Building Information Vaults

This morning, I listened to the Bearded I.T. Dad podcast with episode 66: How to get ahead of 90% of People in Cybersecurity with Kenneth Underhill. This guy gave great advice and he also shares my expertise in properly knowing how to use swear words. Here are some of the tips he gave that resonated with me.

• Networking is not about me, me, me. It's about what can I give the other person to develop a mutually available relationship.
• Don't spray and pray on Linked In. Peruse a cybersecurity conference for small sponsors and look for jobs in their career sections instead.
• Use ChatGPT as a guide to write cover letters.
• Use a real picture, not an avatar.
• Don't perform unlicensed heart surgery unless you are on a yacht in the middle of no where. 😅

He also gave some tips on how to use Linked In. This is an area I have trouble with because I have a one track mind and start getting into the weeds about all kinds of esoteric IT projects I am passionate about, but very few people are interested in, Then I heard the Bearded IT guy say he likes to look at people's blogs instead of their resumes because it gives him a glimpse into their personality. That's why I decided to take this blog more seriously.

I have created several blogs over the years because I like to write and I think I'm decent at it because I obtained a bachelor's degree in Creative Writing. Unfortunately, writer's are not well known for making the big bucks. I'm not complaining. I am fortunate to have an awesome wife who works as a principle so I've never been one of those starving writers you hear about. I also have a hobby that is pretty lucrative, but I hesitate to talk about it because it's not well understood. This one time, a decade ago, I told the head of IT at a school I worked for about this hobby and she accused me of being a drug addict because the perception was only drug attics use that IT technology. What's even funnier is that I had no idea because I rarely watch the news so I didn't know about the Silk Road at the time.

Why I Am Interested In Cybersecurity

Most people I talk to about cybersecurity find it scary. I see the look on their faces. I know they judge me. I am a lowly substitute teacher at the bottom rungs of the educational social hierarchy, but I talk to one of the IT guys and his nerdy wife. We talk about running Matrix chats and discuss the differences between Plex and Jellyfin. I'm a Jellyfin guy myself, but his Plex set up is sweet. I asked him how I could get a job working in this field. He said I should get an A plus certificate, but I want to get into cybersecurity because I am passionate about applied cryptography. I completed a Google IT certificate because I thought it would open all sorts of doors for me, As it turns out, everyone wants comp tia instead, but I learned how to become a sudo apt update && upgrade Linux ninja from this Google IT certificate. I also learned the story of Phil Zimmerman, the creator of PGP. I use PGP quite a bit on Github and I have used it to message a few people, but it's not the most user friendly software.

I started using a new Internet Protocol named nostr, which stands for notes and other stuff. it's similar to PGP because everyone on the Network creates a public private key pair. Like PGP, you can share your public key called an npub and keep your private key(nsec) top secret. The difference is these signed messages hash a time stamp too and are broadcast to the Internet using relays like you might have used in IRC. This was originally created by a dude from Brazil trying to avoid censorship on Twitter. The Brazilian Twitter Ban has ironically grown the network by about 25%. Many nostr nerds, or nostriches, still think of it as an alternative, decentralized Twitter, but it has morped into a whole new way to do computer networking. Here is a small sample of the thousands of possibilities nostr offers.

• Primal.net is a Twitter like experience, but the user can choose his or her algorithms. You can also get a KYC/AML complaint bitcoin lightning wallet so people can send you zaps. Don't expect to get rich, but this one time, the author of The Manidbles received a whole coin on nostr after appearing on this podcast. We only hear about ransomware in the news and how cybersecurity firms protect their clients against ransomware, but in my opinion, nothing beats a good story about good people donating bitcoin.

• Zap.cooking is a place to share recipes on the nostr protocol.

• Coracle.social assigns a Web of Trust Score to everyone you follow on nostr.

• [Nsec Bunker]9https://app.nsecbunker.com/login0 creates an OAuth like experience that uses nostr keys. I think this has the potential to change the way we think about Security Architecture, but it is the very early days.

There are to many clients to list here, but awesome-nostr is a great resource on GitHub to learn more.

We often hear about ransomware attacks in the news, but I bet most people have never heard about bitcoin donations, but I donate about $30-$50 worth of bitcoin to various people every month. And no, I'm not rich. It's part of my budget. I am also well aware selling bitcoin and other "cryptocurrency" has tax consequences, but from what I can tell, I am complaint. I'm not an accountant and this is not financial or tax advice, but I basically give about $500 a year worth of bitcoin to people. As far as I can tell, as long as I give less than $14,000 per year, there is no tax consequence for giving sats away because I do not make any profits from these transactions.

What If I Did The Opposite?

I'm a big Tim Ferris Fan. In Tools of Titans, he interviewed Sammy Kahar, a cybersecurity expert and a few of the things he wrote are etched into my memory.

• There is nothing illegal about "hacking" a computer you own.
• Remove metadata from photos
• Be careful with what you plug devices in because malware has even been found on e-cigarette lignters.

I searched the BlackhatUSA website for small companies like Kenneth Underhill said and found a little company called https://www.zscaler.com/. According to their reports, "hreatLabz researchers uncovered the largest known ransomware payout in history alongside a 17.8% increase in ransomware attacks. I want to get involbed in cybersecurity because I suspect my applied cryptography skills will be helpful in combating these ransomware assholes.

I have studied applied cryptography for at least 10,000 hours. I have used what I would call a "reverse ransomeware." Again, for the record, there is nothing illegal about hacking your own data. Most ransomware attacks are used for criminal theft. Reverse ransomeware is more like a vault at a bank with a time lock. A white hat hacker anmed Alice encrypts a letter that explains how Bob can access her bitcoin if she gets hit by the proverbial bus. This usually involves the location of 1 ir two bitcoin keys in a wallet that requires a majority of 3 or 5 bitcoin wallets to spend. Alice encrypts this infomation with a passphrase generated from the EFF dice word list. Then Alice encrypts her message using the AES library and pays final message to keep this message encrypted for her. She pays a fee to keep this information encrypted. If she has an unfortunate accident or dies suddently, she will no longer be able to pay the fee. If the fee does not get paid, the encrypted message is sent to Bob. Bob will use his key to decrypt the ciphertext and can now inherrit Alice's bitcoin, love letter, or grocery list. Alice is essentialkly using ransomware as an encryption service. In other words, she is "doing he opposite" like Tim Ferris.

Fee ware is probably a better term for this software than ransomware, but I've never found a sexy news story about fee ware on a cybersecurity website. I want to become a cybersecurity professional because I want to apply my knowledge of applied cryptography for good. With Cryography comes power and you know what Spider Man says about power. I take this power very seriously. I do not do anythin illegal in the United States. I suspect my social media like posts might become illegal in China or Brazil in the future, but the same is true for anyone using TikTok in the United States. I'm writing this with my own face and posting it on Linked In because I'm tired people being scared of me.

I don't follow much news because I adhere to Tim Ferris's low-information diet. I'm not interested in politics, but politics are interestred in my hobbies. There are people who use great power in iresponsobile ways, but I do the opposite. I also may disagree with many of the proposed regualtions, but this does not mean I should shy away from complience jobs. It's a better idea to work with the regulators and keep my favorite type of math legal. I also think it's time we begin to use crypgography as a defence mechanism. Nostr is about 4 years old, but it has potential. Imagine if companies could stop sending those information breech letters because sensitive data is stored as an AES encrypted message on npub. Only the people with access to the Nsec can see this sensetive(HIPPA, social security number, etc.) I am a hacker as in I like to hack away on my keyboard to make vaults in cyberspace. According to the book Security in Computing, crackers are the people who find weaknesses to exploit information security holes. I like this definition better than the way hacker is used in the vernacular.

I am a vault maker. I use tools to make vaults that are extremely difficult to crack. I'm a little uncomfortable showing my face and I wish Web of Trust was more popular, but I know Kenneth Underhill is right. Most people do not trust people who do not show their face. So here is a picture of my face and not some AI image.

[email protected]
https://marcleon.work/pgp
npub1marc26z8nh3xkj5rcx7ufkatvx6ueqhp5vfw9v5teq26z254renshtf3g0

As Seen on TOR
http://p66dxywd2xpyyrdfxwilqcxmchmfw2ixmn2vm74q3atf22du7qmkihyd.onion/building-information-vaults/