Cybersecurity with Joseph Steinberg

Cybersecurity with Joseph Steinberg

Cybersecurity with Joseph Steinberg

Yo ho, yo ho, a pirates life for me., But beware ye landlubbers… there be nasty scoundrels on the high seas and they be seeking to seize your booty. Not that booty… yer cryptos and NFTs.  And ye don’t be wanting to lose your treasures to thieves and scallywags.

In episode 591, we welcomed cybersecurity expert, Joseph Steinberg, to the show to make sure you scurvy dogs have your goods locked down and safe from prowlers and scavengers.

Shiver me timbers and don’t be sharing your private keys on episode #591 of The Bad Crypto Podcast. 

Ways to connect with Bad Crypto

SHOW SPONSORS

Brave Wallet is the first secure crypto wallet built natively in a web3 crypto browser. No extension required. Store, manage, and grow your portfolio, get NFT & multi-chain support, and more. Download the Brave privacy browser at brave.com/badcrypto and click the wallet icon to get started.

What’s a crypto wallet?
Learn the basics of crypto wallets: How to use them to buy cryptocurrency on a trading platform or exchange, and send, receive, and store other crypto assets.

Brought to you by:
Brave and Brave Wallet are built by a team of privacy-focused, performance-oriented pioneers of the web. Brave was co-founded by Brendan Eich & Brian Bondy. Brendan Eich is the creator of Javascript and was a co-founder of Mozilla Firefox.

FEATURED GUEST

Joseph Steinberg is a Cybersecurity and Emerging Technologies Advisor. He has led businesses and divisions within the information-security industry for over two decades, has been calculated to be one of the top 3 cybersecurity influencers worldwide, and has written books ranging from Cybersecurity for Dummies to the official study guide from which many CISOs study for their certification exams. He is also one of only 28 people worldwide to hold the suite of advanced information security certifications, CISSP, ISSAP, ISSMP, and CSSLP, indicating that he possesses a rare, robust knowledge of information security that is both broad and deep; his information-security-related inventions are cited in over 150 US patent filings.

Steinberg is also one of the best-read columnists in the cybersecurity field, and a respected authority on other emerging technologies – having amassed millions of readers as a regular columnist for Forbes and Inc. magazines. Within three months of going independent in April of 2018, his column reached 1,000,000 monthly views.

He also writes thought leadership articles for a variety of technology companies. Steinberg co-founded and led several businesses including the cybersecurity firms, SecureMySocial and Green Armor Solutions, presently serves as an expert witness and consultant on matters related to information security and emerging technologies, and advises cybersecurity and other emerging technology firms.

CONNECT:



Disclaimer


 

How to Keep Your Ethereum Wallet Private with Alan Scott, Railgun

How to Keep Your Ethereum Wallet Private with Alan Scott, Railgun

How to Keep Your Ethereum Wallet Private with Alan Scott, Railgun

Privacy is something all humans instinctively value. It is a well-recognized human right, and even those who deny it to others expect it for themselves. Privacy and anonymity should be the default, not the exception. Your consent should be needed before your personal or financial details are revealed to any would-be voyeur. 

This is the vision statement of Railgun, a new privacy-based technology that allows you to make your Ethereum wallet, the tokens in that wallet AND your NFTs unavailable to prying eyes.

In episode 586, we welcome Alan Scott of Railgun to the show to discuss all things privacy and how this new technology delivers on its promises.

You may turn Japanese and say ka-nee-chi-wa by the time you are done listening to this episode #586 of The Bad Crypto Podcast.

Ways to connect with Bad Crypto

SHOW SPONSORS

Protect your precious apes, punks, cats, and heroes from voyeurs, copy-cat traders, and kleptomaniacs with Railgun. Railgun is a private smart contract concealing users' wallets for transactions in DeFi protocols and applications. Railgun is available on Ethereum, Binance Smart Chain, Polygon, and now Solana. Think of it like a VPN for your crypto wallet.

Follow @railgun_project on Twitter or access the privacy tool at railgun.org

FEATURED GUEST

Alan Scott, Advisor to RAILGUN Privacy Project

  • Currently handling adoption and partnerships for the RAILGUN Privacy Project
  • Cofounder of the DEFICON conference where we’re reimagining philanthropy with DeFi
  • Worked in TradFi for years prior to going full time DeFi
  • Fun fact – Fluent in Japanese

RAILGUN: Vision

Privacy is something all humans instinctually value. It is a well-recognized human right, and even those who deny it to others expect it for themselves. Privacy and anonymity should be the default, not the exception. Your consent should be needed before your personal or financial details are revealed to any would-be voyeur.

News

LINKS:
Twitter: @railgun_project

Telegram: https://t.me/railgun_privacy

Discord community for $RAIL stakers: 

Website: railgun.org or railgun.ch



Disclaimer


Hacking the World with Mohsan Farid

Hacking the World with Mohsan Farid

Hacking the World with Mohsan Farid

Are you secure in your cryptos?  How do you know?  The world is a crazy place full of hackers and ne’er do wells just looming in the shadows trying to take your cryptos and take all your crypto treasure, while trying to avoid jail. 

Sometimes, the black hat hackers turn into good white hat hackers who help look for vulnerabilities in various systems… and they get paid a bounty of treasure AND they don’t go to jail.

In episode 584, we talk with Mohsan Farid, a senior penetration specialist, and founder of LedgerOps, a blockchain cybersecurity service provider. 

We discuss all things cybersecurity, Cyber Polygon, NSA’s creation of Bitcoin, and the latest threat to crypto users.

Ways to connect with Bad Crypto


SHOW SPONSORS

Brave Wallet is the first secure crypto wallet built natively in a web3 crypto browser. No extension required. Store, manage, and grow your portfolio, get NFT & multi-chain support, and more. Download the Brave privacy browser at brave.com/badcrypto and click the wallet icon to get started.

What’s a crypto wallet?
Learn the basics of crypto wallets: How to use them to buy cryptocurrency on a trading platform or exchange, and send, receive, and store other crypto assets.

Brought to you by:
Brave and Brave Wallet are built by a team of privacy-focused, performance-oriented pioneers of the web. Brave was co-founded by Brendan Eich & Brian Bondy. Brendan Eich is the creator of Javascript and was a co-founder of Mozilla Firefox.

FEATURED GUEST

Mohsan has over 12 years of experience in cybersecurity. He’s run the gamut in the penetration testing space – a consultant for Rapid7, tester for numerous federal agencies, mobile applications pentester for HP, and pentester at numerous Fortune 500 companies. He’s also provided exploits to the Metasploit framework as well as contributed to several open-source projects.

CONNECT: 



Disclaimer


 

Why You Should Understand the Challenges of Storing Your Cryptocurrency

Why You Should Understand the Challenges of Storing Your Cryptocurrency

Why You Should Understand the Challenges of Storing Your Cryptocurrency

Guest Blog By: Andrew Rossow, Esq.

Even more than a decade into the evolution of blockchain, cybersecurity remains one of the most pressing concerns as we continue to twiddle our thumbs amidst the COVID-19 pandemic.

Across the entire blockchain sector, cryptocurrency users have lost a combined total of over $13 billion in over 290 separate hacks, according to Slowmist, a security firm which tracks similar attacks and associated losses across the entire blockchain sector.

While smart contract vulnerabilities and 51% attacks account for some of these losses, the biggest targets by far are exchanges and wallets. Malicious parties have made off with no less than $11 billion worth of crypto over the years.

Exchanges are a well-known point of weakness for the cryptocurrency community. Since the now-infamous Mt. Gox attack in 2014, exchange hacks have become an almost regular occurrence, as hackers grow ever-more sophisticated in their attempts to wrest control of exchange wallets.

Earlier this year, security firm Chainalysis outlined how Lazarus Group, a cybercrime syndicate with links to the North Korean government, had staged an elaborate phishing attack on Singaporean exchange DragonEx.

The group went as far as creating a website and social media profiles for a fake company purporting to sell trading bots. Representatives managed to convince a DragonEx employee to install the “bot,” which was actually malware, on a company computer. From there, it was easy enough for them to steal the private keys for the exchange’s wallet.

The all-too-common nature of exchange attacks is one reason that most crypto users advocate keeping funds on your own wallet. However, as the stats from Slowmist show, this isn’t necessarily any more secure. In fact, over half of all stolen crypto came from attacks on wallets.

Vulnerabilities with Hot and Cold Wallets

Online hot wallets generally offer a superior user experience to cold storage, and for frequent transactions, they’re far less cumbersome than cold hardware wallets. For a full explanation between the two, you can read my 2018 Forbes article “What Dr. Seuss Can Teach Us About Bringing Cybersecurity onto the Blockchain.”

At that time, MyEtherWallet users found that their connections to the MyEtherWallet website were intercepted and redirected to another URL–only to discover the cause resulted from a domain name server attack, according to a previous CoinTelegraph report. As soon as users logged into what they believed to be the legitimate website, the funds in their wallet accounts were immediately hijacked and sent to an unknown address (obviously not theirs and without their consent).

Point being, the very nature of hot wallets, as an online means of storage, makes them more vulnerable to attacks, which is why (and despite their inconvenience) most experienced crypto users advocate the use of cold wallets. Common wisdom dictates that if the wallet isn’t connected to the internet, it’s more secure against attackers.

Nevertheless, hardware wallets are not infallible. In 2018, a 15-year old researcher managed to find a critical security vulnerability in Ledger’s Nano S wallet, an extremely popular device. The researcher found that it would be possible for a bad actor to interfere with the wallet’s firmware while it’s still moving through the supply chain, before it even arrives with the customer.

The vulnerability means that someone could change the recovery seed, meaning they could access any digital assets stored on the device.

Trezor wallets, the biggest rival to Ledger’s consumer hardware wallets, have also been exposed as insecure. As the coronavirus began to reveal itself back in January of this year, security researchers at Kraken around the same time, found a way to extract recovery seeds from two of Trezor’s devices.

Is There Any Hope for Crypto Security?

Exchanges are starting to realize that perhaps the same wallets used by everyday crypto enthusiasts aren’t necessarily as robust as what’s needed for storing millions of dollars worth of digital assets.

Advances in secure multi-party computation mean that exchanges now have access to superior technology for safeguarding digital assets. Private keys can be split into separate portions, encrypted, and distributed among different parties or servers to remove the single point of weakness. A service such as Curv offers institutional-grade sMPC wallets, meaning signed when all parties come together with their respective encrypted portion of the key.

However, individual users are mostly still left out in the cold from these developments. It’s a gap that Ruben Merre, CEO and co-founder of NGRAVE, is addressing. Merre came to the blockchain space from the traditional fintech space after realizing that most crypto users get a raw deal from the security and usability perspective.

After all, many still depend on writing down their private keys with a pen and paper. Merre and his fellow co-founders have been developing a three-layered wallet solution that can claim to be both completely secure, and yet still improve the user experience.

The NGRAVE offering comprises a hardware wallet device called ZERO that never needs to go online or connect to any other online machine. The seed key for the device is stored on a two-part stainless steel sheet, of which both parts are needed to read the key. Finally, an app uses one-way QR codes to enable wallet transactions to or from the wallet device. According to Merre, “offline is the new online,” with the NGRAVE suite of products dubbed “the coldest of cold storage.”

Don’t Get Caught Out

Any cybersecurity specialist will tell you that it’s a game of cat and mouse. No sooner has the technology caught up with the hackers, than they will attempt to find new ways to breach the defenses.

However, the best advice for exchanges and individual users is to keep up with advances in digital asset security as much as possible. Using outdated hardware or software is only making life easier for attackers. By ensuring that you’re using the most up-to-date security methods, you stand the best chance of remaining one step ahead of the hackers.

GUEST BLOGGER:

Andrew L. Rossow is a millennial attorney, law professor, entrepreneur, writer, and speaker on privacy, cybersecurity, A.I., AR/VR, blockchain, and digital monies. He has written for many outlets, most notably Forbes and HuffPost

Connect with Andrew on LinkedIn

Crypto Securities and Taxes with Del Wright

Crypto Securities and Taxes with Del Wright

Crypto Securities and Taxes with Del Wright

There may be a lot wrong with the world. But there’s also a lot that’s right. For example, there’s Travis Wright.  And there’s also Del Wright.  

A professor of Law at the UMKC School of Law, Del teaches in the areas of finance, business, securities, crypto, and tax. His current research focus is crypto and the regulation of blockchain technologies. He’s also the author of a book titled “A short and happy guide to Bitcoin, Blockchain and Crypto”

Ways to connect with Bad Crypto

SHOW SPONSOR

This Episode is Sponsored by: DIVI

Divi is a cryptocurrency app that makes it easy to earn, transact, and store cryptocurrency. Divi is the first cryptocurrency ecosystem powered by masternodes that can be installed in one click. With Divi's MOCCI (Masternode One-Click Cloud Installer), users can begin earning cryptocurrency at the click of a button, without the arduous setup process. The network's Smart Wallet enables users to easily store and transact their earned cryptocurrency with the luxury of a simple, intuitive interface. Divi was created by The Divi Project: a team committed to reducing the friction tax of cryptocurrency through UX and UI.

FEATURE

Prof. Del Wright, Associate Professor of Law, UMKC School of Law

Professor Wright joined the UMKC School of Law faculty in 2017, and teaches in the areas of finance, business, securities, crypto, and tax. His current research focus is crypto and the regulation of blockchain technologies. His scholarship has explored the intersection of governance, tax and finance, and he has had articles published in the Virginia Tax Journal, The UMKC Law Review, The Akron Law Review, The Arizona State Law Journal and BNA. In addition to scholarly articles, he is the author of A Short & Happy Guide to Bitcoin, Blockchain, and Crypto, available spring 2020 from West Academic, and is currently working on Blockchain and Crypto in a Nutshell, which should be available spring 2021, also from West Academic.

Before becoming an academic, Prof. Wright: enjoyed prosecuting white-collar and organized crime cases with the U.S. Department of Justice; opined and helped manage complicated transactions with Skadden Arps; created and structured complicated derivatives and other financial weapons of mass destruction with Bank of America, and managed and sometimes litigated a bunch of tax cases. 

Before starting his career, Prof. Wright earned a Master in Public Policy degree from Harvard’s Kennedy School of Government, focusing on financial policy and regulation, and a Juris Doctor from The Law School at the University of Chicago (the capital “T” is their idea). Before graduate schools, he completed his undergraduate degree at the University of Maryland (Go Terps!).

In addition to his scholarly activities, Prof. Wright has also served on the Indiana Supreme Court Committee on Rules of Practice and Procedure and as Assistant General Counsel to the National Bar Association, the nation’s oldest and largest national association of predominantly African American lawyers and judges. In his free time, he consults with entrepreneurs, referees basketball, football, and sometimes soccer, and, when time permits, trains for triathlons and other events to slow the aging clock. Prof. Wright is also an ardent supporter of the best fútbol team on the planet, F.C. Barçelona.

A short and happy guide to Bitcoin, Blockchain and Crypto

NFT Day replay



Disclaimer