 Welcome back to the Cyber Underground. I'm Dave, the Cyber Guy. That's right. Dave Stevens. I teach for the University of Hawaii at Kapiolani Community College. I teach information technology, network security and ethical hacking. And with me today is one of my colleagues, assistant professor Hal Cochran, also an IT professor. And we call him Hal, the networking guy. Welcome, brother. Thanks for coming in. Thanks for having me back. Thanks for letting me torture you again on the air. The news of the day, the show that writes itself, right? And Trump just keeps making it better. A lot of interesting things going on. Yeah, but let's start out with some good news. Brian Krebs is the security researcher. So I get his blog all the time. But NPR picked this up. You said, and I think I heard this too, the credit freezes now are free in all 50 states. So let's go back in time for people in the chief seats. You may have heard Equifax, lost a bunch of our data, got hacked, and people want credit freezes because that data that they gave away, people could use it to become us and create other accounts being us. So identity theft. To protect against that, you can freeze your credit report so no one can apply for credit without you saying so. But that's also you. So before you apply for any kind of credit, you can unlock, but then you have to relock it. And it used to cost how much were you paying for that? It was $5 each time that you unlock it and $5 to relock it. Again, so right after Equifax, I was notified that my information was part of that breach. So I went and put a freeze on my credit to, I was able to do about maybe half of the credit bureaus, allowed me to do it and they charge $5 each time. But a couple of the others, I wasn't able to accomplish it even though I tried, the website didn't work or you'd end up on some phone tree that was just a dead end. But I did put a hold on the ones that I could. And then of course I switched cell phone providers and so of course they wanted to do, they wanted to do a credit check. So I had to go unlock it, come back, let them do the credit check, go back and have it locked again. So there's $10 every time. So I'm really happy to hear that at least it's free. I hope they can make it a little more streamlined. Well there was a cost per organization too, Equifax TransUnion. This is the each one. This is $5 for each one that you unlock. But when I change phone providers, I ask them which bureau are you going to use so I only need to unlock that one bureau. Did they tell you? Yeah. Oh that's good. Because usually sometimes they check all three. You have to unlock them all and put them on. That would have been $30, right? But I'm really happy to hear that. Now it's free. But I hope they can also do something to streamline it so you don't have to go to six different sites. This does not sound like fun. It's like sticking your hand in a blender. It sounds like I'm not looking forward to it. Yeah, it's not fun. It's not easy to accomplish. But if it comes down to it, it could save me an awful lot of trouble. I mean as opposed to if someone gets hold of my information and opens a bank account and gets a loan in my name or something, that could be a nightmare. It's interesting to note though that this change had to be legislated. These companies would not do this for free. No. Even though one of them was solely responsible for one of the biggest breaches in the history of data. And it just amazes me that companies will not do the right thing. They'll charge for it and keep digging customers for money until the law says you must do these things. And I just have to emphasize that because there's a balance between deregulation and regulation. You can't just take all the regulation away from companies. We were talking about the other night when the EPA, before the EPA was around, so many chemicals got dumped into the Cuyahuga River that it got set on fire at one point. The river was on fire. So the companies don't do the right thing unless they're told to do the right thing in my opinion. At least the bigger companies. Because they're in it for their own self-interest. That's not their goal. Their goal is profit and to make money for their shareholders. It's not to protect the environment. It's not to protect people. It's not to be good citizens. They're there to make money and if polluting makes money then it makes sense for them. That's what they're going to do. Think of it as collateral damage. Yeah, but we made money. So you do need some regulation to guide companies through. I don't believe in over-regulating but we're not achieving a balance right now. We had to legislate this into effect. It's nice that the non-bipartisan Congress was able to push that through. Non-bipartisan? Yeah, there is double negative. Split right down the middle and it was nice that they could actually do something. Let's go to other good news. Apple. You use Apple. I use Apple. The new iOS, macOS, TVOS, and watchOS all came out. But macOS is released on Monday. They usually do this once a year. They release all the device software a week ahead of time and then the macOS for the actual systems, the desktops and laptops comes out a week later. I upgraded to iOS 12 and I have seen absolutely no difference except in Siri. I don't know what's wrong that the IQ of that AI has sharply dropped since I upgraded to iOS 12, but that's my only warning. Siri seems to not know what I'm talking about. And it was just fine on iOS 11 the day before, but soon as 12 hit, something's not quite tweaked into place and this always happens. We were going to go through this for a little while before they iron it out. I've already heard that the iOS 12.1 is ready for a release, so they know about these problems. So we'll get an update any second now. Mojave, though, macOS Mojave, looks pretty good. We're running High Sierra right now. You have one of the latest laptops, right? So that's a good OS. I like it. It's got a lot of good features and the Mojave is coming out with dark mode. Really looking forward to this. Yeah, it switches the contrast of your screen so it's darker in places where you expect it to be light. And they also have a background. If you take the default background, it'll change according to the time of day. So it's a, it looks like a high res photo of a desert, the Mojave desert, a sand dune. And in the morning, you'll see the sun coming in from one side. In the afternoon, it's blazing down in the middle. In the afternoon, you'll see it coming in from the other side. And at night, it's a nighttime view of the desert. It's about bells and whistles. Yeah, I'm apprehensive about how much CPU juice that's going to take up. How much is that, how much memory, how much CPU is that worth giving up? Right. Do I need that running in the background? It might be cool to see once. Yeah. Do you need that all the time? No. Yeah. And especially if, like with me, multiple monitors, I'm going to have to have that repeated on multiple monitors that, yeah, it's going to take up a lot of cycles. Yeah. That's like Windows, Windows Vista that had the arrow that did all the animation. Yeah, right, right. The first thing I would do is turn that off. And I gained so many system resources back, all this memory, all the CPU cycles back. A lot of bells and whistles. So much faster. And I really didn't need all those fancy, you know, animations and the bells and whistles. But, you know, people like to say. There's good stuff, too. They have new stacks, a new desktop organizer. There's a new way to organize your files on the desktop. I can't hardly wait to see that. I've seen that demo. IOS 12 now and FaceTime, you can have up to 32 participants at the same time. Nice. That's a lot of faces. Basically, WebEx, you know, and you can do it for free on FaceTime. Haven't tested it. But we have times when we could test that out. We should give it a test. Even WebEx. WebEx, the free version of WebEx has a limit of, like, three, three participants. The host. Yeah, you need to pay and get the commercial version to go beyond that. It's not cheap. But FaceTime is still completely free, right? That's right. It's completely free. So it's a free service. I don't know what it's going to be like on low bandwidth. So we'll see if the cellular bandwidth can handle it, or do you have to be on Wi-Fi. But I've seen a demonstration of it while you're using it. Whoever's talking comes to the forefront. So you see them, and everyone else becomes smaller in the background. And then if you need to see somebody that's not speaking, you tap on them and it comes up. It's pretty nice. I like it. It's okay. Sounds good. I'm going to be the brave one and upgrade as soon as it comes out. Because I'm one of those guys that I just got to know. I've got good backups. I can recover. I can roll back. So I'm going to be the guy that puts my nose out there and says, hey, show me what you got. You can let us know how it works out. And if you like it, then the rest of it will roll out. You can safely follow me, right? I'll tell you when it's safe to come out of the woods. It usually takes up to a month before these things are ironed out with high Sierra. We had updates for several months after it came out, fixing little bugs. But one of the scariest was a security bug that in the high Sierra update, something out rolled back in the security and allowed an old hack to work. The security stuff is a little bit frightening. These operating systems have become so complex now that it's easy for things to creep in that weren't anticipated. You fix one problem, it causes another problem somewhere else. As you said, it rolls something back. So it's normal to have patches to the patches. You do the update and then you have to do the updates to fix what happens, what was caused by that. The engineers are probably going, oh, gosh. I did it again. Okay. We'll fix that. Next one. We'll run out of minor version. So updates are inherently complex because the OS is complex. I learned a lot about radio frequency this week. I had a little issue. I was using the Mac Magic Mouse 2, which is battery rechargeable battery Bluetooth mouse. And I love it. It's great. It's starting to get a little jerky. There's some movement patterns that I didn't recognize at first. I thought I had a root kit on my system, so I reloaded the OS. And then I started installing each application individually to see what was going on. Turns out, some external monitors put out 2.4 gigahertz as their natural frequency. They radiate at this level and can interfere with Bluetooth devices. So I am running ASUS monitors. And for some reason, their output resonates at the same radio frequency as my mouse. So every once in a while. That explains why monitors have that FCC tag on the back. It doesn't warn you of emissions. But it's interesting that they would pick the 2.4 gigahertz. I don't think they picked it. I think this is a wash. So there's a range. And my mouse every once in a while will bump into that range. Because that's the most crowded radio frequency. Sure. The older Wi-Fi was 2.4. We think that they would do whatever they could to keep the emissions out of that range and put it somewhere else. But no. They're great monitors. But I have to be careful about how much power I actually use in these monitors. I had a microwave oven once. And every time that I turned on the microwave oven, my Wi-Fi went down. Really? Because it was in the same frequency range. It would create interference in the same range. It would bring down my Wi-Fi. I remember the wireless handsets. They were pretty much Wi-Fi. And you know, you had a base station on a mobile phone with an antenna on it. And my Wi-Fi and that kind of phone were bumping into each other because they're both 2.4. I had to bump up to a 5 gigahertz router for my Wi-Fi. Which improved performance immeasurably already. There's so much less interference in the 5 gigahertz range. Plus, you know, it was A, B, C, and G. So it was, you know, multiple ways of transmitting the data. And the protocols were much better. But, you know, we just keep getting better. Just bump into a problem, solve the problem, bump into another problem, solve the problem. Windows were waiting for the next one to come out here. They've hinted at a couple of changes. Windows 10, I like it. I don't like it as much as Windows 7. But that's not the problem anymore. Liking something doesn't mean you should stay with it. There's so many security issues coming out every day for older operating systems that you're taking enormous risks staying on those older operating systems. I think a lot of people would love to stay with Windows XP. That was probably the most popular rock hard. But once the support to patch the security issues is gone, you can't. You just can't stay on the operating system because you've got this big bullseye on your back. You've become a huge target. Yeah. And the tools that come out to perform those hacks become easier to obtain and easier to use. So, script keys, people that have never hacked before can take a little tool and point it at you and click go. You can take Metasploit. Yeah, Metasploit. And in like 30 seconds, they've got your machine. You've got it, yeah. Well, let's take a little break. When we come back, we'll talk about our least favorite president of all time. That's our current president, the orange-headed buffoon. And we're going to talk about some of the things he's done and how he doesn't think before he actually pulls the trigger. And it's starting to affect us in the technological industry. So, until then, people come right back and stay safe. Aloha. My name is Mark Shklav. I am the host of Think Tech Hawaii's Law Across the Sea. Law Across the Sea is on Think Tech Hawaii every other Monday at 11 a.m. Please join me where my guests talk about law topics and ideas and music and Hawaii Ana all across the sea from Hawaii and back again. Aloha. Aloha. I'm Wendy Lowe and I'm coming to you every other Tuesday at 2 o'clock live from Think Tech Hawaii. And on our show, we talk about taking your health back. And what does that mean? It means mind, body, and soul. Anything you can do that makes your body healthier and happier is what we're going to be talking about. Whether it's spiritual health, mental health, fascia health, beautiful smile health, whatever it means, let's take healthy back. Aloha. Welcome back to the second half of our show at the Cyber Underground. I'm Dave, the Cyber Guy. I'm here with my colleague Hal, the networking guy. And now we're going to talk about our least favorite president. We've already talked about the good news. Let's talk about some of the bad news. I think our president tends to have a thought, comes to his head, and he fires something off without thinking through the consequences on the other side. And it's starting to get really old. Let's talk about some of these executive orders that he's done. Oh, but first, let's talk about how he wants to declassify documents in the Russia investigation and then changed his mind. So he was saying that the FISA documents, the federal warrants to go, you turn this into a judge and it's a security classified, so you can't share it with the public. And you say, we need to go monitor this person. Please sign off in this order. Those are FISA warrants. And he's saying that they were illegally obtained and contained false or misleading information and were heavily based on the Steele dossier. If you remember that from that former MI5 operator, yeah? So that's probably not the case, but he's also changed his mind again. He doesn't want to declassify. At the recommendations of all his people around him saying, you really shouldn't do that. That's an ongoing investigation and we can't throw that information out there in the public just to save your ass. And I can't believe that we have this kind of president in there. He probably was told that one thing, as you said, you don't share information about an ongoing investigation. That's a longstanding policy. Well, for multiple reasons. You share the information. The case could go bad. You could lose the case. Witnesses could get corrupted or juries could be corrupted. And you just have so many complications. When the information gets out, you got to keep it sequined until you actually present it to a judge and a jury. And then besides that, in order to justify this, that it was somehow tainted or obtained illegally, that he would have to actually present some evidence that would show that. And he probably doesn't have any evidence to show. He's just using the documents. He's in a Twitter war still. Well, he went out there and I guess somebody told him he should make some executive orders that had to do with technology. And he did make some. And I went and read some of them. The titles are impressive. And the good titles. However, when you read the document, there's a few issues. Let's go over the first one. We have notes here. The executive order 1380013800 is called Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Boy, it sounds great, doesn't it? That sounds wonderful. The problem is when you read the document. Not what it does. In, I believe, section two of the document, it actually says we're going to do this using the guidance from the National Institute of Standards and Technologies Special Publication NIST 800-53. That's the DOD Network Standards. So that organization is responsible for making all these standardized documents and updating them every year so they're current and they're relevant and they're meaningful. Because technology is changing so rapidly. It's a continuous ongoing process to update and maintain these. Unfortunately, their budget has been slashed by $6.3 million for next year by the president of the United States. Seems contradictory. It seems like he didn't think before he pulled the trigger. I mean, he thinks about budget on the one hand and he thinks about security on the other, but he never says, whoa, does one affect the other? That just doesn't make any sense. We were talking about his security on the border. He has just gone all in on ICE and the border security and he's taken money away from health and human services and the research that we're doing for against cancer and several other diseases. And what was the other place you said he took it out of? From FEMA. Millions of dollars away from FEMA, which seems like timing because right now we have forest fires that are devastating. We've got flooding in North Carolina. We've got hurricanes. We just had one on three of our islands were devastated just a little while ago with our last hurricane. Land came through and put four feet of water on the big island. You think if anything, you want to be strengthening FEMA, not taking away from the budget at this time. You're using something I'm familiar with, but I can't put my logic. Yeah, yeah, logic. Sorry, sorry. So there's Trump over here and there's logic way over there. They've never met. They just they don't come together. There's ego and sexism and misogynism and immaturity and stupidity and that has met Trump multiple times. I mean, they're good friends. Those are the skeletons in his closet and there's no closet door. You walk in his house and you look to the right and you see all that plus the incestuous nature of his relationship with his daughter, which I think is kind of weird. And it's not just it's not just an ordinary closet. It's like one of those big walking closets that's like a room to itself, right? So you can walk in there and have a party with all the skeletons, right? I'm getting really tired of thinking there's some good news on the horizon and maybe Trump's actually done something right. And this is not the case. Let's go over a couple of the other executive orders that sounded great. But but so we have 13803 reviving the National Space Council. So this council was created in 1989, but it kind of just died on the vine by 1993. There's there's no participation, no motion, no nothing by 1993 just died. He wants to revive it. The problem is, when you look at the members of the council, if you've ever seen a cabinet meeting where Trump invites the media in and all those people around him say, thank you, Mr. President, for being such an incredible dictator. And we're going to praise Mussolini and good job being a fascist. And everybody says the same thing. Well, it just so happens that round table. Those are all the members of this council. So they put they plugged a couple of positions in there. The space is actually in their job title. But one of them is from NASA, who's being run by a Trump and pointy who's a climate denier. What do you think of this? Is that council going to do is any good whatsoever? It seems odd to have space council with, you know, with people who don't necessarily believe science. And I think to me that those two things, it's like the Flat Earth Society doing scientific project. And they're chaired by Pence, our vice president. I think maybe Pence didn't have enough to do. So they threw him in there, basically under the bus, because this this council is not going to be able to do anything meaningful. They're the same cabinet members that were appointed by Trump. They're the secretary of state. Why is the secretary of state on the space council? Well, he might have something to do with the new space force that they want to come up with, which is kind of dumb, right? When you think about a space force, because we've already got the U.S. Navy and the U.S. Air Force with assets that relate to space, especially the the Air Force right now. It does, you know, they monitor the satellites, they monitor the trash orbiting their Earth, right? They track all this stuff. They help NASA with the launches. They have to coordinate with the FAA for almost every single thing they do. So the infrastructure for a space force is already in the Air Force. I've heard both sides of this, and there are some, you know, experts who will say that the space force is not such a bad idea, but my fear is how is it going to be It's got to have a pretty good justification, right? So right after World War II, in 1947, the U.S. Army Air Corps or U.S. Army Air Force, which was my grandfather, was in it all the way through World War II, there was no Air Force yet. In 47, America decided, well, we need a specialized force that deals just with air power. And so we made the Air Force. However, we had already fought two wars with aircraft in it before we realized we have all these aircraft and all these personnel dedicated to air power and air superiority. This is a logical move. We don't have that for space. We've got a space station we share with a bunch of other countries, and we've got a bunch of satellites. Space force? I don't know if it's worth branching off until we actually do something. I mean, don't get me wrong, I don't want to fight a war. But there's got to be some other justification. I can't think of one. If Air Force is already handling it, and they seem to be doing an okay job, nothing's fallen and hit me on the head. Nothing's ruined my house. I don't see space junk falling into the ocean all the time. Mars hasn't invaded us yet. Not yet. So not yet. Trump may tweet something about that very soon. So I'm looking forward to the horizon. Let's look at another Executive Order real quick. 13-794, Executive Order Establishment of the American Technological Council. Sounds good, doesn't it? Awesome. Same numbers as the other cyber security, the other space council. Because they're all technology experts. Yes, you're right. They are. It just seems like they have different council names, and they just sit around the same table, and okay, now we're going to do the American Technological Council. Let's go around the table and get ideas. Okay, we're switching over to the space council. Let's call ourselves the League of Justice. Right. I would love to see that. It's hilarious. A space force in the Justice League. Great. Great. We also have enhancing the effectiveness of the Agency Chief Information Officers, Executive Order 13-833. Sounds fantastic. I have always, and the mission paragraph on the first paragraph of this order was great, and I agreed with it. It said we have to make CIOs more powerful. We have to give them more opportunity to effect change. And I agree, CIOs have been in the background for too long. We need to bring them out. CISO, Chief Information Security Officer, should have a broad range of abilities to secure the organization. Because they often have a lot of responsibility, but not a lot of power. They can't tell anyone what to do, but they're responsible to make sure everyone is doing the right things. So this one's a little scary in that down further, there's some sneaky wording in there. And this is for federal organizations now. The CIOs of federal organizations have unlimited authority to, quote, eliminate unnecessary IT management functions. Based on the membership of these other two councils that we've just been talking to, I do not trust this is going to be implemented correctly. And I think we might lose some actual necessary IT management functions. It might be a bit of a partisan bend to it. Do you think it might be possible? It could be. It could be. Well, we're out of time. That show went like lightning fast. We covered all the material we're supposed to cover. Thanks for joining us, everybody. Thank you. Hey, thanks. Thank you. All right, everybody. Next week, I will not be here. This show will be hosted by Andrew, the security guy, Andrew Lanning, the co-founder of Integrated Security Technologies here in Hawaii. He's been doing a great job securing Hawaii with physical and electronic security systems for the last 20 years. And he's going to have a great show for you next week. And after that, I'll be back on October 5th. Until then, everybody, stay safe.