83: NSA Cryptologists

en-usJanuary 19, 2021

Podcast Summary

A Journey of Self-discovery, Cultural Influences, and the NSA: Traveling solo enables us to explore new cultures, reinvent ourselves, and have extraordinary conversations with people. Our childhood experiences, family, and interests shape who we are, leading to diverse personalities and perspectives.
The host shares an interesting incident of sneaking into the Pentagon and then proceeds to interview two different NSA agents who started something at the NSA that still goes on today. The first guest tells his story of growing up in a small town in Texas and how his father's craze for cowboy culture made the whole town adopt the same style. He then reveals how he got fascinated with computers after watching WarGames. This highlights that traveling alone allows us to reinvent ourselves and gain new perspectives and experiences, leading to interesting stories and encounters. It also emphasizes the importance of culture and family influences in shaping our interests and personalities.
Marcus's Journey from Poverty to Top-Secret Clearance: Financial constraints should not restrict our growth. Embrace opportunities that come your way and use them to make the most of your potential while being grateful for the support received.
Marcus grew up poor and couldn't afford to go to college, but he joined the Navy and became interested in computers. He learned about cryptographic communications, got a top-secret clearance and did collection work for NSA. The whole time Marcus was sailing, he was like a spy, helping the NSA who supports the US military. The story teaches us that if we have a passion for something, we should not let financial constraints stop us. Instead, we should be open to exploring different opportunities that come our way and make the best of them. We should also be grateful for the support and opportunities we get and use them to make the most of our potential.
Education and Job Security in the Military: Joining the military provides opportunities to learn a variety of skills, obtain education, and job security in an ever-changing job market.
The military is full-time education and provides job security. Marcus was able to learn a variety of skills such as coding and networking during his time in the Navy, and was even able to obtain a Bachelor's and Master's degree, all with the financial support of the military. He also gained thorough knowledge of radio frequencies and communication systems. His experience and training even allowed him to seamlessly transition to work at the NSA on an augmented staff basis. Overall, the military is a great option for those looking for education, job security, and the opportunity to learn a variety of skills.
Marcus's Certification Journey from Networking to Network Security Management at NSA: NSA strives to protect US communications and assets while also sharing best practices and working with NIST to help businesses maintain security. Defense is public, but secrecy in intelligence gathering is crucial.
Certifications in networking led Marcus to manage NSA's network and help build out the SOC that looks out for security breaches and watches over the unclassified, high side, and inner agency networks. With a good defense being public, the secretive part of intelligence is how information is collected on targets. Burnt means and methods can hinder investigations and tracking like how Bin Laden went silent. NSA shares best practices to help secure systems and maintain privacy. However, their core mission is to protect US communications and assets while also working with NIST to help businesses stay secure.
The Importance of Crypto Research and Cybersecurity in Protecting US Interests: The NSA's intense training produces skilled defenders who protect the nation from cyber threats, but balancing the need for disclosure with safeguarding methods is critical. The cybersecurity battle is ongoing between both American and foreign adversaries.
The core mission of crypto research and breaking crypto is to protect US assets and interests by preventing foreign intelligence from spying on American companies and stealing their information. The NSA's intense focus on education and training produces highly skilled professionals who defend the nation against cyber attacks. It is important to disclose exploits to companies like Google and Microsoft; however, the NSA might try to protect the method so that it can help the country. The Defense Cyber Crime Center, like Cyber Command, deals with forensic investigations and high-profile cases. The cybersecurity battle is a behind-the-scenes fight between smart people, both American and foreign adversaries.
Understanding Cyber Range and Its Benefits: A cyber range is a separate network used for cyber-security testing that allows companies to practice network and system security in a safe environment. It also enables federal agents to develop forensic skills and react to incidents more effectively.
A cyber range is a separate network used for cyber-security testing where companies can mock-up their corporate network environment for practicing network and system security. It allows investigators to interact with real gear and detect and defend against cyber attacks. Cyber ranges are used to teach federal agents how to react to cyber-security incidents more effectively and to develop forensic skills. The cyber range contains complete corporate networks with physical and real devices that can be attacked or defended against. The cyber range also offers an opportunity to detonate malware and try exploiting various vulnerabilities within the network without worrying about any vulnerability or virus escaping and hitting production equipment during testing.
Building Immersive Cybersecurity Training Platforms and Giving Back to the Community: Continuously learn and self-train in cybersecurity, share your knowledge with others, and give back to the community to make a positive impact.
Marcus built an immersive course for collecting live information and setting up intrusion detection systems in an entire organization's network. He used real attacks, such as live Chinese malware, to teach the students. He started his own company called Threatcare, which was later acquired by a larger company. Marcus gives back to the community through his books, such as Tribe of Hackers, and donating to various organizations. He believes in continuously learning and self-training, and encourages others to do the same. He also teaches his son about technology and shares his knowledge with anyone interested in learning.
Nurturing interests breeds success.: Encouraging children's creativity and exploration of their interests can lead to success, even if it means following a nontraditional path.
Encouraging children's interests and creativity can lead to remarkable achievements. The father of a software engineer exposed his son to coding, which helped him write programs to do his math at 11 years old. When his son was 16 years old, he wrote a Metasploit front end on the iPhone, which caught the attention of Rapid7. After interning for Rapid7, he was offered a full-time job and now leads his own team at the age of 24. Jeff Man, a hacker, acquired his skills through experimentation and curiosity. Encouraging children to explore their interests can lead to success, even if it means following a nontraditional path.
Getting Hired by NSA as a Cryptographer: The NSA conducts a thorough background check to ensure the safety of classified information. To attract skilled professionals, they offer training and job interviews acting as sales pitches.
Working for the NSA involves a rigorous background check that includes lifestyle and financial questions to ensure that people with access to classified information cannot be blackmailed. Jeff's job at NSA was to do cryptographic reviews of the systems that were being used at the time. He had to learn cryptography for this job and NSA had its own cryptologic school that offered many courses on various aspects of cryptography. NSA also offered job interviews that were more like sales pitches, as it was difficult to attract employees with the required skills. Jeff was hired off the street and trained to be a cryptographer who reviewed manual or paper crypto-systems for InfoSec at the NSA.
The History and Evolution of One-Time Pad Encryption: One-time pad encryption is unbreakable if the key remains secret and not stolen, but its use of physical pads with random characters is outdated and replaced by digital encryption programs.
One-time pad is the basic form of encryption where random characters printed on the pad act as the key for plain text messaging. It is impossible to break the key if kept secret and not stolen. The pads were used by spies to encrypt messages which took time to decrypt. Rice paper and toxic ink were used in some one-time pads, resulting in spies getting sick. Jeff's first assignment involved figuring out how to write a computer program that can perform encryption and decryption on the one-time pad in 1987. It was performed on the command line since Windows was not yet introduced.
Revolutionizing Cryptography through Persistence and Innovation: Jeff's persistence and innovation in creating the first software-based cryptosystem for the NSA paved the way for future advancements in software-based cryptography. He also exposed the vulnerability of using one-time pad sheets for extended periods, emphasizing the importance of proper encryption practices.
Jeff created the first software-based manual cryptosystem for the NSA, challenging the agency's resistance to change. He had to go through several iterations of presenting to senior management and address all the security concerns. Despite the pushback, Jeff did not take no for an answer and hacked the system, producing something revolutionary at the time. This paved the way for more advancements in software-based cryptography. Jeff's career spanned three different tours of duty at the NSA, and in his second tour, he worked in a department tasked with cracking encryption and exploiting systems that did not use best practices. He discovered that people were using one-time pad sheets of key for extended periods, making it easier to break and decipher messages.
The NSA's Hacker Culture and its System and Network Attack Center: The NSA's System and Network Attack Center, led by Jeff and his team, embodied a hacker culture and helped the agency stay ahead in internet hacking while ensuring the secure use of encryption systems.
The NSA is responsible for creating secure encryption systems for US-related data, but also needs to ensure that its own employees and the DOD use them correctly. As the internet grew, the NSA added the fifth domain of warfare (cyberspace) and set up the System and Network Attack Center to focus on computer and network security. Jeff and his team embodied the hacker culture within the NSA and tested the security of networks and domains within the NSA and other DOD customers. They nicknamed their office The Pit and were given a license to keep doing what they were doing. This helped the NSA stay ahead in the internet hacking that it does today.
The Pit - Hacking with Permission: The Pit, a group of hacker enthusiasts, had to seek permission and sign-off from management and targets before executing any methodology. They used unique techniques like guessing usernames and IDs to gain access to accounts.
The Pit, part of SNAC, was a group of hacker enthusiasts, predominantly computer scientists, who learned about the operating systems, hidden and undocumented features, and exploits that could grant root privileges. They participated in hacking through red teaming and internal penetration testing, but had to get management sign-off and permission from across the executive suite and potential target or customer before executing any methodology on their target. To identify and gain access to idle or yet-unlogged-in accounts of a UNIX workstation and network credential, they would guess usernames and user IDs for accounts without passwords, which were stored in world-readable password hashes in ETSI password files. Mountain Dew was the beverage of choice for the hacker culture in the early-to-mid 90s.
The benefits and challenges of open-source intelligence-gathering in cyber attacks.: Knowing about the target through open-source intelligence-gathering helps in getting approvals for the mission, but there can be challenges when testing public-facing websites, especially when following the rules and regulations set by governing bodies.
Open-source intelligence-gathering is crucial to know about the target before attacking the network, which helps in getting approvals for the mission. Jeff's red team, known as The Pit, started with the rudimentary method of open-reconnaissance that we know today. The red team helped the NSA to make a good name for themselves, but they faced challenges when the DOJ asked Jeff's team to test their public-facing website. NIST was responsible for protecting unclassified networks, but they did not have the capability to do so. However, the NSA had to proceed following the rules, and the request for this vulnerability threat assessment came from the attorney general to the Secretary of Defense before they could attack DOJ's website.
A Benign Hack Leads to DOJ Seeking Help from Jeff and His Team: Unsanctioned hacking can have serious legal consequences, even if done with good intentions. Always seek proper authorization before taking action.
A benign hack of a Department of Justice website, which involved replacing the picture of attorney general Janet Reno with that of Adolf Hitler and changing the name of the department to Department of Injustice, became the first public hacking of any government installation facility website. This prompted the DOJ to seek help from Jeff and his team, who were almost legally allowed to do so. Jeff had to jump through bureaucratic hoops to assemble a team to help DOJ. However, on their third day at DOJ, they were called back to the Pit. Later, they were reprimanded by the DOJ lawyer, who introduced the Church Proceedings and warned them about the potential consequences of unauthorized intervention.
The Ethics of Hacking into US Systems: The NSA's limitations on conducting operations on foreign nationals and incidents like Jeff's departure due to ethical implications of hacking into US networks highlights the need for balance and caution in cyber operations and its impact on employee morale.
The NSA Charter limits the NSA to only conduct operations on foreign nationals, not US citizens. The incident with Jeff brought to attention the ethical implications of hacking into US systems and networks. This incident caused a loss of morale for The Pit employees who began to leave the NSA for better-paying private sector jobs. Jeff, who had been with the NSA for 12 years, also left for a job with a 50% pay increase. The NSA launched Operation Eligible Receiver in 1997, which involved hacking into US government networks, but only with a lower-level hacking team as they did not want to risk their elite hackers.
The Importance and Benefits of Conducting Red Team Assessments for Cybersecurity Purposes.: Hiring ethical hackers to conduct red team assessments can identify vulnerabilities that can be easily fixed, protect valuable assets, and defend against cyber-attacks. The assessment also highlights the crucial role of network security in preventing attacks in the information warfare campaign.
The importance of conducting red team assessments is highlighted by the success of a B-team of hackers with off-the-shelf tools using commercial gear and conducting open-source reconnaissance. Companies should hire ethical hackers to see if they can get into their systems and identify misconfigurations that can easily be fixed. Conducting such assessments can protect valuable assets and help defend against cyber-attacks. The lesson learned from the red team assessment is that the DII can be taken down and the US can be attacked in an information warfare campaign without insider information. It is also concerning that the US military wasn't securing their networks as well as they should have been.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

Bill Buchanan - Why Is AES GCM Good (and Not So Good) for Cybersecurity

We live in a strange world of cybersecurity. An auditor might ask a company if they encrypt their data? And the company may reply that they do, and so the auditor would tick that off. But encryption does not just involve the privacy of data; it also involves integrity checking and setting up digital trust. Along with this, there are many ways to implement methods, including key derivation, public key integration, hashing methods, and encryption modes. And, so, last week I outlined how some AES modes can be easily modified.

And so, someone asked me why I recommended GCM (Galois Counter Mode)? Well, GCM integrates integrity into the cipher. It is built on CTR (Counter) mode and is a stream cipher. This makes it fast. Along with this, we can add additional data into the ciphertext — and which defends against playback attacks. At the core of this is the Galois Message Authentication Code (GMAC).

ASecuritySite Podcast

enJuly 17, 2023

cryptography

encryption

cybersecurity

Episode 5: Backdoors, Apple, and the FBI

We explore the history of backdoors and discuss Apple vs FBI. Jordan tells stories and interprets the nerdiness of Scott. Learn more about your ad choices. Visit podcastchoices.com/adchoices

enMarch 10, 2016

What You Need to Know about Cybersecurity

Today's special episode features audio from a webinar that we had earlier this year. In the audio you will hear from Jordan and our special guest, CEO of Mapletronics, Wes Hershberger. We and Jordan discuss current cybersecurity threats and how you can begin to protect yourself and your business.

Discussion includes: email safety, phishing protection, educating employees, strong password policies, data encryption, geofencing, online shopping safety, and more.

Mapletronics Tech Talk

enMay 16, 2019

Roselle Safran: Former White House Cybersecurity Chief

Roselle Safran, a former White House Cybersecurity Chief in the Obama Administration, is now the co-founder of Uplevel Security, a company committed to building cybersecurity technology solutions for its customers. Roselle discusses high level security breaches and hacks, and how our government and major corporations combat cyber threats on a daily basis.

enFebruary 13, 2017

S2, EP3 Medical PSA: Cybersecurity and Doctors

Cybersecurity is a problem in medical offices and hospitals. 45 million people were affected in 2021, a 41% increase over 2020. In 2020, 34 million people were affected and in 2018, 14 million people were affected. Outpatient clinics and subspecialty clinics were targetted preferentially. Hospital systems were also targetted. The reasons were ransomware, credential harvesting or theft of devices such as laptops.

Be careful with passwords and some physicians are using Lastpass.com as a password management tool. Another popular one is Dashlane.com.

Important to note that SMS, texting, is protected by the federal government. Apple iPhone message system has "end to end" encryption, better than Whatsapp and Signal (private messenger apps). Google and Droid phones are least safe because it encrypts only between the device and the server. Thus when sending messages about patients, the iPhone is safer than droid phones.

Doctors Take the Mic

en-usFebruary 05, 2023

password management tools

sms texting

droid phones