loader from loading.io

Welcome! DNS Hijacking through New Browser Protocols and more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Release Date: 06/13/2020

Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: This is probably one of the most requested shows ever. We're going to talk about online collaboration. We'll the stuff that's needed absolutely needed for working from home. So stick around for the whole show. We got a lot to talk about. [00:00:22] Of course you're...

info_outline
Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Hey, do you know what demonetization is? Well, besides being a trend, it is, in fact, making a major impact on what you are seeing online. So we're going to get into that right now. [00:00:19] Hi, everybody, of course, Craig Peterson here. Thanks for joining me. And,...

info_outline
Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: We just talked about NBC news to put their competition out of business when it comes to Zero Hedge. Well, now we're going to talk about what they did to The Federalist. What does it mean to free speech in America? [00:00:17] Hey everybody, Craig Peterson here. Thanks...

info_outline
Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Now, we're starting to talk about collaboration systems, the things you can use, like I did for a wedding, and people are using constantly now for business. Which are the best ones? What should you be using? You know, it's time for us to get our act together because we...

info_outline
Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Well, we went into our first collaboration product and now we're going to get into our next product. And this one is actually more of a team collaboration rather than just a video conferencing setup. Really, as I mentioned, GoToMeeting's been around a long time, man....

info_outline
Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: We're going to finish up our discussion about Microsoft teams. What are some of the things you might want to use it for? What is this? How was it different from Zoom and everything else on the market? So let's get going. [00:00:21] Hi everybody. Craig Peterson here....

info_outline
Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: We've talked about, go to meeting Microsoft teams. We've mentioned the WebEx team. We've mentioned Zoom. Now we're going to start delving into that even more. We're going to be talking right now about Zoom, the pros, and cons. It's probably the one you've been using....

info_outline
Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Pros and Cons of Online Collaboration Tools and Security plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Well, we've talked about GoToMeeting. We've talked about Zoom. We've talked about Microsoft teams. Now it's time to talk about my favorite. How should you be collaborating in your business? Maybe your organization, your agency there's really. Only one solution and I'll...

info_outline
AS HEARD ON: WGAN Mornings News with Matt Gagnon: How Contract Tracing Apps Work and Fail, Massive Spying on Google Users, Major Justice Overhaul For Facebook and Twitter show art AS HEARD ON: WGAN Mornings News with Matt Gagnon: How Contract Tracing Apps Work and Fail, Massive Spying on Google Users, Major Justice Overhaul For Facebook and Twitter

Craig Peterson - America's Leading Security Coach

Good morning everybody! I was on with Matt this morning and we had a good discussion about How Contract Tracing Apps Work and Fail, Massive Spying on Google Users, Major Justice Overhaul For Facebook, and Twitter. Let's get into my conversation with Matt on WGAN. These and more tech tips, news, and updates visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig Peterson: This sort of thing that South Koreas been mandating for everyone. [00:00:03] Matt Gagnon: Yeah. [00:00:03] Craig Peterson: And China's been mandating if you go to China. [00:00:07]Matt Gagnon: Look at my...

info_outline
AS HEARD ON - The Jim Polito Show - WTAG 580 AM: The Reality of Our Security Problems show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: The Reality of Our Security Problems

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on with Jim Polito and we discussed the reality of business security problems today, how they are getting worse and why we have to fix them.  Here we go with Jim. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Peterson: The way you do that type of cyber attack in this day and age is you don't come out and say, Hey, it's time. [00:00:11] Hi everybody. Craig Peterson here. That's S O N you'll find me online@craigpeterson.com. That was me with Mr. Jim Polito we talked about how things are much...

info_outline
 
More Episodes

Welcome!

Craig discusses how your DNS is being hijacked by new browser protocols known as DNS over HTTPS (DoH.)

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

Using The New Chrome Secure DNS Settings To Browse Privately Is Easy

---

Automated Machine Generated Transcript:

Far too many ISP are watching where we're going and even changing our location, that URL you type in might not take you where you think you should be going.

[00:00:17] Hi everybody. Craig Peterson here. Thanks for joining me. We're here every week with all kinds of great information, keeping up to date on the latest in technology. And of course. Because I'm a security guy, a lot about security, and that's kinda what we're going to talk about right now. We all have internet service providers, whoever they are.

[00:00:40]In fact, the internet service providers even have internet service providers because they have to connect with other networks in order to get you where you want to go online. It's a strange world out there. And one of the things that the internet does and frankly has to do in order to get you to that location you want to go, is it uses something called the domain name system.

[00:01:07] Oh, you might call it the domain name service as well. But the idea behind this is to allow you to type in a URL or click on a link and that link then takes you to the correct site. Now you might be wondering what's this all about, I'm not going to get into the guts of the internet. That's not what I do.

[00:01:29] That's not my job. That's not going to affect me. Oh, my, it does because the domain name service was designed many years ago to solve a problem, but it did not consider another problem that was being created in his stead. What we've ended up with is. You guessed it, another problem, the DNS system allows you to type in that I address.

[00:01:58] And then it goes to your internet service provider and says, Hey, I want to go to google.com. Give me the address. And then. The internet service provider goes and talks upstream, finally finds out what the address for Google is. It's just like if you sent a piece of email and you addressed it to Craig Peterson in the Northeast United States, now it might get to me because some of these postal workers are very driven and they really want to help out.

[00:02:27] Right. But what are the odds that mail would actually end up in my mailbox? You know, not very good. Is it, so you have. To have a street address or maybe appeal, box number to send that true that to, maybe a rural route number as well. Who knows? Right? Depends on where you're at. If you're overseas, a military duty it's even different, but on the internet, Everything has to come down to these numbers.

[00:02:53] It's called the internet protocol, IPV four, and IPV six. Now you don't have to know all of that because all you have to do is type in google.com. Right. We already established that as an easy way to get to Google. However, Behind the scenes what's happening is that some of these internet service providers are actually intercepting your computer's requests to get to Google.

[00:03:21] And then what they're doing with that intercept is changing it sometimes. So they'll look and see, is there a site called google.com? Oh no, there's not. All right. Great. Yes. So then they send you to yet another site that's not Google. And they try and upsell you there'll be Ads all over it. There may be their own little search engine thing.

[00:03:44] That's come up on the screen that allows you to hopefully find the real google.com. On top of it all, not only are these internet service providers who were paying by the way, not only are they intercepting our DNS requests, but frequently they are also being intercepted by the bad guys. Here's what's happening there.

[00:04:09] You have a router in your home, a router in your small business. Now that router is where all of your data goes to. And from the internet now, obviously in bigger businesses, we'll set up multiple routers, multiple sites. We'll probably run a protocol called BGP that lets me route everything in between.

[00:04:30] Right? So if we have a failure, we can failover and everything just continues on. It's just wonderful. But in all of these cases, that router is a central point for all of your data going out to the internet. So what happens when a bad guy gains control of that router? And we're seeing this happen more and more now, because when was the last time you went ahead and made a change to the firmware on your router on that firewall box?

[00:05:06] Right? It probably never, most of us never touch it. We buy it, we set it and we forget it. Right. We, Ron Popeil the thing. But that's not what we need to be doing in this day and age this day and age, we're looking at the internet of things. We're looking at hundreds, maybe thousands, ultimately, of pieces of hardware in our homes.

[00:05:29] It's going to be embedded in our clothing. It's already in some of the shoes we have purses. We have. All of those devices need updates. Now that's one of the reasons we advise people to get rid of those big-box retail devices that they have like a link SIS box or who knows what, and that they're using at the network edge.

[00:05:54] We advise them to get something that's way more professional that has longterm support for it. And, you know, for my clients, we always use it. The Cisco gear. There's a whole new line that we've had great success with called them. Rocky go, you can look it up online. I'd be glad to help you with that. And then the next sec pop from that is Rocky.

[00:06:16] And then you get into the Cisco, but here's what's happening. You have not updated the firmware in your router slash firewall. Now, many times you cannot update the firmware because it is out of revision. So you bought this hardware three, four or five, six years ago as we were working just fine. Has given you the wifi.

[00:06:41] Everything is just hunky Dory. It's wonderful. And you've never thought twice about changing that firmware. And in fact, the manufacturer hasn't bothered to release updates to fix the latest, major bug security problem in their firmware. So do you see where I'm going here now? Here's what happens if you put all of this into a pot, let's stir it up.

[00:07:04] I know it's a little confusing, but here's what comes out in the end. When we take it out of the oven, the bad guys, they update the firmware. On your rudder slash firewall. That's a worst-case scenario. They actually updated and they set it up to send all of their data to Russia. All of your data, I should say to Russia or China, but what we're seeing right now is a DNS attack where they are routing all of your intranet DNS requests to them and their server. So here's what happened. Imagine you're sitting in front of your computer and you type in your bank, maybe it's TD bank.com, bank of america.com. Whatever it is. Remember your browser does not know how to get to TD bank. It doesn't know how to get to the Bank of America.

[00:07:58] So what does it do? It then sends a request out to the internet saying, Hey, what's the internet address for TD bank what's happened now? Is it sends a packet out to the internet? Hopefully to your internet service provider, but it gets intercepted. And now that packet goes to the bad guys and the bad guys say, Oh, TD bank.

[00:08:26] Yeah. Yeah. There, you know that part of town you never wanted to go into, you know, on the other side of the tracks where it's kind of dark and greasy and yeah. There's a lot of muggings and stuff. That's where TD bank is. Oh yeah. Go over there. So they will return the wrong address for TD bank. And now your browser ends up on their website, could even be a dark web website and all of your data, everything you're typing in is now being captured by them.

[00:08:58] So we have now both Firefox and Chrome who are doing something called HTTPS. DNS over HTTPS is, of course, is encryption. So it is now sending the requests for DNS encrypted end to end. That is great for consumers, usually. However, It does break security systems. So both Google and Mozilla have jumped on board here a little prematurely, but that's what's happening right now with your DNS.

[00:09:37] And what you should do is going to be based on your environment and what you're doing. Check people tell you, Hey, stick around. We're going to talk about insider threats. I bet you didn't know how prevalent they are and how they're occurring. You're listening to Craig Peterson.com. Stick around. We'll be right back.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553