Rank #1: TE18: Personal Cyber Security
Today we do something different and Bob Van Valzeh and I have a frank discussion on personal security in a digital world.
Below are some of the topics we discuss:
- Background on Scott’s hacking past and his conversion to a white hat, a friendly, hacker.
- Personal security, and acting smartly.
- Don’t carelessly create opportunities for hackers to exploit your weaknesses.
- The importance of password managers.
- Being aware of threats around you social engineering, skimmers, etc…
- Banking today, avoid using checks, online banking.
- Security of free wifi, and the man in the middle
- Being careful with email and phone usage.
- Updating your Internet of Things (IoT) devices, thermostats, routers, personal devices, etc…
We then wrap it up with a quick rant on the government hoarding cybersecurity exploits.
Mar 02 2018
Rank #2: TE23: BSides Security Conferences and Capture the Flag (CTF)
In this episode we interview the RedStoneCTF (Capture the Flag) team and discuss their recent experiences attending the BSides Asheville NC Security event. BSides are held around the world, and there is often one every Saturday somewhere on the planet. First we learn about the team which is composed of:
- R3dC0m3t – Cyptanalyst, professionally an agile scrum-master.
- Ph03n1x – Focused on coding challenges and reverse engineering.
- W3bMind5s – Networking and older computer science class problems.
The team discusses the following issues:
- What do you expect to learn from Capture the Flag competitions at these local BSides events?
- What did you find the most challenging about your first BSides Capture the Flag?
- Discussed our failures in preparing for our first in-person challenge. We are not yet disclosing our plan for BSides RDU this fall (2019).
- What did you like most about BSides Asheville, for example, the Lockpick village? R3dC0m3t borrowed W3bMind5 pick set and discusses his practicing at home.
- Discussed Foxpick’s unique jailbreak Lockpick village challenge.
- We discussed the value of BSides being a local event. Also how much of BSides Asheville was really more like a BSides Charlotte.
- If you have any interest in Security, from forensics to social engineering and lock picking you should consider stopping by a BSides event near you.
- What’s next.
Please check out the RedStoneCTF team’s website to learn more about their adventures, tools they use, and proving grounds where they test their skills.
Aug 19 2019
Rank #3: TE22: Talking FPGAs with Dr. Ray Hoare
Here are some of the topics we touched on while talking FPGAs with Dr. Ray Hoare President, and CEO of Concurrent EDA:
- How are FPGAs differ from normal chips?
- It’s all about bringing new applications to FPGA.
- The advantages of FPGAs over generic CPUs.
- FPGAs have more repeatable performance because they are dedicated, and don’t get interrupted with system tasks.
- Aligning processing performance between a 22-core Xeon and a current FPGA using a factory analogy.
- How do we see FPGAs attacking everyday problems like encryption?
- What’s up with this system-on-a-chip (SoC) FPGA approach?
- Huge amounts of bandwidth coming into the chip, demand more compute to offload the host CPU.
- How is programming an FPGA different from a generic CPU?
- Today programming FPGAs is still more art than science, while compilers are fantastic, the tools for FPGAs are not yet at that level.
- When you have a gigabit or more of raw data per second coming in you’re better off pushing that through an FPGA.
- To move your application or algorithm into an FPGA it needs to be mature, and well understood, ex. electronic trading, encryption, or data deduplication.
- Why are cloud environments so excited about moving to FPGAs?
- Are FPGAs going to be how we jump forward into artificial intelligence?
Jan 27 2019
Rank #4: TE20: The West Chicago Radio Tower Mystery, Bob Van Valzah
While Bob is in his gardening period he discovered two pairs of very well
connected positioned shortwave antennas, clearly a ham radio guys wet dream. Here is an outline of our discussion:
- Size matters, cell phone antennas compared to shortwave station antennas
- In comparison what does a microwave dish looks like
- Bob’s discovery of a cell tower with no cell antennas, only shortwave, and microwave
- Power meters tell no lies, only one entity is using this tower
- Bob doing some dumpster diving and discovers something interesting
- A box from a research company, not production parts used by the typical commercial enterprise, out comes the cell phone camera
- Discovers the FCC registration number for some post discovery research as to who owns this tower
- Although the power meter says US Cellular they abandoned the tower in 2012
- A tower management company picked it up in 2014, and the current leaseholder didn’t bother to label meter with their corporate entity
- Since there is a microwave dish, the FCC database coughed up who owned it and where it was pointed
- The other link for the microwave transmission was the Aurora
- Someone has a link from CME to this Microwave dish on this tower with shortwave radio antennas
- So what was in the research cardboard box from FS Research?
- We talked software defined radios
- Wow someone is linking the CME to two locations somewhere on the other side of an ocean
- So where were the antennas pointed?
- One pair was set for London while the other was Frankfurt
- So the intent was to connect CME to markets in London and Frankfurt
- Bob found out who owns it, and he may end up working for them someday, so he decided not to reveal the specifics
- Photons verses electrons in the race for speed
- Photons through fiber travel about 2/3 the speed of light
- Radio waves do move at the speed of light
- Radio is the lowest latency between CME and London.
- We dove into the three different types of radio, a line of sight (microwave), ground wave, and sky wave.
- Microwaves bound by the height of the tower, the curvature of the earth, so 50 miles is the furthest you can go, over a large body of water.
- AM radio is a ground wave, it follows the curvature of the earth as the radio waves follow the curve. Several hundred miles during the day, at night, potentially 1,000 of miles.
- Skywave is what bounces off the ionosphere, also known as skip, and you can easily go around the globe
- We talk about how these technologies can improve returns for the actual market makers trading on these different exchanges
- Benefits of shortwave versus the disadvantages. A fiber was the first thing used for trading with distant markets
- Shortwave is horribly unreliable, with very low bandwidth
- Fiber is totally reliable, but 2/3 the speed of shortwave.
- The two gun analogy, using a fiber gun and a shortwave gun to gain the greatest advantage.
- Fiber can be millions of packets per second while the radio is thousands of times per second
- Shooters remorse, newer price right after sending a price
- Two gun analogy is the best way to move prices
- What about satellite
- Geostationary satellites, horrible latency as a result of the great distance they were from earth.
- Low Earth Orbit (LEO) satellites, much closer, but moving so you need to know where to look for them
- Also discussed Google and Elon Musk’s efforts to deploy balloons and new LEO efforts
- Shortwave is the lowest latency solution, but as discussed its horribly unreliable
- There will always be a business incentive for pushing the technology boundaries
- Surveys and bucket trucks, and Bob on his bike
Bob first presented his investigations at the Chicago STAC Summit in May 2018, and he will be again on June 13th at the STAC Summit in NYC. This podcast is for the benefit of those not able to see Bob in person.
Jun 13 2018
Rank #5: TE19: Talking Networks and NICs with Nick Apuzzo
Nick Apuzzo is one of my oldest friends, and we had some time to sit down and talk about networking and servers. This podcast is the result of that discussion:
- How we met in 1985 at IBM Research in NY when Nick picked up his pre-product IBM RTPC
- Why I joined Nick at IBM Storage Systems Division in 1994, hint Adstar
- How Scott ended up in performance networking by way of NEC, Myricom and now Solarflare
- What a server is, and types of servers by purpose, CRM, ERP, Dropbox, etc..
- Servers that are pre-built called appliances
- What types of connections do these typically have?
- How computing and servers have changed over the years.
- Types of networking available to servers, gigabit Ethernet versus 10Gb Ethernet and beyond
- What about 25 GbE and 40GbE?
- Copper cables versus fiber optic, and limitations.
- Connectors, SFP+ and SFP28.
- Networking in versus networking out of a server, and when it’s asymmetrical
- Software load balancing and networking
- The balance between network bandwidth into an organization versus bandwidth required across the organization
- Run up to 25GbE and possibly even 50GbE in the near future and how we get to 400GbE
- The role of PCI Express, speeds, and how we need PCIe Generation 4 to move beyond 25GbE to dual 50GbE cards
- How 25GbE can use the same cables as 10GbE so the hardware costs to move are easier, but the underlying technology becomes more challenging for the companies supplying it.
- New features found in NICs, like Solarflare’s X2 series, that includes security and high-performance packet filtering
- Solarflare ServerLock and how it contrasts to IPTables
- The difference between a hardware firewall appliance in-front of a server, and doing hardware filtering in the NIC
- How people can find Nick and his role at CC Integration, and what a technology integrator does
We then wrap up our chat with how this discussion ended up as a podcast.
Jun 03 2018