 Welcome back to the Cyber Underground. I'm David the Cyber Guy. Once again, I teach for the University of Hawaii system at the Capulani Community College campus. I teach information technology and ethical hacking. With me today is one of my fellow teachers, Tom Moore, adjunct faculty. Welcome, brother. Thank you very much. Thank you for being here. Appreciate the opportunity. Well, handshake and everything. Oh, my goodness. Well, welcome. We almost didn't get me on the show, the first half of the show. Why ever not, Dave? Is there a story? I'm going to tell you, apparently, the movie studios that love to film out here, Hawaii 50, the new Magnum PI, and some movie from the 1930s era, is filming out here in downtown. And I got stuck in 45 minutes. 45 minutes? Yes. Two sections are about 22 and a half minutes, where I went from one block and I just went to another block and waited. No detour signs. Nobody telling me what was going on. And I didn't know until 45 minutes later when they finally finished the scene they were filming on that block and let me pass through. And I saw all the period era pieces of stuff they're going to put that film like the period pieces of people dressed in the 1930s and 40s outfits and the nice, really fancy cars. But the movie studios, the Honolulu Police Department, and the Department of Transportation, no one bothered to put up any detour signs anywhere or warn anybody in any publication that I read. Were we just talking earlier about notices and aren't you subscribing to that county Honolulu notice thing? They send you notices? I think I did. I don't get them anymore. Maybe something wrong. They're going to my junk mail? Should I check? No. Well, I'm not sure. But the thing is I get those notices and there wasn't a notice. And they do this around Diamond Head Road when there's races. All the time. That's right by our campus. Exactly. And it's poopy. I mean, we have a system. We don't need a system, but we could use the system? Yeah, we could. It'd be good to know not just the ad hoc emergency things. What about the things that are planned? Why would that be harder to do than the ad hoc stuff? I can't tell you. I can't tell you that it seems like the more money you have, the more you get away with it. So if a movie studio has a ton of money and they say, hey, we have an emergency, we got a film on this day. And the police department, the department of transportation says, okay, we'll issue you an emergency permit, but then no notifications go out to the little people like us who don't make tons of money. And nobody seems to care. I believe you've hit the nail on the head. Nobody cares. Everything. Speaking of money, let's talk about the huge sociopathic moronic armadillo that runs our country. The orange one? That's the one. The fuzzy-headed, weird, rotten peach-looking guy that is filthy rich, so he says, but we don't really know. And he's kind of created an autocracy out here. As I'm talking about Trump, the moron, and back to our show. So he's done something really crucially dumb. I mean, just monumentally dumb right now. Well, this one peaks it because we're talking about the cyber underground. We're talking about cyber, right? So let's talk about security in the nation and cyber security in general. Now, the National Institute for Standards and Technologies, also known as NIST, has special publications that they come out with that organizations need to follow to the letter in order to pass security audits. Yes, you've got your notes. Good man. So the Department of Defense and all the organizations like the Uniformed Arms Services, the CIA, all the other three-letter acronym, four-letter acronym, organizations that deal with security in our nation, they all have to follow the NIST special publication 800-53. It's a list of a few thousand control checks that they have to follow to ensure that they've provided enough security to a reasonable standard so they've reduced their risk of getting hacked and taken down or getting offline or someone actually breaching them. Well, NIST makes those publications. They also make another one for small and medium businesses that do business as contractors with a DOD. That's called the 800-171. Very important documents. Yet, Trump, in the 2019 budget, has taken away $6.3 million from this budget, which doesn't seem like a smart move. Big shock, moronic president who doesn't think ahead. Yes, you. Trump, please phone me. I'd love to talk to you live on air. That number is 808-374-2014. Call now. I'm standing by, you big moron. Of course, I'm not Fox News or Fox & Friends, so he's not going to call because he's only watching those guys. I understand. I'm a little emphatic. You big moron, Trump. And now back to our show. Yes. Well, are there any other consequences to the disappearance of this $6.3 million? Well, you brought it up to me that we're going to lose one of our iconic radio stations here in Kauai. And you've got your notes. You're going to tell us about it. What is important about this radio station? What's important about WWVH, one of the oldest radio stations in the country. It's associated with WWV and WWB. What's really important about it is that uniquely, almost uniquely, it broadcasts time synchronization. And frequency synchronization. And frequency synchronization and, surprisingly enough, even weather stuff. So for mariners and for people, the 20 million people with clocks and watches, which depend on the system, it's poop. They're too bad. And Amazon's still selling the clocks. You can get a clock today for $20 or so. Well, we'll sync with that. But our primary right now, we're trying to switch to satellite communication. What's the problem with switching to our primary, which is GPS on satellite? Nothing works all the time. So this is our backup. This used to sort of still is, for a little while, more plan B. But when plan B is gone, it's only plan A. Yeah. And that's not good. And I think most people that know, when they have satellite TV, you get dish network or something like that, if there's heavy rains, you lose your signal. There's storms. If your dish is misaligned, you lose your signal to that satellite. It's very fragile. It's fragile. It's sensitive. And the great thing about radio is it travels in every direction all the time, 24-7. And it makes no distinction about where you point it. It's just broadcasting. And smarty can cyber guy, you know how to hack things. How pretell do you hack a radio signal? It's difficult because the moment you tap into that radio frequency, you have identified yourself as trying to get in and you block the signal trying to get out. What you're saying then is you can't in general hack it. It's hard. In general, it's quite hard. Yeah, you've got to hack it on another frequency. But it's generally almost impossible because of something called analog. You kids at home, keep trying because you should try. But as a practical matter, you can't hack it. It's almost impossible, yeah. So we have analog and digital. Analog is the radio waves you see in an oscilloscope. Oscilloscope, yeah. Number one. Fun of me. They're little squiggly lines you see in every sci-fi movie. And that's analog. Digital is the ones and zeros. The ons and offs, the longs and shorts, the bit bit bit. Moore's code of networking. And this is our backup. And a lot of people don't know this. And we're going to talk about cell phones coming up here very shortly. Cell phones are the lowest tech word you can come up with for a cell phone would be. Phone. Clock. It's a radio. Radio. Oh. It's a radio. Oh. It's a radio that broadcasts in every direction all the time and receives from anywhere and makes no distinction about what frequency it's on unless you tell it what frequency to go to. And then you can spoof the connection of that frequency. It also has no encryption built in. So people, SMS, text messages, hey, we should kill him tonight. Bad news. That's not encrypted. By the way, President Trump text everything from now on. It's okay. I promise. I'm looking out for you. We're on back to our show. Yes. Okay. Let's talk about the new phones coming out. Do you mean the new phones from Apple that were all announced on April the 12th? Yeah, those. How many are there, Praytel? I don't know. Tell me, Tom. I'm not sure. The picture over there has about three. I see five. Five. One of them. Yeah. Your eyes are as good as mine. I'm hard of seeing. Well, the cheap one is 750. That's the cheap one. And that's just the entry level price. Wow. The expensive one starts off at 1100. And what's interesting to note, as detailed in detail, is that all five of them are really quite similar. In general. Not a lot of different size, shape. Some have a notch. Some don't. Some have a key, a fingerprint key. Yeah. But they don't all have a fingerprint key now. I think the iPhone 8 was the last one that did that. Now it's all the facial recognition, which I got to tell you doesn't always work. Yeah. Surprise. Something doesn't work. Technology, something doesn't work. Because the funny part is it's supposed to be extra secure. Yeah. But if it doesn't recognize your face, guess what you have to do? A hammer. Well, no. That breaks the phone. You have to enter the number. And so you just like, why is security? Now you have a backup that's not the greatest security. But they did move you up to a six digit pin mandatory, which is kind of nice. They had a four digit before, which you could guess in a number of ways. But you know, you're still dealing with one of the main things wrong with cell phones in general, with this nice shiny glass. Yes. You've seen the Android. We can just drag your finger in a shape and log in. And you can enter phone numbers in a phone having trouble with English. Well, what happens is you leave your fingerprint on the phone. You leave because you have body oil. That's right. And now if I tilt it and I can see the shine on there, I can see what numbers to guess. And it narrows down my guess. Significantly. When you look at the swipe pattern on an Android phone, that one's easy to hack now. Because there's only so many ways you could do that shape. So why is the facial recognition so important if I can just look at the shiny and log you in? Or worse, what was brought up by a security researcher. If you're sleeping next to your wife and you want to get into her phone, just hold her phone up to her face while she's asleep and unlocks it. Does she have to have her eyes open? No. No? No. She could be sleeping with her mouth wide open, snoring doesn't matter. It's going to recognize. But as soon as I put my glasses on at night, it no longer knows I am Dave. Really? Yeah, that's frustrating. But I own the previous version. So this might be better. We haven't had a chance to test because I don't have the budget to test those phones. That's the budget. Because you're a teacher? That's a good guess, Tom. Yeah, because I'm a teacher and I'm poor, broke all the time. You know what's funny? We're noticing the inverse operation now of pricing in personal devices, right? The computer prices are going down, mobile devices are going up. Tom? I just wanted to make an observation about poor teachers. When this announcement came out on Wednesday, I was teaching class and I decided, oh gee, this would be a fun time to find out how many of my students of about 20, how many of them have iPhones and about 18 or 19 have iPhones. Really? Yeah. Wow. These kids today, they don't have money for books, they don't have money for food, but they have iPhones, virtually all of them. But their parents don't walk around in shoes and they drive a car from 30 years ago and they haven't paid the mortgage. They might be sleeping in their car, I'm not sure, but they have iPhones. They took care of their kids, Dr. That's right. They love them. That's phone on the market. That's right. I have actually experienced having a kid in my class who is dressed well, had the latest iPhone and said he couldn't afford a laptop. And I actually said, I believe you. Hey, I bought the iPhone. I have a laptop right over there. I paid $70 for it, delivered, you know, tax license, the whole thing, touchscreen, Windows 10 computer, and $70, $70. $70. Refer, but still, the cheapest one of these is over 10 times as much. So we're experiencing, you know, the market preference now is driving the price. People prefer mobile devices, so that mobile devices can sell more. It's supply and demand. We supply it. There's a lot of demand for it, so we can hike the price. Whereas mobile devices like laptops and even desktops, the prices seem to be steadily crawling down, except for Apple. Even tablets are tanking, all kinds of tablets. Even iPad is starting to tank. The iPad won't be around, won't be sold much longer, I believe. Do you know what's funny? I just bought my first Raspberry Pi to experiment with, and what I noticed is the processing power of that Raspberry Pi is almost the same as any network you can get off the shelf. They might not all know what a Raspberry Pi is, or think they know, but don't understand where you plug it in. I'm going to talk to the chief seats. The Raspberry Pi is a mini computer that's got all the connectors and the main board and a SIM card, or I'm sorry, an SD card for memory, and it's got a processor that's an Intel processor, and you can hook it up and use it as a computer because it's got an HDMI connector, and it's got an Ethernet connector, and it's got USB ports, and it's basically a computer. It's about yay by yay. It's about that big, and it just comes raw, and you've got to put it in a case or something like that, and you plug it into the wall, and it runs a Linux distribution called Raspurian. And how much does it cost about? I paid 30 bucks for mine. 30 bucks? On Amazon. I've heard you can run Windows 10 on it, but... I haven't tried. Yeah, but it would. It's undoubtedly harder. It has got that processing power. The mobile processor on there has a 1.1 gigahertz of 20. That's even cheaper than my $70 computer. Right, but mine didn't come with a case or anything, so you got to... Touchscreen, blah, blah, blah. Yeah, OS, da, da, da, da. But still... Added a few things to yours. It's a sweet kid. We got to take a break, and we're going to come right back after we pay some bills. Till then, stay safe. Aloha. I want to invite all of you to talk story with John Wahee every other Monday here at Think Tech Hawaii. And we have special guests like Professor Colin Moore from the University of Hawaii, who joins us from time to time to talk about the political happenings in this state. Please join us every other Monday. Aloha. Hello. My name is Stephanie Mock, and I'm one of three hosts of Think Tech Hawaii's Hawaii Food and Farmer series. Our other hosts are Matt Johnson and Pamai Weigert. And we talk to those who are in the fields and behind the scenes of our local food system. We talk to farmers, chefs, restaurateurs, and more to learn more about what goes into sustainable agriculture here in Hawaii. We are on a Thursdays at 4 p.m., and we hope we'll see you next time. Welcome back to the second half of the Cyber Underground. I'm Dave Stevens, a cyber guy. Once again, I'm here with my friend and colleague, lecturer and adjunct fan cultie Tom Moore. Hi there. Hi. How are you? Let's talk about something really quick that I just saw. I subscribed to notifications. Let's talk about notifications. Yep. U.S. cert. Oh, yeah. Did I turn you on to that? You did. Bless my heart. Bless your heart. And I religiously subscribe to this. I also subscribe to, believe it or not, The Wall Street Journal has a cyber, daily cyber. I did not know that. Really good. They do some serious work on it. I'm glad we had this show. I don't know when you were going to tell me. It is not cheap. Oh, it doesn't cost. Oh, I told you about the free one. No, no. They still, I had to mortgage the place to get that. Anyway, it's not cheap. And I subscribed to Threat Brief, daily Threat Brief. It's linked to other articles. It's really good stuff. But on U.S. cert, today they reminded us of four two things. And one, I got to say here at the Cyber Underground and Think Tech Hawaii, our hearts and prayers and thoughts go out to the people experiencing Florence. Florence does not tend to be as huge as it was. But it's still, I think, a cat one storm. It's going to hover there for almost a day and a half before it moves on. Sadly, there are fatalities associated with it. Already for it, I heard. And there's other people that have chosen to remain. And not just people that I would say, oh, those are stupid people. But there was a Twitter post. Some poor young man said, my dad and I don't have enough gas to put in the car. To drive away from here. And the gas stations are all closed anyway. And so we can't leave. So they said, we're going to try to weigh down our mobile home. Wow. So that's tough. When they say, you've got to leave, and you've got no money to leave. Our hearts and prayers go out there. And stay safe, everybody. The reason I'm bringing this up on Cyber Underground is because every time we have a disaster in this country, phishing emails go out, try to tug at your heart strings, donate money, and people fall for these just en masse. And millions of dollars goes to criminals, rather than to the people that really need it. Tried and true. You guys know how to give away money for causes. You've been doing it, hopefully, for your whole life. You know who you can trust. You don't need a special kind of magical, right now, current fund. Use your tried and true sources. United Way, Red Cross, churches, whatever you've used before, use them first. Now, there's an underutilized charity system in this country. And I think it is the churches. I mean, when you talk about things like Catholic Charities, they've been out there for, you know, 50, 60, 70, 80 years. Catholic Charities have been helping out. They're even on military bases helping people out. There are organizations that, every church that pops up has some kind of a charitable activity that they do. So if you're a churchgoer, go out there and give to your church. Let's try it and true. And they're not going to use your money in the wrong thing. You can trust the people that you know. Yeah. My sense is that when you give money to a smaller organization, you have more individuals actually dealing with the money, the distribution, have a heart for it, and less management, as opposed to, for example, the government taking it from you and then giving it to other people through lots and lots and lots of hands. Yes. There's lots of channels on the way down. So I will give an example. If you give to a major charity, they always say your dollar will be spent in these ways. And the first 60 or 70 cents is on management activities, just to run the charity. And then they do something with the last 25 or 30 cents of your dollar. So you actually get more bank for your buck if you go through a smaller organization. You don't need to get surprised by an email saying, oh my God, I got to click on this link. I got to give to save all the puppy dogs that are in the wild getting. Because of the storm. Because of the storm and there's all those homeless animals. By the way, there's a lot of people that just walk away from their animals or drop them off at shelters during a disaster. Fudge. I understand that they don't think there's a solution for that. However, that is pretty cruel to just walk away from your animals who are loving, faithful animals. And chain down. I mean. That is tragic. Yeah, tragic. I mean, at least give them a fighting chance. Yeah. And I don't have a link to go to to fight that cause. But we should just emphasize this is the season. From here through New Year's, you're going to get all kinds of emails, everybody. That's just tragically they're going to try to take every dime that you have. And the more you give, the more they're going to take. And if they hook you in, they'll keep on emailing you. Watch out for those emails. Just give to people you know. Don't just give willy-nilly to things that if people want you to cut them a check or give you some personal information, don't do it. Give to the charities you know. And if you're feeling rushed by anything that comes to you on the computer, feeling rushed, someone's pressuring you. You have to do it right away, whatever it is. Probably you don't have to do it right away. That's the hard sell. Watch out for the hard sell. Watch out. Yeah. Same thing when you're buying a car. This deal expires in 20 minutes. Yeah. Well, you want to bet there'll be another new deal in 21 minutes. Yeah, right next door. Yeah, exactly. Gee, they're selling the same car. That's right. Go get that deal. Okay, let's talk about some of the other things I got from US cert. One of them was the cold boot attacks are still out there and you can bypass almost anything with a cold boot attack. I can't even describe it. I watched someone do it on YouTube today. It was pretty special how they you turn off the computer, you take the whole thing apart, take out the battery and then boot it back up under a different operating system by booting the USB and it bypasses all the security features and lets you get into the system on a cold boot. And not only that, the passwords that you used prior to that can be accessed. Well, so it's basically impossible to do it the easy way. For us civilians, for them civilians. So, you know, what can you do? I think that's what people might reason, our listeners might reasonably ask. So one of the things we can do for certain, anybody can do is, and we chant this, we literally chant this in class, okay? More than one, more than one. Back up, back up everything that matters to you so that if you have to wipe out your machine, oh well, you've got all the important stuff backed up. Anybody can do that. If you have a backup system, there's one essential, absolutely essential thing that no one ever tells you. You have to test it. Otherwise it's not good. Yes, do you have a spare tire in your car? If you don't know if there's any air in it, you don't probably have a spare tire in your car. If you don't test your backup system, you don't have a backup system. So that's easy and that's available to everybody. The other thing which requires a little heavy lifting, and Will and Dave talk about it, is encryption. Yes, so most operating systems come with that. Yeah, and people at home, they can, there's lots of ways they can do it. So you have some stuff that's really sensitive, encrypted, you know? And now, even though you can't get rid of the bad guys, you have, you're kind of covered, at least for the horrible catastrophes. Simple kind of backup, a little bit of encryption, and you know, that's way better than either. So the layering you're talking about, the more than one. Absolutely. It's a security principle that we should all follow. Back yourself up. You want to protect grandma in the house, you put up a fence, you put a dog in the yard, you put a lock on the door, you give grandma a shotgun, you have several layers to protect grandma, and put her in the attic. Yeah, but haven't put me on TV. I'll demonstrate this principle. I have two pencils. It's a really simple principle, and it can be applied very broadly. Great, more than one. Moving right along. Moving right along. Well, let's talk about the encryption, because Mac comes with Fire Vault, that not only encrypts your hard drive, but you can also encrypt your backups, which is a very good thing to do. I would do that too. You can store the key to your backups and your encryption on the hard drive to make it convenient, or if you want to make it harder for somebody to hack your system, store the keys externally, like on a flash drive or something like that. However, I'm going to go back to you, back that up. Flash drives can fail. You can lose them. They can get stolen. So you don't want to lose access. Furthermore, they're kind of small. And so he said lose them. He wasn't kidding. You can lose them. But there's no excuse for not having them. This is like 250 gigabytes, and it was cheap. That's amazing. I just bought my first half-terabyte flash drive for 40 bucks. Where are they again? They're on Amazon. Two keys. More than one. But if you lose that, you lost both keys. I have another key chain over here. So they're hot. So you're Mr. Paranoid more. No, I've just made all those mistakes already. Oh, I see. Yeah. You're making up for it. Let's talk about Windows encryption. It's called BitLocker. It comes standard with the system. BitLocker would do the same thing. You can store your keys externally or not. When it comes to people running Linux distros, oh, you're on your own. There's about 100 different ways you can do this. So go out there and look at the open source stuff. Linux is full of ways to encrypt your hard drive. And for the Linux people, you can actually remove headers. Yeah. So a bunch of people's eyes are rolling. Let's the simpler thing that is accessible to virtually everybody, at least with Office 2016, is when you save your file, you can encrypt it. And maybe even with Office 2013. You know, that's been available for Word documents, Excel documents for PowerPoint, which is the kind of documents a lot of people have a concern about. Do you use that only on the desktop, or can you use that with the web version too, when you save a file? Oh, I don't know that part. Office 365 is very cloud driven now. So you can download the desktop apps, so you can use them in the cloud. And I don't think that people know that the cloud security for Office 365 has been getting better and better and better and better. Azure's come up to the military grade standards that Amazon has come up to for their cloud services, Azure. And so you can trust that these things that are in the cloud are quite well protected, and they use the layered approach. Which brings us back to our point. More than one. In the old days, when there were floppy disks and hard disks, people had, they heard stories about a hard disk failed. So they'd never use it. They'd only keep things on floppy disks, a single copy. You know? So to avoid that tragedy of losing their hard disk, well regards the cloud, if you have everything stored on your Google Doc and Google decides, oh, we forgot your account, you're screwed. Yeah, I gotta have a backup. You want to have a local thing to go with your cloud thing. Cloud thing, yeah. More than one, more than one, more than one. Okay, we gotta move on. I know, it just went too fast, right? We have to move on. You mean we're done? We're done, done. Time is up. We gotta move on. Join us next week for another great cyber underground episode and another great guest. Thanks for being with us, Tom. I had a fantastic time. Tom, right on. Oh, yay. Aloha, everybody. Until we get back to you next time, stay safe.