loader from loading.io

Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Release Date: 10/16/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet  show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito.  We got into a lengthy discussion about Hunter Biden and the legitimacy of the emails and how to tell, also about computer repair shops and then a little about Steve Scully's tweet and his lies about it. Here we go with Jim. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] That is a dead give away and these news agencies such as Fox who have seen both emails, I'm sure dug into it because they said these emails were legitimate because we...

info_outline
AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities show art AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. You will find here a different host this morning on NH Today. Jack Heath has moved on to another radio group. I was on with Scott Spradlin. We discussed election security in the light of revelations by the FBI and DHS about Nation-State Actors accessing our election systems through known vulnerabilities. Here we go with Scott.  These and more tech tips, news, and updates visit. -  ---  Automated Machine Generated Transcript: Craig Peterson: How vulnerable are the web pages where these final tallies are as well. So...

info_outline
Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast show art Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses a new Phishing Scam that is targeting Republicans with a legitimate email but that adds an attachment with a nasty trojan payload.   For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hi, everybody. We're going to be talking about some new Trojan malware that targets Trump supporters. Some new tools that are out there. Ransomware being paid by one of the country's biggest online providers right here. Hey everybody. I'm Craig Peterson. Today we are going to with no...

info_outline
Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast show art Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses one of the security tools he uses and why you should use it too. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Remember everybody, don't open those email attachments.  I'm going to talk about a new tool released out there that if you're involved with security, you probably need it. So here we go. Hi everybody. Craig Peterson here.  I want to talk right now about this great tool that I've been using for decades now, I think. It's called Nmap. Now it's something that I...

info_outline
Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast show art Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses why State and Local governments are getting ransomware and who is actually at fault. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, Tyler technologies, you might not have heard of them, but you've almost certainly use them. And we'll tell you why they got nailed by these human-operated ransomware pieces that are floating around there as part of phishing expeditions. Here we go. Hey, thanks for joining me. This is Craig Peterson of course. Tyler technologies, you might not...

info_outline
5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast show art 5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses 5G and explains how it works why what you may have heard about 5G speeds might have a bit misleading. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Are you as excited about five G as I am? I got some good news and I got some bad news and we're going to explain 5g here because five G, isn't five G, isn't five G.  Why is Europe so much faster? Hey everybody. Thanks for tuning in. You're listening to Craig Peterson. five G held open a couple of different promises. One of the big promises of five G was...

info_outline
 Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast show art Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig helps to unravel the mystery behind disk encryption and tells you what you need to know. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, welcome back in this hour, we are going to be talking about security, hardware, security. You might not be aware of it. we're going to be talking about trusted platforms and hardware, encryption, and keys because this is the only thing that's really going to protect you.  Thanks for listening. I'm Craig Peterson. Let's talk about that security....

info_outline
Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast show art Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the vulnerabilities in Apple's T2 Chip. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, if encryption has been really messing you. I'm trying to figure out how do I make these things safe? What is data at rest? What is Data-in-flight? How come we have disc encryption at the hardware level? What does it mean to have a TPM, the T2  what's Apple doing that's what we're talking about right now. Hi everybody. Craig Peterson here. Welcome back. So glad to have you.  I...

info_outline
Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast show art Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the uses of TPM in securing Windows and Linux For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to delve now into the idea behind keeping your data safe on your disks and what are the different regulations about it? Cause there's a few right now that you need to know about. Hi everybody. Welcome back, Craig Peterson  We're talking today, at least this hour about security because of a major security problem that was announced this week, about Apple's security chip,...

info_outline
Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast show art Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses PCI DSS Compliance in businesses and the increasing problem with Android ransomware. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you have a business that takes credit cards if you. Ever go into a business or use a business online that takes credit cards. There are some special rules that you need to follow called the PCI standards. We'll talk about it. Hi, welcome back. This is Craig Peterson here. Verizon. I'm not sure if you've seen these before, but Verizon has...

info_outline
 
More Episodes

Craig helps to unravel the mystery behind disk encryption and tells you what you need to know.

For more tech tips, news, and updates, visit - CraigPeterson.com

---

Trojan Malware Targets Trump Supporters

Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0

Tyler Technologies finally paid the ransom to receive the decryption key

5G in the US averages 51Mbps while other countries hit hundreds of megabits

Appleā€™s T2 security chip has an unfixable flaw

Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance

Android Ransomware Has Picked Up Some Ominous New Trick

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Hey, welcome back in this hour, we are going to be talking about security, hardware, security. You might not be aware of it. we're going to be talking about trusted platforms and hardware, encryption, and keys because this is the only thing that's really going to protect you.

 Thanks for listening. I'm Craig Peterson.

Let's talk about that security. That's what we're going to kick off this hour with. And we're going to get into our new Verizon security report on payment, and then we'll get into some Android stuff, but. We had this week and announcement here. And this is about Apple. Apple has built hardware security inside most of its devices that includes the iPhones and include your Macs and Mac pros. You name it, really the iMacs, the Mac minis. They all have the hardware. Inside of them to help provide security. Now in the Apple world, it is a chip that Apple makes it's called a T2 security chip, and that makes sure that people cannot get onto your computer.

The whole idea is if they have physical access to the computer, they cannot get inside. They can't make it boot off an external drive. They can't do just a whole ton of things get real deep system access. Back in the day, you used to boot off of read-only memory. Or proms, programmable read-only memory, those BIOSes that was in so many of the consumer pieces of equipment out there, and even some of the prosumer stuff that many businesses use. Those BIOSes were really cool, but they weren't secure at all.  The hard disks that machine could easily be removed and put onto another machine, they didn't even have to be booted up. You could just have another machine of a, for instance, my Mac, I can take a disk from a Windows computer. I have a device sitting there that's hooked up full time. That allows me to just plug a hard disc. just, you just slide it, And while the machine is up and running and it will Mount that disk. And let me do whatever I need to do investigative work or whatever, it might be very cool devices.

 I can have two of those disks that I just plugin. I also use them for my video, where I am recording directly to SSDs. I move SSDs around, which is much faster than trying to push them over gigabit ethernet. So Apple has decided that this T2 chip is a good thing and it uses the T2 chip for a few different things.

Once we're talking about your hard disc itself, the newer hard disks at the higher end and have the ability. To encrypt the data on the disc, which is, it's good. It's great. But that data that's encrypted on that disk can be read by the operating system. And that's the whole idea, right? If you can't read the disk, what good is it for you?

So any data that's stored on that encrypted data is still available for your programs and is still available for hackers. So the disc encryption I'm talking about right now at the kind of the low end of all of this security stuff. It's designed so that when your computer is life it's over, or maybe the hard disc crashes, there's a little jumper that you can pull, or maybe there are the jumpers you short out on the disk.

Just look it up online, do it. In fact, go search for your disc model number and you pull that jumper or you short out those terms and what happens at that point is your disk is now complete. Erased, but it's not really erased. It's like your iPhone. Have you been to the Apple store? You're trading in your iPhone.

You want to get a brand new iPhone? Isn't this great. They have you turn off. Find my iPhone. That's the first thing they have you do. And then they say to erase the iPhone. And have you noticed it takes what? Five, 10 seconds. To erase the iPhone. How can you possibly erase hundreds of megabytes or gigabytes of data in five to 10 seconds?

You cannot. So what's happening inside the iPhone is similar to what's happening with these basic encrypted disks. Okay. Everything that's written to these disks and everything written to your iPhone is encrypted. So if you want to make all of the data that's on that disk inaccessible or basically useless.

All you have to do is destroy the key that was used to encrypt it. So think of a door that cannot possibly be breached and a key. There's only one key. You can't pick the lock. Okay. Oh, maybe this isn't the best of analogies, but if that key is destroyed, it's impossible at that point on to open that door.

It's not like a real door where maybe you could take blow torches to a metal door or something right there. You can always get in, but it is completely effectively destroyed.  The data that's on that device. If the encryption is good, looks like just random data. There's no difference between completely random and.

It has everybody's social security number, income, and addresses in the whole United States encrypted on it. Okay. So that's the low end. On your iPhone. When you go ahead and you erase your iPhone when you're trading it in or. If you have one of these encrypted hard disks where you just pull that jumper, it now destroys the key.

That key now in both cases makes that disk, the data on the disc useless. Now that's cool. And the next time that disk is powered up, it's going to generate a brand new key and it's going to be hopefully pretty darn random. And now you can use it again, assuming the disc isn't bad. if you took it out, cause it was just totaled.

So that's a very basic layer, but just like your iPhone, that encrypted disc has data, that's readable on it up until the time that you destroyed the data by destroying the key. You're with me so far. That's the very basics of how this all works. Now there's something called TPM, which stands for trusted platform module.

This is an international standard that's been out now. It is a standard that describes a secure cryptoprocessor. That's what Apple's T2 security chip is all about. Now, the problem that came up this last week, this week, in fact, is that there is a flaw in Apple's trusted T2 security chip. And it's the flaw that apparently researchers have been using for more than a year to jailbreak older models of iPhones.

We've heard I heard about this. We've heard that the FBI was able to get into iPhone and get at the data that's in them. There are well, there's one primary company it's over in Israel that sells a device that lets the police break into iPhones.  I'm just talking about iPhones right now. Many of the Android devices are very easy to break into as well, but Apple is really trying to make these things secure.

That's why they came up with this chip of their own, which is really a kind of a trusted platform module. So they have been using this flaw in order to jailbreak into the iPhones. And the way that this T2 chip is vulnerable is a problem. And the slightly bigger problem is that this particular problem is ultimately unfixable.

In every Mac that has a T2 inside, that is a lot that T2 chip launched in 2017 and it created some limitations. Many people have used macs to run Linux for many years. It's a great little Linux computer. We know that PC magazine had on its front cover or was a PC world. The cover said the best PC for windows is a Mac because they were just that solid. But because of the T2 chip, when it was introduced in 2017, all of a sudden problems started to arise for people. they effectively hacking their Macs.

Apple added the chip so that it had a trusted mechanism to secure the device. The biggest reason for adding this chip or a TPM, this trusted platform module, which is available on many windows, computers is encrypted data storage. Now, in some cases, the TPM or the T2 chip.

Apple is also used for touch ID and activation log that all works with Apples find my iPhone type services. So this vulnerability is known as checkM8 and the jailbreakers as we mentioned, they've been exploiting problems with Apples, A5 through A 11 chipsets that's from 2011 to 2017.

Now the same group that developed the tool for iOS has released support for a T2 bypass. This is not good people. It just plain old is not good. Now we're going to. Pick this up. When we come back, I'm going to talk about the trusted platform, modules of vendors that are using it over on the windows space, how Apple's using it, how this whole black box things work works, and we're going to move up.

We talked about the hardware-based disc encryption. That's right there on the hard disc. We're going to move up the stack and talk about other types of encryption, including encryption. On the fly and encryption at rest, both are important concepts to understand when we're talking about security and system integrity.

Hey, you're listening to Craig Peterson. Stick around. We'll be right back.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553