Craig Peterson - America's Leading CyberSecurity Strategist

America’s Leading Fractional Chief Information Security Officer. My team and I usually start with a scan of all devices on your network to determine what needs to be secured. Then we work with you to develop a complete plan to secure what needs to be secured on your networks. In certain cases, my team and I will help businesses source, monitor, and run their cybersecurity. I've been providing Cybersecurity to enterprises of all sizes, and Federal and State agencies since 1991.

Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K? 05/21/2022

Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K? Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K? Hey, it looks like if you did not invest in "Crypto," you were making a smart move! Wow. We got a lot to talk about here. Crypto has dived big time. It's incredible. What's happened? We get into that and more. [Following is an automated transcript] Hi everybody. Craig Peterson here. Appreciate your joining me today. Spend a little bit of time with me. It's always a fun thing to do thanks for coming in. And Thanks for sticking around. [00:00:29] Crypto currencies. It's a term for all kinds of these basically non-government sanctioned currencies. [00:00:39] And the idea behind it was I should be able to trade with you and you should be able to trade with me. We should be able to verify the transactions and it's nobody's business as to what's happening behind the scenes. And yet in reality, Everybody's business because all of those transactions are recorded in a very public way. [00:01:03] So crypto in this case does not mean secret or cryptography. It's actually referring to the way the ledgers work and your wallet. And in fact, the actual coins themselves, a lot of people have bought. I was talking with my friend, Matt earlier this week and Matt was saying, Hey, listen I made a lot of money off a crypto. [00:01:29] He's basically a day trader. He watches it. And is it going up? Is it going down? Which coin is doge coin? The way to go? Because Elon Musk just mentioned it. Is it something else? What should I do? And he buys and sells and has made money off of it. However, a lot of people have. And held on to various cryptocurrencies. [00:01:51] Of course, the most popular one. The one everybody knows about is Bitcoin and Bitcoin is pretty good stuff, bottom line, but 40% right now of Bitcoin investors are underway. Isn't that incredible because of the major drop-off from the November peak. And this was all started by a problem that was over at something called Terra Luna, which is another cryptocurrency now. [00:02:22] Already that there is a ton of vulnerable vol a ton of changes in price in various cryptocurrencies, Bitcoin being of course a real big one where, we've seen 5,000, $10,000 per Bitcoin drops. It really is an amazingly fluid if you will coin. So there's a number of different people that have come out with some plans. [00:02:47] How about if we do like what the us dollar used to do, which is it's tied to a specific amount of gold or tied to a specific amount of silver. And of course, it's been a while since that was the case. President Nixon is the one that got us off of those standards. Having a gold, for instance, back in your currency means that there is going to be far less fluctuation and your currency means something. [00:03:16] See, the whole idea behind currency markets for government is yeah, you do print money and you do continue to increase the amount of money you print every year. Because what you're trying to do is create money for the. Good product services that are created as well. So if we created another million dollars worth of services in the economy, there should be another million dollars in circulation that's the basic theory. [00:03:46] Monetary theory, really boiling. Down now of course, already our government is printed way more than it. Maybe should have. It is certainly causing inflation. There's no doubt about that one. So they're looking at these various cryptocurrencies and say what can we do? How can we have a gold standard where the us dollar was the currency the world used and its value was known. [00:04:10] Having a stable currency is incredibly important for consumers and businesses. The business needs to know, Hey, listen, like we signed a three-year contract with our vendors and with our customers. And so we need a stable price. So we know what's our cost going to be, what can we charge our customer here? [00:04:30] Can the customer bear the price increases, et cetera. The answer to most of those questions of course is no, they really can't is particularly in this day and age. So having a. Fixed currency. We know how much it's worth. I know in two years from now, I'm not going to be completely upside down with this customer because I'm having to eat some major increases in prices. [00:04:55] And as a consumer, you want to look at it and say, wow, I've got a variable rate interest rate on my mortgage. And man, I remember friends of mine back in the eighties, early eighties, late seventies, who just got nailed by those. They had variable rate interest loan on their home because that's all they could get. [00:05:14] That's all they could afford. So the variable rate just kept going up. It was higher than credit cards are nowadays. I remember a friend of mine complaining. They had 25% interest and that's when they lost the house because 25% interest means if you have a hundred thousand dollar loan, you got $25,000 in interest that year, let alone principal payments. [00:05:36] So it, it was a really. I think it was really hard for people to, to deal with. And I can understand that. So the cryptocurrency guys. I said, okay, let's tie it to something else. So the value has a value and part of what they were trying to tie it to is the us dollar. That's some currencies decided to do that. [00:06:00] And there were others that tried to tie it to actual. Assets. So it wasn't just tied to the dollar. It was okay. We have X dollars in this bank account and that's, what's backing the value of our currency, which is quite amazing, to think about that. Some of them are backed by gold or other precious metals. [00:06:24] Nowadays that includes a lot of different metals. This one coin called Terra Luna dropped almost a hundred percent last year. Isn't that amazing. And it had a sister token called Tara USD, which Tara Luna was tied to. Now, this is all called stable coin. The idea is the prices will be staying. [00:06:46] And in the case of Tara and Tara USD, the stability was provided by a computer program. So there's nothing really behind it, other than it can be backed by the community currencies themselves. So th that's something like inter coin, for instance, this is another one of the, there are hundreds of them out there of these cryptocurrencies. [00:07:13] Yeah. The community backs it. So goods and services that you can get in some of these communities is what gives value to inter coin money system. Now that makes sense too, right? Because the dollar is only worth something to you. If it's worth something to someone else, if you were the only person in the world that had us dollars, who would want. [00:07:36] Obviously the economy is working without us dollars. So why would they try and trade with you? If you had something called a us dollar that nobody else had, or you came up with something, you made something up out of thin air and said, okay, this is now worth this much. Or it's backed by that. [00:07:56] Because if again, if he can't spend it, it's not worth anything. Anyhow, this is a very big deal because on top of these various cryptocurrencies losing incredible amounts of money over the last couple of weeks, We have another problem with cryptocurrencies. If you own cryptocurrencies, you have, what's called a wallet and that wallet has a transaction number that's used for you to track and others to track the money that you have in the cryptocurrencies. [00:08:29] And it's pretty good. Function or feature it's hard for a lot of people to do so they have these kinds of crypto banks. So if you have one of these currencies, you can just have your currency on deposit at this bank because there's a whole bunch of reasons, but one of the reasons is that. [00:08:50] There is a run on a bank, or if there's a run on a cryptocurrency, currencies have built into them incredibly expensive penalties. If you try and liquidate that cryptocurrency quickly. And also if there are a lot of people trying to liquidate it. So you had a double whammy and people were paying more than three. [00:09:13] Coin in order to sell Bitcoin. And so think about that and think about much a Bitcoin's worth, which is tens of thousands of dollars. So it's overall, this is a problem. It's been a very big problem. So people put it into a bank. So Coinbase is one of the big one called Coinbase, had its first quarter earnings report. [00:09:37] Now, this is the U S is largest cryptocurrency exchange and they had a quarterly loss for the first quarter of 2022 of $430 million. That's their loss. And they had an almost 20% drop in monthly users of coins. So th that's something right. And they put it in their statement. Their quarterly statement here is to, WhatsApp. [00:10:07] Here's the real scary part Coinbase said in its earnings report. Last Tuesday that it holds. $256 billion in both Fiat currencies and cryptocurrencies on behalf of its customer. So Fiat currencies are things like the federal reserve notes are U S dollar, okay. Quarter of a trillion dollars that it's holding for other people think of it like a bank. [00:10:36] However, they said in the event, Coinbase we ever declare bankruptcy, quote, the crypto assets. We hold in custody on behalf of our customers could be subject to bankruptcy proceedings. Coinbase users would become general unsecured creditors, meaning they have no right to claim any specific property from the exchange in proceedings people's funds would become in accessible. [00:11:06] A very big deal. Very scary for a very good reasons. Hey, when we come back a website, no, you go, you type stuff in my email address, do you know? You don't even have to hit submit. In most cases, they're stealing it. [00:11:23] I'm sure you've heard of JavaScript into your browser. This is a programming language that actually runs programs right there in your web browser, whether you like it or not. And we just had a study on this. A hundred thousand websites are collecting. Information upfront. [00:11:40] Hi, I'm Craig Peterson, your chief information security officer. This is not a surprising thing to me. I have in my web browser, I have JavaScript turned off for most websites that I go to now, Java script is a programming language and then lets them do some pretty cool things on a webpage. [00:12:02] In fact, that's the whole idea behind Java. Just like cookies on a web browser, where they have a great use, which is to help keep track of what you're doing on the website, where you're going, pulling up other information that you care about, right? Part of your navigation can be done with cookies. They go on and on in their usefulness. [00:12:23] Part of the problem is that people are using them to track you online. So like Facebook and many others will go ahead and have their cookies on the other websites. So they know where you're going, what you're doing, even when you're not on Facebook, that's by the way, part of. The Firefox browsers been trying to overcome here. [00:12:48] They have a special fenced in mode that happens automatically when you're using Firefox on Facebook. Pretty good. Pretty cool. The apple iOS device. Use a different mechanism. And in fact, they're already saying that Facebook and some of these others who sell advertiser in from advertisers information about you have really had some major losses in revenue because apple is blocking their access to certain information about you back to Jarvis. [00:13:24] It's a programming language that they can use to do almost anything on your web browser. Bad guys have figured out that if they can get you to go to a website or if they can insert an ad onto a page that you're visiting, they can then use. Your web browser, because it's basically just a computer to do what while to mine, Bitcoin or other cryptocurrencies. [00:13:51] So you're paying for the electricity for them as your computer is sitting there crunching on these algorithms that they need to use to figure out the, how to find the next Bitcoin or whatever. And you are only noticing that your device is slowing down. For instance, our friends over on the Android platform have found before that sometimes their phones are getting extremely hot, even when they're not using them. [00:14:18] And we found that yeah, many times that's just. Bitcoin miner who has taken over partial control of your phone just enough to mind Bitcoin. And they did that through your web browser and JavaScript. So you can now see some of the reasons that I go ahead and disable JavaScript on most websites I go to now, some websites aren't going to work. [00:14:40] I want to warn you up front. If you go into your browser settings and turn off JavaScript, you are going. Break a number of websites, in fact many of the websites that are out there. So you got to figure out which sites do you want it on? Which sites don't you want it on? But there's another problem that we have found just this week. [00:15:00] And it is based on a study that was done as reported in ARS Technica, but they found. A hundred thousand top websites, a hundred thousand top websites. These include signing up for a newsletter or making a hotel reservation, checking out online. You probably take for granted that you nothing happens until you hit submit, right? [00:15:25] That used to be the case in web one dot O day. It isn't anymore. Now I want to point out we, I have thousands of people who are on my email list. So every week they get my insider show notes. So these are the top articles of the week. They are, usually six to 10 articles, usually eight of them that are talking about cybersecurity, things of importance. [00:15:51] The whole radio show and podcasts are based on those insider show notes that I also share with the host of all of the different radio shows and television shows that I appear on. It's pretty, pretty cool. So they get that, but I do not use this type of technology. Yeah. There's some Java script. [00:16:11] That'll make a little signup thing come up at the top of the screen, but I am not using technology that is in your face or doing. What these people are doing, right? So you start filling out a form. You haven't hit cement. And have you noticed all of a sudden you're getting emails from. It's happened to me before. [00:16:31] Your assumption about hitting submit, isn't always the case. Some researchers from KU Leuven university and university of Lu sane, crawled and analyze the top 100,000 websites. So crawling means they have a little robot that goes to visit the web page, downloads all of the code that's on the page. [00:16:55] And then. Analyzed it all so what they found was that a user visiting a site, if the user is in the European union is treated differently than someone who visits the site from the United States. Now there's a good reason for it. We've helped companies with complying with the GDPR, which are these protection rules that are in place in the European union. [00:17:21] And that's why you're seeing so many websites. Mine included that say, Hey, listen, we do collect some information on you. You can click here to find out more and there's some websites let you say no. I don't want you to have any information about me where you collect information, just so that you can navigate the site properly. [00:17:39] Okay. Very basic, but that's why European union users are treated differently than those coming from the United States. So this new research found that over 1800 websites gathered an EU users' email address without their consent. So it's almost 2000 websites out of the top 100,000. If you're in the EU and they found. [00:18:07] About well, 3000 website logged a U S users' email in some form. Now that's, before you hit submit. So you start typing in your email, you type in your name and you don't hit cement. Many of the sites are apparently grabbing that information, putting it into the database and maybe even started using it before you gave them explicit permission to do. [00:18:36] Isn't that a fascinating and the 1800 sites that gathered information on European news union users without their consent are breaking the law. That's why so many us companies decided they had to comply with the GDPR because it's a real big problem. So these guys also crawled websites for password leaks and made 2021, and they found 52 websites where third parties, including Yandex, Yandex is. [00:19:11] Big Russian search engine and more we're collecting password data before submission. So since then the group went ahead and let the websites know what was happening, what they found because it's not necessarily intentional by the website itself. It might be a third party, but third-party piece of software. [00:19:33] That's doing it. They w they informed those sites. Hey, listen, you're collecting user data before there's been explicit consent to collect it. In other words, you, before you hit the submit button and they thought, wow, this is very surprising. They thought they might find a few hundred website. In the course of a year now they've found that there were over 3000 websites really that were doing this stuff. [00:20:01] So they presented their findings that use neck. Oh, actually they haven't presented them yet because it's going to be a useful. In August and these are what the cold leaky forum. So yet another reason to turn off JavaScript when you can. But I also got to add a lot of the forums do not work if JavaScript's not enabled. [00:20:23] So we got to do something about it. Maybe complain, make sure they aren't collecting your. Maybe I should do a little course on that once you can figure out are they doing it before I even give them permission? Anyhow, this is Greg Peterson. Visit me online, Craig Peter, som.com and sign up for that. No obligation insider show notes. [00:20:44] We are shipping all kinds of military equipment over to Ukraine. And right now they're talking about another $30 billion worth of equipment being shipped to what was the world's number one arms dealer. [00:21:00] I'm looking right now at an article that was in the Washington post. And some of their stuff is good. [00:21:07] Some of their stuff is bad, I guess like pretty much any media outlet, but they're raising some really good points here. One of them is that we are shipping some pretty advanced equipment and some not so advanced equipment to you. To help them fight in this war to protect themselves from Russia. [00:21:31] Now, all of that's pretty common. Ultimately looking back in history, there have been a lot of people who've made a lot of money off of wars. Many of the big banks financing, both sides of wars. Going way, way back and coming all the way up through the 20th century. And part of the way people make money in war time is obviously making the equipment and supplies and stuff that the armies need. [00:22:03] The other way that they do it is by trading in arms. So not just the supplies. The bullets all the way through the advanced missile systems. Now there's been some concerns because of what we have been seen online. We've talked about telegram here before, not the safest webs, app to use or to keep in touch. [00:22:28] It's really an app for your phone. And it's being used by. Ukraine to really coordinate some of their hacker activities against Russia. They've also been using it in Russia to have telegram that is in order to communicate with each other. Ukraine has posted pictures of some of the killed soldiers from Russia and people have been reaching out to their mothers in Russia. [00:22:57] They've done a lot of stuff with telegram. It's interesting. And hopefully eventually we'll find out what the real truth is, right? Because all of a sudden hides in the military, he uses a lot of propaganda, right? The first casualty in war is the truth. It always has been. So we're selling to a comm country, Ukraine that has made a lot of money off of selling. [00:23:22] Then systems being an intimate intermediary. So you're not buying the system from... /episode/index/show/cptt/id/23183606

Facebook Has No Idea Where Your Data Is and What They Do With It?! 05/13/2022

Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes, no, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention and certainly Facebook can be one of those companies. [00:00:57] So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. It tamed from a leaked document. Yeah, exactly. So we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:01:23] It basically got sued out of existence, but there's no way that Facebook is going to be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So Gores, if you're older, we used to call those tidal waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:01:53] So Facebook, internally, their engineers are trying to figure out, okay. So how do we deal with. People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:02:16] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How were they all cat categorize now we've got the European union. With their general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:02:41] That's not my specialty. My specialty is the cybersecurity. But in article five this year, peon law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected in use for a specific purpose and not reused for another purpose. [00:03:19] As an example here, that vice has given in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Hey, so Gizmodo with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice because, and this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. [00:03:54] And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online then nothing. I think I probably even uploaded it back then thinking it'd be nice to see if I got friends here. We can start chatting, et cetera. [00:04:12] According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal memo this year, PN regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leaked document shows that Facebook may not even have the ability to live. [00:04:37] How it handles user's data. Now I was on a number of radio stations this week, talking about this. And the example I gave is just look at an average business from the time it start, Facebook started how right? Wildly scraping pictures of young women off of Harvard university. Main catalog, contact page, and then asking people what do you think of this? This person, that person. And off they go, trying to rate them. Yeah. Yeah. All that matters to a woman, at least to Courtney, to mark Zuckerberg girl, all the matters about a woman is how she looks. Do I think she's pretty or not? [00:05:15] It's ridiculous. What he was doing. It just, oh, that's zackerburg who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then open it up even wider and wider. [00:05:42] And of course, that also created demand because you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certainly starting to collect data and you are making more money than God. So what do you do? You don't have to worry about any efficiencies. [00:06:02] I'll tell you that. Right? One thing you don't have to do is worry about gee. We've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:06:24] And they put together all of the basic information, that they want. Pulling it out of this database and that database in there doing some correlation, writing some really cool CQL queries with mem credible joins and everything else. And now that becomes part of the main code for Facebook. [00:06:45] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says, yeah here we go. [00:07:09] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:07:34] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the U S Canada of course, has their own Australia and New Zealand think about all the places. [00:07:57] Facebook makes a lot of. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well-described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water and K and it flows every year. [00:08:22] The document read. So how do you put that ink back in the bottle? I, in the right bottle, how do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from? Apparently they don't even know where they got some of this information. [00:08:43] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It's crazy. So this document that we're talking about, it was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of our monetization strategy. [00:09:06] And is the engine that powers Facebook's growth. Interesting. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And then I've talked about as well along comes Elon Musk and he says wait a minute. [00:09:29] I can make Twitter way more profitable. We're going to get rid of however many people over a thousand, and then we are going to hire more people. We're going to start charging. We're going to be more efficient. You can bet all of these redundancies that are in Facebook are also there. And Twitter also has to comply with all of these regulations that Facebook is freaking out about it for a really a very good reason. [00:10:00] So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does the button. Most companies you write, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be because it grew organically. [00:10:32] Do you started out with a little consumer firewall router, wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. [00:10:52] Just straighten them out as well. Hey, stick around. I'll be right back and sign up [email protected] [00:11:02] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian Looters. [00:11:19] We know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:11:32] Certainly the Americans, the British, even the Nazis during world war II the the socialists they're in. Germany they tried to stop some of the looting that was going on. I think that's probably a very good thing, because what you end up with is just all of these locals that are just totally upset with you. [00:11:57] I found a great article on the guardian and there's a village. I hadn't been occupied for about a month by Russian troops and the people came back. They are just shocked to see what happened in there. Giving a few examples of different towns. They found that the alcohol was stolen and they left empty bottles behind food wrappers, cigarette butts, thrown all over the place in apartments in the home. [00:12:26] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the closes as a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and laundry. This is really something. The Sylvia's didn't do this, but now Russia. [00:12:49] The military apparently does. So over the past couple of weeks, there have been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidence to suggest looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:13:17] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto your old trucks. Everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioner. [00:13:41] Being shipped back, just you might use ups here or they have their equivalent over there. A lady here who was the head teacher in the school, she came back in, of course, found her home looted and in the head teacher's office. She found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're going to destroy it. [00:14:07] They don't wanna leave anything behind. They found the Russian to take in most of the computers, the projectors and other electronic equipment. It's incredible. So let's talk about the turnaround here. You might've heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:14:27] So they get into the apple store. They grab laptops on iPads, no longer iPods, because they don't make those anymore. And I phone. And they take them and they run with them. Nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is they'd take some parts and use them in stolen equipment. [00:14:52] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:15:15] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, they didn't say they put them on wifi. They don't get a SIM card. They don't. Service from T-Mobile or Verizon or whoever it might be. So now they just connect to the wifi and it calls home. [00:15:33] Cause it's going to get updates and download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erase, et cetera. [00:16:00] Now, please have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're doing things like putting them into Faraday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:16:25] You steal it. It's not going to do you much. Good. So one of the things the Russian stole when they were in a it's called a, I think you pronounced. Melad Mellott DePaul which is again, a Ukrainian city is they stole all of the equipment from a farm equipment dealership and shipped it to check. Now that's according to a source in a businessman in the area that CNN is reporting on. [00:16:56] So they shipped this equipment. We're talking about combine harvesters were 300 grand a piece. They shipped it 700 miles. And the thieves were ultimately unable to use the equipment because it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [00:17:23] It's atonomous it goes up and down the field. Goes to any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, of your property being very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [00:17:49] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a what not terribly profitable business. And certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? What they do is they use. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [00:18:16] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not going to come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [00:18:41] You see where I'm going with this so that they can get their equipment in the hands of more farmers because the farmers can lease it. It costs them less. They don't have to have a big cash payment. You see how this all works. So when the Russian forces stole this equipment, that's valued, total value here is about $5 million. [00:19:02] They were able to shut it all off. And th the, obviously if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and there's pros and cons to that. I think there's a lot of cons, but what are you going to do? How's that going to work for? Isn't going to work for you. [00:19:22] And they were able to track it and had GPS trackers find out exactly where it was. That's how they know it was Tara taken to Chechnya and could be controlled remotely. And in this case, how did they control it? They completely. Shut it off, even if they sell the harvesters for spare parts to learn some money, but they sure aren't gonna be able to sell them for the 300 grand that they were actually worth. [00:19:48] Hey, stick around. We'll be right back and visit me [email protected] If you sign up there, you'll be able to get my insider show notes. And every week I have a quick. Training right there. New emails, Craig Peterson.com. [00:20:05] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're going to talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world! [00:20:20] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [00:20:31] We had improved all of their systems and their security, and one of them. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine all of a sudden, guess what it had ransomware on it. One of those big. Green's that say, pay up and send us this much Bitcoin, and here's our address. [00:21:00] All of that sort of stuff. And he called us up and said, what's going on here? What happened? First of all, don't bring your own machine into the office. Secondly, don't open up as particularly encrypted files using a password that they gave. And thirdly, we stopped it automatically. It did not spread. [00:21:20] We were able to completely restore his computer. Now let's consider here the consequences of what happened. So he obviously was scared. And within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. So the consequences there, they weren't that bad. But how about if it had gotten worse? [00:21:47] How about if the ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. What do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [00:22:08] Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. All I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [00:22:35] And if you're interested, I can send you, I've got something I wrote up. Be glad to email it back to you. Obviously as usual,... /episode/index/show/cptt/id/23106614

Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You? 05/07/2022

Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You? Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You? You're worried about surveillance. Hey, I'm worried about surveillance. And it turns out that there's a secretive company out there that to prove their mustard tracked the CIA, and NSA yeah. Fun thing. [Following is an automated transcript.] [00:00:16] This is a company that is scary. We've talked before about a couple of these scary guys. [00:00:22] There's this Israeli company called NSO group. And this it is, so group is absolutely incredible. What they've been doing, who they'll sell to these. Guys are a company that sells cell phones, smart phone exploits to its customers. And there are alleged to have sold their software to a variety of human rights abusers. [00:00:53] We're talking about NSO group coming up with what we would term a zero day hack against I-phones against Android phones against pretty much anything out. So in other words, I hacked that no one ever seen before and then use that in order to get into the phone and find information, they views things like the, I think it was what's app and video that was sent and usually. [00:01:22] To hack Saudi Arabian phones. You might remember Chris Shogi this journalist. I guess he was who apparently was murdered by them. Big problem. So this Israeli group. Yeah. Yeah. They sell to anybody that's willing to pay. At least that's what the allegations are. I've never tried to buy their stuff, but yeah, they're assisting government with hacks with. [00:01:48] Ultimate in surveillance. Another one clear view. We've talked about them on the show before this is a company that has done all kinds of illegal stuff. Now some of it's technically not illegal. They're against the terms of usage, what Clearview has done. And now they've gotten involved in this Russian Ukrainian. [00:02:12] War that's been going on here and they've gotten involved with a number of legal cases in the us. What they did is they said, okay great. Let's do something. You remember Facebook, right guys. So you've heard of that before. And how Facebook got started. Mike Zuckerberg. MK went ahead and stole the pictures of the women that were in Harvard's cattle. [00:02:41] And I will, when I'm, when I say catalog, okay, this isn't like a catalog of women, order one mail order type thing. We're talking about their index, their contacts, there is a catalog of all of the students that are there in the school. So Zuckerberg goes and grabs those against policy. [00:03:00] Okay. Maybe it wasn't strictly against policy at the time. And then he puts up some. Called the Facebook where people can look at a picture of a girl and decide whether or not she should get a five or a 10 or a one. Yeah. That sort of stuff, abusing people that really is abuse. I can't imagine. [00:03:19] The way people felt, I had seen their ratings by people that didn't know them, that somehow their Def definition of beauty really defined who they are. It's crazy what the stuff he did. So he started his business by stealing stuff. Microsoft started his business by. By going ahead and misrepresenting, some would say lying to IBM about what he had as far as an operative system goes right, again and again, we're seeing dishonest people getting involved, doing dishonest things to get their companies off of the ground. [00:03:54] And I have a friend who's an attorney who says, and Craig, that's why you will never be wealthy because you just wouldn't do any of that. So Clearview is another example of these types of companies. In this case, clear view, went to Facebook and crawled any page. It could get its little grubby crawlers on. [00:04:18] So it found your public fake Facebook page. It went. Over the internet. There's a number of websites. Some are out of business now, but the, you upload your pictures to you. People can rate them, can share them. You can share them. Hey, you got your own photo gallery here that you can share with friends and a million other people. [00:04:39] I'm right. That's what ended up happening. That's how those guys made the money. They're selling you on, Hey, you can look at how convenient this. And you can have your own little photo gathered at gallery and you can take that full load photo gallery and share it with your friends. And then if you read the fine print at T and we'll make money off of showing your pictures and showing ads well, Ah, Clearview went and scanned every website. [00:05:08] It could get its grubby little scanners on crawled through the mall, downloaded pictures of any face that it could find. And then went ahead and digitized information about people's faces. So it spent years scraping and then it put together its technology, facial recognition technology, and went to the next level, which is, Hey, please department, get my app so you can get the clear view. [00:05:41] And do you encounter someone? You can take a picture of them and upload it, which now gives them another face. Doesn't it. And then once it's uploaded, it'll compare it. It'll say, okay. Found the guy here. So with the Russia Ukrainian war, what they were doing is taking pictures of dead and injured, Russian soldiers, running them through this database online of all of these spaces, found out who they were and went so far as to use. [00:06:14] Stolen data online. Now this is war, right? The whole thing is crazy, but the stolen database online find out who their mothers were, the phone numbers for the mothers, and to have people all over the world, sending text messages to mom about their dads. Yeah. Okay. So Clearview sells it to police departments. [00:06:38] They sell it to pretty much the highest bidder they say, Hey, listen, we don't do that. Come on right now. There's other data brokers. And I've had a few on my show in the past who are using harvested information from phone apps to provide location data. To law enforcement so that they can then circumvent. [00:07:03] What you have a right to privacy. Don't you it's codified right in the bill of rights. I was first 10 amendments to the U S constitution and it was all defined by the Supreme court's carpenter decision. So we have protections in the constitution, natural, right? That were confirmed by the Supreme court that say, Hey, the federal government, you cannot track all of the citizens. [00:07:31] You can't track what they're doing. You can't harvest their information. And yet at the same time, They go to the data brokers that have put together all of these face pictures, figured out who your friends are, you sign up for Facebook and it says, Hey, you want me to find your friends? [00:07:49] See if they're already on Facebook. Just hit. Yes. Here, not blowed your contact list. So I'll go. Facebook says, oh, look at all your friends. Or we found isn't this exciting. And in the meantime, in the background, Facebook is looking at all of this data and saying, we now know who your friends are. And so many people have wondered I wait a minute. [00:08:10] I didn't talk about. I didn't do a search for product X online, and yet I'm getting ads for product X. Well, did you mention it to a friend who might've done a search for it? Because these search engines, these companies like Facebook know who your friends are, what they're interested in, and they'll sell ads to people who are going to promote to you the same items they're promoting to your friends. [00:08:35] It's absolutely crazy. So this company. It's called and they're very quiet, very low key. The website doesn't say anything at all, but they took their software. That's pulling all of this data together and compiling it. Yeah. And ASX pointed all of this technology towards the national security agency and the C I a and Jews, their own cell phones against them. [00:09:08] Now, why did they do this? They didn't do it to prove something about how, you shouldn't allow this sort of thing to happen and they didn't do it to prove that man, we've got to have tighter controls because look at what we can do. If we can do it, other people can do it. No. According to audio, visual presentations and recordings of an ACX presentation reviewed by the intercept and tech inquiry. [00:09:36] claimed that it can track roughly 3 billion devices in real time. That's equivalent to a fifth of the world population. You're not going to find anything out about Asics it's called anomaly six. Good luck online. If you find it, let me know [email protected] I'd love to know more about these guys. The only thing on a website for them as an email address and a six anomalies six in that presentation showed the nation spooks. [00:10:13] Exactly what knew about. All right. Apparently is also ignoring questions from journalists and will only respond to emails from people in upper levels of federal agencies, which means, and maybe this is a supposition from our friends over at tech dirt. I don't know. But then what that means is they're looking to sell your information in real time. [00:10:43] To the feds to get around the carpenter decision and the constitution just absolutely amazing. Hey, go online right now. Craig peterson.com. I'll send you my special report on passwords and my two other most popular Craig peterson.com. Stick around. [00:11:06] Have you ever wondered about search engines? Which one should you be using? You're not alone. It's probably the number one question I get from people. What should I use? Google is falling behind, but we're going to talk about the top engines and the why. [00:11:23] Google has been an amazing company moving up. Of course, we're just talking about the cheats. [00:11:31] So many companies have taken over the years and Google has certainly had its share of cheat. I haven't seen anything about them just doing completely underhanded things to get started. I think. They were pretty straightforward. They had a great idea back in the beginning, where they were just looking at links, how many sites linked into this one particular site? [00:11:57] And that gave this concept of a page rank. Very simple, very easy to do. Of course, are problems with. Because you would end up with pages that are older, having more links to them, et cetera. And they have over the years really improved themselves, but we also have some other problems right now with Google. [00:12:22] If you do searches on Google for a number of different. And you'll see that really Google search quality has deteriorated in recent years. We've talked before here about some of the problems with Google and elections and how they have obviously gone out of their way to influence the election. [00:12:43] There is study down in, done in orange county, California, or at least about orange county, California, and an election down there showed that Google had a major influence on that election and also tilted it a certain way on purpose. Absolutely amazing. So that's one way Google has fallen behind, but you can. [00:13:06] At all kinds of searches and hope you're going to get a great response. And you don't have you noticed that it's gotten worse and then on top of it, you're starting to see more ads squeezed in it is not great. I have used. Of course for programming in years past, before that I liked alter Vista, which was a digital equipment corporation product out there. [00:13:32] Vista was pretty darn good. And you could use Boolean logic with it. Google says you can use Boolean with us, but it's not the same as Google's is very simple. But at any rate they have not made any. Leaps here going forward. It's been absolutely amazing. So let's go through the search engines. [00:13:53] I'm going to give you right now, the pros and cons to some of these search engines out there. So we started with. It is 800 pound gorilla. And in case you didn't know the number two overall search engine is YouTube. Okay. But let's stick with straight searches, not video searches. So what is great about Google? [00:14:19] One of the big things is they like fresh content. So if you're looking to do search engine optimization for your business, you are best off having some Keystone pages. So having these pages that are. Kept up to date. So you might have a page on whatever it might be hacking VPNs, right? And you make sure you update it because Google does favor the fresh content. [00:14:45] They rank blogs and. Services, which is really nice and they're accessible in any device. They have apps that work well on a browser. And I'm right now, I'm [email protected] on the best search engine. So you'll see some of this information there. They don't like about it is the same thing you don't. [00:15:09] Right? Which is, it collects all kinds of data on you. They also have hidden content that, that might damage your ranking as a business or someone who has a website and the search delivers. Too many results, millions of results. Yeah, there probably are millions of results for a single search, but what I want are the really relevant ones and Google learns over time. [00:15:38] What kind of results that you want, which is kudos to them, but they are tone deaf sometimes, frankly as well. Okay. Our number two on our list of topics. Is duck go. Now I've been talking about them for quite a while and some people have been disparaging talk, talk, go lately. And the reason is they say, what. [00:16:03] And those search results maybe are a little wrong, right? They are maybe student little sensory, not as much as Google does, but some, at first duck go.com is where you'll find them online named after that kids game. Is a privacy search engine. So it is not tracking or storing any information about you. [00:16:29] That's a very big one. There are searches are very fast, but they're backed. The actual backend search engine is. Which is Microsoft. We're going to get to that in a couple of minutes here. That means that if Microsoft is deciding to do some weighting on search results, based on their political views, then that's going to show up in duck go, but it's nowhere near as bad. [00:16:54] And I've talked about it on the show before we'd done some examples. So it is also now giving you the option to restrict your searches to the last month worth of results, which is really nice. That keeps a little more up to date. They also aren't great at image searches, no personalized results, and it is free, which is nice. [00:17:17] You might also want to look at quant Q w a N T. If you look at. A private or privacy browser. Quanta's a French company, but it does leave English as well. Okay. English results. They like the older and well-established web pages, they rank home pages. They do not rank blogs. They crawl all kinds of hidden content and non hidden, equally, unlike Google, which is really great being as not great at forums. [00:17:50] As I mentioned, blogs, they're not as fast as Google. And they have some seriously heavy search results screened. Dogpile they've been around for quite a while. You might want to check them out. They have something called fetches and favorite fetches. So you can have a home screen when you go to dog pile and you'll see right there. [00:18:14] Your favorite searches and they're right there for you. You can just keep going to them. They use multiple databases so they can get broad results, multiple backend search engines, and there's no home screen personalization available. And lots of sponsored results, which isn't a real big deal, but you'll find them [email protected], Google scholar search. [00:18:38] I've used this a number of times. If you're looking for scholarly articles, it is really good. You can get citations in various styles. If you are working on your master's PhD, whatever. B and they're imposing a style in the document that you're writing. So you can put it into the bibliography and a, they got a lot of great stuff. [00:19:02] Google scholar you'll find online at scholar dot, google.com. Wearable PDs, sir. It focuses on technical terms and applications, which is good, friendly to non-tech users. And it is only searching the web well, PD is 10,000 word and phrase database. So that's pretty. To to understand to Yahoo search, they have a home screen, has news trending topics. [00:19:33] I've used y'all who? Of course it's not what it used to be, but it does have everything right there. Even your horoscope. And the ads are not marked out clearly. And then there's the internet archive search. This is actually a site that I fund. I donate money to them every month and you'll find [email protected], but it is really cool. [00:19:58] You can search based on timeframes again, if you are doing papers, if you're a journalist. You can find what was the internet like? Or was this webpage? What was it like around a hurricane Katrina in 2005, right there. We will find it [email protected] Hey, stick around. We'll be right back. [00:20:23] You already know that hackers are coming after you we've talked about how they are out there, scraping web pages, putting together stuff. I want to bring up again, the Ukraine, Russian war and Russia leaking data like a sieve . [00:20:39] It is, of course in the news again, it seems like it has been in the news for how long now, six years, maybe longer in this case, we're going to talk about what the hackers are doing because they're not just doing it to Russia. [00:20:56] They're doing. Us. And it's a problem. We're going to explain why you've heard of doxing before D O X I N G two docs, someone which is basically to find documentation about people and to release it. That's really a part of it. So you've seen some political operatives who have gone online and doxed people. [00:21:22] For instance one of them is libs of tick talk. You might've heard of that one, and this is where they take all of these crazy things that crazy people on tick talk, go ahead and publish and just put excerpts of them together. They don't cut it up to make them look crazy. No. They let them be crazy. [00:21:42] All by themselves and put it online. So some libs decided, Hey, we don't like this. And journalists who had been complaining about doxing before that shouldn't be done and it's unethical. It should be illegal. Yeah. What does she do? She goes and docks. The lady that was running libs of tick talk. [00:22:07] And I, it just blows my mind here. How can these people be so two faced, they really are just crazy to face. So she went ahead and did what she said should never be done. And I'm sure she had some form of justification for it and put it out online. So I went online, comes this lady's home. Address her name. [00:22:31] Kinds of stuff and that's available online right now. Now you might want to try and do something that I've done before, which is, if you go to one of these data brokers, ads for these things, right? Do a search for yourself with us. And have a look at how accurate that information is. When I looked last time I looked cause I had a few data brokers on the radio show. [00:22:58] I would say less than a third of the information that they claimed was information about me was actually accurate less than a third, frankly. And I don't think that's a particularly, what's the word I'm looking for, but Unique situation. Let me put it that way. I don't think it's unique at all. I think they get a lot of it wrong because remember, they're trying to piece together this piece together that and put it all together. [00:23:27] So you can't a hundred percent rely on any of that stuff. And as I said, for me, it wasn't particularly accurate. Now let's move into. Ukraine has claimed to have doxed Russian troops as well as FSB spies. Do you remember them from the Soviet union? They still exist, and hacktivists actually have official scheduled meetings and are leaking private information from various Russian organizations in Russia. [00:23:59] So we're talking about things like their names, birth dates, passport numbers, job titles, and... /episode/index/show/cptt/id/23034356

How Does Big Government Collaboration With Big Tech Raise the Costs of Everything? 05/02/2022

How Does Big Government Collaboration With Big Tech Raise the Costs of Everything? How Does Big Government Collaboration With Big Tech Raise the Costs of Everything? We're going to talk about the Senate bill that has big tech scared, really scared. I'll talk about a new job site problem for a number of different industries because of hackers, the cloud, the cost and reliability. [Following is an automated transcript] This tech bill. It has the Senate really scared. He is frankly, quite a big deal for those of you who are watching over on of course, rumble or YouTube. I'm pulling this up on this screen. This is an article. ARS Technica and they got it originally from wired it's it was out in wired earlier in the month. And it's pointing out a real big problem that this isn't just a problem. This is a problem for both the legislature. In this case, we're going to talk about the Senate and a problem for our friend. In big tech. So let us define the first problem as the big tech problem. [00:01:00] You're Amazon. You are Google. Those are the two big targets here of this particular bill. We're going to talk about, or maybe your Facebook or one of these other Facebook properties, et cetera. If you are a small company that wants to compete with any of these big guys, What can you do? Obviously you can do what everyone's been telling us. Oh, you don't like the censorship, just make your own platform. And there've been a lot of places and people that are put a lot of money into trying to make their own platform. And some of them have had some mild successes. So for instance, I'm on. You can watch my videos there. And there have been some successes that rumble has had and making it into kind of the competition to YouTube. But YouTube is still the 800 pound gorilla. Everybody wants to be where the cool kids are. So for most people. That YouTube. They look at YouTube as being the [00:02:00] popular place. Thus, we should be, we are obviously saw the whole thing with Elon Musk and Twitter, and the goings on there. And Twitter really is the public square, although it's died down a lot because of this censorship on Twitter. Interesting. So as time goes forward, these various big companies are worried about potential competition. So how do they deal with that? This is where the real problems start coming in because we saw Amazon, for instance, in support of an internet sales tax. You remember that whole big deal. The internet had been set aside saying, Hey, no states can tax the internet and that's going to keep the internet open. That's going to help keep it free. And people can start buying online. And that worked out fairly well. A lot of people are out there, why would Amazon support a sales tax on the internet? They are the biggest merchant on the internet, probably the biggest [00:03:00] merchant period when it comes to not just consumer goods, but a lot of goods, like a staples might carry for business. So they'd have to deal with what they're 9,000 different tax jurisdictions in the United States. And then of course all these other countries, we're not going to talk about them right now, but the United States 9,000 tax jurisdictions. So why would Amazon support an internet sales tax when there's 5,000 tax jurisdictions? The reason is it makes life easier for them when it comes to competition. So if you are a little. And do you want to sell your widgets or your service? Whatever it might be online. You now have to deal with 9,000 tax jurisdictions. It's bad enough in the Northeast. If you are in New Hampshire, if you live in New Hampshire and you spend more than, I think [00:04:00] it's 15% of your time south of the border and mass, then mass wants you to pay income tax for that 15% that you are spending your time there. Now they do that with the. Baseball teams with football teams, hockey, you name it, right? So the big football team comes into town. The Patriots are paying the New York jets or whatever it might be. The Patriots have to pay New York state taxes, income tax now because they stepped foot in New York heaven forbid that they try and do business there and help New York state out. And they now have to pay income tax. Now they only have to pay income tax for, or for the amount of time. They're more New York. Various states have various weirdnesses, but if you're only playing 1, 2, 3 dozen games a year, It isn't like your normal work here, which is 2080 hours. We're talking about their plane to New York and they're only spending maybe 10 hours working in New York, but that [00:05:00] represents what percentage, 10, 20, 30% of their income, depending on how many games they play and how they're paying. And so they got to keep track of all that and figure it out. Okay. We played in New York, we played in New Jersey. We're in mass. We were they weren't in New Hampshire, certainly the Patriots plane, but they got to figure it all out. Guess what? Those big pay. Football players, hockey, baseball. They can afford to have a tax accountant, figure it all out and then battle with them. I had a booth one time at a trade show down in Connecticut. Didn't say. Thing it was terrible trade shows, man. They aren't what they used to be. And they haven't been for a long time. This is probably a decade plus ago, maybe even 20 years ago. So I had a little booth, we were selling our services for cybersecurity and of course, nobody wanted to bother pain for cybersecurity who needs it. I haven't been hacked yet. [00:06:00] Although there's an interesting article. We'll talk about next week based on a study that shows. Small businesses are going out of business at a huge rate because of the hacks because of ransomware. And if you're worried about ransomware, I've got a really great little guide that you can get. Just email me, [email protected] I'll send it off to you, right? It's a free thing. Real information, not this cruddy stuff that you get from so many marketers, cause I'm an engineer. They'll go out of business. So they figured I haven't got a business yet, not a big deal. And so no body. There's big trade show. And I was so disappointed with the number of people that even showed up for this silly thing. So what happens next while I get back to the office and about a month to two months later, I get this notice from the state of Connecticut they're tax people saying that I haven't paid my Connecticut taxes yet. [00:07:00] And because I was in connected. I should be paying my income tax for that day that I spent and wasted in Connecticut. Oh. And plus every company in Connecticut that I'm doing business with now, I need to collect their taxes and pay them the taxes that I'm collecting for those Connecticut businesses are resident. I didn't sell a thing. You know what it took almost, I think it was three or maybe four years to get the state of Connecticut to finally stop sending me all of these threatening notices because I didn't get a dime from anybody in Connecticut. So I'd love the internet from that standpoint saying you don't have to collect taxes in certain cases, certain states, et cetera, unless you have a legal nexus or a legal presence there in the state. So back to Amazon, Amazon loves the idea of having everything on the internet packs. They love the fact that there's 9,000 plus [00:08:00] tax jurisdictions. When you get right down to city, state county Lilian, either local taxes, or you look at those poor residents of New York state, or they're poor residents out in Washington state that have to worry about that, right? There's county taxes, state sales tax. City sales tax, and income taxes are much the same, the, all of these crazy cities and states around the country. Yeah. The ones that are in serious trouble right now, they are those same ones. Those particular jurisdictions are hard to deal with. So from Amazon standpoint is just like the Patriots football players. We've got plenty of money. We've got teams of lawyers. We have all kinds of accountant. We can handle this and you know why Amazon really loves it because it provides another obstacle for any competitors who want to enter the business. That's the [00:09:00] real reason, so many big businesses don't go ahead and charge you serious money so that they can use that money against you. Okay. You see where I'm going with this? Because if you want to start a business that competes with Amazon, if you want to have a doilies, you're making doilies. My grandmother used to make them all the time and she had them on the toilet paper in the bathroom, little doily holders. Doilies everywhere. And then of course, the seashells shells on top of the toilet paper holders. If you want to do that and sell it, how are you going to deal online with 9,000 tax jurisdictions? All what you're going to do is you're going to go to Etsy, or you may be going to go to Amazon marketplace and sell your product there. An Amazon marketplace. So Amazon is taking its cut out of it at is taking it's cut off. And you still ultimately have some of that tax liable. [00:10:00] Amazon loves it. It's the same reason you see these groups forums, right? Barbers saying, oh, we've got to be regulated. Really you need to have a regulation in place for barbers. You need to have licensing for barbers. Why do they do that? They do that. Not just barbers, right? It's all of these licensures and various states. They do that really to keep people. To keep their prices high. That's why they do it because someone can't just put up a sign and say, Hey, I am now a barber. Come get a haircut. And if you don't like the barber, if they do a lousy job, you go elsewhere. We don't need all of the bureaucracy on top of this to enforce licensure. Anyways, when we get back, let's talk about that Senate. It's a big deal. And I am coming down in the middle of this thing. Hey, visit me online. Sign up right now. Craig peterson.com and get my special report on passwords.[00:11:00] We just talked about how big business uses its advantages to crush potential competition. Crush them. And it's a shame and it's happened to me and many people I know, and now the Senate's getting involved and making things worse. This is a huge problem. This happened to me a number of years ago, and I will never forget it. It was a really big lesson for me. I had designed and written a computer system that would take the code that it was written for a much older system. And run it for much less money. So bottom line here, this was a system called Cade computer assisted data entry that was made by Sperry way back in the day. Yeah. I've been in there for that long and they had little programs, so they would not punch cards, but punch right on two tapes, those big [00:12:00] nine track tapes and that information would then be used for processing later on then. People, big businesses grocery stores, you name it. We're using that Sperry system. And I designed a system that would take their COBOL is what it was. It was a form of COBOL code from this cage system. And you could use my code to compile it and run it on a Unix system. So the cost involved here was that it would be cheaper to buy a whole new Unix computer and buy new terminals and do some slight training changes. But the key punch operators would be exactly the same keystrokes as they were already used to. Okay. So you know how fast they were, so it wouldn't slow than none at all. And their cost would be. Then just the maintenance contract on the old Sperry cage. Very [00:13:00] cool stuff. And I worked really well. Then I worked with a couple of sales guys at spirit because Barry had a Unix tower system. It was a mini computer that was Unix space. And I had one, I had saved up my money. We bought this thing. It was a lot of money nowadays. It'd be about a hundred thousand dollars I spent on that system and it was really great. Cool. So some grocery stores started using it. They used it to build the space shuttle to design it and send it into space. RCA, Astro space used it, my system, which is all really cool. So Sperry was interested in it saying, okay let's do this. Now. I had flown myself across the country too, because I was in California at the time to do some of this work for. The for RCA Astro space for the space program and help make sure it was working and get it installed, help them configure it and everything else. So [00:14:00] I had a lot of time, a lot of money, a lot of effort into this. It was a big venture. So Sperry invited me down to their headquarters down in blue bell, Pennsylvania to talk about this. And I was so excited because their sales guys wanted to sell it. They gave me some free space in a booth in Las Vegas. So I was in the Sperry booth with them and, say, yeah, you can buy this. And you're using the Sperry, the new Sperry hardware. And I went down there and talked with them. They never did anything with me, or, here's a huge investment young guy. And all of this stuff just worked and they had proof of concept. They had a couple of customers already using the system and it never materialized. And then about a year and a half later, I found out Sperry had tried to duplicate my system and had messed it up terribly. It [00:15:00] wasn't keystroke compatible. So anyone using the new Sperry system, they had to learn. Okay. So I got to hit this and I got to go over here and I got to click on this. Are you kidding me using a mouse? Aren't you not? These are data entry operators. They just go all day long, just typing and. They had stolen my ideas. They messed it up. They didn't do as good a job as I did, which turns out it's pretty common. And they had stolen it. They stolen years of my life. So I've seen that before with me. I've seen Microsoft do that with friends of mine, and I've seen apple do it with various products that they've decided to release. They all do it. Why do you think these businesses can not spend money on research and development, and yet at the same time, stay in business as technology's continuing to move forward? Why? The reason is. They don't have to do, or why [00:16:00] would we do T wait a minute. Now, all we have to do is either buy the company or steal the product just re-engineer. Oh. And if we want to buy the company, we can do what Microsoft has been accused of doing again and again, which is. We'll just Microsoft. Let's see here. I like that database is pretty darn cool. So here's what we're going to do. So Microsoft announces, Hey, we're going to have a competitor to that in coming out soon. And then they sit there and they wait and they say, okay, how many people are going to ask about, oh wow. A lot of people asking for it. In the meantime, that company that had that great little database soft. Trying to sell it. And people are saying, wait, Microsoft is going to come up with a version of this. I'm just, I'm going to wait. We can wait a few months. Let's see what Microsoft. So that poor company is now seriously struggling because this big company came out and made the announcement that they're going to do something like this. And then that small company gets a [00:17:00] knock on the door. Hey, we're Microsoft or company X. And we like your product. Wow. Okay. So we're going to do a buyout. We're going to we're just, oh, this is going to be fantastic. I might have to sign what a two year contract non-compete and help them manage it. Okay. We can deal with this. And then they find out that company X says Your company is not worth that much anymore. Your sales look at their sales here, man. They've gone way down. Okay. So let me see let's do a nickel on every dollar evaluation you had a year ago. This happens every day, worldwide in America, it should never happen to anyone. And as you can tell, it upsets me. So what are Klobuchar and Grassley doing here? Amy, when she was running for president, she made this big deal. I'm going to pull us up on my screen. Those of you who are watching [00:18:00] on rumble or YouTube. And you can find all of that in my website, Craig peterson.com can see here. So they are trying to protect the American consumer, right? Yeah. Yeah. That's it. They're gonna protect us. And so what they're doing is saying that. Would a rule ruin Google search results because that's what Google says. Is it going to bar apple from offering new features, useful ones on the iPhone? How about Facebook? Will it stop them from moderating content? So the legislation's core idea is we will just. The marketplace take care of things. We're not going to let Amazon put their products in the product listings before third parties, but how are you possibly going to be able to regulate that stuff you can't, you can regulate it [00:19:00] talking about a bureaucracy. You'd probably need one about as big as the federal government is right now. And the federal government needs to be cut back in a major way. There's this two months. How about the 150 million Americans? This article brings that up to that are currently using Amazon prime, even though the price one hump. And they have it free to prime members. It's this is a big deal. The bill doesn't mention prime. Doesn't mention Google by name, Amazon. But this is going to be a nightmare to enforce the bill is not specific enough. It should be voted down. And between you and me, I don't know what can be done about this other than to have additional marketplaces show up online. And you know what the conservative social media sites are starting to win. So maybe there's hope. We've got two things we're going to talk about right now. One of them [00:20:00] is tech jobs. And man, is there a lot of scamming going on there as you might expect in the second is cloud, are you looking at cloud services? Hey, a home or business. You can see this. I'm going to pull this up on my screen for those watching on rumble or on YouTube, but this is a big problem. And we've seen this again and again right now, they're going after certain workers in the chemical. The sector, but it isn't just the chemical sector. What we've seen is the bad guys going after anyone that's applying for a job. So let me give you a few tips here. First of all, you should not be pain to apply for a job. We see that all of the time when it comes to the head hunting firms, what. Is, they will charge the business who is looking to hire someone [00:21:00] that makes sense to you. They'll hire they'll charge the business. So oftentimes it's a percentage of the annual salary committee where from usually 20% up to a hundred percent or more, depending on the position. And boy can, they make a lot of money, but they don't necessarily place. People, but you know how it is right now, there, there can be quite a few. So people have been applying for jobs to make a lot of money and not realizing that fee that supposedly they have to pay is illegitimate. So remember that. Okay. The second thing has to do with this particular scam, because what they're trying to do is. Into some of these companies. So they will send a thing out saying, Hey, on my head hunter, I'm here for you. We're going to get you this job you need to apply. Are you interested in a new job now? I've seen some stats online saying [00:22:00] that somewhere around 30 plus percent of people are looking or at least open to. Take getting a new job, which means a lot more are looking for jobs. Now I have to add to that, that the people who have jumped ship over the lockdown period really are not happy. The majority of them wish they had stayed where they were at. So keep that in mind too. But what they'll do is they'll say, Hey, listen. Oh, there's this new feature on LinkedIn. By the way, you can say y'all are, I'm interested in looking for a job. I forget exactly what it says, but it goes around your picture and I have it up there because I'm a contractor, I go to businesses and I'm. To harden their cybersecurity. And we usually start slowly, especially with some of these startups we're doing work with right now where they won't, they go... /episode/index/show/cptt/id/22981931

Did You Hear About the Latest Rip-Off? Non-Fungible Tokens! How Law Enforcement Tracks Bitcoin! 04/22/2022

Did You Hear About the Latest Rip-Off? Non-Fungible Tokens! How Law Enforcement Tracks Bitcoin! Did You Hear About the Latest Rip-Off? Non-Fungible Tokens (NFTs) Are Already Losing Steam! [10:54] How Law Enforcement Tracks Bitcoin! It is Absolutely NOT Anonymous [20:05] The FBI Is Actively Removing Malware From Private Machines -- Without The Owner's Permission [29:10] Why and When You Shouldn't Trust QR Codes [41:08] Cybercrime in Russia Tracked to a Single Office Building in Moscow! [52:29] The Newest Phishing Scams [01:01:32] Using Wordpress? How Supply Chain Attacks are Hurting Your Business Website [01:10:43] Cybersecurity Tools You Should Be Using! Jam packed today. We're going to start with non fungible tokens. If you don't know what those are, this is a very big deal because so many people are investing in them right now. Are they really investments? I've got a bit of a blow back here. Most people think that Bitcoin is anonymous. We're going to talk about how it absolutely is not. [00:00:20] We're going to talk about anonymous. In fact, the Russians, Microsoft, what they're doing against the Russians and this little comedic thing about cars. [00:00:28] NFTs are very big deal. [00:00:31] I'm going to pull up here on my screen right now. This is a picture of Mr. Jack Dorsey. We'll go full screen, an article from a website called CoinDesk. CoinDesk is one of these sites that really tries to track what's happening out there in the Bitcoin community. Of course, nowadays it's much more than Bitcoin. [00:00:53] Isn't it? We're talking about all kinds of. Different currencies that have a blockchain backend. They're called cryptocurrencies basically. But the big one was of course, Bitcoin. And there is a whole concept. Now, when we're talking about things like cryptocurrencies and these non fungible tokens. People have been investing them in them. [00:01:19] Like crazy people are making millions of dollars every week. Now, remember, I am not an investment advisor and particularly I'm not your investment advisor. So take all the. To your investment advisor. I'm not telling you to buy them. I am telling you to be cautious here though, because these non fungible tokens are designed to give you the ability to be able to just, own something in the digital world. [00:01:48] What might you own in the digital world? We've had a lot of different stuff. We've seen some just crazy monkey things. Have you seen those? These little pictures of monkeys are. Graphic designed and it's all animated. If you will. It's like cartoons and people pay money for them. One of the things that people paid money for was the rights to the first tweet ever on Twitter. [00:02:16] So that's what you're getting. When we're talking about an NFT on a non fungible transaction, it is now yours. So this particular NFT we're talking about was of our friend here, Jack Dorsey. We'll pull it up again, this article, and he had a tweet that was sold last year for $48 million. That is a lot of money. [00:02:43] So people look at this as an investment, but it's not the same as hanging art on the wall. You've got a Picasso that has some intrinsic value. It's a painting. It has all the oil paint on that, it was designed by and painted by a crazy man years ago. And you can take that Picasso and you can. [00:03:07] Turn it around and sell it. It has some real value. If you own the rights to something, let's say it's one of these monkey pictures. It reminds me of a postage stamp and you paid real money for it. Some of these things are going, as I said, for over a million dollars and this Jack Dorsey first tweet went for $48 million. [00:03:27] So let's say that's what you did, right? You bought this thing for $48 million. Really? What do you have? Because anybody can go online and look at that tweet. Anybody can print it up and stick it on a wall. Anybody can go out and get that picture of the monkeys right there. The guy drew, and you can look at it. [00:03:51] In fact, I can pull it up right now, if you want to do. But people paid real money for that. So they've got what really? What do they have? You can't take it off the wall, like you're Picasso and salad, right? Or Banksy, if you're into the more modern art, it's just not. What is doable? How do you make this work? [00:04:12] Only the NFT only gives you bragging rights in reality. That's what it does. You have bragging rights because you could take that digital picture and make a hundred quadrillion copies. Yeah, you'd still own the NFT you would still have in the blockchain for whatever NFT company you're using the rights to it. [00:04:37] They would say this, you owned it. So let's talk about the blockchain behind it. There are a lot of companies that are trying to give you that. Okay. All right. I get it. Yeah, I get to to own it. But who's running the blockchain behind it. Who's validating that you own it with Bitcoin and many of these other blockchain currencies that are out there. [00:05:04] There are various. Companies and individuals who are registered, who have all of the paperwork, if you will saying who owns, how much of what, and who paid, who and everything. And that by the way, is why it takes so long for some of these Bitcoin and other transactions to occur. But how about the NFT? There are tons of companies out there that say they will certify the NFT. [00:05:34] So it gets to be real problem. And when we get into this Jack Dorsey tweet and this article about it, which are will, let me pull it up again here for you guys. This guy, Sina S bought the very first tweet ever from Twitter founder, Jack Dorsey for $2.9 million last year. And he decided that he wanted to sell it. [00:06:03] So he listed it for sale again at $48 million last week. Real. He put it up for open bid and this article and CoinDesk is talking about that. And you can see that if you're watching me on rumble or YouTube, I'm showing you my screen here right now. But this Iranian born crypto entrepreneur named of again. [00:06:28] As TAVI purchased it for $2.9 million in March, 2021. Last Thursday, he announced on Twitter where out, that he wanted to sell this and Ft. And he said, Hey, listen, I'm going to put 50% of the proceeds to charity. The auction closed, this was an open auction. People could go and bid on it and head auction closed. [00:06:55] With an offer of basically $288, $277 at current prices when this article was written $277 and the lowest bid was $6. And as I recall, this is not in this article, but there were only. I handful of bids. Like when I say handful, I mean a half a dozen beds. Crazy. This is a real problem because the deadline is over. [00:07:27] He paid how much for it, right? How much did he pay? Pull that up again. $2.9 million last year. And his highest bid was in the neighborhood of $280. Isn't that crazy. So did he get money on this? Did he win money on this? I don't know. I'm looking at those saying is it worth it to buy something like that? [00:07:54] That you might think, oh, the very first apple computer, an apple. While that's going to be worth some serious money. Yeah, it is. It's something, you can grab onto, you can hold onto it, it's something and you can sell it. You can trade it. You can take a picture of it. You can't make digital copies of it. [00:08:15] You, you, it's a physical thing. That's worth something. Same thing with that Picasso on the wall, it's really worth something that has some basic intrinsic value. Jack's true tweet. The very first tweet. How much is that thing worth? It basically nothing. So the tweet is showing he'll pull it up on the screen again that he's selling ad Jack 2000 6 0 3 21 at eight 50 14:00 PM. [00:08:46] Just setting up my Twitter. So there you go. There's Jack is very first to. And it's absolutely amazing. Is it worth it? Let me pull up some other stuff here for you guys. I'm going to pull this up here is Coinbase launching an NFT marketplace in hopes of appealing to crypto on mainstream users. So here's some examples from a man and FTEs. [00:09:11] I'm going to zoom in on this for those of you guys watching on rumble or on Twitter. All right. Mean. Yeah actually you can see it on Twitter too, but YouTube, here you go. Here's some NFTs it's artwork and it's a creature. So you can buy creature number 7, 8 0 6 right now for six Eve. So let me see. [00:09:34] Value of six. Ethereum is what ether, M two us dollars. So for 3000. And $84. As of right now, you can get a crappy picture that even I could have draw okay. Of this guy and look at all of the work this artist has put in. There's how many of these up here? 1, 2, 3, 4, or five, 10 of them. And it's the same head. [00:10:03] Each time it looks like this almost the same eyes. He changes colors and he's got different background. It's absolutely not. So that's what they're trying to do right now, trying to sell these NFT. So who's going to buy that. Who's going to pay $3,000 for artwork that hunter Biden could have done with a straw. [00:10:25] Anchored around. Here's another one. This is from ledger insights. NBA's launching dynamic NFTs for fans, baseball cards for the NBA that are basically just worthless. They're NF. Non fungible tokens. It has taken the crypto world by storm and people are losing millions as you look, but it really is changing the e-commerce world. [00:10:54] Bitcoin blockchain. All of the rage, a lot of people are talking about it, but I got to say most people who are talking. I don't know much about it. And when it comes to anonymity, Bitcoin is probably the worst thing you could possibly do. It's amazing. [00:11:12] There are a lot of misconceptions out there when it comes to technology, you have almost any kind of technology and blockchain and Bitcoin are examples of a very misunderstood technology. [00:11:25] Now I'm not talking about how does it work? How are these ledgers maintained? How does this whole mining thing work? Why has Chan. Bandit. Why are a lot of countries going away from it, one country. Now the dictator said, yeah, we're going to use Bitcoin as our we're official currency. In addition to the U S dollar what's going on. [00:11:48] It is complicated behind the scenes. It's complicated to use. Although there are some entrepreneurs that have made some great strides there. I saw a documentary on what has been happening in that one country. I mentioned. They are able to pay in us dollars using Bitcoin. So they'll go up to a vendor on the street. [00:12:13] Quite literally they'll have their smartphone with them. The vendor has their smartphone. They type in 15 cents for the taco and a hit send. It goes to the other person and they have 15 cents worth of Bitcoin. By the way, these types of micro-transactions with the way Bitcoin is structured behind the scenes, make things even less manageable in the Bitcoin world than they have been in the past. [00:12:40] And that's why in case you didn't know, Bitcoin is making some major changes here fairly soon. They've got to change the way all of this ledger stuff works because it takes too long. To record and authorized transactions. And these ledgers just get way too long when it comes to all of these kinds of microtransaction. [00:13:04] So there's stuff going on, Bitcoin, there, there are many of these types of currencies out there. Theories comes one. You've heard about doge coin because of course that's Elon Musk has been talking about and many others and they're all different somewhat, but the main concepts are the. One of the big concepts, I'm going to pull an article up here on the screen for those watching on YouTube or also on rumble. [00:13:30] But this is an article from our friends at wired magazine. And now you have subscribed to wired for many years. This particular one is about what wired is calling the crypto. Trap now that's a very big deal. It is a trap and it's a trap and a lot of different ways. And that's what we're going to talk about right now. [00:13:56] Crypto is not what its name implies. A lot of people look at it and say, oh, crypto that's cryptography. That's like the German enigma machine in world war two and all of this new, great crypto that we have nowadays. And there are some pretty amazing new cryptographic technologies that we've been using, but no, that's not. [00:14:17] What's really going on. You see the basic premise behind all of these technologies is the concept of having a. And this wallet has a unique identifier. It has a number assigned to it. So if I'm sending money to you, I'm going to have your wallet, ID, your wallet number, and I'm going to now send you some amount of fraction, most likely of a cryptocurrency and it's certainly if it's Bitcoin, it's almost certainly a fraction. [00:14:49] And so I'm going to send you $100 worth of, let's say. What ends up happening now is these ledgers, which are public, are all going to record the Craig's sent you a hundred dollars worth of Bitcoin. Of course, it's going to be in a fraction of a Bitcoin. So sometimes there's rounding errors is not going to be really exactly a hundred dollars. [00:15:12] Plus there's the amazing amount of. Tivoli volatility in the cyber currencies. So even though I meant just hitting a hundred dollars, mine ended up being 110 of it goes up. It might be 90. If it goes down you get that. You don't understand how that works. So the problem now is I have sent you a hundred dollars. [00:15:33] And public ledgers that anyone can gain access to now say wallet number 1, 2, 3, 4 cent, a hundred dollars, two wallet, number 5, 6, 7, 8. Obviously the wallet, our bruises, a lot longer than that. So then it's fine. And there's a degree of anonymity there it's really called pseudo anonymity because in reality, it's not completely anonymous because people know the transaction occurred and they know the wallet numbers. [00:16:03] Correct. It's like a bank account, and if I'm putting money into your bank account, that bank account number knows that the money came from a check that I wrote. Can you imagine that someone writing a check and that check I had a number on it, a bank account number, right? So it can all be tracked while much. [00:16:19] The same thing is true when it comes to cryptocurrencies, these cryptocurrencies are in public ledgers and those public ledgers can be used with a little bit of work to figure out. Who you are. So this article here from our friends at wired gets really hairy. And it might be of interest to you to read, but this is talking about a take-down that happened, and this is a massive take down. [00:16:51] This take down was of a whole group of people who were involved in some really nasty stuff. In this particular case, what it was kitty. Just a terrible thing and the abuse surrounding it. So this logical goes into not a lot of detail. I'm not going to read it because here on the air, because I don't want to upset too many people. [00:17:15] Cause it's some of the details of this evening to think about them are incredible. But. This the police broke into this middle-class suburb home in the outskirts of Atlanta. And he there was Homeland security. It was a guy from the IRS and they came in, they took all of their electronic devices. [00:17:38] They separated the family, putting the father who is an assistant principal at the local high school assistant printers. And he was the target of this investigation. So they had him in one room, they had his wife and another room and they put the two kids into a third room and they started questioning him. [00:18:00] Now, this is part of a takedown of a, as I said, a whole ring of these people, including this assistant. Principal at a school. Can you believe that? So this IRS guy had flown in from Washington DC to have a look over what was going on, but this agent from the IRS and his partner whose name is let's see, his name was Jenn S Scouts. [00:18:26] I probably got that wrong. And Tigran GAM bar Yan, Cambodian, and they had a small group of investigators and they were at a whole bunch of different federal agencies, not just the IRS. What once seemed to be. Untraceable was no longer untraceable. Now I've talked on this show before about a lecture I went to by the secret service about how they had tracked down and shut down the world's largest website that was being used to sell illegal materials online. [00:19:01] And it's fascinating what they did. But frankly, they're calling this particular boss to proof of concept and that's why they are IRS was in on this as well, but it was huge. Here's a quote from the IRS agent in this wired magazine article. He's saying he remembers how the gravity of this whole thing. [00:19:21] Let me pull this up on the screen too. So you can read along here, but this was a high school administrator, a husband, and a father of two, whether he was guilty or innocent. The accusations, this team of law enforcement agents were leveling against. There are mere presence in the home would almost certainly ruin his life. [00:19:44] And he, as well as these other people were counting on anonymity from Bitcoin. Now, obviously I'm glad they got taken down, but listen, folks, if you think that it's safe, that it's anonymous, it ain't Bitcoin just ain't there. Craig peterson.com stick around. [00:20:05] I've been blamed for really complaining about people not updating their software. And that includes things like firewalls. The FBI has stepped in and they are going ahead and doing updates for you. [00:20:21] What should we be doing as a country? [00:20:26] People are. Updating their software. They're not updating their hardware. And particularly our hardware take a look at what's been happening with the firewalls and the firewall concerns. Everybody has some sort of firewall will almost everybody, but enough people that we can say, everybody has a firewall, you get your internet from you, name it. [00:20:50] And because of the fact they're using something called Nat network address translation, they've got some sort of firewall in front of you. So for instance, You've got your phone, right? You're using your phone and it's got internet on it. You're going through whoever your carrier is. And that carrier is giving you internet access, right? [00:21:14] They don't have enough IP addresses, particularly IPV four, in order for you to get your very own unique little address out on the. No they do. When it comes to V6 things a little bit different, but your device is not completely exposed on the internet. Windows comes to the fire. And by default, the windows firewall is turned on. [00:21:35] Now this gets more than a little concerning because that firewall that's turned on. Isn't really doing anything because I've got a firewall turned on and yet every service is accessible from outside, which is defeating the purpose of the firewall. Again, it's a complaint I've had about Microsoft now for. [00:21:55] Decades, which is they have features that are just check boxes. Yes. Yes. It's got a firewall. Yeah, it's turned on, but the features don't work. So having a firewall and having everything open defeats the purpose of a firewall max do not have a firewall turned on by default, but they do have their services to say. [00:22:18] Which is just as effective if not more effective. So one of the things we advise people to do is go into your windows system, into the firewalls and your security settings, and turn off any services that you're not using. If you're not sharing file systems, then turn that off. In other words, You're mounting the G drive or whatever you might call it from another computer, then you don't need it. [00:22:44] If you're not as server for what's called SMB, then you don't need to share it. So turn off everything that you don't need. That's going to happen is one of your programs isn't going to work, right? And the, what you did last year, you're going to turn it back on and you can do a lot of research online to find out what they are. [00:23:04] We have over 200 settings that we change in windows. When we get a... /episode/index/show/cptt/id/22882304

Are You Ready For Data Wiping Attacks? 04/01/2022

Are You Ready For Data Wiping Attacks? Are You Ready For Data Wiping Attacks? Yet another warning coming out from the federal government about cyber security. And this one is based on what's been happening in Ukraine. So we're going to talk about that situation, the whole cyber security over there and why it's coming here. [Automated transcript follows] CISA is the cybersecurity and infrastructure security agency. How's that for a name it's not as bad as what does that shield right over from the Marvel universe, but the cybersecurity and infrastructure security agency is the agency that was created to not just protect federal government systems, although they are providing information for. [00:00:41] People who protect those systems, but also for businesses and you and me and our homes. So they keep an eye on what's happening, what the various companies out there are finding, because most of the cybersecurity information that we get is from private companies and they. But it altogether, put it in a nice little wrapping paper. [00:01:05] In fact, you can go onto their website anytime that you'd like to, and find all kinds of stuff that is going to help you out. They've got a ton of documents that you can download for free little steps that you can take. It's at csun.gov, C I S a.gov. And they've got the known exploited vulnerabilities catalog. [00:01:30] That's something that we keep up to date on to help make sure our clients are staying ahead of the game. They've also got their review board securing public gatherings. They also run the stop ransomware.gov site that you might want to check out. And we'll be talking a little bit more about ransomware and the ways to protect yourself a little later today. [00:01:52] Now Seesaw is interesting too, because when they are releasing information, most Americans really aren't aware that they even exist. They do. And they've got a big warning for us this week. There's a site that I follow called bleeping computer that you might want to keep an eye on and they have. [00:02:15] I'll report just out this week that you, crane government agencies and corporate entities were being attacked. This was a coordinated cyber attack last Friday, a week ago, where websites were defaced data wiping malware was deployed and causing all of these systems to become not just a corrupt, but some of these windows devices to be completely. [00:02:45] Operable now that is a bad thing. The reason for this, this is speculation, but it isn't a whole lot of speculation. Right? Am I getting out of, on a limb here particularly, but the whole idea behind this is a cyber war, that Russia's got, what is it now? 130,000 troops, whatever it is over a hundred thousand. [00:03:08] On the border of Ukraine, they invaded Ukraine a few years ago. Russians shot down a passenger airline in Ukrainian air space. This that was a few years back. They've been doing all kinds of nastiness to those poor Ukrainians. They also had a massive ransomware attack in Ukraine. That was aimed at their tax software. [00:03:35] Some countries do the electronic filing thing a lot differently than the us does. A couple of examples are Ukraine. France is another one that comes to mind. We have clients in France that we've had to help with cyber safety. And we're always getting popups about major security problems in the tax software, because they have to use this software that's provided by the French government. [00:04:03] Ukraine's kind of the same way. The biggest. Company providing and the tax filing software for Ukraine was hacked and they use that hack to then get into the tech software and make it so that when that software was run by these Ukrainian companies, they would get ransomware. It was really rather nasty. [00:04:30] So the Russians had been playing games over in Ukraine for quite a while. But what's apparently happened now, is that a thing? Those things, same things are coming our way now. It's not just because of the fact that a Ukraine is being threatened, maybe they're going to encroach even more, take more than Crimea, which they did last time. [00:04:56] We're in the U S and what are we doing? President? Biden's been sending troops to Europe, troops to Poland, Germany, and also advisors to the Ukraine. He's removed the embassy staff, at least the vast majority of it from Ukraine. And I just I think. To what happened with his completely unplanned withdrawal that we did in Afghanistan and how things just got really bad there. [00:05:28] And I'm not worried about what's going to happen in Ukraine because the Russians aren't particularly fond of the idea that we are sending aid and support to. Yeah, it's a bad thing. President Obama sent them blankets, but Biden is sending them military weapons and ordinance, which is what they'd need to fight. [00:05:53] So Russia has shown that they will attack a country via electronic means cyber means, right? Cyber attacks. And so what's happening now is the bad guys from. That have been the facing websites and who have been doing more than that, wiping computers and making them completely unusable could well come after us because they're really going to be upset with what's happening now. [00:06:27] And that was CNN has reported the Ukrainian it services company that helped develop many of these sites was also a big. And of course that means bottom line, that this is what's called a supply chain attack. What I mentioned earlier with the Ukrainian tax software, that's a supply chain attack where you are buying that software, or you're mandated to use the software to file your taxes by the government. [00:06:57] And what happens while it turns out that software is contaminated, that's called a supply chain attack. Now crane issued a press release about a week ago, saying that the entities were hit by both attacks, leading them to believe that they were coordinated. This is a quote here. Thus, it can be argued with high probability that the interface. [00:07:24] Of websites have attacked government agencies and destruction of data by Viper are part of a cyber attacking, but causing as much damage to the infrastructure of state electronic resource that's from the Ukrainian government, not the best English, but their English is much better than my Ukrainian or Russian. [00:07:44] So you, crane is blaming these attacks on Russia, incomes, CS. So you says now urgent. Business people in the us and other organizations to take some specific steps. So quote, here from the Seesaw insights bulletin, the CSO insights is intended to ensure that senior leaders at the top of every organizational where the cyber risks and take urgent near term steps to reduce the likelihood and impact of a potentially damaging compromise. [00:08:19] All organizations, regardless of the sector or side should immediately implement the steps outlined below. So here's the steps and there are a lot of them. One I'm going to do these, you should find in your newsletter today. Hopefully that all made it in. But three basic things. One reduce the likelihood of a damaging cyber intrusion. [00:08:46] And we're going to talk about the best way to do backups here a little later on today. Make sure your software is up to date. Make sure your organization's it personnel disabled, all ports and protocols, not essential for business purposes. This is all basic stuff, but I got to say. I bet you, 98% of businesses and organizations, haven't done these things. [00:09:07] The next major category here, take steps to quickly detect a potential intrusion, and then ultimately maximize the organizations resilient to destructive. Incident. So that means doing things like testing your backup procedure, make sure your data can be restored rapidly, or you have a way to get your business back online quickly. [00:09:31] What we tend to do is in our backup strategy, depending on how much the company can afford, to be down. To be out of business if they lose all of their stock versus what it costs to do this, but we will put a server on site at the company and that server then does some of the backups, right? It does all of the initial backups. [00:09:55] And then what happens is it gets relayed to us. It gets pushed to tape and tape is really good. We'll talk about that in just a few minutes, but the other big thing is. The backup that we have local to their business also has what's called a virtual machine infrastructure built on it. So if a machine goes down, If it gets wiped or if it just crashes and can't be recovered easily, we can spin up that machine. [00:10:27] A copy of it in our little virtual environment in just a matter of minutes. So these are all things you should be considering. If you're interested, you can send an email to [email protected] I can send you a checklist that a little more extensive than this, or I can help you with any other questions you have. [00:10:47] I get lots of questions every week from everything for on retirees, wondering what they should do all the way through businesses that we help government contractors and others. This isn't good. Russia is likely coming after us. Based on this. Visit me online. Craig peterson.com or email [email protected] with your questions. [00:11:14] With all of this talk about hackers, ransomware data, wiping systems. What's the best way to protect yourself, but what do you do to really protect against ransomware? I can tell you, it's not just plugging another hard disk into do backup. [00:11:31] We've got so many hackers out there. We're talking about a multi-billion dollar industry to go after us. [00:11:39] It's just depressing. Really. When you think about it, I think about the old days where security, wasn't a huge concern, right? Physical security. I had one of my first jobs was at a bank and I was, this was back way back in the a G it would have been the mid seventies and I was one of the operators of the main. [00:12:05] And so as a mainframe operator, we'd load up the tapes and we would ship them places. We'd also go ahead and put them in the vault so that they were in a fireproof vault, and we could recover anything we needed to recover. It worked out pretty darn well, and it was a fun job, but most of the time it was cleaning the tape drive heads and taking those tapes, those big round tapes, you might remember those. [00:12:33] Nine track tapes and maybe the fancy stuff, 52 50 BPI or 800 BPI of one end or the other, or the spectrum. And we just had to make sure they were physically safe nowadays of course, mainframes are still around and are still absolutely fantastic. They're just phenomenal. Some of the technology IBM has in their mainframes. [00:12:59] Most of us, aren't using those. Most of us are using a regular computer or I'm sitting in front of a Mac right now that I use for the radio show. We have windows, computers, Linux machines, right? All of those things that we have in our business and that we maintain securely for our clients. But what do you do when we're talking about random? [00:13:23] You can cross your fingers and hope that you'd hope you don't get ransomed. That sort of a practice doesn't usually work out too well for people, but you can do backups and many people do. So let's talk about the backups. Let's say that you have your computer and you're doing a backup and you have one or two generations worth of backups for your company. [00:13:47] Ransomware nowadays does not just typically destroy your whole disk. Usually what it does is it encrypts files like doc files, doc X, right? Excel files, all kinds of files that thinks might be useful to you. And then of course, the rest, it pops up says, pay me. And off you go. The reason for that is so your computer still works so that you can enter in the decryption code. [00:14:18] Once you've paid the ransom, hopefully it works for you give or take 50% of the time. You will get your data back. If you pay the ransom much of the time. But let's go back to that one or two generations of backup. You're using a cloud service, let's say, and your computer gets ransomware. That cloud service backup software will still work. [00:14:43] What if it's working? So you're now backing up your encrypted files to the backup site in the cloud. Do you see where I'm going with this? Your backups? No. Same thing is true. If you're backing up to a local hard disk, many people do it and it's handy. I recommend that you do that, but it's not all you should do. [00:15:08] So that disc is attached. We had a. Boy, who was it here? Yeah, we have a client in Maine and they have a really smart system administrator and he designed these disk drives that would physically disconnect themselves from a machine when the backup was not running and would physically connect themselves when the backup. [00:15:34] Was running. So the idea there was okay, great. We've got a local backup on a local disk and if the bad guys managed to get a hold of the machine, they're not going to be able to encrypt the. And, as long as the backup isn't running, I thought that was a brilliant solution. Doesn't solve some problems, but it certainly takes care of some others. [00:15:58] So if you are doing a backup, you've got to make sure you've got multi generations. I tend to keep a year's worth. Now there's other considerations. There's the federal rules of. Procedures that say you have to have bad cops. They have to go back years. And there are also other things the payment card industry requires certain types of backups. [00:16:25] If you are a government contract, We have them as clients and they have certain data retention policies based on the length of the contract. They have keep it for some years afterwards. It goes on and on. So if your data is lost or stolen or encrypted, and your backup is encrypted or deleted, You are in real trouble depending on the type of business you're in. [00:16:56] So what's the right answer to this. I've talked about 3, 2, 1 backup for a long time, and it's still a very good methodology for doing backups, but nowadays they're talking about 3, 2, 1, 1 backup, which is again, that's a bit of a different methodology. In doing backups, but the idea is you've got multiple copies of your data on multiple types of media in multiple places. [00:17:29] That's the bottom line. What is the gold standard for this? I it's something that gets to be a little expensive. Again, we have another client that we've had for years, and they are looking for a replacement for the backup system. Now. And so we proposed something that's based on what's called LTO technology, which is a type of a tape drive. [00:17:55] It's a small cassette, right? It's not those big 12 inch reels of tape that we used to lug around and it's amazingly dance. The new LTO tape drives have space on them for as much as 45. Terabytes of information. It's also great because it's encrypted by hardware, government level encryption automatically, and those tapes can be taken offline. [00:18:25] You can take the tape. Now we picked up a client who had been doing backups and they were using little USB drives and every day he'd take the drive home and bring in the next drive. So he had five drives, right? So he had the drive for Monday, Tuesday, Wednesday, Thursday, Friday. And he was taking them home, but he missed one of the key things to check the back. [00:18:53] He hadn't checked the backup and their backup had not been running for more than a year and a half. So that's the other thing you have to do? The LTO tapes are really the gold standard. It goes back to that for one of the first jobs of mine, right? The job I mentioned, where I was mounting tapes and filing them and moving them around and mountain disc packs and pulling them out and everything. [00:19:19] It still makes sense. They'll last for decades, they cannot be hacked because they are literally offline. You can ship them to places to have them stored. I have a course on backups and if you're really interested, send me a an email to [email protected] And I'll go ahead and. Send you a link to the course, you can watch it. [00:19:48] But yeah, I think this is really important. Of course, I'm not going to charge you for that, but magnetic tape it's established. It's understood. It's proven it's been around for many decades and LTO tape is unique. It needs all five best practices for addressing ransomware. Even be able to recover. [00:20:12] If you want more information, just email [email protected] or sign up for my free newsletter. Craig peterson.com. [00:20:22] Switching from gasoline powered engines to these new electric cars is no environmental panacea. At least that's what West Virginia university is saying. And the E. Just changed its mind as well. [00:20:38] Ford of course, about a year ago, unveiled its new electric. [00:20:43] F-150 the lightning and Ford has stopped taking orders for them because they are going to have to make double what they thought they would have to make. Ford also has a similar problem with yet another electric vehicle. The Mustang GM is doing a few different electric. Coles. And so is everybody else, frankly, Porsche even now has an electric car out. [00:21:11] That is all well and good. Isn't it. And there's certainly problems, particularly with manufacturing nowadays, trying to get the CPU's and other electronic components you need. They're even having trouble getting electric motors for electric windows in vehicles. Now they're coming. Crank window with a little coupon saying later on, we'll convert it to electric for you all kinds of problems, but there's one that I haven't heard anybody but myself talk about. [00:21:44] And so I was online looking around, doing some searches, seeing if I was, like the only one there's no way right now, I'm not the smartest person in the world. I don't pay the most attention to everything. And I found that. Virginia university is in total agreement with that with me, it's just amazing. [00:22:06] They looked at recent trends and they're cautioning as I have been for years, at least a decade. Now they're cautioning about what seems to be a race to put more electric vehicles. On the road. And the problem is that these electric vehicles in their demand for electricity may well out, run what's needed to keep the vehicles on the road. [00:22:35] So here's a quote from them. The electric grid will struggle to handle the quick charging of very many electric vehicles at the same time. Okay yeah, by the way, like hardly any quick charging is generally what everyone thinks about, like going to the gas station, getting a full charge in 10 to 15 minutes, which would be a tremendous instantaneous load on the local distribution center. [00:23:03] My concern is the huge power dumps required at quick charging stations along the interstate. It sounds good, but it'll require a lot of new infrastructure to get the power to the charging stations, as well as building those charging stations. So where does the power come from? Power storage is going to be required if we're going to also move towards fixing. [00:23:28] Power sources such as solar and wind. We do not have power storage capability yet in large enough quantities to do this on a large scale. Solar does not work at night. The wind doesn't blow all the time. Also, we do not have the distribution on the streets to move fast charging into residential neighborhoods on mass. [00:23:52] Electric vehicles are great, but we have not fully considered the impact it'll have on our electrical grid infrastructure. It will require a lot of expansion of our electrical distribution and charging facilities. Remember, electric power comes from the power company. I heard an interview with a lady the other day, and they asked her, where does the electricity come? [00:24:15] She said, From the plugin, the wall, right? We must consider this when considering wide-scale electric vehicle adoption, much as there is to gain from electric vehicles. I... /episode/index/show/cptt/id/22654463

Which Anti-Hacker Techniques Can You Use Against the Russian Hackers? 03/26/2022

Which Anti-Hacker Techniques Can You Use Against the Russian Hackers? Weekly Show #1158 We know the Russians have been attacking us. I've talked a lot about it on the radio and TV over the last couple of weeks. So I am doing something special; we are going through the things you can do to stay safe from the latest Russian attacks. Last week, we started doing something I promised we would continue -- how can you protect yourself when it comes to the Russians? The Russians are the bad guys when it comes to bad guys. So there are a few things you can do. And there are a few things; frankly, you shouldn't be doing. And that's precisely what we're going to talk about right now. Today, I explain: - How to protect your back-end - Preventative measures - The new rules of backing up your computer As usual, we'll cover the What, Why, and How's. [Automated transcript follows] [00:00:39] So last week he went over some steps, some things that you can look at that you should look at that are going to help protect you. And we are going to go into this a whole lot more today. And so I want you to stick around and if you miss anything, you can go online. You can go to Craig peterson.com, make sure you sign up there for my email. [00:01:01] And what I'm going to do for you is. Send you a few different documents now where we can chat back and forth about it, but I can send you this. Now I'm recording this on video as well as on audio. So you can follow along if you're watching either on YouTube or. Over on rumble and you can find it also on my website. [00:01:26] I've been trying to post it up there too, but right now let's talk about what we call passive backend protections. So you've got the front end and the front end of course, is. Stuff coming at you, maybe to the firewall I've mentioned last week about customers of mine. I was just looking at a few customers this week, just so I could have an idea of their firewalls. [00:01:52] And they were getting about 10 attacks per minute. Yeah. And these were customers who have requirements from the department of defense because they are defense sub subcontractors. So again, Potential bad guys. So I looked up their IP addresses and where the attacks were coming from. Now, remember that doesn't mean where they originated because the bad guys can hop through multiple machines and then get onto your machine. [00:02:22] What it means is that all, ultimately they ended up. Coming from one machine, right? So there's an IP address of that machine. That's attacking my clients or are attacking my machines. That just happens all the time. A lot of scans, but some definite attacks where they're trying to log in using SSH. [00:02:42] And what I found is these were coming from Slovakia, Russia, and Iran. Kind of what you were expecting, right? The Iranians, they just haven't given up yet. They keep trying to attack, particularly our military in our industry. One of the things we found out this week from, again, this was an FBI notice is that the Russians have been going after our industrial base. [00:03:09] And that includes, in fact, it's more specifically our automobile manufacturers we've already got problems, right? Try buying a new car, try buying parts. I was with my friend, just this. I helped them because he had his car right. Need to get picked up. So I took him over to pick up his car and we chatted a little bit with this small independent automotive repair shop. [00:03:34] And they were telling us that they're getting sometimes six, eight week delays on getting parts and some parts. They just can't. So they're going to everything from junkyards on out, and the worst parts are the parts, the official parts from the car manufacturers. So what's been happening is Russia apparently has been hacking into these various automobile manufacturers and automobile parts manufacturers. [00:04:03] And once they're inside, they've been putting in. A remote control button net. And those botnets now have the ability to wake up when they want them to wake up. And then once they've woken up, what do they do? Who knows? They've been busy erasing machines causing nothing, but having they've been doing all kinds of stuff in the past today, they're sitting there. [00:04:24] Which makes you think they're waiting, it's accumulate as much as you possibly can. And then once you've got it all accumulated go ahead and attack. So they could control thousands of machines, but they're not just in the U S it's automobile manufacturers in Japan. That we found out about. [00:04:44] So that's what they're doing right now. So you've got the kind of that front end and back end protections. So we're going to talk a little bit about the back end. What does that mean? When a cybersecurity guy talks about the backend and the protections. I got it up on my green right now, but here's the things you can do. [00:05:03] Okay. Remember, small businesses are just getting nailed from these guys, because again, they're fairly easy targets. One change your passwords, right? How many times do we have to say that? And yet about 70% of businesses out there are not using a good password methodology. If you want more information on passwords, two factor authentication, you name it. [00:05:30] Just email me M [email protected] I want to get the information out now. You got to make sure that all of the passwords on your systems are encrypted are stored in some sort of a good password vault as you really should be looking at 256 bit encryption or better. I have a vendor of. That I use. So if you get my emails every week, when them, there's the little training. [00:05:59] And so I'll give you a five minute training. It's written usually it's in bullet point for, I'm just trying to help you understand things. That provider of mine has a big database and there's another provider that I use that is for. So the training guys use the database of my provider. [00:06:20] In using that database, they're storing the passwords and the training providers putting passwords in the clinics. Into the database, which is absolutely crazy. So again, if you're a business, if you're storing any sort of personal information, particularly passwords, make sure that you're using good encryption and your S what's called salting the hash, which means. [00:06:46] You're not really storing the password, just joining assaulted hash. I can send you more on this. If you are a business and you're developing software that's, this is long tail stuff here. Configure all of the security password settings so that if someone's trying to log in and is failing that, and you block it, many of us that let's say you're a small business. [00:07:08] I see this all of the time. Okay. You're not to blame. You, but you have a firewall that came from the cable company. Maybe you bought it at a big box retailer. Maybe you bought it online over at Amazon, as hurricane really great for you. Has it got settings on there that lets you say. There's 20 attempts to log in. [00:07:31] Maybe we should stop them. Now, what we do personally for our customers is typically we'll block them at somewhere around three or four failed attempts and then their passwords block. Now you can configure that sort of thing. If you're using. Email. And that's an important thing to do. Let me tell you, because we've had some huge breaches due to email, like Microsoft email and passwords and people logging in and stealing stuff. [00:07:59] It was just a total nightmare for the entire industry last year, but limit the number of login retries as well as you're in there. These excessive login attempts or whatever you want to define it as needs to lock the account. And what that means is even if they have the right password, they can't get in and you have to use an administrative password in order to get in. [00:08:25] You also want to, what's called throttle, the rate of repeated logins. Now you might've gotten caught on this, right? You went to your bank, you went to E-bay, you went to any of these places and all of a sudden. And denied you write it blocked you. That can happen when your account is on these hackers lists. [00:08:45] You remember last week we talked about password spraying while that's a very big deal and hackers are doing the sprain trick all of the time, and that is causing you to get locked out of your own account. So if you do get locked out, remember it might be because someone's trying to break. Obviously you have to enforce the policies. [00:09:09] The capture is a very good thing. Again, this is more for software developer. We always recommend that you use multifactor or two factor authentication. Okay. Do not use your SMS, your text messages for that, where they'll send you a text message to verify who you are. If you can avoid that, you're much better off. [00:09:30] Cause there's some easy ways to get around that for hackers that are determined. Okay. A multi-factor again, installed an intrusion. system. We put right at the network edge and between workstations and servers, even inside the network, we put detection systems that look for intrusion attempts and block intrusion attempts. [00:09:56] A very important use denied lists to block known attackers. We build them automatically. We use some of the higher end Cisco gates. Cisco is a big network provider. They have some of the best hardware and software out there, and you have to subscribe to a lot of people complain. I ain't going to just go buy a firewall for 200 bucks on Amazon. [00:10:18] Why would I pay that much a month just to to have a Cisco firewall? And it's like praying pain for the brand. I've got by logo chert on here. Oh, I wouldn't pay for that. No, it's because they are automatically providing block lists that are updated by the minute sometimes. And then make sure you've got an incident response plan in place. [00:10:44] What are you going to do when they come for you? What are you going to do? Bad boys. Bad. Stick around. We've got a lot more to talk about here as we go. I am explaining the hacks that are going on right now and what you can do as a business and an individual doubt. Protect yourself. Don't go anywhere. [00:11:07] Now we're going to talk about prevention. What can you do an order to stop some of these attacks that are coming from Russia and from other countries, it is huge. People. Believe me, this is a very big problem. And I'm here to help. [00:11:23] hi, I'm Craig Peter Sohn, your chief information security officer. We've reviewed a number of things that are important when it comes to your cyber security and your protection. [00:11:37] We talked about the front end. We talked about the backend. Now we're going to talk about pure prevention and if you're watching. Online. You'll be able to see my slides as they come up, as we talk about some of this stuff and you'll find me on YouTube and you'll also find me on rumble, a fairly new platform out there platform that doesn't censor you for the things you say. [00:12:01] Okay. So here we go. First of all, enabling your active directory password protection is going to. Four's password protection all the way through your business. Now I've had some discussions with people over the months, over the years about this whole thing and what should be done, what can be done, what cannot be done. [00:12:26] Hey, it's a very big deal when it comes to password protection and actor directory, believe it or not, even though it's a Microsoft product is pretty darn good at a few things. One of them is. Controlling all the machines and the devices. One of the things we do is we use an MDM or what used to be a mobile device manager called mass 360. [00:12:51] It's available from IBM. We have a special version of that allows us as a managed security services provider to be able to control everything on people's machines. Active directory is something you should seriously consider. If you are a Mac based shop. Like I am. In fact, I'm sitting right now in front of two max that I'm using right now, you'll find that active directory is a little bit iffy. [00:13:21] Sometimes for max, there are some work around and it's gotten better mastery. 60 is absolutely the way to go, but make sure you've got really good. Passwords and the types of passwords that are most prone to sprain the attacks are the ones you should be banning specifically. Remember the website? Have I been poned? [00:13:45] Yeah. It's something that you should go to pretty frequently. And again, if you miss anything today, just email me M [email protected] Believe me, I am not going to harass you at all. Okay. Now, the next thing that you should be doing is what's called red team blue team. Now the red team is a group of people, usually outside of your organization. [00:14:11] If you're a big company they're probably inside, but the red team is the team that attacks you. They're white hat hackers, who are attacking you, looking for vulnerabilities, looking for things that you should or shouldn't be doing. And then the blue team is the side that's trying to defend. So think of, like war games. [00:14:29] Remember that movie with Matthew Broderick all of those decades ago and how the, he was trying to defend that computer was trying to defend that it moved into an attack mode, right? Red team's attack, blue team is defend. So you want. To conduct simulated attacks. Now w conducting these attacks include saying, oh my let's now put in place and execute our plan here for what are we going to do once we have a. [00:15:01] And you darn well better have a breach plan in place. So that's one of the things that we help as a fractional chief information security officer for companies, right? You've got to get that in place and you have to conduct these simulated attacks and you have to do penetration testing, including password spraying attacks. [00:15:21] There's so many things you can do. The one of the things that we like to do and that you might want to do, whether you're a home user, retiree or a business is go and look online, you can just use Google. I use far more advanced tools, but you can use Google and look for your email address right there. [00:15:40] Look for the names of people inside your organization. And then say wait a minute, does that data actually need to be there? Or am I really exposing the company exposing people's information that shouldn't be out there because you remember the hackers. One of the things they do is they fish you fish as in pH. [00:16:04] So they'll send you an email that looks like. Hey let me see. I know that Mary is the CFO, and I know that Joe's going to be out of town for two weeks in The Bahamas, not a touch. So while he's got. I'm going to send an email to Mary, to get her to do something, to transfer the company's funds to me. [00:16:23] Okay. So that's what that's all about. You've got to make sure, where is our information? And if you go to my company's page, mainstream.net, you'll see on there that I don't list any of the officers or any of the people that are in the company, because that again is a security problem. [00:16:41] We're letting them know. I go to some of these sites, like professional sites lawyers, doctors, countenance, and I find right there all, are there people right there top people or sometimes all of them. And then we'll say, yeah, I went to McGill university, went to Harvard, whatever my B. It's all there. So now they've got great information to fish you, to fish that company, because all they have to do is send an email to say, Hey, you remember me? [00:17:13] We're in Harvard when this class together. And did you have as a professor to see how that works? Okay. You also want to make. That you implement, what's called a passwordless user agent, and this is just so solely effective. If they cannot get into your count, what's going to, what could possibly go wrong, but one of the ways to not allow them into the count is to use. [00:17:41] Biometrics. We use something called duo and we have that tied into the single sign-on and the duo single sign-on works great because what it does now is I put in, I go to a site, I put it into my username and. Pulls up a special splash page that is running on one of our servers. That again asks me for my duo username. [00:18:04] So I've got my username for the site then to my dual username and my duo password single sign on. And then it sends me. To an app on my smart device, a request saying, Hey, are you trying to log into Microsoft? And w whatever it might be at Microsoft, and you can say yes or no, and it uses biometric. [00:18:27] So those biometrics now are great because it says, oh, okay, I need a face ID or I need a thumb print, whatever it might be that allows a generalized, a password, less access. Okay. Password less. Meaning no pass. So those are some of the top things you can do when it comes to prevention. And if you use those, they're never going to be able to get at your data because it's something you have along with something, it works great. [00:19:02] And we like to do this. Some customers. I don't like to go through those hoops of the single sign-on and using duo and making that all work right where we're fine with it. We've got to keep ourselves, at least as secure as the DOD regulations require unlike almost anybody else in industry, I'm not going to brag about it. [00:19:26] But some of our clients don't like to meet the tightest of controls. And so sometimes they don't. I hate to say that, but they just don't and it's a fine line between. Getting your work done and being secure, but I think there's some compromises it can be readily made. We're going to talk next about saving your data from ransomware and the newest ransomware. [00:19:53] We're going to talk about the third generation. That's out there right now. Ransomware, it's getting crazy. Let me tell ya and what it's doing to us and what you can do. What is a good backup that has changed over the last 12 months? It's changed a lot. I used to preach 3, 2, 1. There's a new sheriff in town. [00:20:15] Stick around Craig peterson.com. [00:20:19] 3, 2, 1 that used to be the standard, the gold standard for backing up. It is no longer the case with now the third generation of ransomware. You should be doing something even better. And we'll talk about it now. [00:20:36] We're doing this as a simulcast here. It's on YouTube. It is also on rumble. [00:20:43] It's on my [email protected] because we're going through the things that you can do, particularly if you're a business. To stop the Russian invasion because as we've been warned again and again, the Russians are after us and our data. So if you missed part of what we're talking about today, or. [00:21:07] Last week show, make sure you send me an email. [email protected] This is the information you need. If you are responsible in any way for computers, that means in your home, right? Certainly in businesses, because what I'm trying to do is help and save those small businesses that just can't afford to have full-time. [00:21:31] True cyber security personnel on site. So that's what the whole fractional chief information security officer thing is about. Because you just, you can't possibly afford it. And believe me, that guy that comes in to fix your computers is no cyber security expert. These people that are attacking our full time cybersecurity experts in the coming from every country in the world, including the coming from the us. [00:22:01] We just had more arrests last week. So let's talk about ransomware correctly. Ransomware, very big problem. Been around a long time. The first version of ransomware was software got onto your computer through some mechanism, and then you had that red screen. We've all seen that red screen and it says, Hey, pay up buddy. [00:22:23] It says here you need to send so many Bitcoin or a fraction of a Bitcoin or so many dollars worth of Bitcoin. To this Bitcoin wallet. And if you need any help, you can send email here or do... /episode/index/show/cptt/id/22579784

Why Is Russia Password Spraying Hurting You? What Are They Trying to Do? And What Is It? 03/18/2022

Why Is Russia Password Spraying Hurting You? What Are They Trying to Do? And What Is It? Why Is Russia Password Spraying Hurting You? What Are They Trying to Do? And What Is It? This is one of the top topics I've had people ask about lately: How can you protect yourself and your business against Russian hackers? So I've got a presentation. We're going to run through it. We're going to talk about what you can do about it. [Automated transcript follows] This has been a long time coming. I have been doing a lot over the years of webinars of online meetings, trying to help people understand what's going on, what can be done. [00:00:28] And I got a great email this week from one of the listeners. Who's been a man on my email list now for years, I'm not even sure how many years. And he was saying, Hey, thanks for giving all of this information for free for small businesses. And afford it. And I got to thinking because there've been a lot of requests lately, for instance, backups how should I be doing them? [00:00:52] What should I be doing? And a number of other topics that really all go together into the, how do I protect myself, my business. From ransomware from these Russian hackers. So that's what we're going to be talking about today. We're going to go through a few of these. This is going to be a series. [00:01:10] We're going to continue this here and weeks ahead, and I appreciate all your feedback. And if you miss part of it, make sure you email me just M. Craig peterson.com. Let me know, and I'll be glad to send some of it to you. Now I'm recording this on video as well. So it's great when you're driving around and listening in picking up some tidbits. [00:01:34] And if you do want to see the recorded version again, dropping them in an email to [email protected] or search for me on YouTube or on one of the other sites that are out there like grumble and you'll. This as I release it. Cause this is going to take a few weeks to really get into the whole thing. [00:01:55] So let's get started. I'm going to pull this up here. Full screen. For those watching at home and what this is called today, we're talking about protecting your business and your self from Russian hackers because they have been out there. They have been causing just all kinds of problems, but there's a few things that you can do. [00:02:18] And I have them up on the screen here. Let me pull them up, but I want to get into the background first. Russian ransomware group. They're a bunch of bad guys and it's called Conti. Now. Conti has been around for a long time. These are the guys that have been ransoming us. They're the guys who ran to mean the businesses they've been rants. [00:02:40] Government, you might've heard them. They've got into hospitals. They have been all over the place and they've raised a whole lot of. For the Russians. I'm also going to tell you about a couple of things you can do here. Cause there's a real neat trick when it comes to keeping Russians out of your computers, but Conti decided, Hey, listen, we are all for Russia and president and Putin. [00:03:03] So they came out with an official warning, oh, I want to read this to it says if anybody. We'll decide to organize a cyber attack or any war activities against Russia. We are going to use our all possible resources to strike back at the critical infrastructures of an enemy. Yeah, no, not the best English, but much better than my Russian. [00:03:25] I got to say that I know two words or so in Russian, but they said that they were announcing full support for president. That's a pretty bad thing. If you asked me, they also have ties to Russian intelligence intelligence, but what are we talking about really? Think of the KGB. [00:03:43] The FSB is what they're called nowadays, but directly tie. China and North Korea, Iran, or also now tied in with Russia to varying degrees, but all of them are a little bit concerned about getting into it a little too much, but we're going to talk about their tactics. That's what's important today. What are they doing? [00:04:05] Why are they doing it? What can you do about. So the first thing is password sprain. This is big deal. I've got a nice big slide up here. I like that color blue. I don't know about you, but I think it's pretty, but password sprain is something we all need to understand a little bit better. It's a brute force attack that has been really hurting. [00:04:30] Many of us. Let me see if I can get this to work. For some reason it has decided it just doesn't want. Let me see here. What is up? Oh, is something isn't it's just, I'm getting a white screen, but it's a brute force attack targets users who have common passwords. Now this is a problem. When we're talking about passwords. [00:04:55] If you have a password that has been breached in any of these breaches that have gone on over the last, however long, right? 30 years plus now that password is known to the bad guy. So what they'll do is they'll take that common password and they'll start to try it. So password sprain is where they will go to a bank site or they'll go to Google. [00:05:21] The, oftentimes they're trying to get at your email accounts. So if you have Google email or Yahoo or Hotmail, they'll try it. Use passwords that they have found against accounts that they have found on those various sites that ends up being quite a big problem for everybody out there. Okay. I got that screen back here. [00:05:42] So I'll put that up for those people who are well. But they will send multiple times attacks using variations of these passwords. And it's known as a low and slow method of password hacking because if they were to go bam, and send all of these passwords and login attempts. They get caught. [00:06:06] The automated systems would say, Hey, wait a minute. This is not good. We're going to cut you off. In fact, that's what I do for my client. We have remote access using SSH, which is a an encryption session so that we can have a terminal session. And if you try and log in three times, We automatically zap you, right? [00:06:28] We shut you down. So they take a very slow approach to this password sprain technique. And they're also going after volume, which makes a whole lot of sense. And there are right now, billions of passwords usernames, email addresses that have been stolen that are sitting out in the dark. So you've got to make sure that you are not reusing passwords. [00:06:54] How many times have we talked about that? You've got one common password that you're using over and again, while that's a problem, but they're not going to keep hacking your account. They're going to switch from one account to another because they don't want to get locked out. [00:07:09] Just like I lock out somebody who's trying to get in. So if someone's coming from that same. IP address that same internet site. And they're trying to log into that same account multiple times. Bam. They are gone. So with path's word sprain, they're trying to get around the problem of you noticing they're trying to get into a bunch of different accounts and they try and leverage it. [00:07:34] So they'll oftentimes use multiple computers that they've stolen access to. We've talked about that before too. It gets to be a real big. Now they're also targeting these single sign-on and cloud-based applications, because once they're on. Using one of these federated authenticated authentication protocols, they can mask the malicious traffic. [00:08:00] We've heard some of these hacks lately where they're using a token that they managed to pick up from somebody's email, I account, or they got onto Microsoft and they got into the email account on Microsoft. That happened recently. In a supply chain attack, solar winds. You heard about that 20, 21, right? [00:08:21] So they're going after these email applications, including Microsoft or Microsoft has done they're going after routers and internet of things, devices for a very good reason, those IOT devices, which are things like your smart lights, they can be. Controlling the cameras outside, they go on and on there's thousands, millions of them. [00:08:44] Now I actually all the way through your microwave, they tend to not be very well protected. So that's a real big target for them. So step. They want to acquire a list of usernames. Step two, they're going to spray the passwords. Where do they get those passwords in those usernames? Or they get them from breaches. [00:09:06] So again, if you have an account that's breached at some online shopping site, a big one, a small one, it doesn't really mean. That particular breach is now well known and they can, will and do gain access to your account which is step three, gain access to it. It gets to be a serious problem. [00:09:26] Okay. How do you know if you are under attack? Number one? There is a spike in failed. Log-ins this is where having a system and there's technical terms is tough for this. I'm trying to avoid a lot of those terms, but this is where the system is watching logins, noticing that there's a problem and going ahead and stopping it, not just noticing that, but stop. Very important to do. There are a high number of locked accounts, which means what it means that again, someone's been trying to log in. You should make sure that your account, if there are invalid, lock-ins automatic. Locks it out after some number of attempts and five attempts is usually considered to be okay. [00:10:14] I know on my phone, for instance, I have a higher number of the neck, cause sometimes the grandkids get at it. But when it comes to your business account, when it comes to your bank account, you probably don't want to have a whole bunch of. Of a attempts, and then in known or valid or invalid, I should say user attempts again. [00:10:36] Why are they trying to log in with a username that just doesn't exist? Yeah, it can be a problem. Hey, when we come back. We're going to talk about some steps. Like you can take here to really remediate, maybe even stop a password spraying attack. I've already given you a few ideas here, but what are some act of things that you can do, particularly for a small business to really protect yourself? [00:11:04] Hey, stick around. We'll be right back. Craig peterson.com. [00:11:10] Russia has, hacking our computers, Russia's continuing to hack our computers and this is a real problem. So we are going to talk right now about how to stop some of these things. We already talked about password sprain. How do you start? [00:11:26] There are a lot of things we have to pay attention to, and that's what I'm going to be doing in the weeks ahead. [00:11:33] We're going to be going through some of the things you need to do to keep yourself safe. Keep your business safe in this really dangerous online. There are so many things going on. So many people that are losing their retirement businesses, losing their operating accounts. We've seen it before with clients of ours while you know their clients now. [00:11:59] And it was just a devastating thing to them. So I don't want that to happen to you now, if you are interested. All of this is recorded and I am doing this as video as well. We've got slides and you can find out more about it. Just email me M [email protected] It's really that simple. And I didn't let me know. [00:12:24] And I'll be glad to send it off to you. Okay. This is available to anybody I'm trying to help. And we've had a lot of emails recently about some of these things. So th this is covering everything from the password spraying we're talking about right now through backups and other things that you need to do. [00:12:43] Let's get going on our sprain problem. So w what are the steps that we need to take an order to really remediate against one of these password spraying attacks? And frankly, it is. Oh, a lot to do. It has a lot to do with our users and what we do, if you're a business, if you are an individual, we need to be using longer passwords. [00:13:12] Now we're not talking about all of these random characters that we used to have. I remember having to have my password be at least four characters, long APAC, when didn't even have to have a username, it was just all based on the password. And things changed over the years, the latest standards that are out there right now come from this too, which is the national Institute for science and technology. [00:13:37] They are the guys that put together, all of the guidelines said federal government and businesses need to follow. And they're telling us that a longer passwords means elaborate pass phrase. So you should use 15 character passwords. I had an article just a couple of weeks ago saying that an eight character password can be cracked almost instantly, certainly within an hour, any eight character password. [00:14:08] So if you're still using that, you've got to make a change. And obviously nine characters is a lot more possibilities, takes a lot longer to crack. I don't have those numbers right in front of me, but 15 is the ideal. So use pass phrases instead of single words. So phrases like I don't know secretary of one, the Kentucky. [00:14:34] There you go. There's a phrase. So what you would do is put, maybe dashes between each one of the words. Maybe you would go ahead and use a comma, put some numbers in there, put some special characters in upper lowercase, right? So it's basically on uncrackable at that point. And that's what you want. [00:14:53] Next one. When we're talking about rules for your passwords, the best passwords are the passwords that you can remember without writing them down and words that don't make sense to anyone else's. I remember taking a memory course a few years back and they had random words and you had to remember them. [00:15:18] And the whole idea was okay, visualize this happening. And as I recall, man, it's been a lot of years I won't say decades, but it hasn't been. Since I did this, I still remember a part of it, it was first word was airplane. Next was all envelope. The next one was paper clip. Next one was pencil. [00:15:38] So I visualized an airplane flying into an all envelope and that all envelope then goes into a paper clip and a pencil writes on the outside. Like it's addressing it to someone. That is a good little password, actually airplane or envelope, paperclip, a pencil with a mixed case and maybe a number two or special symbol thrown in. [00:16:05] Those are the types of rules that we're talking about. The types of rules that really. Next up here. Oops. Wrong keyboard. Stay away from frequently used passwords. We've talked about this many times. If you're using one of the better password managers, like for instance, one password, you will automatically have any passwords that you are there in Shirin or that it creates you'll have them checked via a website out there. [00:16:37] It's called. Yeah. Okay. It's called. Have I been poned I, and I hated to say this because how do you spell it? It's all one big, long word. Have I been poned to.com and poned is P w N E d.com. It will tell you if a password that you're trying to use is a known password. If it has been found out in the wild, okay. [00:17:02] Use unique passwords for every site you visit, I can't stress this enough. We were talking about password sprain. If you use the same password and email address on multiple sites, you're in. Because all they have to do is try your email address and your password for whichever site it is that they might want to try out. [00:17:27] Remember, many of them are trying to get into your email and they have done that successfully. With Microsoft email, if you have their Microsoft 365 service and you might want to read the fine print there very carefully, because Microsoft does not guarantee much of anything. You make sure you back it up yourself. [00:17:50] Make sure you do all of these things because Microsoft just plain, isn't doing them for you. Next one here. Next up is our password manager. And I mentioned this before installing and using a password manager is phenomenal. It automates the generation of passwords. If you have. Integrated with your web browser. [00:18:15] It now allows your web browser to work with your password manager. So when you go to a site, you can have it pull up your passwords. How could it be much easier than that? It's really rather simple. That way it's keeping track of your logins. And again, One password.com is the one I recommend and people get confused. [00:18:36] When I say that, when I'm saying one password, I don't mean only have one password used for everything. One password is a name of a company. Okay. So it Talking about only having a single password, but use a password manager. And I've got all of these up on the screen right now. If you're interested in getting copies of these, you can go ahead and just email me M [email protected] [00:19:04] And I'll make sure I send you a copy of the slide deck of this presentation as well. Cause this is just so important, frankly, but having these points is going to be huge for you. Now strange activity. That's another very big deal. And we're going to talk about this when we get back, what is it? [00:19:25] What does it mean? But I'm going to hold off the rest of this, I think for another week. But right now, what let's hit this, we're talking about odd log-in attacks. A lot of login attempts, the excessive login attempts trends in unusual activities take any, you need to basically take measures to block it and determine if this activity is legitimate. [00:19:50] Is someone just for forgetting their password and spraying themselves or what's going on? Okay. There you go. Simple. Hey, everybody, you can find out a lot more and you'll be getting links to this automatically to these videos, et cetera. If you're on my email list, Craig peterson.com and you can email me M [email protected] [00:20:15] We'd be glad to send you this or any other information I might have. All right. Take care. We'll be right back. [00:20:23] Putin has been working for a while. In fact, it looks like as early as September in 2021, Putin started going after major us corporation. So we're going to talk about that. And what does it mean. [00:20:39] Putin has been going crazy for a while. I'm going to put this up on the screen for those of you who are watching either on rumble or YouTube, but Putin planned this whole invasion apparently quite a while ago. [00:20:56] And I got an article from the Washington post up on MSN talking about what Putin did at least a little bit about what he did. And you can see right here if you're following. That Russian agents came to the home of Google's top executive and Moscow. And what they did is gave an ultimatum. They told that Google, a senior executive that they needed. [00:21:24] Pull down an app that was in use in Russia. And this app was polling. It was for people to do polls and say, Hey what do you think about Putin's garden performance, et cetera. We do them in the U S all of the time you hear about the polls right left and center. Poland, which is a small country next to another small country called Ukraine next to a large country called Russia. [00:21:50] But we're talking about Paul's favoribility polls. What do you think they should be doing? What do you think that the government should be doing and maybe what they should not be. So Putin didn't like this. He didn't like this at all. And so what he did is he sent a couple of guys ex KGB, FSB, the secret police over in Russia by to visit this Google executive. [00:22:16] If you're the Google executive, what are you going to do? If you Google. Yeah, you're going to say, oh my gosh, I'm out of here. So I'm not sure if she, if this executive was an American or Russian, this article doesn't seem to be clear about it, but what happened is they said, okay let's go hide. [00:22:41] So they rented a hotel room for the. They put her in it and they rented the room under an assumed name. So it wasn't the real name of the... /episode/index/show/cptt/id/22497026

What Can Be done About Russia? What Can You Do? 03/12/2022

What Can Be done About Russia? What Can You Do? What Can Be done About Russia?What Can You Do? There is a whole bunch going on when it comes to Russia, of course, the invasion of Ukraine. Why are people calling to have dot RU deleted? This is really a big deal. And if you're watching from home, I'm going to go full screen on this article. [Automated transcript follows.] [00:00:23] This is an article from ARS Technica, and I've been talking about it all week, which is that I can won't revoke Russian in Jeanette domains, says the effect. Devastating. This is frankly pretty darn fascinating to me because I can, as this international organization, it was put together in order to help make the internet international. [00:00:49] And I'm not talking about the data international, but control of it. A lot of countries work. Because of course the internet was created in nodded states. It was created by us tax payers, money for the DOD. And it was designed to be very resilient, in fact, so resilient that there could be a nuclear blast and that nuclear blast and. [00:01:13] Causing problems, but yeah. Yeah, the internet is still going to work. And the whole idea behind it was you could have multiple routers. They're all talking to each other nowadays. They're talking BGP four and they can say, how can I get from here? To there. And so the idea behind BGP is they all share this information once the least cost way. [00:01:36] What's the easiest way to post way. If you will, for me to get from point a to point B and it changes all the time. So you might be on a phone conversation. You might be listening to me right now, online streaming or watching the video you might be doing, who knows what out there with digital communications. [00:01:57] But the communications channel that you think you're using, where the data is going from, let's say my microphone, ultimately to your device, your ears, that data path, once it becomes dated. Can be changing multiple times a second. Now it actually changes quite a bit. Initially as these internet backbone routers, send the least cost, routing information back and forth to, and fro a very good thing, frankly, because it helps to speed everything up. [00:02:28] And there's other tricks that we're using you. Might've seen. For instance, Akamai and some of the URLs before have sites that you've gone to, and that's called a content delivery network and that helps get the content to be closer to you. So if you're on a website in California and you're in New Hampshire, that website video, that website graphic, et cetera, is going to be coming from a server local to me here in New Hampshire. [00:02:59] All right. That's how that all is supposed to work. So we have names you guys know about that internet, domain names and those domain names. You already know those are turned into internet addresses, and those addresses are then used by the routers to figure out where to go, how to get the data. The problem that we're having right now, of course, is Russia seems to be substantially abusing the intranet Putin, put a kill switch on to the Russian internet sometime ago. [00:03:31] And the idea behind the skills, which was, Hey, listen, if we don't want the world to be talking to us, we'll just cut it. Now he's tested it a couple of times, but what he has not done is shut it down and he hasn't shut it down. As part of this Ukraine, more, what they did is they passed laws saying, Hey, if you publish something that disagrees with what we're saying, you get 15 years. [00:03:59] And even these people who've been protesting on the streets, they're getting a bound 60 days, 30 to 60 days in jail, just for protesting what's going on. So a lot of people have been saying why don't we just, we turn off the Russian internet now we're not going to use Putin's kill switch in order to shut it all off. [00:04:19] We're not going to do a well, a few things. She decided not to do, denial of service attacks, et cetera. Although there are hackers doing that and we are going to talk about that today, but they're saying what? Let's just go ahead and let's kill their dot R E. The country domain. And I can, the guy who heads it up said, Hey, listen our mission is just to make sure that the internet works. [00:04:46] So shutting off the dot R U domain so that no one can go ahead and. We send right. A request out to the domain name servers and get a resolution to an IP address. So if you try and go to Kremlin dot REU or something, you will get blocked and you will get blocked. Not blocked. No, I like the great firewall of China or of Russia. [00:05:10] Now they've got one going pretty good. Yeah. Thank you. You ain't using us technology. It's crazy. What we've got. But what it does is it says, oh, I hide dot, are you, I don't know. What are you talking about? So there have been a lot of people who have been pushing for it. And you'll see on my screen here that you cranes requested to cut Russia off from some of these core parts of the internet. [00:05:35] And I can, which is the internet corporation for assigned names and numbers. I couldn't remember what that was earlier said that I can must remain neutral and their mission they say is not to take punitive actions. It's to make sure the internet works. So are they really taking punitive actions of the cat Russia off? [00:05:56] It's really interesting to me because look at what has been going on. You've got companies like Facebook as the great example who has gone ahead and just shut off people. They didn't like what they were saying. My goodness. At one point of you said you should wear a mask during this pandemic. [00:06:15] You would be cut off from Facebook. And then of course, if you said, no, you don't, you shouldn't don't need you, you shouldn't wear a mask that at that point you would be cut off, because science right. Sciences, we know exactly what we're doing now. It goes on and on. If you said that it came from a lab in China, you would have your account suspended. [00:06:35] Now of course their whole tune has changed and yeah probably came from a lab in China. It's crazy what these people have been doing. So we have arbiters of truth, who are some contractors sitting in their home or wherever it is the contractors for Facebook that are going through posts that people are flagging as Incorrect as fake news. [00:07:02] So what happens is people say fake news and then that goes off to their team that then looks at it and says okay. Yeah, fake news because we disagree with it. It just blows my mind. We have to have free and fair and open discussions. Don't we. You have that line at Facebook and Google does some of the same. [00:07:22] A lot of these sites do a lot of the same. You get our major media outlets that are all deciding what they want to report on and what they want to label as fake and fake news. I'm just shaking my head because it's hard. It's hard to believe. What about. Russia is putting out fake news, as I've said many times before the E the first casualty in war, this isn't my quote. The first casualty in war is what, it's the truth. So if truth is the first casualty, then that means we've got a lot of propaganda going on. We had propaganda coming out of Ukraine. We've caught some of those, like the, what was it? The. Chat goes, fighter, pilot, whatever it was who had killed, what was it? [00:08:12] Five Soviet or Russian jets, Soviet era using silver deer, techno era technology on the part of the Ukrainians turns out well. Okay, that, that was false news. That was fake news. The whole thing about snake island, where you had that Russian military. I know what it was a frigging but anyways boat sitting there saying we are a Russia. [00:08:33] Warship, you will surrender or, whatever. Do you remember that snake on just the small place, 13 guys and supposedly they shelled it and they killed all 13 turns out that was probably fake news as well. So that's from the Ukrainian side and on the Russian side they hardly reported I as to how many. [00:08:57] The we're in fact, initially for quite a while, they were saying there are no desks. Then at the same time, the Ukrainians are saying they're 2,500 Russians dead. And that number keeps going up, who knows what it is today. It gets really crazy in the time of war. So if Facebook is going to stop someone from saying don't wear masks or do wear masks, depending on what day of the week it is basically right. [00:09:20] Wednesday. It's okay to say that Thursday is not okay to say that we're back. No it's not. Or then why can't that type of censorship? Move on to the next. I that's a big question I have now. Should we be shutting it off? I'll pull this back up on the screen again. And it, this article from ARS, Technica is saying that experts have warned, whoever they are that shutting down the dot R U domain. [00:09:53] Is going to cause just incredible problems for Russians, which man would it ever talking about a major blow to the economy. And it would also cause problems for people who are trying to find out more truth about. Russia cause you couldn't get to their site. Now we've seen some amazing things in Russia. [00:10:15] We had the Russian, one of the Russian news agencies are T which is broadcasting and here in the U S that their entire staff just walked out saying, forget about it. We're not going to promote this fake news, but this is a little to do trip question me personally. I don't think anybody should be censoring any. [00:10:38] For almost anything. Yo, there are some limits, but they're pretty extreme in my book. I'd rather know someone is an idiot because they're allowed to say stupid things, and counter, counter it, counter their arguments. You've got to have discussions [00:10:54] Microsoft. Yeah, they've been around a long time. They've been helping us. They've had lots of cybersecurity problems. People use Microsoft software on their desktop. Some people use it for servers, which is crazy, but listen to what they're doing now. [00:11:10] This is a little concerning. I'm going to pull this article up on the screen. [00:11:15] For those of you who are watching a long, either on rumble or YouTube ARS, Technica article, they have some really great articles. This particular one is about our friends at Microsoft. This is cool. Microsoft announced today? This was like a week or so ago that Microsoft would be suspending all new sales of Microsoft products and services in Russia. [00:11:45] Following the countries, unjustified, unprovoked, and unlawful invasion of. Now Microsoft didn't give any specifics about the products, but it really is likely to be a blanket ban of all of the Microsoft products. This is very cool because Microsoft has taken an approach I've never seen them do before, which is okay. [00:12:10] When. Gets hacked. You get our friends at apple, putting together patches and getting them out. They get them up pretty quick. Microsoft had been doing much the same. The problem was some months there were patches every day that you had to apply. That's how bad this software is. And they decided that man, let's be like politicians here. [00:12:34] Let's release some very damning news Friday. At about 4:30 PM before a long weekend. So no one will notice. Yeah. Y'all are friends of politicians do that all the time. What Microsoft decided they do is, Hey, wait a minute. We're going to have patches. It's not going to slow down. And because our code is terrible. [00:12:56] So what we're going to do, let me see here. How about we just release all of them at once and we'll just call it patch Tuesday, right? Because people were complaining about how much work it was, how much effort was effort. It was to try. They hate them. These machines apply these patches every day. Huge problem for everybody from home users to big companies out there. [00:13:21] So Microsoft has said, okay let's do that. Let's burry it. So nobody will notice okay that's what Microsoft does. And now we've gotten used to that. Now we have. We remember two guys, right? Bill gates followed by Steve Ballmer. Steve Ballmer was a nut job. Bill gates was a bad man. [00:13:40] I think he's just been trying extra hard to compensate for all of the evil he did over the years. But what we're looking at now is new management and that he's been in there now for a few years, doing a great job, cleaning up Microsoft, making it a very competitive company. He has done some amazing things. [00:14:02] One of the things that he has decided to do, that's been very effective is how about this? How about we go ahead. And we work with various governments to help stop these Russian hackers. And I mentioned this a couple of weeks ago, what was happening and the Microsoft had reached out to the white house and said, Hey, listen. [00:14:27] What we have been looking at the hacks that have been coming from the Russian hackers, and we've been preparing fixes for some of those hacks. How about we work directly with some of these other countries? This reminds me a whole lot of the lend lease program in world war two. You might remember this thing, but the us of course, initially was not involved in the war and they decided, okay we've got to help the United Kingdom. [00:15:00] How are we going to help them? The UK doesn't have the money to buy ships, to have us make weapons, bullets know. What they did is they had people donate the rifles, the guns, AML from home. Plus they made them the government, instead of selling them to the UK, they lent them to the UK because the UK could not afford everything that it needed in order to fight a war against the national socialist in Germany. [00:15:28] So what did they do? We just shipped the stuff over there and called it a lend slash lease. I think that's a great idea. And what Microsoft is doing is also great idea. They have been decoding, reverse compiling, if you will, and interpreting the code, looking at what some of the ransomware and other malicious code the Russia has been using against Ukraine, and they have been providing. [00:15:57] All kinds of insight information to these other countries. Now, this is a great idea for a few reasons, one of the reasons, and I think maybe the biggest reason is that the ransomware, the viruses, all of this malware that they're producing is. Not particularly discriminating. Do you guys remember maybe I dunno, what was it? [00:16:22] Six months ago, I taught, told you how to avoid getting most of this Russian ransomware. And it was as easy as just installing. Yeah, installing a keyboard on your computer windows or Mac, windows. Those are the machines are always getting attacked quite successfully most of the time, but the windows keyboard. [00:16:49] Russian language. Now you didn't even have to use it. You don't have to have a keyboard, right? This isn't a Russian keyboard that I'm holding up here on camera. This is just a regular us keyboard. You can just install a virtual, Russian keyboard. And once that keyboard was installed, you're pretty safe. [00:17:06] Why? Because Vladimir poop. Dictator for life of Russia decided he would just go ahead and stop anybody that was trying to hack Russian. Companies businesses, government agencies and what's the best way for the hackers to do that. Cause they didn't want to end up in Siberia for the rest of their lives because of a hack. [00:17:29] Now they went ahead and said, okay if there's a Russian Cyrillic keyboard on the machine, we're not going to activate. So if the software, the malware on your computer, all you need to do is have a Russian keyboard. Yeah, that's it pretty simple. I told you that months ago, now what we're seeing is these indiscriminant types of software that are being used in Ukraine. [00:17:57] Why doesn't the keyboard trick work while some of Ukrainians peak Russian, we could go in. To the background on that of the massacre, the starvation purposeful starvation of Ukrainians by the Soviet union over many years ago. And how they then gave their property, their homes to Russians to move into in order to occupy Ukraine. [00:18:23] So there's people in Ukraine who are Russian speaking of course. Now we're talking two or three generations, four, maybe down the road from when the Soviet union killed all of those millions of people. But there are some fights that to say, there's Russians, Russian speaking people there. Let me put it that way. [00:18:41] Perfect. In Southeastern Ukraine anyways I'm going on and on I, this is not an education on war or history. This we're talking about cyber security. So the, they have, they been, Microsoft found many cases of Russians putting destructive. And disruptive or even more than that data wiping malware onto computers, it spreads indiscriminately. [00:19:13] So Microsoft looking at what's happening, you crane, trying to get patches together for all of us, letting other countries know about what's going on is going to be. Amazing because this malware, which is wiping computers, primarily, it's not really just straight up ransomware give us money and we'll give you your data back. [00:19:35] This is just showing your data, that malware is going to leak outside of Ukraine. Yeah. Cause us all kinds of book tension, probably. When we get back, I want to talk about this here. This is our friend Ilan Musk, and we've been following along with some of the stuff been going on with his new satellite system in Ukraine. [00:19:58] The whole concept of these satellites and circling the earth, providing us with internet, just regular guides. It's going to be in our smartphones is changing everything. We're going to talk about Elon Musk and what's happened over in Ukraine. [00:20:15] Our friend Elon Musk has done a lot of things over the years. He has really helped us for frankly, the Tesla and what's been happening there. [00:20:26] Space sex, his main concern being let's get. Off of a single planet on to multiple planets, right? The movement to Mars, NASA's working on a serious moon base. I reminded him of space 1999. You guys remember that show, but yeah, we're going to have a moon base by then and it makes a lot of sense. So who's going to go to these well, there's some interesting lotteries people have to apply and everything else, but he's done so much, right? [00:21:00] He's got the boring company you'd already know about Tesla and boring company in case you didn't know makes underground tunnels. He has also. A few other things has got a huge battery manufacturing facility. They're working on new battery technologies to make all of our lives a little bit better, particularly if we have an electric house or electric car, because this is what good is it to have electricity that you can't use. [00:21:25] And that's really what they're trying to do is make it so that electricity is available 24 7 for you. And. Those space X, which is what I mentioned as well as what we're going to talk about right now. I'm going to pull this up on my screen. For those of you who are watching over on rumble, or of course, YouTube, this is fascinating. [00:21:49] He said there's a high probability of Russian attacks on Starlink in Ukraine. Now that is fascinating because what he's done is he has sent over truckloads. I'm showing a picture of a truck. In fact, with these Starling terminals in it, that's from ARS Technica. Just double-checking it here, but this is very cool. [00:22:12] This is posted by the vice prime minister over there in Ukraine. And they are talking about these terminals. Now a terminal in this case is something that allows your devices to talk to the Starlink satellites, or there's going to be a huge constellation. They've got 2000 satellites up and they're putting another 12,000. [00:22:38] These types of satellites are much different than what we've been used to over the years. We typically we've had these massive things sitting up in space. I worked with RCA Astro space many years ago and I saw. They're testing facilities, which... /episode/index/show/cptt/id/22423259

Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools 03/04/2022

Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools This is a big deal, quite literally a big deal. Russian malware. We have been able to track it down now, track it down to a single site. All of these bad guys are in one building in Moscow. [Following is an automatic transcript] This is a very big story and it's a bit of a scary one as well. We've had a lot of ransomware over the years and a lot of ransomware. Have you had it yourself? I bet you, if you haven't, someone who has had ransomware because frankly it is pervasive in every aspect of pretty much everybody's life out there. [00:00:40] So when you get hit with ransomware, Lately something a little different has happened. It's really gone through three phases. The first phase was the ransomware would get on to your system. Usually it came as an attachment, probably embedded in like a word file it's been embedded in PDFs, embedded in all kinds of stuff. [00:01:03] Even drive by downloads on websites, have brought malware. But in this case yeah, it was annoying. It was a problem. It would give you a red screen. You've probably seen it before warning about the ransomware and it told you, okay, here's what you can do to get your files back. And in order to get your files back, you usually. [00:01:25] To go to some exchange online, take dollars, buy of course, Bitcoin, or some other cryptocurrency. And then that cryptocurrency would be used in exchange now for you to get a key that would hopefully decrypt everything. And in reality, it often didn't encrypt hardly anything. So it's been a problem and a problem for a lot of people. [00:01:51] The FBI said that at the time. So this is a gen one of ransomware. You were lucky if 50% of the time you got all your data back, gen two of ransomware is when the bad guys started getting a little bit smarter. They didn't just take your files. Thumb and then say, Hey, pay up buddy. What they did at this point is that got onto your systems and they poked around. [00:02:14] They went we call in the industry, east west on the network. So they got onto you, maybe your kid's computer may, maybe you were hooked up via VPN to the office to do work. And it wasn't a great VPN. And the kid's computer had that virus and that virus weaseled his way all the way over the VPN, directly to the office, because remember. [00:02:37] VPNs are. A network private in that. Yeah. Okay. It's encrypted. And so someone who's got a wire tap isn't necessarily going to get anything, but it's a VPN, it's a tunnel. And that tunnel was used a many times for malware, like brand summer to creep over to the office network. That's an east west is going from. [00:02:57] One machine to another machine. And in businesses, man, you saw that one a lot as that ransomware moved around. So that was the second one. So the rents were going on the machine. It would then look for files that is. You might not want to have exposed. So it looked for files with bank account numbers in them, social security numbers, maybe intellectual property. [00:03:25] We saw a lot of that. Theft is continuing to go on primarily from the Chinese and then an intellectual property theft. And what happened next? While of course it ended up moving the data, the files, and then what they would do. It's encrypt your desk. So before they gripped your desk, they got copies of all of the stuff they thought might be important to you. [00:03:48] So now the threat was in version two of ransomware pay up, or if you don't pay up, you are going to have to pay us to not release your files. If you didn't want all of that client information online, if by law, you would get nailed for having that client information out online. And that's true in most states now, and the federal government's from putting some teeth on some of their laws as well, then what are you going to do? [00:04:17] Yeah, you paid the. So that was version two version three that we're seeing right now of ransomware is simply destructive. And if you go way back in history, you may remember I got hit with the Morris worm, which was one of the first pieces of nastiness out on the internet. And that was early nineties. [00:04:41] My business that I owned and was running, got hit with this thing. Even before that, There was ran. There was a nasty where viruses, if you will, that would get on the computer and destroy everything. It was just a malicious, as I remember, somebody at UC Berkeley, some researcher in it. And he didn't like what that of the researchers were saying about him. [00:05:03] So he put some floppy disk together and on them, he put. Erasing malware and shared all of the stats with anybody. And of course, you plugged that disc into your, that little floppy disc into your windows computer. And it says, okay, I'm going to go ahead and open it up. And, oh, look at this, a virus. [00:05:24] And so he then wiped out the computer of everybody else. That was a competitor of his out there in the industry. Yeah, a little bit of a problem if he asked me, so how did that end up getting around? What ended up happening while everybody got really upset with him, nobody really found out what was happening, who did it, et cetera. [00:05:47] That's what's happened. Now, so version three of malware is like some of the very first malware we ever saw version three of ransomware. So some, again, some of that very first ransomware was pretty nasty is not the sort of stuff you want to see running destroying files, but at least you could get back from a. [00:06:08] Nowadays, a lot of people are doing backups by attaching a disc directly to their machine, or they're backing up to another machine on the same network. Remember that whole east west thing, you didn't want the data going back and forth, it causes problems. Yeah. So what happens now? The Russians apparently are just trying to cause havoc with businesses, anybody who has decided that they're going to be anti-Russian in any way there they're attacking. [00:06:41] So they'll, reraise your desks. They'll erase all of your data. If you have backups on that thumb drive or that USB external. The good news erase that if you have backups on another machine, on the network, hopefully from their standpoint, there'll be able to get onto that machine and erase all of your backups, which is again, why we'd like 3, 2, 1 backups. [00:07:02] At the very least, there's some others that are even better. And if you're interested, send me an email [email protected] I'll send you a webinar that I did on this. I'm not charging you for. But it was a free webinar to begin with what a webinar on backup and how to backup properly and why to do it this way. [00:07:22] Again, me, M E Craig peterson.com. Be glad to do that. What we're seeing now is a huge problem. Let me see if this is going to work for us. Yeah. Okay. It is. I am, by the way, live here we go on my computer. So people who are watching. I can see my desktop. So here we go. This is Russian companies who are linked to this Russian malware. [00:07:52] Ransomware are hiding in plain sight is what they're calling it. So what does it mean. To hide in plain sight. While in this case, what it means is money that's been paid by American businesses to these Russian ransomware gangs, some of who by the way, are actively going after anyone that criticizes Russia found these American researchers. [00:08:18] Yeah. Led to one of Moscow's most prestigious addresses. You can see it up here on my screen. This is a New York times article. It's just a random actor, journalism people, sometimes even the New York times gets it. And they're saying millions of dollars have gone through this. So they've been tracing. [00:08:38] Where did they go? The Biden administration has also apparently zeroed in on the building is called Federation tower east. It's the tallest skyscraper in the Russian Capitol. How would that be to have a business and just this beautiful tall skyscraper and have a view that would be really cool. So they have targeted some companies in the tower. [00:09:00] As what it's trying to do is stop the ransomware guy gang. Maiden cryptocurrencies. Russian law enforcement usually has an answer to why don't you just shut down these bad guys that are out there trying to steal all of our money. They say there is no case open in Russian jurisdiction. There are no victims. [00:09:19] How do you expect us to prosecute these honorable people? That apparently is a quote from this Massachusetts based secure cybersecurity. Called recorded future, but I'm looking at a picture it's up on my screen right now. You guys can see it, but this is the Moscow financial district called Moscow city. [00:09:38] 97 floor Federation tower east. This is really pretty, you wouldn't know this isn't like London or any other major European capital. There's some cranes in the background building up new buildings. Cyber crime is really fueling some growth there in Moscow, which is, if you ask me the exact reason why lad is happy as a clam to just go ahead and have these Russian cyber crime guys. [00:10:11] Just go and bring money in right. Money is bringing in great money for them. The treasury department, by the way, it's estimated the Americans have paid $1.6 billion in ransom since 2011. Huge one ransomware strain called RIAA committed an estimated $162 million. Last year. It is really something. [00:10:35] So when we come back, we've got a lot more to talk about. We're going to talk about the cloud. If it's more secure or why is it calm, broken, give masks work. Why aren't they working right. Anyways, we'll talk about that. When we get back and visit me online, Craig Peter sohn.com. [00:10:54] Stick around. [00:10:57] I hate to say it, but there's another big scam out there right now. And it is hitting many of us, particularly the elderly quite hard. We're going to talk about that right now, what you can do about it and how you can recognize when it's happening. [00:11:13] Interesting article that came out in Wired. [00:11:16] And it's talking about a serious problem. I'm going to show you guys who are watching I have this on Rumble, YouTube, Facebook as well. So you guys can see a long and of course, right here, a two. [00:11:30] Now let's not forget about that, but this is an article that says we were calling or excuse me, they were calling for help. Then they stole. Thousands of dollars. I'm going to read parts of this article. It's just amazing. It's by Becca, Andrew's a back channel. What is that? Okay, so that's just a cat. [00:11:52] On December more one December morning, my mother's phone rang. She tugged the iPhone from the holster. She kept clipped to the waist, her blue jeans and wondered who might be calling perhaps somebody from the church who was checking in on her recovery from coronavirus. Hello. She said the voice that greeted her was masculine. [00:12:12] This is just great writing. The color sounded concerned and he told her something was. With her Amazon account, somebody has access to your bank accounts through Amazon and they can take all your money. I'm calling to them. Her mind raced or Lord, she prayed silently. The voice was warm and reassuring them. [00:12:34] My mom tried to focus closely on his words. My dad was driving to work in his truck and she was home alone. She'd been cooped up in the house for weeks with COVID isolated from her community and she missed the bomb. Friendly voice. I just love her language here. It's just phenomenal. She tried to steady herself. [00:12:55] The man said he needed to make sure the money was safe. He transferred her to a different male voice. Soothing reassuring, calm. She promised not to hang up a brain injury decades earlier, made it hard for her to follow his instructions, but she stuck with it. The voice explained slowly, carefully, how to swipe and tap her phone until she had installed an app that allowed him to see what was happening on her screen. [00:13:26] Now. You followed her every move. After some hour, she mentioned she had to relieve herself hours. It's okay. I'll stay on the line. He said she parked the phone, outside the bathroom and picked it back up. When she was done, as noon approached, she told him I have to eat. I'll wait. It's okay. Don't hang up. [00:13:47] We'll lose all our progress. She set the phone down on the counter to make a sandwich, then pulled some chips from the cabinet and padded over to the kitchen. The phone buzz with the text. It was my father checking in. She typed back that there was a problem, but she was fixing it. She had it all taken care of. [00:14:07] She tapped the tiny white arrow next to the message field to send her reply. And then she heard the voice, its volume elevated as sounded angry. She frowned and brought the phone back up to her ear. Why would you do that? You can't tell anyone what if he's in. She felt confused that didn't make any sense, but she also didn't fully trust herself. [00:14:29] She was worn. From her slow recovery and the steroid, she was taken as a treatment, gave her a hollow buzz of energy. Now I want you guys to go have a look at this over on wired site. Read the whole article. It is a phenomenal. Absolutely phenomenal. But what it's doing is telling the story of this woman who was trying to, do the right thing, trusting other people, which many of us do? [00:14:59] I have a default trust with a little trepidation. I will admit that, but with the whole. Down the thing that happened, many of us have just been longing for a little bit of companionship and to hear a stranger who's trying to help out. That's a huge plus it goes on in this article and talks about how reassuring these guys were and what they did. [00:15:25] She installed this cash app and opened up PayPal downloaded. Coinbase set up Zelle so she could send money directly from her bank account. She doesn't know about any of these things. It's just incredible. So the afternoon wore on and the guy said Hey, we're almost done. And her husband of course, was on his way back. [00:15:49] And the sun was down. Father got home. He noticed right away that something was off. And she said she took care of it. And you said you took care of what I'm not supposed to tell you. It said, so this scammer had siphoned away. All of her personal information, the scammers had your social security number, date of birth driver's license number, and about $11,000. [00:16:14] These new financial apps like Zell and others that are legitimate PayPal apps, right? Zell, you can use to send money legitimately to someone else. But it links into your bank account. That's why I don't like them. I have a friend that's been pushing me. Oh, this happens. Great. It saves you so much money on gas. [00:16:34] Look at how much money I've saved any. He sent a screenshot of it and I re I went online and had a look. And guess what? I read, reviews it again, like this tied into her bank account directly. And. What can happen? Like here, everything was emptied. So in the next few months this author of the story and her father tried to undo the damage. [00:16:59] Very frustrating, getting scanned of course, is really dehumanizing and it just breaks your trust and other people. How could someone do something like that? It's just incredible. Got to go through the stages of grief and everything. She got a, she talked to people, she said she got chili half replies, or just as often silence. [00:17:24] And she was calling around trying to find someone with some empathy. Okay. It's just incredible. Great article. If you can still find it, the March issue of wired, I'm sure it's available online. This goes on. And talks about her mother's seizures getting worse. And of course now they don't have the cash that they had been saving. [00:17:46] And it just very depressing. Now I have this, you might remember about a year ago, I talked about it. I had something like this happen to a friend of mine and I'm still not quite sure what happened, but it looks like it was a password sprain or password stuffing. And they got into his, the app that his company uses to pay people and sure enough, they got in and they directed his next two paychecks to their own account, which went right out of the country like that. [00:18:24] These are bad people. And how do you deal with this? It's incredible because if you've got someone like her mother who has mental problems due to no fault of her own and is a very trusting woman, what do you do? She's walking around all day with her phone on her hip. That's how we started this out. [00:18:46] Do you take that phone away from him? Th that would be dangerous, frankly. So this is a very problem. They had a USAA account was her bank account. USAA is usually good about this sort of stuff. In fact, my other friend had USAA as well. But they did help deactivate Zelle, but they didn't do anything about the $999 that were transferred through it. [00:19:10] Very bad. So they figured out maybe we should change our passwords. She had them change them. And if you would like information about password managers, again, I'm not selling anything. I'd be glad to send them to you. If you sign up for my email list, you're going to get them automatically. Craig peterson.com. [00:19:30] I've got a bunch of data information I want in your hands. It talks about the free stuff, talks about the paid stuff. None of which I'm selling you. Craig Peter sohn.com. Sign up right there on the top of the page. Thanks. Stick around. [00:19:51] We've had some serious supply chain attacks over the last couple of years. And they have caused all kinds of problems for tens of thousands of businesses. If you use WordPress, there was one of those this week. [00:20:06] We have had supply chain problems. Like you wouldn't believe. So let's start out by explaining what is a supply chain problem? [00:20:17] In this case, we're narrowing it down to cybersecurity because we've had supply chain problems from everything from our toilet paper to the food we eat. But what I'm talking about right now is. Supply chains when it comes to cyber security. And one of the biggest problems we had was a company that's supposedly providing cyber security for businesses, right? [00:20:48] Some of the biggest businesses in the world. And I'm looking at an article right now from security Boulevard, say saying how to protect the supply chain from vulnerable third party code. It can be a script that's downloaded online. It can be an open source library. We've seen big problems with get hub lately and pulling in libraries. [00:21:10] We've seen big problems with what are called containers lately, which are little mini versions of computers with all of the software. They're all ready to go. Ready and raring to go. All kinds of supply chain issues for a very long time now. And these supply chain, cyber attacks have been hitting some of our cybersecurity companies, really the hardest I'm pulling this up on my screen right now, if you're watching this on rumble or on YouTube, and you can see links to those, by the way, in my emails, I send out every week. [00:21:47] Craig peterson.com. Craig peterson.com. But you can see here, supply chain hits cybersecurity hard supply chain security is not a problem. It's a predicament. That's uninteresting look because we have to use some of the supply chain stuff. Seesaw the FBI or a sheer wean cybersecurity advisories because of the Russian attack over on Ukraine. [00:22:14] And then the U S the weakest link in supply chain security fears of rising fuel SISA FBI NSA and gestural partners. Issue is advisories Toyota stops production after possible cyber attack at a supplier. Isn't that something this goes on and on. What's a guy to do, right? Many of us are using websites to, in order to run our businesses. [00:22:43] Heck we got websites for our soccer team, for the kids, we got websites for pretty much everything... /episode/index/show/cptt/id/22342037

Considering a change in employment? Apple/China/Green Army/Bitcoin seizure and Cybersecurity Jobs! 02/26/2022

Considering a change in employment? Apple/China/Green Army/Bitcoin seizure and Cybersecurity Jobs! Considering a change in employment? Apple/China/Green Army/Bitcoin seizure and Cybersecurity Jobs! Apple has upended a lot of industries over the years, and it is about to upend yet another one. Square is a company that has been making a lot of money and its run by same guy that ran Twitter. You know that Rasputen-looking guy? What's Apple doing to the finance industry? [Following is an automated transcript] This is a real big deal. Apple has been for a long time upending industries. [00:00:23] You might remember, of course, the music player. In fact, I still have an old MP3 player. You can't really see it very well from this angle, but it was right over there. And then. And it was a five gigabyte player. Just amazing thing was huge. It was actually designed by digital equipment corporation, licensed by this other manufacturer, put them together. [00:00:44] Great audio quality. They had these little costs, headphones that came along. I loved the thing. Absolutely loved it. And apple came along, they weren't the first and they introduced their own MP3 player. That was called an iPod. And it did very well. It just slaughtered everybody else. You might remember the Microsoft came out with their zoon and many others came out with their own little MP3 players. [00:01:12] No, nobody could touch our friends over at apple with their iPod. And then what happened? Around 2010, think for a minute. What new product did apple introduce around 2010? Of course it was this right. It was the I phone now the iPhone cut dramatically into Apple's market and for a good reason. It was a phone. [00:01:38] It was a smart phone. It could play all of your music. I still have and still use 120 gigabyte. I iPod. At the kind of the classic I think is what they had called it. And 120, it was just amazing. Just that much music. Of course, me, I have a lot of lectures, a lot of audio books and other things I listened to on that, on those iPods and what happened. [00:02:05] Of course. Now you can get these I-phones with a terabyte of memory in them, just incredible amount of space. And that's a pretty good thing, frankly, because you can store everything. But at the same time, our networks are getting faster. Aren't they? So our networks, like what we have for our cellular phones and stuff are faster than they have ever been. [00:02:29] So you don't really need as much storage do you, as you used to have. On your phone or your iPod or your MP3 player. So it's an interesting game. How much space do you need? And I'm asked that all of the time and the newest iPhone is coming out, have a lot more memory. I think they have eight gigabytes of Ram in them. [00:02:48] And as I said, a terabyte of storage. But what apple was doing is saying, Hey, we own this iPod market, the MP3 player market. And of course it's more than just MP3s, lot of other formats out there for the music or audio books, but they owned it. But they knew that if they were going to survive in the industry, they had to do something else. [00:03:13] Came out with a product that competed with their award winning and just top of the line product, the iPhone and your iPhone works every bit as well as an iPod ever did. And of course ever so much better because now you don't have to download the music on your iPhone to listen to it, to you. You can stream it over the internet, over wifi, right over the cellular data connection, those things we've gotten fast. [00:03:38] Two great option for. What Apple's doing now is saying we need to append another market. Have you ever had, again, like you, you got your phone, right? And let's say you're a small merchant, maybe your coffee shop, or maybe you're even smaller. Maybe you're just out at a flea market selling stuff that you might want to peddle. [00:03:59] You have to get an, a credit card. Don't you. And back in the day that credit card reader would plug right into the headphone Jack and with a headphone Jack, you'd be able to go online. No problem. Life is good. And once you're online, then you can take the credit. Now you didn't just have to go online with your iPhone, but you had to be able to go on line with your phone and the reader, because when they got rid of that wonderful little headphone port, you now had to use Bluetooth, didn't you and you still. [00:04:37] So you get that reader from square or that reader from PayPal or somewhere else it's acting as your merchant account. And that reader then uses Bluetooth to talk to the phone and then it can read the credit card or the chip. And of course, with the chip it's by directional, it has to get the information to, and from that trip, And then you've got the credit card that you can process all well, and good. [00:05:04] We're all happy about that, but here's your next problem? Bluetooth. Isn't always working. That reader has to be charged. Did you charge it before you brought it before you started using it? So apple said wait a minute. In our I-phones we have built in a few different things. Do you ever used apple pay? [00:05:25] It's probably the safest way to pay online bar? None. It doesn't actually give the merchant the credit card. And it gives them a code that they can read Dean in order to go ahead and get the money from the transaction so that transaction can then be redeemed by the merchant. And that's all stuff handled by your merchant account. [00:05:48] You don't have to worry about it makes life. However now what they've done is they've said let's reverse this. You can use your iPhone with apple pay in order to pay for things. And it has, what's called near field technology in it that allows it to act like those tap and go credit cards I've ever used. [00:06:08] One of those where you can just tap it and it makes the transaction happen. Pretty simple. So it has that in there, but it also has the ability. To read those tap and go transactions. So it's going to be interesting to see exactly what happens here. This is a very big industry. There is a whole lot of money in it, and there's an article this week from our friends over in ink magazine. [00:06:36] I got up on my screen for those who are watching a video here on rumble or YouTube. And it's talking about this feature that they introduced quite quietly. Because this new capability is going to change things. Now you are still going to have your merchant account. So you still might have to have a Stripe or a PayPal or direct merchant account with your bank. [00:07:02] But this is allowing contactless credit and debit cards and other digital wallets to be able to be read from any one's iPhone, which is really quite. Now there's things like Venmo and others out there that people use. My kids use a lot more than I do, but they use it to send money back and forth to each other. [00:07:23] It's a pretty good little thing that they've got going, but with something like this, you wouldn't even need to use a Venmo. So those are the guys that are going to get really nailed by it. And Stripe really is phenomenal. It's so easy to use and I use it as well. I use. For my courses. If you sign up, for course, to almost always going through Stripe, I know there's some other alternatives out there right now that are a little more friendly to the non-mainstream, but I haven't been able to integrate those yet in Vermont payment processors, but there's still going to need it. [00:08:01] You can use cash app, Venmo. It's not going to stop you from doing any of that, but it does stop you from having to have another. Piece of equipment with you, which is just something else to go bad, or dig to have, get dirty to, to not be able to work for you. So we'll see what happens. This is cutting out. [00:08:22] These companies like square. They'll no longer be able to. Have from the front to the back, they'll still have the back, frankly, but they'd be able to accept payments from pretty much anything that's contactless, which is I think a very good deal. We'll see what happens. But again, this is not apple going after Apple's existing customer base, like it did with the I Paul. [00:08:50] Transition to the I phone. This is apple going after another piece of the retail space. And remember what I said earlier, it's not even just that app. Has the ability to enter market, but we've seen time and again, where apple enters a market that's already established. It's not quite mature, right? You haven't had all of those acquisitions going where the companies are buying each other up, but it is going to make a huge difference because again, apple up. [00:09:23] And apple has ties in to a couple of banks that they use for processing their apple cards. Think it's Goldman Sachs, and they could potentially provide you with the merchant account stuff on the backend. So I think that's pretty cool. And it's going to allow us all to have a cashless. The yeah, if this was a political show, that's probably what we'd be talking about. [00:09:50] Wouldn't it? Because there's certain problems with doing that as well. Hey, I want to invite everybody to take a few minutes right now. I am making some changes. I've been working on some of these for weeks, but I've got a lot of clients. I've got two. Take care of first, right? I've been doing a lot of CSO work, CIS, so chief information security officer, just on a fractional or part-time basis as a contractor for a few different companies to try and keep them up-to-date with all of the latest in technology. [00:10:22] So it's been really fun, but I haven't been able to do everything I want to do yet on the radio show. So my wife and I are reaching into our pockets and we're going to be hopefully pulling out somebody to help us with some of this, because what I want to do is send. My show notes to you guys every week. [00:10:41] So you can see what I'm talking about. You have the direct links, as well as my newsletter, and I want to start doing my Wednesday wisdoms trainings more regularly. It's really hit or miss. So trying to do all of that, and I'd really appreciate it. If you would go right now to Craig peterson.com and make sure you sign up right there for my email list, Craig peterson.com. [00:11:07] Get it. All right. [00:11:10] We've been very worried about China for quite a few years, for more than one reason. But one of the biggest is they have dominated some of the most critical markets in the world, including some of these mineral resources that we need. [00:11:27] China has been a big worry for many countries around the world. [00:11:32] For a long time, I met with the ambassador from a couple of these African countries and had a great little chat about what was going on there. They wanted to become this one country in particular, the data processing center. For Africa and Africa, of course, very big country or continent, I should say with a lot of countries and a lot of financial transactions. [00:12:01] And they figured what we need is a good data center. We need data lines coming in. And so they got some of those data lines and they got the data center. The data center provided by our friends in China. And so this data center was being used for a few different things, but it sure was not being used for these financial transactions. [00:12:27] So they wanted it to be used for because China. Provided the equipment. And we know from a lot of articles, a lot of research and from the federal government, the China has been spying on us. And I have seen it personally with some of these DOD sub subcontractors. In other words, it's not necessarily directly contracting with the department of defense, but providing parts and things via subcontractor relationships. [00:12:59] And China is a problem. So what do they do? How is this small African countries supposed to become the data processing country for all of Africa, with Chinese equipment? How could they possibly do it without Chinese equipment? And that's what the ambassador was telling. We need this equipment this is it. [00:13:19] They had Chinese routers, switches processors. They had racks of equipment set up in virtual environments and they were all set to go. China's been doing similar things in other parts of the world where they come in, they might build a port for instance, which has happened many times, one in Indonesia, particularly I'm thinking of, and they financed the port. [00:13:45] If you don't make the payment on that data center or the payment on the port or the payment on the railroad system, et cetera, that China has installed in your country, guess what's in that contract, you forfeit them. So the data center now becomes absolutely. China's not just a lean on it, not just a lease from China. [00:14:11] It is China's data center. That port is China's port. In fact, they own the largest port. Now I think in all of Indonesia, maybe the whole Pacific rim over there, I'm not sure, but that's what they've been doing. Same thing with railroads, et cetera, et cetera. So China really has a lot of companies and countries over the. [00:14:35] That's something we didn't want to have happen here in president Trump, you might remember was very adamant about it. He did a whole lot of work to make sure that none of the Chinese interests would really be able to take over and control our us interest. It makes sense to me. So what has China been doing to us? [00:14:58] We know about the steel and remember China was dumping cheap steel into the us and world markets that hurts us. We have a need to make things here. If we ever haven't forbid got into a war. And we needed ships or boats or planes, or we needed armaments of some sort or another. We need to be able to make them in the United States or in an allied country. [00:15:29] You remember how many problems that Britain had during the war? Trying to ship stuff over. I have two kids that were merchant Mariners and the U S merchant Marine academy is the only. Of the military academies, that flies battle standards because they lost cadets who were there at the school during warfare. [00:15:53] Okay. It's a bad thing. We don't want that to happen. So not having to rely on other countries actually ends up being a bit of a positive thing, depending on what it is. China's sent us things like dog food, that's contaminated, baby food contaminated. Even those, green recyclable bags, people take to the grocery store. [00:16:16] Yeah, contaminated with lead. It goes on and on. They also had control of 99% of certain precious metals that are needed for some of our key manufacturing here in the U S so we put tariffs on China for steel. We did the same thing in 2021. In fact, they put a tariff of 23% in 2021 to protect the steel manufacturers here in the U S. [00:16:45] From these cheap Chinese imports, not just cheap, but low quality steel Weiwei, you know about them. They owned the smartphone business in many parts of the world. In fact, here in the United States, you could get cheap Walway phones. Now, Weiwei of course, if much about Canadian history, know about Northern telecomm, who did a little. [00:17:10] Pioneering in the whole phone business for many decades and the allegations. And there's some proof that I've seen that leads me to believe that these allegations are correct. Are that while always stolen? Northern telecoms designs, its plans, et cetera, and put all of that together to make Walway. [00:17:32] So they steal the plans, they steal the engineering, they steal the research and development, the intellectual property. They then start making it, of course, without having to worry about the investments into R and D and developing products. Now they just stole them and then they flood the markets worldwide with. [00:17:52] Equipment paid and manufactured in some cases by slave labor in almost every case by substantially low wages and. They then control of the market. So we said no way to Walway and that was something president Trump started. It's actually a really good thing. And Google apps are now no longer allowed on Huawei phones. [00:18:19] So China used to have a 99%, almost total monopoly on rare earth metals. I'm going to bring this article up on the screen from our friends over at American. But now they have fallen to less than 60% monopoly. So they've been trying to stop shipments of rare earth metals to countries all over the world to drive up the prices. [00:18:45] They did the same thing here to Japan because of the contesting in the south China sea of some of these islands of some of these mineral rights. But since then in the last decade, rare earth metal. Are being mined. In other parts of the world, we talked here about what California is doing. California is now going to be mining lithium and some of these other rare earth metals that we need to make batteries. [00:19:15] We need to make processes. We need to make cars. We need to make light bulbs right on. And. They used to have a near monopoly on foreign off shore investment because companies were going to China like crazy, because the cheap wages over there, 1.4 billion consumers has been leading companies that make movies like Disney to go over to China. [00:19:39] But things have really stopped in some of these growth areas for China. And in fact, have reversed in a very big way. They're clamped down on business, censoring of wealthy capitalists food, shortages, growth, centralized government corruption. Gross, excuse me, corruption, mismanagement, stagflation, plunging birth rate, all resulted in investments and opportunities. [00:20:04] Fleeing China. Great article in American thinker. Keep an eye out for it in the newsletter this week and stick around. But first check out Craig peterson.com. Make sure you're on my email list. And if you like watching video, Hey, I'd like to invite you to watch me and follow me on YouTube and rumble. [00:20:27] This is straight out of the, what were you thinking department? In fact, what are you thinking? Yeah, the us army is planning on going green. Yeah. They want electric vehicles in war. [00:20:44] This is a plan that you just are going to have to shake your head at a, again, it's a little bit of idiocy, but before we talk specifically about the plan, I want to talk about something related. [00:20:59] Now, remember this plan is from the U S army and they want some goals read Sean on climate change and electric vehicles here over the next 20, 30 years. So let's look at the science behind what they're talking about, and I'm going to show you the actual statement that came out from the military. And one of president Biden's appointees is just nuts, absolutely nuts, but I'm going to back up a little. [00:21:34] For those of you who are watching along at home. Let me pull this up for you. This is from slash. And it's quoting a report over on the wall street journal and pulling some stuff together. But what they're doing in this particular article is talking about how our friends who have come up with these super computer designed. [00:22:02] To model our weather have been be fuddled they've reworked 1.2 million lines of computer code in order to compensate for something that I don't know about you, but if I was writing the code, I probably would have compensated for it in the first place cloud. Clouds. Yeah. Yeah. It turns out this is just to me, absolutely boggling the mind, that great glowing orb that appears in the sky. [00:22:35] From time to time. Yeah. I'll give or take half of the day. That thing called the sun apparently has something to do with the earth warming up. And do you know what else does, the clouds that are up in the sky? Those clouds can reflect the sun's heat and they can also hold heat in on the ground side, who would have thought. [00:23:01] So all of these models that they've been using, cause remember by now, as of more than a decade ago, New York Manhattan is underwater. Remember? Yeah. Al gore with his scientific moon movie at this science. Is just cited. It's proven and Florida... /episode/index/show/cptt/id/22262150

Are You Ready For "Shields Up"? 02/19/2022

Are You Ready For "Shields Up"? Conservative/libertarian host Craig Peterson is heard throughout New England every week giving his opinion on Cybersecurity, new Technologies, and Government involvement. This week, Craig talks about the latest announcement from the Feds: "Shields Up!" They're warning about Cyber attacks against the US. Coming from Russia, they expect untold carnage. But how likely is it? Also this week: Senators trying to spy on all our digital information (including a RINO Republican). The "Right to Repair" backfires. Six reasons Meta/Facebook is failing. The top Cyber problems in 2021. More malware attacking Apple Mac computers. The five things businesses need to do for Cyber Security right now. We've got a big alert from this CISA. That's our cybersecurity and infrastructure agency to come down about a week or so ago. It's been going up and down and of course the tensions out there are causing problems. So let's talk about it. [The following is an automated transcript.] [00:00:17] CISA is an agency of the federal government. And it's one that I follow frankly, pretty closely, because they are the ones that are supposed to be helping us in industry, as well as helping the federal government keep their security stuff in order now, are they well, yeah, they are. They are, but the bottom line is they've got a whole bunch of rules. [00:00:44] Cool new things. And I'm going to show that to you here. This is called shields up over at CISA. For those of you who are watching online, you'll be able to see it right here. So let me just switch over. You've got it up now. Let me just go full screen on that so you can see the whole thing, but this is see. [00:01:06] C I S A.gov and they have a whole ton of cybersecurity resources there. One of the things I hear the most from people is just how freaking difficult it is to try and keep track of things, even understand the regulations, let alone learn all of this stuff, but you can see on their site that. [00:01:28] Training and exercises summit, that's coming up, combating cyber crime, and many other things. So what we're concerned about right now is. But this whole thing with Russia. Now you've heard about Russia or a lot, of course we've caught the germ report talking about Russian fake collusion, frankly. And we have Russians who have been hacking us. [00:01:53] In fact, I've got an article on that today. Let me pull that up as well. You'll be able to see it. It is an incredible thing when you get right down to it. What Russia has been trying to do is attack and steal things directly from our agencies, right? The DOD as well. If you are a contractor, You are in a great deal of trouble. [00:02:18] I don't have that article handy, but they are going after all of our friends at the DOD and all of their contractors and subcontractors. So what happened? There was technology that was supposed to believe be implemented at all of the contractors that of course did not get implemented. So that's a problem if you ask me, but it's now changed. [00:02:43] Okay. 2022, what has happened? 20, 20, 22, they decided that the regulations that were in place were not tough enough. Not even close to being tough enough. So what. Is they added teeth, incredible teeth to these what are called CMMC regulations, which are the regulations that are about the cyber security maturity, if you will, of these DOD contractors. [00:03:12] So now we're looking at this article, I'll pull it up on my screen again here that this has particular ones from security Boulevard, but it is warning about the risk of the Russians really hacking us. Now that's nothing new. We've known about that for a long time. We've known that the Russians and the Chinese are both trying to get in. [00:03:34] I have customers who I picked up after they'd been hacked. And in fact, in most cases they didn't even know they'd been hacked was just something weird that was going on. So this alerts highlighting several cybersecurity vulnerabilities that these nation states and cybercriminals are likely to be leveraging. [00:03:56] And they've outlined certain steps that organizations can take to reduce the risk. So what are those steps? I'm going to bring them up right now for those of you who are watching, but I may make it a little. How do you do this while they're saying let's break it down. We want you to reduce the likelihood of a damaging cyber intrusion. [00:04:19] Again, sisa.gov. If you want to follow along at home, cis.gov, validate that all remote access to the organization's network and privileged or administrative access. Requires multi-factor authentication. We're setting that up for a company right now. In fact, ensure that software is up-to-date prioritizing updates, that address known exploited vulnerabilities identified by CISA. [00:04:44] So you see that link that's right there. That brings us to this massive. Database, if you will of known vulnerabilities just 38 pages, 377 known vulnerabilities. So how does this work? When you get right down to it, you can look at the CVS. CVS over here on the left. If you cook on one of the CVS. [00:05:07] It gives you some really good information, including some information about how to fix it, how to patch it and what the severity is. So what you want are those that are being actively exploded in the wild, basically 10 or a nine. There is a scale of zero to 10. Probably not even zero, but that's where the scale is. [00:05:31] You notice here, by the way I add Dole bay is their top one. They are terrible when it comes to a lot of their software. So you can start. By whatever you might want to sort it by when it was added the action and the due date, which is for again, federal government people and federal government contractors and there's notes there as well. [00:05:55] So this is something, if you are responsible for the cybersecurity in your business, you might be the office manager. That's so common in small companies and as the office manager, you are supposed to be. In charge of the computers. I can tell you with a great deal of assurance that most of the companies that are providing computers service are not providing these types of updates in a timely manner. [00:06:25] Why because it's difficult to do so you have to do it. You have to track it. Okay. So shields up, let's go right back to that. They're talking about the other things that you should do. If you're using cloud services, this is just incredible because there's more. To do Microsoft. I had to put this in a proposal this week because the company didn't realize you're using all of this Microsoft 365 thing. [00:06:53] You've probably heard about that. They've got email, they've got SharePoint, they've got all these other wonderful services and it's nice in an expensive to use, but here's your. The problem is that these particular services don't provide you with backups. It's not a guarantee, data, integrity, any data loss is your problem. [00:07:15] And Microsoft has been sued on this unsuccessfully so far I might add. So just because it's in the cloud, not only does it mean it's not safe, it is just another word for someone else's computer and it can be completely. Unsafe. So you gotta watch it. You gotta be careful. So CSUs warning about that. [00:07:35] They've got this free hygiene service. Now I applied for this. I'm going to pull this up again on my screen here for those who are watching live. But. The hygiene services. Very interesting because they say, Hey, listen, we'll go ahead and do it. And these CSUs cyber security assessment services are available at no cost, so who can receive them. [00:07:58] Now, remember, I'm involved with the infra guard program. I put together their training for two years, I established that whole program training thousands of government and business sector people on cybersecurity. So you'd think they would respond to me. This is a huge program. There are people have probably even been on my webinars that I've held. [00:08:23] They didn't get back. They say, okay, you can receive these free services while federal state, local tribal territorial, government, public, and private sector, critical infrastructure organizations will that to me, my clients, every last one of my clients is in a critical infrastructure service. [00:08:43] Now it can be a dentist office. That's pretty critical. Just ask someone, who's got an infection. It, I have other people who are in the DOD. Base or providing materials and also products, manufactured products to government contractors, et cetera. So did these people get ahold of me return my email? No, nothing. [00:09:07] So you can have look at this if you want to. But I got to tell you, it really turned me off from some of these CSUN people. So anyways, you can sign up, but you can't get it right. Take steps to quickly detect a potential intrusion. There's a lot of subsets here. You can see on my screen, or you can just go to sisa.gov/shields-up. [00:09:29] I'll try and put a link to this in my newsletter this week ensure the organization is prepared to respond. If an intrusion occurs, that's a very big. As well, you have to have people, you have to have drills. You have to know what's happening when to do it. This is everybody right? This is HR. This is your public relations people. [00:09:47] This is your it people. This is everybody all the way through the business. They've all got to be involved in this maximize the organization's resilience to destructive cyber incident. What is the. What has been happening lately? Coming out of Russia, isn't just ransomware it's they destroy your data. [00:10:07] A very bad thing. If he asked me, and if he asked a lot of other companies out there, so you got to understand this, you got to be careful with this. Make sure you are following this rather closely, frankly, and this type of alert it's there. It's going to be there for a long time. No question about it. [00:10:25] Shields. I liked that. I think it's neat. Obviously we got some star Trek fans in the work, so I don't know, just star wars have the, they have shields, but I don't remember them saying chills up. That was a card thing. Wasn't it? So there you go. Every organization is at risk. This is a big worry. [00:10:42] It comes and goes. It's like. Orange and green and yellow or whatever those colors were over on the other side, right from our friends at Homeland security. [00:10:53] We've been legitimately concerned for years about the government, watching what we're doing, listening into what we are saying while there's ways that they've been monitoring us for a very long time. And the senators now want even more. [00:11:09] Senators, right? What are you going to do about them? [00:11:12] It is back. I'm going to put this up on the screen for those watching live, but people don't want outsiders reading their private messages, not physical mail, right? Not texts, not DMS. Great little article here from the electronic frontier foundation. These guys are just amazing. I have agreed with most of what they've done and. [00:11:35] Some of what they've done, but basically what they're saying is we have a right to privacy and it is enshrined in the U S constitution. It's something we're supposed to be paying attention to. Isn't it. And what we're supposed to be secure in includes our papers done. Which papers are we talking about here? [00:11:58] I've got some paper here. This is an index card, right? I've got some paper here. There's some notes on it. So I'm supposed to be secure in this. So I guess that means that the file cabinet over there is a secure, right? We don't have to worry about the government breaking into my file cabinet. [00:12:14] How about these things? How about our smart devices, our smartphones? How about our computers, our laptops, et cetera, always supposed to be secure in those, the constitution doesn't mention those things. It's funny how some people look at the second amendment to say, oh, it only covers a blunder buses, it just, It doesn't cover any modern weapons. And yet at the same time, they'll argue the exact opposite way when it comes to being secure in our papers, because we are supposed to be secure with all of our communications. Senator Richard Blumenthal and Lindsey Graham. One's a rhino and one's a dyno, right? [00:12:54] Richard Blumenthal, a Democrat from Connecticut and Senator Lindsey Graham Republican from South Carolina have re-introduced what they're, what's called the Ernie act, earn it act and incredibly unpopular bill from 2020. Now it had a lot of opposition, which I think is fantastic, frankly. And it whole thing got through. [00:13:19] But what the eff is concerned about is that in fact, this could end up being a massive new surveillance. It would be run by private companies. You saw what happened with the filings in Washington, DC from the germ investigation, right? Private companies were being used by the Democrats to spy on the sitting president of the United States. [00:13:46] Incredible way. So Ernie. I have a surveillance system run by private companies would roll back some of the most important privacy and security features in technology that are used by people around the globe. So it's things like using signal, which is generally thought to be the best end to end private communications app out there, signal WhatsApp, which is questionable because it's owned by Facebook. [00:14:13] But they say it's end to end encrypted, just, be careful about those things. I message on apple is end to end encrypted, but apple does respond to subpoenas and provides information, which again is supposed to be able to do. But should the government be able to go to third parties to get into your private papers? [00:14:35] That's a completely separate thing, but the earnings act could ensure that hosts. Anything online, we're talking about backups, websites, cloud photos, your voice messages, all kinds of stuff is captured and scan. This is really scary. Now I'm going to put this back up on the screen because it's also talking about how this bill empowers the states and territories to put their own sweeping internet regulations into place and they strip away. [00:15:14] The critical legal protections for websites, apps, things like social media. That's the whole thing. Section two 30 was about when we talked about two 30 on my Shelby. And two 30 is double-edged you got social media sites saying while section two 30, lots of us limit what people can say on our platform. [00:15:38] I would tend to think that it actually says the opposite that they're not being held. They can't be held liable for what a third party says on their platform. So it's definitely not the same. And in fact, since they can't be held liable for what set on Facebook or Twitter, et cetera, they should not be censoring it because if they started censoring it now, all of a sudden aren't they a publisher they've got editorial. [00:16:08] So liability comes into play here. Yeah. They don't want that, but that's what section two 30 is all about. And there's been a lot of debate about that over the last five or 10 years. And there's arguments on the far left and the far right. End in the centers to why it should go away and why it should stay. [00:16:27] All right. So I tend to be on the, I think it should stay side. I don't like what some of these companies are doing by censoring speech, particularly, libertarian or conservative speech, they sensor like crazy. But the bottom line is if the, they didn't have that, then how about the good sites that are out there? [00:16:48] The rumbles of the world, et cetera, that are trying to get a good message out to everybody. And are protected by section two 30. If 2 31 away a company like Facebook that has billions of dollars. Would remain the only major social media site, because nobody else could go in. They'd all be sued out of existence and they could not conform to all of these government regulations. [00:17:14] That's part of the reason big companies love big government. It makes it so they don't have big competition. Absolutely amazing. The, so this document here. Earn it, bill is saying. And another document that came out from the bill sponsors. Amazon is not scanning enough of its content. Now, Amazon is the host of Amazon web services and I've used them before. [00:17:42] I still use some of their services. For instance, for transcribing this show, I wrote some code that uses API APIs that go into Amazon and upload it and download transcripts and then reformat it for me. So I use some of those, but Amazon. Has the lion share of what's called the cloud data services. [00:18:07] So they're storing a lot of data for people. Long-term data in a glacier, for instance, and short-term data and ask three. But they're complaining a huge number of websites are hosted there. And this Bill's aim is to ensure that anything hosted online gets scanned and the bill creates this is just, you couldn't make this up a 19 person, federal commission dominated by law enforcement agencies, which are late. [00:18:36] Best practices for attacking the problem of online child abuse. It's for the children, everybody, regardless of whether state legislatures take their lead from that commission or the bill sponsors themselves, we know where the road will end says CFF. Absolutely. True government approved software, like photo DNA. [00:18:59] I don't know if you've heard about what happened with photos and with Metta Facebook, but they just lost a huge lawsuit where they were sued by a few different states about you remember the, it would automatically tag people in photos. So it was doing photo recognition, the photo DNA thing. And they got sued because. [00:19:23] Obeying the law. Yeah. Talk about that one for an hour as well. So earn it. Not something you want, but apparently these senators wanted as well. [00:19:36] We've got a problem with our cars nowadays. Have you tried to turn a wrench on one of these things? They're all computerized. I don't mean a computer. Some of the cars nowadays have dozens of computers in them. How about repairing them? We're going to talk about right to repair. [00:19:53] A great article in ARS Technica that you'll find, and this is about the flight. [00:20:00] For the right to repair. Now, there have been a few right to repair bills that have been released over the years. And the idea behind this is well, having a big fancy car is wonderful. You can drive it all over. But how about when it's time to get that car repaired? What are you going to do? How are you going to do it right? [00:20:26] Does that make sense to you? It can be a real problem. And this article is fascinating because it talks about this chief Morelli who had a Subaru SUV. Now she bought this in 2018. A lot of people buy Subarus because that engine is incredible. There's nothing like a boxer engine. That's where I'm on. My motorcycle has, and I have 160 something thousand miles on my motorcycle. [00:20:53] These super engines last, no, the electronics, the motors, the electric motors. I had different story. Are there problems with Subaru's? But it made her feel safe. So off she goes, right? Like Volvos. People buy those for perceived safety as well. I have some issues with those, but her husband mark decided to purchase his own car last summer. [00:21:18] So they went to the Subaru dealer near their home in south east, Massachusetts. Now here's the catch to all of this Massachusetts passed a right to repair ballot measure that was approved overwhelmingly in 2020. So what that means is that all of the vehicle manufacturers have to use a standard. [00:21:47] Computer interface in order to do anything on the car, the idea being that you can take it to a regular mechanic that can read from that wonderful little port under your dashboard can maybe do a little bit of reprogramming of the car and not have something different that they have to buy.... /episode/index/show/cptt/id/22186727

Is Your Email On The Dark Web? Let's Check Now! 02/12/2022

Is Your Email On The Dark Web? Let's Check Now! Is Your Email On The Dark Web? Let's Check Now! Do you know how to find out if you have had your private information stolen? Well, you know, the odds are probably that you have, but where was it stolen, when, and what has been stolen? How about your password and how safe that password is? We're going to show you real hard evidence. [The following is an automatic transcript.] [00:00:16] Knowing whether or not your data has been stolen and what's been stolen is very important. [00:00:24] And there is a service out there that you can go to. They don't charge you a thin dime, anything, and you can right there find out which of your account has been compromised. And. Out on the dark web. Now the dark web is the place that the criminals go. That's where they exchange information they've stolen. [00:00:49] That's where they sell it. That's where you can buy a tool to do Ransomware hacking all on your own. Far less than 50 bucks. Ransomware as a service is available where they'll do absolutely everything except infect people. So you just go ahead and sign up with them; you pay them a 20% or sometimes more commission. [00:01:12] You get somebody to download, in fact, to themselves with the Ransomware, and they do everything else. They take the phone call; they find out what it is. The company is doing, and they set the ransom, and they provide tech support for the person that got ransomed to buy Bitcoin or sometimes some of these other cryptocurrencies. [00:01:38] In fact, we've got another article in the newsletter this week about cryptocurrencies and how they may be falling through. Floor because of Ransomware. We'll talk about that a little later here, but here's the bottom line. You want to know this. You want to know if the bad guys are trading your information on the dark web; you want to know what data they have so that you can keep an eye on it. [00:02:11] Now you guys are the best and brightest, you know, you have to be cautious, or you wouldn't be listening today. And because, you know, you've been caught, you need to be careful. You have been cautious, but the time you need to be the most cautious is right after one of the websites that you use that hasn't been hacked because the fresher, the information, the more it's worth on the dark web, your identity can be bought on the dark web for. [00:02:38] Penny's depending on how much information is there. If a bad guy has your name, your email, the password you've used on a few different website, your home address, social security number, basically the whole shooting match. They can sell your personal information for as little as. $2 on the dark web. That is really bad. [00:03:02] That's sad. In fact, because it takes you a hundred or more hours. A few years ago, they were saying about 300 hours nowadays. It's less in order to get your identity kind of back in control. I suspect it probably is closer to 300, frankly, because you. To call anybody that pops up on your credit report. Oh, and of course you have to get your credit report. [00:03:29] You have to review them closely. You have to put a freeze on your. Got an email this week from a listener whose wife had her information stolen. He had lost a wallet some years ago and she found because of a letter that came saying, Hey, thanks for opening an account that someone had opened an account in her name. [00:03:51] Now the good news for her is that it had a zero balance. Caught it on time. And because it was a zero balance, it was easy for her to close the account and he's had some problems as well because of the lost wallet a few years back. So again, some basic tips don't carry things like your social security card in your wallet. [00:04:17] Now you got to carry your driver's license because if you're driving, the police wanted, okay. Nowadays there's in some ways less and less of a reason to have that, but our driver's license, as you might've noticed on the back, many of them have either a QR code or they've got a kind of a bar code scan on them, but that big QR code contains all kinds of information about. [00:04:41] You that would normally be in the online database. So maybe you don't want to carry a bunch of cash. Although, you know, cash is king and credit cards can be problematic. It kind of depends. And the same thing is true with any other personal identifiable information. Keep it to a minimum in your wall. But there is a place online that I mentioned just a minute ago that does have the ability to track much of the dark web. [00:05:13] Now this guy that put it together, his name's Troy hunt, and Troy's an Australian he's been doing this. Public service for forever. He tried to sell his little company, but the qualifications for buying it included, you will keep it free. And there are billions of people, or I shouldn't say people there's billions of requests to his website about people's private information. [00:05:42] So, how do you deal with this? What do you do? Well, the website is called, have I been poned? Have I been E and poned P w N E D. Ponying is an old term that comes from. Uh, these video games before they were online. And it means that basically I own you, I own all of your properties. You've been postponed and that's what Troy kind of followed here. [00:06:11] Have I been postponed to.com is a website that you can go to now. They have a whole bunch of other things. They have API calls. For those of you who are programmers and might want to keep an eye out for your company's record. Because it does have that ability as well. And it has a tie ins too, with some of the password managers, like one password to be able to tell is my new password, any good. [00:06:41] And which websites have been hacked. Does that make sense? And so that is a very good thing, too, because if you know that a website that you use has been hacked, I would like to get an email from them. So the first thing right there in the homepage, you're going to want to do. Is click on notify me. So you ensure in your email address, I'm going to do that right now, while we're talking, they've got a recapture. [00:07:12] I'm not a robot. So go ahead and click that. And then you click on the button. Notify. a lot of people are concerned nowadays about the security and safety of their information. They may not want to put their email address into a site like this. Let me assure you that Troy. Is on the op and up, he really is trying to help. [00:07:39] He does not use any of the information that you provide on his website for evil. He is just trying to be very, very helpful. Now his site might get hacked, I suppose, but it has been just a huge target of. Characters and because of that, he has a lot of security stuff in place. So once you've put your email address right into the notify me box, click on notify me of [00:08:06] Of course you got to click the I'm not a robot. So once you've done that, It sends you a verification email. So all you have to do at that point, it's just like my website. When you sign up for my newsletter, keep an eye out for an email from Troy from have I been poned.com asking you if you signed up for his notification service? [00:08:31] Obviously it is a very good idea to click on his link in the email. Now I caution people, it costs. And you guys all of the time about clicking on links and emails, because so many of them are malicious, but in the case of like Troy or my website, or maybe another one that you sign up for, if you just signed up for. [00:08:54] You should expect an email to come to your mailbox within a matter of a couple of minutes, and then you should spend just that minute or so. It takes to click on that email to confirm that you do want to get the emails from the website, because if you don't hit that confirmation, you're not going to get the emails. [00:09:17] Let me explain a little bit about why that is. Good guys on the internet don't want to spam you. They don't want to overload you with all kinds of emails that may matter may not matter, et cetera. They just want to get you information. So every legitimate, basic a guy out there business, a organization, charity that is legitimate is going to send you a confirmation email. [00:09:50] The reason is they don't want someone to who doesn't like you let's say to sign you up on a few hundred different emails site. And now all of a sudden you're getting. Well, these emails that you didn't want, I had that happen to me years and years ago, and it wasn't sites that I had signed up for. In fact, some of them were rather pornographic and they kept sending me emails all of the time. [00:10:19] So Troy is going to send you just like I do another legitimate website, send you an email. The link that you must click. If you do not click his link, you are not going to get the emails. It's really that simple. Now, Troy looking at a site right now has information on 11 billion pond account poned accounts. [00:10:47] Really? That is huge. It is the largest collection that's publicly available of. To count. So I'm, we're going to talk about that a little bit more. And what information does he have? How does he protect it? What else can you find out from? Have I been poned? This is an important site. One of the most important sites you can visit in order to keep yourself safe. [00:11:16] Next to mine. Right? Make sure you visit right now. Craig peterson.com/subscribe and sign up for my newsletter and expect that confirmation email to. [00:11:29] Have you been hit by Ransomware before? Well, it is a terrible thing if you have, but what's the future of Ransomware? Where is it going? We've talked about the past and we'll start with that and then move into what we're expecting to come. [00:11:46] The future of Ransomware is an interesting one. And we kind of have to look at the past in Ransomware. [00:11:55] Ransomware was pretty popular in that bad guy. Just loved it. They still do because it is a simple thing to do. And it gives them incredible amounts of flexibility in going after whoever they want to go. After initially they were sending out Ransomware to anybody's email address. They could find and hoping people would click on it. [00:12:24] And unfortunately, many people did click. But back then the ransoms were maybe a couple hundred dollars and you paid the ransom and 50% chance you got your data back. Isn't that terrible 50% chance. So what do you do? How do you make all of this better? Make your life better? Well, Ransomware really, really drove up the value of Bitcoin. [00:12:54] Bitcoins Ascension was largely based on Ransomware because the bad guys needed a way that was difficult to trace in order to get paid. They didn't want the bank to just sweep the money back out of your account. They didn't want the FBI or other agencies to know what they were doing and where they were located. [00:13:20] So, what they did is, uh, they decided, Hey, wait a minute. Now this whole crypto game sounds interesting. And of course talking about crypto currency game, because from their viewpoint, it was anonymous. So they started demanding ransoms instead of dollars, PayPal, even gift certificates that they would receive from you. [00:13:46] They decided we're going to use some of the cryptocurrencies. And of course the big one that they started using was Bitcoin and Bitcoin has been rather volatile. Hasn't it over the years. And its founding was ethically. Empty, basically what they did and how they did it. It's just disgusting again, how bad some people really are, but they managed to manipulate the cryptocurrency themselves. [00:14:17] These people that were the early. There's of the cryptocurrency called Bitcoin and they manipulated it. They manipulated people into buying it and accepting it, and then they managed to drive the price up. And then the, the hackers found, oh, there's a great way to do it. We're going to use Bitcoin. And so they demanded ransoms and Bitcoin, and they found that no longer did they have to get like a hundred dollar gifts, different kid for Amazon. [00:14:46] Now they could charge a thousand dollars, maybe even a million dollars or more, which is what we saw in 2021 and get it paid in Bitcoin. Now Bitcoin is kind of useful, kind of not useful. Most places don't take Bitcoin as payment, some have started to because they see it might be an investment in the future. [00:15:11] I do not use Bitcoin and I don't promote it at all, but here's what we've been seeing. Uh, and this is from the chief technology officer over tripwire, his name's Dave Meltzer. What we've seen with ransom. Attacks here. And the tie to Bitcoin want to cry back in 2017 was terrible and it destroyed multiple companies. [00:15:39] One of our clients had us protecting one of their divisions and. We were using really good software. We were keeping an eye on it. In fact, in the 30 years I've been protecting businesses from cyber intrusions. We have never, ever had a successful intrusion. That's how effectively. And I'm very, very proud of that. [00:16:05] Very proud of that. We've we've seen ransomware attacks come and go. This wanna cry. Ransomware attack destroyed every part of the company, except for. The one division we were protecting, and this is a big company that had professional it, people who really weren't very professional. Right. And how, how do you decide, how do you figure out if someone really knows what they're talking about? [00:16:32] If all they're doing is throwing around buzzwords, aren't, that's a huge problem for the hiring managers. But anyways, I digress because having a. Particular series of letters after your name representing tests that you might've passed doesn't mean you're actually any good at anything. That's always been one of my little pet peeves over the decades. [00:16:55] Okay. But another shift in the targeting of Ransomware now is showing a major uptick in attacks. Operational technology. Now that's a real big thing. We've had some huge hits. Uh, we think of what happened with solar winds and how it got into solar wind software, which is used to monitor computers had been. [00:17:24] And had inserted into it. This one little nice little piece of code that let the bad guys into thousands of networks. Now we've got another operational technology hack in progress. As we speak called vog for J or log for shell. Huge right now, we're seeing 40% of corporate networks are right now being targeted by attackers who are trying to exploit this log for J. [00:17:53] So in both cases, it's operational software. It's software businesses are using. Part of their operations. So we're, and part of that is because we're seeing this convergence of it, which is of course information technology and operational technology environment. In many times in the past, we've seen, for instance, the sales department going out and getting sales force or, or something else online or off. [00:18:25] They're not it professionals in the sales department or the marketing department. And with all of these kids now that have grown up and are in these it departments in their thirties and think, wow, you know, I've been using technology my whole life. I understand this stuff. No, you don't. That has really hurt a lot of bigger companies. [00:18:48] Then that's why some companies have come to me and saying, Hey, we need help. We need some real adult supervision. There's, there's so many people who don't have the decades of experience that you need in order to see the types of holes. So. We've got the it and OT kind of coming together and they've exposed a technology gap and a skills gap. [00:19:16] The businesses are trying to solve right now in order to protect themselves. They're moving very quickly in order to try and solve it. And there they've been pretty much unable to. And w we use for our clients, some very advanced systems. Hardware software and tools, because again, it goes back to the kind of the one pane of glass. [00:19:38] Cisco doesn't really only have one pane of glass, but that's where it goes back to. And there's a lot of potential for hackers to get into systems, but having that unified system. That Cisco offers really helps a lot. So that's kinda my, my little inside secret there, but we walk into companies that have Cisco and they're completely misusing them. [00:20:02] In fact, one of these, uh, what do you, would you call it? Well, it's called a school administrative unit in my state and it's kind of a super school board, super school district where there's multiple school districts. Hold two. And they put out an RFP because they knew we liked Cisco and what some of the advantages were. [00:20:22] So they put out a request for proposal for Cisco gear and lo and behold, they got Cisco gear, but they didn't get it configured properly, not even close. They would have been better off buying something cheap and being still exposed. Like, you know, uh, I'm not going to name some of this stuff you don't want to buy. [00:20:42] Don't want to give them any, uh, any airtime as it were. But what we're finding now is law enforcement has gotten better at tracking the digital paper trail from cryptocurrencies because cryptocurrencies do have a. Paper trail and the bad guys didn't realize this. At first, they're starting to now because the secret service and the FBI have been taking down a number of these huge ransomware gangs, which is great. [00:21:16] Thank you very much for doing that. It has been phenomenal because they've been able to stop much of the Ransomware by taking down these gangs. But criminal activity that's been supported by nation states like North Korea, China, and Russia is much harder to take down. There's not much that our law enforcement can do about it. [00:21:42] So w how does this tie into Ransomware and cryptocurrency while ultimately. The ability to tr address the trail. That's left behind a ransom payment. There's been a massive shift in the focus from government trying to tackle the underlying problem of these parolees secured curdle Infor critical infrastructure sites. [00:22:06] And that's what I did training for. The eyes infra guard program on for a couple of years, it has shifted. Now we've got executive orders. As I mentioned earlier, from various presidents to try and tighten it up and increase government regulation mandate. But the big question is, should you pay or not? And I recommend to everyone out there, including the federal government recommends this, by the way, don't pay ransoms because you're just encouraging them. [00:22:40] Well, as fewer and fewer ransoms are paid, what's going to happen to Bitcoin. What's going to happen to cryptocurrencies while the massive rise we saw in the value of Bitcoins will deteriorate. Because we won't have businesses trying to buy Bitcoin before they're even ransomed in order to mitigate any future compromise. [00:23:06] So I love this. I think this is great. And I think that getting more sophisticated systems like what, like my company mainstream does for businesses that I've been doing for over 30 years is going to draw. Well, some of these cryptocurrencies like Bitcoin down no longer will the cryptocurrencies be supported by criminals and Ransomware. [00:23:35] So that's my hope anyways. And that's also the hope of David Meltzer, chief technology officer over at tripwire hope you're having a great year so far. You're listening to Craig Peter sohn.com. Sign up for my. At Craig peterson.com. And hopefully I can help you have a little bit of a better year ahead. [00:23:57] All of these data breaches that the hackers got are not graded equal. So we're going to go through a few more types of hacks, what they got. And what does it mean to you and what can you do about it? [00:24:13] Have I been B EEN poned P w N E d.com. And this is a website that has been put together by a guy by the name of Troy hunt. He's an Australian and it goes through the details of various. So that he has found... /episode/index/show/cptt/id/22112891

Are You Ready For the Latest Cyber Attack From Russia? 02/04/2022

Are You Ready For the Latest Cyber Attack From Russia? Are You Ready For the Latest Cyber Attack From Russia? Yet another warning coming out from the federal government about cyber security. And this one is based on what's been happening in Ukraine. So we're going to talk about that situation, the whole cyber security over there, and why it's coming here. [Automated transcript follows] CISA is the Cybersecurity and Infrastructure Security Agency. How's that for a name? It's not as bad as what does S.H.I.E.L.D mean? Over from the Marvel universe. But the cybersecurity and infrastructure security agency is the agency that was created to not just protect federal government systems, although they are providing information for. [00:00:41] People who protect those systems, but also for businesses and you and me and our homes. So they keep an eye on what's happening, what the various companies out there are finding, because most of the cybersecurity information that we get is from private companies and they. But it altogether, put it in a nice little wrapping paper. [00:01:06] In fact, you can go onto their website anytime that you'd like to, and find all kinds of stuff that is going to help you out. They've got a ton of documents that you can download for free little steps that you can take. It's at csun.gov, C I S a.gov. And they've got the known exploited vulnerabilities catalog. [00:01:30] That's something that we keep up to date on to help make sure our clients are staying ahead of the game. They've also got their review board securing public gatherings. They also run the stop ransomware.gov site that you might want to check out. And we'll be talking a little bit more about ransomware and the ways to protect yourself a little later today. [00:01:53] Now Seesaw is interesting too, because when they are releasing information, most Americans really aren't aware that they even exist. They do. And they've got a big warning for us this week. There's a site that I follow called bleeping computer that you might want to keep an eye on and they have. [00:02:16] I'll report just out this week that you, crane government agencies and corporate entities were being attacked. This was a coordinated cyber attack last Friday, a week ago, where websites were defaced data wiping malware was deployed and causing all of these systems to become not just a corrupt, but some of these windows devices to be completely. [00:02:45] Operable now that is a bad thing. The reason for this, this is speculation, but it isn't a whole lot of speculation. Right? Am I getting out of, on a limb here particularly, but the whole idea behind this is a cyber war, that Russia's got, what is it now? 130,000 troops, whatever it is over a hundred thousand. [00:03:08] On the border of Ukraine, they invaded Ukraine a few years ago. Russians shot down a passenger airline in Ukrainian air space. This that was a few years back. They've been doing all kinds of nastiness to those poor Ukrainians. They also had a massive ransomware attack in Ukraine. That was aimed at their tax software. [00:03:36] Some countries do the electronic filing thing a lot differently than the us does. A couple of examples are Ukraine. France is another one that comes to mind. We have clients in France that we've had to help with cyber safety. And we're always getting popups about major security problems in the tax software, because they have to use this software that's provided by the French government. [00:04:04] Ukraine's kind of the same way. The biggest. Company providing and the tax filing software for Ukraine was hacked and they use that hack to then get into the tech software and make it so that when that software was run by these Ukrainian companies, they would get ransomware. It was really rather nasty. [00:04:30] So the Russians had been playing games over in Ukraine for quite a while. But what's apparently happened now, is that a thing? Those things, same things are coming our way now. It's not just because of the fact that a Ukraine is being threatened, maybe they're going to encroach even more, take more than Crimea, which they did last time. [00:04:56] We're in the U S and what are we doing? President? Biden's been sending troops to Europe, troops to Poland, Germany, and also advisors to the Ukraine. He's removed the embassy staff, at least the vast majority of it from Ukraine. And I just I think. To what happened with his completely unplanned withdrawal that we did in Afghanistan and how things just got really bad there. [00:05:28] And I'm not worried about what's going to happen in Ukraine because the Russians aren't particularly fond of the idea that we are sending aid and support to. Yeah, it's a bad thing. President Obama sent them blankets, but Biden is sending them military weapons and ordinance, which is what they'd need to fight. [00:05:54] So Russia has shown that they will attack a country via electronic means cyber means, right? Cyber attacks. And so what's happening now is the bad guys from. That have been the facing websites and who have been doing more than that, wiping computers and making them completely unusable could well come after us because they're really going to be upset with what's happening now. [00:06:28] And that was CNN has reported the Ukrainian it services company that helped develop many of these sites was also a big. And of course that means bottom line, that this is what's called a supply chain attack. What I mentioned earlier with the Ukrainian tax software, that's a supply chain attack where you are buying that software, or you're mandated to use the software to file your taxes by the government. [00:06:58] And what happens while it turns out that software is contaminated, that's called a supply chain attack. Now crane issued a press release about a week ago, saying that the entities were hit by both attacks, leading them to believe that they were coordinated. This is a quote here. Thus, it can be argued with high probability that the interface. [00:07:24] Of websites have attacked government agencies and destruction of data by Viper are part of a cyber attacking, but causing as much damage to the infrastructure of state electronic resource that's from the Ukrainian government, not the best English, but their English is much better than my Ukrainian or Russian. [00:07:44] So you, crane is blaming these attacks on Russia, incomes, CS. So you says now urgent. Business people in the us and other organizations to take some specific steps. So quote, here from the Seesaw insights bulletin, the CSO insights is intended to ensure that senior leaders at the top of every organizational where the cyber risks and take urgent near term steps to reduce the likelihood and impact of a potentially damaging compromise. [00:08:19] All organizations, regardless of the sector or side should immediately implement the steps outlined below. So here's the steps and there are a lot of them. One I'm going to do these, you should find in your newsletter today. Hopefully that all made it in. But three basic things. One reduce the likelihood of a damaging cyber intrusion. [00:08:47] And we're going to talk about the best way to do backups here a little later on today. Make sure your software is up to date. Make sure your organization's it personnel disabled, all ports and protocols, not essential for business purposes. This is all basic stuff, but I got to say. I bet you, 98% of businesses and organizations, haven't done these things. [00:09:07] The next major category here, take steps to quickly detect a potential intrusion, and then ultimately maximize the organizations resilient to destructive. Incident. So that means doing things like testing your backup procedure, make sure your data can be restored rapidly, or you have a way to get your business back online quickly. [00:09:31] What we tend to do is in our backup strategy, depending on how much the company can afford, to be down. To be out of business if they lose all of their stock versus what it costs to do this, but we will put a server on site at the company and that server then does some of the backups, right? It does all of the initial backups. [00:09:55] And then what happens is it gets relayed to us. It gets pushed to tape and tape is really good. We'll talk about that in just a few minutes, but the other big thing is. The backup that we have local to their business also has what's called a virtual machine infrastructure built on it. So if a machine goes down, If it gets wiped or if it just crashes and can't be recovered easily, we can spin up that machine. [00:10:28] A copy of it in our little virtual environment in just a matter of minutes. So these are all things you should be considering. If you're interested, you can send an email to [email protected] I can send you a checklist that a little more extensive than this, or I can help you with any other questions you have. [00:10:47] I get lots of questions every week from everything for on retirees, wondering what they should do all the way through businesses that we help government contractors and others. This isn't good. Russia is likely coming after us. Based on this. Visit me online. Craig peterson.com or email [email protected] with your questions. [00:11:14] With all of this talk about hackers, ransomware data, wiping systems. What's the best way to protect yourself, but what do you do to really protect against ransomware? I can tell you, it's not just plugging another hard disk into do backups. [00:11:31] We have a lot of problems nowadays. We've got so many hackers out there. We're talking about a multi-billion dollar industry to go after us. [00:11:43] It's just depressing. Really. When you think about it, I think about the old days where security, wasn't a huge concern, right? Physical security. I had one of my first jobs was at a bank and I was, this was back way back in the a G it would have been the mid seventies and I was one of the operators of the main. [00:12:09] And so as a mainframe operator, we'd load up the tapes and we would ship them places. We'd also go ahead and put them in the vault so that they were in a fireproof vault, and we could recover anything we needed to recover. It worked out pretty darn well, and it was a fun job, but most of the time it was cleaning the tape drive heads and taking those tapes, those big round tapes, you might remember those. [00:12:38] Nine track tapes and maybe the fancy stuff, 52 50 BPI or 800 BPI of one end or the other, or the spectrum. And we just had to make sure they were physically safe nowadays of course, mainframes are still around and are still absolutely fantastic. They're just phenomenal. Some of the technology IBM has in their mainframes. [00:13:04] Most of us, aren't using those. Most of us are using a regular computer or I'm sitting in front of a Mac right now that I use for the radio show. We have windows, computers, Linux machines, right? All of those things that we have in our business and that we maintain securely for our clients. But what do you do when we're talking about random? [00:13:27] You can cross your fingers and hope that you'd hope you don't get ransomed. That sort of a practice doesn't usually work out too well for people, but you can do backups and many people do. So let's talk about the backups. Let's say that you have your computer and you're doing a backup and you have one or two generations worth of backups for your company. [00:13:52] Ransomware nowadays does not just typically destroy your whole disk. Usually what it does is it encrypts files like doc files, doc X, right? Excel files, all kinds of files that thinks might be useful to you. And then of course, the rest, it pops up says, pay me. And off you go. The reason for that is so your computer still works so that you can enter in the decryption code. [00:14:22] Once you've paid the ransom, hopefully it works for you give or take 50% of the time. You will get your data back. If you pay the ransom much of the time. But let's go back to that one or two generations of backup. You're using a cloud service, let's say, and your computer gets ransomware. That cloud service backup software will still work. [00:14:48] What if it's working? So you're now backing up your encrypted files to the backup site in the cloud. Do you see where I'm going with this? Your backups? No. Same thing is true. If you're backing up to a local hard disk, many people do it and it's handy. I recommend that you do that, but it's not all you should do. [00:15:13] So that disc is attached. We had a. Boy, who was it here? Yeah, we have a client in Maine and they have a really smart system administrator and he designed these disk drives that would physically disconnect themselves from a machine when the backup was not running and would physically connect themselves when the backup. [00:15:38] Was running. So the idea there was okay, great. We've got a local backup on a local disk and if the bad guys managed to get a hold of the machine, they're not going to be able to encrypt the. And, as long as the backup isn't running, I thought that was a brilliant solution. Doesn't solve some problems, but it certainly takes care of some others. [00:16:03] So if you are doing a backup, you've got to make sure you've got multi generations. I tend to keep a year's worth. Now there's other considerations. There's the federal rules of. Procedures that say you have to have bad cops. They have to go back years. And there are also other things the payment card industry requires certain types of backups. [00:16:29] If you are a government contract, We have them as clients and they have certain data retention policies based on the length of the contract. They have keep it for some years afterwards. It goes on and on. So if your data is lost or stolen or encrypted, and your backup is encrypted or deleted, You are in real trouble depending on the type of business you're in. [00:17:00] So what's the right answer to this. I've talked about 3, 2, 1 backup for a long time, and it's still a very good methodology for doing backups, but nowadays they're talking about 3, 2, 1, 1 backup, which is again, that's a bit of a different methodology. In doing backups, but the idea is you've got multiple copies of your data on multiple types of media in multiple places. [00:17:34] That's the bottom line. What is the gold standard for this? I it's something that gets to be a little expensive. Again, we have another client that we've had for years, and they are looking for a replacement for the backup system. Now. And so we proposed something that's based on what's called LTO technology, which is a type of a tape drive. [00:17:59] It's a small cassette, right? It's not those big 12 inch reels of tape that we used to lug around and it's amazingly dance. The new LTO tape drives have space on them for as much as 45. Terabytes of information. It's also great because it's encrypted by hardware, government level encryption automatically, and those tapes can be taken offline. [00:18:29] You can take the tape. Now we picked up a client who had been doing backups and they were using little USB drives and every day he'd take the drive home and bring in the next drive. So he had five drives, right? So he had the drive for Monday, Tuesday, Wednesday, Thursday, Friday. And he was taking them home, but he missed one of the key things to check the back. [00:18:57] He hadn't checked the backup and their backup had not been running for more than a year and a half. So that's the other thing you have to do? The LTO tapes are really the gold standard. It goes back to that for one of the first jobs of mine, right? The job I mentioned, where I was mounting tapes and filing them and moving them around and mountain disc packs and pulling them out and everything. [00:19:24] It still makes sense. They'll last for decades, they cannot be hacked because they are literally offline. You can ship them to places to have them stored. I have a course on backups and if you're really interested, send me a an email to [email protected] And I'll go ahead and. Send you a link to the course, you can watch it. [00:19:52] But yeah, I think this is really important. Of course, I'm not going to charge you for that, but magnetic tape it's established. It's understood. It's proven it's been around for many decades and LTO tape is unique. It needs all five best practices for addressing ransomware. Even be able to recover. [00:20:16] If you want more information, just email [email protected] or sign up for my free newsletter. Craig peterson.com. [00:20:26] Switching from gasoline powered engines to these new electric cars is no environmental panacea. At least that's what West Virginia university is saying. And the E. Just changed its mind as well. [00:20:42] Ford of course, about a year ago, unveiled its new electric. [00:20:47] F-150 the lightning and Ford has stopped taking orders for them because they are going to have to make double what they thought they would have to make. Ford also has a similar problem with yet another electric vehicle. The Mustang GM is doing a few different electric. Coles. And so is everybody else, frankly, Porsche even now has an electric car out. [00:21:16] That is all well and good. Isn't it. And there's certainly problems, particularly with manufacturing nowadays, trying to get the CPU's and other electronic components you need. They're even having trouble getting electric motors for electric windows in vehicles. Now they're coming. Crank window with a little coupon saying later on, we'll convert it to electric for you all kinds of problems, but there's one that I haven't heard anybody but myself talk about. [00:21:48] And so I was online looking around, doing some searches, seeing if I was, like the only one there's no way right now, I'm not the smartest person in the world. I don't pay the most attention to everything. And I found that. Virginia university is in total agreement with that with me, it's just amazing. [00:22:11] They looked at recent trends and they're cautioning as I have been for years, at least a decade. Now they're cautioning about what seems to be a race to put more electric vehicles. On the road. And the problem is that these electric vehicles in their demand for electricity may well out, run what's needed to keep the vehicles on the road. [00:22:40] So here's a quote from them. The electric grid will struggle to handle the quick charging of very many electric vehicles at the same time. Okay yeah, by the way, like hardly any quick charging is generally what everyone thinks about, like going to the gas station, getting a full charge in 10 to 15 minutes, which would be a tremendous instantaneous load on the local distribution center. [00:23:07] My concern is the huge power dumps required at quick charging stations along the interstate. It sounds good, but it'll require a lot of new infrastructure to get the power to the charging stations, as well as building those charging stations. So where does the power come from? Power storage is going to be required if we're going to also move towards fixing. [00:23:32] Power sources such as solar and wind. We do not have power storage capability yet in large enough quantities to do this on a large scale. Solar does not work at night. The wind doesn't blow all the time. Also, we do not have the distribution on the streets to move fast charging into residential neighborhoods on mass. [00:23:57] Electric vehicles are great, but we have not fully considered the impact it'll have on our electrical grid infrastructure. It will require a lot of expansion of our electrical distribution and charging facilities. Remember, electric power comes from the power company. I heard an interview with a lady the other day, and they asked her, where does the electricity come? [00:24:19] She said, From the plugin, the wall, right? We must consider this when considering wide-scale electric vehicle adoption,... /episode/index/show/cptt/id/22028600

Have You Been Phished? Email Spoofing is in full swing! 01/29/2022

Do You Know How Hackers are Spoofing You? All About Email spoofing! 01/29/2022

Do You Know How Hackers are Spoofing You? All About Email spoofing! Do You Know How Hackers are Spoofing You? All About Email spoofing! We just got an email this week from a customer and they're saying, "Oh no, my email has been hacked." What does that mean? Was it really hacked? We're going to talk right now about email spoofing, which is a very big deal. [Following is an automated transcript] [00:00:15] Email spoofing is being a problem for a long time, really? Since the 1970s. I remember when I got my first spoofed email back in the eighties and there was really a little bit of confusion. [00:00:30] I went into it more detail, of course, being a very technical kind of guy, and looked behind the curtains, figured out what was going on. Just shook my head. I marveled at some people. Why would you do this sort of thing? The whole idea behind email spoofing is for you to receive an email, looks like it's from someone that it's not now, you've all seen examples of this. [00:00:55] Everybody has. And those emails that are supposedly from the bank, or maybe from Amazon or some other type of business or family friend, this is part of what we call social engineering, where the bad guys are using a little bit about what they know about you, or maybe another person in order to. Frankly, fool you. [00:01:19] That's what spoofing really is. There were a lot of email accounts that were hacked over the last what, 30, 40 years. And you might remember these people sending out an email saying, oh, my account got hacked because you just got emails. Back in the day, what people were trying to do is break into people's email accounts and then the bad guys after having broken in now knew everybody that was in the contact list from the account that was just broken into. [00:01:54] Now they know, Hey, listen, this person sends an email. Maybe I can just pretend I'm them. Days it, the same thing still happens. But now typically what you're seeing is a more directed attack. So a person might even look in that email account that they've broken into and poke around a little bit and find out, oh, okay. [00:02:16] So this person's account is a purchasing manager at a big company. So then they take the next step or maybe this tab after that and try and figure out. Okay, so now what do I do? Oh, okay. So really what I can do now is send fake purchase orders or send fake requests for money. I've seen in the past with clients that we've picked up because the email was acting strangely where a bad guy went ahead, found. [00:02:49] Invoices that have been sent out by the purchasing person and the send the invoices out and changed the pay to information on the invoice. So they took the PDFs that they found on the file server of the invoices went in and changed them, change the account that they wanted, the funds ACH into. And once they had that happen, they just sent the invoice out again saying overdue. [00:03:18] Off goes in the email and the company receives it and says, oh okay, I need to pay this invoice. Now. Sometimes it marked them overdue. Sometimes they didn't mark them overdue. I've seen both cases and now the money gets sent off and that invoice gets paid and then gets paid to the wrong person. [00:03:38] Or maybe they go ahead and they don't send the invoice out, but they just send a little notification saying, Hey, our account has changed. Make sure you. Direct all future payments to this account. Instead. Now you might be thinking wait a second here. Now they send this email out. It's going to go into a bank account. [00:03:57] I can recover the money while no, you can't. Because what they're doing is they are using mules. Now you've heard of meals before. He might've even seen that recent Clint Eastwood movie. I think it was called. But typically when we think of mules, as people we're thinking about people who are running drugs well, in this case, the bad guys use mules in order to move money around. [00:04:24] And now sometimes the people know what they're doing. The FBI has had some really great arrests of some people who were doing this, particularly out in California, some of them cleaned. Yeah. I didn't know what was happening. It was just somebody, asked me to send money. It's like the Nigerian scam where the Nigeria in the Nigerian scam, they say, Hey I'm, I'm Nigerian prince, you've heard of these things before. And I need to get my money out of the country. I need to place to put them. And so if you have a us account, I'm going to transfer money into it. You can keep a thousand dollars of that 5,000 and I'm going to wire in just as a fee. Thanks for doing this. I, this is so important and it's such a hurry and I'm going to send you the. [00:05:11] What they'll often do is send you a money order. It couldn't be a bank check, could be a lot of things, and then you go ahead and you cash it and oh, okay. Or cash just fine. And then you wire the $4,000 off to the bad guy. The bad guy gets the money and is off. Running in the meantime, your bank is trying to clear that bank check or that money order. [00:05:38] And they find out that there is no money there because frankly what might've happened? I, this is one I've seen, I'm telling you about a story w we helped to solve this problem, but I had taken out a real money order from a bank, and then they made copies of it. Basically, they just forged it. And so they forged a hundred copies of it. [00:06:01] So people thought they were getting a legitimate money order. And in some cases, the banks where the money order was, you mean deposited, did conf confirm it? They called up the source bank. Oh yeah. Yeah. That's a legit money order and then they all hit within a week or two. And now the, you are left holding the bag. [00:06:22] So that's one thing that happens. But typically with these mules, the money comes to them in that account. They are supposed to then take that money and put it in their PayPal account and send it off to the next. And it might try jump to through two or three different people, and then it ends up overseas and the bad guys have gotten so good at this and have the cooperation of some small countries, sometimes bigger countries that they actually own. [00:06:54] The bank overseas of the money ultimately gets transferred into. And of course there's no way to get the money back. It's a real. So with spoofing, they're trying to trick you into believing the emails from someone that you know, or someone that you can trust. Or as I said, maybe a business partner of some sort in most cases, it's some sort of a colleague, a vendor or a trusted brand. [00:07:22] And so they exploit the trust that you have, and they ask you to do something or divulge information. They'll try and get you to do something. So there's more complexity tax. Like the ones that I just explained here that are going after financial employees, there might be some, an accountant, a bookkeeper, or bill payer and receivables payables. [00:07:48] I've seen CFO attacks, but the really the spoofed email message looks legitimate on the surface. They'll use the legitimate logo of the company that they're trying to pretend that they're from. For instance, PayPal. Phishing attack. They have a spoofed email sender and typical email clients like you might be using for instance, on Microsoft outlook. [00:08:13] The sender address is shown on the message, but most of the time nowadays the mail clients hide the actual email address, or if you just glance at it, it looks legit. You've seen those before these forged email headers. Yeah, it gets to be a problem. Now we use some software from Cisco that we buy. [00:08:38] You have to buy. I think it's a thousand licenses at a time, but there were some others out there, Cisco again, by far the best and this, the software. Receives the email. So before it even ends up in the exchange server or somewhere else online, that email then goes through that Cisco server. They are comparing it to billions of other emails that they've seen, including in real time emails that are. [00:09:06] Right now. And they'll look at the header of the email message. You can do that as well. With any email client, you can look at the header, Microsoft and outlook calls, it view source. But if you look at the email header, you'll see received. Headers that are in there. So say, receive colon from, and they'll give a name of a domain and then you'll see another received header and give another name of a machine. [00:09:33] And it'll include the IP address might be IVF IPV four of your six, and you can then follow it all the way through. So what'll happen is partway through. You'll see, it took a hop that is. Not legitimate. That's where it comes in. Nowadays, if you have an email address for your business, man, a domain, you need to be publishing what are called SPF records. [00:10:01] And those SPF records are looked at there compared to make sure that the email is properly signed and is from. The correct sender. There's a SPF records. There's a mother's too, that you should have in place, but you'll see that in the headers, if you're looking in the header. So it gets pretty complicated. [00:10:24] The SPF, which is the sender policy framework is a security protocol standard. It's been around now for almost a decade. It's working in conjunction with what are called domain based message, authentication, reporting, and conformance. Heather's D mark headers to stop malware and phishing attacks. And they are very good if you use them properly, but unfortunately when I look, I would say it's still 95% of emails that are being sent by businesses are not using this email spoofing and protection. [00:11:00] So have a look at that and I can send you a couple articles on it. If you're in trusted Craig Peterson.com. [00:11:07] So we've established that email spoofing happens. What are the stats to this? And how can you further protect yourself from email spoofing? Particularly if you're not the technical type controlling DNS records, that's what's up right now. [00:11:24] There's so much going on in the cybersecurity world. It affects all of us. Now, I think back to the good old days 40 years ago where we weren't worried about a lot of this stuff, spoofing, et cetera. [00:11:38] But what we're talking about right now is 3.1 billion domain spoof. Emails sent every day. That's a huge thing. More than 90% of cyber attacks. Start with an email message. Email spoofing and phishing have had a worldwide impact costing probably $26 billion over the last five years. A couple of years ago, the FBI, this is 2019. [00:12:09] Reported that about a house. A million cyber attacks were successful. 24% of them were email-based and the average scam tricked users out of $75,000. Yeah. So it's no wonder so many people are concerned about their email and whether or not those pieces of email are really a problem for them. And then anybody else. [00:12:36] So a common attack that uses spoofing is CEO fraud, also known as business, email compromise. So this is where the attacker is spoofing or modifying, pretending to be a certain person that they're not they're impersonating an executive or owner, maybe of a business. And it targets. People in the financial accounting or accounts payable departments or even the engineering department. [00:13:03] And that's what happened with one of our clients this week. They got a very interesting spoofed email. So even when you're smart and you're paying attention, you can be tricked the Canadian city treasurer. Tricked into transferring a hundred grand from taxpayer funds, Mattel tricked into sending 3 million to an accountant, China, a bank in Belgium, tricked into sending the attackers 70 million Euro. [00:13:33] It happens and I have seen it personally with many businesses out there. So how do you protect yourself from email? Spoofing now, even with email security in place, there's some malicious email messages that are still going to get through to the inboxes. Now we're able to stop better than 96% of them just based on our stats. [00:13:56] In fact, it's very rare that one gets through, but here are some things you can do and watch out for whether you're an employee responsible for financial decisions, or maybe you're someone who is. Personal email at work. Here's some tricks here. So get your pencil ready. Number one, never click links to access a web. [00:14:20] Where you're asked to log in, always type in the official URL into your browser and authenticate on the browser. In other words, if you get an email from your bank or someone else, and there's a link in there to click that says, Hey oh man, here's some real problems. You got to respond right away. [00:14:44] Don't do that go to paypal.com or your bank or your vendor's site, just type it into your browser, even though you can hover over the email link and see what it is. Sometimes it can be perfectly legitimate and yet it looks weird. For instance, when I send out my emails that people subscribe to that right there on Craig peterson.com, the links are going to come from the people that handle my email lists for me, because I send out thousands of emails at a time to people that have asked to get those emails. [00:15:24] So I use a service and the services taking those links, modifying them somewhat in fact dramatically. And using that to make sure the delivery happened, people are opening it and that I'm not bothering you. So you can unsubscribe next step. You can, if you want to dig in more, look at the email headers. [00:15:47] Now they're different for every email client. If you're using outlook, you have to select the email, basically in the left-hand side. Okay. You're going to control, click on that email and we'll come up and you'll see something that says view source. So in the outlook world, they hide it from you. [00:16:07] If you're using a Mac and Mac mail, all you have to do is go to up in the menu bar email and view, header and cut off. There it is. I have many times in the past just left that turned on. So I'm always seeing the headers that reminds me to keep a look at those headers. So if you look in the header, And if the email sender is let me put it this way. [00:16:33] If the person who is supposed to have sent it to you is doing headers proper, properly. You're going to see. A received SPF section of the headers and right in there, you can look for a pass or fail and response, and that'll tell you if it's legit. So in other words, let's use PayPal as an example, PayPal has these records that it publishes that say all of our emails are going to come from this server or that server of. [00:17:06] And I do the same thing for my domains and we do the same thing for our clients domains. So it's something that you can really count on if you're doing it right, that this section of the headers. And that's why I was talking about earlier. If you have an email that your sending out from your domain and you don't have those proper headers in it, there's no way. [00:17:33] To truly authenticate it. Now I go a step further and I use GPG in order to sign most of my emails. Now I don't do this for the trainings and other things, but direct personal emails from me will usually be cryptographically signed. So you can verify that it was me that sent it. Another thing you can do is copy and paste the text, the body of that email into a search engine. [00:18:05] Of course I recommend duck go in most cases. And the chances are that frankly they've sent it to multiple people. That's why I was saying our Cisco based email filter. That's what it does, it looks for common portions of the body for emails that are known to be bad, be suspicious of email from official sources like the IRS, they're not going to be sending you email out of the blue most places. Aren't obviously don't open attachments from people that you don't. Special suspicious ones, particularly people we'll send PDFs that are infected. It's been a real problem. They'll send of course word docs, Excel docs, et cetera, as well. [00:18:56] And the more. I have a sense of urgency or danger. That's a part of the email should really get your suspicions up, frankly, because suggesting something bad is going to happen. If you don't act quickly, that kind of gets around part of your brain and it's the fight or flight, right? Hey, I gotta take care of this. [00:19:19] I gotta take care of this right away. Ah, and maybe you. So those are the main things that you can pay attention to. In the emails, if you are a tech person, and you're trying to figure this out, how can I make the emails safer for our company? You can always drop me an email as well. Me, M [email protected] [00:19:45] I can send you to a couple of good sources. I'll have to put together a training as well on how to do this, but as individually. At least from my standpoint, a lot of this is common sense and unfortunately the bad guys have made it. So email is something we can no longer completely trust. Spoofing is a problem. [00:20:07] As I said, we just saw it again this week. Thank goodness. It was all caught and stopped. The account was not. It was just a spoofed email from an account outside the organization that was act Craig peterson.com. Stick around. [00:20:26] [00:20:26] The value of crypto coins has been going down lately quite a bit across the board, not just Bitcoin, but the amount of crypto mining and crypto jacking going on. That hasn't gone down much at all. [00:20:50] hi, I'm Craig Peter Sohn, your cyber security strategist. And you're listening to news radio, w G a N a M five 60 and FM nine. Point five, you can join me on the morning drive every Wednesday morning at 7 34, Matt and I go over some of the latest in news. You know about crypto coins, at least a little bit, right? [00:21:18] These are the things like Bitcoin and others that are obstensively private, but in reality, aren't that private. If you receive coins and you spend coins, you are probably trackable. And if you can't spend that, the crypto currencies, why even bother getting it in the first place. One of the big drivers behind the price of these crypto currencies has been criminal activity. [00:21:50] We've talked about that before. Here's the problem we're seeing more and more nowadays, even though the price of Bitcoin might go down 30%, which it has, and it's gone down in bigger chunks before. It does not mean that the bad guys don't want more of it. And what better way to mine, cryptocurrency then to not have to pay for. [00:22:18] So the bad guys have been doing something called crypto jacking. This is where criminals are using really ransomware like tactics and poisoned website to get your computer, even your smartphone to mine, cryptocurrencies for. No mining, a Bitcoin can cost as much in electric bills that are in fact more in electric bills. [00:22:45] Then you get from the value of the Bitcoin itself. So it's expensive for them to run it. Some countries like China have said, no, you're not doing it anymore because they're using so much electricity here in the U S we've even got crypto mining companies that are buying. Old power plant coal-fired or otherwise, and are generating their own electricity there locally in order to be able to mine cryptocurrencies efficiently, effectively so that they can make some profit from it. [00:23:20] It's really quite the world out there. Some people have complained about their smartphone getting really hot. Their battery only lasts maybe an hour and it's supposed to last all day. Sometimes what's happened is your smartphone has been hijacked. It's been crypto jacked. So your smartphone, they're not designed to sit there and do heavy computing all day long. [00:23:47] Like a workstation is even your regular desktop computer. Probably isn't. To be able to handle day long mining that has to happen. In fact, the most efficient way to do crypto mining of course is using specialized hardware, but that costs them money. So why not just crypto... /episode/index/show/cptt/id/21945497

Do You Trust Homeland Security And The FBI For Your Cyber Security? 01/21/2022

Do You Trust Homeland Security And The FBI For Your Cyber Security? Do You Trust Homeland Security And The FBI For Your Cyber Security? What a week the FBI got hacked, Homeland Security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails and how are they trying to con you? And can we trust the Feds for our Cyber Security? [Following is an automated transcript] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone that's sitting there saying gee, if the FBI gets hacked, there's no way my business can possibly survive an attack. Remember that the FBI is a huge target. They have so many systems, so many people and the bad guys really would love to send email out as though they are the FBI. [00:00:47] And in fact, they did, they used the FBI's email servers to send out some of these fake emails. I thought that was funny, but be that as it may, the FBI closed. But there are things you can do to protect yourself, to protect your email. And my wife and I have been working diligently on a guide. [00:01:10] Now, that I protect businesses. I work closely with the FBI, been doing cyber security for more than 30 years. I hate to admit that. But I've been on the internet for more than 40 years. So I've been at this for a very long time and there are things you can do. [00:01:29] So we're making available a guide. So she's taken a lot of my teachings and is boiled it down. It looks like it's going to be 25 ish pages. And it's just the key things, the primary things that you can do. To stop your email from getting hacked, your bank accounts, et cetera. There are some pretty simple things you can do. [00:01:54] So we're putting that together and we're also putting together a bootcamp and both of these are free. Okay. Absolutely free. And in the bootcamp, again, this book isn't about selling you all of the, my services and stuff. It's giving you. Actionable things you can do. Yes, you can do. You don't need to be the FBI or a cybersecurity expert to do them, but five things you can do that will, I don't know, 10 X, your cybersecurity, really? [00:02:30] It's that big a deal. And it's going to take you less than an hour to do all of this stuff. So for those people who like the boot camp, so we're going to have. And one of these zoom things and we're going to do it live and I'm going to explain it to you, spleen it. And you're going to have some homework before the bootcamp, because I want you to have some skin in the game too. [00:02:56] You're not paying me or anything. So I want to make sure that you've done your homework so we can quickly. Go through all of the stuff that we need to cover in the bootcamp and people who are interested in being the example, which means they are going to get more information than anybody else. [00:03:13] You can also say, Hey, listen, yeah, please use mine as an example. So we'll look at all of these different things. We're going to focus in on that first bootcamp primarily on. The stuff with passwords, what should you do? How should you do it? How can you tell if your password has been stolen? If your email accounts been compromised, all of that sort of thing. [00:03:37] And you need to be on my email list in order to find out about this stuff. And in fact, when you sign. I've got three special reports that Karen and I wrote that are really going to be helpful for you. These are three that we've been using with our clients for years, but again, actionable. To do right, is not some marketing sales guy trying to sell you the latest, greatest piece of antivirus software that doesn't work. [00:04:09] So you can get that. If you go to Craig peterson.com right now slash subscribe. If you want the deep link, Craig peterson.com/subscribe. We'll go ahead and sign you up. I have a little automated sequence. It's going to send you the emails with all of the attachments. We got one, that's an introduction to Karen and I, you get to see both of us. [00:04:35] And it's a really cool picture of when we're on vacation one time and you can get all of that again. It's free. This is the free newsletter. This isn't the paid newsletter. Craig peterson.com. Slash subscribe. All right. So I can help you out with all of that free content. And I have lots of it. I'm on the radio every week talking about free, right. [00:04:59] And you can avoid these things. So I hate to bring up this FBI hack because as I discussed again with Karen this week I don't want people to feel like there's nothing that they can do. I have a friend, her name's Laura and she's in one of my mastermind groups. And Laura is, was listening to me because another mastermind member got hacked and it had what was it? [00:05:24] $45,000 ultimately stolen from him. And we helped him out. And so I was explaining, okay, so here's the things you can do. And. Basically all she heard was I'm never going to be able to do this. And she's a technical person. She teaches people how to become business analysts, which is pretty technical, there's a lot of steps involved in doing business and analyst work. And so I was really surprised to hear from her that she had. The securing herself was just too hard. The FBI gets hacked, et cetera. And so that's why when I came to this realization, the bottom line is, yeah. Okay. It can be hard if you're like me and you've been in doing this for 30 years, you've got the curse of knowledge, right? [00:06:16] So all of this stuff, this isn't for you. If you know everything, okay, this is for people who. Quite understand what's going on. Definitely don't understand what they should do. Don't know what they should buy. Don't know how to use the free stuff that Microsoft and apple give you and how to pull it all together. [00:06:37] That's what I want you to be able to understand, and we spend time every. Going through this and every newsletter. I have a, an opening now that is a lot about three to five minute read. If that it can be very quick read and is helping you to understand some of the things that you can and should do. [00:07:00] So you'll get that as part of the newsletter. Again, Craig peterson.com. That's in my free newsletter. You should see the paid newsletter. It's a big deal because it's your life. It's a big deal because it's your business. It's a big deal because it's your job on the line. And most of the time, and when I pick up a new client, it's somebody who's the office manager. [00:07:23] Frankly, more than your office manager, sometimes the business owner, owner operator says to the office manager, Hey, we got to do something about cybersecurity and then I get. Saying, Hey, can you do a cyber health assessment for us and that cyber health assessment, which we'll do for almost anybody out there will tell you the basic self. [00:07:46] Okay. Here's what you got to do. You've got to update this. You should turn off this software or you should do this and that with your firewall so that they have. I a little checklist, that they can run through. That's the whole idea behind one of these cyber health assessment. And then what happens is they say, okay let's talk some more and we go in and talk with them, talk with the owner. [00:08:12] Do they want to do, help them put together a more detailed plan and then they are off and running so they can do it themselves. They can hire someone, they can have us do it for them, whatever seems to make the most sense, but it's very important. To do it, to do something because sitting there trusting the Google's going to take care of you or apple or whomever, it is trusting Norton antivirus is going to take care of. [00:08:43] I was reading a quote from John McAfee. He's the guy that started the whole antivirus industry. Now, of course, he passed away not too long ago, under suspicious circumstances, but he came out and said, Hey, listen, antivirus is. Because right now this year, these weren't his stats. These are stats published. [00:09:04] You can find them online. Just duck, go them. Yeah. I don't use Google for most things. And you'll find that the antivirus is ineffective 77, 0% of the time. What do you need to do? You need to listen to me here because I am going to help keep you up to date here. Some people are auditory listeners. [00:09:23] You need to make sure that you get the newsletter so that you get the weekly updates and you find out about these free trainings and special reports that we put together. Makes sense to you and you can attend the boot camps where we cover the basically one hour meetings on zoom, just like you're used to, and we cover one or more specific topics and we do it live and we use your information. [00:09:54] The information you want us to have a, do you want us to share? So how could that be better? And it's the same sort of stuff, but deeper dives and more interactive obviously than radio. And you can listen to me here every week. I think it's important that you do, and you understand this stuff. So anyways ramble. [00:10:14] It all starts with email. How do you keep your emails safe? You might remember years ago, you, people were getting broken into and emails were sent out using their accounts. That happened decades ago and it's still happening today. Right now, Craig peterson.com. I promise you. I am not a heavy marketer. [00:10:36] Okay. You're going to get good, actionable information that you can put to use in a matter of minutes, Craig peterson.com/subscribe. Hey, stick around. I promise. I'll get you this department of Homeland security warning in just a minute. We'll be right back. [00:10:59] Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a fist sophisticated chain attack. Your, I am trying to put on this like official voice. And it didn't do so well anyways, that's what we're going to talk about. [00:11:14] This is an email that came from the department of Homeland security warning about hackers in our network. [00:11:23] Okay. The subject line here, the one I'm looking at, and this is a justice week, urgent threat. In systems read the email goes on. We tried to black hole, the transit nodes used by this advanced persistent threat actor. However, there is a huge chance you will modify as attack with fast flux technologies. I don't know if that ties into a flux capacitor or not, which he proxies through. [00:11:53] Multiple global accelerators. So this is somebody who doesn't really know what they're talking about. They're just throwing up big words. We identified the threat actor to be. Somebody whom is believed to be in of course, whom wrong usage of the word here is believed to be affiliated with the extortion gang, the dark overlord, comma, uppercase. [00:12:18] We highly recommend you to check your systems and IDs monitoring. Be where this threat actor is currently working under the inspection of the NCC. I see, as we are dependent on some of his intelligence research, we cannot interfere physically within four hours, which could be enough time to cause severe damage to your infrastructure. [00:12:44] Stay safe. USDA department of Homeland security, cyber threat detection and analysis network analysis. Total control panel. So this is classic when it comes to scammers. And the classic part is that you could do. Is the grammars bad. The wording is confusing, his punctuation is wrong and he's throwing out all whole bunch of words that are used when it comes to hackers. [00:13:20] There are things like advanced, persistent threats. That's one of the biggest problems in fact, businesses have today. But in reality, the way he used it, Incorrect now that's something I would notice cause I've been doing this stuff for more than 30 years, but the average person is never going to notice something like this. [00:13:44] So it's been pretty, in fact, pretty successful now, a little different than usual here. These fake messages don't have attachments. They don't have phone numbers. They don't have web links. Therefore what? Your email filter is not going to look at them and say, oh, these look risky. These URL links are going to risky sites. [00:14:11] I'm going to block it. That's what we do. We have the advanced email filtering from Cisco that we use for our clients, or that includes their amazing artificial intelligence for fishing and stuff. So an email like this is not go. To trigger those types of alarms. So they're saying don't panic, avoid contacting the FBI for further details and ignore the accusations that are made in the email. [00:14:39] This is so focused though. So flows is a cybersecurity company. They have a lot of stuff. They have some pretty good stuff. It's not there's not. But spam house is tracking it. Now, if you've ever been blacklisted, it's called black holing really by people who might've used your domain to send spam, or maybe you're a spammer, you've heard of spam house and I've been blacklisted before inappropriately. [00:15:07] The good news is my. That I use for emailing is about 30 years old as well. So it's got a pretty good reputation over the years, but spam house is saying now that this is a scam they've been tracking it. It's a well-known scam and it's been widely circulated. To those office managers that I said are often the people who call us when there's a cybersecurity problem, or we get calls from office managers when something doesn't look right with the emails. [00:15:44] And we have a client that had been getting these weird emails and. We were called saying, what's going on, have a look. We looked and we found all kinds of problems. So that again, an office manager approaching us and thinking everything's fine because they had Norton and they had the more advanced Symantec stuff and it didn't catch. [00:16:09] Any of this really nasty stuff, but that's part of what Spamhaus does. And they're looking at it and saying, oh, okay, wait a minute. Now we're seeing these emails come out. They are definitely not coming from fbi.gov, which is what the return address is. And so spam house tags, it spam. Assassin's going to tag it and it's not even going to make it. [00:16:37] Anything about a log on are our email filter. So a number of people have received it. If you've received this email, I'd love to know it because they really are trying to go after the people who are a little bit more into this now, how do they find them? Apparently? They have stolen the email addresses by scraping them from public sources. [00:17:03] So databases published by Aaron, for instance, the American registry for internet numbers. And I'm assigned my own number is CP 2 0 5 because I was so early on by Aaron they're the guys that have been managing. The basic internet domain stuff here in the U S for very long time. And it also doesn't mean by the way that Aaron had any sort of a breach. [00:17:28] And really just showing that the crooks behind this disinformation campaign have really been focusing on people who appear to be in network administration, because those are the email addresses and names that Aaron is going to have. So why are they doing this? Why are they sending it out into it's frankly, it's kinda hard to tell some of the emails have a QR code in them. [00:17:58] Now that is intriguing because here's how, again, how a lot of these basic email filters work, they look at it, they say what links are in there? How many links, how much of the email is a graphic? And they understand while it's going to internet bad guys.com. There's the link right there. Forget about it. [00:18:22] I'm not going to forward this email to the intended recipient, but if there's a QR code in that email to almost every email filter out through. It only looks like a graphic. So might've been a picture of your mother as far as it knows. Most of them are not very smart. So you getting an email, having a QR code in it and saying, oh, that's interesting. [00:18:47] Let's check out that QR code. That's where the hazard com. All right. So be very careful fake news like this. It's not only unfair to the people who are accused in it, which is what happened here. They can be accusing your own it department. They can be accusing. People within your department, which is typically what's happening and then what they may try and do now that you don't trust your, it people, your security people, because they're mentioned by name in the email, but remember their names are probably scraped off of a. [00:19:27] That you don't trust them. And now they attack you and you don't trust that you've been attacked. So fake news, a term coined by Hillary Clinton during hurricane campaign, but that's exactly what it is entirely fake. So this email, if you get one from Homeland security about threat actors in your systems, almost certain. [00:19:51] Fake stick around. We've got a lot more coming up. Don't forget to subscribe. Get my weekly newsletter. I'm going to be published and even more, I think probably starting next month. I'm going to be sending a couple emails out a week because I got to get you guys up to speed so that you're ready for the upcoming bootcamp. [00:20:13] Stick around. [00:20:15] Everybody knows about the chip shortage, right? Computer chips. They're just hard to find. I'm hearing all kinds of ads from Dell lately on the radio. And they're saying just buy now. They're not selling new high-end machines anymore. [00:20:30] This is a story from the verge about who has allegedly kinda stepped in about Intel's plans to increase chip production. [00:20:42] And you'd think that the white house would be encouraging chip production. Considering the shortages, the justice week, it came out Tesla hasn't been delivering their electric car. Without USB ports. Other manufacturers are no longer providing you with an electric window for your car. It's a crank window. [00:21:05] Car manufacturers did it to themselves, frankly, by stopping orders for chips during the lockdown, thinking that somehow people wouldn't need cars anymore. And yet their sales of cars went up and when they go. Yeah. Guess what happens to the price? The price goes up, right? Inflation. You have more money chasing fewer goods. [00:21:29] So they really nailed themselves. Don't feel so sorry for some of these car manufacturers. We need more chips. I mentioned one of the manufacturers of PCs, the many of us use in our offices and Jews in our homes. Dell is a good company. They have been for a long time. However, you gotta be careful when you're buying computers because Dell makes very low end computers all the way up through good solid servers. [00:21:58] Same. Thing's true with. P Hewlett, Packard, excuse me, Hewlett Packard. Remember those guys back in the day? Yeah. They also make everything from cheap computers that you never would buy should not buy all the way up through really good ones. It's like going to Walmart, you go to the Walmart and you don't want to buy any of the computer sitting there with one exception. [00:22:24] And that is the Chromebook. If you buy a mid tier Chromebook at Walmart, you're going to get a good little computer. Doesn't run windows, doesn't run Microsoft office word, et cetera, but it can still edit those documents. And it's a very good machine that is kept up to date. Just watch the price $110 Chromebook, probably isn't going to last. [00:22:48] It doesn't have much storage on it, et cetera. A $2,000 Chromebook is probably major overhead. So go somewhere in the $400 $500 range for a Chromebook, which is by the way where they're selling some of the laptops. Wouldn't those laptops, same price point. Now again, that's why I just wouldn't buy any of that. [00:23:12] So we need more chips. We need higher end chips. They are very hard to get our hands on right now. We're talking about electrification of everything. And if you've heard me on the radio during morning drive time, I've been just bemoaning how the government's putting the horse... /episode/index/show/cptt/id/21854942

Are You Ready For Your Car to Spy On You? It's Already the Law 01/14/2022

Are You Ready For Your Car to Spy On You? It's Already the Law Are You Ready For Your Car to Spy On You? It's Already the Law They pass the infrastructure bill, which means now it's time to figure out what is in the infrastructure bill. And we're going to talk about the technology that they decided to fund the technology that will win the game because it has billions of dollars of federal money behind it. [Following is an automated transcript] [00:00:16] This is disappointing, but it's normal, right? [00:00:20] It's absolutely normal because the federal government has always been one that picks winners and losers. If you're old enough, you remember, of course, VHS. Tapes right too. Do you remember beta tapes? Beta max tapes. Beta max was quite the standard for professional production for the longest time, a better technology, frankly, a lot better than VHS. [00:00:46] Same. The thing's true with beta, but beta lost. And, of course, we ended up with VHS tapes. That's an example of technologies that were backed by investors. And we've seen a lot of that. Look at what's happened with the Serono trial, again, technology backed by investors. And it turned out to not work and in quite a dramatic way, frankly. [00:01:13] We've seen that repeatedly and keep hitting my mic here, and the problem that we really have, isn't so much that investors get things wrong because they. I was talking with a friend of mine. Who's has been an angel investor and part of VC partnerships for a long time. And he was saying, we're lucky if we get maybe one out of 20 times, we get. [00:01:37] Now, these are professionals, and my friend, he's a technology guy. He and I contracted together at the same time over a digital equipment corporation. And he came to me for a lot of advice about business. Now, I look back and think, my gosh, the way he did it. You can have all kinds of decisions in life. [00:01:58] Some are going to bring you closer to family. Some are going to bring you more peace and joy and happiness, and some are going to give you very gray hair that you're going to lose very quickly. And he chose the kind of gray hair. But he was really clear about that. Cause I had said to him, what is a one-time out of 10 VCs make money? [00:02:19] And that's when he corrected me. He said, no, it's really one out of 20 if they're lucky because that doesn't even happen all of the time. Now think about him. He was working on the scuzzy subsystem, which is. It's a complicated topic, but basically, a computer can talk to its hard disks. [00:02:38] Okay. Let's just keep it simple. And I was working in the kernel, which is the core of the operating system, and was rewriting kernel modules and routines. To work with a few different types of features and functions. I was very deep, very complicated. He was rather deep, rather complicated. [00:02:59] There's always a battle, by the way, between compiler people and kernel people as to who has the more complicated job, but he wasn't either. So he's just a kernel guy, I guess. So he went on. He started a company, he got VC angel funding and VC funding. He made a card for your computer that you could plug in that would provide not just scuzzy support, but he moved the file system out of the operating system or onto the card. [00:03:30] that's something I had actually done a decade earlier with the network moving it out. But anyway, that's a different story entirely. So many things I've done all my life that I wish I'd been able to monetize. But anyways, w he doesn't, he's not a slacker. Let me put it that way. When it comes to technology, neither are his partners, and yet one time out of 20 and along comes the infrastructure. [00:03:55] They call it the infrastructure bill. It really bothers me to call bills that are not the infrastructure bill that had. What was it? About five, 6% are actually going to infrastructure. So it's like the Democrats under the president, the last president Obama they, he had this shovel-ready jobs, which of course wasn't true. [00:04:15] And most of the money didn't go to building infrastructure. It just got worse. It's just crazy, and we're not paying attention. So I'm going to help you right now. Enough ranting and raving. The infrastructure bill contains money for some things. We'll talk about a few of them here in a minute and have new regulations. [00:04:37] And one of those regulations that I've been talking about on the radio this week is this requirement to put kill switches in all new cars. That is really a big deal. Now a kill switch, of course, is something that will stop the engine, and it'll stop the car. That's the whole idea. And various types have been bantered bandied about, including pulling the car over to the side of the road. [00:05:06] If the driver stops responding as a driver might have a heart attack or fell asleep, perhaps something happened in that car should probably pull over and get out of traffic, turn on the flashers which then makes it a target. Apparently, for some of these Teslas, we've seen articles about that in the news. [00:05:24] Yeah, don't park on the side of the road. I was in emergency medicine for a long time. And one of the things I can pass along that may save your life is if you have to pull over, do not stay in the car, do not stand in front of the. And particularly in the evening or at night because the flashing lights and the vehicle at the side of the road is a beacon for drunk drivers to come and hit you as well as some of these autonomous vehicles, apparently just get out of the car. [00:05:56] Behind the car off the road. Okay. Go off the road behind the vehicle, not next to the car off the road, not in front of the car, off the road, behind the car. So if it does get hit, you are less likely to suffer severe damage yourself, but this kills switch. That's part of this bill that was passed in sign. Of course, a remote feature requires all manufacturers to include the ability. [00:06:24] For police departments and potentially others. And this is where some of the problems come in to be able to stop them. Now you might remember back in 98, there's a Saifai series called the X-Files. It was a very cool series. And there's an episode called kill switch about the artificial intelligence gone wild. [00:06:47] And that, that is, of course, a while ago back when most people were still using a dial-up modem. But this was a tale of technology, run amuck, and it was warning about handing too much of your life over to technology. Oh, that's one thing. But in this case, isn't it safer, right? Because somebody is whipping through neighborhoods at 80 miles an hour in their car, trying to avoid police. [00:07:16] Shouldn't have, please be able to stop that car and pull it. So the problem is multifold, frankly, and having this kill switch one constitutes law-abiding. There's a great article on motorists.com, and it shows a picture of this down in New Zealand. Our car was pulled over. And the police found the trunk was full of contraband. [00:07:42] Now we've seen this before, right? And movies, Miami Vice, and others, where they pull over the car. It's got all this contraband in the trunk. It's cocaine and various other things. No. This isn't Auckland, New Zealand and the trunk was full of Kentucky fried chicken meat. They were running Kentucky fried chicken, just like the Kennedys, running illegal booze back in the day. Yeah. That's how they made their millions. They were running Kentucky fried chicken. Now this bill signed into law by president Biden states that this kills switch, which uses referred to as a safety device, must passively monitor the performance of a motor vehicle driver to accurately identify whether that driver may be impaired. [00:08:34] In other words, big brother will constantly be monitoring how you drive. So if you do something that the system has been programmed to recognize as driver impairment or unsafe driving, your car could just shut off, which could be incredibly dangerous. I want to point out this week too. Another article I read about Teslas and how Tesla had introduced it last fall, a feature. [00:09:02] So you could set how the car was going to drive. Do you want to move? Real cool, laid-back fashion. Do you want the car to drive an average way, or do you want it to be aggressive? Just weave in and out of traffic a bit and tailgate and do all of those sorts of things, and you could set it, and there is a public backlash, and Tesla got rid of it. [00:09:22] It is back now. How do you tell if a driver's being unsafe? When will a car in its autonomous mode do the same things human drivers shouldn't be doing? Or what if you're hauling contraband, Kentucky fried chicken? How is the driving going to be measured as impaired? Now I know in many states you have these breathalyzers that are court-ordered, installed in cars. [00:09:52] Okay, so that makes sense. Somebody has been drunk driving many times. You don't want them drunk driving ever again, please. And thank you. But how about having that system in every car? Because it fails. It doesn't work sometimes. And how about the back door? Because that's essentially what we're talking about. [00:10:14] These cars will have a back door that allows someone named government authorities to access them whenever they want. Would they need a warrant to do it? Probably not. Even as hackers could access the back door and shut down your vehicle, think about lad having a kill switch that would kill all cars and trucks in the United States. [00:10:41] Right? There are so many potential problems here and they haven't been thought about. Oh, obviously, it's government, but we're going to talk, or we'd get back about the investment that is part of this multi-trillion dollar bill that you and your kids and grandkids are paying for. [00:11:02] We know they snuck a backdoor kill, switch into all cars manufactured after 2026 into this infrastructure belt. What else is in there? That's going to affect technology. That's what we're going to talk about right now. [00:11:17] We know about this now. After it passed, finally, people had a chance to read it because this provision on the kill switch was not debated in the house. [00:11:29] It was not debated in this. Just like they've been doing was so many other things for so long now, they just bundle them all together in a bill. They gave it a cute little cuddly title, and then they go ahead and put whatever it is they want into it. These are these omnibus bills that they should have gotten rid of decades ago. [00:11:54] It is absolutely crazy to me. I just. Get it. Why are we putting up with this? So now the next step here is the investments that are being made. Now I'm going to type in right now, how successful are angel investments? Okay. So here we go. Bunch of ads for angel investing says you can have an average return of 1.1 X cap. [00:12:27] All right. And it goes on and on. This is a company called core associates. The success rate of angel investors. This is from Investopedia, the effective internal rate out return for a successful portfolio for angel investors is approximately 22%. Now, remember that over. So that's pretty amazing. Those numbers are much higher than what my friends said that they can expect absolutely much, much. [00:12:58] But I can tell you one thing for sure. Government quote, investments, end quote, rarely ever actually payout because you've got political motivations in there. It's one thing to be a smart technology guy investing in technology. But how about those people in Congress? That aren't smart technology guys. [00:13:22] How about the doctors in Congress? Look at what Senator Paul ran. Paul has been saying he is a doctor and what he's been saying about the whole COVID thing and the way the government has handled it. We are really going down the wrong road to here because government. Taking the money from us at the point of a gun. [00:13:44] Try not paying your taxes and see what happens rarely ends up. Okay. So the us Congress passed November six. Biden's trillion. Plus infrastructure bill that includes 65 billion of investments in the power grid to accommodate rising, renewable energy capacity and demonstration clean tech project. So what's that one about? [00:14:10] That particular one is because our grid cannot handle solar and also the windmill power. The rates, we would need to have it, our grid set up so that you have a few centralized power stations, and then that power is distributed to the area. It's not set up for having tens of thousands of power stations. [00:14:35] So there you go, president Biden, put money in to try and figure out well, Hey, how do we accomplish? How do we accommodate them? Noma, Germany has done. Is they've gone ahead and they're using a massive lake as a heat sink to get rid of the extra electricity that's being generated. When it comes to a regular power plant, you can turn it up. [00:14:59] You can turn it down the same. Thing's true for every type of power plant, whether it's powered by water or nuclear or coal, you can turn it up. But when it comes to wind and solar, you can't turn it down. If it's a nice sunny day, you're not going to be able to turn that power down. It's still coming out. [00:15:18] You got to do something with it. You can cut it. Open the circuit. But the power companies that run the grid don't have that kind of fine-grain control over the electricity that you're generating in your house or in your business. There's so many problems that start to open up here. So they're spending $65 billion. [00:15:40] That is a lot of money to figure this out. Okay. Personally, I'd rather see the private sector do it because they're going to have a better chance of coming up with something that's really going to work next part here. Okay. And by the way, Colin it or trillion-dollar-plus is being favorable because they played all kinds of gimmicks with this money. [00:16:03] Just, I just found out. In fact, I think it was a couple of weeks ago, June. Do you remember. President Biden moved all of the college loans from private sources into the white house. Do you remember that? So the white house is controlling all college loans at the time I thought, okay, it's just them paying back the unions, the teacher's unions, right? [00:16:27] Because it also included provisions that you cannot have be bankrupt and get rid of your college. Th that's just mind boggling to me, but as it turns out what he was doing. Okay. All of that's true. But what he was actually doing is saying, oh, there's over a trillion dollars in college loans. So we're going to move them into the white house and call those assets to offset all of the money we're spending. [00:16:58] You see what we're talking about here? It's just not. Electric vehicles, clean energy, public transit are all part of this trillion-dollar-plus legislation. It's got $550 billion, a half, a trillion dollars to fund advancements in public transit, clean energy electric vehicles, roads, and bridges. Okay. It's always electric. [00:17:26] Really? The right winner here is electric. The beta max that should have won out over VHS. How about hydrogen? How about some other way? How about natural gas or LP gas? What we'll never know because some of that is not going to get funding. However, there is going to be some funding. For nuclear development? [00:17:50] No, I've talked a lot about this on the radio before, but the bottom line is as nuclear is the only green energy that we can really get. Now you can hear some people saying, oh, okay. You're not sure not to know. Look at the current generations of nuclear power. Now, unfortunately, the regulations around nuclear power were written what, 70, 60 years ago, right? [00:18:17] When nuclear power was nasty stuff, it came out of the projects that we had in world war II to build nuclear bomb. Now these six generation nuclear power plants are as clean as can be. They only need to be refueled every 10 to 20 years, and they're small enough to fit into a small building smaller than your average home. [00:18:40] And you can put one of these in the neighborhood in a small town, and that will power the. Thing. Okay. So we're already getting 27%, according to president Biden of our power from these decades, old nuclear and hydropower facilities, they've got 21 and a half-billion dollars in this for clean energy demonstrations and research hubs focused on next-generation technologies, helping to get us to that net-zero by 2050 that they're looking at. [00:19:13] To get to, so this will be interesting because there they've got 8 billion earmarked for hydrogen and carbon capture. Guess what's going to get more, yeah. Carbon capture, direct air capture, and we don't know what's going to happen with this. We're turning cow, carbon into stone, basically with some of these plans and experiments are underway. [00:19:34] So what happened. When we need that carbon again. But 8 billion is earmarked for hydrogen and carbon capture direct capture, 10 billion, two and a half billion earmarked for advanced nuclear. So I'm happy with that. Not that they're spending the money, not at all, but that they're actually putting it into something that might make a difference. [00:20:00] And hydrogen funding in this, by the way, it looks like it's a big win for oil and the whole oil industry stick around. [00:20:09] This year, we have a live show at the consumer electronic show. That's a cool thing. I was not able to go this year, but we're going to talk right now about some new technologies that were unveiled just this year. From some of the major manufacturers. [00:20:27] Samsung had some really cool announcements out at the consumer electronic show. [00:20:34] There were a lot when you consider how many people attend that show every year, it was way down this year, by the way, usually there's like 120,000. The people who attend, give or take this year, it was like a fifth of that number, hardly anybody, but there were still thousands of businesses that were there, exhibiting products and software and things. [00:20:58] Hopefully next year I'll be able to head back out there again. I just don't like all this lockdown craziness that they have, and man, they had quite a bit of it out there. This year, just a large part of the reason. I didn't know. But Samsung had some cool stuff. We'll talk about that right now. [00:21:16] You might've seen the galaxy fold, you know what that's about where you have a phone. That folds in half and it has a couple of displays on it. There's one display that might all always be visible. There have been some cool phones in the past that had LCD, just regular, old, black and white displays on the outside. [00:21:38] And you open it up inside and there's color. Now galaxy has come out with the tri-fold flex and flex. Concepts, you can't buy these right now, but they're really quite cool because this tri-fold is something that looks like a little big bit of a big iPhone. So you, if you're familiar with iPhone, It's probably about 25, 30% bigger than your iPhone when it's all folded up. [00:22:09] But I'm just talking about the face. It's obviously a lot thicker than your iPhone, and then you can fold it out and you have, what is. Tablet. Now, this is quite cool. This tablet look, and I'm looking at it right now. And it is neat. If you need to carry something around, of course, courses, Android. [00:22:30] And I always advise you guys against not getting Android because of the inevitable security problems that they have. But it is quite cool. What they've done a whole way, which of course, another company you definitely should not buy from. If you're stuck on Android, then go ahead and buy the latest Samsung do not buy Walkway LTE or. [00:22:55] Algae, any of these other guys that are out there. Okay. No safe place to, to put it on the table. At least with the tri-fold at the bottom is going to be good, but we'll see, they had another one that is a... /episode/index/show/cptt/id/21781031

Do You Have a Smartspeaker? Another Danger Comes Your Way! 01/14/2022

Do You Have a Smartspeaker? Another Danger Comes Your Way! Do You Have a Smartspeaker? Another Danger Comes Your Way! By now, you've heard of tick talk. You might use Tik TOK. Many people do. It's their go-to site online, especially if you're a little on the younger side. Here is a danger of some of these tick talk challenges and combine that with Alexa. Oh my [Following is an automated transcript] This is a little bit on the scary side. We built our house some 25 years ago, we contacted a builder, and I put together all of the specs, and I made sure that the wood he used was better than average. [00:00:30] It's all plywood. It's not particle board or composite boards. And I made sure they were thicker than needed for all of the rules. Struts were closer together than the code required. And we had more oversized plumbing than what was needed through the house. And one of the things I did was I had him wire the house, actually the electrical contractor, with a heavier gauge wire than usually. [00:01:02] So that I had 20 amp sockets at every socket in the house. Now we put the special 20 amp sockets on some of them, like in the kitchen, we have a commercial toaster, as a sort of thing you need, when you got eight kids and a half of our married life, we had other families living with us too, that we were helping out everything from training through just getting them through. [00:01:26] Bot. So there were times when we had 20 plus people living in my house. It got crowded, but I wanted to make sure everything was above code so that it would work well and work well for us and know how much juice we tend to use. Yeah, you don't want to see my electric bill. I decided, yeah, let's do the heavier gauge wire, and let's put the sockets in one of the things I had the electrician do to make the sockets a little bit safer. [00:01:57] This was back before you had these. I, frankly, hate them, but these safety sockets where you push in the plugin Erie must try it for something to get plugged in. There are ways to defeat those safety sockets, and that's where this problem comes in. I had him install the sockets. [00:02:18] You might consider them to be upside down. So the top of the socket had little grounding. And then underneath that, you had the hot and the neutral lines. So the idea there was, while if something fell onto a plug that wasn't plugged in all the way, or if the kids decided they'd stick something on it, it would go to ground or made sense to be. [00:02:45] And apparently, it's worked because none of my kids are dead yet. So that's a good thing. There are these challenges on Tik Tok. You've probably heard of them. That's how they got themselves going. They had that, that ice bucket challenge, and many others that people were doing, and they continue to this day. [00:03:06] One of the tick-tock challenges is very stupid and dangerous. And that's where this article from ARS Technica comes from. Eric Bankman wrote. When was this? Oh my gosh, this is right at the beginning of the year. A 10-year-old girl and her mother used Amazon Alexa. And what was happening in the kid wanted some challenges. [00:03:32] Mom wanted some challenges, and they were doing a whole bunch of things. Physical challenges, like laying down and rolling over a holding a shot on your foot from a phys ed teacher on YouTube. And the girl just wanted another one. So for those of you who are uninitiated, the plug challenge consists of. [00:03:54] Partially plugging a phone charger into an electrical outlet. Now the phone chargers usually do not have a grounding pin. So my little workaround of mounting all of the sockets upside down wouldn't matter. Cause if you look at that little charger plug, it's usually just two pins, and it usually doesn't care about the polarity. [00:04:16] It doesn't have the more significant the side and the smaller side, the. Yeah. I can't remember what they call now, but if they're both the same size, so you can put it in either direction, the spades that you put in. So if you put it in part way, you have defeated the safety mechanism in all of these modern plugs. [00:04:38] So you put it in part way, you have to push hard and in it goes, and then you pull it out partway. So that's part one. Can you plug this phone charger intellectual outlet partway so that those two conductors are exposed, and then yeah. Then they ask you the challenge is to drop a penny onto the exposed prong. [00:05:08] So you can get anything from a tiny spark. That little coin may jump off to a full-blown electrical fire. Now, mom was there, and she yelled. No Alexa, no. And the daughter said she's too intelligent to do something. Anyway, I'm looking at a picture here that ARS Technica published of a wall socket, where a short had happened. [00:05:35] This wall socket is mounted sideways. I don't get that. And the hot side is up. So anything falling against the sock, and by the way, the faceplate is metal. And it was grounded. So anything falling onto a plug that's only partially plugged in because the socket sideways falls onto it. It touches the metal faceplate, and you've got a fire burning. [00:06:05] So they've got a picture of one of these in a house and you can see where the smoke went up. Now. I don't think the whole house caught on fire here, but it was a major zap. It reminds me of the days when we had. The fuses in the basement. And if a fuse blew, all you really needed to do is go down there and stick a quarter in it. [00:06:26] And you're fine, which means it's defeated the purpose. Anyways, you gotta be careful. At Amazon confirmed in a statement to the BBC that it has removed that particular challenge from Alex's database. Obviously these are computer generated, and they're based on Tik TOK, idiots. You shouldn't be using Tik TOK for a lot of reasons. [00:06:52] One of them is it has been alleged that they have been spying for the Chinese. It is a Chinese company. It's part of 10 cents. And the, there's just a little stupid thing. So Amazon said, as soon as you became aware of this error, We took action to fix it. So again, you can't necessarily trust your kid at home with a, an Alexa doing challenges. [00:07:18] I just can't believe it. It's just incredible exactly what happened here. Hey, I want to give you a real quick tip. Last week, we went over how you can find out. If your computer has been hacked, basically. In fact, we were a little bit more specific. We said, okay, what I want to do here is know if not just the computers have been hacked, but as someone's stolen my. [00:07:47] Email and or my password. And we explained why and everything else. Then if you missed it last week, you can just go right ahead, online to to oh my I'm just having man's beginning of the year, right? That's what happened. Go online to Craig peterson.com/itunes or slash your favorite podcast player. [00:08:08] And you can listen to it there. So really good little article from. And make use of technology. And they're talking about what are some of the things you can do? You should do. You shouldn't do when it comes to external GPU's and now if you are a regular computer user, you don't even need one of these things and people might've tried to talk you into it. [00:08:35] Now, also that GPU is these graphical processing units are built into all of our computers nowadays. All of these new computers that our friends at Apple have come up with have some amazing GPS built into them. Those are great. They're used to update your actual windows screen that you're looking at hate Microsoft for stealing words like windows, mean things anyways. [00:09:03] But the external GPU is something I use on my main production workstation. So I've got GPU's they work great. And when I'm processing video and doing the edits, and then the final renders, that's when an external GPU comes in. So I can guarantee you if you don't know what I'm talking about here, I guarantee you. [00:09:29] I need an external GPU. Now the couple of other things to know, if you are looking for an, a GPO of any sort to build and put in your existing computer to build in somewhere out somewhere else, the GPU's are difficult to get right now. And part of the reason for that is so many people have been using them for mining cryptocurrencies, because they're quite good at that. [00:09:55] Now there's special hardware that's being made. To mine, cryptocurrencies, but GPU's frankly are great little work around for anybody that just has a basic computer and wants to try and do a little crypto mining. So you're going to have a hard time getting ahold of these. GPU's just like many other chipsets out there and my own personal experiences. [00:10:19] I don't need the top end one because of it takes a few extra minutes to render something. When I'm making a video, it's not a big deal, cause I'm not making videos all day long. So a little tip for you on GPU's and external GPU's. And do you need them, what should do. Use them for, Hey, I am doing some training every week. [00:10:43] Kind of what we just did just now, but about cybersecurity and other things in my weekly newsletter. So make sure you sign up Craig peterson.com AU. And if you could, and if you are a podcast listener, like to invite you to subscribe to my podcast, you can find it at Craig peterson.com/itunes. [00:11:07] We've got the end of a era for a device that was considered to be quite secure. In fact, some of our presidents, particularly the one that comes to mind is President Obama used it extensively, and it isn't what it was. [00:11:23] This device that I'm thinking of right now, and we'll see if you can guess what it is, but it was extremely popular. [00:11:31] It was for sending and receiving messages that even had some other functions, but it was mainly an email thing. I remember having a couple of those back in the day that was strictly email. They were, they actually nice. And then of course texting came along and they kept up with the times a little bit. [00:11:49] What we're talking about is the end of the line. This was a Canadian company, a company that was well-known worldwide by the name of rim. They were providing the Blackberry operating system. They had servers that were designed and built to be secure. So you could rest assured that all of your data was safe, no loud you to send and receive emails. [00:12:23] And it had that wonderful little click keyboard on it. Something that went the way of all the world. That keyboard is now gone, and it's gone for good, as has the ability to use some of those blackberries that you bought over the years to keep yourself. I just had to play taps underneath that, but it's just incredible. [00:12:51] It is the end of the day for the company, the once dominated the entire smartphone business. If you didn't have a Blackberry, you weren't cool and you weren't secure or secure. And you weren't able to communicate as easily. They were actually. Excellent little devices in their day. I want to add another note here when we're talking about secure, because Blackberry was very big and saying, Hey, listen, it's very secure. [00:13:21] It's all encrypted. We keep all your emails, encrypted, all your communications and gripped and what we found out, by the way, is it turned out that the Canadian government, basically the equivalent of the FBI, CIA NSA had the master key for all Blackberry messages. And not only did it have the master key, it shared the master key with the United States secret agencies, the end of the. [00:13:53] CIA, et cetera. So if you were thinking you could use your Blackberry and keep your information safe, you are wrong. You remember when President Obama was elected? One of the first things they scrambled for in the tech business was how do we secure our. Mary. And of course, all kinds are not our Blackberry, his Blackberry, all kinds of rumors erupted that, it was people controlling president Obama and they were using the Blackberry and they're using it because it was secure. [00:14:22] You, do you remember the whole uproar around. And the biggest problem was obviously our intelligence knew that they weren't secure and they could read any message they wanted to, as well as the Canadian government. And remember the whole five eyes thing back in the day, these five different governments that shared information on their own citizens. [00:14:45] So it was a real windfall for the United States because Canada was. EV all of this shop software was developed for the Blackberry. It's where all of the servers were located, and data could easily be routed to Canadian servers away from us servers if they wanted to monitor somebody. And so Canada was the one spying on you, technically not your government. [00:15:08] They'd never do that. So it was an interesting time, frankly. As of January 4th, 2020, These Blackberry phones will no longer be provided with provisioning services, which means they are going to gradually lose the ability to join networks, including the cellular network, by the way. So it's man, it's something that many kids. [00:15:40] I have never even seen. And I look at it and just think, I remember envied some of the guys that had the blackberries at the time. And I had a couple of other little devices, keyboard-driven that were from people who have been guests on my radio show. And I really liked those, but in the Blackberry was just crazy expensive as far as I was concerned. [00:16:02] But Blackberry's leadership really messed up. The guys who are developing Android at the time realized, oh, wait a minute. The iPhone is a pretty popular. It's going to be extremely popular. So Android then they mimicked the Blackberry at first, made it look like a Blackberry. And then they switched over and made the Android operating system be like an iPad. [00:16:31] So they can pick, can compete with it, but Blackberry didn't see any of this coming. And it took over a year after the iPhone came out for Blackberry, for rim research and motion to come up with its own touchscreen phone. And the software was really quite a mass where they tried to. Basically crowbar in some new features and they had the old features. [00:16:56] They're still incorporate users during this whole time. We're falling into love with their apple phones and then eventually the Android phone. Told their IP department, it departments that they needed to support the iPhone and the Android phones. And so they did, and Blackberry eventually gave up on its own phones and they started releasing Android versions. [00:17:21] Do you remember those, the Android phones from. Mary, they got out of the hardware business entirely. And now what they're doing is they're trying to promote corporate security services. And that's really what they're trying to do. It's a new claim to fame. Yeah. Remember I just told you last time they were promoting that they were secure. [00:17:42] They weren't at all. No, they were to some extent, but so the last version of Blackberry opera and he said, The very last release that they had was in 2013. Yeah. 2013 year that hold. So the devices affected here by this shutdown are by all standards, extremely low old. And remember you got to get security updates. [00:18:07] So these machines, I can't even believe this still online when Blackberry hasn't given an update to them since 2013, that's almost a decade now, nine years. So if you're still using it, stop, and if you're trying to figure out what to use, get an iPhone. And if you say, oh, Hey, films are too expensive. Don't get the latest, greatest iPhone. [00:18:31] Get a slightly older one because they are supported for five or more years out, unlike everything else out there now, although. We now have Samsung promising some longer support, like five-year support for some of the devices. So we'll see how that ends up going. But frankly, Blackberry, they're done for. [00:18:53] It's a shame. So there's a handful of software services that relied on the Blackberry servers to function. So if you were using Blackberry world or Blackberry link, those also stopped functioning on the 4th of January and the number of people still using it. I don't know. When was the last time you saw a Blackberry and have you used one I'd love to hear from you go ahead and drop me into the. [00:19:21] Craig. Yeah, exactly. [email protected] Let me know, did you have a Blackberry? Are you still using one? And did they bother telling you about the shutdown that was coming up, but this is it. This is the end of what was a very significant technology. So here's to Blackberry. All right, stick around everybody. [00:19:50] Make sure you are on my email list. I'm going to do something new too, with the list. I'm going to start sending you my show notes. Now you can opt-out of the show notes, just the show notes, if you want to, but expect to start seeing them show up in your email box. And this is the same show notes I send out to all of the radio and television stations I appear on because it's the most important news of the week. [00:20:17] Artificial intelligence is making its way into all kinds of aspects of our lives. And one of them that concerns me maybe the most, in some ways it's a benefit and others is AI in the criminal justice system. [00:20:33] China has developed what it calls an AI. Or artificial intelligence prosecutor. [00:20:41] And they're saying that they can identify dissident and press charges for common crimes with 97% accurate. Now that is a very big claim. And the whole idea behind this is their servers services. If you will, in the court system are overloaded. We have the same problem. Most countries have the same problem. [00:21:07] I was just looking at India. They've got some 37 million backlog court cases. Absolutely. Phenomenal. So the system now in China can press charges for Shanghai's eight most common crimes that runs on a standard PC. And it takes part in the decision-making process. They say, although apparently it's actually making their decisions, but there are fears. [00:21:37] The machine could be weaponized by the state. Now it's interesting. Looking at the actual charges that it's designed to press right now, they're saying that it was trained using 17,000 real life cases. And it's able to identify and press charges for the eight most common crimes in Shanghai. These include provoking. [00:22:05] Now that's a term used to stifle dissent in China credit card, fraud, gambling crimes, dangerous driving theft, fraud, intentional injury, and obstructing official duties. In other words pretty much everything, right? You go against the government. It's just going to charge you. And that's what they say high prosecutor's going to do. [00:22:28] Now I'm looking to it. Some more details. From the management review journal. And they're saying that the system can replace prosecutors in the decision-making process to a certain extent. Now let's look at some other countries we've got, for instance, Germany, and they're using image recognition and digital forensics to help with their caseloads. [00:22:54] China's using a system. No. System 2 0 6 to evaluate evidence of a suspect's potential danger and conditions for arrest. Now, we've had some really weird things happening here in the US with our criminal justice system. Some of them are absolutely idiotic. But things like just letting people out the same day that really should be held because they committed a moderately serious crime. [00:23:20] And we just had cases just at the end of 2021, where we had people. Who had been arrested and got out that same day and then went on to commit serious crimes, rape, murder, and other things. So what are we doing here in the US unfortunately we have found out that in the us, we are monitoring the. [00:23:49] The funds that people need to put up that are called bail in order to be released from jail. So normally you'd go in front of a justice of the peace and maybe a court clerk, and they would look at what the... /episode/index/show/cptt/id/21780185

Have You Checked If Your Email Is On The Dark Web? Let's Do It Now! 01/03/2022

Have You Checked If Your Email Is On The Dark Web? Let's Do It Now! Have You Checked If Your Email Is On The Dark Web? Let's Do It Now! Do you know how to find out if you have had your private information stolen? Well, you know, the odds are probably pretty bad, but where was it stolen? When? What has been stolen? How about your password and how safe is that password? We're going to show you real hard evidence, and what you can do to fix things! [Following is an automated transcript] [00:00:16] Knowing whether or not your data has been stolen and what's been stolen is very important. [00:00:24] And there is a service out there that you can go to. They don't charge you a thin dime, nothing, and you can right there find out which of your account has been compromised. And. Out on the dark web. Now the dark web is the place that the criminals go. That's where they exchange information they've stolen. [00:00:49] That's where they sell it. That's where you can buy a tool to do ransomware hacking all on your own. Far less than 50 bucks. In fact, ransomware as a service is available where they'll do absolutely everything except infect people. So you just go ahead and you sign up with them, you pay them a 20% or sometimes more commission. [00:01:12] You get somebody to download in fact to themselves with the ransomware and they do everything else. They take the phone call, they find out what it is. Company is doing and they set the ransom and they provide tech support for the person that got ransomed in order to buy Bitcoin or sometimes some of these other cryptocurrencies. [00:01:38] In fact, we've got another article in the newsletter this week about cryptocurrencies and how they may be falling through. Floor because of ransomware. We're going to talk about that a little later here, but here's the bottom line. You really want to know this. You want to know if the bad guys are trading your information on the dark web, you want to know what information they have, so you can keep an eye on. [00:02:11] Now you guys are the best and brightest, you know, you gotta be cautious or you wouldn't be listening today. And because, you know, you've been caught need to be cautious. You have been cautious, but the time you need to be the most cautious is right after one of the websites that you use, that hasn't been hacked because the fresher, the information, the more it's worth on the dark web, your identity can be bought on the dark web for. [00:02:38] Penny's depending on how much information is there. If a bad guy has your name, your email, the password you've used on a few different website, your home address, social security number, basically the whole shooting match. They can sell your personal information for as little as. $2 on the dark web. That is really bad. [00:03:02] That's sad. In fact, because it takes you a hundred or more hours. A few years ago, they were saying about 300 hours nowadays. It's less in order to get your identity kind of back in control. I suspect it probably is closer to 300, frankly, because you. To call anybody that pops up on your credit report. Oh, and of course you have to get your credit report. [00:03:29] You have to review them closely. You have to put a freeze on your. Got an email this week from a listener whose wife had her information stolen. He had lost a wallet some years ago and she found because of a letter that came saying, Hey, thanks for opening an account that someone had opened an account in her name. [00:03:51] Now the good news for her is that it had a zero balance. Caught it on time. And because it was a zero balance, it was easy for her to close the account and he's had some problems as well because of the lost wallet a few years back. So again, some basic tips don't carry things like your social security card in your wallet. [00:04:17] Now you got to carry your driver's license because if you're driving, the police wanted, okay. Nowadays there's in some ways less and less of a reason to have that, but our driver's license, as you might've noticed on the back, many of them have either a QR code or they've got a kind of a bar code scan on them, but that big QR code contains all kinds of information about. [00:04:41] You that would normally be in the online database. So maybe you don't want to carry a bunch of cash. Although, you know, cash is king and credit cards can be problematic. It kind of depends. And the same thing is true with any other personal identifiable information. Keep it to a minimum in your wall. But there is a place online that I mentioned just a minute ago that does have the ability to track much of the dark web. [00:05:13] Now this guy that put it together, his name's Troy hunt, and Troy's an Australian he's been doing this. Public service for forever. He tried to sell his little company, but the qualifications for buying it included, you will keep it free. And there are billions of people, or I shouldn't say people there's billions of requests to his website about people's private information. [00:05:42] So, how do you deal with this? What do you do? Well, the website is called, have I been poned? Have I been E and poned P w N E D. Ponying is an old term that comes from. Uh, these video games before they were online. And it means that basically I own you, I own all of your properties. You've been postponed and that's what Troy kind of followed here. [00:06:11] Have I been postponed to.com is a website that you can go to now. They have a whole bunch of other things. They have API calls. For those of you who are programmers and might want to keep an eye out for your company's record. Because it does have that ability as well. And it has a tie ins too, with some of the password managers, like one password to be able to tell is my new password, any good. [00:06:41] And which websites have been hacked. Does that make sense? And so that is a very good thing, too, because if you know that a website that you use has been hacked, I would like to get an email from them. So the first thing right there in the homepage, you're going to want to do. Is click on notify me. So you ensure in your email address, I'm going to do that right now, while we're talking, they've got a recapture. [00:07:12] I'm not a robot. So go ahead and click that. And then you click on the button. Notify. a lot of people are concerned nowadays about the security and safety of their information. They may not want to put their email address into a site like this. Let me assure you that Troy. Is on the op and up, he really is trying to help. [00:07:39] He does not use any of the information that you provide on his website for evil. He is just trying to be very, very helpful. Now his site might get hacked, I suppose, but it has been just a huge target of. Characters and because of that, he has a lot of security stuff in place. So once you've put your email address right into the notify me box, click on notify me of [00:08:06] Of course you got to click the I'm not a robot. So once you've done that, It sends you a verification email. So all you have to do at that point, it's just like my website. When you sign up for my newsletter, keep an eye out for an email from Troy from have I been poned.com asking you if you signed up for his notification service? [00:08:31] Obviously it is a very good idea to click on his link in the email. Now I caution people, it costs. And you guys all of the time about clicking on links and emails, because so many of them are malicious, but in the case of like Troy or my website, or maybe another one that you sign up for, if you just signed up for. [00:08:54] You should expect an email to come to your mailbox within a matter of a couple of minutes, and then you should spend just that minute or so. It takes to click on that email to confirm that you do want to get the emails from the website, because if you don't hit that confirmation, you're not going to get the emails. [00:09:17] Let me explain a little bit about why that is. Good guys on the internet don't want to spam you. They don't want to overload you with all kinds of emails that may matter may not matter, et cetera. They just want to get you information. So every legitimate, basic a guy out there business, a organization, charity that is legitimate is going to send you a confirmation email. [00:09:50] The reason is they don't want someone to who doesn't like you let's say to sign you up on a few hundred different emails site. And now all of a sudden you're getting. Well, these emails that you didn't want, I had that happen to me years and years ago, and it wasn't sites that I had signed up for. In fact, some of them were rather pornographic and they kept sending me emails all of the time. [00:10:19] So Troy is going to send you just like I do another legitimate website, send you an email. The link that you must click. If you do not click his link, you are not going to get the emails. It's really that simple. Now, Troy looking at a site right now has information on 11 billion pond account poned accounts. [00:10:47] Really? That is huge. It is the largest collection that's publicly available of. To count. So I'm, we're going to talk about that a little bit more. And what information does he have? How does he protect it? What else can you find out from? Have I been poned? This is an important site. One of the most important sites you can visit in order to keep yourself safe. [00:11:16] Next to mine. Right? Make sure you visit right now. Craig peterson.com/subscribe and sign up for my newsletter and expect that confirmation email to. [00:11:29] Have you been hit by ransomware before? Well, it is a terrible thing if you have, but what's the future of ransomware? Where is it going? We've talked about the past and we'll start with that and then move into what we're expecting to come. [00:11:46] The future of ransomware is an interesting one. And we kind of have to look at the past in ransomware. [00:11:55] Ransomware was pretty popular in that bad guy. Just loved it. They still do because it is a simple thing to do. And it gives them incredible amounts of flexibility in going after whoever they want to go. After initially they were sending out ransomware to anybody's email address. They could find and hoping people would click on it. [00:12:24] And unfortunately, many people did click. But back then the ransoms were maybe a couple hundred dollars and you paid the ransom and 50% chance you got your data back. Isn't that terrible 50% chance. So what do you do? How do you make all of this better? Make your life better? Well, ransomware really, really drove up the value of Bitcoin. [00:12:54] Bitcoins Ascension was largely based on ransomware because the bad guys needed a way that was difficult to trace in order to get paid. They didn't want the bank to just sweep the money back out of your account. They didn't want the FBI or other agencies to know what they were doing and where they were located. [00:13:20] So, what they did is, uh, they decided, Hey, wait a minute. Now this whole crypto game sounds interesting. And of course talking about crypto currency game, because from their viewpoint, it was anonymous. So they started demanding ransoms instead of dollars, PayPal, even gift certificates that they would receive from you. [00:13:46] They decided we're going to use some of the cryptocurrencies. And of course the big one that they started using was Bitcoin and Bitcoin has been rather volatile. Hasn't it over the years. And its founding was ethically. Empty, basically what they did and how they did it. It's just disgusting again, how bad some people really are, but they managed to manipulate the cryptocurrency themselves. [00:14:17] These people that were the early. There's of the cryptocurrency called Bitcoin and they manipulated it. They manipulated people into buying it and accepting it, and then they managed to drive the price up. And then the, the hackers found, oh, there's a great way to do it. We're going to use Bitcoin. And so they demanded ransoms and Bitcoin, and they found that no longer did they have to get like a hundred dollar gifts, different kid for Amazon. [00:14:46] Now they could charge a thousand dollars, maybe even a million dollars or more, which is what we saw in 2021 and get it paid in Bitcoin. Now Bitcoin is kind of useful, kind of not useful. Most places don't take Bitcoin as payment, some have started to because they see it might be an investment in the future. [00:15:11] I do not use Bitcoin and I don't promote it at all, but here's what we've been seeing. Uh, and this is from the chief technology officer over tripwire, his name's Dave Meltzer. What we've seen with ransom. Attacks here. And the tie to Bitcoin want to cry back in 2017 was terrible and it destroyed multiple companies. [00:15:39] One of our clients had us protecting one of their divisions and. We were using really good software. We were keeping an eye on it. In fact, in the 30 years I've been protecting businesses from cyber intrusions. We have never, ever had a successful intrusion. That's how effectively. And I'm very, very proud of that. [00:16:05] Very proud of that. We've we've seen ransomware attacks come and go. This wanna cry. Ransomware attack destroyed every part of the company, except for. The one division we were protecting, and this is a big company that had professional it, people who really weren't very professional. Right. And how, how do you decide, how do you figure out if someone really knows what they're talking about? [00:16:32] If all they're doing is throwing around buzzwords, aren't, that's a huge problem for the hiring managers. But anyways, I digress because having a. Particular series of letters after your name representing tests that you might've passed doesn't mean you're actually any good at anything. That's always been one of my little pet peeves over the decades. [00:16:55] Okay. But another shift in the targeting of ransomware now is showing a major uptick in attacks. Operational technology. Now that's a real big thing. We've had some huge hits. Uh, we think of what happened with solar winds and how it got into solar wind software, which is used to monitor computers had been. [00:17:24] And had inserted into it. This one little nice little piece of code that let the bad guys into thousands of networks. Now we've got another operational technology hack in progress. As we speak called vog for J or log for shell. Huge right now, we're seeing 40% of corporate networks are right now being targeted by attackers who are trying to exploit this log for J. [00:17:53] So in both cases, it's operational software. It's software businesses are using. Part of their operations. So we're, and part of that is because we're seeing this convergence of it, which is of course information technology and operational technology environment. In many times in the past, we've seen, for instance, the sales department going out and getting sales force or, or something else online or off. [00:18:25] They're not it professionals in the sales department or the marketing department. And with all of these kids now that have grown up and are in these it departments in their thirties and think, wow, you know, I've been using technology my whole life. I understand this stuff. No, you don't. That has really hurt a lot of bigger companies. [00:18:48] Then that's why some companies have come to me and saying, Hey, we need help. We need some real adult supervision. There's, there's so many people who don't have the decades of experience that you need in order to see the types of holes. So. We've got the it and OT kind of coming together and they've exposed a technology gap and a skills gap. [00:19:16] The businesses are trying to solve right now in order to protect themselves. They're moving very quickly in order to try and solve it. And there they've been pretty much unable to. And w we use for our clients, some very advanced systems. Hardware software and tools, because again, it goes back to the kind of the one pane of glass. [00:19:38] Cisco doesn't really only have one pane of glass, but that's where it goes back to. And there's a lot of potential for hackers to get into systems, but having that unified system. That Cisco offers really helps a lot. So that's kinda my, my little inside secret there, but we walk into companies that have Cisco and they're completely misusing them. [00:20:02] In fact, one of these, uh, what do you, would you call it? Well, it's called a school administrative unit in my state and it's kind of a super school board, super school district where there's multiple school districts. Hold two. And they put out an RFP because they knew we liked Cisco and what some of the advantages were. [00:20:22] So they put out a request for proposal for Cisco gear and lo and behold, they got Cisco gear, but they didn't get it configured properly, not even close. They would have been better off buying something cheap and being still exposed. Like, you know, uh, I'm not going to name some of this stuff you don't want to buy. [00:20:42] Don't want to give them any, uh, any airtime as it were. But what we're finding now is law enforcement has gotten better at tracking the digital paper trail from cryptocurrencies because cryptocurrencies do have a. Paper trail and the bad guys didn't realize this. At first, they're starting to now because the secret service and the FBI have been taking down a number of these huge ransomware gangs, which is great. [00:21:16] Thank you very much for doing that. It has been phenomenal because they've been able to stop much of the ransomware by taking down these gangs. But criminal activity that's been supported by nation states like North Korea, China, and Russia is much harder to take down. There's not much that our law enforcement can do about it. [00:21:42] So w how does this tie into ransomware and cryptocurrency while ultimately. The ability to tr address the trail. That's left behind a ransom payment. There's been a massive shift in the focus from government trying to tackle the underlying problem of these parolees secured curdle Infor critical infrastructure sites. [00:22:06] And that's what I did training for. The eyes infra guard program on for a couple of years, it has shifted. Now we've got executive orders. As I mentioned earlier, from various presidents to try and tighten it up and increase government regulation mandate. But the big question is, should you pay or not? And I recommend to everyone out there, including the federal government recommends this, by the way, don't pay ransoms because you're just encouraging them. [00:22:40] Well, as fewer and fewer ransoms are paid, what's going to happen to Bitcoin. What's going to happen to cryptocurrencies while the massive rise we saw in the value of Bitcoins will deteriorate. Because we won't have businesses trying to buy Bitcoin before they're even ransomed in order to mitigate any future compromise. [00:23:06] So I love this. I think this is great. And I think that getting more sophisticated systems like what, like my company mainstream does for businesses that I've been doing for over 30 years is going to draw. Well, some of these cryptocurrencies like Bitcoin down no longer will the cryptocurrencies be supported by criminals and ransomware. [00:23:35] So that's my hope anyways. And that's also the hope of David Meltzer, chief technology officer over at tripwire hope you're having a great year so far. You're listening to Craig Peter sohn.com. Sign up for my. At Craig peterson.com. And hopefully I can help you have a little bit of a better year ahead. [00:23:57] All of these data breaches that the hackers got are not graded equal. So we're going to go through a few more types of hacks, what they got. And what does it mean to you and what can you do about it? [00:24:13] Have I been B EEN poned P w N E d.com. And this is a website that has been put together by a guy by the name of Troy hunt. He's an Australian... /episode/index/show/cptt/id/21661106

Are You Ready For the Next Hacker Wave? It's Going to Be Brutal! 01/03/2022

Are You Ready For the Next Hacker Wave? It's Going to Be Brutal! Are You Ready For the Next Hacker Wave? It's Going to Be Brutal! Right now, we're going to talk about this vulnerability, this huge vulnerability in almost the entire internet that will affect your life over the following number of years. And if you're a business, you better pay close attention. [Following is an automated transcript] [00:00:16] Well, we are looking at what is being called the single most significant, most critical vulnerability ever. [00:00:24] And if you want more information on this, have a look at last week's show, you'll find it up on my website. I talked quite a bit about it. You can email me M [email protected] I've put together a little cheat sheet that you can use to find out. What should I do? If you're an IT professional, this isn't something that you can do if you're a regular home user because you probably don't have any software your maintaining that has this log for J vulnerability. [00:00:59] But I do have to warn you that you probably do have a little bit of hardware that might have it in there. Many of these firewalls used in homes have it, not all of them, uh, I'm, a minority of them, but here's why this is the single most significant and most critical vulnerability ever. There is a programming lab library that is used in the job. [00:01:26] Programming language that logs events, if you're writing software and let's say their software is running a website, it could be almost anything. And do you notice a condition that's not quite right? What should you do while you should log it? And then, hopefully, the people that are running your software are monitoring the logs. [00:01:49] See the logs? No. Oh my gosh. Uh, there is something wrong here. One of the logs that I keep an eye on that just absolutely amazes me, frankly, is the SSH Daemon logs. Now SSH is a protocol. It uses encryption to get onto other machines using the command line. Now I've used a lot of protocols over the years to do this. [00:02:17] Telnet was the first, and SSH is something that I've been using for a very long time. You might remember the Heartbleed bug from a few years back. That nailed a lot of people, but I keep an eye on that SSH log because. If someone's trying to log into my system from the internet, that log will show it. [00:02:39] It's going to say that someone to try to use this username; they were coming from this IP address, and they failed to get in. And I have software that automatically monitors that log and says, well, if someone's coming from the same. Address multiple times. And they are unsuccessful at logging in add their internet address to my firewall blocking rules. [00:03:09] So what ends up happening is. Well, they just can't even get to my machine anymore. They're trying to hack me. same thing's true with the web blogs. If we have people who are trying to, for instance, kind of put us out of business doing what's called a denial of service attack, where they are sending us a lot of data. [00:03:31] Well, we can at our site or upstream from us have that IP address. Block. And that stops the attack, distributed denial of service attacks, or are a little bit more complicated. So all of this gets logged. It all gets written to a file, or it gets pushed off to a server that keeps track of the logs. And, and then there's analysis software, the looks at logs for. [00:03:57] Anomalies, all of that sort of stuff. It makes a lot of sense. Right. But this particular library that's used by Java programmers has a bug in it that allows a remote user to send just a small string, nothing fancy at all that can command. The web server that is using the logging function to go ahead and download malware. [00:04:28] Well, the easiest low-hanging fruit, when it comes to what kind of malware can we put onto a computer is quite simply crypto mining. So the bad guys they'll go ahead and they'll just send a small string, very simple. They don't have to compile a program. They don't have to do much of anything. They just send this little small. [00:04:50] And if that string gets logged, for instance, by my SSH, my remote access demon, or gets logged by the web server or something else, all of a sudden that wonderful little feature that allowed you to easily log things. Is your enemy because that feature is going to interpret that particular string that was sent to the log and try and be helpful. [00:05:18] But in fact, it could be given a command to download this remote file. Ran, then run that remote file. And that remote file initially here has primarily been crypto mining soft. So now your computer's being used by someone else. Your electricity's being used to mine. Things like Bitcoins or some of these other cryptocurrencies that are out. [00:05:45] Now the real reason, this is a huge, huge problem. Again, let me quote here. This is from Ahmad, a mate. I should say you're an over a tenable. It is by far the single biggest, most critical vulnerability ever. Why is that true? There's a couple of reasons. Ease of use is the obvious reason. It is so easy to use, not just for crypto mining, but for hacking any machine you would care to hack. [00:06:19] And then the second reason is it is in bedded everywhere. There are millions of computers that are vulnerable. We're seeing a hundred. Computers per minute, being hacked using this vulnerable. And if you are running, let's say a firewall that has this vulnerability. We have some clients that had this vulnerability and it is obviously a bit of a problem, right? [00:06:51] Well, that vulnerability now allows bad guys to get onto that firewall. And perhaps beyond that firewall, in order to do pretty much whatever they want. To do. This is huge, huge, huge, lots of software has flaws, and you need to be able to recover from the flaws. I've talked many times about how there are only two types of software. [00:07:23] There are software that has been hacked and there are software that will be hacked. So you need to make sure you know, that if someone gets into your network or gets into your computer, that you can restrict the damages, you can keep it under control. But with this log for J vulnerability, B. Everywhere in, not just that one library, but remember that one library is used all over the place. [00:07:52] It's in hundreds of thousands of pieces of software. Now, every one of these vendors has to grab the most recent version, recompile their software and send and re link it in deep pans. Right. I understand this is Java and then send it out to all of their customers to install the software. This is the second reason. [00:08:15] It is such a big. There will be sites. There will be pieces of software that have this vulnerability for years to come. And one of the biggest examples of this vulnerability is almost every Android device out there. Think of all of the phones. People have Androids being used for tablets it's in televisions, it's everywhere. [00:08:40] And with this particular vulnerability. Being everywhere. Every vendor that uses Android is going to have to release patches that you're going to have to install. Now it's one thing to have a brand new TV, and we've got a brand new Samsung TV and it's hooked up to the internet. It streams, Disney and discovery. [00:09:05] And it's just a wonderful thing. I love my TV, right then of course you probably realize I don't use smart TV features because of this particular type of person. What ends up happening? Well, how long is Samsung actually going to support updates for your television or Vizio who, by the way, one of the worst companies, when it comes to your privacy of your information on your television, how long, uh, how about your Android phones? [00:09:39] More than half of all Android smartphones out there, we'll never get another software. If you are still using Android smartphones now is the time to switch to an iPhone. I have been talking about this for years. I am not like the world's biggest apple fan. I'm not trying to make everybody an apple fan. I really don't care. [00:10:06] What I do care about is the ability of the software designers, those software implementers and the hardware manufacturers, the people that are in the supply chain on that Android device. I care that they do. Provide updates when it comes to security problems. And if you're using an iPhone, yeah. Again, two types of software right now, like phones have had vulnerabilities that can be vulnerable, but apple is supporting right now, still the iPhone six S which came out what five or six years. [00:10:46] With full security updates. They've even gone back further. Sometimes the Nat. So make the switch right now. If you are an it professional, I've got this whole list of resources that I vetted, I know are good that you can use to scan for this vulnerability in your network or on your. To where just email me M [email protected] [00:11:12] And if you have any questions about this or cybersecurity in general, just reach out again. [email protected] [00:11:21] Did you know that cyber flashing is a thing. We talked about it a couple of years ago, but it's back in the news this week and also apple air tags. They just released a new feature for our friends with Android. We'll tell you why. [00:11:38] Have you seen these air tags? Have you used them? They came from an idea that was really pioneered by company. Tile. And I guess they, I don't know what happened with the patent. I guess it didn't have one or apple wouldn't have been able to do this, but then again, you know, you've got a really big company you're up against a, it doesn't matter whether you're in the right. [00:12:02] Sometimes I'm not sure what happened there, but they have. These trackers called air tags. And I mentioned before on the show that my daughters have a total of five cats, well, actually six cats. Now I think of it. And what they've done is bought air tags and put them on. All of the cats callers. So they took them, they they've got them fastened on with this little holder. [00:12:31] You can get all kinds of holders. The air tags themselves are just little round buttons, really, and you can stick them into your wallet. For instance, in case you keep forgetting or losing your wallet, you can also put them into a holder. So they go on a key chain. I have a couple of flashlights at the house. [00:12:50] And if you're like me and you have other people around and it's dark and they know where your flashlight is, they'll take and borrow it right now. You don't get your flashlight back. It kind of bothers me. I probably shouldn't bother me as much as it does, but then when I need the flashlight, I just can't find this. [00:13:12] So, what did we put on the flashlight? We put an air tag on there. So the airtight ties into your iPhone. And if you have a newer iPhone, it's just absolutely amazing because the, the airtight will tell you where it is, but the newer iPhone, you can use it and it will walk you through. Up to the air tag, like, okay, it's a foot in front of you on the left-hand side or whatever, it'll take you there. [00:13:42] It's very cool. It's like these futuristic scifi movies. The problem with air tags that we discussed on the air here is that they have been used for evil. And what the bad guys have been doing is they'll take an air tag. They might drop it in your purse in order to follow you. Isn't that scary. They also have been taking the air tags and putting them on expensive cars so that they can follow you home. [00:14:16] Now, obviously nowadays it's extremely hard to steal one of the more expensive cars cause they've got all of this automation in them. The fancy systems do stop you from stealing it. Even my old F150 had a little chip built into the key so that it wouldn't start and less, that key that was starting. It actually had that RFID chip in it so that this technology. [00:14:45] Isn't being used so much to steal the car, but to know where you live and when you are home and when you're not home, you know, I've been warning everybody for many years, not to post on social media about vacation saying, oh, we're leaving. We're going to be gone in the Caribbean for two weeks. We're going for new year's party here, Christmas there, Hanukkah celebration, whatever it is you're doing, because the bad guys use that information to. [00:15:19] I'm break into your home and to steal things from your business. And I'm, I'm going to get into all of the details right now of how they do that. I've talked about it on the show before, and I'm sure I will talk about it again. And you'll even see some of the references on my [email protected] [00:15:36] If you're interested, there's some real interesting stories up there. What's happened to people. That particular problem of having an air tag and then having it put on to you to track you, or do you track your car or other devices is a huge potential problem. Now, apple built into the iPhone, a special little feature some time ago that when they, in fact, when they came out with the air. [00:16:11] So that when an airtight is following you, in other words, someone dropped it into your purse or your pocket or on your car. And that air tag is moving with you. It says, Hey guy, uh, there is an air tag following you. And at that point you can say, wait a minute, uh, what's going on here now? It's not going to warn you about your own air tags. [00:16:35] You know, the ones that you own. It's going to warn you about an, a foreign air tag one. That's not yours. In other words, someone's trying to track you so brilliant. Move on. Apple's part to get that out right away before there were any really scary, bad news stories about the same thing happened. How about Android users? [00:16:57] That's where the problem really is starting to come up. If you're an Android user, you don't have the ability to detect an air tag. Well until now. So if an air tag was following you, it wouldn't. Let you know, it couldn't let you know it didn't know. So apple is now offering what's called tracker detect. [00:17:21] It's an app on the Google play store, a free app that you can download if you using Android. And, you know, there are many, many, many, many reasons not to use Android and there's. Are almost as many to use iPhones. Okay. So if you use an Android switched to an iPhone, but if you're stuck on Android, because that's what your business gave you until you have to use it, have a look for tracker detect to end the apps description on the play store says tracker detect looks for item trackers that are separated from their owner, and that are compatible with Apple's find mine network. [00:18:02] These items, trackers include air tags and compatible devices from other companies. If you think someone is using air tag or another device to track your location, you can scan, scan to try and. So, I'm not sure that it's as good as the apple implementation, where the apple will pop up and say, even though you're not scanning for an air tag, say, Hey, somebody's tracking you. [00:18:31] It sounds like you have to actually use. Just scan for it. But Android users, according to Mac trust can scan the area to find nearby error tag trackers. If they think that there's an air tiger or other device that's being used to track their location, uh, an apple support document that you'll find online on support that apple.com. [00:18:57] Says, if you think someone is using an air tiger, other item tracking to track your location, you can scan to try and find it. If the app detects an air tag near you for at least 10 minutes, you can play a sound to help locate it. So that's the part that makes me think that it's always active. Okay. On your, on your Android device, it's free and you can get it right there in the Google play. [00:19:23] This next item is really, it applies to all of us here in the us, and it applies also to people over in the UK. And the UK is really getting kind of upset about this because apparently there are no laws against. Flashing now there are in the U S and it kind of depends on where you live, but cyber crap flashing is really a crime or should be a crime what's been happening. [00:19:58] Is people again who have iPhones have this ability to share files or websites, et cetera, with another person. It's fantastic. It's called airdrop. I just love this. And I use it all the time even to share files between my own devices. And what happens with air drop is you, you take the file and the use open up airdrop and you see, oh, okay. [00:20:26] There's my wife right there. So I click on the file. I drag it on top of it, a little Karen icon in airdrop, and now she gets a notice. Hey, there's a file from. Coming on in, and it does well, I always in my family and my business people, I always said to them, Error drop, uh, settings to only allow an airdrop from people that are in my contact list. [00:20:57] And that reason for that is this particular problem. People have been cited. Flashing. So what they do is they send obscene pictures to strangers through airdrop. And this term can also of course, apply to Bluetooth devices because you can also send these things via Bluetooth. I don't want to really talk a lot about what's really happening here. [00:21:28] Hopefully, you know what flashing is, or flasher is sending these obscene pictures, but the tone, the term was coined in August 25th. This female commuter was airdropped two pictures, obscene pictures, and they reported it to the British transport police. But we've seen, I have seen, and I've talked about cases where people are driving down the highway and all of a sudden on their phone come these obscene pictures because someone was driving past and they air dropped, or they use Bluetooth to send obscene. [00:22:09] There is an easy way to not allow that to happen. And that is the settings that I use, which is only allow airdrop from people in your contact list. You know, these are absolutely amazing features that they have, but there are some really weird people out there that think that this is the, this is a fun way, uh, to really mess with other people. [00:22:36] It's. It's just crazy. Okay. By the way, you can also turn air drop off. If you never use it, don't worry about it or a turn it on when you need it. And when someone's going to send something to you, Hey, I want you guys to take a couple of minutes here. If you go to Craig peterson.com/subscribe. You're going to find out about the bootcamps we have. [00:23:01] You're going to get my weekly trainings that I have. These are just an email. They just last a few minutes. You are going to love them. I get all kinds of compliments and this is in my free newsletter. Okay. It's not going to cost you anything. I'm not going to be hammering you on buying stuff. I want this information out. [00:23:24] That's why I am here today on. Everybody needs to understand this stuff. Craig peterson.com/subscribe, and I will be seeing you in the email world. [00:23:39] One of the things we wonder the most about is what's the future. What's the future of laptops and future of computers. We talked about some of these new chips that are out there, but this is an interesting story about what Dell is doing. Yeah. Dell. [00:23:55] I want to follow up a little bit about the 3g shutdown. We didn't quite get through the list. [00:24:02] All almost all of the Volvos from 2015 on to 2018, have this problem. There's only two automakers that told the drive.com that U S vehicles are unaffected by the end of 3g. So if you own a Ferrari or a McLaren, You're okay. Okay. Also what's interesting is what the different guys are doing. Subaru has an interesting little plan here going forward. [00:24:35] If you have what they call a connected vehicle plan. And this is according to a service bulletin filed with the national highway traffic safety administration. And then they will do a retrofit at no cost. How's that for nice. A lot of these... /episode/index/show/cptt/id/21660758

The Worst Internet Vulnerability Ever? And It Isn't Going Away Soon. What's Log4J? 12/18/2021

The Worst Internet Vulnerability Ever? And It Isn't Going Away Soon. What's Log4J? 2021-12-18 1144 [00:00:00] Well, the tech world is all a buzz with this log for J or log for shell. However you want to call it because we are looking at what is probably the biggest security vulnerability the internet has had in a long time. [00:00:16] This is huge, huge, huge to chew. [00:00:19] I don't know how to express it anymore, but there are multiple problems here. And even the patch that was released to fix this problem was broken as being exploited in the last 24 hours. There've been no less than 30 different new. Variations of the exploit. So what is going on? There is a computer language that's used by many programmers, particularly in larger businesses called Java. [00:00:52] You might remember this, I've been following it and using it now, since it first came out very long time ago from sun Microsystems. Java is a language that's designed to have kind of an intimate. CPU processor. So think about it. If you have an Intel chip that is an x86 type chip, what can you use instead of that Intel chip to run that code? [00:01:19] Well, there are some compatible chips made mainly by AMD advanced micro devices, but you're really rather limited. You have problems. Power. Well, you know, guess what you're stuck. You're stuck in that architecture. And then on the other end of the spectrum, you have some of these devices that are designed by companies like apple, Google has their own. [00:01:41] Now that our CPU's their graphics processing units as well. And they completely replaced the Intel architecture. But the Intel code, the programs that are written for the Intel architecture that are compiled for Intel are not going to work on the apple chips and vice versa. So what did apple do? Well, apple, for instance, just moved from Intel over to. [00:02:08] Own chipsets and these chips don't run Intel code. So how can you run your old apple apps? Well, apple has a little translator. They call Rosetta. It sits in the middle and it pretends it's an Intel processor. This really rather simple. And they've done an amazing job on this. And w Rosetta is actually a third party company and they helped apple as well with the transition from the IBM power series chips to the Intel chips. [00:02:41] So how do you move the code around while you either have. Recompile it, you may have to redesign it, rearchitect it for the new type of processor and the new types of computers that are supported by that processor. Or you may do what Apple's done here a couple of times now, and that is having an interpreter in the middle that pretends it's something else pretends as an Intel chip. [00:03:07] And then you can still run your in. Code because it knows, okay. It was designed originally for this apple Intel architecture. So I know how to make all of this work Java steps in and says, well, why are you doing all of that? That's kind of crazy. Isn't it moving all of your code around all of the time. So Java's original claim to fame was what will, will make life easy for? [00:03:33] What you do is you write your code. Using Java in Java is very similar to C plus plus in some of these other languages that are out there. And that language, when you're writing your source code will be compiled into an intermediate. Code. So what happened is sun Microsystems designed this virtual machine? [00:03:56] Now don't think of it like a normal VM, but we're talking about a CPU architecture and CPU instructions. And so what it did for those CPU instructions. Which is really quite clever, as I said, well, we'll come up with what we think are the most useful. And it's a Cisco architecture for those of you who are ultra geeks like myself. [00:04:19] And we will go ahead and implement that. And so the compiler spits out code for this CPU that doesn't actually exist anywhere in the known universe. And then what happened is sun went out and said, okay, well, we'll make an interpreter for. Artificial CPU that'll run on Intel chips and we'll make another one that runs on these chips, that chips and the other chips, beautiful concept, because basically you could write your code once debug it and run it off. [00:04:53] Anything that was kind of one of the original claims to fame for Unix, not so the run at anywhere part of it, but the part that says, well, it doesn't take much work to move your code to different machine, and we're not going to get into Unix and its root I've been around the whole time. It's kind of crazy. [00:05:13] I just finished reading a book and saying, I remember that I remember that. And they were going through all of the history of everything I was in the middle of that. I did that. That was the first one to do this. It was kind of fun. Anyhow, what Java has done now is it's really solidified itself in the larger enterprises. [00:05:34] So basically any software that you might be using, like our website that is particularly with a larger business. Is going to be using Java and that Java language is using libraries. So in programmers, instead of doing what I used to do way back when which is right in assembly code, or even in COBOL, and basically you had to write everything, every part of every program, anything you wanted to have done, you had to write, or maybe you borrowed somebody else's code and you embedded it in. [00:06:08] And mind you, we only had 32 kilobytes of memory in the mainframe back then the 360 30, for those of you who remember those things, but here is where things really changed. You now had the ability to take that code that you wrote and put it on a smart. You could take that exact same code, no recompiling or anything, and take that code and run it on a mainframe on our super computer in a car. [00:06:38] So Java became very popular for that. Very reason in these libraries that Java provided, made it even quicker to program and easier to program. Now there's some problems with languages. Java, which are these object oriented languages where you can, for instance, say one plus one equals two. Right. That will make sense. [00:07:02] But what does it mean when you use a plus sign? When you're talking about words? So you say apple plus oranges, what's that going to eat? Well, that's called overloading an operator, and this is not a course on programming languages, but what happens is a person can write the library and says, oh, well, if the programmer says a non-Apple plus an orange or string plus a string, what I want you to do is concatenate the strings. [00:07:31] Now that programmer who wrote that has to kind of figure out a couple of things, make some assumptions. Oh, well, I should I put a space between apple and. Or not. And what do they really mean? Okay. So this is how I'm going to interpret it. So that, it's a very, very simple example. But the concept is that now with these overloaded opera operations and these libraries that can go deep, deep, deep, you now have the additional problem of people designing and writing the libraries, making assumptions about what the programmer wants and what the programmer needs. [00:08:09] Enter the problem with the log for J vulnerability. This is a very big, big deal because we're talking about a library function that is being used in Java by programmers. Now, you know that I have been warning everybody. Android for years, the biggest problem with Android isn't its user interface. It isn't that it's made by somebody else. [00:08:37] Right? The biggest problem. And of course, this is my opinion is that Android software is provided by Google and. It is given basically to any manufacturer that wants to license it. And then that manufacturer can't just take Google and run it. Right. Have you ever tried to install windows or Linux or free BSD? [00:09:04] It's mainly a windows problem, frankly, but you go on ahead and install that in. What do you need in windows while you get to need driver? Oh, well, wait a minute. This laptop is three years old. So how, how can I find them? And then you go around and you work on it and takes you a day and you finally find everything you need. [00:09:22] And you've got all of the drivers and now it works. But Microsoft provided you with the base operating system. Why do you need drivers? Well, you know the answer to that and it's because every piece of equipment out there is different. Think about this in the smartphone market. Think about it in the more general. [00:09:39] Android market. There are thousands of these devices that are out there and those different devices are using different hardware, which require different drivers. So when Google comes up with a software patch, how well we just fix the log for J issue that patch. Has to be given to the devices manufacturer who then has to talk to the manufacturers of the various components and make sure that the device drivers that they're using by the manufacturer are actually compatible. [00:10:20] They're going to. Got the upgrades, wire it all together, and then test it on all of the different phones that they have and cars because cars are running it. Now you see how complicated this get. And most Android devices will net. Get another update. They will never get a security patch versus apple. [00:10:43] Right now. They're still supporting the apple six S that came out in 2015. If I remember right, it's five or six years old. Now you don't find that in the Android space. You're lucky if you get two years worth of support, we're going to continue this. But this is, uh, this is really, really important. I'm going to talk more about the actual problem. [00:11:06] What is being done about it? What you can do about it as an individual, a home user, and as a business, in fact, keep an eye on your mailboxes. Cause I've got some more links to some sites about what you can do and how to do it and how to test for it. Anyways, stick around. You're listening to Craig Peterson. [00:11:29] We're talking about what is likely to be the biggest set of hacks in internet history right now. It's absolutely incredible what's going on. So we're going to talk about what it means to you and what's really going on. [00:11:45] This whole problem is probably bigger than anybody really realizes because Java, as I explained is a very common computer programming language. [00:12:00] And it has a lot of features that bigger businesses love. They love the ability to have multiple programmers working on something at the same time. They love the inheritance and multiple inheritance and all of these wonderful features of Java. Well, one of the really cool features is that you can, while your program is running, have the program change. [00:12:25] It's. That's effectively what it's doing. It's pulling in libraries and functions in real time. And that's where this particular problem comes in. This has been a nightmare for Java forever. It's one of the reasons I have never migrated to Java for any of the projects that I have. Don, it just gets to be a nightmare. [00:12:49] It kind of reminds me of Adobe flash. It was the biggest security problem that has ever been. And the number two Java and Java is running in the Android operating system. It is the core of the operating system. All of the programs are almost certainly written into. And now we're seeing Java turnip in the, not just entertainment systems in our cars, but in the actual computers that are driving the cars, running the cars. [00:13:22] And I get very concerned about this. We had two major outages just this week before this log for J thing came about over at Amazon. And those two Amazon outages knocked thousands of businesses. Off the air out of business. You couldn't get to them. You remember the big problem with Facebook that we talked about a little while back and in both cases, it looks like they were using some automatic distribution of software sent out the wrong stuff. [00:13:52] Right? And now you are effected. Well, what happens? What happens with the cars? If they push out a bad patch, how are we going to know. Hmm, what's that going to mean? And if your car has Java in it, are you going to be vulnerable to this? Well, you, you wouldn't be vulnerable to log for J if your computer wasn't hooked up to anything, but nowadays the cars are hooked up to the net. [00:14:20] We've had a couple of car dealers for our clients. Who've had the Mercedes we've had Acura Honda and others over the years. And it's interesting going in there now and working with them because they are doing massive downloads of firmware whenever a car comes in. So that car, if they don't have the right kind of networks, that car can take hours to do. [00:14:49] Dates. And I got to tell you, man, I I'm just shocked by so many businesses, not willing to spend the money that it really takes. So the poor technician is sitting there waiting for it to happen. You know, we could make it happen in 15 minutes, but they're stuck there waiting for three or four hours sometimes for some of these downloads, no it's called cash them locally. [00:15:09] Right? These cars, some of them need new and different firmware. Some of them use the same and have. A reliable, fast internet connection. And we've done that for many companies. Anyways, I'm kind of going off on a bit of a tangent here. So forget that let's get back into this with Java. You can have a routine. [00:15:32] Call another routine that was not even necessarily thought of by the programmer. Now, can you imagine that? So you're, you're programming and you're, you're not considering adding something that's going to send email out and yet you could have a log in. That's part of the DNS, uh, and it gets logged that actually causes an email to be sent or causes anything else to happen. [00:16:02] That the exact problem we're seeing right now, it's absolutely crazy patterns in text fields, things like you can put a user desk agent. Right, which is normal for nature. GTP connection. You say, this is, this is usually a guy who was using Chrome version bar or Firefox or safari, but you put the user agent field. [00:16:26] And then after that, you've put in some, a little bit of code that tells Java, Hey, what I want you to do is this. This is a problem because we're finding now that I'm, again, I said the last 24 hours, 30 different exploits over a million companies have been attacked on this. And we're talking about 10. [00:16:51] Companies, absolutely hacked every minute right now. Can you think, let's just think about that. And we're in the middle of what? Right? The big holiday season, we've had some holidays, there's people online, shopping there's businesses that are trying to buy stuff, business stuff, almost every one of those sites is likely to be compromised. [00:17:17] It's that bad. It's absolutely nuts. What's happening here. This is a huge flaw, huge flaw. And by the way, it is flaw. Number this you ready for? This 44,228. In the year 2021. So the written 44,000 flaws that have been discovered and reported, this is the CVE system for those of you who are interested, but this really is a worst case scenario. [00:17:50] Because this log for J library is being pulled in to so many pieces of software out there on so many different platforms. The paths to, uh, to exploit this vulnerability are almost unlimited. And because there's so many dependencies on this particular log for J library, it's going to make it very difficult to patch without breaking other things. [00:18:21] And the fact the exploit itself fits in. Tweet can be injected almost anywhere. So it's going to be a very long weekend for a lot of people, but let me tell you this, it is not going to be solved in a few days, a week a month. We're going to be seen this. Years, because you have to be the person that wrote the program that has the source code to link in the new libraries, distributed out to your customers. [00:18:52] Do you see what a nightmare? This is now? Some people are saying, well, you know, let's blame this on open source. This, this is an open source product. Well, yeah, it is an open source project and it turns out that even though anyone can grab this, these, this library routine or any of these pieces of code, anybody can grab it. [00:19:13] Anybody can look at it. It turns out it's one guy. Who actually maintained this, who has a budget of $2,000 a year to maintain it. Nobody else pitched in. And all of these big companies are all out there grabbing this code that this guy has been working on and not paying much attention to it. Not donating to the product. [00:19:37] Which is saving them millions of dollars, not that one project, but all of these projects collectively in the open source community, it's it is more far reaching than this stretch vulnerability. You might remember this drug vulnerability that's was, that was the root cause of the massive breach at Equifax that Explo exposed all of our personal information. [00:20:05] To the dark web. That's how bad this is. Oh my gosh. So Hey, if you want information, I've got a links, a bunch of links set up here on what to do while you're waiting for the log for J updates from your vendors, how you can find on your servers. If they have the log for J vulnerability, I've got a bunch of information that I've stored up on that. [00:20:32] And some others just email me, just email me. M [email protected] asked for the list of the log for Jay's stuff or the Java's stuff. I'll figure it out. Be glad to send it to anyone that's interested. And if you need to scan to find out yourself and your business, let me know to [email protected] [00:20:55] Wow. I was just going through a list published by Seesaw, this federal government agency that tracks some of these types of vulnerabilities. And wow, this list is daunting of all of these pieces of software that are vulnerable to this huge hack. [00:21:12] this is now a problem for each and every one of us. [00:21:16] I think I've established the man. This is nasty, nasty, nasty, nasty. So what do you do? First of all, I sent out. Email a list of things have in fact, a few different lists of things that you can do. So I had one for consumers, one for businesses and kind of a general thing as well. And then a bunch of references. [00:21:43] Of course there's even more references and more great information now because I got that email. Pretty early. So I hope hopefully you had a chance to really look through that, but here let's just talk a little bit about this, what to do thing you already know because you guys really are the best and brightest that you need to be careful when you're on. [00:22:07] You cannot be online, Willy nilly, clicking on things. And that includes emails and links. And this time a year, in fact, all year long, we're looking for. Wow, let's see. Is there a great bonus here? Look at they're having a sale, a discount. Oh no. I've only got three hours to respond or the deal's going to go away. [00:22:28] I've usually been of the sort that I just am, not that influenced by some of these deals, but. I do sometimes want to find out what it is. So I find myself this week clicking through on. I'm on a lot of marketing lists because I like to follow what different marketers are doing, right. That's technology. [00:22:51] And it's something I want to keep you guys informed about. And I found myself just crazy amount of double checking to make sure the link was valid. Now I'm sure you guys have, if you're on my email list, you might notice that the from address is not the me at Craig Peterson. Calm email address. You can always send email to [email protected] and it ends up in my email box. [00:23:17] And it might take me a few days, or even as much as a week or two to get back to you. If it's something there's an emergency, you really need to fill out the form on my website, but I will get back with you. But the problem that some people have noticed lately is. It doesn't say return address or sent from [email protected] [00:23:41] It's got this rather... /episode/index/show/cptt/id/21530474

Did Your Computer Have "Intel Inside"? It Won't For long! 11/29/2021

Did Your Computer Have "Intel Inside"? It Won't For long! Did Your Computer Have "Intel Inside"? It Won't For long! We're going to talk a little bit about shopping right now. Then we'll get into our chip crunch, and why Intel is being left on the side of the computer road. [Following is an automated transcript.] [00:00:16] There's lots of fun stuff to do. And it's kind of fun getting out of the house. Isn't it getting out, going out, going around? There's a, an outlet store close by where I live and it's kind of one of these outdoor. Outlet things. And it was fun. Just walking around, enjoying the little bit of fresh air, no matter what the weather has. [00:00:40] Uh, I even enjoy going up there when there's some snow on the ground. Because again, it's a little bit of a, uh, it's, it's fun. It's a little bit of a change, which is not. Part of what I love about living in the Northeast. You really get all four seasons and they can be really, really nice. Well, black Friday of course came and went. [00:01:01] It was not a bad black Friday, but one of the questions I been asked all week long, all month long, frankly, has to do. When should I buy, what should I buy? What are the deals? And it is weird this year. Let me tell you really weird. And the reason I say that is I didn't my show prep. And I spent some hours just looking on different websites and looking at opinion pieces, looking at news sources, just trying to find, okay, what's going on? [00:01:36] What's the real word out there. Our items, as rare as everybody seems to be saying they are, or is it easy enough to find. Well, that's what we're going to talk about right now. Really. We've had a very turbulent two years for retail, every branch of retail, whatever it is, it's been been terrible. So many people have lost their businesses. [00:02:03] So many small businesses, small retail restaurants, some restaurants that I, I enjoy and just haven't been to in years, really. Completely gone, which is such a crying shame. And a lot of people have put a lot of the blame for the general retail malaise on Amazon and Walmart. Because again, you know, I had a discussion just this last weekend with. [00:02:35] Oh, friend's father. And he was saying, well, you know, I've been a biologist in pharmacology for years. And, uh, you know, th this is just as just a science. It's all science talking about the lockdown. And so I pointed out how, well, let me see, let me see. I got family from Canada. They cannot drive across the border because of the lockdown, but in, in the states, they won't let us, us, we won't let them fly. [00:03:03] But they drive in, I should say, but they will let them fly in. How does that science, right. There's coronavirus not survive at 30,000 feet. Is that what it is? You know? No, come on. People it's politics and part of the politics was. Walmart got to stay open and all of these other small businesses couldn't so what are they supposed to do? [00:03:29] How are they supposed to compete? And yet, Hey, I understand you need clothes, right? And you need food. Most Walmarts have both. You might need medicine in order to even survive. So that kind of makes sense, but why. Walmart. Why did the government choose Walmart and target are going to survive all of you, little mom and pops stores, you know, that maybe have been multi-generational where it's your parents. [00:04:00] And maybe even your grandparents that started the store, started the restaurant. And now all of a sudden there's a lockout and you cannot be over. It just, it entirely political, entirely political. And I understand the science behind all of this. I have spent a lot of time studying it and you might remember if you've listened to me even. [00:04:26] Dean or 20 years ago, I'm trying to remember when it was, I started talking with scientists about RNI, RNA interference and the coolest stuff that was happening with African violets and getting the, the purple flowers to change to white and all of the stuff they were doing. It it's exciting. It's fun. But why. [00:04:49] Did we use politics here. And so many people lost their livelihood. So many people lost their businesses. It's, it's absolutely incredible. And just pain companies basically to stay closed. Uh, doesn't make sense either. Because now you're pumping more money into the economy and that's causing inflation because there are not more products or not more vendors. [00:05:15] There's not enough competition. So the prices go up. And when there's inflation, how about people who are retired, who have saved something. And now their money is worth what the inflation rates are. Again, it's a hidden tax, but it's really hard on retirees because their money that they've saved, you know, they're getting the pitons, you put it in a savings account and you're making a fraction of 1%. [00:05:43] And yet we're seeing inflation rates on things like fuel being almost a hundred percent. Think about what it was like in 2019, what the gas prices were. It is insane. So small businesses have to be supported. They are the backbone. They are the innovators. Walmart didn't start as a big company. They started very small. [00:06:10] He innovated his claim to fame. That old Sam Walton was let's go ahead and have the best prices and anywhere. Right. And so they got the best prices by beating up their suppliers, et cetera, but it all worked. And Walmart increased, raised its it's demonstrable again through real science, but they raise the standard of living in every community. [00:06:39] They opened a store. It's absolutely funneling. But Walmart stopped innovating a long time ago. Now again, the innovations come just like they do in the tech world. Typically not from the existing companies, right. Facebook isn't innovating, they bought WhatsApp, they bought so much of the technology they're using to drive their company. [00:07:02] Oculus. You look at it, right? That's their future. According to of course, uh, you know, Mr. Mark. What did it come from? What was the cost? Right. They by their competition. So I want to encourage everybody to really try and go out of your way, try and shop at these small places. There are. And so many of these malls nowadays kind of local stores where they've got together and they're running their co-op or where someone's managing a bind product from local craftsman, really that they, everything from these women that are knitting doilies all the way on out, through very cool black iron work things, things that you can find there. [00:07:54] That maybe you can find on Amazon, maybe they come from China. Maybe they're locally sourced. Not very likely, but it's been a very, very tough, tough time here for so many of these industries. One of the things that I did talk about this week, I, one of my radio appearances is. Tik TOK live shopping. If you haven't heard of tick tock, tick tock is this short form video site. [00:08:21] And it kind of started by people saying, okay, well with this song, uh, use that song to make a funny little 32nd. And 22nd and that's what people did. And it was really quite cool to see they there's some innovative people out there. Tick talk has a lot of, I share nowadays way more popular amongst the younger people than Facebook is Facebook has kind of become something for the older people. [00:08:49] But what tech talk is now doing is providing live shop. And this is an innovation that really started in China, which of course is where tick-tock is located. But in 2020, there was a survey done that found that two thirds of Chinese consumers said that they bought products via live stream in the past year. [00:09:13] So what's live stream. I want you to think about QVC online share or a television shop. Those channels, those infomercials that come on at night, but particularly the channels that are constantly selling stuff like micro did a little bit of that at one point in time, right? His interview was, he came in and the, he, the guy who was interviewing him, held up a pen. [00:09:37] Is that okay, you sell me this pencil. And so micro went on and on for 10 minutes or more just talking about the pencil and everything related to the pencil and what a great quality was. All he course, she didn't know anything about it. Right? And that's part of what bothers me about some of these things, right? [00:09:55] These people are just making stuff up, but talk live now is allowing you to go ahead and make funny little things. Gain an audience. Maybe they're not funny. Maybe they're just informative. Have them inserted into people's streams and then sell it right there. In fact, instant purchasing of a featured product during a live stream. [00:10:22] And then obviously audience participation, they got chat functions, reaction buttons. This is what's coming our way. And so all of you, small businesses out there, I really want to encourage you pay attention to social media. This is the sort of thing that you can do. You can target your local area, which is where most small businesses operate, right? [00:10:48] It's in, in your town. It's maybe a 10, 20 mile radius, depending on what, what you're doing, what you're selling. And you can micro target nowadays. That's the joy. That's the beauty of the online world. Micro-targeting Hey, and if you're interested, let me know. We can talk a lot more about this because I have studied this for years now. [00:11:12] Hey, stick around Craig peterson.com online. [00:11:20] So while you're shopping online, what are some of the things you should do or look out for? I've got a few ideas. I'm going to tell you what I do, and it has worked wonders for me. So here we go. [00:11:35] When you're shopping online, there are some obvious tips, just run through them very, very quickly because I don't, I think you guys being the best and the brightest really know these things. [00:11:50] So just very quickly, make sure your security. Today, make sure that everything is patched up the way that it should be, that you have some really great anti-malware hopefully advanced anti-malware, but apply any updates before you start doing shopping, because this is a bad time of year to lose all of your personal information and to have your money stolen. [00:12:18] Uh, number two. If you're seeing an email or you're seeing a deal that really looks too good to be true. Take, take caution here. Right? Do you see a place? Oh, I got five brand new Sony PlayStation fives for sale. You might not want. To buy those, right? The minister, Jeff Foxworthy. Here's your sign. So be careful about that. [00:12:46] Criminals are really taking advantage of consumers who, uh, you know, life's been tough, money's been tight. You're trying to find a deal. So be careful about that. Okay. Coupons or other way, the bad guys have been trying to get consumers. To compromise their own cyber security. Okay. Uh, 12% of emails out there are considered to be spam emails. [00:13:15] I think it's more like 80% or 90%, but then I've had the same email address for 30 years. Okay. Uh, so don't click on link. Be sure you shop on the real website and apply coupons there by manually typing out the code. So for instance, if, if let's say you use duck, duck, go for your search engine, which you should be using for most cases, most searches a duck duck go says, okay, let me see where coupons here you go. [00:13:46] Here's a site that has a lot of coupons be careful about those sites, because some of them are trying to lure you in. Are the websites you're going to the real ones, the legit one. Are you clicking a link in your email in order to get to that sale site? Double check, because what they're doing is using some of these URLs that aren't. [00:14:14] Right. And we see those all of the time. They'll have a misspelling of the business name or they'll, they'll do something else. So they might have Amazon Dodd bad guys.com. Oh, okay. Amazon. Okay. Is Amazon, uh, obviously they wouldn't say bad guys, but yeah. That's kind of what they're doing. So be careful. So once you're on a website, look for that little padlock that's to the side, click on it and double. [00:14:43] To make sure that it is legit because they might have us. What's called a secure, sir. And they might have a certificate that's valid for the site that you just went to, but it's not, there's a different kit for Amazon or Walmart or target or w you know, whatever Joe's clothing.com. It might be something entirely different. [00:15:07] So be careful, okay. Is what you're looking at on the ad. Because there are a lot of fake advertisements out there that looked like they got great deals. And even though black Friday has come and gone, they're going to continue to do this through the end of the year and be on. Okay. So rather than clicking on the ad, just type in the retailer. [00:15:35] Information, because some of these ads that are showing up are in fact, almost every last one of them is coming from what's called an ad network. So that ad network is where people go and buy ads and they say, Hey, I want to retarget people that were at this site or clicked on this link, et cetera, et cetera. [00:15:54] And now. If you are a bad guy, all you have to do is sneak into one of those big ad networks. And all of a sudden your bad guy ads are showing up everywhere. So you see a great ad for a Chromebook. For instance, we've talked about those before you can just go ahead. Okay. Chromebook. No problem. Wow. Yeah. [00:16:14] Yeah. Type it in. If the ads for a Chromebook from Walmart, just type in walmart.com. Okay. Avoid clicking on ads. Isn't it terrible how bad it's gotten, man. I liked the internet better back in the 1980s and nineties. Uh, how should you pay? We're going to talk about that in a minute. Public why fi is a potential problem. [00:16:40] The bad guys will often create fake hot spots and you are now using their hot spot. Now this isn't as much of a problem as a used to be because your visits to most websites nowadays are encrypted. Do you remember that lock? I mentioned in the URL. Well, that means it is using SSL or TLS, which is a secure communications pro protocol. [00:17:07] So if you're seeing that, you know that you basically have a VPN, you don't have to buy a VPM service. You don't have to use a VPN service. You have a VPN that's being provided by the website, your. And that's really what that lock means. So the public wifi is less of an issue for the monitoring, what you're doing, although yeah, they can still do some monitoring. [00:17:33] They might play with DNS and things, but they can also scan you, which is the biggest problem from my perspective about using public wifi and never. Share your personal data. If you can avoid it, one of the things we're going to be covering in the upcoming boot camps and workshops is using fake or alternate email addresses. [00:17:57] I do it all of the time. That's why I have 3000, 3000. Yes. You heard it right different log-ins right now in use active use on. Uh, in my password manager, at least over the last decade. So I've accumulated a lot of them. So I use a different email address pretty much all of the time. And I'll, I explain how to do that in the boot camps and workshops that are coming up. [00:18:25] So keep an eye on. On my weekly emails again, Craig peterson.com/subscribe. So you can find out about them, you know, these, the free ones. I really want to give you guys all of the basics, right? So that's what I'm going to be doing anyways. How should I pay? This is maybe the even bigger side of things. It is very, very rare that I actually put my credit card number in on a website at least. [00:18:54] Real credit card number. There's a number of options that are available to you now that weren't before, even if it's not a credit card, even if it's a debit card and generically, this is known as single use credit cards. So we've got a few things. I use typically capital one's email E N O. If you have a capital one card of any sort, this is a little browser plugin that you can put on. [00:19:25] Now, the downside of this is they will by default, try and look. Every web page you visit. So from their perspective, it's worth it because now they get that data from you. However, in all modern browsers, you can restrict when it runs. But what happens is I go to a website, it wants a credit card and I can pop up that little Eno browser plugin. [00:19:53] And now. Todd, uh, I can generate a virtual credit card number that's tied in behind the scenes to my real credit card number. I can even put an expiration date on that credit card number. So it can't be used after a certain. Some of these virtual credit card options, even allow you to say, Hey, it really is only single use. [00:20:18] It can only ever be used once. And that way the bad guys can't run up your credit card. Bill Citibank, American express, JP Morgan, and the more have these types of options and basically any visa or MasterCard. Look for virtual credit cards. From your bank or whoever's providing your credit card. Hey, stick around. [00:20:42] You're listening to Craig Peterson and I'll be right back. [00:20:46] We're going to talk a little bit now, since it's getting near the end of the year, about what kind of technology do we think is going to be big next year. And I've got to mention this project. My daughter has been working on it. Finally hit the ocean. [00:21:02] My daughter has been busy. You might know she's been in the maritime industry for quite a while now. [00:21:11] And a man, she went to, she graduated 2008. I think it was this, this daughter. And you probably already know I have five daughters, right? Uh, three sons too. So it was kind of a mix, but she has been working on a ship called the Yarra Burkland it's over in Norway. And what the ship is doing here is hauling fertilizer, anything. [00:21:38] Oh, wow. Isn't that exciting? Wow. Craig, I'm so excited for you. Well, it is the world's first autonomous electric ship period. Okay, cargo ship and what it is doing ultimately, is it to eliminating the need for about 40,000 truck round trips a year. See what's happening over there in Norway is there's a factory that's right. [00:22:07] Located right next to a mine. That's making all of this fertilizer and it needs to be hauled down through some fjords. To get to the main shipping Depot where it can be loaded onto the big ocean ship. So these trucks are going up and over the mountains alongside the fjords. And this is a ship that's going to take a trip that's about seven and a half nautical mile. [00:22:34] So give or take eight miles and on the water. And now Norway is doing this in its own waterways. So there's no problem with international rules and regulations about ships here. This is just local and it loads itself. It drives itself and it unloads itself. I think that's really, really cool. And what it does is it plugs itself. [00:23:02] When it is on either port w now we've seen this with some ships, right? You might've been on some of these ferries that are electric. They work pretty well for electric ferries. Cause they're usually short haul. They connect up to shore power and they do a rapid charge and they're ready for. The next leg of their ship while they are busy taking all of their load in right. [00:23:26] Makes sense. And you might've done it, but this is, this is different. And a lot of the incidents that happen in shipping are due to human error. Think about all of the problems we've had with Navy ships, even running into things, human error, and a lot of that's due to fatigue. On the ships. I don't know if you know it. [00:23:47] I have two kids that, well, three actually that have been in the maritime industry, uh, the, the big maritime industry and they take four hour shifts. So four on four off four on four off every day. So fatigue is a very big deal for a lot of the shipping industry. And for the first few years, they're planning on having the ship be. [00:24:15] They're going to... /episode/index/show/cptt/id/21305312

Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? 11/19/2021

Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? What a week. The FBI got hacked. Homeland security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails, and how are they trying to con you? [Automated Transcript Follows] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone sitting there saying, well, gee, if the FBI gets hacked, there's no way my business can survive an attack. Remember that the FBI is a huge, huge target. They have so many systems, so many people, and the bad guys really, really would love to send an email out as though they are the FBI. [00:00:49] And, they did, they used, they used the FBI's email servers to send out some of these fake emails. I thought that was kind of funny, but be that as it may, the FBI closed. But there are things you can do to protect yourself, to protect your email. And my wife and I have been working diligently on a guide. [00:01:13] Now, you know that I protect businesses. I work closely with the FBI, been doing cyber security for more than 30 years. I kind of hate to admit it. But, uh, you know, you know, I've been on the internet for more than 40 years. So I've been at this for a very, very long time and there are things you can do. So we're making available a guide. [00:01:38] So she's taken a lot of my teachings and is boiled it down. It looks like it's going to be 25 ish pages. And it's just the essential things, the primary things that you can do. To stop your email from getting hacked, your bank accounts, et cetera. There are some pretty simple things you can do. So we're putting that together, and we're also putting together a Bootcamp and both of these are free. [00:02:07] Okay. Absolutely free. And in the bootcamp, again, this book isn't about selling you all of the, my services and stuff. It's giving you. Actionable things you can do. Yes, you can do. You don't need to be the FBI or a cybersecurity expert to do them, but five things you can do that will, I don't know, 10 X, your cybersecurity, really? [00:02:35] It it's, it's that big a deal. And it's going to take you less than an hour to do all of this stuff. So for those people who like the boot camp, so we're going to have. And, uh, you know, one of these zoom things and we're going to do it live and I'm going to explain it to you, spleen it. And you're going to have some homework before the bootcamp, because I want you to have some skin in the game too. [00:03:02] Right. You're not paying me or anything. So I want to make sure that you've done your homework so we can quickly. Go through all of the stuff that we need to cover in the boot camp and people who are interested in kind of being the example, which means they are going to get more information than anybody else. [00:03:21] You can also say, Hey, listen, uh, yeah, please use mine as an example. So we'll look at all of these different things. We're going to focus in on that first bootcamp primarily on. The stuff with passwords, you know, what should you do? How should you do it? How can you tell if your password has been stolen? If your email accounts been compromised, all of that sort of thing. [00:03:44] And you need to be on my email list in order to find out about this stuff. Right. And in fact, when you sign. I've got three special reports that Karen and I wrote that are really going to be helpful for you. These are three that we've been using with our clients for years, but again, actionable. To do right, is not some marketing sales guy trying to sell you the latest, greatest piece of antivirus software that doesn't work. [00:04:18] So you can get that. If you go to Craig peterson.com right now slash subscribe. If you want the deep link, Craig peterson.com/subscribe. We'll go ahead and sign you up. I have a little automated sequence. It's going to send you the emails with all of the attachments. We got one, that's kind of an introduction to Karen and I, you get to see both of us. [00:04:44] And, uh, it's a really cool picture of when we're on vacation one time and you can get all of that again. It's free. This is the free newsletter. This isn't the paid newsletter. Craig peterson.com. Slash subscribe. All right. So I can help you out with all of that free content. And I have lots of it. I'm on the radio every week talking about free, right. [00:05:08] And you can avoid these things. So like, I kind of hate to bring up this FBI hack because as I discussed again with Karen this week, I, I don't want people to feel like there's nothing that they can do. I have a friend, her name's Laura and she's in one of my mastermind groups. And Laura is, was listening to me because another mastermind member got hacked and it had like, what was it? [00:05:36] $45,000 ultimately stolen from him. And we helped them out. And so I was explaining, okay, so here's the things you can do. And. Basically all she heard was, uh, I'm never going to be able to do this. And, and she's a technical person. She teaches people how to become business analysts, which is pretty technical, right. [00:06:00] There's a lot of steps involved in doing business and analyst work. And so I was really surprised to hear from her that she had. The securing herself was just too hard. You know, the FBI gets hacked, et cetera. And so that's why when I came to this realization, the bottom line is, yeah. Okay. It can be hard if you're like me and you've been in doing this for 30 years, you've got the curse of knowledge, right? [00:06:30] So you, you know, all of this stuff, this isn't for you. If, if you know everything, okay, this is for people who. Quite understand what's going on. Definitely don't understand what they should do. Don't know what they should buy. They don't know how to use the free stuff that Microsoft and apple give you and how to pull it all together. [00:06:52] That's what I want you to be able to understand, and we spend time every. Going through this and every newsletter. I have a, an opening now that is a lot about three to five minute read. If that it can be very, very quick read and is helping you to understand some of the things that you can and should do. [00:07:16] So you'll get that as part of the newsletter. Again, Craig peterson.com. That's in my free newsletter. You should see the paid newsletter. Uh, it's a big deal because it's your life. It's a big deal because it's your business. It's a big deal because it's your job on the line. And most of the time, and when I pick up a new client, it's somebody who's kind of the office manager. [00:07:42] Well, frankly, more than your office manager, sometimes the business owner, you know, owner operator says to the office manager, Hey, we got to do something about cybersecurity and then I get. Saying, Hey, can you do a cyber health assessment for us and that cyber health assessment, which we'll do for almost anybody out there will tell you the basic self. [00:08:05] Okay. Here's what you got to do. You've got to update this. You should turn off this software or you should do this and that with your firewall so that they have. I a little checklist, right. That they can run through. That's the whole idea behind one of these cyber health assessment. And then what happens is they say, okay, well, let's, let's talk some more and we go in and talk with them, talk with the owner. [00:08:32] Do they want to do, help them put together a more detailed plan and then they are off and running so they can do it themselves. They can hire someone, they can have us do it for them, whatever seems to make the most sense, but it's very important. To do it, to do something because sitting there trusting the Google's going to take care of you or apple or whomever, it is, uh, you know, trusting Norton antivirus is going to take care of. [00:09:04] I was reading a quote from John McAfee. He's the guy that started the whole antivirus industry. Now, of course, he passed away not too long ago, under suspicious circumstances, but he came out and said, Hey, listen, antivirus is. Because right now this year, these weren't his stats. These are stats published. [00:09:24] You can find them online. Just duck, duck, go them. Yeah. I don't use Google for most things. Uh, and you'll find that the antivirus is ineffective 77, 0% of the time. So, what do you need to do? Well, you need to listen to me here because I am going to help keep you up to date here. Some people are auditory listeners. [00:09:46] You need to make sure that you get the newsletter so that you get the weekly updates and you find out about these free trainings and special reports that we put together. Makes sense to you and you can attend the boot camps where we cover the basically one hour meetings on zoom, just like you're used to, and we cover one or more specific topics and we do it live and we use your information. [00:10:17] The information you want us to have a, do you want us to share? So how could that be better? And it's the same sort of stuff, but deeper dives and more interactive obviously than radio. And you can listen to me here every week. I think it's important that you do, and you understand this stuff. So anyways, ramble, ramble. [00:10:37] It all starts with email. How do you keep your emails safe? You might remember years ago, you, people were getting broken into and emails were sent out using their accounts. Well, that happened decades ago and it's still happening today. So. Right now, Craig peterson.com. I promise you. I am not a heavy marketer. [00:11:01] Okay. You're going to get good, actionable information that you can put to use in a matter of minutes, Craig peterson.com/subscribe. [00:11:13] Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a fist sophisticated chain attack. Your, I am trying to put on this like official voice. Right. And it didn't do so well anyways, that's what we're going to talk about, right now. [00:11:29] This is an email that came from the department of Homeland security warning about hackers in our network. [00:11:37] Okay. The subject line here, the one I'm looking at, and this is a, the justice week urgent threat. In systems read the email goes on. We tried to black hole, the transit nodes used by this advanced persistent threat actor. However, there is a huge chance you will modify as attack with fast flux technologies. [00:12:01] I don't know if that ties into a flux capacitor or not, which he proxies through. Uh, multiple global accelerators. So this is somebody who doesn't really know what they're talking about. They're just throwing up big words. We identified the threat actor to be. Somebody whom is believed to be in of course, whom wrong usage of the word here, uh, is believed to be affiliated with the extortion gang, the dark overlord, comma, uppercase. [00:12:33] We highly recommend you to check your systems and IDs monitoring. Be where this threat actor is currently working under the inspection of the MCC. I see, as we are dependent on some of his intelligence research, we cannot interfere physically within four hours, which could be enough time to cause severe damage to your infrastructure. [00:12:59] Stay safe. USDA department of Homeland security, cyber threat detection and analysis network analysis. Total control panel. So this is classic when it comes to scammers. And the classic part is that you could do. Is the grammars bad. The wording is confusing, his punctuation is wrong and he's throwing out all whole bunch of words that are used when it comes to hackers. [00:13:35] You know, there are things like advanced, persistent threats. That's one of the biggest problems in fact, businesses have today. But in reality, the way he used it, Incorrect now that's something I would notice cause I've been doing this stuff for more than 30 years, but the average person is never going to notice something like this. [00:13:59] So it's been pretty, in fact, pretty successful now, a little different than usual here. These fake messages don't have attachments. They don't have phone numbers. They don't have web links. Therefore what? Well, your email filter is not going to look at them and say, oh, these look risky. These URL links are going to risky sites. [00:14:26] I'm going to block it. Right. That's what we do. We have the advanced email filtering from Cisco that we use for our client, or that includes their amazing artificial intelligence for phishing and stuff. So an email like this is not go. To trigger those types of alarms. So they're saying don't panic, avoid contacting the FBI for further details and ignore the accusations that are made in the email. [00:14:55] This is so focused though. So is a cybersecurity company. They have, they have a lot of stuff. They have some pretty good stuff. It's not, um, there's not. But spam house is tracking it. Now, if you've ever been blacklisted, it's called black Coleen really by people who might've used your domain to send spam, or maybe you're a spammer, you've heard of spam house and I've been blacklisted before inappropriately. [00:15:25] The good news is my. That I use for emailing is about 30 years old as well. So it's got a pretty good reputation over the years, but spam house is saying now that this is a scam they've been tracking it. It's a well-known scam and it's been widely circulated. To those office managers that I said are often the people who call us when there's a cybersecurity problem, or we get calls from office managers when something doesn't look right with the emails. [00:16:01] And we have a client that had been getting these weird emails and. We were called saying, what's going on, have a look. We looked and we found all kinds of problems. Right? So that again, an office manager approaching us and thinking everything's fine because they had Norton and they had the more advanced Symantec stuff and it didn't catch. [00:16:27] Any of this really nasty stuff, but that's part of what Spamhaus does. And they're looking at it and saying, oh, okay, wait a minute. Now we're seeing these emails come out. They are definitely not coming from, uh, fbi.gov, which is what the return address is. And so spam house tags, it spam. Assassin's going to tag it and, and it's not even going to make it. [00:16:56] Anything, but a log on are our email filter. So a number of people have received it. If you've received this email, I'd love to know it because they really are trying to go after the people who are a little bit more into this now, how do they find them? Apparently? They have stolen the email addresses by scraping them from public sources. [00:17:22] So databases, uh, published by Aaron, for instance, the American registry for internet numbers. And I'm assigned my own number is CP 2 0 5 because I was so early on by Aaron they're the guys that have been managing. The basic internet domain stuff here in the U S for very long time. And it also doesn't mean by the way that Aaron had any sort of a breach. [00:17:47] And really just showing that the crooks behind this disinformation campaign have really been focusing on people who appear to be in network administration, because those are the email addresses and names that Aaron is going to have. So why are they doing this? Why are they sending it out into it's frankly, it's kinda hard to tell some of the emails have a QR code in them. [00:18:18] Now that is intriguing because here's how, again, how a lot of these basic email filters work, they look at it, they say, well, what links are in there? How many links, how much of the email is a graphic? And they understand while it's going to internet bad guys.com. There's the link right there. Forget about it. [00:18:42] I'm not going to forward this email to the intended recipient, but if there's a QR code in that email to almost every email filter out through. It only looks like a graphic. So might've been a picture of your mother as far as it knows. Most of them are not very smart. So w you getting an email, having a QR code in it and saying, oh, that's kind of interesting. [00:19:07] Let's check out that QR code. That's where the hazard com. All right. So be very, very careful fake news like this. It's not only unfair to the people who are accused in it, which is what happened here. There can be accusing your own it department. They can be accusing. People within your department, which is typically what's happening and then what they may try and do now that you don't trust your, it people, your security people, because they're mentioned by name in the email, but remember their names are probably scraped off of. [00:19:47] That you don't trust them. And now they attack you and you don't trust that you've been attacked. Right? So fake news, a term coined by Hillary Clinton during her campaign, but that's exactly what it is entirely fake. So this email, if you get one from Homeland security about threat actors in your systems, almost certain. [00:20:12] Fake fake, fake, fake stick around. We've got a lot more coming up. Don't forget to subscribe. Get my weekly newsletter. I'm going to be published and even more, I think probably starting next month. I'm going to be sending a couple emails out a week because I got to get you guys up to speed so that you're ready for the upcoming bootcamp. [00:20:35] Everybody knows about the chip shortage, right? Uh, computer chips. They're just hard to find. I'm hearing all kinds of ads from Dell lately on the radio. And they're saying just buy now. Well, they're not selling new high-end machines anymore. The white house. This is a story from the verge has allegedly kinda stepped in about Intel's plans to increase chip production. [00:21:04] And you'd think that the white house would be encouraging chip production. Considering the shortages, the justice week, it came out Tesla hasn't been delivering their electric cars. Without USB ports. Other manufacturers are no longer providing you with an electric window for your car. It's a crank window. [00:21:28] Car manufacturers did it to themselves, frankly, by stopping orders for chips during the lockdown, thinking that somehow people wouldn't need cars anymore. And yet their sales of cars went up and when they go. Yeah. Guess what happens to the price? The price goes up, right? Inflation. You have more money chasing fewer goods. [00:21:52] So they really nailed themselves. Don't feel so sorry for some of these car manufacturers. We need more chips. I mentioned one of the manufacturers of PCs, the many of us use in our offices and, and Jews in our homes. Dell is a good company. They have been for a long time. However, you gotta be careful when you're buying computers because Dell makes very low end computers all the way up through good solid servers. [00:22:22] Same. Thing's true with. P Hewlett, Packard, excuse me, Hewlett Packard. Remember those guys back in the day? Yeah. They also make everything from cheap computers that you never would buy should not buy all the way up through really good ones. It's kind of like going to Walmart, you go to the Walmart and you don't want to buy any of the computer sitting there with one exception. [00:22:48] And that is the Chromebook. If you buy a mid tier Chromebook at Walmart, you're going to get a good little computer. Doesn't run windows, doesn't run Microsoft office word, et cetera, but it can still edit those documents. And it's a very good machine that is kept up to date. Just watch the price $110 Chromebook, probably isn't going to last. [00:23:12] It doesn't have much storage on it, et cetera. A $2,000 Chromebook is probably major overhead. So go somewhere in the $400 $500 range for a Chromebook, which is by the way where they're selling some of the laptops, windows, laptops, same price point. I, again, that's why I just wouldn't buy any of that. So we need more... /episode/index/show/cptt/id/21226538

Is Your Firewall Actually Protecting You? What Should You Be Doing? 11/12/2021

Is Your Firewall Actually Protecting You? What Should You Be Doing? Is Your Firewall Actually Protecting You? What Should You Be Doing? New stats are out this week. So what's the number one vector of attack against us? Our Firewalls. And they're failing. So, what's going on. And what can you do about it? [Automated transcript follows] [00:00:16] And of course, I'm always talking about cyber security, because if you ask me that is one of the biggest problems we have in business. [00:00:27] Today. Well, yeah, you got to find employees. In fact, uh, it's almost impossible to find them in the cyber security space as well. And it's been hard for years. So I try to keep you up-to-date here. We've got boot camps that are coming up and you are really going to like them. We've been working on some supplemental materials for it. [00:00:47] And of course these boot camps are always free, so you can join it. You can have your friends come and learn the. Basics. It's not one of these high sell things. Right. I, I got a little letter in the mail this week saying, Hey, you can come and get a free steak dinner. And of course it's kind of like a timeshare, right? [00:01:09] Jay, you have to listen to the pitch. Yes. Stay over. On us. And you are going to be sitting there for four hours listening to this crazy pitch that's going on. That's not what my bootcamps are. Anybody that's been to. One of them will tell you we work on it. I explain it. You know what you have to do, how you have to do it, the wise, the winds, the wherefores. [00:01:35] So if you would like to learn more for yourself, Make sure you sign up Craig peterson.com sign up for my newsletter. And when a bootcamp is coming up, I will be sure to tell you about it in the newsletter so that you can attend. And it's important to, to understand that this is yeah. Aimed at business, the, these boot camps, but almost everything businesses have to do or shouldn't be doing the same thing applies to you in your. [00:02:08] So, if you are a small business person, if you're someone who has some it experience, and you've been assigned to worry about cyber security, this is for you. If you are a very small business and you're kind of the Jack of all trades, and you've got to worry about cybersecurity, this is for you. And I just got. [00:02:31] This week from someone on my email list who is retired and she was talking about her husband and her, they don't have any kids, no errors. They're trying to protect their financial investments. And of course I responded saying, Hey, I'm not a financial investment advisor, but I can certainly give you some cyber security input, which I did. [00:02:53] And you can ask your questions as well. I'm more than glad to hear them. And you probably, if you've sent them in, you know, I always answer them now. My big man, a few days might take me a week, but I will get around to it. And I try and respond to the emails. Sometimes I answered here on the radio show or on my podcast, but usually it's via email me. [00:03:17] At Craig peterson.com. And of course, that's also on my website, Craig peterson.com. And that's also my name Craig Peters on.com. So let's get into the firewall thing. When you have a network, you are connecting that network to your computers, maybe. To your security cameras, to your printers that you have, maybe there's a lock system. [00:03:44] Maybe there's more, all of this stuff is interconnected and it's all rather well and good. You can have a whole lot of fun with it, but it is not as particularly good if you can't get out to the internet. So what do we do? We hook our network, whether it's home or if it's business to the internet. Now, you know, all of this stuff so far, right? [00:04:06] You're following me. The internet is actually inter connected networks. In case you didn't know, there are now millions of networks that are connected on the internet. There are core networks out there. We were my company like number 10,000. I think it was, uh, a S an R a S number autonomous system. So we were fairly early on. [00:04:32] And of course, as you know, I've been on the internet in various forums since the early 1980s and helping to develop the protocols, but it is important to remember it is an interconnected network of networks. You might ask why? Well, the bottom line is you aren't connecting your network with other networks that have malicious software on them. [00:04:58] Maybe they're just poorly configured. Maybe they're causing a denial of service attack effectively because there's so badly configured. But whatever the case may be, you are still exposed. If you look at the traffic that's coming to your router. So your router is sitting at the edge of your network connected to your internet service provider. [00:05:19] So it might be Comcast or Verizon or a whole slew of others. But your network is connected via a router. Then the router knows how do I get my data from the input to the output or from the output to the input, if you will upstream and downstream data, that's what the router is for. And if you look at the data on your router and most of us can't, but if you were able to, what you will see is hundreds of thousands of internet packets coming to, and from your. [00:05:55] Router your endpoint every day. Usually these are bad guys doing what are called scans. They do port scans. They're primarily looking for services. So what do you, do you have a firewall now in many cases, you'll get a device from your Janette service provider that has a router built in and has a firewall built in, and it has wifi. [00:06:19] All of this stuff, all built in together makes life all nice and warm and fuzzy and Catalina, doesn't it. But in reality, it's not necessarily a good thing to have it all in one, because you're definitely not going to get the best of breed and router or firewall or wifi, but that's a different story. What is that firewall for that router? [00:06:41] Of course, it's getting all this internet traffic and anything that's on the internet that is. I'm trying to get to you is going to go through the. And anything that you are trying to send up to the internet, like for instance, to try and get a web page or something is also going to go up through that router. [00:07:02] So how do you protect yourself time? Was that there wasn't really much of a way to protect yourself. And frankly, there weren't a lot of reasons. To try and protect yourself. And the internet was just this wonderful open thing, lots of fun and played around a lot. Back in the early nineties, it was, it was just a joy in the late eighties to, to be connected up to the internet and then bad guys started doing bad things. [00:07:30] We took the concept of what you have in an automobile and applied it to the. If you're driving your car, your in the passenger compartment and that passenger compartment is hopefully warm in the winter and cool in the summertime. And you are protected from that big mean nasty engine that's in front of you, or if you're driving an electric car from those mean nasty batteries that are probably below you in that car and what's between you and the. [00:08:04] Of course a firewall. And the idea is to keep the nastiness of that engine, all of the heat, the oil, the grime, the wind, everything else is associated with that engine. Keep that away from you so that you can now drive that car just comfortably in that controlled climate of the passenger compartment, that concept was then applied to the inter. [00:08:30] And in fact, I designed and implemented one of the first firewalls ever made way back when and the firewall in the internet Partland is very similar to the car in the car. You have some protrusions through that fire. Don't you, you you've got a steering wheel. How does that get up to the front of the car? [00:08:53] Well, it goes through the firewall and around that steering wheel, of course there's some EBDM, some rubber type stuff that helps stop anything from coming through right next to that steering column. Same, thing's true with the brake pedal and the gas pedal. At least it used to be. Nowadays, it's so much of this as drive by wire, that the only thing going through the firewall is a wire and there's no mechanical linkage. [00:09:24] Unlike my car, which is a 1980 Mercedes-Benz diesel. Where yes, indeed. Direct linkages to everything. So the firewall in the cars protecting you from the nastiness in the engine compartment and the firewall, when it comes to your internet is doing something very similar. Think about your house for a minute, you have a house with doors and windows. [00:09:53] I would hope. And a chimney and maybe a couple of other protrusions that are going outside of the house. Well, you have some similar problems and when it comes to the internet and when it comes to the firewall, With your house, sir. Sure. You could post a guard out front, a whole series of them. You've got a dozen guards out front and they are all guarding that front door. [00:10:19] But if no, one's watching the back door, if no one's paying attention to the windows, there's still ways for the bad guys to get in. And that's what we're going to talk about. How does the internet firewall tie into this analogy of cars and the analogy of your home? Because it's a very important point when you get right down to it. [00:10:44] We need to understand this because the number one tactic reported this week by MITRE and Cisco is exploitation of public facing application. So I'm going to explain what that is. What's your firewall can do for you and what you should do for your firewall. A stick around. We've got a lot more coming up. [00:11:09] I want to invite you to go. Of course, right now, online to Craig peterson.com. Once you're there, just sign up for mind's newsletter. Simple Craig peterson.com. [00:11:25] This week, we found out what the top five tactics are that are most frequently being used by bad guys to attack us. This is done by MITRE and Cisco systems. Number one, public facing applications. What does that mean? [00:11:42] We've been talking about this report, but really what we've been delving into is how data flows on your network, whether it's a home network or maybe it's a business network, how does this whole mess work? [00:11:58] And when miters talks about the biggest problem here, 91% of the time being what's called an exploit of a public facing application, what does that mean? We went through the basics of a firewall and a router. So all of the data coming from the internet, coming into the router, then handed to the firewall. [00:12:24] Any data going out, goes into the firewall. And then the. So that's the pretty simplistic version. And of course the firewall on your network does a similar thing to the firewall in your car. It stops the bad stuff, at least it's supposed to, but your home and your car both have different ways of getting. [00:12:48] Past the firewall in the house. It's your doors and your windows in the car. Of course, it's where the steering column goes through where the brake pedal and the gas pedal go through the clutch, all of that stuff that perch, um, permeates, it goes through. That firewall. And of course, you've probably, if you're been around for awhile, you've had leaks coming through your firewall and, uh, you know, how poorest they can be sometimes. [00:13:18] Well, we have the same type of thing on our internet firewalls. Every home has doors and what we call the doors in on the internet is similar to what they call them. On the, in the Navy, on the water, the reports. So think about a porthole in a boat, or think about a, a door, a port, which is the French word for door. [00:13:45] What happens on the internet? For instance, if you're trying to connect to Craig peterson.com, you are going to connect to a specific port on my server. So the address typically, uh, is going to be resolved by DNS. And then once it gets to the server, you can connect to port 4 43. You might try and connect to port 80, but I'll do a redirect, but that's neither here nor there. [00:14:12] So you're going to connect to that port four 40. So my firewall has to say, Hey, if somebody is coming in and wants to get to port 4 43, which is called a well-known port, that's the port that all web server. Listen on. So if someone's trying to get to my port, my web server on port 4 43, let them in. But if someone's trying to get to another port, don't let them in. [00:14:48] Now there's multiple ways to respond or not respond. I can talk about that right now. That'd be for deep dive workshop, but the idea is. Each application that you are connecting to, or that your providing has. Part of the problem that we've been seen. And this is a very big problem is that people are not changing the administrative passwords on their machines. [00:15:20] So administrative passwords mean things like admin for the username and admin for the password on your firewall. So. Your firewall, if you have what's called when admin enabled, what that means is someone on the wide area network. In other words, The internet, someone on the internet or on the, when can connect to your firewall and control it. [00:15:51] This is, as you can imagine, a very big thing, and it is something that we cover in one of our workshops, explained it all and all of the details and what to do, but most businesses and most people have not properly configured their firewalls. When we're talking about number one, problem, 91% of the time being an exploit against public facing applications. [00:16:18] What that means is they could very well just be trying to connect to the administrative interface on your firewall. Unfortunately, they will often offer. Change the software on your firewall. So they won't just reconfigure. They'll just change it entirely. And they'll do all kinds of evil things. Again, we're not going to get into all of that and what to look for and what can happen. [00:16:44] But number one thing everybody's got to do, and I saw some stats this week as well, that made me want to bring the. Most people and most businesses about two thirds have not changed the default passwords on the hardware that they have. Now it can understand sometimes the kids confusing. No question about. [00:17:07] But if you don't change the password on something that's public facing, in other words, something that can be reached from the internet or again, the wide area network. I know there's a lot of terms for this, but something that someone else can get at from outside your network. And it's the default password like admin admin, you could be in a whole lot of. [00:17:35] So check that right now, please double check that triple check that because even if you have a router from a big internet service provider, again, like the Comcast Verizon's, et cetera of the world, they will almost always have it set up. So you can change that administrative password and Jewish. Now I, again, for clients, I have some different advice than I have for, for just regular users, but make sure you change that. [00:18:09] And here's the second part of the problem. What happens if you have a business and let's say you're not hosting your own website, like I've been doing for a couple of decades and how three 30 years, I guess now. Um, and so you've got your website hosted at some. Web height site, hosting place, you know, Gator or one eye and one eye and one or GoDaddy or whatever. [00:18:35] Okay. So, okay. That's fine. So let's not inside our network. Uh, w we don't worry about the security because that's the vendor's problem. Now we're talking about, okay, what happens. My users who need to work from home. This gets to be a very big problem for so many people, because work from home is important. [00:19:00] So what are you going to do? Well, basically in most cases, unfortunately, businesses are just exposing an application to the internet. So they might, they might. Terribly configured networks, where there is a direct connection that goes right to the files. So you connect to a port on their firewall and it immediately redirects it internally. [00:19:30] Remaps it to the file server. And some people are really, really clever. Alright. Or so they think, because what they'll do is they'll say, okay, well, you know, that, that normal port number. Okay. So I'm going to move. Port number. So you're going to connect to port 17, 17 on my firewall, and it's going to connect you to the file share on my file server so that people from home can just connect to port 17, 17, and ta-da, there are all the files and yeah, we're, we're using passwords, so it'll be okay. [00:20:06] It'll be fine. Um, but, uh, guess what it isn't for a few. Different reasons are we're going to be talking about those here in just a minute. Yeah, I want to encourage you right now. Take a minute. Go online. Craig peterson.com. You'll find lots of information there. I've got 3,500 articles, all searchable, Craig peterson.com. [00:20:32] But more importantly, make sure you sign up for my newsletter. Craig peterson.com/subscribe. So that you can keep up to date on everything that is important in all of our lives. [00:20:51] We're talking about firewalls at home at the office, what it means to have public facing services, really applications, people working from home. How can you make it easy for them and hard for the bad guy? [00:21:15] Many businesses had to quickly change the way their computers were set up because of course the lockdown and people working from home. [00:21:26] And, um, unfortunately. Many mistakes were made. And some of this, in fact, I'm going to talk a lot of this problem up to these managed services providers break, fix shops. My, my fellow information technology contractors, if you will, because they didn't know any. Most of these people have been computer people, their whole lives, right. [00:21:55] They played with PCs when they were young and they might've taken a course or two and wow. MCSC certified. Believe me, this is not something that a straight up MCSC or. And frankly, most of the it certifications can really understand or really handle the cybersecurity can be done, but there's so many things they overlook just like what I was just talking about, exposing a file server directly to the internet. [00:22:29] I mentioned, okay. While they thought it was going to be safe because there's a username and password, but there's a couple of huge problems here. Problem. Number one. When you're exposing a service to the internet, like for instance, the files server, you are exposing software that may have exploitable, but. [00:22:54] And again, going back to those stats from earlier this week, more than half of all of the systems that are out there are not patched to date. It's so bad that president Biden just ordered the federal government agencies to apply patches some as old as three years. So what happens now? Well, the bad guy scan, and guess what they found. [00:23:23] Port that you thought was just so clever because it wasn't the standard port number for that service. Maybe it's SMB or CIFS or something else. And, uh, they found it because they scan, they look, they see what the response is that tells them what type of a server sitting there. And then they try, well, let me see. [00:23:45] There's the zero day exploits, but why bother with those? Let's just start with the good old standard ones. And unfortunately, because so many machines are not patched up at all, let alone properly patched up. You, they end up getting into the machine. It's really that simple, just because it's not patched up. [00:24:08] How does that sound? Huh? Yeah, it's just plain, not patched up. It's not available for anyone to be able to use anybody to be able to access. Right. It there it's not restricted. So the passwords don't matter if you haven't patched your systems. And then the second problem is that. Are brute force attacks against so many servers out there. [00:24:36] And most of... /episode/index/show/cptt/id/21148133

You Know How To Use Fake Email Addresses to Stay Safe? 11/05/2021

You Know How To Use Fake Email Addresses to Stay Safe? If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [Automated transcript follows] [00:00:16] Email is something that we've had for a long time. [00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control. [00:00:46] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and it gets sort of almost all of the fishing and a lot of the spam and other things that are coming. [00:01:09] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it. [00:01:34] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp. [00:01:55] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail. [00:02:20] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account. [00:02:42] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular. [00:03:10] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature. [00:03:30] This lets you create random email addresses and those email addresses. And up in your regular, uh, icloud.com or me.com, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing. [00:03:57] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I cloud.com that doesn't tell anybody. Who you are, and you can put a label in there. [00:04:21] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an [email protected] [00:04:45] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, cobb.com. Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, [email protected] and it's supposedly from bank of America, you instantly know that is spam. [00:05:23] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire beats.com. This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it. [00:05:53] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an [email protected] and now emails that Libson wants to send me. I'll go to Craig. [email protected] Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right. [00:06:28] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out. [00:06:55] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy. [00:07:17] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at is Firefox. [00:07:37] Have a [email protected] And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there. [00:07:57] And then if you're interested, by the way, just send an email to me, me. Craig peterson.com. Please use that email address [email protected] because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail. [00:08:22] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage. [00:08:45] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man. [00:09:12] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail. [00:09:35] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's temp-mail.org. Don't send anything. That is confidential on this. [00:09:57] Don't include any credit card numbers, nothing. Okay. But temp-mail.org will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool. [00:10:22] It's quite simple. So I'm right there right now. temp-mail.org. And I said, okay, give me email address. So gave me one. [email protected] Is this temporary email, so you can copy that address. Then you can come back into again, temp-mail.org and read your email for a certain period of time. So it is free. [00:10:48] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts. [00:11:12] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig peterson.com. Make sure you subscribe to my newsletter. [00:11:25] Well, you've all heard is up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed? [00:11:42] Ransomware is terrible. It's crazy. Much of it comes in via email. [00:11:49] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record. [00:12:21] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year. [00:12:50] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your. [00:13:27] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case. [00:13:55] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't productively like some friend, right. And you can go ahead and send them an email with a link in it. [00:14:20] And they click the link and it installs ransomware and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig peterson.com. But this article goes through. What are some of the steps it's by Daniel Clayton? [00:14:48] It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window. You might want to check it out, but he's got a nice little list here of things that you want to do. [00:15:13] So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things. Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving. [00:15:47] And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play. It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years. [00:16:27] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, and. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware. [00:16:50] They had to shut down globally for. Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything. [00:17:14] One of the ladies in one of my mastermind groups basically said that, right? Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling. [00:17:37] So he was just kind of freaking out for good. But I explained, okay, so here's what you do. And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it. [00:18:03] Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero. You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants. [00:18:29] Turn it off one or more systems. I might've gotten ransomware. And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every. [00:18:56] Not just pull the plug. I w I'm talking about the ethernet cable, right? Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has. [00:19:18] Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced. And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense. [00:19:40] You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want. Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing. [00:20:00] You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay. Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away. [00:20:25] But you got to figure that out. There's no one size fits all for all of this. At over $11,000 for an individual ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig Peterson.com and get my newsletter along with all of the free trainings. [00:20:52] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of clever. [00:21:08] By now you must've seen if not used QR codes. [00:21:12] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using. [00:21:35] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows. [00:22:02] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day. [00:22:39] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered? [00:23:01] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now. [00:23:26] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments. [00:24:01] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code. [00:24:26] So even if... /episode/index/show/cptt/id/21068795

How Ransomware, Trojanware, and Adware Hurt You 10/29/2021

How Ransomware, Trojanware, and Adware Hurt You How Ransomware, Trojanware, and Adware Hurt You. And Why ExpressVPN Isn't Safe to Use. Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most? [Automated Transcript Follows] [00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us. [00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now that pretty much everybody is going to be facing a serious ransomware attack within the next 12 months. The numbers are staggering. And what are they doing while now they're getting you with the double whammy. [00:00:50] The first whammy is they encrypt your data. Your computers are encrypted, everything on them. So you can't use them anymore. Bottom line. Yeah, they'll boot they'll run enough in order to be able for you to pay that ransom. But any document that you might care about, any PDF, any word doc, and the spreadsheet is going to be encrypted. [00:01:14] And the idea behind that is. You have to pay in order to get that decryption key about 50% of the time. Yeah. About half of the time. Even if you pay the ransom, you'll get your data back the rest of the time. No, you you'll never see it again. So what do you do about that type of ransomware? Well, obviously most people just pay the rent. [00:01:39] But that's gone up as well. We've seen over a hundred percent increase in the amount of ransom people happy. So what's the best thing to do. What's the easiest thing to do in order to help you with this type of ransomware while it's obviously to have good backups. Now I'm going to be doing a bootcamp. [00:02:00] We're going to talk about this and a workshop. I really want to get going with these one week long workshops. So we'll do a, at least a couple of times a month in these boot camps that we'll do pretty much every week here, but they're coming up fairly soon. You'll only know about them. If you are on my email list, that is Craig peterson.com and the number one thing that you can do to. [00:02:27] You when you're hit with this type of rent somewhere, because if you're not taking all of the other precautions, you should be digging under really good that you're going to get hit the better than 50%. And once you do is have a good backup, and I want to warn everybody because I've seen this again and against people just keep making this mistake, probably because they don't get it. [00:02:51] They don't understand why and where and how, when it comes to ransom. The mistake is they do a backup to a local desk. Now, many times the backup is on a thumb drive or USB drive. So you just go to the big box store. You go to Amazon, you order an external drive. You're just amazed how cheap they are. [00:03:16] Nowadays. Once you've got that drive, you plug it in. You turn on some backup software. Maybe it's something you've used for some years, maybe. If you have a Mac, you're just using the built-in backup software. Even the windows operating system now comes with some built-in backup and you think you're off and running because every so often it back. [00:03:40] If we're using a Mac is smart enough to not only back up your whole machine, but as you're editing files, it's going to go ahead and make a backup of that file as you're editing it. So if there is a crash or something else, you're not going to lose much. I just love the way apple does that. Huge problem. [00:03:59] Because if the disc is attached to your machine, or let's say that disc is on a file server, cause you're smart, right? You set up some network attached storage of some sort and your machine has access to it. And so you're sending it off of your machine to a central. Well, you still got a problem because if your machine can read or more particularly right to a location on your network or locally, that ransomware is going to also encrypt everything, it can find there. [00:04:37] So, if you are sharing a network drive and you get ransomware, when you remember the odds are better than 50%, you're gonna get it. Then what happens? What would this type of ransomware it not only encrypts the files on your computer, but encrypts them on the backup as well. And it also encrypts them on any of the. [00:04:58] File servers or network attached storage the, to have on your network. So now everything's encrypted. You wonder why someone and people pay the ransom? Oh, that's a large part of the reason right there. And I keep saying this type of ransomware because there isn't another type of ransomware and they usually go hand in hand. [00:05:21] The bad guys were not making enough money off of holding your files. Rants. So the next thing the bad guys have done is they've gone to a different type of extortion. This one is, Hey, if you don't pay us, we are going to release your files to the world. Now they might do it on a dark website. They might do it on a publicly available site, which is what many of them are starting to do now. [00:05:51] And you're going to either be embarrassed or subject to a lot of fines or both, because now if your files have. Confidential information. Let's say it's your intellectual property. Now, anybody who bothers to search online can find your intellectual property out there. If you have anything that's personally identifiable information. [00:06:18] And it gets out. Now you are subject to major fines. In fact, in some states like California and Massachusetts, you are subject to fines. Even if the bad guys don't post it online. So that's the second type of ransomware and it's a bad type. And usually what'll happen is the bad guys, get their software on your machine and they can do it in a number of different ways. [00:06:45] One of the popular ways to do it now is to just break in because. Our businesses, we've, we've set up something called remote desktop, and we're using remote desktop for our users to get in. And maybe we're using some form of a VPN to do it with, or maybe we've made the mistake of using express VPN. And, uh, we have that now connected up to our homes and we think that that's keeping us safe. [00:07:13] And I got a few things to say about that as well. These VPN services. What happens now while Microsoft remote desktop has been under major attack and there are some major flaws. Some of these were patched more than a year ago now, but according to recent studies, 60%, almost two thirds of businesses have not applied the patches. [00:07:42] You know, th this is basic stuff. And I understand how hard it can be and it can be confusing and you can break your systems, but you have to weigh that against well, what's going to happen if our systems are broken into, because we didn't apply the patch. So that's the second type of ransomware and that's what most people are afraid of and for good reason. [00:08:07] And one of the things we do for businesses and we do ransomware audits, we have a look at your systems, your firewalls, et cetera, and make recommendations to. Man. I got to talk about this too, cause it really upset me this week. I signed up for a webinar just to see what was going on. There's a company out there that sells these marketing systems to managed services providers. [00:08:33] And I, I, I had to turn it off like instantly because it was just such. Garbage that they were telling managed services providers MSPs to do. I couldn't believe it. So this guy was talking about how, again, I turned it back on and I said, Hey, I've got to watch us anyways, because I need to know what's going on. [00:08:54] And this guy was telling these managed services providers, how they can double their clothes. I couldn't believe this guy. Cause he was saying that what they do is they offer to do a ransomware audit for businesses and they say, normally we charge $6,000 to do a ransomware audit, but I tell you what we'll do it for you for. [00:09:20] Now, this is a guy that he had an MSP managed services provider. Apparently he had started it and he was bringing in more than $1 million per month in revenue. Can you imagine that monthly recurring revenue over a million dollars? And so he's telling people businesses, Hey, I have a $6,000 audit that we'll do. [00:09:47] For free, Hey people, how long have we said, if you're not paying for something your, the product remember Facebook, right? Google, Instagram, all of those guys, Twitter, you don't pay for it, but your information is the product. So what's this guy doing well, guess what? His audit, it's going to show his audit. [00:10:10] It's going to show that you need him. And he's sucked in hundreds of businesses and he didn't even know what he was doing when it came to the audits or protecting them. It is insane. What's going on out there. I am ashamed of my industry, absolutely ashamed of it. You know, I've got my first attack, successful attack against my company back in 91 92. [00:10:42] And I learned this stuff because I had to, and I help you guys because I don't want you to get stuck. Like I was so important, important word of advice. If you want to nod it, go to someone that charges you for the audit. That's going to do a real one. It's going to give you real advice that you can really need and use rather than, Hey, you knew do use me. [00:11:11] Because my free audit tells you so, so many scams. [00:11:15] What is ad where in what is crypto, where these are two types of real, kind of bad things. Won't gray areas, things that are hurting us, our mobile devices, our businesses. And our homes. [00:11:32] Adware is also a type of malware that's been around a long time. But it does live in a gray area. [00:11:42] And that gray area is between basically marketing and, uh, well outright fraud. And I don't even want to call it just marketing because it's very aggressive market. What they will do with add where is they? They will have some JavaScript code or something else that's embedded on a webpage, and that's usually how you get it. [00:12:09] And then once it's in, in your browser, it sits there and it pops up things. So it'll pop up an ad for this, pop up an ad for that, even if it's. Uh, part of the site that you're on right now, and it can live for months or years on your computer. We've known for a long time about ad where on the windows environment and how it has just been just terribly annoying at the very least Microsoft and genetic Explorer. [00:12:40] One of the worst web browsers ever. Perpetrated on humankind was well-known for this. And of course, Microsoft got rid of internet Explorer, and then they came up with her own symposer browser, the edge browser that was also openly scorned. And so Microsoft got rid of their edge browser and switched over to basically Google Chrome chromium, and then changed his name to the edge browser. [00:13:11] And so you think you're running edge, but you're kind of not, you kind of are. So they did all of that in order to help with compatibility and also to help with some of these problems that people have had using that Microsoft browser online, very, very big problems. So what can you do about it and what does it do to you and where can be very. [00:13:37] You might've had it before words always popping up again and again and again on your browser, just so crazy knowing it it's insane, but it can also be used to spy on where you're going online and potentially to, to infect you with something even worse. Sometimes some of this ad where we'll purposely click on ads, that the people who gave you the ad were, are using as kind of like a clickbait type thing. [00:14:09] So you go to a website and it was. Automatically click certain ads and click on unbeknownst to you, right? It's as though you went there so that people have to pay for that ad. And sometimes aids are very, very complicated. Sometimes they'll use. In order to drive a competitor out of business or out of the market, because the ads are so expensive because so many people are supposedly clicking on the ads. [00:14:40] But in reality, you didn't click on the ad. You're not going to see that page that you supposedly clicked on, and it's going to cost that advertiser money, whole bunch of money. You might not care. Right. But it is. Ad ware over on the Mac, however, is the only real malware menace at all I had to where is something that choosed fairly frequently on the Mac? [00:15:09] It is pretty darn easy to get rid of. And as a general rule, it doesn't work very well on the Mac. Although I have seen some cases where it got very, very sticky. Where someone ended up installing it, it wasn't just running in the browser, but they installed it on their Mac, which is something you should never do. [00:15:29] But apple has some things in place to help stop any of this from happening. And it's gotten a lot better. I haven't seen this problem in a couple of years, but apple is using the signature based blocking technology called export. They also have at apple, this developer based notarization of apps. And so the run of the mill malware, which includes most of this Al where really can't find a foothold. [00:15:57] But I want to remind everybody that if they can get Al add where onto your computer, they might be able to get something worse. So you really got to keep an eye out for no two ways about it. There are some companies out there, for instance, there's this one. Parrot, which is a program linked to this Israeli marketing firm that gains persistence on your browser and potentially could gain root access to the Mac system. [00:16:30] So careful, careful on all fronts now. Anti-malware stuff that we use for our clients is called amp, which is an advanced malware protection system. That's been developed by our friends over at Cisco it's amp is very, very good. Unfortunately, you cannot get it unless you buy it from somebody like us and you have to buy so many seats for some of this stuff, it gets gets expensive quickly. [00:17:00] Um, if you can't do that much, a lot of people like Malwarebytes, there are some very good things about it, but be careful because in order for this to work, this is Railey parrot software to work. It has a fake install. So again, it's just be careful if you know how apple installed software, you know that unless you have instigated it, it's not going to be installed. [00:17:30] You're not just going to see an installer. And say, Hey, we're apple install us. Right? Apple just does it in the background when it comes to updates patches. But they're very sneaky here trying to install things like the Adobe floor. Player, which has been deprecated. Deprecated is completely now gone from Mac systems and from windows systems, you should not be using flash at all anymore. [00:18:02] It was very, very bad. So up becomes you, you go to wound stole the leaders flash player, or, and I'm sure they're going to change this or something else, right? It won't be flashed in a future. It'll be a Adobe. Would you also don't need on a Mac. So anyhow, that's what you got to be careful of ad were still a big problem in windows. [00:18:25] Not much as much as it used to be. Uh, thanks to the change to Google Chrome, which Microsoft has rebranded as of course its own edge browser. Much of a problem at all on Macs, but be very, very careful in either platform about installing software that you did not start installing. Now earlier this year, there's a security firm called red Canary that found something that's been named silver Sparrow. [00:18:58] That was on a. 30,000 Mac computers. And apparently the developers for this malware had already adapted it to apples and one chip architecture and have distributed this binary, this program as a universal binary. Now in the macro, the member doesn't just use Intel. It used to use power PCs and then it used Intel. [00:19:21] And now it's using its own architecture for the chips themselves. So a universal binary is something that will run on Mac Intel based and Mac architecture base. But, uh, the bottom line is that this proof of concept. Malware, if you will had no payload. So we know it's out there, we seen it now on almost 30,000 Mac computers, but at this point it's not really doing much, much at all. [00:19:53] So. These are malicious search engine results and they're directing victims to download these PKGs, which are Mac packaged format installers based on network connections from your browser shortly before download. So just be very careful about all of that. It can be something as annoying as malware or something as a malicious. [00:20:17] Well, potentially as ransomware. Particularly if you're running windows, Hey, if you want to find out more about this, if you want to get into some of my free courses here, we got free boot camps coming up. Make sure you go to Craig peterson.com/subscribe. More than glad to send you my show notes, a little bit of training, and of course, let you attend these free bootcamps that are now to sell you stuff, but solve problems for you. [00:20:49] Hey, if you use VPNs to try and keep yourself safe, particularly if you use express VPN. Wow. What just came out is incredible. It is anything but safe and secure. [00:21:06] Express VPN was purchased by a company called Cape K A P E. Cape is a company that had changed its name because oh, things were bad. [00:21:19] Right. It was originally founded under the name of cross writer. And you might've seen notices from your anti-malware software over the years for everything from Malwarebytes on saying that, oh, it blew up. To this cross writer piece of malware, most of the time it's ad ware, but it is really interesting to see because this company was founded by a person who was part of the Israeli secret service. Right? So it wasn't of course not. It's not called the secret service over there in Israel. And it, frankly, it compares to our NSA, you know, no such agency. Yeah. It's part of unit 8,200 in the Israeli intelligence military. And it's been dubbed, of course, Israel's NSA. Teddy Saggy, which was one of these investors also was mentioned in the Panama papers. [00:22:24] Remember those? We talked about those back in 2016, those were leaked and that showed these law firm, this one particular law firm in panel. And that we're sheltering assets for people all over the world. And so now that express VPN is owned by this company that is, this company built entirely by intelligence agents for almost a billion. [00:22:55] Dollars in cash and stock purchases. That's a much, they sold express VPN for almost a billion dollars, which is kind of crazy when you think of it as a VPN service, but makes a lot of sense. If you're going to want to monitor what people are doing, where they're going, maybe even break into their systems or better choice than a VPN provider and the. [00:23:20] The company has been buying up VPN providers and is now the proud owner of express VPN. If you attended my VPN workshop that I had, oh, it's probably been a year and I'm going to start doing these again. I promise, I promise. I promise, but you know how much I just like VPNs. In fact, one of you guys, I'm sorry, I forgot your name. [00:23:46] Send me. A couple of weeks ago now about VPNs and saying, I know how much you disliked VPN look at this article. And it was talking about this whole thing with express VPN. So they just now all over the place, the discussions online about what. Been to hear who the founder was, the CEO, the CTO, this growing portfolio that they have in Sunbrella of ownerships, that now is centralized in a multiple VPNs. [00:24:15] Now, Cape technology only started acquiring VPN companies about four years ago. And they've been in business now for over a decade. And what were they doing before? They started buying VPN companies? While they own VPN companies. Oh, they... /episode/index/show/cptt/id/20988701

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? 10/15/2021

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man. [00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out. [00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. [00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the. [00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end. [00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user. [00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom. [00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack. [00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%. [00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the. [00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints. [00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right? [00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned. [00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things. [00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running. [00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software. [00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself. [00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock. [00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now. [00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news. [00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in. [00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys. [00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions. [00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out. [00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop. [00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with. [00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around. [00:11:25] We'll [00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message. [00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. [00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall. [00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from. [00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay. [00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know. [00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found. [00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years. [00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff. [00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine. [00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information. [00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay. [00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera. [00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network. [00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised. [00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about. [00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment. [00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured. [00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military. [00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with. [00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this. [00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around. [00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? [00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at. [00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush. [00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state. [00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%. [00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's... /episode/index/show/cptt/id/20835209

What Happened With Facebook's Outage? When Will It Happen Again? 10/05/2021

What Happened With Facebook's Outage? When Will It Happen Again? What Happened With Facebook's Outage? When Will It Happen Again? Facebook had a huge outage all of its properties. So why did it happen? How did it happen? And what's going to happen in the future? The frankly, some of this technology just isn't that stable. And I'm going to explain why right now! [Automated transcript follows] [00:00:20] I've already talked about it a little bit this morning on the show, but Facebook was. Facebook was down a lot. Facebook too was down a long time. And Mr. Zuckerberg has now lost about $7 billion because of how long it was down. And Craig Peterson joins us now to talk a little bit about exactly what happened, why it matters, what it means and so much more. [00:00:39] Craig, how are you this morning? [00:00:41] Hey, good morning. Doing well. [00:00:42] Thanks. Good to have you as always. So tell me first. What actually happened yesterday. I read that the explanation from Facebook seems like not a big deal as just a configuration problem, a little unexpected issue. They're not sure exactly what happened or looking into it. [00:00:57] It's not a big deal though. Continue on with your day. What's the reality, what actually happened. [00:01:01] Yeah, nothing to see here. You look at the number of companies and the companies Facebook has bought over the years, basically since 2005, they've spent $410 billion on all these companies named some names. [00:01:17] You might actually recognize you remember Friendster? [00:01:20] I do remember friends. Yes. That was a little, that's a little bit back there, but yeah. [00:01:25] That was about 10 years ago, they paid $40 million for that. But of course, Facebook has moved on from that and owned all kinds of companies. Right now. [00:01:35] It's got Instagram, WhatsApp, by the way they paid 19 billion is what it's wiping sorts out Oculus live rail and many [00:01:45] others basically. That's when Ben one of the main complaints events. Supposedly being a monopoly is that they've been gobbling up their competition and other things that maybe even weren't competition, but things they could just add to the big beast and have it consolidated at all under Facebook's banner. [00:02:02] Yeah. So the problem that tech guys have is this scale, massive scale. So on top of all of that, they have they claimed to have almost half the people. Earth go logging on to Facebook. So how do you deal with numbers like these and gets very difficult. And what appears to have happened is they're using a tool. [00:02:26] There's a few that we use. And in fact, we'd had a similar problem yesterday with my company's networks, where w here's what happened? Here's the basics, right? You heard it was a DNS problem. Some people have said that. That's not the real problem. The real problem lies underneath that. And it's something that we have to deal with because we're working with multiple companies that have multiple network connections, and that's where it comes from the multiple network connections. [00:02:56] So on the internet, what happens if you're going to go to Facebook, you're typing in facebook.com that has to be turned into an internet address. And to do that, you use DNS. But how bout beneath that basically the street directory who has main street in downtown Portsmouth. For instance, if you want to get there, there's another protocol that's used beneath DNS, and this protocol is used to actually map the, these addresses, these internet numbers. [00:03:32] So that was the problem yesterday. And I checked it online myself with a site that we use to monitor all of this type of ad dressing. And what turned out had happened is Facebook stopped advertising where it addresses. If you tried to look up Facebook, you couldn't find it. And you got a DNS error because the DNS servers addresses were unknown. [00:03:57] You knew the address, but you didn't know how to get to that address on the. And Facebook has become so big. They're using automated tools in order to push the configurations to all of these, what are called BGP servers. So what probably happened yesterday in reading some things on Reddit and other places where there are some people who claim to be working for Facebook, what probably happened. [00:04:26] Somebody forgot to put the peer configurations into their BGP routing tables, pushed it out to all of their BGP routers worldwide. Now I've got to say on the outage that lasted six or eight hours with a problem. This is amazing because now you have to worry about the cold start of the whole. Some kind of like Texas, another four minutes, they would have been without power in some areas for months, [00:04:57] we were referring to it. [00:04:58] I'm thinking of a cold start your side. It sounds like you're starting a car. It's too cold outside and the car just doesn't have enough juice in the battery. So it's a, is that basically what happened? [00:05:06] Yeah. Yeah. What happened is you couldn't get to anything. Facebook probably could not get to its own routers to update the configuration. [00:05:14] Similarly took so long then is that they really were having a difficult time even gaining access to the thing that would be necessary to fix it. [00:05:20] Exactly. And there were a lot of people, myself included that were thinking man, it's going to be days because the cold start also has problems with like caches. [00:05:31] For instance, you go to a page. There's pictures, there's videos, there's texts while all of that information gets stored in a cache. So it doesn't have to be generated every time somebody sees something. So there would be cold Cassius out there that would need to be updated. It's a nightmare. This was a nightmare scenario for them and was probably caused by letting some junior guy. [00:05:55] We'll make some changes through their BGP table. [00:05:59] That is remarkable. We're talking with Craig Peterson, our tech guru. He joins us on Wednesdays typically to go over the world of technology. And of course we'll do that tomorrow as well, but we wanted to have him join us to talk a little bit about Facebook before I let you go. [00:06:11] Craig. I The implications of this, I think are massive. I take to consider, even if you don't care about Facebook, if you don't use it, it's not part of your life. Obviously it is such a big part of not just American life, but this is a worldwide issue, right? I It is used by billions and billions of people and this kind of an outage lasting this long is not only unprecedented, but really important in terms of having good Lord. [00:06:34] If you're a, if you're a Facebook. I was talking about that a little bit earlier this morning. If you had Facebook stock, how do you feel today? I know mark Zuckerberg doesn't feel great. That's why he lost $7 million of value yesterday. How does this affect at Facebook, the company going forward here, this, and when you combine this with the whole whistleblower thing, it's not exactly been a good week. [00:06:51] Yeah, not at all. This problem frankly, comes from the early days or earlier days of the internet. I was on the internet back in the early 1980s and helping to develop the protocols. And back then, we were not worried that. That's type of massive scale. We were not worried about hackers, really getting in. [00:07:13] Cause it was a great community. I'm most of us knew each other and we used to joke around and have a lot of fun. These protocols were not designed for the types of problems we're seeing today. So until these problems are solved, not by Facebook, but by the internet community as a whole, these types of things can happen again. [00:07:37] So Facebook, it could go down again because frankly we have seen times where for instance, traffic from the Washington DC area was all routed through Moscow. So you would send data from the white house and I'm know to someone in the building, across the street. And it was referred through mosque gal who knows what the Russians are doing with all of that data, but we just don't have the safeguards in place that would support, frankly, the way we are using the internet today. [00:08:12] Facebook could face this problem. Again, we're talking about fiber as much as I've seen numbers, $500 million an hour in lost revenue from Facebook, but it could happen to anyone. And I'm sure there will be a lot of work here. Others, people sharpening pencils, and finally getting in line on how do we actually do. [00:08:33] The stop work at huge scale. Huge. We're talking now hundreds of billions, probably trillions of devices connected to the internet by 2025. [00:08:46] They're actually sharpening pencils. Craig, you think anybody uses pencils anymore? I begged to do. Not a technology companies. Craig Peterson, we appreciate it as always. [00:08:55] Of course you hear them on Saturdays as well on WGAN and we'll hear his voice tomorrow, joining us for the more traditional tech topics, other things besides Facebook to chat about, obviously, but we appreciate him joining this morning. Thanks a lot, Greg. And we'll talk to you tomorrow. [00:09:07] Take care. /episode/index/show/cptt/id/20710889

Could Using the Right Multi-Factor Authentication Save You? 10/03/2021

Could Using the Right Multi-Factor Authentication Save You? Could Using the Right Multi-Factor Authentication Save You? I had a good friend who, this week, had his life's work stolen from him. Yeah. And you know what caused it? It was his password. Now, you know what you're supposed to be doing? I'm going to tell you exactly what to do right now. Let's get right down to the whole problem with passwords. I'm going to tell you a little bit about my friend this week. He has been building a business for. Maybe going on 10 years now, and this business relies on advertising. Most companies do so in some way; we need to have new customers. There's always some attrition. Some customers go away. So how do we keep them? We do what we can. How do we get new customers? For him, it was. Advertising, primarily on Facebook. He did some Google ads as well, but Facebook is really where he was focused. So how did he do all of that? Here's the bottom line you have to, if you are going to be advertising on Facebook, you have to have an advertising account. The same thing's true. Google. And then, on that account, you tie in either your bank account or your credit card. I recommend a credit card so that those transactions can be backed up. And on top of all of that now, of course, you have to use a pixel. So the way the tracking works is there are pixels on websites, about those already. And the bottom line with the pixels. Those are also. Cookies are about the pixels are used to set a cookie so that Facebook knows what sites you've gone to. So he uses those. I use those. In fact, if you go to my website, I have a Facebook pixel that gets set. And the reason for all of that is so that we know with. I'd be interested in something on the site. So I know that there are many people interested in this page or that page. And so I could, I have not ever, but I could now do some advertising. I could send ads to you so that if you were looking at something particular, you'd see ads related to that, which I've always said. It is the right way to go. If I'm looking to buy a pickup truck, I love to see ads for different pickup trucks, but if I don't want a car or truck, I don't want to see the ads. It isn't like TV where it sometimes seems every other ad is about. Car or a pickup truck. It drives me crazy because it's a waste of their money in advertising to me. After all, I don't want those things. And it's also not only just annoying in money-wasting. There are better ways to do targeting. And that's what the whole online thing is. Anyways, I told you about that because he had set up this pixel years ago. Basically, the Facebook pixel gets to know you. All of the people who like you that might've bought from you. Cause you can have that pixel track people through your site, your purchase site, they know what you purchase on the shopping cart, et cetera. And you can identify these people over on Facebook and their ads because they abandoned the cart or whatever it is you want to do there. So there's just a whole ton of stuff that you can do for these people. And it's so bad. It is so valuable. It takes years to build up that account. Years to put that pixel in place. And our friend here, he had done precisely that. Then he found that his account had been compromised. And that is a terrible thing in this case because the bad guy used his account to place ads. So now there are really two or three problems here. We'll talk about one of them. Why was the bad guy going after him? He has been running ads on Facebook for a long time. So as far as Facebook is concerned, his account is credible. All of the ads he runs don't have to be reviewed by a human being. They can go up almost immediately. He doesn't have to wait days for some of these things to go up. So our bad guy can get an account like his that has years' worth of advertising credibility and now start advertising things that are not correct. So there again is part of the value of having one of these older accounts for advertising. And so the bad guy did that use his credibility. And then secondly, he used 25 grand worth of my friend's money to run ads. Also, of course, very bad, very bad. So I sat down with him. In fact, it was this last week, and I was out on a trip with just a vacation trip. It was absolutely fantastic. I never just do vacation. It's always business plus work whenever I do anything like this, but I was on a trip last week. And so my eldest son who works closely with me, and he's also part of the FBI InfraGard program. So I had him reach out to my friend, and he helped them out, and they talked back and forth. So here's the problem that he has. And I'm trying to figure out a perfect way to solve this. And I haven't figured that out yet. And if you guys have an idea because you are the best and brightest, you really are. So go ahead and drop me an email at [email protected] if a good way around this particular problem, which is he has. This Facebook could count and many other accounts, including his website, hosting account, email account, et cetera. And. He has people who manage his ads for him. Who operates his website for him, who put up some promotions, advertising, and everything else. So these are third-party. This is what we generically call a supply chain, risk people who are not him have access to his stuff, his private property. And how does he do it, or how did he do it? Is he went ahead and gave them. Access by giving them accounts or passwords. How well were they guarding their passwords and their accounts? So the first thing I had my friend do was going to haveIbeenpwned.com. I had him put in his email address, the one he uses the most, and it showed up in five different. Hacks data dumps. So these are five various sites where he had used that same email address in this case. And he found out that in those five cases, the bad guy's got his passwords and personal information. All bad. And he went ahead and cleaned it up. So I said put in the password because have I been, pwned also let you check your password, just see if it has been used by someone else and then stolen. So there are billions of passwords in this database. It's incredible of all of these known passwords. So he put in his password, and no, it had not been stolen, but the problem is how about the people that were managing his ads on Facebook and managing his Facebook ad. We're the usernames, which are typically the email addresses and the passwords kept securely. That's a supply chain thing I'm talking about, and that's where I'd love to get him. But from you guys, [email protected] If you think you have a good answer, What we've been doing. And our advice to him was use one password. That's the only one to use. I don't trust last pass anymore. After their last big hack where they got hacked one password, the digit one password. And go ahead. And set it up. And in a business scenario, you can have multiple vaults. So have a vault. That's just for people that are dealing with your Facebook ad account, maybe have another vault for people who are posting for you on Facebook. Or better yet when it comes to Facebook, go ahead and have an intermediary that is trusted the, if this, then that, or there's a few of them out there that can see that you put the post up on the website and automatically posted on Facebook. So you don't have to get. All of these people, your passwords, but again, it's up to you. You got to figure out if that makes sense to you that those are the types of things that I think you can do. And that is what we do as well. Now, one of the beauties of using one password like that, where you're not sharing all of your passwords to everything you're sharing, the minimum amount of login information that you possibly can share is that if they leave your employees, All you have to do is remove their access to the appropriate vault or vaults, or maybe all of your vaults. And this is what I've done with people that worked for me in the US and people would work for me overseas, and there have been a lot of them and it has worked quite well for me. So with one pass, We can enforce password integrity. We can make sure the passwords on stolen. One password ties automatically into have I been postponed. If a password has been exposed, if it's been stolen online, it's a great way to go. Now I've got an offer for you guys who are listening. I have a special report that I've sold before on passwords, and it goes through talks about one password. He talks about the last pass, which I'm no longer really recommending, but give some comparisons and how you can use these things. Make sure you go and email me right now. Me, [email protected] That's ME at Craig Peterson dot com and just ask me for the password special report, and I'll be glad to get that on-off to you. There is a lot of good detail in there and helps you, whether you're a home user or a business. So the next step in your security is multi-factor authentication. Interesting study out saying that about 75% of people say that they've used it for work or for business, but the hard numbers, I don't think they agree One of the things that you have to do is use good passwords. And the best way to do that is to use a password manager. I was talking about a friend of mine who had been hacked this last week and his account was hacked. His Facebook ad account was hacked. We asked him if we could reach out to. BI and he said, sure. So we checked with the FBI and they're looking to turn this into a case, a real case, because they've never seen this type of thing, the hijacking of an advertising account who hijacked it. And why did they hide jacket? Was this in preparation maybe for. Playing around with manipulating our next election cycle coming up. There could be a lot of things that they're planning on doing and taking over my friend's account would be a great way to have done it. So maybe they're going to do other things here. And our friends at the FBI are looking into it. How now do you also keep your data safe? Easily simply. When we're talking about these types of accounts, the thing to look at is known as two factor authentication or multifactor authentication. You see my friend, if he had been using multi-factor authentication. I would not have been vulnerable. Even if the bad guys had his username, email address and his password, they still would not be able to log in without having that little six-digit code. That's the best way to do multi-factor authentication. When we're talking about this code, whether it's four or 5, 6, 8 digits long, we should not be using our cell phones to receive those. At least not as text messages, those have a problem because our phone numbers can be stolen from us and they are stolen from us. So if we're a real target, in other words, they're going after you. Joe Smith and they know you have some, $2 million in your account. So they're going after you while they can, in most cases, take control of your phone. Now you might not know it and it doesn't have to be hacked. All they have to do is have the phone company move your phone number to a new phone. Once. So that means one of the things you need to do is contact your telephone vendor, whoever it is, who's providing new that service. That's a company like Verizon sprint T-Mobile a T and Tone of those companies that are giving you cell service, you have to contact them and set up a pass. So that if they have a phone call coming in and that phone call can be faked. So it looks like it's coming from your phone, even if there was a phone call coming in, whether it's coming from your phone or not, they have to get that password or passcode that you gave them. And once they have that passcode now, and that's great, but if you don't have that in there targeting you specifically, then you're in trouble. So for many of us really it may not make a huge difference. But I would do it anyways. I have done it with every one of my cell phone carriers now. A couple of decades set up a password. So the next step is this multifactor authentication. If I'm not supposed to get it via text message to my phone, how do I get it? There are a couple of apps out there. There's a free one called Google authentic. And Google authenticator runs on your phone. And once it's there on your phone and you are setting it up on a website, so Facebook, for instance, your bank, most websites out there, the bigger ones, all you have to do is say, I want to set up multi-factor authentication, and then it'll ask you a case. So how do you want to do it? And you can say, I want an app and they will display. A Q R code. That's one of those square codes with a bunch of little lines inside of it. You're seeing QR codes before they become very common. And you take your phone with the Google authenticator app. Take a picture. Of that little QR code on the screen, and now it will start sinking up so that every 30 seconds Google authenticator on your phone will change that number. So when you need to log back into that website, it's going to ask you for the code. You just pull up Google authenticator and there's the code. So that's the freeway to do it. And not necessarily the easiest way to. Again, going back to one password. I use this thing exclusively. It is phenomenal for keeping my passwords, keeping them all straight and then encrypted vault, actually in multiple encrypted vault it's so that I can share some of them. Some of them are just strictly private, but it also has that same authenticator functionality built right into it. Microsoft has its own authenticator, but you can tell Microsoft that you want to use the standard authenticator. Of course, Microsoft has to do everything differently. But you can tell it. And I do tell it, I want to use a regular authenticator app, not Microsoft authenticator. By the way. That's why I advise you to don't use the Microsoft authenticator, just use one authenticator for all of the sites, and then Microsoft will give you that same QR code. And then you can take that picture and you're off and running. Next time you log in, it asks you for the code and instead of texting it to you to your phone smarter, otherwise it will not. That require you to open up your authenticator. So for me, for instance, when I'm logging into a website, it comes up and asks for the username, asked for the password. Both of those are filled out automatically by one password for me. And then it asks for that code identification code and. One password automatically puts it into my pace to buffer copy-paste, buffer, and I just paste it in and they've got the code. So I don't have to remember the codes. I don't remember passwords. I don't have to remember usernames or email addresses. One password remembers them all for me. Plus it'll remember notes and other things. So you can tell, I really one password. We use it with all of our clients. That's what we have for them. And it does meet even a lot of these DOD requirement on top of. Depending again, how much security you need. We will use duo D U O and it also has this authenticator functionality and we will also use UBI keys. These are those hardware key. They do oh, can provide you with hardware tokens. Those are those little tokens that can go onto your key ring. That show a changing six-digit number every 30 seconds. And that's the same number that would be there in your smartphone app. Your one password or Google authenticator smartphone. Hopefully, I didn't confuse you too much. I think most of the reason we're not using the security we should is because we're not sure how to, and we don't know what we're going to be. And I can see that being a big problem. So if you have questions about any of this, if you would like a copy of my password security, special report, just send an email to me. M [email protected] That's me M [email protected] That's S O N.com. I'll be glad to send it to you. Also, if you sign up for my newsletter there on my [email protected], you are going to get. I was hold little series of the special reports to help you out, get you going. And then every week I send out a little bit of training and all of my articles for the week. It's usually six to 10 articles that I consider to be important so that, what's going on in the cybersecurity world. So you can. With it for yourself, for your family, for your business. Craig peterson.com. According to researchers. 32% of teen girls said that when they felt bad about their bodies, Instagram made them feel worse. And you know what Facebook knew and knows Instagram is toxic for teen girls. There's a great article that came out in the Wall Street Journal. And I'm going to read just a little bit here from some of the quotes first. When I went on Instagram, all I saw were images of chiseled bodies, perfect. Abs and women doing 100 burpees in 10 minutes, said, Ms. Now 18, who lives in Western Virginia. Amazing. Isn't it. The one that I opened now with 32% of teen girls said that when they felt bad about their bodies, Instagram, I made them feel worse. So that is studies again, that looks like yeah, these were researchers inside Instagram and they said this in a March, 2020 slide presentation that was posted to Facebook's internal message board that was reviewed by the wall street journal quote comparisons on Instagram can change how young women view and describe themselves. Apparently, for the past three years, Facebook has been conducting studies into how Instagram is affecting its millions of young users. Now, for those of you who don't know what Instagram is, it allows these users to create little stories, to have. Pictures videos of things that they're doing, and it's a lifestyle type thing you might've heard, of course, of how this I don't know what it is. Kidnapping murder plot. These, this young couple and the body I think was found up in Wyoming. I'm trying to remember, but of her and it's yeah, there it is. It wasn't my OMI. And I'm looking up right now, Gabby potato. That's who it is. She was what they called a micro influence. And I know a lot of people who can loom, that's what they want to be. There's a young lady that stayed with us for a few months. She had no other place to live. And so we invited her in here and we got some interesting stories to tell about that experience. And it's, a little sad, but anyhow, she got back up on her feet and then she decided she was going to become an influence. And what an influencer is someone that has a lot of followers. And of course, a lot means different numbers. You get these massive influencers that have tens of millions of people that quote, follow unquote them. And of course, just think of the Kardashians they're famous for. Being famous, nothing else. They have subsequently done some pretty amazing things. At least a few of them have. We've got one of those daughters who now was the first earliest billionaire. I think it was ever youngest. So they have accomplished some amazing things after the fact, but they got started. By just becoming famous by posting on these social media sites. So you get a micro-influencer, like Gabby Petito, who is out there posting things and pictures. And you look at all of these pictures and, oh my gosh, they're up at this national park. Oh, isn't she so cute. I'll look at her boyfriend. They'll look so good together and people. Fall for that image, right? It's just like Photoshopping these pictures of models, changing them. There've been some real complaints about those over the years. So Instagram sets these kids up with these pictures of people that are just totally unrealistic. One of the slides from a 2019 presentation says, quote, we make body. Excuse me. We make body image issues worse for one in three teenage girls teams, blame Instagram for increases in the rate of anxiety. And depression said another slide. This reaction was unprompted and consistent across. Groups among teens is this according to the wall street... /episode/index/show/cptt/id/20689787

Craig Peterson - America's Leading CyberSecurity Strategist

TOPICS