Cyber Frontiers

GDPR – What You Need to Know, RSA Conference Recap and Crypto Mining Update – CF044

We’re back! This week on Cyber Frontiers Christian and Jim catch up on the avalanche of GDPR and separate fact from hype. We also take a dive into where we are with cryptocurrency security, weighing in on the recent Crypto Currency hack in South Korea and the overall maturity of the technology. We also relate the topics back to some of the big themes from RSA 2018 and provide a quick recap of the conference themes. Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future!   Christian Johnson will bring fresh and relevant topics to the show based on the current work he does. Support the Average Guy: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at Tags: Podcast, Cyber Frontiers, Cybersecurity, Spectre, GDPR, RSA, Crypto Mining, Crypto   CryptoMining Gone Wild GDPR – Everyone Is Either Scrambling or Talking Facebook RSA Conference Recap   Contact Christian: Contact the show at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

An Update on Meltdown and Spectre, ATM JackPotting and Christian Talks Crypto Currency – CF043

This week on Cyber Frontiers we jump into and update on the public disclosures of the meltdown and spectre vulnerabilities. We also chat about the latest hardware hacking efforts with ATMs and JackPotting as well as get Christian’s take on Crypto Currency and the coin market. Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future!   Christian Johnson will bring fresh and relevant topics to the show based on the current work he does. Support the Average Guy: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at Tags: Podcast, Cyber Frontiers, Cybersecurity, Spectre, Meltdown, ATM Jackpotting, Crypto Currency, Bitcoin Some Minor Updates on Meltdown and Spectre: Microsoft says go away Intel to their buggy Spectre patch: Linux Kernel released (and now ): Intel reportedly designing new silicon to address issues and performance impact in future: ATM JackPotting: Jim: Christian’s take on the state of Crypto Space today. Contact Christian: Contact the show at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

Meltdown and Spectre: A Tear at the Foundation of Computer Security – CF042

This week on Cyber Frontiers we jump into full coverage of the 6-day old public disclosures of the meltdown and spectre vulnerabilities. With some issues mitigated, the news is a gravitational force that has dominated cybersecurity early into 2018 and could continue to engage industry for years to come. We discuss the short and long term security implications and performance debacles, and provide technical and non-technical explanations for the two classes of vulnerabilities disclosed. We review the mitigations users can start employing now, and discuss impacts for the average guy and the enterprise. Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future!   Christian Johnson will bring fresh and relevant topics to the show based on the current work he does. Support the Average Guy: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at Tags: Podcast, Cyber Frontiers, Cybersecurity, Spectre, Meltdown, Computer Security, Intel, AMD, ARM, CPU Meltdown Vulnerability: Technical Paper: Out-of-order execution creates a side channel vulnerability. Modern CPUs execute instructions out of order and these instructions may not actually be needed to return the real result of what a program is computing. These transient or temporary results may be written to the CPU in registers or to the cache. Flush+Reload targets lines to be moved out of the CPU into main memory for access as the side channel. Out-of-order execution itself is not a flaw, it’s a CPU feature. Other execution units can run ahead of the current running program counter if the resources are available to support parallel computing. Restricted meaning in meltdown paper: refers to an instruction sequence following a branch, and executing that operation before the results of all prior instructions have been returned. (Programs operate linearly, think of the parallelism jumping ahead on a work line to do other work ahead of time). Bank Heist Analogy: Spectre Vulnerability: Technical Paper: Takes advantage of processors using branch prediction. Branch prediction tries to guess the destination of memory addresses in use to attempt to jump ahead and execute. Attack involves making program perform operations speculatively that never occur during proper program execution, and leak data via a side channel. From the Spectre Paper: “Specter attacks trick the processor into speculatively executing instruction sequences that should not have executed during correct program execution.” Exploiting conditional branches in a loop is one of the easy to understand techniques for this attack (see Exploiting Conditional Branches on pg. 2) The read that is cached is not properly reverted when the processor realizes that the speculative execution was erroneous. Differences Between Meltdown and Spectre: Spectre limited to process memory, meltdown accesses kernel memory space from user space. Meltdown fully mitigatable in the operating system with a patch, spectre is not. There is no real “fix” for spectre, its indicative of the way we’ve run processors for years (branch prediction). They both require the use of the CPU cache as a side channel for reading out serialized values into memory space that the attacker leverages. Things you should do today: Make sure you received the latest out-of-band security updates for Windows update. Make sure you have installed the latest linux kernel from your package manager (likely yum or apt-get). Make sure you are on iOS and macOS and with the Safari fix to mitigate Meltdown and Specter. For desktop or server owners, check with your manufacturer for BIOS updates that have been released to provide mitigations for spectre. For those in the Windows Server Community: Some non-technical explanations:   Contact Christian: Contact the show at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

2018 Frontier Trends in Cybersecurity and Data Science – CF041

This week on Cyber Frontiers Jim and Christian discuss the upcoming predictions for where the cybersecurity and data science communities trend in 2018. What trends are new on the horizon, and which will only naturally accelerate trends already started? Will passwords finally bite the dust as MFA rules the day? Will AI march closer to the takeover of mankind? Will the repeal of net neutrality impact the way we consume the internet?  We talk technology trends that impact security, data, and the technologies that intersect along the way as the new year is ushered in. Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future!   Christian Johnson will bring fresh and relevant topics to the show based on the current work he does. Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at   Maplegrove Hosting Holiday Offer: Use promo code “JINGLE” for Maplegrove Hosting Web and Email bundle package for 10% off your order. Through the holiday season! Ends on 1/31/18. 2018 Trends: “The decline of password-only authentication will increase” “IoT compromises will get worse” Who was Actually Behind the Mirai Botnet? Minecraft fans! Worst Passwords of 2017: Where does Net Neutrality Head From Here? #7f0641603ac3 Crypto Currencies in Bank Reserves! Some forecast Android turning the tide on phone security… But new malware will physically destroy your device… Machine Learning and AI Trends in 2018:   Contact Christian: Contact the show at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

Mobile Security Matters: Dissecting the Dangers of Mobile Malware – CF040

Christian is joined by Jim and special guest Kevin Schoonover to talk about mobile device security. Which predominant platforms are winning over consumer trust and adding value? What design and marketplace considerations should be factored in when buying a device that is reliable to use? What can the average guy do to better protect these increasingly valuable assets? We explore the evolution of cell phone security over the last generation of mobile device platforms, and dive into wearables and other devices that have empowered these sensor-filled devices to be far more palatable targets than desktops have ever been. From “built-in” malware out of the box to undetected intrusions – we explore the main threats to the mobile device industry for consumers and ways to get smart about locking down your phone. With final remarks on cyber crime statistics and the recent Uber bombshell revelation, we cover a lot of ground and bring it straight to you the listener. Desktop security is old news, long live mobile device security. Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson will bring fresh and relevant topics to the show based on the current work he does. Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at Is my phone/tablet spying on me? Bought a tablet from China, never heard of the brand. Could it be gathering info and sending it back to China: Can I check to see if my device is sharing with people/sites that I do not know? Are there tools that the average guy could use to test for this? In the enterprise, Mobile Device Management tools are used to manage devices. Could they watch for this? In fact, some companies have made a living out of selling device spyware: ES File Explorer File Manager – sending “too much” network data? #1372891 Android A-Conventional Ways to Detect Malware: ~atif/ Malware Stories Discussed Prevention IoT devices are popping up everywhere. They talk over ZigBee, Z-Wave, BlueTooth and WiFi. Ultimately, these devices talk over my home network. As with tablets and phones how can I be sure these devices are not sharing with someone they should not be? Are they a hacking target? Is Network Access Control the answer? Could it ever be functional for the home user? Breaking News Segment On the day of recording, the press reveals Uber’s concealment of a major cyber attack by paying off hackers to keep quiet. Americans State Cybercrime is Their Top Crime Worry Contact Christian: Contact the show at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

DEFCON 2017 Recap and Macbook Wizardry – CF039

This week on Cyber Frontiers Christian and Jim recap some of the highlights from the DEFCON security conference. We discuss the overall statistics from this year’s conference, and call out a few defining characteristics for DEFCON’s 25th anniversary.   We also discuss the legal drama surrounding Marcus Hutchins, aka MalwareTech, who has been lauded as the security researcher behind stopping the WannaCry ransomware while also facing federal charges for being the mastermind behind the Kronos malware. We also veer off into discussing making a legacy Macbook come into the modern world with a fresh Linux machine for casual use or as a development / builder laptop, because why not! We love breathing new into old tech and engineering around strange limitations like how to install a 64 bit OS on a laptop with a 32 bit EFI. Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at DEFCON 25: It was huge this year! Meet Marcus Ubuntu 64-Bit on a 32 Bit EFI Macbook: An example guide for a machine that doesn’t have a mismatched EFI to target OS install architecture: @mmiglier/ubuntu-installation-on-usb-stick-with-pure-efi-boot-mac-compatible-469ad33645c9 Contact Christian: Contact the show at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

Honey Haven: Creating Research HoneyPots In the Cloud – CF038

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at This week on Cyber Frontiers Christian and Jim take a hands on approach to standing up honeypots in the cloud! We discuss no-cost and low-cost methods for the average guy or up and coming security researchers to design and deploy basic honeypot configurations to the cloud in a safe manner. We discuss why honeypots are used in the enterprise today, how to consider safe and ethical practices when utilizing honeypots, and provide a brief introduction to analyzing data results from honey pot collection. We outline one of many example frameworks that can be safely used in a non-enterprise setting to learn how to use and leverage honeypots for personal learning or to augment enterprise network defenses. An Academic History Lesson in Honeypots: The Seminal Work Software of Choice: Kippo Basic Installation Guide [This guide loosely follows our approach, but we’ve provided our command list below as there are several deviations discussed on the show] Basic Port Configuration sudo iptables –list sudo nano /etc/ssh/sshd_config sudo systemctl reload ssh sudo -s apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted apt-get install subversion useradd -d /home/kippo -s /bin/bash -m kippo -g sudo apt-get install authbind touch /etc/authbind/byport/22 chown kippo /etc/authbind/byport/22 chmod 777 /etc/authbind/byport/22 su kippo apt install python-pip Basic Kippo Install svn checkout ./kippo cd kippo cd trunk ls -lA mv pip install -Iv twisted== . cd log tail -f cat | grep “attempt” cat   | grep “login” Further Reading: Analytics and Configuration In Kippo Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »