Tech Articles Craig Thinks You Should Read:

DDoS Attacks Spiked, Became More Complex in 2020

Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor

Amazon still hasn’t fixed its problem with bait-and-switch reviews

Pandemic-boosted remote workforce may be in for a shock at tax time

Another Arrest, and Jail Time, Due to a Bad Facial Recognition Match

How to Build Cyber Resilience in a Dangerous Atmosphere

Hacked home cams used to livestream police raids in swatting attacks

Microsoft Says SolarWinds Hackers Also Broke Into Its Source Code

Google, Apple, and Amazon bans Parler

Mastodon is the Only Open Social Network Remaining

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Hi, everybody. We're going to talk about the latest type of attack that's coming in. What you need to know about it. What's going on with this endpoint security with so many of us working from home and Amazon still has not fixed its bait and switch review problem.

Craig Peterson here. Thanks for joining me.  Hey, this is all about technology. Of course. If you're new, I do a lot of work with security. In fact, I've been doing it for a very long time. I have had training that I've conducted here for most of the fortune 500 companies. Federal agencies, almost all of them. In fact, and more than 5,000 small businesses have turned to me to help get their stuff done. So we tend to talk about security, but we'd talked about a lot of other technology subjects here on the show, and I really bring a different look to it, frankly.

It's all about results. It's about what it means to you.  I hope you understand a little bit better. I don't know about you, but I'm not real fond of just here's a list of what to do with no reason behind it. I want to know why I'm doing it. I remember going to a Tony Robbins event some years back, and one of the things he pointed out was, Hey, it's one thing to put it into your calendar. It's another thing, of course, to make a goal. But if you really want something to happen, you have to have your big, why.

So what is your big why do I need to do this? That's what we're doing with our course. That's coming up here just in probably about two weeks. We're finishing it up. Now we spend a lot of time on this.  It's an introduction to Windows security and helping you to lock down your Windows machines. I think it's a course, everybody should take, everybody should know about, and this is geared towards consumers. The things we need to do as just a regular person who might be working from home in order to tighten up Windows.

Now we have much more advanced courses too, but this is all of your basics. So keep an eye out. I'll publicly do a couple of webinars as part of this. If you want to know more about it and get in on some of these free webinars and get this information, just send an email to [email protected] and in the subject line. Put in Windows hardening or Windows course. Whatever you want so that I can figure out what's going on.

Also, by the way, if you're listening to me, you might be the right person because I'm looking for someone to help me with handling all of these emails that I get. I have all kinds of filters in place. That's not what I'm worried about, what I'm worried about is getting answers to the people that need help. I tell people all the time, just email [email protected]. I get tons of people every week, just hitting reply from the newsletter.  I would like to be able to make sure that we have people who, or at least a person who's really responsible for this and who is going to, in fact, let everybody know that we are paying attention and rattle my cage.

What, I haven't gotten an answer back to you because, right now it takes me a week, sometimes longer. To get back to you, so I got to apologize for that. If you're interested in that, if you're somebody who is really big into helping people and likes to understand the computer stuff a bit, maybe knows a bit about security. Maybe you're already on my email list, just signed [email protected]. Send me an email [email protected]. Let me know you're interested and why you're interested in it.  I'll send you a little bit more information because I do try and give back to everybody, but I have a business to run with some very big clients and small clients, but a lot of work to do all of the time. It might take me a little while to get back to you until I find this perfect person who hopefully is sitting out there and wants to do a little bit of work from home, no matter where they are, as long as they can get and send emails. That's probably about all the bandwidth they'll need, so you don't need a whole bunch of it. [email protected] for any questions or comments or anything else.

Getting into our first article of the week. This one's from reading. And they're talking about the denial of service attacks. In fact, more specifically distributed denial of service attacks, spiking, right? This year, well in 2020, and it became more complex as well.

So I wanted everyone to understand what a denial of service attack is because it is probably the number one reason that the. Quote internet, isn't working unquote denial of service attacks or where a bad guy decides that they want to hold a company hostage. How do you do that? In this day and age, people are all over the place.

You're not about to walk in the front door armed and tell everybody, Hey, pay up or I'm not leaving. That's just not going to happen. Is it? When will you get right down to it? You don't have to do that anymore. You don't have to have a real hostage. All you have to do is say, Hey, we're going to hold your servers hostage.

Now you probably know already about ransomware and ransomware is a real big problem. It is growing. It has been out there for a long time and we're, ransomware where they gain access to your systems. And they do one of two things, or even both one is. They will grab all of the data that looks interesting to them.

So they'll look through your spreadsheets. I'll look through the documents that you have out there. They'll try and find information that they think that they could extort you with. And then the second thing they'll do is encrypt your files and say, pay up if you want to get your files back. And unfortunately many companies, many organizations, including healthcare organizations, government agencies, state, as well as federal.

And locals have all been hit by this. And they find that their backups are not good enough. They either weren't working properly and they thought they were working or many times what happens is a, just weren't doing it at all. And so all of a sudden, all of their files are. Encrypted do you know the important ones and they just can't conduct business anymore.

Of course, the first step is they've got to clean up all of these machines that have been infected before they even can do the backup. So in many cases, people are paying the ransom, even though it's been made clear by the state department and others that pane the ransom is supporting terrorism. And what they're doing now is.

Bringing charges against some of these companies who should have been secure, because if you are a public company or even if you just have basic shareholders, not even a publicly-traded company and you are effectively out of business and by the way, getting one of these ransomware attacks can put you out of business.

Most of the time it does put you out of business. And so they get. Sued and civilly and potentially criminally as well for sending a hundred thousand dollars, $10 million to terrorists around the world, which of course encourages them to go ahead and ran some more companies. Also lets them know that, Hey, you'll pay a ransom.

So why not ransom you? It seems like a good idea. Doesn't it? And Oh, guess what they do ransom you and they'll ransom you again. You get the double whammy where you now have to try and get back into business so you say, okay it's going to be way cheaper to pay the ransom, which is what they want.

That's part of the reason they looked at all your files to see if they can get the County records. How big a company are you? How much could you pay? Cause they're not going to charge a ransom of $10 million to some poor person who's retired. Just trying to go online and. The next step is they say, okay guys, you haven't paid the ransom.

If you do not pay this extortion fee, we're going to release all of your files online. So now you're going to get. They extorted. And in other words, they'll say, Hey, we grabbed all of these files and they'll give you the names of some of the files Neil just gasp. Oh my gosh. That's our business plan for next year.

That's our competitive analysis. Oh, that's our intellectual property. Those are all of the designs we've been working on for the last few years or decades in some cases. And I probably should do something about this. What can I do? Pay up this extortion money and we won't release them online.

Now of course, sometimes they release them anyway. And the other big problem that people have with this sort of thing is if it does get out, you might actually be breaking a law. You might have what's called CUI or other information that really could nail. You legally with the federal or state government.

So there's a whole lot of problems there. So that's one of the ways the bad guys are ransoming and extorting money from people, but there is another very big deal. And that's what we are talking about right now, which is a denial of service attack. And one of the beautiful things. Form from the standpoint of the bad guy with a denial of service attack is it's almost impossible to trace the source of the attack and it puts the company that's under attack out of business.

So how would you like that when you get attacked by someone you don't know who's attacking you, you may not even know? Why because many times these types of attacks, which are increasingly cheaper for the bad guys to do many times, these types of attacks are conducted by social activists. Yeah, our green warriors out there and others who will start attacking in these inexpensive ways.

Of course, you can find all kinds of information online, subscribe to my podcast as well. You'll find it on your favorite podcast platform and [email protected].

We were just talking about ransomware, how it's being used to hold hostage, various companies, as well as being used for extortion. Pretty bad things. Now we're going to talk about a cheaper and easier way. The bad guys are. He didn't us.

Hi guys, this is really a fun world, a scary world, all rolled into one because the bad guy's methods are becoming more effective and cheaper for them to conduct. That's the scary side of this whole thing. Because these bad guys are out there making many millions of dollars.

It used to be difficult to do. They used to have a bad guy that really understood programming and understood the bugs that were existing in our networks and in our computers. Pulling all of that stuff together, trying to make the whole world really a worse place.  It was just a very few people and then the dark web really grew where the bad guys that we're writing the software. Now we're selling it on online forums.

You can go online and for 10 or 20 bucks, you can buy software that does all of the ransom stuff for you.  If you don't mind giving away five or 10% of your illegal proceeds, all you have to do is. Sign up for an online service that will do everything for you on the backend of the ransomware. They'll do the tech support for the people who have been ransomed. They'll go ahead and yeah, they'll even take phone calls when the people are saying, okay, so how do I pay this? How do I buy Bitcoin in order to pay you? How do I make any of this stuff work? How do I put in this key that you sent me? It doesn't seem to be decrypting. What do I do? Absolutely amazing. It is really quite an industry.

Then there's obviously pretty complicated and there are simpler ways for the bad guys to nail us. This is what's happened over the last year. 2020 set records over what are called distributed denial of service attacks. How they're used to harass organizations, extort them as well.

The basic idea is you as an organization, have a website and it might be a federal government website. It might be your local soccer team or state or federal. It doesn't really matter. The extorter will say unless you do what we tell you to do. Which might be to pay a ransom or stop oil drilling in Alaska? It might be anything right.

Some of these anarchists are out there and if you don't do it, what we're going to do is we're going to shut down your website. For a lot of businesses shutting down the website is a terrible thing because so much of their profit comes from the website.

So many people mis-think profit.   I was just thinking about this last week. Profit is not bad. It is not evil. Profit is what pays for the light bill. Profit is what pays for the medical plan. Pays for the employees. Pays for the physical facilities. Pays the employees electric bills for the home, for the cars, for everything. Okay. Profit is not evil. Profit is absolutely necessary in order for us to live.

If you're getting money. You are getting the proceeds from a profit that was made by somebody. Now, obviously, if you work for a government agency that is taking money from people, I wouldn't consider that profit. If you are a regular person and entrepreneur or an employee, that profit is absolutely necessary.

When one of these green warriors says, you got to stop drilling, or you've got to stop manufacturing this, or you need to free this person, et cetera, et cetera.  You are worried because what are they going to do to you?  Then you find out they're going to put you out of business. Then what do you do?

So many companies have been complying. You see it all of the time, the people are extorting, various media outlets saying unless you stop taking or stop advertising on this program. It might be Glenn Beck. It might be Rush Limbaugh might be met any of these conservative radio programs. You'd like to listen to.  Unless you stop advertising on those we're going to shut your website down.  Most of these businesses concede. They give in to these terrorist demands that are made by these organizations. What they're afraid of is if these organizations do a denial of service attack, that their website's going to be unavailable and they are no longer going to be able to conduct business.

That's just one of the things. There's other things that these bad guys do to extort businesses. When you go to a website and you go to the checkout page on that website, what's really happening? Obviously, you're sending a request to the webserver and it's a request for a page and it has to go through an encryption-decryption. Then it has to go into the back end that keeps track of everything in your cart. Then it has to go when they accept the payment, which might be a credit card, et cetera, et cetera. These web servers can only handle a certain amount of traffic. You've heard it before. Oh, my server crashed because I had just this heavy load on it. Too many people are trying to buy my product, which is actually not a bad thing.

There are also problems with the amount of bandwidth. So you have a server. Great.  It can handle a thousand requests per second. Let's say, which is pretty darn big servers is probably actual little server farm and the network connection to that server or server farm can only handle a hundred requests a second.

So you've wasted money on the backend. So you tend to try and size that all appropriately. So you're not just pouring money down the drain. What happens with a distributed denial-of service attack is they get dozens, hundreds, or even thousands of computers to try and go in into the cart, try and do a checkout, trying and pull up pages that maybe have a lot of heavy graphics on them so that the server now has a huge load as does the network connection.

So they're saying, okay, so what do I do about it now? There are some ways to deal with these types of attacks. Are some companies out there I can point you to, if you want to just drop me an email. If you have a web server you're concerned about maybe this happening to you, I can point you in the right direction to CloudFlare or some of these other ones that are out there.

Just email [email protected]. Be glad to let you know a little bit more about it. But it is hard to shut down, particularly if you are a very small business and your internet provider has never really heard of you before. And the people who are maintaining this server you're in the same boat.

You're paying me. How much am I? $8. Yeah, no, sorry. We're not gonna, we can't really help you. And in fact, they don't help you. And that can be, even if you're paying couple-hundred bucks, depends on the quality of the people that you're working with. So what they'll do then is have all of these computers hit it's called hitting the web server, trying to gain access to things and shut it down.

Now, there are some services, as I mentioned that you can use to help stop these things once are underway. But the barrier to entry for performing a denial of service attack is extremely low. There are all kinds of, hire services that allow attackers to launch bigger and more consequential attacks.

And it's pretty simple to orchestrate. So we've gotta be very careful. Global pandemic drove a sharp increase in these types of attacks. And they're going to continue. They're going to continue because they make money. Man. I'm looking at the FBI advisory on this too. It's frankly, pretty scary.

We're going to talk about the crack in businesses' cyber armor and it might be you.

Verizon's 2020 mobile security report has found that foreign 10 companies were breached through a mobile device. With so many of us working from home, frankly, this is really bad news.

Mobile endpoint security is a real problem, frankly. It's the crack in our organization's cyber armor. We have mobile devices. Many of us are using Android, which you guys already know. Then I say you probably should not be used because of a few problems. The biggest problem, frankly, with it Android is that the security updates just don't make it onto most Android phones when you get right down to it.

Big problem is that the manufacturers do not take the updates from Google, for Android, for security problems and put them on all of their devices. In fact, in most cases, you're looking at a six-month window before most of these devices have the security updates installed on them. If they ever get installed and looking at some of the statistics about which version of Android these devices are running, it's frankly very scary.

So it's a huge problem. It's why I always recommend iOS Apple devices. The I-phones the eye pads for most businesses. If you need the utmost insecurity while there's some other things you probably need to look at, however iOS and the iPhone was certified by the military a couple of years ago. It's reasonably safe.

Of course, nothing's perfect. But. Bottom line, a combination of these best in class technologies, like the I-phones and following some instructions I'm about to give here are really the front line in helping our organizations, our businesses, and you from falling victim to these ever-growing threats.

These bad guys are extremely well-funded. We just saw Vietnam enter into the league of nations that are known as hackers attacking us. No, we've known about North Korea, China, Russia, Iran. Now we've got Vietnam. And many of those nations have a whole lot of money and their goal is not necessarily to extort all of that money from us.

In many cases, the goal is just to cause havoc and confusion, and man, have they been good at doing that? So if they develop a tool. And then they share that tool with hackers all over the world. They've accomplished their goals, haven't they? Because they're causing havoc now. And in the case of North Korea, they do want hard currency.

No question about it. But these tools that are for sale for cheap out on the dark web are being developed. By Russian and Chinese hackers for the most part official ones, they're working for their governments. Mobile devices have really been at the core of many of the 2020s. Highest profile attack.

So for instance, we talked about this attack against Amazon CEO. Bezos's I phoned compromise incident. And what happened when a mobile device was penetrated by. Just using some bugs in an application and a video that was sent and opened. Okay. So you got to be careful about these things. That's another reason why in my windows hardening course, my introduction course, I really stress removing apps.

You don't absolutely need it. And another thing that I talk about in this introduction to a windows security course is. The problem we have of the apps we use to communicate. And that's what nail Jeff Bezos. The guy got a divorce and it was just amazing the amount of money that was part of that divorce settlement.

But he was using an app that he didn't need to be using, and that's how they got onto his phone and were able to grab other things. So just removing those apps, but. I'm really concerned right now about WhatsApp because so many people are using it. I've gotten questions. I've received questions from some of our listeners who have family members who are in the military overseas, and they're asking, Hey, can we use WhatsApp in order to have a secure chat with my daughter or husband, wife, whomever, it might be overseas in the military.

And although WhatsApp is the most popular communications app it's got over. I think it's 2 billion users worldwide and it has had end ending encryption remember Facebook bought it a couple of years ago. And that makes it dangerous. And the new terms that have to be accepted for using WhatsApp in the future, indicate that Facebook really is starting to play some games here with how secure WhatsApp really is.

So I go into a lot of detail in one of the modules on how to communicate securely, but there you go, Jeff Bezos, which was very expensive to him. Came in from a mobile device, simple fishing, most common way, mobile devices get compromised. And this is where you typically get an email that looks like it's from the bank or Amazon.

And you click on a link and unfortunately, Because of the lockdown. So many of us are working from home using our own devices. And what that means is many of these devices have not been vetted by any form of security, professional. Okay. It's really bit of a problem and there's been a 37% increase worldwide.

And according to this Verizon report in mobile fishing, Just between the last quarter of 2019 and the first of 2020 now add to that, the whole lockdown. And it's gotten a lot worse and that's according to the lookout who tries to keep tracking some of these things. We've also got the problem of a malicious wifi hotspot.

So don't connect to those. What I advise you to do if you're out. On the road you're maybe at the airport or coffee shop? The good old days, right? Don't use the local wifi. Use your cell phone, use your data plan and have your cell phone.  Tether your computer to go online. That's much safer than using wifi hotspots.

And we go into quite a bit of training on that as well, in my introduction to windows security courses. So what happens if their security fails. That's where again, you've got to be using something that's moderately or fairly secure, like the iPhone, by the way. Oh gee, Phil Zimmerman. They started another company.

I don't remember what it was called now. If you're interested, drop me an email. I'll look it up. But they have. Phones that are designed to be highly secure and they're actually Android-based, which they would have to be because Apple doesn't really so source code, unlike Android, you can get most of that source code.

Anyways, worst outcomes here. Number one, some of these are very hard to detect some of these intrusions. They're hard to get rid of in many cases, and these are real problems. Rule number one, never jailbreak your phone because that's going to open you up to all kinds of problems. There could be spy where payloads that are put onto your phone, but the bottom line don't jailbreak them.

Keep them up to date. Don't use Android. If you must use Android. The simple rule is to stick with the major manufacturers like Samsung and use their state-of-the-art phone, whatever the best one is that they have, and upgrade your phone at least every two years. If you're using Android. If you're using iOS, you got five years, which is why I phones tend a lot cheaper, frankly, and require encryption.

All right.  Lots more to talk about.

I use Amazon all of the time, but there are some things to be very cautious about when it comes to Amazon. It's really not the trusted platform that I started using more than a decade ago. So we're going to get into that right now, bait and switch.

If you miss any part of today's show, you can also find it [email protected]. Amazon has a lot of problems. In the last segment, we're just talking about how it's CEO got hacked via a message that came in through a messaging app. It was actually a video and it is a problem, right? So you've got that sort of a problem.

You have the problem of being a small business and trying to compete with Amazon. I will admit that I use Amazon a lot for buying things. It's just simpler. The first thing you have to remember when you're using Amazon is they don't necessarily have the best price.

In fact, many cases, they are not even close to the best price, both Amazon and Walmart have some amazing, huge stores online target, of course, does as well as some others, but. When you compare the prices between them. I think you might be a little surprised. One of the things Amazon's done to lock us in is this Amazon prime membership, which is really handy.

You get some of the best deals because they have their prime day. Plus they have some special deals that are just for prime members at different times of the year. That's going to cost you more than a hundred bucks a year for that prime membership. But frankly, it makes up for it in shipping if you use a lot.

And I'm sure that's part of what they're thinking here, right? And they also now because of courts and really being forced into it, they have a little notice saying that this price might not be the best price and it's available from other sellers. So you can click through and it'll show you other sellers that are there.

On Amazon's website who have products that are, Amazon's also selling, but yeah, they might be cheaper. Usually when you add that less expensive price, plus what that other vendor on amazon.com wants to charge you for shipping. It's usually about the same price as what Amazon's going to offer it to you for.

So keep that in mind when you're shopping, the price might not be the best. What looks like a great deal with the price. Mark might not be such a great deal after all. So buyer beware, right? But there's another problem. I, this last year for present got one of those massagers. Now I've really been into massagers for many decades.

Now I used to get them a Brookstone. They always had the best selection. And so I just buy it from them. Since I got to try it in the store. And it was it was really great. And Brookstone in fact, was headquartered right in my hometown in Merrimack, New Hampshire. I thought that was cool too.

Cause it's a supporting a local business. Of course, they were purchased. I think it was SIM bought them. And then I have no idea what they're doing nowadays. It closes most if not all of their stores, but anyway, so I've always liked the massagers. They help with those aches and pains that you get at any age.

And particularly as you get a little bit older and. There was a massager that my massage therapist was using. And they just, one of these little percussive handheld things, it almost looks like a gun and it has a bunch of different attachments you can put on the end and it goes back and forth and just percussively massages.

It does an amazing job. It gets the muscles that are tight to let go to loosen up. And so I went online and I found what I thought was probably the massagers she was using. She told me, and then of course I forgot what it was and there were dozens of them available on Amazon. So what do you look for social proof, right?

Isn't that the normal way? So I look in for social proof, which is, Oh, here's the one with the thousand reviews and with the. Oh, five stars or four and a half star raining. Great. Let me just stop. I'll do that. Let me buy that. And you can always return it if it doesn't work. So I did buy it and it did work.

And let me tell you, I'm just so happy with it, but what I noticed inside the package, it was a little card and I've been seeing this more and more on products that I buy from Amazon. Where the person who's actually fulfilling this order, send you a little notice and maybe ask for some feedback or says, Hey, don't complain to Amazon.

If you have problems, go directly to us and we'll make sure it gets resolved because they want those five-star reviews from you legitimately. You can't blame the moment. If something happens, which it can happen, nothing's perfect. And they'd tear, take care of it. Lickety-split. I'm still going to give them that five-star review that they frankly deserve because it's a good little product.

It wasn't necessarily their fault that there was some form of infant mortality, which does happen. And it happens with anybody any time you buy any sort of technology. So I. What did the card a little more closely at to see what it was and guess what they were doing? They said, Hey, listen, if you go on to Amazon and review our product, now they didn't say you had to give us a five-star review, but that was almost implied.

If you go on to Amazon and review our product and you send us a picture of the review that you made by email. You can choose one of these gifts. And one of the gifts was a battery. For that massager. There were a couple of others that I don't remember cause the battery is the most appealing to me and I thought what the heck?

I'm going to review it anyway. So I did and I sent them a picture of my email and it's been over a month and I haven't gotten my free battery. They got me to wondering what's really going on here. And I found an article here by Tim Lee over at ARS Technica. Saying that he bought for his kids, this little $24 drone very cool drone.

And he gave it to his daughter to play with. And I'm not sure who the other kids were, but one of the propellers got stuck in her hair after the kids were playing with it for a few hours. It's really a cool one. It's got four propellers, but the whole thing is enclosed inside a little cage so that the kids can't really get their fingers into it and potentially get hurt.

Although most of these little tiny drones, you can get whacked with those propellers, and it's not going to hurt at all. Really. They had fun. They were able to play around with it. But after that first few hours, it just basically stopped working because it got caught in the hair and that's going to happen.

So he went online on Amazon and decided to do a search and he found a great review here. He searched for children's drone and sorted them by average customer review. Which makes sense to me. And he found a $23 drone with 6,400 reviews and an impressive five-star average rating. So let's promise you, that's what I would do, right?

How about you? I, I think that's what most of the, most of us are doing. There's your social proof. But then he started to look at the five-star reviews. And this is something I talked about on the show about a year ago. How do you tell if the reviews are legitimate or not? While you can do a few things, one is looking for major grammatical errors, which a lot of these reviews have, but here's what he found now.

Remember. This is supposedly a review for a drone. It says wonderful texture and great taste. Five stars. Absolutely love this, honey. It's quite different from any supermarket purchase, honey out tried. It's rich, thick, fragrant, and tastes wonderful. It's on the expensive side. Yes, but also worth it. The packaging is paper metal and glass in the jars.

Definitely, be reused or recycled. There we go. There's a grammatical error, but not a lot of them. It goes on and on raving about this honey. This is a drone. So what's going on here? This is a real problem. Here's another review that he found. If you're looking to have a taste of Greece without making the journey, this honey does the trick.

That was another customer, supposedly that same month, the third one wrote that it was dark luxurious pine honey, not too sweet, absolutely fantastic. With strained, creaky, yogurt and extra cream. Now he said, when you read the reviews on Amazon by date, he saw that the most recent reviewers actually had.

Bought a drone and they were overwhelmingly not giving it five stars. Bought this from my grandson, a customer wrote on December 26. He played with the, for two hours before broke and it's no longer working. He gave the drone one star. But all these older reviews were for honey. So apparently the manufacturer had tricked Amazon and just thousands of reviews for an unrelated product below its a drone, helping the drone to unfairly rise to the top of Amazon.

Search results. So there's, I think a very big word of caution. There's a lot of examples on Amazon about this sort of thing. This iPhone 10 battery case listing used to be for a leather wallet, phone case. Another battery case was formally listed for lightning charging cables, a Wi-Fi router that was listed as nanocomputers previously.

Been by the way that one collecting reviews since 2003, here's a neck brace. It was formerly a shower caddy listing. Guitar string action gauge is now a page for magnetic glue, free eyelashes. So Amazon does say that they have clear guidelines about one product that should be grouped together, and they have guardrails.

They call them in place to prevent abuse, but this is one type of abuse. And it's pretty obvious because a drone is not honey. So if you were actually to read those reviews, which obviously this guy that wrote this over to our set, Anika, Timothy Lee had not done before you started having problems.

But if you actually read the reviews and they're all for the right product, then what. What about this back massager that I got this little massager. Is that gonna show up this way? No, it's not because people are going to give it the five-star reviews because they want the gifts are going to be headed their way.

So be very cautious. Amazon has not solved this problem yet.

We still got a lot to talk about, including taxes here. For those of us working from home, a big shocker coming.

You might be in for a bit of a shock if you have been working remotely due to this whole lockdown thing. In fact, millions of us are going to have a bit of a shock coming up soon.

We have been busy here for the first hour. Talking a little bit about the Amazon bait and switch reviews. What I do when I'm online shopping and how you can help keep yourself not just safer, but make sure you don't get ripped off.

We went through an article from ARS Technica about how he did get ripped off for gifts this season. We also talked a little bit about mobile endpoint security, some of the problems that frankly we've had with our mobile devices. How Jeff Bezos in fact got a massive problem. I got involved with his divorce and everything else because of his mobile device and denial of service attacks. What that is all about?

We're going to talk this hour a bit about our remote. Workforce the tax implications. We've got another arrest and jail time. So we're going to talk about bad facial recognition and what's going on there. Cyber resilience. And what can we do this year? I really want to get into these hacked home cameras used to live stream police, weight raids in what are called swatting attacks.

And then. Solar winds mine. I was just because me, cause there are so many ways this massive hack could have been avoided. Our federal agencies have been compromised. Microsoft now says that due to this SolarWinds, hack somebody God into Microsoft source code. Those are the key to the kingdom.

And one of the ways Microsoft realizes to stay secure is by keeping it source code secret. And of course we, no, that's work. Microsoft has never had any vulnerabilities. So we'll get into that a lot to talk about this hour. First off, let's talk about this problem with taxes. Many of us have problems, if you work in Maine and you work in Massachusetts, you could have a little bit of a tax problem, but there is a reciprocal agreement that's in place.

So if you had been working in mass and you live in Maine, Okay. I can see that you're driving down to mass every day and you're living in Maine. So the reciprocity agreement covers that. But how about if you have never stepped foot in Massachusetts? How about if you started working for a company out of New York or a company out of California?

Did you realize that many of these, all of them, by the way, Democrat administrations are now going to require you to pay state taxes, Connecticut, you name it. All of these, it is very concerning to me. And when we get right down to workforces and the fact that this whole lockdown has really accelerated this trend of working from home.

And because of that, we've got employers who are letting their workers perform their jobs remotely from home most, if not all of the time. So where does illegal nexus tie in? So they're saying, Hey, listen, your employer. And you both knew exactly where you live and work, but the state departments of taxation can have some very different ideas about where here is.

So as a result, Texas, Utah, Arkansas workers who are working for New York or Massachusetts based companies will have income taxes with health in the paychecks, even if they've never set foot in the home office. Or never set foot in this state. How about that one? The thing for New Hampshire if you live in Maine, of course.

Yeah. A lot of these states that have state income taxes, will go ahead and say, okay you don't have to worry about paying our state income tax as well. Or in some cases, they look at it and say, Oh, you pay less state income tax. Then we charge our residents. I don't want to call them citizens because we are not being treated like true citizens anymore, but you pay less in your home state than our residents pay.

So you don't have to make up the difference as well. So we've gotten dozens of major companies out there all the way through little guys who have been increasing their support from working from home permanently. And I think that's great. We have businesses closing offices. Thank goodness. I don't own business space.

We've lent our leases laps counting on physical distance, flexible workforce was going to reduce real estate needs. I know one of my daughters is in that boat right now. And in many ways it can be a win-win employer can save overhead costs on those expensive square footage and high demand cities look at what's happened right now in San Francisco.

For instance, they are a great example of San Francisco. The city has lost 43% of its tax revenue. So you look at it until K while they've lost a lot of tax revenue because of the lockdown and people aren't going out shopping. They're not buying stuff. No. According to the San Francisco economist and yes, indeed the city of San Francisco has its own economists.

Know that a 43% drop in revenue is due to people moving out of the city. New York, San Francisco, Los Angeles, all expensive, and people are moving to Maine, to Montana, dial in from the woods or get a nice little place down in Florida for instance. But as far as the state's concerned, your beachside can banner might.

Just as well be right in the middle of downtown Manhattan and you're going to be taxed as such. So we've had these problems for a long time, but living in one state, working in another, but typically it's been adjacent States, just like again, Maine and Massachusetts, right? DC, Maryland, Virginia, maybe Pennsylvania, West Virginia, Delaware.

Kansas City itself goes across two States. You've got Kansas City, Kansas, and Kansas City, Missouri. So traveling across city limits can mean crossing state lines as well. So any major city near a border has lots of workers that go over the lines back and forth every day. And that's always been tricky from a tax perspective.

Because both the state where you work and the state where you live is going to want to try and tax your income, but still typically only one state at a time has been able to tax you for your income. And most jurisdictions with a lot of overlaps have agreements, as I said, main and mass and New Hampshire doesn't really have that agreement because they don't have any state income tax or of course sales tax on almost anything.

But. This is really going to be a problem, frankly. So keep in mind that if you are working for a company that is headquartered or even just has a presence in Arkansas, Connecticut, Delaware, Massachusetts, Nebraska, New York, and Pennsylvania. All of those States have convenient rules on the books that require any work performed for an employer-based in their state.

That it be taxed as if the worker performing the job is actually. In the state, no matter where the employee is actually located now, New Hampshire is one of the nine states that does not have an income tax. And it's right now in the process of suing Massachusetts over its convenience rules and for other States, by the way, New Jersey, Connecticut, Hawaii, and Iowa are supporting the suit.

So we'll see what happens there in federal courts. As you probably already know going to court doesn't mean the right thing is going to happen. It's gotten really bad, but at any rate, something to be careful about, if you are working remotely for a company, many of these States are going to become an after you for tax dollars.

We got a couple of things to get in. I want to talk right now about facial recognition. We what a year, maybe more ago talked about this company called clear view AI Clearview. And what they've been doing has been questionable. They've gone online and done searches. They've combed through social media.

And they've found and downloaded every picture. They can get the grubby little paws on, and then what they've done is they've put together some facial recognition software. So they've violated laws. They've violated platform rules. It's almost like Facebook when it got started, where apparently Zuckerberg went ahead and stole.

All of the records of all of the kids that were there, going to school at Harvard and including their photographs and put together this little Facebook thing, the Facebook, and had people rating other people by their looks, et cetera, and just basically stole. To get his business started Facebook. That's the allegation that's been out there.

There'd been a whole movie by this, about what he did. So that's what Clearview did too. They went ahead and decided we'll just steal all of the photos we can of people. They tied facial recognition software into it, and they perform scans of these images that were scraped from the internet and created a biometric database of the images.

We're going to talk about that and how we now have people being wrong, not just accused, but arrested, spent jail time. It's a crazy world out there.

The allegations are that Clearview stole your picture without your consent and without the consent of the websites you put them on. Now they are being used in this biometric database by the police and others with wrongful arrests.

Hey, if you want to hear the whole show or an older show, you can find them, just go online to Craig peterson.com. You'll see the podcasts there. I podcast the whole radio show, as well as my appearances on radio and television right there. So you can listen to them as podcasts there or on your favorite podcast app. There you go.

So we were talking about Clearview using these images that were scraped from the internet illegally. In some cases against obvious usage agreement, as well.

Now is that they've got this biometric database of the images and they can use that database to match an image of one person to one of these preexisting images that has been analyzed and scanned and maybe stolen, right? Depending on how you want to look at it, the allegations are all the way across the board.

Now neither you nor anybody else whose image was scraped from the internet, even know that it happened. Let alone give Clearview permission to use your image, right? They didn't get permission to take it, and they're not going to get permission to use it.

So the details of these practices are not well-received by anybody out there. Even the New York Times came out about it last January, which is when I really started talking about it as well. Within three days of the New York times talking about what this Clearview company did, there was a federal class-action suit that was filed.

And the complaint opened with a quote from justice Brandice that the greatest, dangerous to Liberty lurk in insidious encroachment by men of zeal well-meaning, but without understanding. So it's very interesting. There's a whole bunch of cases. I'm looking at the list of them right now. These will take a while before everything is finalized on them, but here's something we absolutely.

Do know for a fact. And that is that there have been arrests that have been made due to this database. Anyone who identifies as a policeman can go ahead and download the app onto their iPhone or another device. And can then just take a picture of someone casually on the street. There are people who are making police cameras that are constantly streaming video.

And on the backend are trying to do facial recognition. I've had a couple of them on my radio show a few years back, and it's cool because it gives the policemen an idea of, is this a bad guy or not? There is this somebody who we should trust somebody we could trust. I'm not really that worried about it.

Just. Think about the most dangerous thing most pleased officers do, which is a traffic stop. They have no idea who's in the car. If that person's going to try and attack them, et cetera. So having a live stream, thinking about Robocop, which didn't end that well, and what was happening there with the ed two Oh nines as well as Robocop himself, being able to see a person and be able to tell right away what this person's background is if there's any wants or warrants, et cetera, out there.

That's all well and good to a certain degree, but we just had another man. This is a New Jersey man who was accused of shoplifting and trying to hit a police officer with a car. He was wrongfully arrested based on facial recognition. Now, in this case, it's a black man and these facial recognition software programs that are available.

Tend to do poorly with any minority, frankly. And or do terribly with some and do poorly with any of them and also do rather poorly with the good old, regular Caucasian in phases like mine. Okay. So this is a third person who's arrested for a crime. He did not commit. He spent 10 days in jail and paid around $5,000 to defend himself.

So this is a guy that had nothing to do with it. The police got lazy, they said, Oh, we got a facial recognition match. It's this guy because they ran it through some software that had scraped some photos from the internet. Do you see where I'm going with this? And those photos from the internet say it's probably this guy, Nigeria parks.

And we know his social media is saying it's Nigeria parks. This is where he lives. This is where he posts most of his pictures because you remember our pictures. When we take them, our smartphones have embedded GPS information. Oh, my gosh. And in this particular case, he was apparently 30 miles away from the scene of the crime.

Okay. Pretty sad. Pretty sad. They dismissed the case because of a lack of evidence. Isn't that wonderful? But the department is now getting sued along with the prosecutor in the city of Woodbridge for false arrest, false imprisonment, and violation of his civil rights. I think he should absolutely win on that.

2019. And this is an article that came from the New York Times. They're saying a national study of over a hundred facial recognition algorithms found that they didn't work as well on black and Asian. Faces, as I said a little bit earlier see an ACL or attorney named Wessler believes that police should stop using facial recognition technology.

I am okay with it to a degree. I don't think you should be issuing any sort of an arrest warrant based on facial recognition. I think you might get a clue from that and. From that clue, you can look at the phases and decide for yourself and interview the suspect, do some good old fashioned police work, but this facial recognition arresting people, putting them in jail and then costing them thousands of dollars plus their time and their reputation and what it does to your nerves and everything else is just absolutely insane.

And bad arrests. So this article in the New York times goes through what happened. Apparently, the officers had been presented with a fraudulent driver's license, one of the officer's report,s or did that. They saw a big bag of suspected marijuana in the man's prof pocket. They tried to handcuff him and that's when he ran, he had a rental car just goes on and on, but.

It was a problem. And even though Mr. Parks had been arrested twice and incarcerated for selling drugs release back in 2016, doesn't mean that he's the guy that did all of this. So let's be careful. I'm not fond of what Clearview has done, obviously, just based on how I described it and who I quoted. And I don't like the idea of using this facial recognition technology to arrest people.

Bottom line. So speaking about arresting people, when we get back, we're going to talk about what is called swatting attacks. I don't know if you've heard of these before. They're pretty common, unfortunately, and some of the technology that we've been bringing into our homes to keep us safer is now being used to put our lives in danger if you can believe that.

Yeah, absolutely true. We'll be talking about that.

You can also follow me online. Just go to Craig peterson.com. You can subscribe to my newsletter. I'm not an active poster in Facebook or anywhere else, so the newsletter is the best place to get my weekly show summaries.

We're going to talk about how some of our technology we're bringing into our homes to keep us safe is actually ending up in killing people. Yeah. Yeah. Death by a police officer. Here we go.

If you want to see my show notes, all you have to do is subscribe. Craig peterson.com. And once you're there, you'll see all of the information. That I have available my podcasts and a little articles that we've written, and you'll also have the opportunity to subscribe to my newsletter. So I'll keep you up to date with the latest, most important articles of the week. I don't send all of my show notes anymore.

I found that a lot of people. Just don't open them cause it's overwhelming. So I've been lately trying to focus on one tip in particular. So we'll see how this all goes in the future and you can always let me know what you think. Just email me [email protected]. I'd love to know, do prefer to get all of my show notes every week or do you prefer what I've been doing lately, which is a deeper dive into one topic. That seems to be pretty popular, but I'm getting about a 40% interaction rate, which is really good on such a large list.

I just want to get the message out is my bottom line.

We have these home cameras that we have welcomed into our homes. And one of the ones that has been getting a lot of heat lately is the ring camera. I don't know if you've seen these things. They've been advertised on television and it's basically like a little doorbell. You put it out there by your front door, side door, whatever, and it has a doorbell button.

And it also has a camera and a speaker that's built into it. Then the microphone, obviously. So someone comes to the door or rings to the doorbell. There's an app that you can have on your phone. So you could be at the beach. You could be at the DMV. Someone comes to your home and hits that button. You can now converse with them and tell them to leave the package or go away or whatever it is you want to do.

There have been some problems. One of them that has been rather controversial is that there are a number of police departments that are part of a program with Ring that gives them a live real-time access to all of the ring doorbells in neighborhoods. And the idea there is the police can patrol the neighborhoods without having to spend money on cameras that might be up on telephone poles, et cetera.

And they get their feeds alive from people's doorbell cams, these ring doorbell cams. So that could be considered good. It could be considered bad, just like about almost anything. Now we're seeing that they have been hacked. Yes, indeed. There is a hack that's out there that has been used and hijackers have been live streaming people's Ring, doorbell cameras.

Now where this gets really dangerous and where it hasn't been really dangerous is something called swatting. You probably know about SWAT teams, the police have, and unfortunately, most federal agencies have their own SWAT teams, which just constantly blows my mind because of why. Does this little department or that little department need of full SWAT team, it should really be a police department of some sort, but at any rate the whole idea behind a SWAT team is they have special weapons and tactics that they can use in a situation where there might be a hostage or maybe there's a report of a bomb or something else that they have to take care of.

And thank God these teams exist in, they do drills. They'll do drills in schools. I know my police department does that fairly frequently and I was involved with some of those when I was a volunteer on the ambulance squad here in town. All make sense, but what has happened in a number of occasions and far more than we like to talk about is that there are.

The bad guys or people who don't like their neighbor and call in hoaxes. Okay. Yeah. Yeah, exactly. So there here's an example in Wichita, Kansas, this happened a couple of years back where a man had been arrested after allegedly swatting prank led police to shoot dead 28 year old man. So this guy, 28 years old, Wichita, Kansas, please surrounded his home.

After they received a hoax emergency call from a man claiming to have shot dead his father and taken his family hostage. And this call apparently stemmed from a kind of a battle between two online gamers playing call of duty online. The way these games work is you can talk back and forth. You can have.

Teams and you or your team members can be from almost anywhere around the world. And you sitting there with headphones on and talking back and forth. You've got these teams and in some cases, this is just one person against another. And apparently they believe the report was an act of swatting where.

Somebody makes a false report to a police department that causes the police to respond with a SWAT team. Now the audio of this emergency calls been made public, a man can be heard telling the authorities. This is according to the BBC that he had shot his father in the head and claimed to have taken his mother and siblings hostage.

The color also said he had a handgun at had poured fuel over the house and wanted to set the property on fire. Sounds like the perfect thing for. A SWAT team to come to. Please say they surrounded the address. They called her given and we're preparing to make contact with the suspect reportedly inside.

When Mr. Finch came to the door, they said one round was released by the officers after the 28 year old failed to comply with verbal orders to keep his hands up. Why would he, what did he done wrong? Obviously. The police ordered you to put your hands up. You probably should put your hands up.

And they said he appeared to move his hands towards his waist multiple times when she probably did. Please say Mr. Finch was late found to be unarmed and was pronounced dead at a local hospital. A search found four of his family members inside. None of them dead. Injured North taken hostage. His family told local media, he was not involved in online.

Gaming. Gaming is a little different than the call of duty and stuff. Gaming typically is gambling. Now we're finding that the, that hackers are out there who do this swatting maneuver on somebody. And then they have the hacked ring camera at that house and they watch the SWAT team respond. Can you believe that?

And the FBI is saying that this is the latest twist on the swatting prank, some prank, right? Because victims had reused passwords from other services when setting up their smart devices. How many times do I have to warn about this? My buddy, I was just telling you guys about a couple of weeks ago, he's done that his.

His revenue, his pay from the work he was doing, delivering food to people's homes was stolen by a hacker because he was using the same email address. Yes. To log in and the same password as had been stolen before. Absolutely incredible. There's also been reports of security flaws in some products, including the smart doorbells have allowed hackers to steal pet network passwords, et cetera.

In one case in Virginia. Police reported hearing the hacker shout helped me after arriving at the home of a person they had fought might be about to kill himself. That's swatting that using technology you've brought into your home, it causes death, many examples of that, and we're still reusing passwords. Give me a break.

We were busy trying to defend the election this year and had the, what did they call it? The most secure election in history, which baffles me.

But anyway our businesses and government got broken thats what we're going to talk about right now.

Let's get into our big problem here this week. And this has been continuing for what now about two or three weeks we've known about it? This is a hack of a company called SolarWinds. This hack apparently allowed intruders into our networks for maybe a year and a half. But certainly since March of 2019, this is. A huge deal. We're going to explain a little bit about that here.

Who got hacked? What does it mean to you there? And I'm going to get into it just a little bit of something simple. It could be, haven't been done, right? That I have been advising you guys to do for a long time. Does this, like earlier I mentioned, Hey, change your passwords, use different passwords.

And in fact, That's a big problem still, but we'll talk about this right now. SolarWindss is a company that makes tools to manage networks of computers and the network devices themselves. And my company mainstream was a client of SolarWindss. Sorry. I want to put that on the table. However, about a year and a half to two years ago, it's probably been about two years.

We dropped SolarWindss as a vendor, and the reason we dropped them and we made it very clear to them was we had found security. Vulnerabilities in their architecture, the way they were doing things. We reported these security vulnerabilities to SolarWindss a couple of years ago, and they wouldn't do anything about it.

So we said goodbye, and we dropped them as a vendor. Yeah, we were customer SolarWindss. We were using their stuff, but then we abandoned them when they wouldn't follow what we considered to be basic security guidelines. It turns out they weren't and we got it as a country. This has been called the Pearl Harbor of American information technology.

Because the data within these hack networks, which included things like user IDs, passwords, financial records, source code can presumed now to being the hand of Russian intelligence agent. This is from. The United States of America's main security guide general Paul NACA sewn. It's just incredible what he's admitting here.

He said SolarWindss, that company that the hackers used as a conduit for their attacks had a history of lackluster security for its products. What did I tell you, making it an easy target interviews with current and former employees suggest it was slow to make security a priority even as its software was adopted by federal agencies expert note that our experts noted that it took days after the Russian attack was discovered before SolarWindss websites stopped offering client the compromised programs.

Microsoft by the way said that it had not been breached and initially here, but now this week it discovered it had been breached and resellers of Microsoft software had been breached to, and we've got intelligence officials now very upset about Microsoft not detecting it. It's just absolutely incredible here.

This wasn't something like we had with Pearl Harbor, but this attack may prove to be even more damaging to our national security and our business prosperity. This is really fast. I love the fact. I'm not going to say I told you because I, I didn't tell you guys this, but I do love the fact that I was right again.

How unfortunately I'm right too often when it comes to security and it is very frustrating to me to work with some clients that just don't seem to care about security. And I want to jump to an opinion piece here from our friends over at CNN. This is an opinion piece by Bruce.

Schneider. You've probably seen him before. He is also, I think he writes for the Washington post. But remember when this came out the word about the SolarWindss hack, president Joe Biden said we're going to retaliate which I don't know that makes a whole lot of sense in this particular case for a number of reasons.

Not the least of which we're not a hundred percent sure it's the Russians, but how are we going to retaliate? Cyber espionage is frankly business as usual for every country, not just the North Korea, Iran, Russia, China, and Vietnam. It's business as usual by us as well. And that it States is very aggressive offensively.

In other words, going out after other countries in the cyber security realm. And we benefit from the lack of norms that are in cybersecurity, but here's what I really liked. The Bruce said. And I agree with entirely. I'm glad he must listen to the show. The fundamental problem is one of economic incentives.

The market rewards, quick development of products. It rewards new features. It rewards spine on customers, end users collecting and selling individual data. Think of Facebook when we're saying this, our Instagram or any of these services that we're using all the time. So back to the quote here, the market does not reward security, safety, or transparency.

It doesn't reward reliability past a bare minimum, and it does not reward resilient at all. And this is what happened with SolarWinds. SolarWindss ended up contracting software development to Eastern Europe where Russia has a lot more influence and Russia could easily subvert programmers over there.

It's cheaper for Russia, not just for SolarWinds short-term profit. That's what they were after here was totally prioritized over product security, and yet their product is used to help secure. It just drives me crazy out there. Just absolutely crazy what some people are doing. I read a little quote down.

I'm looking here to see if I've got it handy on my desk and I just don't see it. But they are prioritizing everything except. Security. And that is, I think, frankly, completely in excusable, right. Inexcusable. So this is happening with SolarWindss right now, but it's going to be happening with other places out there.

We have probably 250 federal government agencies that were nailed by this. Can you imagine that? The man who owned SolarWindss is a Puerto Rican born billionaire named Orlando Bravo. His business model is to buy niche software companies, combine them with competitors, offshore work, cut any cost he can and raise prices.

The same swapping corrupt practices that allowed this massive cybersecurity hack made Bravo a billionaire. Another quote here. This is from tech beacon. Hey, this is just crazy. Okay. So we know. Okay. I've established it. Craig, stop the stop. The monotonous. Okay. But I got to mention, we've got the U S treasury department was hacked the U S department of Commerce's national telecommunication infrastructure administration, department of health, national institutes of health, cyber security, and infrastructure.

Agency. SISA the department of Homeland security, the U S department of state, the department of justice, the national nuclear security administration, the U S department of energy, three U S state governments, the city of Austin, many hundreds more including Microsoft, Cisco, Intel, VMware, and others. I use two of those.

We use Cisco and VMware. We use Intel, but only peripherally and we actually prefer other processors. So this is a real problem. How are we going to change it? I don't know that we can, you and I, but I can tell you what you can do. Just like I keep reminding everybody use a password manager and I will have a course on that this year.

Absolutely guaranteed using a password manager, use a password manager and generate different passwords for every website using the password manager, use the manager to log in. Okay. So that's step number one. That's the best thing you can do right now for your cybersecurity next to keeping all of your soccer up to date.

The second thing that we can do. Is block this malware from getting out of your network. If you are a business, and if you consider yourself an it security person, you need to block all outbound connections. All of them. Only allow connections where they are absolutely mandatory. For instance, your accounting department may need access to some form of cloud services out there.

Heaven forbid. Okay. Maybe you're using an Oracle product, et cetera. Only those people that need access to that cloud service should have access to the cloud service. Does that make sense? Email? You should bring it in through a single server. So you only have 1.4 email coming in and going out SMTP Imam.

They should be controlled and controlled pretty tightly. According to the department of justice, apparently their email accounts were compromised about 4,000 dish. People's accounts were compromised through this hack. So from a professional standpoint, there's a lot of things you could do, but it costs money.

It takes time. How about the rest of us? What can we do to protect ourselves? Use open DNS or Cisco's umbrella service. Umbrella, we sell the professional version that's used by businesses. That's what you need because it allows you to tune it to the people and what  they need access to?  Umbrella and open DNS will stop most malware from getting out. Most of it, not everything. That is huge defense.

Hey, if you want more information, if you want to go to my initial here, Microsoft security course, that's coming up in a couple of weeks. Just email [email protected] and let me know, be glad to send you stuff.

ME@Craig peterson.com.

Take care guys.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553