Craig Peterson - America's Leading Security Coach

Sleep at night knowing what's going on with your cybersecurity - America’s Leading Security Coach - FBI InfraGard Webinar Moderator - Network Security Since 1991 CraigPeterson.com

Hunter Biden and Computer Repair Shops plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

Hunter Biden and Computer Repair Shops plus more on this Tech Talk with Craig Peterson Podcast Craig gets into some detail about why Hunter Biden's laptop that he took to a shop and never picked up is now in the hands of the FBI/DOJ and the things he did wrong when he took it in for service -- and no -- it has nothing to do with Russia. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Yeah, I'm sure you heard about Hunter Biden, and what happened with his computer when he took it in for repairs? How about your computer? We'll be getting into that right away, right off the top. And then the FBI says hackers are already in our election systems. Man really. Hey everybody. Welcome. Welcome. You're listening to Craig Peterson. Well, we had a lot of news this week. Some stations covered it. Certainly. But bottom line things just weren't covered here in the US. It was interesting listening to some foreign stations. They were covering the whole Hunter Biden thing, yet here in the US, it's like a ghost town on most of the major networks. This is really, really crazy. I'm sure you are interested in knowing a little bit about what's going on? What are your rights? What should you do? Karen and I are putting together a special report that you can get for free. I don't squeeze you for these things. All you have to do is send me an email and I'll send it off. We're putting together a special report specifically on steps you have to take before taking your computer to one of these computer repair shops. Now, you know, I already suggest you do not use break-fix shops. Don't use any of these big squads that are out there running around saying they can fix your computers. I really do recommend that you use a managed services provider. I'm a managed security services provider, right. I want to put that on the table and we do tend to do take care of systems for our customers, of course, security customers a little thing there we'll usually do it for them. A managed services provider should be someone that you're using that you trust and have a certain responsibility to your data and all of the information behind it. Particularly if you are a subcontractor for any DOD contract. There are certain responsibilities that flow down to you. Obviously, if it's off the shelf stuff, the responsibility is a lot less than if it's the stuff that is not necessarily secret but is part of information about a base or information about how many items are being ordered. The military and the prime contractors don't like that information getting out for good reason. They don't want the bad guys, the Chinese, the Russians and North Koreans, et cetera, et cetera, in on that information. Look at what's happening right now. If you go right now to Duck Duck go, and look up the Chinese carriers or better yet, look at their newest jets, They are a clone from just looking at it. They are a clone of our US jets. The reason the Chinese have this data is that they stole it. Rolling back to the time of President Clinton, he just gave them the technology for launching Intercontinental ballistic missiles to hit the United States. He gave it to them. Because he said, we want the Chinese to be able to launch our satellites? Because it's going to be way more cost-effective. The only way they can launch satellites is if they have this particular type of technology for their rocketry. And so basically, he just gave it to them. I think that it's crazy reasoning if that was the actual reasoning behind it. Now they've turned to. Theft. This always happens in every socialist country. Any country that goes socialist, you just don't have the innovation that you had otherwise because you end up with all kinds of taxes, all kinds of restrictions. You take away the motivation for people to make money. Look at what's happened with 50 Cent, he's a rapper. He went most of his life with no money at all. Worked really, really, really hard, and finally made some money. So the average person is going to make a few million dollars if you are a white-collar worker over the course of your lifetime. What if you worked for 10 years, 20 years, 30 years trying to get some software to work, trying to come up with something, and man it didn't work in the marketplace. So let me try something else. Let me try something else. Let me try something else. So for 20 years, you're living off of almost nothing. Just scraping, just trying to get by. Then yes, I got it. Finally everything clicks. The market's there, your product is there. It's all working. You've got the right team working with you. Your partners are the right ones, not these two Hunter Biden partners that have ended up in prison or one's waiting for sentencing right now. You got good partners that are really working for you working together, pulling together. And now all of a sudden you make a million, 2 million, 3 million, $4 million. Maybe you made $5 million over the course of 40 years. That isn't much different than your average white-collar worker. Yet you are going to be taxed to kingdom come if you live in a socialist country. So all of that work that you did for 40 years to finally make some money, maybe even leave a little bit of money behind for your kids. Generational wealth. It's gone. It's been taken. It's been confiscated at the point of a gun by the socialist government. When you're someone like China, you have to steal intellectual property from other countries because the incentive is just not there. If you stick your head up, if you try something and you do it wrong, that head gets bashed in. You get sent out to re-education camps. Look at the millions of people that we know of that have gone to these Chinese, every education camps. Look at the tens of millions of people that have starved to death because of socialism. Well over millions, in fact, documented in the 20th century, just because of socialism. It happens every freaking time. But, let's get back to the laptop here. If you are China and you're trying to steal concepts, ideas so that you can then build your military, build your commercial infrastructure, compete with Tesla, compete with Apple, you need to steal it. You want to get your hands on computers. You need to use other people's computers in order to hide where you're coming from. You've seen it in movies before. You might remember way back when you were watching war games. In War games it showed this modem and he was trying to go here and then it was hopping over to there and there was hopping over to here. How they kind of hop around. That is reality. It's still to this day. That the bad guys need your computer in order to hack other computers. Now, sometimes what they're doing is they're attacking other computers using your computer. So that might be attacking it, looking for a way to break in. They might be attacking these other computers through a denial of service attack, where they have thousands or even millions of computers sending requests to websites or other places. Then they hold that site hostage at that point. That happens. It really, really happens. We've also found that the bad guys are using our computers in order to store and forward illegal information. So in some cases, it's illegal information like designs for jet aircraft engines that we use in our fighters. Or the latest one. This is just from this last week is they stole the vibration dampeners in our jets that are designed to be very stealthy. So the less vibration, the harder it is to pick up. What did they do? Well, they steal it from us. At least ask what it looks like right now, allegations just everywhere on that. I have firsthand personally seen this sort of thing happen where China is stealing. Intellectual property from US corporations. We've gone into these companies that thought they were secure. We have a managed services provider. Most of the time, it's all we have an IT person and we call these other guys up when something breaks. We go in there and we find these back doors. A case that I've talked about before that I was involved in, expert witness out a New Jersey, where illegal information is put onto third parties, computers in order to share it with other people. It is happening all the time. It's everything from the ISIS beheadings and burnings all the way through kiddie porn. This is real. We have to lock down our computers because of this. Now you might ask why I'm talking about this one. We're talking about Hunter Biden's computer that was taken to a repair shop, or maybe what we want to talk about is your computer that you're going to take to a repair shop. Well, I ask that because the big question here is what's on your computer. You know what you have put on it. No, maybe you even forgot some of the stuff that you put on it. But what have the bad guys put on your computer? Is your network system secure enough that you can say, yeah, yeah, nobody is using my computer, my network maliciously? Do you even have a firewall that tracks your outbound connection? We get into, and a lot of detail about how to do that, what you need to do in our cybersecurity mastery course. It's an important thing. So stick around when we get back, I'm going to give you the tips that you need to know. If you're going to take your computer to a repair shop and we are going to turn this into a little book for you, a special report, something like that. Stick around. We'll be right back. You're listening to Craig Peterson. Online Craig peterson.com. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16521317

Data Privacy and Computer Repair plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

Data Privacy and Computer Repair plus more on this Tech Talk with Craig Peterson Podcast Craig continues his explanation about computer repairs and what you can and must do to protect your data and privacy. Back up your data! Also, the proper way to destroy old disks. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Do you know, what's on your computer? Do you know what they do with it? At some of these repair shops that you take your computer when it gets slow and something breaks? When you're just trying to figure it out? What the heck is happening here, man? We've got an eye-opener for you right now. Hi everybody. Craig Peterson here. Thanks for joining me. We talked a little bit about what it's on your computer. You may not remember everything that's on it. It may just be some malicious stuff a third party has put on there. You might have bank account information. You might have password information. You might have intellectual property on it. If you are trying to take in a computer, that's badly broken. You're in a little bit of a hard spot here because that computer can't be cleaned up. Can't be cleaned very well at all. You can be just totally stuck with it and you can remove stuff, right? Let's, roll back a little bit before your computer broke. The first thing is what I teach in my cybersecurity mastery course, which is something we call a three, two, one backup. Make sure you have a data backup. Three, two, one talks about the number of copies, the different types of media, the different locations to store it. Having a data backup is crucial. I've been using Backblaze for a while. I have a Backblaze little partner thing, so I get literally a dollar for referring people. Just so that you know. Note: If you go to backblaze.com they'll know I referred you because they won't. I use it. It's six bucks a month and it'll back up a computer and all of the directly attached hard disks for six bucks a month. Now my main computer has many, many, many terabytes of data on it. I think it's. 40 something terabytes and it cost me $6 a month. It is amazing. So check them out online, make sure you got a backup. It needs to be a solid backup, needed to have multiple copies. And this is something that people always forget, test it. Make sure you can restore that backup. This is a really good practice to follow it's something that is a part of disaster recovery. There are other parts as well. If you are a public company or you are owned by a public company, the bottom line you have four hours under the law to get back online. It's only for four hours. What we have done for companies and we could do it for yours too, we go ahead and make sure we have additional hardware on-site in case something goes extremely wrong. That way we can get them up and running in a matter of minutes. In most cases, if they have a major crash, if the building burns to the ground, we can get them up and running in four hours. If that's what's needed. Of course, that costs a lot more than just doing it mean a Backblaze back up, but that's okay at the beginning. That's the start. Make sure you can restore and as always. I go over this a lot in my cybersecurity master course and on the module on backups, make sure you realize how long it will take to restore your backup. It may take weeks to back everything up. In my case, it took months, right? It may take a long time to back everything up. How long is it going to take to restore? Does that data backup company have an offer where they will go ahead and either restore your data to a hard drive that you can then hook up to your new computer and copy everything over that's fast? Some may even overnight that drive to you or will they take them back up and put it onto a brand new machine. That's what we do for our customers so they have it. It's not a disaster. They have a computer that isn't working anymore. It's just totaled time for a new one. We'll go ahead and restore it, new machine, and then install that machine for them or send it to them, depending on who they are. That is ultimately highly important. So make sure that happens before it's time to take your computer to a repair shop. Because you never know that repair shop while they're trying to fix your computer may just toast it, or maybe already toast in this case. Meaning. It is no good anymore. So that's number one before anything. Okay. So if your hard disk just toasts out on you and you need to take that computer now to a repair shop to get a new hard disk in it, make sure that you remove the hard disk first. Then take it in say, yeah, my hard disk is toast. You're going to need to start from scratch. Now you're going to need to have your windows license for them. If it's a Windows computer, if it's a Mac, it just is going to work, right? The Macintosh, I'll go ahead and do a network install, or if they know what they're doing, they can do a local install of all that Mac software, as well, to a new disk. In this day and age, of course, the recommendation is don't use spinning media disk. Use an SSD. There are a number of different types of SSDs and the cheap ones fall apart quickly because you can only write to them so many times. The pricing has gotten a lot better for consumers. You might have heard this week, Intel got out of the flash memory business because there just isn't the margin in it anymore. So shop around a little bit, make sure you got the best price on that. So there you go. Number one. Good backup. Number two, make sure that if your disk fails, you remove it. Because you cannot do the next step, which is okay. Make sure you remove any personal data from the computer or make sure it's encrypted. Now, what we do because customers are regulated. If a disk is bad, we remove the disk, we break it down and we have a special furnace that we can melt those disks. Most of the platters are aluminum nowadays. There are also glass platters, but we will melt them down at extremely high temperatures and then certify that yes, indeed it is now a slag of aluminum and has been completely destroyed. That's the only way that you can meet the federal regulations if you are one of those types of companies. If you are someone that's just a small, basic company, you're worried, but you're not worried about China getting at it or somebody else. Right. A real bad actor. Then what you need to do is get a half-inch drill bit and make three holes. Holes in that hard disk right around the little circle. You'll see a circle in that hard disk. That's usually where the spinning media is. That's usually the central bearing. So go out an inch or two. Probably a couple of inches from that bearing and drill all the way through that will destroy the data on there. So that will help to protect your intellectual property. If you want to do it the best way, it is to melt that disk down and that's what we do for our clients as well. Okay. So back to if the disk is still working no matter how trustworthy you think that this business is you took the computer too, is there's always a chance. There's a bad egg amongst all of the staff members there. So delete it, remove it. Again, hopefully, you have a backup. Hopefully, that backup is tested. You can restore it afterward if your disk is encrypted and that can be true on Windows or on a Mac. There are a few different ways to do this, then. Remember that they're going to have to boot that computer. And that may mean almost certainly mean that they're going to have to, if they, to do an end to end check boot from the disk that media that's in it. What we tend to do is we booted off of a USB drive so that we don't have to have the decryption password for the hard disks. That way there's no temptation, right? None of my techs have that temptation because they can't get at the data anyways. Make sure again, boot encryptions turned on. Stick around. We'll be back. We've got a couple more things to cover here. This is all spawned by Hunter Biden and his computer that he dropped off at the repair shop. If you sign that little contract, in 90 days, the computer and everything on it is theirs. Stick around. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16521245

Continuation of The Considerations Surrounding Privacy and Computer repair plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

Continuation of The Considerations Surrounding Privacy and Computer repair plus more on this Tech Talk with Craig Peterson Podcast Craig continues his explanation of what you need to do if you have to take your computer to a shop to be repaired. This segment covers encryption. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to talk right now a little bit more about removing that personal data before you send it in for repair and a couple of other things that you need to know about your rights when it comes to repairs. Hey, you're listening to Craig Peterson. Thanks for joining us today. Next up is probably pretty obvious to everybody make sure you're very selective about who you trust. What's the reputation of your work with them before? If you're dealing with a managed services provider, They have a fair deal, in fact, of responsibility for your data. If they are a federal compliant managed security services provider, then there are federal laws to help protect some of your data. But if you leave that data on that computer, it's like not paying for the guy that did all of the yard work outside who brought in the bulldozers and the trucks full of soil, et cetera. They have a mechanics lien on your home. They can take that right out of you and even force the sale of the home in order to get paid. Kind of similar in the computer world. They did put in the time to fix a computer, they might've added parts, et cetera. So when you sign that contract, when you're dropping that thing off, remember that you kinda are signing your computer away. That is not a good thing for you if you don't come back in the 90 days, because that computer and all of the data on it becomes not yours. It becomes the repair shop's data and computer. They can do with it, whatever it is they want to do with it. That's, what's gotten Hunter Biden into some serious trouble here and Joe Biden as well. Remember this, isn't a Hunter Biden problem. It's now showing some major corruption on the part of Joe Biden. So if it's true, Where did this all start? Well, he's kept his head down pretty well for 47 years in the US Senate, et cetera. But, this one thing just dropping the computer off for repairs could be a problem. Encryption is important. Remember most of us are just using what's called encryption at rest. In other words, the data is encrypted while it's on the disk. That does not meet some of the higher standards of various regulations, but it's okay. It's a start. So you use encryption on the disk, you use the builtin windows encryption or the built-in Apple encryption as well. Now there are some very good tips here as well. That has to do with your keys. I keep all of my keys, my software keys, my log-in keys, license keys in a vault. An encrypted vault. There is another level of that. It's something that we are trying to convince our clients that they need to do because some regulations are requiring it now. Although most companies are not doing it. That is, it has to not just be kept in an encrypted vault, but half has to be kept in an encrypted vault that will self-destruct if someone tries to get into it. So keep your software keys, separate, keep them off of your main computer. Nowadays put them in your smartphone in an encrypted vault. I use one password there. You can use LastPass, which is another good one. There are many others, but keep them on a separate device. This again is the next step ultimate insecurity. We get into this in our cybersecurity mastery program. When we're talking about some of these different levels that you have to comply with, but you can have a unique key for each disk, that's stored on a separate machine so that when your computer boots up, it has to go to the separate machine in order to get the keys in order to decrypt and use your hard disks. Okay. That's way above and beyond what home users are going to do. It's way above and beyond what a SOHO, a small office home office business is going to do. It is absolutely required for government contracts here in the next three years, it's already required today for some vendors. There's one more step here we've got to remember. That the repair guys have to be able to repair your computer. You're going to want to make it easy for them to access your device. A word of caution. We've had stories, and I have personal knowledge of people working at some of these big companies. Many of us look at it and say, I'm not going to take it to Joe's repair shop, because who knows if they're going to repair properly or what's going to happen to my data, et cetera, et cetera. There was a great article we talked about when it came out a couple of years back from one of the bigger companies out there that have a squad of people that go around and install equipment, fix equipment, et cetera. Where some of their stores were being paid a bounty. What would happen is you'd bring your computer in and they would look at the data on the computer. They would check to see if they could find kiddie porn or anything else illegal, such as well pictures of you smoking crack cocaine, which is what's alleged here on Hunter Biden's computer. They would get paid a few hundred dollars, that technician, for finding it. How's that for scary? They would work with the police. The police had a bounty program. It was just absolutely nuts. So how easy do you need to make it for these people? Don't go crazy with making it easy for them. In fact, in many cases, before I would possibly take a computer in for repair, of course, I don't, right? We repair them ourselves. Or we have a repair company come out and we watch them repair every step of the way. What I would do is remove that drive, no matter what kind of computer it is, and then take it in for repairs. The company that's doing the repairs, they've got bootable USB drives that they can just plug right in, boot it up, it's up, it's running. Life is good and they give it back to you. Hopefully, the problem isn't that, that hard drive was bad. But again, hard drives are easy enough to replace. But what you going to do to make it easy for them to repair, if you're going to ship it to them or give it to them with the hard disk intact, is to remove the password. Now I've done that before with my Apple computers, taking them into Apple for repairs. I also make sure that there's nothing on the machines. We'll make sure the backups good, which you should be doing anyway. Then we wipe the computer by destroying the key, the encryption key for that computer. Then we reinstall the operating system and we test the machine again because sometimes it's just the operating system got messed up. Particularly if you're dealing with a windows computer. So that's always a good thing to do anyway. Then when we give the computer to the repair guy. She's going to be able to just run it and it's not going to require a password and life is good, right? She's often running. That's what I would recommend as opposed to just removing the password on the computer. Remove the password, destroy the address by simply deleting the key and you can do that with these disk and full disk encryption programs, and then reinstall windows or Mac iOS, whatever it is. Check your machine again, make sure it's still not working the way you want it to, and then take it in for repairs. Things do break. It doesn't matter what kind of computer it is. It doesn't matter if it's a smartphone or a laptop or a server, they are going to break. There's your basic tip. Make sure you got the backups. Make sure everything is as it should be. So that you're not going to get nailed and your data's not gonna get stolen if the bad guys did hack into your computer and use it as a store and forward for illegal materials, they will no longer be on that computer. Stick around. We'll be right back and make sure you get my newsletter. Craig peterson.com/subscribe. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16520951

DHS and FBI Warning about Election Hacking plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

DHS and FBI Warning about Election Hacking plus more on this Tech Talk with Craig Peterson Podcast Craig explains why DHS and the FBI are warning us about Election Hacking and why it individual State Website Security is the culprit. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We've talked about the potential here of hackers getting into our election systems and what are they going to be able to do? No, I've never been really big on this, but now FBI and DHS, well they're both disagreeing with me. Hey everybody. Welcome back. You're listening to Craig Peterson. I've talked about the likelihood of hackers being able to influence, I mean, in a very big way, our election here in the US and I've kind of poo-pooed it, because as a general rule with 50 state elections, it would be very difficult for a foreign adversary of some sort or somebody that just wants to mess with us to really cause havoc with our election. Of course, it looks like we're going to cause enough havoc ourselves falls because of this lockdown that we did. All of the crazy things we're trying to change at the very last minute with our voting this time around. This is going to be one heck of an election season. Ah, I'm not looking forward to it. I have been warning about some of the problems that have existed with Secretary of State office websites. Some of these Secretaries of State are putting up websites that allow the local County chairs, city, et cetera, to upload the vote tallies via the web. To the Secretary of State now, on the whole, that sounds pretty good. It seems pretty reasonable. You might remember what happened in Iowa early 20 20. Yeah. Where the Democrats decided they were going to use this app for tallying all of the votes. It wasn't being used for voting, but it was being used for the tally who won. We actually don't know who won the Iowa Democrat caucuses. Isn't that right? Just amazing, because of the technology and the problems behind it. Well, when we're talking now about state hackers, countries that have massive hacking campaigns, ongoing. Yeah. How much could they mess up our election by getting into the Secretaries of State websites? Because not only are the 50 States responsible for running the elections. Tallying the votes, but they're also responsible to give that data, hopefully, good data, the federal government. So how does the federal government get that data? Well, they tend to get it by going to the 50 Secretaries of State websites nowadays. And that's where my big concern comes from. Obviously, I do not like these touch screen voting machines. I know I am a good old fashioned writing on a piece of paper or the kind of the heavier paper, a hundred-plus pound stuff. You fill in an oval for who you want and then that card you put it in the machine. The machine counts it. I love those because the bottom line it's completely auditable. I talk a lot about audits because so many of my customers are getting audited because of federal regulations, but this is different. Let's say the machine tallied, a hundred votes for Trump, and 120 votes for Biden. A spot audit could be conducted. So you take all of the cards that were fed into that machine and you manually count them. Okay. This is obviously a Trump vote. Okay. That's obviously a Biden vote. So you're going through, you're seeing what the votes were for each person and you can now say, okay, it came up the counts the same, and you know, that machines counter right for what you were looking for was correct. Those cards can then be taken later on and you can have a Republican and a Democrat and a libertarian or whatever the parties are in your state watch as those individual ballots are counted because a physical ballot exists. That's just incredibly important. They can't hack a pencil. I love that saying. Right? I think it was our Secretary of State that said that you can't hack a pencil. I'm not sure that's not all entirely true, but it's mostly true. But you can hack some of the systems that are behind the reporting, according to the FBI and the Department of Homeland security right now. An article by Brooke Crothers is pointing out that hackers and they're saying possibly nation-state actors, which means who China, Russia, Cuba, North Korea, Venezuela, Brazil, not so much in Venezuela, not so much nowadays, either because their economy is in shatters because they are a blank country, a socialist country. Exactly. So their economies in shatters. Brazil's in shatters looks like we might get a trade agreement by the way, with Brazil kind of interesting, but. They are saying now that there is no evidence so far, this is a Homeland security, that the integrity of the elections data was compromised. And they're saying that it does not appear these targets are being selected because they are part of our election apparatus. In other words, wait a minute, guys. Our secretaries of state's website, other systems are being hacked just as a part of a random hack. What happens if they get ransomware? And what happens if a nation-state really does want to go after them this week. We saw six spies arrested, Chinese spies who were stealing information critical to the United States of America. They lie on their visa applications. You know, that's why right now the State department's saying you might not want to go to China because China's threatening to kidnap Americans over there and hold them hostage in exchange for these spies. It's not like the old days where we would catch some Russian spies. They would catch some American spies and then we trade them. Right? No, China is right now threatening to, and they already have with Canada and two other countries, they are threatening to kidnap regular old, innocent Americans off the street of China and hold them hostage until we give back there are six spies. Can you imagine that? Yeah, China is not an enemy. China is a friend, right? Well, it's a friend. If they give you one and a half-billion dollars. That's another story for a new section here. What I have been concerned about it looks like it's happening, that these were not attacked because they're part of the election apparatus. These were attacked because they were vulnerable systems. So what vulnerabilities were used, I think everyone needs to pay attention to this cause this is a very, very big deal. This is Seesaw. This is the cybersecurity and infrastructure security agency Seesaw. They are saying that they got in through what's called vulnerability chaining. That is a big deal and that is on my list of things as part of what we cover in my cybersecurity mastery course. This is a technique that's commonly used and it's used against businesses. It's used against federal state agencies, government critical infrastructure, elections organizations. In this case, it targeted something that I've been talking about forever. VPN vulnerability. Don't use virtual private networks unless you really, really, really, really know what you're doing. Okay. This was a target against a VPN vulnerability and a flaw in that log on, which is a windows protocol that used to authenticate people who are connecting over the VPN. Now what makes us even worse is that not only did the Secretary of State offices and other government offices not have adequate security to prevent this, not only did they not have properly configured VPNs, which is like 98% of them out there. So pull up your socks, people. Patches were already available for all of the vulnerabilities. They were already out there. This is what came straight from the FBI and CISA the patches were already there and they had been disclosed and the systems were not updated. So. How safe then is, is our election infrastructure? I go back to what I've been warning about for many, many years, our over reliance on the accuracy and security of the technology. These guys that did it are known as advanced persistent threat actors. Which usually means nation-states. They did not identify who it was most of the time lately. It's been China, no matter what these so-called news organizations have been saying, it hasn't been Russia. Russia really hasn't done much lately. It's mostly China and apparently, it looks like it's a financially motivated nation-state actor that can mean Russia. They are more financially motivated, but so is China. That's why they're stealing our business secrets as well. Okay. Very, very bad. Microsoft. You might remember, we talked about it here in September, said it detected Russian, Chinese, and Iranian actors targeting the 2020 US elections. So this is stepped up activity. They are targeting the 2020 election, according to Microsoft and the national counterintelligence and security center director, William Evanina. It's a very big, very big deal. So something else to worry about for our elections in 2020. It's also something you need to worry about if you are working from home. If you are a business owner or if you're an IT person, and that's why I'm here, I'm trying to help you guys understand this. That's why I have my cybersecurity mastery program. So you can ask me any questions you want to, and we can get things solved. Get them rolling. Be sure you are on my email list so you get my newsletters. You get the training and you know, what's going on. Hey, you're listening to Craig Peterson. We're going to talk about the IRS being investigated this time. You've seen those CLEAR things in airports, let you pass through quickly. We're going to talk about what they're trying to do nationwide. Stick around. We'll be right back. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16520879

IRS and Data Aggregators plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

IRS and Data Aggregators plus more on this Tech Talk with Craig Peterson Podcast Craig discusses how the IRS gets around collecting data on US Citizens. They buy the information from these private Data Aggregators like our friends at Equifax - who by the way collect tons of information on you without your permission (you have no say in what information they collect) and then sell it! For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson (2): [00:00:00] Coming up in this hour, we're going to talk about the IRS. Yes. Investigated for using location data without a warrant. We're going to talk about us airports and the company that clears you going through that little test that they have at the very beginning. Hi everybody. Craig Peterson here. Yeah. If you've ever had a run-in with our friends at Homeland security with blue shirts, transportation security, many people have decided to do something that. I haven't done and I don't know what I would do. I think it's kind of dangerous and we'll explain why here in just a couple of minutes. Of course, at my website at craigpeterson.com, make sure you're on my email list. So you get all of my newsletters and all of that great information that comes with them. And right now, if you sign up, we are including some bootstrap stuff, getting your cybersecurity for your home altogether, as well as for small businesses. So all of that. Craig peterson.com/subscribe. We were talking in the last hour a lot about taking your computer to a computer repair shop and what to do. Well, how about you shouldn't do and how Hunter Biden apparently got himself into a whole lot of trouble by this little eighty dollar repair that apparently needed to be done to his Mac computer. Yeah. Not so much fun. We're going to start out this hour by talking about the I R S. Yes, the internal revenue service, right. We have a system here in the United States. It's different than most socialist countries, certainly different than the fascist and communist countries of old, where you got your check from the government and that was your paycheck. There's no withholdings or anything because of course everything is free and you get money to spend as long as you've cut those little ration coupons in order to spend it. Even then, right, the stuff's not on the shelves. The joys of socialism. Here in the United States, we don't have capitalism in its purest form. There are a lot of limits on what can be done and what should be done. The federal government bets a lot of your money on technologies that never pan out. We could give up hundreds of millions, actually, billions of dollars worth of wasted tax money that went to various friends of various government officials, frankly, when you start tracking down the money, it's very, very frustrating to me and I'm sure to many of you out there. So we have something called the Internal Revenue Service here in the United States. Its job is to collect the revenue, the taxes from the people. We voluntarily disclose all of the money that we make. We are paying taxes with withholdings. If we have, I have a regular salary income, right? That W2 income and the in the cases of some of the other ways we make money, we're supposed to disclose it, right? Like I do some farming. So I had this little form that gets filled out along with my taxes. Cause I got chickens and bees that I raise and. It's just a really complicated system and it frustrates me to no end how complicated it is. That's because we've got our wonderful legislators and rule-makers just constantly changing everything, right? It's kind of crazy. Well, one of the things the IRS has been concerned about is I think a very concerning thing, frankly, and it should be concerning for all of us. This is also part of our cybersecurity control number 16 here, which is account monitoring and control. What the IRS has done, they said, Hey, listen, we got to find these people who are out there who are using these electronic devices and are potentially not paying taxes that are due. Again, this is something I warned about years ago, not just because it's part of control 16, but because. It's just inevitable, right? The government wants to get its hands on all of the data it possibly can. It's like marketing firms, right? As a marketer, you want to know your customer and you want to give them the right message at the right time. What good is it to have an ad for a Ford truck when you're never, ever going to buy a truck? It doesn't do you any good? It doesn't do the advertiser any good. So how does the government do this and what did the IRS do? We've got a couple of Senators right now, Ron Wyden and Elizabeth Warren, who is now demanding a formal investigation into, how the IRS used location data that they got from a third party. We've known for a long time that the Federal Government is not allowed to collect data on US persons. What does that mean? Bottom line, they're not supposed to be out there and looking at what we're doing. I think that kind of makes sense because we're supposed to have privacy. We're supposed to be secure, right? In our papers, our documents, it is part of the Constitution, which is being ignored more and more, nowadays. But anyway, so they're not supposed to be coming after our data. So they go to data aggregators. Data aggregators and I had some on my show years ago when it was first in my mind becoming a real problem. It might've been even a decade ago now, but these are companies that buy data. Some of the data is a matter of public record and you would be surprised I'm sure to find out all of the public records that are out there on you. Some of the data is private that they buy from some of these agencies that track your credit. They give you a credit score. Some of it is a property that you own. It's the state secretary of state's office. That has all of the liens filed under that uniform commercial code. So UCC one filings, all of these things. They get pushed to put together and take driver's information - driver's license information, car registration, and now they have a picture of you. One of the things that they've added to this recently, and this wasn't true way back when I was first interviewing these guys, is the information from your cell phone. Now you might say, well, I have my location tracking turned off on my cell phone. So what are they doing? Have you played a free game lately? To do know what a free game actually costs too, because some of these games that you download, some of the software that you put onto your mobile devices are tracking you in some places sometimes you know about it. These Fitbit watches, for instance, remember a few years ago, there was a big controversy because military members were wearing Fitbit and we're going out and running in the morning and tracking their runs and having competitions with each other, which is a wonderful thing. Then we found that it was being tracked and put onto a public website. So you could see all the Fitbit users all over the world. And you could zoom in on military bases, including apparently secret military bases where people were running around in this big oval, that was about the size you might expect from a landing strip. So this information can be used and can be misused. Frankly, there was a real big thing too. A few years ago, they found some monitors down in Central Park in New York, and then some of the other parks, and they listened for the broadcast that comes from smartphones. Smartphones, for instance, are they're out there trying to find wifi networks. What you can do is you can send out a wifi network ID and then talk to a phone and apparently what was going on is some bad guys were using them to track women who are jogging through central park and potentially attack those women. Again, information that you're not really thinking about, that's being leaked. So what's happened now is the IRS and other federal agencies and state and local agencies have done this as well. The IRS apparently went to one of these data aggregators and they wanted to find where certain people were, where their homes were. So how do you do that? How the IRS wants to find phones, they want to know where you live. All you have to do is figure out where does this phone spends the night, because the phone is at your home at night, typically, right? It's turned on in case the kids need to reach you. This week we got a phone call at like four 30 in the morning. One of our daughters was in pain on the floor in the bathroom and it was a phenomenal thing. So we don't turn off the phone. It's great having that and it was great that you could call us from her bathroom, right? That could never have happened before, but it happened now. Her phone was at her house at night. Ours is our house at night. it is common, certainly not just talking to these cell towers. Right. But apps that are on them could potentially be targeting us, keeping our data, keeping our information. So when we come back, I want to talk a little bit more about this. Because two things I want to talk about that haven't been done to help protect our information, but I also want to tie this back to the IRS again. How far should the federal government be able to go to track people who have no criminal convictions, no history? They're just regular ordinary citizens that are out there. Hey, you're listening to Craig Peterson. Stick around. Cause we'll be right back. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16520453

Data Aggregators and Biometric Databases plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

Data Aggregators and Biometric Databases plus more on this Tech Talk with Craig Peterson Podcast In this very busy segment, Craig addresses a number of tech issues that are in the news right now. First off BEC scams. Business Email Compromises are also commonly known as Spear Phishing scams and target executives. In the past, many came from outside the US but this has changed. Next, he discusses what happened with Excel and the loss of some Covid data. Then he explains why the IRS is looking at Cryptocurrency on people's tax returns. So let's get into it! For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson (2): [00:00:00] We're talking about the misuse of our data by these data aggregators. What's it being used for? What can you do in order to maybe not stop it, at least slow some of it down? What government's doing to us, frankly. Hey, welcome back everybody. Craig Peterson here. So we were talking about these data aggregators and what they're collecting on us. Well, the most recent stuff that they started collecting is information from the apps we're using. Typically we're talking about apps that are free apps as opposed to paid apps. While we're using them we're giving away information about our location. This became such a problem that really came to the attention of Apple and Google both now. Google has had very kind of fine-tuned stuff for many years in Android that tells you the app wants this, wants that, wants the other thing, and frankly, that's pretty darn handy. Isn't it? What Apple has done is, Apple has tried to make it very, very simple for you. Far fewer options. When it comes to the granularity of what an app is asking for. Apple forces these app developers to only get or ask for the absolute minimum that they need. The more recent versions of Apple's iOS and Android have built into them now, a request so that when an app is asking for access to, for instance, your location, this GPS data, it will pop up a little warning. Apple in the latest release of its operating system it did a really nice thing. In fact, I think it was late in iOS 13, they added this, but it started reminding you every once in a while that this app is using your GPS. For instance, in the background, you want it to still be able to use it. They added it a while ago. Hey, by the way, You can just restrict it to having access while you're using the app. So when you're looking at those little popups, come up on your Android device or your iOS device, keep in mind. Okay. What is this app for? Why do I have this app? Oh, because I want to Tetris. Why would an app that is playing Tetris need access to your contacts? Why would it need access to your location? Why would it need access to any of these things? I like the way that Microsoft has gone with Windows and Apple with its operating systems and Android, where it is giving you definitive have warnings now about what apps want. Many of these apps still sell the information. Remember Google is in the business of selling information about you and selling your information as well. So if you have Google maps on your phone, even if it's an iOS phone, you may well be leaking your personal information to Google, and then it goes to the data aggregators. Apparently what the Senators are worried about here is that the IRS had gone out and got data that we didn't receive under a warrant. A letter here from the Inspector General says we are going to conduct a review of this matter, and we are in the process of contacting the criminal investigation division about this review signed by Jay Russell George, who is the Inspector General. That was his response back to the Senators Warren and Wyden. So I like this, right. I like what she's trying to do here. I don't think that they should be able to get this data without a warrant of some sort. But it's happening every day and it isn't just the IRS. It is many other agencies out there that are getting this data and that's what kind of concerns me. So let's move on to another real problem here and this is our personal identities. Remember I mentioned at the top of the hour. This whole airport thing, right. Where we've got TSA out there and they are chartered with, let me put it that way, trying to keep us safe. I think that's a wonderful thing. We used to have airlines and airports that are paying for security. They can still do that. And in some cases they do, but most airports have TSA agents there now. Have you noticed that there are two programs that are being actively used? You've got one, which is the prescreening. So you go, they take your fingerprints, they take all of your identity and they look you up. Okay. And they are checking public records by the way. They're checking to make sure that you buy oil for your home to heat it. If you're in the Northeast or you have an electric bill in your name and that all of the address rest all add up to gather. They check, of course, criminal records as well, but again goes back to the data aggregators and then they say this person no criminal record. And they are pretty much who they say they are. It looks like they're a decent, upstanding citizen. So we are going to l, have them this little pass. Now that lets them be pre-screened. It's a little easier at the airport it's a little faster get through. Although now so many people are pre-screened that line is slowed down a lot. So now there's another program that you might've noticed? Well, there's a couple of others as NexUS and things, but another one you might have noticed, which is called CLEAR. I have a friend who swears by CLEAR because he just goes into the airport Bam he's through TSA. What clear does is it is taking your biometric information and is doing the background check that we talked about before. A real problem for getting through TSA. Right? Is it a real problem? Has it been a real problem for you? Because what CLEAR is doing is making it so that it just takes seconds to pass through TSA. But here's what you're doing. They've got all of your personal information. They've got your driver's license. They now have your biometrics. They have your Iris information from your eye. So they know who you are. They can recognize that eye. Think about biometric information here for a minute. If you are on locking a door, using your fingerprint, that fingerprint scanner has to have that biometric information. Many businesses, many buildings now will unlock doors based on your face. Again, biometric information. There are more advanced systems that listen to your voice. There are systems that watch your cadence as you're walking because those are all unique to individuals. That's what they're doing in China right now, too. You're wearing a face mask, but they can still identify you. There is a problem with having this type of biometric information. I think it's a very big problem. Hey, if you go to "Have I Been pwned.com" and you find that your password and your username were leaked in a hack of a website, let's say. What do you do? Well, of course, first thing, first, you change your password and you make sure you're not using it anywhere else. What do you do if your biometric information is stolen? We'll be talking more about that when we get back, you are listening to Craig Peterson right here. Stick around. Cause we'll be right back. Of course, we're always online, Craig peterson.com. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16520366

Dangers of Biometric Databases and CLEAR's new focus plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

Dangers of Biometric Databases and CLEAR's new focus plus more on this Tech Talk with Craig Peterson Podcast Craig discusses CLEAR and why what they are doing now is NOT a good idea. These biometric databases can be hacked just like any other database. The Danger is - there is no way to guarantee 100% security of your data and if it gets hacked -- You can't change your biometrics! For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson (2): [00:00:00] Hey, who has your biometric information? Is it really a problem? You've got your phone, you unlock with your face or your, maybe your fingerprint, your thumbprint. Where's that information all going? What is CLEAR doing now? In case you're not aware of it CLEAR is a company that has been taking biometric information and using it at airports has got about 5 million members. You're listening to Craig Peterson. Thanks for joining us today. Clear who are they? If you've seen the signs, you've seen the people that walk through CLEAR, either use an eye scan called an Iris scan or a fingerprint scan they're used in airports, also used in stadiums. Well, April this year came as quite a wake-up call for our CLEAR, because the air travel industry just completely fell off a cliff, didn't it. You had the Coronavirus scare spreading worldwide airline passengers just stopped flying. It's just crazy. Some airplanes were turned around and mid to air and sent back to where they came from. Because borders were closed at the very last minute. Then there was the grave reality that hit in April of this year because basically, nobody was flying. Revenue was plummeting, empty airports and airlines are reporting a 95% drop in travelers. Absolutely. Huge. It's crazy. Crazy to think about just how devastating it was. Not just for the airline industry, but for related industries. Well, people hadn't been using CLEAR to travel. My friend, Dean he's sworn by CLEAR because he could just walk right in and walk onto the plane. It was that simple for him. He also uses one of these luggage transportation services, you pay like a hundred bucks a pop and they pick up his luggage from his house they ship it to the hotel he's going to be at and he never has to touch it. He literally just walks on board with the book or whatever it is he wants. Man, am I envious. Okay. So there are about 5 million people who paid past tense for CLEAR's service. It costs them about 180 bucks a year and they would go to these kiosks, that TSA, about 60 airports and sports arenas had these things and it verified their identity. They were able to then skip these long lines at the airport security and off they went. Absolutely phenomenal. Well, it looks like based on a report that came out here from a company called one zero, who looked at some public records that CLEAR's income was about halved. This surprises me that it wasn't 90, 95% drop in revenue knew, but some people just kept going at $190. One zero says that they've had a look at more than 3,500 documents and emails and they have found the CLEAR is now using the pandemic scare to pivot. What it's doing now is instead of just being at the airlines in the stadiums, they want to be the clearinghouse for biometric information everywhere. Absolutely everywhere. It wants to be the identity verification platform. Covering every moment of our lives, every day in our lives. They've already got tons of information from these public sources, from these companies that sell our information. They've also got information on people, customers who used CLEAR to buy at concessions, enter the sports stadiums, and they are now starting to explore if not already selling that data for marketing purposes. Isn't that something? By the way, you can get a free CLEAR identity for stadiums. So you don't have to pay if you're just using it to go into some stadium. So this is very, very concerning. I got a great article on this from one zero.medium.com. Up on my website @craigpetersohn.com. If you want to get into a little bit more. CLEAR considers itself a platform company. They've got something, they call a health pass they introduced in May this year. It's using CLEAR's identity verification service and attaches your personal health information to the profile. This gets really scary. Remember I said here before the break that you should be going to "Have I been pwned", I've said that many times, and if you need a link to that, just email me@craigpeterson.com. I'll be glad to send it to you. Just the subject line, just say radio show. If you go there to "Have I been pwned" and you find that your password has been breached, so you just change your password. What do we do now, if we're registered with CLEAR? If we're a registered traveler? If CLEAR has our facial recognition biometrics? If CLEAR has our fingerprint biometrics? And on and on, and it gets hacked. You cannot change your biometrics. At least that's the whole idea, right? I am extremely concerned about it, which is why I don't use CLEAR. Now let's take that same question and let's apply it to our devices because we are using our biometrics to unlock the devices. Right now the Apple iPhones are the best when it comes to facial recognition, there are a number of Samsung models that have been quite easily fooled. The fingerprint recognition on the older I-phones is quite good. Frankly, some of the Samsung models have been easily defeated for fingerprint recognition. First off do go search on your phone model, find out how good it is? How good is the facial recognition? Because you're giving your facial biometrics to the phone. You're giving your fingerprints to the phone. What Apple has done is they put it into something they call the secure enclave. Now, last week I spent a lot of time talking about the T2 chip about TPM, these different types of encryption, and security controls that are on our laptops and on our smartphones. If you want more about that go to last week's show, you'll find it on Craig peterson.com because I discussed that in-depth. But I'm very concerned about this. My wife and I both have more than 10 digit passcodes on all of our devices. We use 20 plus character codes, login passwords on our Mac books, and on our desktops as well, just to try and keep it safe. Neither one of us actually trust the type of security you get from fingerprints or elsewhere. Now, one of my sons, what he does, is he doesn't use this thumbprint. He uses a knuckle. A print on a knuckle. I know some other people that use various private parts, women, and men to identify themselves. Maybe that's a good idea. Maybe it's not. But I would be very cautious here. Be careful with CLEAR. It might be nice to be able to just zoom through the airport. It's one thing if the government has the information, but governments are losing the stuff all the time, they're getting hacked all the time. That's bad enough but giving it purposely to these companies like CLEAR that really bothers me again, search for your phone online, and in the Apple world, the secure enclave on the phone, that's where your biometric information is kept. It is never ever sent to Apple. Can't say the same about all of these Android devices. Stick around. You're listening to Craig Peterson and we'll be right back. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16520276

IRS investigating Cryptocurrency Cheaters, BEC on the Rise, Covid Contact tracing issues plus more on this Tech Talk with Craig Peterson Podcast 10/23/2020

IRS investigating Cryptocurrency Cheaters, BEC on the Rise, Covid Contact tracing issues plus more on this Tech Talk with Craig Peterson Podcast In this very busy segment, Craig addresses a number of tech issues that are in the news right now. First off BEC scams. Business Email Compromises are also commonly known as Spear Phishing scams and target executives. In the past, many came from outside the US but this has changed. Next, he discusses what happened with Excel and the loss of some Covid data. Then he explains why the IRS is looking at Cryptocurrency on people's tax returns. So let's get into it! For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson (2): [00:00:00] Well, we've got a story here about how Excel may have lost some 16,000 potential COVID cases. A little story about the IRS and really happening in info security right now. Great career. Hi, everybody listening to Craig Peterson. Oh, cybersecurity. IT cybersecurity, I think is a great profession. It is a difficult profession. Don't get me wrong. I talk with people in IT all the time about how it is just kind of overwhelming. How they just got this major inferiority complex in Infosecurity understandably so. There's so much going on, it's a very high-stress job. There is a great article that was out in Dark Reading earlier this year, talking about what was predicted for security roles going forward. Due to the pandemic scare, what matters. Six months later, Dark Reading went back and had a look at it. What they've found is it's just as tough to fill open cybersecurity positions as it was pre-pandemic. In fact, there are new problems now that I, I hadn't really even thought about, frankly. 30% of businesses that responded to the survey said that their security teams are hiring now. 45% said that they need additional staff, but are restricted by hiring freezes or spending limits. So add those two together where it's 75% of companies are looking to get more cybersecurity people. 12% said that they were recently forced to cut security staff. Which is obviously in my view, more than a little short-sighted, right? So they went in and started looking at it a little more deeply. It's a years-old story now, and it typically takes about eight months to replace a security analyst and about four months to train a replacement. There is right now a huge shortage of appropriately skilled workers. Others are claiming it's an unreasonable set of expectations amongst employers, and that job listings that are put out there are difficult to decipher. I think that's funny considering its cybersecurity, right? Get it - decipher. I have thought long and hard about maybe offering some sort of cybersecurity training course. That's what the cybersecurity mastery thing is all about. Getting you the basics of cybersecurity and then have a couple of phone calls a month to answer questions that people have that are in the program. That's the whole thing behind understanding cybersecurity or mastering cybersecurity program because employers want the right skill set. There just aren't enough people out there. The pay is very good depends on what you consider good, I suppose. Right now for a not particularly well-skilled person, the salaries are in the hundred thousand dollars a year range, Which is why statistically looking at this whole thing a business that has fewer than 500 employees with standard revenue based on how much revenue per employee cannot afford a cybersecurity team. You just can't afford it because it's so darn expensive. You're much better to find an outsource team. That'll do it for you. It'll save you a whole lot of money. So keep that in mind. A business email compromise is a very, very big problem. We've talked about it before. FBI is talking about all of the hacks that have occurred via BEC. I've had firsthand experience with it that is how we picked up a couple of clients. We do a cyber health assessment for one company and this company had a few different servers and some desktop machines. We did a whole, what we call an NSAAP, which is a network security assessment and action plan. So we gave them this action plan. These machines need to be upgraded. These machines this software needed to be upgraded. These machines were not properly protected. These ports were open. They shouldn't have been right. So it was a really good network plan for them. I think it was like 300 pages long of stuff they needed to do. Again, this was a very small company. I think they've only got maybe three or four dozen employees and gave it to them. Thanks. Appreciate it. Bye-bye. Then we got a call from them. I don't know what was it? Eight months later because they had become, I'm a victim of a business, email compromise attack. This happens all the time now. This is where someone sends an email pretending to be someone they're not usually within the organization, but sometimes they pretend to be a vendor. One of the attacks that I know of here, that's pretty common, comes out of Eastern Europe. Hey, Mr. CFO. They send this while the owner, CEO, the president is out of town and unreachable, and they know that because the owner posted it on Facebook and the bad guys have been tracking the company for a little while and said, Oh, he's going to be down in Bermuda. This period of time in February. So they send an email to the CFO and supposedly from the business owner, and there are methods they use so that they can use a legitimate email address, or it looks really like it is from the business owner. The email says something like, Hey, we started using this new vendor. We haven't paid their invoices. We're three months behind unless you wire this $120,000 that is going to go away and can really hurt the company. Can't deal with this right now. Please just go ahead and wire the money and then the CFO does it. We saw this happen to Shark Tank's Barbara Cochran. You know her from Shark Tank. She's one of the sharks, big real estate investors. Her assistant got tricked into wiring out - Was it 300,000? I can't remember. It was a fair amount of money. She got tricked into wiring it overseas. Now the FBI tells us that once that happens, 90 seconds later that money can no longer be recovered. It just disappeared. We have clients that have had the money disappear. Of course, we picked them up after it's disappeared, right? Just like this customer that did not do what we told him he should do. Right. Even if they did it themselves, they would have been ahead of the game. They didn't have to hire us to do it. We gave them an action plan as part of our NSAAP evaluation. Right? They lost, last I heard, actually, it has gone up, a $180,000. So they lost money right out of their operating account. It got emptied and they also ended up incurring all kinds of fees and then they couldn't deliver some things. So they had problems with customers, right.? It just goes on and on and on. This stat is something that was a bit of a surprise for me. There's a study that was just done looking at business email compromises and found that the attacks are coming one-quarter of them from the United States. One-quarter of all of the business emails is coming from the US. Of course, many times these people are caught by the FBI and end up in prison. But of these attackers located in the US, nearly half of them are in these five States, California, Georgia, Florida, Texas, and New York. So be very, very careful. Interesting reports got information from more than 9,000 defense engagements from this year between May and July, right? 2200 of them, by the way, they could identify the likely location of the attackers. So interesting stuff. That's a problem. IRS is saying that they may have a question and on the top of the new form, 1040 asking filers if they dealt in virtual currency in 2020, we talked about the IRS earlier in the show today. The IRS is concerned that people are making money off of these blockchain things, like Bitcoin, and are not reporting the capital gains that they had from these cryptocurrencies. So be careful with that. IRS is starting to take that very seriously. Then COVID, we put all kinds of systems in place because of the panics around the Wuhan virus and worry about people having the COVID-19 symptoms. Apparently in the UK, more than 50,000 potentially infectious people may have been missed by the contract tracers. How? Well, Microsoft has a million row limit on the Excel spreadsheet. Now, if you have a spreadsheet with a million rows in it, you are misusing spreadsheet software that really needs to be in a database somewhere. Okay. That's not something to do in a spreadsheet. Apparently what they were doing in the UK is hospitals, et cetera, or we're sending in spreadsheets. We're probably doing the same thing here in the US and then those spreadsheets are being pulled into one master spreadsheet and almost 16,000 positive tests were left off the official daily figures which translate to more than 50,000 potentially infectious people running around. A great little story from the guardian. Again, all of this stuff is up on my website. I have a great newsletter people love, and I'd love to have you on it. Where I talk about these things. We do a little bit of training. I answer people's questions. You'll find it all @craigpetersohn.com slash subscribe. Make sure you're on that list so you can stay on top of these things. Take care, everybody we'll be back next Saturday at one. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16519589

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet 10/20/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito. We got into a lengthy discussion about Hunter Biden and the legitimacy of the emails and how to tell, also about computer repair shops and then a little about Steve Scully's tweet and his lies about it. Here we go with Jim. For more tech tips, news, and updates visit - --- Automated Machine Generated Transcript: Craig Peterson: [00:00:00] That is a dead give away and these news agencies such as Fox who have seen both emails, I'm sure dug into it because they said these emails were legitimate because we now have a second source. Hello everybody. Craig Peterson here. Thanks for joining me this morning with Mr. Polito. We did a deep dive into one topic and that is because of what's happened with Hunter Biden's computer. What are your legal rights? What can you expect? What are these guys going to do? I even reveal a company that I know that was doing something I consider very nefarious. So here we go with Jim. Jim Polito: [00:00:42] You know, we're going to call a little bit of an audible here with our good friend, Craig Peterson, the Tech Talk guru cause we got a lot of stuff we could talk about. How about cryptocurrency? The IRS tracking your location with all those things. But, we want to talk about Hunter's laptop. What it would mean for you? What's this all mean? Your data? So let's bring him on board. Our good friend, the tech talk guru. Craig Peterson. Good morning, sir. Craig Peterson: [00:01:12] Hey, good morning, Jim. Jim Polito: [00:01:13] Craig, you're the guy, you're the go-to guy for something like this. So let me just lay it out for you. So let's say it's not Hunter Biden. Let's say it's me. I bring my laptop to a repair shop. They give me a receipt that says, look, Jim, if you don't pick it up within 90 days, it's ours. Do they, can they really do that? Then do they own all of my data? It's one day you own that piece of it equipment, right? Because it's a piece of equipment, but inside that piece of equipment, there's a lot of data. Do they own that? So I guess that's where I'd like to start with. Craig Peterson: [00:01:50] Yeah. It's a very good question and many people just don't pay attention to. Apparently, Hunter signed that receipt when he dropped it off saying, yeah, you don't makeup at 90 days, it's yours. This is similar to a mechanics lien where someone comes to your home does some repairs, maybe the oil company delivers oil. They now I have the ability to, without even your knowledge, go ahead and get a lien on your property. That's valid until it's paid for. This is the case when it comes to computers as well. You leave that computer, particularly when they bring it up to you saying, Hey, listen, you have 90 days to pay after it's repaired and at that point it becomes ours. That's pretty darn common now. As far as the data goes, Jim, there are some steps you should take in advance. Also, one other thing that I have heard from someone who knew this first hand that I think people need to be aware of. That is some of these shops that you take your computers into. The one I'm thinking of is one that pretty much everybody knows it's a national chain. They have little deals going on where they'll get paid, this was the case as of a couple of years ago, if you bring the computer in and one of the technicians find something, like child pornography on that computer. It may not even know it's a child right there. It's crazy what they're doing with porn nowadays, but they get a $300 bonus for every computer where they look at the contents that are on that computer and then report it to law enforcement. There's bounties on our computers out there. Jim Polito: [00:03:44] Wow. So I do remember that so-called organization. When you bring your computer in, we won't give them any at free advertising. Not that I would support anyone that would have child pornography on their thing, but that's interesting. So I guess, uh, you, you bring your computer over there. It's you might as well as open it up. To the stranger and say, you can, you can look at whatever you want. Craig Peterson: [00:04:15] Yeah. You know, I had a case, I was a witness, an expert witness in the case out of New Jersey, and in this case, it was also a computer that was found to have kiddie porn on it, apparently. Here's the problem with this, Jim. You and I, we have our computers at home and our computers at the office as well. If you're a business like mine is we have servers. Very frequently what happens is our devices are taken over. They are controlled, remotely. There are remote controls. There's a whole name for that. That called rats, which is remote access or various types of remote access. But anyway, they have been using our computers to share child pornography, to share pictures, videos of beheadings of Americans, of burning Americans to death inside this state. I'm not even gonna get into that horrific. On our computers using our business computers, our home computers that just were not properly secured. So things are tough and there are some things you really should do before you take your computer to a repair shop for repairs. But in reality, you never really know what's on that computer unless you look at it thoroughly. Jim Polito: [00:05:41] So what do you think the chances are that this is really his? Have you been following the story? Craig Peterson: [00:05:49] Yeah, I've been following it pretty closely. Cause, of course, it does intersect with my business. Where we're trying to secure things and I think from everything I've seen, particularly now that there are corroborating emails from other people that we're in those email chains. I think it's legitimate. The way you corroborate these emails isn't just, you look at the text of the emails. But you look at the headers of the emails. Every time an email goes through a server or goes through a mail filter it is assigned a unique serial number. Jim Polito: [00:06:23] Ok. Craig Peterson: [00:06:24] So. Any emails, probably gone through three, four, five different servers have these serial numbers. They're all timestamped. And putting those together makes that a very unique identifier for that email. So if two people have emails that did go through the same servers and they will have at least gone through one server, that's the same. It will have a unique email. Oh, you don't see that. Normally if you're using outlook, you click on an email, you right-click on it and say view source, and then you can see it. But that is a dead giveaway. These news agencies such as Fox who have seen both emails. I'm sure dug into it, because they said that these emails are legitimate because we now have a second source. There may be a third source very soon now. Once you've got those types of sources and the serial numbers and the timestamps all match up. Now you've got corroboration that these are the legitimate emails Jim Polito: [00:07:29] We're talking with Craig Peterson or a tech talk guru. You know what Craig, why not? Why not just switch to something else? Not Jeffrey Toobin. I promise you, I won't bring up Jeffrey Toobin and his Zoom call. But let's bring up somebody else. Steve Scully, the reporter or the anchor for C-SPAN. He wrote a direct message to Anthony Scaramucci, the MOOCH, and he thought he was writing a direct message and he actually tweeted it and it exposed him as probably having a bias against the President. He was supposed to be the moderator for the second presidential debate. But he did the old, I don't understand why they do this. It's so stupid. I was hacked. I mean I was waiting for Tobin to say that, but he was smart enough not to. I got hacked. That's ridiculous because you could tell me in no time at all if I had been hacked and determine whether or not I was telling the truth, Craig Peterson: [00:08:31] This is an interesting problem, right? Here he is a public figure saying that his account was hacked. It looked like a legitimate message that he might send, right? It wasn't anything outlandish. It wasn't, Hey, send me $10,000 in Bitcoin and I'll send you 20,000 back. Jim Polito: [00:08:48] Right. Craig Peterson: [00:08:49] Which is very suspicious? Yeah. And when somebody likes Scully goes ahead and says, I was hacked and a police investigation gets started. That's when the ball really starts to roll. Apparently, the FBI has gotten involved in this. I'm not sure if charges will be coming. It is quite easy to figure out whether or not it's been hacked. If you have access to the account and the information. So C-SPAN suspended him after he admitted to lying. But in this case, the only place that would really know would be Twitter who has logs of the TCPIP address, the home address, if you will of Scully. Where it was posted from? Where he usually posts from? They also have information about the GPS coordinates from once it was posted. You can tell a lot of this stuff now. I mean it's such a stupid excuse to try and fall back on. Yeah Jim Polito: [00:09:55] You're going to get caught in a second. You really are. There are so many different ways to catch you for saying that. It's such stupid. As usual, Craig, I know this is outside of the realm of tech, but when you caught doing something wrong, don't cover it up because the coverup is often worse than a crime. If Scully, just comes out and said, yeah, you know, I was asking for some advice. And it was no big deal. You know, it was no big deal. It story would have ended. Craig Peterson: [00:10:26] What happened after that. Mr. Nixon. Jim Polito: [00:10:33] Very good Craig. All right, Craig Peterson, folks, you can catch him on WTAG, WHYN Sunday mornings at 11 o'clock with a great show. Then Danny, Steve, and Kevin, they all drop the show in when there are other openings on the weekend. But, Craig, how do folks get in touch with you? Craig Peterson: [00:10:53] Well, if you have any questions or you want to get on my newsletter where I cover all of these topics every week. Yeah, we are going to cover this whole Hunter Biden and what the steps are you should take when you take your computer to a repair shop, just go to Craigpeterson.com. If you sign up for my newsletter, I'm not going to beat you up on anything, right. This isn't a marketer thing. I. I really want to get the information out. So just go to Craig Peterson slash subscribe. I get questions every week that I answer. In fact, I've been putting them in my newsletter the last few weeks with the answers, obviously not exposing who you are. I'm not including those message IDs. okay. Really a lot of great information. Yeah. You can send the question to just me. M E @craigpeterson.com. Jim Polito: [00:11:41] All right, Craig, it's always great to have you onboard, especially days like today. Always a pleasure. And we look forward to talking with you again. Craig Peterson: [00:11:50] All right. Take care, Jim. Thanks. Bye. Bye. I probably won't be back to WGAN is doing a post-election thing. They've got a little election going on, so I will be back this weekend. And although this is a crazy week, so what I'm going to do is have part of the show will be fresh and new, because I got to cover these going back to the repair shop things. I also might have a couple of segments that are best of as well. This weekend. Take care, everybody. We'll talk again soon. Bye-bye. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16484078

AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities 10/19/2020

AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities Welcome, Good Monday morning, everybody. Craig Peterson here. You will find here a different host this morning on NH Today. Jack Heath has moved on to another radio group. I was on with Scott Spradlin. We discussed election security in the light of revelations by the FBI and DHS about Nation-State Actors accessing our election systems through known vulnerabilities. Here we go with Scott. These and more tech tips, news, and updates visit. - --- Automated Machine Generated Transcript: Craig Peterson: How vulnerable are the web pages where these final tallies are as well. So we've got now known nation-state hackers into our systems. We've got them into web sites as well, where the tallies are displayed. We've got to be very, very careful. Jack Heath has left, and now we have Scott Spradling and at least for the time being. [00:00:23] I like Scott. He's a professional news guy reporter for many, many years, and that's who I was on with this morning. Jack has apparently moved to another radio network. So we'll see what happens with him there. Best of luck goes out to him. So here we are this morning with Scott Spradling. [00:00:41] Scott Spradling: You've heard me on with him before, but I think it's been a little while. Let's talk a little bit about what the FBI is doing and how technology might be used to protect our elections' integrity. Craig Peterson from Tech Talk joins us now on the air. [00:00:54] Good morning, Craig. How are you? [00:00:56] Craig Peterson: Hey, good morning, Scott. And as you may know, I've been involved with the FBI for some years now. In fact, I ran there and their entire webinar program for what they call Infragard. And InfraGard is trying to get regular businesses all the way through government agencies, whereof what's going on out there. [00:01:18]We've got a new one that just came out on Friday. It turns out that the FBI and the Department of Homeland Security have now confirmed that hackers and, in this case, nation-state hackers, which means countries like China and Russia and Iran, and maybe others, including North Korea, have gained actual access to our election systems. [00:01:42]They went in, and they would use multiple vulnerabilities to get in over something I've been warning about on my show forever, and that is misconfigured VPN. So this isn't going to help matters. [00:01:56] Scott Spradling: So how many States, and this is not a fair pop quiz. [00:01:59]Approximately how many States have a lot of their voter type information or access to the totals electronically that are vulnerable. The reason I ask is that if nothing else, Bill Gardner has a system that is in my mind, largely offline. Cause if the electronics go sideways, we've got paper ballots as a backup. [00:02:18] So we can hand count if we have to in New Hampshire and assure a good election result. Are a lot of States moving more towards paperless and then being vulnerable. [00:02:29] Craig Peterson: Well, Justin brought up, of course, the year 2000 in the wonderful times we had passed then. That really woke up a lot of States. Many of the States are using that same system that Bill Gardener's using here. It's phenomenal. It's the only way to go, which are you fill out a paper ballot? It goes into a machine. It can be spot-checked to make sure the machine looks like it's accurate. [00:02:53] Where the problem has been coming in that we're most worried about here is Scott, because so many have moved to that, is how the votes are finally tallied. [00:03:02]In many States, what they do is the federal government go to the state's webpage to collect the totals. The question might be asked how vulnerable are the web pages, where these final tallies are, as well. [00:03:19]We've got now known nation-state hackers into our systems. We've got them into websites, as well where the tallies are displayed. We've gotta be very, very careful. I, too, have heard Bill talk about what they're doing, and I think we're in pretty good shape. But we've got to pay a lot of attention here because the hackers really are after it. They're just trying to upset our election. [00:03:44] I think they might be successful. Not to mention all of these other potential problems that are out there. [00:03:50]Justin McIssac: One of the freelance jobs I used to have was going around and collecting election results from different towns in Rochester and then calling them into the AP. [00:03:56]The way in New Hampshire works is. You get the fill in the circle thing, and you feed it into that machine, at the end of the voting cycle, that spits out a receipt, like an actual receipt telling you who got what. [00:04:08] So almost like here's a real deep cut for sci-fi dorks. It's almost like an Admiral Adama situation where he had the Battlestar Galactica offline so the Cylons couldn't hack in. We don't have to go that far. Do we, Craig, take everything completely offline? If we have those types of backups with a physical paper printout, or what do you think? [00:04:27] Craig Peterson: I think that's a pretty good way to do it and keep those ballots around and allow people to inspect them. I don't know if we have to go totally Admiral ADAMA on this. I am concerned that we have 50 individual state elections, and every state's doing it differently. Every state has different competencies, and that boils all the way down to what you were talking about, Justin. It's really the towns that are doing some of these tallies. I get a little bit worried about those things. Final tapes in some States they're using these touch screen devices, and then it spits out a little audit trail that looks exactly like what you might get at the grocery store. Those things fade over time. If someone leaves them on a dashboard, they will go black. [00:05:11]I have a little less worry here in New Hampshire than I do for other States. Scott started by talking about what's going to happen nationwide. Will we know by that deadline on December 14th who the President is? [00:05:24] I am very, very concerned because of an over-reliance on technology. These systems are hacked by the FBI and Homeland security. All of the hacks that happened. We're using software that had patches out. These were sometimes known four months and a couple of them for more than a year, but the local States and towns did not bother applying. So it's a real problem. [00:05:52]Here in New Hampshire, we're great. We have these devices, and they are loaded with ROMs. One of my sons is a ballot inspector. He went and physically looked at the machine, although there were a couple of problems with the machines used in his precinct, the final device, a little memory stick, if you will, that's inside, that machine did have the right seals on it. It had not been tampered with when he checked it. So I like what we're doing. [00:06:19] I think we got to pay a lot of attention. [00:06:21] Scott Spradling: Good final thought. Hopefully, technology and paper ballots will combine nicely for a clear result with no debate by the time we're done at the end of election night, or at least within a couple of days. So we'll see. [00:06:33] Craig Peterson: Yeah, that'll happen, Scott. [00:06:34] Scott Spradling: I like it. I like your optimism. Craig Peterson from tech talk. Thank you so much. My friend, I appreciate you being on the air with us. [00:06:42] Craig Peterson: Take Care. Saturday 1130. I'll be right back here. [00:06:44] Scott Spradling: Excellent. We'll see you then. You're listening to New Hampshire Today. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16459070

Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast Craig discusses a new Phishing Scam that is targeting Republicans with a legitimate email but that adds an attachment with a nasty trojan payload. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hi, everybody. We're going to be talking about some new Trojan malware that targets Trump supporters. Some new tools that are out there. Ransomware being paid by one of the country's biggest online providers right here. Hey everybody. I'm Craig Peterson. Today we are going to with no exception, get into some of the things that you need to know. Some of the things that you might not really be aware of, you've always wanted to know, but I'm here to explain it to you. This is the sort of stuff I like to do, and I've done pretty well for many years. So let's get right into this malware. We've talked about phishing before and for a quick introduction for the rest of you guys, phishing is where someone is trying to get you to do something and they are just trying to trick you into it. So you might be familiar with some of the old phishing staff, the Nigerian Prince scam nowadays, they've gotten much more sophisticated, try and get you to click on a link to do that something. So they might be phishing so they can put a Bitcoin miner on your computer. They might be phishing to do something malicious, maybe. very malicious right now. There are some bad guys out there who are phishing Trump supporters. Here's what they're doing. They're taking legitimate emails that have been sent out by other Trump supporters. Some of these political action committees. That is really single focused on one thing or another, and they'll be supporting a candidate that supports their, so there's these PACs on both sides of the aisle and all the way in between. All right. The biggest problem, if you ask me about DC is, that's where the money goes and so that's where all the attention goes. So you're online. You're looking at your email and you see an email that has a subject line that starts with forward. I got to point out in case you weren't aware of it, subject lines that start with forward, like FWD colon, or re R E colon, as in regards to. Those subject lines tend to attract a lot of attention. The only subject line that tracks more attention is if someone has your name in that subject line. So these emails that are being sent out by, we're not sure who yet have. Forward or re: up in the subject line and, we'll talk a little bit more about what is in that subject line. So there are things like breaking President, Trump, suspends funding to the WHO that is one of the most common ones they're using right now. Of course, we're looking at President Trump and he's been calling the world health organization corrupt and seen an email like this would get you to open it. Wouldn't it? You know what, frankly, between you and me, so would people on the other side of the aisle, right? Cause they want to hear what's Trump doing this time. So the idea, yeah, it is it's political. Another one is an email with a subject line that says stand with Trump again, that's definitely targeted at Republicans who want to open it because they want to stand with President Trump. And they're also using something called display name spoofing. If you look at emails, you receive, you'll see, it says it's from so and so. Well, that's not necessarily who it's actually from there's some spoofing you can do there and a lot of these guys are doing it. There are ways to block phishing. Phishing, by the way, it's used a lot by ransomware. That's not what this is. We'll get into what this is exactly a minute. But you've got to have some really great stuff in place. Hey, if you're interested in it. our friend of mine, Guy, he had sent me a thing on LinkedIn this week about that's a really great little ransomware checklist. It goes through the basics of what you should be doing to protect yourself against ransomware. And if you want me to. I'll dig it up for you and send it off. Just email me@craigpeterson.com and in the subject line put ransomware. I'll notice that. I will, I'll send it to you. Just send it to me@craigpeterson.com. And it's a great little checklist on ransomware, and it's telling you should be doing things if you are a system administrator like looking for specially signed DNS records and other things that are going to help identify the reality of who they're talking to. Very important. DMark is one of those types of tools. Now they are also using hijacked legitimate, the email addresses, and they'll use those to send out these emails. So they'll take an email from a PAX, a legitimate email. They will forward it, quote-unquote to you. It looks like a foreword for all intents and purposes. It is, and it has all of the links in it that the original email had and all of those links, some, the original email will work and they'll take you to the places that you expect to go to. The problem with this one is that they have a word document attached. Not that having a word document attached isn't necessarily a huge problem. We've had problems in the past where it was effectively a drive-by download. Sometimes you did not even have to open the email in order to get the infection nowadays unless you have very out of date software nowadays, you do have to open it. So if you get that email, you click on the attachment. You open the attachment. That's when the real pain starts, because inside that attachment is a Microsoft word document that has something inside of it called the downloader. So you open up that document down comes EmoTet and once Emotet is on your system, that's when it all hits the fan. What happens with EmoTet is really nasty. It starts to try and spread within your network. It scans for open services. I'm looking at a whole chart here on EmoTet which is known as S zero three six seven. It'll start to scan ports on all of the systems on your network, on your own system. It uses the most common ports that you might think of port 80, 80, 84, 43. In one instance, it has used. port four, four, five, which is an SMB exploitation. SMB is windows file sharing. So it uses a number of different types of attacks here to go after services that are available on your network, on your computer, and on your network. And then it spreads laterally and it starts to scan other machines. This is where EmoTet is different than some of the others. It acts like a worm. And that's the very first piece of malware I had. That's what got me going on cybersecurity. Cause back then, I'm pretty much, nobody had even heard of a worm before. What a worm is for those that don't know. Is it some piece of software that gets onto one computer and tries to crawl through other computers all the way out? Now you can see where the problem comes in because it now will try using all of these different protocols, try and get onto another computer. Now we can get on another computer as simple as getting onto your file server. Are you using the VPN in your business operation? A lot of our people are at home. This is one of the real dangers of VPNs. VPNs do not make you safer. Don't think that they make you safer because in almost no cases, do they help with the safety. What's gonna happen with the VPN, if you're connected, is something like EmoTet or some of these others that spread like worms are going to try and crawl through your VPN to the other side. You say, Oh, we've got a firewall quote, unquote, in the other side, We've got a SonicWall, we've got whatever it might be. Is that configured to stop a worm from crawling through and getting into other machines? And you might say, Yes. Yes, of course, it is. We block out all other servers that user at home only has access to the file server and their own computer acting as a file server isn't that just hunky Dory. The problem is it has access to the file server. Your typical ransomware even is going to start pulling files off of the file server, sending them over to Eastern Europe for examination to see if they can use it for extortion or to see if they want to use it for ransom, just hold the encrypted and hold your data ransom. All of that stuff can happen over your VPN. Just as if you're sitting there locally at the office. Remember that you've got to have all of your security, not just in the office, not just maybe at the edge of the firewall, but everywhere. We're setting up systems now, that one packet will be examined five times as it flows through different firewalls within the organization. So that someone who's sitting there working on something is going to have to go in and out of firewalls just to get to that server. It's not just the packets that are examined nowadays. We're talking about having the data examined, completely reassembling the streams, and looking at it and looking at it all very closely. Hey, you're listening to Craig Peterson stick around because we will be right back. We're going to be talking about a new scanning tool release and what that's all about. So stick around. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16435391

Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast Craig discusses one of the security tools he uses and why you should use it too. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Remember everybody, don't open those email attachments. I'm going to talk about a new tool released out there that if you're involved with security, you probably need it. So here we go. Hi everybody. Craig Peterson here. I want to talk right now about this great tool that I've been using for decades now, I think. It's called Nmap. Now it's something that I cover. In my cybersecurity mastery course, but it's something you can do to learn a lot about yourself online. There are YouTube videos about it and many others. But the idea behind Nmap is to be able to check and see what's on your network and not just what's on your network, it'll also tell you about what that particular device is, and it just does a whole bunch of things for threat management. It'll check ports. Some of this stuff can go so far as to actually try and break into the systems. Now, Nmap isn't designed to do that. It really is using fingerprints to figure out the operating system that's in use, which is really handy. Particularly for the internet of things devices that might be attached to your network. This is great for home use, as well. If you're a little bit of a techie, they have new protocol libraries. They've got payloads. Now that they've added for host discovery, port scanning version detection, which is really important to make sure that you have the latest version of different software on your systems. So you're not running something outdated. They've fixed a whole bunch of bugs. They've got some different improvements and code quality improvements. But one of the biggest things is that they're using a new driver for raw packet capturing and sending out on the windows side and the Unix side it's been stable forever, but on the windows side, there's never been a really great way to do this. There's something called WinPCap, but that driver has not been updated in the last seven or eight years. It doesn't always work on windows 10. It's using deprecated Windows APIs. I know this is a lot of. TLAs write three-letter acronyms for everybody out there. But bottom line, there is a new driver that lets software like Nmap send and receive its own packets it creates. Normally if you are writing just regular old software where you would open a network connection to a server and then speak whatever protocol you wanted to. You would ask the operating system, Hey, open up a TCP session on port 82, this web server, and so on that remote server. Obviously, I had to get them an IP address, ultimately on that far server. There's a web server and it's listening for requests on port 80. That TCP session requires five packets going back and forth, and then it's established, and then you send your get requests. So it would be like getting space HTTPS slash one dot one or whatever it might be. Whatever version of the HTTP protocol you're trying to use space. then the file you want and the server name. Then the remote server responds. It goes back and forth. There are a lot of packets that are exchanged between your computer and the remote computer, whether it's a web server remotely, or might be a file server remotely could be almost anything remotely. There's a lot going on if you're trying to do diagnosis on the network, if you're trying to figure stuff out, you want to get down to that level. Really. Remember I said, though, that the initial TCP session took five packets in order to set it up. That takes quite a bit of time in internet time because those packets have to go back and forth. Google, in fact, came up with a new version of the protocol that requires less handshaking going on. Software like Nmap that is going to connect to that web server itself wants to see all of the packets. It does not want the operating system to be sitting there, setting up the connections, and sending the data back and forth. It wants to do it. That's the whole idea behind the raw packet capturing and creating is all about. On, the Unix world, which includes Linux, Mac OOS, solarise BSD they've had great packet capture. Code running forever, but this is brand new for Windows. So if you've tried it before and it didn't always work, try it again. Nmap N M A P online, just do a search for it, or you can download it from the Nmap.org, N M A P.org. As I said, this is one of the tools we teach and answer questions about in my cybersecurity mastery course, because it's just so important. So Nmap is basically a command-line type program, but there's something called Zenmap that you can get as well as right there on the Nmap.org site that gives you a graphical front end. If you would like to tinker you probably we should grab it and download it. It's already compiled. Although you can get the source code for you can also check signatures, GPG, signatures, and SHA one hash is for the different releases they've got install, guides, everything. They try and make it very easy for you. The idea is once you have it there on your computer, You can then go ahead and run the latest release, which is right there on the homepage again. Nmap that's November Mike Alpha, Papa N M A P.org. You can just download it from right there and you're off and running. It is very handy. So you run it against your network. It's gonna come back now and show you a whole bunch of information that you need on your network. So there are penetration testing uses, Nmap defense, of course, uses Nmap. There's a bunch of stuff. Password audits, vulnerability, scanners, just all kinds of stuff that you can use right there. On the Nmap.org site. This is going to take you off-site. Now, if you're on a Unix distribution, like a Linux distribution, You can just grab RPMs for your distribution, whatever it might need be. If you're on a Mac, I think brew has it use brew. That's what I use all of the time for managing third-party software. Like this open-source stuff. It'll just download and install it for you, which is really cool. Use the least concept of least privilege. Which is what you really want to do. They've got a, they've got a reference guide that's showing you absolutely everything. There's an SSH service that it discovered on this machine. It's going to tell you which version of SSH it is. It's going to tell you what the operating system is. It's going to give you a key that you can use now to distinctly or uniquely, I should say, I say, identify what it is. I'm looking right now at a scan and it's showing me there's an SSH service. That's what I use in order to connect remotely to a computer and do command line stuff. It's showing me that there is an open Apache server, which is a web server. And it even tells me the version it's HTTPD protocol, a 2.2 0.14 running Ubuntu. Very handy stuff, because you can then feed this into other tools to know. Is it up to date? Do I need to do updates? In fact, this Nmap stuff is used as the basis for the code that uses. Cause we'll use Nmap, it'll do scans, it'll find stuff and create a database. Then we take that database back. If you have us do an audit for you, for instance, you give us the database. We don't even have to run the software. You just run it. It does all of his scans, puts it in a database. You send the database back to us in a zip file. We run it into a whole bunch of process software that lets us know exactly what's going on and also compares the versions. Check it out. Nmap. November Mike alpha, Papa dot org. Absolutely valuable tool for everybody. Hey, we're going to talk about paying ransoms when we get back in and what Tyler technologies did and why. So stick around. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16435307

Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast Craig discusses why State and Local governments are getting ransomware and who is actually at fault. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, Tyler technologies, you might not have heard of them, but you've almost certainly use them. And we'll tell you why they got nailed by these human-operated ransomware pieces that are floating around there as part of phishing expeditions. Here we go. Hey, thanks for joining me. This is Craig Peterson of course. Tyler technologies, you might not have heard of these people. They are the largest provider of software to the United States public sector. At the end of September, Tyler technologies disclosed that they had been nailed by a ransomware attack. Its customers, which are public sector companies, Or not obviously not companies, but organizations like towns, counties, States, it's customers reported finding suspicious log-ins and. What is called the RATS on their networks? A rat is a remote access tool. Remember I've told you how we found Chinese back doors on networks, time and time again and we continue to find them. Those are rats. Those are remote access tools. What happens is your network gets infected bad guys, gets onto your computers and they install software that gives them remote access. Isn't that just phenomenal? Oh, we have the majority of states here in the country that are using Tyler technology services and software. Some of those, at least I have found remote access tools on their networks. That is a very bad thing apparently. According to security affairs.co, apparently Tyler notified law enforcement about it. It took place on September 23rd and they brought in a forensics firm to investigate the incident and trying to figure out what did the bad guys get. That is a very big question. Did you know that if you are a business, you are required to be able to figure this out? Under certain federal contracts or DOD particularly you are required to keep long-term logs. Those you have to have logs of everything that's been happening on your network for the term of the contract. I think it's plus three years, depending on the contract, that is a long time. That's a lot of logs gets pretty expensive, pretty fast. When you're a company like Tyler technologies you'd think they would have some absolutely amazing logging software. But do they? No. No, of course not. I see this all the time. We've got to be careful people. We've got to keep the logs that come in from our firewalls, the logs on our computers. They need to be basically vacuumed up and put into a database for at least a few weeks so that an investigation can occur. If something were to happen. One of the things that we've got to keep in mind too, is that from the time the machine is infected until the time they are moving around in the network right now is about a week. You have five to seven days to notice that you've been infected and to shut it down before they start expanding. So having a few weeks worth of detailed logs of everything going in and out of your firewall and everything going on your computers can quickly Put an end to the types of hacks that Tyler experienced. As I said, depending on the regulations you're under, you could be in trouble. I had probably about a dozen people this week asked me for my audit kit. So if you'd like a copy of my audit kit, if you are in a state or a local government, or you are in business, I have an audit kit that covers everything, all of the major stuff anyway. FINRA requirements. If you are a financial organization dealing with personal information, identifiable information, et cetera, just send me an email in the subject line. Just say audit. Kit. I'll email one out to you so that you have that I'm not charging for any of this stuff. It is a checkmark thing. This thing's over 300 pages just long. Okay. It has all of these different standards in it, but it's something you can use. You can sit down and go through it with your IT provider or your internal IT people. Or you can sit around at the conference room table with your senior managers and go through it because there are different sections in it. So the very first section is just general high-level stuff to make sure that you're going, to have general compliance. And then it gets right into the national Institute of standards, technology stuff, the NIST 800-171, and some of the other sections that are needed. So it even goes to absolute detail here bit by bit if you want that. So I can send that to you if you want. I'd be glad to. It's a PDF. I found a lot of people had it bounce, though. I think the majority of them, cause it was a huge and like 20 megabytes, which is crazy. So I compressed it. I use PDF Expert on my Mac to compress it down to about 12 megabytes, which is still too big to send by email. As a general rule email shouldn't be used for anything that big and by the way, a lot of email filters we'll assume if it's a big piece of email, a big attachment like that it's malware. I'll probably just send you a link to my Dropbox account so you can pull it right out of there when you want. Anyhow, that's just me, M E at craigpeterson.com audit kit. Be glad to send it to you. It's useful for home users as well. You're not going to, of course, delve into all of the more detailed stuff for specialized businesses, but you are going to be able to have the nice high-level stuff that is going to help you out. Immediately after this attack friends over at Tyler technologies said that the incident only impacted the internal network and phone systems. Yet, it looks like they got the ransom X ransomware. This is human-operated, ransomware. This is the type of stuff I've been talking about. It's a RAT. It's remote access. It allows them to get in, like a Chinese back door. With human-operated ransomware, they get onto the computers and they start poking around. Back in June this year. Ransom X again was used in an attack on the Texas department of transportation. In September effected systems over at IPG photonics, which is this high-performance laser developer. Bleeping Computer, which is a great site for keeping up on some of this stuff is also talking about now how Tyler technologies paid a ransom to receive the decryption key and recover encrypted files. Now you might ask yourself, how do they figure out what ransom they should charge, right? A home user's not going to be able to afford the same ransom that a city can afford and just ask Atlanta. How many times have they had ransomware and paid ransoms and been down for months, some of their systems, just crazy. They do it with this type of ransomware, where you've got a human-looking around figuring out what is this? Is this a business? This, a home user. Okay. So we'll charge them a couple of hundred bucks. Oh, this is a city. So let's spread laterally. Let's poke around. Let's see what the weaknesses are in their internal networks. Remember I said earlier in the show, that we run sometimes through firewalls here at five or six times, that's called ZeroTrust and that's to stop these attacks. We gotta be able to stop them. We absolutely have to be able to stop them. All right. Crazy times we live in, you're listening to Craig Peterson. I'm feisty stick around. Cause coming up, we're going to talk about the five G in the U S of A. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16435232

5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast Craig discusses 5G and explains how it works why what you may have heard about 5G speeds might have a bit misleading. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Are you as excited about five G as I am? I got some good news and I got some bad news and we're going to explain 5g here because five G, isn't five G, isn't five G. Why is Europe so much faster? Hey everybody. Thanks for tuning in. You're listening to Craig Peterson. five G held open a couple of different promises. One of the big promises of five G was that it could handle way more devices than 4g can handle. It isn't just because it's using IPV six. For those of you who are a little more technical, five G is designed to handle microdevices by the billions. So we're talking about having your coat, for instance, hooked up to the five G network. You might have the new Apple watch six and that Apple watch six has built into it a cell modem. Exactly. So it doesn't need your phone anymore. Your iPhone, it can talk directly to the cell towers. It can take a phone call, can send a phone call. Let's just like Dick Tracy. You can even have videos, so cool. You open up your camera and you can see what your camera sees right there on your watch and you can control your camera. I am just so impressed by it. It Is such a cool device as well as being just an amazing device for tracking all your health, but I digress. So in the five G world, the idea is that you could have millions of devices, just the Apple watch, which is not 5g by the way the watch six is not 5g, but you could have millions of these devices in the 4g world. It was never really intended to, for an individual to basically have a couple of dozen or a few dozen or more devices. To start thinking about it, you've got a smart car. It could have one or more five G modems in it so that it can call into the dealer in advance and say, Hey, I'm having this problem that you could have a technician diagnose it remotely, which is already happening, Then you have your, Levi trucker jacket on, which is also getting the weather report. To know if it should be heating itself up charging itself, you're just everything. You name it? I'm just, I'm thinking about all the devices. You won't in the future be able to buy a laptop that does not have internet built into it that doesn't need wifi anymore. The other side of five G when we're talking about not needing wifi anymore is the speed. Five G is promising up to gigahertz bandwidth, which is wow. Gigabit bandwidth is absolutely amazing. How fast is your internet on your phone right now? So what you can do is on your phone, or even on your regular laptop, desktop tablet, whatever. See if you can find an app called speed, test.net speed test.net and not just the app, but see if there is just the website. So if you're on a regular computer, I can just go to the web, and then at speed test.net, I'm going to pull it up right now. Speed test. I have that right. They're actually on my phone. So it's by. and they'll go and try and find the optimal server, and then you can hit the go button. So now it'll connect to that server. It's going to download some big files and it's going to upload some big files and it's looking at a couple of different things. It's looking at ping time, which is how fast it can get from you to the remote server and then back and that's in milliseconds. Typically it's also measuring jitter and jitters important if you are using it for video conferencing. So if you've had problems with the phone that kind of breaking up a little bit sounding were dropping. That's probably a jitter problem. Speed tests will tell you about your jitter and w how much loss you've had, how much data loss, how many packets just did not make it to the other end. So I'm running it right now. No. I don't want you guys to get upset with me, but I've got fiber lines coming in here, dedicated fiber business fiber lines. So my phone right now is showing a download speed of 229 million bits per second. So 229 megabits upload of 236 megabits. So that's called symmetrical. It's basically the same speed. Up as it is down. A lot of us, if we're using cable modems, we'll have something called asymmetrical and our work upload speed will be about a 10th of our download speed. That's absolutely normal and sometimes it'll be faster than that, but these cable modems and some of the other services are designed for basically for web browsing. When you look at the TCP protocol overhead, it's about the same as that, about 10% up versus your downloads. So three milliseconds, Andy is my pink time, which is really quite fast. I remember for my first ethernet networks, we had 10 megabits thick wired ethernet. And I'm trying to remember, I think a hundred milliseconds was wow on a local network. So this is three milliseconds and my jitter is 0.23 milliseconds. So excellent lines. And these types of speeds that we're talking about here on fiber for me are the types of speed that they want to get to with five G. Think about that, think about being able to get these quarter gigabit or all the way up to gigabits speeds just on your smartphone or your laptop or your I pad or your car or whatever it might be. That's the other big promise of five G right? There's a company out there called open signal and I'm looking into some of the five G's statistics. They checked average speeds in a dozen countries. These are based on people going to like speed test.net type stuff. It's just, it's not a great sampling. It's people who self-identified right. Put up their hands. Yeah. I want to be involved, but these were conducted between May 16 and August 14. So over the course of a few months, And the United States came in deadline last of the 12 countries in five G speeds with 10 of the 11 other countries posting five G speeds that at least doubled those of the US. So the question is why is the average five-speed in the United States about 50 megabits per second. Okay. Why are these other countries out more than a hundred megabits? A second? it has to do with the providers who are the providers that actually have five G here in the US and which of those providers are able to have a big enough footprint that people can relate. Tested. the only provider that pretty much has coast to coast, five G right now is T-Mobile and T-Mobile's a company that I use and it's not the best for general coverage, is up in Lincoln, New Hampshire here last weekend and there are a lot of areas where I had no coverage. Verizon has a lot of coverage all over, even in some of these weaker areas and they tend to be more expensive. M,y T-Mobile plan is a business plan. And then I don't get paid by any of these guys on getting kickbacks nothing. Okay. Okay. So what you're getting from me is my absolute truth here. What I have seen well, Teen mobile is using a lower frequency that is being used in these other countries like Taiwan, South Korea, Saudi Arabia, who had some of the best speeds out there, and Australia as well. And remember, these are self-selected people, right? These are people that know they have 5g. They tend to be a little more techie, which means they are probably in larger urban areas. That's where the problem starts coming in. T-Mobile's 5g at a lower frequency, more easily penetrates glass and walls, right? Wood walls, drywall, et cetera. That's typically what I want. Versus Verizon, that's running at much higher frequencies. And last I checked, I think they were suing because they were upset that the FCC sold and gave these frequencies to T-Mobile, but they are running on much higher frequencies, which means they can deliver higher bandwidth because that frequency gives them the ability to have a lot more variants in their signal, which ultimately translates into more bandwidth for you. Now, I have an advanced class amateur radio license if you've listened for a while. And so I studied this stuff and I know a fair amount about it, frankly. I was one of the first people involved in packet radio here in the United States, way back when I still have some old equipment. So I, this is stuff that I know about. So the Verizon just signals cannot pay trade as well, which means they're going to have even. More cell sites in the five G world. We're not talking about cell sites that are on these huge towers. As much as we're talking about cell sites that are mounted on buildings and even homes all over creation. Verizon's other problem right now is they don't have a whole lot of coverage. They've got five G coverage in some major cities and even then it's only in some areas of those major cities. So once Verizon's totally rolled out, if you're living in a fairly populated area, you're probably going to get a faster data path through Verizon, then you'd get through T-Mobile. However, with T-Mobile, you're going to be more likely to have a signal pretty much anywhere because the T-Mobile signals also go further because they're lower frequencies. So think about that. People my age. Do you remember am and listening to am at night and you got the bounce off the ionosphere and is really cool? You could listen to somebody on the other side of the country and sometimes even on the other side of the world. It was so cool. I still have short wave radios I listen to. It still blows my mind. It's something I've loved since I was a little kid. I and made my first little cat's whisker radio, crystal radio way back when. So that's, what's going to happen here. We'll see how things actually end up flushing out. But the other side of this is based on the type of phone you have, you may be restricted to a specific carrier. So we're going back to the old days. Because the frequencies are so far apart and the less expensive phones they're going to be dedicated to certain carriers. So keep that in mind as well. When you're looking to buy your new phone. All right, stick around. We are going to be back here. We're going to talk about an unfixable flaw that Apple has this hardware security where it's going. Verizon sent out a new wake up call, Android malware, some new tricks on that front, and you can find it all online@craigpeterson.com. Stick around. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16435172

Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast Craig helps to unravel the mystery behind disk encryption and tells you what you need to know. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, welcome back in this hour, we are going to be talking about security, hardware, security. You might not be aware of it. we're going to be talking about trusted platforms and hardware, encryption, and keys because this is the only thing that's really going to protect you. Thanks for listening. I'm Craig Peterson. Let's talk about that security. That's what we're going to kick off this hour with. And we're going to get into our new Verizon security report on payment, and then we'll get into some Android stuff, but. We had this week and announcement here. And this is about Apple. Apple has built hardware security inside most of its devices that includes the iPhones and include your Macs and Mac pros. You name it, really the iMacs, the Mac minis. They all have the hardware. Inside of them to help provide security. Now in the Apple world, it is a chip that Apple makes it's called a T2 security chip, and that makes sure that people cannot get onto your computer. The whole idea is if they have physical access to the computer, they cannot get inside. They can't make it boot off an external drive. They can't do just a whole ton of things get real deep system access. Back in the day, you used to boot off of read-only memory. Or proms, programmable read-only memory, those BIOSes that was in so many of the consumer pieces of equipment out there, and even some of the prosumer stuff that many businesses use. Those BIOSes were really cool, but they weren't secure at all. The hard disks that machine could easily be removed and put onto another machine, they didn't even have to be booted up. You could just have another machine of a, for instance, my Mac, I can take a disk from a Windows computer. I have a device sitting there that's hooked up full time. That allows me to just plug a hard disc. just, you just slide it, And while the machine is up and running and it will Mount that disk. And let me do whatever I need to do investigative work or whatever, it might be very cool devices. I can have two of those disks that I just plugin. I also use them for my video, where I am recording directly to SSDs. I move SSDs around, which is much faster than trying to push them over gigabit ethernet. So Apple has decided that this T2 chip is a good thing and it uses the T2 chip for a few different things. Once we're talking about your hard disc itself, the newer hard disks at the higher end and have the ability. To encrypt the data on the disc, which is, it's good. It's great. But that data that's encrypted on that disk can be read by the operating system. And that's the whole idea, right? If you can't read the disk, what good is it for you? So any data that's stored on that encrypted data is still available for your programs and is still available for hackers. So the disc encryption I'm talking about right now at the kind of the low end of all of this security stuff. It's designed so that when your computer is life it's over, or maybe the hard disc crashes, there's a little jumper that you can pull, or maybe there are the jumpers you short out on the disk. Just look it up online, do it. In fact, go search for your disc model number and you pull that jumper or you short out those terms and what happens at that point is your disk is now complete. Erased, but it's not really erased. It's like your iPhone. Have you been to the Apple store? You're trading in your iPhone. You want to get a brand new iPhone? Isn't this great. They have you turn off. Find my iPhone. That's the first thing they have you do. And then they say to erase the iPhone. And have you noticed it takes what? Five, 10 seconds. To erase the iPhone. How can you possibly erase hundreds of megabytes or gigabytes of data in five to 10 seconds? You cannot. So what's happening inside the iPhone is similar to what's happening with these basic encrypted disks. Okay. Everything that's written to these disks and everything written to your iPhone is encrypted. So if you want to make all of the data that's on that disk inaccessible or basically useless. All you have to do is destroy the key that was used to encrypt it. So think of a door that cannot possibly be breached and a key. There's only one key. You can't pick the lock. Okay. Oh, maybe this isn't the best of analogies, but if that key is destroyed, it's impossible at that point on to open that door. It's not like a real door where maybe you could take blow torches to a metal door or something right there. You can always get in, but it is completely effectively destroyed. The data that's on that device. If the encryption is good, looks like just random data. There's no difference between completely random and. It has everybody's social security number, income, and addresses in the whole United States encrypted on it. Okay. So that's the low end. On your iPhone. When you go ahead and you erase your iPhone when you're trading it in or. If you have one of these encrypted hard disks where you just pull that jumper, it now destroys the key. That key now in both cases makes that disk, the data on the disc useless. Now that's cool. And the next time that disk is powered up, it's going to generate a brand new key and it's going to be hopefully pretty darn random. And now you can use it again, assuming the disc isn't bad. if you took it out, cause it was just totaled. So that's a very basic layer, but just like your iPhone, that encrypted disc has data, that's readable on it up until the time that you destroyed the data by destroying the key. You're with me so far. That's the very basics of how this all works. Now there's something called TPM, which stands for trusted platform module. This is an international standard that's been out now. It is a standard that describes a secure cryptoprocessor. That's what Apple's T2 security chip is all about. Now, the problem that came up this last week, this week, in fact, is that there is a flaw in Apple's trusted T2 security chip. And it's the flaw that apparently researchers have been using for more than a year to jailbreak older models of iPhones. We've heard I heard about this. We've heard that the FBI was able to get into iPhone and get at the data that's in them. There are well, there's one primary company it's over in Israel that sells a device that lets the police break into iPhones. I'm just talking about iPhones right now. Many of the Android devices are very easy to break into as well, but Apple is really trying to make these things secure. That's why they came up with this chip of their own, which is really a kind of a trusted platform module. So they have been using this flaw in order to jailbreak into the iPhones. And the way that this T2 chip is vulnerable is a problem. And the slightly bigger problem is that this particular problem is ultimately unfixable. In every Mac that has a T2 inside, that is a lot that T2 chip launched in 2017 and it created some limitations. Many people have used macs to run Linux for many years. It's a great little Linux computer. We know that PC magazine had on its front cover or was a PC world. The cover said the best PC for windows is a Mac because they were just that solid. But because of the T2 chip, when it was introduced in 2017, all of a sudden problems started to arise for people. they effectively hacking their Macs. Apple added the chip so that it had a trusted mechanism to secure the device. The biggest reason for adding this chip or a TPM, this trusted platform module, which is available on many windows, computers is encrypted data storage. Now, in some cases, the TPM or the T2 chip. Apple is also used for touch ID and activation log that all works with Apples find my iPhone type services. So this vulnerability is known as checkM8 and the jailbreakers as we mentioned, they've been exploiting problems with Apples, A5 through A 11 chipsets that's from 2011 to 2017. Now the same group that developed the tool for iOS has released support for a T2 bypass. This is not good people. It just plain old is not good. Now we're going to. Pick this up. When we come back, I'm going to talk about the trusted platform, modules of vendors that are using it over on the windows space, how Apple's using it, how this whole black box things work works, and we're going to move up. We talked about the hardware-based disc encryption. That's right there on the hard disc. We're going to move up the stack and talk about other types of encryption, including encryption. On the fly and encryption at rest, both are important concepts to understand when we're talking about security and system integrity. Hey, you're listening to Craig Peterson. Stick around. We'll be right back. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16427333

Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast Craig discusses the vulnerabilities in Apple's T2 Chip. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, if encryption has been really messing you. I'm trying to figure out how do I make these things safe? What is data at rest? What is Data-in-flight? How come we have disc encryption at the hardware level? What does it mean to have a TPM, the T2 what's Apple doing that's what we're talking about right now. Hi everybody. Craig Peterson here. Welcome back. So glad to have you. I appreciate you being with me today and by the way, you can get all of this background information by going online. If you are on my email list over the weekend. I will send out an email that has all of the articles I'm talking about here today. So go to Craig peterson.com/subscribe. All right. We were just talking about the whole T2 problem that Apple has on their hands right now on macs. This new jailbreak now is allowing researchers to probe this T2 chip and explore all of the security features. That is not a good thing. You can even use it to run Linux on the T2, because this chip, the security module is a computer. You can play doom on the Mac book pros, touch bar doing this. This jailbreak could really be weaponized by malicious hackers as well to disable macOS security features like the system integrity protection, which is used to stop people from modifying files that should not be modified. It also could turn off secure boot and install Mount malware, which is a real problem. We've got, these machines are no longer using the bios. Now they're using more advanced stuff, the UEFI stuff. That is also an operating system in and of itself, much more advanced than we had ever seen before with bios. Now there is another T2 vulnerability that was publicly disclosed in July by a Chinese researcher group. This particular jailbreak could also be used to obtain file vault encryption keys, and to decrypt user data. This is good. Okay. Because the vulnerability is unmatchable because this flaw is at a low level. It is in the hardware inside this T2 chip. It is an unchangeable code. In the hardware, it's the firmware. Now the T2 chip, as you can probably tell, is designed and intended to be a lockbox inside the macs. Something where information can be restored, where information can be read from it's used to generate a cryptographically secure key. It's used to hold those keys. Handling things like lost mode enforcement, where a computer is lost and you have to log in using your Apple account in order to get it back online. It's bad. Integrity checking all of these different privileges. So it is a very big deal that this chip has been compromised. Now the good news is longer term. There's a couple of pieces, but one is now we know about it. We know how these groups were breaking into Apple equipment. They did not expose it. Under President Trump, the national security agency has been ordered to release information about vulnerabilities that it finds. And the idea there is, okay, NSA, you have all of these cooked up vulnerabilities that allow you to get into windows machines and iMacs and phones, et cetera. if you can figure it out, odds are good that the Chinese, the Russians, the North Koreans, maybe some others like Iran, odds are good that they can figure it out as well. So NSA, you need to tell the vendors of these different pieces of hardware and software, when you find a vulnerability. if you ask me, I suspect that the NSA and CIA keep a few of these hacks in their back hip pocket, but they actually have been following President Trump's directive, which is absolutely phenomenal in my mind. It's, it is silly slash stupid to have these government agencies know about problems, like what we're talking about right now, this T2 chip problem. How long have government agencies known about it? We don't know because this has been reported by two different security researchers at this point. So that's good news. Frankly, because in future versions, we'll have this fixed as time goes on, everything's going to get locked down better and better, but there are some important limitations of this jailbreak as well. So this is not a full-blown security crisis. So the first is that an attacker would need physical access in order to target your Mac computer or your iPhone. So that's number one, they have to have their hands on it. So the tool can only run off of another device over the USB port to use the buses inside the mac to get to the T2 chip. So that means that hackers can't remotely infect macs. They can't mass infect every Mac that has a T2 check chip in it. They could jailbreak a target device and then disappear. Here is the good news the compromise if they were to break in and put some malware into your Mac, it isn't persistent. In other words, when that T2 chip is rebooted, the jailbreak goes away. Then the compromise that they did to that T2 chip goes away. I should point out too, that at least right now, I suspect Apple's probably going to be able to come up with a patch for this in the operating system. But right now it's important to note that, T2 chip itself does not necessarily reboot every time the device does. So to make certain that you, that your Mac has not been compromised. So if you're going to China and I'm dead serious about this, China's known to sneak into hotel rooms and steal everything that they can that's on your computers. If they have to they'll steal it in an encrypted fashion. That's the whole idea behind the trusted platform stuff in the T2 chips. To be certain that it has not been compromised by jailbreak the T2 chip has to be restored to Apple default. So the jailbreak does not give an attacker instant access to encrypted data. It could allow hackers to install key loggers or other malware. They could later grab decryption keys or it could make it easy brute force attack it. But this particular hack we're talking about right now, this is the check RA1N or check rain. It's not a silver bullet there. When we look at this as a whole, the T2 chip compared with other vulnerabilities, there are other vulnerabilities, plenty of them. Most of them are sitting at the keyboard. It's the wetware two and me a 60 plus percent of the time when there is a hack of some sort it's because of something you or I did. So remember that there's plenty of other vulnerabilities. This is a difficult one. I would turn off my computer, my Mac entirely, boot it from scratch every time that should get that T2 chip to reboot. I think that's an important thing. So anytime someone else may have access to your Mac, just shut it down. That's important too because there are other hack techniques that include freezing the memory on the computer. They can just use canned air, hold it upside down so that liquid comes out, spray it on the memory. Pull the memory, which you cannot do by the way in the latest Mac books, it is soldered on, but pull the memory and get direct access to it. It will keep some of the keys in memory. That's a very difficult way to do it. Apple has some things still built in that are still functional that can and will stop that type of a hack. Okay. And when we get back, we're going to talk more about the hardware security, what you can do, the different levels of it, and everything else. Your listening to Craig, Peterson. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16427264

Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast Craig discusses the uses of TPM in securing Windows and Linux For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to delve now into the idea behind keeping your data safe on your disks and what are the different regulations about it? Cause there's a few right now that you need to know about. Hi everybody. Welcome back, Craig Peterson We're talking today, at least this hour about security because of a major security problem that was announced this week, about Apple's security chip, the T2 chip. not a very good thing, frankly and so going through all of this right now and we're going to move upscale just slightly here. I love this quote here. It was in ARS Technica this week, and it is from a gentleman who worked for the NSA his name's Patrick Wardle. He's an Apple security researcher at the enterprise management firm JAMF JAMF. I've talked about them on the show before they have some great management software. He's also a former NSA researcher. And he said I had already assumed that since T2 was vulnerable to CheckM8 Check M eight. It was toast. He said, okay, there really isn't much that Apple can do to fix it. It's not the end of the world, but this Chip, which was supposed to provide all this extra security is now pretty much moot. So it's, an interesting time here. Wardle points out that for companies that manage their devices using Apple's activation lock and find my features, the jailbreak could be particularly problematic, both in terms of possible device theft and other insider threats. He knows that the jailbreak tool could be a valuable jumping-off point for attackers looking to take a shortcut to develop potentially powerful attacks Quote you likely could weaponize this and create a lovely in-memory implant that by design disappears. On reboot. By the way, that is a very common method now for much of the smell where it's memory resident, there's no sign of it on disc. It never hits the disc. So your antivirus software, ain't gonna find it because when it scans the disc, it's just not there. It's just amazing. So the bottom line here is building in hardware security mechanism is always a double-edged sword. That is true, not just of the Apple side, but over on the windows side and the union Linux sides, there's something called a trusted platform module also called TPM. This is an ISO standard here. It's standard for a secure cryptoprocessor. Just like that T2, it is a processor. It is a computer and it's designed physically to be almost impenetrable. I call it elephant snot. It's that really hard epoxy that they put onto the chips so that you can't get into the chip without destroying it. There are other methods for it as well, to try and keep that data safe. But it's been around now for quite a few years, the most recent edition of it came out in about 2016. There've been a few errata, but it is designed to have a hardware, random number generator. Now that's important because having a secure cryptographic key, it means you have to have a very good source to generate that key with, and that means a very good, random number generator. Most processors aren't that great, man. I could talk for hours about the problems we've had over the years of these types of things. That's the whole idea behind the trusted platform module. It can also store those keys. It can also identify itself and the computer uniquely, which is very handy when you are trying to log in, you can use the TPM to help to identify the machine. It has bind keys. It's public key cryptography. It's an RSA key and ceiling as well. So it allows the TPM to be used or not be used. I'm trying to keep this pretty simple. Department of Defense is now specifying that all new computer assets that are purchased by the DOD must include a TPM or a trusted again remember platform module that is version 1.2 or higher. There are details on that. You can look those up, but I've gotten to say no matter who you are, what business you're in, you really should make sure the computer you buy has a TPM in it. Now we have seen security problems with TPMS by certain vendors. They've fixed them, just like this T2 problem with Apple. I'm sure it'll be fixed. By the way, the T1 chip from Apple does not have this problem, it's just the T2 chip, but the whole TPM is really there to help ensure the integrity of the platform. In other words, the operating system, the hard desk, the encryption for the heart. So if you're using BitLocker on Windows, it works best with a TPM. So BitLocker and windows will encrypt the desk using the key that is generated by and stored in the TPM on the machine. So write that one down and in my cybersecurity mastery course. We talk about BitLocker and how to use it and TPMs and how to just select those. Also nowadays, you're going to find the newer computers no longer have bios in them. You probably already figured that one out. Most of you guys, right? You are the best and brightest out there. But they have UAF, I mentioned earlier, that's the unified extensible firmware phase to boot. So the UEFI works with the TPM to create this kind of circle of trust crust if you will. It's absolutely phenomenal. So Linux has its own little thing called the unified keys set up. I already mentioned BitLocker's private core and various other things. Full disk encryption. Very important. There are utilities to do that again on Apple. It's very easy to set up full disk encryption in all these cases here where you should be using your TPM or T2 chip in order to do that. The authentic catered mechanism. It just me authentication mechanism in. The software can be hacked in hardware. Usually can't be hacked. What have we just been talking about for the last half hour? yeah. Hacking the hardware. But that's what the TPMS is all about. That's what gene to do. There's discreet, TPMS, there's TPMS that are built right onto the motherboard. And, there are also some that run as software-only solutions inside the CPU itself. That's part of their trusted execution environment. Not really fond of those. But now, you know what to look for. There are other things as well that we go through a lot of other things in the cybersecurity mastery course. But, one more thing before we go. And that is we talked about encryption on the hard disk level. So the physical hard disk itself can have encryption, which is great, but that encryption is really only useful for when you are getting rid of that disk. So you destroyed the key by removing a jumper or shorting out a jumper and now that disks data is effectively destroyed. And the disk can actually be reused again. Certain standards, federal government standards. we have a system that literally melts the aluminum platters right down. It's Kiln. I forgot what you call these things, but a very hot, yeah. Over a thousand degrees, but for a regular business computer, you're not going to have to worry about that. You need to also have a TPM and make sure that on top of that you are using BitLocker or some other type of encryption. And when you get. Way up there into the CMMC as part of the department of defense standards or the 800-171 standards from NIST, then you have to have special key management remotely that has a different key for every desk. And it gets pretty complicated pretty quickly, but the whole idea is to secure your data and remember. Just because it's all encrypted doesn't mean it's safe from hackers. We should talk about that at some point, but when we get back, we're going to talk about, but our final two final do articles of the day, listening to Craig Peterson, and you'll find me online at craigpeterson.com. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16427228

Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast 10/16/2020

Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast Craig discusses PCI DSS Compliance in businesses and the increasing problem with Android ransomware. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you have a business that takes credit cards if you. Ever go into a business or use a business online that takes credit cards. There are some special rules that you need to follow called the PCI standards. We'll talk about it. Hi, welcome back. This is Craig Peterson here. Verizon. I'm not sure if you've seen these before, but Verizon has security reports. It has a number of different reports and they tend to all come out annually and here within the last couple of weeks, Verizon released their payment security report for this year,. It is an annual report and it's having a look at how organizations are maintaining compliance with something called the payment card industry data security standard, or PCI DSS. Now we have a client I'm thinking of right now that's a small a doctor's office and they, of course, have to take credit cards and they had their credit card processing suspended by the credit card processor. I'm thinking of another one as well, which is a pizza joint. They too had credit card processing threatened for suspension. In their case, they had a couple of weeks to clean up their act and both cases. They pulled us in to help straighten things out. But what was interesting about the doctor's office is they sent a physical copy of the PCI agreement, the payment card industry agreement, so that if they wanted to accept credit cards, they had to sign this agreement. Now, first of all, in this day and age, that's remarkable in and of itself, right? We get PDFs, but how many of us just pencil whip, PDFs, or click whip, I guess PDFs, most of us. It's really rare that we read the contract and it's interesting to know too, that not only was it a physical copy, but this thing it was hundreds and hundreds of pages long. It was huge. It was absolutely huge. So they had to sign a physical copy of this thing. What happens is if you are accepting the payment cards, in other words, credit cards, and someone reports that there is an unauthorized charge on that card. The guys and gals at the payment card industry, start to look at your business. Now we had a case right here by my house. It was a Wendy's,I think it was and apparently, the manager of the Wendy's and the employees were skimming credit cards. So you'd go in, you'd give them the credit card. They'd run it and give you the card back. Wow. They didn't just run it for your lunch. They made a copy of the credit card. Okay. Now that's part of the reason we've got these smart chips on credit cards. Europe is way ahead of us on using those smart cards. And frankly, it's a risk, right? It's risk tolerance. How much risk tolerance does Visa or MasterCard or whoever have and how much risk tolerance do the businesses have that accept the cards and then how much risk tolerance do you have? In this case with Wendy's, they got a lot of complaints about that Wendy's store, where the cards we're all used at some point over the course of the last number of weeks and were used elsewhere as well. The owners of the cards had reported some of these transactions at other places as not right being made by them. Now the credit card companies will go ahead and give you a credit on your bill, so you don't have to pay that contested portion. But then, and they start looking into it a little bit more seriously. In the case of the doctor's office, they did get suspended at least for a short while. The pizza joint, we got them up to standards within the two week period that they had. So they didn't get suspended. Because what would happen to a business if that card is card processing suspended, it'd be really bad. Now you and I, we have to deal with the fallout as consumers because we used our card and the card might've been duplicated by someone working in that store. Our card number may be stored on a computer. In the case of another doctor's office, that's exactly what was happening. The card number was being stored. then that information was then being sent off for processing, and then they would repeatedly enter the card information. Now there are some sites that have these virtual terminals that you can use, which is really great, where you are typing in the card number. But remember if your computer has a keystroke tracker, a key logger on it, and you're typing in credit card numbers. That's easily recognizable and you're going to get in trouble with the payment card industry, It's a very bad thing all the way around. So be very careful. There are a whole bunch of security instances where this has happened and the Verizon payment security report is showing businesses just are not compliant. According to the data that they gathered here in 2019, less than 30% of organizations achieved compliance during interim compliance validation. That's like the pizza shop I was talking about, all we had to do with them was move them up to prosumer hardware. We had to get them to upgrade some of their software on their computers and change the software they were using because OMG. It was just crazy, the software. I couldn't believe what it was doing, but we got them all in all setup, all taken care of her. But less than 30% of the businesses that had to comply during the interim compliance validation period did not meet the compliance. My bottom line here is to start now because Man oh Man applying quick fixes instead of creating and executing an overall strategy is really going to affect your compliance with PCI or any of the other standards out there, any of them. Just like the pizza shop and the doctor's office, I just mentioned, in both cases, we had to upgrade their systems, move things around, split up their network, have better encryption on the Wi-Fi, split off a customer network. So there's no way for any of them to get back and forth, and firewall some of their internal systems. So keep that in mind as well. We're not going to get into the whole electronic voting thing, which also showed up in this Verizon report. We only have a couple more minutes, so let's get into the Android, part here. this is an important one as well because we're seeing some new tricks. Wired has an article by Lily Hay Newman saying she's calling them foreboding. Isn't it? here's what's happening. First of all, it's far more common on PCs, but as some of the newer research is showing that mobile ransomware has undergone an, a real evolution here. We've seen it to the point recently where you go to a website and that website now uses your Android phone to start Bitcoin mining. Remember that? So if your Android phone is getting like really hot. It might be making money for somebody else they're using your computing power, but there's a lot of other things that are harmful. Now, of course, in Bitcoin mining, it could burn up your Android phone and that's happened more than once. This silly thing gets so hot, it just melts down. But along with all kinds of types of PC malware used in these types of attacks against hospitals, municipal government, and any institution that can't tolerate downtime. There's another platform that's really getting hit hard recently with ransomware and that's android phones. New research from Microsoft is also showing the criminal hackers are really putting time and resources into refining mobile ransomware tools. So why do you invest money? Because you're making money? So the fact that they're investing money into coming up with new ransomware tools means. It's making the money. People are paying the ransoms. There is some new software you might not be familiar with it. Of course, Microsoft has a windows defender. It's been on windows for a bit. Now it's actually quite good. Microsoft also has released Microsoft defender for Linux, which really shocked me. I haven't tried it yet. And Microsoft defender on mobile. They've looked at a lot of different Android ransomware families, and apparently, they've added some really clever tricks, including a new note delivery mechanism. They've got improved techniques to avoid detection and they've even got machine learning built into the ransomware, that's attacking Android phones. That can be used to really fine-tune the attacks for different peoples android devices. So be extra careful out there, everybody. We talked about in the first hour an attack that's going on right now, that's primarily directed at Republicans, but I think a lot of Democrats and independents would also open these emails and opening these files it's a very dangerous place out there. Use filters, use some of the anti-malware software. On an iPhone, there really isn't any. You certainly don't need it as much, at least at this point. On Android, however, there is some great anti-ransomware software and you might just try Microsoft defender, which is a basic stopgap for you. But, do be careful out there, everybody. All right. So keep an eye out for my emails. We've got more coming out here. I'm trying to go up to two a week, maybe even three a week, doing a little training. You might have noticed the last three weeks, my emails have looked different and I dropped some of the information in it because I think it was just visually confusing. So make sure you are on my email list. Get my newsletter. Get all of this free training. All of this information that you need as a home user or a business user, or a business owner. Go to Craig peterson.com/subscribe. Craig Peterson that's SON.com/subscribe and have a great week. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16427201

AS HEARD ON: WGAN Mornings News with Matt Gagnon: Malware Targeting Trump Supporting Republicans, US 5G Speeds, Governments and Ransomware 10/14/2020

AS HEARD ON: WGAN Mornings News with Matt Gagnon: Malware Targeting Trump Supporting Republicans, US 5G Speeds, Governments and Ransomware Good morning everybody! I was on WGAN this morning with Matt Gagnon and started off this morning talking about emails that are targeting Republicans with a particularly nasty trojan. Then we got into 5G and why the US speeds are so much lower than the speeds in Europe, and then we wrapped it up discussing the Ransomware that has been infecting local and state governments. Here we go with Matt. These and more tech tips, news, and updates just visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig Peterson: [00:00:00] So the whole goal here of five G is twofold. The first goal is we want to be able to have a billion devices connected to our networks and local networks. Plus we also want to have a speed of maybe a gigabit worth of bandwidth. Woo Wednesday morning gremlins. Craig Peterson here. I was on with Mr. Matt Gagnon, this morning and had the weirdest thing happened to me here. I'm on the phone, right? I'm talking to the radio station. I'm being interviewed and all of a sudden the podcast starts playing on my phone. It was very distracting. I'm used to hearing myself. When I'm doing an interview on a radio or TV station, sometimes I hear myself on delay and the delay can be sometimes a few seconds. So I'm used to that. That one I can live with, but having the podcast playing of me on another radio station, while I'm doing an interview with a radio station was just a little too much to handle. I managed to pull my act together, but wow. That was the weirdest thing. Anyways. Happy Wednesday, everybody takes it for what it is. I suppose we talked about the same things, a little bit, slightly different angles, of course, but some of the same things we talked to Jim Polito about yesterday. So here we go with Mr. Matt Gagnon. Matt Gagnon: [00:01:29] It is six 36, and it is time to talk to Craig Peterson, our tech guru. He joins us now as he does every Wednesday at this time. Craig, how are you? Hey. C'est nous. Comment ça va ce matin? Ah, ça va Bien. So Craig is malware targeting Trump supporters? That's a good place to start off. Do you think we're in election season? That's a, it's a nice topic, right? Craig Peterson: [00:01:51] Yeah. Yeah. Or were you one of these people that pass conspiracy is that Matt Gagnon: [00:01:56] I am not, of course, a conspiracy theorist, but, but still things like this do happen out there. So it's worth chatting about. Craig Peterson: [00:02:03] Well, this is a very big deal. Everybody should pay attention here. We'll get into this for just a minute here, but the bottom line is there is a very dangerous banking trojan is going around right now. It's called Emotet. Emotet has been around for a long time. The difference right now, Matt is that this Emotet malware is being sent. In a piece of email that is forwarded from a political action committee supporting Trump. So in other words, they take an email, a legitimate email from a political organization that is supporting president Trump and they forward it. For the subject line. will have a start of FWD or RE just like you would, when you were forwarding something. Forward to re: and it'll have the body of the message that was forwarded from the legitimate group. It'll have all of the links in it that will all work normally, but there is attached to that email, a word document. That word document, if you were to open it up and become infected is horrific. What it does it goes through your computer. It scans your network. It actually scans looking for other vulnerabilities. If you're misusing the VPN, which is about 90% of businesses that are using the VPNs, they're not set up right now, your computer at home that gets infected because you're open this mailer, the look perfectly legitimate about President Trump. Now that malware is going to get onto your business network and spread through the corporate network. This is really, really bad. There's speculation about why is this happening? But I think the bottom line is that this is the ultimate in social engineering and phishing, and it is absolutely targeted at Trump supporters. Matt Gagnon: [00:03:56] Speaking with Craig Peterson. You hear him on this very network on Saturdays at 1:00 PM, where he goes into all of these details. Much more in-depth and to move on here a little bit, one of them, one of the more fascinating things he had on the list here today that I wanted to talk about is about the average speed of five G in the United States versus what it is elsewhere in the world. What is going on with this speed difference? And why is it different elsewhere? Craig Peterson: [00:04:22] Yeah, it has to do with the frequencies that are assigned. The higher the frequency, the wider the bandwidth, the more bandwidth you're going to get for download. So the whole goal here of five G is twofold. The first goal is we want to be able to have a billion devices connected to our networks and local networks plus, we also want to have a speed of maybe a gigabit worth of bandwidth. Well, the US average speed is about twice now, the five G speed twice what our four G LTE speed is. But when we started. Matt Gagnon: [00:05:00] That's nowhere near that gigabit that you're talking about, Craig Peterson: [00:05:03] Nowhere near. Absolutely. Absolutely not. So we're talking about give-or-take 50 megabits right now. It will go a little bit faster. T-mobile has lower frequencies. I have an advanced class ham license, so I've been involved with TCP IP over the air. Multiple different places. So what the problem is, the bottom line with some of the stuff is, we've gotta be very careful about what we're doing here. I'm having a bit of a problem on my end. Without speeds. T-Mobile is giving us the ability to listen to the signals inside businesses, some of the others like Verizon, they cannot do that. That's become a bit of a problem. Well, I think for everybody. So sorry, a bit of wandering here on my side, looked a bit of a technical problem. Matt Gagnon: [00:05:57] No worries, Craig, we're talking to Craig Peterson and technical problems are no problem for him because he's our tech guru. And a final question for you, Craig, before I let you go this evolving story about Tyler technologies and the ransom that they're paying to receive the decryption key is very interesting as well. Tell me about this thing. Craig Peterson: [00:06:12] It is interesting we found out that a couple of things, one, most people are paying for the ransoms when the ransoms come up. I can understand that because they want to get their data back. We're also seeing that bottom line, people who are paying for these ransoms out there are also breaking the law and the feds are saying they're going to come after them for paying money to these terrorist groups. That's where paying ransoms do. Tyler Technologies provides software to the majority of states here in the United States to do things like collect taxes and also to just run towns and they got nailed. It took them about three days. They finally paid the ransom to the guys that had taken over all of their systems and shut down many of the towns and even state operations throughout the country. So, you know, bottom line again, what should we do here? We're now. Rock and hard place where the Feds are saying they may take us criminal charges if we pay a ransom yet we need our data back as well. Matt Gagnon: [00:07:23] Craig Peterson, our tech talk guru joins us at this time every Wednesday to go over what's happening in the world of technology. Craig, appreciate it as always good luck on Saturday, discussing all these things in more depth of detail. As you can hear a one o'clock on WGAN and thanks a lot, Craig. Craig Peterson: [00:07:36] All right. Thanks. Bye. Bye. Everybody, we will be back on Saturday. Also, remember if you are on my email list, you'll get all of my articles for this week. What I talked about here on the podcast and on the radio. So keep an eye out and make sure you're subscribed. craigpeterson.com/subscribe. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16435475

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Trojan Targeting Trump Supporters and 5G 10/13/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Trojan Targeting Trump Supporters and 5G Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito. We got into a lengthy discussion about some new malware - a trojan that is targeting Trump supporters, specifically. Then we briefly hit on 5G. Here we go with Jim. For more tech tips, news, and updates visit - --- Automated Machine Generated Transcript: Craig Peterson: [00:00:00] There is a word document attached to that malicious email. That malicious email has in it, in that word document, something called malware. One of the nastiest pieces of malware out there. They're forwarding political information relevant to Republicans. People are targeting Republicans. Hi everybody. Craig Peterson here. Yeah, that was me on with Jim this morning. We went into quite a bit of detail about this Trojan malware. It's an interesting discussion here. Why is it coming out? What are they saying? What are their subject lines? What's it going to do to you? Why is it targeting Republicans? So here we go. Jim Polito: [00:00:47] Here he is, Oh, everybody waits for Craig Peterson and this is going to be an important visit today. We're going to talk about malware. If you are a Trump supporter, kind of a Trojan horse out there. Well, we'll get to all of that, but first, let's welcome him aboard. Craig Peterson. Good morning, sir. Craig Peterson: [00:01:09] Hey, good morning. I've got another little granddaughter who was born just this last week and her parents are both captains and they sent a picture of this little baby girl in a captain's outfit. Jim Polito: [00:01:23] Now that is that's worthy of a wonderful congratulations there, grandpa again. Craig Peterson: [00:01:34] Thanks. I've got 8 kids and I've only got six grandkids. These millennials what's with them. Yeah, yeah, Jim Polito: [00:01:39] yeah. Craig, they're just not, I mean, I finally am going to be a grand or great uncle, whichever way you choose to say it. Yeah. These millennials, come on. Come on, guys. Listen. Well, listen, before we get to this. I've got to tell you something, that'll make you feel old or it'll fascinate you. Today. The first cell phones were made available for sale commercially in 1983. They were ridiculously expensive. There weren't a lot of towers, but they were for sale. Craig Peterson: [00:02:16] Yeah, the big bricks. They were really. Oh, you remember those? I was so jealous when those came out. I've been a ham radio operator. I have an advanced class amateur radio license and land mobile was the thing back then. Right? So you'd have this huge antenna on your car. You drive around and almost could listen to you as you're driving. Now came cell phones, which had a modicum of privacy on them. They were so small compared to the land mobile things. And now I've got a cell phone on my wrist. This is like big, crazy time. Jim Polito: [00:02:49] It is. It's too cool. It just goes to show you, where will we be four decades from now? I'll probably be dirt napping, but anyway, Where were we? Where will we be? Alright, Craig, I've got to talk to you about this, cause it really caught my attention. A piece you sent me about Trojan malware targeting Trump supporters. This is something that a good portion of the audience wants to hear about. Craig Peterson: [00:03:18] Yeah, I thought you might be interested in this one and for everybody, this will come in my newsletter on Saturday. So make sure you're subscribed to that newsletter so you can get this. There is a Trojan right now that's being circulated and it's targeting just Trump supporters. I might ask, how does that happen? Right. It's not like the virus only targets people in the white house and Republicans. Well, actually, maybe it does. But anyways. The way it works, is they are sending emails that are actually forwarded emails from these political action committees that are pro-Trump. These attackers are forwarding perfectly legitimate emails. It has legitimate links in it that you can click on right to that political action committee. You can just look at and you think, Oh, it's great. The subject line says forward, and it's got the subject or maybe re the subject. Those are both things that people have is clues. Hey, this is an email you want to open. The problem with this is it's entirely Republican PAC. That they are targeting that they're forwarding to people and there is a word document that's attached to that malicious email. That malicious email has in that word document, something called malware. One of the nastiest pieces of malware out there. They're forwarding political information that's relevant to Republicans. There are people really targeting Republicans. Jim Polito: [00:04:58] There you go. How do you argue with that? That's shall we say fact? Craig Peterson: [00:05:07] Right. Its science. I believe in science. It's just, I believe in my science, this is very obvious, right? The researchers are calling it like a Wolf in sheep's clothing. Well, here's what Emotet does once you get it. Emotet is a Trojan. It's been around a long time. They use what's called a spear-phishing technique and they have for a long time. So they try and coerce you into opening up by putting something in the email that's of particular interest to you. Then once you've opened that word document and that malware is on your computer and it starts to spread. It actually acts like what we call a worm and it brute force attacks all of the services on your computer and all of the services on every other computer on the network. Now, you know how I've been warning about using VPNs when it comes to businesses, Jim. This is why. If you VPN in, into the office and that office is not protected from its VPN users, this Emotet will now start spreading to your business as well. We'll start taking over your file servers because it looks for SMB shares. The window shares, is what it is, a valid local account. Very, very nasty and it is very sad and scary that it is attacking Republicans. Now Democrats would get this email as well, but the likelihood is they're just not going to be interested. So they're not going to open it. They've gotten a little more advanced too, for those of you out there that are a little geekier, It does pass email authentication protocols, such as D Mark. So this is a bit of nastiness and it'll be interesting to see if we can figure out who's sending them. Jim Polito: [00:06:53] It was what I was going to ask. And we're talking with Craig Peterson, our tech talk guru, and about this malware that is targeting Trump supporters. Now, could this just be an opportunity? They're going after Trump supporters, just because it was easy. It's a segment they are going after and it's apolitical. their reasoning behind this is not political because maybe the door was left on the lock on this house. It was a crime of opportunity. It's not particularly against the family who lives there or do you think there's more to this. Craig Peterson: [00:07:29] Well, back up a little bit and I thought about this and here's kind of my thinking on it is that, um, Sleepy Joe's supporters are not particularly excited about his campaign or people voting for Joe Biden are voting against Trump for the most part. It's just crazy. So the way I look at it Trump supporters tend to be, you know, man, I'm on top of it. I do want to hear what's going on, you know? That goes right into your target of opportunity theory. I think it's absolutely likely that's what's going on here. They could be an attempt to kind of influence the election, but I think it's more likely a moneymaking opportunity for them. Jim Polito: [00:08:11] So they look at it as, Hey, there's more Trump voters engaged. They're going to be more active. Why not go after that big fish? Just like if the Patriots were in the world series, you'd have a lot of people from New England or elsewhere fans looking for stuff online related to the Patriots. So why not attack Patriots fans? Craig Peterson: [00:08:36] Hey now I even, I know that the Patriots would never be in the world series because that's baseball. Okay. Come on, Jim, come on. Pay attention. Jim Polito: [00:08:46] Did I, did I say words that I say world series? Probably. Yeah. Yeah. Series. It just proves it pages in the world series of the super bowl. Look, if it's not hockey, I trust you only with hockey. Okay. Because you're a Canadian, maybe that and curling. Okay. That's it. Craig Peterson: [00:09:08] Yeah. There you go. I love Curling actually. I really do. So here's what to look for. If you get a subject, this is the number one out there right now for this. The subject line has forward breaking President Trump suspends funding to WHO. That is the number one subject these guys are using right now. Breaking President Trump has spending funny to W H O and they're asking you to click a button labeled stand with Trump. They're hiding the sending address and everything else in these things. So, watch out. Be very, very careful in this political season about opening emails and more particularly about opening Microsoft documents. They've long been used as attack vectors against all of us, Jim Polito: [00:09:51] You know? I think about my own email and of course, I've got campaigns, pundits, everybody emailing me every single day, and you know, I open most of it and look at it. Just because I want to say, well, what's this, what's that? I have not received anything like that, but I'm going to be very careful now going forward because that, the last thing I need is is that, Hey quickly, because we've only really got a minute. Five G it looks, it looks like from what you sent me, the download speeds of five G in the US are going to be a lot slower than they are elsewhere in the world. It's going to be an improvement over 4g, but it's still going to be slower than the rest of the world. Why? Craig Peterson: [00:10:45] This is something that takes some serious time to explain. But getting it down to 60 seconds here's the bottom line. Five G is not the same thing across all carriers. Five G is using some different bands and different frequencies. Jim Polito: [00:11:01] So here's the problem that we're seeing right now. T-Mobile has the biggest five G network in the country. In fact, you could say it's the only five G network in the country, quite reasonably. However, because the frequency is there. Using it is not as fast as Verizon's, which is only available in certain cities. In fact, in only available in certain blocks in certain cities. Craig Peterson: [00:11:25] Here's why. The T-Mobile frequencies will go through glass. They'll go through walls. You can use them in a building. Verizon's will not. You have to be very close to the cell site. Okay. So because of the lower frequency, you also cannot send as much data. On those little frequencies. So look right now, the US average is about two times faster than four G, which is really good in Europe. We're seeing much, much higher. They have denser populations they're using the higher frequencies like Verizon is. Once Verizon's rolled out further, they will have faster download speeds. But, with Apple's big announcement today where we're going to have to make some decisions about what carrier we want, based on whether or not we want 5g. My bottom line on that it's not that a big win unless you are hauling a lot of data up and down to your phone. Jim Polito: [00:12:18] All right. That made sense to me, even in that short time. So Craig has got a great show Sundays at 11 o'clock and it's repeated at other points during the weekend on TAG and HYN, but Craig, if folks want to get in touch with you, and I know you said you're putting it out in your newsletter, some of this information, Craig Peterson: [00:12:37] well, just drop me an email. me@craigpeterson.com M E @craigpetersondotcom Subscribe by going to craigpeterson.com slash subscribe. Jim Polito: [00:12:47] Alrighty. Very good. Craig, always a pleasure. We'll catch up with you next week. Craig Peterson: [00:12:53] Thanks, Jim. Take care. Jim Polito: [00:12:54] You too. Bye-bye. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16392239

Welcome! Cybersecurity Audits and New Vehicle lifespan plus more on this Tech Talk with Craig Peterson Podcast 10/10/2020

Welcome! Cybersecurity Audits and New Vehicle lifespan plus more on this Tech Talk with Craig Peterson Podcast Craig discusses cybersecurity audits and new vehicle lifespan. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: With our cars being more and more computerized should we be treating them like a computer? Do we have a right to repair? Should we be expecting upgrades? How long should our car last? We're going to get to that and a whole lot more. Hi everybody. You are listening to Craig Peterson. We're going to get into a number of different security things this week. I've talked about them on the radio, some really cool stuff coming from Elon Musk. Some news about how paying ransomware demands could end up getting you a jail sentence. Yeah. Yeah. It makes sense, once I explain it, okay. So hold on a couple of minutes. We have some very cool new technology. I talked about Intel before and how disappointed I've been with so much of what they've done over the years. And we are going to talk about Intel's maybe biggest competitor outside of maybe a company might've heard of AMD. We'll be getting to that and employee apathy. MacOS workers really driving a cybersecurity rethink. We'll talk a little bit about the NIST cybersecurity framework because that is getting to be a big deal. I just had this week, a client, actually last Friday that client informed me that their customer had stopped ordering a couple of weeks prior they're trying to figure out why now up until then. My customer had not told me how much this customer was worth to them but they don't buy much. That DOD contractor stopped buying from my client. Now, this is a client that we've had for 20 years, maybe longer and we'd been warning them about the changes that have been occurring. In the regulations regarding cybersecurity. You might remember me mentioning here on the show a couple of weeks ago, there was an emergency change, right? An emergency order of 48-hour notice to change in what was being. Required of DOD contractors. Now, the department of defense is one thing, right? But how about the rest of us? All those same rules are going into effect for everyone that has any sort of federal contract coming up here within the next three years are affected by this change and their clients. So their client was getting worried and said, Oh, let's wait a minute. yeah. Yeah. They're not fully compliant. And there weren't, and we've been warning about pad, as I said for, at least 18 months and they lost 70% of their business overnight, 70% can you imagine that? Now they're freaking out and trying to figure out sorta we do now. Hopefully, we'll be able to help them with all of that and they'll survive it. It turns out that a federal contractor that was a client of theirs was more important, 70% important to their business. That's a lot of business to lose and it took them about two weeks, apparently calling-in daily. Trying to find out from their client. Why did the order stop? What's going on here? Did something get messed up? Is this a billing mistake, an order mistake? Do we need to talk to somebody who is over in purchasing or what do we have to do here? They finally got an answer from somebody that knew what they were talking about and it turned out that it was because they weren't compliant with these federal regulations. So keep an eye on that. I just had another conversation on Thursday with a gentleman who indeed is really under the gun here. Now, he asked his IT provider, Hey, am I all set here? And the IT provider said oh yes yes sir you are all set. We're taking care of it for you. But you already know my response to that, 99% of the time when we walk in, and I say 99, because. I've never seen an exception, but I want to leave a little room for error, right? The margin for error. So maybe it was just saying over 90% of the businesses we go into that think they're compliant are not compliant. If they were to get audited, they'd be in deep trouble. The case with our client, they weren't even audited. This was it a self-audit form they had pencil whipped and the primary contractor realized, Hey, listen, this doesn't jive with what we've been seeing. So keep that in mind, everybody. This is a very big deal. Now I've put together it's about a 300-page long document, but it goes through all of the major cybersecurity standards and I'm calling it an audit preparation kit or an audit kit and I will be glad to send it to anybody that wants it, this is generic. This isn't to use me. This isn't to use Cisco. This isn't to use Mainstream. This is just a compilation of all of the rules that you have to follow based on the different levels within the new CMMC stuff. That's actually been out for a little while, but now they're really pounding the table about it saying you darn well better get this stuff done. So I'll be glad to send it to you. Just send me an email within the subject line. Just say. Audit kit. I will be more than glad to get that off to you or we can do an audit for you. We've offered audits for many years and found a lot of things and help put together a plan. So whatever you want to do there, do it. But whether you're talking to your own internal IT people or external IT people remember most of them are not as familiar with this as they need to be. So getting a copy of this audit kit, looking at it at yourself, having the person who's responsible for IT, review it with the vendor or review it with the internal IT people, you can get your act together. That's what I'm trying to do. Get you to the point where you can handle it all and really take care of it. That's the bottom line. Let's get into our cars here. We're going to totally switch subjects. And then this is something that's happening right now in a lot of States in Massachusetts, there is a bill that went through back in 2013, or maybe it was something a ballot question, but it's back on the ballot this year. Question one in mass and this is a referendum on how can traditional independent automotive repair shops survive in this world. I remember I said at the opening, is it a car or is it a computer? How should we treat it? I remember when odometers on cars, you rolled over at a hundred thousand miles because who expected a car to last a hundred thousand miles. That's ridiculous. But bottom line now, today we expect most cars to last a quarter-million miles easily, maybe longer. Not to say that there weren't cars from back in the day, that would last that long, but it just wasn't an expected thing. So today we know, okay, I want this car to last me at least a couple hundred thousand miles, maybe a quarter million, however many you want. Before you go and sell the car, right? Doesn't that make sense? It seems to make sense to me and vehicles have really gotten a lot better. So if you are going to buy one of these cars that is electric or are very high tech, what are you going to do with that? What are the odds that the car is going to last you? I don't know, quarter-million miles, half a million miles, the electric motors in some of these cars, frankly, should last a hundred thousand miles without even blinking twice and probably will last a million miles with no problem. Now, the batteries, that's a different deal. We've talked to before about the efficiencies and how your F-150 is probably better for the environment than an electric car, because when you consider the global environment, the conditions that are created in China, all of the shipping that has to go on between Canada, where some of the stuff is mined and how NASA uses it for moonscapes those areas because there's death for hundreds of square miles and shipped from Canada and it goes over to China and it goes to Japan that goes back to China, that goes back to the United States. And you've seen some of those pictures of Beijing and China, I'm sure, and other places where they do a lot of manufacturing where it's deadly to drink the water. You just can't breathe. Everyone wears masks to try and protect their lungs from pollution. So don't sit there all high and mighty thinking you have an electric car or you've got a Prius or one of these other hybrid cars, and you're high and mighty thinking aren't I great because I'm saving the environment versus that guy driving the F150. When you consider how long the F150 lasts when you consider how long those batteries in your car last and how long those batteries' environmental footprint will last and what it took to make those batteries. The F-150 is still the better option worldwide when it comes to pollution, the environment, and being green. It's so funny. You see these signs out there right now during political seasons that say, I believe in science. Yet in reality, no, that's not science. It's not science, climate change is happening. It's always happened. We've always had a changing climate. Man's impact on the client is so minuscule there's almost nothing we could do to affect any change in the environment unless we did something stupid. What scientists told us to do in the seventies and some of the so-called scientists are telling us to do now, the models are wrong. They've always been wrong. These electric cars are our future. It is absolutely going to be our future. What do you expect from your electric car? I have nothing against electric cars. I think their great, just don't think that you're being green by driving an electric car, because you're not. They are cool as heck the technology in them is absolutely amazing and I'd love to own one. All right. So I want to put that aside. I want you to remember that I love these things and when we get back we're going to talk more about this, the expectations, what's happening with insurance and should question one be on a referendum for this right to repair. What's that all going to mean as well? Hey, you're listening to Craig Peterson. Stick around because we'll be right back. We're going to finish this discussion and of course, we got a whole lot more coming up. Stick around. We'll be right back. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16344647

Keeping the new cars up to data -- Mechanics or Software Engineers plus more on this Tech Talk with Craig Peterson Podcast 10/10/2020

Keeping the new cars up to data -- Mechanics or Software Engineers plus more on this Tech Talk with Craig Peterson Podcast Craig discusses new car technology, electric cars, and how long we can expect them to last. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: From a 50,000-mile model T to a 100,000 mile Chevy in the seventies to nowadays we're expecting maybe as much as a half a million or a million miles out of these newest cars. Hi everybody. Welcome back. You're listening to Craig Peterson. Before the break, we were talking a little bit about our cars and we were expecting our cars to not last terribly long back in the day, we have gotten a lot better with our manufacturing. In fact, some people say the cars are designed to start falling apart as soon as the warranty's over, which of course varies based on cars. Some have been longer warranties than others, but. What are we going to expect our newest cars? I'm talking about things like Tesla, Tesla may deliver this year over a half a million vehicles. That is a lot of cars that are out there. California, just announced last month, this effort to phase out the sale of new gas-powered passenger vehicles by 2035. That's only 15 years from now. Not a whole long way away. What are we expecting from these things? Just like with your computer, you expect upgrades, right? Do you expect a new release of software? You remember for many decades you bought a computer and there was a software update. Date, you needed a new version of PCdos or MSdos and you needed a bigger, faster computer. You needed 64 megabytes of Ram instead of what you had before he needed to move from static Ram, which was just too slow to dynamic ram as well. If you're old as I am you remember that and much more from even older computers. That happened through Microsoft's entire life cycle until just a few years ago. Where, when it was an upgrade from windows 3.1, two 95 to 98 to XP. Millennial edition, et cetera. Every time you pretty much had to buy a new computer. Why? because the old computer technology hardware that was in it just could not keep up with the new operating system. Frankly, software programmers are pigs - every last one of them. Yes, I said that and I say they're pigs because they're not paying attention to memory consumption. When you get right down to it, what is cheaper programmers' time or the hardware? I know for many years I was told by my clients as I was designing and writing, operating systems and device drivers and networking code that it was always cheaper to do it software than it was to do it in hardware. So in order to save a quarter-cent on each machine, we would spend an extra few hundred hours working on some of the software that wouldn't get around that fraction of a cent piece on that motherboard. Microsoft doesn't think that way and programmers, nowadays, don't think that way either, because. They're not programming the way we used to program. Nowadays, it's all about drag and drop. We're using languages in our cars that are so far away from the hardware. It doesn't even matter what hardware they run on. We're using languages like Java, for instance, which is just an absolutely amazing language. It certainly has its security problems when you get right down to it. But. Java is designed so that you can run it on a fast mainframe all the way on down through your Android phone. They're all running Java and they could all run pretty much the same code without a whole lot of problems. That's an interesting dilemma when we're talking about cars. Your Microsoft Windows computer, you were probably able to upgrade from windows 7, maybe to 8. Most of the time people bought new computers to go to 8 but upgrading to the next release of Windows 10. Was much easier, wasn't it? Did you have to replace your hardware? I know I did not. My hardware could still support windows 10 from windows seven to 8.1 while 8.0 than 8.1, right in there. 10. That is a very big change in the Microsoft world because these computers were fast enough. Now, of course, that hit and hurt companies like Intel and also AMD. And we're going to talk more about where the hardware is going here in the near future a little bit later, and if you miss it here on the air, make sure you visit me online @craigpeterson.com. You can catch all of the podcasts there and on your favorite podcasting platforms where we talk about, should you buy a new computer now? Should you wait? And why, and where is the technology going? But we've gotten to the point now where a new release of an operating system does not mean you have to have new hardware. That's true on your macs and has been for a long time. That's also true on your windows devices. Every few major operating system releases, you might have to get new hardware. So you're talking five to 10 years, frankly, of support out of that device. Have you thought about your car? Because of these new cars, Tesla is a great example of it. They really own the market. I think they've won the battle, at least for now that might have even won the war for the time being when it comes to owning that whole space of self-driving cars, electric cars, et cetera, they are doing an absolutely amazing job. But that car, that Tesla that's parked in the garage is maybe hooked up to the wifi in your house. It is maybe using the built-in data connection that it has, LTE. We know that Tesla has two processing units in it, completely separate ones. There's a lot of speculation about exactly what they're used for and when I'm not going to get into that right now. That Tesla that you buy today that has really a fancy cruise control that tries to help keep you in the lane. Might be better in a year from now. And how's it going to be better while it might be better in a year from now because that electric car you bought is going to get an upgrade. It's going to get an update and that update may even make it faster, make it use less battery, make it even smarter. Elon Musk says that he already has the software built-in and the hardware in the cars that can handle fully autonomous mode. That'd be an interesting discussion I'd like to have with you guys sometime about what exactly is happening on that end. So the car you buy may be better next year, but how about five years now? How about that upgrade cycle? You have a car that is full of what are basically laptop batteries, a whole bunch of these little batteries, they're all hooked up in parallel and series in order to get to the right voltage and supply the right amount of current. Those batteries just like your laptop, have a limited life. It can only be cycled so many times. Maybe it's a total of a thousand cycles. This is quite a bit, but at some point, those batteries aren't worth much or anything, and they're going to have to be replaced. By the way that is the most polluting part of these electric cars is the manufacturing and transportation of those battery components. But I digress. So you have to replace them at some point. How about these new pieces of software that come out with, or even hardware? For instance, Tesla is completely devoted to using cameras to figure out its autonomous driving mode, versus some of these other cars that are using LIDAR, which is a laser radar combination that does absolutely phenomenal. What happens if Tesla decides, Hey, listen, we just couldn't pull it off with what we had. So we're going to have to add some more hardware. Maybe they need a faster processor, more memory, more storage on another sensor, whatever it might be, then that car has limited use. I bet you'd say so does a 1980 Mercedes diesel. Doesn't it. We're gonna continue this when we get back. So make sure you stick around to listening to Craig Peterson and you can find me of course, online. Just visit me at Craig peterson.com/subscribe. I'll send you my weekly newsletter. I won't pester you. I'm not one of those crazy marketers. Craig peterson.com. That's where you'll find it all. Stick around. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16344593

Right to Repair Ballot Question One in Massachusetts plus more on this Tech Talk with Craig Peterson Podcast 10/09/2020

Right to Repair Ballot Question One in Massachusetts plus more on this Tech Talk with Craig Peterson Podcast Craig discusses Ballot Question 1 coming up in Massachusetts in the next two weeks and a take you may not have been expecting. Tune in. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: So with our fancy electronic cars driving around and our electric cars driving around, how do you repair them? Should you have the right to repair those vehicles? That's the question they're asking in Massachusetts next month. Hi guys. You are listening to Craig Peterson. These cars, the Tesla has been on the market now for quite a few years, back in 2013, Massachusetts voted here on this right to repair legislation. The idea was that these car manufacturers should not keep you out of your vehicle while working on it. Having just a regular car guy, car shop, whoever it is, you got a gal that does it? You could not have them mess with your car and still retain the warranty, in many cases. So they changed that law. Now we have these cars that thankfully are 90% software. What do we do now? The reason I said 90% software is, of course, you've got the chassis, right? You've got the suspension. You've got a steering wheel. You have a gas pedal. You have a brake pedal. You have a motor or motors depending on the vehicle that's all mechanical. That's all parts and pieces. Some of them move. Some of them don't move. Don't forget about the brakes, but every last one of those things is controlled by computer, even in a standard car, nowadays. I've ranted and raved about how I'll never drive a Volvo because they make assumptions about when the car should take over. It's kind of true for every vehicle. That steering wheel probably does not have a mechanical linkage to those front wheels on your car. Did you know that? Turning that steering wheel, all that's really doing is setting off a sensor in the steering column. That brake pedal almost certainly is not connected to the brakes on your car. Right? It used to be, you push it down. There's a diaphragm created pressure. They use that to amplify through hydraulic pressure to the brakes, and then the brakes would grab whatever type of brakes you had. Right? Sometimes it was strictly mechanical as well, without that hydraulic assist in there. Same thing with the steering wheel, that gas pedal is guaranteed to not be hooked up directly to the engine. Used to be you'd push down the gas pedal and what would it do? It would change some valves in the carburetor or a little bit later on in the fuel injector and feed the fuel into the car nowadays. All it is is a rheostat or potentiometer. Just a little dial like you might have on your television that is being manipulated. Buy that gas pedal, go, and have a look. Next time. You're there down there, cleaning out the car, getting rid of all of that salt from the wintertime, looking down at that car. And when you're down on the floor, the driver's side. Look at where the gas pedal is, but you can see this more, obviously in most cars on the gas pedal and the brake pedal look up, you'll see the linkage just goes to a little dial. Well, most of the time now, That's all well and good, but what it means is our cars no longer have that mechanical linkage. If you go to my Mercedes, my 1980 Mercedes diesel, you will see mechanical linkages to everything. When I push on that accelerator, there is a steel rod that goes up under the hood of the vehicle that tilts forward control on the fuel injectors that inject the diesel into the cylinders. It is absolutely something that you can look at. If it's jammed, you can look and see why you can replace a bearing. You maybe add a little grease here or there, you can straighten out a bent rod. But when it's software, what can you do? How much can you tinker with it? And if you tinker with it, what's going to happen? Now with motor vehicles, it's become pretty obvious over the years, whoever touched it, whoever broke it, whoever caused an accident to occur, is the person or company, liable for the accident. So for repairs, damages, whatever might be involved. How about an electric car? That's self-driving who carries the insurance, who has the liability. I think you know. I personally would carry insurance just in general, right? Some broad-based insurance, but is Tesla responsible for this? When that Tesla car hits someone who's responsible? We know what just happened in Phoenix within the last month where charges were brought against a driver that was sitting there in one of these autonomous vehicles. It was driving down the road and hit a lady on a bicycle. As I recall, as she was crossing the road. Now the car didn't properly detect what was happening, so it did not stop in time. The driver apparently wasn't paying attention, right? Drivers in quotes, air quotes, because obviously, they weren't paying attention. So that driver got charged and it's not going to be fun for that driver. When that vehicle truly is represented to be autonomous, what happens when there is no more steering wheel in the vehicle, or whose responsible? You probably can say the manufacturer's responsible for it. If you have the right to repair your vehicle, what does that mean? How far does that go? If you tinker with your vehicle and the software in it? You might burn out the electric motor, just like changing the chip and your engine might damage the engine, my damage to the valves, or whatever might get damaged. At that point you take it in, they look at it, the dealer manufacturer says, hey, you broke it. It's yours. We're not fixing it or at least we're not going to pay to fix it. You can pay. So what happens now with an electric vehicle? And what happens when you trace that liability down and say, okay, who's responsible here. What happens if that person who's responsible is you because you had the right to repair and you went a little further than might be prudent. This is an example of the law outpacing technology. Usually, the law is behind the technology. It's usually years behind technology. And that makes sense. That gives the technology a bit of a chance to get established and then once its established then the technology can be rolled out and we know what the laws should be because you never know what's going to happen until it happens. Now, personally, I think we have far too many laws and some basic rules or laws about liability are probably all we need. We don't need laws about every little bit of liability, but there are a lot of questions that would need to be answered. That's where the judiciary can come in, not to make laws certainly, but to interpret the law, and say that law means you cannot kill someone negligently and therefore it's your problem and can get that all resolved. So that has years to come. So you can see I think, how this all relates to this 2020 Massachusetts question one ballot initiative. This is the sort of thing we're starting to see all over the country here. How can traditional independent automotive repair shops, aftermarket parts, suppliers, home, tinkerers, and mechanics? How are they going to function as part of the automotive ecosystem? This ballot initiative aims to enact a law that makes vehicle-specific data for opening connectivity available to anyone. For the purposes in this case of quotes, maintaining, diagnosing, and repairing the motor vehicle. So interesting problems in trust and repurposing it. Personally, I think it's a safety threat. I think it's a little too ahead of the game. Hey, when we get back, we've got a lot more to talk about. We are going to talk about Ring a little bit here and there. Latest security cameras. I don't know if you've been following this market much lately, but this is pretty cool. You'll find out more about this by going online. Craig Peterson dot com --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16344536

Ring has a New Home security Drone plus more on this Tech Talk with Craig Peterson Podcast 10/09/2020

Ring has a New Home security Drone plus more on this Tech Talk with Craig Peterson Podcast Craig discusses a new home security device from Ring. The always-on home cam -- get this... it is a drone. Then he talks about Elon Musk and his 25,000 Completely Autonomous Tesla he will have in 3 years. Plus, you better think twice, or three times before paying that ransom to get your data back. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: You've been looking for a home security system. We've talked about a few of them on the show before. Right now we're going to be talking about a completely different approach to home security and what Ring's latest camera is all about. Hi everybody. Craig Peterson here. Thanks for joining me. Okay. Ring has been around for a while. As I recall Ring was purchased, two, three years ago by our friends over at Amazon. They have some interesting security stuff and they've certainly had their fair share or share of computer problems, security problems here over the years who hasn't, right? This is what's being called a true ambitious new home security device. This thing is really cool. It sits there. It just, it says Ring on the front. it's just a little square almost. The device has got rounded corners, so looks very nice. And it's got a little light button on it. One of those little Rings, which is always cool, but it's called the always home cam. And this thing reminds me a little bit of a movie that I've enjoyed many times called Tron from way back when. You might even remember these flying T things, although they had two legs on them and they flew around, that's what this Ring looks like. It is an autonomous and manual little Quadrocopter, and it is designed where all of the blades are completely hidden if you will. So they're not going to run into anything. They're not going to hurt anything or anyone and hanging beneath these four enclosed blades is a thing like a pack of gum. You remember the old packs of gum, the long thin ones. That's it looks like underneath these four blades. So the idea is you pay them 250 bucks and you plug this thing in, you're going to have to configure it obviously, but it is this little, I guess a Quadrocopters, how I describe it that sits in its charging base. Now, when it's in the charging base, it's the tail, the long downward part of the T that sits completely immersed in the charging base. So this charging Base goes all the way up around the base of the Quadrocopter. And it's just the blades that are exposed on top. What it has on that is a camera. I imagine it probably also has a microphone. It doesn't say, but it has a little camera. So when it's in the dark it's charging and that camera is not active. Even if it was it wouldn't be able to see anything. But what's really cool about this thing is that it can provide you with viewpoints throughout your house. You don't need multiple cameras anymore. The Rings founder's name is Jamie Siminoff. And he's also the chief inventor said that Ring has spent the last two years called focused on the development of the device. And that it is an obvious product that is very hard to build. And thanks to advancements in drone technology. Ring pulled it off. They're not available yet. It's called the "always home cam." So I'm keeping an eye out for this thing. It is quite cool. It, you can program it what path to take, where it can go. When you first get it, you build a little map of your home for it to follow. And it asks you for specific viewpoints, such as the kitchen or the bedroom, and the drone can be commanded to fly on-demand or programmed to fly when a disturbance is detected. So you might have a Ring alarm system you in that might include a window opening sensor door, opening sensor. So this little drone can fly up in the air. When it detects someone trying to break in and off it goes, isn't that cool? The drum makes an audible noise when it's flying. Of course, it's small and it's got all these little blades for little blades. So it's obvious when footage is being recorded. I'm looking at a picture of her right now. It's very cool. Indoor only it's got high Def Ten-Eighty P video. It only records when it's in flight, the propellors are enclosed and integrates with the Ring alarm. So if you are a Ring fan, Check it out. If you're looking for home security, it is not a bad thing. If you are a business, do not buy Ring. Okay. Because there are real security problems with some of these devices. They are not certified for use in any business that has any federal contacts. In the near future, it's all being disallowed. So just keep that in mind as well. If you're looking to buy security stuff. Also the cheap security stuff we have found backdoors in. Chinese spies that they're just getting in and they are messing around. So be careful of the Panda out there that is the bottom line. Now we were talking about Teslas earlier, autonomous cars, electric cars. I got to add this. I was thinking about it as we were talking, but Elon Musk announced just about two weeks ago some amazingly aggressive plans. He has built a big battery plant. You probably know about that. I think that was in New Mexico or Nevada. I can't remember. Might be in Nevada. His whole goal behind all of this is to just slash the costs of producing batteries. And he says, Elon Musk, that is that within three years, he's going to have a fully autonomous electric vehicle for $25,000. Isn't that absolutely amazing? Now they were expecting that he would be announcing a million-mile battery, which would be, wow! If he had a million-mile battery and a $25,000 Tesla, I would buy it. I would sell some of the other cars and buy them. They also announced a car that has over a 500-mile range. You're going to have to use one of their supercharge to get that thing charged back up again. But it's absolutely amazing. Could you imagine that a $25,000 electric vehicle battery operated to the market within three years now, the other giveaway from this, because he said it would be autonomous that means, by the way, he has a goal of an autonomous vehicle within three years? So that's another thing to consider. So the model asks the three, my daughter just bought a Tesla Model three, and she's barely used it yet, but she's absolutely loved with it. It is cool. There's no doubt. It is very cool, technology here. I got to hit this before the hour runs out and that is that paying ransomware could land you in jail. This is a fascinating article, came out in about a week ago in ARS Technica, and Dan Golden wrote this thing, but I agree with him. I have many times had to advise people not to pay ransoms for their data and most of the time I have to admit they went and they paid the ransom. Even these companies that say that they can get your data back by scripting it, breaking the encryption, et cetera. Even those companies, well, a large percent of them, not all of them, the percentage of them are actually paying the ransom behind the scenes. So you pay them 50 grand and they pay the 20 grand 40 grand ransom and they make a cool 10 grand right off the bat. Right now. I've got to also mention that there are a couple of websites out there that are dedicated to helping you break the encryption on ransomware. If you do have your data ransomed, now I'm talking about its encrypted and they say, if you want to ever see it again, you pay us. That's different than having ransomware to actually extortion saying, we stole all of your data. Then we encrypted it. And unless you pay this extortion money, not only are you not going to get your data recovered on your computers, but we are going to release everything that we stole, which is your client lists, on and on. We're going to release that to the worldwide internet. Most companies say, Oh no, don't do that. we'll pay, we'll pay. I can understand that. Statistics I've seen right now, I think it's a little less than 50% of companies are paying the ransoms. Now, part of the reason when I say not to pay the ransoms is you, don't want to encourage these guys. They are stealing your data. You have your intellectual property that you have spent a lifetime building, right? Or a career building it's not something that really they should be having access to and you don't want to encourage them. One of the things that these bad guys have found. Is, if they can get you to pay a ransom today, they can get you to pay a ransom in a couple of weeks. So they'll try and hit you again because it takes most companies a while. And to bring in security managed security company like mine takes a while to get everything locked down. Usually what we'll do in that case, is we'll come in, just lock the heck down then try and restore them from backup. Hopefully, their backups are good. I got to say 80% of the time, the companies that think they have backups do not have good backups and it can't all be restored. Plus the time it takes to restore them, you got to factor all of this in. Treasury Department officials said in an official advisory published last Thursday that these bad guys are part of as designated sanctioned nexus, which means you are paying a ransom to an organized criminal or to a blocked person list. There prohibited lists, Cuba, Iran, North Korea, other countries that it is forbidden for you to do business with. So guess what ends up happening then if you pay ransoms law enforcement officials can now charge you. The treasury department, says they're going to. So keep an eye out for that. Make sure you stick around because we'll be back here after the top of the hour. Check out my website, Craig peterson.com. There's a whole lot of information there as well for you. And we're going to talk about the future of computers and it has nothing to do with Intel, nothing to do with AMD, at least the way it looks right now. So stick around and we'll tell you about upgrading your Windows machine or your Mac because it's all changing. You're listening to Craig Peterson. Stick around. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16344485

New faster chip architecture coming to a computer near you ... soon 10/09/2020

New faster chip architecture coming to a computer near you ... soon Craig discusses the new firmware architecture being used in the newer computers and laptops and why this architecture is preferred. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Hey, we've been talking about how computers are everywhere. What can we expect from our computerized cars? What can we expect from computers? Intel has had a monopoly with Microsoft called the Wintel monopoly. Hi everybody. You're listening to Craig Peterson. So if you missed part of today's show. Make sure you double-check and also make sure you are on my newsletter list. I'm surprised here how every week I get questions from people and it's great. That's it. I love to help. I was asked when I was about 19 to read this little book and to also to fill out a form that said what I wanted on my headstone. That's it heady question to ask somebody at 19 years of age, but I said that this was pretty short and sweet. I said, "he helped others." Just those three words, because that's what I always wanted to do. That's what I always enjoyed doing. You can probably tell that's why I'm doing what I'm doing right now is to help people stop the bad guys and to make their lives a little bit better in the process, right? That's the whole goal. That's the hope anyway. If you need a little help, all you have to do is reach out. Be glad to help you out. Just email me M E at Craig Peterson dot com. Or if you're on my email list, you'll get all of my weekly articles, everything I talked about here on the show, as well as my during the week little emails that I send out with videos that I've been doing. I've been putting more together. Didn't get any out this week I had planned to, but I probably will get them out next week. I was able to make a couple of this week and we'll queue them up for the coming week, but you'll get all of that. So just go to. Craig peterson.com/subscribe. You'll find everything there. As part of all of that of course, you will also be getting information about the training that I do. I do all kinds of free training and webinars, and I've got all kinds of reports. One of the most popular ones lately has been my self-audit kit. It's a little tool kit that you can use to audit it, your business and see if you are compliant. It's just a PDF that you can take from the email that I send you. If you ask for it, all you have to do is ask for an audit kit, put that in the subject line, and email me@craigpeterson.com and we'll get you going. So I've had a few people who have this week said, Hey, can you help me out? What do I do? I help them out. It turns out when I'm helping them out, they're not even on my email list. So I'll start there. If you're wondering where to start, how to get up to speed a little bit, right? You don't have to know all of this stuff like the back of your hand, but you do have to have the basic understanding. Just go online. And a sign-up Craig peterson.com/subscribe would love to have you there. Even when we get into the ice station zebra weather here coming up in not so long, unfortunately, in the Northeast. When you're thinking about your computer and what to buy. There are a lot of choices. Of course, the big ones nowadays are a little different than they were just a few years ago. Or a couple of years ago, you used to say, am I going to get a Windows computer, or am I going to get a Mac now? I think there's a third choice that's really useful for most people, depends on what you're doing. If what you do is some web browsing, some email, and also might do a couple of things with some video and pictures and organizing you really should look at the third option. Which is a tablet of some sort and that is your iPad. Of course, the number one in the market, these things last a long time. They retain their value. So their higher introductory price isn't really a bad thing. And they're also not that much more expensive when you get right down to it and consider the resale value of them. So have a look at the tablet, but that's really one of the three major choices also today when you're deciding that you might not be aware of it, but you are also deciding what kind of processor you're going to be using. There is a lot of work that's been done going on arm processors. What they are called A R M. I started working with this class of processor, also known as RISC, which is reduced instruction set processors, many years ago, back in the nineties. I think it was when I first started working with RISC machines. But the big difference here is that these are not Intel chips that are in the iPads that are in or our iPhones, they aren't Intel or AMD processors that are in your Android phones or Android tablet. They're all using something that's called ARM architecture. This used to be called advanced risc machine acorn risk machine. They've been around a while, but ARM is a different type of processor entirely then Intel. the basic Intel design is to try and get as much done with one instruction as possible. So for instance, if you and I decided to meet up at a Dunkin donuts, I might say, okay, so we're going to go to the Duncan's on Elm Street, but the one that's South of Main Street, and I'll meet you there at about 11 o'clock. And then I gave you some of the directions on how to get to the town, et cetera. And so we meet at dunks and to have a good old time. That would be a RISC architecture, which has reduced instructions. So you can tell it, okay, you get to take a right turn here, take a left turn there. In the computing world, it would be, you have to add this and divide that and then add these and divide those and subtract this. Now to compare my little dunk story. What you end up doing with an Intel processor or what's called a CISC processor, which is a complex instruction set, is we've already been to dunks before that dunks in fact, so all I have to say is I'll meet you at dunks. Usual time. There's nothing else I have to say. So behind all of that is the process of getting into your car, driving down to dunks the right town, the right street, the right dunks, and maybe even ordering. So in a CISC processor, it would try and do all of those things with one instruction. The idea is, let's make it simple for the programmer. So all of the programmers have to do if the programmer wants to multiply two double-precision floating-point numbers, the programmer that if he's just dealing with machine-level only has to have one instruction. Now those instructions take up multiple cycles. We can. Get into all the details, but I think I've already got some people glazing over. But these new ARM processors are designed to be blindingly fast is what matters. We can teach a processor how to add, and if we spend our time figuring out how to get that processor to add faster. We end up with ultimately faster chip and that's the theory behind risk or reduced instruction set computers, and it has taken off like wildfire. So you have things like the iPad pro now with an arm chip that's in there designed by Apple. Now they took the basic license with the basic ARM architecture and they've advanced it quite a bit. In fact, but that Ipad processor now is faster than most laptop processors made by Intel or AMD. That is an impressive feat. So when we're looking a little bit forward, we're no longer looking at machines that are just running an Intel instruction set. We're not just going to see, in other words, the Intel and AMD inside stickers on the outside of the computer. Windows 10 machines running on ARM processors are out already. Apple has announced arm based laptops that will be available very soon. In fact, there is a scheduled press conference. I think it's next week by Apple, the 15th. Give or take. Don't hold me to that one, but they're going to have a, probably an announcement of the iPhone 12 and maybe some delivery dates for these new ARM-based laptops. So these laptops are expected to last all day. Really all day. 12 hours worth of working with them, using them. They're expected to be just as fast or faster in some cases as the Intel chips are. So ARM is where things are going. We already have the Microsoft updated surface pro X. That was just announced about two weeks ago, which is ARM-based. We've gotten macs now coming out with their ARM-based versions. In fact, I think they're going to have two of them before the end of the year. Both Apple and Microsoft are providing support for x86 apps. So what that means is the programs that you have bought that are designed to run on an Intel architecture will run on these ARM chips. Now, as a rule, it's only the 64-bit processes that are going to work. The 32-bit processes, if you haven't upgraded your software to 64 bits yet you're gonna have to upgrade it before you can do the ARM migration. We're going to see less expensive computers. Arm chips are much cheaper as a whole than Intel. Intel chips are insanely high priced. They are also going to be way more battery efficient. So if you're looking for a new computer. Visual studio code has been updated optimized for windows 10 on ARM. We're going to see more and more of the applications coming out. And it won't be long, a couple of years now, you will have a hard time finding some of the Intel-based software that's out there. Hey, you're listening to Craig Peterson. Stick around. Cause we'll be right back and "it won't happen to me." That's our next topic. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16344452

Yes it will happen to you, believe it or not plus more on this Tech Talk with Craig Peterson Podcast 10/09/2020

Yes it will happen to you, believe it or not plus more on this Tech Talk with Craig Peterson Podcast Craig discusses the problem that many businesses face -- employee apathy and lack of security awareness. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: We've got companies who are investing a lot of money to upgrade the technology, to develop security processes, boost it. Staff yet studies are showing that they're overlooking the biggest piece of the puzzle. What is the problem? Hey everybody. You're listening to Craig Peterson. Employee apathy has been a problem for many businesses for a very long time. Nowadays, employee apathy is causing problems on the cybersecurity front. As we've talked about so many times, cybersecurity is absolutely critical. For any business or businesses are being attacked sometimes hundreds of times, a minute, a second, even believe it or not. Some of these websites come under attack and if we're not paying close attention, we're in trouble. So a lot of companies have decided while they need to boost their IT staff. They've got to get some spending on some of the hardware that's going to make life. Better. And I am cheering them on. I think both of those are great ideas, but the bottom line problem is there is million-plus open cybersecurity it jobs. So as a business, odds are excellent that you won't be able to find the type of person that you need. Isn't that a shame? But I've got some good news for you here. You can upgrade the technology that's going to help. But if you upgrade the technology, make sure you're moving towards, what's called a single pane of glass. You don't want a whole bunch of point solutions. You want something that monitors everything. Pulls all of that knowledge together uses some machine learning and some artificial intelligence and from all of that automatically shuts down attacks, whether they're internal or external, that's what you're looking for. There are some vendors that have various things out there. If you sell to the federal government within three years, you're going to have to meet these new requirements, the CMMC requirements, level three, four, level five, which are substantial. You cannot do it yourself, you have to bring in a cybersecurity expert. Who's going to work with your team and help you develop a plan. I think that's really great, really important, but here's where the good news comes in. You spent an astronomical amount of money to upgrade this technology and get all of these processes in place and you brought in this consultant, who's going to help you out. You boosted your IT staff. But studies are starting to indicate that a lot of these businesses are overlooking the biggest piece of the puzzle, which is their employees. Most of these successful attacks nowadays are better than 60%, it depends on how you're scoring this, but most of the attacks these days come in through your employees. That means that you clicked on a link. One of your employees clicked on a link. If you are a home user, it's exactly the same thing. The bad guys are getting you because you did something that you should not have done. Just go have a look online. If you haven't already make sure you go to have I been poned.com. Poned is spelled PWNED Have a look at it there online and try and see if your email address and passwords that you've been using have already been compromised. Have already been stolen. I bet they have, almost everybody has. Do you know what to do from that? This is part of the audit kit that I'll send to you. If you ask for that. Kind of goes through this and a whole lot of other stuff. But checking to see if your data has been stolen, because now is they use that to trick people. So they know that you go to a particular website that you use a particular email address or password. They might've been able to get into one of these social networks and figure out who your friends are. They go and take that information. Now a computer can do this. They just mine it from a website like LinkedIn, find out who the managers in the company are. And then they send off some emails that look very convincing, and those convincing emails get them to click. That could be the end of it. Because you are going somewhere, you shouldn't go and they're going to trick you into doing something. Knowledge really is the best weapon when it comes to cybersecurity. A lot of companies have started raising awareness among employees. I have some training that we can provide as well. That is very good. It's all video training and it's all tracked. We buy these licenses in big bundles. If you are a small company contact me and I'll see if I can't just sneak you into one of these bundles. Just email me @craigpeterson.com in the subject line, put something like training, bundle, or something. You need to find training for your employees and their training programs need to explain the risk of phishing scams. Those they're the big ones. That's how most the ransomware it gets into businesses is phishing scams. That's how ransomware gets down to your computers. You also need to have simulations that clarify the steps you need to take when faced with a suspicious email. Again, if you want, I can point you to a free site that Google has on some phishing training and it's really quite good. It walks you through and shows you what the emails might look like and if you want to click or not. But there's a lot of different types of training programs. You've got to make sure that everybody inside your organization or in your, the family is educated about cybersecurity. What do you do when you get an email that you suspect might be a phishing email? They need to know that this needs to be forwarded to IT, or perhaps they just tell IT, Hey, it's in my mailbox, if IT has access to their mailbox, so IT can look at it and verify it. You need to have really good email filters, not the type that comes by default with a Microsoft Windows 365 subscription, but something that flags all of this looks for phishing scams and blocks them. There's been a ton of studies now that are showing that there is a greater awareness of cybersecurity dangers, but the bottom-line problem is that employees are still showing a lax attitude when it comes to practicing even the most basic of the cybersecurity prevention methods. TrendMicro, who is a cybersecurity company. We tend to not use their stuff because it's just not as good. But TrendMicro is reporting that despite 72% of employees claim to have gained better cybersecurity awareness during the pandemic 56% still admitted to using a non-work application on a company device. Now that can be extremely dangerous. 66% admitted uploading corporate data to that application. This includes, by the way, things like using just regular versions of Dropbox. Do you share files from the office and home? Dropbox does have versions that are all that have all kinds of compliance considerations that do give you security. But by default, the stuff a home user does not get the security you need. They're doing all of this even knowing that their behavior represents a security risk. And I think it boils right down to, it's not going to happen to me. Just apathy and denial. So same thing I've seen, being a security guy for the last 30 years, I've seen over and over, apathy and denial. Don't let it happen to them. By the way, about 50% believe that they could be hacked no matter what protective measures are taken. 43% took the polar opposite. They didn't take the threat seriously at all. 43% didn't believe they could be hacked. Some interesting numbers stick around. When we get back, we're going to talk about Mac OS is driving cybersecurity rethink. We'll be right back. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16344401

MacOS Malware and the Importance of Keeping Systems and Apps up to date plus more on this Tech Talk with Craig Peterson Podcast 10/09/2020

MacOS Malware and the Importance of Keeping Systems and Apps up to date plus more on this Tech Talk with Craig Peterson Podcast Craig discusses the oversharing attitudes of Millennials and Generation Z, and the importance of paying attention to our networks, how it can lead to malware in businesses, and what can be done to stop it. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: By the way, to follow up on that last segment. So Millennials and Generation Z are terrible with security. They keep reusing passwords. They accept connections with strangers. Most of the time. If that's not believable, I don't know what it is. They've grown up in this world of share everything with everyone. What does it matter? Don't worry about it. Yeah. I guess that's the way it goes. Right? Kids these days. Which generation hasn't said that in the past? You're listening to Craig Peterson. Thanks for joining me today. We were just talking about millennials, generation Z, and the whole, it won't happen to me, employee apathy, and we've got to stop that. Even within ourselves, right? We're all employees in some way or another. What does that mean? It means we've got to pay attention. We've' got to pay a lot of attention, and that isn't just true in the windows world. Remember, we've got to pay attention to our network. It would be best if you were upgrading the firmware on your switches, definitely upgrading the software and firmware in your firewalls and your routers, et cetera. Keep that all up to date. Even as a home user, you've got a switch or more than one. You've got a router. You've got a firewall in many cases, that your ISP internet service provider provides equipment. If you've got a Comcast line or a FairPoint, whatever, it might be coming into your home, they're providing you with some of that equipment, and you know what their top priority is not your security. I know. Shocker. Their top priority is something else. I don't know, but it sure isn't security. What I advise most people to do is basically remove their equipment or have them turn off what's called network address translation. Turn off the firewall and put your own firewall in place. I was on the phone with a lady that had been listening to me for years, and I was helping her out. In fact, we were doing a little security audit because she ran a small business there in her home. I think she was an accountant if I remember right. She had her computer hooked up directly to the internet. She misunderstood what I was saying. I want to make this clear what I'm saying here. People should still have a firewall. It would be best if you still had a router, but you're almost always better off getting a semi-professional piece of hardware. If you will, the prosumer side, something like the Cisco GO hardware, put that in place instead of having the equipment that your ISP is giving you. We've got to keep all of this stuff up to date. Many of us think that Macs are invulnerable, Apple Macintoshes, or Apple iOS devices, like our iPhones and iPads. In many ways, they are. They have not been hit as hard as the Windows devices out there. One of the main reasons is they're not as popular. That's what so many people that use Windows say you don't get hit because you're just not as popular. There is some truth to that. However, the main reason is that they are designed from the beginning with security in mind; unlike Windows, security was an absolute afterthought for the whole thing. Don't tell me that it's because of age. Okay. I can hear it right now. People say, well, Mac is much, much newer than Microsoft Windows. Microsoft didn't have to deal with all of this way back when. How I respond to that is, yeah. Microsoft didn't have to deal with it way back when it wasn't connected to a network and your viruses coming in via floppy desk. Right? They really were. In fact, the first one came in by researchers. Apple's operating system is much, much older than windows and goes back to the late 1960s, early 1970s. So you can't give me that it is just that they didn't care. They didn't care to consider security at all, which is still one of my soapbox subjects if you will. Security matters. When we are talking about your Macs, you still have to consider security on a Mac. It's a little different on a Mac. You're probably want to turn on some things. The windows come with the firewall turned on; however, it has all of its services wide open. They're all available for anybody to attach to. That's why we have our windows hardening course that goes through, what do you turn off? How do you turn it off? What should you have in the windows firewall? Now the Mac side, all of these services turned off by default, which is way more secure. If they're not there to attack, they're not going to be compromised. Right. They can't even be attacked in the first place. So I like that strategy, but you might want to turn on your firewall on your Mac anyways. There are some elegant little features and functions in it. But the amount of malware that's attacking Apple Macintoshes, nowadays, is twice as much as it used to be. We've got these work from home people. We've got IT professionals within the companies, just scrambling to make it so that these people working from home can keep working from home. It's likely a permanent thing. It's going to be happening for a long time. But these incidents of malware on the Mac is pretty limited in reality. The malware on a Mac is unlikely to be any ransomware or software that particularly steals things like your Excel files or your Word docs on a Mac, and I should say it is much more likely to be outerwear. It's much more likely to be. Adware or some other unwanted programs, and that's what's rising pretty fast on Macs. Mac-based companies are being concerned here about cybersecurity issues. They are paying more attention to them. They're windows based counterparts have had to deal with a lot of this stuff for a long time because they were targets. So we've got to divide the Mac really into two pieces, just like any other computer. You've got the operating system with its control over things like the network, et cetera. Then you have the programs or applications. That is running on that device. So you want to keep both of them secure. The applications running on your device, Apple's done a much, much better job of sandboxing them. Making them so that they're less dangerous. The latest release, in fact, Catalina had a lot of security stuff built into that. Microsoft and Windows 10 added a lot more security. So that's all really, really good. Now, if you have to maintain a network of Macs, we like IBM software. They have some great software for managing Macs, but if you want something inexpensive and very usable to configure Macs and control the software on them. Have a look at JAMF, J A M F. They just had their user's conference this last weekend. They were talking about how the landscape has changed over on the Mac side. All right. We've got one more segment left today, and I'm going to talk about these cybersecurity frameworks. What should you be using? If you are a business or a home user, what are those checkboxes that you absolutely have to have to use? You're listening to Craig Peterson. Stick around. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16344074

Cybersecurity Audits, CMMC, Department of Defense SubContractors plus more on this Tech Talk with Craig Peterson Podcast 10/09/2020

Cybersecurity Audits, CMMC, Department of Defense SubContractors plus more on this Tech Talk with Craig Peterson Podcast Craig discusses Cybersecurity Audits, Compliance, NIST Standards, CMMC, and what is expected of the Department of Defense Contractors and Sub-contractors in this segment. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: You might've heard about cybersecurity frameworks? Well, the one that's most in use right now is the NIST cybersecurity framework that helps guide you through the process of securing your business or even securing your home. That's our topic. Hi everybody. Craig Peterson here. It's a great time to be out on the road and kind of checking in. Of course, you can find me online at craigpeterson.com. We've got security threats that have been growing quite literally. Exponentially. They are really making a lot of money by extorting it from us, stealing it from us. It's nothing but frustration to us. It's never been more important to put together an effective cybersecurity risk management policy. That's true if you're a home user and you've got your yourself and your spouse and a kid or two in the home. Have a policy and put it together. That's where NIST comes in handy. NIST is the National Institute of standards and technology they've been around for a long time. They've been involved in cryptography. These are the guys and gals that give us accurate clocks. In fact, we run two clocks here that we have for our clients, which are hyper-accurate. It's crazy it down to the millionth of a second. It's just amazing. That's who NIST is. They've put all these standards together for a very, very long time, but just before March, this year, It was reported that about 46 percent of businesses had suffered cyber attacks in 2019. That was up 10% from the year before. Of course, we've all been worried about the Wuhan virus, people getting COVID-19, it is a problem. The biggest part of the problem is everybody's worried about it. Nobody wants to go to work. They don't want to go out to a restaurant. They don't want to do any of these things. You as a business owner are worried about how do you keep your business doors open? How do you provide services to the customers you have when your employees won't come in or cooperate or were paid more to stay at home than they would be to come back to work. I get it right. I know I'm in the same boat. Well, because of that we just have not been paying attention to some of the things we should be doing. One of the main ways that business people can measure their preparedness and their progress in managing cyber security-related risks, is to use the cybersecurity framework that is developed by NIST. It is a great framework. It provides you with different levels. The higher-end, the framework that is used by military contractors. Nowadays, we've been helping businesses conform to what's called NIST 800-171 and 800-53 High, which are both important and cybersecurity standards. So if you really, really, really need to be secure, are those are the ones you're going to be going with. Right now, no matter how much security you need I really would recommend you checking it out. I can send you information on the NIST framework. I have a little flow chart. I can send you to help to figure out what part of the framework should you be complying with. It also helps you figure out if you by law need to be complying with parts of the framework. It will really help you. It's well thought out. It's going to make you way more efficient as you try and put together and execute your cyber risk management policy. Remember cyber risk, isn't just for the software that you're running, or the systems you're running. It's the people, it includes some physical security as well. Now President Trump has been very concerned about it. I'm sure you've heard about it in the news. As he's talked about problems with TicTok and with Huawei and some of these other manufacturers out there. Huawei is a huge problem. Just absolutely huge. One of these days I can give you the backstory on that, but how they completely destroyed one of the world leaders in telecommunications technology by stealing everything they had. Yeah. It's a very sad story company you may have heard of, founded over a hundred years ago. They're non-regulatory but they do publish guides that are used in regulations. So have a look at them, keep an eye on them. They have to help federal agencies as well. Meet the requirements is something called the federal information security management act called FISMA and that relates to the protection of government information and assets. So if you are a contractor to the federal government, pretty much any agency, you have physical requirements. So think about that. Who do you sell things to? When you're also dealing with the federal government they look at everything that you're doing and say, are you making something special for us? If you are, there are more and higher standards that you have to meet as well. It just goes on and on, but this framework was created by NIST ratified by Congress in 2014. It's used by over 30% of businesses in the US and will probably be used by 50% of businesses in the US this year. So if you're not using them you might want to have a look at them. It's big companies like JP Morgan, Chase, Microsoft, Boeing, and Intel who meet a much higher standard than most businesses need to meet. A lot of businesses all you need to meet is what's called the CMMC one standard. You'll find that at NIST as well. And there are much higher levels than that up to level five, which is just, wow. All of the stuff that you have to keep secured looks like military level or better, frankly security. There are other overseas companies that are using it too, by the way in England, in Japan, Canada, many of them. I'm looking at the framework right now. The basic framework is to identify, protect, detect, respond, and recover. Those are the main parts of it. That's you have to do as a business in order to stay in business in this day and age, they get into it in a lot more detail. They also have different tiers for different tiers that you can get involved in. Then subcategories. I have all of this framework as part of our audit kit that I'll send out to anybody that asks for it that's a listener. All you have to do is send an email to me, M E @craigpeterson.com, and then the subject line, just say audit kit and I'll get back to you. I'll email that off to it's a big PDF. You can also go to NIST in the online world and find what they have for you. Just go to NIST, N I S T.gov, The National Institute of Standards and Technology, and you'll see right there, cybersecurity framework, it's got all of the stuff there. You can learn more here if you want. If you're new to the framework they've got online learning. They are really working hard to try and secure businesses and other organizations here in the US and as I said used worldwide. It's hyper, hyper important. It's the same framework that we rely on in order to protect our information and protect our customer's information. So NIST, N I S T.gov, check it out. If you missed it today, you're going to want to check out the podcast. Now you can find the podcast on any of your favorite podcasting platforms. It is such a different world. Isn't it? We started out today talking about our cars. Our cars now are basically big mechanical devices ever so complex with computers, controlling them. But the cars of tomorrow that are being built by Tesla and other companies, those cars are absolutely amazing as well, but they're frankly, more computer than they are mechanical car. So what should we expect from these cars? I'm talking about longevity here. We expect a quarter-million miles from our cars today. Some of these electric vehicles may go a half a million or even a million miles in the future. When they do that, can we expect that? Our computers get operating system updates and upgrades, for what five years give or take? If you have an Android phone, you're lucky if you get two years' worth of updates. Don't use Android, people. It's just not secure. How about our cars? How long should we expect updates for the firmware in our cars? So that's what we talked about first, today. Ring has a new security camera that is absolutely cool. It's called the always home cam. I talked about it earlier. It is a drone that flies around inside your house and ties into other Ring equipment. I think it's absolutely phenomenal and it's not quite out yet, but I'll let you know more about that. If you get ransomware and you pay the ransom, the feds are saying now that you are supporting terrorist organizations. You might want to be careful because they are starting to knock on doors, and there's jail time behind some of these things. So watch it when it comes to ransomware and a whole lot more as well. So make sure you visit me online. Go to Craig peterson.com/subscribe. It's very important that you do that and do that now. So you'll get my weekly newsletter. I've got some special gifts, including security, reboot stuff that I'll send to you right away. Craig peterson.com/subscribe. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16343948

AS HEARD ON: WGAN Mornings News with Matt Gagnon: Business Cybersecurity, Work at Home, Employee Training and Paying Ransom 10/08/2020

AS HEARD ON: WGAN Mornings News with Matt Gagnon: Business Cybersecurity, Work at Home, Employee Training and Paying Ransom Good morning everybody! I was on WGAN this morning with Matt Gagnon, and we began talking about Cybersecurity and Businesses. We discussed some of the new Federal Regulations and how they are cracking down on businesses. We discussed some of the problems with work at home and then we discussed Cybersecurity training and Ransomware and why the Federal Government is now charging companies who pay ransoms Let's get into my conversation with Matt on WGAN. These and more tech tips, news, and updates just visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig Peterson: [00:00:00] Good morning, everybody. Craig Peterson here. Thanks for joining me. And I'd love to know what do you like about the podcast? Maybe something I should do more or something I should do less of just email, me @craigpeterson.com. I'd love to hear from you. This morning, I was on with Mr. Matt Gagnon over there on WGAN, which is a fun time. I love talking to Matt, but now in the political season, of course, most of these radio stations are pretty busy with. Politics. So I don't get quite as much time as I used to get on some of them, at any rate, we talked this morning, we covered three different topics as something we haven't talked about with any of these other radio stations this week. So here we go with Mr. Gagnon. It's all things. Technology tech talk with Craig Peterson right now on news radio 98, five FM and am five 60 WGAN Matt Gagnon: [00:01:03] It's seven 36 on a Wednesday. Great time to talk to Craig Peterson, our tech guru Craig, how are you this morning, sir? Craig Peterson: [00:01:11] Good morning. Doing well. Matt Gagnon: [00:01:13] Craig, are you heard on this very network on Saturdays? I'm under the impression you might be. Craig Peterson: [00:01:17] Yeah. Yeah. Saturdays from one til three. It gives me a chance to delve into some of these topics a little bit more because we only have a few minutes here every Wednesday morning, Matt Gagnon: [00:01:28] Indeed. Let's get into that so that you have as much time as possible, Mr. Peterson. and I think that you have a lot of topics to deal with here today, but a couple of themes I'm seeing running throughout here is about security. One that caught my eye and it was pretty interesting to me was about employee apathy and how it is sort of combating against increased cybersecurity awareness. I. E. We all know more about cybersecurity, but we don't really think any of this stuff is going to happen to us and that is the open door that's necessary for a lot of it to actually happen? Interesting. Craig Peterson: [00:02:01] Yeah, isn't that kind of the norm though, for people just kind of in general so that it's not going to happen to me, nothing. I need to worry about it, but it is causing some serious problems with the business. When we're talking about employees here, I don't want just people to think of that man or that woman who might be manning the cash register. We're talking about all the way up the chain. Businesses are having a serious problem right now because we've got some cybersecurity. We know that we've got something that kind of work in the past. Like they had antivirus software and we're not really aware of what's going on in general. Now we got some serious problems right now with the federal government, finding China, Russia, and others in our systems. In fact, there was an emergency order that came out just about a week ago now for anybody that is a department of defense contractor or subcontractor, even if all you do is mow the lawn for someone, that's a contractor to the department of defense. Now you have to have serious cybersecurity. The reason that they ended up doing this is that even though the rules were passed four years ago, everybody was saying, it's not going to, it happened to me. I don't need to worry about it. Matt, they were pencil whipping forms. So now they are coming down hard. I know a contractor who called me up last Friday saying, Hey, I've got a bit of a problem here. I'll tell this story a little bit more, but they lost 70%, seven zero percent of their business faded away. They couldn't find out why a general contractor for the federal government was no longer ordering from them. It had to do with their apathy from soup to nuts. They were not trying to be secure. So we've got to pay attention. They really are coming after us, Matt. Matt Gagnon: [00:03:58] Craig Peterson, tech guru joins us to this time, every Wednesday to go over the world of technology. Speaking of security, remote workers are causing, perhaps a little bit of a rethink in cybersecurity as well. What's that all about? Craig Peterson: [00:04:12] Yeah. You'd think that again, we've got so many people working remotely that we'd have it down by now. We've been doing this since March-ish timeframe here for most of our companies. But the biggest problem we're still seeing is a misconfiguration. Right? Machines, not patched up, businesses using VPNs incorrectly, that are giving direct lines into our businesses. Then our employee is going back to the apathy thing where we're not taking some of the training, seriously. Every business nowadays should be doing some training. That training means that they are looking at phishing attacks. What are the bad guys doing? What do we have to be careful of now? So be very careful if you're working from home, remember that VPN is like a tracer, right? I've tracer round works both ways. You can see where it's going and you get to see where it comes from. A VPNs the same way you can use it to get securely into your business network, but the opposite can happen. Someone else on your network, some malware, any network, and also use it to get into your business. It gets very dangerous. Matt Gagnon: [00:05:24] The other thing that was, is security related that I found fascinating Craig in, uh, in the list of stuff that we're going to talk about today is about what actually happens. If some sort of an attack happens like a ransomware demand is made. Then you actually pay it, that could get you in a different world of trouble. Could it not. Craig Peterson: [00:05:41] Yeah, this didn't use to really be the case. If you were ransomed and your data was ransomed, typically because of encryption, as opposed to extortion, where they've stolen your data and they are telling you, if you don't pay up, we are going to release all of your data that we stole from you online publicly, which is really bad too. In this case, where your data has been encrypted, a lot of businesses have paid the ransom in fact, businesses that are supposedly out there to decrypt your data and get it back for you. Many of those have been paying the ransom. So the treasury department has gotten finally a little bit of a crackdown here and they published just this last week. Some new guidelines. Basically, if you are paying a ransom, you are paying a ransom to criminal organizations, terrorist organizations, and enemies of the United States. Therefore it is clearly illegal under federal law. Now the other side of this is if you pay a ransom, the odds are only about 50%. Only about half of the time will you get all of your data back? So that's something to think about. Then the other thing is you are not just encouraging them to ransom some more people. You're also saying, Hey, We are a company that pays ransoms. So yeah, go ahead and break in again and hold our data ransom and we'll pay. The FBI has long advised against it, and now they're cracking down on the legal process on those people, but businesses do pay the ransom. Matt Gagnon: [00:07:20] All right, well that is Craig Peterson. Once again, you can hear him on this very network to get into these stories and so many more in more depth on Saturday WGAN. Craig, we appreciate you. So much as we always do on Wednesdays and we'll talk again next week. Craig Peterson: [00:07:33] All right. And I'll be back at one on Saturday Matt Gagnon: [00:07:36] Indeed. Thanks a lot, Craig. Craig Peterson: [00:07:38] Keep an eye out also in your email, I've been working on a new little, three-minute coaching session and these things are just taking some time. Right. But we are getting there. We'll be getting those out, the little videos and. And I'm putting transcripts burned right into the video. Plus if you click on the link in the email, it'll take you to my website where I have a transcript right there. So if you'd rather just read about the topic I'm talking about, and we're talking about all of the stuff you might expect. VPNs and two different types of security things you need to look at. You can just read it right there on my website. So keep an eye out for the email. You can just click through, watch the video. You can listen to it. You can see the transcript going by, or you can just plain old read the transcript. How's that for making it easy for everybody? All right. Take care and we'll be back hopefully before the weekend, I'll be able to get another one of these out. Take care. Bye-bye. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16316744

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: The Right to Repair - Question One and Ring's new security camera -- Its a Drone. 10/06/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: The Right to Repair - Question One and Ring's new security camera -- Its a Drone. Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito. He had a few questions about VPNs, seems like it is a little confusing for people to understand that they were designed for something completely different than what people are using them for today and that is where the problems are coming from. Then I broke some big news about the Federal Register changes and DOD contractors and sub-contractors that went into effect last night at 5 pm. Then we got a little light-hearted with a brief discussion about Love and Zoom. Here we go with Jim. For more tech tips, news, and updates visit - --- Automated Machine Generated Transcript: Craig Peterson: [00:00:00] So that it can be hooked up by any technician to read what's going on. And to at least clear it, if not adjust it. Now, the opponents of this are saying, Hey, wait a minute. Now, do we really want backyard mechanics getting their hands on the software on the internal runnings of our car? Jim Polito: [00:00:22] Yeah. Craig Peterson: [00:00:23] Hey everybody. We got to talk about a couple of cool things this morning. Craig Peterson here. I was on with Mr. Jim Polito. We talk about a new law, actually, it is on the ballot. It is initiative one in Massachusetts, where it is an augmentation to another law that passed, The Right to Repair. We may do another segment on it. Jim talks a little bit about this, cause just can you cover in 10 minutes. Then also a little bit about Ring's latest security device. So here we go with Mr. Jim Polito Jim Polito: [00:01:00] One of my favorite days of the week, just because of who visits. Our good friend and tech talk guru. Craig Peterson. Good morning, sir. Craig Peterson: [00:01:13] Hey, good morning. That is so kind. I appreciate that. Jim Polito: [00:01:17] Come on, come on. You offer a great segment and you help an awful lot of listeners here. That's why I want to do two things today. Cause I know we're going to eat up all the time, just doing these two. One of them is the right to repair. Question one. If I were to look at what do I get the most questions about emails and messages, it would question one. Second, I want to talk about Rings' latest security camera, the drone. Oh my God. That's crazy. So let me just say, folks. I will do this as the deep tease, the drone flying around your house to keep your house secure. I mean, now that's something I would buy. But let's start off with the right to repair. Okay. Many people it's the 2020 Massachusetts question one. It's a ballot initiative. It's looking to augment the right to repair. Now I gotta tell you I'm voting. Yes on this. Okay. But when I see the commercials against this, they are highly deceptive. That's my opinion. Let me see now if the brilliant man agrees with me and that is Craig Peterson. All right, sir. Go ahead. The floor is yours, Craig Peterson: [00:02:48] Go for it. Right? Yeah. This is a very, very interesting problem. We've got an article this week. In fact that I put into my newsletter, that everybody got about Elon Musk in Elon's coming out with another car. He says here within the next three years, that's going to be a $25,000 electric car from Tesla that's fully autonomous. Now I brought that up because that's kind of the extreme. These electric cars run entirely on software. Well, of course, there are mechanics, right? There are electric motors in them, but Jim, these things are software. How do you repair software? That's really what it comes down to, nowadays. You've got a computer. For decades, Jim, you bought a computer, Microsoft came out with a new version of the operating system. It required a faster machine, more disc space, more memory. Every time there was a new release of Windows you had to buy a new computer. Jim Polito: [00:03:51] Right? Craig Peterson: [00:03:51] We know on the Samsung-side and the Android-side, your phone only gets updates for two years. That's at best. Some phones have only had updates for three months. So, what do you do when the car company decides it's not going to support it anymore? It's not going to give you updates, right? Or what happens now? When the car company says, yeah, we can fix that. It's only a $4,000 and all they do is hook it up to their computer. It uploads some software. The problem is gone. In reality, it took them less than five minutes, right. That I think is what it boils down to. Jim Polito: [00:04:31] Okay. So I understand that I have a neighbor, one of the guys who lives across the street has a Tesla. The mechanic comes to his house in a vehicle and works on his vehicle. You're right,. Mechanically, there aren't as many things in that vehicle. You got a suspension. You've got internal things, power windows, all that stuff, those types of things. There are mechanical things that could break, the wipers, all of that, but right. The thing that usually breaks the most, mechanically, the engine is just software. There is an engine and it runs off a battery. But it's not as complex as an internal combustion engine. Craig Peterson: [00:05:16] No, it needs electric motors that are in the Teslas and these other cars are designed to last a million miles. Now the batteries won't. That Tesla won't. You're only good for your Toyota Prius or your Tesla for maybe a hundred thousand miles. Although Elon Musk is working on that. We'll see he's coming out with a million-mile battery, supposedly, which would just be incredible. But what do you do now? You've got people in the Midwest. You've got farmers who have tractors. You buy anything, nowadays, your Harley that you buy. Jim Polito: [00:05:52] Yeah. Craig Peterson: [00:05:54] You're out riding has computers on board. That's been true for quite a while. And so the Federal Government mandated a port in your car that is standardized so that it can be hooked up by any tech nation to read what's going on and to at least clear it, if not adjust it. Now the opponents of this are saying, Hey, wait a minute now, do we really want backyard mechanics getting their hands on the software on the internal runnings of our car. Jim Polito: [00:06:27] Yeah. Craig Peterson: [00:06:28] Because it is their car. We haven't even answered the question of who's liable for an accident when a car is in the autonomous mode. Right? It's the manufacturer is the one that's liable. Should we really allow even a trained service tech to make adjustments that might be outside the specifications that the manufacturer set for the car. There still are so many questions here, Jim, it just kind of blows my mind you to get down to it. Then there's one more point, which is that Tesla you buy this year may actually be a better car next year because Tesla is continually coming out with updates and releases and downloading into the vehicle. So your car can actually get better and even more valuable as time goes on, as new features are added. If you're messing with that software and you install it, you got problems. We've got a saying, I do manage security services, that's what I do. the thing is whoever touched the computer last owns the next problem. Jim Polito: [00:07:43] My mother had a philosophy like that with things in the house too. Craig Peterson: [00:07:47] Yeah. So whose fault is it, when something goes wrong? If people have been tinkering with it. It's one thing to maybe replace an electric motor. We've had issues even with these inkjet printers, they'll give you a printer for free because the ink costs an arm and a leg. They put into the ink cartridges, little computers to track whether or not this is an unofficial cartridge. Your printer won't work with an official cartridge that we overcharged for. Jim Polito: [00:08:15] All right. I want to make sure we get the Ring in. So the bottom line is. What am I doing with question one? I mean, if Tesla is going to continue to update the software in their vehicles, are we saying they're going to charge for it if they do. We're saying that my local mechanic can't do that. Craig Peterson: [00:08:35] Yeah. Well, again, does your local mechanic have the actual capability, the ability to manipulate the software in such a way that it retains it's security. It's integrity. If by opening it up to the local mechanic, or we now opening it up to maybe state-run bad actors that are out there that want every Tesla in the country to crash on September 11th. Potentially, a big deal. I think that there's another idea. Example of the law, trying to get ahead of technology, and these lawmakers really just trying to make a bit of a name for themselves, right? It's not a big problem yet and there's too many unresolved. All right. We, you know what, I think we need to do a segment on this alone because we need more time to go through this. I think I need to bring you back on a day when we're not doing the regular segment and do that. Jim Polito: [00:09:28] But meanwhile, as the clock winds down, I need to hear about this, the Ring - drone, the new always-on home cam. An autonomous drone that can fly around your house. That's going to drive pops crazy when we're not home, you know. I don't know if he's going to like that. He just may be able to jump up and get it. Craig Peterson: [00:09:51] You might want to take the lasers off of it. It doesn't like zap pops. Jim Polito: [00:09:57] So wait a minute. Tell us quickly what this is. We've only got about two minutes. Craig Peterson: [00:10:02] Here's what it is. This thing's expected to cost about 250 bucks and the calling of the always home cam. What this is, it looks like a T the letter T capital T in fact, and it has motors in it. Obviously, it has little fans and the camera itself is down at the bottom of the T and it's in a charging station. So if it's not flying that camera's not going to work it, can't sit there and monitor you. The idea behind this is if anything happens if any of the other Ring sensors detect something or even on a regular interval, it's going to fly around the house is fully autonomous mode as well. You can tell it where you want it to go, and it's going to give you viewpoint and it's going to record stuff. If it hears a window smash, it's going to go have a look and it's going to be streaming the video. that video will be stored online and you can see exactly what's been happening. Jim Polito: [00:10:59] That is cool. Now that's something I can go for. I'll tell you what my mother-in-law has. One of the autonomous vacuums, I helped her to set it up, which I thought was very cool. You know, for our house, that thing would get a hernia with all the hair that the dog is shedding. For my inlaws, it's perfect. It just takes off at a certain point, cleans up vacuums. This picks up this thing. Yeah. This thing sounds great and we're going to have to talk more about it in the future. Alright, Craig, I did have a question. A gentleman from Boston, Joe from Boston wanted to ask you about five G, and I don't have time to get to him. Craig Peterson: [00:11:39] Yeah Jim Polito: [00:11:40] How can he reach out to you or send a message and try to get some kind of an answer in between segments. Craig Peterson: [00:11:48] Well, I'm always available at me. M E @craigpeterson.com. You can just drop me an email, anytime me@craigpeterson.com. Remember I have a busy schedule, so it might take me a couple of days to get back to you, but I always do. Jim Polito: [00:12:04] You heard that Joe, me at Craig Peterson, which is spelled P E T E R S O N, but that is the Canadian pronunciation, even though Craig Peterson is all red, white, and blue. He's still got a maple leaf in there somewhere. Correct? Listen, this was a great segment. Very interesting. And again, I'm going to, I'm going to reach you offline and we should talk more about this, cause that's fascinating about Tesla software, it's basically turning a car into a laptop and who's going to give you the updates. I find that very, I find that very, very interesting. So, Mr. Peterson, always a pleasure and I hope folks listened to your show Sundays at 11 o'clock. And then it is dropped into the schedule on at other points on the weekend at times. So a great, great show. And then we look forward to talking with you next time. Craig Peterson: [00:13:00] All right. Thanks, Jim. Take care. Jim Polito: [00:13:02] Thank you. All right. When we return a final word, you're listening to the Jim Polito show, your safe space. --- More stories and tech updates at: Don't miss an episode from Craig. Subscribe and give us a rating: Follow me on Twitter for the latest in tech at: For questions, call or text: 855-385-5553 /episode/index/show/cptt/id/16294487

Craig Peterson - America's Leading Security Coach

TOPICS