The Worst Internet Vulnerability Ever? And It Isn't Going Away Soon. What's Log4J?
Release Date: 12/18/2021
Craig Peterson - America's Leading CyberSecurity Strategist
Are You Ready For Your Car to Spy On You? It's Already the Law They pass the infrastructure bill, which means now it's time to figure out what is in the infrastructure bill. And we're going to talk about the technology that they decided to fund the technology that will win the game because it has billions of dollars of federal money behind it. [Following is an automated transcript] [00:00:16] This is disappointing, but it's normal, right? [00:00:20] It's absolutely normal because the federal government has always been one that picks winners and losers. If you're old enough, you remember, of...info_outline Do You Have a Smartspeaker? Another Danger Comes Your Way!
Craig Peterson - America's Leading CyberSecurity Strategist
Do You Have a Smartspeaker? Another Danger Comes Your Way! By now, you've heard of tick talk. You might use Tik TOK. Many people do. It's their go-to site online, especially if you're a little on the younger side. Here is a danger of some of these tick talk challenges and combine that with Alexa. Oh my [Following is an automated transcript] This is a little bit on the scary side. We built our house some 25 years ago, we contacted a builder, and I put together all of the specs, and I made sure that the wood he used was better than average. [00:00:30] It's all plywood. It's not particle board or...info_outline Have You Checked If Your Email Is On The Dark Web? Let's Do It Now!
Craig Peterson - America's Leading CyberSecurity Strategist
Have You Checked If Your Email Is On The Dark Web? Let's Do It Now! Do you know how to find out if you have had your private information stolen? Well, you know, the odds are probably pretty bad, but where was it stolen? When? What has been stolen? How about your password and how safe is that password? We're going to show you real hard evidence, and what you can do to fix things! [Following is an automated transcript] [00:00:16] Knowing whether or not your data has been stolen and what's been stolen is very important. [00:00:24] And there is a service out there that you can go to. They don't...info_outline Are You Ready For the Next Hacker Wave? It's Going to Be Brutal!
Craig Peterson - America's Leading CyberSecurity Strategist
Are You Ready For the Next Hacker Wave? It's Going to Be Brutal! Right now, we're going to talk about this vulnerability, this huge vulnerability in almost the entire internet that will affect your life over the following number of years. And if you're a business, you better pay close attention. [Following is an automated transcript] [00:00:16] Well, we are looking at what is being called the single most significant, most critical vulnerability ever. [00:00:24] And if you want more information on this, have a look at last week's show, you'll find it up on my website. I talked quite a bit about...info_outline The Worst Internet Vulnerability Ever? And It Isn't Going Away Soon. What's Log4J?
Craig Peterson - America's Leading CyberSecurity Strategist
2021-12-18 1144 [00:00:00] Well, the tech world is all a buzz with this log for J or log for shell. However you want to call it because we are looking at what is probably the biggest security vulnerability the internet has had in a long time. [00:00:16] This is huge, huge, huge to chew. [00:00:19] I don't know how to express it anymore, but there are multiple problems here. And even the patch that was released to fix this problem was broken as being exploited in the last 24 hours. There've been no less than 30 different new. Variations of the exploit. So what is going on? There is a computer...info_outline Did Your Computer Have "Intel Inside"? It Won't For long!
Craig Peterson - America's Leading CyberSecurity Strategist
Did Your Computer Have "Intel Inside"? It Won't For long! We're going to talk a little bit about shopping right now. Then we'll get into our chip crunch, and why Intel is being left on the side of the computer road. [Following is an automated transcript.] [00:00:16] There's lots of fun stuff to do. And it's kind of fun getting out of the house. Isn't it getting out, going out, going around? There's a, an outlet store close by where I live and it's kind of one of these outdoor. Outlet things. And it was fun. Just walking around, enjoying the little bit of fresh air, no matter what the weather...info_outline Do You Think There's Nothing You Can Do to Keep the Bad Guys Out?
Craig Peterson - America's Leading CyberSecurity Strategist
Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? What a week. The FBI got hacked. Homeland security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails, and how are they trying to con you? [Automated Transcript Follows] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone sitting there saying, well, gee, if the FBI gets hacked, there's no way my business can survive an attack. Remember that the FBI is a huge, huge target. They have so...info_outline Is Your Firewall Actually Protecting You? What Should You Be Doing?
Craig Peterson - America's Leading CyberSecurity Strategist
Is Your Firewall Actually Protecting You? What Should You Be Doing? New stats are out this week. So what's the number one vector of attack against us? Our Firewalls. And they're failing. So, what's going on. And what can you do about it? [Automated transcript follows] [00:00:16] And of course, I'm always talking about cyber security, because if you ask me that is one of the biggest problems we have in business. [00:00:27] Today. Well, yeah, you got to find employees. In fact, uh, it's almost impossible to find them in the cyber security space as well. And it's been hard for years. So I try to...info_outline You Know How To Use Fake Email Addresses to Stay Safe?
Craig Peterson - America's Leading CyberSecurity Strategist
If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [Automated transcript follows] [00:00:16] Email is something that we've had for a long time. [00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had...info_outline How Ransomware, Trojanware, and Adware Hurt You
Craig Peterson - America's Leading CyberSecurity Strategist
How Ransomware, Trojanware, and Adware Hurt You. And Why ExpressVPN Isn't Safe to Use. Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most? [Automated Transcript Follows] [00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us. [00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now...info_outline
[00:00:00] Well, the tech world is all a buzz with this log for J or log for shell. However you want to call it because we are looking at what is probably the biggest security vulnerability the internet has had in a long time.
[00:00:16] This is huge, huge, huge to chew.
[00:00:19] I don't know how to express it anymore, but there are multiple problems here. And even the patch that was released to fix this problem was broken as being exploited in the last 24 hours. There've been no less than 30 different new. Variations of the exploit. So what is going on? There is a computer language that's used by many programmers, particularly in larger businesses called Java.
[00:00:52] You might remember this, I've been following it and using it now, since it first came out very long time ago from sun Microsystems. Java is a language that's designed to have kind of an intimate. CPU processor. So think about it. If you have an Intel chip that is an x86 type chip, what can you use instead of that Intel chip to run that code?
[00:01:19] Well, there are some compatible chips made mainly by AMD advanced micro devices, but you're really rather limited. You have problems. Power. Well, you know, guess what you're stuck. You're stuck in that architecture. And then on the other end of the spectrum, you have some of these devices that are designed by companies like apple, Google has their own.
[00:01:41] Now that our CPU's their graphics processing units as well. And they completely replaced the Intel architecture. But the Intel code, the programs that are written for the Intel architecture that are compiled for Intel are not going to work on the apple chips and vice versa. So what did apple do? Well, apple, for instance, just moved from Intel over to.
[00:02:08] Own chipsets and these chips don't run Intel code. So how can you run your old apple apps? Well, apple has a little translator. They call Rosetta. It sits in the middle and it pretends it's an Intel processor. This really rather simple. And they've done an amazing job on this. And w Rosetta is actually a third party company and they helped apple as well with the transition from the IBM power series chips to the Intel chips.
[00:02:41] So how do you move the code around while you either have. Recompile it, you may have to redesign it, rearchitect it for the new type of processor and the new types of computers that are supported by that processor. Or you may do what Apple's done here a couple of times now, and that is having an interpreter in the middle that pretends it's something else pretends as an Intel chip.
[00:03:07] And then you can still run your in. Code because it knows, okay. It was designed originally for this apple Intel architecture. So I know how to make all of this work Java steps in and says, well, why are you doing all of that? That's kind of crazy. Isn't it moving all of your code around all of the time. So Java's original claim to fame was what will, will make life easy for?
[00:03:33] What you do is you write your code. Using Java in Java is very similar to C plus plus in some of these other languages that are out there. And that language, when you're writing your source code will be compiled into an intermediate. Code. So what happened is sun Microsystems designed this virtual machine?
[00:03:56] Now don't think of it like a normal VM, but we're talking about a CPU architecture and CPU instructions. And so what it did for those CPU instructions. Which is really quite clever, as I said, well, we'll come up with what we think are the most useful. And it's a Cisco architecture for those of you who are ultra geeks like myself.
[00:04:19] And we will go ahead and implement that. And so the compiler spits out code for this CPU that doesn't actually exist anywhere in the known universe. And then what happened is sun went out and said, okay, well, we'll make an interpreter for. Artificial CPU that'll run on Intel chips and we'll make another one that runs on these chips, that chips and the other chips, beautiful concept, because basically you could write your code once debug it and run it off.
[00:04:53] Anything that was kind of one of the original claims to fame for Unix, not so the run at anywhere part of it, but the part that says, well, it doesn't take much work to move your code to different machine, and we're not going to get into Unix and its root I've been around the whole time. It's kind of crazy.
[00:05:13] I just finished reading a book and saying, I remember that I remember that. And they were going through all of the history of everything I was in the middle of that. I did that. That was the first one to do this. It was kind of fun. Anyhow, what Java has done now is it's really solidified itself in the larger enterprises.
[00:05:34] So basically any software that you might be using, like our website that is particularly with a larger business. Is going to be using Java and that Java language is using libraries. So in programmers, instead of doing what I used to do way back when which is right in assembly code, or even in COBOL, and basically you had to write everything, every part of every program, anything you wanted to have done, you had to write, or maybe you borrowed somebody else's code and you embedded it in.
[00:06:08] And mind you, we only had 32 kilobytes of memory in the mainframe back then the 360 30, for those of you who remember those things, but here is where things really changed. You now had the ability to take that code that you wrote and put it on a smart. You could take that exact same code, no recompiling or anything, and take that code and run it on a mainframe on our super computer in a car.
[00:06:38] So Java became very popular for that. Very reason in these libraries that Java provided, made it even quicker to program and easier to program. Now there's some problems with languages. Java, which are these object oriented languages where you can, for instance, say one plus one equals two. Right. That will make sense.
[00:07:02] But what does it mean when you use a plus sign? When you're talking about words? So you say apple plus oranges, what's that going to eat? Well, that's called overloading an operator, and this is not a course on programming languages, but what happens is a person can write the library and says, oh, well, if the programmer says a non-Apple plus an orange or string plus a string, what I want you to do is concatenate the strings.
[00:07:31] Now that programmer who wrote that has to kind of figure out a couple of things, make some assumptions. Oh, well, I should I put a space between apple and. Or not. And what do they really mean? Okay. So this is how I'm going to interpret it. So that, it's a very, very simple example. But the concept is that now with these overloaded opera operations and these libraries that can go deep, deep, deep, you now have the additional problem of people designing and writing the libraries, making assumptions about what the programmer wants and what the programmer needs.
[00:08:09] Enter the problem with the log for J vulnerability. This is a very big, big deal because we're talking about a library function that is being used in Java by programmers. Now, you know that I have been warning everybody. Android for years, the biggest problem with Android isn't its user interface. It isn't that it's made by somebody else.
[00:08:37] Right? The biggest problem. And of course, this is my opinion is that Android software is provided by Google and. It is given basically to any manufacturer that wants to license it. And then that manufacturer can't just take Google and run it. Right. Have you ever tried to install windows or Linux or free BSD?
[00:09:04] It's mainly a windows problem, frankly, but you go on ahead and install that in. What do you need in windows while you get to need driver? Oh, well, wait a minute. This laptop is three years old. So how, how can I find them? And then you go around and you work on it and takes you a day and you finally find everything you need.
[00:09:22] And you've got all of the drivers and now it works. But Microsoft provided you with the base operating system. Why do you need drivers? Well, you know the answer to that and it's because every piece of equipment out there is different. Think about this in the smartphone market. Think about it in the more general.
[00:09:39] Android market. There are thousands of these devices that are out there and those different devices are using different hardware, which require different drivers. So when Google comes up with a software patch, how well we just fix the log for J issue that patch. Has to be given to the devices manufacturer who then has to talk to the manufacturers of the various components and make sure that the device drivers that they're using by the manufacturer are actually compatible.
[00:10:20] They're going to. Got the upgrades, wire it all together, and then test it on all of the different phones that they have and cars because cars are running it. Now you see how complicated this get. And most Android devices will net. Get another update. They will never get a security patch versus apple.
[00:10:43] Right now. They're still supporting the apple six S that came out in 2015. If I remember right, it's five or six years old. Now you don't find that in the Android space. You're lucky if you get two years worth of support, we're going to continue this. But this is, uh, this is really, really important. I'm going to talk more about the actual problem.
[00:11:06] What is being done about it? What you can do about it as an individual, a home user, and as a business, in fact, keep an eye on your mailboxes. Cause I've got some more links to some sites about what you can do and how to do it and how to test for it. Anyways, stick around. You're listening to Craig Peterson.
[00:11:29] We're talking about what is likely to be the biggest set of hacks in internet history right now. It's absolutely incredible what's going on. So we're going to talk about what it means to you and what's really going on.
[00:11:45] This whole problem is probably bigger than anybody really realizes because Java, as I explained is a very common computer programming language.
[00:12:00] And it has a lot of features that bigger businesses love. They love the ability to have multiple programmers working on something at the same time. They love the inheritance and multiple inheritance and all of these wonderful features of Java. Well, one of the really cool features is that you can, while your program is running, have the program change.
[00:12:25] It's. That's effectively what it's doing. It's pulling in libraries and functions in real time. And that's where this particular problem comes in. This has been a nightmare for Java forever. It's one of the reasons I have never migrated to Java for any of the projects that I have. Don, it just gets to be a nightmare.
[00:12:49] It kind of reminds me of Adobe flash. It was the biggest security problem that has ever been. And the number two Java and Java is running in the Android operating system. It is the core of the operating system. All of the programs are almost certainly written into. And now we're seeing Java turnip in the, not just entertainment systems in our cars, but in the actual computers that are driving the cars, running the cars.
[00:13:22] And I get very concerned about this. We had two major outages just this week before this log for J thing came about over at Amazon. And those two Amazon outages knocked thousands of businesses. Off the air out of business. You couldn't get to them. You remember the big problem with Facebook that we talked about a little while back and in both cases, it looks like they were using some automatic distribution of software sent out the wrong stuff.
[00:13:52] Right? And now you are effected. Well, what happens? What happens with the cars? If they push out a bad patch, how are we going to know. Hmm, what's that going to mean? And if your car has Java in it, are you going to be vulnerable to this? Well, you, you wouldn't be vulnerable to log for J if your computer wasn't hooked up to anything, but nowadays the cars are hooked up to the net.
[00:14:20] We've had a couple of car dealers for our clients. Who've had the Mercedes we've had Acura Honda and others over the years. And it's interesting going in there now and working with them because they are doing massive downloads of firmware whenever a car comes in. So that car, if they don't have the right kind of networks, that car can take hours to do.
[00:14:49] Dates. And I got to tell you, man, I I'm just shocked by so many businesses, not willing to spend the money that it really takes. So the poor technician is sitting there waiting for it to happen. You know, we could make it happen in 15 minutes, but they're stuck there waiting for three or four hours sometimes for some of these downloads, no it's called cash them locally.
[00:15:09] Right? These cars, some of them need new and different firmware. Some of them use the same and have. A reliable, fast internet connection. And we've done that for many companies. Anyways, I'm kind of going off on a bit of a tangent here. So forget that let's get back into this with Java. You can have a routine.
[00:15:32] Call another routine that was not even necessarily thought of by the programmer. Now, can you imagine that? So you're, you're programming and you're, you're not considering adding something that's going to send email out and yet you could have a log in. That's part of the DNS, uh, and it gets logged that actually causes an email to be sent or causes anything else to happen.
[00:16:02] That the exact problem we're seeing right now, it's absolutely crazy patterns in text fields, things like you can put a user desk agent. Right, which is normal for nature. GTP connection. You say, this is, this is usually a guy who was using Chrome version bar or Firefox or safari, but you put the user agent field.
[00:16:26] And then after that, you've put in some, a little bit of code that tells Java, Hey, what I want you to do is this. This is a problem because we're finding now that I'm, again, I said the last 24 hours, 30 different exploits over a million companies have been attacked on this. And we're talking about 10.
[00:16:51] Companies, absolutely hacked every minute right now. Can you think, let's just think about that. And we're in the middle of what? Right? The big holiday season, we've had some holidays, there's people online, shopping there's businesses that are trying to buy stuff, business stuff, almost every one of those sites is likely to be compromised.
[00:17:17] It's that bad. It's absolutely nuts. What's happening here. This is a huge flaw, huge flaw. And by the way, it is flaw. Number this you ready for? This 44,228. In the year 2021. So the written 44,000 flaws that have been discovered and reported, this is the CVE system for those of you who are interested, but this really is a worst case scenario.
[00:17:50] Because this log for J library is being pulled in to so many pieces of software out there on so many different platforms. The paths to, uh, to exploit this vulnerability are almost unlimited. And because there's so many dependencies on this particular log for J library, it's going to make it very difficult to patch without breaking other things.
[00:18:21] And the fact the exploit itself fits in. Tweet can be injected almost anywhere. So it's going to be a very long weekend for a lot of people, but let me tell you this, it is not going to be solved in a few days, a week a month. We're going to be seen this. Years, because you have to be the person that wrote the program that has the source code to link in the new libraries, distributed out to your customers.
[00:18:52] Do you see what a nightmare? This is now? Some people are saying, well, you know, let's blame this on open source. This, this is an open source product. Well, yeah, it is an open source project and it turns out that even though anyone can grab this, these, this library routine or any of these pieces of code, anybody can grab it.
[00:19:13] Anybody can look at it. It turns out it's one guy. Who actually maintained this, who has a budget of $2,000 a year to maintain it. Nobody else pitched in. And all of these big companies are all out there grabbing this code that this guy has been working on and not paying much attention to it. Not donating to the product.
[00:19:37] Which is saving them millions of dollars, not that one project, but all of these projects collectively in the open source community, it's it is more far reaching than this stretch vulnerability. You might remember this drug vulnerability that's was, that was the root cause of the massive breach at Equifax that Explo exposed all of our personal information.
[00:20:05] To the dark web. That's how bad this is. Oh my gosh. So Hey, if you want information, I've got a links, a bunch of links set up here on what to do while you're waiting for the log for J updates from your vendors, how you can find on your servers. If they have the log for J vulnerability, I've got a bunch of information that I've stored up on that.
[00:20:32] And some others just email me, just email me. M [email protected] asked for the list of the log for Jay's stuff or the Java's stuff. I'll figure it out. Be glad to send it to anyone that's interested. And if you need to scan to find out yourself and your business, let me know to [email protected]
[00:20:55] Wow. I was just going through a list published by Seesaw, this federal government agency that tracks some of these types of vulnerabilities. And wow, this list is daunting of all of these pieces of software that are vulnerable to this huge hack.
[00:21:12] this is now a problem for each and every one of us.
[00:21:16] I think I've established the man. This is nasty, nasty, nasty, nasty. So what do you do? First of all, I sent out. Email a list of things have in fact, a few different lists of things that you can do. So I had one for consumers, one for businesses and kind of a general thing as well. And then a bunch of references.
[00:21:43] Of course there's even more references and more great information now because I got that email. Pretty early. So I hope hopefully you had a chance to really look through that, but here let's just talk a little bit about this, what to do thing you already know because you guys really are the best and brightest that you need to be careful when you're on.
[00:22:07] You cannot be online, Willy nilly, clicking on things. And that includes emails and links. And this time a year, in fact, all year long, we're looking for. Wow, let's see. Is there a great bonus here? Look at they're having a sale, a discount. Oh no. I've only got three hours to respond or the deal's going to go away.
[00:22:28] I've usually been of the sort that I just am, not that influenced by some of these deals, but. I do sometimes want to find out what it is. So I find myself this week clicking through on. I'm on a lot of marketing lists because I like to follow what different marketers are doing, right. That's technology.
[00:22:51] And it's something I want to keep you guys informed about. And I found myself just crazy amount of double checking to make sure the link was valid. Now I'm sure you guys have, if you're on my email list, you might notice that the from address is not the me at Craig Peterson. Calm email address. You can always send email to [email protected] and it ends up in my email box.
[00:23:17] And it might take me a few days, or even as much as a week or two to get back to you. If it's something there's an emergency, you really need to fill out the form on my website, but I will get back with you. But the problem that some people have noticed lately is. It doesn't say return address or sent from [email protected]
[00:23:41] It's got this rather long convoluted, uh, convoluted, uh, URL that has nothing to do with Craig peterson.com, sows a number of people question it, it is a tracking email. When can the idea is if I am going to be able to get back to people and if Karen is going to be able to nudge. I have to have these things tracked.
[00:24:06] So the email from address, when you hit reply, it is going to go to the, again, my email list server guys, and it is going to get tracked so I know. Okay. Okay. So now I've got a few minutes or an hour. Let's sit down and go through a lot of these emails so I can get back to people. That's a problem for many people, that's even more of a problem today than it ever has been in the past.
[00:24:35] Now there's been a few sites that have done something about tracking because many people don't like to be tracked. Right. My self included, although, as I've always explained on the show, it's kind of a double-edged sword because I would rather see commercials or ads for a Ford F-150 pickup truck. When I'm looking to buy.
[00:24:58] Uh, car or certainly a truck. I don't want to see ads for things I don't care about. Right. And you probably don't either. So the tracking, I don't think is a huge deal. The statistics that have come out from apple recently are very interesting because what apple ended up doing is they put some new technology and to stop tracking.
[00:25:24] And to stop you from being tracked. And basically what they're doing is a couple of things. One, they've got this new feature where they will download images and emails from their website, so that it's not a, you know, they're, they're not being able to localize where you are and then they're also doing something where you.
[00:25:50] Are you, you are, you can't be tracked like you used to be able to be tracked. Let me just put it simply like that applications now have to have that little label warning label in the app store to let you know what they might be tracking, et cetera. So they've been accepting anti tracking behavior that came from our friends from.
[00:26:13] Apple now Google, Facebook and others have been very upset about this thinking that they were going to lose a lot of business here in the advertising side, because you wouldn't be able to track them. So if you've got an apple iOS device, you probably noticed, it says, allow app to track your activity across other companies.
[00:26:37] And websites, your data will be used to measure advertising efficiency. I don't know that that's such a bad thing. And looking at the stats right now, I'm looking at Google's income. And a lot of that comes from YouTube after. Apple launched its new privacy initiative and it looks like Google really wasn't hit very badly.
[00:27:01] What Facebook was worried about that they would just be losing all kinds of revenue. Also didn't turn out to be true. So it's an interesting thing to see and I've got to really compliment apple again. At this time on trying to keep our information private, I read a really great book, uh, this, so this is how the world ends talking about the whole cyber race and where things are likely going.
[00:27:32] And it it's frankly impressive. To see what Google has done to try and keep out our government from their networks, as well as foreign government and the whole thing with the Chinese hackers we've talked about before, where I've found them. Active inside our customer's network before. And this is where we get called in because there's a problem.
[00:28:00] We look around, we find indications of compromise. We find the Chinese inside. Okay. So it isn't something that we were protecting them, the Chinese got in, but we come in after the fact and have to clean up the mess. But what we have really seen happen here is the largest transfer in. Of wealth, I should say, in history, the largest transfer of wealth in history to.
[00:28:27] From us and from other countries, but primarily from us because of what they've stolen. And so Google really has fought hard against it. The Chinese have been in their systems have stolen a lot of stuff. Apple has fire fought hard against it, but we know about the apple stuff. Google's seems to be a little quieter about some of it.
[00:28:47] So they may be selling our information to advertisers, but there certainly are trying to keep nation states out. I'm really wondering too, what is Google doing? Moving that artificial intelligence lab to China. It just it's insane. We know we, if we're going to get out of this financial position, we're in as a country, we need to have an amazing new technology.
[00:29:11] So people are coming to the United States and we're certainly not seeing that. At least not yet. It's all been stolen. So what to do, man. I started talking about that and we got a little sidetracked. So I will talk about that a little bit more here coming right up and what to do if you're a consumer, if you're a business person.
[00:29:35] And of course, as I mentioned earlier, I have. Quite a list. I'm more than glad to send you. If you go ahead and just email me, M [email protected] I'll keep you up to date, let you know what's happening and give you those links that you can follow to find out exactly what is happening and what you can do, including some tools. There are some tools out there to check to see if that vulnerability exists inside your networks or systems [email protected] Craig peterson.com. And I'll be glad to reach out, reach back to you. Stick around.
[00:30:12] I'm gonna tell you what to do as a consumer because of this massive internet hack that is underway. It is huge, huge, huge. Also going to talk a little bit about apple and what they're doing with their tracker detect app on Android devices.
[00:30:29] This will be going on for months and probably years in some cases, because there are many systems that will never.
[00:30:40] Patched for this vulnerability. So from now on, you need to be doubly cautious about almost everything, the big targets for this. Then people who tend to be the most valuable. Big businesses. And I can send you a list of devices that are known to be either, uh, immune to this they've been fixed or patched and devices that are known to have this problem.
[00:31:08] So. You send me an email. Excuse me. If you have any questions about it. So it's me M [email protected] I'd be glad to send you that list. Seesaw has it online. You can certainly search for it yourself. If you're interested in. So for you as an individual, it's just extra caution, you know, use these one time, use credit card numbers.
[00:31:39] I have talked about this before. And that is, I use fake identities as much as I possibly can online. And I'm not trying to defraud anyone. Of course, that would be legal. What I'm trying to do is not make myself as easy at target. As is frankly, uh, pretty much anybody who uses a computer out there, because if you're always using your, in the same name and email address and having forbid password, then you are a bigger target than you have to be.
[00:32:15] And so. I have a whole, uh, index file. I have a spreadsheet that I put together with 5,000 different identities, different names, of course, different sexes, races, origin stories, everything. And the whole idea behind that is why does some company that's providing me with some little website thing, need my real info.
[00:32:41] They don't, obviously you give you real info to the banks or. Counts, but you don't need to give it to anybody else. And that's what I do. That's kind of my goal. So if you can do that, do do that. Apple also has a way for you to use random. Email address a suit can set up a different email address for every website you visit.
[00:33:07] There are a few services out there that can do it. If you're interested, drop me an email. [email protected] I'll send you a list of some of them. Uh, I think they're, they're all paid except for the app. But you have to have an apple account in order to use it. One of the things that businesses really need to do is do a scan.
[00:33:30] Again, I can send you a list of scanners so that you can look at your network, see if there's any. Obvious that might have huge implications for your business. Uh, again, [email protected], one of the things apple has come up with that I, I really have turned out to like, and I think I mentioned them before on the air, but it's these news.
[00:33:55] Trackers that apple has, that you can put on things. And we spoke a little bit last week about the problem with these trackers being put on to high-end cars, and then being used to track the car. Now apple got around that problem a while ago, by letting you know, Hey, there is a tracker following you isn't that handy.
[00:34:17] So, you know, wait a minute, somebody dropped one of these little tags into my purse. Coat my car or whatever it might be. And so now you can have a look and see where is this thing that's following me and get rid of it. Well, of course, in order to know that there's one of these apple tags tracking, you you've needed to have an apple phone.
[00:34:43] Because it'll warn you. Apple now has something called tracker detect. If you are using an Android phone, I would highly advise you to get this app tracker detect app on Android. And it's designed to help you Android users from being tracked by apple airtight. 'cause if, if you don't know you're being tracked right, then you can't know if you're being tracked.
[00:35:12] If you don't have an iPhone, unless you get this app so good for them, apple has it up now on the Google play store. That's just in the last week or so, and it lets you locate nearby air tags. So let's, uh, I think a very good thing kind of wonder if apple isn't using the Androids also for part of the.
[00:35:33] Crowdsourcing for the air tags, but, uh, that's a different conversation. Great article in vice this week by Aaron Gordon, about how car companies want you to keep paying. Features you already have, and they specifically made a call out about a car manufacturer. Toyota. Who's now charging $80 a year for people who bought their car years ago, six years ago, $80 a year.
[00:36:09] If you want to keep using the remote start function on your key. Yeah, so you paid for it and life was good. You went a few years, really nice on a cold winter day or a hot summer day, warm up the car or cool it down all automatically. But now Toyota is charging. $80 a year. So people are saying, well, why I bought it?
[00:36:34] Why, why would I pay for that? Apple's now claiming that the several first years were merely a free trial period, but this isn't even the big play for these car companies, this $80 a year for marginal features like remote start instead. Is probably going to happen. And I agree with this author as well is we're going to see a, an approach that Elon Musk has used with his Teslas.
[00:37:06] They're going to charge extra for performance, for range, for safety upgrades, for electric vehicles that actually make the car better car, a better car. Right? So upgrades used to be difficult or impossible with gas cars. A lot of these are trivial for the electric cars, with the dashboards that have games that you can play while you are charging.
[00:37:32] Some of them were complaining about it being for when they're on the road. Of course that's going to happen because frankly, when, once we get a full autonomous car, what are outs are you going to do? Uh, I should also mention this isn't really a, but Mercedes-Benz has been awarded the very first license for the manufacturer sale and distribution of a fully autonomous vehicle.
[00:38:00] The very first they are licensed for up to, I think it was 37 miles per hour. On their car and anything beyond that, you still have to retain control, but that's an amazing thing. And it only works on roads that are mapped. And what Mercedes is doing is they have these super high definition maps. So the car knows exactly where it is.
[00:38:29] If you are a Tesla owner, you know that a few years ago, Paid, I think it was $2,000 for your Tesla to be able to drive itself. And of course they, they haven't been able to drive themselves. You know, they, yeah, there's been features here and there, but how are you getting those features? How will you going to get that self-driving mode?
[00:38:52] We'll test those, calling them over the air upgrades. And they're also saying. Th this is part of the Tesla ownership experience to quote their website. All right. So they've had all kinds of over the air upgrade. They've had some free software. They've had paid ones, Tesla charges, thousands of dollars for its autopilot.
[00:39:16] Now a lot of money, I think it was five grand. And now they've got this beta driver assist system as well, and they also have. To others. You might remember the ludicrous speed. Um, long range model three would dual motors is capable of accelerating from zero to 60 in 3.9 seconds. But when you buy the car, the zero to 60 time is a half a second longer.
[00:39:48] So pay an extra $2,000 and you get that extra half second and accelerate. Yeah, there's nothing different. They don't even have to change. Really changed the software. There's no hardware differences. It's just, you pay them two grand and they, your cars catheter to the internet and they just unlock a key is not something.
[00:40:11] Now, there are some people that hack the way around that paywall, but then Tesla blocked it and reversed the hack as well. A Tesla has sold their cars now for years with the same 75 kilowatt hour battery. But software locked them to 60 and 70 kilowatt hours might remember. We talked about this with a hurricane that came ashore down in Texas, where Tesla, anyone in that area provided them with an automatic upgrade for extra batteries.
[00:40:43] So they could go further in order to get out of the zone of their herd. Before them in software lock-in and a 60 and 70 kilowatt hours, unless you paid an additional $3,000 for that extra 30 or 40 miles of range. Isn't that something. Yeah. So Tesla has temporarily unlocked them, but this is where we're going.
[00:41:06] You're going to be going into the car dealership while in Tesla's case. It's on the, on the internet, which I think is better. Frankly, dealerships are handy in order to get a repair, but. You can get a repair at some of these little specialty shops it's often better and certainly cheaper than what the dealership sells, but you're not only going to be haggling over the price of the vehicle and delivery times.
[00:41:32] You're going to be haggling over all of these different features. And it's never going to end because they're going to keep having software upgrades that you're going to have to pay for. Uh, Pollstar this is an electric vehicle company spun off from Volvo new. Remember Volvo is now Chinese company. Yeah.
[00:41:51] Chinese. Yeah. So much for safety, right? Uh, they're going to charge an extra thousand dollars for a slight increase in horsepower and torque, just like Tesla does. So this is the future. Of car companies. Hey, I want to remind everyone, if you go to my website, Craig peterson.com. Right now you can sign up for my weekly newsletter.
[00:42:15] It is packed full of great information for you. Every week. We've got some free boot camps coming up after the first of the year, and you need to be on my email list to find out about it. Craig Peter sohn.com/subscribe.
[00:42:32] And following my newsletter, you probably saw what I had in the signature line the last few weeks, how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email.
[00:42:49] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control.
[00:43:16] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and gets sort of almost all of the fishing and a lot of the spam and other things that are coming.
[00:43:39] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it.
[00:44:04] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp.
[00:44:25] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail.
[00:44:50] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account.
[00:45:12] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular.
[00:45:40] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature.
[00:46:00] This lets you create random email addresses and those email addresses. And up in your regular, uh, icloud.com or me.com, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing.
[00:46:27] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I cloud.com that doesn't tell anybody. Who you are, and you can put a label in there.
[00:46:51] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an [email protected]
[00:47:15] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, cobb.com. Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, [email protected] and it's supposedly from bank of America, you instantly know that is spam.
[00:47:53] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire beats.com. This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it.
[00:48:23] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an [email protected] and now emails that Libson wants to send me. I'll go to Craig. [email protected] Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right.
[00:48:58] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out.
[00:49:25] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy.
[00:49:47] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at as Firefox.
[00:50:06] Have a [email protected] And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there.
[00:50:26] And then if you're interested, by the way, just send an email to me, me. Craig peterson.com. Please use that email address [email protected] because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail.
[00:50:52] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage.
[00:51:14] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man.
[00:51:41] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail.
[00:52:05] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's temp-mail.org. Don't send anything. That is confidential on this.
[00:52:27] Don't include any credit card numbers, nothing. Okay. But temp-mail.org will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool.
[00:52:51] It's quite simple. So I'm right there right now. temp-mail.org. And I said, okay, give me email address. So gave me one. [email protected] Is this temporary email, so you can copy that address. Then you can come back into again, temp-mail.org and read your email for a certain period of time. So it is free.
[00:53:18] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts.
[00:53:42] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig peterson.com. Make sure you subscribe to my newsletter. Stick around.
[00:53:57] Well, you've all heard ransomware's up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed?
[00:54:14] Ransomware is terrible. It's crazy. Much of it comes in via email.
[00:54:21] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record.
[00:54:53] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year.
[00:55:22] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your.
[00:55:58] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case.
[00:56:27] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments. It ju it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't predict particularly like some friend, right.
[00:56:49] And you can go ahead and send them an email with a link in it. And they click the link and installs ransomware, and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig peterson.com.
[00:57:14] But this article goes through. What are some of the steps it's by Daniel Clayton? It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window.
[00:57:37] You might want to check it out, but he's got a nice little list here of things that you want to do. So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things.
[00:58:03] Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving. And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play.
[00:58:31] It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years.
[00:58:59] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, a. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware. They had to shut down globally for.
[00:59:25] Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything. One of the ladies in one of my mastermind groups basically said that, right?
[00:59:49] Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling. So he was just kind of freaking out for good. But I explained, okay, so here's what you do.
[01:00:15] And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it. Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero.
[01:00:41] You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants. Turn it off one or more systems. I might've gotten ransomware.
[01:01:04] And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every. Not just pull the plug. I w I'm talking about the ethernet cable, right?
[01:01:32] Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has. Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced.
[01:01:57] And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense. You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want.
[01:02:22] Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing. You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay.
[01:02:43] Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away. But you got to figure that out. There's no one size fits all for all of this. And at over $11,000 for an individual.
[01:03:06] Ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig Peterson.com and get my newsletter along with all of the free trainings.
[01:03:23] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of cool.
[01:03:39] By now you must have seen if not used QR codes.
[01:03:44] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using.
[01:04:07] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows.
[01:04:34] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day.
[01:05:11] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered?
[01:05:34] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now.
[01:05:58] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments.
[01:06:33] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code.
[01:06:59] So even if the mail gateway software is scanning for pictures and looking for a specific QR codes, basically, they're still getting them. So the good news is the use of the QR codes in these types of phishing emails is still quite rare. We're not seeing a lot of them yet. We are just starting to see them, uh, hyperlinks to phishing sites, a really common with some of these QR codes.
[01:07:30] But this is the first time we've seen an actor embed, a functional QR code into an email is not. Now the better business bureau warned of a recent uptick, ticking complaints from consumers about scams involving QR codes, not just an email here, but because these codes can't really be read by the human eye at all.
[01:07:53] The attackers are using them to disguise malicious links so that you know, that vendor that I talked about, that retail establishment that's using the QR codes and hoping people walking by will scan it in order to get some of that information. Well, People are going to be more and more wary of scanning QR codes, right?
[01:08:15] Isn't that just make a lot of sense, which is why, again, one of the items in our protection stack that we use filters URLs. Now you can get a free. The filter and I cover this in my workshop, how to do it, but if you go to open DNS, check them out, open DNS, they have a free version. If you're a business, they want you to pay, but we have some business related ones to let you have your own site to.
[01:08:47] Based on categories and all that sort of stuff, but the free stuff is pretty generalized. They usually have two types, one for family, which blocks the stuff you might think would be blocked. Uh, and other so that if you scan one of these QR codes and you are using open DNS umbrella, one of these others, you're going to be much, much.
[01:09:11] Because it will, most of the time be blocked because again, the umbrella is more up-to-date than open DNS is, but they are constantly monitoring these sites and blocking them as they need to a mobile iron, another security company. I conducted a survey of more than 4,400 people last year. And they found that 84% have used a QR code.
[01:09:37] So that's a little better than I thought it was. Twenty-five percent of them said that they had run into situations where a QR code did something they did not expect including taking them to a malicious website. And I don't know, are they like scanning QR codes in the, in the men's room or something in this doll?
[01:09:56] I don't know. I've never come across a QR code. That was a malicious that I tried to scan, but maybe I'm a little more cautious. 37% were. Saying that they could spot a malicious QR code. Yeah. Yeah. They can read these things while 70% said they'd be able to spot a URL to a phishing or other malicious website that I can believe.
[01:10:23] But part of the problem is when you scan a QR code, it usually comes up and it says, Hey, do you want to open this? And most of that link has invisible is, is not visible because it is on your smartphone and it's not a very big screen. So we'll just show you the very first part of it. And the first part of it, it's going to look pretty darn legit.
[01:10:46] So again, that's why you need to make sure you're using open DNS or umbrella. Ideally, you've got it installed right at your edge at your router at whoever's handling DHCP for your organization. Uh, in the phishing campaign at normal had detected with using this QR code, uh, code they're saying the attackers had previously compromised, some outlook, email accounts, belonging to some legitimate organizations.
[01:11:15] To send the emails with malicious QR codes. And we've talked about that before they use password stuffing, et cetera. And we're covering all of this stuff in the bootcamp and also, well, some of it in the bootcamp and all of this really in the workshops that are coming up. So keep an eye out for that stuff.
[01:11:36] Okay. Soup to nuts here. Uh, it's a, uh, it's a real. Every week, I send out an email and I have been including my show notes in those emails, but I found that most people don't do anything with the show notes. So I'm changing, I'm changing things this week. How some of you have gotten the show notes, some of you haven't gotten the show notes, but what I'm going to be doing is I've got my show notes on my [email protected]
[01:12:07] So you'll find them right. And you can get the links for everything I talk about right here on this. I also now have training in every one of my weekly emails. It's usually a little list that we started calling listicles and it is training on things you can do. It is. And anybody can do this is not high level stuff for people that are in the cybersecurity business, right.
[01:12:39] Home users, small businesses, but you got to get the email first, Craig peterson.com and sign.
[01:12:46] California is really in trouble with these new environmental laws. And yet, somehow they found a major exception. They're letting the mine lithium in the great salt and sea out in California. We'll tell you why.
[01:13:03] There's an Article in the New York times. And this is fantastic. It's just a incredible it talking about the lithium gold rush.
[01:13:14] You already know, I'm sure that China has been playing games with some of these minerals. Some of the ones that we really, really need exotic minerals that are used to make. Batteries that are used to power our cars. And now California is banning all small gasoline engine sales. So the, what is it? 55,000 companies out in California that do lawn maintenance are going down.
[01:13:45] To drive those big lawnmowers around running on batteries. They're estimating it'll take 30 packs battery packs a day. Now, remember California is one of these places that is having rolling blackouts because they don't have. Power, right. It's not just China. It's not just Europe where they are literally freezing people.
[01:14:09] They did it last winter. They expect to do it more. This winter, since we stopped shipping natural gas and oil, they're freezing people middle of winter, turning off electronics. California, at least they're not too likely to freeze unless they're up in the mountains in California. So they don't have enough power to begin with.
[01:14:28] And what are they doing there? They're making it mandatory. I think it was by 2035 that every car sold has to be electric. And now they have just gotten rid of all of the small gasoline engines they've already got. Rolling blackouts, come on. People smarten up. So they said, okay, well here's what we're going to do.
[01:14:52] We need lithium in order to make these batteries. Right. You've heard of lithium-ion batteries. They're in everything. Now, have you noticed with lithium batteries, you're supposed to take them to a recycling center and I'm sure all of you do. When your battery's dead in your phone, you take it to a recycling center.
[01:15:11] Or if you have a battery that you've been using in your Energizer bunny, and it's a lithium battery, of course you take it to the appropriate authorities to be properly disposed of because it's toxic people. It is toxic. So we have to be careful with this. Well, now we're trying to produce lithium in the United States.
[01:15:38] There are different projects in different parts of the country, all the way from Maine through of course, California, in order to try and pull the lithium out of the ground and all. Let me tell you, this is not very green at all. So novel. Peppa Northern Nevada. They've started here blasting and digging out a giant pit in this dormant volcano.
[01:16:09] That's going to serve as the first large scale, lithium mine in the United States and more than a decade. Well, that's good. Cause we need it. And do you know about the supply chain problems? Right. You've probably heard about that sort of thing, but that's good. This mine is on least federal lands. What does that mean?
[01:16:31] Well, that means if Bernie Sanders becomes president with the flick of a pen, just like Joe Biden did on his first day, he could close those leads to federal lands. Yeah. And, uh, we're back in trouble again, because we have a heavy reliance on foreign sources of lithium, right. So this project's known as lithium Americas.
[01:16:56] There are some native American tribes, first nation as they're called in Canada. Uh, ranchers environmental groups that are really worried, because guess what? In order to mine, the lithium, and to do the basic processing onsite that needs to be done, they will be using. Billions of gallons of groundwater.
[01:17:20] Now think of Nevada. Think of California. Uh, you don't normally think of massive lakes of fresh water to. No. Uh, how about those people that are opposed to fracking? Most of them are opposed to fracking because we're pumping the water and something, various chemicals into the ground in order to crack the rock, to get the gas out.
[01:17:43] Right. That's what we're doing. They don't like that. But yet, somehow. Contaminating the water for 300 years and leaving behind a giant mound of waste. Isn't a problem for these so-called Greenies. Yeah. A blowing up visit quote here from max Wilbert. This is a guy who has been living in a tent on this proposed mine site.
[01:18:10] He's got a. Lawsuits that are going, trying to block the project. He says blowing up a mountain. Isn't green, no matter how much marketing spend people put on it, what have I been saying forever? We're crazy. We are insane. I love electric cars. If they are coolest. Heck I would drive one. If I had one, no problem.
[01:18:29] I'm not going to bother to go out and buy one, but, uh, yeah, it's very cool, but it is anything but green. Electric cars and renewable energy are not green, renewable energy. The solar and the wind do not stop the need for nuclear plants or oil or gas burners, or cold burners, et cetera. Because when the sun isn't shining, we still need electricity.
[01:19:01] Where are we getting to get it? When the wind isn't blowing or when the windmills are broken, which happens quite frequently. Where are we going to get our power? We have to get it from the same way we always have from maybe some, uh, some old hydro dams. Right. But really we got to start paying a lot more attention to nuclear.
[01:19:25] I saw a couple of more nuclear licenses were issued for these six gen nuclear plants that are green people. They are green, but back to our lithium mine. They're producing cobalt and nickel as well as the lithium. And they are ruined this to land, water, wildlife, and. Yeah. Yeah, absolutely. Uh, we have had wars over gold and oil before and now we're looking at minerals.
[01:19:59] In fact, there's a race underway between the United States, China, Europe, Russia, and others, looking for economic and technological dominance for decades to come by grabbing many of these precious minerals. So let's get into this a little bit further here. Okay. So they're trying to do good, but really they're not green.
[01:20:24] They're they're not doing good. And this is causing friction. Okay. Um, first three months of this year, us lithium miners raise nearly three and a half billion dollars from wall street, seven times the amount raised in the last six months or 36 months. Yeah, huge. Money's going into it. Okay. They're going after lithium from California's largest leak, the Salton sea.
[01:20:55] Yeah. Yeah. So they're going to use specially coded beads to extract lithium salt from the hot liquid pumped up from an aquifer more than 4,000 feet below the surface. Hmm. Sounds like drilling aren't they anti drilling to the self-contained systems connected to geothermal power plants generating emission free electricity.
[01:21:16] Oh, that's right. They don't have a problem with the ring of fire in California with earthquakes and things. Right. Ah, yeah. Drilling on that and using the, the, uh, It's not going to be a problem. Uh, so, um, yeah, so that you're hoping to generate revenue needed to restore the lake fouled by toxic runoff from area farms for decades.
[01:21:40] So they're looking to do more here. Lithium brine, Arkansas, Nevada, North Dakota, as I mentioned already, Maine. Uh, they're using it in every car that's out there, smartphones, et cetera. Uh, the us has some of the world's largest reserves, which is, I guess, a very good thing. Right? A silver peak mine in Nevada is producing 5,000 tons a year, which is less than 2% of the world's supply.
[01:22:12] Uh, this is just absolutely amazing going through this. Okay. Um, I know bomb administration official, Ben Steinberg said right now, China decided to cut off the U S for a variety of reasons. We're in trouble. Yeah. You think. Uh, the another thing here in the New York times article is from this rancher and it's a bit of a problem.
[01:22:38] He's got 500 cows and calves. Roaming is 50,000 acres in Nevada's high desert is going to have to start buying feed for. This local, mine's going to reach about 370 feet. Uh, here's another kind of interesting thing. This mine one mine is going to consume 3,200 gallons of water. Per minute. Yeah. In, in Baron Nevada, I I'm looking at a picture of this and it is just dead sagebrush.
[01:23:09] Oh my gosh. So they're expecting the water table will drop at least 12 feet. They're going to be producing 66,000 tons of battery grade, lithium carbonate a year. But, uh, here we go. They're digging out this mountain side and they're using 5,800 tons of so FERC acid per day. Yeah. They're mixing clay dug out from the ma from the Mount side with 5,800 tons of clay of sulfuric acid.
[01:23:42] I should say every day, they're also consuming 354 million cubic yards. Of mining waste. I'm not consuming creating 354 million cubic yards of mining waste loaded with, uh, discharged from this sulfuric acid treatment and may contain. Modest amounts of radioactive uranium. That's. According to the permit, documents are expecting it'll degrade quote unquote 5,000 acres of winter range used by the antelope herd, the habitat of the Sage groves nesting areas for Eagles.
[01:24:20] It just goes on and on. It is not. BLM is not, of course stumbled the bureau of land management, but I guess both PLMs are not, and this is a real problem and the tribes are trying to stop it. The farmers are trying to stop it, but Hey, California needs more lithium batteries for their electric cars.
[01:24:42] They're electric lawn mowers, leaf blowers, et cetera. So we've got to get that lithium. We've got to get it right away, uh, in order for their green appetite in. Hey, get some sanity. Craig peterson.com. Sign up for my newsletter right now. Craig Peterson, S O n.com.