Crucial Tech

This week, we are talking to a lawyer. Maryam Meseha is a founding partner of Pierson Ferdinand LLC, a relatively new and large firm dedicated to digital security. In the first few weeks of the year, the new US administration has castrated the governmental infrastructure to make sure corporation keep customer data safe, especially in the area of retail fraud. It’s law firms, like Pierson Ferdinand and insurance companies, like our sponsor Safety National that are stepping up to remind companies that maintaining g a strong security posture is a good idea. We appreciate that sentiment. Hope it works.

I've had several discussions about the nature of censorship, the freedom of speech and moderation and I came to the realization that most people have no idea what sociial media moderation is. So I did a bit of a rant. We also are bringing back the top threat reports from Fletch for a bit of lightheartedness before the rant.

James Bore is a cybersecurity consultant, speaker and publisher based in the UK. He has a refined sense of cynicism that clicks with my own, so we've been chatting back and forth for several months on various subjects and decided it's probably time to record some of our interaction. Today, we are looking at the preferred marketing practice (shiny objects) of sewing fear, uncertainty and doubt to get people to buy their products. It drives us both nuts. The issue is not limited to cybersecurity, but it is prevalent in the industry. I'm guessing this conversation will resonate with many of you. Our hope is that our marketing listeners will rethink some strategies,

For about two years, the team at Cyber Protection Magazine has debated whether Meta platforms (Facebook, Instagram and *shudder* WhatsApp) were valuable or even necessary for the reach of our magazine. For two years, I've been outvoted every time. Instead, I unilaterally decided to divorce from the platforms. Providentially, Mark Zuckerberg made two announcements in as many weeks that made the decision unanimous. We are leaving Meta behind for good. Instead, we will remain on Linkedin and join Mastodon and Bluesky this year. This podcast is the recording of the conversation my co-founder, Patrick Boch, and I had on the "momentous" decision, which also drifted into the issue of what constituted valid information. Check it out.

We open a new year and a new season with our friend, Ian Thornton-Trump, chief information security officer at the MSSP Inversion6 and in 30 minutes we take on some pretty meaty subjects. First we discuss how China strategically infiltrated technology systems in the US and other countries as a geopolitical message rather than attacks. He discusses the challenges of securing complex, interconnected systems and the need for proactive defense. Next we review the rise of corporate power and influence and how the increasing wealth and influence of individuals like Elon Musk is disrupting the traditional balance of power in democracies. The ethical concerns around wealthy individuals wielding disproportionate political influence could result in something the oligarchs are not expecting. Finally, we review potential trade wars and the possibility of Canada and Mexico joining the BRICS alliance. 2025 is going to be bumpy but very interesting.

The available guests for this last podcast of the year dried up pretty quickly so I thought I would give some closing thoughts on a big issue facing the world: Trust and the lack of it. Also, our last threat reports courtesy of Fletch.ai --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Our friends at Fletch provide a grand slam of threats for Thanksgiving week, covering Apple, Android, AWS and Microsoft vulnerabilities No regular podcast this week but we will be back next week with a possible new way to abuse AI. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

This is part two of our mashup of recent surveys. This time we talk with Tom Tovar, CEO of Appdome about their comprehensive annual survey of consumer attitudes regarding security in digital technology. The good news is there is a groundswell of security "consciousness" regarding the subject. The bad news is the consumers are not confident that corporations even care. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

This week, a two-parter. I’m still trying to make sense of all the surveys and studies sent to me. Between trying to figure out if they are plagiarized, use inadequate samples, are a lame attempt at self-promotion or are actually good data is almost a full-time job. Luckily I got a couple of good ones this month and am doing another mashup. Today’s interview is with Frank Teruel, CFO of Arkose Labs. We are talking about a finding in their latest survey showing that managers and developers of apps are dealing with no small amount of stress I how to deal with adversarial AIs. Later this week, I hope to post a second interview of where consumers are in this mess. Then I’ll wrap it up next week with an article that looks into the potential of actually controlling the damage cause by AI. Also, an abbreviated threat report from the folks at Fletch.ai. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

This episode includes our weekly top cyber threats with help from Fletch and this week Cyjax, and a shot interview with cybersecurity contrarian James Bore, a consultant in the UK with a kindred spirit. The interview is introducing the theme for Cyber Protection Magazine next year. Put up or shut up. The past decade has been filled with optimism in the tech sector about what they thought they could accomplish. Social media companies thought they could democratize the internet and provide a public square for free speech. Hardware companies thought they could, make computers so fast they could replace the human brain. AI companies thought they could make a computer program smarter than humans. And cybersecurity companies were positive that if every company would use their products they could stop cybercrime. None of that is close to being true. In some cases it has proven to be absolutely false. So we are going to spend a lot of time debunking assumptions and looking at what needs doing. --- Support this pod

I received more than dozen studies and reports on the "state of cybersecurity" all with different foci depending on the company that was pushing the document. It seems like they are replacing press releases as a primary marketing tool. But there was one thing that jumped out of me. Almost every one of them had a throwaway line that customers had #zerotrust in the effiicacy of the tools and services they bought to keep them secure. Of course that's what I went after. We talked to executives from Keepit, Cogility, and Protegrity --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Here's our top three threat reports for the week. Hackers are targeting gambling apps on mobile devices and obsolete Microsoft products. Thanks to the folks at Fletch for the info --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Our friends at Fletch.AI dropped a bunch of threat reports this week, here's what we see as the top three. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

I bet you never heard of FHE. Me neither. Then I got a pitch about it. Tried to ignore it because I had never herd of it, but they were insistent. Turns out to be interesting. Fully homomorphic encryption, or FHE, has been talked about for about five years but not it has its very own industry association and NIST is starting to take it very seriously. It doesn't eliminate quantum encryption standards, but it might be a better defense against nation state attempts to break the strongest modern encryption, although I still think that's more a fever dream than a potential reality. One of the members of the new association with the unfortunate name of FHETCH, Niobium put me in front of the chief product officer, Jorge Myszne, to give me the lowdown on this tech. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

After getting knocked for a loop with a dose of Covid I'm slowly crawling back to the desk and providing some timely advice regarding current and predicted threat reports from our friends at Fletch. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Quick, what is the biggest single category of cybercrime today? If you said pig butchering, you get a gold star. (If you said ransomware you need to stop believe press releases). It's big. $75 billion in stolen funds, mostly cryptocurrency last year alone. And it wasn't from lonely elderly people. We talked with Arkose Labs CEO Kevin Gosschalk about the growing phenomenon and how you can defend yourself. (Hint: don't be naive) --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Firts, apologies for the sound quality. Tried out a new microphone and I definitely do not like it. Going back to the tried and true. But it stands as an example of what we are talking about today. When people from one discipline start talking about moving into another discipline where they lack expertise, things go haywire. Such is the case with the digital world and energy production. The big news this week is Microsoft plans to open up Three Mile Island Nuclear power plant to power their planned AI datacenter. Joe Basques and I have a frank discussion about how the AI/Social Media/Internet industry just lacks the knowledge of how to do this right and with the current path, chaos is bound to reign, --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

I had an encounter with an AI-driven telemarketing scam a day before I got pitched to talk to a company introducing and AI-driven telemarketing services. So I was ready for bear when we started. Turns out I may have been talking to the one entrant in this field that was not only following the law but using AI in a productive way for both potential customers and the merchant. The company is 2X and it's founder/CEO had a good reason for creating the company. He needed a service that was both legal and operated with integrity. Who knew? --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Recently, someone on Mastodon asked, "Looking for an article or blog or text, that succinctly describes, at grade 1 level English, why “if you have nothing to hide, you have nothing to fear” is a crazy and bad argument, and perhaps also includes what some good arguments are. Need it for a family member. " I thought that was an excellent request. So along with an article posted with this podcast, I interviewed John Gilmore, head researcher at the data-scrubbing company Deleteme, about the history of that philosophy and why it is "crazy." What I learned from Mr. Gilmore even surprised me. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

About twice a year, the post-quantum computing (PQC) niche of the cybersecurity industry pushes out truckloads of press releases and articles about the coming quantum computing apocalypse. In all of this content there is little explanation regarding what this means for most people. It seems like everyone should be concerned, based on the level of urgency the companies present, but in the end, no one has yet built a quantum computer capable of breaking even the most standard 256-bit encryption. To that statement the industry responds with, “Yet.” This year, however, the National Institute of Standards and Technology (NIST) issued the first, approved algorithm standards to produce encryptions capable of fighting off quantum computing attacks. So we thought it would be a good idea to put together a batch of experts to explain why the rest of us should care. The invitation was put out to a dozen experts in the PQC industry, but also to the companies tasked with implementing their products into the internet. Un