Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning. How's everyone doing today? Um Different look. Uh mainly because uh I am uh at my normal office, but uh I instead of pitching my Macbook out the window, I decided to give it one more shot at rebuilding it.
This will be the fifth time um to see if I can uh resolve some of the stability issues. Now, I've got a feeling as to what the problem might be fingers crossed, um takes a little while to rebuild those.
So I'm uh going from one of my mobile rigs um in as opposed to my normal sort of uh studio setup. So um a little bit different look. Um Not quite at the height I want mainly because one of my cats has um commandeered my larger chair that I could rest this on.
Um Anyway, all good. Um It's Friday, hope everyone's doing well. Um Yesterday, I did post that video for um the A MD flaws for rise and fall for Master Key chimera and follow up. Um You can check uh that uh here on the Facebook page or on the youtube channel.
Um That's been getting a positive response so far thankfully. Um the hype cycle didn't really kick in on those, um, flaws because it was kind of ridiculous. Um, as far as the probability and that's really a big thing for me as a cybersecurity professional is that probability is key just because something's possible, doesn't mean that it's probable or it's gonna happen.
And that's really the fundamental, um, concept behind risk. And a lot of people end up forgetting that they sit there and they go, well, it's possible we need to defend against it. And realistically, you should be defending against this the same way you're defending against most other cyberattacks, which is trying to prevent criminals from getting um administrative access to your systems.
I mean, one of those uh CPU vulnerabilities even required a full rewrite of a bios which realistically would never happen. Um Except in extreme circumstances, it's still interesting technically though. So um also on a similar note, Intel uh announced that they have a new generation of CP US that are going to address um some of the um specter and meltdown issues in hardware.
Um So look for those to start hitting in the second half of 2018. So realistically, people will start to use them uh end of the year, maybe next year uh before some major vendors have them integrated. Um But you know, that's, we knew that was coming, it's a uh software, somewhat software mitigate, but it needs to be fixed in the hardware.
So um that's continuing on, I think. Um, uh based on uh, some of the responses I've gotten online, I will do a bit of a write up and either post that on marknca um, or markn.ca or um, on medium as far as a little uh, text, um, write up about the issues and compare them to sp specter meltdown a little bit better.
And, uh, of course, I'll link and embed the video um from uh yesterday that's on the youtube channel too. Other than that, I'm tackling some mobile forensics today. I got an interesting little project that came up that I'll talk a little bit more about next week, but I have to dive into some android uh forensics, which I haven't done in a while.
Um So that's gonna be interesting and challenging. Um capturing them through the beauty of the cloud. Um had to kind of put away my old school thinking on some stuff and realized that far simpler way to do some of the capturing uh for network traffic that I need to do involved an interesting little um cloud solution.
So again, I might write that up uh if I have time, um And definitely part of the project report, um that'll come out of this little forensic activity. Um Other than that, what I want to talk about today real quick because I know I've already been kind of rambling on for three minutes already.
So, um what I wanted to talk about was there's been a few announcements this week in various um avenues. Um uh town in New York had uh has just made an announcement. Um Google made an announcement where they're preventing activity for advertising um cryptocurrencies.
Um John Oliver this week with last week tonight um had a fantastic breakdown on um Cryptocurrency. So you know, Ho Yang Yang Yang, um absolutely amazing um breakdown uh from John Oliver on it as far as the um realities of uh of cryptocurrencies and you know, that's not to discount Blockchain as a technology.
I think there's phenomenal potential um in that technology in the right use case. The problem is we're fully on like triple down hype cycle um which doesn't make any sense. So Google took the step of banning um IC O advertisements um which is great we know from uh statistics compiled for 2017 46% of all IC os um either fail or outright scams.
Um And then uh similar, we're starting to see action taken locally uh locally where um towns or states um or um governments in general are looking at these and saying, wait a minute, is this legitimate activity?
Where does this fall on the financial spectrum? Um And that's mainly because um even in a heavily unregulated country like the US, um there are still regulations around securities trading, around currency trading. Um here in Canada, it's far more stringent and uh stricter regulatory environment.
Um But there's still challenges here and these are financial products, maybe financial system, um, completely wild west unregulated. Some people have got ridiculously rich. Some people are losing their shirt off their backs at the end of the day.
Still people don't really know where cryptocurrencies are going. Um Why we have so many, um Is it gonna boil down to one or two or are we gonna still have the thousands we have? Because you can literally, you go to a site and click one button and start, you know, mark coin, which would be very cool.
Um But again, useless and have no value. So uh interesting to see that. And that's, I think um really gonna be sort of a tangent theme through 2018. You're gonna see that pop up once uh every once in a while.
But please uh the big takeaway for most people is do not associate Cryptocurrency and Blockchain as being the same thing. Uh cryptocurrencies are built on Blockchain. You can build many other different types of things on Blockchain. We've talked about it here before.
Um Things like Microsoft's identity um initiatives as well as the larger uh global community, identity initiatives. Um For me, forensic scientist, um uh a chain of evidence, fantastic use. Um You could imagine having a Blockchain uh chain of evidence as opposed to just people signing and saying, I didn't let this evidence out of my sight.
Um You could have um a mathematical uh verification of their digital signature. Um which means as part of the court process, you could actually verify that that chain of evidence was unbroken. Um And that everybody's digital identity lined up with them along with their personal attestation is not perfect.
Um But it's definitely a step forward over what we have today. Um Obviously voting systems, a huge one any transaction. Um So it's not just any transaction that would be better supported by Blockchain, but any transaction that you want to verify and especially verify in public um or have a third party, be able to verify.
It is an ideal use case for Blockchain and there's a ton of those out there. Um So I'm really excited about that technology, but I'm really, I'm, I'm, it's unfortunate it's gotten wrapped up in the Cryptocurrency debate. Um and Cryptocurrency hype because people are associating the two and they're making them synonymous.
Um very similar. The word crypto for Cryptocurrency. Don't please don't let that be a thing. Um Crypto cryptography. Uh It's well established. It's been going on for thousands of years. Uh cryptocurrencies use cryptography, but just uh digital currencies I think would be far more appropriate.
Um because we've seen that uh as a larger life cycle. Anyway, that's a bit of a ramble. Uh It's Friday, you can tell I'm not nearly as focused, but uh Android friends today, I'll try to get some more stuff out on the A MD flaws.
Um What are you up to let me know? Hit, hit me below in the comments, um, uh, here on Facebook or youtube. Uh, you can hit me up online uh, at marknca um, same as the, uh URL here on Facebook or the channel URL got a custom channel URL yesterday.
Um So again, looking to talk, see what you're doing. Um, what's going on for you today? Um What do you think about um the Cryptocurrency movements? What do you think about A and D flaws? Um, anything and everything?
It's always exciting. Lots going on. Have a great weekend builders. We'll talk to you soon.
