Craig Peterson - America's Leading CyberSecurity Coach

America’s Leading Security Coach to Small Business, the FBI, Homeland Security, Department of Defense, Department of Energy, The Whitehouse, all major DoD contractors, including Raytheon, Boeing, Lockheed, BAE, and more. Dozens of US State, County, and City governments. School Districts, Hospitals, Doctors, and Clinics. All major financial institutions in the United States, including The Federal Reserve, Fidelity, Bank of America, Visa, M/C, etc. Providing Network Security since 1991.

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? 10/15/2021

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man. [00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out. [00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. [00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the. [00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end. [00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user. [00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom. [00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack. [00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%. [00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the. [00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints. [00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right? [00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned. [00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things. [00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running. [00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software. [00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself. [00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock. [00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now. [00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news. [00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in. [00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys. [00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions. [00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out. [00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop. [00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with. [00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around. [00:11:25] We'll [00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message. [00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. [00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall. [00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from. [00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay. [00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know. [00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found. [00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years. [00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff. [00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine. [00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information. [00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay. [00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera. [00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network. [00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised. [00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about. [00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment. [00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured. [00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military. [00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with. [00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this. [00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around. [00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? [00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at. [00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush. [00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state. [00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%. [00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's... /episode/index/show/cptt/id/20835209

What Happened With Facebook's Outage? When Will It Happen Again? 10/05/2021

What Happened With Facebook's Outage? When Will It Happen Again? What Happened With Facebook's Outage? When Will It Happen Again? Facebook had a huge outage all of its properties. So why did it happen? How did it happen? And what's going to happen in the future? The frankly, some of this technology just isn't that stable. And I'm going to explain why right now! [Automated transcript follows] [00:00:20] I've already talked about it a little bit this morning on the show, but Facebook was. Facebook was down a lot. Facebook too was down a long time. And Mr. Zuckerberg has now lost about $7 billion because of how long it was down. And Craig Peterson joins us now to talk a little bit about exactly what happened, why it matters, what it means and so much more. [00:00:39] Craig, how are you this morning? [00:00:41] Hey, good morning. Doing well. [00:00:42] Thanks. Good to have you as always. So tell me first. What actually happened yesterday. I read that the explanation from Facebook seems like not a big deal as just a configuration problem, a little unexpected issue. They're not sure exactly what happened or looking into it. [00:00:57] It's not a big deal though. Continue on with your day. What's the reality, what actually happened. [00:01:01] Yeah, nothing to see here. You look at the number of companies and the companies Facebook has bought over the years, basically since 2005, they've spent $410 billion on all these companies named some names. [00:01:17] You might actually recognize you remember Friendster? [00:01:20] I do remember friends. Yes. That was a little, that's a little bit back there, but yeah. [00:01:25] That was about 10 years ago, they paid $40 million for that. But of course, Facebook has moved on from that and owned all kinds of companies. Right now. [00:01:35] It's got Instagram, WhatsApp, by the way they paid 19 billion is what it's wiping sorts out Oculus live rail and many [00:01:45] others basically. That's when Ben one of the main complaints events. Supposedly being a monopoly is that they've been gobbling up their competition and other things that maybe even weren't competition, but things they could just add to the big beast and have it consolidated at all under Facebook's banner. [00:02:02] Yeah. So the problem that tech guys have is this scale, massive scale. So on top of all of that, they have they claimed to have almost half the people. Earth go logging on to Facebook. So how do you deal with numbers like these and gets very difficult. And what appears to have happened is they're using a tool. [00:02:26] There's a few that we use. And in fact, we'd had a similar problem yesterday with my company's networks, where w here's what happened? Here's the basics, right? You heard it was a DNS problem. Some people have said that. That's not the real problem. The real problem lies underneath that. And it's something that we have to deal with because we're working with multiple companies that have multiple network connections, and that's where it comes from the multiple network connections. [00:02:56] So on the internet, what happens if you're going to go to Facebook, you're typing in facebook.com that has to be turned into an internet address. And to do that, you use DNS. But how bout beneath that basically the street directory who has main street in downtown Portsmouth. For instance, if you want to get there, there's another protocol that's used beneath DNS, and this protocol is used to actually map the, these addresses, these internet numbers. [00:03:32] So that was the problem yesterday. And I checked it online myself with a site that we use to monitor all of this type of ad dressing. And what turned out had happened is Facebook stopped advertising where it addresses. If you tried to look up Facebook, you couldn't find it. And you got a DNS error because the DNS servers addresses were unknown. [00:03:57] You knew the address, but you didn't know how to get to that address on the. And Facebook has become so big. They're using automated tools in order to push the configurations to all of these, what are called BGP servers. So what probably happened yesterday in reading some things on Reddit and other places where there are some people who claim to be working for Facebook, what probably happened. [00:04:26] Somebody forgot to put the peer configurations into their BGP routing tables, pushed it out to all of their BGP routers worldwide. Now I've got to say on the outage that lasted six or eight hours with a problem. This is amazing because now you have to worry about the cold start of the whole. Some kind of like Texas, another four minutes, they would have been without power in some areas for months, [00:04:57] we were referring to it. [00:04:58] I'm thinking of a cold start your side. It sounds like you're starting a car. It's too cold outside and the car just doesn't have enough juice in the battery. So it's a, is that basically what happened? [00:05:06] Yeah. Yeah. What happened is you couldn't get to anything. Facebook probably could not get to its own routers to update the configuration. [00:05:14] Similarly took so long then is that they really were having a difficult time even gaining access to the thing that would be necessary to fix it. [00:05:20] Exactly. And there were a lot of people, myself included that were thinking man, it's going to be days because the cold start also has problems with like caches. [00:05:31] For instance, you go to a page. There's pictures, there's videos, there's texts while all of that information gets stored in a cache. So it doesn't have to be generated every time somebody sees something. So there would be cold Cassius out there that would need to be updated. It's a nightmare. This was a nightmare scenario for them and was probably caused by letting some junior guy. [00:05:55] We'll make some changes through their BGP table. [00:05:59] That is remarkable. We're talking with Craig Peterson, our tech guru. He joins us on Wednesdays typically to go over the world of technology. And of course we'll do that tomorrow as well, but we wanted to have him join us to talk a little bit about Facebook before I let you go. [00:06:11] Craig. I The implications of this, I think are massive. I take to consider, even if you don't care about Facebook, if you don't use it, it's not part of your life. Obviously it is such a big part of not just American life, but this is a worldwide issue, right? I It is used by billions and billions of people and this kind of an outage lasting this long is not only unprecedented, but really important in terms of having good Lord. [00:06:34] If you're a, if you're a Facebook. I was talking about that a little bit earlier this morning. If you had Facebook stock, how do you feel today? I know mark Zuckerberg doesn't feel great. That's why he lost $7 million of value yesterday. How does this affect at Facebook, the company going forward here, this, and when you combine this with the whole whistleblower thing, it's not exactly been a good week. [00:06:51] Yeah, not at all. This problem frankly, comes from the early days or earlier days of the internet. I was on the internet back in the early 1980s and helping to develop the protocols. And back then, we were not worried that. That's type of massive scale. We were not worried about hackers, really getting in. [00:07:13] Cause it was a great community. I'm most of us knew each other and we used to joke around and have a lot of fun. These protocols were not designed for the types of problems we're seeing today. So until these problems are solved, not by Facebook, but by the internet community as a whole, these types of things can happen again. [00:07:37] So Facebook, it could go down again because frankly we have seen times where for instance, traffic from the Washington DC area was all routed through Moscow. So you would send data from the white house and I'm know to someone in the building, across the street. And it was referred through mosque gal who knows what the Russians are doing with all of that data, but we just don't have the safeguards in place that would support, frankly, the way we are using the internet today. [00:08:12] Facebook could face this problem. Again, we're talking about fiber as much as I've seen numbers, $500 million an hour in lost revenue from Facebook, but it could happen to anyone. And I'm sure there will be a lot of work here. Others, people sharpening pencils, and finally getting in line on how do we actually do. [00:08:33] The stop work at huge scale. Huge. We're talking now hundreds of billions, probably trillions of devices connected to the internet by 2025. [00:08:46] They're actually sharpening pencils. Craig, you think anybody uses pencils anymore? I begged to do. Not a technology companies. Craig Peterson, we appreciate it as always. [00:08:55] Of course you hear them on Saturdays as well on WGAN and we'll hear his voice tomorrow, joining us for the more traditional tech topics, other things besides Facebook to chat about, obviously, but we appreciate him joining this morning. Thanks a lot, Greg. And we'll talk to you tomorrow. [00:09:07] Take care. /episode/index/show/cptt/id/20710889

Could Using the Right Multi-Factor Authentication Save You? 10/03/2021

Could Using the Right Multi-Factor Authentication Save You? Could Using the Right Multi-Factor Authentication Save You? I had a good friend who, this week, had his life's work stolen from him. Yeah. And you know what caused it? It was his password. Now, you know what you're supposed to be doing? I'm going to tell you exactly what to do right now. Let's get right down to the whole problem with passwords. I'm going to tell you a little bit about my friend this week. He has been building a business for. Maybe going on 10 years now, and this business relies on advertising. Most companies do so in some way; we need to have new customers. There's always some attrition. Some customers go away. So how do we keep them? We do what we can. How do we get new customers? For him, it was. Advertising, primarily on Facebook. He did some Google ads as well, but Facebook is really where he was focused. So how did he do all of that? Here's the bottom line you have to, if you are going to be advertising on Facebook, you have to have an advertising account. The same thing's true. Google. And then, on that account, you tie in either your bank account or your credit card. I recommend a credit card so that those transactions can be backed up. And on top of all of that now, of course, you have to use a pixel. So the way the tracking works is there are pixels on websites, about those already. And the bottom line with the pixels. Those are also. Cookies are about the pixels are used to set a cookie so that Facebook knows what sites you've gone to. So he uses those. I use those. In fact, if you go to my website, I have a Facebook pixel that gets set. And the reason for all of that is so that we know with. I'd be interested in something on the site. So I know that there are many people interested in this page or that page. And so I could, I have not ever, but I could now do some advertising. I could send ads to you so that if you were looking at something particular, you'd see ads related to that, which I've always said. It is the right way to go. If I'm looking to buy a pickup truck, I love to see ads for different pickup trucks, but if I don't want a car or truck, I don't want to see the ads. It isn't like TV where it sometimes seems every other ad is about. Car or a pickup truck. It drives me crazy because it's a waste of their money in advertising to me. After all, I don't want those things. And it's also not only just annoying in money-wasting. There are better ways to do targeting. And that's what the whole online thing is. Anyways, I told you about that because he had set up this pixel years ago. Basically, the Facebook pixel gets to know you. All of the people who like you that might've bought from you. Cause you can have that pixel track people through your site, your purchase site, they know what you purchase on the shopping cart, et cetera. And you can identify these people over on Facebook and their ads because they abandoned the cart or whatever it is you want to do there. So there's just a whole ton of stuff that you can do for these people. And it's so bad. It is so valuable. It takes years to build up that account. Years to put that pixel in place. And our friend here, he had done precisely that. Then he found that his account had been compromised. And that is a terrible thing in this case because the bad guy used his account to place ads. So now there are really two or three problems here. We'll talk about one of them. Why was the bad guy going after him? He has been running ads on Facebook for a long time. So as far as Facebook is concerned, his account is credible. All of the ads he runs don't have to be reviewed by a human being. They can go up almost immediately. He doesn't have to wait days for some of these things to go up. So our bad guy can get an account like his that has years' worth of advertising credibility and now start advertising things that are not correct. So there again is part of the value of having one of these older accounts for advertising. And so the bad guy did that use his credibility. And then secondly, he used 25 grand worth of my friend's money to run ads. Also, of course, very bad, very bad. So I sat down with him. In fact, it was this last week, and I was out on a trip with just a vacation trip. It was absolutely fantastic. I never just do vacation. It's always business plus work whenever I do anything like this, but I was on a trip last week. And so my eldest son who works closely with me, and he's also part of the FBI InfraGard program. So I had him reach out to my friend, and he helped them out, and they talked back and forth. So here's the problem that he has. And I'm trying to figure out a perfect way to solve this. And I haven't figured that out yet. And if you guys have an idea because you are the best and brightest, you really are. So go ahead and drop me an email at [email protected] if a good way around this particular problem, which is he has. This Facebook could count and many other accounts, including his website, hosting account, email account, et cetera. And. He has people who manage his ads for him. Who operates his website for him, who put up some promotions, advertising, and everything else. So these are third-party. This is what we generically call a supply chain, risk people who are not him have access to his stuff, his private property. And how does he do it, or how did he do it? Is he went ahead and gave them. Access by giving them accounts or passwords. How well were they guarding their passwords and their accounts? So the first thing I had my friend do was going to haveIbeenpwned.com. I had him put in his email address, the one he uses the most, and it showed up in five different. Hacks data dumps. So these are five various sites where he had used that same email address in this case. And he found out that in those five cases, the bad guy's got his passwords and personal information. All bad. And he went ahead and cleaned it up. So I said put in the password because have I been, pwned also let you check your password, just see if it has been used by someone else and then stolen. So there are billions of passwords in this database. It's incredible of all of these known passwords. So he put in his password, and no, it had not been stolen, but the problem is how about the people that were managing his ads on Facebook and managing his Facebook ad. We're the usernames, which are typically the email addresses and the passwords kept securely. That's a supply chain thing I'm talking about, and that's where I'd love to get him. But from you guys, [email protected] If you think you have a good answer, What we've been doing. And our advice to him was use one password. That's the only one to use. I don't trust last pass anymore. After their last big hack where they got hacked one password, the digit one password. And go ahead. And set it up. And in a business scenario, you can have multiple vaults. So have a vault. That's just for people that are dealing with your Facebook ad account, maybe have another vault for people who are posting for you on Facebook. Or better yet when it comes to Facebook, go ahead and have an intermediary that is trusted the, if this, then that, or there's a few of them out there that can see that you put the post up on the website and automatically posted on Facebook. So you don't have to get. All of these people, your passwords, but again, it's up to you. You got to figure out if that makes sense to you that those are the types of things that I think you can do. And that is what we do as well. Now, one of the beauties of using one password like that, where you're not sharing all of your passwords to everything you're sharing, the minimum amount of login information that you possibly can share is that if they leave your employees, All you have to do is remove their access to the appropriate vault or vaults, or maybe all of your vaults. And this is what I've done with people that worked for me in the US and people would work for me overseas, and there have been a lot of them and it has worked quite well for me. So with one pass, We can enforce password integrity. We can make sure the passwords on stolen. One password ties automatically into have I been postponed. If a password has been exposed, if it's been stolen online, it's a great way to go. Now I've got an offer for you guys who are listening. I have a special report that I've sold before on passwords, and it goes through talks about one password. He talks about the last pass, which I'm no longer really recommending, but give some comparisons and how you can use these things. Make sure you go and email me right now. Me, [email protected] That's ME at Craig Peterson dot com and just ask me for the password special report, and I'll be glad to get that on-off to you. There is a lot of good detail in there and helps you, whether you're a home user or a business. So the next step in your security is multi-factor authentication. Interesting study out saying that about 75% of people say that they've used it for work or for business, but the hard numbers, I don't think they agree One of the things that you have to do is use good passwords. And the best way to do that is to use a password manager. I was talking about a friend of mine who had been hacked this last week and his account was hacked. His Facebook ad account was hacked. We asked him if we could reach out to. BI and he said, sure. So we checked with the FBI and they're looking to turn this into a case, a real case, because they've never seen this type of thing, the hijacking of an advertising account who hijacked it. And why did they hide jacket? Was this in preparation maybe for. Playing around with manipulating our next election cycle coming up. There could be a lot of things that they're planning on doing and taking over my friend's account would be a great way to have done it. So maybe they're going to do other things here. And our friends at the FBI are looking into it. How now do you also keep your data safe? Easily simply. When we're talking about these types of accounts, the thing to look at is known as two factor authentication or multifactor authentication. You see my friend, if he had been using multi-factor authentication. I would not have been vulnerable. Even if the bad guys had his username, email address and his password, they still would not be able to log in without having that little six-digit code. That's the best way to do multi-factor authentication. When we're talking about this code, whether it's four or 5, 6, 8 digits long, we should not be using our cell phones to receive those. At least not as text messages, those have a problem because our phone numbers can be stolen from us and they are stolen from us. So if we're a real target, in other words, they're going after you. Joe Smith and they know you have some, $2 million in your account. So they're going after you while they can, in most cases, take control of your phone. Now you might not know it and it doesn't have to be hacked. All they have to do is have the phone company move your phone number to a new phone. Once. So that means one of the things you need to do is contact your telephone vendor, whoever it is, who's providing new that service. That's a company like Verizon sprint T-Mobile a T and Tone of those companies that are giving you cell service, you have to contact them and set up a pass. So that if they have a phone call coming in and that phone call can be faked. So it looks like it's coming from your phone, even if there was a phone call coming in, whether it's coming from your phone or not, they have to get that password or passcode that you gave them. And once they have that passcode now, and that's great, but if you don't have that in there targeting you specifically, then you're in trouble. So for many of us really it may not make a huge difference. But I would do it anyways. I have done it with every one of my cell phone carriers now. A couple of decades set up a password. So the next step is this multifactor authentication. If I'm not supposed to get it via text message to my phone, how do I get it? There are a couple of apps out there. There's a free one called Google authentic. And Google authenticator runs on your phone. And once it's there on your phone and you are setting it up on a website, so Facebook, for instance, your bank, most websites out there, the bigger ones, all you have to do is say, I want to set up multi-factor authentication, and then it'll ask you a case. So how do you want to do it? And you can say, I want an app and they will display. A Q R code. That's one of those square codes with a bunch of little lines inside of it. You're seeing QR codes before they become very common. And you take your phone with the Google authenticator app. Take a picture. Of that little QR code on the screen, and now it will start sinking up so that every 30 seconds Google authenticator on your phone will change that number. So when you need to log back into that website, it's going to ask you for the code. You just pull up Google authenticator and there's the code. So that's the freeway to do it. And not necessarily the easiest way to. Again, going back to one password. I use this thing exclusively. It is phenomenal for keeping my passwords, keeping them all straight and then encrypted vault, actually in multiple encrypted vault it's so that I can share some of them. Some of them are just strictly private, but it also has that same authenticator functionality built right into it. Microsoft has its own authenticator, but you can tell Microsoft that you want to use the standard authenticator. Of course, Microsoft has to do everything differently. But you can tell it. And I do tell it, I want to use a regular authenticator app, not Microsoft authenticator. By the way. That's why I advise you to don't use the Microsoft authenticator, just use one authenticator for all of the sites, and then Microsoft will give you that same QR code. And then you can take that picture and you're off and running. Next time you log in, it asks you for the code and instead of texting it to you to your phone smarter, otherwise it will not. That require you to open up your authenticator. So for me, for instance, when I'm logging into a website, it comes up and asks for the username, asked for the password. Both of those are filled out automatically by one password for me. And then it asks for that code identification code and. One password automatically puts it into my pace to buffer copy-paste, buffer, and I just paste it in and they've got the code. So I don't have to remember the codes. I don't remember passwords. I don't have to remember usernames or email addresses. One password remembers them all for me. Plus it'll remember notes and other things. So you can tell, I really one password. We use it with all of our clients. That's what we have for them. And it does meet even a lot of these DOD requirement on top of. Depending again, how much security you need. We will use duo D U O and it also has this authenticator functionality and we will also use UBI keys. These are those hardware key. They do oh, can provide you with hardware tokens. Those are those little tokens that can go onto your key ring. That show a changing six-digit number every 30 seconds. And that's the same number that would be there in your smartphone app. Your one password or Google authenticator smartphone. Hopefully, I didn't confuse you too much. I think most of the reason we're not using the security we should is because we're not sure how to, and we don't know what we're going to be. And I can see that being a big problem. So if you have questions about any of this, if you would like a copy of my password security, special report, just send an email to me. M [email protected] That's me M [email protected] That's S O N.com. I'll be glad to send it to you. Also, if you sign up for my newsletter there on my [email protected], you are going to get. I was hold little series of the special reports to help you out, get you going. And then every week I send out a little bit of training and all of my articles for the week. It's usually six to 10 articles that I consider to be important so that, what's going on in the cybersecurity world. So you can. With it for yourself, for your family, for your business. Craig peterson.com. According to researchers. 32% of teen girls said that when they felt bad about their bodies, Instagram made them feel worse. And you know what Facebook knew and knows Instagram is toxic for teen girls. There's a great article that came out in the Wall Street Journal. And I'm going to read just a little bit here from some of the quotes first. When I went on Instagram, all I saw were images of chiseled bodies, perfect. Abs and women doing 100 burpees in 10 minutes, said, Ms. Now 18, who lives in Western Virginia. Amazing. Isn't it. The one that I opened now with 32% of teen girls said that when they felt bad about their bodies, Instagram, I made them feel worse. So that is studies again, that looks like yeah, these were researchers inside Instagram and they said this in a March, 2020 slide presentation that was posted to Facebook's internal message board that was reviewed by the wall street journal quote comparisons on Instagram can change how young women view and describe themselves. Apparently, for the past three years, Facebook has been conducting studies into how Instagram is affecting its millions of young users. Now, for those of you who don't know what Instagram is, it allows these users to create little stories, to have. Pictures videos of things that they're doing, and it's a lifestyle type thing you might've heard, of course, of how this I don't know what it is. Kidnapping murder plot. These, this young couple and the body I think was found up in Wyoming. I'm trying to remember, but of her and it's yeah, there it is. It wasn't my OMI. And I'm looking up right now, Gabby potato. That's who it is. She was what they called a micro influence. And I know a lot of people who can loom, that's what they want to be. There's a young lady that stayed with us for a few months. She had no other place to live. And so we invited her in here and we got some interesting stories to tell about that experience. And it's, a little sad, but anyhow, she got back up on her feet and then she decided she was going to become an influence. And what an influencer is someone that has a lot of followers. And of course, a lot means different numbers. You get these massive influencers that have tens of millions of people that quote, follow unquote them. And of course, just think of the Kardashians they're famous for. Being famous, nothing else. They have subsequently done some pretty amazing things. At least a few of them have. We've got one of those daughters who now was the first earliest billionaire. I think it was ever youngest. So they have accomplished some amazing things after the fact, but they got started. By just becoming famous by posting on these social media sites. So you get a micro-influencer, like Gabby Petito, who is out there posting things and pictures. And you look at all of these pictures and, oh my gosh, they're up at this national park. Oh, isn't she so cute. I'll look at her boyfriend. They'll look so good together and people. Fall for that image, right? It's just like Photoshopping these pictures of models, changing them. There've been some real complaints about those over the years. So Instagram sets these kids up with these pictures of people that are just totally unrealistic. One of the slides from a 2019 presentation says, quote, we make body. Excuse me. We make body image issues worse for one in three teenage girls teams, blame Instagram for increases in the rate of anxiety. And depression said another slide. This reaction was unprompted and consistent across. Groups among teens is this according to the wall street... /episode/index/show/cptt/id/20689787

Are You Using Encrypted Email Yet? Here's How! 09/18/2021

Are You Using Encrypted Email Yet? Here's How! Are You Using Encrypted Email Yet? Here's How! Security emails aren't something that most people think much about. Yet, they're becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff? [Automated transcript] Email is something that's been around now for quite a while. It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email functionality is something that we've always needed. Usually, it was for just communicating within a group. And then, in the early eighties, when I got on the internet, we could send email to people all over the world, and the email then looked a lot like it did. Now you net email, we use different types of addressing for, but basically, it's the same thing that we're used to today. Many of us have Gmail accounts. I have some Gmail accounts. I use them basically for throw-away stuff that I don't want to have tracked. I don't use Gmail for anything that I consider particularly important, because again, it's not saying. So now there are two types of security. Really. We need to consider, and I got an email from one of the listeners today. Who's on my newsletter? And he said, Hey, I love all of the stuff you put in the newsletter every week. It helps keep me updated on what's happening in cyber security and what things I need to know. But I'm reluctant to click on any of the links in your email because they're all trackers. I do that so that I know what the people who subscribed to the newsletter are interested in. So, for example, I see many people clicking on an email I sent out a few months ago talking about different emails, services, and which ones provide the most WhatsApp security. If a lot of people click on that, Then I know. Oh, okay. Great. People are interested in this. So I'll talk more about it on the radio show. I'll probably put something together for the newsletter so that they have it. It's like the example I've used for a couple of decades now, which is, Hey, if I'm looking to buy a car, I don't mind seeing a car. Because it gives me something to compare. If I'm looking to buy an F150, I don't want to see ads for the latest Chrysler minivan. I'd like to see ads for people who are competing to sell me a Ford pickup truck. Maybe some competitors, maybe Dodge gets in there with the Ram or Chevy. Their truck, but I wanted to focus in it. It just makes sense to me because I don't want to waste time on some shoes when that's not what I'm interested in and the person who's paying to show me this ad for shoes is wasting money and being a small businessman. I hate to see that I know what it's like. It gets really frustrating to be spending a lot of money on advertising. That really is not going in. So you have that type of a monitoring where the advertisers are looking at, what you are looking at, what you're searching for. They know the sites you're going to, they know you're interested in that. F-150. Make sense to you? It certainly does to me as well. So I don't have a big problem at all with a people collecting basic advertising information about me. It starts to go over a line. It's a little bit of a, an obscured thing, frankly, but it starts to go over the line where they're gathering all this information that could be useful for a bad. We don't want hackers to have the information. I want to have a hack free life. I don't want them going out there and finding information about me and, oh, I'm going to be on vacation. I'm going to be out of town for three weeks and unable to be reached. And so that gives them the opportunity to now go in via phishing campaign. Maybe try and get my CFO to write a check to somebody or, do something that's frankly, quite malicious. What do we do? How do we deal with that? What makes sense there? That's a really good question, frankly, and that line has to be drawn by you personally. I draw it as, I don't really care most of the time if someone knows. So here's what I do with my mail client. I turn off the automatic download of photos of pictures, and that way I can see the email. And if it's. Piece of spam, where I don't even want that spammer to know that I opened the email. They're not going to be able to find out because my male client is not downloading photos. The way it works is you as a marketer or as a spammer. In this case, you are giving a unique URL for that. So that unique URL. Now, if that photo's downloaded, tells you that almost certainly that person opened your email. What's a legitimate email address. You can spam it some more in the future, a little bit more about them. The same thing is true with my emails. For instance, if you sign up at Craig peterson.com/subscribe, and you get my weekly email. The training and all the other stuff, that's, all for free in there. You now are telling me when you open it, that you opened my email. Now, why would you want to tell me that? Why would you want to tell anybody that? Nowadays when it comes to email delivery, one of the things we have to face as businesses and as a marketer, who am I using? Mt. Is that you are great. Every email is scored. This has been true for a long time. SpamAssassin the software I've used for. I don't even know how long now, at least a decade, maybe two. And it looks at the content of the email. It looks to see how much of the email is a graphic. How much of it is using these types of words that are often used by spammers or. Maybe crazy marketers. So they will score that email. And if it's above a certain score, if it's accumulated too many bad points that email doesn't get delivered, we have a similar system. We have some real fancy stuff that we use ourselves and we use for our clients from Cisco that compares all of these emails that are being delivered worldwide, millions of the members. And learns from it and automatically blocks them for me, which is really great. But if I'm sending you emails, just like if you're on my email list, I'm going to send you an email at least one a week. Usually not more than two, but basically one email a week. It's not only scored on how my email reads the wording, the. But it's also scored on how old is my domain. Have other people reported my emails as spam and how many people have opened that email sites? Google track that. So if you're on Google, if you're using. It will come up and the email come up and Google says, okay, he read the email. Maybe he downloaded the photos. He was very interested in it. But if people are not opening the emails, you start to develop as a person sending an email, a low-risk. Lower and lower in this case, lowers is bad. Then the case of SpamAssassin hires bad. So what'll happen then is your emails will stop getting delivered. You don't want that. I put a lot of work into these emails. I send out every week. I usually have a number of tips, usually six to eight different ones in each email. I don't want that to go to waste. So if people are not opening my email. Then I'm going to automatically remove them after a period of time from my email list, because I don't want to send email to people who aren't going to open it, because if I do that sites like Google and many others are going to stop delivering my emails to everybody else, the people that do want it, just see how that works. So I am reliant on understanding if you open the. How can I tell? I can tell if you clicked on a link and I can also tell if you've downloaded any of the graphics that might be in that. Otherwise, I have to assume you're not opening that email. And if you're not opening that email, I don't want to send it to you because if I send it to you and you don't open it, it's going to slow down or completely stopped the delivery to other people within the. For instance, gmail.com. And this is true for any of the major mail vendors that are out there. And I don't want that to happen. So what I ended up doing, if you have an open them for awhile, I'll send you an email saying, Hey sorry to be bothering you here. But I wanted to make sure that you did want to get these emails or I'm going to automatically remove them. You might've had that from other people before then. The reason those emails are sent out isn't because I'm being snotty about it. It isn't because I'm upset that you subscribed and you haven't been reading the emails. It's because I don't want my email delivery to other people to be damaged because you have no pundit. Even though I do block images from being downloaded on my emails at the top of the email when I open it up and it has a little button that says load images. And if that email is from someone that I care about it, isn't from just some spammer that stole my email address or bought it from somebody else. If it's a legitimate email, I want to see, I click on that load images. So what happens now is the images in that email or downloaded the whoever sent me the email now knows that email was opened up and I don't also get kicked off for their list. Now, a few of you guys have complained about that with me, just not complained as much as said, why are you kicking me off of your email? I told you it's because you haven't been opened that. Oh, but I haven't opened them. You haven't. But if you turn off the load images on emails, then I don't know that you've been reading them and therefore you're going to automatically end up being re removed. When we come back, I want to talk about secure email providers. I'm going to compare some of them. And that came up this week because what was the number one secure email vendor out there? They no longer are. So we'll talk about that. It's all in the news. Visit me online. Craig peterson.com. You use email, everybody uses email, but which providers provide you with security and what do these different types of security actually mean to you? Of frankly? What is security? What is a secure email? There are a number of different secure email providers. And there are multiple ways of defining secure email nowadays. All of the email that I send and receive from my company and I send and receive for our client companies is incorrect. There something called TLS. That is basically it's the same as HDDP S it's you know, that secure VPN that set up. No, I don't want you to get confused with these VPM services. It has nothing to do. But if you go into your web browser and you look up in the URL bar, you'll see a little lock. It's typically on the left side of that bar, you click on it and it will come up and say, the connection is secure. What does that mean? It means that the data that you send from your browser. We'll get to that remote server in a secure fashion will be encrypted. So if it's intercepted the third party, won't be able to decrypt it. Now there's exceptions to this, but we'll just keep it nice and simple. When we're talking about email and the two email servers talking to each other, we're talking about the same sort of thing. If you send an email, you have an email provider. It might be my company, but it's not likely, right? Because we only deal with a certain number of small to medium businesses, but the email goes from you to a server. So let's say you're using Microsoft 365. So your email, as you're sending it to [email protected] that email. Goes from your browser or your email client over to the Microsoft 365 server. Now I understand there's different ways to do it. In fact, we don't do it quite this way. We always go through an intermediate server that we maintain that helps keep things secure, but the email goes over to Microsoft 365. And that first connection is probably a secured connection also by TLS. Now you're sending it to [email protected] That was the two address in your email. So what happens next is it needs to find out who's handling the email for Craig peterson.com. It finds out, and then it says, A again, TLS session and encrypted session over to my email server. That encrypted session is much the same as what you have on your web browser. It is. Very hard, very unlikely that anyone in between can see your email. And then the email ends up on my server, whatever service I'm using for my server. And then it ends up at my client. It might be on my phone. It might be on my desktop. It could be anywhere. And again, that is using another encrypted session. There's different protocols that might be involved. For instance, I map S SMTP maybe there's TLS over SMTP, whatever. We're not going to get into all of those technical details before you guys all leave me because your eyes just glossed over, but there are a lot of ways to have that all encrypted. So just sending an email from your phone to [email protected] means it's going through a minimum. Four machines and each time it gets to one of these machines it's encrypted. That's hopeful, right? I'm going to knock on wood here because in reality, not every one of these points has encryption. Not every email service has that type of encryption, TLS, or other ones. What I want to talk about now is the secure email providers. If you have Microsoft 365 email, you can go to and Microsoft website and send and receive email there. Do your calendar there. You've seen that before. I've used that before, so you can do it all online on the web server. You can also do it on your client on whatever device you have. These secure email providers. I'm going to talk about right now as a rule are using a web front. So what is a secure email? Obviously the first step needs to be the connection from you to the server needs to be encrypted. And if you're using a web based encryption, which again is that HTTPS, which is the TLS nowadays. That is encrypted end to ended choosing public key encryption, the whole RSA patent. And it's just fascinating stuff. It was absolutely amazing what they were able to come up with. I love it. There is also the server itself, which needs to be secured somehow. And then how about the ultimate delivery to the third party? Now we use Cisco again. For our email filters, but that our Cisco server that we have for ourselves here in our very own data center located right here then server also handles emails for some of our other clients. So what happens now is if I want to send a secure email to somebody. Party. So I want to send it to somebody working at the bank or working at the repair shop, whatever it might be. All I have to do is in the subject line, just say secure and the Cisco email, server's going to notice that. And it is then going to send an email off to the recipient saying you need to come to this IP address. And it gives them a link and I, and grab your secure email. So in that way, I know it was delivered to curly because whoever the recipient is had to go to this secure site on this mail server that my company maintains. Okay. So that's another way of doing it. If you don't have the types of equipment that I have here in software that we use for small businesses, then there are still some options. The number one for quite a while has been proton mail, P R O T O N M a I L. And I wrote a big thing about that. You would have got that in my newsletter a few months ago. If you save those things, which you shouldn't do by the way, save them all, just do a search for proton mail in there, and you'll see my detailed explanation of what it is, why you might want to use it. Proton mail is located over in Switzerland. And of course, Swiss has some good privacy laws sodas, the European union, but that was their claim to fame. Hey, we are in Switzerland. We do not do log. We do have self-destructing messages and we have some real neat little features that you can use on your on your device. That's proton mail. It's been very good, but just this month, a Swiss court ordered proton mail to log the attachment. To their service. So now when I say attachments, what I mean is the IP address is the two addresses the, from addresses of any body that's using their service. No, they were specifically looking for this one individual. And so now they are doing some logging. They actually have to change their website. So that's a negative and we'll explain why that's a negative. And we'll talk about a couple of. I of the email services that are out there right now and what you can use, what you might want to use, what the costs are, so that you have a good idea. So stick around because of course we'll be right back. And I want to invite you right now to just take a couple of minutes, go to CraigPeterson.com and subscribe to the newsletter so that you get everything. You'll get my show notes every week. You'll get some of these free trainings I'm in trying to make it so that it's under three minutes to help you understand different concepts and things that are going on. Craig, Peterson.com/subscribe What are the features? These secure email providers are providing, what are the costs? Which ones might you want to consider? We're going to run through the top three right now. What are their features and why would you want to use them? We started talking a little bit about Proton Mail, some of the real basics here, and it is still the kind of 800 pound gorilla when it comes to secure email, finally they had to capitulate to the Swiss court because they are located in Switzerland. So just goes to show that even being Swiss doesn't mean that it is. Completely secured, then there's a difference too. I want to point out between having a government issue, a subpoena and a court order to have your information revealed. There's a big difference between that and a hacker who's trying to hack you and get into your life. So I think most of us understand that we need to be secure in our documents. We need to have that privacy is guaranteed to us from the constitution, but we also need to have one more level of security, which is okay. How. The hackers. So having a hack free life means you there's a lot of things that you have to be concerned about, email being one of them. So I'm not too worried about Proton Mail and the fact that they had a court order to. Provide IP addresses for a specific group of people. And it was a very small group and I can see that. I can agree with that. Proton Mail does have a free version. That's the one I have because I want to try it out. And it has a 500 megabytes of free. The storage, you can get up to 20 gigabytes and Proton Mail starts at $4 a month. It has end-to-end encryption, which is really important. Again, it means from you all the way to the recipient, all three of these that I'm going to talk about have end-to-end encryption. They also all have. Two-factor authentication. Remember when we're talking about two factor authentication, a lot of places try to pass off this thing where they send you a text message with a number in it. They try and pass that off as two factor authentication. Yeah, it is a type of two factor authentication, but it's not a. If you're already doing something like maybe you've got cryptocurrency, you are potentially not only under attack, but I'm very hackable. If you're using a text message in order to verify who you are. So that's an important thing to remember. Proton Mail has self-destructing messages, which is a very big thing, very positive. It tends to be expensive. Proton Mail being the 800 pound gorilla kinda dictates what kind of price they want to charge and they are on the more expensive. Side the web client is a little bit on the outdated side. It does not support pop three, which I doubt is an issue for any of you guys out there because nowadays the modern email clients aren't using. Anyways, any more now Proton Mail has PGP support. I use PGP, I have a built into my Mac mail and it allows me to send and receive and do end encrypted messages. And that's... /episode/index/show/cptt/id/20518736

Do You Know How to Identify a Fake Web Page? - Whole Show 09/10/2021

Do You Know How to Identify a Fake Web Page? - Whole Show Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post that they put up is fantastic and you'll see it in my newsletter this week. Make sure you get that. [00:00:45] Have you ever come across a website that didn't look quite right if you haven't, you haven't been on the internet very much because whether you're an individual at home or you are in a business environment, we are likely going to end up on websites that are not legitimate. Sometimes we'll see these things, that company logo might be wrong. There's not enough information on the page. You've been there before and this looks down page. The odds are that you were on a hack site, a site that's trying to get you to do something most of the time when you end up on these sites, they're trying to get you to put in your username and password. [00:01:31] Already that the bad guys have stolen your username and password from so many websites out there. So why would they try and do it this way? It's because if they're pretending to be your bank and you try and log in, They know this as your bank account, and many times they immediately try and get into your bank account or your phone account, whatever it might be. [00:01:56] This is a very long-standing tactic that's relied on by hackers everywhere. Usually it's a knockoff of a real page. They'll take it and they will recreate it. Then it's easy to do if you're in a web browser right now, when you go to your bank's website. You can just go to file, save as, and go ahead and save the entire webpage and you'll get everything. [00:02:23] You'll get all of the links that are on there. All of the graphics that are there, it'll pull it in for you all automatically. And that's all they do. That's what they use. Just a copy. How do they get in front of you in the first place? Typically the hackers will go ahead and send a phishing email. [00:02:43] They'll make the email sound legitimate. They'll make it look legitimate. They'll often even use a URL that looks a lot like it. B the real banks email. I've seen it before where the URL is bank of america.safe site.com. That sort of a thing. I'm not blaming safe site. They could be a great company. [00:03:04] I don't know. I just made it up as we're going, but that type of a URL where it's not really bank of america.com or it's a misspelling of bank of America, that's the sort of thing that gets to be pretty darn common and. Clicking on that link and then submitting your information. It hasn't been leading to credit card fraud, data extraction, wire transfers, identity theft, and a whole lot more. [00:03:34] Now with the COVID relief, that's been out there. All of these things from filing for unemployment claims through filing for PPP protection as a business, the whole. Industry has changed. I'm talking about the hacker industry here, because there are so many people who are falling for these scams and ransomware as well has gone up over 300%. [00:04:08] It's just absolutely amazing. Now, if you go online and you duck, duck, go. Fake login pages. And for those of you who don't know what I mean by that duck go is the search engine I've been recommending lately. It is a search engine that doesn't take politics into play like Google does. And it also does not track you. [00:04:31] And what you're looking at it is ad based. It gets its revenue from advertisement, but it's not selling your information just on the basic search. That you're doing. I think it's a very good alternative, but if you go ahead and your search for fake login pages, you're going to find thousands of guides on how to create websites. [00:04:53] And these bad guys can create these websites in absolutely no time at all. It just a minute or two in order to make one of them. Now it can be difficult nowadays to figure out if it's a fake site, because the, again, the hackers are constantly updating their techniques to be more sophisticated. So it's made it more difficult for consumers to really recognize when something's fraudulent. [00:05:22] Now I want to get it into a psychological term. In attentional, blindness. You've probably heard of this. I remember this from, I think it was college days for me, so a very long time ago, but there's a study that was done on inattentional blindness called the invisible gorilla test. If you go right now online and just search for invisible gorilla test, you'll see a bunch of these coming. [00:05:52] No, there's even a book called that the invisible gorilla test that came out about 11 years ago, 12 years ago, I think. But here's the bottom line on this? They tell you to do something in this study. What they did here is there's a video. People there's six people, three of them are dressed with white shirts and three of them have black shirts and they're passing basketballs back and forth. [00:06:20] The white shirts are only passing to the white shirts and the black shirts under the black shirts. And what they ask you to do is count the number of times the team in white past. Now, you're sitting there watching, knowing they're going to try and fool you, you're paying a whole lot of attention to it. [00:06:40] And then at the end, they ask you a question that may be not expecting the video. I just watched on this, that was called the monkey business. Illusion is the name of this. I counted and I counted carefully and I came up with 16 passes. So the monkey business, illusion, 16 times the people in the white shirts passed the basketball back and forth. [00:07:06] So I got that. But then they said did you notice the person in the gorilla costs? Who walked through the game. He didn't just walk through the game, walked in, beat on this chest and then walked out of the game. If you didn't know about this and okay. In chorus, all honesty, I always try and put everything upfront here. [00:07:29] I knew about it beforehand. I remember from college days. But eight, most people actually about 50% of people who did not know, there is a gorilla in the middle of this. Would not have noticed the gorilla walking through the game, but this monkey business illusion video, there's something else too. [00:07:52] And I've got to admit, I did not notice that. And that is the curtain color change. From red to gold, this curtain that was in the background of all of these players. And I didn't notice one other thing. I'm not going to tell you what that is. You'll have to watch the video of yourself too, to figure that out again, just go online and search for the monkey business illusion. [00:08:19] And I think you'll find it. So the reason I brought this up is because if you come across a well forged login page and you're not actively looking for signs of fraud, you're fairly likely to miss a cybercriminals gorilla. You're likely to miss that the logo's not quite right, or the placement isn't the same as I'm used to. [00:08:45] Because you're focused in, on doing what you're supposed to be doing. It's the whole concept as well of have tunnel vision. And I'm sure you're aware of that. We've all had that before, where we're really focused on this one little thing and we don't notice everything else going on. It particularly happens in high stress times. [00:09:08] So how do you steer clear of the fake login pages? We're going to talk about that when we get. But it's absolutely crucial for everyone, even if you've had phishing training and you are trying to be cautious, you could fall for this invisible gorilla and enter in your personal details, not something that you really want. [00:09:36] Hopefully you guys got my newsletter last weekend. I got a lot of comments on it. People are saving. In fact, that's the first thing I said in this email last week is don't lose this because it went through point by point on about 10 different things that you should be doing too. Yourself and your business safe during the holidays. [00:10:03] Now, of course we had labor day coming up. We're going to have more holidays, right? There's always more holidays in the future and less it's after the first of the year, then you got to wait a long time. Make sure you get it, make sure you dig it out. If he didn't notice it just search for [email protected] [00:10:23] That's where the email comes from and have a look at that. I have links on how to do all of those things. It's very important. FBI warning out just last week. [00:10:33] I just told you about one of the biggest problems we are facing right now, when it comes to hackers and then has to do with fishing and going to fake login pages. Now I'm going to tell you exactly what to do. [00:10:47] How do you steer clear of these fake log-in pages and how do you protect yourself in case you accidentally do provide the bad guys with the information that you shouldn't have? [00:11:01] If they've got your email address or your login name and they have your password, it's pretty easy for them to log in. In most cases right into your bank account. So first of all, don't fall for phishing, but as we just described because of this whole inattentional blindness that we have, it's easy enough to fall, pray for this. [00:11:28] Beat yourself up too bad if you followed, if you fell for some of that stuff, but there is a great little website the Google has that you might want to check out. And that website gives you a real quick quiz, is the best way to. And it shows you some emails and you get to determine whether or not you think it's fishing and then it tells you what the reality of it is. [00:11:59] So go to fishing quiz. Dot with google.com. If you miss that, you can always email me M [email protected] and I'll send it off to, but phishing quiz dot with google.com. And of course, phishing is spelled P H I S H I N G fishing. Dot with google.com. So you can go there and right there on the screen, it says, take the quiz. [00:12:30] You can hit it and make up a name and an email address. So it doesn't have to be your real name or your real email address. Okay. It's not going to send you anything. It's not going to sign you up for stuff. It just wants to use it in. Phishing email examples. That's going to give you, so I put in a fake name and a fake email address and it is showing me an email. [00:13:00] So to me, from a Luke, John. And it says Luke Johnson shared a link to the following document, Tony 21 budget department dot doc. So if I click on that, I have now told them, Hey, I'm open to all that sort of stuff. It's so anyways, it's got the link and it's got the opening docs and you now up above say, is this phishing or is it. [00:13:27] Legitimate. Okay. So if we say fishing that says, correct, this is a phishing email. You might have spotted the look alike, you are out. And that is indeed exactly what it is cause it it wasn't legitimate. And remember when you mouse over a link, you can see down at the bottom. The URL that is going to open up for you. [00:13:51] So you can just go through this at your own speed at your own pace and figure it out again. If you didn't get that, you can always email me M E ed Craig peterson.com. And I'll be glad to get back to you. So that's a good way to learn about fishing. I want to con really warn, I should say businesses. If you are sending out phishing emails to your employees to see if they are opening fake phishing emails or not. [00:14:23] That's an okay. Practice. The problems really come in with the companies that are sending out phishing emails and are then following up in such a way that employee is punished in some places they are being punished by if you've opened three fake emails over the last year or whatever it might be. [00:14:47] But over the last year, you're. It's that bad. So we have to be careful. You're not going to increase the confidence of your employees by doing that. And what's, you're actually going to end up doing is slowing down the productivity of your employees. Because now they're going to be really worried about opening, any emails that look like they might be legitimate. [00:15:14] And so your business is going to slow right down. So having some more training about it. Okay. I can see that everyone makes mistakes and we've got to remember that as well, but watch free, man. But we really are trying to get you to move quickly, act fast, or I need this answer right away. Or one of the big ones is we've got this vendor and in fact, I'll, let me give you a real world example. [00:15:41] It's a manufacturing company and of course they. To buy product from vendors, as supplier. And then they use that product or whether it's copper or whatever it might be now to put it all together to make their products. And this one person, this one, hacker a lady again in Eastern Europe, she went and found out about this company. [00:16:08] Okay, great. Found on their website, who the CEO was, who the CFO was. Okay, great. And was able to find the CEO online on Facebook and on his Facebook account, he said, yeah, we're going to The Bahamas. Rear-ending a sailboat. We're going to be out there, the whole family for two weeks. This is going to be fantastic disconnected. [00:16:37] So she found all of that. Now what she had to do was she found out who it was. The CEO, what school he went to. So first she had to get around the restrictions. Cause he had said, don't share my posts with anyone other than friend. So she sent him a message because she found his LinkedIn profile. You see how easy this is to do. [00:16:59] She found his LinkedIn profile and that he went to Harvard and got his MBA. So she sent him. A little note saying, Hey, remember me Janie from X, Y, Z class at Harvard, and want to be friends catch up a little bit. And then he doesn't remember who she is, but the picture looks cute enough. I might as well say yes. [00:17:21] And now she had his contact information over on LinkedIn, send him a friend request over on Facebook as well. That's how she found out he was going to be gone for two weeks. And so now she knows when he's gone. And where he's going to be completely out of touch. So once he's gone about two or three days later, she sent an email off to the CFO inside the company and said, Hey. [00:17:49] We've got this new vendor they've been providing us with product for the last three months. We haven't paid them at all yet. I need you to wire. It was a little more than $40 million because she'd done her homework. She knew how much money the company made, what their expenses probably were. I need you to wire $40 million to this account, or they're going to stop. [00:18:17] All shipments to us. And instead of the CFO doing a little bit more homework into it and digging in and finding out because talking to the people in receiving that we've never received anything from that company. I don't know what you're talking about. And then talking with the guy on the manufacturing floor, the CFO didn't do any of that, just okay. This looks legit. And by the way, it is so easy for these hackers to also gain access to personal email accounts. And we're not going to spend time going into that right now. So he wired. Yes indeed. So there's an example of falling for fishing. A little bit of follow up on the part of the CFO would have shown him that this was not legitimate. [00:19:07] Even over on Shark Tank. Barbara Cochran. She fell prey to this, actually it was her assistant and who wired some $400,000 to a vendor that wasn't real. Now the good news is the assistant copied Barbara who saw the email right away and said, whoa, wait a minute. They called the bank and they put a stop on it.. [00:19:34] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next step. [00:19:50] The next thing to look for when it comes to the emails and these fake login pages is a spelling mistake or grammatical errors. [00:20:02] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. That's why I use Grammarly. [00:20:21] If you have to ever write anything or which includes anything from an email or a document you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, to the hackers out there, but the hackers will often use a URL that is very close to it. [00:20:45] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be amazon-aws.com or a TD bank-account.com. Something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well. [00:21:19] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website. [00:21:41] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security numbers. So I can validate the someone broke into your account. No, they don't. They don't just call you up like that nowadays. They'll send you a message in their app. [00:21:56] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as it not what's in the email. [00:22:33] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link. [00:22:58] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have opened them in awhile, and then I will drop you off the list. [00:23:28] Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to [email protected] and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track. [00:23:51] Who responded to me. And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know... /episode/index/show/cptt/id/20437850

You Need to Start Using Burner Identities ASAP 08/28/2021

You Need to Start Using Burner Identities ASAP You Need to Start Using Burner Identities ASAP! In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business email compromises. It's really crazy. That's what we're going to talk about. [Automated transcript] An essential part of keeping ourselves safe in this day and age is to confuse the hackers. The hackers are out there. They're trying to do some things. Ransomware, for instance, like[00:00:30] business email compromise, is one of the most significant crimes times out there today. It hits the news legitimately. It's terrifying. It can really destroy your business, and it can hurt you badly. If you're an individual, you don't want ransomware. How about those emails that come in? In fact, I just got an email from a listener this week, and they got a phone. His wife answered, and it was [00:01:00] Amazon on the phone, and Amazon said, Hey, listen, your account's been hacked. We need to clear it up so that your identity doesn't get stolen. And there's a fee for this. It's a $500 fee. And what you have to do is just go to amazon.com. Buy a gift card, and we'll then take that gift card number from you. And we'll use that as the fee to help recover your stolen information. [00:01:30] So she went ahead and did it, and she went ahead and did all of the things that the hackers wanted. And now they had a gift card. Thank you very much. We'll follow up on this and. Now she told her husband, and of course, this isn't a sex-specific thing, right? It could have happened to either one. My dad fell for one of these scams as well. So she told her husband, or her husband looked at what had happened and [00:02:00] said, oh my gosh, Don't think this is right. Let me tell you, first of all, Amazon, your bank, various credit card companies are not going to call you on the phone. They'll send you a message right from their app, which is usually how I get notified about something. Or they will send an email to the registered email app. No, that you set up on that account. So that [00:02:30] email address then is used by them to contact you, pretty simple. Or they might send you a text message. If you've registered a phone for notifications, that's how they contact you. It's like the IRS. I was at a trade show, and I was on the floor. We were exempt. And I got no less than six phone calls from a lady claiming to be from the IRS, and I needed to [00:03:00] pay right away. And if I didn't pay right away, they were going to seize everything. And so all I had to do was. Buy a gift card, a visa gift card, give her the number and use that to pay the taxes. And this lady had an American accent to one that you would recognize. I'm sure. And it's not something that they do now. They do send emails, as I [00:03:30] said. So the part of the problem with sending emails is it really them? Are they sending a legitimate email to a legitimate email address? Always a good question. Yeah. Here's the answer. Yeah, they'll do that. But how do you know that it isn't a hacker sending you the email? It can get pretty complicated. Looking into the email headers, trying to track. Where did this come from? Which email servers did it go through? [00:04:00] Was it authenticated? Did we accept? Did the provider use proper records in their DNS, the SPIF, et cetera, to ensure that it's legitimate? How do you follow up on that? That's what we do for our clients. And it gets pretty complicated looking at DKMS and everything else to verify that it was legitimate, ensuring that the email came from a registered MX server from the actual [00:04:30] server. There is a way around this. And this has to do with the identities, having these fake burner identities. I've been doing this for decades myself, but now it's easy enough for anybody to be able to do it. There are some services out. And one of the more recommended ones. And this is even the New York times; they have an article about this. They [00:05:00] prefer something called simple login. You can find them online. You can go to simple login dot I O. To get started now, it's pretty darn cool. Cause they're using what's called open-source software, it's software. So can anybody examine to figure out this is legitimate or not? And of course, it is fair, but it's all out there for the whole world to see. And that means it's less likely in some ways to be hacked. There are people who [00:05:30] argue that having open-source software means even more. In some ways, you are, but in most ways, you're not; anyway, it doesn't matter. Simple login.io. Now, why would you consider doing this? Something like simple login? Simple login is friendly because it allows you to create dozens and dozens of different email addresses. And the idea is with a simple login, it will [00:06:00] forward the email to you at your actual email address. So let's say you're doing some online shopping. So you can go ahead and set up an email address for, whatever it is, shopping company.com that you're going to use a shopping company.com. So you'd go there. You put into simple login "I want to create a new identity," and you tag what it's for. You then go to some shopping company.com and [00:06:30] use the email address generated for you by simple login. Now you're a simple login account. Is it going to be tied into your real email account, wherever that might be if you're using proton mail, which is a very secure email system, or if using outlook or heaven forbid Gmail or one of these others, the email will be forwarded to you. You will be able to see that indeed, that [00:07:00] email was sent to you. So shopping company.com email address or your bank of America, email address, et cetera, et cetera, that makes it much easier for you to be able to tell, was this a legitimate email? So, in other words, if your bank's really trying to get ahold of you, and they're going to send you an email, they're going to send you an email to an address that you use exclusively. For bank of America. In reality, you only have the one email [00:07:30] box over there wherever proton, mail, outlook, Gmail, your business Excel. You only have that one box you have to look at, but the email is sent to simple login. Does that make sense? You guys, so you can create these alias email boxes. It will go ahead and forward. Any emails sent to them, to you, and you'll be able to tell if this was indeed from the company, because [00:08:00] that's the only place that you use that email address. That makes it simple, but you don't have to maintain dozens or hundreds of email accounts. You only have one email account. And by the way, you can respond to the email using that unique aliased email address you created for the shopping company or bank of America or TD or whomever. It might be, you can send from that address as well. [00:08:30] So check it out online, simple login dot IO. I really liked this idea. It has been used by a lot of people over, out there. Now here's one other thing that it does for you, and this is important as well. Not using the same email address. Everywhere means that when the hackers get your email address from shopping company.com or wherever, pets.com, you name it. [00:09:00] They can not take that and put it together with other information and use that for business, email compromise. Does that make sense? It's it makes it pretty simple, pretty straightforward. Don't get caught in the whole business email compromise thing. It can really hurt. And it has; it's one of the worst things out there right now, dollar for dollar, it's right up there. It, by the way, is one of the ways they get ransomware into your [00:09:30] systems. So be very careful about that. Always use a different email address for every Website you sign up for. Oh, and they do have paid plans like a $30 a year plan over at simple IO will get you unlimited aliases, unlimited mailboxes, even your own domain name. So it makes it pretty simple, pretty handy. There are other things you might want to do, for instance, use virtual credit cards. [00:10:00] And we'll talk about those a little bit. As well, because I think this is very important. But, hey, I want to remind everybody that I have started putting together some pieces of training. You're going to get a little training at least once a week, and we're going to put all of that into it. What we have been calling our newsletter. I think we might change the name of it a little bit, but you'll be getting those every week. And the only way to get those is to be on [00:10:30] that email list. Go to Craig peterson.com/subscribe. Please do that right now. I am not going to harass you. I'm not going to be one of those. And I've never been one of those internet marketers that sending you multiple dozens of emails a day. But I do want to keep you up to date. So stick around; we will be back here in just a couple of minutes. And, of course, you're listening to Craig Peter's son. [00:11:00] And again, the Website, Craig peterson.com. Stick around. Cause we'll be right back. One of the best ways to preserve your security online is by using what we're calling burner identities, something that I've been doing for more than 30 years. We're going to talk more about how to do that right now. You can do some things [00:11:30] to help keep yourself and your identity safe online. We've talked about email and how important that is. I want to talk now about fake identities. Now, a lot of people get worried about it. It sounds like it might be sketchy, but it is not to use fake identities to confuse the hackers to make it. So they really can't do the [00:12:00] things that they. To do, they can't send you fishing ear emails, particularly spear-phishing emails. That'll catch you off guard because you're using a fake. How do you do that? I mentioned to you before that I have thousands of fake identities that I created using census data. And I'm going to tell you how you can do it as well. There's a website out there called fake [00:12:30] name a generator. You'll find it [email protected] I'm on that page right now. And I'm looking at a randomly generated identity. It has the option right on this page to specify the sex. And it says random by default, the name set, I chose American the country United States. So it is applying both American [00:13:00] and Hispanic names to this creation. And now remember it's creating based on census data and some other public data. But, still, it is not giving you one identity of any real people. So I think that's important to remember, and you're not going to use these identities for illegal purposes. And that includes, obviously, when you set up a bank account, you have to use your real [00:13:30] name. However, you don't have to use yours. If you have an actual email address, you can use things like simple login that will forward the email to you, but we'll let you know who was sent to. And if you only use that one email address for the bank, you know that it came from the bank or the email address was stolen from the bank. All of that stuff. We've talked about that already. So, in this case, The name that has come up with [00:14:00] for me is Maurice de St. George in Jacksonville, Florida even gives an address. In this case it's 36 54 Willis avenue in Jacksonville, Florida. So if I go right now two, I'm going to use Google maps, and I will put in that address. Here we go. Jacksonville willows avenue, all the guests. What? There is Willis avenue in Jacksonville [00:14:30], and it showing hoes oh, from Google street view. Let me pull that up even bigger. And there it is. So ta-da, it looks like it gave me. Fairly real address. Now the address it provided me was 36 54, which does not exist. There is a 365, but anyway, so it is a fake street address. So that's good to know some, if [00:15:00] I were to use this, I'm going to get mine. Am I male saying about I pass. Maurissa tells you what Maurice means, which is neat. It'll give you a mother's maiden name. Gremillion is what gave me here a social security number. So it creates one that passes what's called a checksum test so that if you put it into a computer system, it's going to do a real quick check and say, yeah, it looks good to me. So it was not just the right [00:15:30] number of digits. It also passes the check, some tasks. Well-known how to do a checksum on their social security numbers. So again, it's no big deal. And remember, you're not going to use this to defraud anyone. You're going to use this for websites that don't really need to know; give me a break. Why do you need all this information? It gives me a phone number with the right area code. And so I'm going to go ahead and look up this phone number right now. Remember, use duck go. Some [00:16:00] people will use Google search, and it says the phone number gave me is a robocall. As I slide down, there's some complaints on that. So there you go. So they giving us a phone number that is not a real person's phone number, country code, of course one, cause I said United state birth date. Oh, I was born October 7th, year, 2000. I'm 20 years old. And that means I'm a Libra. Hey, look at all this stuff. So it's giving me an [00:16:30] email address, which is a real email address that you can click to activate or right there. Again, I mentioned the simple login.io earlier, but you can do a right here, and it's got a username and created for me a password, which is actually a pretty deal. Password. It's a random one, a website for me, my browser user agent, a MasterCard, a fake MasterCard number with an expiration and a [00:17:00] CVC to code all of this stuff. My height is five-six on kind of short. My weight is 186 pounds own negative blood type ups tracking number Western union number MoneyGram number. My favorite color is blue, and I drive a 2004 Kia Sorento, and it also has a unique ID. And you can use that wherever you want. So the reason I brought this up again, it's called [00:17:30] fake name generator.com is when you are going to a website where there is no legal responsibility for you to tell them the truth. You can use this. And so I've used it all over the place. For instance, get hub where you have it's a site that allows you to have software projects as you're developing software. So you can put stuff in, get hub. They don't know to know, need to [00:18:00] know who I really am. Now they have a credit card number for me. Because I'm on a paid plan. I pay every month, but guess what? It isn't my real credit card number. It isn't the number that I got from fake name generator. My credit card company allows me to generate either a single use credit card numbers, or in this case, a credit card number for get hub dock. So just as an example, that's how I use it. So we've get hub gets hacked, the [00:18:30] hackers, have an email address and a name that tipped me off right away, where this is coming from. And if the email didn't come from GitHub by no, they either sold my information to a marketing company, or this is a hacker. Trying to manipulate me through some form of his fishing scheme. So I know you guys are the breasts and best and brightest. A lot of you understand what I'm talking about, and I'm talking about how you [00:19:00] can create a burner identity. And let me tell you, it is more important today to create a burner identity. Than it has ever been at any point in the past, because frankly, burner identities are one of the ways that you can really mess up some of the marketing firms out there that are trying to put the information together, these data aggregator companies, and also the hackers. And it's really the hackers that [00:19:30] were off up against here. And we're trying to prevent them from. Getting all of this information. So when we come back, I want to talk about the next step, which is which credit cards can you get? These single use card numbers from? Should you consider using PayPal when my Google voice be a really good alternative for you? So we're going to get into all that stuff. Stick around in the [00:20:00] meantime, make sure you go to Craig peterson.com/subscribe. Get my newsletter. All of this. Is in there. It makes it simple. It's a simple thing to do. Craig Peterson.com. And if you have any questions, just email me, M [email protected] Having your credit card stolen can be a real problem for any one of us. It gives the bad [00:20:30] guys, a lot of options to spend a lot of money very quickly. We're going to talk right now about virtual credit cards. What are they, what does it mean? Virtual credit cards come in two basic forms. One is a single use credit card, which was quite popular back when these things first came out, and another one is a virtual credit card that has either a specific life. In other words, it's only good for 30 days [00:21:00] or that can be used until you cancel it. If you have a credit card, a visa, MasterCard, American express, discover all of the major card issuers will give you the ability to reverse any charges that might come onto your cards. If your card is stolen or misused. Now that makes it quite easy. Doesn't it? I want to point out that if you're using [00:21:30] a debit card, as opposed to a credit card, there's not much challenging you can do with the credit card. You can say, I am not going to make my payment. And because of this, that, and the other thing, this was stolen, et cetera, they can file it as a disputed charge. They can do an investigation to find out. Yeah. I'm you probably were not at a bus terminal down in Mexico City, which happened to me. Because I was up [00:22:00] here in New Hampshire, quite a ways down to Mexico City. And so they just reversed it out. That money never came out of my bank account because it was on a credit card. If I were using a debit card. That money would have come right out of my account. Now, mind you, a bus ticket in Mexico city is not very expensive, but many people have had charges of many thousands of dollars. And if you need that money in your checking account, [00:22:30] and you're using a debit card, you got a problem because your check for if you ever have to pay rent again, red check is going to. Bound because they just empty it out to your bank account. So now you have to fight with the bank, get the money back. They will eventually refund it, but it could make some of you. Transactions that you might've written a check or something, it'll make them bounce. And that could be a real problem. These, it could make them [00:23:00] bounce. So using a credit card is typically less of a hassle online. So why would you want to use a virtual card or also known as is a master credit card masked and may S K E D? The main reason behind this is to allow you. Control payment. I've used them. In fact, I use them exclusively on every Website [00:23:30] online. And I'm going to tell you the names of some of them here in just a couple of minutes, but I use them all the time. And part of the reason is let's say, I want to cancel. A service. Have you ever tried to cancel a service before and you have to call them many times, and so you're arguing with somebody overseas somewhere who doesn't want you to close the account. And of course, Bump you up to the next level person who also doesn't want you to close the account. And [00:24:00] so you have to fuss. Have you ever had that experience and I'm sure you have. It just happens all the time. So with using the virtual credit card, the advantage to me is, Hey, if you are going to try and fight with me, I don't care because I'm just going to cancel that credit card number. So I don't have to cancel my credit card. I don't have to have the company reissue credit card for me. I don't have to do any of this sort of thing that [00:24:30] makes my life pretty easy. Doesn't it? And because of that, I am now I think in a much better. Place, because it just,... /episode/index/show/cptt/id/20289341

Apple is Adding Tech to Look At Your Photos For Child Abuse 08/21/2021

Apple is Adding Tech to Look At Your Photos For Child Abuse Apple is Adding Tech to Look At Your Photos For Child Abuse This is a tough one. Apple has decided that it will build into the next release of the iPhone and iPad operating systems, which monitors for child porn. [Automated transcript] Apple has now explained that they will be looking for child abuse images in specific ones. And I just am so uncomfortable talking about this, but the whole idea behind it is something we need to discuss. Apple said they're going to start scanning for these images and confirmed the plan. In fact, when people said, are you sure you're going to be doing that? [00:00:44] Here's what. IOS 15, which is the next major release of Apple's operating system for I-phones. And for I pad is going to use a tie to something called the national center for missing and exploited children. And the idea behind this is to help stop some of this child abuse. And some people traffic in children; it's just unimaginable. [00:01:14] What happens out there really is some people. It's just such evil. I, I just don't get it. Here's what they're going to be doing. There are ways of taking checksums of pictures and videos so that if there is a minor change in something that might occur because it was copied, it does not mess it up. [00:01:40] It still can give the valid checksum and. Iman, that technology is detailed, but basically, just think of it as a checksum. So if you have a credit card number, there is a checksum digit on that bank accounts have checked some digits. If you mess it up a little bit, okay, it's an invalid checksum, so that number's obviously wrong in this case. [00:02:04] What we're talking about is a checksum of a pitcher or oven. And these various child safety organizations have pictures of children who are abused or who are being abused, who are being exploited. And they have these checksums, which are also called hashes. So that is now going to be stored on your iOS device. [00:02:34] And yes, it's going to take some space on the device. I don't think it's going to take an enormous amount of space, considering how much space is on most of our iPhones and iPads that are out there. Apple gave this detection system is called CSam, an absolute thorough technical summary. It is available online, and I've got a to this article in this week's newsletter, but they released this just this month, August of 2021. [00:03:07] And they're saying that they're using a threshold, that is. Quote set to provide an extremely high level of accuracy and ensures the less than one in 1 trillion chance per year of incorrectly flagging a given account. So now I can say with some certainty in having had a basic look through some of the CSM detection documentation that they're probably right about that, that the odds are excellent. [00:03:40] Small that someone that might have a picture of their kids in a bathtub, the odds are almost so close to zero. It is zero that it will be flagged as some sort of child abuse because it's not looking at the content of the picture. It's not saying that this picture maybe a picture of child exploitation or a video of her child being exploited. [00:04:02] If it has not been seen before by the national center for missing exploited. It will not be flagged. So I don't want you guys to get worried that a picture at the beach of your little boy running around and just boxer trunks, but a lot of skin showing is going to get flagged. It's not going to happen. [00:04:25] However, a pitcher that is known to this national center for missing and exploited children is, in fact, going to be flagged, and your account will be flagged. Now it's hard to say precisely what they're going to do. I haven't seen anything about it, of the apples. Only say. That that they're going to deploy software. [00:04:51] That will analyze images in the messages application for a new system that will warn children and their parents from receiving or sending sexually explicit photos. So that's different. And that is where again, a child, you put parental settings on their iPhone. If they're taking these. Pictures, selfies, et cetera. [00:05:14] Girls sending it to a boyfriend, sending it to his girlfriend, whatever it might be. The parents will be warned, as are the children looking for things that might be of sexual content. Okay. It really is. It's really concerning. Now let's move on to the part that I'm concerned about. I think everyone can agree that both of those features are something good that will ultimately be very good, but here's a quote. [00:05:41] Apple is replacing its industry-standard end-to-end encrypted messaging system with an infrastructure for surveillance and censorship. Now, I should say this guy who's co-director for the center for democracy and technology security and surveillance product project. He's Greg, no, him, no Chaim, is saying this. He said Apple should abandon these changes and restore its users, faith in the security and integrity of apple devices and services. [00:06:15] And this is from an article over a tech. So this is now where we're getting. Because what are they doing? How far are they going? Are they going to break the end encryption in something like I messages? I don't think they are going to break it there. So they're not setting up, necessarily, an infrastructure for surveillance and censorship. But, still, Apple has been called on, as has every other manufacturer of the software. [00:06:45] I remember during the Clinton administration, this whole thing with eclipse. The federal government was going to require anyone who had any sort of security to use this chip developed by the federal government. And it turns out, of course, the NSA had a huge backdoor in it, and it was a real problem. [00:07:04] Look at Jupiter. That was another encryption chip, and it was being used by Saddam Hussein and his family to communicate. And it turns out, yeah, there's a back door there too. This was a British project and chip that was being used. So with apple, having resisted pressure. To break into phones by the US government. [00:07:28] But some of these other governments worldwide that have been very nasty have been spying on their citizens who torture people who don't do what apple are not happy, what the government wants them to do been trying to pressure Apple into revealing this. So now I have to say, I have been very disappointed in all of these major companies, including Apple. When it comes to China, they're just drooling at the opportunity to be there. [00:07:57] Apple does sell stuff there. All of these companies do. Yeah, Google moves their artificial intelligence lab to China, which just, I cannot believe they would do something like that. AI machine learning, those or technologies that will give the United States a real leg up technology-wise to our competitors worldwide. [00:08:18] They move to China, but they have complied with this great firewall of China thing where the Chinese people are being censored. They're being monitored. What's going to happen now because they've had pressure from these governments worldwide to install back doors in the encryption systems. [00:08:39] And apple said, no, we can't do that because that's going to undermine the security for all users, which is absolutely true. For example, if there is a door with a lock, eventually, that lock will get picked. And in this case, if there's a key, if there's a backdoor of some sort, the bad guys are going to fight. So now Apple has been praised by security experts for saying, Hey, listen, we don't want to undermine security for everybody, but this plan to do ploy, some software that uses the capabilities of your iPhone to scan. [00:09:16] Your pictures, your photos, videos that you're sharing with other people and sharing selected results with the authorities. Apple is really close to coming across that line to going across it. Apple is dangerously close to acting as a tool for government surveillance. And that's what John Hopkins university cryptography professor Matthew Greene said. [00:09:47] This is really a key ingredient to adding surveillance to encrypted messages. This is again, according to our professor over John Hopkins, green professor green, he's saying that would be a key in Greece and then adding surveillance, encrypted messaging, the ability to add scanning systems like this to end encrypted messaging systems has been a major ask by law enforcement, the world. [00:10:15] So they have it for detecting stuff about missing and exploited children. That's totally wonderful. And I'm okay with that. No problem. But that now means that Apple's platform can add other types of scanning. All right. We'll see what ends up happening next, which is warning children and their parents about sexually explicit photos is also a bit of a problem here. [00:10:47] Apples. Yeah, on this is messages uses on-device machine learning to analyze image attachments and determine if a photo is sexually explicit. The feature is designed so that Apple does not get access to the messages it's saying. If it detects it, they're going to blur the photo. The child will be warned, presented with helpful resources, and reassured it is okay if they do not want to view them. [00:11:17] And the system will let parents get a message. If children view a flagged photo, similar protections are available for child attempts to send sexually explicit images. Interesting. Isn't it. Interesting world. So I think what they're doing now is, okay, they're really close to that line, going over. [00:11:39] It could mean the loss of lives in many countries that totally abuse their citizens or subjects, depending on how they look at them. Hey, make sure you check me out online. Craig Peterson.com. /episode/index/show/cptt/id/20214761

The IRS Has Been Selling Bitcoin - Pay Up! 08/20/2021

The IRS Has Been Selling Bitcoin - Pay Up! The IRS Has Been Selling Bitcoin - Pay Up! Bitcoin is all the rage. In fact, many people have considered investing in these cryptocurrencies or something. Of course, many have invested in it. I played around with them about a decade ago, and the IRS seized 1.2 billion worth of it. [Automated transcript] You might remember, we talked years ago about the IRS trying to tax things in the virtual world. So if you were in one of these real-life-type things and you owned property, as it were inside this virtual world, they wanted to tax it. So, of course, if you sold something with real hard money and. You sold it inside that real world with real hard cash, you would end up having to pay taxes. [00:00:43] Just if you sold a hammer to someone, that's the way it works. A lot of people have decided that, for some reason, cryptocurrency is entirely untracked. Now we know about cases. I've talked about them here where some of these coins, in this particular case, are talking about Bitcoin or have been used online. [00:01:11] And in fact, the government has found out who was using it and really stepped in, in a big way. Silk Road is the most significant example. This was an online black market for everything you can think of, from illegal drugs to firearms, to all kinds of illicit commodities for sale online. [00:01:36] Back in 2013, they used Bitcoin to buy and sell things in this free trade zone. I think they called themselves, and Silk Road was just thriving. But then, on comes the federal government and federal agents in the United States really cut their teeth in crypto search and seizure. With taking down the silk road, you might remember this was very unprecedented. [00:02:06] People had no idea. What they could do. How could the federal government monitor this? Can I buy and sell these Bitcoins? All of that sort of thing. And 20 years as the chief of money laundering and asset forfeiture. Yeah, us attorney's office for the Southern District of New York. Sharon Levin said that this whole takedown or silk road was utterly unprecedented, and it was new technology. [00:02:37] What do you do well because of people. Here cryptocurrency and crypto, of course, being short for cryptography, they figure that okay. While obviously, it is absolutely untraceable, untrackable. Tell that to the people that this year has tried to ransom money out of enough. US corporations, some of the major -- consider Colonial Pipeline and what happened with them and how at least half of their cryptocurrency was returned to them. [00:03:11] So don't think that this stuff is a way that you can get away with breaking in the law or not paying taxes. It is not the whole. Business, if you will, of crypto seizure and sale is growing incredibly fast. In fact, the federal government just enlisted the help of the private sector to manage and store these crypto tokens that have been seized. [00:03:43] Now, I mentioned that the IRS has seized about $1.2 billion worth of cryptocurrency this fiscal year. That is a whole lot of cryptocurrency. And what are they doing with it while it's the same thing? Remember the drug dealers back in the day. Miami, what was happening? I used to love the Miami Vice TV show. What happened there while they seized boats, they confiscated cars. [00:04:09] They seized cash. Obviously, they can just be put back into circulation, but what do they do everything else? Cores, they go ahead, and they sell it at auction. And that's what they've been doing. Then in June, they started auctioning off Litecoin and Bitcoin cash. They had 11 different lots on offer. [00:04:34] It was a four-day auction, and it included 150.2, 2 5 6 7 1 5 3 Litecoin. You like that. Remember, cryptocurrency is not necessarily a whole coin. It's like having a gold coin. That's worth 500 bucks. How are you going to use that to buy a loaf? But what happens with these cryptocurrencies is you can buy and sell fractions of a coin. [00:05:00] So that's why you get into the millions of a piece of a coin. So they sold 150 ish Litecoin and about 0.00022 in Bitcoin cash worth more than 21 grand. So that's one of the 11 lots that were out there. And this crypto property is what they're calling. It had been confiscated as part of a tax noncompliance case. [00:05:30] I'm looking right now at the public auction sale notice. And where it was, where you could go online. It was on https://gsaauctions.gov. Suppose you want to check these things out, as in the general services administration. In that case, auctions.gov, GSA, auctions.gov, and they were selling it, and it was a taxpayer, it tells you all kinds of information about them. [00:05:52] It's a. Crazy here, but you have to pay by cash to certified cashiers or treasures check drawn on different banks. And it's really cool to look at some of these things, but you can find them online. So if you're interested in buying them might be an excellent way to buy them, these various cryptocurrencies if you want to get into them. [00:06:15] But a lot can refer to almost anything could be, as I said, boats or cars like it was on Miami vice. It could be some number of crypto coins that are being auctioned. So they're going to be doing more and more of that. So then, apparently, the feds are saying that they have no plans to step back from being basically a crypto broker. [00:06:41] Here is the bottom line here because they're seizing and selling all of these assets. So keep an eye out for that. Remember what is going on? The silk road site that I mentioned had been shut down or operating on the dark web. It used Bitcoin exclusively nowadays are using various types of coins. [00:07:04] Most of them are ultimately traceable, and we're not going to get into all of the details behind it, but the bottom line is, so what do they do now? Think about this. Silk road had 30,000 Bitcoin that they were able to identify in CS. And it was probably the most significant Bitcoin seizure ever. And it sold for about $19 million. [00:07:32] So that was quite a few years ago. Somebody just pulls up a calculator here, say 30,000 times, and what's Bitcoin nowadays. I'm not quite sure. Let's say it's $15,000. So in today's money, it had half a billion dollars. Today's value, a half, a billion dollars worth of Bitcoin in there isn't that something, and that was all seized, and it was all auctioned off. [00:07:58] So keep an eye on that. They're following the money is the technique they're using. You can find out a lot more at us, marshals.gov, and that is how they found it. If you've got pictures. You're going to have to sell it. You're going to have to transfer. You have to do something with it. And that's where they're getting. [00:08:19] Bottom line, particularly if you take the Bitcoin and turn it into something else, but this would take a while to explain. And I was thrilled to be able to sit in on a presentation done by the treasury department on how they handle all of this. It's frankly very fascinating. So, hey, make sure you spend a couple of minutes and join me online. [00:08:44] Craig peterson.com. You can sign up for my newsletter. You can listen to my podcasts, and you can get some free, special reports just for signing up. /episode/index/show/cptt/id/20212319

The "Great Resignation" in Big Tech - Better Jobs, More Money 08/20/2021

The "Great Resignation" in Big Tech - Better Jobs, More Money The "Great Resignation" in Big Tech - Better Jobs, More Money There seems to be a worker shortage. And many businesses are finding that, frankly, people involved in technology are resigning; they're calling it a great resignation of workers. We have a lot of problems as business people, filling jobs nowadays. [Automated transcript] [00:00:20] And one of the things I've thought about doing is maybe even starting a course for people who want to figure out if this whole cybersecurity thing is right for them. I think that might make a lot of sense for some people. And there are some of you listeners. I know, because I've talked to you who have gone out and. [00:00:40] Gotten into, is that a word who have changed careers into the cybersecurity realm? So does it make sense for you? I don't know. Do you think it would make sense for me to offer something? A cybersecurity course to give you guys the basics and help you understand it and see if it might be good for you. [00:01:00] Only, you know that, and if you're interested, make sure you drop me a note just to me, M E Craig peterson.com, and let me know what you think. Still, the big tech is suffering from this great resignation of workers and workers in the technology field right now. So it's a good time to leave. Now, this isn't the same as many workers who, for instance, were in the restaurant business for many years, were in food service. [00:01:31] You make money. Maybe you don't make money. Who knows those. And, of course, those jobs pretty much disappeared during the lockup. Big tech, it's different from big tech. Most of these people, most of us, frankly, retained our jobs. We were still able to work, still able to do the stuff we'd always been doing. Still, we were doing it from home, and many employees looked at the situation and said, I am not going to leave. [00:02:05] Because I don't know if I'll be able to get a new job. Does that make sense to you? So we have a bit of pent-up demand in the tech field of people who maybe didn't like the boss, didn't really like what they were doing but kept the job because at least it was a job. It paid some bills. And from the bottom-line standpoint, it didn't make sense to. [00:02:29] Now we see something else going on; people are leaving like crazy Facebook here. There's a quote in an article in MarketWatch. Lost this guy named Raymond Andres. Who's now the chief technology officer at the air table. Now I've used air table before I was a client of theirs for a while. It's really something. [00:02:52] If you need to do some essential project management or have a process for doing something. That needs to be tracked, and maybe something handed over to another person when it meets a particular stage. Check it out, air table.com online. Still, he left Facebook, and he said there's been a burst of activity of people leaving. [00:03:15] If anything. The lockdown delayed decisions. And that's exactly what I was saying. I've been saying that for a very long time, but there's another factor involved when it comes to technology. And that is the funding, which is just amazing. You might remember a couple of years ago we had this. Brakes on IPO's on initial public offerings. [00:03:40] These tech companies just were not going to go public at all. And because of that, many angel investors and venture capitalists said, forget about it. I'm not going to go ahead and make any sort of investment. So that is when many of these small companies just failed, and of course, incomes the lockdown, and even more of them died. [00:04:03] But now. But the investors are a spinner spending a lot of money so far this year. There have been 84 initial public offerings in the US alone. Isn't that amazing? 50 plus billion dollars in IPO's. Now that's up from about 38 billion. Last year. So there's obviously money in the IPO world. So that gets the venture capitalists interested. [00:04:36] So VC money is also at record highs. This year's track is to be the best year yet. According to PitchBook through June. This year 2021, $150 billion has been raised among about 7,000 deals. Now that's ahead of last year's record, a total of $164 billion for the year. So we're looking at some significant money going in. [00:05:10] And we have many people leaving from Google and Facebook and Amazon and Apple, maybe your company as well, who are saying, wow there's some real opportunity now I could get in on the ground floor. The VC money is a record high, so I can take at least some salary enough to make it heck I haven't had to pay rent for a year. [00:05:33] So I can afford to do that, to try and. Something with some of my friends, and that's precisely what they're doing. Robert half, a company I've had on my show before Robert half international, did a survey. They found that about one-third of the almost 3000 information technology professionals. [00:05:57] They surveyed said they planned to look for a new job in the next few months. They're also saying Robert half is that while employers posted more than 365,000 job openings in June alone, they're not getting filled; that's, by the way, the highest monthly. In about since September 2019, according to CompTIA, which is an industry trade group. [00:06:25] I'm a member of that. My company is a member of comp Tia as well. So there are a lot of things happening that are really driving people to startups. And there's a lot of advantages to that. So here's another guy. This is an engineering manager who left Facebook last year. And he quickly returned. [00:06:46] He said working at a startup, you have much more connection with employees, and things moved faster. So tiger graph, by the way, also hired ex-Googlers. And they're increasing the workforce this year too, about 300 from 90. So think about what they're doing. So that's not, yeah, technically, it's probably still a startup, but it's 300 employees. [00:07:10] That's not us. That is a lot of employees, and they've got a lot of money behind them. Here's another guy. And she's saying, I thought I would be a lifer at Amazon. But this was a tremendous opportunity. I can have a far more significant impact and more influence on the company's trajectory, which quite frankly was harder at Amazon. [00:07:33] And we're seeing more and more of particularly the younger employees looking at that. Her name's Anna fag fabric. Sorry about the names butchering here, but she's now at freshly. Officer. So many people are saying in this survey from Robert half international that having a chance to impact a smaller company was a significant reason for leaving. [00:08:01] And that's after years of massive growth at big tech companies. So again, IBM in the 1970s. They were the ruler; they were the king. It was impossible. If you work for IBM, man, they're going to be around forever. And, of course, they still are. And they have excellent products, especially the Z series mainframe, but they're not the company they were. [00:08:24] And I think we now are seeing. The next step in these big high-tech, but is no longer being the companies that they were innovation is going to leave with these employees, and they're going to really be hurt and hurt quite a bit. All right. So coming up, we're going to talk, of course, more about some of the more critical tech stuff you've got to. If you haven't already get on my email list, I'll send you a couple of special reports that we. [00:08:54] As well as, of course, every week, one or two newsletters, not sales documents, newsletters, Craig peterson.com. /episode/index/show/cptt/id/20212082

Windows 11 Will Require a New Piece of Hardware 08/20/2021

Windows 11 Will Require a New Piece of Hardware 1126-01-windows_11_and_tpm [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years; they are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market that they considered being competitors of theirs, so they have used their position at the top of the market with billions of dollars in cash to really nail anybody that tries to challenge them. And it's incredible to me what has happened over the years. But, of course, you might know Microsoft did. [00:00:57] Putting an investment into Apple. And many people say that investment that bill gates authorized really saved apple from total collapse. And I can see how is this a reasonable audience or argument? But the bottom line, when we get down to it, is that Microsoft Windows has never been a great operating system. [00:01:21] It's always had issues. It's always had glitches, and we could go into a lot of reasons for that. But I think one of the main ones is that it has really tried to stay compatible with everything, all of the. When you were a kid, you certainly rode a bicycle. But, still, the bike you might be riding when you're in your thirties or forties will probably not have three wheels. [00:01:46] And it's probably not going to have a pedal connected to the front wheel. It will be a whole lot different, and Microsoft, over the years, has tried to make their more modern operating systems as time has gone on. Compatible with older operating systems of theirs. And that inevitably leads to problems. [00:02:06] If you're trying to fix a problem, Einstein said this, right? If you're trying to fix a problem, you cannot use the thinking that created the problem in that first place. So to fix a problem, you have to think at a different level. And when it comes to software and operating systems, you actually. To program at a different level. [00:02:29] And the entire structure of the programs has to be different than it is when you're starting. Microsoft has been doing that a little bit. And with Windows 11, they are really trying, they've gotten such black eyes over the years for security problems, and I think they deserve them for the most part. [00:02:50] Now they're forcing you to use what's called a TPM. Now, these TPMS have been around for quite a while. You see them built into your Macs, and they've been built into your apple Macs now for years, built-in frankly to your iOS devices for your iPhone also for years. But this is a trusted platform module TPM. [00:03:17] And the idea behind a TPM is that your computer hardware is locking. All of this information and the senior TPM. Now there are a lot of complicated implementations of TPMS. The implementation that apple uses stores, all kinds of stuff that makes sure you're booting properly, security, keys, et cetera. What Microsoft is doing now is for windows 11. [00:03:47] If you're going to. Your machine has to have a TPM and not just an older TPM 2.0. Now there are alpha images available right now for developers of Windows 11. And I have to absolutely encourage you if you are a software developer to get an alpha version of windows so that you can double-check, is my software is still going to be able to run in this. [00:04:13] And I also want to encourage you if you are relying on particular applications. Maybe they're a little older, perhaps they're not, but if your business requires you to use a piece of software, you really should get windows 11. Right now, get the alpha code, follow it through beta and test your software. [00:04:36] Make sure it works. If it isn't working, then talk to your software vendors, warn them that it's. Because Windows 11 requiring TPM support, although it doesn't need it right now in this alpha version that they're releasing, it does require it. Supposedly when they finally release Windows 11, the computers you have today probably don't have this chip. [00:05:07] We have a client who decided they would go out and buy their own server against our judgment. And what we told them they should be doing. So they went out, and they purchased an HP server from HP enterprise, and they did. And it did not have most of the security staff they needed, including it did not have a TPM. [00:05:27] It did not have one of these trusted platform modules on it. Now, in their case with this HP server, they could buy one after the fact and install it. Although the entire machine had to be destroyed entirely and reloaded, that's a minor price to pay versus purchasing a whole new server. [00:05:48] The TBM is not necessarily going to be compatible with the new version of windows. In fact, Microsoft surface tablets. I look this up to their highest-end surface tablets, Microsoft branding all over it. Microsoft certified $6,000 almost to buy this top-end surface tablet with all the bells and whistles you can get on it. [00:06:15] It will not work with windows 11. How's that? So the reason Microsoft is doing this, I think, is a good reason. They really want to lock down this system to no longer have as many security problems. And we're not going to get into all of the different types of security problems that TPM is not going to solve a lot of them, but it's going to solve. [00:06:40] Some of them, but the program manager over Microsoft, her name is Al area. I guess it is Carly. She said that the hardware floor of TPM 2.0 support will be in place for the final version. We'll see. I think a lot of people are going to push back. However, Microsoft really does and legitimately does want to make sure that everything is safe. [00:07:07] So keep that in mind. There are a lot of people complaining about it, the alpha version. And that is why you have an alpha version. They're complaining about it because of the TPM, but also because of some of the other things that are going on with windows 11, at least right now, some of the things Microsoft has announced they've got, for instance, group policy will not let you get around hardware enforcement for windows 11. [00:07:34] Microsoft is still going to block you from upgrading your device. To make sure your devices stay supported and secure. So that's good news, and it's good news because many times in the past, how many of us we've upgraded our machines and a new version of the operating system. And I use "upgrade" with air quotes around it, but we've upgraded our machines, and they won't work with the new version. [00:08:00] The audience here for her short statement, which was part of this, a Microsoft tech community user questions, was agitated. They did not like the answers that she was giving. And this is according to windows central, the videos, top comment, read, quote, a lot of these answers come off as super Tone Deaf. [00:08:22] It is looking like Windows 11 will be another problem. So for those of us, that know, yeah. Windows eight was really quite the flop member. They very quickly came out with windows eight one, and Microsoft is the only tone-deaf company out there. I've got to say, I think Apple has been remarkably tone-deaf in many different ways. [00:08:44] Now they seem to be waking up doing some things a little bit better, so kudos to them for that. But a lot of companies, really. Tone, deaf to what users want. And there's a lot of blog posts here. We'll have to see if what they're saying ultimately ends up in windows 11. If it does, things will be a bit of a problem. [00:09:08] But part of the reason we don't know. Because Microsoft disabled any more comments on the video, they were getting so many of them. And of course, there are trolls people who hate Microsoft. I'm certainly not one of them. They also, by the way, deleted all existing comments on the video here about windows 11 with their program manager in response to the negativity. The voting is still open on this video, and 2,700 dislikes and only 146 likes as of this last week. It's interesting. Microsofts are really rushing to these new hardware requirements. They're being very aggressive, and I think they're handling it. Sound familiar. We've heard these sorts of things before, but now we'll see here into the legitimacy of this. How much is it going to benefit is limited because where are we solving our biggest problems? [00:10:09] People cooking, links, things get installed, et cetera, that nothing to TPM will be able to handle. The TPM is going to make sure that you have a secure boot that's it's missing. The goal in life. So how was it? We will help with a lot of this other stuff we will see, and I'll definitely keep you up to date on this? [00:10:28] It's real. Hey, I want to remind you guys, go to Craig peterson.com. Hopefully, you got my newsletter last week. I gave you a private link to a webinar that I did about VPN because there's a lot of people selling VPNs. Unfortunately, most of them are misrepresenting what they can. And in fact, most of them make you less safe. [00:10:53] So don't miss another thing. Go to Craig peterson.com right now. And subscribe /episode/index/show/cptt/id/20212013

Weekly - Microsoft is planning on making you buy a new computer 08/19/2021

Weekly - Microsoft is planning on making you buy a new computer [Automated transcript] Weekly - Microsoft is planning on making you buy a new computer [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years. They are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market that they considered being competitors of theirs, so they have used their position at the top of the market with billions of dollars in cash to really nail anybody that tries to challenge them. And it's incredible to me what has happened over the years. But, of course, you might know Microsoft did. [00:00:57] Putting investment into Apple. And many people say that investment that bill gates authorized really saved apple from total collapse. And I can see how is this a reasonable audience or argument? But the bottom line is that Microsoft Windows has never been a great operating system when we get down to it. [00:01:21] It's always had issues. It's always had glitches, and we could go into a lot of reasons for that. But I think one of the main ones is that it has really tried to stay compatible with everything, all of the. When you were a kid, you certainly rode a bicycle. But, still, the bike that you might be riding when you're in your thirties or forties is probably not going to have three wheels. [00:01:46] And it's probably not going to have a pedal connected to the front wheel. It is going to be a whole lot different, and Microsoft, over the years, has tried to make their more modern operating systems as time has gone on. Compatible with older operating systems of theirs. And that inevitably leads to problems. [00:02:06] If you're trying to fix a problem, Einstein said this, right? If you're trying to fix a problem, you cannot use the thinking that created the problem in that first place, in order to fix a problem, you have to think at a different level. And when it comes to software and operating systems, you actually. To program at a different level. [00:02:29] And the entire structure of the programs has to be different than it is when you're starting. Microsoft has been doing that a little bit. And with Windows 11, they are really trying, they've gotten such black eyes over the years for security problems, and I think they deserve them for the most part. [00:02:50] Now they're forcing you to use, what's called a TPM. Now these TPMS have been around for quite a while. You see them built into your Macs, and they've been built into your apple Macs now for years built-in frankly to your iOS devices for your iPhone also for years. But this is a trusted platform module TPM. [00:03:17] And the idea behind a TPM is that your computer hardware is locking. All of this information and the senior TPM. Now there are a lot of difficult implementations of TPMS. The implementation that apple uses stores, all kinds of stuff that makes sure you're booting properly security, keys, et cetera. What Microsoft is doing now is for windows 11. [00:03:47] If you're going to. Your machine has to have a TPM and not just a older TPM 2.0, now there are alpha images available right now for developers of Windows 11. And I have to absolutely encourage you if you are a software developer to get an alpha version of windows so that you can double-check, is my software still going to be able to run in this. [00:04:13] And I also want to encourage you if you are relying on certain applications and maybe they're a little bit older, maybe they're not, but if your business requires you to use a piece of software, you really should get windows 11. Right now, get the alpha code, follow it through beta and test your software. [00:04:36] Make sure it works. If it isn't working, then talk to your software vendors, warn them that it's. Because Windows 11 requiring TPM support, although it doesn't require right now in this alpha version that they're releasing, but it does require it. Supposedly when they finally release windows 11, your computers that you have today probably don't have this chip. [00:05:07] We have a client that decided they were going to go out and buy their own server against our judgment. And what we told them they should be doing. So they went out and they bought we're going to get an HP server from HP enterprise and they did. And it did not have most of the security staff that they needed, including it did not have a TPM. [00:05:27] It did not have one of these trusted platform modules on it. Now, in their case with this HP server, they could buy one after the fact and install it. Although the entire machine had to be completely destroyed and reloaded, that's a minor price to pay versus buying a whole new server. [00:05:48] The TBM is not necessarily going to be compatible with the new version of windows. In fact, Microsoft surface tablets. I look this up their highest end surface tablets, Microsoft branding all over it. Microsoft certified $6,000 almost to buy this, or, top end surface tablet with all of the bells and whistles you can get on it. [00:06:15] It will not work with windows 11. How's that? So the reason Microsoft is doing this, I think is a good reason. They really want to lock down this system so that we're no longer having as many security problems. And we're not going to get into all of the different types of security problems that TPM is not going to solve a lot of them, but it's going to solve. [00:06:40] Some of them, but the program manager over Microsoft, her name is Al area. I guess it is Carly. She said that the hardware floor of TPM 2.0 support is going to be in place for the final version. We'll see. I think a lot of people are going to push back. However, Microsoft really does and legitimately does want to make sure that everything is safe. [00:07:07] So keep that in mind. There are a lot of people complaining about it, the alpha version. And that is why you have an alpha version, they're complaining about it because of the TPM, but also because of some of the other things that are going on with windows 11, at least right now, some of the things Microsoft has announced they've got, for instance group policy will not let you get around hardware enforcement for windows 11. [00:07:34] Microsoft is still going to block you from upgrading your device. To make sure your devices stay supported and secure. So that's good news and it's good news because many times in the past, how many of us we've upgraded our machines and to a new version of the operating system. And I use upgrade with air quotes around it, but we've upgraded our machines and they won't work with the new version of it. [00:08:00] The audience here for her little statement, which was part of this, a Microsoft tech community user questions was very upset. They did not like the answers that she was giving. And this is according to windows central, the videos, top comment, read, quote, a lot of these answers come off as super tone. [00:08:22] Deaf is looking like Windows 11 will be another windows. So for those of us that know yeah. Windows eight was really quite the flop member. They very quickly came out with windows eight one and the Microsoft is, and the only tone-deaf company out there, I've got to say, I think Apple has been very tone-deaf in a lot of different ways. [00:08:44] Now they seem to be waking up doing some things a little bit better, so kudos to them for that. But a lot of companies really. Tone, deaf to what users want. And there's a lot of blog posts here. We'll have to see if what they're saying ultimately ends up in windows 11. If it does, things will be a bit of a problem. [00:09:08] But part of the reason we don't know. Is because Microsoft disabled, any more comments on the video, they were getting so many of them. And of course there's trolls people who hate Microsoft. I'm certainly not one of them. They also, by the way, deleted all existing comments on the video here about windows 11 with their program manager in response to the negativity, the voting is still upon this video and. [00:09:37] 2,700 dislikes and only 146 likes as of this last week. It's interesting. Microsofts are really rushing to these new hardware requirements. They're being very aggressive, and I think they're handling it. Sound familiar. We've heard these sorts of things before, but now we'll see here into the legitimacy of this, how much is it going to benefit is limited as well because where are we having our biggest problems? [00:10:09] People cooking, links, things get installed et cetera, that nothing to TPM is going to be able to handle. The TPM is going to make sure that you have a secure boot that's it's missing. Goal in life. So how was it we're going to help with a lot of this other stuff we will see, and I'll definitely keep you up to date on this. [00:10:28] It's a real. Hey, I want to remind you guys, go to Craig peterson.com. Hopefully you got my newsletter last week. I gave you a private link to a webinar that I did about VPN, because there's a lot of people selling VPNs. Most of them are misrepresenting what they can. And in fact, most of them make you less safe. [00:10:53] So don't miss another thing. Go to Craig peterson.com right now. And subscribe [00:10:59] There seems to be a worker shortage. And a lot of businesses are finding that frankly, people who are involved in technology are resigning, they're calling it a great resignation of workers. We have a lot of problems as business people, filling jobs nowadays. [00:11:20] And one of the things I've thought about doing is maybe even starting a course for people who want to figure out if this whole cybersecurity thing is right for them. I think that might make a lot of sense for some people. And there are some of you listeners. I know, because I've talked to you who have gone out and. [00:11:40] Gotten into, is that a word who have changed careers into the cybersecurity realm? So does it make sense for you? I don't know. Do you think it would make sense for me to offer something? A cybersecurity course to give you guys the basics and help you to understand it, to see if it might be good for you. [00:12:00] Only, you know that, and if you're interested, make sure you drop me a note just to me, M E Craig peterson.com and let me know what you think, but the big tech is suffering from this great resignation of workers and workers in the technology field right now. It's a good time to leave. Now, this isn't the same as many workers who, for instance, were in the restaurant business for many years, were in food service. [00:12:31] You make money. Maybe you don't make money. Who knows those. And of course, those jobs pretty much disappeared during the lockup. Big tech, it's different in big tech. Most of these people, most of us, frankly, we retained our jobs. We were still able to work, still able to do the stuff we'd always been doing, but we were doing it from home, and many employees looked at the situation and said, I am not going to leave. [00:13:04] Because I don't know if I'll be able to get a new job. Does that make sense to you? So we have a bit of a pent up demand in the tech field of people who maybe didn't like the boss didn't really like what they were doing, but kept the job because at least it was a job. It paid some bills. And from the bottom-line standpoint, it didn't make sense to. [00:13:28] Now we see something else going on, people are leaving like crazy Facebook here. There's a quote in an article in MarketWatch. Lost this guy named Raymond Andres. Who's now the chief technology officer at air table. Now I've used air table before I was a client of theirs for a while. It's really something. [00:13:51] If you need to do some basic project management, or if you have a process for doing something. That needs to be tracked and maybe something handed over to another person when it meets a certain stage, check it out, air table.com online, but he left Facebook and he said, there's been a burst of activity of people leaving. [00:14:15] If anything. The lockdown delayed decisions. And that's exactly what I was saying. I've been saying that for a very long time, but there's another factor involved when it comes to technology. And that is the funding, which is just amazing. You might remember a couple of years ago we had this. Brakes on IPO's on initial public offerings. [00:14:40] These tech companies just were not going to go public at all. And because of that, many angel investors and venture capitalists said, forget about it. I'm not going to go ahead and make any sort of investment. That is the time when a lot of these small companies just failed and of course, incomes the lockdown and even more of them failed. [00:15:03] But now. But the investors are a spinner spending a lot of money so far this year, there have been 84 initial public offerings in the U S alone. Isn't that amazing? 50 plus billion dollars in IPO's. Now that's up from about 38 billion. Last year. So there's obviously money in the IPO world. So that gets the venture capitalists interested. [00:15:36] So VC money is also a record hives. This year's track to be the best year yet. According to PitchBook through June. This year 2021, $150 billion has been raised among about 7,000 deals. Now that's ahead of last year's record, a total of $164 billion for the year. So we're looking at some major money going in. [00:16:09] And we're have a lot of people that are leaving from Google and Facebook and Amazon and Apple, maybe your company as well, who are saying, wow there's some real opportunity now I could get in on the ground floor. The VC money is a record high, so I can take at least some salary enough to make it heck I haven't had to pay rent for a year. [00:16:32] So I can afford to do that, to try and. Something with some of my friends and that's exactly what they're doing. Robert half, which is a company I've had on my show before Robert half international, they did a survey and they found that about one third of the almost 3000 information technology professionals. [00:16:56] They surveyed said they planned to look for a new job in the next few months. They're also saying Robert half is that while employers posted more than 365,000 job openings in June alone, they're not getting filled that's by the way, the highest monthly. In about since September, 2019, and that's according to comp Tia, which is a, an industry trade group. [00:17:24] I'm a member of that. My company is a member of comp Tia as well. So there are a lot of things happening that are really driving people to startups. And there's a lot of advantages to that. So here's another guy. This is an engineering manager who left Facebook last year. And he quickly returned. [00:17:45] He said working at a startup, you have much more connection with employees and things moved faster. So tiger graph, by the way, also hired ex-Googlers. And they're increasing the workforce this year too, about 300 from 90. So think about what they're doing. That's not, yeah, technically it's probably still a startup, but it's 300 employees. [00:18:10] That's not us. That is a lot of employees, and they've got a lot of money behind them. Here's another guy. And she's saying, I thought I would be a lifer at Amazon. But this was a tremendous opportunity. I can have a far greater impact and more influence on the company's trajectory, which quite frankly was harder at Amazon. [00:18:32] And we're seeing more and more of particularly the younger employees looking at that. Her name's Anna fag fabric, sorry about the names butchering here, but she's now at freshly she's their chief criminals commercialization. Officer. So a lot of people are saying in this survey from Robert half international that having a chance to have an impact at a smaller company was a major reason for leaving. [00:19:00] And that's after years of massive growth at big tech companies. So again, IBM in the 1970s. They were the ruler, they were the king. They was impossible. If you work for IBM, man, they're going to be around forever. And of course, they still are. And they have amazing products, especially the Z series mainframe, but they're not the company they were. [00:19:24] And I think we now are seeing. The next step in these big high-tech, but is no longer being the companies that they were innovation is going to leave with these employees, and they're going to really be hurt and hurt quite a bit. All right. So coming up, we're going to talk, of course, more about some of the more important tech stuff, you've got to, if you haven't already get on my email list, I'll send you a couple of special reports that we. [00:19:54] As well as of course, every week, one or two newsletters, not sales documents, newsletters, Craig peterson.com. [00:20:04] Bitcoin is all of the rage. In fact, these cryptocurrencies or something, a lot of people have considered investing in of course, many have invested in it. I played around with them about a decade ago, and the IRS seized 1.2 billion worth of it. [00:20:19] You might remember, we talked years ago about the IRS trying to tax things in the virtual world. So if you were in one of these real life type things and you owned property, as it were inside this virtual world, they wanted to tax it. Of course, if you sold something with real hard money and. You sold it inside that real world with real hard money, you would end up having to pay taxes. [00:20:47] Just if you sold a hammer to someone, that's the way it works. A lot of people have decided that, for some reason, cryptocurrency is completely untracked. Now we know about cases. I've talked about them here where some of these coins in this particular case, we're talking about Bitcoin or has been used online. [00:21:15] And in fact, the government has found out who was using it and really stepped in, in a big way. Silk road is the biggest example. This was an online black market for everything you can think of, from illegal drugs to firearms, to all kinds of illegal commodities that were for sale online. [00:21:40] This was back in 2013, they were using Bitcoin to buy and sell things on this free trade zone. I think they called themselves and silk growed was just thriving. On comes the federal government and federal agents in the United States really cut their teeth in crypto search and seizure. With taking down the silk road, you might remember this was very unprecedented. [00:22:10] People had no idea. What they could do. How could the federal government monitor this? Can I buy and sell these Bitcoins? All of that sort of thing. And 20 years as the chief of money laundering and asset forfeiture in. Yeah, us attorney's office for the Southern District of New York. Sharon Levin said that this whole takedown or silk road was completely unprecedented and it was new technology. [00:22:41] What do you do well because people. Here cryptocurrency and crypto, of course, being short for cryptography, they figure that okay. While obviously it is absolutely untraceable untrackable. Tell that to the people that this year have tried to ransom money out of enough. US corporation, some of the major consider for instance, colonial pipeline and what happened with them and how at least half of their cryptocurrency was returned to them. [00:23:15] So don't think that this stuff is a way that you can get away with breaking in the law or not paying taxes. It is not the whole. Business, if you will, of crypto seizure and sale is growing incredibly fast. In fact, the federal government just enlisted the help of the private sector to manage and store these crypto tokens that have been seized from. [00:23:47] Now I mentioned that the IRS has seized... /episode/index/show/cptt/id/20194829

Are You One of More Than 700,000 On U.S. "Watch-Lists"? 08/05/2021

Are You One of More Than 700,000 On U.S. "Watch-Lists"? Are You One of More Than 700,000 On U.S. "Watch-Lists"? Craig Peterson: You've heard about the no-fly list, right? Yeah. How about the terrorist and other watch lists? It's impossible to get your name off, even when there was no reason to be there in the first place? Well, I got some news. The Department of Homeland security has been criticized for many things over the years. One of the things that they have been criticized quite a bit about is this watch list that they maintain. They have a watch list for no-fly. People get put on that watch list. It was initially intended to be, we know this guy's a terrorist, so we're going to put them on, right. [00:00:45] It's not always the way it goes. It starts out almost innocuous, and before you know it, there are all kinds of people getting caught in this big, big net. [00:00:55] That's what's been happening lately. But, unfortunately, it's going to worsen because the Department of Homeland security has decided to hire regular old companies to help develop this no-fly list and this terrorist watch list. [00:01:14]Apparently, these companies will be looking through all kinds of public data, maybe some private data, social media to provide information for this new domestic terror watch list. [00:01:28] So you look at that and say, okay, I can see that. [00:01:32] We've talked before the problem, man, 20 years ago. I think I was talking about these data aggregators and the issues they create. They're taking public records; they're putting them all together. They're figuring out how it all meshes together, and they come up with a pretty accurate picture of who you are. [00:01:53] Now, I've got to say when I've had them on my show here before, I was talking to them and said, okay, I want to look up my own records. So I looked them up on their platforms. I did not see a single one that was more than about 30% correct about me. This was again, some years ago. I think it's probably been almost a decade since I last spoke with the data aggregators. They really are trying to blend into the background, [00:02:21] Nowadays, this data that's put together by these artificial intelligence systems is not necessarily that accurate, and that gets to be a real problem. [00:02:33] So who is DHS gonna hire? Well, from the description reported here by the Conservative Tree House, it is going to be big tech, specifically, Google, Facebook, YouTube, Instagram, Snapchat, Twitter, and more. [00:02:54] The DHS will put them under contracts to hire and organize internal monitoring teams to assist the government by sending information on citizens they deem dangerous. Again, what could go wrong? [00:03:10] Our government is not allowed to spy on us. How many times have we talked about this? You have, of course, the five eyes, and then they added more and more. These are governments that spy on each other's citizens for each other. [00:03:26] So, for instance, the US cannot spy on US citizens. So we have an arrangement with the United Kingdom, New Zealand, Australia, Canada to spy on the US citizens for us that makes sense to you. [00:03:44] Can you believe that? [00:03:46]We spy on their citizens for them, and they spy on our citizens for us. All is good. [00:03:57]What's happening here is The Department of Homeland security realizes it cannot spy on us directly. This is what they've been doing for a very long time, they go to the data aggregators, and they pull up the data that they want. [00:04:12]They want to see if this guy is maybe selling illicit drugs, and they pull up public records. [00:04:19]What cars does he have? How many homes do they own? Who's he dating? Has she all of a sudden been buying diamonds and mink coats? What's going on here? [00:04:31]Now we're seeing that the US intelligence apparatus. It's really going live quickly to put together lists of Americans who could be potential threats to the government and need to be watched. [00:04:49] Now it's all well and good. It's just like president Biden this week saying, Oh, we're going to have these red flag laws. We're going to stop the sale of certain types of firearms and things. It all sounds good. [00:05:04] The reality is we have known about some of these people before, right? So this is all just a red herring that the federal government is doing right now because the real problem is these terrorists, the domestic and otherwise that have shot up schools, have almost always been reported to law enforcement as dangerous people. Some have even been on lists that say they cannot buy firearms, yet they get guns. Bad guys. [00:05:39] It's like here in the US. Where does our fentanyl come from? We're not making a domestically. Our fentanyl is coming from China often through Mexico. It is killing people here in the US. [00:05:54]The whole George Floyd incident, and what's happening with fentanyl in his system, right. The question is, did the police operate properly? What killed him? According to the coroner's report? It was the fentanyl that killed him. [00:06:09]One way or the other that fentanyl got here from China and is being used on the streets, and people are dying from it. Fentanyl's illegal. How could they possibly get it? [00:06:24] It's illegal for a felon to be in possession of a firearm. So how did a criminal get the gun? [00:06:32] The police were warned about people in San Bernardino, California. They were warned. The people in that business told the police. We were calling. We're apprehensive about this guy, and nothing happened. [00:06:48] So now what are we going to do? We're going to cast an even wider net. We cannot take care of the reports that come in right now. We're going to get even more reports, and they're going to be coming from these AI systems. Again, what could possibly go wrong here? It's absolutely incredible. [00:07:12]They look at these reports. They try and determine these are actionable, the FBI or other law enforcement agencies. They've been deciding no, it's not actionable. They've been right sometimes, and they've been wrong other times. This is a real problem. [00:07:29]What shocked me is NBC news with Andrea Mitchell, NBC news. Not a centrist news organization, very far left. NBC News is even reporting on this. They realize the consequences. Here's a quote from NBC. "DHS planning to expand relationships with companies that scour public data for intelligent and to better harness the vast trove of data it already collects on Americans." "The department is also contemplating changes to its terrorist. Watch listing process." Absolutely amazing. [00:08:16] Two senior Biden administrative administration officials told NBC News that Homeland security whose intelligence division did not publish a warning of potential violence before the January sixth Capitol riots are seeking to improve its ability to collect and analyze data about domestic terrorism, including the sorts of public social media posts that threatened a potential attack on the Capitol." [00:08:44] "DHS is expanding its relationships with other companies that scour public data for intelligence. One of the senior officials said, and also to better harness the vast trove of data it already collects on Americans, including travel and commercial data through customs and border protection, immigration, customs enforcement, the coast guard, secret service, and other DHS components". There you go from NBC news. [00:09:11] So remind yourself what the FBI contractors with access to the NSA database already did in their quest for political opposition, research, and surveillance, and then get everything we were just talking about. [00:09:28]The director of national intelligence declassified a FISA judge's ruling. This is judge James Boasberg, 2018 ruling, where the FBI conducted tens of thousands of unauthorized NSA database queries. Do you remember that story? Very, very big deal. This judge is obviously passing these things out like candy and the FBI misusing its power and authority. Again, what could possibly go wrong? [00:10:00]By the way, President Obama apparently has been telling us that we should use the no-fly list to keep people from owning guns. [00:10:08]There's already a database maintained by the FBI. So this whole thing is, as I said, a red herring. Things are going to get really bad if law enforcement does this. Frankly, they're going to do it. There are no two ways about it. [00:10:25]We have to be more careful about keeping our information, our data private. [00:10:32] That's what my whole course: "Improving Your Windows Privacy and Security," is all about. Locking it down because the way Microsoft ships windows and how it installs and configures itself by default does not keep your data private. That's a problem. So that's what we're going through. [00:10:54]Remind yourself of this and just keep chanting, "nothing bad could happen here," right? Ah, the joys of all of these computers and databases and the way they work nowadays. [00:11:07] By the way, if your information is out there at all, even if you use fake names and numbers and addresses and things like I do when it's not required. Right. [00:11:20] I don't lie to the bank. I don't lie to the IRS. Nobody else needs to know the truth. Even if you have been, trying to keep it private. Good chance that they know who you are and where you are. Crazy. Crazy. [00:11:36] Hey, visit me online. Craig peterson.com. Make sure you subscribe to my weekly newsletter. /episode/index/show/cptt/id/20050334

Have Your Healthcare Records Have Been Stolen? 08/05/2021

Have Your Healthcare Records Have Been Stolen? Have Your Healthcare Records Have Been Stolen? What can you do about it? Craig Peterson: We're talking about ransomware and what's the Conti gang and others doing nowadays. Hello everybody. Craig Peterson here. Thanks for joining us today. I appreciate you spending a little bit of time, and I enjoy helping bring you guys up to speed on what is happening. There's just so much of it. You wouldn't believe what I have to filter out. [00:00:23] The Conti gang has been very successful. Still, their money started to dry up recently when people figured out if they had a decent backup, they could just go ahead and ignore the ransom demand. So instead of paying that ransom, just go ahead and restore from backup. So they had to do something different. [00:00:47]What the Conti gang did, as well as pretty much everybody else in the ransomware business, is okay; what we're going to do now is we're going to find all of the other machines we can find on the network. Then we're even going to have real people get onto these computers remotely that they've compromised and had a poke about. See if there is patient healthcare information? Are the bank account numbers on this machine? Are there plans on what to do? Where to go? What's the business going to do next week? [00:01:25] But mainly stuff they can sell right away. If you take credit cards, you know that the payment card industry is all over you if credit card numbers are stolen. Those are nowhere near as valuable as patient health record information. As I mentioned a little bit earlier, we're talking about 2000% more than 20 times more value to your healthcare records. [00:01:55]Now what happens is Conti gang says, "Oh, looky. We've got patient information here. It has names, addresses, social security numbers. It has birth dates. It has diagnostic information," and then they upload it. [00:02:11]We had something like this happened with one of our clients. It wasn't a ransomware attack; ultimately, it may have been. They came in through an unsecured VPN and that they would not let us shut down. [00:02:25]We told them to shut it down, and they didn't. In come the bad guys, they actually were coming up via Mexico in this case. Although I doubt they were located in Mexico. They took that VPN connection; they used it to get on to the computer and found something interesting. So they started to exfiltrate the data. In other words, Take that data and send it out. [00:02:52] That's precisely what the Conti gang and others are doing now. [00:02:55]We noticed, wait a minute, this is all automatic. Why is data going out from this host at that speed to this address at this time of day? It wasn't a typical pattern. So our hardware-software that's sitting there in their network automatically shut it down hard. [00:03:19]They were able to exfiltrate just a tad bit of data, and then it was stopped instantly. [00:03:26] The Conti gang gets your data, and then they try and say pay up from an extortion standpoint. Instead of just holding your data ransom, they're extorting you. Saying, if you do not pay us, we will release this data. [00:03:45]The Conti ransomware gang has its own website out there. It's called a leak site. There are many of them out there. [00:03:53]I'm not going to give you the URL; it's right there. There's their logo. Conti gang has a logo, and it says Conti news. It's talking about how you can make your payments to them and what data was released and that this person paid up, but it was too late. We don't have the data anymore, which means it was released and too bad. So sad. [00:04:18] I wouldn't want to be you. [00:04:19] Here's another ransomware gang, the Avedon ransomware gang. So again, they had stolen personal information. They had health information, and they had the ransom side and the extortion side built into it. This was about an attack on the Capitol medical center in Olympia, Washington. [00:04:42]They have leaked some of it they're threatening to reveal even more. If Washington Olympia capital medical center doesn't pay up. [00:04:52] First of all, ransomware results in data exfiltration 70% of the time now. In other words, 70% of the time, your data is stolen before the file encryption. Pretty bad. Pretty bad. [00:05:08]Things can get particularly harmful because these ransomware attacks are a growing concern. They're disrupting patient care and healthcare, right? [00:05:17] Disabling critical systems because they have been even holding ransom some of the diagnostic equipment. [00:05:25] MRI machines that were connected to the network were running Windows. So who would use Windows in the machine that's healthcare critical? [00:05:36] Obviously interrupt revenue flow, and they had to now go get involved with real expensive remedies. So it really puts him in a horrible spot, very bad. [00:05:47]We've had almost double the number of healthcare institutions attacked this year versus last year. [00:05:53] I'm not going to go through all of these things here. I explained the difference between some of these real sites and fake sites and how you can get access to it. [00:06:04]By the way, if you're interested, I did record this. I'd be glad to send it out to just let me know; just email [email protected], and I can send you some of this healthcare stuff, the slide deck, or whatever you might like. [00:06:16]Phishing campaigns, way up. You probably heard about that. I gave some examples of that emailing patient information without encrypting it. [00:06:25] Wireless infusion pumps that are, of course, compromised because they're running an operating system that hasn't been patched. Usually Windows. Think of that there are Windows in that infusion pump, but it could be a version of Linux. It's not fixed. It's crazy. Vital sign equipment. Oh my gosh. [00:06:46]We're also seeing that this patient health information being stolen now is being used to create fake insurance claims. [00:06:55]I was talking about how much this is worth, and it's worth a lot while this is one of the reasons it's worth a lot, your personal, private patient health information. [00:07:08] If you have a diagnosis and that diagnosis has been stolen, and then they can file a health insurance claim. Yeah. You see where I'm going with your information, as though you received some treatment or some care for the diagnosis in your healthcare records. It's just that simple. [00:07:33] Average cost of a data breach right now, by the way, if you are a regular business, it's $158 per record for non-healthcare, and it's $408 per record. [00:07:47] If you are in healthcare at all. That's a doctor's office. That's not just hospitals; it's anybody. And by the way, mobile breaches are massive 43% of healthcare organizations who reported a mobile breach said the mobile breach caused long lasting repercussions. [00:08:09] Now, think about this. If you're a patient. How well are your records protected? I can tell you based on what I've seen and talked with healthcare people, seeing statistics. They're not protected very well at all. [00:08:25]People will start going to jail over this. People in the healthcare industry, that is. /episode/index/show/cptt/id/20047511

Have Your Healthcare Records Have Been Stolen, too? 08/05/2021

Have Your Healthcare Records Have Been Stolen, too? Have Your Healthcare Records Have Been Stolen, too? Craig Peterson: We all have healthcare records, and they have some of our most personal information. That's what we're talking about today in follow-up to a webinar I did for the healthcare industry. So we're going to chat right now a little bit more about your privacy. Craig Peterson here. The actual hard stats on our healthcare records, a lot of them have been stolen. It's just crazy to think about because, in reality, we have had millions of records stolen, 300 million healthcare records stolen to be exact since 2015; that is pretty bad. [00:00:38] I'm looking at a chart right now that I showed to this healthcare industry group that is showing that the hacking event has almost doubled over the last three years, year to year, every year. So in 2018, 164 powerful hacks 2019, 312. That's a good double. 2020, 430, which isn't quite a double. So we are seeing a lot of data being stolen. But, of course, stolen data means misused data, which is a huge problem. [00:01:14] Now, in the healthcare industry, they've got a different problem. That is these HIPAA rules. Now HIPAA has been in place for quite a while. It's supposed to have been provided Portability of our records. Does anybody have any real luck with that? I know there are some I haven't. [00:01:30] Portability, I don't even know where my health records have ended up. Frankly, cause my doctor ended up closing up shop, and I just have no idea. But it's supposed to be Portability and privacy. Well, the most common violations of these HIPAA regulations revolve around professional hackers. [00:01:50] Then you've got business associate disclosure. Remember I mentioned that. The cloud is not an excuse for not protecting your data. You cannot hand that off to a third party. There are many more that I go into in the presentation. [00:02:05]Then here's the next thing I wanted to talk with you guys about that is the amount of ransomware out there. I'm going to have a little bit of a ransomware offering. [00:02:15]If you're not a subscriber right now, go to craig peterson.com/subscribe. You'll actually see it on the site @craigpeterson.com. If you scroll around, do a few things on the site, it should pop up automatically for you. [00:02:31]Now we're just talking about healthcare, and of course, this is every business and every person out there. [00:02:37] I talked about this Conti gang. I don't know if you've heard of them. C ON T I. [00:02:42] Now, remember what I've said before about ransomware. It used to be that you'd get ransomware. Your computer would now have its data encrypted. Then it would pop up this big red screen up that said you've got ransomware to get to all of your data back because what the ransomware did was encrypt it. You need to go to this website. You need to pay this amount of Bitcoin to this Bitcoin wallet, and off it goes, right? That's the idea. [00:03:13]According to the FBI, you'll get all your data back half the time. That's even if you pay the ransom. Now, too, the state department and the FBI might come after you if you pay a ransom -- because now you are supporting terrorist organizations, not just criminal enterprises. Huge deal. [00:03:34] Now, the other side of ransomware, and this is what just hit with a few different medical providers here. I talked about the Rehobeth McKinney Christian health center services, New Mexico because now it's much more advanced instead of just getting on your computer, encrypting your files, demanding a ransom to get the decryption key. They even pre-install the decryptor for you. Isn't that handy? What they are doing is they get onto a computer, and then they start East-West spreading. Now we've seen that for years. [00:04:08] I remember one of our clients, a car dealer, and this was five-seven years ago. They got some ransomware. Somebody clicked on something that they shouldn't have, and suddenly their machine gets ransomware. The device, of course, is hooked up to the network. It is, in fact, mounting drives from their file server. So his machine has access to all of these files. This guy was a manager over there at this car dealership. So he had access to all of the files. [00:04:47] Think about that for a minute. What his machine did back then is it said, Oh great, here are some network drives. So it started encrypting the S drive and the H drive, and the K drive. All of these different letters for these SMB mounted drives from the file server. [00:05:03]We were in there beforehand, and we installed our security stuff. [00:05:08]When his machine got this brand new strain of ransomware, and of course, he didn't want us looking at what was on his device. So we couldn't install all of the antivirus software because then we would have access to it. [00:05:22]We've got another client that's like that too, where the owner of the business doesn't want us installing software to really keep his machine clean. [00:05:29] I don't know why people do that. Are they just trying to play their cards close to the chest? Is that what they're trying to do? Are they looking at something they shouldn't be looking at at work? [00:05:43] Why do people do that? If you've got hints, let me know. Cause I would love to know [email protected] Why do people do that? [00:05:52]Anyhow, his machine got the ransomware. It tried to start spreading to the file server. Now, we had special hardware and software installed. So we saw that spread start. We immediately shut down. It was all automatic. It was just shut down because our systems shut down his network port. [00:06:13] His computer had the ransomware. We were able to just go ahead and restore from backup. The bad guys know that if all they're doing is encrypting your data, then who cares? You restore from backup. [00:06:29] Now, hopefully, you're following a three-two-one backup scheme. Most places don't. [00:06:36] Hopefully, you're testing it as well. We try every backup that we make for our customers every day. About once a week, we will spin up the servers in a virtual environment and make sure that it can boot to know we have a good backup. I got to tell you guys that the backups are not working most of the time, and it gets to be a real problem. [00:06:57]What these guys have figured, including this Conti gang, is we're not going to be able to get as much money out of them by just encrypting their discs. We need to do something else. So while they're trying to spread East-West inside, what they're doing is okay, so they got a hold of this manager's computer. They start scanning for other computers and scanning for vulnerabilities scanning for ways it can gain access. [00:07:26] Unfortunately, the statistics show us that most of us have file shares turned on our windows machines. [00:07:34] That's one of the things I talk about in my Improving Windows Security course, what to do, how to do, how to turn that off because that is the second target of ransomware. Once it gets onto your machine. [00:07:49] You've got to turn off those file-sharing services. /episode/index/show/cptt/id/20047301

Are You Getting Dragged Into Dealing With Cybersecurity? 08/05/2021

Are You Getting Dragged Into Dealing With Cybersecurity? Are You Getting Dragged Into Dealing With Cybersecurity? Craig Peterson: You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had already been involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. [00:00:39]What I did there was design for Unix systems a way to check for malware and manage them remotely. Yes, indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time. [00:01:05] I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not, a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got many older people who are listening saying, yeah, I remember that. It brings back memories. [00:01:32] In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a great little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. Timex made that. Suppose you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course, was like an 8080, which was Intel's big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress. [00:02:22]The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties. We had some terrible operating systems that many people were running like Windows, just absolutely horrific. [00:02:40] Remember windows three-point 11 and XP and millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code came out in one of the lawsuits for one of these versions of Windows. [00:02:55]It was a different world, and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties, and I hosted email for companies and websites and filtered things with some precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys, and suddenly, customers started calling me because the email wasn't working. It turned out it was working, but it was extremely slow, and I had to figure out why. [00:03:37]I telneted to my server. I got on, started poking around the servers. [00:03:43] I had a computer room and the first floor of the building I owned, and I was on the second floor. So off we go looking around, trying to figure out what is going on. It was me, actually. I said we, but it was really me. Cause I knew the most about this stuff. [00:03:59] These processes just continued to fork, and I was trying to figure out why it is creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten internet rules about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. [00:04:37]You send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today. [00:04:48]I saw some of this stuff going on. I was trying to figure out what it was, but we trusted everybody. So my mail server, which was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that. [00:05:04] Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't, then, what they are today. [00:05:29] In fact, one of our engineers just had to run out to a client who did something we told them not to do. They were using the SonicWall firewall on their network, as well as they had our stuff. So we had an excellent Cisco firepower firewall sitting there. So then they have this SonicWall so that they're people, remotely could connect to the SonicWall firewall because it's good enough. SonicWall says it's compliant. So the SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin. [00:06:08] So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's not been very good. [00:06:23]Boy, am I wandering all over the place? [00:06:24]Back to this, we would allow people to get onto our network to fix things. If something was wrong, if we were misconfigured, they could help us and get on and do it because the Sendmail configuration was not for the faint-hearted. [00:06:42]In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. [00:06:56]I was trying to run a business where we hosted email for companies, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth. [00:07:22]That's what I wanted to do. That was my business. [00:07:26] Later on, I ended up helping 80% of my clients find the other web hosts after these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working. He was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research, and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He hosted all of these 150 at a site that charges the eight to $10 a month for Webhosting. [00:08:29] He had all of these sites on top of a server that already split up hundreds of ways. It's just amazing what people do. [00:08:38]Man alive. We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get greedy, and see what happens to you. But, some of them still maintain a good relationship with us, so we help them out from time to time, right? [00:08:52] What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem. [00:09:01] What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That, to me, makes a ton of sense. Why not do that? [00:09:18]This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added this basic malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the most significant exploits used by the bad guys right now is the security team's poor relationship with other employees within the organization. [00:09:56]What's going on, and it goes back to this customer that we just had to run out to. [00:10:01] Why did they do what we told them not to do? /episode/index/show/cptt/id/20047073

App Tracking Traps a Catholic Priest. How It Can Affect You, Too 07/28/2021

App Tracking Traps a Catholic Priest. How It Can Affect You, Too App Tracking Traps a Catholic Priest. How It Can Affect You, Too Craig Peterson: I've got two hot topics for you this morning. One about this Catholic priest that ended up resigning and how that happened to tie into this Grindr account. And how it affects you because this type of technology used to convict him in the court of public opinion is something that. It could also easily be used against you. [00:00:25] And, by the way, it probably is. Now the next thing is this chip shortage. I've got a quote here from the Intel CEO. When is the chip shortage going to go away? When can we get out? Play stations and our new cars. So here we go. [00:00:43] Matt Gagnon: I'm going to start. With a story that I think I covered maybe a week or two ago, and I went on a pre prolonged grant. I know you may or may not have heard me do it, but it was about this Catholic priest issue. I know you know about this in some depth and detail, as I said before. But there is this issue here. [00:01:00] He was essentially outed as having visited gay bars and had done several other things. We'll just say using Grindr, right? All these types of things. And of course, being a high-ranking Catholic official, the accusations of hypocrisy and whatnot come and blah, blah, blah, et cetera. [00:01:18] What's interesting about the story, though, to me, Craig is, the media covered it as a hypocrite priest has been found out. But how that information was discovered is not only creepy but really scary. So I want you to tell me exactly how this happened and what implications do you think it has for our privacy going forward? [00:01:39] Because this is about a heck of a lot more than one Catholic priest. This is about Greg Peterson and what he's up to when I don't know. What does it do? [00:01:46] Craig Peterson: Yeah, it absolutely is everyone. Every one of you guys that are listening right now could affect you. Here are the basics of what happened. As Matt just explained, he was outed here because he was using an app. [00:02:00] Now it wasn't just because of this one. That was being used. And then, again, how many times do I know Matt? You said this. I've heard from you many times. "You are the product." There's something free. It's not free. So behind the scenes, what happened is some people thought that maybe. Bishop was doing something that you weren't supposed to be doing. [00:02:22] They figured they would look into it a little more, trying to figure out some more details. And so they went to some of these apps and bought information. Now Grindr is one of these hookup apps, and they went to Grindr and bought location data. And it's anonymized, right? That's what we're always telling everybody. [00:02:44] Oh yeah. Yeah. I [00:02:45] Matt Gagnon: [00:02:45] don't have your name, right? They don't. Yeah. They may give you some information to people who asked for that data, but it doesn't have things that would identify you. [00:02:52] Craig Peterson: [00:02:52] Like the NSA. Don't worry. It's just anonymized. They say this stuff all of the time. However, there are many studies you can find online on how to de-anonymize data. [00:03:05] One of the easiest ways, for instance, to find out where Matt lives is, if you know an app or you suspect a few apps you might be using, you just buy the data from those apps about their users. You can now narrow it down because this phone tends to sleep at the same place every day. And that's true for you too. [00:03:24] And in this particular case, this clergyman was using this app in various places. So at least the app went to some of these capital meetings, high-level meetings, et cetera. And so they put all of this data together and added two and two together and then confronted him saying, Hey, listen, we know it's you. [00:03:47] There was no indisputable evidence of it. There was evidence that he went to all of these different meetings, and he was in all of them, and he was the only person that was all of them. And then his, this must be there for his phone, and it must be him. So this is all legal data. Now I want to add one more layer to the top of this. [00:04:06] It's legal. You can buy it. I can buy it. And the federal government is buying it because they're not allowed to track it as supposedly helpful. But, still, there's a lot of evidence that they are. And because the feds, advertisers, and others have been buying all of this data and putting it together, they also track and de-anonymize them. [00:04:28] Matt Gagnon: That's, I think, an excellent explanation. Thank you for doing that, Craig, because it's such a technical thing. I think that's what many of these companies rely on because it's difficult to understand how this even works. So the public getting fired up about it is pretty tricky, right? [00:04:42]You got to understand it, to know what to be, even opposed to, and ultimately the selling of your data anonymized or not is occurring, and it's a problem. And The inevitable question really comes here. Craig, if you don't like this, what do you do about it? Is there any way to fight against this in some fashion? [00:05:01]There's certainly, I suppose, political changes that could be made, and maybe law is different, but maybe there are things in your life you could do right now that. Would Lakey make you less susceptible to this? [00:05:12]Craig Peterson: [00:05:12] This is really big. And the data also is being bought by advertisers, obviously roadside services. [00:05:21] And one of the creepiest things too is you go to a specific type of a clinic and all of a sudden you start seeing ads about a competitor or maybe how, what you shouldn't be doing there. So what do you do about it? Here's another problem. Our phone carriers were caught about two, three years ago selling your real-time location data to these data brokers. [00:05:45] And I've had a few of them on my show before, in years past, but it's just. Don't put apps on your phone that you don't need. The iOS, Apple phones, and Android phones can turn off tracking and turn it off on an individual app basis. Now that doesn't mean that your phone can't. [00:06:10] Because they can. All right. But what it does mean is that a specific app might not have access to your location just because you're playing Tetris. So apple has even gone further now. It has made it so that the apps cannot find out what other apps are on the phone and even go to a website on your computer or phone, even though you might have cookies turned off. [00:06:35] And you've done that. Some of the other things that I've advised people to do. Yeah. The computer can still report which apps are installed and to a website, to any website the same thing with your phone. Apple's taken some fundamental, extra steps to try and block all of that. So far in the Google ecosystem. It's still more open. [00:06:56] Yeah. Delete the apps you don't need. Turn off tracking in your settings for pretty much everything. Obviously, you need it for maps. And if you are using Google maps, talking about selling your data, [00:07:11] Matt Gagnon: [00:07:11] indeed. All right. Kirk Peterson, I have a couple other questions for you here. I'm not sure if we'll get a time for all of them. [00:07:16] However, I did want to talk a bit about the chip shortage here because I continually get frustrated by my inability to buy a PlayStation, which is now a. Five month-long problem for me that trying to buy one of these things. But it's so much more than that. I was talking to somebody else. Maybe last week it was talking about trying to buy a car and you can't even, they don't even have stock. [00:07:36] Like they don't even have the car at all. And manufacturers are now starting to make their cars differently. So that they don't require the chips that there's a shortage of so that they can actually produce the vehicles. Again, I'm hearing things about crank windows in cars, like just crazy stuff here because of this chip shortage. [00:07:51] And it might last into 2023. Is that [00:07:55] Craig Peterson: [00:07:55] right? Yeah. Yeah. And that's what the CEO over at Intel is saying. Now, this is going to last a while. Everybody made mistakes here during the lockdown. We had never had this before, where the government forced businesses to shut down. If you are in business, you are an important business, or you'd be out of it, of business. [00:08:14] That's just the way it goes. And that's true for the whole chip supplier, right? So we have a long way to go as well. He's saying right now, and they are rebuilding manufacturing capability. Now here's part of the problem with the capacity is the. As they're made up, the newer trips keep getting smaller and require different ship fabrication techniques and fabrication plants. [00:08:39] That's a huge deal when you get right down to it. And what it means is look at the apple with their M1 chip, and they have just this high-speed chip of Apple's, making its own fabrication, plants, et cetera. So the chips that they're wanting today cannot be made with older fabrication plants. [00:08:59] Now, some of them have been brought online, and some of those fabrication plants are making older chips. You are right about cars. I drive a 1980 Mercedes-Benz diesel. There, there are no electronics to speak of in this car. And my kids said, Hey, do you know your car's worth like $10,000? It was I. It was just amazing. [00:09:21] You're absolutely right. The car manufacturers are dropping things, and they are lowering the prices supposedly. But, still, they're lowering the prices based on what that costs them. So, for instance, in some of these higher-end cars where you might have a smart charger that you just put your phone on, you don't have to plug anything in, and it charges up. [00:09:42]They'll give you a $40 credit. But how are you going to install that later on? How are you going to install electric ones? That was when they put in 10 old ranks. So this is really a big problem. It's hitting everybody. It's tremendously hurting my business. I'm not getting compensated for it because it's taken us forever. We ordered a box of desks for our clients in November. [00:10:07] They showed up this last month. So we're going to have to live with this. Probably into 20, 23, and maybe even longer. It should start letting up sometime next year. But your PlayStation Matt is still a way off. [00:10:24] Matt Gagnon: Wonderful. Thanks a lot. Craig Peterson, our tech guru, joins us at this time every week. We will talk to you again, sir, next week. /episode/index/show/cptt/id/19956278

Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report 07/26/2021

Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report Intel Tells Us How Long the Shortage Will Last [automated transcript] We're looking at a big chip shortage. You probably heard a little bit about it, but how long is it going to last? And we've got this explosive report out right now about spyware and some of the cyber hacking and what's happening with Android versus iOS. What should you be using, 50% of Americans are using Android, and the rest is split up mostly with Apple. iOS. So what's going on there? This is a research group that says, my goodness. The media outlets just aren't reporting the truth. So here we go with Mr. Chris Ryan. [00:00:40] Chris Ryan: A couple of things we're going to get today with Craig Peterson are the host of tech talk first design, the chip shortage, and how long that may last. [00:00:47] The second is a fascinating report on spies where I think a lot of us feel that our phones, and even to a large extent, our laptops are safe because we maybe haven't experienced any overt issues with cybersecurity whether or not that's true. We'll talk about it in a second. Craig Peterson joins us right now. Craig, how are you? [00:01:08] Craig Peterson: Good morning. I'm doing great this morning. [00:01:11] Chris Ryan: So we get into a couple of not great stories, though. As into the Intel, CEO says the chip shortage could last until 2023, as we continue to hear about supply chain issues and how they lead to the inflation of consumer costs. What do you think of this particular story, and how do you think it will affect those issues that we see with various shortages. [00:01:36] Craig Peterson: Yeah, this is a huge deal because, of course, when we're talking about chip shortages, we're talking about affecting everything. It's harder to get a car. For instance, that's driven up the price of used cars, as well as new cars. I mean your computers. We're trying to order them for some of our clients. [00:01:54] And we have seen some of the delivery times out six months, we just about two or three weeks ago. We just got it. Some discount in that we had ordered in November last year. So think about how long it is. And now we've got the wall street journal reporting after the Intel company posted second-quarter earnings on Thursday and the Intel CEO saying we have a long way to go yet. [00:02:22] And what they're trying to do. Rebuild infrastructure and build new infrastructure capacity. We have to remember that this is partially due to the lockdown, but the other side of this is competition. These chips keep getting faster at an order. Yeah. Faster. They have to get smaller internally. That's that nanometers thing that you keep hearing about with chip sizes and densities. [00:02:49] So these older fabrication plans that they couldn't bring back online and that they are, in some cases, bringing back online cannot make the newest chip. So it's a constant gain. So one of the biggest problems we have is. Building brand new chip fabrication plans over the whole lockdown thing. And most of them are in Taiwan. [00:03:11] So this could go until 2023, frankly. [00:03:15] Chris Ryan: And it also shows how tied our productivity and our consumption-based economy are into what's taking place in other countries as well. We've talked a lot about COVID in this country, but there are. Countries that are out there where we see some meager rates of vaccination, China. [00:03:35] We obviously don't know much about them, but Japan, Taiwan vaccination rates are meager there. So we talk obviously a lot about the US side of things, but many of these supply chain issues are driven by the economic and health environments in a foreign country. [00:03:56] Craig Peterson: Sure, we have a worldwide economy. [00:03:59] We've got Australia now completely locked down. There are parts from Australia that we need as well as all of these other countries. For example, India's vaccination rate is less than 3% right now. And we require a lot of support from India as well as part. So as we move forward continually the worldwide. [00:04:20] Source and really the source of everything I can know I can dock is going to be worldwide, and more and more of these countries are going to be playing a bigger part. That's Craig [00:04:28] Chris Ryan: Peterson, he's the host of tech talk on news radio six, 10, and 96, 7 Saturdays and Sundays at 11:30 AM. Interesting reports on Android and iOS. [00:04:39] Security. And, I think that many individuals who have not experienced identity theft have not experienced significant cyber attacks against them, they feel that they're safe, and they're not really. That's safe. So I want to get your thoughts on that and B what leads to even if you are vulnerable, what leads to that way, an extended period of time, which you don't experience anything, and the kind of that complacency set. [00:05:10]Craig Peterson: Many of our devices have been hacked. So if you think it hasn't been you by not know, they're doing everything from not ransoming your phone or random your computer, but using your computer to mine. Coin. And that can be a real problem when it says mark phone and all of a sudden your battery keeps dying after half an hour. [00:05:33] It just keeps getting on. It might be used right now for Bitcoin mining, all the ways through, of course, some of the ransoms that are visible so much. Mean now; there is happening in the background. Your computer could be used for one of these botnets to attack others and do other major things. Now, what we're concerned about on the security or cybersecurity researcher side is being able to get into these devices and get into the systems to examine them. [00:06:07] We've got this Pegasus malware, right? Which apparently has been used against some 50,000 journalists and government people, agencies, and others. And they, all you had to do was open your phone, open a message, no cocaine involved. And your phone has been. IOS, which is Apple's operating system, has been relatively closed. [00:06:30] That's a pro in some ways, and it's a con and others, and we've had all kinds of security researchers over the years here complaining about that while apple made some major changes and has now provided security researchers—access to absolutely everything and also great logging Android. [00:06:51] Unfortunately, the assumption is if it's Android, anti-virus can not protect it because Android is really a hodgepodge that was thrown together. It's thrown on to thousands of different models of phones that are out there. So we are. Better than one with an apple, people assume an apple is going to be more secure. [00:07:13] So they're being held to a higher standard, and they are stepping up frankly, to the plate here, Chris, [00:07:20] Chris Ryan: [00:07:20] you, if you are a business owner, a public official, a person that holds a government position, something that is, would be very intriguing too. Packer or to an organization. And you have questions about your security and whether you are secure, and how do you go about creating an environment where you feel comfortable? [00:07:43]Particularly if you are not all that knowledgeable on the topic of cybersecurity. [00:07:49] Craig Peterson: I read a great article yesterday. And it was talking about how we, as a whole, pretty much everyone thinks that you can't do anything about it. So we're just going to give up and [00:08:03] Chris Ryan: yeah, if I were to get targeted, I get targeted. [00:08:04] But I think that even when you think about somebody like throw Brad Pitt out there, right? Brad Pitt has to be the target of just about every single hacking organization imaginable. You would assume to want to get information, access to capital, ransomware, whatever. If you are the higher, you move up the food chain as a public official or a celebrity that you would be accustomed to being hacked by. [00:08:27] Everyone. What do you do if you are concerned about that? [00:08:31]Craig Peterson: some things can be done, but you cannot use the standard software. We already know that the Norton antivirus and all these other basic antiviruses do not work. They don't protect you against modern threats. In fact, more than 70%. [00:08:48] Of the threats this year on cannot be stopped by the wonderful little antivirus software we've had for years. So you have to move up to the next level. We're working right now with a small bank. Who's trying to really secure everything because of these sorts of problems. But I, If you are in a position where you are bigger targets than usual, you have to take extra steps. [00:09:15] You have to use advanced malware protection. In all of these years, I've been securing computers out for 30 years. We have never, ever, I had a client that had ransomware, and we're talking about multinational clients all the way on, down through your local dentist. So it can. Done, but you can't just rely on the technology that was invented 20 years ago. [00:09:39] Just top ad guys, but it is there, but you're going to have to Lord and get the right people involved. Craig. Thank you so much. Take care. /episode/index/show/cptt/id/19930112

Google's Being Sued by the States -- And it doesn't look good for them 07/21/2021

Google's Being Sued by the States -- And it doesn't look good for them Google's Being Sued by the States -- And it doesn't look good for them Craig Peterson: We talked earlier about Amazon and how much trouble they're in right now, Google apparently is in a similar boat. We had just this week, dozens of state attorneys, general suing Google on antitrust grounds. [00:00:16] You can reach me online. Just me. M E Craig peterson.com or what most people do is they just hit reply to my newsletter. [00:00:25] Hopefully you're on my newsletter, right? That goes out every week. If you're on that newsletter you can just hit reply and ask me questions. Any questions you want? I'm more than glad to answer them. I know most of you guys, you're not business people. I am still glad to answer your questions for you to keep you on the right track. [00:00:42] The whole idea here is it's to keep you going. Safer. And if you're a business person, what the heck, maybe I can help you out as well while the here is a problem. And it's a very big problem. We have these absolutely huge companies that are using their market position in order to really control the entire world. [00:01:09] Now it's a very big problem because you have companies that are sitting on billions of dollars in cash who can and do keep their competition out of the market. Now, one of the ways that keep them out, and I've mentioned this before, Microsoft has done this multiple times as lost lawsuits about it, particularly over in Europe, but they find somebody who might be a competitor and they basically squeeze them out of them. [00:01:39] Even though they're not necessarily even a direct competitor. One of the things Facebook does is they buy companies for 10, a hundred times sometimes more. Then they're actually worth, would you take 50 million for your company? That's worth 50 million? You might not. [00:01:56] Would you take 500 million for the company? How about a billion dollars? That's where it starts becoming very questionable about what they're doing. One of the things that Google is allegedly doing right now is preemptively squashing com competing app stores. When you look at Google and the Google Android ecosystem, who sells the most Android devices out there, right? [00:02:24] The high-end devices, the number one seller of Android phones is of course, Sam. And Samsung started to put a store too. An app store. So you could buy Samsung, Sam sung apps now, apple and Google, both charge about the same rates as a general rule. It's 30% for these bigger companies that they have to pay the app store, okay. I'm okay with that. They both spent the time to build the platform, to monitor it, to try and keep the app store clean and guides. That's definitely worth something. But what if Samsung came along and said, okay, we're only going to charge 10% royalty. In our app store and the apps will run on all of our Samsung Android phones. [00:03:13] So it's still using the Google operating system. It's still Android. It will probably run on other than Samsung phones as well. That's the whole nature of, but that hasn't happened. And why hasn't it happened? These state attorneys general are saying that what has happened is the Samsung galaxy store got squashed by Google. [00:03:41] So it could maintain its monopoly on Android app distribution. So it says that Google engaged in a bunch of different anti-competitive practices. They offered large app developers, profit share, and agree. In exchange for exclusive exclusivity. Okay. I can see that the apple iPhone came out. Do you remember this exclusively on ATN T's network? [00:04:08] Is that a problem? They're saying also the Google created unnecessary hurdles for what's called sideloading. So sideloading is where you might go to another app store in order to install something. Or maybe it's something that you want to put on your site. It's not fully approved by the Google play store. [00:04:29] So that's the basics of what the side loaning is all about. So saying that they made that even harder. Okay. From Google standpoint, do we really want to. Allow anything to run on our phones. And here's the question, here's why, right? What do I do for living cyber security? What is one of the things you have to do for cybersecurity? [00:04:51]You've got to put in special routers, special firewalls and software on servers and computers. Whoever touches a computer last owns the next problem. That's been my mantra forever. So if we installed some software on a computer or we had the customer installed some software on a computer, and there's a problem who they get. [00:05:14] They're going to call me, right? Because I was the last one to touch their computer. And at that point now I have to show, okay, it wasn't me. It was this other piece of software. QuickBooks is a piece of junk, you know what, whatever it is, I'm going to have to justify it. And frankly, I'm probably going to have to fix it. [00:05:33] So Google is saying. We don't want all of these app stores that might have apps that are not secure apps, that crash apps that might cause problems with the Android ecosystem. I think that's perfectly legitimate. Apparently these state attorneys general don't think it is. And here's the last one. This is a. [00:05:56] Attempting to buy off Samsung to limit competition from the Samsung galaxy app store. Now, Google is saying that this lawsuit is merit lesson. I can see a whole bunch of legitimate argument on their part. They also said, quote, and this is an article from ARS Technica. It's a strange, it's strange that a group of state attorneys general. [00:06:21] Chose to file a lawsuit, attacking a system that provides more openness and choice than the others. In other words, are taking a jab at apple because apple is very closed for the reasons I just decided to hear that Google I'm sure is going to argue as to why they are closed. Okay. Apparently the state attorneys general are saying, quote, Google promised repeatedly that Android would be the basis for an open ecosystem in which industry participants could freely compete. [00:06:56] Google has not kept its word. Instead. Google has taken steps to close the ecosystem from competition and insert itself as the middleman between app developers. Consumers. Okay. Can, so can you see that they're also complaining this 30% commission. It's a monopoly rent that unfairly burdens consumers and developers, and K-12, you could argue that I don't fall for that one personally. [00:07:24] Now the buy-off is where I think that there's a lot. Yep. Teeth in this particular lawsuit. Cause they're saying that we've got the commission rate argument, right? We've got those. It's not as open as you said, it would be. But these attorneys general have spent a lot of time dissecting Google's alleged efforts to keep competing app stores at bay by, and they said Google was willing to offer Samsung myriad benefits and concessions in order to prevent Samsung's galaxy store from being built out. [00:08:00]Again, Is that a huge problem. If you've got a big customer or a potential partner coming to you and saying, okay, I want a few concessions here. I'm not going to pay 30%, or I want to have some of you, my developers in house with your people so that they can short circuit some of the problems that always develop those are. [00:08:25] In the business in business period. And when it comes to software development, right? People, businesses have we'll use apple again as an example jam, which is a really great set of software to help manage your devices. Jan PF, you might want to check it out. So jam had their engineers camp out at Apple's headquarters, apparently four months while they were working on. [00:08:52] Some of the, their software for the next release of Apple's iOS and Mac iOS. Is that unfair? Yeah, in a way it is right because here I am little Mr. Small developer and I'm not gaining access to Apple's top engineers and able to send mine out there to live with apple engineers and ask questions and help them debug my software. [00:09:18] But it happens every day. Makes sense. So it says though the galaxy store was not nearly as popular as the play store. Google feared that Samsung would develop into a strong competitor, especially since the company sells a majority of high-end Android phones in the us ARS Technica says Google was particularly concerned that Samsung would get an exclusive game. [00:09:43] For the store to attract more users, which Samsung did do in 2018, when it partnered with epic to launch fortnight exclusively on the galaxy store. And that one, move that one game. That one app. Costs Google millions of dollars in revenue. So we'll see what happens here. They make other claims in there. Apparently it even offered a Google offered to white label, the play stores, the galaxy store, so that Samsung could maintain its branding, all kinds of negotiations, the types of things I've seen before, the types of things that are. [00:10:23] Particularly uncommon, but a European commission is also going after them with an antitrust investigation. They've done that a few years ago with this is a problem. These companies are huge and we don't let them fail. Look at what happened. GM and Chrysler, both got bail and the federal government Chrysler got bailouts twice. [00:10:45] The free market. You never would have had that happen. The best part of Chrysler would still exist and those weak parts would have been gone. That's what bankruptcy law is all about GM. The same thing, the best parts of GM would have remained. We would have probably had better cars today. Then we have, if DM GM had been allowed to go bankrupt and yeah, it's going to hurt people, but guess what? [00:11:11] It's hurting people right now from the other side. And when I see this happening as well at Google and Amazon, of course they haven't gone bankrupt, but they both along with Facebook and a few others, they're both huge. Huge and they control so much of the market. So what's the best way forward. What do you think I'd love to hear from you? [00:11:32] Just drop me an email. [email protected] What is the solution to this? Hey, make sure you get my newsletter. We got all of this information, of course, a whole lot more comes out every week. May be semi-weekly here fairly soon. See how it goes, but go to Craig, Peter sohn.com/subscribe. You'll get my free newsletter and you'll keep up to date on what you need to do to keep yourself safe. [00:12:02] Craig peterson.com. /episode/index/show/cptt/id/19883420

Recommendations to Turn Off Your Printers - eCar Fire Warning 07/21/2021

Recommendations to Turn Off Your Printers - eCar Fire Warning Recommendations to Turn Off Your Printers - eCar Fire Warning Craig Peterson: Hey, we got another emergency patch out from our friends at Microsoft. And in this case, it has to do with printers and remote printer access. Do you have employees working from home? Microsoft has their big monthly patches that they release. They also have weekly patches that they released that are for slightly more critical vulnerabilities. And then they have. Patches that are released because there is a severe problem going on right now while that's what we are staring down. There is a vulnerability called print nightmare, and this is located in the windows print. Spooler serve. Now the windows print spooler services, what it sounds like. This is the service that handles all of your print jobs. So if you are using this service, Turns out there's a serious bug and Microsoft tried to patch it once and failed. [00:01:10] And they've got another patch out right now seems to be working, but organizations are really urged to deploy these patches as soon as possible or deceased. Inbound remote printing until they can be applied. So that's why I said, if you have people who are working from home, because many of us turned on remote desktop and you better make sure that's properly patched up so that people could. [00:01:37] Then and get a desktop. Although Microsoft has an interesting solution that is going to be announced in early August about having your own windows machine there in their cloud. So it looks like you'll be able to have windows machine for about 35 bucks a month. Microsoft will have to keep it up to date. [00:01:56] I think that's a very cool thing, but they're coming out with that here very shortly. Within the next month or so, we'll see what happens, but this is a problem because if it's exposed to the internet, We're expecting to actually already be seeing active exploit. Now here's the problem Microsoft's trying to solve. [00:02:19] We have three different types of patches. You have the monthly patches that they release. You have your, which of the patch Tuesday. You also have patches that are released every week, which are more critical. And then these types of patches, these are patches for what are called. Zero day attacks. There is nothing normal out there, a regular stuff that would catch this and stop it. [00:02:46] Now, the advanced malware protection that we use from Cisco, it will catch this sort of thing, but it'll only catch it after it's been seen a few times and then identified, obviously by now it's been identified. So it's pretty darn cool. So Microsoft's monthly updates. Last month included a patch for another vulnerability in the windows print spooler service. [00:03:11] And it was initially called a local privilege ex escalation issue. That means that you had to be on that computer in order to gain access to these advanced privileges and features. Turns out that it wasn't entirely just local. And now there is a new one where it can be exploited to get remote code execution and not just privileged privilege, escalation. [00:03:39] That means that they can now run programs on your computer. And with privilege escalation, they can run those programs as whomever they might want to do. So this is pretty big Blackhat USA conference coming right up and they are going to be hosting one of their talks called diving into spooler and what they did to discover these local and remote. [00:04:09] Vulnerabilities in the windows print spooler Hey, it's definitely a problem. There is a proof of concept exploit out there, and that means that the bad guys are not too long from coming up with their own. So there you go. Again, patch it up close and remote access, at least for the time being. To your print spooler because it could be a very big deal. [00:04:34] Another thing you could do is disable the prince Pooler service. You can just use stop service dash name spooler dash force, and that will. Pop it right on down. Okay. And then by the way, in case your machine reboots, you probably wouldn't do a set service dash named spooler dash start-up type disabled in order to make sure it doesn't restart, but there'll a lot to worry about right now, a whole lot, frankly, to worry about right now because of the Russians are coming. [00:05:06] Here's another one. This is Chevy bolt. Now, I have had some major complaints about Tesla and the way Tesla has these door handles that recess in entirely and how it has happened that during an accident, those door handles don't pop out and people cannot be extracted from cars. And the biggest problem you have in an accident with a car full of batteries is. [00:05:34] Of course the high voltage and current that's stored in the batteries that now when they, it out, it starts a toxic fire. Very nasty. Just this week, the national highway traffic safety administration issued an alert for all 2017 to 2019 Chevy. Owners now I know a lot of these bolt owners are actually government agencies. [00:05:59] They're not individuals, but I thought I'd bring it up. Anyways. There was a fire in a Vermont state representatives. Car's name's Timothy Brown. And his Chevy bolt decided it was going to catch on fire. Now, there was a recall by GM of these Chevy volts that had this problem, and apparently it doesn't entirely. [00:06:26] Fix it, they are still plaguing GM. And man, in this particular case this rep of course in Vermont being a I don't know, leftist, I have to assume, but a fan of electric cars, his car. Sad they're burning, which is pretty bad, ironic, but this happened when was this? Oh, it looks like this happened just a couple of weeks ago. [00:06:52] He's the state chairman in Vermont of the house committee on energy and technology. I've been supporting electric vehicles go sponsor bills relating to electric. And plug-in. So now his 2019 Chevy bolt course caught in fire, caught on fire, and there are others out there. 68,000 cars. All right. So two phases to the recall first phase is a temporary solution. [00:07:20] The second one is a more permanent one. Apparently this has to do with the batteries spontaneous. Catching fire. So this isn't something that's related to a car accident. It's a spontaneous combustion problem. That's not too good. It's a defect in the LG chem battery packs that are in these cars. So here you go. [00:07:43] If you drive to work every day and you charge your Chevy bolt every night, the United States, federal government is telling you to stop doing that. Yes. If you have a Chevy bolt, they're advising you to not charge it at night. I'm not sure when you're going to charge it. Cause the idea is you charge it at night. [00:08:03] You drive in the day, right? So they're saying there's, you can't do that. If you have to charge it at night, make sure you park the car away from any structures and definitely do not park your Chevy volt. That might be part of this. Recall inside a garage. How's that for bad, the original recall, by the way, came out in November, 2020 for potential fire hazard in the, again, the high voltage battery pack, those cells could possibly heat up and ignite internally. [00:08:35] Yeah. And if that fire spreads of the rest of the car and spreads to the building it's parked in or nearby building. Yeah. So keep an eye out. If you have a Chevy bolt, this is the type of problem in a phase as we start more and more to move into the electric vehicle realm. Yeah. Eventually it'll all get worked out, but it isn't perfect today. [00:08:57] Hey, visit me online Craig peterson.com and keep up with the latest in what you have to do with technology. /episode/index/show/cptt/id/19883357

COVID's Biggest Victim? The Traditional Workplace 07/21/2021

COVID's Biggest Victim? The Traditional Workplace COVID's Biggest Victim? The Traditional Workplace Craig Peterson: Work from home is a huge deal, especially for a couple of segments of our society. And I want to talk a little bit about that now, as employees are returning to work, should they be returning to the office? There is a great article here this last week in Forbes magazine by Dana Brownley. And it was one of their editors' picks, and Forbes picked it, I think, for excellent reason. And that is so many of us have been working from home. And for many of us, it's been a godsend. I've worked from home now for over 20 years. And for me, it's been a godsend because my priority was helping to raise our eight children. And it's hard to do that, and it's hard to homeschool them if you are not at home. So that's what I had done. And I was very privileged to be able to do that. [00:00:54] And our kids have all turned out amazing. Many people are caregivers, and it isn't necessarily just kids. But right now, I'm looking at a survey that was conducted. It's called the Prudential May 2021 pulse of the American worker survey. And they're showing the 2000 respondents that 38% identified themselves as caregivers, with nearly 40% of those providing care. [00:01:25] For school-age children, when you are starting to look at benefits packages, many families need to be able to have some form of childcare. And what has snuck in because of the lockdown is that many of us can work from home. So many of us have been more productive at home. And then, on top of it, all we can take. [00:01:52] Of our family. So let's look at the stats. We told you about school-age children. That's about 40%, 32% are taking care of young children. And this is 40% of all workers. Okay. People 30% are caring for someone with a disability, some health issue. And 23% are taking care of older adults. [00:02:20] That's 40% of the workforce. That is a lot of people. A lot of people, 38% is the exact number. So there, many of these caregivers are returning. Really a traditional work environment where they're going to the office, but they have unique needs. And I think every last one of us has to consider that and look at it and figure out how we can make things work. [00:02:51] And when we look at the numbers again for the caregivers, 45% say that they've considered leaving the workforce entirely. Due to personal demands. And 53% are saying that they would retrain for a career in a different field or industry. If they had the opportunity, we have some of our best people out there that are taking care of the kids of our loved ones. [00:03:21] Our parents. And again, look at mine, a situation here where I was at home helping to take care of our kids along with my wife. Neither one of us could have carried on a regular job and homeschooled eight kids. Neither one of us could have done that. What kind of talent might we be losing? Squeezing these people out of our workforce, particularly when we've now proven that most businesses can allow their workers to work from home. [00:03:57] Now, they found in the survey that there were three primary types of support caregivers, and these types are looking for different types of flexibility. Number one, they're saying that 42% wanted increased workplace flexibility. No, that makes a whole lot of sense. So they can work from home. [00:04:20]Maybe some of your best employees or people who want to work in another part of the country. I have a friend; his brother-in-law is a real good programmer in this one particular type of programming. I think it's sales and he is living there now in a completely different country on the other side of the world. [00:04:42] And yet. He's still doing programming for these people here in the United States, talking about workplace flexibility. He is sitting over there not far from China and is enjoying himself. He loves it there. And of course, his costs are much lower, et cetera, et cetera. So consider that, not just that there might be working from home, but maybe they want to take the kids over to Europe, live there for six weeks. [00:05:10] There's a lot of things people want. So that's 42% of our people that are working. Okay. Increased workplace place. Flexibility. The number two increased paid time off by 38%. Again, something we got to consider seriously. Now I know how hard it is to be able to fill in for someone that's on vacation or. Maybe they're caring for a loved one. [00:05:38] Maybe they just had a baby, et cetera, but it's essential when you get right down to it. Because again, who's better for raising our children, us, or a stranger who's going to more or less warehouse them. You have to keep a look at that. There's a great article from the Harvard business school. [00:05:59] It's titled. COVID killed the traditional workplace. What should companies do now? That's an excellent question because now the lockdown is mostly behind us. Executives can't expect the offices to run the same way they did to come in and do the same things they always did. But in reality, Harvard business school faculty members are saying there are ways to keep our employees happy and productive. [00:06:32] And that is exactly what we're talking about. But, no, for many caretaker takers caregivers, I should say paid time off is more valuable than a pay increase. And that's particularly true for those who are at the higher end of the pay scale. It gives them a lot more flexibility. They can get away sometimes from all of their responsibilities and obligations, which is just so important. [00:06:57] There's here's another one. This is a job list survey from CNBC. The article entitled here's how much money workers would give up for better. Life balance. And they go in, in that particular article and say that the average worker who says they currently have work-life balance, it would take an extra $10,000 in pay per year for them to give up their personal time. [00:07:20] I'm not sure that's right. I think it would be a lot more than that. And it also says just 30% of workers said they'd give up part of their pay for a better work-life balance. And the threshold varies by the type of worker. So that's where we, I think, really get into it now. So those are the first two, the third one is 37%. [00:07:41] So these are all within 4% of each other—a greater commitment to health and wellbeing. Now I've seen studies before saying businesses that put in a gym and put in workout rooms, et cetera. They never actually see them use—the way they expect for them to be used. And I don't think that's what people are talking about here, but we really are thinking a lot more about health and wellbeing since so many of us have been scared because of the COVID outbreak, but maybe I should be paying more attention to our health. [00:08:17]But we also have the mental health look at all of the problems we've seen from so many mental health issues because of the. Down. So Harvard again came out and said for employers that we need to signal the health of facilities. It's crucial to attracting people back. So again, The right kinds of air filters, right? [00:08:39] Kinds of lighting, make sure people feel safe while they're in the office and maybe cut back the number of days they have to be there. Hey, stick around. We'll be right back. We got a lot more to cover. You're listening to Craig Peterson, of course, and visit me online. Craig peterson.com. /episode/index/show/cptt/id/19883291

The FBI Weaponized Google Pixel Phones! 07/20/2021

The FBI Weaponized Google Pixel Phones! The FBI Weaponized Google Pixel 4a Phones! If you look into buying a used Google Pixel 2a, I've got some news for you. The FBI has been very busy, and they've conned the con man. I love this story. The FBI has been trying to track bad guys for a very long time, and there've been several ways they've done it. We know obviously about phone taps. We've seen those before the old days. I don't know if you've ever been to one of the original. Telephone switching stations were all not even original, but the types they had in the late sixties and early seventies. I remember going to see one, and all of these switches were going. [00:00:43] People were dialing the phones and everything. It was just so cool. And back then, to trace a phone call, what they had to do is find the original. Sore. So they would go to that row, that column, that exact little unit that was hooked up directly to your phone. And then they would see, okay, this is in position this, and then go to that next switch. [00:01:08] Okay. Position that next switch, position that, and go all the way through. That's the really older days, not the old days where you had somebody that was at a switchboard doing it. Nowadays, of course, it's all done by computers. The telephone company turns your voice into a digital signal, and it's usually done right in your local neighborhood. [00:01:29] It isn't even done at the central office anymore. So by the time your voice is outside the central office, it's digital. It's hauled on nowadays, even partially an internet protocol. Network. They used to use different protocols back in the day. And so, it makes it quite easy for them to tap your line. Now, of course, there's the legal side of this. [00:01:53] Do they have the legal right to do it to the need a court order or what kind of a court order? Do they need it, right? All of that stuff. But that is the side. It's effortless to find out where calls went, where they came from, and to listen in because it's just digital—Data's completely copyable with absolutely no particular problems at all in copying it. [00:02:17]Last month. The FBI and the Australian federal police acknowledged that they had indeed been working on this encrypted device. And the company was called a nom, which is a fake company and a nom sole. 12,000 smartphones to criminal syndicates around the world. That's the wording that the police used. [00:02:45] So these were being sold as secure devices. They did things like they removed the cell leader, modem functionality they'd changed the boot ROMs. They removed the GPS. So the idea was, Hey, you missed your badge. You can use one of our Anom phones, and it's using a special version of the Android operating system, and you can send messages back and forth. [00:03:10] It's a completely secure messenger service with end-to-end encryption, right? Like we're always being promised. And so what happened is bad guys started referring. Bad guys to this, right? Cause if they wanted to talk to the other guy, they both needed these Anom phones. Otherwise, they wouldn't be able to talk to each other. [00:03:31]And so they were recommending the use of these phones to their friends that were in the illegal businesses as well. So this I'm just chocolate is so great. So the FBI weaponized. Android phones, at least this particular model of it. And there's a whole community in the Android world. It doesn't exist in the iPhone world because this is much harder to do in the iPhone world, but they call themselves the model. [00:04:03] Community. And so they'll get a phone from some vendor. They'll make some changes to it that led to maybe change networks or do other fancy things. So they, after the FBI, used some of this technology. The modding community and did some just amazing things with this custom rom. Now you're going to love this part. [00:04:24] Okay. So when you boot this phone up, this is according to ARS Technica. The phone will have, of course, a little boot screen and. The highest custom from here is the boot loader and other things, but it showed an arcane, oh, S boot screen that's the name, arcane O S and every place, the normal Android distribution that comes from Google with the. [00:04:52] B I's arcane. Oh, west green. It's just phenomenal that these guys would do this and would fall for it. So the FBI told the criminals, Hey alleged criminals, Hey, these are secure devices, the really focused on security, and there is a pin scrambling fee. What would happen if on your phone? [00:05:14]You might enter pin some phones, you might use a fingerprint, or he might use a face ID. This was a security feature. And what happened is normally you've got what, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0. And you type in your pin, and off you go, what this did, is it scrambled it? So it might be nine too. [00:05:34]Just the scramble of the digits up so that when you enter your pin, you're not always touching the screen in the same place so that people could not guess your code from the fingerprints you're leaving behind. Now, this is also interesting. It, this is a great way to do it. If you're doing it for real, having to run an anonymous phone, they had two different interfaces on the phone, and a different one would pop up depending on. Pin you typed into the lock screen. So the first pin would show a bunch of non-functional apps that are pretty popular in the app store, like Tinder, Instagram, Facebook, Netflix, candy crush games. [00:06:18] So if somebody is checking out your phone, forcing you to unlock it, they're not going to find budge. And by the way, none of those things work. But. If I had designed it, I would have made them so that they would work. So you can fool some of us by trying to rob us and steal your phone. [00:06:32] The second pin you could enter tells you chose your pins, but it was supposed to be the secure section. She didn't have the phone. So it had a clock, a calculator, and the settings. But the calculator app actually opened a login screen to a nom as an anonymous. And that, again, the bad guys are told all that's a secure, encrypted way to chat. [00:06:57]This is just amazing. So they will do use that. So they go into the calculator app and now allowed them to chat with their friends. But what they did not realize. Is, it was actually sending all of the messages also un-encrypted to the FBI. Okay, absolutely amazing. Amazing. So now, some of these bad guys are selling their phones online. [00:07:28] I remember I warned you at the very beginning. If you're going to buy a pixel for a, you want to listen to this first because the bad guys are selling. Their phones are online. And so, several people have been trying to figure it out—some posts on Reddit and elsewhere. You guys know how to deal with this arcane. [00:07:48] S, how can I reset this? What should I do? Okay. A lot of confused people. How do I fix this thing? You're not going to be able to fix it. Okay. By the way, this thing I think is really cool because the guy who he bought it legit guy bought it use. You said the installed operating system is arcane O S 10. [00:08:06] The system updater says that Archana, YC 11 is available for download, but I don't want to do it in case it makes something even harder to fix. So maybe the FBI is bad. At sending out updates and fixes, most of the Google Android vendors are out there, and I'm just laughing all the way through here. [00:08:27]So, there are some things that a tech-savvy user should know. So I want you guys to pay attention to this, particularly if you're using an Android device. So the first thing is when you start up a newer Android phone when it's made in the last few years, The first thing that happened is that Google runs something called verified boot, which makes sure the operating system has not been modified. [00:08:58] So, the operating system from the device manufacturer will be signed using a cryptographically secured. What was happening here is these devices were failing verified boot, of course, because the FBI had modified the boot ROMs. And if your device fails, verified boot, your Android device either could be an unlocked boot loader or a relaunch boot loader with tampered software. [00:09:27] It's going to show a message. And, in this case, the FDA FBI devices have a message that says your device is loading a different operating system, complete with their yellow exclamation point icon and a link for Google support pages. Phenomenal. And by the way, the article I'm sending this out in my newsletter, but it says. [00:09:54] How resistance changes. Google has an order. So it sent them to the legitimate Google support. So there you go. There's a perfect little piece of advice right now. The FBI changed many Android operating systems and tripped out many Android settings that might've revealed something about the fact that it really was a spy device system settings for app storage, and accounts have been removed. [00:10:23] So pay attention, right? If your machine boots up, the plane's about the bootloader, you've got a problem, and it isn't just Android. Obviously, Apple will do that. The newer versions of windows are starting to do that as well with TPMS, and windows 11 is really going to bring a lot of that to the forum. [00:10:44] Hey, you're listening to Craig Peterson, and you can find me online. Craig peterson.com. Check it out and stick around. /episode/index/show/cptt/id/19868156

How Could Facebook Do a Better Job at Controlling Disinformation? 07/19/2021

How Could Facebook Do a Better Job at Controlling Disinformation? How Could Facebook Do a Better Job at Controlling Disinformation? Hello, everybody. Great discussion this morning about Facebook and what is going on with their monitoring and controlling some of the topics. Should they have something in place that really stops false information? How could they do that? And what's their real motivation behind all of this. With Mr. Christopher Ryan, we also got into how the general services administration has completely messed up. Again, it's authorization, this FedRAMP authorization. Why are our federal agencies using some tools like zoom that have been proven to be very insecure, and they're using them with the blessing of GSA, who says they're secure. [00:00:50] So here we go. [00:00:52] Chris Ryan: Craig Peterson is the host of tech talk on news radio 610, 96.7. You can check him out Saturdays and Sundays at 1130. Craig, how are you?. Hey, good morning. Doing great. Appreciate being with us. So one of the topics we did we've delved into today is social media giants and censorship of quote-unquote misinformation is. The white house weighed in on this last week and criticized Facebook as a purveyor of misinformation based upon allowing individuals platforms to push forward their opinions. [00:01:27] From a media standpoint, we have gatekeepers available and able to squelch misinformation and provide a great environment that can provide the most accurate information possible. Is there any way, shape, or form that a Facebook or a Twitter can? Have any sort of an algorithm or staffing or personnel; this is not even whether you should do it or shouldn't do it. [00:01:55] Is any way feasible or possible for them to strike down misinformation? [00:02:03] Craig Peterson: [00:02:03] Yeah. This is a tough one. It's easy enough. You've got, of course, Justin sitting there with the big button, and the Eaton cut us off at any point. But when it comes to Facebook or Twitter or any of these other big places you have, what is it now? [00:02:20] Billion active users per month, just on Facebook. So what you were asking about is there some algorithm. Obviously, people can't do this, and the answer is I have, yeah, a fascinating article. I'll be talking about it next Saturday. How about IBM's Watson? You probably remember Watson pretty well. [00:02:39] It was going to rule the world. It won jeopardy. It was absolutely amazing. And it really hasn't done much since then. One of the most advanced AIS we've had, and Microsoft and Google both have them; China's working on artificial intelligence to try and figure it out. But the biggest problem that we have is. [00:02:59] What is the sentiment there. How can you tell an article is criticizing something legitimately, or if they are endorsing something that might be a bad idea, then who gets to choose? What's a good idea. What's a bad idea. This isn't easy to do [00:03:16] Chris Ryan: [00:03:16] Chris. And there are no rules either. I said before; I don't think it was appropriate for social media to ban Trump. [00:03:24] I don't; I think that many individuals push forward misinformation and tr and lack truth and their intent is not good. And they're still allowed to do whatever they wish. So I think that you have to create a. A platform and an infrastructure to determine what the role should be. [00:03:45]And what, how many times do you get to push things forward that aren't true or et cetera? There are no rules. [00:03:51] Craig Peterson: [00:03:51] Yeah. I look at this and a profit motive on the part of Facebook, certainly in these others. And that is, they want your watch. The Facebook channel. They want you on that feed all day long. [00:04:05] So the more that you aren't interested in a topic or position, maybe a position is totally false. Maybe you are flat earth, or the more information they're going to feed you—the how the earth is flat and less about anything else. So what we've ended up with now with these social media sites is something that really polarizes us even more than we were polarized before because we see more and more information that confirms our suspicions and where we're at. [00:04:36] So I see that as an even bigger problem because we're frankly, Getting isolated. We don't have the editorial in the newspaper that might be left, might be right. It might be the center. As time goes on by these submitted authors, it's showing you what you want to see. And that's a big, [00:04:56] Chris Ryan: [00:04:56] right. And the Facebook feed has also changed over the years where initially it was just your friends, basically, and their information more and more, the feed has gotten filled. [00:05:07]Topics that they have determined that you're interested in and sources that may or may not be accurate that present that information. And this has happened to me, and I'm sure it happens to everybody else. Know, You may click on the art, one of those articles, and be interested in it. [00:05:22] And then the next thing 50% of your feed is similar articles or ads that are associated with things that you have looked up. So the Facebook feed has changed dramatically. Over the years to the point where it was initially, there weren't many ads, and you wonder how they made their money to the point of which now, where there are a lot of ads. [00:05:43] And they're also continually feeding you information on topics that you're interested in. [00:05:49] Craig Peterson: [00:05:49] Yeah. And topics that, again, might be correct, might be false. And what Facebook [00:05:54] Chris Ryan: [00:05:54] is doing you, in fact, giving you information that may not be accurate. So not just your friends, Facebook itself is providing you with information that may be false. [00:06:04] Craig Peterson: [00:06:04] Remember the days in Facebook, or again earlier on where if you followed someone, if you liked someone, you would see their posts, they would show up in your stream. Now Facebook realizes, oh my goodness, you've got hundreds of friends out there. They're all posting stuff. And Facebook decides what you want to see. [00:06:26] Many of the celebrities dropped off of Facebook because people that wanted to see their posts were no longer seeing them because. Facebook was moderating it. So we've come full circle under discussion. Facebook is doing moderation, and the moderation they're doing is, again, isolating us and dividing us even more. [00:06:46] That's a huge problem. What's the solution. I w was this day and age. I'm not exactly sure because they, the algorithms. They could be doing more moderation. Should they be doing it? And, of course, that's the whole discussion around section 320. [00:07:02] Chris Ryan: Exactly. So let's talk a little bit about zoom; an article has come out about zoom and its cybersecurity issues, and the GSA is blocked. [00:07:12] Senator Ron Wyden reviewed documents used to approve zoom for government use in government meetings. And that this is not just the federal level. It happens all the time at the local level as well. And there were initial concerns about cybersecurity and zoom, but a lot of those concerns and the topic of conversation about them seem to go away during the course of the pandemic; how safe is zoom, and obviously, you haven't. [00:07:39] Individuals, whether it's from a non-profit private sector or government perspective, who are discussing compassionate things on zoom. And they assume that no one is listening, but are they? [00:07:52] Craig Peterson: Yeah, that's a terrible assumption, particularly when it comes to zoom. The big concern here in this particular article that appeared in the tech crunch has to do with the investigation that's done by the fed. [00:08:06] So we know there's obviously information that needs to be kept secret other classified information, and then there's information that might be damaging. And what's happened here is the general services administration gave zoom their authorizations. FedRAMP authorization saying, yeah, go ahead and use it. [00:08:25] It's going to be fine. Everything's great. Turned out. Zoom was not encrypting these sessions from end to end. In fact, routing some of our conversations live through Chinese. They're using Chinese programmers to write this stuff. They installed back doors on Macs, just all kinds of incredible, terrible stuff that zoom hadn't been doing. [00:08:50] And some of it is alleged continuing to do. And yet, somehow, it received this authorization from the GSA. How that. Did that happen? Now, there are some secure ways to speak online. Really WebEx is the only one that is fully authorized, and then you have to have the right version of it. Microsoft teams have some stuff that is also authorized and. [00:09:19] Truly end to end. Zoom is not to be trusted, but what really concerns me is it looked like the federal government delving into any of these tools to verify whether or not they appear to be safe was terribly flawed. And that's exactly what the Senator has been trying to do and why and how, and they're just not providing the information. [00:09:43] Chris Ryan: [00:09:43] I have a basic theory. Applies, I think to tech and social media; if something is free, ask why and figure out why is this free? Why are you able to do it for free? What is in it for the company, and then decide whether or not you want to use it? But I think that people are all in, on giving their information, using. [00:10:06] These things and they don't really understand what the business platform is? How is this being used? And I think that is something that individuals should be cognizant of. Craig has always thanked you so much. Take care. That was Craig Peterson. He is the host of tech talk. /episode/index/show/cptt/id/19854359

Amazon Is In For a Rough Ride 07/16/2021

Amazon Is In For a Rough Ride Amazon Is In For a Rough Ride Did you know that Amazon has a new CEO? I remember back in the nineties; I pledge that I would never use Amazon again because they filed and were awarded a patent on technology everybody was using. Jeff Bezos is out of a job. [00:00:19] This is a guy that grew a company that all they did initially really was book sales, and they had a warehouse the size of the Amazon, right? Because they wanted to represent everybody. They had every book ever published, and to a large degree. They did. They had a whole lot of bucks, and then I've expanded, of course, beyond that. [00:00:47]And beyond that, to the point today where they are doing some well, again, shady things I mentioned in the intro that I was concerned about what Amazon was doing with pat. They got a patent on this one-click purchase. Now I have been a fan of patents for a long time. I do not like the patent law as it exists today. [00:01:14] And in fact, I haven't liked it for quite some time, but this patent law where you don't have to show that there was no prior art and frankly, the prior art does not matter at all. I think that's huge. And I've had a number of patent attorneys on my show, talking about it and talking about what we may want to change. [00:01:37]Jeff Bezos grew it to today, where it really is the number one provider of online services is. You might, in fact, almost certainly are using Amazon's services, whether you realize it or not to go to most, any website, any of the big ones they're probably using Amazon's web services. They're probably using Amazon storage, and Amazon has dozens and dozens of different services. [00:02:09] So it's a very big deal. And Jeff Bezos, who's the guy that started all of that, sat down stepped on. I should say. Now it's rare that the founder of a company ends up taking the company public. Public, basically, that just doesn't really happen because all of a sudden, when you're public, your whole job changes, and no longer can you make a decision, a snap decision about something, and then go ahead and do it. [00:02:37] You've got to be very careful about what you do when you do it, how you do it, you have to announce it and everything, but just an amazing man being able to take it—all of that. And by the way, he have the largest settlement, a divorce settlement in history with his ex-wife. It's amazing, but he is still the world's richest human. [00:02:59] Now he has this company called blue origin, which is his rocket company. He's got the Bezos earth fund, and he's still chairman of Amazon's board. So he's not going anywhere. However, we've got this new guy, Andy Jassy, who has stepped in as the CEO of Amazon. He was the head of Amazon's online services, which is absolutely huge. It's their most profitable arm by far. So he's taking this whole thing over when Amazon, frankly, is in a lot of trouble. Now they're basics of, Hey, there, the money that they're making, their profits and everything, that's all well and good, but there are ongoing antitrust investigations. [00:03:52] There's a battle with labor. And we're talking about, of course, big labor here—the unions. There's increased competition in the cloud space. Just look at what happened with the US military in there. I think it was at least a billion dollar. I can't remember the exact number, a cloud contract because Amazon was battling Microsoft Azure and it was awarded. [00:04:20] And then just a couple of weeks ago it was pulled back again. They're also seeing increased competition in their online services from Google. And I use some of those Google services. In fact, if you go to Craig peterson.com, it's actually right now using some of those Google services. So they are really getting nailed from a whole bunch of different directions. [00:04:45] And this guy Jassy has worked there since 97. But he may be the perfect person to guide Amazon through. W really now we're talking about the middle-aged, that's the time when you're supposed to buy your convertible, buy your motorcycle, et cetera. The middle aged years. And in this case, there's some problems. [00:05:10] Here's a quote I want to read from this Yahoo article is actually I think AP yeah. Yahoo finance. This Yahoo article and it's from Harvard business school, because we've got regulators who are circling, and this may be the main reason Jeff stepped down. I don't know, but quote, you may want somebody who has the confidence of the chair. [00:05:35] And the board you want somebody who understands the strategy and was part of it and knows where the bodies are buried and the mistakes that have been made and how to move forward. This is from Harvard business school, professor of business administration. Rosabeth Moss Kanter, and I think she's right. [00:05:58] Absolutely because this road ahead for him is going to be tough. But the fact that he ran their most profitable division tells you something, it tells you a lot and he might be the exact right guy to be able to do that. Amazon's now got a market capitalization of about $2 trillion, which is huge. [00:06:20] And it's certainly enough to get some of these regulators. Paint a lot of attention to what's going on. We've got the Washington DC attorney general, who has accused them of violating the district of Columbia's antitrust act. And that has to do with, for bidding third-party resellers, from offering cheaper rates for their products on competing sites. [00:06:43] Cause remember what Amazon does. About half or more. In fact, I think now of their products are not actually sold by Amazon. They're certainly not Amazon products. They are products from resellers who are just selling on Amazon. They're using Amazon is their platform. And that way Amazon will manage the inventory. [00:07:06] It'll warehouse a little ship it out. It'll handle the returns. Yeah. What Amazon is doing is charging these sellers for the space in the warehouses, which is perfectly legitimate and taking a percentage of the deals. Are there other websites that might give these sellers or resellers or stuff they're importing from China or wherever. [00:07:31] Might there be other sites that give them better deals? Will you bet there are sites out there. So that's why she's suing them. Federal regulators look like they might be coming in as well. The federal trade commission's newly appointed chairman. She's a fierce critic of the. Amazon way of doing business and she made herself a name by publishing an article for Yale's law journal titled Amazon's antitrust paradox. [00:08:01] So before she was even appointed to the federal trade commission, she was already calling for changes in the current antitrust regulatory framework. And that might be widely invited administration has appointed her, but there's six antitrust bills. Targeting big tech right now that are working their way through the house of representatives. [00:08:24] And we've talked about some of those already, and, I do not like these huge tech companies that are making crazy profits and using those profits to keep other people out. And Amazon's one of the largest employers in the country. And after years of complaints from somewhere house workers, we've got the labor unions now in the mix trying to take action. [00:08:49] Now, I don't have a single problem with labor unions while at some of their tactics, I have problems with, I don't have a problem with the labor union. In the private space. I have a huge problem with I'm in government space. And we could talk about that at some point, but I don't have a problem with them trying to organize inside Amazon. [00:09:12] So the international brotherhood of Teamsters. Yeah. I remember the guys that drive the horses. They announced that they're going to begin working to organize Amazon workers. So that might succeed. There was another one in Alabama that had failed. So are you getting the hint here? This is huge. It's huge. [00:09:32]By the way, Amazon's offering warehouse workers starting pay at $15 per hour plus benefits. So that doesn't seem too bad. If you ask them. But again, with the pandemic, all of the stuff going on there been a lot of calls for Amazon to quote, treat its workers better. So we'll see. We'll see what happens. [00:09:53] Other problems with Amazon that we've talked about before are things like fake reviews. You and I, we look at the reviews, it's critical in us buying things. Isn't it. We look at the reviews and say, oh, wow. Jeepers. There's 500 reviews here and it's four and a half stars. Okay. So I can have confidence that this product is good. [00:10:17] It's going to work. And yet some of these sellers, what they're doing is bribing people to give a good review. So they'll say, Hey, you buy my product. And then they send the product in with, along with the product is a little note saying, Hey, if you give me a review and send me a link, I'll send you an extra battery or whatever it might be. [00:10:39] That has been a real problem for Amazon, even worse than that, because at least those people might give an honest review, right? Worse than that is that some of these reviews are paid for. So some of the sellers it's alleged are going out there. They are hiring. People and paying them to give reviews. Now, those ones are very obvious. [00:11:04] If you look at the reviews, so don't just look at there's 500 and the average is 4.5. Look at some of the reviews in the wording. So I've seen reviews where it was for a massager, and there was talking about what a great. A set of wheels that has on it. And they work really well. And it's very smooth when you're out, riding it on the trails. [00:11:27] Wait a minute wait, we're talking about a massager here. We're not talking about a bicycle, so that's one of the ways to tell if the reviews are fake, they're don't even talk about the product at all, or any of its real features. The other one is look at the wording because most of these fake reviews. [00:11:45] Don't use English, so good. All right. Okay. Thanks for being with me. I want to make sure you stick around and visit me online. In the meantime, go to Craig peterson.com. If you sign up for my free newsletter, you'll be getting that every week with all of the details. I'll try and catch you up and you can listen to my podcast, right from there. [00:12:09] CraigPeterson.com. That's Peterson with an O. /episode/index/show/cptt/id/19837883

Kaseya and the Problem with Managed Service Providers 07/16/2021

Kaseya and the Problem with Managed Service Providers Kaseya and the Problem with Managed Service Providers We have really in front of us, a critical warning. We're trying to figure out what should we do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down. Did you hear about the Kaseya hack? It has had a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge. But let's talk about why this happened, because I think there are many things that you and I have overlooked here over the years, this ransomware God guy, gang called REvil, R E V I L has targeted cause say, or customers through. [00:01:04] Say, but it isn't just kissy customers. It's really cause say, is customers for the most part. Now your head might be spinning a little bit, but here's, what's happening. I'm a business owner. You guys know that right now. Let's say that I don't do cybersecurity for businesses. That's what I do. [00:01:24] But let's say I make widget. I as a widget maker, do not have enough knowledge about computers to, to really do it myself. So let's say I've grown and I've got 20 employees. The odds are very good that my office manager is the one in charge of the computer. The office manager probably orders. [00:01:49] Computers probably tries to figure out what's going wrong. By the time of it at 50 computers or 50 employees, I've probably got a full-time it person who goes around and tries to take care of things. But before I've got that, full-time it person I'm probably going to outsource it. And by the way, a lot of companies, it's more like a hundred to 200 employees before they get someone who's really dedicated to it. [00:02:18] So then that awkward teenage stage between where the office managers trying to do it. And finally the office manager can try and hire an it professional. Is where they go and outsource it. You talk to various types of companies. What are in the industry called break, fix shops. That's usually the first stop which is calling them up saying I've got a broken computer. [00:02:44] Can you fix it? And maybe they can, maybe they can't. And then a lot of break fix shops have tried to level out their income so that they have predictable monthly income so that they can hire the right number of people for the number of customers that they have. Although I've got to say most of them are badly overbooked. [00:03:04]Now that they've hired those people, they this outsource break fix shop. They come in and say, okay here's what we can do for X amount per month per computer or employee, we will take care of those computers for you. One of the things that they'll promise to do is that they will take care of your cybersecurity for you. [00:03:25] Now, cybersecurity is frankly, a specialty. It is not something that everybody can do. Even if you're using some of the best stuff in the world, like what we do, we have Cisco hardware, we have Cisco software that we run advanced malware protection. So that's the best of the top of the line. [00:03:45] Most smaller businesses aren't going to want to pay for it, even though they might be able to afford it. Push those people out right now, because we're talking about, you were talking about a smaller business. So what does that outsourced it provider do for you? They might change their name and call themselves a managed services provider. [00:04:06] And that's all well and good, but they need help as well. So I'm making widgets. I have this break fix shop that came in and fixed my computers a few times. And now they're handling my cyber security. Isn't that wall well, and goods was wonderful. So now they're handling, supposedly my cybersecurity. But they know they can't do it themselves and it would be too expensive to do it because they went cheap. [00:04:33]You bought the least expensive option or, close to the least expensive option. So wait, and by the way, cheap in this case means that it's under $150 per. Person slash workstation per month. That's what it costs to get this stuff done. So you might be paying 25 or maybe even $50. They can't do it for that. [00:04:57] So what do they do? They go to a company like. Now they also have some others. They have what are called arm AMS that keep track of some basic stuff for you, but they go to Garcia and say, okay, Casia we want you to monitor the computers, keep them up to date, et cetera for. Now did I, the widget manufacturer go ahead and hire to take care of stuff. [00:05:23] Did Kasiah even do it themselves or did they outsource it? Do I even know the Kaseya exists because it's really Kaseya that is managing my computers doing. We have, there has a software that doing the upgrade on my computers. This is a real problem because the widget maker, Nope, I didn't hire KSA. I didn't even know they existed. [00:05:49] I trusted my local. Your local guy is not taking care of your cybersecurity. Almost completely guaranteed. There's very few companies like mine out there that we actually do it ourselves because we have looked at Kaseya. We've looked at all of these platforms. Every last one of them has had major problems. [00:06:12] So here comes Casia with over a hundred thousand customers that gets hacked and distributes the hack to all of its customers that are running some of these on-premise devices that are trying to manage the networks for not Cassias clients, but for KSA as clients, client. Okay. Do you see how this is the level of indirection? [00:06:35] You see how this is going to affect? This is a huge problem. And Casia not only have we warned some of these companies, like Kaseya about major design flaws in their software, but cause say his own engineers apparently about three years ago, warned Cacia about major design flaws in the software that they were using. [00:07:01] So they knew about this. They were warned months, if not years in advance about it. So what does it say you do? They're concerned about profit and features, so they just keep adding features as alleged by their former employees instead of fixing the security problems. Cause it would be too hard to fix, take too long cost too much, and it isn't going to increase our revenue. [00:07:26] Are you sitting down? Can you believe this is one of the major operators out there, major operators that is, is behind your manager services provider and your break fix shop that's who's doing it out there. So there are probably far more than that this thousand Kaseya clients that have gathered together to try and negotiate the ranch. [00:07:57] And I got to say, I, I would be extremely disappointed if Kaseya customers didn't gather together and Sue them in a very big way. Curly sins, people claiming to be former Cacia employees are saying they warned the company about major flaws in their software. And that is what hit all of Cassias customers. [00:08:24] Customers. This is incredible here. This is a much different style of relationship that companies have typically, right? Yeah. Okay. Law firms they'll outsource stuff, right? So let's say there's some maritime law. They'll go to a maritime law firm. They'll outsource it. So yeah, there are some models where this is done, but this is done routinely. [00:08:49] In the cybersecurity space. It's not something we do. We stuck our toe toes into that pond and we didn't like it. We didn't want our customers to be hurt by this sort of thing. But anyway, there you have it. Okay. There, you have it all about profit and not about you. And by the way, it's also about how much you're willing to pay. /episode/index/show/cptt/id/19837790

Predictions About Olympic Cyberattacks 07/16/2021

Predictions About Olympic Cyberattacks Predictions About Olympic Cyberattacks We're all excited about the upcoming Olympic games. And so are the hackers. Oh my goodness. I just finished reading a report by the cyber threat Alliance about what they're expecting to happen at these Olympic Games in Tokyo. The Olympics have always been a huge target when it comes to the bad guys. [00:00:23] You might remember there have been abductions at the Olympics before where some of the Olympic competitors were held at gunpoint. Of course, we're not going to forget that one anytime soon. And looking back through the last few Olympics, there have been many different types of attacks, some more successful than others, frankly, but looking at this report, they were talking about the 2008 Beijing Olympic. [00:00:51] The attacks then were relatively limited. There were about a 12 million cyber alerts per day. Now this is part of the problem with cyber security. You get so many alerts. What do you do? How do you. Bond and none of those 12 million cyber alerts per day resulted in a successful attack. Now that was back in 2008, there were some scams like ticket scams are always are, but nothing big. [00:01:23] The next one was the London Olympic. In 2012 and the London Olympic, they had pretty much low level attacks and they didn't result in any real high impact cyber security event. And the most significant event back in 2012 was evidence. Credible cyber threat against electrical infrastructure. That was of course in place for those Olympic games. [00:01:50] There was a distributed denial of service attack on the power systems. Nothing much really happened, no real impact. Then 2016 Rio de Janeiro. They were starting to pay more attention to cyber security for very good reasons. Frankly, there was a large scale denial of service attack that was carried out by this bot net. [00:02:16] Let me explain what that is. A denial of service attack is where you might have a website for instance. Providing service to your customers that might be going there to look at your catalog, maybe buy some things. It might be a government agency. It might be an important part of the Olympics in this case and their critical infrastructure. [00:02:37] So denied service means you either knock it off the air or so people can't get it. Or there's also the distributed denial of service attack. Now D dos are the distributed ones are where you have hundreds or thousands of computers out on the internet, all over the place that are trying to get to maybe the home page, maybe the purchase page. [00:03:04] And because the coming from all over the internet, they're very hard to shut. And that's where we have the botnets coming in, too. Botnets are groups of computers that have been compromised by the hackers. So what they do now is they command, for instance, you're a home computer that you don't even know is under the control of one of these bad guys, your home computer now, issues or requests. [00:03:33] Hey, yeah, give me the home page of Olympics 2020. And off it'll go dutifly and try and get the homepage. That's all well, and good. If the load on the server is what they're expecting. You've been to sites, right? You hear something mentioned on the radio and like Craig peterson.com. Now, because I mentioned my website, Craig Peterson, S O n.com. [00:03:58] And there are people listening. Some of you guys are going to go to my website. Now the normal traffic of having dozens of new people go to my website is not going to bring the site down. However, here's the other side of this? What happens if maybe two or three times as much traffic as I expect is going to come to the site? [00:04:22]I've compensated for that. We should be able to handle that just fine. But what happens if all of a sudden it's a thousand times what we're expecting because there's 20, 30, 40,000 cases. Peter is out there that are trying to get my homepage or in this case, the Olympic. Homepage. Obviously the server's not going to be able to respond and it's either going to crash or and I'm sure they set this up the right way. [00:04:49] It's going to deliver a message saying the servers over loaded right now. Try again a little bit. And by the way, if you get that message on a website saying, Hey, try it in a few minutes, please try it in a few minutes. Don't just hit reload because that's going to put even more load on that poor little overloaded server. [00:05:10] Now what they had here coming in 2016 at the Rio de Janeiro Olympics was a staggering 540 gigabytes. Per second worth of people requesting homepages. That is insane. That is a lot of bandwidth. And the fact that they apparently had that much bandwidth available coming in is also amazing, but also remember people are looking at videos. [00:05:41] Am I. To get the insider scoop, add some stuff happening behind the scenes. Now, many of the attacks in 2016 started before the Olympic games, even. And what they were doing is attacking different parts of the Olympics infrastructure operationally. So it's a problem. It's a very big problem. They survived that whole thing. [00:06:09] And by the way, the Brazilian government ended up trying to protect the world cup back in 2014 as well by spending a whole lot of money and time on this. But remember, Even back in 2008, we were talking about 12 million cyber alerts per day. How can you staff up for that back then? It was back then. [00:06:32] We're seeing some of our clients being hit with hundreds of cyber attacks a minute and multiple per second, sometimes 10 20, 30. Per second. It's just incredible. What happens? In fact, divide those numbers out 12 million divided by how many seconds in a day. It just shows you how amazingly huge it is. [00:06:56] Now we have seen time. Past where a country like North Korea, for instance, doesn't like what Sony pictures is doing. So North Korea then attacks Sony pictures. And in the case of Sony, they downloaded a bunch of confidential information. They released it. They embarrassed some people now, hardly anybody got fired. [00:07:16] It's absolutely amazing. But anyway, What's happening right now is Russia. Think about all of the Russian attacks against our businesses and our critical infrastructure as a country, they have been huge, massive attacks. We have now Russia at a point where they are getting massive amounts of. built up. [00:07:45] Why? Because they submitted doped samples in 2019 to the Olympic committee. Yeah. So this was a, the McLaren report released by the world anti-doping agency. Describe what we're really systematic effort by the Russian government to really undermine the drug testing process. We've also seen the Russians in the past because they've been caught doing this. [00:08:14] And the Chinese as well, putting in some of the competitors, particularly into things like gymnastics that were too young to compete based on the Olympic rules that were in place. So we had all of this happen during, and after the 2014 Sochi winter Olympics. Guess what those restrictions on their athletes are still in place and in place in a very big way, they will not play the Russian national Anthem at the ceremonies at the Olympics. [00:08:48] And they will not allow the Russian flag to be carried. In fact, their athletes have to carry a neutral. Flag. So expect some serious attacks from Russia against the Olympics. And remember the Olympics. There are no spectators. Everybody's going to be watching this thing on a line. So it's going to be interesting. [00:09:14] We'll keep an eye and let you know how things go. Stick around. Visit me online. CraigPeterson.com. /episode/index/show/cptt/id/19837757

Facebook Confirms Its Asking People to Report "Extremists" 07/16/2021

Facebook Confirms Its Asking People to Report "Extremists" Facebook Confirms Its Asking People to Report "Extremists" Reporting on your neighbors is something you would expect from a socialist government, right? A communist government, a fascist government, any form of socialist government. Now Facebook is doing exactly that and it's going to interfere with our lives. Facebook has now confirmed what it's calling a test of its "do-you-know" an extremist prompt and that's got me really rather worried. And it has a lot of other people worried as well. I was talking to a friend of mine who was also in the media biz, who was saying just over the last couple of weeks. He's received this a bunch of times. And I mentioned this to another friend of mine who is not in the media business. And he said that he got it as well. [00:00:48] And he said his was: are YOU an extremist? Which I think is interesting. First of all, extremist is not defined. And of course, with these people who are monitoring accounts on Facebook, announce where their definition of extremist is going to be. The definition of an extremist by the government going to very political parties is going to Berry very, and we're talking about this anti-extremist promt, not just asking you if you are an extremist, like my friend said he got, but it's asking if you know someone else who is an extremist or who may become an extremist. [00:01:28] That is absolutely amazing to me. Amazing. It's bad enough that the government has picked winners. It has this whole section to 10, you've heard about before in the FCC rules that says we know if you're Facebook or Google, no one can Sue you for anything that you do. That is absolutely insane as far as I'm concerned, but there will be lawsuits on this they're already been filed. [00:01:58] Why would Facebook block thought that it didn't think was appropriate? The whole idea behind the first amendment? Isn't just that it applies to the federal government. It is a code of conduct for all of us. It's a code of conduct for these massive multimedia platforms. We should be allowing all kinds of speech and we should not allow people to hide because what they've done now is they've moved to other platforms. [00:02:29] The don't do this kind of monitoring and they are current carrying on their speed. If someone comes out and says something that is racist, that is violent, that is, is threatening to commit a crime. We know about it. If it's out there in the open, we all have the crazy neighbor that everybody in the neighborhood knows about because they are, and they're saying it, Facebook starting to block it. [00:02:55]We're just not going to know. And then what do they do? If you report someone who is saying some things that you think might be extreme, things like you should check voter ID at the voting booth. There are people that think that's extreme and they report you what's likely to happen. We know already that one of the things that many people who have been doing online is reporting people. [00:03:22] They don't like as someone who is posting things that are violent or extreme and getting their stuff blocked and demonetized in some cases, but just plain old blocked. It's a great little tool for people to shut up. Other people, just shut them down, shut them up. They can't say it anymore just because they disagree with the content that's already in place. [00:03:48] Now what's going to happen. If someone is reported as being, not an extremist or on the road to extremism, what liability is there on Facebook's side? What liability is there with, for instance, the FBI or local one force. There are obvious things that should be reported to law enforcement. If someone's saying they're going to harm themselves or harm someone else then we need to have a closer look at that. [00:04:14] If you actually have the belief that they will and can do that. I was as a mandated reporter for 10 years because I was in emergency medical services. If I thought someone was trying to commit harm to themselves or someone else, I was mandated to report, but I have to think that I can't just use the reporting tools as a way to shut up my political opponents. [00:04:43] So someone reports another person as being an extremist of Facebook, Facebook then sends it to who are they going to send it to the FBI? What's the FBI going to do well. The FBI is mandated to report again in their reports and investigate. So what are they going to do for the investigation? It needs to rise to a level of the FBI thinks that this might be an illegal activity so that they can investigate it. [00:05:11] They can hopefully stop something before it happens. Something violent, something nasty. But what does the investigation take ground? I'm taking you all the way down the road here. The investigation is going to include them having a look at what you said, looking at the people who are within your social network. [00:05:32] So who do you. Two. Who do you follow? Who follows you? They may start looking at your phone. Who are you calling? What SMS messages are you receiving? Where are you hanging out? Where's your phone going every day? Who goes to that bar that you like to hang out at? Oh my goodness. You went to a gun range. [00:05:50] Who's at that gun range and so very quick. The investigation is all of a sudden roping everybody and all of your family members, all of your closest friends, anybody that might've liked something that you had said recently, even though it might not have been extremist. And so now by having Facebook looking for extremists and people who might be on the road to extremism and counting on you to report them, they have opened up a can of worms. [00:06:22] Huge can of worms and remember too, with the FBI and with others, including the NSA and the CIA, they have this multi hop rule. I think it's three hops now. So if they suspect you of something and what is suspect you, is it the fact that someone reported you as being an extremist, just because they disagree with you politically, they disagree with your religion. [00:06:48] Is that enough for them to suspect it. So now they can monitor not just your stuff, but anyone that has talked to you or liked you and anyone that has talked to them or It doesn't take long. I think that whole Kevin bacon thing, right? Everybody in Hollywood's within five degrees of Kevin bacon. In fact, I think everybody in the United States is within five degrees of Kevin bacon. [00:07:12] In other words, they can hop through opt to five people and connect to anyone in the country. That is absolutely huge. Absolutely huge. According to the verge. Facebook is doing this in response to the Christ church call for action campaign Christchurch. Remember in New Zealand and there was an atrocity that was committed there. [00:07:41] These hate and dangerous organizations. That's what they're up to. They're trying to stop all of this. And it goes back to March in 2019. I think it was this attacking Christchurch. Obviously a terrible thing. People knew about this person and their radical approaches. The police have been informed, but nothing happened. [00:08:05] So now we want even more monitoring to go on. At least Facebook does. This is really a problem. There's all kinds of bad behavior online. We hide behind our supposedly anonymity. Look at the terrible thing. Some people say online about you name it, right? Different people, kids in high school, either people in other walks of life. [00:08:33] It is terrible. So Facebook has this support page titled what can I do to prevent rattling? Radek radicalization. There we go. I knew I could say it. It's a really good question. Yeah. They've got links on that page to life after hate exit USA program, which Facebook says help people find a way out of hate and violence. [00:08:57] I'm all great with that. I think that's a good thing. It's not a bad thing, but now having them report people that someone. In their non-inferior wisdom decides might be hate speech or might be on a road to extremism because remember anybody that voted for Donald Trump is considered to be someone who's on the road to extremism, or is an extremist. [00:09:22] For voting for him, the worst president ever. How many times have you heard that sort of thing? It has happened all of the time. And so we've got to be very careful about these open reporting things that are online. We have to be careful about reporting. Other people, it brings to mind two things. [00:09:41] One is two TV shows. One is one. That apple produced and you can watch, and it's all about this guy. You were a reporter, a news anchor, and he was supposedly sexually harassing someone and yeah, he was to a degree, but the crime and the punishment was just totally out of whack. And one of my wife's favorite shows the It was the good wife and now it's a good fight. [00:10:12] That's what it is in season five, episode three. It is delving into this in a very big way. What happens when you report someone? Should they be reported? You've got to think twice about that. Even when, again, I was in EMS, what happens if I report someone potential neglect potential child abuse here, they can go through hell. [00:10:37] So be very careful. I don't like this move by. But you probably figured that out already, right? Hey, you stick around. We've got a lot more to talk about today and I also want to encourage you. If you haven't already go to my website, sign up for the newsletter. Craig peterson.com/subscribe and get all of the latest and most important technology news in your mailbox. /episode/index/show/cptt/id/19837715

Facebook - Olympics - Amazon - Managed Services 07/16/2021

Facebook - Olympics - Amazon - Managed Services 2021-07-17 1122 Craig Peterson (2): Reporting on your neighbors is something you would expect from a socialist government, right? A communist government, a fascist government, any form of a socialist government. Now Facebook is doing exactly that, and it's going to interfere with our lives. [00:00:16] Facebook has now confirmed what it's calling a test of its "do-you-know" an extremist prompt, and that's got me really rather worried. [00:00:28] And it has a lot of other people worried as well. I was talking to a friend of mine who was also in the media biz, who was saying just over the last couple of weeks. He's received this a bunch of times. And I mentioned this to another friend of mine who is not in the media business. And he said that he got it as well. [00:00:48] And he said it was: are YOU an extremist? Which I think is interesting. First of all, an extremist is not defined. And of course, with these people who are monitoring accounts on Facebook, announce where their definition of extremist is going to be. The definition of an extremist by the government going to very political parties is going to Berry very, and we're talking about this anti-extremist prom, not just asking you if you are an extremist, like my friend said he got, but it's asking if you know someone else who is an extremist or who may become an extremist. [00:01:28] That is absolutely amazing to me. Amazing. It's bad enough that the government has picked winners. It has this whole section to 10, you've heard about before in the FCC rules that say we know if you're Facebook or Google, no one can Sue you for anything that you do. That is absolutely insane as far as I'm concerned, but there will be lawsuits on this they've already been filed. [00:01:58] Why would Facebook block thought that it didn't think was appropriate? The whole idea behind the first amendment? It isn't just that it applies to the federal government. It is a code of conduct for all of us. It's a code of conduct for these massive multimedia platforms. We should be allowing all kinds of speech, and we should not allow people to hide because what they've done now is they've moved to other platforms. [00:02:29] They don't do this kind of monitoring, and they are currently carrying on their speed. If someone comes out and says something that is racist, that is violent, that is, is threatening to commit a crime. We know about it. If it's out there in the open, we all have the crazy neighbor that everybody in the neighborhood knows about because they are, and they're saying it, Facebook is starting to block it. [00:02:55]We're just not going to know. And then what do they do? If you report someone who is saying some things that you think might be extreme, things like you should check voter ID at the voting booth. There are people that think that's extreme, and they report to you what's likely to happen. We know already that one of the things that many people who have been doing online is reporting people. [00:03:22] They don't like someone who is posting things that are violent or extreme and getting their stuff blocked and demonetized in some cases, but just plain old blocked. It's a great little tool for people to shut up. Other people, just shut them down, shut them up. They can't say it anymore just because they disagree with the content that's already in place. [00:03:48] Now, what's going to happen. If someone is reported as being not an extremist or on the road to extremism, what liability is there on Facebook's side? What liability is there with, for instance, the FBI or local one force. There are obvious things that should be reported to law enforcement. If someone's saying they're going to harm themselves or harm someone else, then we need to have a closer look at that. [00:04:14] If you actually have the belief that they will and can do that. I was a mandated reporter for 10 years because I was in emergency medical services. If I thought someone was trying to commit harm to themselves or someone else, I was mandated to report, but I have to think that I can't just use the reporting tools as a way to shut up my political opponents. [00:04:43] So someone reports another person as being an extremist of Facebook; Facebook then sends it to who are they going to send it to the FBI? What's the FBI going to do well. The FBI is mandated to report again in their reports and investigate. So what are they going to do for the investigation? It needs to rise to a level of the FBI thinks that this might be an illegal activity so that they can investigate it. [00:05:11] They can hopefully stop something before it happens. Something violent, something nasty. But what does the investigation take ground? I'm taking you all the way down the road here. The investigation is going to include them having a look at what you said, looking at the people who are within your social network. [00:05:32] So who do you. Two. Who do you follow? Who follows you? They may start looking at your phone. Who are you calling? What SMS messages are you receiving? Where are you hanging out? Where's your phone going every day? Who goes to that bar that you like to hang out at? Oh my goodness. You went to a gun range. [00:05:50] Who's at that gun range and so very quick. The investigation is all of a sudden roping everybody and all of your family members, all of your closest friends, anybody that might've liked something that you had said recently, even though it might not have been extremist. And so now, by having Facebook looking for extremists and people who might be on the road to extremism and counting on you to report them, they have opened up a can of worms. [00:06:22] Huge can of worms and remember too, with the FBI and with others, including the NSA and the CIA, they have this multi-hop rule. I think it's three hops now. So if they suspect you of something and what is suspect you, is it the fact that someone reported you as being an extremist, just because they disagree with you politically, they disagree with your religion. [00:06:48] Is that enough for them to suspect it. So now they can monitor not just your stuff, but anyone that has talked to you or liked you and anyone that has talked to them or It doesn't take long. I think that whole Kevin bacon thing, right? Everybody in Hollywood's within five degrees of Kevin bacon. In fact, I think everybody in the United States is within five degrees of Kevin bacon. [00:07:12] In other words, they can hop through opt to five people and connect to anyone in the country. That is absolutely huge. Absolutely huge. According to the verge. Facebook is doing this in response to the Christ church call for action campaign Christchurch. Remember in New Zealand, and there was an atrocity that was committed there. [00:07:41] These hate and dangerous organizations. That's what they're up to. They're trying to stop all of this. And it went back to March 2019. I think it was this attacking Christchurch. Obviously a terrible thing. People knew about this person and their radical approaches. The police have been informed, but nothing happened. [00:08:05] So now we want even more monitoring to go on. At least Facebook does. This is really a problem. There are all kinds of bad behavior online. We hide behind our supposed anonymity. Look at the terrible thing. Some people say online about you name it, right? Different people, kids in high school, either people in other walks of life. [00:08:33] It is terrible. So Facebook has this support page titled what I can do to prevent rattling? Radek radicalization. There we go. I knew I could say it. It's a really good question. Yeah. They've got links on that page to the life after hate exit USA program, which Facebook says help people find a way out of hate and violence. [00:08:57] I'm all great with that. I think that's a good thing. It's not a bad thing, but now having them report people that someone. In their non-inferior wisdom, decides might be hate speech or might be on the road to extremism because remember anybody that voted for Donald Trump is considered to be someone who's on the road to extremism or is an extremist. [00:09:22] For voting for him, the worst president ever. How many times have you heard that sort of thing? It has happened all of the time. And so we've got to be very careful about these open reporting things that are online. We have to be careful about reporting. Other people, it brings to mind two things. [00:09:41] One is two TV shows. One is one. That apple produced and you can watch, and it's all about this guy. You were a reporter, a news anchor, and he was supposedly sexually harassing someone, and yeah, he was to a degree, but the crime and the punishment were just totally out of whack. And one of my wife's favorite shows It was the good wife, and now it's a good fight. [00:10:12] That's what it is in season five, episode three. It is delving into this in a very big way. What happens when you report someone? Should they be reported? You've got to think twice about that. Even when, again, I was in EMS, what happens if I report someone potential neglect potential child abuse here, they can go through hell. [00:10:37] So be very careful. I don't like this move by. But you probably figured that out already, right? Hey, you stick around. We've got a lot more to talk about today, and I also want to encourage you. If you haven't already, go to my website, sign up for the newsletter. Craig peterson.com/subscribe and get all of the latest and most important technology news in your mailbox. [00:11:04]Craig Peterson: We're all excited about the upcoming Olympic games. And so are the hackers. Oh my goodness. I just finished reading a report by the cyber threat Alliance about what they're expecting to happen at these Olympic Games in Tokyo. [00:11:22] The Olympics have always been a huge target when it comes to the bad guys. [00:11:28] You might remember there have been abductions at the Olympics before where some of the Olympic competitors were held at gunpoint. Of course, we're not going to forget that one anytime soon. And looking back through the last few Olympics, there have been many different types of attacks, some more successful than others, frankly, but looking at this report, they were talking about the 2008 Beijing Olympic. [00:11:56] The attacks then were relatively limited. There were about 12 million cyber alerts per day. Now, this is part of the problem with cybersecurity. You get so many alerts. What do you do? How do you? Bond and none of those 12 million cyber alerts per day resulted in a successful attack. Now that was back in 2008; there were some scams like ticket scams are always are, but nothing big. [00:12:27] The next one was the London Olympics. In 2012 and the London Olympics, they had pretty much low-level attacks, and they didn't result in any real high-impact cybersecurity event. And the most significant event back in 2012 was evidence. The credible cyber threat against electrical infrastructure. That was, of course, in place for those Olympic games. [00:12:55] There was a distributed denial-of service attack on the power systems. Nothing much really happened, no real impact. Then 2016 Rio de Janeiro. They were starting to pay more attention to cybersecurity for very good reasons. Frankly, there was a large-scale denial of service attack that was carried out by this botnet. [00:13:21] Let me explain what that is. A denial of service attack is where you might have a website, for instance. Providing service to your customers that might be going there to look at your catalog, maybe buy some things. It might be a government agency. It might be an important part of the Olympics in this case and their critical infrastructure. [00:13:42] So denied service means you either knock it off the air, or so people can't get it. Or there's also the distributed denial of service attack. Now DDOS are the distributed ones where you have hundreds or thousands of computers out on the internet, all over the place that are trying to get to maybe the home page, maybe the purchase page. [00:14:09] And because they coming from all over the internet, they're very hard to shut. And that's where we have the botnets coming in, too. Botnets are groups of computers that have been compromised by hackers. So what they do now is they command, for instance, you're a home computer that you don't even know is under the control of one of these bad guys, your home computer now, issues or requests. [00:14:37] Hey, yeah, give me the home page of Olympics 2020. And off it'll go dutifully and try and get the homepage. That's all well and good. Suppose the load on the server is what they're expecting. You've been to sites, right? You hear something mentioned on the radio and like Craig peterson.com now, because I mentioned my website, Craig Peterson, S O n.com. [00:15:03] And there are people listening. Some of you guys are going to go to my website. Now the normal traffic of having dozens of new people go to my website is not going to bring the site down. However, here's the other side of this? What happens if maybe two or three times as much traffic as I expect is going to come to the site? [00:15:27]I've compensated for that. We should be able to handle that just fine. But what happens if all of a sudden it's a thousand times what we're expecting because there are 20, 30, 40,000 cases. Peter is out there that are trying to get my homepage or, in this case, the Olympic. Homepage. Obviously, the server's not going to be able to respond, and it's either going to crash or and I'm sure they set this up the right way. [00:15:53] It's going to deliver a message saying the servers overloaded right now. Try a little bit again. And by the way, if you get that message on a website saying, Hey, try it in a few minutes, please try it in a few minutes. Don't just hit reload because that's going to put even more load on that poor little overloaded server. [00:16:15] Now what they had here coming in 2016 at the Rio de Janeiro Olympics was a staggering 540 gigabytes. Per second worth of people requesting homepages. That is insane. That is a lot of bandwidth. And the fact that they apparently had that much bandwidth available coming in is also amazing, but also remember people are looking at videos. [00:16:46] Am I. To get the insider scoop, add some stuff happening behind the scenes. Now, many of the attacks in 2016 started before the Olympic games even. And what they were doing is attacking different parts of the Olympics infrastructure operationally. So it's a problem. It's a very big problem. They survived that whole thing. [00:17:14] And by the way, the Brazilian government ended up trying to protect the world cup back in 2014 as well by spending a whole lot of money and time on this. But remember, Even back in 2008, we were talking about 12 million cyber alerts per day. How can you staff up for that back then? It was back then. [00:17:37] We're seeing some of our clients being hit with hundreds of cyber attacks a minute and multiple per second, sometimes 10, 20, 30 per second. It's just incredible. What happens? In fact, divide those numbers out 12 million divided by how many seconds in a day. It just shows you how amazingly huge it is. [00:18:01] Now we have seen time. Past where a country like North Korea, for instance, doesn't like what Sony pictures are doing. So North Korea then attacks Sony pictures. And in the case of Sony, they downloaded a bunch of confidential information. They released it. They embarrassed some people now; hardly anybody got fired. [00:18:21] It's absolutely amazing. But anyway, What's happening right now is Russia. Think about all of the Russian attacks against our businesses and our critical infrastructure as a country; they have been huge, massive attacks. We have now Russia at a point where they are getting massive amounts of. built up. [00:18:50] Why? Because they submitted doped samples in 2019 to the Olympic committee. Yeah. So this was a the McLaren report released by the world anti-doping agency. Describe what we're really systematic effort by the Russian government to really undermine the drug testing process. We've also seen the Russians in the past because they've been caught doing this. [00:19:19] And the Chinese as well, putting in some of the competitors, particularly into things like gymnastics that were too young to compete based on the Olympic rules that were in place. So we had all of this happen during and after the 2014 Sochi winter Olympics. Guess what? Those restrictions on their athletes are still in place, and in place in a very big way; they will not play the Russian national Anthem at the ceremonies at the Olympics. [00:19:53] And they will not allow the Russian flag to be carried. In fact, their athletes have to carry a neutral. Flag. So expect some serious attacks from Russia against the Olympics. And remember the Olympics. There are no spectators. Everybody's going to be watching this thing on a line. So it's going to be interesting. [00:20:19] We'll keep an eye and let you know how things go. Stick around. Visit me online. Craig peterson.com. [00:20:27]We have really in front of us a critical warning. We're trying to figure out what we should do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down. Did you hear about the Kaseya hack? [00:20:47] It has been a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together, and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge. But let's talk about why this happened, because I think there are many things that you and I have overlooked here over the years; this ransomware God guy, gang called REvil, R E V I L has targeted cause say, or customers through. [00:21:32] Say, but it isn't just kissy customers. It's really cause, say, it is customers for the most part. Now your head might be spinning a little bit, but here's what's happening. I'm a business owner. You guys know that right now. Let's say that I don't do cybersecurity for businesses. That's what I do. [00:21:52] But let's say I make a widget. I was a widget maker, do not have enough knowledge about computers, to really do it myself. So let's say I've grown and I've got 20 employees. The odds are very good that my office manager is the one in charge of the computer. The office manager probably orders. [00:22:17] Computers probably tries to figure out what's going wrong. By the time of it at 50 computers or 50 employees, I've probably got a full-time it person who goes around and tries to take care of things. But before I've got that full-time IT person I'm probably going to outsource it. And by the way, a lot of companies, it's more like a hundred to 200 employees before they get someone who's really dedicated to it. [00:22:46] So then that awkward teenage stage between where the office managers trying to do it. And finally the office manager can try and hire an it professional. Is where they go and outsource it. You talk to various types of companies. What are in the industry called break, fix shops. That's usually the first stop which is calling them up saying I've got a broken computer. [00:23:12] Can you fix it? And maybe they can, maybe they can't. And then a lot of break fix shops have tried to level out their income so that they have predictable monthly income so that they can hire the right number of people for the number of customers that they have. Although I've got to say most of them are badly overbooked. [00:23:32]Now that they've hired those people, they this outsource break fix shop. They come in and say, okay here's what we can do for X amount per month per computer or employee, we will take care of those computers... /episode/index/show/cptt/id/19837622

The New Anti-Robocall Technology is Coming Online 07/16/2021

The New Anti-Robocall Technology is Coming Online The New Anti-Robocall Technology is Coming Online I know everybody I talk to hates these robo calls. They're happening all of the time. What are we doing about it? The FCC has made some changes and they just went into place. So we're going to talk about STIR/SHAKEN, right? Of course the government has to come up with some really cute acronyms and that's what's turned, shaken are, but here is what's happened. We have the ability to over TCPI P send phone calls. In fact, in my phone, I have a phone that's hooked up to T-Mobile and it is using wifi. [00:00:38] So when I'm making a phone call, it is going over my wifi in the office or at my house or wherever. It doesn't even use the regular salad or network, unless it has to why? Because it's all TCP IP. And then on top of it, sometimes with LTE and now always with five G you are using TCP IP. So your voice is converted into a digital signal. [00:01:10] Right there on your phone. And it is handled as data, just like pretty much any other data would be handled. Now our cell phones, of course, for a long time have been digital and have been in coding it, but they have not been using it as regular TCPI peop. So what the federal communications realized is since most of the tracks. [00:01:35] That we have on our phone networks nowadays is actually internet traffic. It's TCP IP. Why don't we add a little bit to the protocol? And they came up with this whole new way of being able to track the originator of a phone call right now, if you have a landline, this is not going to benefit you at all. [00:02:02] And we're going to talk about the different carriers here, but they don't have to comply these landline operators for another couple of years. Although the FCC right now is circulating a petition and is trying to make it so they have to comply. More quickly, but the nation's largest phone companies have met this deadline that was set by the FCC to put this new anti robocall technology in place. [00:02:31] But I want to warn you guys that does not mean that it is going to stop all of these robo calls anytime. Soon where it's not going to stop, but you might have noticed that at the end of June, there was a noticeable cutback in some of these robocalls. Now these are the scammers that are calling us and are pretending that they are a local phone number, right? [00:02:59] Their biggest trick is, yeah, I've got the same area code and first three digits, I'll call it a prefix as you do. So you should answer that phone. They announced at the FCC last Wednesday that quote, the largest voice service providers are now using stir shaken caller ID authentication standards in their internet protocol networks in accordance with the June 30th deadline set by the FCC. [00:03:26] This widespread implementation helps protect consumers against malicious. Spoofed robo calls and helps law enforcement track the bad. So it, I think is a very good idea. It's a step in the right direction. It is going to help a whole lot at T and T Verizon T-Mobile and us cellular have all put these in place. [00:03:54] In March, the FCC denied petitions for deadline extension from Verizon and us cellular are saying that they didn't meet the high standard of undue hardship. I think that makes sense. You've got to force these guys. Sometimes Verizon was saying that they had a small area of their fiber based home phone network that would not be able to meet it. [00:04:17] So again, it's landline. Versus the home phone that work, many of us have it. Comcast provides it as well, but basically if it's it IP based, they didn't have any sort of exceptions. So Verizon is now exchanging the stir shaken enabled phone calls with wireless carer carriers. It represents about 80% of the U S wireless industry. [00:04:45] Verizon said this week, so 80%. Yeah, you should have seen a bit of a drop more than 135 million calls a day are currently being exchanged between Verizon and the other carriers with the number of calls that are being exchanged using this tracking technology grow. It's also been deployed on IP enabled wire line phone networks operated by Comcast charter at and T Verizon and many others. [00:05:17] So we're pretty happy about this. We'll see what ends up happening in general, but some care companies that carry a lot of robo calls are not yet required to follow the stir shaken technology and the rules around. Because there's an exemption for carriers with a hundred thousand or fewer customers. So that's going to be a bit of a problem, but think about how you have to roll out technology. [00:05:46] Rolling it out via these big carriers and doing that first is seeing where the holes are in the technology. What's not working properly. That's the way to handle it. And then by having the big carriers do it, they're going to bear the brunt of the expense. Because always right. Those big screen TVs used to be five to 10,000. [00:06:12] I remember $15,000. That's a very big deal. And then it goes down and down. Now you can buy them at Walmart for 300 bucks. So having the big guys do at first makes a lot of sense. It's going to prove the technology, improve the technology, drive the costs down, and then you can bet that these smaller carriers are also going to be required to do this fairly soon. [00:06:38] So the way the protocols are working is they are using tokens and to verify. The accuracy of the caller ID. So they're using public key cryptology. For those of you who know what that is using digital certificate, getting major us companies to adopt. It really was very big milestone. I'm very glad they finally did it by the way. [00:07:01] Stir, shaken. Ordered by Congress and FCC chairman as PI. You remember him? He did a lot of great things to help out communications, but he was only having voluntary compliance. And so it didn't lead to like widespread adoption. So this law really forced them into it. And they're now. So we'll see what happens. [00:07:28] Small carriers are exempt for now. Landlines. Aren't doing it. There's a lot of the TDM based stuff out there, but it's going to happen. There's also a gap in, at and T network right now. So we'll see. What ends up happening? Hey, I want to encourage you guys. If you have not already to sign up for my newsletter, I don't spam you, right? [00:07:50] I'm not one of these robo spammers that we see out there that are just sending all kinds of garbage all the time I put together. Usually six to eight, sometimes as many as 10 articles every week that I think you need to see. And when I put them together, make them available for you. It makes just a huge difference in people's lives. [00:08:13] I get thank you notes. Everybody. Not everybody, but I get thank you notes every week from people who read that newsletter and thing. They thank me for my time and all of the effort that we put into this. This is an effort of love by my wife and I, so do that. It will help. I give all kinds of great advice and warn you about things that are happening right now. [00:08:37] Just spend a minute, go to Craig peterson.com and you'll see right there in the home page, scroll down a little bit. There'll be a little red line at the top where you can put in your email address and I'll sign the app. And I will be sending you some special reports that are really going to help you out right away. [00:08:56] So do that right now. CraigPeterson.com/subscribe /episode/index/show/cptt/id/19795655

60% of Used Amazon Echos Can Be Compromised 07/15/2021

60% of Used Amazon Echos Can Be Compromised 60% of Used Amazon Echos Can Be Compromised Don't Sell Used Google Home, Nest, Echos, etc.! The majority of Americans, at least those of middle income and higher, have the smart devices in their homes. It's everything from the Amazon echo all the way up through our thermostats. Are these a good idea? And what do we do when we get rid of them? IoT, you might've seen that before. And it stands for the internet of things, and these devices are actually computers on them. Have even more than one computer. Some of them have a lot of processing power. You look at some of these speakers, like the apple; the big apple speaker has some amazing processing belt right into it. Of course, it also has a number of different ways that you can use it with Siri and everything else that's in it. But if you're going to sell these things, if you're going to sell your echo dot or other things, what should you be looking at? How can you do this? I had a listener who reached out to me. [00:00:56] This was only a couple of weeks ago, and he had a problem. All of a sudden, he was getting charges from Amazon for things. Did not order. So he asked me what's the right way to go here. And, being the coach that I am, I pointed him in the right direction, which was pointed him at the Amazon security people. [00:01:20] So he got a hold of them and spoke with them. It turned out that his Amazon echo that he had was what was used to order all of these items. And guess what? He didn't have that Amazon echo; he had sold that Amazon echo, and when he sold it if somebody bought it right, a used echo online and was using it to order things and have them shipped, not to his house. [00:01:53] Elsewhere. So it is a really big potential problem that has been looked into, and there is a group of researchers on the Northeastern university who bought. 86 use devices. And this is an article from Ars Technica, Dan Gooden, who wrote this and what he, what they found over the 16 months is that 61% of these devices that they bought 61% had not been reset at all. [00:02:33] No, that to me is not terribly surprising, but it's horrific. If you're trying to keep your data safe because think of what these smart devices have in them. They've got your location; they've got your wifi networks and passwords. They may have account information; what did you go ahead and link it to which accounts are on. [00:03:00] There are a whole bunch of things that can be gleaned from them. Now he, this listener, said that he had reset his device, and you can and should do that if you're going to give it to someone in the family, which is what I would recommend as opposed to selling it. And I'll tell you why. These devices have inside of them a particular type of memory it's called NAND flash memory. [00:03:32] And the memory is you can think of it in similar ways to your solid-state desk drive. Back in the old days, the operating system would say, go ahead and write this block of data. This 512 byte block out to Track 17 sector one, and it would go ahead and write it to track 17 sector. But the problem with NAND devices and most SSDs all of them, frankly, is that you can only write so many times before the memory goes bad and it can be 10,000 to a hundred thousand times. [00:04:13] And if you've ever wondered, why is this solid state disc so much more expensive than the other ones? Usually it's because it's using better memory that can take more. Cycles read cycles, do it all you want all day long, cycles is the problem. So they have come up with some technology that they build into these that does a level. [00:04:36] And what that means is track 17 sector. One is really located here at position X. And then if you right track 17 sector one, again, it's really located at a completely different position. Y so that the right now get leveled across the entire division. Okay. You don't really have to understand that in great detail, but I know there's a few of you guys being the best and brightest that really want to understand that a little bit better. [00:05:05] So that's why certain flash memory, certain SSDs are more expensive than others. Now here's the problem. When we're talking about these smart home devices, they're using this type of memory and NAND flash memory has a problem in Ohio has a few problems, but the biggest problem is it's not terribly reliable. [00:05:30] Especially the type of Nan flash they use in these inexpensive devices. So it's not terribly reliable. So it builds in check sums, right? So those out at the same time, so that when a treat him back, he can say, whoa, wait a minute. This is block is bad. And then it can recreate the block on that flash memory, which is really great. [00:05:52] Now, when you erase your device, It doesn't really, excuse me. When you reset your device, it doesn't really erase your device. I want you to think of windows as an example. You might know that if you delete a file from your windows computer, it's not actually deleted. It's actually still there. It just reallocates the space that file was using. [00:06:18] So it can use it for yet. Another file. So you you delete something it's still there. So when you're getting rid of that computer, what you used to do with a spinning hard disk is you would run multiple rights on that desk, solving entire desk. You'd drive zeros, you'd write ones, you'd write random patterns and you'd be. [00:06:43] And there are fancier ways to do it, the government, and it, many of the government contractors actually shred the desks. They have shredding machines, you can feed a whole computer into these things are just amazing. And then they send it off for recycling. What we do is we remove the platters inside the desk, the aluminum platters, and we melt them down in a furnace that we. [00:07:10] I still had furnace. Now there's nothing readable on it. Cause all comes out as a big blob of aluminum. One word. Resetting your device just like deleting a file on your windows. Computer does not actually remove it. And nowadays we're reusing this leveling technology in these SSDs and NAND chips. [00:07:34] We are really not getting rid of it. It might not be rewritten for a very long time. Because again of the leveling technology. So there's another process you can do known as off chip, which will require you to completely just assemble a desalt or the flash memory, and then mess around with it a little bit more. [00:07:57] But here's the problem. Even though the listener said that he had reset factory reset his device before he sold it. It still had all of his information on the device. So all of the bad guys had to do is remove those chips and. And right inside, there was his Amazon account information, password, everything, it needed, the key to make orders with Amazon. [00:08:29] Now that is a problem. If you ask me and it isn't just Amazon, this isn't just echo devices. We're talking about. The same thing can be true for that smart thermostat that you bought that Google thermostat, that smart. Doorbell that you have on the front of your house, though, those all contain this type of memory. [00:08:51] So what I tend to do is take a hammer to. If you don't have a, what do you call it now where you can melt it down a furnace where you can melt them down, specifically designed for doing this type of thing. Then here's what I advise you to do. Get a drill with L fairly large bit. You want at least a three-quarter inch metal bit that you can put on to that drill. [00:09:16] I used to use a drill press that we have and drill three. Large holes into the platter. So you don't have to open up the disc drive at all, but you'll notice there's a round section of the drive. That's where you want to drill into that round section of the drive, three big holes. And that disc is for all intents and purposes unrecoverable. [00:09:40] So the bad guys can't get your bank information. They ha they can't get it. That spreadsheet that you have with all your passwords, you not in person Best and brightest come on guys. And they can't get anything off of that. So when I'm talking about IOT devices, what do we do? What do we do? [00:09:59]Basically, I would say don't sell them. They're cheap enough. You can get an accurate. For well, under 50 bucks, 80 bucks at the high end for the ones with the video and everything built into them. When you're done with it personally, I would destroy it, physically destroy it. Cause that's the only way to make sure your data is not going to be. [00:10:25] Hey, stick around. You're listening to Craig Peter son. Make sure you get my newsletter. The free one is at CraigPeterson.com/subscribe. /episode/index/show/cptt/id/19795553

FBI Using a "Honeypot" for a Massive Sting Operation & Olympic Cybersecurity 07/14/2021

FBI Using a "Honeypot" for a Massive Sting Operation & Olympic Cybersecurity FBI Using a "Honeypot" for a Massive Sting Operation & Olympic Cybersecurity This time, the FBI didn't just set up a sting, they set up a honeypot. And I talked about it with Mr. Matt Gagnon coming right up. Along with a couple of other major points this week, including what has been happening with the Olympics and cybersecurity. So here we go. [00:00:22] Matt Gagnon: Craig. Let's get into some of these topics, if you can. I had an interesting conversation yesterday with some folks about tech policy what's been going on censorship, et cetera. It's obviously a pretty common topic when you talk to especially conservative minded folk they're pretty upset about what's going on there there. And one of the, one of the people I was talking to who said to me that that's, somebody must have dimed them out that they had a Facebook post that was blocked because Facebook. [00:00:48] Was maybe notified that they did something and it was pulled down here that does that brings to mind this story about the, do you know an extremist prompt at Facebook? Are they testing something like that where you basically are diming out your neighbors and seeing stuff. And then all of a sudden you're reporting to the authorities at Facebook, that somebody has a opinion that is just not okay. [00:01:08] Craig Peterson: [00:01:08] Yeah, this, where could this possibly lead? This is a crazy, they are doing that. Facebook has admitted it and you know what shocked me the most about this isn't that? Hey, the two known extremist, or are you an extremist? And the Alicia. People C N until you reported on this, which just shocked talk to me, frankly, but they say this is part of a, what they're calling a redirect initiative. [00:01:35] So if you're looking at for something, they'll send you somewhere else. If they don't think what you're looking for is appropriate. And then they're asking you, are you an extreme Mister? True. Oh my gosh. People don't you read history? Where is this going to take us? I don't [00:01:54] Matt Gagnon: [00:01:54] know. It's a good question, Craig. [00:01:56]Clearly this is part of the evolving narrative here of exactly how social media companies are trying to moderate content and deal with their perception of what extremism is and whatnot. I, to me though, I have this question, maybe you can answer it. Is a market, just not at play here. With Facebook, continuing to do things like this and alienating like half the country, ha and beyond our country, right? [00:02:21] I This is happening all over the world, right? Is there not a market for a company that doesn't do things like this, that doesn't moderate it's its content like that? Can we not have something out there? That clearly, takes out violent content and real threats and just like sick, disgusting racism or whatever, but more or less is a free speech zone. [00:02:39] Otherwise you're telling me that couldn't survive. In today's world. What's wrong with that? Why can't it happen? Where's the market. [00:02:46] Craig Peterson: [00:02:46] If you're going to survive something like that as a startup, you need, first of all, the seed information, you need people to start signing up and you need money coming in. [00:02:56] And Facebook is doing everything that can anybody that's a startup that looks promising, whether it's WhatsApp or Instagram, they will be purchased. They'll be bought out. Now, these guys might be saying I'm going to have a free speech platform. It's going to be absolutely fantastic. We know what's happened with a couple of those already, but what Facebook does is they come along and say your company is worth about $50 million. [00:03:23] How about, I give you a billion for it and wildly over overvalued. Then Microsoft does much the same thing with potential competitors and drives them out of business or buys them out of business. So the Facebook is in a very interesting spot. Plus then there's the whole section two 10. And w you can shoo newspaper out of existence, but if a newspaper publishes a story and that story is not factually accurate, they go out of business. [00:03:55] So newspaper takes some time, tries to do some investigation, gets multiple sources to confirm, and then publishes in story. Facebook doesn't have to worry about any of that stuff. So why are they doing this in the first place? And they are wildly profitable to the terms of hundreds of billions of dollars. [00:04:14] And they just don't care. They have what they have morals, is what they called. And they're saying we cannot allow this to happen. And they are leading the country down the Primrose path. Although the numbers seem to be showing a lot of people ditching Facebook, and there are some other platforms that are trying to get charted, trying to go. [00:04:39] But it just isn't happening there. This is not a free market system and we don't have one in this country. We haven't had full free markets for over a hundred years now, entirely regulated. They pick the winners and specifically the government has picked Facebook and Google is to have those winners by providing them with legal cover. [00:05:02] I think we've got to pull back the kimono and looked at what's really happening. [00:05:07] Matt Gagnon: [00:05:07] Greg Peters on joining us as he always does on Wednesdays at this time, talking over tech topics, Craig, one of the other things that's happening in the world soon here is the Olympics. I've been watching a lot of Olympic trials, a lot of things on TV as we prepare for this, I'm an Olympics nerd. [00:05:22] So I love this stuff and there's obviously a lot of competition at the Olympics, but there's a different darker background of competition out there. And it's the cybersecurity experts trying to protect the infrastructure at the Olympics. Again. The bad guys, as you might say. And how does that play out? [00:05:36] Because this is, nobody's really reporting on it. Nobody talks about this much, but this is a really big part of this gigantic event. [00:05:42]Craig Peterson: [00:05:42] Think about what's happening in Japan right now. They are having these Olympic kind of, trials things. If you will, where we're losing. Four out of five of the basketball games. [00:05:53] I can't believe that part, but here's the bottom line. No rule be no spectators. Everyone in the world. That's interested in seeing the Olympics have to watch it online. Somehow all of the major news networks are getting their feeds and a lot of that going over the internet. There's a lot of exposure. We have all of the people who are competing, who are using special apps who have special electronic controls. [00:06:22] We had a huge problem last time around in 2018 with the Olympic winter Olympics, because there were some cybercriminals that managed to bring the whole thing down. So we are really on our toes worldwide. Now, including here in the U S what a target. It's a beautiful place for the bad guys to go make a name for themselves, ransom, et cetera, et cetera. [00:06:46] So there are whole teams. I've got a little bit of insight information here, but there's whole teams of people around the world that are monitoring. What's going on, are looking into everything that looks like they're being probed. Everyone. So 10 show hat. They are really staying on top of it. And these teams, Matt are some of the best in the world or teams I've worked with before. [00:07:11] So knock on wood. It'll be okay. But the Olympics, they are a huge hacking targets. [00:07:16]Matt Gagnon: [00:07:16] Finally, I want to also ask you about speaking of the bad guys and trying to take them on here. There's ways of trapping them and the FBI created an interesting one here. Google pixel is involved in this very interesting story here. [00:07:26]Did they use a honeypot to basically entice some of these people in and then trap them and then get them out of this work? [00:07:36] Craig Peterson: [00:07:36] It's Winnie the Pooh is such his head in there. He got the stock. The FBI came up with a real interesting concept that is a bad guys. Want to be able to communicate privately? [00:07:47] So they modified some pixels now and they did it in such a way that they turn off the cellular. They turn off, they remove cellular, they remove the GPS trackers, they removed a bunch of things. And then they sold these phones on the black market or out on the dark web saying, no, these phones are going to keep you safe because of this, that, and the other thing. [00:08:12] And we've got a special operating system. They called these devices and arm and the bad guys started using, and they didn't really do any research talking to them and they were recommending it to each other. These hacker groups, these criminal organizations that were smuggling people, right? Kidnapping people was selling arms on the dark web, et cetera. [00:08:35] They started using it for Nona miscommunications. What they didn't know. Is everything that was sent on these devices, everything that was done with them was sent to the FBI. So what some of us went to Interpol and others. So the concept is great. Let's turn off the cell. Let's turn off the GPS that's to remove them from the device. [00:08:58] The problem was they didn't know good law enforcement. Was in fact monitoring everything that was being said there more than 12,000 smartphones like this that were out in circulation and heavy use by the bad guys. And now you can buy one of your very own FBI monitored phones on eBay. People started to buy them because they are based on a Google pixel foray. [00:09:22] Custom firmware in them, which is a bit of a problem. And they do have arcane OOS as well, but people are trying to figure out why can't I get my phone to work? I just bought on eBay, but they have been shutting down major criminal organizations worldwide. Because of this honey pot, they really got stuck. [00:09:44] They got [00:09:44] Matt Gagnon: [00:09:44] them. It makes it basically, it's a way of, it's a way of trying to learn from it and it works ultimately. So Craig Peterson, our tech guru joins us on Wednesdays at this time. Unfortunately, Greg we're out of time, so we have to stop here, but again, you can hear them on Saturdays. Thanks a lot, Craig. [00:09:57] And we will talk to you again. Next [00:09:59] Craig Peterson: [00:09:59] week. All right. Take care. There's nothing that helps this show get out better than having you subscribe to the podcast. I appreciate you guys listening. I can't tell you how much, because it does help get the word out. And that's what I'm trying to do is help everybody understand what's going on. [00:10:16] Please, whatever platform you're listening on. Go ahead and subscribe. And if you wouldn't mind, give me a five-star rating. And the 800 pound gorilla is still our friends over at apple iTunes. Believe it or not when it comes to the ratings of these different podcasts. So if you could go there the easy. [00:10:38] Craig peterson.com/itunes. That'll automatically redirect you to my page on iTunes. Craig peterson.com/itunes. Oh, by the way, in case you didn't know, I'm also on YouTube now posting a lot of these podcasts as little videos. Yeah you'll see when you get there and that's at CraigPeterson.com/youtube. [00:11:01] Take care everybody. Bye bye. /episode/index/show/cptt/id/19807061

Craig Peterson - America's Leading CyberSecurity Coach

TOPICS