Posts

Showing posts from 2017

Interview with Forward Observer

Image
I recently had a short interview with  Forward Observer  regarding Bitcoin and Crypto-assets.  There is a lot of interest being generated right now in this field, and for good reason. Whether your interest lies in protecting your assets, seeking better investment vehicles or just enhancing your privacy; you would be wise to study up on crypto......it's not going away. You can listen to it  HERE

SEPIO Laptop **SPECIAL DEAL**

*** SOLD *** I have a special going right now on a SEPIO secure laptop. This is on special due to my putting a couple light scratches on the lid while working on it. The specs are as follows: - i7 CPU (versus the normal i5) - 12GB DDR4 RAM - 256GB SSD - 15.6 inch Full HD touchscreen - Full aluminum chassis with backlit keyboard - SEPIO Secure OS (latest build) This model normally goes for $1400, but I am knocking $100 off due to the scratch. My mistake is your gain.... As with all SEPIO's, the RAM and SSD can be upgraded on request. The i7 models are rare, so get it while you can.

Important Update on Recent Hack of Wireless

Image
As many of you are now aware there was a rather dangerous hack released the other day ( CVE-2017-13077) that affects nearly all devices' utilization of the WPA/WPA2 wireless security protocol. The details of which can be read about here: https://www.schneier.com/blog/archives/2017/10/new_krack_attac.html Now before anyone panics I should point out a couple things: 1. A patch for this has been released already for the following distros:     SEPIO OS     Linux Mint     Ubuntu     Debian (and most distros based on Debian)     opesource Android Lineage OS Simply run your update manager (or sudo apt update && sudo apt upgrade in terminal) and you are good to go. 2. If you were following my advice and utilizing the WPA2-CCMP/AES version as opposed to WPS or TKIP the damage would have been far less. 3. There are currently no patches available for:     Windows (I know, shocking)     Mac OSX     iOS     Android     non-Debian Linux (Suse, Fedora, Arch, et

SEPIO Secure Laptop Sale

Image
SEPIO Secure Laptops will be on sale for $100 off normal price until November 1st. Some of the recent system upgrades include: - Added support for Yubikey secured boot - Added support for KeepKey, Trezor and Ledger crypto-currency hardware wallets - New artwork and icons - Option for custom Secure Boot certificates and many other software updates and upgrades.

Upcoming Courses

Image
Can you actually protect yourself from online thieves, government snoops and malicious software? What is the "Darkweb" and is there any legitimate use for such a thing? What is Bitcoin and why should I concern myself with it? How is the Internet Of Things dangerous to me? Can the government read my emails and messages? Can they break my encryption? These are all common questions coming from the public on a more and more frequent basis and they are just a few of the questions that we answer in the GroundRod training series. The courses are designed for the layman and the professional alike and are hands on. You don't just listen to a lecture, you implement the subject matter in real time during class. We cover the spectrum from system hardening and secure communication to human tradecraft and escape & evasion skills. You leave class with a broader understanding of the threats and a real set of tools with which to protect yourself, your family and your

Tactical Skills Q & A -or- Be Good at Everything or Die

Image
In the interest of spreading useful information regarding tactics/training I wanted to relay this conversation I had with some folks from the tactical community a while back. I was asked several pointed questions which I do my best to answer below: Question 1: Of all the various training disciplines available, which one should be top of the training list right now in light of world events? Rifle training? Land Navigation? Communications? Patrolling , etc... Answer: Well, there are definitely some sacred cows on that list. It of course kind of depends on where you are as an individual with regard to the various skillsets, but lets assume you are a competent shooter with some basic fieldcraft under your belt....I would put information gathering on top. You could also label it Intel/Comms if you wanted. Why? 1. Intelligence drives the fight. Without it, you are just a bunch of armed guys in the woods. 2. Everyone can do it. Your 75 year old aunt can do it, your kid can do

Full Spectrum Training.....does it matter?

Image
 So I know the question is out there....why is this website supposedly devoted to the study of warfare always talking about computer security and cryptocurrency? Shouldn't I just be posting articles about "improving your shot group" or the latest in "tactical accoutrements"? It essentially boils down to this: 1. As anyone who has attended my courses knows, I believe in what I call "The Heinlein Doctrine" (or the Competent Man principal). In essence, a warrior (or just a human being for that matter) must be good at everything...not just shooting, or grappling, or navigating. 2. Right now, technology is at the forefront of not just battle, but our everyday lives....like it or not. 3. Many believe that war lies in the not too far future of the western world. I believe that this war has already begun. Perhaps not the shooting part, but the IPB (Intelligence Preparation of the Battlespace) has begun in earnest in the technical space. We ignore t

Those Sneaky Dots

Image
As I have been pointing out in the GroundRod courses for years, your printer can "tattle" on you.  Case in point: "According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots — small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed." Full  article So the most recent NSA leaker was rather quickly outed due to barely visible yellow dots that are surreptitiously placed into every document printed by nearly every printer in existence. I encourage you to check out the EFF's guide  HERE  for finding and decoding your printer's secret messages.

GroundRod 1 & 2 Idaho, June 1-4 Update

Image
The GroundRod Primer course for CDA, Idaho is completely full and we have 2 seats left for GroundRod 2. If you did not make it into this class we have some upcoming dates in the Northwest: - June 15-18    Eugene, OR - July 6-9         Prosser, WA - July 14-17     Buffalo, WY *** Outside the NW: - July 29-30        LasVegas, NV  (after Blackhat 2017) - August 10-13   Scranton, PA Reserve your spot before they fill up.

Update on Intel AMT Exploit

Image
As many of you are aware, a rather onerous firmware exploit was discovered in February that affects most modern Intel processors. The exploit has been dubbed "Silent Bob Is Silent" and can grant an adversary remote access to your computer beneath the OS level. This not only affect Windows machines but Mac and Linux as well. “The exploit is trivial, max five lines of Python, could be doable in one-line shell command. It gives full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and modify any data. For security servers, it may allow disabling security features, creating fake credentials, or obtaining root keys. …  IT folks, KEEP WORKING THROUGH THE WEEKEND, DISABLE AMT NOW or block access to it. This can get ugly.” Read the full piece   HERE The linked post will cover some methods for determining if your system is vulnerable. It should be noted that the In

Be Careful What You Click

Image
Those leaked NSA TAO tools have been in the wild for a few weeks now.....and now we have this. "According to CrowdStrike's vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked that initiates the WannaCry infection. But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. "This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire," he told Forbes. "It's going through financials, energy companies, healthcare. It's widespread." Given the malware is scanning the entire internet for vulnerable machines, and as many as 150,000 were deemed open to the Windows vulnerability as of earlier this month, WannaCry ransomware explosion is only expected to get worse over

BlackHat 2017 Convention & GroundRod

Image
Blackhat 2017 Info I will be attending the 2017 Blackhat convention in Vegas July 22-27. If there is interest I can schedule a GroundRod course in Las Vegas to run right after the conference. Any interested parties email me and we will see if we can make it happen.

More Shenanigans from the No Such Agency folks

Image
"A very important question remains: What exactly could WindsorBlue, and then WindsorGreen, crack? Are modern privacy mainstays like PGP, used to encrypt email, or the ciphers behind encrypted chat apps like Signal under threat? The experts who spoke to The Intercept don’t think there’s any reason to assume the worst. “As long as you use long keys and recent-generation hashes, you should be OK,” said Huang. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.” Translation: Older encryption methods based on shorter strings of numbers, which are easier to factor, would be more vulnerable, but anyone using the strongest contemporary encryption software (which uses much longer numbers) should still be safe and confident in their privacy." *** Read the full article here  Intercept Article  and make sure you grok th

GroundRod in Central Oregon and Central Florida

There will be a GroundRod Primer in the Bend, OR area on May 13-14.  There will also be a GroundRod Primer in the Fort Meyers, FL area May 27-28. Contact me if you wish to register for either course.

Simple Faraday Shielding

Image
"Faraday Cage"....... The phrase invokes images of Gene Hackman's rouge NSA character from the film Enemy of the State, hacking away from the safety of his wire copper mesh "office". It also brings up thoughts of nuclear detonations and solar coronal mass ejections frying everything from televisions to the family car. We'll save the intricacies of those scenarios for a later article. What I want to address today is basic RF (radio frequency) shielding in a practical sense. As I see it, there are four basic aspects to how we may use shielding, whether it be an RF blocking pouch for our phone or a grounded, sealed, galvanized trashcan for our spare equipment (post apocalyptic resupply of course). They are: 1. Preventing our device from being exploited  2. Preventing our device from exploiting us 3. Preventing unwanted destruction of our device  4. Protecting our health These should all be pretty self explanatory, but lets touch on each real

INFOSEC Updates

Image
Well, it has been an interesting couple of months in the world of privacy and cyber security. We had the "vault 7" leaks, then we just had the NSA's TAO hacking tools released into the wild for any and all to use. So now we don't have to be concerned only about nation-states wielding those kinds of tools, but potentially every criminal element out there. Many INFOSEC researchers have pointed out that this makes Windows vulnerable to a wide assortment of attacks. Ironically, their "fix" is telling everyone to upgrade to Windows 10!! An operating system that, near as I can tell, was built from the ground up to spy on you.....what a joke! The GroundRod series of courses continues to grow in popularity as people around the country are realizing that no one will save them....they have to save themselves! We have a very full class coming up the end of April in Tennessee as well as a full class in northern Idaho in June. Here are some of the courses that are

GroundRod 2 in Texas ** UPDATED March 20 **

Image
** UPDATE ** We have changed the class dates on this course to April 1-2.  I have some extra seats available now for the GroundRod 2 class in Midland, TX March 25-26 . If you are interested in attending, let me know as my classes have been filling up quick lately.

SEPIO Secure Laptops

Image
Starting in April the base price of the SEPIO Secure Laptop will move to $1200 due to increasing hardware prices and increased demand necessitating the hiring of extra help. ******** Some notes regarding recent upgrades to the SEPIO OS system: - Added protection against "STUXNET" style BadUSB attacks. - Increased encryption strength beyond industry standards. - Hardware drive encryption (AES-256) - Added extra protections against "brute-force" password attacks. - Created separate menu entry for all HAM radio software. - Upgraded Grsecurity kernel to 4.9 series. -Can now make ECC GPG/PGP keys with non-NIST curves. -Virtual machine upgrade. -Option for non-NIST system encryption (Serpent vs AES) -Randomized DNS queries via non-logging OpenNIC servers. -Switched TOR browser from standard to hardened edition w/secure defaults. -Several software upgrades - BitMessage, AirVPN, Safejumper, BitSquare, Exodus wallet, I2P, OnionShare, Cloak

Class Availability

The upcoming GroundRod Primer & GroundRod 2 back-to-back courses scheduled for April 27-30 in Clarksville, TN are just about booked full. If you are planning on attending this venue and have not already reserved your seat, you need to get a hold of me as there are only a few seats left. There are some seats left for the GroundRod Primer &  GR2 scheduled for February 24-27 in Columbus, OH due to a couple cancellations. **** We are looking to set up courses in North Carolina, Florida, Wyoming, Nevada and Hawaii in the coming months. If any of those locations interest you, get a hold of us and we will get the class built.

GroundRod Primer Course Review via Forward Observer

Image
Sam Culper from Forward Observer hosted a GroundRod Primer down in Austin, Texas last week and just released a course review... Forward Observer Review

Encryption Update ** UPDATED **

Image
(Update at the bottom) So, the NSA and IAD just released an advisory memo directed at US government entities and NGOs/Corporations that deal with classified material. In a nutshell, they are raising the minimum required encryption level for top secret data effective immediately. So instead of referring to the NSA's Suite B cryptography, we will now refer to what they are calling the Commercial National Security Algorithm Suite. The changes are as follows: Former Suite B standards - RSA-2048                                       (Key exchange/Digital Sig) - ECDH/ECDSA P-256                    (Key exchange/Digital Sig) - AES-128                                         (Symmetric encryption) - Diffie-Hellman 2048                      (Key exchange) - SHA-256                                        (Integrity check/hash) New NSS standards - RSA-3072                                      (Key exchange/Digital Sig) - ECDH/ECDSA P-384                   (Key exchange/Di

First GroundRod 2 Student Review

I just received a very humbling course review from one of the students from my recent GroundRod 2 course in Arizona. Here it is.... *** Praise for GroundRod2 * K is the Marcus Aurelius of Cyber Privacy and Security. * Groundrod2 (GR2) was awesome. If you thought Groundrod1 was good, GR2 is even better * K is an incredible instructor. He offers a wealth of experience and expertise related to privacy, security and liberty. The course is not just for those who like to be prepared, people who live off-grid, etc. GR2 is a hands-on, cyber security “boot camp” for freedom-loving Americans who cherish their constitutional rights. The training course is immersive, takes place in a small class environment while the goal for students is to leave with cutting-edge skills they can immediately apply in their daily life. * K’s classes can be understood by individuals as well as both the business and the technical side of any organization. By way of example, K’s military and technical

Upcoming Courses

Image
GroundRod 2 is here and covers the following: - Review of GroundRod Primer skills - Discussion of current events as they relate to privacy, security and liberty - In depth study of the Invisible Internet Project / I2P - Setting up anonymous mail service via I2P - Exploration of Zeronet and other distributed networking systems - Setting up and using Retroshare with extra anonymity - The latest in encryption techniques, including ECC - Setting up open source router firmware - Metadata analysis - Testing secure alternatives to Skype and other mainstream teleconferencing software - The latest in crypto-currency trends, techniques and software - Real-world tradecraft application - Setting up resilient, "Ministry of Truth" proof websites - Hands on training for SEPIO laptop owners - and tons more......... *************************** These are the current course dates. Contact me if you want to reserve a seat or if you wish to host a course in y