Friday, May 19, 2017

GroundRod 1 & 2 Idaho, June 1-4 Update


The GroundRod Primer course for CDA, Idaho is completely full and we have 2 seats left for GroundRod 2.

If you did not make it into this class we have some upcoming dates in the Northwest:

- June 15-18    Eugene, OR

- July 6-9         Prosser, WA

- July 14-17     Buffalo, WY

***

Outside the NW:

- July 29-30        LasVegas, NV  (after Blackhat 2017)

- August 10-13   Scranton, PA




Reserve your spot before they fill up.


Wednesday, May 17, 2017

Update on Intel AMT Exploit


As many of you are aware, a rather onerous firmware exploit was discovered in February that affects most modern Intel processors. The exploit has been dubbed "Silent Bob Is Silent" and can grant an adversary remote access to your computer beneath the OS level. This not only affect Windows machines but Mac and Linux as well.

“The exploit is trivial, max five lines of Python, could be doable in one-line shell command. It gives full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and modify any data. For security servers, it may allow disabling security features, creating fake credentials, or obtaining root keys. …  IT folks, KEEP WORKING THROUGH THE WEEKEND, DISABLE AMT NOW or block access to it. This can get ugly.”

Read the full piece HERE

The linked post will cover some methods for determining if your system is vulnerable. It should be noted that the Intel vPro model CPUs are most vulnerable.


I should point out that the SEPIO laptops are not vulnerable to this exploit.




Note:  A quick fix you could employ while waiting for a patch is to block the following ports in your router/AP firewall: 16992, 16993, 16994, 16995, 623, 664. This will block it for the time being. I would also disable IPv6 as it uses random IPv6 ports.









Friday, May 12, 2017

Be Careful What You Click


Those leaked NSA TAO tools have been in the wild for a few weeks now.....and now we have this.

"According to CrowdStrike's vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked that initiates the WannaCry infection.

But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. "This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire," he told Forbes. "It's going through financials, energy companies, healthcare. It's widespread."

Given the malware is scanning the entire internet for vulnerable machines, and as many as 150,000 were deemed open to the Windows vulnerability as of earlier this month, WannaCry ransomware explosion is only expected to get worse over the weekend."

Read the whole piece here WannaCry exploit

***

The WannaCry malware currently is wreaking havoc with the  UK healthcare system.

This attack uses the leaked Eternalblue malware from NSA and is a nasty one. Yet another reason to move away from Windows and into a Linux based distro (preferably a hardened one).




BlackHat 2017 Convention & GroundRod


Blackhat 2017 Info

I will be attending the 2017 Blackhat convention in Vegas July 22-27. If there is interest I can schedule a GroundRod course in Las Vegas to run right after the conference.

Any interested parties email me and we will see if we can make it happen.



Thursday, May 11, 2017

More Shenanigans from the No Such Agency folks



"A very important question remains: What exactly could WindsorBlue, and then WindsorGreen, crack? Are modern privacy mainstays like PGP, used to encrypt email, or the ciphers behind encrypted chat apps like Signal under threat? The experts who spoke to The Intercept don’t think there’s any reason to assume the worst.

“As long as you use long keys and recent-generation hashes, you should be OK,” said Huang. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.”

Translation: Older encryption methods based on shorter strings of numbers, which are easier to factor, would be more vulnerable, but anyone using the strongest contemporary encryption software (which uses much longer numbers) should still be safe and confident in their privacy."

***

Read the full article here Intercept Article and make sure you grok the implications.


- You are using strong passwords/passphrases, right?

- You are using minimum RSA-4096 (and getting comfortable with ECC non-NIST curves), yes?

- And of course you are dating/replacing your passwords and PGP keys on a regular basis?



Privacy/Encryption is a dynamic sport.....don't ever forget that fact.




Wednesday, May 3, 2017

GroundRod in Central Oregon and Central Florida

There will be a GroundRod Primer in the Bend, OR area on May 13-14.  There will also be a GroundRod Primer in the Fort Meyers, FL area May 27-28.

Contact me if you wish to register for either course.




Sunday, April 23, 2017

Simple Faraday Shielding


"Faraday Cage".......

The phrase invokes images of Gene Hackman's rouge NSA character from the film Enemy of the State, hacking away from the safety of his wire copper mesh "office". It also brings up thoughts of nuclear detonations and solar coronal mass ejections frying everything from televisions to the family car.

We'll save the intricacies of those scenarios for a later article. What I want to address today is basic RF (radio frequency) shielding in a practical sense. As I see it, there are four basic aspects to how we may use shielding, whether it be an RF blocking pouch for our phone or a grounded, sealed, galvanized trashcan for our spare equipment (post apocalyptic resupply of course). They are:


1. Preventing our device from being exploited 

2. Preventing our device from exploiting us

3. Preventing unwanted destruction of our device 

4. Protecting our health


These should all be pretty self explanatory, but lets touch on each real quick.

1. This could be anything from a hacker planting ransomware on your device, to the government tracking your messages and accessing your microphone and/or camera.

2. Your phone in particular, and your computers and tablets to some degree, are constantly reporting your whereabouts to your service provider and whomever they share that data with. With phones this can range from cellular tower triangulation to the more nefarious IMSI sniffers/spoofers.

3. This would likely only occur during a nuclear event that is very nearby or that triggered a carrington effect covering a much broader geographical area.

4.  Any medical practitioner will tell you - no amount of RF radiation is healthy for the human body. We are bombarded with RF of varying intensity all day long. It could be the cell phone pressed against our skull or the wireless router in our house blasting us day and night.


One could build an "RF safe room" in their home to mitigate some of the above. You can purchase rolls of the RF attenuating fabric online (same stuff that lines the phone RF pouches), but what might be more practical is to just paint the room. There is a company that produces an RF/EMF blocking paint that claims up to 30dB of attenuation per coat. LessEMF Paint markets the paint. Bear in mind that if you want this to be a "clean" room you will need to remove all light fixtures, outlets, switches and paint every surface (floors and ceilings).

Might be worth having a small office in your abode that is RF free.......food for thought.

I should probably point out that the EMF paint is not likely to protect your equipment from a high powered EMP burst. You would want something more substantial for that purpose.






Tuesday, April 18, 2017

INFOSEC Updates


Well, it has been an interesting couple of months in the world of privacy and cyber security. We had the "vault 7" leaks, then we just had the NSA's TAO hacking tools released into the wild for any and all to use. So now we don't have to be concerned only about nation-states wielding those kinds of tools, but potentially every criminal element out there. Many INFOSEC researchers have pointed out that this makes Windows vulnerable to a wide assortment of attacks. Ironically, their "fix" is telling everyone to upgrade to Windows 10!! An operating system that, near as I can tell, was built from the ground up to spy on you.....what a joke!

The GroundRod series of courses continues to grow in popularity as people around the country are realizing that no one will save them....they have to save themselves! We have a very full class coming up the end of April in Tennessee as well as a full class in northern Idaho in June. Here are some of the courses that are still open for enrollment:

* May 13-14          GroundRod 1   in Bend, OR

* May 27-28          GroundRod 1   in Fort Meyers, FL

* June 1-4              GroundRod 1 & 2   in CDA, ID

* June 17-18          GroundRod 1   in Eugene, OR

* July 14-17           GroundRod 1 & 2   in Buffalo, WY

* July TBA            GroundRod 1 & 2   in Prosser, WA

* August 11-14      GroundRod 1 & 2   in Scranton, PA



We also have a Gunfight Concepts Carbine 1 course in Central WA for June 10


You can register for any class by visiting the Store page and making a $100 class deposit, then emailing me with the requested course and date.


We still have a few SEPIO laptops and VERUS phones in stock with more on the way.








Tuesday, March 14, 2017

GroundRod 2 in Texas ** UPDATED March 20 **


** UPDATE **

We have changed the class dates on this course to April 1-2. 



I have some extra seats available now for the GroundRod 2 class in Midland, TX March 25-26. If you are interested in attending, let me know as my classes have been filling up quick lately.



Wednesday, March 8, 2017

SEPIO Secure Laptops


Starting in April the base price of the SEPIO Secure Laptop will move to $1200 due to increasing hardware prices and increased demand necessitating the hiring of extra help.

********

Some notes regarding recent upgrades to the SEPIO OS system:

- Added protection against "STUXNET" style BadUSB attacks.

- Increased encryption strength beyond industry standards.

- Hardware drive encryption (AES-256)

- Added extra protections against "brute-force" password attacks.

- Created separate menu entry for all HAM radio software.

- Upgraded Grsecurity kernel to 4.9 series.

-Can now make ECC GPG/PGP keys with non-NIST curves.

-Virtual machine upgrade.

-Option for non-NIST system encryption (Serpent vs AES)

-Randomized DNS queries via non-logging OpenNIC servers.

-Switched TOR browser from standard to hardened edition w/secure defaults.

-Several software upgrades - BitMessage, AirVPN, Safejumper, BitSquare, Exodus wallet, I2P, OnionShare, Cloak and many more.




Saturday, February 11, 2017

Class Availability

The upcoming GroundRod Primer & GroundRod 2 back-to-back courses scheduled for April 27-30 in Clarksville, TN are just about booked full. If you are planning on attending this venue and have not already reserved your seat, you need to get a hold of me as there are only a few seats left.

There are some seats left for the GroundRod Primer & GR2 scheduled for February 24-27 in Columbus, OH due to a couple cancellations.

****

We are looking to set up courses in North Carolina, Florida, Wyoming, Nevada and Hawaii in the coming months. If any of those locations interest you, get a hold of us and we will get the class built.



Thursday, February 9, 2017

GroundRod Primer Course Review via Forward Observer



Sam Culper from Forward Observer hosted a GroundRod Primer down in Austin, Texas last week and just released a course review...

Forward Observer Review


Saturday, January 28, 2017

Encryption Update ** UPDATED **


(Update at the bottom)

So, the NSA and IAD just released an advisory memo directed at US government entities and NGOs/Corporations that deal with classified material. In a nutshell, they are raising the minimum required encryption level for top secret data effective immediately. So instead of referring to the NSA's Suite B cryptography, we will now refer to what they are calling the Commercial National
Security Algorithm Suite. The changes are as follows:

Former Suite B standards

- RSA-2048                                       (Key exchange/Digital Sig)
- ECDH/ECDSA P-256                    (Key exchange/Digital Sig)
- AES-128                                         (Symmetric encryption)
- Diffie-Hellman 2048                      (Key exchange)
- SHA-256                                        (Integrity check/hash)


New NSS standards

- RSA-3072                                      (Key exchange/Digital Sig)
- ECDH/ECDSA P-384                   (Key exchange/Digital Sig)
- AES-256                                        (Symmetric encryption)
- Diffie-Hellman 3072                     (Key exchange)
- SHA-384                                       (Integrity check/hash)

Okay great.....what does this mean to you?

Well, for one, if the NSA feels there is a threat great enough to warrant raising these standards to protect national security structure, then it only makes sense for the public to do the same. After all, I place I high value on my privacy and the sanctity of my "data".


Things you should be checking:

1. Your VPN provider (you are using a VPN, right?). Most of the providers I recommend already meet or exceed the new standards. There are, however, some that still employ RSA-2048 and AES-128. Find out what your provider is using and if it does not meet the standard as set forth above I would contact them and encourage them to implement it as soon as possible.....or move to a different provider.

2. Your PGP/GPG keys. More and more people are discovering and utilizing GPG encryption for their mail and personal file security. I have noticed though that many of the people that contact me via GPG are still using RSA-2048 keys. I would encourage you to switch to the stronger RSA-4096 keys (or better yet, ECC keys with non-NIST curves....if you are savvy with the terminal).


These couple of steps will greatly increase your personal/business security level and, frankly, are pretty painless to implement.



I should note that you will get hands on experience with these techniques at my GroundRod 2 course.

***  UPDATE ***

We looked at the Suite B standards and the new NSS standards above.....now, here are my recommendations:

For key negotiation/exchange:

      - RSA-4096
      - ECC Brainpool P-384 or P-512
      - ECC Curve25519
      - DH 4096

For symmetric (payload) encryption:

      - Twofish / Threefish
      - Serpent
      - AES-256

For integrity check/hash:

      - SHA-512
      - Whirlpool

 As you can see, I favor non-NIST standards as much as possible. For most VPN providers you are stuck with AES for channel encryption, however, Proxy.sh and a couple others are working on implementing Serpent and Twofish as an option.









Wednesday, January 18, 2017

First GroundRod 2 Student Review

I just received a very humbling course review from one of the students from my recent GroundRod 2 course in Arizona. Here it is....


***

Praise for GroundRod2

* K is the Marcus Aurelius of Cyber Privacy and Security.

* Groundrod2 (GR2) was awesome. If you thought Groundrod1 was good, GR2 is even better

* K is an incredible instructor. He offers a wealth of experience and expertise related to privacy, security and liberty. The course is not just for those who like to be prepared, people who live off-grid, etc. GR2 is a hands-on, cyber security “boot camp” for freedom-loving Americans who cherish their constitutional rights. The training course is immersive, takes place in a small class environment while the goal for students is to leave with cutting-edge skills they can immediately apply in their daily life.

* K’s classes can be understood by individuals as well as both the business and the technical side of any organization. By way of example, K’s military and technical expertise combined with his attention to detail allow him to walk through complex scenarios and use cases with ease while applying risk principles to each situation so students can visualize the best outcome and discern the reasoning behind the analysis.

* K’s course will empower students with the skills and tools needed to win the battle against the wide range of cyber adversaries who want to harm you, your family and your environment.

*GR2 was a high-quality learning experience against a backdrop of constantly changing technologies and threats. Put another way, K’s class is a “Proving Ground” for all the latest, best and most secure technologies to safely and securely communicate.

*It’s clear based on the quality of class instruction and extensive classroom training tasks, K has extensive experience with successful classroom teaching techniques and delivering technical training for adult learners in corporate, government and military environments.

* Heaven forbid, but ... If Weimar Germany in 1923 or Venezuela in 2017 are any indication of what may happen here in the future in the US; If you care about your family, friends and loved ones and want to have the ability to communicate candidly, effectively and securely in a potentially hostile environment, you will want to take this class.

* Most people view insurance as something they need for their car, home or if they die ... for their loved ones after they pass on. Think of K’s class as insurance against “Normalcy Bias”. It’s the elixir against denial for what we already know is a mathematical certainty (the US Government will default on the 20T in national debt in the near future). Very few people have the skills and know-how to communicate securely over long distances with others in a hostile environment. And, you will be equipped with knowledge that will be in exceptionally high demand.

-PN01


***

My thanks to the wonderful students down in Arizona. Their quest for excellence, fearless questioning and overwhelming generosity represent the things that keep me going.



Wednesday, January 4, 2017

Upcoming Courses


GroundRod 2 is here and covers the following:

- Review of GroundRod Primer skills

- Discussion of current events as they relate to privacy, security and liberty

- In depth study of the Invisible Internet Project / I2P

- Setting up anonymous mail service via I2P

- Exploration of Zeronet and other distributed networking systems

- Setting up and using Retroshare with extra anonymity

- The latest in encryption techniques, including ECC

- Setting up open source router firmware

- Metadata analysis

- Testing secure alternatives to Skype and other mainstream teleconferencing software

- The latest in crypto-currency trends, techniques and software

- Real-world tradecraft application

- Setting up resilient, "Ministry of Truth" proof websites

- Hands on training for SEPIO laptop owners

- and tons more.........

***************************

These are the current course dates. Contact me if you want to reserve a seat or if you wish to host a course in your area. Cost is still just $350 (per course).


GroundRod 2                          --  Phoenix, AZ  -- 14-15 January

GroundRod Primer                --  Austin, TX -- 4-5 February    w/ Forward Observer

GroundRod Primer & GR2   --  Columbus, OH -- 24-27 February

GroundRod Primer & GR2   --   Clarksville, TN  --  27-30 April



The privacy fight is far from over folks.......regardless of who is occupying the White House.


** UPDATE **  For those of you attending any of the double classes (GR1 & 2) you only need to make one $100 class deposit as opposed to a $100 deposit twice for each course.