming TVs! Google Translate Alternative??? Meet Pocketalk! New 49 Inch Dell U4919DW Monitor, VPN Blocks My Bank?

☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆

00:47 CamelCamelCamel’s $45,000 Drive Disaster

It was a rough week for CamelCamelCamel.com, the ever so awesome Amazon price tracking service. In the words o' TekThing viewer Don, “Well here's s a good reason to back up that data: $29k for data recovery.” More deets (like what happened) i the show, and we hope they’re back online this week! Go backup your data!

https://camelcamelcamel.com/

03:37 Dell UltraSharp 49 Inch Curved Monitor: U4919DW

Patrick’s run a 35” Dell ultrawide monitor on his desk for years. Has he finally found a monitor that’s too wide??? What makes this a better monitor for office apps and Creative Suite than other massive panels? Watch the review to find out!

https://www.dell.com/en-us/shop/dell-ultrasharp-49-curved-monitor-u4919dw/apd/210-arnw/monitors-monitor-accessories

10:33 Pocketalk Translator

A verbal language translator, the size of a bar of soap, that works with 74 languages over WiFi or mobile data on its own SIM card? Meet Pocketalk. Can you really have a conversation with it? Is it better than Google Translate? Watch the video to find out! https://www.pocketalk.net/

24:15 Will My Bank Work Over A VPN???

James emailed from Dallas, Texas, “If I run everything through a VPN will I still be able to log into my bank, email etc. or will they automatically think I am unauthorized?” That’s an absolute maybe! Find out more in the video.

28:02 Gaming TV Recommendation

Thomas emailed ask@tekthing.com, “

I am planning on downsizing my life and moving in to a tiny home or an RV for full time living. I am a big gamer but because of the size limitations of an RV or a tiny home i don't want a TV and then a monitor as well. I know that you can get TV tuners for your computer but monitors are way more expensive then a TV. I want to get a 50+ inch TV, would love 60hz+ and would need enough inputs for my computer, Roku, PS4, PS3 at the very least so 4 but 6 HDMI inputs would be nice.” Our picks are in the video, and check out the excellent “The 7 Best 4k Gaming TVs - Winter 2019” at RTINGS.com!

https://www.rtings.com/tv/reviews/best/by-usage/video-gaming

Thanks Hak5!!!

A big Thank You to Hak5 for the studio space! Check out the security and privacy podcasts at hak5.org, the pentesting gear in the shop, and don’t forget: Cloud C2: makes remote pentesting easy!

https://shop.hak5.org/

https://C2.Hak5.org

31:46 Do Something Analog!

Like Terry, who preserved a fragile stained glass church window, including LED back lighting to make it glow. Nicely done!

☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆

Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn't be able to make the show for you every week!

https://www.patreon.com/tekthing

EMAIL US! ➳ ask@tekthing.com

SUPPORT:

Amazon Associates ➳ https://amzn.to/2pHgf8T

Subscribe ➳ https://www.youtube.com/tekthing

Website ➳ http://www.tekthing.com

RSS ➳ http://feeds.feedburner.com/tekthing

Patreon ➳ https://www.patreon.com/tekthing

Help us with translations! ➳ http://www.youtube.com/timedtext_cs_panel?c=UC6sWaC11f4mxnizvOroOvkQ&tab=2

THANKS!

HakShop ➳ https://hakshop.myshopify.com/

Dale Chase Music ➳ http://www.dalechase.com/

SOCIAL IT UP!

Twitter ➳ https://twitter.com/tekthing

Facebook ➳ https://www.facebook.com/TekThing

Reddit ➳ https://www.reddit.com/r/tekthingers

HOSTS:

Shannon Morse ➳ https://www.twitter.com/snubs / https://www.youtube.com/shannonmorse

Patrick Norton ➳ https://www.twitter.com/patricknorton

☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆

5G Network Security Flaw Discovered! FaceTime Disabled - ThreatWire

5G Security Flaw

A flaw was recently discovered in the new 5G protocol that could allow a third party to use IMSI catcher like devices to snoop on data on this new protocol.  Four researchers at SINTEF Digital Norway, ETH Zurich Switzerland, and Technische University Berlin Germany discovered the vulnerability, which effects not only 5G, but is also backwards compatible with 3 and 4G protocols as well. It affects the Authentication and Key Agreement (AKA for short) - the technique between your phone and a cellular network that allows them to communicate securely.  AKA is supposed to negotiate and establish a key exchange between the phone and carrier to encrypt the link. 5G-AKA is supposed to thwart IMSI catchers, but the vulnerability opens up a potential entry point for newer devices to spy.

Data about a users activity, such as numbers of texts or calls received and sent, could be used by an attacker to profile a victim.  And if you take your phone away from the signal of a newer IMSI catcher? Well, the moment you come back within it’s vicinity, it can pick up where it stopped and continue tracking. This could be used to track political figures or officials in targeted attacks, not only to see amounts of calls, but also to track physical location between fake base stations.

The researchers responsibly disclosed their findings to 3GPP (the 3rd Generation Partnership Project) and GSMA, and the parties are taking steps to remedy the situation before the end of 2019.

FaceTime Vulnerability

Last week, a major bug surfaced by 9to5Mac, detailing how iPhone users could use FaceTime group chats to snoop on the audio from other phones without their knowledge.  All someone would have to do is call another user using FaceTime, and they would immediately hear the audio from the receivers phone before they accepted or rejected the call. The ringer rings as normal, so the receiver would know someone was calling, but they wouldn’t be able to tell if you could hear their audio before they actually picked up.

Many iphone users took to social media expressing their concerns at the ease of this vulnerability. Put simply: you’d first have to start a FaceTime Video Call to an iphone contact, then, when it’s dialing, swipe up from the bottom and tap Add Person. Add your own phone number on the Add Person screen, then start a group FaceTime call with yourself and the audio of the contact.

To make matters worse, this flaw could also be used to snoop on the video feed of the user. To do this, all a user would have to do is press the power button while on the lock screen, which also would send their video to the caller. According to BuzzFeedNews, pressing volume down did similar. While the underlying cause wasn’t specified, security researchers think that bad logic coding of the group FaceTime processes could be the problem.

After this news broke, it was discovered that a 14 year old boy found this flaw over a week prior to the news article, while playing Fortnite with his friends.  The boy stumbled upon the bug on January 19, while trying to initiate a group FaceTime call. His mother reported this problem to Apple through a series of posts and emails, but to no avail. It appears Apple knew or should have known about the problem for a week before actually getting around to fixing it. While they did respond to one of her reports on January 23, it was not clear to the mother that they were fixing it.

Apple disabled the group FaceTime feature on January 29, and it has since been listed as temporarily unavailable on their system status page. Before that disabled the feature altogether, the best option was just to disable FaceTime in the iOS settings.

Apple is now experiencing legal concerns related to this bug. They have been sued by a Houston based lawyer, who claims someone eavesdropped on a conversation.  New York Attorney General Letitia James has also initiated a formal investigation into the bug.

A software patch will be made available to users this week in iOS 12.1.4, and to update, simply go to your settings app, general, and software update.

Facebook Loves Your Data

Facebook isn’t out of the security headlines yet… no surprise. Facebook uses an Apple program called the Developer Enterprise Program to create and manage apps that aren’t found in the Apple App Store, but are available for download. This is usually used by companies to create internal apps used for internal capabilities. Facebook used the Developer Enterprise Program to create and distribute an application to the masses that allows them to obtain user data while paying that user $20 a month.  Since Apple has pretty strict privacy rules for their App Store, this is a loophole that Facebook was able to take advantage of to track users data. The “Facebook Research” app used Root Certificates to collect data on users. This could be browsing history, time spend on apps or sites, purchases made, private messages, location data, and network data just to name a few. Since Facebook Research also enabled their own VPN network, this also gave them the ability to view anything that would normally be kept private under a VPN service.

Since this is in violation of Apple’s guidelines, Apple revoked Facebook’s enterprise certificates, which also broke some of Facebook’s internal team apps. Beta versions of apps like Instagram, Messenger, and the Facebook app would also stop working, since those were all part of the enterprise program.  After some time, Apple restored Facebook’s access to the Enterprise Program. Your version of the social media apps if downloaded from the App Store, are not affected.

With Facebook came similar news from Google.  Google’s Screenwise Meter app was also available in this format that allowed them to analyze and monitor user data. Google removed their application from download, and made a statement regarding the iOS app saying that it was a mistake.

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

Links:

https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/

https://eprint.iacr.org/2018/1175.pdf

https://www.cnet.com/news/security-flaw-allows-for-spying-over-5g-researchers-find/

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

https://www.buzzfeednews.com/article/nicolenguyen/facetime-bug-iphone

https://www.cnet.com/news/apples-facetime-bug-was-discovered-by-a-teen-playing-fortnite/

https://twitter.com/MGT7500/status/1087171594756083713

https://twitter.com/MGT7500/status/1090079031666438144

https://twitter.com/BEASTMODE/status/1090298850764644352

https://www.cyberscoop.com/facetime-bug-group-chat-disabled-apple-ios-macos/

https://www.apple.com/support/systemstatus/

https://www.zdnet.com/article/iphone-facetime-bug-now-apple-sued-over-eavesdrop-on-lawyers-client-phone-call/

https://www.cnet.com/news/apple-facetime-bug-prompts-investigation-from-ny-attorney-general/

https://www.zdnet.com/article/ios-12-1-4-is-coming-to-fix-the-worst-iphone-and-ipad-bug-to-date/

https://www.cnet.com/news/facebook-shuts-down-ios-research-app-it-used-to-access-user-data/

https://www.cnet.com/news/apple-restores-facebooks-ability-to-run-internal-apps/

https://www.cnet.com/news/googles-data-gathering-app-may-have-also-violated-apples-policies/

https://threatpost.com/google-pulls-data-chugging-app-from-ios-devices/141358/

Photo credit:

https://pixabay.com/p-387026/?no_redirect

Patreon Is Changing Their Fee Structure

 

SAY WHAT?!

Yo, I used to work in the credit card industry, so let's talk credit card fees and transaction rates!

3.gif

I've kept a close eye on my patreon stats since I started (3) accounts. One of 'em, owned by me, has had a steady 5% fee from patreon, and steady 5.75-6% fee for processing payments.

Patreon is shifting that 5.75-6% processing fee away from me and onto you on December 18th, and setting it at 2.9%+.35 per transaction, which I think is unfair. Here's why:

Transaction fees are a cost of doing business. If you're new to the industry and credit card processing fees, here's a breakdown:
Visa, Mastercard, AmEx, and Discovery all charge merchant service companies (like Paypal, Stripe, Authorize.net, Square, etc etc) a price to allow them to run credit cards and accept the security protocols for those credit card manufacturers. 
Merchant services (Paypal, Stripe, Authorize.net, etc) then work with Merchants (gas stations, retail, restaurants, etc) to install credit card machines and run cards at their place of business. Merchant services charges the merchant to run those cards. Merchants will generally see costs like, ex. 2.9%+$0.35, or 1.9%+$0.25, or 2.0%+$0.0. The list goes on. This price is negotiable if the Merchant argues with the Merchant Services well enough, or gets the right person on the phone.

I cannot TELL YOU how many times I'd get a call from a merchant asking us to lower tranx fees and we'd remove the per transaction $0.35 and lower them to 2.15%.

Merchants sometimes work the cc fees into their product, but you RARELY see a merchant stick the customer with that fee. If we take these classic rules and apply them to patreon, Patreon is the merchant, I am the reseller/merchant(selling goods) and patrons are the customer.

On Patreon, the credit card manufacturers work with merchant service providers like Paypal, Stripe, etc, to allow Patreon to run the cards. Patreon then charged Creators the cost of running those cards, then depositing the funds into the Creators bank. 

In this case, it is up to me to determine the cost of goods sold, the average percentage of fees, and the profit margin I need to make to survive. I've agreed to patreons business model and signed up with their plan, but they've decided that my customers (in this case, patrons) should pay the service fee, even though I'm the merchant/seller of thy goods of ye ol' youtubes.

MERCHANTS CHOOSE WHAT TO CHARGE THEIR CUSTOMERS. Patreon Creators choose what to charge their Patrons Pledge Levels. At least, that's how it SHOULD work. Patreon is choosing to skip over their merchants (Creators) and go directly to the Customer (Patrons) to charge a fee. They're not even allowing Creators the OPTION of how to set the transaction costs.

I should clarify, I consider my patrons as producers and executives of my show. Since they are contributing to my role on the nets, I take their opinions seriously and have respect for the kindness they've shown me.

This is why I'm being upfront about the costs associated, based on my history of expertise on the subject of transaction fees and money handling. Hooray, banking jobs!

1.gif

So, from a patron standpoint, you'll be charged more for the same pledge. Those fees I used to pay as the merchant are now being taken directly out of your pledge. So if you pledge $5, you'll actually see $5.50 charged.

Previously, if someone pledged $5 to me, patreon takes 5%, and credit card industry takes ~5-6%. Before the change, my take home pay would be $4.50 or so. That's roughly 10%. Enough for a Starbucks!

2.gif

I don't see that extra $.50 you're charged after the change. The credit card industry does. What I do see is a shift of $.25, or a change from 10% to 5% in the monthly fees. So I'd take home $4.75 now. You're being charged .50 so I can take home an extra .25. That means for smaller pledges, the amount you're being surcharged "percentage-wise" does not equal how much more I'll be taking home.

Dear Patreon: [[ see gif ]]

4.gif

Now, if you pledge less than $5, it gets complicated.

Remember that .35 transaction fee? That's for EVERY single pledge you make. So if you make 10 separate $1.00 pledges in a month, that's $3.50. Plus $2.90 if we're including the 2.9%. that's 2.9%+0.35 per transaction. So ~$6.40 you'll be charged on top of $10 in pledges.

So you're charged $16.50, for $10 in pledges (each one at $1), and your creator takes home $0.95 (if it's a $1 pledge).

So, if you're a patreon creator with patrons pledging at their max budget, you'll probably see decreased pledge amounts because this is going to hurt your customers. If patrons can afford it, you won't see their pledge change, but more money pledge (but a lower percentage of the total transaction amount) will go to you.

I don't know how this'll affect my (3) different accounts on patreon. I am both a patron and a creator, so I try to go at it from both perspectives. 

Either way, if you're a baller pledger, you will probably want to seriously consider how much in fees you'll be paying per month. I wish patreon gave creators more time to change pledge levels to account for new fees put on their patrons.

5.gif

AFAIK, for each card charged via patreon, patreon would pay that fee to processor, and that fee was charged to me as a creator (plus probably an additional amount as profit). So now they're shifting that fee from me to patrons. As a patron, if I pledge $1-5 to many different creators, i usually just see 1 lump sum come out of my cc bill. In the merchant industry, that 1 lump sum is charged the transaction fee once. But in this case, each of those pledges is billed as if it's a separate tranx, even tho my credit card is only charged once. So as a patron I should only pay .35 once, not 10x for one cc tranx.

Merchants (creators) should be considering the fees associated with selling anything (services/art/product) online and work those costs into cost of goods sold. Patreon should keep the existing structure of allowing several microtransactions from one credit card to be paid once at the beginning of the month, to keep transaction fees down. I don't think Patreon really knows all the smaller artists and patrons who really make up the masses of their company.

 

 

Here's what I suggest:

For Patrons:
If you donate $1 pledges to multiple creators and want to flip off Patreon but still support the Creators and the content you love:
Delete your pledges entirely from Patreon, and choose another form of donation. Paypal charges the CREATOR 2.9% plus $0.30 for each transaction, not the person PLEDGING. Paypal also allows you to do reoccuring donations monthly. Of course, Paypal isn't available to everyone and is not a perfect option itself. A patron choosing this would also not get access to the bonus material on Patreon. But it is an option and allows for consistency. 

If you donate $1 pledges to multiple creators and don't want to flip off Patreon but you do have a budget and need to stick to it:
Change your pledges so you continue to support your creators with the lowest possible fee on Patreon. Instead of donating $1 each to ten creators and being charged $0.35 ten times, consider donating $10 to your favorite creator or splitting it between your two or three favs. I currently donate a few bucks to my friends on Patreon - all of their different campaigns. I don't want to play favorites, but if my friends don't have another option for donating, I'll go this route, since I do have a "Pledge Budget" per month.

If you donate lots o' dollars to one Creator:
You'll see a 2.9% + $0.35 transaction fee for that charge. This may or may not be within your budget. If it is, then keep doing what you're doing. If it isn't, then consider lowering your pledge amount or cancel and donate to your Creator in another way.

If you donate lots o' dollars to lots o Creators:
You'll see that transaction fee for EVERY PLEDGE, and that may be outside of your budget. If it is, refer to the above.

For Creators:
Open up other options for Patrons to pledge to you on alternative platforms. Examples: Paypal, Your Personal Website, Amazon Associates / Influencer pages, and more.

Create new pledge levels that include the cost of transaction fees. So if you have a pledge option at $30, create a new pledge level at $28, which will end up being almost $30 after your Patron is charged the $28 plus transaction fee. Offer the same perks as the $30 level. Don't delete the $30 one, in case Patrons want to keep that amount.

Pro Tip Patreon Hack: Hack the per post pledge. Here's the deal - you still want to support a Creator with a "per post" pledge setup (opposite of a per month pledge setup). Instead of contributing to several posts throughout the month, contribute the full amount to the first post of the month, then set a "max pledge" amount in your settings. That way, you're only charged once for the 2.9% and 0.35 fee instead of being charged multiple times on many different posts. You'd get access to a higher pledge level (depending on how the creator sets it up), but also keep costs low. Ex: You pledge $10 per episode to a creator that posts 4 episodes per month. That's $40 monthly, or 4 $10 transactions. With Patreons new structure, that would be ($0.35 * 4) + 2.9%. PS: It's not clear whether the 2.9% is charged on the .35 or before the .35 is included.

https://blog.patreon.com/not-rolling-out-fees-change/

https://blog.patreon.com/updating-patreons-fee-structure/
https://twitter.com/DamienWilkens/status/939608751648198657
https://brianbalfour.com/essays/patreon-onboarding-growth
https://twitter.com/Snubs/status/938664824157831168

Also, shameless plug: https://snubsie.com/support I do stuff on the youtubes.

 

The 30 Day Security Challenge!

Greetings!

For the month of November, I'll be posting a new video each and every day that will help you gain control of your security and privacy. There is so much to do when it comes to protecting accounts and devices, so it can easily become overwhelming and never get done! By breaking it down into a bunch of bite-sized chunks that are easy to consume, I hope that viewers will have a better grasp on security and privacy within 30 days.

Each episode will be published at the TekThing Youtube Channel as well as here on Snubsie.com, along with a printable checklist and written steps and links.

You can support the work I do by hitting up my Support page! Thank you for watching!

 

ICYMI: The Snubs Report is Going Strong!

I was in Kyoto for just a few days, so I made the most of it with these must-see tourism sites! Here are my top 6 places to see in Kyoto! Twitter: http://www.twitter.com/snubs Site: http://www.snubsie.com YouTube: http://www.youtube.com/ShannonMorse I've been hosting online video shows since 2008, and recently learned how to edit!

 

I've been working on The Snubs Report every week as an after-hours hobby platform. This show is giving me the ability to fine-tune my own vlogging and learn more editing skills. Since I've started The Snubs Report, I've gotten better at editing video and photos with Adobe Premiere, Lightroom, and Photoshop. I'm also learning a lot about analytics and what kind of videos you want to see.

So, what do you want to see me talk about on The Snubs Report? Anything in particular? Let me know via my social networks, or comment below!

Cheers!

My Letter

I'm sharing this for a girl who recently went through a similar experience.
I know you probably feel like crap right now, and as if everyone hates you. But please believe me when I say I know exactly how you feel and what you're going through. My story is a little different, but it had a similar impact. 

I remember it like it was yesterday, even though it was practically 10 years ago. I was hanging out with my then-boyfriend, and some good friends from college at one of our hometown lounges, chatting and having a grand time. I got a call from one of my besties, telling me something horrible had happened. A guy I had dated months previously had posted personal photos of me onto a gaming site for anyone to look at. My heart dropped. I seriously thought she was playing a cruel prank on me.

I remember breaking up with that long distance relationship. It was going nowhere, and I was at the point in my life where I wanted to find my soul mate. I deleted his private photos, our text messages. I deleted his entire existence from my life, because that's how I move on. He, apparently, didn't.

This is a letter to share my experience and how I found control, trust, and perseverance. At the time, I felt like a victim. Like I was robbed and there was nothing I could do.
My story is a story that hundreds of women are starting to speak out about. I started seeing a change in society's eyes about women's bodies in 2014, when several celebrities had their photos stolen and released without their consent. It made me feel like I wasn't the only one. It made me feel like it wasn't something I should be shamed for. And you shouldn't either.
There is a growing interest in women having power over their own bodies, from magazines showing breasts, to organizations trying to 'free the nipple'. Women are fighting tech companies for the right to share their photos of breastfeeding.
Before this growing trend, women have been told to never share private photos of themselves, to hide themselves for fear of them being released. If those photos ever get out, they are shamed for sharing them in the first place. They are "victim-blamed". Women are taught from an early age that their bodies are sexual things, and trusting this to another person can be seen as unintelligent, immoral, and wrong.
Over the past 10 years, I've taken several steps to keep my personal photos out of any public eye because I too believed it to be a terrible, bad thing. While I understand that once something is on the Internet, it's there forever, I still took strong precautions from my photos being posted without my consent. By sharing this information with friends, family, and relatives, I've amassed an army of trusted individuals who have helped me hide my body, who have helped me from being shamed. But I was still hiding.
I lost a huge part of my own strength and control when my personal photography was released without my consent so many years ago and since then, it's only gotten more prevalent. The trend of strangers judging my body, the comments made to me by con-goers, the immense deal of stress, spending hours upon hours sending Dmca takedown notices to random sites made solely to comment about women's bodies. It makes you feel numb after a while. It makes you lose faith in humanity and lose trust in people. I lost my optimism.
Recently, I took a vacation to a beautiful serene part of our planet earth where I had no connection to the Internet. I went offline for a week, and it was bliss. I heard no criticisms, no harsh feedback, and no opinions. I was myself again, and I missed feeling like that.
So I made a decision. I needed to quit hiding and share my side of an old story that so many women have told. That was about 9 months ago. I stopped worrying so much about some random opinion about my body and I focused on myself. And I felt like I gained back the control that I needed over my life. The random opinions didn't matter anymore, and I found a way to block them out of my life.
There are so many young girls who commit suicide because a boy has released their nudes, with no recourse. There are several women in the public eye who have had to deal with the same thing, but have amazing lawyers and PR representation. But the problem persists, where these women are constantly shamed for doing the act of taking photos of themselves in the first place.
And herein lies the problem. By shaming the victims of a sexual harassment or abuse, we are working our way into a society norm where women are treated as sexual objects. We need to take back control of our own bodies, and break the never-ending cycle of treating women as property that can be objectified. Women should feel strong and self-confident for sharing themselves with their spouse, significant other, boyfriend, girlfriend, or anyone for that matter. We shouldn't feel as if taking a photo of our nude body is a bad thing, or immoral, or something to be ashamed of.
I'm not ashamed, and I don't regret posing for my own photography. While I didn't have a clue about rule of thirds or lighting at the time, I did have self confidence. I've found my self confidence since then, and I've grown a career out of something I've been passionate about since I was a child. I fell in love with media and education. I've found a passion for life, love, freedom, and my own power.
While I did place trust in an individual that acted on a whim, and I placed control of my body in the hands of another person who made his own decisions- I dont look for recourse in his actions. I know, from speaking with many, that I could. But To this day I am so proud of myself for making the choices I have in life. From respecting that long-ago boyfriend, to respecting myself in my work. I wish I could have had control over my body 10 years ago, but that control was taken away from me with a swift upload.
I can't change my past, and I've discussed this with so many of my close associates. What I can do is speak out about my experience in the hopes that it gives another young women strength. No woman should ever be shamed for putting trust into a person she holds dear. No women should be told she is a slut, whore, cunt, or a bitch for sharing herself with her person. It is her choice, and whether she chooses to share herself publicly should continue to be her choice. Taking that decision away from someone is degrading and inhumane. While a person who shares your private information may do it out of spite, jealousy, or for bragging rights, I hope that by reading this some young woman in the world may look at her photos and say "I'm amazing. I'm proud of my body. I am not ashamed."
From the mouth of one of my European friends: "Who cares? Its just a body. Everyone has them." 

How Kaiser Permanente Took $1000 From Me

I got this email from Kaiser Member services:
Hi Shannon,
After reviewing your enrollment information it appears that the enrollment effective date of 07/01/14 is correct. Since the implementation of Affordable Care Act (ACA) you are only able to enroll with a health care provider during open enrollment periods. Since you recently were married in June you met the qualification to enroll with us due to meeting the criteria of a "Special Enrollment Period." Since your marriage qualified you to enroll your effective date of coverage would unfortunately have to be 07/01/14. Normally the ACA open enrollment period is  October 1, 2013 to March 31, 2014 for coverage to become effective as early as 01/01/14.
Since you expressed dissatisfaction of being billed  for coverage you indicated you didn't need nor known you'd have I am escalating a case to our Member Case Resolution Center (MCRC) for a Case Manager to review. The complete process may take up to 30 days: however, the Case Manager may contact you much sooner if further information is needed or if the resolution comes prior to the 30 days. Please let us know if you have any further questions or concerns and I apologize for the confusion you've had with your enrollment.
Thank you for allowing us the opportunity to assist,
Jamison James
Senior Health Plan Representative
Member Services Social Media Unit
Follow us: @KPMemberService
Read More

New Year Resolutions

 

2014 is one of those years that I'll remember forever. It was full of really positive moments and really low lows. I made some difficult choices, and some that came naturally.


The year started with a huge career upheaval. Some of my dearest mentors moved on, and were no longer around as often for me to talk with. Many folks made huge changes in their careers, some by choice, and some not. It seemed as if everyone around me was leaving, and I was stuck on my own. As I look back, I'm glad everyone made the moves they did. Several of my friends chose paths that positively effected their lives, and I am proud of them for taking the leaps they did. 


By taking a job with Tekzilla, I too made a leap of faith. Tekzilla brought me new opportunities, and helped me expand my knowledge. It also inspired me to work harder, and I felt much more self confident with my career. I learned that I shouldn't sell myself short, and I shouldn't always say 'yes'. 


This was the first year that shows I worked on were canceled, or I had to leave. It was hard to deal with that change, financially and emotionally, but I embraced it. The change brought the power of independence. I'm now completely free to choose what I do, with no strings attached. While I'm still feeling some of the negative impacts of those changes, I'm also growing my own self-worth, through the power of being my own boss. 


I knew that even if I felt like I had hit rock bottom and would have to live out of a car, I still had support from the people I love. A couple of years ago I learned that taking negativity at face value was worthless, specially if the ones saying things are complete strangers. 2014 was my year of embracing the people that mean the most to me, and leaving others behind or trying to see their comments outside of the box. It was the year that, if someone said I was wrong, I'd discuss it with them. Oftentimes the person (another human being!) would apologize for an attack or appreciate that I wasn't ego-driven. It meant more for me to relate, than to just berate back. 2014 meant not caring if someone online still looked at me as if I'm just the 'pretty girl on Hak5'. I advanced my knowledge so much this year, that hearing things like that no longer mattered. I continue to be a woman in the tech industry, and as hard as some might go to see me fail, I'm not going anywhere. This is where I belong and where I want to be. 


Women dealt with some weird stuff this year, myself included. From dealing with a real-life stalker, and filing a complaint with local police, to having an almost famous nerdcore rapper sexuality harass me at a pool party in Vegas, to watching celebrity women deal with obvious breaches of their own private information - (why women still have to deal with being objectified is beyond me)... But after dealing with objectification hundreds of times since I started working in online media, I decided not to 'smile'  anymore, and make sure others aren't afraid to speak up.  I want to be someone that little girls can look up to and be inspired by,and I'm glad everyone from toy makers to the US President are breaking down that gender barrier. Women are standing up for themselves when it comes to sexism, and I'm choosing to be one of those women. We are outspoken, strong, and logical.


Personally, I made some amazing life changes, like getting married to my amazing husband and choosing to go completely freelance for work. I focused more time on making memories than shopping, and saving more than spending. I traveled a lot, took amazing pictures, and spent time on hobbies, working less on the weekends. I spent less time on my phone and more time on myself- learning recipes to cook at home, taking day trips to local hop spots and spending time with friends.

I learned, through getting married, what friends care most about you and which ones care more for themselves. Marriage is amazing! Planning a wedding is stressful and time-consuming (that's a whole 'nother blog post!). I started being more open with my views, especially on things like religion and politics, and learned a bunch about fellow humans' personalities based on their reactions. 

In the end, I'm glad things happened the way they did. There were a few instances, like when Tekzilla was cancelled or my friend moved away, where I panicked and thought 'I'm so fucked!'. Other times when I felt like I was most peaceful and found my stride, with new hobbies and obsessions (like couponing and building electronics). I don't care if people find my passions annoying or weird. I don't care if a stranger thinks my hair cut is weird. I love my passions, and they make me happy! I like the direction my life is going. There were so many paths I could take this year, opportunities and gut feelings. I'm making a new path, leading and not following, and I kinda like it that way.

The Internet Has It's Moments... But Other Times...

There are rare occasions when I actually feel like pulling out a pencil and paper (or my digital notepad), and writing a few paragraphs about something that I feel emotionally invested in or about. 


A friend of mine posted a link to a reddit post yesterday, which featured a bunch of nude photos of celebrity women. I chose not to click on any of the photos, mostly because I like to live life without corrupting every last remaining minute. 


It really got to me. And I ranted about it on twitter, and for the most part people were in agreement. But a few folks sent me the obligatory 'well, they shouldn't have put naked photos on the internet' type of messages. 


I hope I can change their views within a few paragraphs. 
Let's take a step back. Someone on the interwebs hacks a company's servers and finds all sorts of private things on it. Thousands upon thousands of files, most likely. And they snoop through said files in the hopes of finding something delicious. The moment arises, in the shape of a nude female figure, a celebrity in fact! Of course, they can't keep that information to themselves, no. Somehow these photos get 'leaked' online, to be shared, forever, with anyone who wants to see them. 


The person gets his (or her) moment of glory! Everyone objectifies the women featured in the private photos, and thanks the hacker for their easy fap session.

 

But no one really thinks about the woman. Obviously, she made a mistake. She put her trust in a company, to keep her information safe. She assumed everything was okay. Maybe she was social engineered into giving out her info, along with several other celebs. (But that seems like a lot of hard work, and I like to think all those women have enough brains to know when something is shady). Or, maybe she just didn't know how to use the backup service, or forgot she signed up for it. Maybe it was a brute force attack. Who knows?? I certainly don't blame them. Everyone makes mistakes. Maybe they forgot their photos are still around! All of a sudden, probably without any hints, those private moments are now free and available to an epic fuck ton of humans across planet Earth.

 

Leave the celebrity bit behind for a second. Put yourself in her high heels. Men, I know it's a little hard to express any form of empathy for some, but take a moment and think about how that would impact your life. Maybe you wouldn't care, but would your wife? Your sister? Your children? Your boss? Would it embarrass you? Would you feel ashamed? Proud? Where is the humanity? What if that was your sister? Your wife?

 

Digging into a person's personal life such as this, doesn't just go away. Uncovering such personal information can destroy a person. Not just their career, or their relationship. It can eat away at them, year after year, never ending. People may meet them sometime in the future and constantly be reminded of the photo they saw on Reddit, or the tabloid where they read about a surgery or whatever it may be.

 

So, who do I blame? Well, I don't know who found a security flaw in an online cloud service, but exposing a bunch of women, objectifying them to a large degree, is not the way to fix an issue. Sure, it brings light to a bigger flaw, but victimizing lots of women based on getting a flaw fixed is NOT the way to do it. I'm sure that moment got a bunch of laughs from the person behind the attack, but I wonder if they'll still feel proud of themselves when one of those women loses her role in a movie, gets dumped, or (let's hope not) commits suicide (yes, people do kill themselves because they can't escape the pain of being bullied). Maybe she'll go to therapy? We won't know, because their strength and courage in front of a camera won't falter. THEY ARE ACTORS. I blame him/her for not directing their findings to the company who had the security flaw. 


And I blame the company, even more so if they WERE notified. Had they fixed the issues, maybe photos wouldn't be leaked (or the pervert still could have, if they saved them all or still had access). I blame the company for making so many feel safe, when consumers (including celebrities) go along with what they are told.

 

I guess I'll just end this with a TLDR version:
Don't blame the women, they shouldn't be the story here. The story is some cloud service has been exposed as being insecure in yet another security breach, and someone decided to announce it in a rather shitty way. 


Photos and lewd gossip spread like wildfire on the Internet. Once it's there, it's there. Do yourself a favor and DONT take part in the action because it makes you look like a jerk. DMCA notices are a very handy tool, and I hope these women take advantage of that, to hopefully remove some of the slander to their names. Eventually it'll die down, people will move on, but they'll still be reminded of it constantly. 
Next time you see a tabloid in the grocery store, don't laugh at those that are being gossiped about. Put yourself in their shoes for a moment. The results may astound you. 

 

I turned off comments, because I hate trolls. However, please do some further reading here.

*I wrote this at 1am Sunday night. So if some exposure of how the breach was done has been publicized since then, I didn't mention it.

StitchFix #10 Review - How To Get The Most From Your StitchFix

Today, I'm reviewing my 10th StitchFix box. So I've been ordering these boxes of surprises every month for almost a year, and I'm still loving it! What is it? StitchFix is an online styling service for women. You sign up and fill out a profile. The more information you give, the better your Fixes will be. I gave them a bunch of pros and cons on my profile, so they know what to send me and what not to. Boxes are $20 and you can get them as often or not as you want. That $20 goes towards your purchase of any items in the box and shipping is free both ways. You can keep 1, 2, or 5 items from each box (for a total of five items sent). If you keep all five, you get a 25% discount off the clothes. If you have a friend sign up with your referral link, you also get a $25 credit. Yay!
Read More

StitchFix #9 Review

I've got StitchFix #9 and Amber did a great job styling for me! I asked her to send fit-and-flare dresses for my Valentine's Day date, and she succeeded! Here are my five items from StitchFix. Remember, if you ever want to try out StitchFix for yourself, use my code to get your first box fast and I get a $25 referral credit! It's only $20 for a box and that purchase goes towards the price of any item you keep. Shipping is free both ways.

Melody Pearls & Branches Earrings 28 - These are very cute and sparkly, and lightweight! Keep!

Read More

StitchFix #8 Review

I love StitchFix. I've been using it for about 9 months now to get a monthly box of cute fashionable clothes. They send you five things for $20. If you like 'em, you keep 'em. That $20 acts as a credit towards whatever you keep. Keep all five items and you get 25% off.

If you use my code, I get an extra credit and you get your first fix a little faster.

Here's my eighth StitchFix!

 

Johnny Skinny Jeans - Cute skinny jeans, but I don't really need jeans so I didn't keep them.

Wynn Ikat Front Pocket blouse - I really like this sheer blouse. It's a pretty deep red color with neat little black patterns all over it. Keep!

Milan Lace Print Back Pleat Top - I love this print, and the fabric is super soft. Keep!

Queensland Dolman Jersey Top - A big fat NO. I hate this type of top, where the arm holes are so big they are like wings. I sent this one back.

Abrial Colorblocked Button-Up Cardigan - This cardigan was so cute! But it was rather short on me so I sent it back.

 

So my eighth StitchFix was a little mediocre, kind of like my 7th one. I think they could have done a better job choosing things that fit my shape and style, and I worried that it was because the site was becoming so popular. I tested a new theory with my Ninth StitchFix by explaining exactly what I was expecting, and I ended up keeping all five items! More on that Fix later..

StitchFix #7 Review

I haven't been to the mall in about 3 months and I owe a lot of that to StitchFix. See, I don't have a lot of time to go shopping. But when I do, I spend WAY too much. So to keep myself from spending too much but still get my 'fix' for new clothes, I signed up for StitchFix.

You sign up and select your preferences for size and style. Your stylist (mine is Ishara!) sends you a box of items they've picked for you. The 'styling fee' is $20.

Try everything on at your home, then send anything you don't like back. That $20 goes towards whatever you keep, and if you keep all five items you get a 25% discount. Sweet!

Let's check out my seventh StitchFix!

 

Galway 3/4 Sleeve Button-Up Blouse - This cost $58 and is a simple sheer button up. It didn't fit me well because it was a little short, so I sent it back.

Beatrice Chain Knot Detail Necklace $32 - A cool, simple silver necklace. Kept!

Andrea Floral Brocade Knit Dress $68 - I love the lace detail on this dress. I kept it!

Marley Sleeveless Sheath Dress $128 - This dress was a bit out of my price range... but it fit like a sleeve... so I kept it.

Livingston Ribbed Sweater Dress $98 - Also not what I like to spend on dresses. I sent this one back. The fabric was too heavy and it was too thick for weather in San Francisco.

 

Not too shabby, but also not one of the best StitchFix's that I've received. I still kept three items out of the bunch.

What do you think? Have you checked out StitchFix yet? Have you had a lovely Fix you want to tell me about? Comment!

And as usual, please use my referral link! It gets you in and gets me a credit for my next Fix!

Laptop Recommendations

I get asked this question a lot. Like, a WHOLE LOT. Every day.

"What laptop do you use on your show?" or "What laptop do you recommend?"

So I'm writing this blog to answer the age old question about Shannon's laptop.

When it comes to Linux distros, my laptop of choice for 3 years has been a small notebook called an Acer TimelineX with an old 3rd gen i3 processor. I have been using this one for my Hak5 segments for several years. It's very small (I believe 11 inches), compact, and takes a bit of a beating. I've loaded several operating systems on it and it still works to this day. I'm currently thinking about updating to a slightly larger laptop with better battery life and a larger screen / keyboard, though. While this laptop works like a charm for simple processing, it IS old and a bit too small.

I'm thinking about upgrading to the Dell XPS 13 Ultrabook. It's got an updated processor, high resolution, it's 13 inches but still weighs around 3 pounds (pretty good for toting back and forth from work) and it's damn pretty. I'd probably choose the i3 / non-touch / Windows 7 version because honestly, you don't need touch for playing in the terminal. It's also more expensive than a notebook. With that upgrade will be a price point of at least $1049.99... so there's that.

Here's another one to consider if you're wanting high-end and Apple. A Macbook Air. While I prefer the usefulness of a Windows machine that can ultimately dual boot to a Linux system or vice versa (both needed for my career, and I also grew up with Windows so I know it much better), the Mac line actually derived from the same place as Linux. Why do you think you see so many Macbooks at DEFCON? It IS an option for hackers, but personally not my first choice.

My last choice (and recent favorite) has been the new Acer Aspire S7. Disclaimer: Acer has sent me this model for long-term review. It's an expensive machine, and quite beautiful. This one runs Windows 8 and has a top-of-the-line battery, screen resolution, and processor. It's also very lightweight at under 3 pounds. I currently use this ultrabook for my podcasts on screen and I've gotten very used to the Win8 interface and touchscreen.

I have used all of these machines and I love them all. Eventually new lines will come along and take their place but if you are in the market for a laptop these have been my go-to choices. Obviously they are quite pricey (which is why I haven't upgraded!) and there are cheaper options on the market. Consider your own criteria before buying. What brands you trust, what is important to you (in the day and age of cloud computing, 1TB drives aren't needed for my own ultrabooks), and where will you be going with your laptop.

Oh, and I wasn't paid for this blog, just FYI. These are all my opinions.

StitchFix #6 Review

I'm obsessed with StitchFix and will be getting my fifth box in the mail in a few days. Here is my take on a box from back in May. StitchFix is a site where you tell all about your style and sizing preferences. Then, a stylist will send you five items picked just for you. You can try everything on at home and keep just what you want. The box comes with free shipping both ways, and a 25% discount if you keep all five items. A box costs $20, which goes towards the purchase of anything you keep! When you sign up, share your referall link for a $25 credit! Here is my referral link so you can get an invite: StitchFix.
Read More