Welcome!

Good morning, everybody. I was on with Mr. Jim Polito this morning and we discussed these Fake Jobs that are being offered on-line, spoofed websites and ID theft. Then we got into who was responsible for hacking Jeff Bezos's phone and why we have to be careful who we hire.  So, here we go with Mr. Polito.

For more tech tips, news, and updates visit - CraigPeterson.com

--- 

Automated Machine Generated Transcript:

Craig
You know, Make America Great Again, that would not be a great password. Yeah, but some random words strung together are much harder to crack on a computer than anything else because of the way the cracking technologies work nowadays. The cracking technology is much different than it used to be.

Craig
Morning, everybody that was me with Mr. Jim Polito, and we broke down a couple of things today. First of all, a couple of security things, the truth about your passwords. We went into the whole hack here that led to the most expensive divorce in history, and also employment scams on the rise. Why is it happening? What should you be cautious of if you're looking for a new job? The FBI has a special warning out. So here we go with Jim.

Jim
Always ahead of the curve. Always bringing us the latest from the world of tech talk, our good friend, Craig Peterson. Good morning, sir.

Craig
A good morning. You know things are always changing out there in the industry. I'm going to bring something up. You mentioned earlier today. What they're trying to with this Data Privacy Day is to bring some visibility into the whole password problem, right? And you talked about some of the advice that they were giving and, and, what iHeart makes you guys do. What is it? Change your passwords every three months,

Jim
Yes, every three months. We have to change our password, and it can't be even close to the previous password.

Craig
That's a widespread thing out there in the industry, just in general. But I got to tell you that the National Institute of Standards and Technology, which is the organization within the federal government that comes out with all of these security standards, change that about a year ago. So You now have something to use against them. Here's why. Here's what's going on. If they make you come up with a new password every three months, what are the odds that it's going to be an excellent password? Next, what are the chances that you're not going to write it down somewhere like where the cleaning lady can find it? Maybe in your drawer, taped to the bottom of your keyboard, or even worse, and I know people are listening that are going to go into the office today and immediately and take down their post-it notes. If you can believe it, people place post-it notes right on their computer. The current recommendations are, you come up with a great phrase. Yeah, you don't have to use special characters and numbers and all this other stuff. But come up with a few random words. Pick four or five words that you can remember that you can associate together. Oh, and you don't have to change it every three months. Once a year is probably enough and phrase with three or four words that are there aren't things like, you know, make America great again, that would not be a de password. Yeah, but some random words that are harder to crack on a computer than anything else because the way the crackers are working nowadays, the cracking technologies is much different than it used to be. So just a quick word of advice to people if you're worried oh my gosh, I don't change my password every three months, and I don't have special characters and digits in it. Best password according to nest is just four maybe five words. random ones strung together and that's your passwords more accessible cookie-cutter type two,

Jim
But I have a new one it is Could I please MooMoo face banana? No. Can I please use MooMoocen face banana face to the dog patch

Craig
That would work. I think

Jim
I think Steve Martin said that one. I'm stealing it from Steve Martin. But yeah, you don't want to use one like that. Then someone if they know that expression will say, Oh, yeah, I remember Steve Martin said that. If they just get a few words they'll say, they'll say, I'd like to guess at solving the puzzle. Especially if you say it on the radio.

Craig
All right. Well, it's data privacy day. And that's why I brought it up. So great day to have you with us. And a great day to warn people about a new scam. The FBI is talking about, so you think you're applying for a job online? And then maybe we even got the job. And the fact is, you're talking with a scammer online.

Unknown Speaker 4:57
Yeah, that's something.

Craig
The trick behind that right now, the scammers, the bad guys. What are they doing? They always go after the latest stuff, maybe something that's in the news, etc., etc. And you know what, it turns out I don't know, I listened to some of the house hearings. It would seem as though the job markets terrific the economy is falling apart, and we've got the worst president in history. But I think readability is more along the lines of, Hey, you know, I've had this job for 234 years now. If you're a millennial, hey, I've had this job for six months now. I wonder if there's a better job of it. I keep hearing that people are getting paid more. So they're looking for jobs. So you have even though the job market is tight for employers, you have all these people looking for jobs. So the scammers have figured out. You know what, we can get a lot of information from somebody that applies for a job. Because people, people will fill out forms, right, Jim, and they'll give me their social security number, their employment history, their home address their phone number. So people are now going online, they're looking for new jobs to see if they can do a little bit of an upgrade, which makes a whole lot of sense to me. And they are getting the victims to not only give all of this information to them, but they're also even getting people to pay them. And we're talking about these criminals who are, you know, have these fake jobs averaging about $3,000 per person, according to the FBI advisory?

Jim
Hey $3,000, which also means, by the way, some people were out $100,000

Craig
Yeah, exactly. So they're now using the spoof web page to harvest this personally identifiable information. And a spoof website, of course, isn't like instead of going to I heart, you go to I dash hearts calm. Yep. Right. And you don't notice that you went to the wrong website. And the criminals are also they're all putting advertising in legitimate ads from legitimate employers. So you go to the site, it looks real, right? These bad guys are stealing ads from legitimate employers. They're doing everything. But that's because now employees are busy looking for other jobs. Because what the heck, they might just find them.

Jim
We're talking with Craig Peterson, our good friend Tech Talk guru. I have to be careful. When applying online, make sure you know to whom you're talking. If it sounds too good, it probably is not real. Craig in the time we have left, I want to ask about this week john had the story. Last week, we learned that Jeff Bezos's phone hack that led to the exposure of his affair. It turns out the Saudi prince accused of masterminding the murder of a journalist is the same one charged with the hack on Jeff Bezos's phone, of course, the founder of Amazon. I'll be talking about this a lot more in my on my podcast this weekend, which you can also find on the iHeart as well.

Jim
There we go. Yeah, and the easiest way to find it is you just go to Craig Peterson dot com.

Craig
But here's what happened. Guys, man has a media been getting this report wrong. But let's start at a high level. First of all, remember Jeff Bezos bought this fish wrapper out of Washington DC, remember when that happened, right? It was the Washington Post. So he bought this newspaper down in Washington DC, and is, you know, it's been around for a very long time. Okay. It broke some national stories over the years, but it's just gone left. Well, Jeff hired a journalist, Jamal Khashoggi, and he began writing for the Washington Post had been criticizing the Saudi Crown Prince because of the murdering of this Jamal Khashoggi. And then they were saying a lot of nasty things about it. So what ended up happening now apparently, this is all allegations at this point. But apparently, the Saudi Crown Prince got pretty upset that the Washington Post was saying all these bad things about him and that they murdered this. I'll use the term journalist kind of loosely because I think that does apply here in the case of Khashoggi. Yeah, at any rate, he wanted the Crown Prince, apparently to have a little vengeance. So the owner of The Washington Post, ultimately, is Jeff Bezos. Yep, the richest man in the world. Yep. He, here's what he did. And this is kind of interesting because we use these apps all the time. And apps are, you know, they can be significant. They sometimes can be monitored. And there's something called an end to end encryption. And when people are looking at apps to communicate, you want an end to end encryption. In other words, you don't want it set up and in a way that somebody can intercept it. So apparently, Jeff Bezos exists. An App called WhatsApp, which is owned by Facebook and does have an end to end encryption. But here's what happened. It looks like they used some of the hacker hacking software that's known as a zero-day attack against whats app. And apparently, there was a bug inside of the WhatsApp app. Now let's think about this for a minute from people that use WhatsApp or use any kind of a chatting or messenger program. If you're using your iPhone, it comes up and says, this half WhatsApp wants access to your photos and videos. And so you're sitting there thinking, Okay, what am I, you know, let's find I'm going to want to share videos and photos. So yeah, go ahead. Let's what WhatsApp has access to, and that's true, obviously on Android as well. A little more confused than Android, but it's right in both cases. So apparently what happened was, there was a bug that some people There's still allegations here, I'm not positive on the reality there is I'm not going to make any names or, or other allegations here. Researchers found a bug in WhatsApp that allowed them to send you a WhatsApp user a video. And that video broke into and took over WhatsApp. And almost immediately after Jeff Bezos received this video from the Saudi prince, you know whether or not it was him as a different story, but received it from the Saudi prince. His phone started exfiltrating data. In other words, all of a sudden, his phone started sending pretty much everything that was in his pictures and videos to Saudi Arabia. And then what do you have, you have the most expensive divorce in history.

Jim
It was the most expensive divorce in history, how many? Meaning she didn't even get half. It was still, what did she get, like 38,000,000,048 billion bunch of property.

Craig
Wow, it's tough. It's tough to live on that. So it's he noticed something has just started slowing down. It was sending video data out at a rate of 106,000,000%. Higher than previously. So he noticed something was wrong. And he took it to a forensics group who started having to look at the phone, but it was a bug in WhatsApp. And that kind of concerns me I'm sure it's going to be fixed if it hasn't been already. But you know, this has to do with again, having 100 200 apps on your phone. Think about it, all of those apps on your phone, what bugs do they have in them? How many apps to use. And as part of security awareness today, and I've said this for a long time, delete apps that you do not use frequently. If If you want real secure communications, if you're using iPhone messages is probably all you need messages and FaceTime, they both do a great job. And because Apple's paying close attention to it, bugs like this are likely to get fixed very, very quickly. And this is what happened to this is the new world that we're living in today. All of these application developers and these cool little apps that we have, you know the ones make it look like you're 20 years older or younger are stealing our data in some cases like this morphine app, the data is sent directly to Russia. You lose all rights to any pictures you uploaded. Worse yet, who knows what they're doing with those photos once they get there. So get rid of these apps that you're not using and don't trust them. 100% of you think something weird is happening that might be. And one real quick thing I have to say, and that is that when we get involved with an investigation for business on behalf of a company that thinks they might have been hacking, something might be going on 99% of the time, Jim, we get a call. Something's going on with our email. We're not sure what it is. And then when we dig into it more refined Chinese backdoors Russian hack,

Jim
yeah.

Craig
Right now, everyone's attacking our customers. It's just amazing what's happening out there.

Jim
All right. Now you know what's happening out there. He's told you about the latest security stuff you need to know during this segment. If you want more of this information, get on board with Craig Peterson. All you have to do is text my name, Jim, to this number 855-385-5553. That's just texting Jim to 855-385-5553. Standard data and text rates apply. And Craig Peterson will not annoy you bother you sell you something or hack you. Don't worry about it. Craig, thank you so much. Great segment. We'll talk with you next week.

Craig
Thanks, Jim. Bye-bye.

Craig 16:31
All right. Hey, everybody, I want to let you know we have been working hard creating a new course for you. I will have exclusive giveaways for you as part of the course. It is going to be the best webinar ever, of course, all centered on transforming your security, your security posture, and more. So keep an eye out on your email, Greg peterson.com slash subscribes, but see the only one Didn't find out about it. Take care, everybody. Be back tomorrow. Bye-bye

Transcribed by https://otter.ai

--- 

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553