TE23: BSides Security Conferences and Capture the Flag (CTF)

In this episode, we interview the RedStoneCTF (Capture the Flag) team and discuss their recent experiences attending the BSides Asheville NC Security event. BSides are held around the world, and there is often one every Saturday somewhere on the planet. First, we learn about the team which is composed of:

  • R3dC0m3t – Cyptanalyst, professionally an agile scrum-master.
  • Ph03n1x – Focused on coding challenges and reverse engineering.
  • W3bMind5s – Networking and older computer science class problems.

The team discusses the following issues:

  • What do you expect to learn from Capture the Flag competitions at these local BSides events?
  • What did you find the most challenging about your first BSides Capture the Flag?
  • Discussed our failures in preparing for our first in-person challenge. We are not yet disclosing our plan for BSides RDU this fall (2019).
  • What did you like most about BSides Asheville, for example, the Lockpick village? R3dC0m3t borrowed W3bMind5 pick set and discusses his practicing at home.
  • Discussed Foxpick’s unique jailbreak Lockpick village challenge.
  • We discussed the value of BSides being a local event. Also how much of BSides Asheville was really more like a BSides Charlotte. 
  • If you have any interest in Security, from forensics to social engineering and lock picking you should consider stopping by a BSides event near you. 
  • What’s next.

TE22: Talking FPGAs with Dr. Ray Hoare

Here are some of the topics we touched on while talking FPGAs with Dr. Ray Hoare President, and CEO of Concurrent EDA:

  • How are FPGAs differ from normal chips?
  • It’s all about bringing new applications to FPGA.
  • The advantages of FPGAs over generic CPUs.
  • FPGAs have more repeatable performance because they are dedicated, and don’t get interrupted with system tasks.
  • Aligning processing performance between a 22-core Xeon and a current FPGA using a factory analogy.
  • How do we see FPGAs attacking everyday problems like encryption?
  • What’s up with this system-on-a-chip (SoC) FPGA approach?
  • Huge amounts of bandwidth coming into the chip, demand more compute to offload the host CPU.
  • How is programming an FPGA different from a generic CPU?
  • Today programming FPGAs is still more art than science, while compilers are fantastic, the tools for FPGAs are not yet at that level.
  • When you have a gigabit or more of raw data per second coming in you’re better off pushing that through an FPGA.
  • To move your application or algorithm into an FPGA it needs to be mature, and well understood, ex. electronic trading, encryption, or data deduplication.
  • Why are cloud environments so excited about moving to FPGAs?
  • Are FPGAs going to be how we jump forward into artificial intelligence?

TE21: 3D Modeling and Printing with Chris Schweitzer

We talked with Chris Schweitzer who has been working with 3D printers as a hobby for the better part of the last five years. Our discussion covered the following questions:

  • How is 3D Modeling today different from mechanical drawing where we use to do isometric and oblique drawings?
  • What tools do you use to design something in 3D today?
  • What is a slicer, and what is it used for?
  • What other tools do you use beyond a 3D design program and a slicer?
  • With a “back of the napkin” sketch, what problems do you run into?
  • What other types of materials, beyond plastic, have you printed?
  • Which 3D printer do you purchase?
  • Where is the future of 3D printing going?
  • Can a 3D modeling file be used for more than just printing?
  • Do you think we’ll ever have an Amazon 3D printer where we buy something from Amazon, and then they print it out in my house using this printer?
  • Approaches to building a model from scratch, say for example a mask.
  • What should you take into account when designing for printing?

Here is a quick video of a 3D helmet design that was done from scratch in under two minutes: 

TE20: The West Chicago Radio Tower Mystery, Bob Van Valzah

While Bob is in his gardening period he discovered two pairs of very well
connected positioned shortwave antennas, clearly a ham radio guys wet dream. Here is an outline of our discussion:

    • Size matters, cell phone antennas compared to shortwave station antennas
    • In comparison what does a microwave dish looks like
    • Bob’s discovery of a cell tower with no cell antennas, only shortwave, and microwave
    • Power meters tell no lies, only one entity is using this tower
    • Bob doing some dumpster diving and discovers something interesting
    • A box from a research company, not production parts used by the typical commercial enterprise, out comes the cell phone camera
    • Discovers the FCC registration number for some post discovery research as to who owns this tower
    • Although the power meter says US Cellular they abandoned the tower in 2012
    • A tower management company picked it up in 2014, and the current leaseholder didn’t bother to label meter with their corporate entity
    • Since there is a microwave dish, the FCC database coughed up who owned it and where it was pointed
    • The other link for the microwave transmission was the Aurora
    • Someone has a link from CME to this Microwave dish on this tower with shortwave radio antennas
    • So what was in the research cardboard box from FS Research?
    • We talked software defined radios
    • Wow someone is linking the CME to two locations somewhere on the other side of an ocean
    • So where were the antennas pointed?
    • One pair was set for London while the other was Frankfurt
    • So the intent was to connect CME to markets in London and Frankfurt
    • Bob found out who owns it, and he may end up working for them someday, so he decided not to reveal the specifics
    • Photons verses electrons in the race for speed
    • Photons through fiber travel about 2/3 the speed of light
    • Radio waves do move at the speed of light
    • Radio is the lowest latency between CME and London.
    • We dove into the three different types of radio, a line of sight (microwave), ground wave, and sky wave.
    • Microwaves bound by the height of the tower, the curvature of the earth, so 50 miles is the furthest you can go, over a large body of water.
    • AM radio is a ground wave, it follows the curvature of the earth as the radio waves follow the curve. Several hundred miles during the day, at night, potentially 1,000 of miles.
    • Skywave is what bounces off the ionosphere, also known as skip, and you can easily go around the globe
    • We talk about how these technologies can improve returns for the actual market makers trading on these different exchanges
    • Benefits of shortwave versus the disadvantages. A fiber was the first thing used for trading with distant markets
    • Shortwave is horribly unreliable, with very low bandwidth
    • Fiber is totally reliable, but 2/3 the speed of shortwave.
  • The two gun analogy, using a fiber gun and a shortwave gun to gain the greatest advantage.
  • Fiber can be millions of packets per second while the radio is thousands of times per second
  • Shooters remorse, newer price right after sending a price
  • Two gun analogy is the best way to move prices
  • What about satellite
  • Geostationary satellites, horrible latency as a result of the great distance they were from earth.
  • Low Earth Orbit (LEO) satellites, much closer, but moving so you need to know where to look for them
  • Also discussed Google and Elon Musk’s efforts to deploy balloons and new LEO efforts
  • Shortwave is the lowest latency solution, but as discussed its horribly unreliable
  • There will always be a business incentive for pushing the technology boundaries
  • Surveys and bucket trucks, and Bob on his bike

Bob first presented his investigations at the Chicago STAC Summit in May 2018, and he will be again on June 13th at the STAC Summit in NYC. This podcast is for the benefit of those not able to see Bob in person.

TE19: Talking Networks and NICs with Nick Apuzzo

Nick Apuzzo is one of my oldest friends, and we had some time to sit down and talk about networking and servers. This podcast is the result of that discussion:

  • How we met in 1985 at IBM Research in NY when Nick picked up his pre-product IBM RTPC
  • Why I joined Nick at IBM Storage Systems Division in 1994, hint Adstar
  • How Scott ended up in performance networking by way of NEC, Myricom and now Solarflare
  • What a server is, and types of servers by purpose, CRM, ERP, Dropbox, etc..
  • Servers that are pre-built called appliances
  • What types of connections do these typically have?
  • How computing and servers have changed over the years.
  • Types of networking available to servers, gigabit Ethernet versus 10Gb Ethernet and beyond
  • What about 25 GbE and 40GbE?
  • Copper cables versus fiber optic, and limitations.
  • Connectors, SFP+ and SFP28.
  • Networking in versus networking out of a server, and when it’s asymmetrical
  • Software load balancing and networking
  • The balance between network bandwidth into an organization versus bandwidth required across the organization
  • Run up to 25GbE and possibly even 50GbE in the near future and how we get to 400GbE
  • The role of PCI Express, speeds, and how we need PCIe Generation 4 to move beyond 25GbE to dual 50GbE cards
  • How 25GbE can use the same cables as 10GbE so the hardware costs to move are easier, but the underlying technology becomes more challenging for the companies supplying it.
  • New features found in NICs, like Solarflare’s X2 series, that includes security and high-performance packet filtering
  • Solarflare ServerLock and how it contrasts to IPTables
  • The difference between a hardware firewall appliance in-front of a server, and doing hardware filtering in the NIC
  • How people can find Nick and his role at CC Integration, and what a technology integrator does

We then wrap up our chat with how this discussion ended up as a podcast.

TE18: Personal Cyber Security

Today we do something different and Bob Van Valzeh and I have a frank discussion on personal security in a digital world.

Below are some of the topics we discuss:

  • Background on Scott’s hacking past and his conversion to a white hat, a friendly, hacker.
  • Personal security, and acting smartly.
  • Don’t carelessly create opportunities for hackers to exploit your weaknesses.
  • The importance of password managers.
  • Being aware of threats around you social engineering, skimmers, etc…
  • Banking today, avoid using checks, online banking.
  • Security of free wifi, and the man in the middle
  • Being careful with email and phone usage.
  • Updating your Internet of Things (IoT) devices, thermostats, routers, personal devices, etc…

We then wrap it up with a quick rant on the government hoarding cybersecurity exploits.

TE17: The Low Down on The Meltdown

Yesterday Brantley Coile, CEO of Coraid and the original developer of NAT (Network Address Translation) joined me to discuss the Intel Meltdown vulnerability, and how we got here. Last Friday Brantley authored a Linkedin Blog entry titled “Intel Flubs Again.”

Below are some of the topics we discussed for this podcast:

  • How we met over a decade ago, and the Plan9 OS, not the movie.
  • Network Address Translation, and how he and a partner invented it, Private Internet eXchange (Cisco PIX)
  • Brantley invented the first: stateful inspection firewall, VPN, and load balancer (Cisco Director).
  • How we’re stuck with Intel’s complex processor architecture.
  • Complex Instruction Set Computing (CISC) versus Reduced Instruction Set Computing (RISC).
  • The graveyard of architectures MIPS, Itanium, and i960 (we didn’t mention SPARC, PA, Alpha).
  • The evolution from the IBM 360/370 to the IBM 801 (ROMP), Power, and how RISC and CISC meet up.
  • How compilers hide architecture from developers.
  • Complex architectures inevitably lead to high likelihoods for vulnerabilities.
  • A simplified description of what Meltdown really is.
  • Pipelining and speculative execution.
  • The Low Down on the Meltdown, and how it exposes memory during the speculative phase, and how it recovers the contents of that memory post speculation.
  • What can Intel do, and how will it hurt performance?
  • This creates an opportunity for ARM.
  • What Mom needs to do to protect herself today from Meltdown.
  • and more…

Interested in learning more about Solarflare’s Meltdown Prevention Program?
Please send an email to sschweitzer@solarflare.com

TE16: Digital Currencies & Bitcoin – Full Discussion

Bob Van Valzah joined me for two calls that became a seven-part series on Digital Currencies & Bitcoin. To the left is Bob’s initial mining rig from 2010. To make it easier for folks we’ve merged all seven episodes together into this one large episode. Please note on several occasions throughout the podcast you’ll hear a brief snippet of music, this is an artifact of these originally being edited into episodes, sorry in advance for this audio nuisance. This podcast covers a considerable amount of material in just under two hours, but if you get through it you’ll have plenty to talk intelligently about Bitcoin and blockchains with your friends and coworkers.

Here are the details of what was discussed:

  • How did you get into bitcoin mining?
  • What is a Blockchain?
  • How is a Blockchain structured?
  • Where are Blockchains stored?
  • What is the role of a node?
  • Are all nodes miners?
  • Is a miner a person or a computer?
  • What is a mining rig?
  • So what are miners actually doing?
  • The enormous numbers, for example, the 10^18 power behind solving these mining problems.
  • Are we looking for primes in a huge field of numbers (hint, no)? Solutions have 130 zeros at the end or 2^130
  • Mining rigs as space heaters, the power issue.
  • Who decides which miner is a winner in extending the blockchain?
  • What happens when two miners each find a valid solution during the time of the flood?
  • Is it still one bitcoin block every 10 minutes?
  • What happens if it takes longer than 10 minutes to arrive at a solution?
  • What keeps the bad guys from circumventing the whole mining system?
  • How often would you win a bitcoin, and what is a mining pool?
  • How is a Blockchain different from a standard bank ledger?
  • Banking is about trust, how is a Blockchain more trustworthy than distributed bank ledger?
  • Is the Bitcoin market cap really $65B?
  • How are transactions in the Blockchain signed?
  • Can you briefly describe public key cryptography?
  • How does the Blockchain system know that my cryptographic signature is valid?
  • Who is Satoshi Nakamoto? Is he one guy or a group?
  • So now that we understand Blockchains where do we go from here, cryptocurrencies, smart contracts, etc…?
  • A quick review of Blockchain technology.
  • What is a fiat currency?
  • How do cryptocurrencies differ from traditional currencies?
  • Money as a store of value.
  • Commodity money, where a currency is backed by, and can be traded for precious metal.
  • How fiat money derives its value.
  • How governments manipulate the money supply to meet their own needs.
  • We discussed the failings of the paper-based fiat currencies.
  • How credit cards overcome some of these issues.
  • The advantages of cryptocurrencies over paper-based fiat currencies.
  • Physical Bitcoins produced as a stunt, and the issues with them.
  • Using Bitcoin as a way to move money easily across borders.
  • Advantages of bitcoin mining rate, as a counter to inflation and currency manipulation.
  • Four-year correction in Bitcoin production, with rate halving, 16M today with 21M by 2040.
  • How Bitcoins are divisible into 100M pieces, called Satoshis.
  • Why is the price of Bitcoin so volatile?
  • What can drive the price of Bitcoin down?
  • Betting on Bitcoin via exchanges and futures.
  • How do I accept Bitcoin, and what is a wallet, and how does it work?
  • What is a hardware wallet, and a cold wallet?
  • How do miners actually make money?
  • What are transaction fees?
  • Should I drop a grand on a mining rig and get started?
  • Should I invest in Bitcoin? What is a binary investment option?
  • Can Bitcoin be lost or destroyed?
  • How is this different from fiat currencies?
  • Can Bitcoins be counterfeited?
  • You can create your own currency, ScottCoins anyone?
  • Are Bitcoins safe to use?
  • Discussed malware & Showtime hack which put miners on victim’s system?
  • Ransomware and the use of Bitcoin as the vehicle for payment?
  • The perception of Bitcoin as negative as a result of criminal use.
  • Should I keep my Bitcoin in my wallet or in an exchange wallet?
  • What are the legal issues around Bitcoin, and can anyone use it?
  • Discussed other currencies, ToysRUS JefferyDollars, frequent flyer miles, etc…
  • How about other countries, for example, Kenya, which used cell carriers as banks.
  • Are countries like the US trying to regulate Bitcoin? At the edges when Bitcoin is turned back into fiat currencies that’s where countries are getting involved, for example reporting.
  • Why are criminals using Bitcoin? It’s a great way to move money across borders, also it affords users anonymity, but it’s no different than using US dollars.
  • Any anonymous form of cash can be used towards bad ends, it’s not limited to Bitcoin.
  • Discussed handing over a bitcoin wallet to pay for something.
  • Banks, and suspicious activity reporting, limit of $10K.
  • What else can Bitcoin be used for beyond illicit transactions?
  • Silkroad, and how little an impact it had on Bitcoin when shutdown. It was October 2013, and you could barely find it by looking at transaction volumes.
  • One of the biggest uses is transferring money to foreign families or speculators.
  • Where to get a Bitcoin wallet, and Bitcoin ATMs.
  • Once you have a wallet you can put $20s into an ATM, and buy bitcoin.
  • What are hard forks? Reviewed making your own Bitcoin.
  • Discussed the three transactions per second limit.
  • Created BitcoinCash from Bitcoin, to dramatically improve transaction rates.
  • Viewing Bitcoin as an advancement in money technology, people will be creating new technologies in this space.
  • Bitcoins make for a good medium for exchange, but not necessarily a good store of value due to its volatility.
  • The value of Bitcoin tracks Metcalf’s law, which means that the value of Bitcoin is related to the square of the number of unique people using the currency.
  • The value of a cyber currency might in-fact be a function of the square of the transaction rate if enough unique people are using it, which for Bitcoin is limited to three transactions per second. BitcoinCash and others have dramatically increased the transaction rate limits that hobble bitcoin.
  • Thanks to Bob for his expertise.
  • The trading value of Bitcoin going from $3K to $18K from September to December.
  • One last time we addressed whether Bitcoin is in-fact real?

Thank you all for listening.

Interested in evaluating Solarflare’s ServerLock Firewall in the NIC technology?
Please send an email to sschweitzer@solarflare.com

TE15: Bitcoin, Part 7 of 7 Digital Currencies

Bob Van Valzah dropped in for a long session on Bitcoin & Digital Currencies which turned into the second half of a seven-part series on Digital Currencies.

This episode is the conclusion of that discussion:

  • Any anonymous form of cash can be used towards bad ends, it’s not limited to Bitcoin.
  • Discussed handing over a bitcoin wallet to pay for something.
  • Banks, and suspicious activity reporting, limit of $10K.
  • What else can Bitcoin be used for beyond illicit transactions?
  • Silkroad, and how little an impact it had on Bitcoin when shutdown. It was October 2013, and you could barely find it by looking at transaction volumes.
  • One of the biggest uses is transferring money to foreign families or speculators.
  • Where to get a Bitcoin wallet, and Bitcoin ATMs.
  • Once you have a wallet you can put $20s into an ATM, and buy bitcoin.
  • What are hard forks? Reviewed making your own Bitcoin.
  • Discussed the three transactions per second limit.
  • Created BitcoinCash from Bitcoin, to dramatically improve transaction rates.
  • Viewing Bitcoin as an advancement in money technology, people will be creating new technologies in this space.
  • Bitcoins make for a good medium for exchange, but not necessarily a good store of value due to its volatility.
  • The value of Bitcoin tracks Metcalf’s law, which means that the value of Bitcoin is related to the square of the number of unique people using the currency.
  • The value of a cyber currency might in-fact be a function of the square of the transaction rate if enough unique people are using it, which for Bitcoin is limited to three transactions per second. BitcoinCash and others have dramatically increased the transaction rate limits that hobble bitcoin.
  • Thanks to Bob for his expertise.
  • The trading value of Bitcoin going from $3K to $18K from September to December.
  • One last time we addressed whether Bitcoin is in-fact real?

This was the final episode of the Digital Currencies series. Soon we’re going to post the full series as a single podcast, Episode 16, for those interested in hearing the whole thing in a single shot.

Please stay tuned, starting later this month we’re going to launch a series on security.

Interested in evaluating Solarflare’s ServerLock Firewall in the NIC technology?
Please send an email to sschweitzer@solarflare.com

TE14: Bitcoin, Part 6 of 7 Digital Currencies

Tonight Bob Van Valzah dropped in for a long session on Bitcoin & Digital Currencies which turned into the second half of a seven-part series on Digital Currencies.

This episode covers:

  • Can Bitcoins be counterfeited?
  • You can create your own currency, ScottCoins anyone?
  • Are Bitcoins safe to use?
  • Discussed malware & Showtime hack which put miners on victim’s system?
  • Ransomware and the use of Bitcoin as the vehicle for payment?
  • The perception of Bitcoin as negative as a result of criminal use.
  • Should I keep my Bitcoin in my wallet or in an exchange wallet?
  • What are the legal issues around Bitcoin, and can anyone use it?
  • Discussed other currencies, ToysRUS JefferyDollars, frequent flyer miles, etc…
  • How about other countries, for example, Kenya, which used cell carriers as banks.
  • Are countries like the US trying to regulate Bitcoin? At the edges when Bitcoin is turned back into fiat currencies that’s where countries are getting involved, for example reporting.
  • Why are criminals using Bitcoin? It’s a great way to move money across borders, also it affords users anonymity, but it’s no different than using US dollars.

We’ll close out this series in part 7 next week on December 14th, and include some recent news. Please stay tuned, and thank you all for listening.

Interested in evaluating Solarflare’s ServerLock Firewall in the NIC technology?
Please send an email to sschweitzer@solarflare.com