loader from loading.io

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Internet of Things Root Access, Wordpress Vulnerability, Apps and Reverse Image Search

Craig Peterson - America's Leading Security Coach

Release Date: 09/11/2020

AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities show art AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. You will find here a different host this morning on NH Today. Jack Heath has moved on to another radio group. I was on with Scott Spradlin. We discussed election security in the light of revelations by the FBI and DHS about Nation-State Actors accessing our election systems through known vulnerabilities. Here we go with Scott.  These and more tech tips, news, and updates visit. -  ---  Automated Machine Generated Transcript: Craig Peterson: How vulnerable are the web pages where these final tallies are as well. So...

info_outline
Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast show art Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses a new Phishing Scam that is targeting Republicans with a legitimate email but that adds an attachment with a nasty trojan payload.   For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hi, everybody. We're going to be talking about some new Trojan malware that targets Trump supporters. Some new tools that are out there. Ransomware being paid by one of the country's biggest online providers right here. Hey everybody. I'm Craig Peterson. Today we are going to with no...

info_outline
Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast show art Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses one of the security tools he uses and why you should use it too. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Remember everybody, don't open those email attachments.  I'm going to talk about a new tool released out there that if you're involved with security, you probably need it. So here we go. Hi everybody. Craig Peterson here.  I want to talk right now about this great tool that I've been using for decades now, I think. It's called Nmap. Now it's something that I...

info_outline
Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast show art Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses why State and Local governments are getting ransomware and who is actually at fault. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, Tyler technologies, you might not have heard of them, but you've almost certainly use them. And we'll tell you why they got nailed by these human-operated ransomware pieces that are floating around there as part of phishing expeditions. Here we go. Hey, thanks for joining me. This is Craig Peterson of course. Tyler technologies, you might not...

info_outline
5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast show art 5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses 5G and explains how it works why what you may have heard about 5G speeds might have a bit misleading. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Are you as excited about five G as I am? I got some good news and I got some bad news and we're going to explain 5g here because five G, isn't five G, isn't five G.  Why is Europe so much faster? Hey everybody. Thanks for tuning in. You're listening to Craig Peterson. five G held open a couple of different promises. One of the big promises of five G was...

info_outline
 Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast show art Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig helps to unravel the mystery behind disk encryption and tells you what you need to know. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, welcome back in this hour, we are going to be talking about security, hardware, security. You might not be aware of it. we're going to be talking about trusted platforms and hardware, encryption, and keys because this is the only thing that's really going to protect you.  Thanks for listening. I'm Craig Peterson. Let's talk about that security....

info_outline
Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast show art Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the vulnerabilities in Apple's T2 Chip. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, if encryption has been really messing you. I'm trying to figure out how do I make these things safe? What is data at rest? What is Data-in-flight? How come we have disc encryption at the hardware level? What does it mean to have a TPM, the T2  what's Apple doing that's what we're talking about right now. Hi everybody. Craig Peterson here. Welcome back. So glad to have you.  I...

info_outline
Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast show art Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the uses of TPM in securing Windows and Linux For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to delve now into the idea behind keeping your data safe on your disks and what are the different regulations about it? Cause there's a few right now that you need to know about. Hi everybody. Welcome back, Craig Peterson  We're talking today, at least this hour about security because of a major security problem that was announced this week, about Apple's security chip,...

info_outline
Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast show art Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses PCI DSS Compliance in businesses and the increasing problem with Android ransomware. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you have a business that takes credit cards if you. Ever go into a business or use a business online that takes credit cards. There are some special rules that you need to follow called the PCI standards. We'll talk about it. Hi, welcome back. This is Craig Peterson here. Verizon. I'm not sure if you've seen these before, but Verizon has...

info_outline
AS HEARD ON: WGAN Mornings News with Matt Gagnon: Malware Targeting Trump Supporting Republicans, US 5G Speeds, Governments and Ransomware show art AS HEARD ON: WGAN Mornings News with Matt Gagnon: Malware Targeting Trump Supporting Republicans, US 5G Speeds, Governments and Ransomware

Craig Peterson - America's Leading Security Coach

Good morning everybody! I was on WGAN this morning with Matt Gagnon and started off this morning talking about emails that are targeting Republicans with a particularly nasty trojan.  Then we got into 5G and why the US speeds are so much lower than the speeds in Europe, and then we wrapped it up discussing the Ransomware that has been infecting local and state governments.  Here we go with Matt. These and more tech tips, news, and updates just visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig Peterson: [00:00:00] So the whole goal here of five G is twofold....

info_outline
 
More Episodes

Welcome!

Good morning, everybody. WTAG experienced some issues which prevented me from joining Jim on Tuesday.  But this morning he reached out and had me on. Jim and I discussed The Internet of Things and why Businesses must be careful when they are attaching all these cool gadgets to their networks.  Then we got into the WordPress Vulnerability that is hitting business websites hard.  Then Jim asked about Apps and China. Here we go with Jim.

For more tech tips, news, and updates visit - CraigPeterson.com

--- 

Automated Machine Generated Transcript:

Craig Peterson (2): [00:00:00] So you ask yourself, how can this app be free? Really? Whoever developed it had to put hundreds or thousands of hours into developing that app, how could they possibly afford for it to be free?

 I had a bit of a surprise this morning. This is Craig Peterson.

Craig Peterson (2): [00:00:15] I got a text from Mr. Jim Polito asking if I could come on today because their board was so messed up on Tuesday, they couldn't get me on. But he really wanted me on this week. So that was fun.

We freewheeled today. Although normally we stick with the topics that I have sent him that I also include in the newsletter. We go into deep dive on my radio show on the weekend. And of course, those are podcasts as well, but it was fun. I was a little bit of a different thing today. So here we go with Mr. Jim Polito.

No week would be complete without a visit from our good friend and tech talk guru. Craig Peterson. Missed him on Tuesday.

Jim Polito: [00:00:53] Can't wrap up the week without a visit from the man. Good morning, Craig.

Craig Peterson (2): [00:00:58] Hey, Good morning. I want to correct the thing that Fake Bernie said this morning and that is Connecticut river is entirely a New Hampshire. Vermont doesn't even have a border on the river, let alone the ocean.

Jim Polito: [00:01:14] I thought they had. 

Craig Peterson (2): [00:01:15] Did you realize that?

Jim Polito: [00:01:15] No. No. So the state line is on the other side of the river.

Craig Peterson (2): [00:01:21] It is. It came from years ago. It was an order in council signed by King George, the third back in 1764 because remember Vermont was part of New Hampshire. And then yeah, New York, in fact, we've even got ski Hills that tried to re-annex themselves a few years ago to New Hampshire, tired of all of the taxes and everything.

But, yeah, so what had happened is that New York said, No No Vermont is ours. Then so King George says, okay, I'm going to settle this. So he established the border between New Hampshire and Vermont. It could be the Western bank of the Connecticut River and then the US Supreme court in 1933, upheld that.

So normally when you go across a bridge, I don't know if you've noticed, but usually in the middle it says, you're now doomed during the state of, whatever it might be, where Joe Biden might be from this week. But, when you're going from, Vermont, New Hampshire to Vermont, you don't see the sign until you hit the ground on the Vermont side.

Jim Polito: [00:02:22] Hey, you're right. I was Chesterfield New Hampshire over the weekend and I went and did the bridge there. There's the old bridge right next to the new one. And cause they never knocked down the old one. You're right, you get over the bridge, you come to the rotary, but there's the sign before you get into the rotary. Welcome to Vermont.

Craig Peterson (2): [00:02:42] Yeah. Yeah, exactly. I don't know if that's like the only one, but it's really weird. A little bit of history actually knew. How's that for strange?

Jim Polito: [00:02:50] No, that's why you're the man. And, and King George, the third, how do you like that coming up with the idea? No, it's on the banks of Connecticut.

Back in those days, The Connecticut River used to flood and break its banks. Oh, the Vermont border was a moving target. all right. I want to talk about some of the stuff that you,  gave us today, but what is top of mind for Craig Peterson right now? By this top of the most brilliant man in tech wake up on Thursday morning, which is not typical for him.

What does he wake up and say, but that other people won't understand by the way?

Craig Peterson (2): [00:03:29] Oh, okay. details. so yeah, the big thing, and I'm going to talk about this on my show on Saturday here, but the big thing that has to do with the internet of things, hardware, again. Now we're talking about all of these lights that we have that may be voice-activated, and now it's everything.

If you're a business, I can't tell you how many businesses I've walked into that have. These hick vision cameras on the wall, security cameras. They've got automatically lights that come on when entering rooms, et cetera. So there is a little bit of a study that was just conducted and they found that about 85% of the devices that were tested could and be completely 100% hacked.

It's called complete root access on these devices. This is a real problem because we're making these IoT devices, the internet of things. They've got to be small. They have to be cheap. At least we want them to be cheap. So what they do is just cost reduce cost reduce, cost reduce, and what you end up with is a little computer.

It has to be a computer inside that can talk to, of course, your wi-fi in order to send its messages. And they just leave out all concepts of security, frankly. They come pre-configured with default usernames and passwords. These things come also with the ability to be completely hacked because they cannot get updates, so many of them. They never get re flashed. In fact, this particular investigation showed that they could be completely re-flashed by hackers. So we're surrounding ourselves with all of this wonderful equipment, all of this really cool stuff. At the same time, we're exposing ourselves and we're exposing our businesses to some of the worst hacks that have ever been going on, and frankly, that's a huge problem. I'm going to talk about that one this weekend. And similar to that, I gotta bring up one more thing while I'm on my soapbox. And that is, we know we're supposed to update our computers, right? And so you go ahead and you update windows, you're reluctant to do it. Cause is it going to break. What's going to happen.

If you're on a Mac, it just happens for you automatically and it's extremely rare that anything breaks or an iPhone. Android, of course, you got the problems and trying to do updates.

The biggest problem we're finding right now is that people think that they have turned on automatic updates and they're safe. Without thinking about the dozens of other apps or programs that they have on their computer that need to be updated. To a business 99% of the time they say, yeah, we're 99% patched up. we're fine. But then you dig into it at all, then you find out, they haven't updated flash. Oh, they haven't updated their web browsers. Oh, they've got all of these plugins, these extensions on the web browser that are known to be major security hazards.

So my whole message this weekend and this morning are, Yes, you've got to patch up and right now. Over 350,000 websites out there that are hosted, that are run on WordPress, which is most business websites have a critical flaw, critical, and we've seen before where ISIS goes ahead and they hack one of our websites, Jim, and then they have uploaded videos of the beheading of Americans and American soldiers onto and attacks against the soldiers to onto our business website. Then they share that with all of their friends and it's unbeknownst to you sometimes. They just hide it and they're using it for touch and go places. The bad guys are using it for child pornography.

They're using them for attacking other websites. They are putting in skimmers, just like ATM skimmers that we've seen before, right into the website checkout pages.

So that's my big thing today and I'm going to be talking about it more on Saturday. It's terrible.

Jim Polito: [00:07:47] We're talking with Craig Peterson, our good friend, our tech talk guru, and some of the concerns, Craig, I'm going to call an audible.

I have the list of stuff that you brought to us, but something came up personally for me yesterday. I wanted to do a reverse image lookup. I wanted to find the origin of a picture. And, there's a lot of different ways you can do that. But one of the ways that your smartphone will steer you toward is getting an app to do that, and of course, I'm on Apple.

Here's my question. I started looking at all the PR of course, I don't want to pay for it. I want a free app. And I started looking at all the free apps available to do a reverse image lookup. Now, for those of you who don't know, here's a reverse image. Look up. you take a picture that you have, you put it into an app and the app tells you the other places on the internet that they can find it.

So I, I did that, but I'm looking at all these apps. Then for some reason popped up on my phone who created the app and there were, and this isn't certainly a racist thing, but there was a lot of what appears here to me to be Chinese names. I said, okay, this could be someone in the United States, who's from China. Or could these all be Chinese apps from China?

So my question was how good of a cop is Apple when it comes to allowing its apps in the Apple app store. Cause I thought to myself, wait a minute. If Apple is offering it's gotta be safe. Am I being naive?

Craig Peterson (2): [00:09:32] No, you are not a few things that come out over the last few weeks. One is there is a library that a lot of application developers are using that tracks you and your data and the application developers are paid for it.

So you ask yourself, how can this app be free? Really? Whoever developed it had to put hundreds or thousands of hours into developing that app. How could they possibly afford for it to be free? So the big problem over the last few weeks was, Oh my gosh, there's this the library that app developers are using for Apple and for Android that they're getting paid to include in their app and Apple wasn't noticing it.

Then there's another problem app and requires apps to be signed on your Mac as well as your iPhone and there are ways around that. It was also found out that Apple had, this is just the last week, approved some malware to run on Mac. Now this is unbeknownst to Apple and we have to step back a little bit, and look this isn't just Apple this is Google as well. Although Apple historically has done a better job. But in both cases on the app store from Apple and the Google play store, they use software to scan the apps, to look for potential malicious stuff. They've done an okay job over the years.

That's part of the reason Apple gets 30% of any proceeds from apps that are on there.

Jim Polito: [00:11:07] Yeah

Craig Peterson (2): [00:11:07] You brought up China. China has been flooding both app stores. Then, of course, socialist government over there wanting to get our information because once your socialist, you've squashed most, if not all innovation. So the only way you can grow is to steal it from other people that aren't socialist.

Jim Polito: [00:11:27] It's true.  it's true.

Craig Peterson (2): [00:11:28] Yeah, absolutely true. And so they've been very, It's strong or, front line thinking here on getting apps into the app stores that can leak data. Because again, they just need a little bit of data from this app. Maybe a little bit of data from that app. Get your contacts from this app, pull them all together. And now they've got a very good picture of you. Who do you work for? Where do you live? What kind of data might you have access to? Then they're using that to go spearfishing. So to answer your question, Apple does a, quite good job of vetting the apps.

Google does a good job on betting the apps. But there are many ways to obscure the code and frankly, Yeah. Having written all articles over the years and worked on a lot of different people's code, I can tell you that obfuscation seems to be the middle of the name of every programmer are known to demand, where are it's impossible to try and figure out what they're doing sometimes takes a while.

So I can't blame Apple and Google for letting some of that, this stuff into the store, but they're pretty careful about it, but this thing twice, Why is the app free? Why is the app cheap? What else are they getting out of me?

Jim Polito: [00:12:43] Let me just ask you a quick question and then, Oh, go ahead. Go ahead.

Craig Peterson (2): [00:12:47] No, I was going to say when it comes to reverse image this is a great tip for everybody that's listening. If you are in the dating realm or your kids or grandkids or whatever it might be, or out there dating. Google regular Google search has an image search on it. One of the best things you can do is take that photo that you found on the dating site and run it through the Google reverse image search and see if it's a stock photo or if it's just someone else.

Because so many of our seniors as well, they're not dating, but they're, the reaching out, some of them are lonely and you've got to make sure that this person is legit. And what Jim did with the reverse image search, just use Google. It is a wonderful idea

Jim Polito: [00:13:32] See, learn from my mistakes. Excellent.

Phil, I have since deleted the app, but who knows, there's probably code somewhere in my phone right now, from the Chinese and, and they know I'm friendly with you. So I'm  I'm the enemy.

How can folks get in touch with you?

Craig Peterson (2): [00:13:50] Why don't you check out my website? I've got a new one going up here either this weekend or next week at Craig peterson.com.

You can get my newsletter. You can get all of the articles and background that I talked about here on Saturdays at 11.  You can also of course digging a little bit more. Ask me questions, all of that. Just Craigpeterson.com.

Jim Polito: [00:14:13] Craig. Thank you. 11 o'clock Saturday. Be listening. Thank you, sir, for doing the extra duty this week and we'll catch up with you next week.

Craig Peterson (2): [00:14:22] All right. Take care. It was fun.

Jim Polito: [00:14:24] It was fun. Hey, when we return a very important thing you want to back the blue, I'll tell you how it's my final word. You're listening to the Jim Polito show your safe space.

Craig Peterson (2): [00:14:35] And safe it was. Take care, everybody.

We'll be back this weekend. Bye-bye.

--- 

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553