Craig Peterson's Tech Talk

Follow Craig Peterson's Tech Talk
Share on
Copy link to clipboard

ClearChannel Radio's Number One Weekend Tech Show in the Boston Market -- More Than 20,000,000 Podcast Downloads! Craig interviews top industry insiders and explains the technology secrets everyone needs to know. www.CraigPeterson.com

Craig Peterson


    • Jan 3, 2022 LATEST EPISODE
    • every other week NEW EPISODES
    • 16m AVG DURATION
    • 1,239 EPISODES


    Search for episodes from Craig Peterson's Tech Talk with a specific topic:

    Latest episodes from Craig Peterson's Tech Talk

    Have You Checked If Your Email Is On The Dark Web? Let's Do It Now!

    Play Episode Listen Later Jan 3, 2022 42:39

    Have You Checked If Your Email Is On The Dark Web? Let's Do It Now! Do you know how to find out if you have had your private information stolen? Well, you know, the odds are probably pretty bad, but where was it stolen? When? What has been stolen? How about your password and how safe is that password? We're going to show you real hard evidence, and what you can do to fix things! [Following is an automated transcript] [00:00:16] Knowing whether or not your data has been stolen and what's been stolen is very important. [00:00:24] And there is a service out there that you can go to. They don't charge you a thin dime, nothing, and you can right there find out which of your account has been compromised. And. Out on the dark web. Now the dark web is the place that the criminals go. That's where they exchange information they've stolen. [00:00:49] That's where they sell it. That's where you can buy a tool to do ransomware hacking all on your own. Far less than 50 bucks. In fact, ransomware as a service is available where they'll do absolutely everything except infect people. So you just go ahead and you sign up with them, you pay them a 20% or sometimes more commission. [00:01:12] You get somebody to download in fact to themselves with the ransomware and they do everything else. They take the phone call, they find out what it is. Company is doing and they set the ransom and they provide tech support for the person that got ransomed in order to buy Bitcoin or sometimes some of these other cryptocurrencies. [00:01:38] In fact, we've got another article in the newsletter this week about cryptocurrencies and how they may be falling through. Floor because of ransomware. We're going to talk about that a little later here, but here's the bottom line. You really want to know this. You want to know if the bad guys are trading your information on the dark web, you want to know what information they have, so you can keep an eye on. [00:02:11] Now you guys are the best and brightest, you know, you gotta be cautious or you wouldn't be listening today. And because, you know, you've been caught need to be cautious. You have been cautious, but the time you need to be the most cautious is right after one of the websites that you use, that hasn't been hacked because the fresher, the information, the more it's worth on the dark web, your identity can be bought on the dark web for. [00:02:38] Penny's depending on how much information is there. If a bad guy has your name, your email, the password you've used on a few different website, your home address, social security number, basically the whole shooting match. They can sell your personal information for as little as. $2 on the dark web. That is really bad. [00:03:02] That's sad. In fact, because it takes you a hundred or more hours. A few years ago, they were saying about 300 hours nowadays. It's less in order to get your identity kind of back in control. I suspect it probably is closer to 300, frankly, because you. To call anybody that pops up on your credit report. Oh, and of course you have to get your credit report. [00:03:29] You have to review them closely. You have to put a freeze on your. Got an email this week from a listener whose wife had her information stolen. He had lost a wallet some years ago and she found because of a letter that came saying, Hey, thanks for opening an account that someone had opened an account in her name. [00:03:51] Now the good news for her is that it had a zero balance. Caught it on time. And because it was a zero balance, it was easy for her to close the account and he's had some problems as well because of the lost wallet a few years back. So again, some basic tips don't carry things like your social security card in your wallet. [00:04:17] Now you got to carry your driver's license because if you're driving, the police wanted, okay. Nowadays there's in some ways less and less of a reason to have that, but our driver's license, as you might've noticed on the back, many of them have either a QR code or they've got a kind of a bar code scan on them, but that big QR code contains all kinds of information about. [00:04:41] You that would normally be in the online database. So maybe you don't want to carry a bunch of cash. Although, you know, cash is king and credit cards can be problematic. It kind of depends. And the same thing is true with any other personal identifiable information. Keep it to a minimum in your wall. But there is a place online that I mentioned just a minute ago that does have the ability to track much of the dark web. [00:05:13] Now this guy that put it together, his name's Troy hunt, and Troy's an Australian he's been doing this. Public service for forever. He tried to sell his little company, but the qualifications for buying it included, you will keep it free. And there are billions of people, or I shouldn't say people there's billions of requests to his website about people's private information. [00:05:42] So, how do you deal with this? What do you do? Well, the website is called, have I been poned? Have I been E and poned P w N E D. Ponying is an old term that comes from. Uh, these video games before they were online. And it means that basically I own you, I own all of your properties. You've been postponed and that's what Troy kind of followed here. [00:06:11] Have I been postponed to.com is a website that you can go to now. They have a whole bunch of other things. They have API calls. For those of you who are programmers and might want to keep an eye out for your company's record. Because it does have that ability as well. And it has a tie ins too, with some of the password managers, like one password to be able to tell is my new password, any good. [00:06:41] And which websites have been hacked. Does that make sense? And so that is a very good thing, too, because if you know that a website that you use has been hacked, I would like to get an email from them. So the first thing right there in the homepage, you're going to want to do. Is click on notify me. So you ensure in your email address, I'm going to do that right now, while we're talking, they've got a recapture. [00:07:12] I'm not a robot. So go ahead and click that. And then you click on the button. Notify. a lot of people are concerned nowadays about the security and safety of their information. They may not want to put their email address into a site like this. Let me assure you that Troy. Is on the op and up, he really is trying to help. [00:07:39] He does not use any of the information that you provide on his website for evil. He is just trying to be very, very helpful. Now his site might get hacked, I suppose, but it has been just a huge target of. Characters and because of that, he has a lot of security stuff in place. So once you've put your email address right into the notify me box, click on notify me of [00:08:06] Of course you got to click the I'm not a robot. So once you've done that, It sends you a verification email. So all you have to do at that point, it's just like my website. When you sign up for my newsletter, keep an eye out for an email from Troy from have I been poned.com asking you if you signed up for his notification service? [00:08:31] Obviously it is a very good idea to click on his link in the email. Now I caution people, it costs. And you guys all of the time about clicking on links and emails, because so many of them are malicious, but in the case of like Troy or my website, or maybe another one that you sign up for, if you just signed up for. [00:08:54] You should expect an email to come to your mailbox within a matter of a couple of minutes, and then you should spend just that minute or so. It takes to click on that email to confirm that you do want to get the emails from the website, because if you don't hit that confirmation, you're not going to get the emails. [00:09:17] Let me explain a little bit about why that is. Good guys on the internet don't want to spam you. They don't want to overload you with all kinds of emails that may matter may not matter, et cetera. They just want to get you information. So every legitimate, basic a guy out there business, a organization, charity that is legitimate is going to send you a confirmation email. [00:09:50] The reason is they don't want someone to who doesn't like you let's say to sign you up on a few hundred different emails site. And now all of a sudden you're getting. Well, these emails that you didn't want, I had that happen to me years and years ago, and it wasn't sites that I had signed up for. In fact, some of them were rather pornographic and they kept sending me emails all of the time. [00:10:19] So Troy is going to send you just like I do another legitimate website, send you an email. The link that you must click. If you do not click his link, you are not going to get the emails. It's really that simple. Now, Troy looking at a site right now has information on 11 billion pond account poned accounts. [00:10:47] Really? That is huge. It is the largest collection that's publicly available of. To count. So I'm, we're going to talk about that a little bit more. And what information does he have? How does he protect it? What else can you find out from? Have I been poned? This is an important site. One of the most important sites you can visit in order to keep yourself safe. [00:11:16] Next to mine. Right? Make sure you visit right now. Craig peterson.com/subscribe and sign up for my newsletter and expect that confirmation email to. [00:11:29] Have you been hit by ransomware before? Well, it is a terrible thing if you have, but what's the future of ransomware? Where is it going? We've talked about the past and we'll start with that and then move into what we're expecting to come. [00:11:46] The future of ransomware is an interesting one. And we kind of have to look at the past in ransomware. [00:11:55] Ransomware was pretty popular in that bad guy. Just loved it. They still do because it is a simple thing to do. And it gives them incredible amounts of flexibility in going after whoever they want to go. After initially they were sending out ransomware to anybody's email address. They could find and hoping people would click on it. [00:12:24] And unfortunately, many people did click. But back then the ransoms were maybe a couple hundred dollars and you paid the ransom and 50% chance you got your data back. Isn't that terrible 50% chance. So what do you do? How do you make all of this better? Make your life better? Well, ransomware really, really drove up the value of Bitcoin. [00:12:54] Bitcoins Ascension was largely based on ransomware because the bad guys needed a way that was difficult to trace in order to get paid. They didn't want the bank to just sweep the money back out of your account. They didn't want the FBI or other agencies to know what they were doing and where they were located. [00:13:20] So, what they did is, uh, they decided, Hey, wait a minute. Now this whole crypto game sounds interesting. And of course talking about crypto currency game, because from their viewpoint, it was anonymous. So they started demanding ransoms instead of dollars, PayPal, even gift certificates that they would receive from you. [00:13:46] They decided we're going to use some of the cryptocurrencies. And of course the big one that they started using was Bitcoin and Bitcoin has been rather volatile. Hasn't it over the years. And its founding was ethically. Empty, basically what they did and how they did it. It's just disgusting again, how bad some people really are, but they managed to manipulate the cryptocurrency themselves. [00:14:17] These people that were the early. There's of the cryptocurrency called Bitcoin and they manipulated it. They manipulated people into buying it and accepting it, and then they managed to drive the price up. And then the, the hackers found, oh, there's a great way to do it. We're going to use Bitcoin. And so they demanded ransoms and Bitcoin, and they found that no longer did they have to get like a hundred dollar gifts, different kid for Amazon. [00:14:46] Now they could charge a thousand dollars, maybe even a million dollars or more, which is what we saw in 2021 and get it paid in Bitcoin. Now Bitcoin is kind of useful, kind of not useful. Most places don't take Bitcoin as payment, some have started to because they see it might be an investment in the future. [00:15:11] I do not use Bitcoin and I don't promote it at all, but here's what we've been seeing. Uh, and this is from the chief technology officer over tripwire, his name's Dave Meltzer. What we've seen with ransom. Attacks here. And the tie to Bitcoin want to cry back in 2017 was terrible and it destroyed multiple companies. [00:15:39] One of our clients had us protecting one of their divisions and. We were using really good software. We were keeping an eye on it. In fact, in the 30 years I've been protecting businesses from cyber intrusions. We have never, ever had a successful intrusion. That's how effectively. And I'm very, very proud of that. [00:16:05] Very proud of that. We've we've seen ransomware attacks come and go. This wanna cry. Ransomware attack destroyed every part of the company, except for. The one division we were protecting, and this is a big company that had professional it, people who really weren't very professional. Right. And how, how do you decide, how do you figure out if someone really knows what they're talking about? [00:16:32] If all they're doing is throwing around buzzwords, aren't, that's a huge problem for the hiring managers. But anyways, I digress because having a. Particular series of letters after your name representing tests that you might've passed doesn't mean you're actually any good at anything. That's always been one of my little pet peeves over the decades. [00:16:55] Okay. But another shift in the targeting of ransomware now is showing a major uptick in attacks. Operational technology. Now that's a real big thing. We've had some huge hits. Uh, we think of what happened with solar winds and how it got into solar wind software, which is used to monitor computers had been. [00:17:24] And had inserted into it. This one little nice little piece of code that let the bad guys into thousands of networks. Now we've got another operational technology hack in progress. As we speak called vog for J or log for shell. Huge right now, we're seeing 40% of corporate networks are right now being targeted by attackers who are trying to exploit this log for J. [00:17:53] So in both cases, it's operational software. It's software businesses are using. Part of their operations. So we're, and part of that is because we're seeing this convergence of it, which is of course information technology and operational technology environment. In many times in the past, we've seen, for instance, the sales department going out and getting sales force or, or something else online or off. [00:18:25] They're not it professionals in the sales department or the marketing department. And with all of these kids now that have grown up and are in these it departments in their thirties and think, wow, you know, I've been using technology my whole life. I understand this stuff. No, you don't. That has really hurt a lot of bigger companies. [00:18:48] Then that's why some companies have come to me and saying, Hey, we need help. We need some real adult supervision. There's, there's so many people who don't have the decades of experience that you need in order to see the types of holes. So. We've got the it and OT kind of coming together and they've exposed a technology gap and a skills gap. [00:19:16] The businesses are trying to solve right now in order to protect themselves. They're moving very quickly in order to try and solve it. And there they've been pretty much unable to. And w we use for our clients, some very advanced systems. Hardware software and tools, because again, it goes back to the kind of the one pane of glass. [00:19:38] Cisco doesn't really only have one pane of glass, but that's where it goes back to. And there's a lot of potential for hackers to get into systems, but having that unified system. That Cisco offers really helps a lot. So that's kinda my, my little inside secret there, but we walk into companies that have Cisco and they're completely misusing them. [00:20:02] In fact, one of these, uh, what do you, would you call it? Well, it's called a school administrative unit in my state and it's kind of a super school board, super school district where there's multiple school districts. Hold two. And they put out an RFP because they knew we liked Cisco and what some of the advantages were. [00:20:22] So they put out a request for proposal for Cisco gear and lo and behold, they got Cisco gear, but they didn't get it configured properly, not even close. They would have been better off buying something cheap and being still exposed. Like, you know, uh, I'm not going to name some of this stuff you don't want to buy. [00:20:42] Don't want to give them any, uh, any airtime as it were. But what we're finding now is law enforcement has gotten better at tracking the digital paper trail from cryptocurrencies because cryptocurrencies do have a. Paper trail and the bad guys didn't realize this. At first, they're starting to now because the secret service and the FBI have been taking down a number of these huge ransomware gangs, which is great. [00:21:16] Thank you very much for doing that. It has been phenomenal because they've been able to stop much of the ransomware by taking down these gangs. But criminal activity that's been supported by nation states like North Korea, China, and Russia is much harder to take down. There's not much that our law enforcement can do about it. [00:21:42] So w how does this tie into ransomware and cryptocurrency while ultimately. The ability to tr address the trail. That's left behind a ransom payment. There's been a massive shift in the focus from government trying to tackle the underlying problem of these parolees secured curdle Infor critical infrastructure sites. [00:22:06] And that's what I did training for. The eyes infra guard program on for a couple of years, it has shifted. Now we've got executive orders. As I mentioned earlier, from various presidents to try and tighten it up and increase government regulation mandate. But the big question is, should you pay or not? And I recommend to everyone out there, including the federal government recommends this, by the way, don't pay ransoms because you're just encouraging them. [00:22:40] Well, as fewer and fewer ransoms are paid, what's going to happen to Bitcoin. What's going to happen to cryptocurrencies while the massive rise we saw in the value of Bitcoins will deteriorate. Because we won't have businesses trying to buy Bitcoin before they're even ransomed in order to mitigate any future compromise. [00:23:06] So I love this. I think this is great. And I think that getting more sophisticated systems like what, like my company mainstream does for businesses that I've been doing for over 30 years is going to draw. Well, some of these cryptocurrencies like Bitcoin down no longer will the cryptocurrencies be supported by criminals and ransomware. [00:23:35] So that's my hope anyways. And that's also the hope of David Meltzer, chief technology officer over at tripwire hope you're having a great year so far. You're listening to Craig Peter sohn.com. Sign up for my. At Craig peterson.com. And hopefully I can help you have a little bit of a better year ahead. [00:23:57] All of these data breaches that the hackers got are not graded equal. So we're going to go through a few more types of hacks, what they got. And what does it mean to you and what can you do about it? [00:24:13] Have I been B EEN poned P w N E d.com. And this is a website that has been put together by a guy by the name of Troy hunt. He's an Australian and it goes through the details of various. So that he has found now it's not just him. There are a lot of people who are out there on the dark web, looking for hacks, and there's a few different types of hacks. [00:24:43] And of course, a lot of different types of information that has been compromised and gathered by the bad guys. And, um, stat just out this week is talking about how businesses are so easy. To compromise. It is crazy. This was a study that was done by a company called positive technologies, and they had a look at businesses. [00:25:11] Basically they did white hacking of those businesses and found that 93% of tested networks now. 3% of tested networks are vulnerable to breaches. Now that is incredible. And according to them in dark reading, it says the vast majority of businesses can be compromised within one month by a motivated attacker using common tech. [00:25:42] Such as compromising credentials, exploiting, known vulnerabilities in software and web applications or taking advantage of configuration flaw. Isn't that something in 93% of cases, an external attacker could breach a target company's network and gain access to local devices and systems in 71% of cases, the attacker could affect the business in a way deemed unacceptable. [00:26:13] For example, every. Bank tested by positive technologies could be attacked in a way, the disrupted business processes and reduced their quality of service. It's a very big deal. And much of this has to do with the fact that we're not taking cyber secure. Seriously as businesses or as government agencies. [00:26:41] Now, the government agencies have been trying to pull up their socks. I got to give a handout to president Biden. He really started squeezing many of these federal contractors to get security in place. President Trump really pushed it even back to president Obama, who. Pushed this fairly heavily. Now we're starting to see a little bit of movement, but how about the smaller guys? [00:27:08] How about private businesses? What are you doing? So I'm going through right now. Some of the basic things you can get from, have I been poned and what you can do with all of that data, all of that information, what does it mean to you? So I'm looking right now at my business email address, which isCraig@mainstream.net, pretty simple Craig and mainstream gotten that. [00:27:36] And I found because this email address is about 30 years old. Yeah. I've been using it a long time, about 14 data breaches and. Paste. All right. So what does that mean? What is a paste? Well, pastes are a little bit different than a regular hack. All right. The paste is information that has been pasted to a publicly facing. [00:28:03] Website. Now there's many of them out there. There've been a lot of breaches of Amazon site of Amazon databases, Azure, all of these types of things. But we're, we're talking about here are these websites that are designed to. People to share whatever they want. So for instance, you might have a real cool program, wants to people, those to try out to you don't have the bandwidth to send it to them. [00:28:28] You certainly can send it via email because it's much, much, much too big. So sites like Pastebin or out there to allow you to go ahead and paste stuff in and share the link. Pretty simple, fairly straightforward. Well, these pay sites are also used by hackers to make it even easier for them to anonymously share information. [00:28:55] And many times the first place that a breach appears is on one of these paste sites. So have I been poned searches through these different pastes that are broadcast by a Twitter account called dump Mon, which is a site where again, bad guys are putting information out about dumps had been found as well as good guys. [00:29:20] All right. And they. Port, uh, on, in the dump mom dump MUN Twitter account. If you're interested, it's at D U M P M O N. They report emails that are potential indicator of a breach. So finding an email address in a paste. Necessarily mean it's been disclosed as a result of a breach, but you should have a look at the paste and determine whether or not your account has been legitimately compromised as part of that breach or not. [00:29:53] All right. So in my case again, for theCraig@mainstream.net email address, it was involved. In a paste. So let me see what it says. So let me see. It shows it involved in a pace. This is pace title AA from July, 2015. So this is information from published to a publicly facing website. I don't know if I click on that. [00:30:22] What does it do? Yeah. Okay. So it actually has a link to the paste on AEs to ban. And in this case it's gone, right? It's been deleted. It could have been deleted by the Pastebin staff. Somebody told them to take it down, whatever it is. But again, have I been poned allows you to see all of the information that has been found by the top security. [00:30:48] Researchers in the world, including various government agencies and allows you to know what's up. So let's have a look here at passwords. So if you click passwords at the very top, this is the other tool you should be looking at. You can safely type in the passwords you use. What have I been poned does is instead of taking the passwords from these hacks in the clear and storing them, it creates a check some of the password. [00:31:21] So if you type a password into this, I'm going to type in P a S S w Z. Oh, excuse me. Uh, oh, is that, let me use a better password. P at S S w zero RD. One of the most common passwords on the internet, common passwords ever. Okay. So it says, oh no, poned this password has been seen 73,586 times B four. Okay. It says it, the passwords previously. [00:31:53] Appeared in a data breach and should never be used if you've ever used it anywhere before change it. You see, that's why you need to check your passwords here. Are they even safe to use because what the bad guys have done in order to counter us using. Longer passwords. Cause it's not the complexity of the password that matters so much. [00:32:16] It's the length of the password. So they don't have enough CPU resources in order to try every possible password from eight characters through 20 characters long, they could never do that. Would take forever or going to try and hack in. So what they do is they use the database of stolen passwords in order to try and get in to your account. [00:32:42] Hey, I'm going to try and summarize all of this in the newsletter. So keep your eye. For that. And again, the only way you're going to find that out and get my summary today, including the links to all of this stuff is by being on my email list. Craig Peterson.com/subscribe. That's Craig Peterson, S O n.com/subscribe, stick around. [00:33:09] Did you know, there is a site you can check your password against to see if other people have used it. And if that password has been stolen, it's a really great site called have I been postponed? And we're going to talk about it more right now. [00:33:26] You know, I've been doing cyber security pretty much as a primary job function here in my career for about, let me see. [00:33:37] Not since 92. So my goodness, uh, yeah, an anniversary this year. Okay. 30 years. So you're listening to a lot of experience here as I have. Protect some of the biggest companies in the world, the department of defense, defense, and military contractors all the way down through our local dentist's office. So over 5,000 companies over the years, and I helped perform what are called virtual CIS services. [00:34:11] Which are services to help companies make sure that they have their security all lined up. And we also have kind of a hacker audit whether or not you are vulnerable as a business to being hacked. So we'll go in, we'll look at your systems. We can even do a little bit of white hat hacking in order to let you know what information is out there available about your company. [00:34:39] And that's really where. Have I been poned comes in. It's a very simple tool to use and it gives you some great information, some really good information about what it is that you should be doing. What is that? I had a meeting with the FBI, one of my client's sites, because they had been hacked and my client said, yeah, go ahead and bring them in. [00:35:03] And it turned out to be the worst infection that the Boston office of the FBI has ever seen. There were active Chinese backdoors in there stealing their information. Their plans are designed everything from them. Right there. Right. And, oh, it was just incredible to see this thing that it all started because they said they had an email problem. [00:35:30] We started looking at more closely and we found him indications of compromise, et cetera. So it gets bad. I've been doing this for a long time. But one of the things that you can do, cause I understand not everybody can do what we do. There are some very complicated tools we use and methods, methodologies, but this is something anyone can do. [00:35:53] Again, this site's called, have I been poned.com? You don't have to be a white hat hacker to use this. This is not a tool for the black hats, for another words, for the bad guys, for the hackers out there. This is a tool for you, whether you're a business person or a home user. And we talked about how you can sign up there to get a notification. [00:36:18] If your account has been hacked. So I'm going to the site right now. Have I been poned, which is spelled P w N E D. Have I being B E N poned P w N E d.com. And I'm going to type in me@craigpetersong.com, which is my main email address for the radio show and others. So good news. It says. Postage found. In other words, this particular email address has not been found in any of the hacks on the dark web that Troy has access to. [00:36:56] Now, remember, Troy does not know about every hack that's occurred. He does not know about every data breach that has occurred, but he knows about a whole lot of them. And I mean, a lot. If you look on his site right there in the homepage, you'll see the largest breaches that he knows about drug. For instance, 510 million Facebook accounts that were hacked. [00:37:24] He has the most recently added breaches. We just got an addition from the United Kingdom, from their police service over there. Some of the more recent ones include Gravatar accounts. Gravatar you might have a, it's a very common, in fact, 114 million Gravatar accounts information were compromised. So me at Craig Peterson is safe. [00:37:52] Well, let me check. My mainstream email address now, mainstream.net is the website that I've been using for about 30 years now online. And this is the company that I own that is looking at how do we protect businesses? No. And we're a small company, basically a family operation, and we use a lot of different people to help out with specific specialties. [00:38:21] But let me seeCraig@mainstream.net, this one's guaranteed to be poned all right, because again, that email addressCraig@mainstream.net is close to 30 years old. Uh, okay. So here we go. 14 data breaches. It says my business email address has been involved. Eight tracks back in 2017 and it says compromised data was emails and passwords. [00:38:48] The Apollo breach in July of 2018. This was a sales engagement startup email address, employer, geographic location, job, title, name, phone number salutation, social media profiles. Now you see this information that they got about me from this Apollo breach. Is the type of information that they need in order to fish you now, we're talking about phishing, P H I S H I N G. [00:39:17] And the whole idea behind fishing is they trick you into doing something that you probably. Should not do. And boy, do they trick you into it? Okay. So the data left, exposed by a Paulo was used in their revenue acceleration platform and it's data that they had gathered. That's fishing stuff. So for instance, I know my company name, they know where it's located. [00:39:44] They know what my job title is, uh, phone numbers, uh, how to address me, right. Not my pronouns, but salutations, uh, and social media profile information interest in it. So think about all of that and how they could try and trick me into doing something that really is against my best judgment. My better interest makes sense. [00:40:09] Co this big collection collection. Number one in January, 2019, they found this massive collection of, of a credential stuffing lists. So that's combinations of email addresses and passwords. It's the, uh, 773 million record collection. So what password stuffing is, is where they have your username. They have your passwords that are used on multiple accounts. [00:40:40] Now, usually the username is your email address and that's a problem. And it really bothers me when websites require your email address for you to log in, as opposed to just some name that you make up. And I make up a lot of really cool names based on random words. Plus I have 5,000 identities that are completely fabricated that I use on various social media sites or other sites where I don't care if they have my right information. [00:41:14] Now, obviously the bank's gonna need your information. You can't give it to the, you know, the fake stuff to law enforcement. Too anyways, but that's what credential stuffing is. They will use the email address that you have, that they found online in one of these massive dumps, or maybe one of the smaller ones are long with the passwords. [00:41:39] They found that you use on those websites and they will stuff them and other. They'll use them on a website. They will continually go ahead and just try different username, different password combinations until they get in. Now, that is a very, very big problem called credential stuffing. And that's why you want to make sure that you change your password when a breach occurs. [00:42:10] And it isn't a bad idea to change it every six months or so. We'll talk more about this when we get back, but I want you to make sure you go right now because we've got bootcamps and other things starting up with just probably mid to late January. And you only find out about them@craigpeterson.com. [00:42:32] Make sure you subscribed. .

    Are You Ready For the Next Hacker Wave? It's Going to Be Brutal!

    Play Episode Listen Later Jan 3, 2022 42:26

    Are You Ready For the Next Hacker Wave? It's Going to Be Brutal! Right now, we're going to talk about this vulnerability, this huge vulnerability in almost the entire internet that will affect your life over the following number of years. And if you're a business, you better pay close attention. [Following is an automated transcript] [00:00:16] Well, we are looking at what is being called the single most significant, most critical vulnerability ever. [00:00:24] And if you want more information on this, have a look at last week's show, you'll find it up on my website. I talked quite a bit about it. You can email me M e@craigpeterson.com. I've put together a little cheat sheet that you can use to find out. What should I do? If you're an IT professional, this isn't something that you can do if you're a regular home user because you probably don't have any software your maintaining that has this log for J vulnerability. [00:00:59] But I do have to warn you that you probably do have a little bit of hardware that might have it in there. Many of these firewalls used in homes have it, not all of them, uh, I'm, a minority of them, but here's why this is the single most significant and most critical vulnerability ever. There is a programming lab library that is used in the job. [00:01:26] Programming language that logs events, if you're writing software and let's say their software is running a website, it could be almost anything. And do you notice a condition that's not quite right? What should you do while you should log it? And then, hopefully, the people that are running your software are monitoring the logs. [00:01:49] See the logs? No. Oh my gosh. Uh, there is something wrong here. One of the logs that I keep an eye on that just absolutely amazes me, frankly, is the SSH Daemon logs. Now SSH is a protocol. It uses encryption to get onto other machines using the command line. Now I've used a lot of protocols over the years to do this. [00:02:17] Telnet was the first, and SSH is something that I've been using for a very long time. You might remember the Heartbleed bug from a few years back. That nailed a lot of people, but I keep an eye on that SSH log because. If someone's trying to log into my system from the internet, that log will show it. [00:02:39] It's going to say that someone to try to use this username; they were coming from this IP address, and they failed to get in. And I have software that automatically monitors that log and says, well, if someone's coming from the same. Address multiple times. And they are unsuccessful at logging in add their internet address to my firewall blocking rules. [00:03:09] So what ends up happening is. Well, they just can't even get to my machine anymore. They're trying to hack me. same thing's true with the web blogs. If we have people who are trying to, for instance, kind of put us out of business doing what's called a denial of service attack, where they are sending us a lot of data. [00:03:31] Well, we can at our site or upstream from us have that IP address. Block. And that stops the attack, distributed denial of service attacks, or are a little bit more complicated. So all of this gets logged. It all gets written to a file, or it gets pushed off to a server that keeps track of the logs. And, and then there's analysis software, the looks at logs for. [00:03:57] Anomalies, all of that sort of stuff. It makes a lot of sense. Right. But this particular library that's used by Java programmers has a bug in it that allows a remote user to send just a small string, nothing fancy at all that can command. The web server that is using the logging function to go ahead and download malware. [00:04:28] Well, the easiest low-hanging fruit, when it comes to what kind of malware can we put onto a computer is quite simply crypto mining. So the bad guys they'll go ahead and they'll just send a small string, very simple. They don't have to compile a program. They don't have to do much of anything. They just send this little small. [00:04:50] And if that string gets logged, for instance, by my SSH, my remote access demon, or gets logged by the web server or something else, all of a sudden that wonderful little feature that allowed you to easily log things. Is your enemy because that feature is going to interpret that particular string that was sent to the log and try and be helpful. [00:05:18] But in fact, it could be given a command to download this remote file. Ran, then run that remote file. And that remote file initially here has primarily been crypto mining soft. So now your computer's being used by someone else. Your electricity's being used to mine. Things like Bitcoins or some of these other cryptocurrencies that are out. [00:05:45] Now the real reason, this is a huge, huge problem. Again, let me quote here. This is from Ahmad, a mate. I should say you're an over a tenable. It is by far the single biggest, most critical vulnerability ever. Why is that true? There's a couple of reasons. Ease of use is the obvious reason. It is so easy to use, not just for crypto mining, but for hacking any machine you would care to hack. [00:06:19] And then the second reason is it is in bedded everywhere. There are millions of computers that are vulnerable. We're seeing a hundred. Computers per minute, being hacked using this vulnerable. And if you are running, let's say a firewall that has this vulnerability. We have some clients that had this vulnerability and it is obviously a bit of a problem, right? [00:06:51] Well, that vulnerability now allows bad guys to get onto that firewall. And perhaps beyond that firewall, in order to do pretty much whatever they want. To do. This is huge, huge, huge, lots of software has flaws, and you need to be able to recover from the flaws. I've talked many times about how there are only two types of software. [00:07:23] There are software that has been hacked and there are software that will be hacked. So you need to make sure you know, that if someone gets into your network or gets into your computer, that you can restrict the damages, you can keep it under control. But with this log for J vulnerability, B. Everywhere in, not just that one library, but remember that one library is used all over the place. [00:07:52] It's in hundreds of thousands of pieces of software. Now, every one of these vendors has to grab the most recent version, recompile their software and send and re link it in deep pans. Right. I understand this is Java and then send it out to all of their customers to install the software. This is the second reason. [00:08:15] It is such a big. There will be sites. There will be pieces of software that have this vulnerability for years to come. And one of the biggest examples of this vulnerability is almost every Android device out there. Think of all of the phones. People have Androids being used for tablets it's in televisions, it's everywhere. [00:08:40] And with this particular vulnerability. Being everywhere. Every vendor that uses Android is going to have to release patches that you're going to have to install. Now it's one thing to have a brand new TV, and we've got a brand new Samsung TV and it's hooked up to the internet. It streams, Disney and discovery. [00:09:05] And it's just a wonderful thing. I love my TV, right then of course you probably realize I don't use smart TV features because of this particular type of person. What ends up happening? Well, how long is Samsung actually going to support updates for your television or Vizio who, by the way, one of the worst companies, when it comes to your privacy of your information on your television, how long, uh, how about your Android phones? [00:09:39] More than half of all Android smartphones out there, we'll never get another software. If you are still using Android smartphones now is the time to switch to an iPhone. I have been talking about this for years. I am not like the world's biggest apple fan. I'm not trying to make everybody an apple fan. I really don't care. [00:10:06] What I do care about is the ability of the software designers, those software implementers and the hardware manufacturers, the people that are in the supply chain on that Android device. I care that they do. Provide updates when it comes to security problems. And if you're using an iPhone, yeah. Again, two types of software right now, like phones have had vulnerabilities that can be vulnerable, but apple is supporting right now, still the iPhone six S which came out what five or six years. [00:10:46] With full security updates. They've even gone back further. Sometimes the Nat. So make the switch right now. If you are an it professional, I've got this whole list of resources that I vetted, I know are good that you can use to scan for this vulnerability in your network or on your. To where just email me M e@craigpeterson.com. [00:11:12] And if you have any questions about this or cybersecurity in general, just reach out again. me@craigpeterson.com. [00:11:21] Did you know that cyber flashing is a thing. We talked about it a couple of years ago, but it's back in the news this week and also apple air tags. They just released a new feature for our friends with Android. We'll tell you why. [00:11:38] Have you seen these air tags? Have you used them? They came from an idea that was really pioneered by company. Tile. And I guess they, I don't know what happened with the patent. I guess it didn't have one or apple wouldn't have been able to do this, but then again, you know, you've got a really big company you're up against a, it doesn't matter whether you're in the right. [00:12:02] Sometimes I'm not sure what happened there, but they have. These trackers called air tags. And I mentioned before on the show that my daughters have a total of five cats, well, actually six cats. Now I think of it. And what they've done is bought air tags and put them on. All of the cats callers. So they took them, they they've got them fastened on with this little holder. [00:12:31] You can get all kinds of holders. The air tags themselves are just little round buttons, really, and you can stick them into your wallet. For instance, in case you keep forgetting or losing your wallet, you can also put them into a holder. So they go on a key chain. I have a couple of flashlights at the house. [00:12:50] And if you're like me and you have other people around and it's dark and they know where your flashlight is, they'll take and borrow it right now. You don't get your flashlight back. It kind of bothers me. I probably shouldn't bother me as much as it does, but then when I need the flashlight, I just can't find this. [00:13:12] So, what did we put on the flashlight? We put an air tag on there. So the airtight ties into your iPhone. And if you have a newer iPhone, it's just absolutely amazing because the, the airtight will tell you where it is, but the newer iPhone, you can use it and it will walk you through. Up to the air tag, like, okay, it's a foot in front of you on the left-hand side or whatever, it'll take you there. [00:13:42] It's very cool. It's like these futuristic scifi movies. The problem with air tags that we discussed on the air here is that they have been used for evil. And what the bad guys have been doing is they'll take an air tag. They might drop it in your purse in order to follow you. Isn't that scary. They also have been taking the air tags and putting them on expensive cars so that they can follow you home. [00:14:16] Now, obviously nowadays it's extremely hard to steal one of the more expensive cars cause they've got all of this automation in them. The fancy systems do stop you from stealing it. Even my old F150 had a little chip built into the key so that it wouldn't start and less, that key that was starting. It actually had that RFID chip in it so that this technology. [00:14:45] Isn't being used so much to steal the car, but to know where you live and when you are home and when you're not home, you know, I've been warning everybody for many years, not to post on social media about vacation saying, oh, we're leaving. We're going to be gone in the Caribbean for two weeks. We're going for new year's party here, Christmas there, Hanukkah celebration, whatever it is you're doing, because the bad guys use that information to. [00:15:19] I'm break into your home and to steal things from your business. And I'm, I'm going to get into all of the details right now of how they do that. I've talked about it on the show before, and I'm sure I will talk about it again. And you'll even see some of the references on my website@craigpeterson.com. [00:15:36] If you're interested, there's some real interesting stories up there. What's happened to people. That particular problem of having an air tag and then having it put on to you to track you, or do you track your car or other devices is a huge potential problem. Now, apple built into the iPhone, a special little feature some time ago that when they, in fact, when they came out with the air. [00:16:11] So that when an airtight is following you, in other words, someone dropped it into your purse or your pocket or on your car. And that air tag is moving with you. It says, Hey guy, uh, there is an air tag following you. And at that point you can say, wait a minute, uh, what's going on here now? It's not going to warn you about your own air tags. [00:16:35] You know, the ones that you own. It's going to warn you about an, a foreign air tag one. That's not yours. In other words, someone's trying to track you so brilliant. Move on. Apple's part to get that out right away before there were any really scary, bad news stories about the same thing happened. How about Android users? [00:16:57] That's where the problem really is starting to come up. If you're an Android user, you don't have the ability to detect an air tag. Well until now. So if an air tag was following you, it wouldn't. Let you know, it couldn't let you know it didn't know. So apple is now offering what's called tracker detect. [00:17:21] It's an app on the Google play store, a free app that you can download if you using Android. And, you know, there are many, many, many, many reasons not to use Android and there's. Are almost as many to use iPhones. Okay. So if you use an Android switched to an iPhone, but if you're stuck on Android, because that's what your business gave you until you have to use it, have a look for tracker detect to end the apps description on the play store says tracker detect looks for item trackers that are separated from their owner, and that are compatible with Apple's find mine network. [00:18:02] These items, trackers include air tags and compatible devices from other companies. If you think someone is using air tag or another device to track your location, you can scan, scan to try and. So, I'm not sure that it's as good as the apple implementation, where the apple will pop up and say, even though you're not scanning for an air tag, say, Hey, somebody's tracking you. [00:18:31] It sounds like you have to actually use. Just scan for it. But Android users, according to Mac trust can scan the area to find nearby error tag trackers. If they think that there's an air tiger or other device that's being used to track their location, uh, an apple support document that you'll find online on support that apple.com. [00:18:57] Says, if you think someone is using an air tiger, other item tracking to track your location, you can scan to try and find it. If the app detects an air tag near you for at least 10 minutes, you can play a sound to help locate it. So that's the part that makes me think that it's always active. Okay. On your, on your Android device, it's free and you can get it right there in the Google play. [00:19:23] This next item is really, it applies to all of us here in the us, and it applies also to people over in the UK. And the UK is really getting kind of upset about this because apparently there are no laws against. Flashing now there are in the U S and it kind of depends on where you live, but cyber crap flashing is really a crime or should be a crime what's been happening. [00:19:58] Is people again who have iPhones have this ability to share files or websites, et cetera, with another person. It's fantastic. It's called airdrop. I just love this. And I use it all the time even to share files between my own devices. And what happens with air drop is you, you take the file and the use open up airdrop and you see, oh, okay. [00:20:26] There's my wife right there. So I click on the file. I drag it on top of it, a little Karen icon in airdrop, and now she gets a notice. Hey, there's a file from. Coming on in, and it does well, I always in my family and my business people, I always said to them, Error drop, uh, settings to only allow an airdrop from people that are in my contact list. [00:20:57] And that reason for that is this particular problem. People have been cited. Flashing. So what they do is they send obscene pictures to strangers through airdrop. And this term can also of course, apply to Bluetooth devices because you can also send these things via Bluetooth. I don't want to really talk a lot about what's really happening here. [00:21:28] Hopefully, you know what flashing is, or flasher is sending these obscene pictures, but the tone, the term was coined in August 25th. This female commuter was airdropped two pictures, obscene pictures, and they reported it to the British transport police. But we've seen, I have seen, and I've talked about cases where people are driving down the highway and all of a sudden on their phone come these obscene pictures because someone was driving past and they air dropped, or they use Bluetooth to send obscene. [00:22:09] There is an easy way to not allow that to happen. And that is the settings that I use, which is only allow airdrop from people in your contact list. You know, these are absolutely amazing features that they have, but there are some really weird people out there that think that this is the, this is a fun way, uh, to really mess with other people. [00:22:36] It's. It's just crazy. Okay. By the way, you can also turn air drop off. If you never use it, don't worry about it or a turn it on when you need it. And when someone's going to send something to you, Hey, I want you guys to take a couple of minutes here. If you go to Craig peterson.com/subscribe. You're going to find out about the bootcamps we have. [00:23:01] You're going to get my weekly trainings that I have. These are just an email. They just last a few minutes. You are going to love them. I get all kinds of compliments and this is in my free newsletter. Okay. It's not going to cost you anything. I'm not going to be hammering you on buying stuff. I want this information out. [00:23:24] That's why I am here today on. Everybody needs to understand this stuff. Craig peterson.com/subscribe, and I will be seeing you in the email world. [00:23:39] One of the things we wonder the most about is what's the future. What's the future of laptops and future of computers. We talked about some of these new chips that are out there, but this is an interesting story about what Dell is doing. Yeah. Dell. [00:23:55] I want to follow up a little bit about the 3g shutdown. We didn't quite get through the list. [00:24:02] All almost all of the Volvos from 2015 on to 2018, have this problem. There's only two automakers that told the drive.com that U S vehicles are unaffected by the end of 3g. So if you own a Ferrari or a McLaren, You're okay. Okay. Also what's interesting is what the different guys are doing. Subaru has an interesting little plan here going forward. [00:24:35] If you have what they call a connected vehicle plan. And this is according to a service bulletin filed with the national highway traffic safety administration. And then they will do a retrofit at no cost. How's that for nice. A lot of these manufacturers are upgrading to 4g. Yeah, the, uh, you know, LTE, the stuff that was really fast, you remember that I was remembering getting 50 megabits and that it was just incredible. [00:25:05] But at any rate, they're offering that and the option to purchase a subscription. To 4g. So you'll be able to get two gig of data per month at $10 a month. Now that's for some manufacturers, not all of them, have it $30 a month if you want unlimited data. So depending on how much you're driving GM started pushing a free over the air update in October to keep OnStar running. [00:25:32] After the 3g shut down though, some 2015 model year cars will need a ma a hardware worse. Tesla says it plans to charge $200 to upgrade older model S vehicles, but no additional fees are noted for it. Toyota, Toyota and Lexus are not planning to retrofit. Affected vehicles in its public FAQ Toyota sites, a clause and its disclosures that said certain connected services may change at any time without notice. [00:26:08] And when the drive ass Toyota, if it plans to offer an upgrade paid or otherwise for consumers who own effective vehicles, the answer was assumed. No. And Toyota, by the way, is one of the companies that has decided, Hey, um, we're just going to go ahead. And, uh, you, you, you know, that remote start that you got for those cold winters. [00:26:31] Yeah. W we've decided that, uh, even though you paid for, you know, what, three, four years ago, we're going to start charging you monthly to use your remote start. Uh, come on guys. So have a little. Um, try and find out, talk to your, uh, your automotive dealer or go to duck, duck, go and look up your car and type in three G uh, end of life at the same time and see what it comes up with at your model in there. [00:27:05] But I am very disappointed with Toyota. I have some friends that just loved Toyota. I bought a brand new one. Way back when, when would have been like 82, 3, something like that, a great little car Cresseta with a supra engine in it. And I drove that for quite a few years. The good, tough little car I had to keep replacing the water pump, but that was the only problem we ever had with it. [00:27:31] But I haven't owned a Toyota since then, but this is, and I've actually been thinking about it lately, but this is something that really turns me off. I don't know about. Let's get into our next, a little problem area. And that is fleet managers. If you are relying on electronic logging devices and other internet of things, devices to track your trucking fleet. [00:27:57] There's some problems. Uh, let's see here, here's a quote. This is from Czech Republic. Uh, John Nichols, executive vice president of sales for north America and mixed telematics estimated that about 80% of his customers are still using 3g devices. Now this was about a year ago. This is from a November, 2020 article. [00:28:22] So this is going to be a very. Problem for you as well. Uh, for any people who have fleet vehicles that they're trying to maintain, hopefully you know about this. Hopefully your vendors are going to take care of it for you. I'm impressed. The GM set their cars up with the hardware that can handle 3g and 4g. [00:28:44] And all you need is a software upgrade to have it switch. I think that was very smart of them. So. Kudos to GM for that particular thing. Dell led let's get into the future of computers and laptop design. Dell has been doing some interesting things. Now you probably heard me a couple of weeks ago be moan Dell because they have businesses. [00:29:06] Specialists and experts that you can call that really know almost nothing about what you really need. And it just drives me crazy because Dell has been selling my customers, hardware that doesn't meet the customer's needs because frankly, the customers don't really know what their needs are. And so that's something that I've helped them with. [00:29:28] And I, if you email me@craigpeterson.com, I written up. On what the best computers to buy are based on what it is you need, you know, what, what are the tricks that you need to follow? But what Dell is doing right now is something they're calling concept Luna, and I've seen things like this before. There was a, a cell phone that was being manufactured that allowed you to change modules. [00:29:58] They were literally just click and go and kind of like Lego. Almost and the phones weren't that popular. I don't even think they're in business anymore. I can't remember their name, but those particular clicking NGOs were clicked and gone is kind of the bottom line on it because they were kind of big. [00:30:19] They were kind of clumsy. They weren't released something people wanted to use. You know, Android comes from Google. And Google has their basic tests and says, this is what Android should look like, but every manufacturer puts their own look and feel on top of that Android operating system. And what that ends up doing for you is, you know, makes it a little more pleasant and also. [00:30:49] So that you don't really, really want to go and change your phones. Cause you're used to the way this particular phone works, but Dell is looking at doing kind of the same thing. They're looking at this electronic waste problem where you have a laptop, it gets old, you throw it away. And, but now it looks like there's more sustainability. [00:31:14] Built into things like this Luna design, they're trying to make the company's laptops more environmentally friendly and in the process are going to make them more repairable, which is kind of cool. If you look at what Apple's done in their laptops, there's basically nothing inside there. That's user replaced. [00:31:36] Okay, you can probably replace a battery. I use a company I've had their president on my show a few times. Uh, Larry, um, Connor, I think it is his last name, but OWC other world computing and they've got. Little upgrades and replacement parts and videos on how to do it and all the tools you need to, to upgrade your Mac. [00:32:00] But nowadays apple is soldering the memory on the motherboard, or even more recently using the apple chips. And by the way, this is part of the reason they're so fast. They are putting the memory right on the same silicone and. The CPU itself. So they're moving towards a one chip with everything on it. So if you buy an apple computer nowadays, I love them. [00:32:29] They are great. They've got great security built in, et cetera, et cetera, but you better buy a computer that has enough memory and enough storage on it to last you for some years. Because a lot of these computers I'm picking on apple right now, but there's a lot of other vendors the same way. They are not upgradeable, but concept Luna should work pretty well boring. [00:32:56] This idea from that's right. It was framework. That was the name of it. Anyways, stick around and visit me online. Craig peterson.com. [00:33:05] If you own a car and that car has been made, uh, all the way up to 2021 and your car is using. The internet by a 3g, which is most cars. I got a little news for you. [00:33:22] We are looking at a real big problem here that most people haven't heard of. [00:33:29] I was talking in fact, this week on the air with someone who has a car to Volvo and they have a remote little starter, which has been great for. And they were informed that they needed to do an upgrade. And that upgrade turned out to be very costly. I had another listener who has a solar panel on the roof of their house and their solar panel on that roof is designed to. [00:34:03] Be able to get updates, software updates, let you know, what's the charge like how much sun is there today? Maybe you should brush off some of the snow. All of that is communicated by the. But how, how was that working? The problem that most vendors have is, uh, how do they get the data to, and from their devices? [00:34:30] If you think about, for instance, Elon Musk, with the wonderful little Tesla cars, they want to push an update and we're seeing this more and more by. The older cars, most cars, non Tesla, as you take them into the dealer for service. And while it's there they go ahead and plug it in. They download new software firmware from the internet and install it on your car. [00:34:56] And you are often driving. Maybe you're none the wiser. Maybe you got some new features. So it's one thing for them. To have control over a basic network, uh, network that our car dealer might have where they say, okay, here's the specs you need this much. Download speed. You need that. You need the other thing simple enough. [00:35:20] But how about you and your home or you and your business? How does that time system keep track of the employees when they sign in and out? Does it upload it to the internet? Did you have to plug it into your network? Did you have to hook it up to your wifi? I can tell you from personal experience, anytime we touch your network and there is. [00:35:45] Problem later on, we own the problem, even if we had nothing to do with it. It's again, it's another Craig ism, whoever touched the computer last owns the next problem. So these vendors have decided, well, we can solve that problem. All we need to do is use cellular phone data. So they put effectively a little cell phone onto their devices. [00:36:13] Just like that Volvo we were talking about or other high-end luxury cars. So there's solar panel has a 3g modem in it. The cars have 3g modems in them to unlock the doors, to start the. In many cases, right? They also have updates that come down from the cloud, quote, unquote, over three G for your navigation system to let you know, Hey, there's heavy traffic. [00:36:45] I'm going to reroute you. We're rerouting all of that data coming from the 3g network, coming through it, or being pushed up via the 3g network. All of that data is in trouble and it's in trouble because. Every major carrier is eliminating three G next year. Yeah, it is really that bad. A T and T is shutting down 3g services in February. [00:37:16] Sprint's following in March and T-Mobile in July and Verizon. On December 31st, all of them, 2022, that is a very big deal and a very big problem. So what can you do about it? No, it depends. The roof, solar panels, we were just talking about their vendor, told them they could do the upgrade for them, and it would be $800. [00:37:47] Very very big deal. We also had other people who were talking about their cars and what had to happen with them. And the cars are look like they're tending to be more expensive. You can expect to pay between 520 $500 for an upgrade because many of them are saying, Hey, w you know, we're not going to just fix this one problem. [00:38:10] We have to replace the whole module. And that means. To replace your infotainment system in your car. Infotainment of course, being basically everything that has to do with your GPS navigation, your satellite radio, your, uh, your car play from apple or Android car or whatever it is you might be using. [00:38:33] That's why it gets so expensive. So. Keep an eye out. This is going to be a very, very big deal. We're looking at everything from owner applications, like going ahead and starting that engine to warm it up to emergency calls services to in navigation, functionality, reporting telematics, which is the data about your car back to the dealer. [00:39:02] Ultimately, so, you know, your car says, oh, uh, you need to go in and get your oil changed. And it's going to be a, you know, we can set up alarm and you want it. And you know, some of them are very, very fancy and all of that is going to go away and includes a lot of luxury cars all the way through. Some 2021 models, but many, many of them, if not most of them through 2019. [00:39:29] Okay. Is that a very, very big deal or what these 3g towers are going away? The companies, the cell phone companies are planning on reusing that bandwidth and they're going to put it into where yeah. 5g, exactly 5g. So here's a few. The cars that you might want to be concerned about Acura. They have something called link, uh, and they have, let's see the MDX ILX, RDX, uh, RLX TLX NSX, like kind of sounds like almost all of them. [00:40:06] So Acura is going to have a problem with almost all of their cars that were made between 2014 and 2017. Audi. They're going to have problems with, again, all their cars, a three, four or 5, 6, 7, 8, the RS Q3 five and seven. Yeah, pretty much all of their cars from 2012 through 2018. So I already saw this coming and decided to fix it early, so good for them. [00:40:39] So basically if your car is older than 2018 model year, you're going to have some problems, Bentley. A number of models produced prior to 2020. And if you're driving a Bentley and do you want to give it to some guy, you know, really great looking guy, you can just let me know Craig. Yeah. Yeah. [00:40:57] me@craigpeterson.com BMW number models produced before 2019 general motors. Models may between 2015 and 2021 across its fleet will be affected, but it's not breaking down with specific vehicles across it's brands of Buick Cadillac, Chevy, GMC, but they did in this case, it's the drive.com track down a technical service bulletin that indicates almost every post 2015 model is affected. [00:41:32] Okay. Yeah. Bu-bye a Honda again, pretty much everything. From 2018 to 2021 Lexus all models 2010 to 2017 Mazda. Pretty much everything. 2016 to 2019 Mitsubishi, every eclipse cross and Outlander Porsche 9 11, 18, 7 eighteens, et cetera, et cetera. All of them, 20 14, 20 19 Subaru. Pretty much everything. 2016 and on Tesla model as built before 2015 Toyota. [00:42:14] Ooh, they got some interesting problems, 2010 and on Volkswagen, much the same stick around. Visit me online. Craig peterson.com.

    The Worst Internet Vulnerability Ever? And It Isn't Going Away Soon. What's Log4J?

    Play Episode Listen Later Dec 18, 2021 85:05

    2021-12-18 1144 [00:00:00] Well, the tech world is all a buzz with this log for J or log for shell. However you want to call it because we are looking at what is probably the biggest security vulnerability the internet has had in a long time. [00:00:16] This is huge, huge, huge to chew. [00:00:19] I don't know how to express it anymore, but there are multiple problems here. And even the patch that was released to fix this problem was broken as being exploited in the last 24 hours. There've been no less than 30 different new. Variations of the exploit. So what is going on? There is a computer language that's used by many programmers, particularly in larger businesses called Java. [00:00:52] You might remember this, I've been following it and using it now, since it first came out very long time ago from sun Microsystems. Java is a language that's designed to have kind of an intimate. CPU processor. So think about it. If you have an Intel chip that is an x86 type chip, what can you use instead of that Intel chip to run that code? [00:01:19] Well, there are some compatible chips made mainly by AMD advanced micro devices, but you're really rather limited. You have problems. Power. Well, you know, guess what you're stuck. You're stuck in that architecture. And then on the other end of the spectrum, you have some of these devices that are designed by companies like apple, Google has their own. [00:01:41] Now that our CPU's their graphics processing units as well. And they completely replaced the Intel architecture. But the Intel code, the programs that are written for the Intel architecture that are compiled for Intel are not going to work on the apple chips and vice versa. So what did apple do? Well, apple, for instance, just moved from Intel over to. [00:02:08] Own chipsets and these chips don't run Intel code. So how can you run your old apple apps? Well, apple has a little translator. They call Rosetta. It sits in the middle and it pretends it's an Intel processor. This really rather simple. And they've done an amazing job on this. And w Rosetta is actually a third party company and they helped apple as well with the transition from the IBM power series chips to the Intel chips. [00:02:41] So how do you move the code around while you either have. Recompile it, you may have to redesign it, rearchitect it for the new type of processor and the new types of computers that are supported by that processor. Or you may do what Apple's done here a couple of times now, and that is having an interpreter in the middle that pretends it's something else pretends as an Intel chip. [00:03:07] And then you can still run your in. Code because it knows, okay. It was designed originally for this apple Intel architecture. So I know how to make all of this work Java steps in and says, well, why are you doing all of that? That's kind of crazy. Isn't it moving all of your code around all of the time. So Java's original claim to fame was what will, will make life easy for? [00:03:33] What you do is you write your code. Using Java in Java is very similar to C plus plus in some of these other languages that are out there. And that language, when you're writing your source code will be compiled into an intermediate. Code. So what happened is sun Microsystems designed this virtual machine? [00:03:56] Now don't think of it like a normal VM, but we're talking about a CPU architecture and CPU instructions. And so what it did for those CPU instructions. Which is really quite clever, as I said, well, we'll come up with what we think are the most useful. And it's a Cisco architecture for those of you who are ultra geeks like myself. [00:04:19] And we will go ahead and implement that. And so the compiler spits out code for this CPU that doesn't actually exist anywhere in the known universe. And then what happened is sun went out and said, okay, well, we'll make an interpreter for. Artificial CPU that'll run on Intel chips and we'll make another one that runs on these chips, that chips and the other chips, beautiful concept, because basically you could write your code once debug it and run it off. [00:04:53] Anything that was kind of one of the original claims to fame for Unix, not so the run at anywhere part of it, but the part that says, well, it doesn't take much work to move your code to different machine, and we're not going to get into Unix and its root I've been around the whole time. It's kind of crazy. [00:05:13] I just finished reading a book and saying, I remember that I remember that. And they were going through all of the history of everything I was in the middle of that. I did that. That was the first one to do this. It was kind of fun. Anyhow, what Java has done now is it's really solidified itself in the larger enterprises. [00:05:34] So basically any software that you might be using, like our website that is particularly with a larger business. Is going to be using Java and that Java language is using libraries. So in programmers, instead of doing what I used to do way back when which is right in assembly code, or even in COBOL, and basically you had to write everything, every part of every program, anything you wanted to have done, you had to write, or maybe you borrowed somebody else's code and you embedded it in. [00:06:08] And mind you, we only had 32 kilobytes of memory in the mainframe back then the 360 30, for those of you who remember those things, but here is where things really changed. You now had the ability to take that code that you wrote and put it on a smart. You could take that exact same code, no recompiling or anything, and take that code and run it on a mainframe on our super computer in a car. [00:06:38] So Java became very popular for that. Very reason in these libraries that Java provided, made it even quicker to program and easier to program. Now there's some problems with languages. Java, which are these object oriented languages where you can, for instance, say one plus one equals two. Right. That will make sense. [00:07:02] But what does it mean when you use a plus sign? When you're talking about words? So you say apple plus oranges, what's that going to eat? Well, that's called overloading an operator, and this is not a course on programming languages, but what happens is a person can write the library and says, oh, well, if the programmer says a non-Apple plus an orange or string plus a string, what I want you to do is concatenate the strings. [00:07:31] Now that programmer who wrote that has to kind of figure out a couple of things, make some assumptions. Oh, well, I should I put a space between apple and. Or not. And what do they really mean? Okay. So this is how I'm going to interpret it. So that, it's a very, very simple example. But the concept is that now with these overloaded opera operations and these libraries that can go deep, deep, deep, you now have the additional problem of people designing and writing the libraries, making assumptions about what the programmer wants and what the programmer needs. [00:08:09] Enter the problem with the log for J vulnerability. This is a very big, big deal because we're talking about a library function that is being used in Java by programmers. Now, you know that I have been warning everybody. Android for years, the biggest problem with Android isn't its user interface. It isn't that it's made by somebody else. [00:08:37] Right? The biggest problem. And of course, this is my opinion is that Android software is provided by Google and. It is given basically to any manufacturer that wants to license it. And then that manufacturer can't just take Google and run it. Right. Have you ever tried to install windows or Linux or free BSD? [00:09:04] It's mainly a windows problem, frankly, but you go on ahead and install that in. What do you need in windows while you get to need driver? Oh, well, wait a minute. This laptop is three years old. So how, how can I find them? And then you go around and you work on it and takes you a day and you finally find everything you need. [00:09:22] And you've got all of the drivers and now it works. But Microsoft provided you with the base operating system. Why do you need drivers? Well, you know the answer to that and it's because every piece of equipment out there is different. Think about this in the smartphone market. Think about it in the more general. [00:09:39] Android market. There are thousands of these devices that are out there and those different devices are using different hardware, which require different drivers. So when Google comes up with a software patch, how well we just fix the log for J issue that patch. Has to be given to the devices manufacturer who then has to talk to the manufacturers of the various components and make sure that the device drivers that they're using by the manufacturer are actually compatible. [00:10:20] They're going to. Got the upgrades, wire it all together, and then test it on all of the different phones that they have and cars because cars are running it. Now you see how complicated this get. And most Android devices will net. Get another update. They will never get a security patch versus apple. [00:10:43] Right now. They're still supporting the apple six S that came out in 2015. If I remember right, it's five or six years old. Now you don't find that in the Android space. You're lucky if you get two years worth of support, we're going to continue this. But this is, uh, this is really, really important. I'm going to talk more about the actual problem. [00:11:06] What is being done about it? What you can do about it as an individual, a home user, and as a business, in fact, keep an eye on your mailboxes. Cause I've got some more links to some sites about what you can do and how to do it and how to test for it. Anyways, stick around. You're listening to Craig Peterson. [00:11:29] We're talking about what is likely to be the biggest set of hacks in internet history right now. It's absolutely incredible what's going on. So we're going to talk about what it means to you and what's really going on. [00:11:45] This whole problem is probably bigger than anybody really realizes because Java, as I explained is a very common computer programming language. [00:12:00] And it has a lot of features that bigger businesses love. They love the ability to have multiple programmers working on something at the same time. They love the inheritance and multiple inheritance and all of these wonderful features of Java. Well, one of the really cool features is that you can, while your program is running, have the program change. [00:12:25] It's. That's effectively what it's doing. It's pulling in libraries and functions in real time. And that's where this particular problem comes in. This has been a nightmare for Java forever. It's one of the reasons I have never migrated to Java for any of the projects that I have. Don, it just gets to be a nightmare. [00:12:49] It kind of reminds me of Adobe flash. It was the biggest security problem that has ever been. And the number two Java and Java is running in the Android operating system. It is the core of the operating system. All of the programs are almost certainly written into. And now we're seeing Java turnip in the, not just entertainment systems in our cars, but in the actual computers that are driving the cars, running the cars. [00:13:22] And I get very concerned about this. We had two major outages just this week before this log for J thing came about over at Amazon. And those two Amazon outages knocked thousands of businesses. Off the air out of business. You couldn't get to them. You remember the big problem with Facebook that we talked about a little while back and in both cases, it looks like they were using some automatic distribution of software sent out the wrong stuff. [00:13:52] Right? And now you are effected. Well, what happens? What happens with the cars? If they push out a bad patch, how are we going to know. Hmm, what's that going to mean? And if your car has Java in it, are you going to be vulnerable to this? Well, you, you wouldn't be vulnerable to log for J if your computer wasn't hooked up to anything, but nowadays the cars are hooked up to the net. [00:14:20] We've had a couple of car dealers for our clients. Who've had the Mercedes we've had Acura Honda and others over the years. And it's interesting going in there now and working with them because they are doing massive downloads of firmware whenever a car comes in. So that car, if they don't have the right kind of networks, that car can take hours to do. [00:14:49] Dates. And I got to tell you, man, I I'm just shocked by so many businesses, not willing to spend the money that it really takes. So the poor technician is sitting there waiting for it to happen. You know, we could make it happen in 15 minutes, but they're stuck there waiting for three or four hours sometimes for some of these downloads, no it's called cash them locally. [00:15:09] Right? These cars, some of them need new and different firmware. Some of them use the same and have. A reliable, fast internet connection. And we've done that for many companies. Anyways, I'm kind of going off on a bit of a tangent here. So forget that let's get back into this with Java. You can have a routine. [00:15:32] Call another routine that was not even necessarily thought of by the programmer. Now, can you imagine that? So you're, you're programming and you're, you're not considering adding something that's going to send email out and yet you could have a log in. That's part of the DNS, uh, and it gets logged that actually causes an email to be sent or causes anything else to happen. [00:16:02] That the exact problem we're seeing right now, it's absolutely crazy patterns in text fields, things like you can put a user desk agent. Right, which is normal for nature. GTP connection. You say, this is, this is usually a guy who was using Chrome version bar or Firefox or safari, but you put the user agent field. [00:16:26] And then after that, you've put in some, a little bit of code that tells Java, Hey, what I want you to do is this. This is a problem because we're finding now that I'm, again, I said the last 24 hours, 30 different exploits over a million companies have been attacked on this. And we're talking about 10. [00:16:51] Companies, absolutely hacked every minute right now. Can you think, let's just think about that. And we're in the middle of what? Right? The big holiday season, we've had some holidays, there's people online, shopping there's businesses that are trying to buy stuff, business stuff, almost every one of those sites is likely to be compromised. [00:17:17] It's that bad. It's absolutely nuts. What's happening here. This is a huge flaw, huge flaw. And by the way, it is flaw. Number this you ready for? This 44,228. In the year 2021. So the written 44,000 flaws that have been discovered and reported, this is the CVE system for those of you who are interested, but this really is a worst case scenario. [00:17:50] Because this log for J library is being pulled in to so many pieces of software out there on so many different platforms. The paths to, uh, to exploit this vulnerability are almost unlimited. And because there's so many dependencies on this particular log for J library, it's going to make it very difficult to patch without breaking other things. [00:18:21] And the fact the exploit itself fits in. Tweet can be injected almost anywhere. So it's going to be a very long weekend for a lot of people, but let me tell you this, it is not going to be solved in a few days, a week a month. We're going to be seen this. Years, because you have to be the person that wrote the program that has the source code to link in the new libraries, distributed out to your customers. [00:18:52] Do you see what a nightmare? This is now? Some people are saying, well, you know, let's blame this on open source. This, this is an open source product. Well, yeah, it is an open source project and it turns out that even though anyone can grab this, these, this library routine or any of these pieces of code, anybody can grab it. [00:19:13] Anybody can look at it. It turns out it's one guy. Who actually maintained this, who has a budget of $2,000 a year to maintain it. Nobody else pitched in. And all of these big companies are all out there grabbing this code that this guy has been working on and not paying much attention to it. Not donating to the product. [00:19:37] Which is saving them millions of dollars, not that one project, but all of these projects collectively in the open source community, it's it is more far reaching than this stretch vulnerability. You might remember this drug vulnerability that's was, that was the root cause of the massive breach at Equifax that Explo exposed all of our personal information. [00:20:05] To the dark web. That's how bad this is. Oh my gosh. So Hey, if you want information, I've got a links, a bunch of links set up here on what to do while you're waiting for the log for J updates from your vendors, how you can find on your servers. If they have the log for J vulnerability, I've got a bunch of information that I've stored up on that. [00:20:32] And some others just email me, just email me. M e@craigpeterson.com asked for the list of the log for Jay's stuff or the Java's stuff. I'll figure it out. Be glad to send it to anyone that's interested. And if you need to scan to find out yourself and your business, let me know to me@craigpeterson.com. [00:20:55] Wow. I was just going through a list published by Seesaw, this federal government agency that tracks some of these types of vulnerabilities. And wow, this list is daunting of all of these pieces of software that are vulnerable to this huge hack. [00:21:12] this is now a problem for each and every one of us. [00:21:16] I think I've established the man. This is nasty, nasty, nasty, nasty. So what do you do? First of all, I sent out. Email a list of things have in fact, a few different lists of things that you can do. So I had one for consumers, one for businesses and kind of a general thing as well. And then a bunch of references. [00:21:43] Of course there's even more references and more great information now because I got that email. Pretty early. So I hope hopefully you had a chance to really look through that, but here let's just talk a little bit about this, what to do thing you already know because you guys really are the best and brightest that you need to be careful when you're on. [00:22:07] You cannot be online, Willy nilly, clicking on things. And that includes emails and links. And this time a year, in fact, all year long, we're looking for. Wow, let's see. Is there a great bonus here? Look at they're having a sale, a discount. Oh no. I've only got three hours to respond or the deal's going to go away. [00:22:28] I've usually been of the sort that I just am, not that influenced by some of these deals, but. I do sometimes want to find out what it is. So I find myself this week clicking through on. I'm on a lot of marketing lists because I like to follow what different marketers are doing, right. That's technology. [00:22:51] And it's something I want to keep you guys informed about. And I found myself just crazy amount of double checking to make sure the link was valid. Now I'm sure you guys have, if you're on my email list, you might notice that the from address is not the me at Craig Peterson. Calm email address. You can always send email to me@craigpeterson.com and it ends up in my email box. [00:23:17] And it might take me a few days, or even as much as a week or two to get back to you. If it's something there's an emergency, you really need to fill out the form on my website, but I will get back with you. But the problem that some people have noticed lately is. It doesn't say return address or sent from me@craigpeterson.com. [00:23:41] It's got this rather long convoluted, uh, convoluted, uh, URL that has nothing to do with Craig peterson.com, sows a number of people question it, it is a tracking email. When can the idea is if I am going to be able to get back to people and if Karen is going to be able to nudge. I have to have these things tracked. [00:24:06] So the email from address, when you hit reply, it is going to go to the, again, my email list server guys, and it is going to get tracked so I know. Okay. Okay. So now I've got a few minutes or an hour. Let's sit down and go through a lot of these emails so I can get back to people. That's a problem for many people, that's even more of a problem today than it ever has been in the past. [00:24:35] Now there's been a few sites that have done something about tracking because many people don't like to be tracked. Right. My self included, although, as I've always explained on the show, it's kind of a double-edged sword because I would rather see commercials or ads for a Ford F-150 pickup truck. When I'm looking to buy. [00:24:58] Uh, car or certainly a truck. I don't want to see ads for things I don't care about. Right. And you probably don't either. So the tracking, I don't think is a huge deal. The statistics that have come out from apple recently are very interesting because what apple ended up doing is they put some new technology and to stop tracking. [00:25:24] And to stop you from being tracked. And basically what they're doing is a couple of things. One, they've got this new feature where they will download images and emails from their website, so that it's not a, you know, they're, they're not being able to localize where you are and then they're also doing something where you. [00:25:50] Are you, you are, you can't be tracked like you used to be able to be tracked. Let me just put it simply like that applications now have to have that little label warning label in the app store to let you know what they might be tracking, et cetera. So they've been accepting anti tracking behavior that came from our friends from. [00:26:13] Apple now Google, Facebook and others have been very upset about this thinking that they were going to lose a lot of business here in the advertising side, because you wouldn't be able to track them. So if you've got an apple iOS device, you probably noticed, it says, allow app to track your activity across other companies. [00:26:37] And websites, your data will be used to measure advertising efficiency. I don't know that that's such a bad thing. And looking at the stats right now, I'm looking at Google's income. And a lot of that comes from YouTube after. Apple launched its new privacy initiative and it looks like Google really wasn't hit very badly. [00:27:01] What Facebook was worried about that they would just be losing all kinds of revenue. Also didn't turn out to be true. So it's an interesting thing to see and I've got to really compliment apple again. At this time on trying to keep our information private, I read a really great book, uh, this, so this is how the world ends talking about the whole cyber race and where things are likely going. [00:27:32] And it it's frankly impressive. To see what Google has done to try and keep out our government from their networks, as well as foreign government and the whole thing with the Chinese hackers we've talked about before, where I've found them. Active inside our customer's network before. And this is where we get called in because there's a problem. [00:28:00] We look around, we find indications of compromise. We find the Chinese inside. Okay. So it isn't something that we were protecting them, the Chinese got in, but we come in after the fact and have to clean up the mess. But what we have really seen happen here is the largest transfer in. Of wealth, I should say, in history, the largest transfer of wealth in history to. [00:28:27] From us and from other countries, but primarily from us because of what they've stolen. And so Google really has fought hard against it. The Chinese have been in their systems have stolen a lot of stuff. Apple has fire fought hard against it, but we know about the apple stuff. Google's seems to be a little quieter about some of it. [00:28:47] So they may be selling our information to advertisers, but there certainly are trying to keep nation states out. I'm really wondering too, what is Google doing? Moving that artificial intelligence lab to China. It just it's insane. We know we, if we're going to get out of this financial position, we're in as a country, we need to have an amazing new technology. [00:29:11] So people are coming to the United States and we're certainly not seeing that. At least not yet. It's all been stolen. So what to do, man. I started talking about that and we got a little sidetracked. So I will talk about that a little bit more here coming right up and what to do if you're a consumer, if you're a business person. [00:29:35] And of course, as I mentioned earlier, I have. Quite a list. I'm more than glad to send you. If you go ahead and just email me, M e@craigpeterson.com. I'll keep you up to date, let you know what's happening and give you those links that you can follow to find out exactly what is happening and what you can do, including some tools. There are some tools out there to check to see if that vulnerability exists inside your networks or systems me@ Craig peterson.com. And I'll be glad to reach out, reach back to you. Stick around. [00:30:12] I'm gonna tell you what to do as a consumer because of this massive internet hack that is underway. It is huge, huge, huge. Also going to talk a little bit about apple and what they're doing with their tracker detect app on Android devices. [00:30:29] This will be going on for months and probably years in some cases, because there are many systems that will never. [00:30:40] Patched for this vulnerability. So from now on, you need to be doubly cautious about almost everything, the big targets for this. Then people who tend to be the most valuable. Big businesses. And I can send you a list of devices that are known to be either, uh, immune to this they've been fixed or patched and devices that are known to have this problem. [00:31:08] So. You send me an email. Excuse me. If you have any questions about it. So it's me M e@craigpeterson.com. I'd be glad to send you that list. Seesaw has it online. You can certainly search for it yourself. If you're interested in. So for you as an individual, it's just extra caution, you know, use these one time, use credit card numbers. [00:31:39] I have talked about this before. And that is, I use fake identities as much as I possibly can online. And I'm not trying to defraud anyone. Of course, that would be legal. What I'm trying to do is not make myself as easy at target. As is frankly, uh, pretty much anybody who uses a computer out there, because if you're always using your, in the same name and email address and having forbid password, then you are a bigger target than you have to be. [00:32:15] And so. I have a whole, uh, index file. I have a spreadsheet that I put together with 5,000 different identities, different names, of course, different sexes, races, origin stories, everything. And the whole idea behind that is why does some company that's providing me with some little website thing, need my real info. [00:32:41] They don't, obviously you give you real info to the banks or. Counts, but you don't need to give it to anybody else. And that's what I do. That's kind of my goal. So if you can do that, do do that. Apple also has a way for you to use random. Email address a suit can set up a different email address for every website you visit. [00:33:07] There are a few services out there that can do it. If you're interested, drop me an email. me@craigpeterson.com. I'll send you a list of some of them. Uh, I think they're, they're all paid except for the app. But you have to have an apple account in order to use it. One of the things that businesses really need to do is do a scan. [00:33:30] Again, I can send you a list of scanners so that you can look at your network, see if there's any. Obvious that might have huge implications for your business. Uh, again, me@craigpeterson.com, one of the things apple has come up with that I, I really have turned out to like, and I think I mentioned them before on the air, but it's these news. [00:33:55] Trackers that apple has, that you can put on things. And we spoke a little bit last week about the problem with these trackers being put on to high-end cars, and then being used to track the car. Now apple got around that problem a while ago, by letting you know, Hey, there is a tracker following you isn't that handy. [00:34:17] So, you know, wait a minute, somebody dropped one of these little tags into my purse. Coat my car or whatever it might be. And so now you can have a look and see where is this thing that's following me and get rid of it. Well, of course, in order to know that there's one of these apple tags tracking, you you've needed to have an apple phone. [00:34:43] Because it'll warn you. Apple now has something called tracker detect. If you are using an Android phone, I would highly advise you to get this app tracker detect app on Android. And it's designed to help you Android users from being tracked by apple airtight. 'cause if, if you don't know you're being tracked right, then you can't know if you're being tracked. [00:35:12] If you don't have an iPhone, unless you get this app so good for them, apple has it up now on the Google play store. That's just in the last week or so, and it lets you locate nearby air tags. So let's, uh, I think a very good thing kind of wonder if apple isn't using the Androids also for part of the. [00:35:33] Crowdsourcing for the air tags, but, uh, that's a different conversation. Great article in vice this week by Aaron Gordon, about how car companies want you to keep paying. Features you already have, and they specifically made a call out about a car manufacturer. Toyota. Who's now charging $80 a year for people who bought their car years ago, six years ago, $80 a year. [00:36:09] If you want to keep using the remote start function on your key. Yeah, so you paid for it and life was good. You went a few years, really nice on a cold winter day or a hot summer day, warm up the car or cool it down all automatically. But now Toyota is charging. $80 a year. So people are saying, well, why I bought it? [00:36:34] Why, why would I pay for that? Apple's now claiming that the several first years were merely a free trial period, but this isn't even the big play for these car companies, this $80 a year for marginal features like remote start instead. Is probably going to happen. And I agree with this author as well is we're going to see a, an approach that Elon Musk has used with his Teslas. [00:37:06] They're going to charge extra for performance, for range, for safety upgrades, for electric vehicles that actually make the car better car, a better car. Right? So upgrades used to be difficult or impossible with gas cars. A lot of these are trivial for the electric cars, with the dashboards that have games that you can play while you are charging. [00:37:32] Some of them were complaining about it being for when they're on the road. Of course that's going to happen because frankly, when, once we get a full autonomous car, what are outs are you going to do? Uh, I should also mention this isn't really a, but Mercedes-Benz has been awarded the very first license for the manufacturer sale and distribution of a fully autonomous vehicle. [00:38:00] The very first they are licensed for up to, I think it was 37 miles per hour. On their car and anything beyond that, you still have to retain control, but that's an amazing thing. And it only works on roads that are mapped. And what Mercedes is doing is they have these super high definition maps. So the car knows exactly where it is. [00:38:29] If you are a Tesla owner, you know that a few years ago, Paid, I think it was $2,000 for your Tesla to be able to drive itself. And of course they, they haven't been able to drive themselves. You know, they, yeah, there's been features here and there, but how are you getting those features? How will you going to get that self-driving mode? [00:38:52] We'll test those, calling them over the air upgrades. And they're also saying. Th this is part of the Tesla ownership experience to quote their website. All right. So they've had all kinds of over the air upgrade. They've had some free software. They've had paid ones, Tesla charges, thousands of dollars for its autopilot. [00:39:16] Now a lot of money, I think it was five grand. And now they've got this beta driver assist system as well, and they also have. To others. You might remember the ludicrous speed. Um, long range model three would dual motors is capable of accelerating from zero to 60 in 3.9 seconds. But when you buy the car, the zero to 60 time is a half a second longer. [00:39:48] So pay an extra $2,000 and you get that extra half second and accelerate. Yeah, there's nothing different. They don't even have to change. Really changed the software. There's no hardware differences. It's just, you pay them two grand and they, your cars catheter to the internet and they just unlock a key is not something. [00:40:11] Now, there are some people that hack the way around that paywall, but then Tesla blocked it and reversed the hack as well. A Tesla has sold their cars now for years with the same 75 kilowatt hour battery. But software locked them to 60 and 70 kilowatt hours might remember. We talked about this with a hurricane that came ashore down in Texas, where Tesla, anyone in that area provided them with an automatic upgrade for extra batteries. [00:40:43] So they could go further in order to get out of the zone of their herd. Before them in software lock-in and a 60 and 70 kilowatt hours, unless you paid an additional $3,000 for that extra 30 or 40 miles of range. Isn't that something. Yeah. So Tesla has temporarily unlocked them, but this is where we're going. [00:41:06] You're going to be going into the car dealership while in Tesla's case. It's on the, on the internet, which I think is better. Frankly, dealerships are handy in order to get a repair, but. You can get a repair at some of these little specialty shops it's often better and certainly cheaper than what the dealership sells, but you're not only going to be haggling over the price of the vehicle and delivery times. [00:41:32] You're going to be haggling over all of these different features. And it's never going to end because they're going to keep having software upgrades that you're going to have to pay for. Uh, Pollstar this is an electric vehicle company spun off from Volvo new. Remember Volvo is now Chinese company. Yeah. [00:41:51] Chinese. Yeah. So much for safety, right? Uh, they're going to charge an extra thousand dollars for a slight increase in horsepower and torque, just like Tesla does. So this is the future. Of car companies. Hey, I want to remind everyone, if you go to my website, Craig peterson.com. Right now you can sign up for my weekly newsletter. [00:42:15] It is packed full of great information for you. Every week. We've got some free boot camps coming up after the first of the year, and you need to be on my email list to find out about it. Craig Peter sohn.com/subscribe. [00:42:32] And following my newsletter, you probably saw what I had in the signature line the last few weeks, how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [00:42:49] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control. [00:43:16] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and gets sort of almost all of the fishing and a lot of the spam and other things that are coming. [00:43:39] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it. [00:44:04] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp. [00:44:25] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail. [00:44:50] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account. [00:45:12] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular. [00:45:40] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature. [00:46:00] This lets you create random email addresses and those email addresses. And up in your regular, uh, icloud.com or me.com, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing. [00:46:27] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I cloud.com that doesn't tell anybody. Who you are, and you can put a label in there. [00:46:51] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an account@jamwirebeats.com. [00:47:15] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, cobb.com. Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, two6@icloud.com and it's supposedly from bank of America, you instantly know that is spam. [00:47:53] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire beats.com. This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it. [00:48:23] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an example@craigpeterson.com and now emails that Libson wants to send me. I'll go to Craig. Libsyn@craigpeterson.com. Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right. [00:48:58] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out. [00:49:25] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy. [00:49:47] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at as Firefox. [00:50:06] Have a look@fastmail.com. And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there. [00:50:26] And then if you're interested, by the way, just send an email to me, me. Craig peterson.com. Please use that email address emmy@craigpeterson.com because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail. [00:50:52] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage. [00:51:14] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man. [00:51:41] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail. [00:52:05] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's temp-mail.org. Don't send anything. That is confidential on this. [00:52:27] Don't include any credit card numbers, nothing. Okay. But temp-mail.org will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool. [00:52:51] It's quite simple. So I'm right there right now. temp-mail.org. And I said, okay, give me email address. So gave me one. five04@datacop.com. Is this temporary email, so you can copy that address. Then you can come back into again, temp-mail.org and read your email for a certain period of time. So it is free. [00:53:18] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts. [00:53:42] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig peterson.com. Make sure you subscribe to my newsletter. Stick around. [00:53:57] Well, you've all heard ransomware's up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed? [00:54:14] Ransomware is terrible. It's crazy. Much of it comes in via email. [00:54:21] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record. [00:54:53] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year. [00:55:22] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your. [00:55:58] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case. [00:56:27] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments. It ju it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't predict particularly like some friend, right. [00:56:49] And you can go ahead and send them an email with a link in it. And they click the link and installs ransomware, and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig peterson.com. [00:57:14] But this article goes through. What are some of the steps it's by Daniel Clayton? It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window. [00:57:37] You might want to check it out, but he's got a nice little list here of things that you want to do. So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things. [00:58:03] Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving. And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play. [00:58:31] It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years. [00:58:59] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, a. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware. They had to shut down globally for. [00:59:25] Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything. One of the ladies in one of my mastermind groups basically said that, right? [00:59:49] Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling. So he was just kind of freaking out for good. But I explained, okay, so here's what you do. [01:00:15] And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it. Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero. [01:00:41] You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants. Turn it off one or more systems. I might've gotten ransomware. [01:01:04] And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every. Not just pull the plug. I w I'm talking about the ethernet cable, right? [01:01:32] Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has. Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced. [01:01:57] And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense. You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want. [01:02:22] Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing. You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay. [01:02:43] Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away. But you got to figure that out. There's no one size fits all for all of this. And at over $11,000 for an individual. [01:03:06] Ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig Peterson.com and get my newsletter along with all of the free trainings. [01:03:23] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of cool. [01:03:39] By now you must have seen if not used QR codes. [01:03:44] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using. [01:04:07] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows. [01:04:34] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day. [01:05:11] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered? [01:05:34] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now. [01:05:58] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments. [01:06:33] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code. [01:06:59] So even if the mail gateway software is scanning for pictures and looking for a specific QR codes, basically, they're still getting them. So the good news is the use of the QR codes in these types of phishing emails is still quite rare. We're not seeing a lot of them yet. We are just starting to see them, uh, hyperlinks to phishing sites, a really common with some of these QR codes. [01:07:30] But this is the first time we've seen an actor embed, a functional QR code into an email is not. Now the better business bureau warned of a recent uptick, ticking complaints from consumers about scams involving QR codes, not just an email here, but because these codes can't really be read by the human eye at all. [01:07:53] The attackers are using them to disguise malicious links so that you know, that vendor that I talked about, that retail establishment that's using the QR codes and hoping people walking by will scan it in order to get some of that information. Well, People are going to be more and more wary of scanning QR codes, right? [01:08:15] Isn't that just make a lot of sense, which is why, again, one of the items in our protection stack that we use filters URLs. Now you can get a free. The filter and I cover this in my workshop, how to do it, but if you go to open DNS, check them out, open DNS, they have a free version. If you're a business, they want you to pay, but we have some business related ones to let you have your own site to. [01:08:47] Based on categories and all that sort of stuff, but the free stuff is pretty generalized. They usually have two types, one for family, which blocks the stuff you might think would be blocked. Uh, and other so that if you scan one of these QR codes and you are using open DNS umbrella, one of these others, you're going to be much, much. [01:09:11] Because it will, most of the time be blocked because again, the umbrella is more up-to-date than open DNS is, but they are constantly monitoring these sites and blocking them as they need to a mobile iron, another security company. I conducted a survey of more than 4,400 people last year. And they found that 84% have used a QR code. [01:09:37] So that's a little better than I thought it was. Twenty-five percent of them said that they had run into situations where a QR code did something they did not expect including taking them to a malicious website. And I don't know, are they like scanning QR codes in the, in the men's room or something in this doll? [01:09:56] I don't know. I've never come across a QR code. That was a malicious that I tried to scan, but maybe I'm a little more cautious. 37% were. Saying that they could spot a malicious QR code. Yeah. Yeah. They can read these things while 70% said they'd be able to spot a URL to a phishing or other malicious website that I can believe. [01:10:23] But part of the problem is when you scan a QR code, it usually comes up and it says, Hey, do you want to open this? And most of that link has invisible is, is not visible because it is on your smartphone and it's not a very big screen. So we'll just show you the very first part of it. And the first part of it, it's going to look pretty darn legit. [01:10:46] So again, that's why you need to make sure you're using open DNS or umbrella. Ideally, you've got it installed right at your edge at your router at whoever's handling DHCP for your organization. Uh, in the phishing campaign at normal had detected with using this QR code, uh, code they're saying the attackers had previously compromised, some outlook, email accounts, belonging to some legitimate organizations. [01:11:15] To send the emails with malicious QR codes. And we've talked about that before they use password stuffing, et cetera. And we're covering all of this stuff in the bootcamp and also, well, some of it in the bootcamp and all of this really in the workshops that are coming up. So keep an eye out for that stuff. [01:11:36] Okay. Soup to nuts here. Uh, it's a, uh, it's a real. Every week, I send out an email and I have been including my show notes in those emails, but I found that most people don't do anything with the show notes. So I'm changing, I'm changing things this week. How some of you have gotten the show notes, some of you haven't gotten the show notes, but what I'm going to be doing is I've got my show notes on my website@craigpeterson.com. [01:12:07] So you'll find them right. And you can get the links for everything I talk about right here on this. I also now have training in every one of my weekly emails. It's usually a little list that we started calling listicles and it is training on things you can do. It is. And anybody can do this is not high level stuff for people that are in the cybersecurity business, right. [01:12:39] Home users, small businesses, but you got to get the email first, Craig peterson.com and sign. [01:12:46] California is really in trouble with these new environmental laws. And yet, somehow they found a major exception. They're letting the mine lithium in the great salt and sea out in California. We'll tell you why. [01:13:03] There's an Article in the New York times. And this is fantastic. It's just a incredible it talking about the lithium gold rush. [01:13:14] You already know, I'm sure that China has been playing games with some of these minerals. Some of the ones that we really, really need exotic minerals that are used to make. Batteries that are used to power our cars. And now California is banning all small gasoline engine sales. So the, what is it? 55,000 companies out in California that do lawn maintenance are going down. [01:13:45] To drive those big lawnmowers around running on batteries. They're estimating it'll take 30 packs battery packs a day. Now, remember California is one of these places that is having rolling blackouts because they don't have. Power, right. It's not just China. It's not just Europe where they are literally freezing people. [01:14:09] They did it last winter. They expect to do it more. This winter, since we stopped shipping natural gas and oil, they're freezing people middle of winter, turning off electronics. California, at least they're not too likely to freeze unless they're up in the mountains in California. So they don't have enough power to begin with. [01:14:28] And what are they doing there? They're making it mandatory. I think it was by 2035 that every car sold has to be electric. And now they have just gotten rid of all of the small gasoline engines they've already got. Rolling blackouts, come on. People smarten up. So they said, okay, well here's what we're going to do. [01:14:52] We need lithium in order to make these batteries. Right. You've heard of lithium-ion batteries. They're in everything. Now, have you noticed with lithium batteries, you're supposed to take them to a recycling center and I'm sure all of you do. When your battery's dead in your phone, you take it to a recycling center. [01:15:11] Or if you have a battery that you've been using in your Energizer bunny, and it's a lithium battery, of course you take it to the appropriate authorities to be properly disposed of because it's toxic people. It is toxic. So we have to be careful with this. Well, now we're trying to produce lithium in the United States. [01:15:38] There are different projects in different parts of the country, all the way from Maine through of course, California, in order to try and pull the lithium out of the ground and all. Let me tell you, this is not very green at all. So novel. Peppa Northern Nevada. They've started here blasting and digging out a giant pit in this dormant volcano. [01:16:09] That's going to serve as the first large scale, lithium mine in the United States and more than a decade. Well, that's good. Cause we need it. And do you know about the supply chain problems? Right. You've probably heard about that sort of thing, but that's good. This mine is on least federal lands. What does that mean? [01:16:31] Well, that means if Bernie Sanders becomes president with the flick of a pen, just like Joe Biden did on his first day, he could close those leads to federal lands. Yeah. And, uh, we're back in trouble again, because we have a heavy reliance on foreign sources of lithium, right. So this project's known as lithium Americas. [01:16:56] There are some native American tribes, first nation as they're called in Canada. Uh, ranchers environmental groups that are really worried, because guess what? In order to mine, the lithium, and to do the basic processing onsite that needs to be done, they will be using. Billions of gallons of groundwater. [01:17:20] Now think of Nevada. Think of California. Uh, you don't normally think of massive lakes of fresh water to. No. Uh, how about those people that are opposed to fracking? Most of them are opposed to fracking because we're pumping the water and something, various chemicals into the ground in order to crack the rock, to get the gas out. [01:17:43] Right. That's what we're doing. They don't like that. But yet, somehow. Contaminating the water for 300 years and leaving behind a giant mound of waste. Isn't a problem for these so-called Greenies. Yeah. A blowing up visit quote here from max Wilbert. This is a guy who has been living in a tent on this proposed mine site. [01:18:10] He's got a. Lawsuits that are going, trying to block the project. He says blowing up a mountain. Isn't green, no matter how much marketing spend people put on it, what have I been saying forever? We're crazy. We are insane. I love electric cars. If they are coolest. Heck I would drive one. If I had one, no problem. [01:18:29] I'm not going to bother to go out and buy one, but, uh, yeah, it's very cool, but it is anything but green. Electric cars and renewable energy are not green, renewable energy. The solar and the wind do not stop the need for nuclear plants or oil or gas burners, or cold burners, et cetera. Because when the sun isn't shining, we still need electricity. [01:19:01] Where are we getting to get it? When the wind isn't blowing or when the windmills are broken, which happens

    Did Your Computer Have "Intel Inside"? It Won't For long!

    Play Episode Listen Later Nov 29, 2021 85:08

    Did Your Computer Have "Intel Inside"? It Won't For long! We're going to talk a little bit about shopping right now. Then we'll get into our chip crunch, and why Intel is being left on the side of the computer road. [Following is an automated transcript.] [00:00:16] There's lots of fun stuff to do. And it's kind of fun getting out of the house. Isn't it getting out, going out, going around? There's a, an outlet store close by where I live and it's kind of one of these outdoor. Outlet things. And it was fun. Just walking around, enjoying the little bit of fresh air, no matter what the weather has. [00:00:40] Uh, I even enjoy going up there when there's some snow on the ground. Because again, it's a little bit of a, uh, it's, it's fun. It's a little bit of a change, which is not. Part of what I love about living in the Northeast. You really get all four seasons and they can be really, really nice. Well, black Friday of course came and went. [00:01:01] It was not a bad black Friday, but one of the questions I been asked all week long, all month long, frankly, has to do. When should I buy, what should I buy? What are the deals? And it is weird this year. Let me tell you really weird. And the reason I say that is I didn't my show prep. And I spent some hours just looking on different websites and looking at opinion pieces, looking at news sources, just trying to find, okay, what's going on? [00:01:36] What's the real word out there. Our items, as rare as everybody seems to be saying they are, or is it easy enough to find. Well, that's what we're going to talk about right now. Really. We've had a very turbulent two years for retail, every branch of retail, whatever it is, it's been been terrible. So many people have lost their businesses. [00:02:03] So many small businesses, small retail restaurants, some restaurants that I, I enjoy and just haven't been to in years, really. Completely gone, which is such a crying shame. And a lot of people have put a lot of the blame for the general retail malaise on Amazon and Walmart. Because again, you know, I had a discussion just this last weekend with. [00:02:35] Oh, friend's father. And he was saying, well, you know, I've been a biologist in pharmacology for years. And, uh, you know, th this is just as just a science. It's all science talking about the lockdown. And so I pointed out how, well, let me see, let me see. I got family from Canada. They cannot drive across the border because of the lockdown, but in, in the states, they won't let us, us, we won't let them fly. [00:03:03] But they drive in, I should say, but they will let them fly in. How does that science, right. There's coronavirus not survive at 30,000 feet. Is that what it is? You know? No, come on. People it's politics and part of the politics was. Walmart got to stay open and all of these other small businesses couldn't so what are they supposed to do? [00:03:29] How are they supposed to compete? And yet, Hey, I understand you need clothes, right? And you need food. Most Walmarts have both. You might need medicine in order to even survive. So that kind of makes sense, but why. Walmart. Why did the government choose Walmart and target are going to survive all of you, little mom and pops stores, you know, that maybe have been multi-generational where it's your parents. [00:04:00] And maybe even your grandparents that started the store, started the restaurant. And now all of a sudden there's a lockout and you cannot be over. It just, it entirely political, entirely political. And I understand the science behind all of this. I have spent a lot of time studying it and you might remember if you've listened to me even. [00:04:26] Dean or 20 years ago, I'm trying to remember when it was, I started talking with scientists about RNI, RNA interference and the coolest stuff that was happening with African violets and getting the, the purple flowers to change to white and all of the stuff they were doing. It it's exciting. It's fun. But why. [00:04:49] Did we use politics here. And so many people lost their livelihood. So many people lost their businesses. It's, it's absolutely incredible. And just pain companies basically to stay closed. Uh, doesn't make sense either. Because now you're pumping more money into the economy and that's causing inflation because there are not more products or not more vendors. [00:05:15] There's not enough competition. So the prices go up. And when there's inflation, how about people who are retired, who have saved something. And now their money is worth what the inflation rates are. Again, it's a hidden tax, but it's really hard on retirees because their money that they've saved, you know, they're getting the pitons, you put it in a savings account and you're making a fraction of 1%. [00:05:43] And yet we're seeing inflation rates on things like fuel being almost a hundred percent. Think about what it was like in 2019, what the gas prices were. It is insane. So small businesses have to be supported. They are the backbone. They are the innovators. Walmart didn't start as a big company. They started very small. [00:06:10] He innovated his claim to fame. That old Sam Walton was let's go ahead and have the best prices and anywhere. Right. And so they got the best prices by beating up their suppliers, et cetera, but it all worked. And Walmart increased, raised its it's demonstrable again through real science, but they raise the standard of living in every community. [00:06:39] They opened a store. It's absolutely funneling. But Walmart stopped innovating a long time ago. Now again, the innovations come just like they do in the tech world. Typically not from the existing companies, right. Facebook isn't innovating, they bought WhatsApp, they bought so much of the technology they're using to drive their company. [00:07:02] Oculus. You look at it, right? That's their future. According to of course, uh, you know, Mr. Mark. What did it come from? What was the cost? Right. They by their competition. So I want to encourage everybody to really try and go out of your way, try and shop at these small places. There are. And so many of these malls nowadays kind of local stores where they've got together and they're running their co-op or where someone's managing a bind product from local craftsman, really that they, everything from these women that are knitting doilies all the way on out, through very cool black iron work things, things that you can find there. [00:07:54] That maybe you can find on Amazon, maybe they come from China. Maybe they're locally sourced. Not very likely, but it's been a very, very tough, tough time here for so many of these industries. One of the things that I did talk about this week, I, one of my radio appearances is. Tik TOK live shopping. If you haven't heard of tick tock, tick tock is this short form video site. [00:08:21] And it kind of started by people saying, okay, well with this song, uh, use that song to make a funny little 32nd. And 22nd and that's what people did. And it was really quite cool to see they there's some innovative people out there. Tick talk has a lot of, I share nowadays way more popular amongst the younger people than Facebook is Facebook has kind of become something for the older people. [00:08:49] But what tech talk is now doing is providing live shop. And this is an innovation that really started in China, which of course is where tick-tock is located. But in 2020, there was a survey done that found that two thirds of Chinese consumers said that they bought products via live stream in the past year. [00:09:13] So what's live stream. I want you to think about QVC online share or a television shop. Those channels, those infomercials that come on at night, but particularly the channels that are constantly selling stuff like micro did a little bit of that at one point in time, right? His interview was, he came in and the, he, the guy who was interviewing him, held up a pen. [00:09:37] Is that okay, you sell me this pencil. And so micro went on and on for 10 minutes or more just talking about the pencil and everything related to the pencil and what a great quality was. All he course, she didn't know anything about it. Right? And that's part of what bothers me about some of these things, right? [00:09:55] These people are just making stuff up, but talk live now is allowing you to go ahead and make funny little things. Gain an audience. Maybe they're not funny. Maybe they're just informative. Have them inserted into people's streams and then sell it right there. In fact, instant purchasing of a featured product during a live stream. [00:10:22] And then obviously audience participation, they got chat functions, reaction buttons. This is what's coming our way. And so all of you, small businesses out there, I really want to encourage you pay attention to social media. This is the sort of thing that you can do. You can target your local area, which is where most small businesses operate, right? [00:10:48] It's in, in your town. It's maybe a 10, 20 mile radius, depending on what, what you're doing, what you're selling. And you can micro target nowadays. That's the joy. That's the beauty of the online world. Micro-targeting Hey, and if you're interested, let me know. We can talk a lot more about this because I have studied this for years now. [00:11:12] Hey, stick around Craig peterson.com online. [00:11:20] So while you're shopping online, what are some of the things you should do or look out for? I've got a few ideas. I'm going to tell you what I do, and it has worked wonders for me. So here we go. [00:11:35] When you're shopping online, there are some obvious tips, just run through them very, very quickly because I don't, I think you guys being the best and the brightest really know these things. [00:11:50] So just very quickly, make sure your security. Today, make sure that everything is patched up the way that it should be, that you have some really great anti-malware hopefully advanced anti-malware, but apply any updates before you start doing shopping, because this is a bad time of year to lose all of your personal information and to have your money stolen. [00:12:18] Uh, number two. If you're seeing an email or you're seeing a deal that really looks too good to be true. Take, take caution here. Right? Do you see a place? Oh, I got five brand new Sony PlayStation fives for sale. You might not want. To buy those, right? The minister, Jeff Foxworthy. Here's your sign. So be careful about that. [00:12:46] Criminals are really taking advantage of consumers who, uh, you know, life's been tough, money's been tight. You're trying to find a deal. So be careful about that. Okay. Coupons or other way, the bad guys have been trying to get consumers. To compromise their own cyber security. Okay. Uh, 12% of emails out there are considered to be spam emails. [00:13:15] I think it's more like 80% or 90%, but then I've had the same email address for 30 years. Okay. Uh, so don't click on link. Be sure you shop on the real website and apply coupons there by manually typing out the code. So for instance, if, if let's say you use duck, duck, go for your search engine, which you should be using for most cases, most searches a duck duck go says, okay, let me see where coupons here you go. [00:13:46] Here's a site that has a lot of coupons be careful about those sites, because some of them are trying to lure you in. Are the websites you're going to the real ones, the legit one. Are you clicking a link in your email in order to get to that sale site? Double check, because what they're doing is using some of these URLs that aren't. [00:14:14] Right. And we see those all of the time. They'll have a misspelling of the business name or they'll, they'll do something else. So they might have Amazon Dodd bad guys.com. Oh, okay. Amazon. Okay. Is Amazon, uh, obviously they wouldn't say bad guys, but yeah. That's kind of what they're doing. So be careful. So once you're on a website, look for that little padlock that's to the side, click on it and double. [00:14:43] To make sure that it is legit because they might have us. What's called a secure, sir. And they might have a certificate that's valid for the site that you just went to, but it's not, there's a different kit for Amazon or Walmart or target or w you know, whatever Joe's clothing.com. It might be something entirely different. [00:15:07] So be careful, okay. Is what you're looking at on the ad. Because there are a lot of fake advertisements out there that looked like they got great deals. And even though black Friday has come and gone, they're going to continue to do this through the end of the year and be on. Okay. So rather than clicking on the ad, just type in the retailer. [00:15:35] Information, because some of these ads that are showing up are in fact, almost every last one of them is coming from what's called an ad network. So that ad network is where people go and buy ads and they say, Hey, I want to retarget people that were at this site or clicked on this link, et cetera, et cetera. [00:15:54] And now. If you are a bad guy, all you have to do is sneak into one of those big ad networks. And all of a sudden your bad guy ads are showing up everywhere. So you see a great ad for a Chromebook. For instance, we've talked about those before you can just go ahead. Okay. Chromebook. No problem. Wow. Yeah. [00:16:14] Yeah. Type it in. If the ads for a Chromebook from Walmart, just type in walmart.com. Okay. Avoid clicking on ads. Isn't it terrible how bad it's gotten, man. I liked the internet better back in the 1980s and nineties. Uh, how should you pay? We're going to talk about that in a minute. Public why fi is a potential problem. [00:16:40] The bad guys will often create fake hot spots and you are now using their hot spot. Now this isn't as much of a problem as a used to be because your visits to most websites nowadays are encrypted. Do you remember that lock? I mentioned in the URL. Well, that means it is using SSL or TLS, which is a secure communications pro protocol. [00:17:07] So if you're seeing that, you know that you basically have a VPN, you don't have to buy a VPM service. You don't have to use a VPN service. You have a VPN that's being provided by the website, your. And that's really what that lock means. So the public wifi is less of an issue for the monitoring, what you're doing, although yeah, they can still do some monitoring. [00:17:33] They might play with DNS and things, but they can also scan you, which is the biggest problem from my perspective about using public wifi and never. Share your personal data. If you can avoid it, one of the things we're going to be covering in the upcoming boot camps and workshops is using fake or alternate email addresses. [00:17:57] I do it all of the time. That's why I have 3000, 3000. Yes. You heard it right different log-ins right now in use active use on. Uh, in my password manager, at least over the last decade. So I've accumulated a lot of them. So I use a different email address pretty much all of the time. And I'll, I explain how to do that in the boot camps and workshops that are coming up. [00:18:25] So keep an eye on. On my weekly emails again, Craig peterson.com/subscribe. So you can find out about them, you know, these, the free ones. I really want to give you guys all of the basics, right? So that's what I'm going to be doing anyways. How should I pay? This is maybe the even bigger side of things. It is very, very rare that I actually put my credit card number in on a website at least. [00:18:54] Real credit card number. There's a number of options that are available to you now that weren't before, even if it's not a credit card, even if it's a debit card and generically, this is known as single use credit cards. So we've got a few things. I use typically capital one's email E N O. If you have a capital one card of any sort, this is a little browser plugin that you can put on. [00:19:25] Now, the downside of this is they will by default, try and look. Every web page you visit. So from their perspective, it's worth it because now they get that data from you. However, in all modern browsers, you can restrict when it runs. But what happens is I go to a website, it wants a credit card and I can pop up that little Eno browser plugin. [00:19:53] And now. Todd, uh, I can generate a virtual credit card number that's tied in behind the scenes to my real credit card number. I can even put an expiration date on that credit card number. So it can't be used after a certain. Some of these virtual credit card options, even allow you to say, Hey, it really is only single use. [00:20:18] It can only ever be used once. And that way the bad guys can't run up your credit card. Bill Citibank, American express, JP Morgan, and the more have these types of options and basically any visa or MasterCard. Look for virtual credit cards. From your bank or whoever's providing your credit card. Hey, stick around. [00:20:42] You're listening to Craig Peterson and I'll be right back. [00:20:46] We're going to talk a little bit now, since it's getting near the end of the year, about what kind of technology do we think is going to be big next year. And I've got to mention this project. My daughter has been working on it. Finally hit the ocean. [00:21:02] My daughter has been busy. You might know she's been in the maritime industry for quite a while now. [00:21:11] And a man, she went to, she graduated 2008. I think it was this, this daughter. And you probably already know I have five daughters, right? Uh, three sons too. So it was kind of a mix, but she has been working on a ship called the Yarra Burkland it's over in Norway. And what the ship is doing here is hauling fertilizer, anything. [00:21:38] Oh, wow. Isn't that exciting? Wow. Craig, I'm so excited for you. Well, it is the world's first autonomous electric ship period. Okay, cargo ship and what it is doing ultimately, is it to eliminating the need for about 40,000 truck round trips a year. See what's happening over there in Norway is there's a factory that's right. [00:22:07] Located right next to a mine. That's making all of this fertilizer and it needs to be hauled down through some fjords. To get to the main shipping Depot where it can be loaded onto the big ocean ship. So these trucks are going up and over the mountains alongside the fjords. And this is a ship that's going to take a trip that's about seven and a half nautical mile. [00:22:34] So give or take eight miles and on the water. And now Norway is doing this in its own waterways. So there's no problem with international rules and regulations about ships here. This is just local and it loads itself. It drives itself and it unloads itself. I think that's really, really cool. And what it does is it plugs itself. [00:23:02] When it is on either port w now we've seen this with some ships, right? You might've been on some of these ferries that are electric. They work pretty well for electric ferries. Cause they're usually short haul. They connect up to shore power and they do a rapid charge and they're ready for. The next leg of their ship while they are busy taking all of their load in right. [00:23:26] Makes sense. And you might've done it, but this is, this is different. And a lot of the incidents that happen in shipping are due to human error. Think about all of the problems we've had with Navy ships, even running into things, human error, and a lot of that's due to fatigue. On the ships. I don't know if you know it. [00:23:47] I have two kids that, well, three actually that have been in the maritime industry, uh, the, the big maritime industry and they take four hour shifts. So four on four off four on four off every day. So fatigue is a very big deal for a lot of the shipping industry. And for the first few years, they're planning on having the ship be. [00:24:15] They're going to be up, of course, on the bridge monitoring everything, because you've got a problem with artificial intelligence machine learning. If a big ship is coming along and there's a kayak in the way, it's actually the kayaks job to get out of the way. But if you run over a kayaker things, aren't going to go very well for you, frankly. [00:24:37] But how does a computer recognize a kayak? Maybe Marine life or even some sort of a swell that's out there. So they think they've got most of this solved. And this is the project that my daughter's been working on for a few years here. She's a Mariner. She has her captain's license unlimited. Tonnage unlimited vessels on unlimited waterways anywhere in the world is just incredible. [00:25:06] All of the stuff she's done. So the wheelhouse could disappear all together, but they've got to make sure that everything is working pretty darn well. Okay. Uh, large vessels. Do anything about the kayak? All they can do is warn, but they definitely can't maneuver. And that's why the deep draft vessels have priority over sailboats or pretty much anything else that's out there. [00:25:32] But, and what that brings up is the fact that we don't have the regulations yet for these autonomous ship. Well, we don't have the regulations yet for the autonomous cars, right? This is normal. The technology tends to proceed the regulations, and we have regulations in place right now for autonomous vehicles in certain areas. [00:25:57] But they're nowhere near mature. It's going to take a while before everything has all frigging. And now that is leading us into our friends at Ford. Ford's done a couple of interesting announcements over the last couple of weeks. So I have to bring the. And an effort really to deal with this ongoing chip shortage. [00:26:21] Ford has made a deal with global founders. Global foundries is a chip maker and they have a non-binding agreement. Now that makes it interesting. If it's non-binding. Why even bother, but the press release says opening the door for global foundries to deliver more chips to Ford in the short term. But what's happening right now because of the chip shortages. [00:26:50] Well, companies are designing their own. Purpose built chips rather than relying on the general purpose chips made by Intel or AMD Qualcomm, Samsung and video media tech, depending on what kind of chips we're talking about. This is fascinating because it is hurting Intel. No question about it. And AMD. So what does Intel done? [00:27:15] Intel is moving its stance to being more of a contracted chip manufacturer. So you can go to Intel and say, here's my chip design. Go ahead and make that for us. And off they'll go and they will manufacture it and they probably even help you with some of the design things. Fascinating. Now, the other thing that's been happening for a while is if you look at apple, for instance, they have been using their own chips in their I phones and eye pads. [00:27:52] Now they also are using their own chips in the laptops and various desktop computers. So apple is the highest profile example I can think of offhand. That have replaced Intel's chips. That's absolutely amazing. Google has also created its own chip for the latest pixel phone. So if you buy the latest flagship pixel, which I would not do, because this is the first time they're really using their own chip, but they've got their own chip now. [00:28:28] Amazon has been deploying its own chips in its internal servers to improve performance as well as to make it better for the Alexa voice assistant. You see how long tail that's a marketing term, but really how special purpose purpose designed purpose built chips are. So it's huge. Intel's changing course. [00:28:55] They've never been a great chip designer. If he asked me and a few know my history, you know, I've been down at the chip level. I was down there for many years in the kernel of operating systems and dealing directly with all. From chips, you know, when you're thinking about drivers and the low end and the operating system, that's what I did for a lot of years. [00:29:18] So I'm, I'm glad to see this happen. It's going to be better for you because the devices can be cheaper because they don't use a general purpose chip. The chip is built and designed. For what it's being used for. So good news there for four, because Ford is going to be kind of doing the same sort of thing. [00:29:39] I bet mark my words. Okay. Well, I didn't get to the predictions for this year, but I will, when we get back this upcoming year, stick around, of course you listening to Craig, Peter Sohn, you can get all kinds of information. And in fact, if you sign up for my email list, which is not a heavy marketing. [00:30:02] Believe me, you'll get a bunch of different special reports. So ones I think are going to help you out the most. Craig peterson.com. [00:30:13] Well, we just talked about the future when it comes to chips and our computers, we're going to continue that discuss discussion right now on artificial intelligence and machine learning. What else is going to be important next? [00:30:29] So, what is the future? [00:30:31] We're getting close to, you know, the end of the year and the beginning of the year. So what am I looking forward to? Well, you just got my basic predictions about what's going to happen with chip manufacturing. These various vendors of various devices are going to continue to move away from Intel AMD, et cetera, these general purpose chips and move more to special purpose chips. [00:31:02] Now there's a number of special purpose type designs that have been out there for a very long time. For instance, a six OCB in industry. No, those I programmed some way back when. I have gotten much more complicated, but for instance, when we're putting in systems for a business, we will typically use Cisco systems that have a basics so that everything is extremely fast. [00:31:29] You don't notice any delay and yet it can do very heavy duty filtering. Packet examination, stream examination, because it's being done in hardware. That's the advantage to it. So we're going to see more and more that since Apple's already moved to their own chips, Google has already moved to their own chips, Amazon, their own chips, et cetera. [00:31:53] And there'll always be a need for general purpose chips. In fact, you can say that the apple chips for instance, are fairly. The purpose they're being used in your iOS devices, your iPhone, your iPad, but they're also being used in desktop applications. But if you look more closely at what Apple's done, it has a couple of different types. [00:32:16] Of CPU's inside the chip. So it has the high-performance CPU's that are only engaged when it needs some serious computing going on. It has the low power, lower performance CPU's that are also built into that same chip that now handle kind of background tasks, things. Dated the don't need a whole lot of CPU or don't need to be really fast. [00:32:42] And then it also has graphics processing units that will handle things like screen updates, moving stuff around on the screens. There is a lot of technology in that chip in reality, it's it would use to take three. Completely different sets of chips to do what the one apple chip can do. So it is an example of a special purpose CPU. [00:33:11] We're going to be seeing more and more of those now as a consumer, you're not really going to notice other than, wow, this thing's fast or wow. This battery lasts forever. You're going to have some great, great functionality. And I think we are seeing, because they're spinning. $2 billion a week right now in the industry, you're going to be seeing more of these fabs come online, chip fabrication plants, and they take a long time to build and put up online, but they're going to be making more specialized chips, which I really. [00:33:46] Well, there's an article that came out based on a survey from the I Tripoli. And this is called the impact of technology in 2022. And beyond of these are some global technology leaders. Of course I Tripoli was all about electrical engineering back in the day today, it's more about general technology. But here's the results. [00:34:12] What is important for next year? Now, remember, I don't give investment advice. So don't look at this as things you should be putting your money into. This is just stuff that is good to know and probably should be considered, but this is not again, investment advice. So. Technologies will be the most important in 2022. [00:34:33] While according to this kind of little, little brain trust, if you will, amongst the respondents more than one in five, say that AI and machine learning are going to be very important. What's the difference between artificial intelligence and machine learning. Uh, the lines are blurred nowadays. They used to be a lot more clear machine learning used to be the, the machine, the computer learns it. [00:35:02] Let's say it's working on a factory floor and it has to do some welding on a joint. And the, it has sensors and it learns, oh, okay. Well, this part, when it comes into me may be here, but I might be there and I might be here. So I got to kind of move around a little bit. That's basic machine. Artificial intelligence, which I think is a super set of machine learning, but other people argue the other way, but you know, they don't know what they're talking about. [00:35:30] There is artificial intelligence is where it doesn't even have to be taught how to learn. It. Just figures things out. So it's. When it's built, talk to learn where that piece that it needs to weld is likely going to be and how to find it. It just knows. Okay, well, I'm supposed to weld. So how do I do that? [00:35:56] That's much more of an artificial intelligence. So that's number one, artificial intelligence next. Cloud computing 20%. Now my opinion on cloud computing is not very high, frankly, because cloud is just the name for somebody else's computer cloud computing does not mean it's safer. It does not mean that it requires less work on your part where I think cloud computing can help a business is where. [00:36:30] Push over flow to the cloud. The many businesses that have moved technology to the cloud have moved it back now because frankly, the cloud did not provide them with what they thought they'd get, which is cheaper, better computing. And a lot of the breaches that we're getting nowadays are in the cloud. [00:36:53] People's databases being exposed, applications, being exposed. It's great for hackers because they know. Okay, well, let me see. Amazon has the majority of all cloud computing in the world, so let's just scan Amazon computers and see what we can find. Right. And they're going to find that this bank has this opener, that company has that database available, et cetera, et cetera. [00:37:17] So be careful with that, but they think cloud's number two, five G. 17% that I am very excited about it. And here's why five G is kind of a generic term for the high speed, uh, room wireless data. So think cell phone basically, but why it really matters is it's designed to handle billions of devices. So that you can have a lot of people sharing data and getting to data, sharing a network connection in a densely populated area. [00:37:58] That's where it really, really shined. And then it also has a faster data rate than the older technology. One of the things you'll find as you compare, if you really dig into the technology compare, the various cell companies is that for instance, T mobile, which is who I use has a lower frequency spectrum. [00:38:24] Lower frequencies can not carry as much data for, but what they can do, I'm really oversimplifying. But what they can do is more readily peers, glass, and brick and walls. So T-Mobile's frequencies are lower than Verizon, for instance. So Verizon can get you faster data. But can't get it into as many places and not as well as T-Mobile just really putting this quite simply. [00:38:57] And in fact, just what was it? Two weeks ago, we had a court order stopping the deployment of these higher frequency, 5g networks. Because of complaints from some people, uh, particularly in the avionics, in the airline industry where they're saying, well, they could be squashing some of our critical systems because they're using some of the old satellite frequencies for 5g up in the upper bands. [00:39:25] Anyhow, one of the things that 5g. Which has already been used for is what I was involved with. You know, I was involved with emergency medicine for a long time and I was an EMT I P D uh, back in the day. So almost a paramedic. And think about what could happen now, you're in the back of an ambulance that you could be the hands for the doctor who can be seeing the patient as you're driving down the highway, bringing that person in, because historically I remember this one woman. [00:40:01] Placenta previa and had just soaked through some towels with blood. She was in really bad shape and we were squeezing IVs to get fluid into her. It was, it was incredible. It was something else. And we brought her right in on the gurney, in emergency room and right up to the operating room and put her on the table, right from her ambulance gurney while with five G. [00:40:27] They can be doing that now, not just in an ambulance, but in, in more rural areas, doctors can be operating remotely on someone. It's very cool. This whole tele medicine, including remote surgery. It's huge. So these technology leaders agreed with me on that 24% is the number one, most benefit four or five G telemedicine. [00:40:53] Number two, remote learning and education 20%. Personal and professional day-to-day communications. Think of all of the stuff we're doing now, how much better that's going to get entertainment, sports, live streaming, manufacturing, and assembly transportation, traffic control. Now we're down to 7% and by the way, that's where the cars are talking to each other. [00:41:16] If you have five G. You don't need a mesh because you can use 5g, carbon footprint reduction in energy efficiency. That's 5% and 2% farming and agriculture. Our farming equipment is already using GPS in order to plow fields, planned fields, harvest fields. It's amazing. So there you go. Those are the top pieces of technology that are predicted to influence us next year. [00:41:46] I think it's absolutely correct. And I've got to give you a bit of good news here again. 97% of these people polled agree that their teams are working more closely than ever before. Because of these working from home workplace technologies and apps for office check-in, et cetera. Good news. All around. [00:42:11] Hey, if you want more good news. If you want to know what's happening, even some bad news, I got the right place for you to go. I have five minute little trainings in my emails every week. I have bootcamps again, all of this is the freeze stuff. You imagine what the paid stuff is like, but I want you to understand this. [00:42:32] Okay. Craig, peter.com/subscribe. Do it right now. [00:42:39] I had a good friend this week that had his life's work stolen from him. Yeah. And you know what caused it? It was his passwords. Now, you know what you're supposed to be doing? I'm going to tell you exactly what to do right now. [00:42:55] Well, let's get right down to the whole problem with passwords. [00:43:00] I'm going to tell you a little bit about my friend this week. He has been building a business for. Maybe going on 10 years now, and this business relies on advertising. Most businesses do so in some way, we need to have new customers. There's always some attrition there's customers that go away. So how do we keep them? [00:43:25] Well, we do what we can. How do we get new customers? Well, for him, it was. Advertising, primarily on Facebook. He did some Google ads as well, but Facebook is really where he was focused. So how did he do all of that? Here's the bottom line. You have to, if you are going to be advertising on Facebook, you have to have an advertising account. [00:43:51] Same thing's true with Google. And then on that account, you tie in either your bank account or your credit card. I recommend a credit card so that those transactions can be backed up. And on top of all of that now, of course you have to use a pixel. So the way the tracking works is there are pixels on websites, you know, about those already. [00:44:17] And the bottom line with the pixels. Those are also. Cookie's about the pixels are used to set a cookie so that Facebook knows what sites you've gone to. So he uses those. I use those. In fact, if you go to my website, I have a Facebook pixel, the get set. And the reason for all of that is so that we know with. [00:44:39] I'd be interested in something on the site. So I know that there's a lot of people that are interested in this page or that page. And so I could, I have not ever, but I could now do some advertising and I could send ads to you so that if you were looking at something particular, you'd see ads that were related to that, which is what I've always said. [00:45:04] Is the right way to go. If I'm looking to buy a pickup truck, I love to see ads for different pickup trucks, but if I don't want a car or truck, I don't want to see the ads. Right. It isn't like TV where it seems sometimes every other ad is about. Car or a pickup truck. It drives me kinda crazy because it's a waste of their money in advertising to me because I don't want those things. [00:45:33] And it's also not only just annoying in money wasting. There are better ways to do targeting. And that's what the whole online thing is. Anyways, I told you about that because he had set up this pixel years ago. Basically the Facebook pixel gets to know you gets to know. All of the people who like you, that might've bought from you. [00:45:58] Cause you can have that pixel track people through your site, your purchase site, they know what you purchase on the shopping cart, et cetera. And you can identify these people over on Facebooks and them ads because they abandoned the cart or whatever it is you want to do there. There's just a whole ton of stuff that you can do for these people. [00:46:19] And it's so bad. It is so valuable. It takes years to build up that account years to put that pixel in place. And our friend here, he had done exactly that. Then he found that his account had been compromised. And that is a very bad thing in this case because the bad guy used his account to place ads. Now there's really two or three problems here. [00:46:52] We'll talk about one of them is. Why was the bad guy going after him? Well, he has been running ads on Facebook for a long time. So as far as Facebook is concerned, his account is credible. All of the ads he runs don't have to be reviewed by a human being. They can, can go up almost immediate. He doesn't have to wait days for some of these things to go up. [00:47:21] So our bad guy can get an account like his, that has years worth of advertising credibility, and now start advertising things that are not correct. So there again is part of the value of having one of these older accounts for advertising. And so the bad guy did that use his credibility. And then secondly, he used 25 grand worth of my friend's money to run ads. [00:47:51] Also of course, very bad, very, very bad. So I sat down with him. In fact, it was this last week and I was out on a trip with just kind of a vacation trip. It was absolutely wonderful. You know, I, I never just do vacation. Right. It's always business plus work whenever I do anything like this, but I was on. [00:48:11] Trip last week. And so my eldest son who works closely with me, and he's also part of the FBI InfraGuard program. I had him reach out to my friend and they, he helped them out and they talked back and forth. Here's the problem that he has. And I'm trying to figure out a really good way to solve this. And I haven't figured that out yet. [00:48:35] And you know, if you guys have an idea because you are the best and brightest, you really are. Go ahead and drop me an email me@craigpeterson.com if you know, a good way around this particular problem, which is he has. This Facebook could count as well as many other accounts, including his website, hosting account, his email account, et cetera. [00:48:57] And. Uh, he has people who manage his ads for him who manages website for him, who put up some of the promotions for him, you know, the advertising and everything else. So these are third-party. This is what we generically call a supply chain, risk people who are not him have access to his stuff, his private stuff. [00:49:24] And, well, how does he do it or how did he do it? Is he went ahead and gave them. Access by giving them accounts or passwords. How well were they guarding their passwords and their accounts? So the first thing I had my friend do was go to have I been poned.com. You'll find that online at have HIV. E I been. [00:49:50] Poem dispelled PW, N E d.com. So I took him to have I been poned and I had him put in his email address, the one he uses the most and it showed up in five different. Hacks data dumps. So these are five different sites where he had used that same email address in this case. And he found out that in those five cases, the bad guy's got his passwords and personal information. [00:50:21] All bad. Right. And he went ahead and cleaned it up. So I said, well, put in the password because have I been, poned also let you check your password, just see if it has been used by someone else and then stolen. So there are billions of passwords in this database. It's incredibly. Of all of these known passwords. [00:50:44] So he put in his password and no it had not been stolen, but the problem is how about the people that were managing his ads on Facebook and managing his Facebook ad. We're the usernames, which are typically the email addresses and the passwords kept securely. That's a supply chain thing I'm talking about, and that's where I I'd love to get him. [00:51:12] But from you guys, me@craigpeterson.com. If you think you have a good answer, What we've been doing. And our advice to him was use one password. That's the only one to use. I don't trust the last pass anymore. After their last big hack where they got hacked, uh, one password, the digit one password. And go ahead. [00:51:33] And set it up. And in a business scenario, you can have multiple vaults. So have a vault. That's just for people that are dealing with your Facebook ad account, maybe have another vault for people who are posting for you on Facebook. Or better yet when it comes to Facebook, go ahead and have an intermediary that is trusted, uh, kind of like the, if this, then that, or there's a few of them out there that can see that you put the post up on the website and automatically posted on Facebook. [00:52:09] So you don't have to get. All of these people, your passwords, but again, it's up to you. You got to kind of figure out if that makes sense to you that those are the types of things that I think you can do. And that is what we do as well. Now, one of the beauties of using one password like that, where you're not sharing all of your passwords to everything you're sharing, the minimum amount of login information that you possibly can share is that if they leave your employees, All you have to do is remove their access to the appropriate vault or volts, or maybe all of your volts. [00:52:49] And this is what I've done with people that worked for me in the U S and people would work for me overseas and there have been a lot of them and it has worked quite well for me. So with one pass, We can enforce password integrity. We can make sure the passwords on stolen. One password ties automatically into have I been postponed. [00:53:12] So, you know, if a password has been exposed, if it's been stolen online, it's a great way to go. Now I've got an offer for you guys who are listening. I have a special report that I've sold before on passwords, and it goes through talks about one password. He talks about last pass, which I'm no longer really recommending, but give some comparisons and how you can use these things. [00:53:35] Make sure you go and email me right now. Me, M e@craigpetersohn.com. That's Emmy at Craig Peter Sohn, S O. Dot com and just ask me for the password special report, and I'll be glad to get that on off to you. There is a lot of good detail in there and helps you, whether you're a home user or a business. [00:54:02] So the next step in your security is multi-factor authentication. Interesting study out saying that about 75% of people say that they've used it for work or for business, but the hard numbers, I don't think the. [00:54:18] One of the things that you have to do is use good passwords. And the best way to do that is to use a password manager. [00:54:27] I was talking about a friend of mine who had been hacked this last week and his account was hacked. His Facebook ad account was hacked. We asked him if we could reach out to. BI and he said, sure. So we checked with the FBI and they're looking to turn this into a case, a real case, because they've never seen this type of thing, the hijacking of an advertising account who hijacked it. [00:54:56] And why did they hide jacket? Was this in preparation maybe for. Playing around with manipulating our next election cycle coming up. There could be a lot of things that they're planning on doing and taking over my friend's account would be a great way to have done it. So maybe they're going to do other things here. [00:55:15] And our friends at the FBI are looking into it. How now do you also keep your data safe? Uh, easily simply. Well, when we're talking about these types of accounts, the thing to look at is known as two factor authentication or multifactor authentication. You see my friend, if he had been using multi-factor authentication. [00:55:42] I would not have been vulnerable. Even if the bad guys had his username, email address and his password, they still would not be able to log in without having that little six digit code. That's the best way to do multi-factor authentication. When we're talking about this code, whether it's four or 5, 6, 8 digits long, we should not be using our cell phones to receive those. [00:56:16] At least not as text messages, those have a problem because our phone numbers can be stolen from us and they are stolen from us. So if we're a real target, in other words, they're going after you. Joe Smith and they know you have some, $2 million in your account. So they're going after you while they can, in most cases take control of your phone. [00:56:45] Now you might not know it and it doesn't have to be hacked. All they have to do is have the phone company move your phone number to a new phone. Once. So that means one of the things you need to do is contact your telephone vendor, whoever it is, who's providing new that service. That's a company like Verizon sprint T-Mobile, uh, a T and T one of those companies that are giving you cell service, you have to contact them and set up a pass. [00:57:15] So that if they have a phone call coming in and that phone call can be faked. So it looks like it's coming from your phone, even if there was a phone call coming in, whether it's coming from your phone or not, they have to get that password or pass code that you gave them. And once they have that pass code now, Right. [00:57:37] Uh, and that's great, but if you don't have that in there targeting you specifically, then you're in trouble. So for many of us really, it, it may not make a huge difference. Uh, but I would do it anyways. I have done it with every one of my cell phone carriers now. A couple of decades set up a password. So the next step is this multifactor authentication. [00:58:03] If I'm not supposed to get it via text message to my phone, how do I get it? Well, there are a couple of apps out there. There's a free one called Google authentic. And Google authenticator runs on your phone. And once it's there on your phone and you are setting it up on a website, so Facebook, for instance, your bank, most websites out there, the bigger ones, all you have to do is say, I want to set up multi-factor authentication, and then it'll ask you a case. [00:58:34] So how do you want to do it? And you can say, I want an app and they will display. A Q R code. That's one of those square codes with a bunch of little lines inside of it. You're seeing QR codes before they become very common. And you take your phone with the Google authenticator app. Take a picture. Of that little QR code on the screen, and now it will start sinking up so that every 30 seconds Google authenticator on your phone will change that number. [00:59:08] So when you need to log back into that website, it's going to ask you for the code. You just pull up Google authenticator and there's the code. So that's the free way to do it. And not necessarily the easiest way to. Again, going back to one password. I use this thing exclusively. It is phenomenal for keeping my passwords, keeping them all straight and then encrypted vault, actually in multiple encrypted vault it's so that I can share some of them. [00:59:37] Some of them are just strictly private, but it also has that same authenticator functionality built right into it. Microsoft has its own authenticator, but you can tell Microsoft that you want to use the standard authenticator. Of course, Microsoft has to do everything differently. Right. But you can tell it. [01:00:00] And I do tell it, I want to use a regular authenticator app, not Microsoft authentication. By the way. That's why I advise you to do don't use the Microsoft authenticator, just use one authenticator for all of the site, and then Microsoft will give you that same QR code. And then you can take that picture and you're off and running. [01:00:20] Next time you log in, it asks you for the code and instead of texting it to you to your phone smarter, otherwise it will not. That require you to open up your authenticator. So for me, for instance, when I'm logging into a website, it comes up and asks for the username, asked for the password. Both of those are filled out automatically by one password for me. [01:00:44] And then it asks for that code, uh, indication code and. One password automatically puts it into my pace to buffer copy paste, buffer, and I just paste it in and they they've got the code. So I don't have to remember the codes. I don't remember passwords. I don't have to remember usernames or email addresses. [01:01:05] One password remembers them all for me. Plus it'll remember notes and other things. So you can tell, I really like one password. We use it with all of our clients. That's what we have for them. And it does meet even a lot of these DOD requirement on top of. Depending again, how much security you need. We will use duo D U O and it also has this authenticator functionality and we will also use UBI keys. [01:01:37] These are those hardware key. They do oh, can provide you with hardware tokens. Those are those little tokens that can go onto your key ring. That show a changing six digit number every 30 seconds. And that's the same number that would be there in your smartphone app. Your one password or Google authenticator smartphone. [01:01:59] Hopefully, I didn't confuse you too much. I think most of the reason we're not using the security we should is because we're not sure how to, and we don't know what we're going to be. And I can see that being a big problem. So if you have questions about any of this, if you would like a copy of my password security, special report, just send an email to me. [01:02:25] M e@craigpetersohn.com. That's me M e@craigpeterson.com. That's S O n.com. I'll be glad to send it to you. Also, if you sign up for my newsletter there on my website@craigpeterson.com, you are going to get. I was hold little series of these special reports to help you out, get you going. And then every week I send out a little bit of training and all of my articles for the week. [01:02:56] It's usually six to 10 articles that I consider to be important so that, you know, what's going on in the cybersecurity world. So you can. With it for yourself, for your family, for your business. Craig peterson.com. Stick around everybody. We'll be right back again. Craig peterson.com. . [01:03:20] According to researchers. 32% of teen girls said that when they felt bad about their bodies, Instagram made them feel worse. And you know what Facebook knew and knows Instagram is toxic for teen girls. [01:03:37] There's a great article that came out in the wall street journal. [01:03:40] And I'm going to read just a little bit here from some of the quotes first. When I went on Instagram, all I saw were images of chiseled bodies, perfect. Abs and women doing 100 burpees in 10 minutes, said, Ms. Uh, now 18, who lives in Western Virginia. Amazing. Isn't it. The one that I opened now with 32% of teen girls said that when they felt bad about their bodies, Instagram, I made them feel worse. [01:04:12] So that is some studies again, that looks like, um, yeah, these were researchers inside Instagram and they said this in a March, 2020 slide presentation that was posted to Facebook's internal message board that was reviewed by the wall street journal quote comparisons on Instagram can change how young women view and describe themselves. [01:04:38] Apparently for the past three years, Facebook has been conducting studies into how Instagram is affecting its millions of young users. Now, for those of you who don't know what Instagram is, it allows these users to create little stories, to have. Pictures videos of things that they're doing, and it it's a lifestyle type thing you might've heard of course, of how this, this, uh, I don't know what it is. [01:05:09] Kidnapping murder plot. These, this young couple and the body I think was found up in Wyoming. Uh, I'm trying to remember, but, uh, of her and it's yeah, there it is. It wasn't my OMI. And I'm looking up right now, Gabby potato. That's who it is. She was what they called a micro influence. And I know a lot of people who can loom, that's what they want to be. [01:05:37] There's a, a young lady that stayed with us for a few months. She had no other place to live. And so we invited her in here and, uh, we got some interesting stories to tell about that experience. And it's, you know, a little, a little sad, but anyhow, she got back up on her feet and then she decided she was going to become an influence. [01:06:01] And what an influencer is, is someone that has a lot of followers. And of course, a lot means different numbers. You get these massive influencers that have tens of millions of people that quote, follow unquote them. And of course, just think of the Kardashians they're famous for. Being famous, nothing else. [01:06:23] Right. Uh, they have subsequently done some pretty amazing things. At least a few of them have. And we've got one of those daughters who now was the first earliest billionaire, I think it was ever youngest. So they have accomplished some amazing things after the fact, but they got started. By just becoming famous by posting on these social media sites. [01:06:48] So you get a micro influencer, like Gabby Petito, who is out there posting things and pictures. And you look at all of these pictures and, oh my gosh, they're up at this national park. Oh, isn't she so cute. Oh, look at her boyfriend. They'll look so good together. And people. Fall for that image, right? It's just like Photoshopping these pictures of models, changing them. [01:07:16] There've been some real complaints about those over the years. So Instagram sets these kids up with these pictures of people that are just totally unrealistic. One of the slides from a 2019 presentation says, quote, we make body. Excuse me. We make body image issues worse for one in three teenage girls teams, blame Instagram for increases in the rate of anxiety. [01:07:49] And depression said another slide. This reaction was unprompted and consistent across. Groups among teens is this according to the wall street journal who reported suicidal thoughts, 13% of British users, and 6% of American users trace the desire to kill themselves to Instagram. Again, according to one of these presentations, isn't this just absolutely amazing. [01:08:18] And you might've heard it discussed a little bit. I saw some articles about it, obviously in the news wall street journal had it, but this is a $100 billion company, Instagram. That's what their annual revenues. More than 40% of Instagram users are 22 years old and younger. And about 22 million teens log into Instagram in the U S each day, compared with 5 million that log into Facebook, the younger users have been declining. [01:08:57] Facebook it's getting, uh, the population there is getting older and older on Facebook. In average teens in the us spend 50% more time on Instagram than they do on Facebook. Uh, and also tick-tock, by the way I took talk has now surpassed YouTube in some of these metrics, quote, Instagram is well-positioned to resonate. [01:09:20] And when with young people said a researcher's slide posted internally. Inside Facebook and post said there is a path to growth. If Instagram can continue their trajectory. Amazing. So Facebook's public phase has really tried to downplay all of these negative effects that the Instagram app has on teens, particularly girls, and hasn't made its research public or available to academics or lawmakers who have asked for it. [01:09:54] Quote, the research that we've seen is that using social apps to connect with other people. Positive mental health benefits said mark Zuckerberg. He's the CEO of course of Facebook. Now this was 2020. In March one at a congressional hearing, he was asked about children and mental health. So you see how he really lawyered the words that they can have, can have positive mental health benefits, but Facebook's own internal research seems to show that they know it has a profound negative effect on a large percentage of their users. [01:10:36] Instagram had Adam Moseri told reporters in may of this year, that research he had seen suggest the app's effect on team's wellbeing is likely quote quite small. So what the wall street journal seems to be pointing out here is that Facebook is not giving us the truth on any of this stuff. It's really sad. [01:10:58] We've got to be careful. No, apparently Mr. Moseri also said that he's been pushing very hard for Facebook to really take their responsibilities more broadly. Uh, he says they're proud of this research. I'm just kind of summarizing this before we run out of time here, but it shows the document. Uh, internal documents on Facebook show that they are having a major impact on teen, mental health, political discourse, and even human trafficking. [01:11:36] These, this internal research offers an unparalleled picture. Uh, Courtney told the wall street journal of how Facebook is acutely aware that the products and systems central to its business success routine. Fail great article. I've got it in this week's newsletter. You can just open it up and click through on the link to the wall street journal. [01:12:01] They have a pay wall and I kind of hate to use payroll articles, but this one, this one's well worth it. And they do give you some free articles every month. So if you're not on that newsletter, you can sign up right now. Craig peterson.com. You'll get the next one. If you miss a link today, if you want some, you know, the special report on passwords, et cetera, just email me directly. [01:12:29] Give me a few days to respond. Uh, but me M e@craigpeterson.com. That's me M e@craigpeterson.com. [01:12:41] We've all worked from home from time to time. At least if we're somehow in the information it industry, I want to talk right now about why you need a personal laptop. Even if the business is providing you with a laptop. [01:12:57] Laptops are something that was designed to be personal, but many of us are using them as our main computer. [01:13:06] I know I often am using my laptop, a couple of my kids and my wife. It's really their main computer, even though they all have other computers that they could potentially be using, laptops are just handy and you have them with, you can take them with you. We've got workstation set up that are kind of. [01:13:27] Workstations, if you will, where there are three screens set up and they're all hooked up into one central screen controller that then has a USBC connection that goes right into the, your laptop. So you can be sitting there with four screens on your Mac laptop on your Mac pro if you needed four screens, it's really handy. [01:13:53] No question. Many of us have a laptop for home and a laptop for business. And many of us also look at it and say, oh wow, this is a great laptop I got from work. It's much better than my home laptop. And you start to use the business laptop for work. At home. Okay. That's what it's for. Right. But then we start to use that business laptop for personal stuff. [01:14:25] That's where the problems start. We've seen surveys out there that are shown. Then half of workers are using work issue devices for personal tasks that might be doing it at home. They might be doing it at the office. Things like personal messages, shopping, online, social media, reading the news. So the prospect of using your work laptop as your only laptop, not just for work, but also for maybe watching some movies, group chat and messaging, reading, fan fiction, paying bills, emailing to family or friend. [01:15:06] It just seems not. It's so tempting. It's just natural. I'm on it. I'm on it all day long. Why wouldn't I just use it? And this is particularly true for people who are working from home, but we have to be careful with that. It's really something that you shouldn't be doing for a couple of reasons. One that. [01:15:30] Top that's a business. Laptop is the property of the business. It's just like walking home with boxes, full of pencils and paper back in the old days, it is not yours to use for personal use. We also have to assume, assume since it is the company's laptop that hopefully it's been secure. Hopefully they haven't set up. [01:15:57] So it's going through a special VPN at the office and it's going through special filters, maybe snort filters or something else. That's doing some deeper inspection on what's coming through your laptop. Well, there are also likely on that laptop. Tools that are monitoring your device. Things like key loggers, biometric tracking, Jill location, software that tracks your web browser and social media behavior, screenshot, snapshot software, maybe even your cam. [01:16:34] Is being used to keep track of you. I know a number of the websites that I've used in the past to hire temporary workers. Those workers have to agree to have you monitor what they're doing. These hourly workers, subtle take screenshots of their screen, unbeknownst to them. Yeah. Pictures from the cameras at random intervals. [01:16:58] Again, unbeknownst to them, it'll track what they're doing. And so I can now go in and say, okay, well he billed me five hours for doing this. And I look at his screen and guess what? He wasn't doing that for all of those five hours that he just billed me. Well, the same thing could be true for your company, even if you're not paid by the hour. [01:17:23] Right now, we're looking at stats that show over half of the businesses that are providing laptops for the employees to use more than half of them are using monitoring software. And through this whole lockdown, the usage of these different types of monitoring systems has grown. Now there's some of the programs you're using. [01:17:50] You might be VPN in, you might be using slack or G suite enterprise, all good little pieces of software. They can monitor that obviously, but it goes all the way through to the business. And using your slack access as paid for, by the businesses also idiotic to do things like send messages to your buddies, set up drinks after work, complain to other people about someone else in the business, your boss, or otherwise your it, people at the business can see all of that. [01:18:31] They can see what you're doing with slack. Even if you have a separate personal account. It's still more likely that you'll end up mixing them up if you're logged into both on the same computer. So the bottom line is if you are on a work computer, whether it's a laptop or something else, you can reasonably assume that I T can see everything. [01:18:56] That's not. They own it. Okay. And they have to do some of this stuff to protect themselves. We put software on laptops for companies not to spy on employees. That's none of our business, but we put software on computers for employees. To make sure they stay safe. Think of what happens when your computer, your laptop, whatever it might be connects to the company's network. [01:19:25] Now that can be through a VPN. It can be because you take your laptop home or on the road when you're traveling and you bring it back into the office. If that computer is infected, somehow now you've brought that infection into the office. And that's how a lot of the malware works. It goes from computer to computer. [01

    Do You Think There's Nothing You Can Do to Keep the Bad Guys Out?

    Play Episode Listen Later Nov 19, 2021 53:45

    Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? What a week. The FBI got hacked. Homeland security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails, and how are they trying to con you? [Automated Transcript Follows] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone sitting there saying, well, gee, if the FBI gets hacked, there's no way my business can survive an attack. Remember that the FBI is a huge, huge target. They have so many systems, so many people, and the bad guys really, really would love to send an email out as though they are the FBI. [00:00:49] And, they did, they used, they used the FBI's email servers to send out some of these fake emails. I thought that was kind of funny, but be that as it may, the FBI closed. But there are things you can do to protect yourself, to protect your email. And my wife and I have been working diligently on a guide. [00:01:13] Now, you know that I protect businesses. I work closely with the FBI, been doing cyber security for more than 30 years. I kind of hate to admit it. But, uh, you know, you know, I've been on the internet for more than 40 years. So I've been at this for a very, very long time and there are things you can do. So we're making available a guide. [00:01:38] So she's taken a lot of my teachings and is boiled it down. It looks like it's going to be 25 ish pages. And it's just the essential things, the primary things that you can do. To stop your email from getting hacked, your bank accounts, et cetera. There are some pretty simple things you can do. So we're putting that together, and we're also putting together a Bootcamp and both of these are free. [00:02:07] Okay. Absolutely free. And in the bootcamp, again, this book isn't about selling you all of the, my services and stuff. It's giving you. Actionable things you can do. Yes, you can do. You don't need to be the FBI or a cybersecurity expert to do them, but five things you can do that will, I don't know, 10 X, your cybersecurity, really? [00:02:35] It it's, it's that big a deal. And it's going to take you less than an hour to do all of this stuff. So for those people who like the boot camp, so we're going to have. And, uh, you know, one of these zoom things and we're going to do it live and I'm going to explain it to you, spleen it. And you're going to have some homework before the bootcamp, because I want you to have some skin in the game too. [00:03:02] Right. You're not paying me or anything. So I want to make sure that you've done your homework so we can quickly. Go through all of the stuff that we need to cover in the boot camp and people who are interested in kind of being the example, which means they are going to get more information than anybody else. [00:03:21] You can also say, Hey, listen, uh, yeah, please use mine as an example. So we'll look at all of these different things. We're going to focus in on that first bootcamp primarily on. The stuff with passwords, you know, what should you do? How should you do it? How can you tell if your password has been stolen? If your email accounts been compromised, all of that sort of thing. [00:03:44] And you need to be on my email list in order to find out about this stuff. Right. And in fact, when you sign. I've got three special reports that Karen and I wrote that are really going to be helpful for you. These are three that we've been using with our clients for years, but again, actionable. To do right, is not some marketing sales guy trying to sell you the latest, greatest piece of antivirus software that doesn't work. [00:04:18] So you can get that. If you go to Craig peterson.com right now slash subscribe. If you want the deep link, Craig peterson.com/subscribe. We'll go ahead and sign you up. I have a little automated sequence. It's going to send you the emails with all of the attachments. We got one, that's kind of an introduction to Karen and I, you get to see both of us. [00:04:44] And, uh, it's a really cool picture of when we're on vacation one time and you can get all of that again. It's free. This is the free newsletter. This isn't the paid newsletter. Craig peterson.com. Slash subscribe. All right. So I can help you out with all of that free content. And I have lots of it. I'm on the radio every week talking about free, right. [00:05:08] And you can avoid these things. So like, I kind of hate to bring up this FBI hack because as I discussed again with Karen this week, I, I don't want people to feel like there's nothing that they can do. I have a friend, her name's Laura and she's in one of my mastermind groups. And Laura is, was listening to me because another mastermind member got hacked and it had like, what was it? [00:05:36] $45,000 ultimately stolen from him. And we helped them out. And so I was explaining, okay, so here's the things you can do. And. Basically all she heard was, uh, I'm never going to be able to do this. And, and she's a technical person. She teaches people how to become business analysts, which is pretty technical, right. [00:06:00] There's a lot of steps involved in doing business and analyst work. And so I was really surprised to hear from her that she had. The securing herself was just too hard. You know, the FBI gets hacked, et cetera. And so that's why when I came to this realization, the bottom line is, yeah. Okay. It can be hard if you're like me and you've been in doing this for 30 years, you've got the curse of knowledge, right? [00:06:30] So you, you know, all of this stuff, this isn't for you. If, if you know everything, okay, this is for people who. Quite understand what's going on. Definitely don't understand what they should do. Don't know what they should buy. They don't know how to use the free stuff that Microsoft and apple give you and how to pull it all together. [00:06:52] That's what I want you to be able to understand, and we spend time every. Going through this and every newsletter. I have a, an opening now that is a lot about three to five minute read. If that it can be very, very quick read and is helping you to understand some of the things that you can and should do. [00:07:16] So you'll get that as part of the newsletter. Again, Craig peterson.com. That's in my free newsletter. You should see the paid newsletter. Uh, it's a big deal because it's your life. It's a big deal because it's your business. It's a big deal because it's your job on the line. And most of the time, and when I pick up a new client, it's somebody who's kind of the office manager. [00:07:42] Well, frankly, more than your office manager, sometimes the business owner, you know, owner operator says to the office manager, Hey, we got to do something about cybersecurity and then I get. Saying, Hey, can you do a cyber health assessment for us and that cyber health assessment, which we'll do for almost anybody out there will tell you the basic self. [00:08:05] Okay. Here's what you got to do. You've got to update this. You should turn off this software or you should do this and that with your firewall so that they have. I a little checklist, right. That they can run through. That's the whole idea behind one of these cyber health assessment. And then what happens is they say, okay, well, let's, let's talk some more and we go in and talk with them, talk with the owner. [00:08:32] Do they want to do, help them put together a more detailed plan and then they are off and running so they can do it themselves. They can hire someone, they can have us do it for them, whatever seems to make the most sense, but it's very important. To do it, to do something because sitting there trusting the Google's going to take care of you or apple or whomever, it is, uh, you know, trusting Norton antivirus is going to take care of. [00:09:04] I was reading a quote from John McAfee. He's the guy that started the whole antivirus industry. Now, of course, he passed away not too long ago, under suspicious circumstances, but he came out and said, Hey, listen, antivirus is. Because right now this year, these weren't his stats. These are stats published. [00:09:24] You can find them online. Just duck, duck, go them. Yeah. I don't use Google for most things. Uh, and you'll find that the antivirus is ineffective 77, 0% of the time. So, what do you need to do? Well, you need to listen to me here because I am going to help keep you up to date here. Some people are auditory listeners. [00:09:46] You need to make sure that you get the newsletter so that you get the weekly updates and you find out about these free trainings and special reports that we put together. Makes sense to you and you can attend the boot camps where we cover the basically one hour meetings on zoom, just like you're used to, and we cover one or more specific topics and we do it live and we use your information. [00:10:17] The information you want us to have a, do you want us to share? So how could that be better? And it's the same sort of stuff, but deeper dives and more interactive obviously than radio. And you can listen to me here every week. I think it's important that you do, and you understand this stuff. So anyways, ramble, ramble. [00:10:37] It all starts with email. How do you keep your emails safe? You might remember years ago, you, people were getting broken into and emails were sent out using their accounts. Well, that happened decades ago and it's still happening today. So. Right now, Craig peterson.com. I promise you. I am not a heavy marketer. [00:11:01] Okay. You're going to get good, actionable information that you can put to use in a matter of minutes, Craig peterson.com/subscribe. [00:11:13] Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a fist sophisticated chain attack. Your, I am trying to put on this like official voice. Right. And it didn't do so well anyways, that's what we're going to talk about, right now. [00:11:29] This is an email that came from the department of Homeland security warning about hackers in our network. [00:11:37] Okay. The subject line here, the one I'm looking at, and this is a, the justice week urgent threat. In systems read the email goes on. We tried to black hole, the transit nodes used by this advanced persistent threat actor. However, there is a huge chance you will modify as attack with fast flux technologies. [00:12:01] I don't know if that ties into a flux capacitor or not, which he proxies through. Uh, multiple global accelerators. So this is somebody who doesn't really know what they're talking about. They're just throwing up big words. We identified the threat actor to be. Somebody whom is believed to be in of course, whom wrong usage of the word here, uh, is believed to be affiliated with the extortion gang, the dark overlord, comma, uppercase. [00:12:33] We highly recommend you to check your systems and IDs monitoring. Be where this threat actor is currently working under the inspection of the MCC. I see, as we are dependent on some of his intelligence research, we cannot interfere physically within four hours, which could be enough time to cause severe damage to your infrastructure. [00:12:59] Stay safe. USDA department of Homeland security, cyber threat detection and analysis network analysis. Total control panel. So this is classic when it comes to scammers. And the classic part is that you could do. Is the grammars bad. The wording is confusing, his punctuation is wrong and he's throwing out all whole bunch of words that are used when it comes to hackers. [00:13:35] You know, there are things like advanced, persistent threats. That's one of the biggest problems in fact, businesses have today. But in reality, the way he used it, Incorrect now that's something I would notice cause I've been doing this stuff for more than 30 years, but the average person is never going to notice something like this. [00:13:59] So it's been pretty, in fact, pretty successful now, a little different than usual here. These fake messages don't have attachments. They don't have phone numbers. They don't have web links. Therefore what? Well, your email filter is not going to look at them and say, oh, these look risky. These URL links are going to risky sites. [00:14:26] I'm going to block it. Right. That's what we do. We have the advanced email filtering from Cisco that we use for our client, or that includes their amazing artificial intelligence for phishing and stuff. So an email like this is not go. To trigger those types of alarms. So they're saying don't panic, avoid contacting the FBI for further details and ignore the accusations that are made in the email. [00:14:55] This is so focused though. So is a cybersecurity company. They have, they have a lot of stuff. They have some pretty good stuff. It's not, um, there's not. But spam house is tracking it. Now, if you've ever been blacklisted, it's called black Coleen really by people who might've used your domain to send spam, or maybe you're a spammer, you've heard of spam house and I've been blacklisted before inappropriately. [00:15:25] The good news is my. That I use for emailing is about 30 years old as well. So it's got a pretty good reputation over the years, but spam house is saying now that this is a scam they've been tracking it. It's a well-known scam and it's been widely circulated. To those office managers that I said are often the people who call us when there's a cybersecurity problem, or we get calls from office managers when something doesn't look right with the emails. [00:16:01] And we have a client that had been getting these weird emails and. We were called saying, what's going on, have a look. We looked and we found all kinds of problems. Right? So that again, an office manager approaching us and thinking everything's fine because they had Norton and they had the more advanced Symantec stuff and it didn't catch. [00:16:27] Any of this really nasty stuff, but that's part of what Spamhaus does. And they're looking at it and saying, oh, okay, wait a minute. Now we're seeing these emails come out. They are definitely not coming from, uh, fbi.gov, which is what the return address is. And so spam house tags, it spam. Assassin's going to tag it and, and it's not even going to make it. [00:16:56] Anything, but a log on are our email filter. So a number of people have received it. If you've received this email, I'd love to know it because they really are trying to go after the people who are a little bit more into this now, how do they find them? Apparently? They have stolen the email addresses by scraping them from public sources. [00:17:22] So databases, uh, published by Aaron, for instance, the American registry for internet numbers. And I'm assigned my own number is CP 2 0 5 because I was so early on by Aaron they're the guys that have been managing. The basic internet domain stuff here in the U S for very long time. And it also doesn't mean by the way that Aaron had any sort of a breach. [00:17:47] And really just showing that the crooks behind this disinformation campaign have really been focusing on people who appear to be in network administration, because those are the email addresses and names that Aaron is going to have. So why are they doing this? Why are they sending it out into it's frankly, it's kinda hard to tell some of the emails have a QR code in them. [00:18:18] Now that is intriguing because here's how, again, how a lot of these basic email filters work, they look at it, they say, well, what links are in there? How many links, how much of the email is a graphic? And they understand while it's going to internet bad guys.com. There's the link right there. Forget about it. [00:18:42] I'm not going to forward this email to the intended recipient, but if there's a QR code in that email to almost every email filter out through. It only looks like a graphic. So might've been a picture of your mother as far as it knows. Most of them are not very smart. So w you getting an email, having a QR code in it and saying, oh, that's kind of interesting. [00:19:07] Let's check out that QR code. That's where the hazard com. All right. So be very, very careful fake news like this. It's not only unfair to the people who are accused in it, which is what happened here. There can be accusing your own it department. They can be accusing. People within your department, which is typically what's happening and then what they may try and do now that you don't trust your, it people, your security people, because they're mentioned by name in the email, but remember their names are probably scraped off of. [00:19:47] That you don't trust them. And now they attack you and you don't trust that you've been attacked. Right? So fake news, a term coined by Hillary Clinton during her campaign, but that's exactly what it is entirely fake. So this email, if you get one from Homeland security about threat actors in your systems, almost certain. [00:20:12] Fake fake, fake, fake stick around. We've got a lot more coming up. Don't forget to subscribe. Get my weekly newsletter. I'm going to be published and even more, I think probably starting next month. I'm going to be sending a couple emails out a week because I got to get you guys up to speed so that you're ready for the upcoming bootcamp. [00:20:35] Everybody knows about the chip shortage, right? Uh, computer chips. They're just hard to find. I'm hearing all kinds of ads from Dell lately on the radio. And they're saying just buy now. Well, they're not selling new high-end machines anymore. The white house. This is a story from the verge has allegedly kinda stepped in about Intel's plans to increase chip production. [00:21:04] And you'd think that the white house would be encouraging chip production. Considering the shortages, the justice week, it came out Tesla hasn't been delivering their electric cars. Without USB ports. Other manufacturers are no longer providing you with an electric window for your car. It's a crank window. [00:21:28] Car manufacturers did it to themselves, frankly, by stopping orders for chips during the lockdown, thinking that somehow people wouldn't need cars anymore. And yet their sales of cars went up and when they go. Yeah. Guess what happens to the price? The price goes up, right? Inflation. You have more money chasing fewer goods. [00:21:52] So they really nailed themselves. Don't feel so sorry for some of these car manufacturers. We need more chips. I mentioned one of the manufacturers of PCs, the many of us use in our offices and, and Jews in our homes. Dell is a good company. They have been for a long time. However, you gotta be careful when you're buying computers because Dell makes very low end computers all the way up through good solid servers. [00:22:22] Same. Thing's true with. P Hewlett, Packard, excuse me, Hewlett Packard. Remember those guys back in the day? Yeah. They also make everything from cheap computers that you never would buy should not buy all the way up through really good ones. It's kind of like going to Walmart, you go to the Walmart and you don't want to buy any of the computer sitting there with one exception. [00:22:48] And that is the Chromebook. If you buy a mid tier Chromebook at Walmart, you're going to get a good little computer. Doesn't run windows, doesn't run Microsoft office word, et cetera, but it can still edit those documents. And it's a very good machine that is kept up to date. Just watch the price $110 Chromebook, probably isn't going to last. [00:23:12] It doesn't have much storage on it, et cetera. A $2,000 Chromebook is probably major overhead. So go somewhere in the $400 $500 range for a Chromebook, which is by the way where they're selling some of the laptops, windows, laptops, same price point. I, again, that's why I just wouldn't buy any of that. So we need more chips. [00:23:37] We need higher end chips. They are very hard to get our hands on right now. We're talking about electrification of everything. And if you've heard me on the radio during morning drive time, you know, I've been just bemoaning how the government's putting the horse before the. They're out there saying electric, electric, electric, and shutting down pipelines and coal mining and coal power plants. [00:24:04] Although coal is one of the cleanest energy sources nowadays because of all of the scrubbing that's going on with the output of the coal plant. And also of course, they're, they've been stomping. Most of the nuclear plants from coming online, even though the new. Technology in nuclear is impossible to fail. [00:24:26] They use basic physics to make sure that these things aren't going to do a Jane Fonda, a China's syndrome thing. Okay. So it's just crazy. We don't have the electrical. Even if we put up, it would take literally millions of wind farm, our turbines, and obviously millions of rooms and fields covered with solar cells. [00:24:54] We would still need nuclear. We would still need other sources of power because the sun doesn't shine all the time and the wind doesn't blow all of the time. This is just completely backwards. People aren't thinking it through. It's again, it's the knee jerk. And of course they're investing heavily. They being the Congress, people of themselves, particularly those Congress people like the Al Gore's of the world and Nancy Pelosi and Chuck Schumer, because they are forcing a move to this technology that isn't ready for prime time. [00:25:31] And at the same time, we are trying to buy electric cars. How are we going to charge them? How are we going to run our homes? It's like Europe, people froze to death last winter in Europe. It's going to happen again this year. And the thing about what happened in Texas last year. Yes. Some of that was because they weren't prepared, but guess what else happens? [00:25:55] Sometimes the wind isn't blowing in Texas. So there's, there's just all kinds of problems. So Intel is saying, well, we got to increase our chip production. Intel's main business right now, by the way, seems to be moving towards making chips on behalf of other people, other companies, rather than making their own chips. [00:26:20] Isn't that kind of interesting. And the industry, the chip fab industry, the ones that fabricate the chips, make the chips are spending about $2 billion a week. According to the latest numbers I saw to try and expand the manufactured. Well, apparently Intel went to the white house because they want some of our tax dollars. [00:26:44] You know, the money they'd take at the point of a gun. They want some of that so that they can build their business, build it back better. And apparently some sources close to the situation told Bloomberg that Intel. Posed making silicone wafers in a Chinese factory, which could start production towards the end of next year. [00:27:12] But in a move that I agree with had the Biden white house, apparently Intel was strongly discouraged due to potential security issues. Yeah, no kidding. Some major security issues here. We don't want to give away our technology to make this leading edge stuff. Think about the U S. We were always the country that people came to for technology. [00:27:43] I mentioned this week on the radio, the cotton gin way back when look at how much labor. That, uh, that cut look at the internal combustion engine. And again, the Teamsters, the horses, the cleanup crews in New York city. Right. All of that went goodbye pretty much because of technology and people got higher technology. [00:28:10] Jobs and everyone became more efficient and that's, what's supposed to happen right now when right now based basically we have stagflation in other words, prices are going up, but we're not getting any more productivity out of it. That's a real problem. And that's why they keep talking about the problems we were having in the late seventies. [00:28:31] And I remember those well, I remember gas lines sitting there in California waiting to buy gas. It was incredible what was happening out there. So Intel thinks it needs to secure funding from the federal government in order to ramp up the production. Bloomberg announced, Orwell said that Intel currently has no plans to produce silicone wafers in China after discussing it with governor. [00:29:01] Officials and it will instead consider other solutions. Now I hope those other solutions are to make those plants, those chip fab plant here in the United States. Let's put ourselves back on a leading edge footing here. Google moved its artificial intelligence lab to China talking about. Anti American thing to do moved it to China, artificial intelligence. [00:29:31] That's something we need. The us needs to be the world leader in some of these technologies. And frankly, we're not the leader anymore. It's it frankly, a shame. So you can check this out. It's on the verge. You'll also find it up on my website. Craig peterson.com. Make sure you sign up for the newsletter so you can get all of these little trainings, you know, five minutes a weekend can make a big difference. [00:30:03] Craig peterson.com. [00:30:05] Hey, I don't want to depress anyone, but Bitcoin is now a 13 year old teenager. And back in January, 2009, Bitcoin was priced at well. Wow. [00:30:19] January 3rd, 2009 is when it was launched. And E Bitcoin was priced at you ready for this point? [00:30:30] Zero 8 cents each. Okay. So, uh, the, uh, uh, and because of that, a lot of people. I have been seen, well, you know, we, we've got to get into this and that in fact, Elon Musk has been kind of pushing up the price of another digital currency. All of the initial price increases in Bitcoin were due to fraud. [00:30:57] According to a lot of reports and we can get into those if you'd like fraud. Yeah. That's a great way to launch a whole new product. And they also played some other games. For instance, the biggest driver of Bitcoin price for a long time was crux. For ransomware. Yeah. People had to buy ransom and pay ransoms. [00:31:25] How do you pay a ransom while usually it was with Bitcoin and that meant you had to turn us dollars or other foreign currencies into Bitcoin. And as economists in the white house, don't seem to understand when there is more money tracing, a limited commodity, the price of the commodity goes up, whether it's gasoline, food, or Bitcoin, and that's exactly what happened. [00:31:58] Percentage wise, how much of an increase has there been in the value of Bitcoin? Um, uh, let me see here. You see if I can figure this out 7 billion, 750000000% increase. Isn't that something now of course we don't all have these magical glasses that let us look forward to kind of figure it out. Out, but it's based on this peer to peer electronic cash system that was written about by, uh, someone or a group of people that went by the pseudonym of Natasha Nakamoto. [00:32:42] And there've been a few people over the years who have claimed that they are the person that started it and maybe one of them is, and may be, none of them are who knows, but this was first published, October 31st, 2008. So about a month later is when it started to trade and it is just incredible here. [00:33:04] Bitcoin was really perceived initially. Threat by government and financial institutions. I think it's still perceived as a threat. My government, they are able to track Bitcoin and other cryptocurrencies in many cases and the way they track it as well. If you have Bitcoin, what good is it? Unless you can use the Bitcoin to either buy something or to traded for us dollars or another hard currency, that's how they're tracking. [00:33:38] Without getting into a lot of detail here, but it's interesting to look at because the Bitcoin white papers proposing a solution to prevent what they were calling double spending. And when you don't trust a third party necessarily, and that's where we got these logs, if you will, the. Uh, balance sheets that were being used to track everything. [00:34:06] And then you had the voting, you had to have 50% of these systems that were tracking all of the transactions, agree on a transaction, et cetera. And that's actually been a problem for Bitcoin because of the. Intermediaries, you have to go through or get to approve your transaction. It's a, frankly, a problem that's really slowed down transaction. [00:34:34] So you can't just go like with a credit card and pay for something that's done. It can take your day or more. Now it's interesting that we're getting close to the ultimate limit of Bitcoin offerings. The blockchains mind blocked number 707,000. Which by the way, offered a mining reward of six and a quarter Bitcoins. [00:35:01] So think about that. Well, it costs you more to mine, Bitcoins than they're worth. If you're trying to do it in the Northeast. Pretty much anywhere in the United States. So don't just run out and start doing it. My son and I, I don't know, five, eight years ago, something like that, we decided we'd start trying to do some mining and we did, and we didn't find any Bitcoins and it was just cooking some machines. [00:35:28] And so we said, forget about it. And we gave out on it. It does have a hard cap. Then it's got a ways to go. I said, it's approaching. It is, but there's 21 million Bitcoin is the hard cap and the community that maintains the software and maintains Bitcoin because it is a committed. Has it been modifying the rules as time went around at about how many Bitcoin you get when you're mining something, into solving these problems and, and how the blockchain works and how many honest and dishonest mentions were in the original Bitcoin white paper and how can they reject invalid blocks? [00:36:18] So there's a lot of technical stuff going on and it's changing. All of the time. And ultimately it's the consensus mechanism that has been slowing it. So when it costs you more to mine, a Bitcoin than you get for it. So let's do a little bit of math here. If we say that how much is a Bitcoin worth right now? [00:36:42] So we say current value of Bitcoin. I'm typing it in right now. So it's about $57,000. Per Bitcoin. If we say 57,000, uh, here we go. 57,000 times, what did I say? Six and a quarter, right? So $362,000 equivalent is what they, the person who mined this block was paying. That sounds pretty good. Doesn't it? Yeah, it really does. [00:37:17] It adds up quite, quite quickly. But when you consider that it costs more to mine, a Bitcoin than it costs, then you, then you get to paid for it. 350, $6,000. That's a lot of electricity on a lot of hardware. And because of that, China has. Down Bitcoin mining operations, because it uses so much electricity and in the United States and in some other countries, but here in the U S and in the UK, some of these Bitcoin mining operations have been buying. [00:37:54] Coal powered power plants, coal fired power plants so that they can produce their own electricity so they can make it worthwhile to mine. So things are going to change. They're going to be changing the rules. As I said, we've got a total of 21 million Bitcoin ultimately. And so far we've only just mined numbers, 707,540. [00:38:21] So the interchange, the rules, I'm going to keep an eye on this because that's kind of an interesting one. Elon Musk, his quote is Crip. Cryptocurrency is fundamentally aimed at reducing the power of a centralized government. And that by the way, can be one of the main reasons that Bitcoin hasn't been really adopted in the mainstream yet. [00:38:42] And Ilan has all kinds of tweets. Bitcoin and other cryptocurrencies, he says, Bitcoin is my safe word. Isn't that? Something he's been primarily the guy behind Dodge coin, which is yet another crypto currency, D O G. Coyne D O G E coin doge, I guess, coin. And you can find that online. I think it has new doge even publicly traded while it's certainly traded as a crypto. [00:39:12] Okay. So doge coin right now is worth 22 cents. It's down from its month, week, and day highs. I'm looking. Here. Yeah. Yeah. So it's gone up and down. It's been worth more. Yeah. A couple of weeks ago. So that's part of the problem with it. If you don't have money that you can absolutely waste, don't buy this stuff and I'm not an investment advisor, but I've never bought any Bitcoin or any other cryptocurrency. [00:39:46] And the problem is, and from my perspective that it is not real at all. Yeah, you can say, look at this, I could have made 7000000% on that. Well, you could do the same thing almost if you had, instead of buying a brand new Tesla model as, uh, you know, eight years ago, seven years ago, and paying $77,000 for that. [00:40:11] If you had bought $77,000 worth of Tesla stock, you'd be in the millions of dollars in value. Right? And so we've got the Raven company out there. I don't know if you know these guys or not. I watched a motorcycle show. They're going from the tip of south America all the way on up to San Diego. And they had this reveal and electric truck, which is really quite cool. [00:40:39] Well, they are public right now. They just won. And they have a market capitalization. In other words, a value of ribbon, which has only made a couple of dozen vehicles. That's it? Total. And they're owned by people who work for the company. Their market capitalization is 50% more. Then most of the major manufacturers out there, it's just crazy how much it is worth and why it's because people are looking at it saying, well, Tesla appreciated 7000000%. [00:41:19] Ravion's going to do the same. And by the way, they are cool cars. I love the idea behind. Uh, you know, electric vehicles. It's just that we got the cart before the horse who don't have the electricity. We're not making the hard decisions. We're just ripping stuff out. It's absolutely crazy. By the way, they had a 15% drop in the value of their shares on Wednesday. [00:41:45] Uh, it'll go up. It'll go down. But it's, uh, w it's something we got to test remember? Okay. Cryptocurrency is not it yet of Tesla. Stock is worth something will probably always be worse. Something cryptocurrency is worth something, but tomorrow may be worth zero, and don't go crazy. These market caps of startup companies that have never done anything being worth 50% more than major us auto manufacturer. [00:42:18] What that's crazy. [00:42:19] Clothing prices have been going up. In fact, apparel prices were up 4.2% in the last 12 months. That's as of August, we've got cotton going up. There's a whole bunch of things that are going up and a company out there called dress X thinks it has a solution for all of these prices. [00:42:40] Everything's been going up, I put some gas in my car the other day. I have a, you might know, of course, a 1980 Mercedes and my wife drives a nice little Ford edge, not a particularly big SUV, kind of a guess a mid-size SUV. And I put, I think it was about 15 gallon Zan and it costs me more. 55, $0. I can't believe it. [00:43:12] We used to have a little diesel little Volkswagen Passat diesel. We would drive around and we were getting pretty close to 60 miles per gallon, around town. And diesel was about a buck, a gallon, and it cost 20 bucks to fill the silly thing up. And we could drive all the way down to New York city and back on. [00:43:31] $20 worth of diesel one fill up. Okay. Uh, none of that's true anymore, is it? And we're looking at some increases. It's not like the kind of increase we've seen in certain foodstuffs or gasoline or eating oil. Apparel prices are up and there there's a company out there that thinks that maybe they have a bit of a solution for you. [00:43:56] It's called dress ex I found a video online of a young lady. Who's got a lot of followers, interesting lady. And she was trying them out. She'd tried a different dress or different clothes every day for a month. No, I did not watch all of the video, but I got the basic idea. And the idea is that people are buying digital clothes. [00:44:25] Now I think of that for a minute. Would you pay for a designer? And maybe you would, maybe you wouldn't pay for designer dress, but you know, already like, and AOC is dress that she wore, you know, the lady of the people, uh, only cost. What, w what is it? $30,000. Per seat for her to go to that banquet. And I think her dress was like five or $6,000. [00:44:53] Well, you can get a dress just like AOC. That's designed by a high-end fashion designer for somewhere between 40 and $60. Okay, but it's a virtual dress. It's not a real dress, not in the real world. It's interesting what they're doing and trying to do. If you have used some of these online sites like Instagram, they have various types of what they call filters. [00:45:21] So you can put a filter on you and there's like a makeup filter, for instance, that makes you look like you're all made up, right. That gets rid of all of the blemishes on. In, and there's other filters that do backgrounds and do different things and make you look like you're a kitty cat or whatever. [00:45:41] They'd all kinds of crazy things. Well, this company called dress ex has now come out with filters that you can use in their app. And they don't work too well right now, but people have been buying these digital close to. Now you don't wear them out. Okay. This is really like the King's new clothes. You might remember that story. [00:46:06] Right. And if all you have on are your digital clothes, you don't have anything on. However, what it does is if you're using their app and you're moving around, uh, and with their app, Paste these clothes on you. And it's a little funky right now. It's not the best, but you can bet that's exactly where it's going. [00:46:32] And it reminds me of a blues, Bruce Willis movie. Can't remember the name of it. And, uh, it's I think really bringing up a whole, a whole type of. Dysphoria that I think people are going to have more and more where you're living in this artificial life and that artificial life that you're in now that's called SIRA gets, I was just looking up as we were talking, uh, that artificial life that you're in is so nice. [00:47:05] You don't want to live. In the real world. And I'm starting to see this now with things like dress X, which you'll find online, address x.com. You can now wear anything you want. You can use the filters that are available generally to change. Parents to change your ethnicity, to change anything you want. [00:47:28] And if you ever saw Sarah gets, it was a very interesting movie. I liked it. I watched it because I generally like Bruce Willis and Rosa Mon pike, who were the two primary actors in this movie. But in the movie, everybody was just sitting there. And they were in these 3d chairs. And while you're in that chair, you could be anybody anywhere doing anything and literally anyone. [00:47:57] And so you're sitting in the chair, you can see around you, it looks real, it feels real everything about it is real, at least for the most part, but in reality, And none of it's real. And these people, they, some of them got out of those chairs and while they were out a nasty things happen to them. In fact, it was, he was a cop and they were, uh, investigating some murders of these people who were again, using what they were calling. [00:48:30] Sarah gets nowadays with what our friends over at face. Or doing, you are going to see it called something else. Uh, Facebook, in case you didn't know Facebook changed its name. Now Facebook, Facebook is still Facebook, but the parent company kind of like Google split kind of off and change the company name, uh, Facebook did the same thing. [00:48:56] They're calling it. And the idea is to have this meta universe where again, just like in surrogates, nothing is real, just like on dress ex you can wear any fashions you want to, and instead of paying thousands of dollars, you pay tens of dollars, basically. Now I mentioned that their video isn't very good. [00:49:21] At least not yet over address X, but you can go to dress X. You can take photos of yourself and send them to dress X. They will go ahead and put whatever clothes you want to be. On you it's basically. Yeah, it's Photoshopping, but they do a pretty good job in general. I looked at a whole bunch of them, but it, uh, you know, it, it looked pretty real. [00:49:48] You don't have to consider the fit. You don't have to worry about how big you are because all of these clothes adjust, infinitely a store. Doesn't have to stock a bunch of them. So we're moving. This whole metaverse idea and these digital clothes, which are really a thing nowadays is vice said, vice.com. [00:50:12] We're moving more and more to this unreal world and some real unreal fashions too. I'm looking at some of them and it's, it's hard to even describe them. It looks like there's all of these. Things growing all over the clothes that are coming out and just doing all kinds of weird things. So there you go. [00:50:36] I'm note on fashion. I'm looking right now at a picture that's right in front of the metropolitan museum of art in New York, and a lady is wearing one of the. Digital dresses. Now they tell you what you should be doing. And when you take that picture is aware of skin tight clothes so that they can match the digital close to you a little bit better. [00:51:01] But, uh, w w we'll see, she's saying that in this project, Tweet at the, in front of the mat, she's saying I just can't wait for the met gala. What it'll look like in 21, 21, because you know what, she's not wrong about this. It's really coined to change. There's some real cool stuff. Go to my website. If you want to see this, you can find it on vice, but I have a link to it. [00:51:24] Just look for this. Show notes and you'll find it right there. In fact, you're getting even search for on my website because I have everything transcribed. Just look for digital clothes because there are thing now. Hey, I also want to talk a little bit here about. The, uh, the next little article, which is what's happening right now with apple. [00:51:48] And you've probably heard about these ID cards in Austria right now, they are stopping people randomly and asking for their papers. They want your papers. If you are, have not been, they call it vaccinated. It's not a vaccine. Really. It's still funny to see the CDC change to the definition of vaccine, just so it meets their jab standards. [00:52:16] But, uh, if you're not vaccinated, there's an immediate, it's about of $3,500 fine that the police officer will issue to you. And of course, there's police everywhere. Just stopping people randomly and asking for their papers. Well, apple is making various us states that have decided they want to use a digital ID card. [00:52:43] For customer support and also for some of the technology. Now, the initial idea behind this, and Apple's been working on it for a while, is that you can have your driver's license in the iPhone wallet, app, more secure. It's certainly more convenient for most people. Sometimes you might forget your wallet, but most people don't forget their iPhones. [00:53:10] Yeah. The feature when combined with Apple's biometric security measures really could also cut down on fraud. So we've got about a half a dozen states right now that have signed up with apple and our pain part of the freight for these things. And when they pull you over and ask for your papers, you'll have them right there in your iPhone. [00:53:32] Isn't that handy stick around. We got more to talk about. Thanks for joining. Today and visit me online. Craig peterson.com. Stick around.

    Is Your Firewall Actually Protecting You? What Should You Be Doing?

    Play Episode Listen Later Nov 12, 2021 84:27

    Is Your Firewall Actually Protecting You? What Should You Be Doing? New stats are out this week. So what's the number one vector of attack against us? Our Firewalls. And they're failing. So, what's going on. And what can you do about it? [Automated transcript follows] [00:00:16] And of course, I'm always talking about cyber security, because if you ask me that is one of the biggest problems we have in business. [00:00:27] Today. Well, yeah, you got to find employees. In fact, uh, it's almost impossible to find them in the cyber security space as well. And it's been hard for years. So I try to keep you up-to-date here. We've got boot camps that are coming up and you are really going to like them. We've been working on some supplemental materials for it. [00:00:47] And of course these boot camps are always free, so you can join it. You can have your friends come and learn the. Basics. It's not one of these high sell things. Right. I, I got a little letter in the mail this week saying, Hey, you can come and get a free steak dinner. And of course it's kind of like a timeshare, right? [00:01:09] Jay, you have to listen to the pitch. Yes. Stay over. On us. And you are going to be sitting there for four hours listening to this crazy pitch that's going on. That's not what my bootcamps are. Anybody that's been to. One of them will tell you we work on it. I explain it. You know what you have to do, how you have to do it, the wise, the winds, the wherefores. [00:01:35] So if you would like to learn more for yourself, Make sure you sign up Craig peterson.com sign up for my newsletter. And when a bootcamp is coming up, I will be sure to tell you about it in the newsletter so that you can attend. And it's important to, to understand that this is yeah. Aimed at business, the, these boot camps, but almost everything businesses have to do or shouldn't be doing the same thing applies to you in your. [00:02:08] So, if you are a small business person, if you're someone who has some it experience, and you've been assigned to worry about cyber security, this is for you. If you are a very small business and you're kind of the Jack of all trades, and you've got to worry about cybersecurity, this is for you. And I just got. [00:02:31] This week from someone on my email list who is retired and she was talking about her husband and her, they don't have any kids, no errors. They're trying to protect their financial investments. And of course I responded saying, Hey, I'm not a financial investment advisor, but I can certainly give you some cyber security input, which I did. [00:02:53] And you can ask your questions as well. I'm more than glad to hear them. And you probably, if you've sent them in, you know, I always answer them now. My big man, a few days might take me a week, but I will get around to it. And I try and respond to the emails. Sometimes I answered here on the radio show or on my podcast, but usually it's via email me. [00:03:17] At Craig peterson.com. And of course, that's also on my website, Craig peterson.com. And that's also my name Craig Peters on.com. So let's get into the firewall thing. When you have a network, you are connecting that network to your computers, maybe. To your security cameras, to your printers that you have, maybe there's a lock system. [00:03:44] Maybe there's more, all of this stuff is interconnected and it's all rather well and good. You can have a whole lot of fun with it, but it is not as particularly good if you can't get out to the internet. So what do we do? We hook our network, whether it's home or if it's business to the internet. Now, you know, all of this stuff so far, right? [00:04:06] You're following me. The internet is actually inter connected networks. In case you didn't know, there are now millions of networks that are connected on the internet. There are core networks out there. We were my company like number 10,000. I think it was, uh, a S an R a S number autonomous system. So we were fairly early on. [00:04:32] And of course, as you know, I've been on the internet in various forums since the early 1980s and helping to develop the protocols, but it is important to remember it is an interconnected network of networks. You might ask why? Well, the bottom line is you aren't connecting your network with other networks that have malicious software on them. [00:04:58] Maybe they're just poorly configured. Maybe they're causing a denial of service attack effectively because there's so badly configured. But whatever the case may be, you are still exposed. If you look at the traffic that's coming to your router. So your router is sitting at the edge of your network connected to your internet service provider. [00:05:19] So it might be Comcast or Verizon or a whole slew of others. But your network is connected via a router. Then the router knows how do I get my data from the input to the output or from the output to the input, if you will upstream and downstream data, that's what the router is for. And if you look at the data on your router and most of us can't, but if you were able to, what you will see is hundreds of thousands of internet packets coming to, and from your. [00:05:55] Router your endpoint every day. Usually these are bad guys doing what are called scans. They do port scans. They're primarily looking for services. So what do you, do you have a firewall now in many cases, you'll get a device from your Janette service provider that has a router built in and has a firewall built in, and it has wifi. [00:06:19] All of this stuff, all built in together makes life all nice and warm and fuzzy and Catalina, doesn't it. But in reality, it's not necessarily a good thing to have it all in one, because you're definitely not going to get the best of breed and router or firewall or wifi, but that's a different story. What is that firewall for that router? [00:06:41] Of course, it's getting all this internet traffic and anything that's on the internet that is. I'm trying to get to you is going to go through the. And anything that you are trying to send up to the internet, like for instance, to try and get a web page or something is also going to go up through that router. [00:07:02] So how do you protect yourself time? Was that there wasn't really much of a way to protect yourself. And frankly, there weren't a lot of reasons. To try and protect yourself. And the internet was just this wonderful open thing, lots of fun and played around a lot. Back in the early nineties, it was, it was just a joy in the late eighties to, to be connected up to the internet and then bad guys started doing bad things. [00:07:30] We took the concept of what you have in an automobile and applied it to the. If you're driving your car, your in the passenger compartment and that passenger compartment is hopefully warm in the winter and cool in the summertime. And you are protected from that big mean nasty engine that's in front of you, or if you're driving an electric car from those mean nasty batteries that are probably below you in that car and what's between you and the. [00:08:04] Of course a firewall. And the idea is to keep the nastiness of that engine, all of the heat, the oil, the grime, the wind, everything else is associated with that engine. Keep that away from you so that you can now drive that car just comfortably in that controlled climate of the passenger compartment, that concept was then applied to the inter. [00:08:30] And in fact, I designed and implemented one of the first firewalls ever made way back when and the firewall in the internet Partland is very similar to the car in the car. You have some protrusions through that fire. Don't you, you you've got a steering wheel. How does that get up to the front of the car? [00:08:53] Well, it goes through the firewall and around that steering wheel, of course there's some EBDM, some rubber type stuff that helps stop anything from coming through right next to that steering column. Same, thing's true with the brake pedal and the gas pedal. At least it used to be. Nowadays, it's so much of this as drive by wire, that the only thing going through the firewall is a wire and there's no mechanical linkage. [00:09:24] Unlike my car, which is a 1980 Mercedes-Benz diesel. Where yes, indeed. Direct linkages to everything. So the firewall in the cars protecting you from the nastiness in the engine compartment and the firewall, when it comes to your internet is doing something very similar. Think about your house for a minute, you have a house with doors and windows. [00:09:53] I would hope. And a chimney and maybe a couple of other protrusions that are going outside of the house. Well, you have some similar problems and when it comes to the internet and when it comes to the firewall, With your house, sir. Sure. You could post a guard out front, a whole series of them. You've got a dozen guards out front and they are all guarding that front door. [00:10:19] But if no, one's watching the back door, if no one's paying attention to the windows, there's still ways for the bad guys to get in. And that's what we're going to talk about. How does the internet firewall tie into this analogy of cars and the analogy of your home? Because it's a very important point when you get right down to it. [00:10:44] We need to understand this because the number one tactic reported this week by MITRE and Cisco is exploitation of public facing application. So I'm going to explain what that is. What's your firewall can do for you and what you should do for your firewall. A stick around. We've got a lot more coming up. [00:11:09] I want to invite you to go. Of course, right now, online to Craig peterson.com. Once you're there, just sign up for mind's newsletter. Simple Craig peterson.com. [00:11:25] This week, we found out what the top five tactics are that are most frequently being used by bad guys to attack us. This is done by MITRE and Cisco systems. Number one, public facing applications. What does that mean? [00:11:42] We've been talking about this report, but really what we've been delving into is how data flows on your network, whether it's a home network or maybe it's a business network, how does this whole mess work? [00:11:58] And when miters talks about the biggest problem here, 91% of the time being what's called an exploit of a public facing application, what does that mean? We went through the basics of a firewall and a router. So all of the data coming from the internet, coming into the router, then handed to the firewall. [00:12:24] Any data going out, goes into the firewall. And then the. So that's the pretty simplistic version. And of course the firewall on your network does a similar thing to the firewall in your car. It stops the bad stuff, at least it's supposed to, but your home and your car both have different ways of getting. [00:12:48] Past the firewall in the house. It's your doors and your windows in the car. Of course, it's where the steering column goes through where the brake pedal and the gas pedal go through the clutch, all of that stuff that perch, um, permeates, it goes through. That firewall. And of course, you've probably, if you're been around for awhile, you've had leaks coming through your firewall and, uh, you know, how poorest they can be sometimes. [00:13:18] Well, we have the same type of thing on our internet firewalls. Every home has doors and what we call the doors in on the internet is similar to what they call them. On the, in the Navy, on the water, the reports. So think about a porthole in a boat, or think about a, a door, a port, which is the French word for door. [00:13:45] What happens on the internet? For instance, if you're trying to connect to Craig peterson.com, you are going to connect to a specific port on my server. So the address typically, uh, is going to be resolved by DNS. And then once it gets to the server, you can connect to port 4 43. You might try and connect to port 80, but I'll do a redirect, but that's neither here nor there. [00:14:12] So you're going to connect to that port four 40. So my firewall has to say, Hey, if somebody is coming in and wants to get to port 4 43, which is called a well-known port, that's the port that all web server. Listen on. So if someone's trying to get to my port, my web server on port 4 43, let them in. But if someone's trying to get to another port, don't let them in. [00:14:48] Now there's multiple ways to respond or not respond. I can talk about that right now. That'd be for deep dive workshop, but the idea is. Each application that you are connecting to, or that your providing has. Part of the problem that we've been seen. And this is a very big problem is that people are not changing the administrative passwords on their machines. [00:15:20] So administrative passwords mean things like admin for the username and admin for the password on your firewall. So. Your firewall, if you have what's called when admin enabled, what that means is someone on the wide area network. In other words, The internet, someone on the internet or on the, when can connect to your firewall and control it. [00:15:51] This is, as you can imagine, a very big thing, and it is something that we cover in one of our workshops, explained it all and all of the details and what to do, but most businesses and most people have not properly configured their firewalls. When we're talking about number one, problem, 91% of the time being an exploit against public facing applications. [00:16:18] What that means is they could very well just be trying to connect to the administrative interface on your firewall. Unfortunately, they will often offer. Change the software on your firewall. So they won't just reconfigure. They'll just change it entirely. And they'll do all kinds of evil things. Again, we're not going to get into all of that and what to look for and what can happen. [00:16:44] But number one thing everybody's got to do, and I saw some stats this week as well, that made me want to bring the. Most people and most businesses about two thirds have not changed the default passwords on the hardware that they have. Now it can understand sometimes the kids confusing. No question about. [00:17:07] But if you don't change the password on something that's public facing, in other words, something that can be reached from the internet or again, the wide area network. I know there's a lot of terms for this, but something that someone else can get at from outside your network. And it's the default password like admin admin, you could be in a whole lot of. [00:17:35] So check that right now, please double check that triple check that because even if you have a router from a big internet service provider, again, like the Comcast Verizon's, et cetera of the world, they will almost always have it set up. So you can change that administrative password and Jewish. Now I, again, for clients, I have some different advice than I have for, for just regular users, but make sure you change that. [00:18:09] And here's the second part of the problem. What happens if you have a business and let's say you're not hosting your own website, like I've been doing for a couple of decades and how three 30 years, I guess now. Um, and so you've got your website hosted at some. Web height site, hosting place, you know, Gator or one eye and one eye and one or GoDaddy or whatever. [00:18:35] Okay. So, okay. That's fine. So let's not inside our network. Uh, w we don't worry about the security because that's the vendor's problem. Now we're talking about, okay, what happens. My users who need to work from home. This gets to be a very big problem for so many people, because work from home is important. [00:19:00] So what are you going to do? Well, basically in most cases, unfortunately, businesses are just exposing an application to the internet. So they might, they might. Terribly configured networks, where there is a direct connection that goes right to the files. So you connect to a port on their firewall and it immediately redirects it internally. [00:19:30] Remaps it to the file server. And some people are really, really clever. Alright. Or so they think, because what they'll do is they'll say, okay, well, you know, that, that normal port number. Okay. So I'm going to move. Port number. So you're going to connect to port 17, 17 on my firewall, and it's going to connect you to the file share on my file server so that people from home can just connect to port 17, 17, and ta-da, there are all the files and yeah, we're, we're using passwords, so it'll be okay. [00:20:06] It'll be fine. Um, but, uh, guess what it isn't for a few. Different reasons are we're going to be talking about those here in just a minute. Yeah, I want to encourage you right now. Take a minute. Go online. Craig peterson.com. You'll find lots of information there. I've got 3,500 articles, all searchable, Craig peterson.com. [00:20:32] But more importantly, make sure you sign up for my newsletter. Craig peterson.com/subscribe. So that you can keep up to date on everything that is important in all of our lives. [00:20:51] We're talking about firewalls at home at the office, what it means to have public facing services, really applications, people working from home. How can you make it easy for them and hard for the bad guy? [00:21:15] Many businesses had to quickly change the way their computers were set up because of course the lockdown and people working from home. [00:21:26] And, um, unfortunately. Many mistakes were made. And some of this, in fact, I'm going to talk a lot of this problem up to these managed services providers break, fix shops. My, my fellow information technology contractors, if you will, because they didn't know any. Most of these people have been computer people, their whole lives, right. [00:21:55] They played with PCs when they were young and they might've taken a course or two and wow. MCSC certified. Believe me, this is not something that a straight up MCSC or. And frankly, most of the it certifications can really understand or really handle the cybersecurity can be done, but there's so many things they overlook just like what I was just talking about, exposing a file server directly to the internet. [00:22:29] I mentioned, okay. While they thought it was going to be safe because there's a username and password, but there's a couple of huge problems here. Problem. Number one. When you're exposing a service to the internet, like for instance, the files server, you are exposing software that may have exploitable, but. [00:22:54] And again, going back to those stats from earlier this week, more than half of all of the systems that are out there are not patched to date. It's so bad that president Biden just ordered the federal government agencies to apply patches some as old as three years. So what happens now? Well, the bad guy scan, and guess what they found. [00:23:23] Port that you thought was just so clever because it wasn't the standard port number for that service. Maybe it's SMB or CIFS or something else. And, uh, they found it because they scan, they look, they see what the response is that tells them what type of a server sitting there. And then they try, well, let me see. [00:23:45] There's the zero day exploits, but why bother with those? Let's just start with the good old standard ones. And unfortunately, because so many machines are not patched up at all, let alone properly patched up. You, they end up getting into the machine. It's really that simple, just because it's not patched up. [00:24:08] How does that sound? Huh? Yeah, it's just plain, not patched up. It's not available for anyone to be able to use anybody to be able to access. Right. It there it's not restricted. So the passwords don't matter if you haven't patched your systems. And then the second problem is that. Are brute force attacks against so many servers out there. [00:24:36] And most of the time, what we're talking about is Microsoft, but, you know, there's the share of bugs kind of goes around, but Microsoft and really, they get nailed a lot more than most beet, mainly because they're probably the number one out there that's in use today, not in the server community, certainly, but certainly also in the. [00:24:59] It's been, you know, small businesses, that's all they know. So they just run a Microsoft server and more and more, you kind of have to run it because I, I get it. You know, there's so many apps that depend on the various functions that are provided by the active directory server at Microsoft and stuff. So we, we do that for our customers as well. [00:25:19] So are you starting to see why the brute force against a server will often get them in and the smarter guys figure out what the business is? And then they go to the dark web and they look up those business emails. Addresses that they have that have been stolen along with the passwords that were used. [00:25:43] That's why we keep saying, use a different password on every site because that stolen password now. Is going to be tried against your service, your, your file server. That might be there. You might be trying to have a VPN service that the people are VPN in from home. You might have remote desktop, which has been. [00:26:08] Abject failure when it comes to cybersecurity, it's just been absolutely terrible. So you might have any of those types of things. And if they've got your email address and they've got the passwords you've used on other sites, which they've stolen and they try them, are they going to work? Odds are yes, because most people, I got another set of stats this week. [00:26:36] Most people use the same password for every site out there or every type of site. So they might get a second, most common is they use one password for all of their social media sites. They use another one for all of their banking sites. So we cover this in some depth in our bootcamp so that you understand how to do the whole password thing. [00:27:03] And what I recommend is a piece of software called one password. I don't recommend that you just use one password for everything. I was misunderstood by someone the other day. You mean just w w I use one password for everything. Yeah, you do. And then I talked to them a little bit more because I thought that was an odd question. [00:27:24] And it turned out, he was thinking, you just have the one password, like, like, you know, P at sign SSW, zero RD. Right? You use that everywhere. No, there's a piece of software go to one password.com. That's what I recommend as a password manager. And I show you how to use that and how to use it effectively in my bootcamp. [00:27:48] Absolutely free. Just like the radio is free. I'm trying to get the information out to as many people as possible, but you gotta be on my list. Craig peterson.com. Make sure you go there. So I've explained the basics here of what happens. We have a door open or windows, open ports on our servers, on our firewalls at home. [00:28:15] And at work. So the thing to do, particularly if you're a business, but even if your home user is check that firewall configuration. And let me tell you something that probably won't come as a surprise. Most of these internet server. The providers are in the business to make as much money as possible. And cybersecurity is very much secondary. [00:28:40] They know they talk about it and they talk about software defined networks and things that sound really cool. But in reality, what they give you is. Configured very well and is going to expose you. So make sure you go in, they will set it up. For instance, if they're providing you with television services, they'll set it up so that they can just bypass your firewall and get into the cable box that they installed in your house. [00:29:09] Yeah. Obviously that's not something they should be doing because now they are opening you up to attack. What happens when there's a cybersecurity problem with the cable box? We've seen this problem too, with television vendors where they poke a hole out through your firewall so that they can then gather statistics and do firmer updates and everything else. [00:29:34] It's insane. It really is. These vendors are not thinking about you. They're not thinking about the consequences. It is a very, very sad situation, but now you know what to do and how to do it. Okay. I explained today, firewalls. I explained router. I explained ports, which should be open, which should not be open. [00:29:58] And the reasons why I even mentioned passwords, I get into that in a lot of detail in my bootcamp, Craig peterson.com to get on that waiting list. Craig peterson.com, just subscribe and you'll be kept up to date. [00:30:14] There has been a whole lot of discussion lately about Metta. You might've heard. In fact, you probably did that. Facebook changed its name to Metta and they're aiming for something called the metaverse. So what is it exactly and what's it going to do for or to you? [00:30:32] The metaverse oh my gosh. I had a great discussion this week about the metaverse this came out in, um, and originally anyways, in this novel called the what was it now? [00:30:47] A snow crash. That's what it was 1992, Neil. Stevenson or Steffenson. I'm not sure how he pronounces it, but in this book, which was a cyberpunk model and I've, I've always thought cyber punk was cool. Uh, is the metal versus an imaginary place that's made available to the public over the world wide fiber optics network. [00:31:13] And it's projected onto virtual reality goggles sound familiar yet. And in the. You can build a buildings park signs as well as things that do not exist. In reality, such as vast hovering overhead light show, special neighborhoods were three where the rules of three-dimensional spacetime are ignored and free combat zones where people can go hunt and kill each other. [00:31:42] Great article about this in ARS Technica this week. And, uh, that was a little quote from the book and from the article. Phenomenal idea. Well, if you have read or seen the movie ready player one, and I have seen the movie, but a friend of mine this week said the book is so much better. So I'm going to have to read that book, ready player one. [00:32:06] But in it, you have these people living in. Dystopian future where everything is badly worn down, the mega cities, people building on top of each other and they get their entertainment and relaxation and even make money in. Prison time by being inside this virtual world, they can go anywhere, do anything and play games, or just have fun. [00:32:39] One of the vendors that we work with at my company mainstream has this kind of a virtual reality thing for. I kind of a summit, so people can go and watch this presentation and I think it's stupid, but they, you walk in. And it's, uh, this is just on a screen. They're not using like those Oculus 3d graph glasses, but you walk into an auditorium. [00:33:13] So you've got to make your little avatar walked on. Dun dun, dun dun, dun, dun, dun, dun, dun, and then go to an empty seat. And then you have to make your avatar sit down. Right? I, I have never played a game like this. I never played second life. Never any of that sort of thing. It was kind of crazy to me. And then I was doing a presentation, so I had to go Dundon then, then, then the, up onto the rostrum there and stand behind the podium and, and then put my slides up on this virtual screen. [00:33:49] It was ridiculous. I have a full television production studio here in my, in my lab. Right. And that's, this is where I do the radio show. This is where I do my television appearances. This is where I do pretty much everything. Right. And so what I can do is I can split screen with my face, with the desktop. [00:34:12] You can see my desktop, I can draw on it, circle things, highlight things or whatever I want to do. Right. But no, no, no, no. I was in their virtual reality. And so all I could do is. I have the slides come up. In fact, I had prepared beforehand, pre-taped it? A, the whole presentation, but I couldn't play that video. [00:34:37] No, no, no. I had to show a slide deck, you know, death by PowerPoint. I'm sure you've been there before. It's very, very frustrating in case you can tell for me, well, we've seen this type of thing. I mentioned some of the things like that. I'm in second life. I'm sure you've heard of that before. Sims is another one you've probably heard of before. [00:35:01] These types of semi metaverses have been around a very long time. And, and in fact, all the way on back to the nineties is Habbo hotel. G I don't know if you ever heard of that thing, but it was non-line gaming and social space. I helped to develop one for a client of mine back in the early nineties. [00:35:23] Didn't really go very far. I think it was ahead of its time. It's it's interesting right now, enter. Mark Zuckerberg. Do you remember a few years ago, mark Zuckerberg had a presentation. He was going to make this huge announcement, right? They bought Oculus. What was it? It was like crazy amount of money. And then he came in the back of the hall. [00:35:50] And nobody noticed he walked all the way up to the front and nobody even saw him because they were all wearing these 3d glasses. And of course, today they are huge. They are awkward and they don't look that great, the pictures inside, but the idea is you can move your head around and the figures move as your head moves, almost like you're in the real world. [00:36:13] And that's kind of cool and people thought it was kind of cool and they didn't see Zuckerberg because they all had these things on. And the inside was playing a little presentation about what Facebook was going to do with Oculus. Well, they just killed off the Oculus name anyways here a couple of weeks ago, over at Facebook about the same time that got rid of the Facebook name and went to meta. [00:36:39] The Facebook product is so-called Facebook and it appears what they are going to be doing is taking the concept of a metaverse much, much further than anyone has ever taken it before. They're planning on there's speculation here. Okay. So, you know, don't obviously I don't get invested. I don't give investment advice, investment advice. [00:37:10] Um, but I do talk about technology and, uh, I've been usually five to 10 years. I had so take that as well. They as the grain of salt, but I think what they're planning on doing is Facebook wants to become the foundation for Mehta versus think about things like world of Warcraft, where you've got the. Gain that people are playing. [00:37:39] And it's a virtual reality, basically, right? It might be two D, but some of it's moving into the three-dimensional world. Other games like Minecraft and roadblocks, they have some pretty simple building blocks that people can use network effects and play your creativity to make your little world and the ability. [00:38:04] To exchange and or sell your virtual property. That's where I think Mr. Zuckerberg is getting really interested now because if they can build the platform that everybody else the wants to have a virtual world builds their virtual world on top of. Man, do they have a moneymaker? Now? People like me, we're going to look at this and just poo poo it. [00:38:35] I I'm sure I'm absolutely sure, because it will be another 20 years before you really think it's. You know, some of these scifi shows have talked about it. You know, you can feel someone touching you, et cetera, et cetera. Yeah. That's going to be very crude for a very long time. And now CGI is pretty good. [00:38:57] Yeah. You watch the movies. CGI is great, but that takes weeks worth of rendering time on huge farms, clusters of servers. So it's going to take quite a while. Looking at the normal advancement of technology before this really becomes real. Now there have also been us court cases over who owns what in bad happened with Eve online. [00:39:28] Second life where disagreements over player ownership of the virtual land created by the publisher, which was Linden labs. When. And I've also mentioned in the past how our friends over at the IRS have tried to tax some of the land that you own inside these virtual worlds. So ownership, do you really own it? [00:39:55] Does it really exist? What would non fungible tokens maybe it does. And these non fungible tokens are. Basically just a check, some verification, I'm really oversimplifying of some sort of a digital something rather lately. And initially it was mostly pictures. And so you had a picture of something and you owned that and you could prove it because of the blockchain behind it. [00:40:27] But I think this is where he's really interested because if he can build the base platform. Let the developers come up with the rules of what's it called it a game and come up with what the properties look like and how people can trade them and sell them and what kind of upgrades they can get. Right. [00:40:48] So let's nothing Zuckerberg has to worry about. Uh, Metta or Zuckerberg then worries about, okay. So how do we collect money for these? How do we check with the transactions? Uh, somebody wants to buy those sort of Damocles. How does that transaction work and how do we Facebook Metta? How do we get a slice of the act? [00:41:16] You got to believe that that's where things are going. And if they have the ability to make this base platform and be able to take characters from one part of a developer to another part of the developer, you could have worlds where Gandalf might be fighting bugs bunny. Right? Interesting. Interesting and Warner brothers, all these movie companies would probably be coming out with complete virtual reality. [00:41:49] So when you're watching James Bond, you're not just watching James Bond, you can look around, you can see what's happening. People sneaking up behind. And ultimately you could be James Bond, but that's decades away. I think a good 20 years. All right, everybody. Thanks for sticking around here. Make sure you go online. [00:42:11] Craig peterson.com/subscribe. Get my weekly newsletter. Find out about these free boot camps and other things that I have. So we can keep you up to date and keep you safe. [00:42:25] We already talked about Metta and their name, change the metaverse, but there's something else. Facebook did this last week that surprised a lot of users, something they started in 2010, but has been controversial ever since. [00:42:41] We had a pretty big announcement, frankly, this last week from our friends over at Facebook, not the one where they change their name and the. [00:42:51] Basically trying to create a metaverse platform. That's going to be the one platform that rules the world. Although those are my words by the way. But Facebook has announced plans now to shut down a decade old. Facial recognition system this month. We'll see what they do with this. If they follow through entirely, but they're planning on deleting over 1 billion faces that they have already gone through and analyzed. [00:43:26] You might remember. In 2010, Facebook had a brand new feature. It started announcing, Hey, did you know that so-and-so just posted your picture? Is this you? Is this your friend, is this sewn? So do you remember all of those questions? If you're a Facebook user back in the day? Well, they were automatically identifying people who appeared in digital photos and suggested that users or users tagged them with a click we're going to get to and admitted here. [00:43:57] Uh, and of course that then linked the Facebook account for. The picture that you tagged to the images and let that person know. And of course Facebook's ultimate goal is to get you to stay on long, as long online, as long as possible. Because if you're online, you are going to be looking at ads that are aimed primarily at. [00:44:18] Well, facial recognition has been a problem. We've seen it a worldwide. I just read through a restatement from the electronic frontier foundation, talking about facial recognition and the problems with it, how some people have been arrested based on facial recognition and held for over a day. We'll have cases where the police use to kind of a crummy photograph of them from a surveillance video sometimes also from a police car, in some areas, the police cars are continually taking video and uploading it to the internet, looking for things like license plates, to see if a car. [00:45:00] Parking ticket that hasn't been paid or it hasn't paid us registration all the way through looking at faces, who is this person? And some in law enforcement have kind of thought it would be great to have kind of like Robocop. You remember Robocop, not the ed 2 0 9. There was also in that movie. That's also very scary, but when they look at someone who's on a street at autonomous. [00:45:24] Pops up in their glasses, who it is, any criminal record, if there any sort of a threat to et cetera. And I can understand that from the policemen standpoint. And I interviewed out at the consumer electronic show, a manufacturer of. That technology, it was kind of big and bulky at the time. This was probably about six or eight years ago, but nowadays you're talking about something that's kind of Google glass size, although that's kind of gone by the wayside too. [00:45:54] There are others that are out there that you. Facial recognition. Technology has really advanced in its ability to identify people, but you still get false positives and false negatives. And that's where part of the problem becomes from they have been taking and they been private companies primarily, but also some government agencies they've been taking pictures from. [00:46:21] They can find them. We've talked about Clearview AI before this is a company that literally stole pitchers, that it could get off the internet. They scan through Facebook, Instagram, everywhere. They could find faces and they tied it all back in. They did facial recognition. On all of those photos that they had taken and then sold the data to law enforcement agencies. [00:46:49] There's an app you can get from Clearview AI. That runs on your smartphone and you can take a picture of someone in the street, clear view. AI will run that face through their database and we'll tell you who it is, what their, what their background is, where their LinkedIn page is their Facebook page, wherever it found them online. [00:47:13] Basically what they've been doing. Now Clearview had a problem here this last couple of weeks because the Australian government ordered them to delete all facial recognition, data belonging, to anyone that lives. In Australia. Now that's going to be a bit of a problem for clear view, because it's hard to identify exactly where people live just based on a photograph. [00:47:40] And the United Kingdom is also considering doing this exact same thing. Now, clear views have been sued. They violated the terms of service from Facebook and some of these other sites that I mentioned, but they did it anyway. And clear view was. To destroy all the facial images and facial templates they had retrieved about any Australian. [00:48:08] I think that's probably a pretty good idea. I don't like the idea of this data being out there. Well, if your password is stolen and we're going to be talking about that in our bootcamp, coming up here in a couple of weeks about how to determine if your username or your password is stolen. But, uh, and of course, if you want to get that. [00:48:29] Bootcamp and go to that. There's no charge for it, but you have to know about it. And the only way is to sign up. You have to make sure you're on my email list@craigpeterson.com. But what happens when your email address is stolen or your password, or both are stolen from a web. Oh, typically they end up on the dark web. [00:48:50] They sell personal identification for very little money. In some cases it's only a few dollars per thousand people's identities. It is absolutely crazy. So the bad guys are looking for that information, but you can change your password. You can change your email address, but if your facial information is stolen, Can't change your face. [00:49:18] If your eye print is stolen, you can't change your eye. I have a friend who's pretty excited because he got to go right through the security at the airport ever so quickly. Cause all they had to do was scan his eyeball. Well, that data is valuable data because it cannot be changed. And it can, in some cases be replicated. [00:49:41] In fact, the department of Homeland security and the transportation safety administration had the database of face print stolen from them in 2019. To about 200,000 people's identities were stolen, the face sprints. It's just absolutely crazy. And this was some, a vendor of us customs and border protection. [00:50:05] And it, it, you can't write down to it. I read the detailed report on it just now. And the report that came out of the federal government said, well, it went to a contractor who. Took the data, all of the face prints off site over to their own site. And it wasn't encrypted when they took it over there. But it does mention that it was taken from an un-encrypted system at customs and border protection. [00:50:34] So wait a minute. Now you're blaming the contractor that you hired because it wasn't encrypted and yet you didn't encrypt it yourself either. I, you know, I guess that kind of goes around, but they want to. They want your biometric information just as much as they want anything else. Think about your phones. [00:50:53] Nowadays, apple has done a very good job with the biometrics and the fingerprints and making sure that that information is only ever stored on the phone. It never goes to apple, never leaves the phone it's in what apple calls, the secure long term. And if you mess with it at all, it destroys itself, which is part of the problem with replacing a cracked screen yourself on an iPhone, because you're going to disturb that secure enclave and the phone will no longer work. [00:51:24] That is not true when it comes to many other devices, including most of your Android phones that are out there. It is. So if the bad guys have. Your face print, they, and they can create 3d models that can and do in fact, go ahead and fool it into letting you in that that's information they want. So why are we allowing these companies to like clear view AI? [00:51:52] And others to buy our driver's license photos to the federal government, to also by the way, by our driver's license photos, by them from other sites and also our passport information. It's getting kind of scary, especially when you look into. China has a social credit system. And the Biden administration has made rumblings about the same here in the U S but in China, what they're doing is they have cameras all over the place and your faces. [00:52:27] And they can identify you. So if you jaywalk, they take so many points off of your social credit. If you don't do something that they want you to do or be somewhere, they want you to be, you lose credits again, and you can gain them as well by doing various things that the government wants you to do. And. [00:52:49] And ultimately, if you don't have enough social credit, you can't even get on a train to get to work. But the real bad part are the users. This is a minority in China and China's authorities are using. Us facial recognition, technology and artificial intelligence technology. Hey, thanks Google for moving your artificial intelligence lab to China in order to control and track the users. [00:53:19] Absolutely amazing in the United States law enforcement is using this type of software to aid policing, and we've already seen problems of overreach and mistaken IRS. So Facebook to you're leading a billion of these frameworks. If you will, of people's faces biometrics. Good for them. Hopefully this will continue a tread elsewhere. [00:53:46] Well, we've talked a little bit today about firewalls, what they do, how your network is set up. If you miss that, make sure you catch up online. My podcast@craigpeterson.com, but there's a whole new term out there that is changing security. [00:54:03] It's difficult to set up a secure network. [00:54:07] Let's just say mostly secure because if there's a power plug going into it, there's probably a security issue, but it's difficult to do that. And historically, what we've done is we've segmented the networks. So we have various devices that. Maybe be a little more harmful and on one network, other devices at a different level of security and many businesses that we've worked with, we have five different networks each with its own level of secure. [00:54:38] And in order to get from one part of the network, for instance, let's say you're an accounting and you want to get to the accounting file server. We make sure your machine is allowed access at the network level. And then obviously on top of that, you've got usernames and passwords. Maybe you've got multifactor authentication or something else. [00:54:59] I'll make sense, doesn't it? Well, the new move today is to kind of move away from that somewhat. And instead of having a machine or a network have firewall rules to get to a different network or different machine within an organization. There's something called zero trust. So again, think of it. You've, you've got a network that just has salespeople on it. [00:55:25] You have another network that might have just your accounting people. Another network has your administrative people and other network has your software developers, et cetera. So all of these networks are separate from each other and they're all firewalled from each other. So that only for instance, at county people can get to the accounting server. [00:55:44] Okay, et cetera. Right? The sales guys can enter the sales data and the programmers can get at their programs. And maybe the servers that are running their virtual machines are doing testing on what was zero trust. It is substantially different. What they're doing with zero trust is assuming that you always have to be authentic. [00:56:11] So instead of traditional security, where, where you're coming from helps to determine your level of access, you are assuming that basically no units of trust. So I don't care where you're coming from. If you are on a machine in the accounting department, We want to verify a lot of other information before we grant you access. [00:56:38] So that information probably does include what network you're on. Probably does include the machine you're on, but it's going to all. You as a user. So you're going to have a username. You're going to have an ID. You're going to have a multi-factor authentication. And then we're going to know specifically what your job is and what you need to have specific access. [00:57:04] Because this follows the overall principle of least privilege to get your job done. Now you might've thought in the past that, oh my gosh, these firewalls, they're just so annoying. It's just so difficult to be able to do anything right. Well, zero trust is really going to get your attention. If that's what you've been saying. [00:57:23] But here's an example of the traditional security approach. If you're in the office, you get access to the full network. Cause that's pretty common, right? That's not what we've been doing, but that's pretty common where we have been kind of working in the middle between zero trust and this traditional you're in the office. [00:57:41] So you can potentially get it. Everything that's on the off. And if you're at home while all you have to do is access a specific portal, or as I've explained before, well, you are just connecting to an IP address in a hidden port, which won't remain hidden for. So maybe in a traditional security approach, the bouncer checks your ID. [00:58:08] You can go anywhere inside this club and it's multi floor, right. But in a zero trust approach, getting into the club, having that bouncer look at your ID is only the first check, the bartender or the waiter. They also have to check your ID before you could be served. No matter where you are in the club and that's kind of how they do it right now, though, they'll make a mark on your hand or they'll stamp it. [00:58:35] And now they know, okay, this person cannot get a drink for instance. So think of it that way, where every resource that's available inside the business independently checks whether or not you should have access to. This is the next level of security. It's something that most businesses are starting to move towards. [00:58:57] I'm talking about the bigger guys, the guys that have had to deal with cybersecurity for awhile, not just the people who have a small business, most small businesses have that flat network that. Again about right. The traditional security approach of all you're in the office. So yeah, you can get at anything. [00:59:15] It doesn't matter. And then you, you have the sales guys walking out with your client list and who knows what else is going on? Think of Ferris, Bueller, where he was updating his grades and miss days at high school, from his home computer. And you've got an idea of why you might want to secure. You are network internally because of, again, those internal threats. [00:59:40] So keep an eye out for it. If you're looking to replace your network, obviously this is something that we've had a lot of experience with. Cisco is probably the best one out there for this, but there are a few other vendors that are pretty good. If you want to drop me an email, I'll put together a list of some of the top tier zero. [01:00:02] Providers so that you can look at those. I don't have one right now, but I'd be glad to just email me M e@craigpeterson.com. We can point you in the right direction, but if you have an it person or department, or whether you outsource it to an MSP, a managed services provider, make sure you have the discussion with them about zero. [01:00:28] Now, when I'm looking at security, I'm concerned about a bunch of things. So let me tell you something that Karen and I have been working on the last, oh man, few weeks. I mentioned the boot camp earlier in the show today. And one of the things that we're going to do for those people that attend the bootcamp is I think incredible. [01:00:49] This has taken Karen so much time to dig up. Once she's done is she's worked with me to figure out what are the things that you need to keep tabs on. Now, again, this is aimed primarily at businesses, but let me tell you, this is going to be great for home users as well. And we've put together this list of what you should be doing. [01:01:15] About cybersecurity every week. And in fact, a couple of things that are daily, but every week, every month, every quarter, every six months and every year, it's a full checklist. So you can take this and sit down with it and, you know, okay. So I have to do these things this week and this isn't. Response to anything in particular, it does meet most requirements, but frankly, it's something that every business should be doing when it comes to the cybersecurity. [01:01:53] It includes things like passwords. Are they being done? Right? Did you do some training with your employees on fishing or a few other topics all the way on down to make sure you got some canned air and blew out the fan? In your workstations, you'd be amazed at how dirty they get. And he is the enemy of computers that makes them just fail much, much faster than, than 82, same thing with server. [01:02:22] So it is everything. It is a lot of pages and it is just check she'd made it nice and big. Right. So even I can read it. But it's little check marks that you can mark on doing while you're going through it. So we're doing some more work on that. She's got the first couple of iterations done. We're going to do a couple more, make sure it is completely what you would need in order to help keep your cyber security in. [01:02:50] But the only way you're going to get it is if you are in the BR the bootcamp absolutely free. So it was this list, or of course you won't find out unless you are on my email list. Craig Peterson.com/subscribe. [01:03:06] One of the questions I get asked pretty frequently has to do with artificial intelligence and robots. Where are we going? What are we going to see first? What is the technology that's first going to get into our businesses and our homes. [01:03:22] Artificial intelligence is something that isn't even very well-defined there's machine learning and there's artificial intelligence. [01:03:33] Some people put machine learning as a subset of artificial intelligence. Other people kind of mess around with it and do it the other way. I tend to think that artificial intelligence is kind of the top of the heap, if you will. And that machine learning is a little bit further down because machines can be programmed to learn. [01:03:54] For instance, look at your robot, your eye robot cleans the floor, cleans the carpet. It moves around. It has sensors and it learned, Hey, I have to turn here. Now. I robot is actually pretty much randomly drew. But there are some other little vacuum robots that, that do learn the makeup of your house. The reason for the randomization is while chairs move people, move things, move. [01:04:22] So trying to count on the house, being exactly the same every time isn't isn't exactly right. Uh, by the way, a lot of those little vacuums that are running around are also sending data about your house, up to the manufacturer in the. So they often will know how big the house is. They know where it's located because you're using the app for their robot. [01:04:47] And that, of course it has access to GPS, et cetera, et cetera. Right. But where are we going? Obviously, the little by robot, the little vacuum does not need much intelligence to do what it's doing, but one of the pursuits that we've had for. Really since the late nineties for 20, 25 years are what are called follower robots. [01:05:13] And that's when I think we're going to start seeing much more frequently, it's going to be kind of the first, um, I called it machine learning. They call it artificial intelligence who you really could argue either one of them, but there's a little device called a Piaggio fast forward. And it is really kind of cool. [01:05:34] Think of it almost like R2D2 or BB eight from star wars following you around. It's frankly, a little hard to do. And I want to point out right now, a robot that came out, I think it was last year from Amazon is called the Astro robot. And you might remember Astro from the Jetsons and. This little robot was available in limited quantities. [01:06:01] I'm looking at a picture of it right now. It, frankly, Astro is quite cute. It's got two front wheels, one little toggle wheel in the back. It's got cameras. It has a display that kind of makes it look like kids are face, has got two eyeballs on them. And the main idea behind this robot is that it will. [01:06:23] Provide some protection for your home. So it has a telescoping camera and sensor that goes up out of its head up fairly high, probably about three or four feet up looking at this picture. And it walks around your one rolls around your home, scanning for things that are out of the normal listening for things like windows breaking there, there's all kinds of security. [01:06:50] That's rolled into some of these. But it is a robot and it is kind of cool, but it's not great. It's not absolutely fantastic. Amazon's dubbing the technology it's using for Astro intelligent motion. So it's using location and mapping data to make sure that Astro. Gets around without crashing into things. [01:07:18] Unlike that little vacuum cleaner that you have, because if someone loves something on the floor that wasn't there before, they don't want to run over it, they don't want to cause harm. They don't want to run into your cats and dogs. And oh my maybe lions and bears too. But, uh, they're also using this computer vision technology called visual ID and that is used. [01:07:41] With facial recognition, drum roll, please, to recognize specific members of the family. So it's kind of like the dog right in the house. It's sitting there barking until it recognizes who you are, but Astro, in this case, Recognizes you and then provide you with messages and reminders can even bring you the remote or something else and you just drop it in the bin and off it goes. [01:08:08] But what I am looking at now with this Piaggio fast forward, you might want to look it up online, cause it's really. Cool is it does the following, like we've talked about here following you around and doing things, but it is really designed to change how people and goods are moving around. So there's a couple of cool technologies along this line as well. [01:08:35] That it's not, aren't just these little small things. You might've seen. Robots delivery robots. The Domino's for instance, has been working on there's another real cool one out there called a bird. And this is an autonomous driving power. Basically. It's a kind of a four wheel ATV and it's designed to move between the rows of fruit orchards in California or other places. [01:09:01] So what you do to train this borough robot is you press a follow button on it. You start walking around the field or wherever you want it to go. It's using, uh, some basic technology to follow you, cameras and computer vision, and it's recording it with GPS and it memorizes the route at that point. Now it can ferry all of your goods. [01:09:29] Around that path and communicate the path by the way to other burrow robots. So if you're out doing harvesting or whether it's apples out in the east coast, or maybe as I said out in California, you've got it. Helping you with some of the fruit orchards. It's amazing. So this is going to be something that is going to save a lot of time and money, these things, by the way, way up to 500 pounds and it can carry as much as a half a ton. [01:09:58] You might've seen some of the devices also from a company down in Boston, and I have thought that they were kind of creepy when, when you look at it, but the company's called Boston dynamics and. They were just bought, I think it was Hondai the bought them trying to remember. And, uh, anyway, These are kind of, they have robots that kind of look like a dog and they have other robots that kind of look like a human and they can do a lot of different chores. [01:10:33] The military has used them as have others to haul stuff. This one, this is like the little dog, it has four legs. So unlike a lot of these other robots that are on wheels, this thing can go over very, very. Terrain it can self write, et cetera. And they're also using them for things like loading trucks and moving things around, um, kind of think of Ripley again, another science fiction tie, uh, where she's loading the cargo in the bay of that spaceship. [01:11:05] And she is inside a machine. That's actually doing all of that heavy lifting now. Today, the technology, we have a can do all of that for us. So it is cool. Uh, I get kind of concerned when I see some of these things. Military robots are my favorite, especially when we're talking about artificial intelligence, but expect the first thing for these to be doing is to be almost like a companion, helping us carry things around, go fetch things for us and in the business space. [01:11:40] Go ahead and load up those trucks and haul that heavy stuff. So people aren't hurting their backs. Pretty darn cool. Hey, I want to remind you if you would like to get some of the free training or you want some help with something the best place to start is Craig peterson.com. And if you want professional help, well, not the shrink type, but with cyber security. [01:12:06] email me M E at Craig peterson.com. [01:12:10] Just in time for the holidays, we have another scam out there and this one is really rather clever and is fooling a lot of people and is costing them, frankly, a whole lot of money. [01:12:26] This is a very big cyber problem because it has been very effective. And although there have been efforts in place to try and stop it, they've still been able to kind of get ahead of it. There's a great article on vice that's in this week's newsletter. In my show notes up on the website and it is talking about a call that came in to one of the writers, Lorenzo, B cherry, um, probably completely messy and that name up, but the call came in from. [01:13:03] Supposedly right. Paid pals, uh, fraud prevention system. Someone apparently had tried to use his PayPal account to spend $58 and 82 cents. According to the automated voice on the line, PayPal needed to verify my identity to block the transfer. And here's a quote from the call, uh, in order to secure your account, please enter the code we have sent to your mobile device. [01:13:32] Now the voice said PayPal, sometimes texts, users, a code in order to protect their account. You know, I've said many times don't use SMS, right? Text messages for multi-factor authentication. There are much better ways to do it. Uh, after entering a string of six digits, the voice said, thank you. Your account has been secured and this request has been blocked. [01:13:57] Quote, again, don't worry. If any payment has been charged your account, we will refund it within 24 to 48 hours. Your reference ID is 1 5 4 9 9 2 6. You may now hang up, but this call was actually. Hacker they're using a type of bot is what they're called. These are these automated robotic response systems that just dramatically streamlined the process for the hackers to gain access into your account. [01:14:31] Particularly when you have multi-factor authentication codes where you're using. An SMS messages, but it also works for other types of one-time passwords. For instance, I suggest to everybody and we use these with our clients that they should use something called one password.com. That's really you'll find them online. [01:14:54] And one password.com allows you to use and create one time password, same thing with Google authenticator, same thing with Microsoft authenticator, they all have one-time password. So if a bad guy has found your email address and has found your password online in one of these hacks, how can they possibly get into your PayPal account or Amazon or Coinbase or apple pay or. [01:15:26] Because you've got a one time password set up or SMS, right? Multifactor authentication of some sort. Well they're full and people and absolute victims. Here's what's happening. Th this bot by the way, is great for bad guys that don't have social engineering skills, social engineering skills, or when someone calls up and says, hi, I'm from it. [01:15:51] And there's a problem. And we're going to be doing an upgrade on your Microsoft word account this weekend because of a bug or a security vulnerability. So what, what I need from you is I need to know what username you're normally using so that I can upgrade the right. So we don't, it doesn't cost us a whole bunch by upgrading accounts that aren't being used. [01:16:15] So once the account name that you use on the computer and what's the password, so we can get in and test it afterwards, that's a social engineering type attack. That's where someone calls on the phone, those tend to be pretty effective. But how about if you don't speak English very well? At all frankly, or if you're not good at tricking people by talking to them, well, this one is really great. [01:16:44] Cause these bots only cost a few hundred bucks and anybody can get started using these bots to get around multi-factor authentication. See, here's how it works. In order to break into someone's account, they need your username, email address and password. Right? Well, I already said. Much many of those have been stolen. [01:17:07] And in our boot camp coming up in a few weeks, we're going to go through how you can find out if your username has been stolen and has been posted on the dark web and same thing for your password. Right? So that's going to be part of the. Coming up that I'll announce in the newsletter. Once we finished getting everything already for you guys, they also go ahead and buy what are called bank logs, which are login details from spammers who have already tricked you into giving away some of this information. [01:17:41] But what if you have multi-factor authentication enabled something I'm always talking about, always telling you to do. Well, these bots work with platforms like Twilio, for instance, uh, and they are using other things as well, like slack, et cetera. And all the bad guy has to do with that point is going. [01:18:07] And, uh, say, they're trying to break into your account right now. So they're going to, let's get really, really specific TD bank. That's where my daughter works. So let's say you have a TD bank account. And the hacker has a good idea that you have a TD bank account knows it because they entered in your username and password and TD bank was letting them in. [01:18:32] But TD bank sent you a text message with that six character code, right? It's usually digits. It's usually a number. So what happens then? So the bad guys says, okay, so it's asking me for this six digit SMS

    You Know How To Use Fake Email Addresses to Stay Safe?

    Play Episode Listen Later Nov 5, 2021 64:01

    If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [Automated transcript follows] [00:00:16] Email is something that we've had for a long time. [00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control. [00:00:46] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and it gets sort of almost all of the fishing and a lot of the spam and other things that are coming. [00:01:09] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it. [00:01:34] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp. [00:01:55] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail. [00:02:20] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account. [00:02:42] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular. [00:03:10] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature. [00:03:30] This lets you create random email addresses and those email addresses. And up in your regular, uh, icloud.com or me.com, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing. [00:03:57] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I cloud.com that doesn't tell anybody. Who you are, and you can put a label in there. [00:04:21] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an account@jamwirebeats.com. [00:04:45] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, cobb.com. Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, two6@icloud.com and it's supposedly from bank of America, you instantly know that is spam. [00:05:23] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire beats.com. This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it. [00:05:53] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an example@craigpeterson.com and now emails that Libson wants to send me. I'll go to Craig. Libsyn@craigpeterson.com. Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right. [00:06:28] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out. [00:06:55] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy. [00:07:17] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at is Firefox. [00:07:37] Have a look@fastmail.com. And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there. [00:07:57] And then if you're interested, by the way, just send an email to me, me. Craig peterson.com. Please use that email address emmy@craigpeterson.com because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail. [00:08:22] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage. [00:08:45] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man. [00:09:12] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail. [00:09:35] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's temp-mail.org. Don't send anything. That is confidential on this. [00:09:57] Don't include any credit card numbers, nothing. Okay. But temp-mail.org will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool. [00:10:22] It's quite simple. So I'm right there right now. temp-mail.org. And I said, okay, give me email address. So gave me one. five04@datacop.com. Is this temporary email, so you can copy that address. Then you can come back into again, temp-mail.org and read your email for a certain period of time. So it is free. [00:10:48] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts. [00:11:12] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig peterson.com. Make sure you subscribe to my newsletter. [00:11:25] Well, you've all heard is up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed? [00:11:42] Ransomware is terrible. It's crazy. Much of it comes in via email. [00:11:49] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record. [00:12:21] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year. [00:12:50] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your. [00:13:27] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case. [00:13:55] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't productively like some friend, right. And you can go ahead and send them an email with a link in it. [00:14:20] And they click the link and it installs ransomware and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig peterson.com. But this article goes through. What are some of the steps it's by Daniel Clayton? [00:14:48] It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window. You might want to check it out, but he's got a nice little list here of things that you want to do. [00:15:13] So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things. Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving. [00:15:47] And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play. It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years. [00:16:27] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, and. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware. [00:16:50] They had to shut down globally for. Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything. [00:17:14] One of the ladies in one of my mastermind groups basically said that, right? Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling. [00:17:37] So he was just kind of freaking out for good. But I explained, okay, so here's what you do. And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it. [00:18:03] Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero. You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants. [00:18:29] Turn it off one or more systems. I might've gotten ransomware. And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every. [00:18:56] Not just pull the plug. I w I'm talking about the ethernet cable, right? Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has. [00:19:18] Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced. And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense. [00:19:40] You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want. Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing. [00:20:00] You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay. Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away. [00:20:25] But you got to figure that out. There's no one size fits all for all of this. At over $11,000 for an individual ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig Peterson.com and get my newsletter along with all of the free trainings. [00:20:52] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of clever. [00:21:08] By now you must've seen if not used QR codes. [00:21:12] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using. [00:21:35] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows. [00:22:02] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day. [00:22:39] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered? [00:23:01] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now. [00:23:26] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments. [00:24:01] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code. [00:24:26] So even if the mail gateway software is scanning for pictures and looking for a specific QR codes, basically, they're still getting. So the good news is the use of the QR codes in these types of phishing emails is still quite rare. We're not seeing a lot of them yet. We are just starting to see them, uh, hyperlinks to phishing sites, a really common with some of these QR codes. [00:24:58] But this is the first time we've seen an actor embed, a functional QR code into an email is not. Now the better business bureau warned of a recent uptick, ticking complaints from consumers about scams involving QR codes, not just an email here, but because these codes can't really be read by the human eye at all. [00:25:21] The attackers are using them to disguise malicious links so that you know, that vendor that I talked about, that retail establishment that's using the QR codes and hoping people walking by will scan it in order to get some of that information. Well, People are going to be more and more wary of scanning QR codes, right? [00:25:43] Isn't that just make a lot of sense, which is why, again, one of the items in our protection stack that we use filters URLs. Now you can get a free. The filter and I cover this in my workshop, how to do it, but if you go to open DNS, check them out, open DNS, they have a free version. If you're a business, they want you to pay, but we have some business related ones to let you have your own site to. [00:26:15] Based on categories and all that sort of stuff, but the free stuff is pretty generalized. They usually have two types, one for family, which blocks the stuff you might think would be blocked. Uh, and other so that if you scan one of these QR codes and you are using open DNS umbrella, one of these others, you're going to be much, much. [00:26:39] Because it will, most of the time be blocked because again, the umbrella is more up-to-date than open DNS is, but they are constantly monitoring these sites and blocking them as they need to a mobile iron, another security company. I conducted a survey of more than 4,400 people last year. And they found that 84% have used a QR code. [00:27:05] So that's a little better than I thought it was. Twenty-five percent of them said that they had run into situations where a QR code did something they did not expect including taking them to a malicious website. And I don't know, are they like scanning QR codes in the, in the men's room or something in this doll? [00:27:24] I don't know. I've never come across a QR code. That was a malicious that I tried to scan, but maybe I'm a little more cautious. 37% were. Saying that they could spot a malicious QR code. Yeah. Yeah. They can read these things while 70% said they'd be able to spot a URL to a phishing or other malicious website that I can believe. [00:27:50] But part of the problem is when you scan a QR code, it usually comes up and it says, Hey, do you want to open this? And most of that link has invisible is, is not visible because it is on your smartphone and it's not a very big screen. So we'll just show you the very first part of it. And the first part of it, it's going to look pretty darn legit. [00:28:14] So again, that's why you need to make sure you're using open DNS or umbrella. Ideally, you've got it installed right at your edge at your router at whoever's handling DHCP for your organization. Uh, in the phishing campaign at normal had detected with using this QR code, uh, code they're saying the attackers had previously compromised, some outlook, email accounts, belonging to some legitimate organizations. [00:28:43] To send the emails with malicious QR codes. And we've talked about that before they use password stuffing, et cetera. And we're covering all of this stuff in the bootcamp and also, well, some of it in the bootcamp and all of this really in the workshops that are coming up. So keep an eye out for that stuff. [00:29:03] Okay. Soup to nuts here. Uh, it's a, uh, it's a real. Every week, I send out an email and I have been including my show notes in those emails, but I found that most people don't do anything with the show notes. So I'm changing, I'm changing things this week. How some of you have gotten the show notes, some of you haven't gotten the show notes, but what I'm going to be doing is I've got my show notes on my website@craigpeterson.com. [00:29:35] So you'll find them right. And you can get the links for everything I talk about right here on this. I also now have training in every one of my weekly emails. It's usually a little list that we've started calling listicles and it is training on things you can do. It is. And anybody can do this is not high level stuff for people that are in the cybersecurity business, right. [00:30:07] Home users, small businesses, but you got to get the email first, Craig peterson.com and signup. [00:30:14] California is really in trouble with these new environmental laws. And yet, somehow they found a major exception. They're letting the mine lithium in the great salt and sea out in California. We'll tell you why. [00:30:31] There's an Article in the New York times. And this is fantastic. It's just a incredible it talking about the lithium gold rush. [00:30:43] You already know, I'm sure that China has been playing games with some of these minerals. Some of the ones that we really, really need exotic minerals that are used to make. Batteries that are used to power our cars. And now California is banning all small gasoline engine sales. So the, what is it? 55,000 companies out in California that do lawn maintenance are going down. [00:31:13] To drive those big lawnmowers around running on batteries. They're estimating it'll take 30 packs battery packs a day. Now, remember California is one of these places that is having rolling blackouts because they don't have. Power, right. It's not just China. It's not just Europe where they are literally freezing people. [00:31:37] They did it last winter. They expect to do it more. This winter, since we stopped shipping natural gas and oil, they're freezing people middle of winter, turning off electronics. California, at least they're not too likely to freeze unless they're up in the mountains in California. So they don't have enough power to begin with. [00:31:57] And what are they doing there? They're making it mandatory. I think it was by 2035 that every car sold has to be electric. And now they have just gotten rid of all of the small gasoline engines they've already got. Rolling blackouts, come on. People smarten up. So they said, okay, well here's what we're going to do. [00:32:20] We need lithium in order to make these batteries. Right. You've heard of lithium-ion batteries. They're in everything. Now, have you noticed with lithium batteries, you're supposed to take them to a recycling center and I'm sure all of you do. When your battery's dead in your phone, you take it to a recycling center. [00:32:39] Or if you have a battery that you've been using in your Energizer bunny, and it's a lithium battery, of course you take it to the appropriate authorities to be properly disposed of because it's toxic people. It is toxic. So we have to be careful with this. Well, now we're trying to produce lithium in the United States. [00:33:06] There are different projects in different parts of the country, all the way from Maine through of course, California, in order to try and pull the lithium out of the ground and all. Let me tell you, this is not very green at all. So novel. Peppa Northern Nevada. They've started here blasting and digging out a giant pit in this dormant volcano. [00:33:38] That's going to serve as the first large scale, lithium mine in the United States and more than a decade. Well, that's good. Cause we need it. And do you know about the supply chain problems? Right. You've probably heard about that sort of thing, but that's good. This mine is on least federal lands. What does that mean? [00:33:59] Well, that means if Bernie Sanders becomes president with the flick of a pen, just like Joe Biden did on his first day, he could close those leads to federal lands. Yeah. And, uh, we're back in trouble again, because we have a heavy reliance on foreign sources of lithium, right. So this project's known as lithium Americas. [00:34:25] There are some native American tribes, first nation as they're called in Canada. Uh, ranchers environmental groups that are really worried, because guess what? In order to mine, the lithium, and to do the basic processing onsite that needs to be done, they will be using. Billions of gallons of groundwater. [00:34:48] Now think of Nevada. Think of California. Uh, you don't normally think of massive lakes of fresh water to. No. Uh, how about those people that are opposed to fracking? Most of them are opposed to fracking because we're pumping the water and something, various chemicals into the ground in order to crack the rock, to get the gas out. [00:35:11] Right. That's what we're doing. They don't like that. But yet, somehow. Contaminating the water for 300 years and leaving behind a giant mound of waste. Isn't a problem for these so-called Greenies. Yeah. A blowing up visit quote here from max Wilbert. This is a guy who has been living in a tent on this proposed mine site. [00:35:38] He's got a. Lawsuits that are going, trying to block the project. He says blowing up a mountain. Isn't green, no matter how much marketing spend people put on it, what have I been saying forever? We're crazy. We are insane. I love electric cars. If they are coolest. Heck I would drive one. If I had one, no problem. [00:35:57] I'm not going to bother to go out and buy one, but, uh, yeah, it's very cool, but it is anything but green. Electric cars and renewable energy are not green, renewable energy. The solar and the wind do not stop the need for nuclear plants or oil or gas burners, or cold burners, et cetera. Because when the sun isn't shining, we still need electricity. [00:36:29] Where are we getting to get it? When the wind isn't blowing or when the windmills are broken, which happens quite frequently. Where are we going to get our power? We have to get it from the same way we always have from maybe some, uh, some old hydro dams. Right. But really we got to start paying a lot more attention to nuclear. [00:36:53] I saw a couple of more nuclear licenses were issued for these six gen nuclear plants that are green people. They are green, but back to our lithium mine. They're producing cobalt and nickel as well as the lithium. And they are ruined this to land, water, wildlife, and. Yeah. Yeah, absolutely. Uh, we have had wars over gold and oil before and now we're looking at minerals. [00:37:27] In fact, there's a race underway between the United States, China, Europe, Russia, and others, looking for economic and technological dominance for decades to come by grabbing many of these precious minerals. So let's get into this a little bit further here. Okay. So they're trying to do good, but really they're not green. [00:37:53] They're they're not doing good. And this is causing friction. Okay. Um, first three months of this year, us lithium miners raise nearly three and a half billion dollars from wall street, seven times the amount raised in the last six months or 36 months. Yeah, huge. Money's going into it. Okay. They're going after lithium from California's largest leak, the Salton sea. [00:38:23] Yeah. Yeah. So they're going to use specially coded beads to extract lithium salt from the hot liquid pumped up from an aquifer more than 4,000 feet below the surface. Hmm. Sounds like drilling aren't they anti drilling to the self-contained systems connected to geothermal power plants generating emission free electricity. [00:38:44] Oh, that's right. They don't have a problem with the ring of fire in California with earthquakes and things. Right. Ah, yeah. Drilling on that and using the, the, uh, It's not going to be a problem. Uh, so, um, yeah, so that you're hoping to generate revenue needed to restore the lake fouled by toxic runoff from area farms for decades. [00:39:08] So they're looking to do more here. Lithium brine, Arkansas, Nevada, North Dakota, as I mentioned already, Maine. Uh, they're using it in every car that's out there, smartphones, et cetera. Uh, the us has some of the world's largest reserves, which is, I guess, a very good thing. Right? A silver peak mine in Nevada is producing 5,000 tons a year, which is less than 2% of the world's supply. [00:39:40] Uh, this is just absolutely amazing going through this. Okay. Um, I know bomb administration official, Ben Steinberg said right now, China decided to cut off the U S for a variety of reasons. We're in trouble. Yeah. You think. Uh, the another thing here in the New York times article is from this rancher and it's a bit of a problem. [00:40:06] He's got 500 cows and calves. Roaming is 50,000 acres and Nevada's high desert is going to have to start buying feed for. This local, mine's going to reach about 370 feet. Uh, here's another kind of interesting thing. This mine one mine is going to consume 3,200 gallons of water. Per minute. Yeah. In, in Baron Nevada, I I'm looking at a picture of this and it is just dead sagebrush. [00:40:37] Oh my gosh. So they're expecting the water table will drop at least 12 feet. They're going to be producing 66,000 tons of battery grade, lithium carbonate a year. But, uh, here we go. They're digging out this mountain side and they're using 5,800 tons of so FERC acid per day. Yeah. They're mixing clay dug out from the ma from the Mount side with 5,800 tons of clay of sulfuric acid. [00:41:10] I should say every day, they're also consuming 354 million cubic yards. Of mining waste. I'm not consuming creating 354 million cubic yards of mining waste loaded with, uh, discharged from this sulfuric acid treatment and may contain. Modest amounts of radioactive uranium. That's according to the permit documents, they're expecting it'll degrade quote unquote 5,000 acres of winter range used by the antelope herd, the habitat of the Sage groves nesting areas for Eagles. [00:41:48] It just goes on and on. It is not. BLM is not, of course stumbled the bureau of land management, but I guess both PLMs are not, and this is a real problem and the tribes are trying to stop it. The farmers are trying to stop it, but Hey, California needs more lithium batteries for their electric cars. [00:42:10] They're electric lawn mowers, leaf blowers, et cetera. So we've got to get that lithium. We've got to get it right away, uh, in order for their green appetite in. Hey get some sanity. Craig peterson.com. Sign up for my newsletter right now. [00:42:28] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next. [00:42:44] The next thing to look for when it comes to the emails and these fake log-in pages is a spelling mistake or grammatical errors. [00:42:56] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the, the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. Right. That's why I use Grammarly. [00:43:17] If you have to ever write anything or which includes anything from an email or a document, uh, you, you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, I guess, to the hackers out there, but the hackers will often use a URL that is very close to. [00:43:41] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be a amazon-aws.com or a TD bank dash. Um, account.com, something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well. [00:44:16] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Uh, make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website. [00:44:38] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security number. So I can validate the someone broke into your account. No, no, no, no, no, they don't. They don't just call you up like that nowadays. They'll send you a message in their app. [00:44:55] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone now. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as you know, it not what's in the email and. [00:45:32] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link. [00:45:57] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left of your. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have not opened them in a while. [00:46:25] And then I will drop you off the list. Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to me@craigpeterson.com and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track who responded to. [00:46:53] And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know that you responded. I know you're interacting, so I know I'm not bothering you. Right. And I know I need to respond to. [00:47:13] Well much the same thing is true with some of these links. When I have a link in my newsletter and I say, Hey, I'm linking to MIT's article. It is not going to be an MIT. Because again, I want to know what are you guys interested in? So anytime you click on a link, I'll know, and I need to know that, so I know why, Hey, wait a minute. [00:47:37] Now, 50% of all of the people that opened the emails are interested in identifying fake login pages. So what do I do? I do something like I'm doing right now. I go into depth on fake login. Pages. I wouldn't have known that if I wasn't able to track it. So just because the link doesn't absolutely look legit doesn't mean it isn't legit, but then again, if it's a bank of it involves financial transactions or some of these other things be more cautious. [00:48:13] So double-check for misspellings or grammatical errors. Next thing to do is to check the certificate, the security certificate on the site. You're on this gets a little bit confusing. If you go to a website, you might notice up in the URL bar, the bar that has the universal resource locator, that's part of the internet. [00:48:40] You might've noticed. There's a. And people might've told you do check for the lock. Well, that lock does not mean that you are saying. All it means is there is a secure VPN from your computer to the computer on the other side. So if it's a hacker on the other side, you're sending your data securely to the hacker, right? [00:49:07] That's not really going to do you a whole lot of good. This is probably one of the least understood things in the whole computer security side, that connect. Maybe secure, but is this really who you think it is? So what you need to do is click on their certificate and the certificate will tell you more detail. [00:49:32] So double-check their certificate and make sure it is for the site. You really. To go to, so when it's a bank site, it's going to say, you know, the bank is going to have the bank information on it. That makes sense. But if you go for instance on now, I'm going to throw a monkey wrench into this whole thing. [00:49:51] If you go to Craig peterson.com, for instance, it's going to say. Connection is secure. The certificate is valid, but if you look at their certificate and the trust in the details, it's going to be issued by some company, but it's going to just say Craig peterson.com. It's not going to give a business name like it would probably do for a bank. [00:50:17] So you know, a little bit of a twist to it, but that's an important thing. Don't just count on the lock, make sure that the certificate is for the place you want to contact. Last, but not least is multi-factor authentication. I can't say this enough. If the bad guys have your username or email address and your password for a site, if you're using multifactor authentication, they cannot get. [00:50:56] So it's going to prevent credential stuffing tactics, or they'll use your email and password combinations that have already been stolen for mothers sites to try and hack in to your online profile. So very important to set up and I advise against using two factor authentication with your, just a cell phone, as in a text message SMS, it is not secure and it's being hacked all of the time. [00:51:26] Get an authorization. App like one password for instance, and you shouldn't be using one password anyways, for all of your password. And then Google has a free one called Google authenticator. Use those instead of your phone number for authentication. [00:51:43] I've been warning about biometric databases. And I, I sat down with a friend of mine who is an attorney, and he's using this clear thing at the airport. I don't know if you've seen it, but it's a biometric database. What are the real world risks? [00:52:00] Well, this " Clear"company uses biometrics. It's using your eye. Brent, if you will, it's using your Iris. [00:52:08] Every one of us has a pretty darn unique Iris, and they're counting on that and they're using it to let you through TSA very quickly. And this attorney, friend of mine thinks it's the best thing since sliced bread, because he can just. Right on through, but the problem here is that we're talking about biometrics. [00:52:30] If your password gets stolen, you can change it. If your email account gets hacked, I have another friend who his account got hacked. You can get a new email account. If your Iris scan that's in this biometric database gets stolen. You cannot replace your eyes unless of course you're Tom cruise and you remember that movie, right. [00:53:00] And it's impossible to replace your fingerprints. It's possible to replace your face print. Well, I guess you could, to a degree or another, right. Some fat injections or other things. Could it be done to change your face sprint, but these Iris scans fingerprints and facial images are something I try not to provide any. [00:53:27] Apple has done a very good job with the security of their face print, as well as their fingerprint, because they do not send any of that information out directly to themselves, or do any database at all. They are stored only on the device itself. And they're in this wonderful little piece of electronics that cannot be physically compromised. [00:53:56] And to date has not been electronically compromised either. They've done a very, very good. Other vendors on other operating systems like Android, again, not so much, but there are also databases that are being kept out there by the federal government. I mentioned this clear database, which isn't the federal government, it's a private company, but the federal government obviously has its fingers into that thing. [00:54:27] The office of personnel. Uh, for the federal government, they had their entire database, at least pretty much the entire database. I think it was 50 million people stolen by the red, Chinese about six years ago. So the communists. Uh, copies of all of the information that the officer personnel management had about people, including background checks and things. [00:54:55] You've probably heard me talk about that before. So having that information in a database is dangerous because it attracts the hackers. It attracts the cybercriminals. They want to get their hands on it. They'll do all kinds of things to try and get their hands. We now have completely quit Afghanistan. [00:55:19] We left in a hurry. We did some incredibly stupid things. I just, I can't believe a president of the United States would do what was done here. And now it's been coming out that president Biden completely ignored. The advice that he was getting from various military intelligence and other agencies out there and just said, no, we're going to be out of there. [00:55:46] You have to limit your troops to this. And that's what causes them to close the airbase bog that we had had for so many years. Apparently the Chinese are talking about taking it over now. Yeah. Isn't that nice. And whereas this wasn't an eternal war, right? We hadn't had anybody die in a year and a half. [00:56:05] Uh, it's crazy. We have troops in south Vietnam. We have troops in Germany. We have troops in countries all over the world, Japan, you name it so that we have a local forest that can keep things calm. And we were keeping things calm. It's just mind blowing. But anyhow, politics aside, we left behind a massive database of biometric database. [00:56:40] Of Afghanis that had been helping us over in Afghanistan, as well as a database that was built using us contractors of everyone in the Afghan military, and basically third genealogy. Who their parents were the grandparents blood type weight, height. I'm looking at it right now. All of the records in here, the sex ID nationality. [00:57:13] Uh, date of exploration, hair color, favorite fruit, favorite vegetables, place of birth, uncle's name marker signature approval. Signature date, place of birth. Date of birth address, permanent address national ID number, place of ISS. Date of ISS native language salary. Date of salary, group of salary, police of salary education. [00:57:38] Father's named graduation date kind of weapon. And service number. These were all in place in Afghanistan. We put them in place because we were worried about ghost soldiers. A gold soldier was someone who we were paying the salary of taxpayers. The United States were paying the salaries of the Afghan military for quite some time. [00:58:06] And we were thinking that about half of the. Payroll checks. We were funding. We're actually not going to people who were in the military, but we're going to people who were high up within the Afghan government and military. So we put this in place to get rid of the ghost soldiers. Everybody had to have all of this stuff. [00:58:33] In the database, 36 pieces of information, just for police recruitment. Now this information we left behind and apparently this database is completely in the hand of the Taliban. Absolutely. So we were talking about Americans who helped construct Afghanistan and the military and the Teleman, the looking for the networks of their Poland supporters. [00:59:07] This is just absolutely amazing. So all of the data doesn't have clear use, like who cares about the favorite fruit or vegetable, but the rest of it does the genealogy. Does they now know who was in the police department, who was in the military, who their family is, what their permanent address is. Okay. [00:59:31] You see the problem here and the biometrics as well in the biometrics are part of this us system that we were using called hide H I D E. And this whole hide thing was a biometric reader. Well, the military could keep with them. There were tens of thousands of these things out in the field. And when they had an encounter with someone, they would look up their biometrics, see if they were already in the database and in the database, it would say, yeah, you know, they're friendly, they're an informant. [01:00:08] Or we found them in this area or w you know, we're watching them. We have concerned about them, et cetera, et cetera. Right. All of their actions were in. Well turns out that this database, which covered about 80% of all Afghans and these devices are now in the hands of the Taliban. Now, the good news with this is that that a lot of this information cannot be easily extracted. [01:00:40] So you're not going to get some regular run of the mill Taliban guide to pick one of these up and start using. But, uh, the what's happening here is that we can really predict that one of these surrounding companies like Pakistan that has been very cooperative with the Taliban. In fact, they gave refuge to Saddam, not Saddam Hussein, but to bin Ladin and also Iran and China and Russia. [01:01:13] Any of those countries should be able to get into that database. Okay. So I think that's really important to remember now, a defense department spokesperson quote here, Eric Faye on says the U S has taken prudent actions to ensure that sensitive data does not fall into the Tolo bonds. And this data is not at risk of misuse. [01:01:38] Misuse that's unfortunately about all I can say, but Thomas Johnson, a research professor at the Naval postgraduate school in Monterey, California says, uh, not so fast. The Taliban may have used biometric information in the Coon dues attack. So instead of taking the data straight from the high devices, he told MIT technology review that it is possible that Tolo bond sympathizers in Kabul provided them. [01:02:11] With databases as a military personnel against which they could verify prints. In other words, even back in 2016, it may have been the databases rather than these high devices themselves pose the greatest risk. This is very concerning big article here in MIT technology review. I'm quoting from it a little bit here, but there are a number of databases. [01:02:39] They are biometric. Many of these, they have geological information. They have information that can be used to round up and track down people. I'm not going to mention world war two, and I'm not going to mention what happened with the government before Hitler took over, because to do that means you lose that government had registered firearms, that government had registered the civilians and the people and Afghanistan. [01:03:13] The government was also as part of our identification papers, registering your religion. If you're Christian, they're hunting you down. If you were working for the military, they're hunting new day. And this is scary. That's part of the reason I do not want biometric information and databases to be kept here in the U S Hey, make sure you get my show notes every week on time, along with free training, I try to help you guys out. [01:03:50] Craig peterson.com. Craig peterson.com. Here I am. Cybersecurity strategist and available to you.

    How Ransomware, Trojanware, and Adware Hurt You

    Play Episode Listen Later Oct 29, 2021 85:09

    How Ransomware, Trojanware, and Adware Hurt You. And Why ExpressVPN Isn't Safe to Use. Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most? [Automated Transcript Follows] [00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us. [00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now that pretty much everybody is going to be facing a serious ransomware attack within the next 12 months. The numbers are staggering. And what are they doing while now they're getting you with the double whammy. [00:00:50] The first whammy is they encrypt your data. Your computers are encrypted, everything on them. So you can't use them anymore. Bottom line. Yeah, they'll boot they'll run enough in order to be able for you to pay that ransom. But any document that you might care about, any PDF, any word doc, and the spreadsheet is going to be encrypted. [00:01:14] And the idea behind that is. You have to pay in order to get that decryption key about 50% of the time. Yeah. About half of the time. Even if you pay the ransom, you'll get your data back the rest of the time. No, you you'll never see it again. So what do you do about that type of ransomware? Well, obviously most people just pay the rent. [00:01:39] But that's gone up as well. We've seen over a hundred percent increase in the amount of ransom people happy. So what's the best thing to do. What's the easiest thing to do in order to help you with this type of ransomware while it's obviously to have good backups. Now I'm going to be doing a bootcamp. [00:02:00] We're going to talk about this and a workshop. I really want to get going with these one week long workshops. So we'll do a, at least a couple of times a month in these boot camps that we'll do pretty much every week here, but they're coming up fairly soon. You'll only know about them. If you are on my email list, that is Craig peterson.com and the number one thing that you can do to. [00:02:27] You when you're hit with this type of rent somewhere, because if you're not taking all of the other precautions, you should be digging under really good that you're going to get hit the better than 50%. And once you do is have a good backup, and I want to warn everybody because I've seen this again and against people just keep making this mistake, probably because they don't get it. [00:02:51] They don't understand why and where and how, when it comes to ransom. The mistake is they do a backup to a local desk. Now, many times the backup is on a thumb drive or USB drive. So you just go to the big box store. You go to Amazon, you order an external drive. You're just amazed how cheap they are. [00:03:16] Nowadays. Once you've got that drive, you plug it in. You turn on some backup software. Maybe it's something you've used for some years, maybe. If you have a Mac, you're just using the built-in backup software. Even the windows operating system now comes with some built-in backup and you think you're off and running because every so often it back. [00:03:40] If we're using a Mac is smart enough to not only back up your whole machine, but as you're editing files, it's going to go ahead and make a backup of that file as you're editing it. So if there is a crash or something else, you're not going to lose much. I just love the way apple does that. Huge problem. [00:03:59] Because if the disc is attached to your machine, or let's say that disc is on a file server, cause you're smart, right? You set up some network attached storage of some sort and your machine has access to it. And so you're sending it off of your machine to a central. Well, you still got a problem because if your machine can read or more particularly right to a location on your network or locally, that ransomware is going to also encrypt everything, it can find there. [00:04:37] So, if you are sharing a network drive and you get ransomware, when you remember the odds are better than 50%, you're gonna get it. Then what happens? What would this type of ransomware it not only encrypts the files on your computer, but encrypts them on the backup as well. And it also encrypts them on any of the. [00:04:58] File servers or network attached storage the, to have on your network. So now everything's encrypted. You wonder why someone and people pay the ransom? Oh, that's a large part of the reason right there. And I keep saying this type of ransomware because there isn't another type of ransomware and they usually go hand in hand. [00:05:21] The bad guys were not making enough money off of holding your files. Rants. So the next thing the bad guys have done is they've gone to a different type of extortion. This one is, Hey, if you don't pay us, we are going to release your files to the world. Now they might do it on a dark website. They might do it on a publicly available site, which is what many of them are starting to do now. [00:05:51] And you're going to either be embarrassed or subject to a lot of fines or both, because now if your files have. Confidential information. Let's say it's your intellectual property. Now, anybody who bothers to search online can find your intellectual property out there. If you have anything that's personally identifiable information. [00:06:18] And it gets out. Now you are subject to major fines. In fact, in some states like California and Massachusetts, you are subject to fines. Even if the bad guys don't post it online. So that's the second type of ransomware and it's a bad type. And usually what'll happen is the bad guys, get their software on your machine and they can do it in a number of different ways. [00:06:45] One of the popular ways to do it now is to just break in because. Our businesses, we've, we've set up something called remote desktop, and we're using remote desktop for our users to get in. And maybe we're using some form of a VPN to do it with, or maybe we've made the mistake of using express VPN. And, uh, we have that now connected up to our homes and we think that that's keeping us safe. [00:07:13] And I got a few things to say about that as well. These VPN services. What happens now while Microsoft remote desktop has been under major attack and there are some major flaws. Some of these were patched more than a year ago now, but according to recent studies, 60%, almost two thirds of businesses have not applied the patches. [00:07:42] You know, th this is basic stuff. And I understand how hard it can be and it can be confusing and you can break your systems, but you have to weigh that against well, what's going to happen if our systems are broken into, because we didn't apply the patch. So that's the second type of ransomware and that's what most people are afraid of and for good reason. [00:08:07] And one of the things we do for businesses and we do ransomware audits, we have a look at your systems, your firewalls, et cetera, and make recommendations to. Man. I got to talk about this too, cause it really upset me this week. I signed up for a webinar just to see what was going on. There's a company out there that sells these marketing systems to managed services providers. [00:08:33] And I, I, I had to turn it off like instantly because it was just such. Garbage that they were telling managed services providers MSPs to do. I couldn't believe it. So this guy was talking about how, again, I turned it back on and I said, Hey, I've got to watch us anyways, because I need to know what's going on. [00:08:54] And this guy was telling these managed services providers, how they can double their clothes. I couldn't believe this guy. Cause he was saying that what they do is they offer to do a ransomware audit for businesses and they say, normally we charge $6,000 to do a ransomware audit, but I tell you what we'll do it for you for. [00:09:20] Now, this is a guy that he had an MSP managed services provider. Apparently he had started it and he was bringing in more than $1 million per month in revenue. Can you imagine that monthly recurring revenue over a million dollars? And so he's telling people businesses, Hey, I have a $6,000 audit that we'll do. [00:09:47] For free, Hey people, how long have we said, if you're not paying for something your, the product remember Facebook, right? Google, Instagram, all of those guys, Twitter, you don't pay for it, but your information is the product. So what's this guy doing well, guess what? His audit, it's going to show his audit. [00:10:10] It's going to show that you need him. And he's sucked in hundreds of businesses and he didn't even know what he was doing when it came to the audits or protecting them. It is insane. What's going on out there. I am ashamed of my industry, absolutely ashamed of it. You know, I've got my first attack, successful attack against my company back in 91 92. [00:10:42] And I learned this stuff because I had to, and I help you guys because I don't want you to get stuck. Like I was so important, important word of advice. If you want to nod it, go to someone that charges you for the audit. That's going to do a real one. It's going to give you real advice that you can really need and use rather than, Hey, you knew do use me. [00:11:11] Because my free audit tells you so, so many scams. [00:11:15] What is ad where in what is crypto, where these are two types of real, kind of bad things. Won't gray areas, things that are hurting us, our mobile devices, our businesses. And our homes. [00:11:32] Adware is also a type of malware that's been around a long time. But it does live in a gray area. [00:11:42] And that gray area is between basically marketing and, uh, well outright fraud. And I don't even want to call it just marketing because it's very aggressive market. What they will do with add where is they? They will have some JavaScript code or something else that's embedded on a webpage, and that's usually how you get it. [00:12:09] And then once it's in, in your browser, it sits there and it pops up things. So it'll pop up an ad for this, pop up an ad for that, even if it's. Uh, part of the site that you're on right now, and it can live for months or years on your computer. We've known for a long time about ad where on the windows environment and how it has just been just terribly annoying at the very least Microsoft and genetic Explorer. [00:12:40] One of the worst web browsers ever. Perpetrated on humankind was well-known for this. And of course, Microsoft got rid of internet Explorer, and then they came up with her own symposer browser, the edge browser that was also openly scorned. And so Microsoft got rid of their edge browser and switched over to basically Google Chrome chromium, and then changed his name to the edge browser. [00:13:11] And so you think you're running edge, but you're kind of not, you kind of are. So they did all of that in order to help with compatibility and also to help with some of these problems that people have had using that Microsoft browser online, very, very big problems. So what can you do about it and what does it do to you and where can be very. [00:13:37] You might've had it before words always popping up again and again and again on your browser, just so crazy knowing it it's insane, but it can also be used to spy on where you're going online and potentially to, to infect you with something even worse. Sometimes some of this ad where we'll purposely click on ads, that the people who gave you the ad were, are using as kind of like a clickbait type thing. [00:14:09] So you go to a website and it was. Automatically click certain ads and click on unbeknownst to you, right? It's as though you went there so that people have to pay for that ad. And sometimes aids are very, very complicated. Sometimes they'll use. In order to drive a competitor out of business or out of the market, because the ads are so expensive because so many people are supposedly clicking on the ads. [00:14:40] But in reality, you didn't click on the ad. You're not going to see that page that you supposedly clicked on, and it's going to cost that advertiser money, whole bunch of money. You might not care. Right. But it is. Ad ware over on the Mac, however, is the only real malware menace at all I had to where is something that choosed fairly frequently on the Mac? [00:15:09] It is pretty darn easy to get rid of. And as a general rule, it doesn't work very well on the Mac. Although I have seen some cases where it got very, very sticky. Where someone ended up installing it, it wasn't just running in the browser, but they installed it on their Mac, which is something you should never do. [00:15:29] But apple has some things in place to help stop any of this from happening. And it's gotten a lot better. I haven't seen this problem in a couple of years, but apple is using the signature based blocking technology called export. They also have at apple, this developer based notarization of apps. And so the run of the mill malware, which includes most of this Al where really can't find a foothold. [00:15:57] But I want to remind everybody that if they can get Al add where onto your computer, they might be able to get something worse. So you really got to keep an eye out for no two ways about it. There are some companies out there, for instance, there's this one. Parrot, which is a program linked to this Israeli marketing firm that gains persistence on your browser and potentially could gain root access to the Mac system. [00:16:30] So careful, careful on all fronts now. Anti-malware stuff that we use for our clients is called amp, which is an advanced malware protection system. That's been developed by our friends over at Cisco it's amp is very, very good. Unfortunately, you cannot get it unless you buy it from somebody like us and you have to buy so many seats for some of this stuff, it gets gets expensive quickly. [00:17:00] Um, if you can't do that much, a lot of people like Malwarebytes, there are some very good things about it, but be careful because in order for this to work, this is Railey parrot software to work. It has a fake install. So again, it's just be careful if you know how apple installed software, you know that unless you have instigated it, it's not going to be installed. [00:17:30] You're not just going to see an installer. And say, Hey, we're apple install us. Right? Apple just does it in the background when it comes to updates patches. But they're very sneaky here trying to install things like the Adobe floor. Player, which has been deprecated. Deprecated is completely now gone from Mac systems and from windows systems, you should not be using flash at all anymore. [00:18:02] It was very, very bad. So up becomes you, you go to wound stole the leaders flash player, or, and I'm sure they're going to change this or something else, right? It won't be flashed in a future. It'll be a Adobe. Would you also don't need on a Mac. So anyhow, that's what you got to be careful of ad were still a big problem in windows. [00:18:25] Not much as much as it used to be. Uh, thanks to the change to Google Chrome, which Microsoft has rebranded as of course its own edge browser. Much of a problem at all on Macs, but be very, very careful in either platform about installing software that you did not start installing. Now earlier this year, there's a security firm called red Canary that found something that's been named silver Sparrow. [00:18:58] That was on a. 30,000 Mac computers. And apparently the developers for this malware had already adapted it to apples and one chip architecture and have distributed this binary, this program as a universal binary. Now in the macro, the member doesn't just use Intel. It used to use power PCs and then it used Intel. [00:19:21] And now it's using its own architecture for the chips themselves. So a universal binary is something that will run on Mac Intel based and Mac architecture base. But, uh, the bottom line is that this proof of concept. Malware, if you will had no payload. So we know it's out there, we seen it now on almost 30,000 Mac computers, but at this point it's not really doing much, much at all. [00:19:53] So. These are malicious search engine results and they're directing victims to download these PKGs, which are Mac packaged format installers based on network connections from your browser shortly before download. So just be very careful about all of that. It can be something as annoying as malware or something as a malicious. [00:20:17] Well, potentially as ransomware. Particularly if you're running windows, Hey, if you want to find out more about this, if you want to get into some of my free courses here, we got free boot camps coming up. Make sure you go to Craig peterson.com/subscribe. More than glad to send you my show notes, a little bit of training, and of course, let you attend these free bootcamps that are now to sell you stuff, but solve problems for you. [00:20:49] Hey, if you use VPNs to try and keep yourself safe, particularly if you use express VPN. Wow. What just came out is incredible. It is anything but safe and secure. [00:21:06] Express VPN was purchased by a company called Cape K A P E. Cape is a company that had changed its name because oh, things were bad. [00:21:19] Right. It was originally founded under the name of cross writer. And you might've seen notices from your anti-malware software over the years for everything from Malwarebytes on saying that, oh, it blew up. To this cross writer piece of malware, most of the time it's ad ware, but it is really interesting to see because this company was founded by a person who was part of the Israeli secret service. Right? So it wasn't of course not. It's not called the secret service over there in Israel. And it, frankly, it compares to our NSA, you know, no such agency. Yeah. It's part of unit 8,200 in the Israeli intelligence military. And it's been dubbed, of course, Israel's NSA. Teddy Saggy, which was one of these investors also was mentioned in the Panama papers. [00:22:24] Remember those? We talked about those back in 2016, those were leaked and that showed these law firm, this one particular law firm in panel. And that we're sheltering assets for people all over the world. And so now that express VPN is owned by this company that is, this company built entirely by intelligence agents for almost a billion. [00:22:55] Dollars in cash and stock purchases. That's a much, they sold express VPN for almost a billion dollars, which is kind of crazy when you think of it as a VPN service, but makes a lot of sense. If you're going to want to monitor what people are doing, where they're going, maybe even break into their systems or better choice than a VPN provider and the. [00:23:20] The company has been buying up VPN providers and is now the proud owner of express VPN. If you attended my VPN workshop that I had, oh, it's probably been a year and I'm going to start doing these again. I promise, I promise. I promise, but you know how much I just like VPNs. In fact, one of you guys, I'm sorry, I forgot your name. [00:23:46] Send me. A couple of weeks ago now about VPNs and saying, I know how much you disliked VPN look at this article. And it was talking about this whole thing with express VPN. So they just now all over the place, the discussions online about what. Been to hear who the founder was, the CEO, the CTO, this growing portfolio that they have in Sunbrella of ownerships, that now is centralized in a multiple VPNs. [00:24:15] Now, Cape technology only started acquiring VPN companies about four years ago. And they've been in business now for over a decade. And what were they doing before? They started buying VPN companies? While they own VPN companies. Oh, they were a major manufacturer and distributor of. Malware of varying types. [00:24:40] Now the first part of the show today, of course, I was explaining some of the differences, like ad words, et cetera, so that you could understand this story. Right? Ghulja that? So you can understand this. That's what these guys have been doing. It's absolutely crazy. So the F the co-founder of Cape technology and former CEO started his career in information technologies while serving in the Israeli defense forces. [00:25:08] As I mentioned, Israeli intelligence Corps under unit 8,200 it's that unit is responsible for. Dean what's called signal intelligence and data decryption. Now we have signal intelligence here as well, and that's basically intercepting signals, figuring out what's being said, what's going on? Where they are, the size of the forces, et cetera. [00:25:32] I have a friend of mine, a young lady who is in signal intelligence in, I think it's the Navy, but every part of our military has it is. However, our military doesn't directly control VPM services like express VPN that can be used in a very big spike capacity. That's what I'm really concerned about. Now. I also, I found an interesting article on zero hedge about this, uh, you know, this company express, VPN being acquired. [00:26:06] But they're also pointing out that companies that were founded by former operatives of unit 8,200. That again, the Israeli version of the NSA included. Ways Elbit systems, which is right in my hometown of Merrimack, New Hampshire and slews of other startups now ways. Right. I, I used ways I recommended people to use it and of course, Google bought it a few years back and that's when I stopped using it, but it was really nice. [00:26:39] It worked really well. And I had no idea the information was likely going to. The Israeli defense Corps. Oh my goodness. There's spy agencies, uh, and a bunch of other startups, by the way. It's estimated that there have been over 1000 stack tech startups that came out of the people working at unit 8,208. [00:27:07] Again, they're CIA NSA, uh, guys, their spine on everybody. You can, you believe that? And they've been bought by a mentioned Google, but other companies like Kodak, PayPal, Facebook, Microsoft have bought them. So in addition to the thousands of companies, according to zero. Uh, unit 8,200 has also fostered close working relationship with the U S government, which you would expect, right? [00:27:33] Edward Snowden. You remember him? He disclosed leaked documents. He obtained, which included an agreement between the NSA and the Israeli defense force. The agreement showed that the U S intelligence. Agency would share information. It collected under domestic surveillance operations with it. Israeli counterpart. [00:27:53] You remember we talked before about the five eyes, seven eyes searching eyes. It's up in the twenties. Now these countries that spy on each other citizens. For the other countries, right? Yeah. Your information might not be collected by the U S government, but the U S government gets it by buying it from private contractors, which it says it can do because we're only barred from collecting it ourselves. [00:28:17] We can use private contractors that collected on you. And also by going in partnership with foreign government. Because again, we can't collect that information, but we can certainly have the Israelis or, or the Brits or the Australians or Canada. They could collect it from. Can you believe this, how they're just stretching these rules to fit in what they want to fit. [00:28:39] Okay. Completely ignoring not only the constitution, but the laws of the United States. It's, it's just absolutely incredible. So critics of this unit, Eddy 200 attested that the Israeli intelligence outfit routinely uses the data received from the NSA by providing it to. Politicians Israeli politicians for the basics of blackmailing. [00:29:06] Yes. Blackmailing others. Yes. Indeed. Other whistle blowers have revealed any two hundreds operations have been able to disrupt Syrian air defense systems, hack Russia. Cap Kaspersky labs. You remember I told you guys don't use Kaspersky antivirus and has outfitted several Israeli embassies with Glendale, seen surveillance systems, cleanse Stein. [00:29:31] However you want to pronounce it. By the time Cape technologies acquired his first VPN company. Uh, the CE original CEO had left and he went on to found cup pie before leaving as it CEO in 2019, it goes on and on, uh, bottom line gas, SWAT express VPN, which is advertised by so many conservatives. Now looks like it is actually part of a spy operation. [00:30:01] So sign up now. Craig peterson.com. Craig peterson.com/subscribe. You're going to want to attend my free VPN webinar. Hey, I don't have anything to sell you when it comes to VPNs. I just want you to know the truth. [00:30:17] Labor shortages are making businesses turn direction. And now that we're laying off people or firing them because they didn't take the jab, what are businesses going to do? Well, I have news for you that reduced workforce, well, guess what?. [00:30:34] U.S. Businesses are really seriously moving to automation. [00:30:39] Now they've been doing this since the start of this whole lockdown. They were doing it even before then. I tell the story of when I was in France, a boom went four or five years ago now, and I stayed off the beaten path. I was not in the touristy areas. I speak French. So I went just where the. I decided to go, my wife and I, so we rented a car and we spent a month just kind of driving around where do we want to go next to, or do we want to go next? [00:31:08] It was a whole lot of fun. And while we were there on a Sunday, I came to realize that these small French towns have no restaurants open on Sunday, nothing at all, talking about a bit of a culture shock. That's not true. There was one restaurant opened in the town and that restaurant was, and McDonald's. [00:31:30] So when I go to McDonald's here a few years ago in France, central France. And when I walk in, there's nobody at the counter, but they're all. Oh, half a dozen kiosks out front. So you go and you order your hamburger, whatever might be, or your drinks, et cetera, right there in the kiosk, you pay for them riding the kiosk. [00:31:53] And there's some people working out back that are then making the hamburgers or the milkshakes or coffee, whatever you ordered and bringing it up to the front. And then they just put her right there for you to grab that simple. And this was of course, pre. Down days, I assume that it has gone even more automated. [00:32:14] Uh, they're in France, but hard to say. And I've seen the same thing here in the us. I was out in Vermont just about a month ago and I was riding with a buddy of mine, motorcycle riding, couple of buddies, actually. And we stopped in this small. Town. And we went to this little breasts, breakfast restaurant and the breakfast restaurant had maybe four or five tables inside. [00:32:42] And you just sat at the table. No waitress came up, but there's little sign with the QR code. So it said a scan, the QR code to get started. So you scanned it, it knew based on the QR code, which table you were at, and it showed you the menu that was in effect right then and there. So the lunch menu or the breakfast or the all day, you got to pick it and then you selected what you wanted. [00:33:08] It used whatever payment you wanted. I used apple pay. And in order to pay for my breakfast and my buddy ordered what he wanted. And then out came a waitress who delivered the food. Once it was already in the drinks, it was very automated. It allowed them to cut back on some people and others, this small restaurant, they probably had one last waitress, but when you kind of had in the shifts. [00:33:33] Days and vacation days is probably two waitresses. So they're saving some serious money because a system like this that you just scan a QR code and do the order and it prints up in the kitchen is cheap compared to hiring. Well, of course, it's hard to hire people, especially in the restaurant industry nowadays heck and in my business where we go in and we do analysis of computer networks and systems, it's almost impossible to find people that are really well qualified that understand the regulations that apply to these different businesses. [00:34:10] So it's like, forget about it. There's more than a million of these jobs open right now. And just in this cybersecurity. Well, September mark, the end of the real lockdown induced unemployment benefits workers. Didn't just flood the labor market as we kind of expected. And we have now few, we have more people now. [00:34:38] Who are out of the workforce. Who've decided not to look for a job than we did in 2008. So that's telling you something 2008 during the great recession. Interesting things are about to happen, but there's a great little article that I found in. Times this week, and it's talking about this quality local products company out of Chicago, the prince logos on merchandise, like t-shirts water bottles, you know, the little stress balls, all of that sort of stuff. [00:35:10] And he said prior to the pandemic, we had over 120 employees. That's the co-founder talk in there. And he said, Primary focus was on growth. We simply plugged any holes or any efficiencies that we could along the way with human capital, bringing people in. But once the lockdown happened, of course, all of a sudden now you don't have the access to employees you had before. [00:35:36] So they had a huge decrease also in business. So those two went hand in hand. They let a lot of people go and they use the opportunity to program many of the previous manual and human controlled activities into computers. So now 18 months later, yeah, two weeks to flatten the curve. Right? 18 months later, the company employees, 83 workers. [00:36:03] And as managing a workload, that's pretty much the same as pre lockdown. So they went from over 120 employees down to 83. So basically they cut 40 employees from the workforce. That's a whole lot of quarter of the workforce gone. They don't need them anymore. So that's going to help produce more profits for them. [00:36:27] A lot more profits. Cause usually automating. Yeah, it can be painful, but it usually has major paybacks and that's exactly what it had for them. And they're saying that they anticipate that they can reduce employees even more by the end of this year and get their head count below. 50 now 50 is a magic number. [00:36:48] So it was a hundred when it comes to employees. Well, one is like the biggest magic number because when, once you have one employee, you all of a sudden have to comply with all kinds of rules, regulations, state, local, federal. But if you hit 50 employees, you have the next step of major new regulations that are gonna affect your business. [00:37:09] And then when you hit a hundred employees, Even more, so many people try and keep their businesses below 50 employees because it's just not worth it to have all of those regulations, additional regulation, taxes, and everything else. Another company, this is a California based property management. The managing more than 90,000 commercial and residential properties. [00:37:33] And what they've done is they added a chat feature to the website, the company's called sea breeze. And he says, even though we have the live chat, you can still reach us outside of business hours. Well, You are using the chat or you can call us either way, but they're saying people like the simple form and someone gets back to them as soon as they can. [00:37:57] So they're avoiding now having staff available 24 7 to respond to chat messages and to respond to the voicemails and phone calls that come in. So it's pretty good all the way around, frankly, new shopping models are in place. I'm looking at a picture of a business and it has. Of course, a window up front and in the window they have jewelry. [00:38:21] This is a jewelry store and they've got QR codes in front of each of these pieces of jewelry right on the inside of the window. So if you're interested in finding out more about that piece of jewelry, Just scan the QR code. It'll take you to the right page on their website and we'll even let you buy the jewelry and they will mail it to you again. [00:38:46] How's that for? Great. If you have a business in a tourist jury area and you don't want to be open until 11:00 PM at night, your story can keep selling for you. Even when you're close. This is window shopping, taken to an extreme, very simple. To do as well. This company is called full me waiter. Obviously they've got a bit of a sea theme here. [00:39:10] So once someone orders the jewelry and the other merchandise sent right to them, or they can have it set for pickup in the store, when they next open it's phenomenal. They're calling. Alfresco shopping space, right from the sidewalk. So businesses again are returning to pre pandemic levels and he, this guy is available in the store by appointment only he's loving it. [00:39:37] And he says that customers have been so satisfied with this QR code window shopping contract. That he wrote a guidebook. You can get it@scantshopsolution.com or excuse me, scan, just shop solution.com. I misread that. So any retailers who want to use this method, if you don't know what QR codes are, or you don't know how to code it into a website, et cetera, she's got webinars she's taught on it and she's got the guide book. [00:40:05] I think this is great. Right? So she's now making some money on. Explain to other people, how she did this. It's phenomenal across industries. Epic times is saying the staffing shortages could be temporary, but as firms are further embracing, embracing automation and all of its benefits, some of these jobs that people just don't want anymore may actually be going away. [00:40:33] And I think this is ultimately a problem. We had, uh, you know, again, I'm older generation, right? Us baby boomers. We had opportunities when we were younger. I had newspaper routes. I had the biggest drought in the area. I can't remember. It was like 120 homes. It was huge. It took me hours to do, but I made money. [00:40:56] I learned how to interact with people. I knew, I learned how to do bill collection, how important it was not to let customers get too far behind on their bills. Although I have been slack on that one, I'm afraid, but it helped me out a lot. So, what are kids going to do that need to learn a work ethic that need to be able to have a job, make the mistakes, maybe get fired a once or twice or, or three times maybe learn how to interact with customers. [00:41:27] Everyone, I think can benefit from some retail experience. Get that when you're young and if these jobs don't exist, then. Or the younger generations here, are they just going to be trying to find jobs they can do with Instagram? Right? They're all I know. A few kids who have said, well, I'm a social media influencer and you look them up and okay. [00:41:50] So they got a thousand people following them. I have far more than that, but you know, it, that's not a job. It's not going to last. Your looks are only going to last so long. Right now you start having a family and you start working hard outdoors, et cetera. There's a lot of things that make that all go away. [00:42:09] So I think many businesses now we're going to continue to accelerate our plans program out and. A lot of weld pain positions, as well as these entry-level positions in the next five or 10 years. Really? I don't even know if it's going to be 10 years retool retrain our workforce, or everyone's going to be in for a world of hurt. [00:42:33] Hey, make sure you subscribe. So you're not in a world of hurt. Get my latest in news, especially tech news and cybersecurity. Craig peterson.com. [00:42:46] In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business, email compromises. It's really crazy. That's what we're going to talk about. [00:43:03] An important part of keeping ourselves safe in this day and age really is con to confuse the hackers. The hackers are out there. They're trying to do some things. For instance, like business, email compromise. It is one of the biggest crimes out there today. You know, you hear about ransomware and. It hits the news legitimately. [00:43:26] It's very scary. It can really destroy your business and it can hurt you badly. If you're an individual you don't want ransomware. Well, how about those emails that come in? I just got an email in fact, from a listener this week and they got a phone call. His wife answered and it was Amazon on the phone and Amazon said, Hey, listen, your account's been hacked. [00:43:54] We need to clear it up so that your identity doesn't get stolen. And there's a fee for this. It's a $500 fee. And what you have to do is just go to amazon.com. Buy a gift card and we'll then take that gift card number from you. And we'll use that as the fee to help recover your stolen information. So she went ahead and did it. [00:44:20] She went ahead and did all of the things that the hackers wanted and now they had a gift card. Thank you very much. We'll follow up on this and. Now she told her husband, and of course this isn't a sex specific thing, right. It could have happened to either one. My dad fell for one of these scams as well. [00:44:44] So she told her husband or her husband looked at what had happened and said, oh my gosh, I don't think this is right. Let me tell you, first of all, Amazon, your bank, various credit card companies are not going to call you on the phone. They'll send you a message right. From their app, which is usually how I get notified about something. [00:45:10] Or they will send an email to the registered to email that. Uh, that you set up on that account. So that email address then is used by them to contact you right. Pretty simple. Or they might send you a text message. If you've registered a phone for notifications, that's how they contact you. It's like the IRS. [00:45:35] I was at a trade show and I was on the floor. We were exhausted. And I got no less than six phone calls from a lady claiming to be from the IRS and I needed to pay right away. And if I didn't pay right away, they were going to seize everything. And so all I had to do. Buy a gift card, a visa gift card, give her the number and she would use that to pay the taxes it and this lady had a, an American accent to one that you would recognize. [00:46:10] I'm sure. And it's not something that they do now. They do send emails, as I said. So the part of the problem with sending emails is, is it really them? Are they sending a legitimate email to a legitimate email address? Always a good question. Well, here's the answer. Yeah, they'll do that. But how do you know that it isn't a hacker sending you the email? [00:46:42] It can get pretty complicated. Looking into the email headers, trying to track. Where did this come from? Which email servers did it go through? Was it authenticated? Did we accept? Did the, uh, the provider use proper records in their DNS, the SPIF, et cetera, to make sure that it's legitimate. Right? How do you follow up on that? [00:47:07] That's what we do for our clients. And it gets pretty complicated looking at DKMS and everything else to verify that it was legitimate, making sure that the email came from a registered MX server from the, the real center. There is a way around this. And this has to do with the identities, having these fake burner identities. [00:47:33] I've been doing this for decades myself, but now it's easy enough for anybody to be able to do. There are some services out there. And one of the more recommended ones. And this is even the New York times, they have an article about this. They prefer something called simple log-in. You can find them online. [00:47:57] You can go to simple login dot I O. To get started now it's pretty darn cool. Cause they're using, what's called open source software it's software. Anybody can examine to figure out is this legitimate or not? And of course it is legitimate, but, uh, they it's, it's all out there for the whole world to see. [00:48:17] And that means it's less likely in some ways to be hacked. There are people who argue that having open source software means even more. In some ways you are, but most ways you're not, anyways, it doesn't matter. Simple login.io. Now, why would you consider doing this? Uh, something like simple login? Well, simple login is nice because it allows you to create dozens and dozens of different email address. [00:48:51] And the idea is with simple log-in it will forward the email to you at your real email address. So let's say you're doing some online shopping. You can go ahead and set up an email address for, you know, whatever it is, shopping company.com, uh, that you're going to use a shopping company.com. So you'd go there. [00:49:13] You put in two simple log-in, uh, I want to create a new identity and you tag what it's for, and then you then go to some, um, you know, shopping company.com and use the email address that was generated for you by simple login. Now you're a simple login again. Is it going to be tied into your real email account, wherever that might be if using proton mail, which is a very secure email system, or if using outlook or heaven forbid Gmail or one of these others, the email will be forwarded to you. [00:49:52] You will be able to see that indeed that email was sent to your. Shopping company.com email address or your bank of America, email address, et cetera, et cetera, that makes it much easier for you to be able to tell, was this a legitimate email? In other words, if your bank's really trying to get ahold of you, and they're going to send you an email, they're going to send you an email to an address that you use exclusive. [00:50:22] For bank of America. In reality, you only have the one email box that is over there on wherever proton, mail, outlook, Gmail, your business. You only have that one box you have to look at, but the email is sent to simple login. Does that make sense? You guys, so you can create a, these alias email boxes. It will go ahead and forward. [00:50:49] Any emails sent to them, to you, and you'll be able to tell if this was indeed from the company, because that's the only place that you use that email address. That makes it simple, but you don't have to maintain dozens or hundreds of email accounts. You only have the one email account. And by the way, you can respond to the email using that special aliased email address that you created for the shopping company or bank of America or TD or whomever. [00:51:22] It might be, you can send from that address as well. So check it out online, simple log-in dot IO. I really liked this idea. It has been used by a lot of people over, out there. Now here's one other thing that it does for you, and this is important as well. Not using the same email address. Everywhere means that when the hackers get your email address from shopping company.com or wherever, right. [00:51:56] pets.com, you name it. They can not take that and put it together with other information and use that for business, email compromise. Does that make sense? It's it makes it pretty simple, pretty straightforward. Don't get caught in the whole business email compromise thing. It can really, really hurt you. [00:52:19] And it has, it's one of the worst things out there right now, dollar for dollar it's right up there. It, by the way is one of the ways they get ransomware into your systems. So be very careful about that. Always use a different email address for every. Website you sign up for. Oh, and they do have paid plans like a $30 a year plan over at simple IO will get you unlimited aliases, unlimited mailboxes, even your own domain name. [00:52:50] So it makes it pretty simple, pretty handy. There's other things you might want to do for instance, use virtual credit cards. And we'll talk about those a little bit. As well, because I, I think this is very important. Hey, I want to remind everybody that I have started putting together some trainings. [00:53:12] You're going to get a little training at least once a week, and we're going to put all of that into. We have been calling our newsletter. I think we might change the name of it a little bit, but you'll be getting those every week. And the only way to get those is to be on that email list. Go to Craig peterson.com/subscribe. [00:53:35] Please do that right. I am not going to harass you. I'm not going to be one of those. And I've never been one of those internet. Marketers is sending you multiple dozens of emails a day, but I do want to keep you up to date. So stick around, we will be back here in just a couple of minutes. And of course you're listening to Craig Peterson. [00:53:59] And again, the website, Craig peterson.com stick around because we'll be right back. [00:54:05] One of the best ways to preserve your security on line is by using what we're calling burner identities, something that I've been doing for more than 30 years. We're going to talk more about how to do that right. [00:54:20] We've talked about email and how important that is. I want to talk now about fake identities. Now, a lot of people get worried about it. It sounds like it's something that might be kind of sketchy, but it is not to use fake identities in order to confuse the hackers in order to make it. So they really can't do the things that they. [00:54:46] To do they can't send you fishing ear emails, particularly spear phishing emails. That'll catch you off guard because you're using a fake. How do you do that? Well, I mentioned to you before that I have a thousands of fake identities that I created using census data. And I'm going to tell you how you can do it as well. [00:55:13] Right? There's a website out there called fake name a generator. You'll find it online@fakenamegenerator.com. I'm on that page right now. And I'm looking at a randomly generated identity. It has the option right on this page to specify the sex. And it says random by default, the name set, I chose American the country United States. [00:55:44] So it is applying both American and Hispanic names to this creative. And now remember it's doing the creation based on census data and some other public data, but it is not giving you one identity of any real. I think that's important to remember, and you're not going to use these identities for illegal purposes. [00:56:11] And that includes, obviously when you set up a bank account, you have to use your real name. However, you don't have to use your. If you will real email address, you can use things like simple login that will forward the email to you, but we'll let you know who was sent to. And if you only use that one email address for the bank, then you know that it came from the bank or the email address was stolen from the bank. [00:56:40] Right. All of that stuff. We've talked about that already. So in this case, The name has come up with for me is Maurice D St. George in Jacksonville, Florida even gives an address, uh, in this case it's 36 54 Willis avenue in Jacksonville, Florida. So if I go right now, Uh, two, I'm going to do use Google maps and I am going to put in that address. [00:57:11] Here we go. Jacksonville willows avenue, all the guests. What there is a Willis avenue in Jacksonville, and it's showing hoes from Google street view. Let me pull that up even bigger. And there it is. So ta-da, it looks like it gave me. Fairly real address. Now the address it gave me was 36 54, which does not exist. [00:57:40] There is a 365, but anyways, so it is a fake street address. So that's good to know some, if I were to use this, then I'm going to get my. Uh, my mail saying why about I pass? So, uh, Maurissa tells you what Maurice means, which is kind of neat. It'll give you a mother's maiden name. Gremillion is what a gave me here, a social security number. [00:58:06] So it creates one that passes what's called a check sum test. So that if you put it into a computer system, it's going to do a real quick check and say, yeah, it looks. To me. So it's was not just the right number of digits. It also passes the check, some tasks. Well-known how to do a check sum on their social security numbers. [00:58:27] So again, it's no big deal. And remember, you're not going to use this to defraud anyone. You're going to use this for websites that don't really need to know, kind of give me a break. Why do you need all this information? It gives me a phone number with the right area code. Uh, and so I'm going to go ahead and look up this phone number right now. [00:58:50] Remember, use duck, duck go. Some people will use Google search and it says the phone number gave me is a robo call. As I slide down, there's some complaints on that. Uh, so there you go. So they giving us a phone number that is not a real person's phone number, country code, of course one, cause I said United state birth date. [00:59:13] Oh, I was born October 7th, year, 2000. I'm 20 years old. And that means I'm a Libra. Hey, look at all this stuff. So it's giving me an email address, which is a real email address that you can click to activate or right there. Again, I mentioned the simple login.io earlier, but you can do a right here and it's got a username and created for me a password, which is actually a pretty deep. [00:59:41] The password. It's a random one, a website for me, my browser user agent, a MasterCard, a fake MasterCard number with an expiration and a CVC to code all of this stuff. My height is five six on kind of short for. Uh, my weight is 186 pounds own negative blood type ups tracking number Western union number MoneyGram number. [01:00:11] My favorite color is blue and I drive a 2004 Kia Sorento and it also has a unique ID. And, uh, you can use that wherever you want. So the reason I brought this up again, it's called fake name generator.com is when you are going to a website where there is no legal responsibility for you to tell them the true. [01:00:39] You can use this. And so I've, I've used it all over the place. For instance, get hub where you have, uh, it's a site that allows you to have software projects as you're developing software. So you can put stuff in, get hub. Well, they don't know to know, need to know who I really am. Now they have a credit card number for me. [01:01:01] Because I'm on a paid plan. I pay every month, but guess what? It isn't my real credit card number. It isn't the number that I got from fake name generator. My credit card company allows me to generate either a single use credit card numbers, or in this case, a credit card. Number four, get hub doc. So just as an example, that's how I use it. [01:01:24] So if get hub gets hacked, the hackers have an email address and a name that tipped me off right away, where this is coming from. And if the email didn't come from GitHub by no, they either sold my information to a marketing company, or this is a hacker. Trying to manipulate me through some form of his fishing scheme. [01:01:47] So I know you guys are the breasts and best and brightest. A lot of you understand what I'm talking about and I'm talking about how you can create a burner identity. And let me tell you, it is more important today to create a burner identity. Then it has ever been at any point in the past because frankly burner identities are one of the ways that you can really mess up some of the marketing firms out there that are trying to put the information together, these data aggregator companies, and also the hackers. [01:02:24] And it's really the hackers that were off up against here. And we're trying to prevent them from. Getting all of this information. So when we come back, I want to talk about the next step, which is which credit cards can you get? These single use card numbers from? Should you consider using PayPal when my Google voice be a really good alternative for you? [01:02:52] So we're going to get into all of that stuff. Stick around in the meantime, make sure you go to Craig peterson.com/subscribe. Get my newsletter. All of this. Is in there. It makes it simple. It's a simple thing to do. Craig peterson.com. And if you have any questions, just email me M e@craigpeterson.com. [01:03:20] Having your credit card stolen can be a real problem for any one of us. It gives the bad guys, a lot of options to spend a lot of money very quickly. We're going to talk right now about virtual credit cards. What are they, what does it mean? [01:03:37] Virtual credit cards come in two basic forms. [01:03:41] One is a single use credit card, which was quite popular back when these things first came out and another one is a virtual credit card that has either a specific life. In other words, it's only good for 30 days or that can be used until you cancel it. If you have a credit card, a visa, MasterCard, American express discover all of the major card issuers will give you the ability to reverse any charges that might come onto your cards. [01:04:19] If your card is stolen or missing. Now that makes it quite easy. Doesn't it? I want to point out that if you're using a debit card, as opposed to a credit card, there's not much challenging you can do with the credit card. You can say, I am not going to make my pain. And, uh, because of this, that, and the other thing, this was stolen, et cetera, they can file it as a disputed charge. [01:04:46] They can do an investigation find out. Yeah. I'm you probably were not at a bus terminal down in Mexico city, which happened to me. 'cause I was up here in New Hampshire, quite a ways down to Mexico city. And so they just reversed it out. That money never came out of my bank account because it was on a credit card. [01:05:08] If I were using a debit card. That money would have come right out of my account. Now, mind you, a bus ticket in Mexico city is not very expensive, but many people have had charges of many thousands of dollars. And if you need that money in your checking account, and you're using a debit card, you got a problem because your check for, well, if you ever have to pay rent again, red check is going. [01:05:38] Bound because they just empty it out to your bank account. So now you have to fight with the bank, get the money back. They will, they will eventually refund it, but it could make some of you. Transactions that you might've written a check or something, it'll make them bounce. And that could be a real problem. [01:05:57] These, it could make them bounce. So using a credit card is typically less of a hassle online. So why would you want to use a virtual card or also known as a master credit card? Masked and may S K E D? Well, the main reason behind this is to allow you. Control payment. I've used them. In fact, I use them exclusively on every website online. [01:06:29] And I'm going to tell you the names of some of them here in just a couple of minutes, but I use them all of the time. And part of the reason is let's say, I want to camp. Uh, service. Have you ever tried to cancel a service before and you have to call them many times, right. And so you're, you're arguing with somebody overseas somewhere who doesn't want you to close the account. [01:06:53] And of course the. Bump you up to the next level person who also doesn't want you to close the account. And so you have to fuss fuss, fuss, fuss. Have you ever had that experience and I'm sure you have. It just happens all the time. So with using the virtual credit card, Well, the advantage to me is, Hey, if you are going to try and fight with me, I don't care because I'm just going to cancel that credit card number. [01:07:24] So I don't have to cancel my credit card. I don't have to have the company reissue credit card for me. I don't have to do any of this sort of thing that makes my life pretty easy. Doesn't it? And so, because of that, I am now I think in a much better. Place, because it just, I don't have to fight with people anymore. [01:07:43] So that's one of the reasons I used it. The other big reason is if it gets stolen, they can cause less harm. Some of these credit card it's virtual credit cards are set up in such a way that you can limit the amount that's charged on them. Do you like that? So if you are using it on a site that maybe is charging you $50 a month, no problem. [01:08:09] $50 a month comes off of the credit card. And if someone tries to charge more bounces and then hopefully you find out, wait a minute, it just bounced on me right now. Then next step up is okay. It bounced and. Uh, I am just going to cancel the card and then you issue a new credit card number for that website. [01:08:32] So an example. In my case has get hub.com. We keep software up there and they charge me every month if get hub were to get hacked and that credit card number stolen I'm I really don't care because there's almost nothing that can happen. And if good hub doesn't properly cancel. My account, I can just cancel the credit card and, you know, let them come after me. [01:08:57] Right. This isn't going to happen. So then it's also called a master credit card number because it's a little safer than using your real credit card details. I also want to point out something about debit card. I went for years with no credit cards at all. Nowadays, many of my vendors will take a credit card for payment. [01:09:20] And in fact, give me a bit of a better deal. And then with the credit card, I can get 2% cash back, which I use to pay down the credit card. Right. It couldn't get any better than that, but when you're using a debit card, what I always. Is I had two accounts that I could transfer money between at the bank. [01:09:42] So I had one checking account. That was my main operating, if you will account. And then I had another checking account where I would be. Just moving money out of it. Or you could even do it with a savings account, but some banks, they only let you do so many transactions a month on a savings account. So the idea is I know that I have this much in credit card obligate while debit card obligations for this month, that money is going to be coming out. [01:10:11] So I make sure that. In the debit card account to cover the legitimate transactions I know are coming up and then I keep everything else in the other account. And then I manually transferred over every month. So that's how I dealt with the whole debit card thing. And it worked really well for me. Bottom line. [01:10:30] I think it's a really great. So there you go, who are the companies that you can use to do this? I've used some of these before all of them have worked really well. If you have a capital one credit card, they have something called Eno, E N O, and it's available to all capital one card. You know, even has an extension for your web browsers. [01:10:59] So if it notices you're on a webpage, it's asking for credit card number, it'll pop up and say, do you want me to create a credit card number or a virtual one for this websites you can make your payment. Does it get much easier than that? Citibank has something they call a virtual credit cards available to all Citibank card holders, master pass by MasterCard. [01:11:23] That's available to any MasterCard visa, American express discover Diner's club card holders, credit, debit, and prepaid cards by their way. So you might want to check that one out. Uh, yeah, so that's the only one I see on my list here. That will do it for debit cards, Masterpass by MasterCard American express checkouts, available to all American express card holders. [01:11:51] Chase pay available to all chase card holders, Wells Fargo, wallet, uh, visa checkouts, available to all visa, MasterCard, and American express and discover color card holders, credit and debit cards. Plus. Prepaid cards. Okay. So it does do the debit cards as well. Final that's all owned by Goldman Sachs and is not accepting any new applicants and entro pay. [01:12:19] Also not accepting new applicants. There's a couple online. You might also want to check out our Pyne. Premium Al buying. I'm buying a, B I N E blur premium. You might want to check that out as well. All right, everybody make sure you check me out. Craig peterson.com/subscribe. [01:12:43] We're going to wrap up how you should be using these burner identities of few more tips and tricks that are going to help keep you safe from the hackers that are out there. So here we go. [01:12:58] There are a lot of hackers out there. [01:13:01] The numbers are just astounding. The cost of these hackers coming in and stealing our information is just unbelievable. And it goes all the way from big corporations, from things like the colonial pipeline, the U S government all the way on down through you and me. I want to tell you a little story about a friend of mine. [01:13:28] He is about 75 years old and he supplements his income by driving for Uber eats and one other company. And so what he'll do is someone puts in an order for food somewhere. He'll go pick it up and then he'll drive it to where whoever wanted wanted, whoever ordered it. Now, there are. Pricing number of scams with this. [01:13:55] So he's very careful about some of that orders, a cookie, for instance, because it's usually a bit of a scam anyways, we won't get into those, but I'll tell you what happened to him. His information was stolen online as it was probably yours. Mine I know was as well. So it's all stolen. What do you do? While in his case, what ended up happening is they managed to get into his email account. [01:14:27] Once they're in his email account, they now had access to the emails he was getting from one of these companies. Now it wasn't the Uber eats guy. He was, there was another company. So let's just explain this a little bit. Uber eats sends him a request for him to go ahead and do a double. So, you know, go to the restaurant, pick it up and take it to this client's house. [01:14:54] And in order for him to register, he had to register an email address. Now, of course, he uses the same email address for everything, all of the. Now, personally, that drives me a little bit insane, but that's what he does. And he has just a few passwords. Now. He writes them down a little book and heaven forbid he ever lose the book so that he can remember them. [01:15:24] He just wants to keep his life simple. Right. He's 75. He's not technophobic, but you know, he's not up on all of this stuff. What he found was a paycheck didn't show. And it was an $800 paycheck. We're talking about real money that he should have had in his. It didn't show up. So he calls up the company and says what happened to my paycheck and their record show? [01:15:53] Yes, indeed. It had been paid. We paid you, we deposited right into your account. Just like you asked. Yeah. You know, ACH into the account. Great. Wonderful. What had happened is bad guys had gone, gained control of his email address and use that now. Because they figured, well, I see some emails in his account from this food delivery service, so, well, let's try and see if this email address that we're looking at right now. [01:16:26] All of his emails let's look and see. Okay. Yeah. Same. Email address and same password as a used ad at this email address. Yeah, it worked. Okay. Great. So now we have access to this guys food delivery account. So they changed. The bank account number now, easy enough to confirm, right. They change it and send you an email. [01:16:54] Hey, I want to make sure that it was you until the bad guys, the hackers click out, yada yada. Yeah, it was me and then delete the email. So he doesn't see it. And now his $800 paycheck. In fact, I think there were a couple of different checks is deposited directly into the bad guy's bank account and. The money of course is transferred out pretty quickly. [01:17:18] Now the, that guys, these hackers are using what are called mules. You might be familiar with that in the drug trade. They'll have a third party deliver the drugs just to mule. They don't know what all is going on. They probably know the delivering drugs in this case, most of the meals are useful idiots of which there are many in this country. [01:17:43] Unfortunate. Uh, political and otherwise. And these people are convinced that all they need to do is transfer the money into this account so that the hackers can then pull it out. And you know, now they're going to take care of their grandmother who is stuck in the hospital and they have no way to pay for it. [01:18:07] And they can't transfer the money out of the country during. That's one of the stories they use for people. And in many cases, these meals know what they're doing. The FBI earlier this year arrested a whole group of mules out in California that were purposefully transferring the money. They knew what they were doing. [01:18:28] So his money was now out of the country. No way to get it. And this food delivery company was not about to pay him. So it, isn't just the big guys it's you and me as well. So what I want to talk about right now is multi-factor authentication. Now. You guys are the best and brightest. I hope you understand this. [01:18:54] If you have questions, please reach out to me. I am more than

    How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?

    Play Episode Listen Later Oct 15, 2021 84:46

    How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man. [00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out. [00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. [00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the. [00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end. [00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user. [00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom. [00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack. [00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%. [00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the. [00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints. [00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right? [00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned. [00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things. [00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running. [00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software. [00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself. [00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock. [00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now. [00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news. [00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in. [00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys. [00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions. [00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out. [00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop. [00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with. [00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around. [00:11:25] We'll [00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message. [00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. [00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall. [00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from. [00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay. [00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know. [00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found. [00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years. [00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff. [00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine. [00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information. [00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay. [00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera. [00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network. [00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised. [00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about. [00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment. [00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured. [00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military. [00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with. [00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this. [00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around. [00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? [00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at. [00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush. [00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state. [00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%. [00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's Microsoft digital defense report, and they're highlighting the trends in the nation state threat cyber activity hybrid workforce security. Disinformation and your internet of things, operational technology and supply chain security. [00:23:35] In other words, the whole gambit before, before all of this, now the data is also showing that the Russian nation state attacks are increasingly effective, calming from about a 21% successful compromise rate last year to 32%. So basically 50% better this year at effectiveness there, Russians are also targeting more government agencies for intelligence gathering. [00:24:10] So that jumped from 3% of their victims last year to 53%. This. And the Russian nation state actors are primarily targeting guests who us, right? The United States, Ukraine and the United Kingdom. Now this is all according to the Microsoft data. So why has Russia been attacking us? Why is China been attacking us and why the change this. [00:24:38] Well, Russia has been attacking us primarily to rent some us it's a cash cow for them just like oil and gas. They are making crazy money. Now that president Biden has made us dependent on foreign oil supplies. It's just insanity and even dependent on. Gas coming from other places. Well guess where the number one source of gases now for Europe and oil it's Russia. [00:25:08] So we are no longer going to be selling to Europe. Russia is so they're going to be making a lot of money off of. But before then they were actually counted on ransomware to help fund the Russian federal government, as well as of course, these Russian oligarchs, these people who are incredibly rich that have a substantial influence on the government. [00:25:33] Don't if you're wondering who they might be, just think of people like, oh, I don't know. Bill gates and, uh, w who are on the, some of the other big guys, you know, Tim cook, uh, Amazon's Jeff bayzos Elon Musk, right? Those are by my definition and looking it up in the dictionary, they are all a. They get exemptions to laws. [00:25:58] They get laws passed that, protect them. In fact, most of regulations actually protect these big companies and hurt small companies. So I would call them oligarchs and that's the same sort of thing in Russia in Russia. Okay. They probably have a little bit more underhanded stuff than these guys here do, but that's what Russia has been. [00:26:21] China has been continually going after our national secrets, national defense, the largest database of DNA of Americans DNA, of course, is that unique key. If you will building block for all of us, that's what DNA is. And the largest database of all of that uniquely identifying information is in. China stole from the office of personnel management records of a federal employees, their secret clearance, all of their background check information who was spoken with, what did they have to say? [00:27:03] And on and on. So China has been interested in infiltrating our businesses that provide things to the military and the military themselves and the federal state, and even the local governments that's who they've been targeting. And that's why there's 8% number might seem small. Although, as I just mentioned this year, Russia moved, moved dramatically. [00:27:30] They used to be about 3% of their attacks or against the government agencies. And now it's 53%. So Russia. And China are going after our national secrets and they can use them in a cold war, which as I've said, I think the first shots of the third world war have been fired. And frankly, they're all cyber, it's all online and Russia. [00:27:57] Isn't the only nation state actor who's changing its approaches here as espionage is the most common goal amongst all nation state groups as of this year. Tivity of hackers reveals different motivations in Iran, which quadrupled its targeting of Israel. Surprise, surprise. Over the last year. And Iran has been launching destructive attacks, things that will destroy power, power plants, et cetera, and North Korea, which is targeting cryptocurrency companies for profit. [00:28:29] So they're stealing these various crypto coins again, funding their government. So it's, it's a problem. Absolute problem. Government sectors are some of the most targeted 48%. These NGOs non-government organizations that act kind of a quasi government functions and think tanks are 31%. Uh, and Microsoft, by the way, has been alerting customers of nation, state attack, attack attempts. [00:29:01] Guess how many this year that they had to warn about 20,500 times in the past three years. So that's a lot and Microsoft is not a company that's been out there at the front lines. It never has been it's in behind. So to have them come out and say, this is. And okay, by the way, your stolen username and password run for a buck per thousand, and it's only gonna take you hundreds of hours to get it all cleared up. [00:29:32] Isn't that nice spear fishing for a hire can cost a hundred to a thousand dollars per successful account takeover and denial of service attacks are cheap from protected sites, roughly $300. Per month. And if you want to be ransomware king, it's only going to cost you 66 bucks upfront 30% of the profit. [00:29:54] Okay. Craziness. Hey, visit me online. Sign up Craig, peter.com/subscribe. [00:30:03] I had an interesting mastermind meeting this week. There's six of us. We're all business owners and it opened my eyes pretty dramatically because one of the members got hacked, but that's not what I really want to emphasize. [00:30:20] This whole cybersecurity thing gets pretty complicated, pretty quickly. And a friend of mine who is in one of my mastermind groups had a real problem. And the here's here's what went on. We'll call him Walt for back of a letter, lack of a better name since that is his name. [00:30:40] And he doesn't mind me sharing this with you. Walt has a very small business that he and his wife run, and they have a couple of contractors that help out with some things, but his business is very reliant on advertising and primarily what he does is Facebook advertising. Now I've been talking for two years, I think in this mastermind group about cyber security and the fact that everyone needs good cyber security. [00:31:13] And he always just kind of pole hum to, uh, wow. You know, and it's just too complicated for me. I got to thinking for a, you know, a bit, really a few weeks, what does he mean to complicated? Cause there's some basic things you can do. So this week on Tuesday, I was on our mastermind groups meeting and I explained, okay, so here's what happened to Walt. [00:31:42] He had $40,000 stolen, which by the way, it's a lot of money for a teeny tiny husband wife company. And. Uh, well, here's what we did. He, we helped them. We got the FBI involved and, you know, with our direct ties, cause we work with them on certain types of cases and he got back every dime, which is just totally unheard of. [00:32:06] But um, without going into all of the details there, I spent a problem. 1520 minutes with the whole group and the mastermind explaining the basics of cyber security. And that really kind of woke me up, frankly, because of their responses. Now these are all small business owners and so they're making pretty decent money. [00:32:31] In fact, every one of them and they all have some contractors and some employees all except for Walt and his wife, they had just have contractors and. I had two completely different responses from two members of this group that no. Let me tell you this was really eye opening for me. And this is why you might've heard me in the first segment talking about this, but this is why I have really changed my view of this stuff, this cybersecurity stuff, because I explained. [00:33:08] If you're using things like Norton antivirus or McAfee, antivirus, or really any of them, even the built-in Microsoft defender this year, those standard antivirus system. I have only been able to catch about 30% of the malware out there, 30%, you know, that's like having a house and you've got a security guard posted out front. [00:33:39] He's armed, he's ready to fight. And yet all of your windows are open and all of your doors are unlocked. And all someone has to do is crawl in the side window because that guy that's posted up front, he's not going to be able to stop. So 30% effectiveness. And of course, Walt had all of the basic stuff. [00:33:59] He thought he was good enough. It's not worth spending time or money doing any of this. And of course it turned out to be well worth the time and money if he had done it. But he has a friend who has contacts and, and made things happen for him. So I guess he's kind of, kind of lucky in that regard, but I explained that and I said, do you know the, the way you. [00:34:21] To go. If you're a small business, it's about $997 a month for a small business, with a handful of employees to get the type of security you really need. There's going to catch. 90 something 98%. Maybe if, if things go well of the stuff going on, in other words, you don't just have an armed guard at the front door. [00:34:46] You've got all the windows closed and blocked and the doors closed and locked as well. So yeah, somebody can still get in, but they got to really want to get in and risk getting caught. So that's kind of the analogy that I used now. One of the members of my. Of my mastermind thought, well, okay. Cause you're just being Frank with me. [00:35:09] Right? We're all friends. She said, well, initially I thought, oh Craig, I'm going to have to have you help out with stuff here. Cause my, you know, I'm concerned about my security. I make some good money. Uh, she's the one that has employee. She has a million dollar plus a year business and she wants to keep it safe. [00:35:26] But then she. Uh, you know, but, but you know, you were talking about all of this Norton and stuff and that it doesn't work. So I, I just, I don't have any hope. And that's when the another member jumped in and this other member said, well, Uh, oh, that's not what I got at all. I got the, the normal off the shelf stuff that you buy that you're going to get from Amazon, or you're going to get from PC connection or wherever that stuff is not going to work, but there is stuff that does, but it's only professional stuff. [00:36:02] You can only get it from professionals that are trained in certified. Which is the right message. Right. That was the message I was trying to relay. Yeah. Don't try and do it yourself because you can't even get the right tools that you need. That is frankly a problem. So that really got me to think. In, in a very big way, because here are two people that have heard me talk about cybersecurity and their eyes probably glazed over, but now their eyes, I know at least one of these ladies definitely glazed over. [00:36:36] So I've come to the realization that sometimes I. A little too deep into things. And although I can explain it quite well to many people, sometimes people glaze over and I get emails from you guys saying kind of the same thing. I really appreciate it. I don't understand a lot of what you're saying, Craig, but thanks for being there. [00:36:59] Listen to you every week here on the radio. Uh, then that's good. That's reassuring, but now I've come to realize a few things. One is. The I've got to be a lot clearer in my messaging, because even when talking to my friends, it is a little bit overwhelming for them sometimes. Right. And then the next thing is everybody needs help because you're being lied to. [00:37:29] Right. How are people getting ransomware? If the stuff that they're buying work. Maybe it's just me, but I think there's a disconnect there. So a lot of you guys have gone out and you've hired people and I want to spend just a few minutes right now, going through some red flags that you need to be looking out for in vendor security assessment. [00:37:56] Now I'm putting one together. As well, right yet another one. Uh, and what I'm trying to do is help you out, right? This is not as sales tool. It is trying to help you figure out where you're at. I'm putting together a webinar that I'm going to be holding these what I'm calling bootcamps, where I go through and show you exactly how to do the basic steps that you need to do in order to be safe on. [00:38:25] Okay. If an online, all that means is your, is plugged in, right. Okay. It doesn't mean you're going out and doing a lot of stuff out there on the internet just means it's connected. So those are going to be coming out. I will send an email out as soon as all of that. Stuff's ready. Cause. Absolutely free. And these assessments, I have the basic one that you can do yourself. [00:38:47] It's a self-assessment. And then I have the more advanced ones that I do that are five grand. Okay. So you've got to be a decent sized business for this to make sense where we look for all of the security problem. On all of your computers and your networks, and then give you a list of things you need to do and how to do them. [00:39:10] Okay. So it's well worth it for them, but if you're a very small company and you're trying to do some of this yourself, I want to help you. So that's what these boot camps are going to be all over. And also what the scorecard is going to be all about. So that's coming up, but here are some good red flags and an assessment. [00:39:30] I found this again on dark reading. This is kind of an insider website for those of us in the cybersecurity business, but, um, How can you verify the information that vendors are giving you about their own cybersecurity posture? We've heard in the news and I've talked about them all year, this year, and for years past. [00:39:56] That are we're vendors can be our worst nightmare because some of these hacks come in through our vendors. So you've got yourself, a cybersecurity company. How do you know if they are really telling you the truth? And man, is that hard for you to know? Right. You're going to ask him questions and the salesmen are going to say, oh yeah, yeah, yeah. [00:40:21] That's why we don't have salesmen. Right. We have engineers. You talk to me, you might talk to my son or my daughter, people who have been doing this with me, who I have trained and helped out. So this guy who wrote the article and there's this on attributed, I don't see an attribution on here on this page. [00:40:41] I definitely want to give him, probably I heard is John Babinec wrote this thing and he is a principle threat hunters. What he calls himself over at net and rich. So he says, here's what you got to do. And if you're trying to be cost-effective, he puts it in. What I call an ed month clause. And one of these days I'll tell you that story, but he calls it a validity check question so that an honest vendor would tell you, no, they don't do X and give you a good reason why they don't like it's not cost effective. [00:41:17] It's outside of a reasonable risk model. Does that make sense to you? So when you're trying to evaluate a vendor, who's going to be doing your cyber security put in one of these validity checks put in one of these questions. It doesn't really matter to you, but it's something that would be very hard for one of these cybersecurity companies to do. [00:41:42] And maybe it doesn't fit the risk model that you have. I think it's just absolutely brilliant. Probably one of the better ways when you're trying to evaluate an MSSP as cybersecurity managed or otherwise provider stick in something like that. So you have a red flag that just stands out for you. All right. [00:42:04] Make sure you are registered online. Craig Peter sohn.com/subscribe. So you can find out about all of these trainings coming up. [00:42:17] If you've never heard of the Carrington event, I really hope, frankly, I really, really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the Sun. [00:42:34] Solar storms are something that happens really kind of all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle. [00:42:59] You see what happens is that the sun charges, the atmosphere. You see that if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and kind of getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. [00:43:24] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the battle. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago. [00:43:47] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are. [00:44:20] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change. [00:44:49] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth, long, long. [00:45:15] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. If there's other things too, for instance, eruption can spew all to hold a lot of carbon dioxide. [00:45:40] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, uh, you know, come on, people. Really, and now we're seeing that in, uh, this last year we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls. [00:46:12] Uh, we also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020. [00:46:34] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Well, something called a coronal mass ejection. This is seriously charged particles. That tend to be very, very directional. So when, when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere. [00:47:02] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very, very close shave that we had most newspapers didn't mention it, but this could have been. [00:47:33] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these, these solar flares, if you will, are very, very extreme, they CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere. [00:48:02] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this call back, uh, hit with an E and yeah, here we go. And March 13th, 1989. [00:48:33] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is, uh, looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes. [00:48:57] Of this solar storm. Now they, these storms that I said are quite directional, depending on where it hits and when it hits things can get very, very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cue. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the equals. [00:49:35] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this, this 11 year cycle and possibly another bigger cycle too, that we don't really know much about. [00:50:07] But when this hit us back in the 1850s, what we saw was a, uh, a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that. [00:50:34] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here, knocked out Quebec, uh, electric. Nine hour blackout on Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale. [00:51:13] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that that would be just terrible and we would also lose internet connectivity. [00:51:39] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. [00:52:07] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass. [00:52:32] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. [00:52:59] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared, everything. Of course, you're listening to Craig Peterson, cybersecurity strategist. [00:53:28] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes. [00:53:39] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go. [00:53:55] Google's web browser. Right? It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people kind of leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really, really bad and they have finally completely and totally shot it in the head. [00:54:29] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded. [00:54:52] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome. [00:55:22] Is they released it so they could track you, how does Google make its money? Well, it makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is kind of a standard browser, which is a great. [00:55:43] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. Well, there is what is being called here in Forbes magazine, a shocking new tracking admission from. [00:56:05] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. [00:56:31] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use. The reality is the Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your. [00:57:09] Well, that's not true with Chrome. In fact, it's not protecting you from tracking and Dave up data harvesting. And what Google has done is they've said, okay, well, we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically. [00:57:34] You they'd be able to put you in a bucket. So they'd say, okay, well you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you like dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you. [00:58:04] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. Well, it's the same thing. Right. And in fact, it's easier for Google to put you in a bucket then to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. [00:58:28] It's easier for them to not have to kind of reverse engineer all of the data the Google has gathered in instead of. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding. [00:58:54] It's really what's going on out there. Uh, they are trying to figure out what they should do, why they should do it, how they should do it, but it's, it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time. [00:59:16] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, right. Nobody agrees on everything. Here's a quote from them. [00:59:38] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Uh, Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being. [01:00:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No, no. The answer is 100% of what you do is probably being tracked in some way online. [01:00:41] Even these VPN servers and systems that say that they don't do log. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking, uh, guess what they handed over the IP addresses of some of the users to a foreign government. [01:01:10] So how can you do that? If you're not logging, if you're not tracking. Yeah, right. They are. And the same thing is true for every paid VPN service I can think of. Right. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy and. [01:01:38] Their flagship browser is totally into it. Right? Well, it's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, you know, the buckets that I mentioned, isn't realistic, frankly. Uh, Google's privacy sandbox is supposed to Fitbit fix it. [01:02:00] I should say. The, the whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google's not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others. [01:02:27] I do use Firefox and I use. Which is a fast web browser, that some pretty good shape. Hey, if you sign up for my show's weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using. [01:02:52] Sign up right now. Craig peterson.com. [01:02:57] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers again. [01:03:14] The reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering. [01:03:23] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time. [01:03:51] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are. [01:04:17] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or a windows or tablet, whatever, and you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files. [01:04:47] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that. Not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can, we can document that pretty easily, even in things like Microsoft. [01:05:18] Well, the verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you, uh, yeah. I'm I'm I might've misspoken. Right. Uh, let me see, what does it say? It says, um, users of Azure cloud competing service. [01:05:48] So that's their cloud. Microsoft's big cloud. Okay. Um, their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that sort of exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customers data. [01:06:24] Completely exposed. Okay guys. So this, this, this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, right. Nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB. [01:06:59] Okay. Well, I'm actually familiar with that one and let's see what small companies let's see here. Um, some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Hmm. Let me see. Could any of these people like maybe, maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, right. [01:07:26] About our health and social security numbers and account numbers and credit cards. Names addresses. Right, right. That's again, why I got so upset when these places absolutely insist on taking my social security number, right? It, it, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security. [01:07:53] And the law even said it could not be used for anything other than social security. And then the government started expanding it. Right. And the IRS started using it. To track all of our income and you know, that's one thing right there, the government computers, they gotta be secure. Right. All of these breaches we hear about that. [01:08:12] Can't be true. Uh, so how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead. [01:08:36] That's being used to track me. Is it this isn't a socialist country like China is, or the Soviet union was right. It's not socially. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information? [01:09:00] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, I guess. You missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private. [01:09:35] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? [01:09:54] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database, uh, 3,300 customers looks like some of them are actually kind of big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that that might be yeah, yeah, yeah, yeah. [01:10:22] Y. Why are we trusting these companies? You know it, if you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also, if, if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. [01:10:52] Does that make sense too? Did I say that right? You don't need the information and, and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers. [01:11:16] And maybe, maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Um, yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through, uh, this database hack or a vulnerability anyways. [01:11:47] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time, uh, consumers are the people I help the most, you know, I wish I got a dime for every time I answered a question. [01:12:09] Just email me@craigpeterson.com me@craigpeterson.com and stick around. [01:12:18] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. Uh, there are some other parts of the world that are doing a lot more. [01:12:34] Australia has, I don't know. I think that they went over the deep end. The much, the same thing is true right next door to them. [01:12:45] And I am looking at a report of what they are doing with this new app. Uh, you might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. Uh, it wasn't terribly successful. Some states put some things in place. [01:13:13] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? So, you know, good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown. [01:13:39] They have COVID quarantine orders. Now I think if you are sick, you should stay on. I've always felt that I, you know, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home. [01:14:04] You don't want to get everybody else in the office, sick and spread things around. Right. Doesn't that just kind of make sense. Well, they now in Australia, don't trust people to stay home, to get moving. Remember China, they were, they were taking welders and we're going into apartments in anybody that tested positive. [01:14:22] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada. [01:14:47] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the course now inflated prices for the hotel, because they're a special quarantine hotel. [01:15:14] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you know, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you and. They have pretty hefty find. [01:15:36] Well, what Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location. [01:16:15] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check. [01:16:43] Very very intrusive. Okay. Here's another one. This is a, an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic. [01:17:10] So there you go. People nothing to worry about. It's just a trial. Uh, it will go away. Uh, just like, uh, for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. Right. And we all know that world war one isn't over yet. [01:17:34] Right. So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has, uh, China and Russia have some interesting things going on. [01:17:55] First of all, Russia is no longer saw. Country, they kind of are. They kind of aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics. [01:18:23] Not so much on history, not so much on, on politics. Right. But definitely heavy on the, on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. Well, according to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays. [01:1

    What Happened With Facebook's Outage? When Will It Happen Again?

    Play Episode Listen Later Oct 5, 2021 9:08

    What Happened With Facebook's Outage? When Will It Happen Again? Facebook had a huge outage all of its properties. So why did it happen? How did it happen? And what's going to happen in the future? The frankly, some of this technology just isn't that stable. And I'm going to explain why right now! [Automated transcript follows] [00:00:20] I've already talked about it a little bit this morning on the show, but Facebook was. Facebook was down a lot. Facebook too was down a long time. And Mr. Zuckerberg has now lost about $7 billion because of how long it was down. And Craig Peterson joins us now to talk a little bit about exactly what happened, why it matters, what it means and so much more. [00:00:39] Craig, how are you this morning? [00:00:41] Hey, good morning. Doing well. [00:00:42] Thanks. Good to have you as always. So tell me first. What actually happened yesterday. I read that the explanation from Facebook seems like not a big deal as just a configuration problem, a little unexpected issue. They're not sure exactly what happened or looking into it. [00:00:57] It's not a big deal though. Continue on with your day. What's the reality, what actually happened. [00:01:01] Yeah, nothing to see here. You look at the number of companies and the companies Facebook has bought over the years, basically since 2005, they've spent $410 billion on all these companies named some names. [00:01:17] You might actually recognize you remember Friendster? [00:01:20] I do remember friends. Yes. That was a little, that's a little bit back there, but yeah. [00:01:25] That was about 10 years ago, they paid $40 million for that. But of course, Facebook has moved on from that and owned all kinds of companies. Right now. [00:01:35] It's got Instagram, WhatsApp, by the way they paid 19 billion is what it's wiping sorts out Oculus live rail and many [00:01:45] others basically. That's when Ben one of the main complaints events. Supposedly being a monopoly is that they've been gobbling up their competition and other things that maybe even weren't competition, but things they could just add to the big beast and have it consolidated at all under Facebook's banner. [00:02:02] Yeah. So the problem that tech guys have is this scale, massive scale. So on top of all of that, they have they claimed to have almost half the people. Earth go logging on to Facebook. So how do you deal with numbers like these and gets very difficult. And what appears to have happened is they're using a tool. [00:02:26] There's a few that we use. And in fact, we'd had a similar problem yesterday with my company's networks, where w here's what happened? Here's the basics, right? You heard it was a DNS problem. Some people have said that. That's not the real problem. The real problem lies underneath that. And it's something that we have to deal with because we're working with multiple companies that have multiple network connections, and that's where it comes from the multiple network connections. [00:02:56] So on the internet, what happens if you're going to go to Facebook, you're typing in facebook.com that has to be turned into an internet address. And to do that, you use DNS. But how bout beneath that basically the street directory who has main street in downtown Portsmouth. For instance, if you want to get there, there's another protocol that's used beneath DNS, and this protocol is used to actually map the, these addresses, these internet numbers. [00:03:32] So that was the problem yesterday. And I checked it online myself with a site that we use to monitor all of this type of ad dressing. And what turned out had happened is Facebook stopped advertising where it addresses. If you tried to look up Facebook, you couldn't find it. And you got a DNS error because the DNS servers addresses were unknown. [00:03:57] You knew the address, but you didn't know how to get to that address on the. And Facebook has become so big. They're using automated tools in order to push the configurations to all of these, what are called BGP servers. So what probably happened yesterday in reading some things on Reddit and other places where there are some people who claim to be working for Facebook, what probably happened. [00:04:26] Somebody forgot to put the peer configurations into their BGP routing tables, pushed it out to all of their BGP routers worldwide. Now I've got to say on the outage that lasted six or eight hours with a problem. This is amazing because now you have to worry about the cold start of the whole. Some kind of like Texas, another four minutes, they would have been without power in some areas for months, [00:04:57] we were referring to it. [00:04:58] I'm thinking of a cold start your side. It sounds like you're starting a car. It's too cold outside and the car just doesn't have enough juice in the battery. So it's a, is that basically what happened? [00:05:06] Yeah. Yeah. What happened is you couldn't get to anything. Facebook probably could not get to its own routers to update the configuration. [00:05:14] Similarly took so long then is that they really were having a difficult time even gaining access to the thing that would be necessary to fix it. [00:05:20] Exactly. And there were a lot of people, myself included that were thinking man, it's going to be days because the cold start also has problems with like caches. [00:05:31] For instance, you go to a page. There's pictures, there's videos, there's texts while all of that information gets stored in a cache. So it doesn't have to be generated every time somebody sees something. So there would be cold Cassius out there that would need to be updated. It's a nightmare. This was a nightmare scenario for them and was probably caused by letting some junior guy. [00:05:55] We'll make some changes through their BGP table. [00:05:59] That is remarkable. We're talking with Craig Peterson, our tech guru. He joins us on Wednesdays typically to go over the world of technology. And of course we'll do that tomorrow as well, but we wanted to have him join us to talk a little bit about Facebook before I let you go. [00:06:11] Craig. I The implications of this, I think are massive. I take to consider, even if you don't care about Facebook, if you don't use it, it's not part of your life. Obviously it is such a big part of not just American life, but this is a worldwide issue, right? I It is used by billions and billions of people and this kind of an outage lasting this long is not only unprecedented, but really important in terms of having good Lord. [00:06:34] If you're a, if you're a Facebook. I was talking about that a little bit earlier this morning. If you had Facebook stock, how do you feel today? I know mark Zuckerberg doesn't feel great. That's why he lost $7 million of value yesterday. How does this affect at Facebook, the company going forward here, this, and when you combine this with the whole whistleblower thing, it's not exactly been a good week. [00:06:51] Yeah, not at all. This problem frankly, comes from the early days or earlier days of the internet. I was on the internet back in the early 1980s and helping to develop the protocols. And back then, we were not worried that. That's type of massive scale. We were not worried about hackers, really getting in. [00:07:13] Cause it was a great community. I'm most of us knew each other and we used to joke around and have a lot of fun. These protocols were not designed for the types of problems we're seeing today. So until these problems are solved, not by Facebook, but by the internet community as a whole, these types of things can happen again. [00:07:37] So Facebook, it could go down again because frankly we have seen times where for instance, traffic from the Washington DC area was all routed through Moscow. So you would send data from the white house and I'm know to someone in the building, across the street. And it was referred through mosque gal who knows what the Russians are doing with all of that data, but we just don't have the safeguards in place that would support, frankly, the way we are using the internet today. [00:08:12] Facebook could face this problem. Again, we're talking about fiber as much as I've seen numbers, $500 million an hour in lost revenue from Facebook, but it could happen to anyone. And I'm sure there will be a lot of work here. Others, people sharpening pencils, and finally getting in line on how do we actually do. [00:08:33] The stop work at huge scale. Huge. We're talking now hundreds of billions, probably trillions of devices connected to the internet by 2025. [00:08:46] They're actually sharpening pencils. Craig, you think anybody uses pencils anymore? I begged to do. Not a technology companies. Craig Peterson, we appreciate it as always. [00:08:55] Of course you hear them on Saturdays as well on WGAN and we'll hear his voice tomorrow, joining us for the more traditional tech topics, other things besides Facebook to chat about, obviously, but we appreciate him joining this morning. Thanks a lot, Greg. And we'll talk to you tomorrow. [00:09:07] Take care.

    Could Using the Right Multi-Factor Authentication Save You?

    Play Episode Listen Later Oct 3, 2021 83:13

    Could Using the Right Multi-Factor Authentication Save You? I had a good friend who, this week, had his life's work stolen from him. Yeah. And you know what caused it? It was his password. Now, you know what you're supposed to be doing? I'm going to tell you exactly what to do right now. Let's get right down to the whole problem with passwords. I'm going to tell you a little bit about my friend this week. He has been building a business for. Maybe going on 10 years now, and this business relies on advertising. Most companies do so in some way; we need to have new customers. There's always some attrition. Some customers go away. So how do we keep them? We do what we can. How do we get new customers? For him, it was. Advertising, primarily on Facebook. He did some Google ads as well, but Facebook is really where he was focused. So how did he do all of that? Here's the bottom line you have to, if you are going to be advertising on Facebook, you have to have an advertising account. The same thing's true. Google. And then, on that account, you tie in either your bank account or your credit card. I recommend a credit card so that those transactions can be backed up. And on top of all of that now, of course, you have to use a pixel. So the way the tracking works is there are pixels on websites, about those already. And the bottom line with the pixels. Those are also. Cookies are about the pixels are used to set a cookie so that Facebook knows what sites you've gone to. So he uses those. I use those. In fact, if you go to my website, I have a Facebook pixel that gets set. And the reason for all of that is so that we know with. I'd be interested in something on the site. So I know that there are many people interested in this page or that page. And so I could, I have not ever, but I could now do some advertising. I could send ads to you so that if you were looking at something particular, you'd see ads related to that, which I've always said. It is the right way to go. If I'm looking to buy a pickup truck, I love to see ads for different pickup trucks, but if I don't want a car or truck, I don't want to see the ads. It isn't like TV where it sometimes seems every other ad is about. Car or a pickup truck. It drives me crazy because it's a waste of their money in advertising to me. After all, I don't want those things. And it's also not only just annoying in money-wasting. There are better ways to do targeting. And that's what the whole online thing is. Anyways, I told you about that because he had set up this pixel years ago. Basically, the Facebook pixel gets to know you. All of the people who like you that might've bought from you. Cause you can have that pixel track people through your site, your purchase site, they know what you purchase on the shopping cart, et cetera. And you can identify these people over on Facebook and their ads because they abandoned the cart or whatever it is you want to do there. So there's just a whole ton of stuff that you can do for these people. And it's so bad. It is so valuable. It takes years to build up that account. Years to put that pixel in place. And our friend here, he had done precisely that. Then he found that his account had been compromised. And that is a terrible thing in this case because the bad guy used his account to place ads. So now there are really two or three problems here. We'll talk about one of them. Why was the bad guy going after him? He has been running ads on Facebook for a long time. So as far as Facebook is concerned, his account is credible. All of the ads he runs don't have to be reviewed by a human being. They can go up almost immediately. He doesn't have to wait days for some of these things to go up. So our bad guy can get an account like his that has years' worth of advertising credibility and now start advertising things that are not correct. So there again is part of the value of having one of these older accounts for advertising. And so the bad guy did that use his credibility. And then secondly, he used 25 grand worth of my friend's money to run ads. Also, of course, very bad, very bad. So I sat down with him. In fact, it was this last week, and I was out on a trip with just a vacation trip. It was absolutely fantastic. I never just do vacation. It's always business plus work whenever I do anything like this, but I was on a trip last week. And so my eldest son who works closely with me, and he's also part of the FBI InfraGard program. So I had him reach out to my friend, and he helped them out, and they talked back and forth. So here's the problem that he has. And I'm trying to figure out a perfect way to solve this. And I haven't figured that out yet. And if you guys have an idea because you are the best and brightest, you really are. So go ahead and drop me an email at me@craigpeterson.com if a good way around this particular problem, which is he has. This Facebook could count and many other accounts, including his website, hosting account, email account, et cetera. And. He has people who manage his ads for him. Who operates his website for him, who put up some promotions, advertising, and everything else. So these are third-party. This is what we generically call a supply chain, risk people who are not him have access to his stuff, his private property. And how does he do it, or how did he do it? Is he went ahead and gave them. Access by giving them accounts or passwords. How well were they guarding their passwords and their accounts? So the first thing I had my friend do was going to haveIbeenpwned.com. I had him put in his email address, the one he uses the most, and it showed up in five different. Hacks data dumps. So these are five various sites where he had used that same email address in this case. And he found out that in those five cases, the bad guy's got his passwords and personal information. All bad. And he went ahead and cleaned it up. So I said put in the password because have I been, pwned also let you check your password, just see if it has been used by someone else and then stolen. So there are billions of passwords in this database. It's incredible of all of these known passwords. So he put in his password, and no, it had not been stolen, but the problem is how about the people that were managing his ads on Facebook and managing his Facebook ad. We're the usernames, which are typically the email addresses and the passwords kept securely. That's a supply chain thing I'm talking about, and that's where I'd love to get him. But from you guys, me@craigpeterson.com. If you think you have a good answer, What we've been doing. And our advice to him was use one password. That's the only one to use. I don't trust last pass anymore. After their last big hack where they got hacked one password, the digit one password. And go ahead. And set it up. And in a business scenario, you can have multiple vaults. So have a vault. That's just for people that are dealing with your Facebook ad account, maybe have another vault for people who are posting for you on Facebook. Or better yet when it comes to Facebook, go ahead and have an intermediary that is trusted the, if this, then that, or there's a few of them out there that can see that you put the post up on the website and automatically posted on Facebook. So you don't have to get. All of these people, your passwords, but again, it's up to you. You got to figure out if that makes sense to you that those are the types of things that I think you can do. And that is what we do as well. Now, one of the beauties of using one password like that, where you're not sharing all of your passwords to everything you're sharing, the minimum amount of login information that you possibly can share is that if they leave your employees, All you have to do is remove their access to the appropriate vault or vaults, or maybe all of your vaults. And this is what I've done with people that worked for me in the US and people would work for me overseas, and there have been a lot of them and it has worked quite well for me. So with one pass, We can enforce password integrity. We can make sure the passwords on stolen. One password ties automatically into have I been postponed. If a password has been exposed, if it's been stolen online, it's a great way to go. Now I've got an offer for you guys who are listening. I have a special report that I've sold before on passwords, and it goes through talks about one password. He talks about the last pass, which I'm no longer really recommending, but give some comparisons and how you can use these things. Make sure you go and email me right now. Me, Me@craigpeterson.com. That's ME at Craig Peterson dot com and just ask me for the password special report, and I'll be glad to get that on-off to you. There is a lot of good detail in there and helps you, whether you're a home user or a business. So the next step in your security is multi-factor authentication. Interesting study out saying that about 75% of people say that they've used it for work or for business, but the hard numbers, I don't think they agree One of the things that you have to do is use good passwords. And the best way to do that is to use a password manager. I was talking about a friend of mine who had been hacked this last week and his account was hacked. His Facebook ad account was hacked. We asked him if we could reach out to. BI and he said, sure. So we checked with the FBI and they're looking to turn this into a case, a real case, because they've never seen this type of thing, the hijacking of an advertising account who hijacked it. And why did they hide jacket? Was this in preparation maybe for. Playing around with manipulating our next election cycle coming up. There could be a lot of things that they're planning on doing and taking over my friend's account would be a great way to have done it. So maybe they're going to do other things here. And our friends at the FBI are looking into it. How now do you also keep your data safe? Easily simply. When we're talking about these types of accounts, the thing to look at is known as two factor authentication or multifactor authentication. You see my friend, if he had been using multi-factor authentication. I would not have been vulnerable. Even if the bad guys had his username, email address and his password, they still would not be able to log in without having that little six-digit code. That's the best way to do multi-factor authentication. When we're talking about this code, whether it's four or 5, 6, 8 digits long, we should not be using our cell phones to receive those. At least not as text messages, those have a problem because our phone numbers can be stolen from us and they are stolen from us. So if we're a real target, in other words, they're going after you. Joe Smith and they know you have some, $2 million in your account. So they're going after you while they can, in most cases, take control of your phone. Now you might not know it and it doesn't have to be hacked. All they have to do is have the phone company move your phone number to a new phone. Once. So that means one of the things you need to do is contact your telephone vendor, whoever it is, who's providing new that service. That's a company like Verizon sprint T-Mobile a T and Tone of those companies that are giving you cell service, you have to contact them and set up a pass. So that if they have a phone call coming in and that phone call can be faked. So it looks like it's coming from your phone, even if there was a phone call coming in, whether it's coming from your phone or not, they have to get that password or passcode that you gave them. And once they have that passcode now, and that's great, but if you don't have that in there targeting you specifically, then you're in trouble. So for many of us really it may not make a huge difference. But I would do it anyways. I have done it with every one of my cell phone carriers now. A couple of decades set up a password. So the next step is this multifactor authentication. If I'm not supposed to get it via text message to my phone, how do I get it? There are a couple of apps out there. There's a free one called Google authentic. And Google authenticator runs on your phone. And once it's there on your phone and you are setting it up on a website, so Facebook, for instance, your bank, most websites out there, the bigger ones, all you have to do is say, I want to set up multi-factor authentication, and then it'll ask you a case. So how do you want to do it? And you can say, I want an app and they will display. A Q R code. That's one of those square codes with a bunch of little lines inside of it. You're seeing QR codes before they become very common. And you take your phone with the Google authenticator app. Take a picture. Of that little QR code on the screen, and now it will start sinking up so that every 30 seconds Google authenticator on your phone will change that number. So when you need to log back into that website, it's going to ask you for the code. You just pull up Google authenticator and there's the code. So that's the freeway to do it. And not necessarily the easiest way to. Again, going back to one password. I use this thing exclusively. It is phenomenal for keeping my passwords, keeping them all straight and then encrypted vault, actually in multiple encrypted vault it's so that I can share some of them. Some of them are just strictly private, but it also has that same authenticator functionality built right into it. Microsoft has its own authenticator, but you can tell Microsoft that you want to use the standard authenticator. Of course, Microsoft has to do everything differently. But you can tell it. And I do tell it, I want to use a regular authenticator app, not Microsoft authenticator. By the way. That's why I advise you to don't use the Microsoft authenticator, just use one authenticator for all of the sites, and then Microsoft will give you that same QR code. And then you can take that picture and you're off and running. Next time you log in, it asks you for the code and instead of texting it to you to your phone smarter, otherwise it will not. That require you to open up your authenticator. So for me, for instance, when I'm logging into a website, it comes up and asks for the username, asked for the password. Both of those are filled out automatically by one password for me. And then it asks for that code identification code and. One password automatically puts it into my pace to buffer copy-paste, buffer, and I just paste it in and they've got the code. So I don't have to remember the codes. I don't remember passwords. I don't have to remember usernames or email addresses. One password remembers them all for me. Plus it'll remember notes and other things. So you can tell, I really one password. We use it with all of our clients. That's what we have for them. And it does meet even a lot of these DOD requirement on top of. Depending again, how much security you need. We will use duo D U O and it also has this authenticator functionality and we will also use UBI keys. These are those hardware key. They do oh, can provide you with hardware tokens. Those are those little tokens that can go onto your key ring. That show a changing six-digit number every 30 seconds. And that's the same number that would be there in your smartphone app. Your one password or Google authenticator smartphone. Hopefully, I didn't confuse you too much. I think most of the reason we're not using the security we should is because we're not sure how to, and we don't know what we're going to be. And I can see that being a big problem. So if you have questions about any of this, if you would like a copy of my password security, special report, just send an email to me. M e@craigpeterson.com. That's me M e@craigpeterson.com. That's S O N.com. I'll be glad to send it to you. Also, if you sign up for my newsletter there on my website@craigpeterson.com, you are going to get. I was hold little series of the special reports to help you out, get you going. And then every week I send out a little bit of training and all of my articles for the week. It's usually six to 10 articles that I consider to be important so that, what's going on in the cybersecurity world. So you can. With it for yourself, for your family, for your business. Craig peterson.com. According to researchers. 32% of teen girls said that when they felt bad about their bodies, Instagram made them feel worse. And you know what Facebook knew and knows Instagram is toxic for teen girls. There's a great article that came out in the Wall Street Journal. And I'm going to read just a little bit here from some of the quotes first. When I went on Instagram, all I saw were images of chiseled bodies, perfect. Abs and women doing 100 burpees in 10 minutes, said, Ms.  Now 18, who lives in Western Virginia. Amazing. Isn't it. The one that I opened now with 32% of teen girls said that when they felt bad about their bodies, Instagram, I made them feel worse. So that is studies again, that looks like yeah, these were researchers inside Instagram and they said this in a March, 2020 slide presentation that was posted to Facebook's internal message board that was reviewed by the wall street journal quote comparisons on Instagram can change how young women view and describe themselves. Apparently, for the past three years, Facebook has been conducting studies into how Instagram is affecting its millions of young users. Now, for those of you who don't know what Instagram is, it allows these users to create little stories, to have. Pictures videos of things that they're doing, and it's a lifestyle type thing you might've heard, of course, of how this I don't know what it is. Kidnapping murder plot. These, this young couple and the body I think was found up in Wyoming. I'm trying to remember, but of her and it's yeah, there it is. It wasn't my OMI. And I'm looking up right now, Gabby potato. That's who it is. She was what they called a micro influence. And I know a lot of people who can loom, that's what they want to be. There's a young lady that stayed with us for a few months. She had no other place to live. And so we invited her in here and we got some interesting stories to tell about that experience. And it's, a little sad, but anyhow, she got back up on her feet and then she decided she was going to become an influence. And what an influencer is someone that has a lot of followers. And of course, a lot means different numbers. You get these massive influencers that have tens of millions of people that quote, follow unquote them. And of course, just think of the Kardashians they're famous for. Being famous, nothing else. They have subsequently done some pretty amazing things. At least a few of them have. We've got one of those daughters who now was the first earliest billionaire. I think it was ever youngest. So they have accomplished some amazing things after the fact, but they got started. By just becoming famous by posting on these social media sites. So you get a micro-influencer, like Gabby Petito, who is out there posting things and pictures. And you look at all of these pictures and, oh my gosh, they're up at this national park. Oh, isn't she so cute. I'll look at her boyfriend. They'll look so good together and people. Fall for that image, right? It's just like Photoshopping these pictures of models, changing them. There've been some real complaints about those over the years. So Instagram sets these kids up with these pictures of people that are just totally unrealistic. One of the slides from a 2019 presentation says, quote, we make body. Excuse me. We make body image issues worse for one in three teenage girls teams, blame Instagram for increases in the rate of anxiety. And depression said another slide. This reaction was unprompted and consistent across. Groups among teens is this according to the wall street journal who reported suicidal thoughts, 13% of British users, and 6% of American users trace the desire to kill themselves to Instagram. Again, according to one of these presentations, isn't this just absolutely amazing. And you might've heard it discussed a little bit. I saw some articles about it, obviously in the news wall street journal had it, but this is a $100 billion company, Instagram. That's what their annual revenues. More than 40% of Instagram users are 22 years old and younger. And about 22 million teens log into Instagram in the US each day, compared with 5 million that log into Facebook, the younger users have been declining. Facebook it's getting the population there is getting older and older on Facebook. In average teens in the us spend 50% more time on Instagram than they do on Facebook. And also tick-tock, by the way I took talk has now surpassed YouTube in some of these metrics. Quote, Instagram is well-positioned to resonate and win with young people said a researcher's slide posted internally. Inside Facebook. Another post said there is a path to growth. If Instagram can continue their trajectory. Amazing. So Facebook's public phase has really tried to downplay all of these negative effects that the Instagram app has on teens, particularly girls, and hasn't made its research public or available to academics or lawmakers who have asked for it. Quote, the research that we've seen is that using social apps to connect with other people. Positive mental health benefits said Mark Zuckerberg. He's the CEO of course of Facebook. Now this was 2020. In March one at a congressional hearing, he was asked about children and mental health. So you see how he really lawyered the words that they can have positive mental health benefits, but Facebook's own internal research seems to show that they know it has a profound negative effect on a large percentage of their users. Instagram had Adam Moseri told reporters in may of this year, that research he had seen suggest the app's effect on team's wellbeing is likely quote quite small. So what the wall street journal seems to be pointing out here is that Facebook is not giving us the truth on any of this stuff. It's really sad. We've got to be careful. No, apparently Mr. Moseri also said that he's been pushing very hard for Facebook to really take their responsibilities more broadly. He says they're proud of this research. I'm just summarizing this before we run out of time here, but it shows the document. Internal documents on Facebook show that they are having a major impact on teen, mental health, political discourse, and even human trafficking. These, this internal research offers an unparalleled picture. Courtney told the wall street journal of how Facebook is acutely aware that the products and systems central to its business success routine. Fail great article. I've got it in this week's newsletter. You can just open it up and click through on the link to the wall street journal. They have a paywall and I hate to use payroll articles, but this one's well worth it. And they do give you some free articles every month. So if you're not on that newsletter, you can sign up right now. Craig peterson.com. You'll get the next one. If you miss a link today, if you want some, the special report on passwords, et cetera, just email me directly. Give me a few days to respond. But me M e@craigpeterson.com. That's me M e@craigpeterson.com. We've all worked from home from time to time. At least if we're somehow in the information it industry, I want to talk right now about why you need a personal laptop. Even if the business is providing you with a laptop. Laptops are something that was designed to be personal, but many of us are using them as our main computer. I know I often am using my laptop, a couple of my kids and my wife. It's really their main computer, even though they all have other computers that they could potentially be using, laptops are just handy and you have them with, you can take them with you. We've got workstation set up that are kind of. Workstations, if you will, where there are three screens set up and they're all hooked up into one central screen controller that then has a USBC connection that goes right into the, your laptop. So you can be sitting there with four screens on your Mac laptop on your mac pro if you need four screens, it's really handy. No question. Many of us have a laptop for home and a laptop for business. And many of us also look at it and say, oh wow, this is a great laptop I got from work. It's much better than my home laptop. And you start to use the business laptop for work. At home. Okay. That's what it's for. Right. But then we start to use that business laptop for personal stuff. That's where the problems start. We've seen surveys out there that are shown. Then half of workers are using work issue devices for personal tasks that might be doing it at home. They might be doing it at the office. Things like personal messages, shopping, online, social media, reading the news. So the prospect of using your work laptop as your only laptop, not just for work, but also for maybe watching some movies, group chat and messaging, reading, fan fiction, paying bills, emailing to family or friend. It just seems not. It's so tempting. It's just natural. I'm on it. I'm on it all day long. Why wouldn't I just use it? And this is particularly true for people who are working from home, but we have to be careful with that. It's really something that you shouldn't be doing for a couple of reasons. One that. Top that's a business. Laptop is the property of the business. It's just like walking home with boxes, full of pencils and paperback in the old days, it is not yours to use for personal use. We also have to assume, assume since it is the company's laptop that hopefully it's been secure. Hopefully they haven't set up. So it's going through a special VPN at the office and it's going through special filters, maybe snort filters or something else. That's doing some deeper inspection on what's coming through your laptop. Well, there are also likely on that laptop. Tools that are monitoring your device. Things like key loggers, biometric tracking, Jill location, software that tracks your web browser and social media behavior, screenshot, snapshot software, maybe even your cam. Is being used to keep track of you. I know a number of the websites that I've used in the past to hire temporary workers. Those workers have to agree to have you monitor what they're doing. These hourly workers, subtle take screenshots of their screen, unbeknownst to them. Pictures from the cameras at random intervals. Again, unbeknownst to them, it'll track what they're doing. And so I can now go in and say, okay, well he billed me five hours for doing this. And I look at his screen and guess what? He wasn't doing that for all of those five hours that he just billed me. Well, the same thing could be true for your company, even if you're not paid by the hour. Right now, we're looking at stats that show over half of the businesses that are providing laptops for the employees to use more than half of them are using monitoring software. And through this whole lockdown, the usage of these different types of monitoring systems has grown. Now there's some of the programs you're using. You might be VPN in, you might be using slack or G suite enterprise, all good little pieces of software. They can monitor that obviously, but it goes all the way through to the business. And using your slack access as paid for, by the businesses also idiotic to do things like send messages to your buddies, set up drinks after work, complain to other people about someone else in the business, your boss, or otherwise your it, people at the business can see all of that. They can see what you're doing with slack. Even if you have a separate personal account. It's still more likely that you'll end up mixing them up if you're logged into both on the same computer. So the bottom line is if you are on a work computer, whether it's a laptop or something else, you can reasonably assume that I T can see everything. That's not. They own it. Okay. And they have to do some of this stuff to protect themselves. We put software on laptops for companies not to spy on employees. That's none of our business, but we put software on computers for employees. To make sure they stay safe. Think of what happens when your computer, your laptop, whatever it might be, connects to the company's network. Now that can be through a VPN. It can be because you take your laptop home or on the road when you're traveling and you bring it back into the office. If that computer is infected, somehow now you've brought that infection into the office. And that's how a lot of the malware works. It goes from computer to computer. So once they get in that front door where there's through a website and email that you clicked on or in a computer that you're bringing into the office, they can start to move around. Now it's not just your activity. And this is an interesting article from the verge by Monica chin. It's not just your activity that they can see on your laptop, but in many cases, they're also able to look at anything you're downloading any of your photographs or videos that you might've sinked up from your smart. Laura loading these types of things, your text messages on your work device for safekeeping, or just because it's your primary device might seem harmless, right? Cause you're just going to remove them before you hand it in. But some companies such as Apple won't allow you to wipe your device before handing it in regardless of how personal the contents are. And that makes sense too, because many times an employee leaves. And they don't give the company all of the information that they have, that they're obliged to give back to their employer. Things that they've been working on, customer information, et cetera. So Manalive, there are plenty of other devices out there. Hopefully if you leave your company with plenty of notice, moving a bunch of things off your work device in the last few days, uh, might raise some eyebrows at the. And I'm saying hopefully, because they should notice that sort of thing, because it could be malicious activity. It could be an insider risk that maybe they're not even aware of. There's so much you could go wrong here. So bottom line don't use the work laptop for home. So what should you use? You know, my personal recommendation. Almost always is get a Mac. They are safer to use the patches that they get are usually not destructive. You know, sometimes you can install a patch for windows and now your machine just won't work anymore. Right. You've had that happen. I know every last one of us out there that are tried to install Microsoft patches for a while have had that happen to them. All of a sudden the patch has completely messed up your computer and you are so out of luck, it's ridiculous. Right? So don't, you know, hopefully don't do that, but I like the max because they are basically safer than windows. And also because the patches just work on them, apple tends to get them out in plenty of time to try and protect us the next level. If he can't afford an apple and. Apple laptops really are not expensive when you consider how long they last and the quality that components, they are not expensive at all. But if you can't afford that, the next thing I would look at is getting a Chromebook. There are a lot of companies that make Chromebooks Chrome is an operating system from Google. It's similar to Android. Google keeps the Chromebooks up-to-date. They patch them quite regularly and make sure that there aren't nastiness is going on. You just have some of the same issues and Android has patches might take a while to get to you because it has to go through the vendor that made the Chromebook. You might have a Chromebook for Sam from Samsung, for instance, it's not Google's even though it's called a Google Chromebook. Now Chromebooks rely heavily on the cloud services that Google provides, but they can also run just locally. So with a Chromebook and you can get them for as little as 150 bucks, but remember you get what you pay for. Or as much as I've seen them in the $2,000 price range with fancy GPU's, local storage and other things, but at 150 bucks, it could be well worth it for you. It lets you do the regular word processing. Just think of what you can do with Google docs, spreadsheets against Google docs, spreadsheets, all of those types of things are built into it. You can. Cruz the web, obviously using Google Chrome on your Chromebook. And send and receive email, which is what most people do. That's really kind of all, most people do at home. So consider that as well. I also like iPad. They are quite safe again, but they tend to be more expensive and they can do pretty much everything. And now with Android support built right into Google Chromebooks, you can even run Android apps. So there you go. Keep safe and be safe out there. Right. Have a hack free life. Make sure you get my newsletter. Craig peterson.com/subscribe. Craig peterson.com/subscribe. The national cyber director, Chris Inglis said that we need cyber bullets, that cyber bullets are part of the war on hacks. And it makes sense on one level. But when you get into the reality, it's a much different story..  I had an interesting email this week from a listener. Actually he sent it about two weeks ago when I finally was able to get to it this week and responded, and he was pointing out how there are some things that I talk about on the show that I put into my newsletter that are really good. And. I'm paraphrasing here but theoretical to so many people, there's some things that you can figure out pretty easily yourself. Some things you can do yourselves and other things that are just different. To do still. And a lot of that has to do with the websites you go to in order to maintain your passwords. And he was complaining specifically about bank of America and how you can, according to what he has found here in the real world, you can come up with a. Password a 20 character long password that is going to keep everything nice and safe at trend to be generated. You're using one password and great. So you set your password up in bank of America's account, and then you try and log in later, and it doesn't work because it lets you put 20 character passwords and when you're creating it, yeah. But the login screen only takes the first 16. So of course they'd home match. You see it's things like that really are pushing us back, holding us back. But I'd say pushing us back from being secure as a country, there, there just aren't enough people paying enough attention to make sure this cyber security, even the basic stuff like passwords and two factor authentication are being done properly. So one of the things I wanted to make sure you guys were aware of is I need to know when you're having these problems, because what I want to do is put together some trainings to show you exactly how to do it. Because on some websites you were saying, it's pretty hard to use one password he's paying for it, but it's kinda difficult for him. And I think in some ways, a lack of understanding. Then, it can be difficult to spend a bunch of time trying to watch some training videos for some of the software. And so I want to hear when you're having problems so I can do what I did for him this week and spend a little time, write some stuff up, and I even am reaching out to some of this website. People like bank of America who are really messing up cyber security for people who are trying to do the right thing and writing them and saying, Hey, listen, I'm part of the FBI InfraGard program. I'm a member of it. I paid a lot of attention to cybersecurity. Heck I ran the training for the FBI InfraGard program for a couple of years, and there are some real things lacking. In the login anyways, and this one particular case of the cybersecurity, but I don't know all of this stuff. I'm not using all of these things and I have a disadvantage over you guys, and that is that I've been doing this for so long. I've forgotten what it's like to not know it. Does that make sense? So if you have something that I've talked about on the show, that's appeared in my newsletter and you're having some confusion over, let me know. Just email me M e@craigpeterson.com. What he did is he just hit reply to my newsletter. And of course, that goes to me and me@gregpeterson.com and it tracks it. So I know I need to reply, so I can sit down and go through and answer people's questions. I sent out a lot of the copies of my password, special report to people you guys had requested specifically some of the. People out there had requested a little bit of help. And I had sent out an email to most of the people that I could identify as being business people. I sent out a little thing saying, Hey, listen, if you could use half-hour my help, let me know myself or my team. And then, again, you can just send me an E Craig. So I answered a lot of those questions this week. And in fact, that's how I come up with much of what I cover here on the show. You guys ask the questions and that's how I know that it's a real problem. If I understand it, that's one thing. But for the people who don't do cybersecurity as their primary job or a strategy, I get it. I can get why you guys are confused. So make sure you get my weekly newsletter. So you can find out about all of the trainings, the free stuff, the paid courses, and. It's easy. Just go to Craig peterson.com/subscribe. That's Craig Peterson, P E T E R S O N. Craig peterson.com/subscribe. And I'm more than glad. Add you to that list. And there are now thousands of people on that list to get my email pretty much every week. If you miss it one week, it's probably, cause I just got too busy, but I put out all my show notes. I put it all a little bit of training notes, all. The us government is supposedly getting ready to fire what they're calling cyber bullets in response to these significant hacking attacks. This is what they're calling a comprehensive strategy to dissuade. Adversaries. And this is all from the national cyber security director, Chris Inglis. This is from an article in American military news.com by Chris Strome. That was out this week. And of course I included that in my newsletter this week as well, coming out. Today or tomorrow, depends on how this all goes right with the weekend. I got to help a buddy out today, but president Joe Biden has been really talking about how do we use cyber weapons to retaliate. For instance, he gave a list of industries that Russia should not be. As though Putin himself is running all of these hacks or come out of Russia. Yeah, certainly there are some that are part of their military, but there many of them that are just bad guys that are trying to make some money, we should feel sorry for them. So Biden gives him this list and says, Hey, listen, if you attack any of these various industries or actually portions of our economy, We are going to retaliate. We have seen the us retaliate under President Trump and the retaliation. Of course he did all kinds of economic stuff to stop it. And much of which has been reversed by president Biden's administration, but also he attacked them directly in. Down some power systems there in the Moscow area, which I thought was really kinda cool. So kudos to President Trump for doing that and for president and Biden now to say, Hey, we are going to attack back. Of course. The biggest question is. What would we be attacking? How would we be attacking it? And for what reason, for instance, the red Chinese have gone after our office of personnel management, OPM records and got them all back in 2015. So they now know everything about everybody that had a secret security clearance or the took a paycheck from the federal government. All of those records, they would get their hands on them and get them on all of the records a lot. So Inglis was in front of the let's see here, the, yeah, he was a former director of the national security agency. He's the first to hold his Senate-confirmed position at the white house, this national cyber director position. And he says there is a sense that we can perhaps fire some cyber bullets and shoot our way out of this English set at the conference. It was hosted by the way, by the national security agency and a nonprofit group, he said that will be useful in certain circumstances. If you had a clear shot at a cyber aggressor and I can take them offline, I would advise that we do so as long as the collateral effects are acceptable. Yeah. What we have done here under president Biden administration is we have shut down some people who were operating illegally, we have shut down some cyber actors that were attacking us. So we've been doing that, but it isn't exactly. Wow. We just saw a muzzle flash over there. And so we are returning fire to the area of that muzzle flash, because as I've said many times before, we just don't know. Where in fact that bullet is coming from, it makes it a lot more difficult. English went on to say there's a larger set of initiatives that have to be undertaken. Not one of those elements is going to be sufficient to take this. Out let's see here, the us should make clear to Russia now their adversaries, what kinds of attacks would prompt a response, which is what president Biden did when he was talking with, of course, President Putin over there, red lines of both good and bad red lines are clear and crisp. Although I got to say many of our administrations have. Really done anything about it. It's the red line in the sand and Syria president Obama didn't do anything when they stepped over that red line. So yeah. And then with what we just finished doing in Afghanistan, where we drew a red line and said, we're going to protect all of you who helped us. And then we not only abandoned them, but we abandoned Americans behind there. I don't think a lot of people aren't going to believe us. So here's the last statement here. And again, this is an article in American military news from our cyber chief is the government actions. Aren't always going to be broadcast. In some cases, it's not helpful to broadcast those for all of mankind to see another one. We are doing some things behind the scenes. And I have certainly seen some of the results of those over the last few years. Stick around.  You're listening to Craig Peterson online@craigpeterson.com. You've got a smartphone and there are some new versions out, right? New hardware, new software, Android iOS. How long should you keep that device? How long can you stay safe with that older device? Apple has now done something. Different something they've never done before. One of the reasons that apple equipment tends to be safer than almost anything else out there is that they have, what's known as a closed ecosystem. There's arguments both directions here on whether that's safer or not. But the real advantage when it comes to cybersecurity is there are only. So many versions of the iPhone out there. What are we now in a couple of dozen versions of the hardware platform that makes it easier for apple to be able to support older versions of the software and multiple pieces of hardware, much easier than for, let's say Microsoft windows. It doesn't even have a single. Platform or Android, where there are hundreds of hardware platforms out there and tens of thousands of versions of the hardware, because one model phone can contain many. Changes different types of hardware to talk to the cell towers or the screen you name it. So it's very hard to keep up. Android has for quite a while now supported three versions of their operating system. Of course, we're talking about Google, but Android operating system. So they support the current release. Of Android and the Breviary release is two previous releases in fact of Android. Now that is frankly a pretty good thing to know, but there's over a billion Android devices out there that are no longer supported by security updates. We've got Android 10, nine, and eight that are fairly supported right now. We're actually up to Android 12. So here's how it works. If you've got Android version 10 out, if that's the main one, then you can continue to do. Eight and nine and get updates, security updates. But then here's the problem, everybody, those security updates are coming out of Google, but that does not mean that they are making it all the way to you. So there you go. It's one thing for Google to provide updates, but if you can't get them because your phone manufacturer is not supporting them, you've got trouble Samsung. Is probably the best company other than maybe Google and the Google Pixel phone. Samsung's the best company to go to. If you want some longer-term support. Many of these other companies just don't provide support past the current version. So keep that in mind as well. Android 12 was the 12th major version of Android announced by Google, February, 2021. And it is starting to roll out a Android. The 11th, 11 is the one that was out in February of last year. At least it was announced then. And we're, they're coming out, they're getting pushed out. So basically Google is saying the current version plus two prior versions. And that usually gives you about a four or maybe even a five year window. So if you're. An Android device from a major manufacturer, particularly Samsung on the Android side, your device is going to be good for at least four years, maybe five years now on the, and by the way, you don't necessarily have to upgrade the. You could be continuing to run an older release saw, as I mentioned earlier, if it version 11 is the current one that's out there being supported, which it is right. 12 is early still, but version 11, that means two prior versions still get security updates. You don't get featured. Dates, you don't get the new stuff, but you get security updates. So Android 11, the current one that means 10 and nine get security updates. So you don't, you're not being forced to do an upgrade. Most people don't upgrade their phones from an older major release to a newer major release. In other words, they don't try and go from Android eight to Android 11. Because in fact, most of the time, the hardware manufacturer doesn't support it. That's why there's over a billion Android devices out there right now that cannot get security updates. So have a look at your phone and your vendors. See what you're running. You probably want to do an update because most phones cannot get any support on the, in the apple side. Things are a lot different with Apple iOS, which is the operating system used on the iPhone and the I pad apple has always forced you to move to the next major version. No, they only force you to do that. If they support the hardware. And I've got to say kudos to them, they're still supporting the iPhone six S which came out quite a while. The iPhone success is something that my wife has been using and that I had as well. In fact, she got my old iPhone success, but that's a six-year-old. Phone came out in September of 2015. So it is still getting security updates, and we'll probably continue to get them. Not only is it getting security update this six-year-old iPhone success is getting the latest and our iOS operating system. It's getting iOS 15. Isn't that just amazing? Yeah, exactly. And so not just security updates, like you might get from some of the other vendors out there, Android vendors. So the apple keeps their arms around you for quite a while. Here's, what's changed now with Apple and iOS, the, for the first time ever in the iOS world, Apple is not forcing you to upgrade. So you're not being forced to upgrade to iOS 15. You can continue to run iOS 14. And that's how apples got around the security patches in the past, because what happens is you get the updates and installs them. Basically. There's no reason for you not to upgrade your phone. And so you do so apple never had to worry about releasing some of these fixes for really old versions of iOS. Although they have done that from time to time. In the Mac iOS side, Apple has done a couple of good things. The, where they always have supported basically three releases, what Google's doing with Android. So you now have a new feature. If you will, with iOS, here's a PSA for everyone. Public service announcement. You don't have to take the iOS 15 upgrade. Now I did. I put it on my iPhone and I seem to have some sort of a problem with messages where it's telling people that my phone has notifications turned off, which it does not. So I haven't figured that one out yet. I'll have to look into that a little bit more, but. This is nice because that means you're not going to have to upgrade your iPhone to iOS 15. You'll still get security updates for iOS 14, something Apple's never done before. We'll see if they continue this. We will see if they match Google going back. Three releases in Android. It just never been done before over on the iOS. So good news for them. Also course in the windows world and the Mac world, you really should upgrade the operating system as much as you can. Windows 11 though, man, windows 11. And I said this to my newsletter. I warned you guys is going to be a nightmare. For many people. You are not going to be able to do an automatic upgrade unless you have the newest of hardware, with the highest end of features, Craig peterson.com. One of the very big ransomware operations is back online. And now we have some inside information from one of the contractors working for this ransomware organization and oh yeah, there's an FBI tie, too.. This organization, ransomware gang, almost business, whatever you might want to describe them as is known as revolt. They have a few other names, but that's the really big one. And they are basically the 800 pound gorilla in the ransom. Business, you might be using cloud services right now. Maybe you use Microsoft's email service. Their Microsoft 360, I think, is what they call it now and use it for email and various other things pretty handy. It's mostly in the cloud. Computers you own or operate or have to maintain. I think that makes some sense too, but here's the bottom line it's software as a service right now, salesforce.com software as a service, Oracle has their accounting stuff. QuickBooks online, all software as a service. It isn't just those legitimate businesses that I just mentioned. That are using the cloud that are providing software as a service where you're paying monthly or however frequently. And you're getting this software as a service. That's what that means. Typically it means it's in the cloud and you don't have any real control over it. That's what this ransomware gang has been doing. This gang known as rebill. They all appear to be in. And there's some interesting stuff. That's come out. A transcript was released of an interview with one of their contractors. Now the original interview was in Russian. So I read through a translation of the Russian. I have no idea how good it is, but it is being quoted by a bank. Insider magazine that you might be familiar with bank info, security. That's one of the places that I follow. And there's a few interesting things that he talked about that I want to get into, but these are the people who have been behind things like the colonial pipeline attack and some of the other very large attacks, the way they work, their business model is. You can license their software, their ransomware software, and you go after a business or a government agency, whatever it might be, you get that ransomware software inside. And the reveal gang will take a percentage of the money that you have in rent. Now, how is that for a, an interesting business model, right? Taking something that the rest of the world has been using, and then take that model and put it into the legal side of the world. For three weeks, during this whole reveal ransomware attack, this summer turns out that the FBI secretly withheld the key that could have been used to decrypt. And computers that reveal had infected with ransomware and looks like kids up to maybe 1500 networks. Now those are networks, not just computers. That includes networks run by hospitals, schools, and businesses, including critical infrastructure businesses. The way the FBI got their hands on this decryption game. Is by penetrating reveal gangs servers. So they got into it. They were able to grab the keys and then the FBI waited before. Did anything with it. See, what they were trying to do is catch the people behind reveal. And so they didn't want to release information, get information out there to the press that might tip off those bad guys over there in Russia. And then shut down their operations. But as you might know, because I mentioned it here before the reveal gang went offline on July 13th, before the FBI could really track them down. And then the FBI didn't release the key until July 21st. And then I think it was Malwarebytes released a decryption tool. So if you had been hacked by the gang, you could. Now, remember it isn't reveal itself. That's doing most of them. Ransomware hacking if you will or a placement it's small guys. And that's why some people, including this contractor that apparently worked for the reveal gang itself says, people think that it's the Russian government, that it's Putin, that's doing this. He said, in fact, it's not it's small guys. And people like me are getting four or five hours a night. Because we're working so hard trying to make a whole of this work, come up with the new software approaches. We have to provide code tech support unquote to our affiliates, as well as tech support to the people who have had their computers and their data ransomed. So it a real interesting mix. Absolutely. Interesting mix. Now Christopher Ray here a couple of weeks ago, he's the FBI director told Congress that cool. We make these decisions as a group, not unilaterally. To the FBI and working with other government agencies, these are complex decisions designed to create maximum impact. And that takes time and going against adversaries, where we have to marshal resources, not just around the. But all over the world. So this Russian based gang first appeared in 2019, they've been around, they've been exporting large amounts of money from businesses for a very long time. One of the interest he'd things I think about all of this is that this reveal gang has their software as a service, and they provide it to quote affiliates, quote that, go ahead and then install the software, get you to install it on your computers in order to ransom you a double whammy ransom you, but there's now reports out there that there's a secret back door in the ransomwares code that allow. Rebill to go around their affiliates and steal the proceeds. How's that for hilarious, you've got a bad guy who goes in and gets the software from revolt, pays them a commission, and then reveal apparently has been jumping in on these customer support chats. In other words, you just got nailed and because you got nailed with ransomware, you have to go to. Chat room. And so you go in there and you're getting customer support on how to buy Bitcoin and how to transfer to their wallet. And apparently revival is getting right in the middle and is extorting money from these people directly instead of having the affiliates do it pretty amazing. So here's this part of this interview? It was aired on the Russian news outlet, London. And was trans translated by yeah. Flashpoint. Here are the guys that got the full transcript of the interview. He says in the normal world, I was called a contractor, doing some tasks for many ransomware collectives that journalists considered to be famous. Money is stolen or extorted with my hands, but I'm not ashamed of it. I do. And again, this goes into the thinking of many of these bad guys of Americans are all rich and they don't deserve what they have. He said, let's put it this way. This is a very time consuming job. And if you've earned enough, then you can quit the game. But chronic fatigue, burnout, deadline. All of these words from the life of ordinary office workers are also relevant for malware developers. So there you go. You should feel sorry for these malware developers who are developing software to steal millions from you and. Down our critical infrastructure. Hey, join me online. Craig peterson.com. And if you subscribe to my weekly newsletter right there on the site, I'll send you a few of my special reports. The most popular ones will come to you right there in your email box. Craig peterson.com/subscribe. We all pretty much have some form of insurance. And we're going to talk right now about the types of cyber insurance you may have. Now this might be through your homeowners policy or perhaps a rider on a business policy.  Many of our homeowners policies have started coming with cyber insurance. So we're going to talk about that. What is it? Businesses as well are also using cyber insurance and I'm sure you've heard of insurance basically called LifeLock and what that's all about. So let's kind of start. When we have a breach in a business, usually what happens is information about our customers is stolen. Look at some of the biggest breaches in history where we. Hundreds of millions of our personal records stolen Equifax breach is an example of a huge breach where we had all kinds of personal information that was stolen by the bad guys. Now, some of this information gets stale pretty quickly, but of course, other parts of it like our address, our social security number, they are probably not going to change for years. If for. No, of course our social security number will never change the social security administration. Just doesn't reissue them for very many reasons at all. And they do not reissue a social security number was stolen online because. Just about everybody's has, so what does a company like LifeLock do? They keep an eye on your credit report for you. And they're looking at what's going on new accounts that are open. They look at various other things, just related to that. And they, at that point say, wait a minute, something weird is happening. Now my credit cards, for instance, I have a credit card that if let's say I buy two of the same thing, one after the other and the, both the same price that credit card company pops a message right up on my phone saying, Hey, did you just buy two? Of these $15 things from and I can say yes or no, if I'm out on the road and I am purchasing gas, the credit card can pop up on my phone and it does and say, Hey, will you just trying to buy gas at this gas station? Because what'll happen as you use the credit card at the pump. And the pump says it was denied and then up at pops and yeah. Okay. No, that was me. And they said, okay, we'll try the transaction. Okay. And we'll approve it next time. And that's all automated. And that has nothing to do with LifeLock. LifeLock is there to more or less detect that something happened and if something happened and it was a bad guy and basically your identity was stolen. So they might be trying to buy a Ferrari in your name or maybe a 10 year old, four Ford focus, whatever it might be. And. They will help you try and clean it. That's what they do. So that's why it's cheap. And I don't know that it's terribly useful to you if you're really concerned. Go ahead and do that, but do keep an eye on your credit report. I do as well. My bank has free credit reporting for me, my credit card. Same thing. Free credit reporting that lets me know everything that's going on. So that's an easy way to tell WhatsApp. And there are different types of cyber insurance beyond this sort of thing, beyond the LifeLocks of the world. And many of us just get our cyber insurance through our homeowner's policy. It's a little rider. And businesses can buy cyber insurance as well. We have cyber insurance, that's underwritten by Lloyd's of London and we provide a $500,000 or million-dollar policy to our clients. As well, because that's what we do is cyber security, right? So the idea is if one of our clients gets hit, we have some insurance to back us up, but of course we go a lot further. It's almost like the LifeLock where if you do get hit by ransomware or something else, we will help you get back in business. We'll help restore your data. We'll help you with providing you. The information you need in order to do press releases, which agencies you need to contact, which of your customers you need to contact. And we've got scripts for all of that. So you can send it all out and just take care of it. So the idea is you don't want ransomware. So you hire us. We are extremely likely to keep ransomware out of your systems. And on top of that, if you are hit with ransomware, we restore everything. LifeLock does not do that. Obviously they all, I'll only do stuff after the fact and the cyber insurance you buy from an insurance agency is much the same, and there's a huge caveat with these policies that we're buying for our businesses and for our homes. And that is. They have a checklist at the insurance companies. Did you do this and this? And if you did, then they might payout if you did not, they may not payout. In fact, pay outs on cyber insurance policies are not known because. Bottom line. They really don't payout. Okay. I'm looking at some numbers right now and about paying ransoms and everything else. You may or may not. You got to have a look at it. Many of these policies are never paid out by the cyber insurance covers. They usually just regular insurance companies, but it's a special rider. And what they do is they say, Hey, listen, you did not follow the rules, so we're not going to payout. And there are many cases. If you go online and do a search, just use duck, go and say cyber insurance, payout. Lawsuits I'm doing that right now is. And it'll come up and show. Oh, okay. Does it cover lawsuits? Why are liability claims so costly? Yeah, exactly. A 2% payouts is talking about here. I'm invoicing, the most common cyber insurance claim denial. Yeah, it goes on and on. There are a lot is an act of war clause could nix cyber insurance payouts. That's another big one that they've tried to use. So the cyber insurance company will say, Hey, that was China attacking you. Therefore it was an act of. And you can bet if there is a big hack, they will use that. Think of what happens with the hurricanes coming onshore. How much do they push back on payouts? Especially with the real big one, it would bankrupt them. So we gotta be very careful. There are some different types of  cyber insurance. Policies do which have different types of coverages. You've got the first party lost loss, I should say. So that's you to covering you and your loss, your first-party expenses, third party liability. Each one of those has specific parameters. So sub-limit retention and others. First-party losses are usually including the loss of revenue due to business interruption. First party expenses would include all of the services and resources that you needed to use to recover from attack like forensic or system rebuilding services. These third-party liabilities. May cover expenses and legal fees related to potential damage caused by the incident to third parties like partners, customers, or employees whose sensitive information may have been compromised. So read them carefully. Be very careful. There are next-generation, cyber insurance policies are going even further and make these types of services. Prior to any incident to reduce exposures and prevent incidents in the first place. Now we don't provide insurance. We are not an insurance company, but that's basically what we're trying to do here. Not become an insurance company, but to make sure. The businesses have the right services so that the likelihood of anything happening or is extremely low. And then following up after the fact it's different obviously than insurers in and insurance, the guardians, Jessica Crispin had a great article about a couple of weeks ago that I've been hanging on. And it's talking about this tattle where that's been incorporated into the computers we're using at home. Now we're specifically talking about employers that are putting this. The software on computers, they belong to the companies. A lot of businesses are worried. If workers are at home or where we can't see them, how do we know that they're actually working, not watching Netflix or something else on. They have, of course, come up with software that can reassure your boss. It does things like take snapshots of what you're doing. Record your keystrokes grabs photos from. Picture from your camera. There's a new program called sneak, which makes your webcam take a photo of you about once a minute and makes available to the supervisor to prove you're not away from your desk. There's no warning in advance. It just takes that photograph catches your doom. Pretty much anything can be absolutely anything. Then, it's the type of thing you'd expect the national security agency to do. So there are some good reasons for this lack of trust because sometimes employees have not been doi

    Are You Using Encrypted Email Yet? Here's How!

    Play Episode Listen Later Sep 18, 2021 70:51

    Are You Using Encrypted Email Yet? Here's How! Security emails aren't something that most people think much about. Yet, they're becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff? [Automated transcript] Email is something that's been around now for quite a while. It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email functionality is something that we've always needed. Usually, it was for just communicating within a group. And then, in the early eighties, when I got on the internet, we could send email to people all over the world, and the email then looked a lot like it did. Now you net email, we use different types of addressing for, but basically, it's the same thing that we're used to today. Many of us have Gmail accounts. I have some Gmail accounts. I use them basically for throw-away stuff that I don't want to have tracked. I don't use Gmail for anything that I consider particularly important, because again, it's not saying. So now there are two types of security. Really. We need to consider, and I got an email from one of the listeners today. Who's on my newsletter? And he said, Hey, I love all of the stuff you put in the newsletter every week. It helps keep me updated on what's happening in cyber security and what things I need to know. But I'm reluctant to click on any of the links in your email because they're all trackers. I do that so that I know what the people who subscribed to the newsletter are interested in. So, for example, I see many people clicking on an email I sent out a few months ago talking about different emails, services, and which ones provide the most WhatsApp security. If a lot of people click on that, Then I know. Oh, okay. Great. People are interested in this. So I'll talk more about it on the radio show. I'll probably put something together for the newsletter so that they have it. It's like the example I've used for a couple of decades now, which is, Hey, if I'm looking to buy a car, I don't mind seeing a car. Because it gives me something to compare. If I'm looking to buy an F150, I don't want to see ads for the latest Chrysler minivan. I'd like to see ads for people who are competing to sell me a Ford pickup truck. Maybe some competitors, maybe Dodge gets in there with the Ram or Chevy. Their truck, but I wanted to focus in it. It just makes sense to me because I don't want to waste time on some shoes when that's not what I'm interested in and the person who's paying to show me this ad for shoes is wasting money and being a small businessman. I hate to see that I know what it's like. It gets really frustrating to be spending a lot of money on advertising. That really is not going in. So you have that type of a monitoring where the advertisers are looking at, what you are looking at, what you're searching for. They know the sites you're going to, they know you're interested in that. F-150. Make sense to you? It certainly does to me as well. So I don't have a big problem at all with a people collecting basic advertising information about me. It starts to go over a line. It's a little bit of a, an obscured thing, frankly, but it starts to go over the line where they're gathering all this information that could be useful for a bad. We don't want hackers to have the information. I want to have a hack free life. I don't want them going out there and finding information about me and, oh, I'm going to be on vacation. I'm going to be out of town for three weeks and unable to be reached. And so that gives them the opportunity to now go in via phishing campaign. Maybe try and get my CFO to write a check to somebody or, do something that's frankly, quite malicious. What do we do? How do we deal with that? What makes sense there? That's a really good question, frankly, and that line has to be drawn by you personally. I draw it as, I don't really care most of the time if someone knows. So here's what I do with my mail client. I turn off the automatic download of photos of pictures, and that way I can see the email. And if it's. Piece of spam, where I don't even want that spammer to know that I opened the email. They're not going to be able to find out because my male client is not downloading photos. The way it works is you as a marketer or as a spammer. In this case, you are giving a unique URL for that. So that unique URL. Now, if that photo's downloaded, tells you that almost certainly that person opened your email. What's a legitimate email address. You can spam it some more in the future, a little bit more about them. The same thing is true with my emails. For instance, if you sign up at Craig peterson.com/subscribe, and you get my weekly email. The training and all the other stuff, that's, all for free in there. You now are telling me when you open it, that you opened my email. Now, why would you want to tell me that? Why would you want to tell anybody that? Nowadays when it comes to email delivery, one of the things we have to face as businesses and as a marketer, who am I using? Mt. Is that you are great. Every email is scored. This has been true for a long time. SpamAssassin the software I've used for. I don't even know how long now, at least a decade, maybe two. And it looks at the content of the email. It looks to see how much of the email is a graphic. How much of it is using these types of words that are often used by spammers or. Maybe crazy marketers. So they will score that email. And if it's above a certain score, if it's accumulated too many bad points that email doesn't get delivered, we have a similar system. We have some real fancy stuff that we use ourselves and we use for our clients from Cisco that compares all of these emails that are being delivered worldwide, millions of the members. And learns from it and automatically blocks them for me, which is really great. But if I'm sending you emails, just like if you're on my email list, I'm going to send you an email at least one a week. Usually not more than two, but basically one email a week. It's not only scored on how my email reads the wording, the. But it's also scored on how old is my domain. Have other people reported my emails as spam and how many people have opened that email sites? Google track that. So if you're on Google, if you're using. It will come up and the email come up and Google says, okay, he read the email. Maybe he downloaded the photos. He was very interested in it. But if people are not opening the emails, you start to develop as a person sending an email, a low-risk. Lower and lower in this case, lowers is bad. Then the case of SpamAssassin hires bad. So what'll happen then is your emails will stop getting delivered. You don't want that. I put a lot of work into these emails. I send out every week. I usually have a number of tips, usually six to eight different ones in each email. I don't want that to go to waste. So if people are not opening my email. Then I'm going to automatically remove them after a period of time from my email list, because I don't want to send email to people who aren't going to open it, because if I do that sites like Google and many others are going to stop delivering my emails to everybody else, the people that do want it, just see how that works. So I am reliant on understanding if you open the. How can I tell? I can tell if you clicked on a link and I can also tell if you've downloaded any of the graphics that might be in that. Otherwise, I have to assume you're not opening that email. And if you're not opening that email, I don't want to send it to you because if I send it to you and you don't open it, it's going to slow down or completely stopped the delivery to other people within the. For instance, gmail.com. And this is true for any of the major mail vendors that are out there. And I don't want that to happen. So what I ended up doing, if you have an open them for awhile, I'll send you an email saying, Hey sorry to be bothering you here. But I wanted to make sure that you did want to get these emails or I'm going to automatically remove them. You might've had that from other people before then. The reason those emails are sent out isn't because I'm being snotty about it. It isn't because I'm upset that you subscribed and you haven't been reading the emails. It's because I don't want my email delivery to other people to be damaged because you have no pundit. Even though I do block images from being downloaded on my emails at the top of the email when I open it up and it has a little button that says load images. And if that email is from someone that I care about it, isn't from just some spammer that stole my email address or bought it from somebody else. If it's a legitimate email, I want to see, I click on that load images. So what happens now is the images in that email or downloaded the whoever sent me the email now knows that email was opened up and I don't also get kicked off for their list. Now, a few of you guys have complained about that with me, just not complained as much as said, why are you kicking me off of your email? I told you it's because you haven't been opened that. Oh, but I haven't opened them. You haven't. But if you turn off the load images on emails, then I don't know that you've been reading them and therefore you're going to automatically end up being re removed. When we come back, I want to talk about secure email providers. I'm going to compare some of them. And that came up this week because what was the number one secure email vendor out there? They no longer are. So we'll talk about that. It's all in the news. Visit me online. Craig peterson.com. You use email, everybody uses email, but which providers provide you with security and what do these different types of security actually mean to you? Of frankly? What is security? What is a secure email?  There are a number of different secure email providers. And there are multiple ways of defining secure email nowadays. All of the email that I send and receive from my company and I send and receive for our client companies is incorrect. There something called TLS. That is basically it's the same as HDDP S it's you know, that secure VPN that set up. No, I don't want you to get confused with these VPM services. It has nothing to do. But if you go into your web browser and you look up in the URL bar, you'll see a little lock. It's typically on the left side of that bar, you click on it and it will come up and say, the connection is secure. What does that mean? It means that the data that you send from your browser. We'll get to that remote server in a secure fashion will be encrypted. So if it's intercepted the third party, won't be able to decrypt it. Now there's exceptions to this, but we'll just keep it nice and simple. When we're talking about email and the two email servers talking to each other, we're talking about the same sort of thing. If you send an email, you have an email provider. It might be my company, but it's not likely, right? Because we only deal with a certain number of small to medium businesses, but the email goes from you to a server. So let's say you're using Microsoft 365. So your email, as you're sending it to me@craigpeterson.com that email. Goes from your browser or your email client over to the Microsoft 365 server. Now I understand there's different ways to do it. In fact, we don't do it quite this way. We always go through an intermediate server that we maintain that helps keep things secure, but the email goes over to Microsoft 365. And that first connection is probably a secured connection also by TLS. Now you're sending it to me@craigpeterson.com. That was the two address in your email. So what happens next is it needs to find out who's handling the email for Craig peterson.com. It finds out, and then it says, A again, TLS session and encrypted session over to my email server. That encrypted session is much the same as what you have on your web browser. It is. Very hard, very unlikely that anyone in between can see your email. And then the email ends up on my server, whatever service I'm using for my server. And then it ends up at my client. It might be on my phone. It might be on my desktop. It could be anywhere. And again, that is using another encrypted session. There's different protocols that might be involved. For instance, I map S SMTP maybe there's TLS over SMTP, whatever. We're not going to get into all of those technical details before you guys all leave me because your eyes just glossed over, but there are a lot of ways to have that all encrypted. So just sending an email from your phone to me@craigpeterson.com means it's going through a minimum. Four machines and each time it gets to one of these machines it's encrypted. That's hopeful, right? I'm going to knock on wood here because in reality, not every one of these points has encryption. Not every email service has that type of encryption, TLS, or other ones. What I want to talk about now is the secure email providers. If you have Microsoft 365 email, you can go to and Microsoft website and send and receive email there. Do your calendar there. You've seen that before. I've used that before, so you can do it all online on the web server. You can also do it on your client on whatever device you have. These secure email providers. I'm going to talk about right now as a rule are using a web front. So what is a secure email? Obviously the first step needs to be the connection from you to the server needs to be encrypted. And if you're using a web based encryption, which again is that HTTPS, which is the TLS nowadays. That is encrypted end to ended choosing public key encryption, the whole RSA patent. And it's just fascinating stuff. It was absolutely amazing what they were able to come up with. I love it. There is also the server itself, which needs to be secured somehow. And then how about the ultimate delivery to the third party? Now we use Cisco again. For our email filters, but that our Cisco server that we have for ourselves here in our very own data center located right here then server also handles emails for some of our other clients. So what happens now is if I want to send a secure email to somebody. Party. So I want to send it to somebody working at the bank or working at the repair shop, whatever it might be. All I have to do is in the subject line, just say secure and the Cisco email, server's going to notice that. And it is then going to send an email off to the recipient saying you need to come to this IP address. And it gives them a link and I, and grab your secure email. So in that way, I know it was delivered to curly because whoever the recipient is had to go to this secure site on this mail server that my company maintains. Okay. So that's another way of doing it. If you don't have the types of equipment that I have here in software that we use for small businesses, then there are still some options. The number one for quite a while has been proton mail, P R O T O N M a I L. And I wrote a big thing about that. You would have got that in my newsletter a few months ago. If you save those things, which you shouldn't do by the way, save them all, just do a search for proton mail in there, and you'll see my detailed explanation of what it is, why you might want to use it. Proton mail is located over in Switzerland. And of course, Swiss has some good privacy laws sodas, the European union, but that was their claim to fame. Hey, we are in Switzerland. We do not do log. We do have self-destructing messages and we have some real neat little features that you can use on your on your device. That's proton mail. It's been very good, but just this month, a Swiss court ordered proton mail to log the attachment. To their service. So now when I say attachments, what I mean is the IP address is the two addresses the, from addresses of any body that's using their service. No, they were specifically looking for this one individual. And so now they are doing some logging. They actually have to change their website. So that's a negative and we'll explain why that's a negative. And we'll talk about a couple of. I of the email services that are out there right now and what you can use, what you might want to use, what the costs are, so that you have a good idea. So stick around because of course we'll be right back. And I want to invite you right now to just take a couple of minutes, go to CraigPeterson.com and subscribe to the newsletter so that you get everything. You'll get my show notes every week. You'll get some of these free trainings I'm in trying to make it so that it's under three minutes to help you understand different concepts and things that are going on. Craig, Peterson.com/subscribe What are the features? These secure email providers are providing, what are the costs? Which ones might you want to consider? We're going to run through the top three right now. What are their features and why would you want to use them?  We started talking a little bit about Proton Mail, some of the real basics here, and it is still the kind of 800 pound gorilla when it comes to secure email, finally they had to capitulate to the Swiss court because they are located in Switzerland. So just goes to show that even being Swiss doesn't mean that it is. Completely secured, then there's a difference too. I want to point out between having a government issue, a subpoena and a court order to have your information revealed. There's a big difference between that and a hacker who's trying to hack you and get into your life. So I think most of us understand that we need to be secure in our documents. We need to have that privacy is guaranteed to us from the constitution, but we also need to have one more level of security, which is okay. How. The hackers. So having a hack free life means you there's a lot of things that you have to be concerned about, email being one of them. So I'm not too worried about Proton Mail and the fact that they had a court order to. Provide IP addresses for a specific group of people. And it was a very small group and I can see that. I can agree with that. Proton Mail does have a free version. That's the one I have because I want to try it out. And it has a 500 megabytes of free. The storage, you can get up to 20 gigabytes and Proton Mail starts at $4 a month. It has end-to-end encryption, which is really important. Again, it means from you all the way to the recipient, all three of these that I'm going to talk about have end-to-end encryption. They also all have. Two-factor authentication. Remember when we're talking about two factor authentication, a lot of places try to pass off this thing where they send you a text message with a number in it. They try and pass that off as two factor authentication. Yeah, it is a type of two factor authentication, but it's not a. If you're already doing something like maybe you've got cryptocurrency, you are potentially not only under attack, but I'm very hackable. If you're using a text message in order to verify who you are. So that's an important thing to remember. Proton Mail has self-destructing messages, which is a very big thing, very positive. It tends to be expensive. Proton Mail being the 800 pound gorilla kinda dictates what kind of price they want to charge and they are on the more expensive. Side the web client is a little bit on the outdated side. It does not support pop three, which I doubt is an issue for any of you guys out there because nowadays the modern email clients aren't using. Anyways, any more now Proton Mail has PGP support. I use PGP, I have a built into my Mac mail and it allows me to send and receive and do end encrypted messages. And that's something you might want to look at a plugin that uses PGP or GPG, which is effectively the same. Which allows you to send and receive encrypted email using your regular email client. However, the person who's receiving it at the far end has to have that PGP client or GPG client as it is. So it might not be the best idea in the world to use that. I use it and I use it for. People within the organization that I know have PGP, because again, we're dealing with third parties information. We have clients and the clients trust us. So we have to be pretty darn careful with some of that stuff. So that's our first one, proton mail. It's something I've used. I know a lot of you are using it. I had so many responses to that email that I sent out to everybody talking about secure email and specifically proton mail. And you guys were all telling me, Hey, listen, I'm switched on I'm away from Google forever because Google is by far the least secure of anybody you could be using out there. Now, the next one is called top-down. Two U T a N OTA. So it gets just what Tatan call 10 town, tow hours, something like that, but a N O T a I'm sure you guys are gonna all send me pronunciation guides and it has again, a free version, one gigabyte. So twice as much as proton mail and it doesn't really offer quite as much storage, but it starts at a dollar 18 month. Down from proton mail's four bucks a month. It also has end to end. Encryption also has two factor authentication. It has an encrypted search function, a calendar function, and aliases. I use aliases not only for my hack free life, but I use aliases because I will. To use a different email address for pretty much everybody I'm dealing with. So these, this way to do that is with an alias. One of the problems here with top I, this is a German company. I bet you it's a German word. Somehow Tottan TOA is that it is injured. Germany is one of those 14 eyes countries. That means it's one of the 14 countries, large countries that share information about people online and spy on each other's citizens. See, that's how the government's gotten around it. The government have preclusions from monitoring citizens. So what did they do while they all get together, serve with the five eyes now once twenty-something eyes, but they're part of the 14 eyes agreement. So Germany, for instance, would spy on us citizens while they're in the U S. And the U S will spy on German citizens while they're in Germany and all over the world. Okay. So that's a negative, however, as a general rule, the European union has pretty good privacy laws, so you're probably safe. And then the third one, which is again, the third in my priorities here too, is called counter mail. Now it has. Interesting features, for instance, they have what are called Ram only servers. So the server boots up, obviously it has to boot off of some sort of a device, but once it's running, everything's in memory. So if that server loses power, it loses everything. Now that's an interesting thing to do and can be a problem if you're trying to store emails, right? It has men in the middle attack protection, which all of these due to one degree or another, but counter male makes that a kind of a big deal. They have a safe box and anonymous payment systems that you can use. And it starts at $3 and 29 cents a month. They have a four gig storage limit. They do not have a free version. So I liked this one counter mail, but I do use proton mail, at least for testing. Some mothers also rans here that allow you to send and receive encrypted mail. Secured mail is Zoho mail, Z O H O mail. The X, Y Z is another one post deal. So I've used Zoho before, by the way post geo P O S T E O. You might want to look@mailbox.org and start mail. So there you go. Top three proton mail. That's still my recommendation. If you want some secure email and it'll cost you a bit, if you want cheaper, look at this T U T A N O T A. All right, everybody make sure you spend right now about a minute. Go to Craig peterson.com and sign up for my weekly newsletter and training. Is there no such an example of Silicon valley and they're a hoity toity attitude of fake it until you make it, or is it the reality of Silicon valley? What's happening out there? WeWork and others.  Theranos. How many of you guys know about Theranos? They had a really great idea and it was started in 2003 by a 19 year old young lady named Elizabeth Holmes. That is pretty young, but her idea was why do we need to have a whole tube or more of blood in order to do blood? With the technology we have nowadays, we should be able to just use a drop of blood and be able to test for hundreds of diseases with just a pinprick of blood. It seemed pretty incredible at the time, but she was able to. Been a yarn that got a lot of people right into investing in her company. We're talking about nearly a billion dollars in capital that was put into their nose. How could she have fooled all of these people or was she fooling them? Was she doing what you expect to have done in Silicon valley? That is in fact the argument that her attorneys are using right now. She is on trial because this company Theranos was never able to produce and tests. They could just take out a drop of blood and run hundreds of tests on it. And there's a lot of evidence that has come out that has shown in fact, a great little documentary that I watched not little on her and the company Theranos. That showed that they had in fact, been taking vials of blood and using other people's equipment, not the Theranos equipment to do the valuations of the blood, to look for diseases, to look for things like vitamin D deficiency that is in fact, something that could have helped with this whole COVID-19 thing. A real quick and cheap check a vitamin D levels in your blood, but what happened? Elizabeth Holmes was really a great talker. She was able to convince a lot of people and a lot of businesses, including Walgreens to invest in her. Not only did she have Walgreens invest in her, but some of the biggest names that you can think of in the investing community, including Rupert Murdoch, he invested in fairness. Now her argument in her. At least her attorney's argument is, Hey, listen, we're not doing anything differently than any other Silicon valley company that's out there. It's this whole creed that they have of fake it until you make it. Is that legit. Is it just one more live from Silicon valley? There's a great article that was in Forbes, talking about some of these, what are called unicorns. These are companies that are startups and are taken under the wing by investors, starting with angels, and then moving into venture capitalist, actually, even before angel. Friends and family and moving into venture capitalist positions, and then eventually public companies, all of these businesses really required proof before they got any funding. So here's an example from Forbes, Airbnb. Obviously they, hadn't what we consider today to be a rather unique business model. But it had been tried before. The whole assumption was that people would rent rooms in their homes on this huge scale, but they didn't have any pre. They were the first to make it in this global trend, they built up this whole idea of becoming a hotelier yourself with your home. But when the founder, Brian Chesky tried to get angel capital, he did not get a dime. He had to prove that renters were interested and people were interested in renting out their homes and that he could pull them together. Once he proved that, then he was able to get the money and prove is you. To have a viable business. First, it's really rare that you don't have to, Facebook was started by Zuckerberg now, all of those stories, but the whole idea was having Harvard students connect with the. And then he expanded it to students and other universities and then expanded it to the world at large, his natural initial investors, like most or friends and family, people who give the money to you because they want to see you successful. Eventually here. Zuckerberg was able to prove it and get money from Silicon valley. And then VCs, I'm not getting into any of the ethics of how he did it or any of these other people that had Google. Google was started by these two Stanford students page and Brin, and they got angel capital from investors. And, but these investors were different than most the investors into Google, where people who were already very successful in the computer industry and could understand the ideas behind the algorithm and believed in page and Brynn and that they could grow this company. Microsoft. Again, another company that started with extremely questionable methods was started by gates. And now. They didn't have any VCs, either. They started by running programs for other people. They convinced IBM that they needed to license an operating system from Microsoft and Microsoft didn't even have the rights to, and then they went out and acquired it on a non-exclusive basis. IBM acquired it from Microsoft and non-excludable exclusive basis. Then they got VC money after they started to take off. Okay. Amazon was started by bayzos with funding from his family and small investors from Seattle. He got a VC from Silicon valley after he launched and was already earning thousands in revenues. Bezos had real proof. Walmart was started by Sam Walton with 25 grand from his father-in-law. He built this business and financing strategy and used his skills to become one of the world's most successful companies as he grew. We work. I don't know if you've seen these. There's a great documentary out there. And we work that I watched too, but again, like Elizabeth Holmes, he was a great guy at standing in front of a group and getting investors to put money. And he was even great at getting people to buy from. We work that he even started this whole, I think it was called wee life thing where he had people who would move into the building. That they were renting this office space from, and they'd all lived there. They all had their own little units and they'd get together every night and they'd eat together and have community and everything again, collapsed when they couldn't sustain the momentum. And it was like a Bernie Madoff thing where he needed more money coming in order to support it. And he got incredible amounts of money from this big Japanese investor. And then we've got Theron. Elizabeth Holmes. She failed when this investigative reporter questioned whether the technology really works, the investigative reporter said, Hey, can you really do hundreds of tests reliably with just a drop of blood? Why did this report, or even have to ask the question at all? How about all of these investors? Huge companies, my including medical field companies. How did all of them get built basically into spending about a billion dollars with her in an investor? It is a real problem. And it's a real question because ultimately what we're talking about is companies and Silicon valley thinking you fake it till you make it, who are bilking investors and everybody else out of it. Now you have to have a certain amount of that. No matter what the company is. Do you think. Faith in yourself. You've gotta be able to stand up and make a presentation to customer or to an investor, an angel investor or friends or family, whatever it might be, but how could you have sold value to customers and convince them? To pay the rent that's needed before you've even shown a profit. And that's a big question. Things have not changed in Silicon valley because of what we work did. And because of their failure, things have not changed because of Elizabeth Holmes and Theranos and the major failure there. These people are investing money. They hope that two times out of 10, one times out of 10, they will actually make money from their investments. We're talking about the venture capitalists and they are jumping on all of these things that are, maybe. Quite legal. That was actually the pitch that was used by the founder of Uber. Yeah. We don't really know if this is quite legal or not, but we're going to let people use their own vehicles to drive their own cars, to pick up strangers and take them places. And it was obviously not legal, especially in big cities where they had laws about all of this. And then all of a sudden now Silicon valley. Really listening closely and say, oh, not quite legal. Okay. That means you are going to completely overturn the whole industry. And that means we could make a whole lot of money on you again, just the knee jerk. So we've got to be careful. The other side of the point and coin is the secret sauce, which is many companies are being careful to not disclose things for very good reason. They don't want an employee to leave and take with them. Their secrets. Look at the lawsuits that have been out there with Google and some of the other self-driving companies. You stole an executive, the executive brought all of this knowledge. Them. And maybe even some documents, this should not be legal. And now you've got the Biden administration issuing an executive order, trying to change this whole thing by saying, while you cannot lock people in to not disclosing or to your secrets or to not compete with you. How well to Silicon valley or any business anywhere. To keep their secrets, their secret sauce, the recipe to Coke. If you will, how are you going to keep it secret if you cannot hold people to these nondisclosure agreement? And so I think again, the Biden administration is going the complete. Wrong direction. I'm going to keep an eye on this whole Theranos thing, this trial that's going on. I didn't have an idea how it's going to turn out, but we do have to change the fake it till you make it. Ideology of Silicon valley. Hey, take a minute and sign up online. Get my free special reports and trainings. Craig peterson.com. Your cybersecurity strategist. It doesn't look like what's app is safe anymore. So what can you use if you want to have a conversation with someone, how many of you have a friend that's in China or Iran or Afghanistan or one of those other countries?  I was warning about our friends at Facebook. Of course they've been buying competition and in fact, they're being sued right now because of that. And they have been going after these companies that look like they are going to eat Facebook's lunch and then they buy them for way more. The market value. So what are the founders supposed to do? If I was offered crazy money for my company, I'd sell it at the drop of a hat. Just like that. It'd be done. Thank you very much. WhatsApp is one of those apps. My Facebook and Facebook bought it, allegedly because it looked like it was going to be serious competition. So our friends at the federal government decided, okay, we'll let this one go and we'll let them know. When Facebook gets their hands on something, it's like Google, getting their hands on, what's going to happen. Ultimately Facebook is going to be using it in order to sell you things. I'm not against having these various websites that we use, online apps and other things going ahead and Colleen us a little bit. What about things we want things to mean might want that we don't even know we want because we don't know they're available. So there's a lot of good reasons from a marketing perspective for them to be able to find out what we're into. They used to be a little bit different than it is today, but not that much. I was in the. Oh, direct marketing business way back in the seventies. It was my second job, really. And I wrote software. That was part of this system that actually put all of our competitors in the country, out of business. Yeah. I wonder if they're still around. It's called marketing electronics of Canada. And let me see if it comes up. Eh, statistics and be okay, so it's not really around anymore. So they master gone out of business. But what we would do for our customers is we'd say, okay, so who should you mail to this? It was direct mail back in the day. And so when we get asked a business, we were in and so they'd say, oh, okay. How about we mail to what 40 year old men who maybe want to buy a pickup truck? So how would we do that? We would look for the magazines that 40 year old men were likely to be. We'd look for anything, the newspaper subscriptions, neighborhoods. It was a real big deal. When, of course the zip code came in. That's not what it is in Canada, but the postal codes came into place because then we could narrow it down based on neighborhoods. So we'd put all of this together and we'd say, okay if someone is getting this magazine, And they're definitely not getting that magazine, but they're getting this newspaper and they live in this part of town. Then we put all of that together and we did the duplicate eliminations and figured out exactly. Okay, this is who we want to be. And then we would do direct mail for the customer to all of those people. So it would be whatever it might be back in the day, it was Grolier encyclopedia was our, one of our customers and Columbia music. You remember, those guys was one of our customers and a few other places out there and we made pretty good money and the, it was pretty easy to do. But back then we were doing almost the same thing. This was what now? 40 plus years ago, as they are doing today. But Facebook of course has way more information. They don't just know what website you might be going to, which is the equivalent of which magazines did you subscribe to back in the day, but they all say. Are in the middle of your conversations, they know who your friends are. They know what your friends have bought. They know what your friends are interested in. So it's not that much different than it used to be, but it's more intrusive because now instead of only having one. A couple of hundred magazines Countrywide that people might subscribe to. We now have millions of websites that we're likely to go to. And we have the conversations, the listen in which frankly, I think is the worst part of all of them. So when they bought WhatsApp, there was a warning of by myself and others saying, be careful, Facebook's going to start to watch you on WhatsApp and Facebook. Good. No. That's never going to happen. There's an article that came out this week. Okay. It's absolutely amazing. This was from pro public. Who looked at the WhatsApp messaging platforms, privacy claims, WhatsApp of course offers quote end-to-end encryption and quote, which most people interpret means that Facebook who owns WhatsApp. Can neither read your messages nor send them off to law enforcement. So some of us are concerned that they're reading it and they're using it from Arcadena et cetera, which okay. I can see, that's a little bit of an invasive invasion of privacy, but it's nothing that hasn't been going on since the 1950s. And the other side of it is what happens if the bad guys get their hands on that information or law enforcement? It reminds me of the old days was stolen, remember stolen. And in his henchmen, they said, Hey, show me the person I'll show you the crime. And the reason he was able to say that is there's so many potential laws that you can bring. If you tell me the person's name, I'll dig into them and watch them, and we'll be able to accuse them of a crime and get them convicted and thrown in prison. So there's those of us who are worried about that potentially happening, then you might say it's not going to happen today. I think frankly, it well could happen today more than it could have, or would have happened just a few years ago, but it keeps getting worse and worse. So I get all. Stuff, but the claim to WhatsApp being safe to say anything on that. No one's monitoring you. No one can see what you're saying is basically false because what they've found a ProPublica is that Facebook employs about a thousand WhatsApp moderators whose entire job is reviewing WhatsApp messages. Now, about some of the censorship this has been going on at Facebook. This is not the same thing because in general, in Facebook, of course, everything is open and available for their computer systems to flag. The automated systems will see it and say, oh, okay. Yeah, this is bad. And they'll just shut you down and then maybe send it off for a person to review. What's happening here with WhatsApp is someone can flag a message that they have received at. Improper now that's where it starts getting to be a little bit crazy here, because with this loophole in WhatsApp's end-to-end encryption, now you don't have that to fall back on that they don't have it, that they can't read. The recipient of any of the WhatsApp messages can flag it once. Flag the messages copied on the recipient's device and sent as a separate message to Facebook for review. Now, the messages are typically flagged for the same reasons they would be on Facebook, but one of the things that's been happening. Is with this content moderation, people who have received the messages from people that they don't like are reporting these messages to Facebook. So they might be in, in a group. You typically is why it works happening. And in, within this group, there's people who are saying things that they just don't like. That is frankly a loophole. Absolutely a loophole. So it's not any different from someone receiving a message screenshot in it or shown their device to another person that's received. But now it's an automated process. Millions of teams every year have found that out too, with their disappearing videos on Snapchat. They don't all just disappear. And that's a problem we're having right now with WhatsApp. So what should you use? What could you use? The number one recommendation that I have for you guys is to use signal. You'll find it online. Signals available for every mobile device out there, pretty much it's available for most desktop operating systems and it is end to end encrypted. And the guy who wrote it who has Mr. Marlin spike has an odd name? He has done this because he wants people to have true privacy in their messages. So signal pretty good. WhatsApp, not so good. You might not want to use it, but by the way, it's huge in use. Hey, take a minute. If you haven't already sign up for my weekly show notes and my trainings that are in them, you'll get them absolutely free. Craig peterson.com. And if you had done that, you'd already know all about WhatsApp and signal and what type of email you should be using. Big data has strikes again in this time it's in Los Angeles. If you get pulled over by the police, would you give them your social media information, your email address, et cetera. Question mark? Huh? Here we go. LAPD has started doing something that most people are saying is unethical and may be illegal is well, they were sued the Los Angeles police department in order to. Some information out of the police department. Cause some people had been reporting things and the Brennan center for justice is what it's called, sued them. Okay. Now this is at the New York school of law. The NYU school of law, the Brennan center is, and they filed a public records request with LAPD and police departments from other major cities. And they were trying to find out what's going on. What kind of data are these police departments collecting and the LAPD resisted making these documents available? I guess that's a clue, right? And so they did ultimately provide over 6,000 pages of documents after the Brennan center. Sued the department. And one of these documents was a memo from the LAPD chief. His name was Charlie. Back in May, 2015. He said that quote one, completing. F I report officers should ask for persons shall social media and email account or information and included in the additional info box. Now, what they're talking about is a, basically a field contact or field interview form, and he was telling them that they need to get all kinds of information, basically anything they can, but more specifically, once or Twitter handle Instagram. Profiles. There's a spot on here for all kinds of information. I'm looking at the report right now. Who are the name your date of birth, your sex, your gang, your or your monitoring moniker? Yeah, not everyone's in a gang guys. And let's see field interview, incident number, the division detail. So the only thing, oh, and by the way, social security number as well. And if you're asking them for their social security number, it tells you they have to read this assess federal law requires that you be in. When asked for your social security number that must be provided for use and identification authority for required. This information is based upon field interview procedures operational prior to January 1st, 1975. Remember the social security number was only going to be used by the treasury department for. Income to verify that you'd been paying and would not be used by any other federal departments or state and local. In fact, it was illegal at the time. Anyways, I guess I'm rambling about this. Cause the social security number thing really upsets me because of. Everybody's collecting it and the bad guys have your social security number and it's being used as some sort of a university universally unique number. We call those UIDs IDs in the computer world, but it's not. And unlike a regular you ID that can easily be regenerated, they will not issue you in a new social security number. If your old one was stolen. It's really crazy. So it may be an unusual policy, even though the LAPD has been doing it for years. Let's see. So a lawyer in the burn-in centers, the library in national security programs wrote, he said, apparently nothing bars officers from filling out field interview forms for each interaction, they engage. On patrol, notably our review of information about the field information cards in 40 other cities did not reveal any other police departments that use the cards to collect social media data though. Details are spars, publicly available documents to try to determine if other police departments are channeling. I collect social media during the field interview were requested, but found that most are not very transparent about their practices. So I guess that's not too surprising. Here's where it starts getting more concerning for me anyways. And that is, they are feeding all of this information from these contact cards into a system that was developed by. Amazon. This is a system called plant Palentier. There you go. Palentier. And in fact, there was an open letter that was written by the staff at Amazon to Jeff. Bayzos asking bayzos to stop selling this technology to law enforcement. Okay. That's how bad it is. Here's an article from ARS Technica. Amazon staff have called on CEO, Jeff Bezos to stop selling facial recognition technology to law enforcement and government agencies. Do the book 10 channel that the tech is used to harm the most marginalized. Microsoft and Google also have done the same thing. Now you hear that and you say, that's really good, kudos to you. I'm glad that you are trying to stop this. And yet at the same time, these same employees don't seem to have a problem with selling this technology to the red, Chinese. At all, they don't seem to have a problem with it in some of these other countries that are using it for just terrible things. Further this letter that they wrote demanded that Amazon stopped selling their cloud services to data analytics from planet here. They have numerous government contracts involved in the operation of ISIS detention and deportation programs goes on and on. So what makes sense to you? The ACL you recently reported that Amazon's recognition facial technology is being sold to police departments. It can identify faces in photos and videos. Amazon pitched in as a way of identifying and tracking suspects. The issue that is raised here by the ECLU is the militarization of the police. How far can it go? Should it go? The targeting of activists and ISIS family separation policy. Now this was in 2018, just so that okay. So back in the day, of course, anything president Trump did was evil. And so this stuff they came out and said was evil. I haven't, I looked and I haven't got anything more reasoned about this. So for some reason, the Biden administration using this, isn't a problem LAPD using this apparently was a problem and continues to be a problem. Keep an eye out for it locally, because here's the other side of this whole thing they say. Are they being the police officer when they pull you over I need this information. I need to inspect your car. I need to search your person, et cetera. They may need to, but that doesn't mean that they have the. Legal right or constitutional right to do it. So typically the police only ask for things that they can constitutionally asked for, that they should ask for. And people, most people know they can refuse a search depending on the circumstances and they, but they don't because you're honoring the police officer. Going on from there honoring the police officer. I also mean that people are allowing the police to gather this information because of, again, the respect that giving to that police officer. And in fact, they apparently do. There's another study in this article that talks about that. It's a problem. We gotta be careful all of this data being fed into a big system that tracks us, that, the bad guys are going to get their hands on that data. Eventually. Hey, visit online Craig peterson.com and check out today's newsletter. You'll find in there links to this and all of today's stories. Do you remember when president Trump was trying to block Tik TOK, this Chinese social site that so many of us were using? Of course now that's all gone. That's all history. And there's another piece of news about them.  Tik TOK is a social media site that really rose a like crazy. It is owned by 10 cent, which is a Chinese company. Now, as all companies in China are controlled by the socialists, the communist party of China, the CC CCC CCP. Remember those initials from back in the day. They are now being given access to location information about Americans, about all kinds of places in the United States, in photos, people's names, their locations, you name it. Through tick talk to Chinese government, the Chinese military, the people's liberation army as they call it. And we're giving all of this information voluntarily. So president Trump had a problem with that. Why should a Chinese company be allowed to track American citizens? Now at the time, took talk was quite popular and was growing in popular. Now we're seeing a news story from the BBC saying the tech talk has overtaken YouTube in the average watch time per user in the United States and the United Kingdom. YouTube is still the bigger video site. They have YouTube as far more users, they have far more video that's watched, but what we're talking about here is something that is specific, but it's still scary, which is the average us tick-tock user watches, more video than the average YouTube view. So if you're a marketer, maybe it's time to get on Tik TOK, but also right now, tick talk is really the younger generations. It's not the older folk. Okay. I expect that eventually just like Facebook started with the college students and it has now really grown to being a an over 40, even over a 50 year old web. At Facebook, the same thing will happen for Tik TOK, but we're getting concerned here because tic talk is upended the streaming and social landscape. With these small videos, it reminds me of how the goldfish, why is the gold fish or the happiest animal in the world? Because it only has a five second. That was just great from Ted lasso. I don't know if you've watched that show at all. That's one of these apple TV shows out there it's really it's really true because these Tik TOK videos are extremely short and the whole goal of it is to have something that's funny and they've had challenges and various other things that they've done too, but they have really gone crazy. Google has tried to counter tic talk. They've had their own little thing. Facebook's had their own little thing with these short videos, but this time spent metric that we're talking about here is from the monitoring from app Annie. That's the name of it. And it only accounts. Android phones because some of this monitoring cannot be done on I-phones. Okay. But it also does not include China where tech talk is a major app in over in China. It's called . I probably didn't pronounce that one quite right either, but it is a massive audience that they have out there and. I'm looking at all of the stat. It's just absolutely amazing. You can see those of course in the newsletter for today, but yeah. Live streaming apps Twitch. For example, viewers can purchase bits virtual currency and send them to cheer for streamers journal, live stream and stuff. This is an interesting business. Tik TOK has definitely taken it over. And we're seeing that that nobody's been able to really do anything. YouTube has it's Tik TOK clone called YouTube short. It was launched in may. This is a 62nd video clips, whole ideas. It's mobile first it's swipe up. Also out there with, I love this. This is ARS Technica, calling it a photocopier, which is what YouTube does, within an upstart video service comes along a Twitch, see YouTube gaming. Anyways, everybody's trying to get into it. No one's being successful at it yet, other than tech talk. And do we really want the red, Chinese having access to all of that? Think what's innovative. You've got GPS information coming from your smartphone. So they know exactly where it's taken. They know who you are. They know information about you as a user. I don't know. It gets scary. And then you think about what happened with the Wu Han lab and what escaped out of there. Could they use that? Might they use that home? My goodness on a very concerned. Okay. From Krebs on security, we have a warranty. For Microsoft users, attackers are now exploiting a windows zero day PLA. So this is a previously unknown vulnerability in windows 10 and many windows server versions. And what it allows them to do is seize control over PCs. When users open a malicious document or. A booby trapped website. There's currently no official patch for it, but Microsoft has released recommendations in order to help mitigate the threat. These mitigations aren't the best, frankly, but we'll see it affects what's called the Ms. HTML component of internet Exploder on windows 10 and many windows servers that are out there. And of course, internet Exploder has been deprecated. For use people should not be using it anymore. So for those of you who are still using internet Explorer, I've got two words for you from the famous Bob new heart, just an amazing guy. So here we go. Okay. Here you're there. That's from an old routine. I couldn't help, but think of it, but yeah, that's the bottom line. You need to stop using internet Explorer. It does not work well. It is bug Laden. Like most Microsoft software seems to be, and it is now under direct attack. So make sure that. Patch had Shirley patch off. And now I am in the middle of putting together. This is another bit of free content for everybody, but two things. One is a cyber health assessment that you can do yourself. And shall I show you how? And I'm going to have a course on that too. A paid course that gets into a lot more detail. But the basics is, I want you guys to understand that. And then the other thing is in the next 90 days, what are the things that you should do and can do to make your computers safer? Now, as usual, this is aimed at businesses, but works great for. Individuals for home users. And we'll see how this ends up going. But frankly, the zero day attacks are going to keep happening. They happen to Microsoft. They happen to apple. They happen to everybody, but they all release patches. The only one that you are going to have trouble with patches on is older versions of windows. And of course Android. What else do I have to say? Any older Android phone? Cause they lose support very quickly. So don't use those, but make sure patch Tuesday. All of those patches are installed from Microsoft and visit me online. Craig peterson.com. Make sure you sign up for my newsletter so you can get these coming up and more.

    Do You Know How to Identify a Fake Web Page? - Whole Show

    Play Episode Listen Later Sep 10, 2021 81:44

    Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post that they put up is fantastic and you'll see it in my newsletter this week. Make sure you get that. [00:00:45] Have you ever come across a website that didn't look quite right if you haven't, you haven't been on the internet very much because whether you're an individual at home or you are in a business environment, we are likely going to end up on websites that are not legitimate. Sometimes we'll see these things, that company logo might be wrong. There's not enough information on the page. You've been there before and this looks down page. The odds are that you were on a hack site, a site that's trying to get you to do something most of the time when you end up on these sites, they're trying to get you to put in your username and password. [00:01:31] Already that the bad guys have stolen your username and password from so many websites out there. So why would they try and do it this way? It's because if they're pretending to be your bank and you try and log in, They know this as your bank account, and many times they immediately try and get into your bank account or your phone account, whatever it might be. [00:01:56] This is a very long-standing tactic that's relied on by hackers everywhere. Usually it's a knockoff of a real page. They'll take it and they will recreate it. Then it's easy to do if you're in a web browser right now, when you go to your bank's website. You can just go to file, save as, and go ahead and save the entire webpage and you'll get everything. [00:02:23] You'll get all of the links that are on there. All of the graphics that are there, it'll pull it in for you all automatically. And that's all they do. That's what they use. Just a copy. How do they get in front of you in the first place? Typically the hackers will go ahead and send a phishing email. [00:02:43] They'll make the email sound legitimate. They'll make it look legitimate. They'll often even use a URL that looks a lot like it. B the real banks email. I've seen it before where the URL is bank of america.safe site.com. That sort of a thing. I'm not blaming safe site. They could be a great company. [00:03:04] I don't know. I just made it up as we're going, but that type of a URL where it's not really bank of america.com or it's a misspelling of bank of America, that's the sort of thing that gets to be pretty darn common and. Clicking on that link and then submitting your information. It hasn't been leading to credit card fraud, data extraction, wire transfers, identity theft, and a whole lot more. [00:03:34] Now with the COVID relief, that's been out there. All of these things from filing for unemployment claims through filing for PPP protection as a business, the whole. Industry has changed. I'm talking about the hacker industry here, because there are so many people who are falling for these scams and ransomware as well has gone up over 300%. [00:04:08] It's just absolutely amazing. Now, if you go online and you duck, duck, go. Fake login pages. And for those of you who don't know what I mean by that duck go is the search engine I've been recommending lately. It is a search engine that doesn't take politics into play like Google does. And it also does not track you. [00:04:31] And what you're looking at it is ad based. It gets its revenue from advertisement, but it's not selling your information just on the basic search. That you're doing. I think it's a very good alternative, but if you go ahead and your search for fake login pages, you're going to find thousands of guides on how to create websites. [00:04:53] And these bad guys can create these websites in absolutely no time at all. It just a minute or two in order to make one of them. Now it can be difficult nowadays to figure out if it's a fake site, because the, again, the hackers are constantly updating their techniques to be more sophisticated. So it's made it more difficult for consumers to really recognize when something's fraudulent. [00:05:22] Now I want to get it into a psychological term. In attentional, blindness. You've probably heard of this. I remember this from, I think it was college days for me, so a very long time ago, but there's a study that was done on inattentional blindness called the invisible gorilla test. If you go right now online and just search for invisible gorilla test, you'll see a bunch of these coming. [00:05:52] No, there's even a book called that the invisible gorilla test that came out about 11 years ago, 12 years ago, I think. But here's the bottom line on this? They tell you to do something in this study. What they did here is there's a video. People there's six people, three of them are dressed with white shirts and three of them have black shirts and they're passing basketballs back and forth. [00:06:20] The white shirts are only passing to the white shirts and the black shirts under the black shirts. And what they ask you to do is count the number of times the team in white past. Now, you're sitting there watching, knowing they're going to try and fool you, you're paying a whole lot of attention to it. [00:06:40] And then at the end, they ask you a question that may be not expecting the video. I just watched on this, that was called the monkey business. Illusion is the name of this. I counted and I counted carefully and I came up with 16 passes. So the monkey business, illusion, 16 times the people in the white shirts passed the basketball back and forth. [00:07:06] So I got that. But then they said did you notice the person in the gorilla costs? Who walked through the game. He didn't just walk through the game, walked in, beat on this chest and then walked out of the game. If you didn't know about this and okay. In chorus, all honesty, I always try and put everything upfront here. [00:07:29] I knew about it beforehand. I remember from college days. But eight, most people actually about 50% of people who did not know, there is a gorilla in the middle of this. Would not have noticed the gorilla walking through the game, but this monkey business illusion video, there's something else too. [00:07:52] And I've got to admit, I did not notice that. And that is the curtain color change. From red to gold, this curtain that was in the background of all of these players. And I didn't notice one other thing. I'm not going to tell you what that is. You'll have to watch the video of yourself too, to figure that out again, just go online and search for the monkey business illusion. [00:08:19] And I think you'll find it. So the reason I brought this up is because if you come across a well forged login page and you're not actively looking for signs of fraud, you're fairly likely to miss a cybercriminals gorilla. You're likely to miss that the logo's not quite right, or the placement isn't the same as I'm used to. [00:08:45] Because you're focused in, on doing what you're supposed to be doing. It's the whole concept as well of have tunnel vision. And I'm sure you're aware of that. We've all had that before, where we're really focused on this one little thing and we don't notice everything else going on. It particularly happens in high stress times. [00:09:08] So how do you steer clear of the fake login pages? We're going to talk about that when we get. But it's absolutely crucial for everyone, even if you've had phishing training and you are trying to be cautious, you could fall for this invisible gorilla and enter in your personal details, not something that you really want. [00:09:36] Hopefully you guys got my newsletter last weekend. I got a lot of comments on it. People are saving. In fact, that's the first thing I said in this email last week is don't lose this because it went through point by point on about 10 different things that you should be doing too. Yourself and your business safe during the holidays. [00:10:03] Now, of course we had labor day coming up. We're going to have more holidays, right? There's always more holidays in the future and less it's after the first of the year, then you got to wait a long time. Make sure you get it, make sure you dig it out. If he didn't notice it just search for me@craigpeterson.com. [00:10:23] That's where the email comes from and have a look at that. I have links on how to do all of those things. It's very important. FBI warning out just last week. [00:10:33] I just told you about one of the biggest problems we are facing right now, when it comes to hackers and then has to do with fishing and going to fake login pages. Now I'm going to tell you exactly what to do. [00:10:47] How do you steer clear of these fake log-in pages and how do you protect yourself in case you accidentally do provide the bad guys with the information that you shouldn't have? [00:11:01] If they've got your email address or your login name and they have your password, it's pretty easy for them to log in. In most cases right into your bank account. So first of all, don't fall for phishing, but as we just described because of this whole inattentional blindness that we have, it's easy enough to fall, pray for this. [00:11:28] Beat yourself up too bad if you followed, if you fell for some of that stuff, but there is a great little website the Google has that you might want to check out. And that website gives you a real quick quiz, is the best way to. And it shows you some emails and you get to determine whether or not you think it's fishing and then it tells you what the reality of it is. [00:11:59] So go to fishing quiz. Dot with google.com. If you miss that, you can always email me M e@craigpeterson.com and I'll send it off to, but phishing quiz dot with google.com. And of course, phishing is spelled P H I S H I N G fishing. Dot with google.com. So you can go there and right there on the screen, it says, take the quiz. [00:12:30] You can hit it and make up a name and an email address. So it doesn't have to be your real name or your real email address. Okay. It's not going to send you anything. It's not going to sign you up for stuff. It just wants to use it in. Phishing email examples. That's going to give you, so I put in a fake name and a fake email address and it is showing me an email. [00:13:00] So to me, from a Luke, John. And it says Luke Johnson shared a link to the following document, Tony 21 budget department dot doc. So if I click on that, I have now told them, Hey, I'm open to all that sort of stuff. It's so anyways, it's got the link and it's got the opening docs and you now up above say, is this phishing or is it. [00:13:27] Legitimate. Okay. So if we say fishing that says, correct, this is a phishing email. You might have spotted the look alike, you are out. And that is indeed exactly what it is cause it it wasn't legitimate. And remember when you mouse over a link, you can see down at the bottom. The URL that is going to open up for you. [00:13:51] So you can just go through this at your own speed at your own pace and figure it out again. If you didn't get that, you can always email me M E ed Craig peterson.com. And I'll be glad to get back to you. So that's a good way to learn about fishing. I want to con really warn, I should say businesses. If you are sending out phishing emails to your employees to see if they are opening fake phishing emails or not. [00:14:23] That's an okay. Practice. The problems really come in with the companies that are sending out phishing emails and are then following up in such a way that employee is punished in some places they are being punished by if you've opened three fake emails over the last year or whatever it might be. [00:14:47] But over the last year, you're. It's that bad. So we have to be careful. You're not going to increase the confidence of your employees by doing that. And what's, you're actually going to end up doing is slowing down the productivity of your employees. Because now they're going to be really worried about opening, any emails that look like they might be legitimate. [00:15:14] And so your business is going to slow right down. So having some more training about it. Okay. I can see that everyone makes mistakes and we've got to remember that as well, but watch free, man. But we really are trying to get you to move quickly, act fast, or I need this answer right away. Or one of the big ones is we've got this vendor and in fact, I'll, let me give you a real world example. [00:15:41] It's a manufacturing company and of course they. To buy product from vendors, as supplier. And then they use that product or whether it's copper or whatever it might be now to put it all together to make their products. And this one person, this one, hacker a lady again in Eastern Europe, she went and found out about this company. [00:16:08] Okay, great. Found on their website, who the CEO was, who the CFO was. Okay, great. And was able to find the CEO online on Facebook and on his Facebook account, he said, yeah, we're going to The Bahamas. Rear-ending a sailboat. We're going to be out there, the whole family for two weeks. This is going to be fantastic disconnected. [00:16:37] So she found all of that. Now what she had to do was she found out who it was. The CEO, what school he went to. So first she had to get around the restrictions. Cause he had said, don't share my posts with anyone other than friend. So she sent him a message because she found his LinkedIn profile. You see how easy this is to do. [00:16:59] She found his LinkedIn profile and that he went to Harvard and got his MBA. So she sent him. A little note saying, Hey, remember me Janie from X, Y, Z class at Harvard, and want to be friends catch up a little bit. And then he doesn't remember who she is, but the picture looks cute enough. I might as well say yes. [00:17:21] And now she had his contact information over on LinkedIn, send him a friend request over on Facebook as well. That's how she found out he was going to be gone for two weeks. And so now she knows when he's gone. And where he's going to be completely out of touch. So once he's gone about two or three days later, she sent an email off to the CFO inside the company and said, Hey. [00:17:49] We've got this new vendor they've been providing us with product for the last three months. We haven't paid them at all yet. I need you to wire. It was a little more than $40 million because she'd done her homework. She knew how much money the company made, what their expenses probably were. I need you to wire $40 million to this account, or they're going to stop. [00:18:17] All shipments to us. And instead of the CFO doing a little bit more homework into it and digging in and finding out because talking to the people in receiving that we've never received anything from that company. I don't know what you're talking about. And then talking with the guy on the manufacturing floor, the CFO didn't do any of that, just okay. This looks legit. And by the way, it is so easy for these hackers to also gain access to personal email accounts. And we're not going to spend time going into that right now. So he wired. Yes indeed. So there's an example of falling for fishing. A little bit of follow up on the part of the CFO would have shown him that this was not legitimate. [00:19:07] Even over on Shark Tank. Barbara Cochran. She fell prey to this, actually it was her assistant and who wired some $400,000 to a vendor that wasn't real. Now the good news is the assistant copied Barbara who saw the email right away and said, whoa, wait a minute. They called the bank and they put a stop on it.. [00:19:34] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next step. [00:19:50] The next thing to look for when it comes to the emails and these fake login pages is a spelling mistake or grammatical errors. [00:20:02] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. That's why I use Grammarly. [00:20:21] If you have to ever write anything or which includes anything from an email or a document you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, to the hackers out there, but the hackers will often use a URL that is very close to it. [00:20:45] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be amazon-aws.com or a TD bank-account.com. Something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well. [00:21:19] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website. [00:21:41] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security numbers. So I can validate the someone broke into your account. No, they don't. They don't just call you up like that nowadays. They'll send you a message in their app. [00:21:56] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as it not what's in the email. [00:22:33] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link. [00:22:58] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have opened them in awhile, and then I will drop you off the list. [00:23:28] Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to me@craigpeterson.com and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track. [00:23:51] Who responded to me. And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know that you responded. I know you're interacting, so I know I'm not bothering you. [00:24:11] And I know I need to respond. Much the same thing is true with some of these links. When I have a link in my newsletter and I say, Hey, I'm linking to MIT's article. It is not going to be an MIT. Because again, I want to know what are you guys interested in? So anytime you click on a link, I'll know, and I need to know that, so I know why, Hey, wait a minute. [00:24:36] Now, 50% of all of the people that opened the emails are interested in identifying fake login pages. So what do I do? I do something like I'm doing right now. I go into depth on fake logs. Pages. I wouldn't have known that if I wasn't able to track it. So just because the link doesn't absolutely look legit doesn't mean it isn't legit, but then again, if it's a bank of it involves financial transactions or some of these other things be more cautious. [00:25:11] So double check for misspellings or grammatical errors. Next thing to do is to check the certificate, the security certificate on the site. You're on this gets a little bit confusing. If you go to a website, you might notice up in the URL bar, the bar that has the universal resource locator, that's part of the internet. [00:25:38] You might've noticed a. And people might've told you do check for the lock. That lock does not mean that you are safe. All it means is there is a secure VPN from your computer to the computer on the other side. So if it's a hacker on the other side, you're sending your data securely to the hacker, right? [00:26:05] That's not really going to do you a whole lot of good. This is probably one of the least understood things in the whole computer security side, that connect. May be secure, but is this really who you think it is? So what you need to do is click on their certificate and the certificate will tell you more detail. [00:26:29] So double check their certificate and make sure it is for the site. You really. To go to, so when it's a bank site, it's going to say, the bank is going to have the bank information on it. That makes sense. But if you go for instance on now, I'm going to throw a monkey wrench into this whole thing. [00:26:48] If you go to Craig peterson.com, for instance, it's going to. Connection is secure. The certificate is valid, but if you look at their certificate and the trust in the details, it's going to be issued by some company, but it's going to just say Craig peterson.com. It's not going to give a business name like it would probably do for a bank. [00:27:14] So you know, a little bit of a twist to it, but that's an important thing. Don't just count on the lock, make sure that the certificate is for the place you want to contact. Last, but not least is multi-factor authentication. I can't say this enough. If the bad guys have your username or email address and your password for a site, if you're using multifactor authentication, they cannot get in. [00:27:53] So it's going to prevent credential stuffing tactics, or they'll use your email and password combinations that have already been stolen for mothers sites to try and hack in to your online profile. So very important to set up and I advise against using two factor authentication with your, just a cell phone, as in a text message SMS, it is not secure and it's being hacked all of the time. [00:28:23] Get an authorization. Like one password, for instance, and you shouldn't be using one password anyways, for all of your passwords. And then Google has a free one called Google authenticator. Use those instead of your phone number for authentication. [00:28:40] You're listening to Craig Peterson, cybersecurity strategist, and online@craigpeterson.com. [00:28:48] I've been warning about biometric databases. And I sat down with a friend of mine who is an attorney, and he's using this clear thing at the airport. I don't know if you've seen it, but it's a biometric database. What are the real world risks? [00:29:04] This clear company uses biometrics. [00:29:08] It's using your eye. Brent, if you will, it's using your Iris. Every one of us has a pretty darn unique Iris, and they're counting on that and they're using it to let you through TSA very quickly. And this attorney, friend of mine thinks it's the best thing since sliced bread, because he can just. On through, but the problem here is that we're talking about biometrics. [00:29:34] If your password gets stolen, you can change it. If your email account gets hacked, I have another friend who his account got hacked. You can get a new email account. If your Iris scan that's in this biometric database gets stolen. You cannot replace your eyes unless of course you're Tom cruise and you remember that movie, and it's impossible to replace your fingerprints. It's possible to replace your face print. I guess you could, to a degree or another, some fat injections or other things. Could be done to change your face sprint, but these Iris scans fingerprints and facial images are something I try not to provide any. [00:30:29] Apple has done a very good job with the security of their face print, as well as their fingerprint, because they do not send any of that information out directly to themselves or to any database at all. Period. They are stored only on the device itself. And they're in this wonderful little piece of electronics that can not be physically compromised. [00:30:59] And to date has not been electronically compromised either. They've done a very good job. Other vendors on other operating systems like Android, again, not so much, but there are also databases that are being kept out there by the federal government. I mentioned this clear database, which isn't the federal government, it's a private company, but the federal government obviously has its fingers into that thing. [00:31:29] The office of personnel. For the federal government, they had their entire database, at least pretty much the entire database. I think it was 50 million people stolen by the red, Chinese about six years ago. So the communists. Copies of all of the information that the officer personnel management had about people, including background checks and things. [00:31:55] You've probably heard me talk about that before. So having that information in a database is dangerous because it attracts the hackers. It attracts the cybercriminals. They want to get their hands on it. They'll do all kinds of things to try and get their hands. We now have completely quit Afghanistan. [00:32:20] We left in a hurry. We did some incredibly stupid things. I just, I can't believe our president of the United States would do what was done here. And now it's been coming out that president and Biden completely ignored. The advice that he was getting from various military intelligence and other agencies out there and just said, no, we're going to be out of there. [00:32:46] You have to limit your troops to this. And that's what causes them to close the air base battleground that we had for so many years. Apparently the Chinese are talking about taking it over now. Yeah. Isn't that nice. And whereas this wasn't an eternal war, right? We hadn't had anybody die in a year and a half. [00:33:05] It's crazy. We have troops in south Vietnam. We have troops in Germany. We have troops in countries all over the world, Japan, you name it so that we have a local forest that can keep things calm. And we were keeping things calm. It's just mind blowing. But anyhow, politics aside, we left behind a massive database of biometric database. [00:33:38] Of Afghanis that had been helping us over in Afghanistan, as well as a database that was built using us contractors of everyone in the Afghan military and the basically third genealogy. Who their parents were the grandparents blood type weight, height. I'm looking at it right now. All of the records in here, the sex ID nationality. [00:34:11] Date of exploration, hair color, favorite fruit, favorite vegetables, place of birth, uncle's name marker signature approval. Signature date, place of birth. Date of birth address, permanent address national ID number place of ISS. Date of ISS native language salary data salary, group of salary, police of salary education, father's name, graduation, date, weapon and service now. [00:34:41] These were all in place in Afghanistan. We put them in place because we were worried about ghost soldiers. A gold soldier was someone who we were paying the salary of taxpayers of the United States were paying the salaries of the Afghan military for quite some time. And we were thinking that about half of the. [00:35:06] Payroll checks. We were funding. We're actually not going to people who were in the military, but we're going to people who were high up within the Afghan government and military. So we put this in place to get rid of the ghost soldiers. Everybody had to have all of this stuff. In the database, 36 pieces of information, just for police recruitment. [00:35:39] Now this information we left behind and apparently this database is completely in the hand of the Taliban. Absolutely. So we were talking about Americans who helped construct Afghanistan and the military and the telephone. The looking for the networks of their Ponant supporters. This is just absolutely amazing. [00:36:07] So all of the data doesn't have clear use, like who cares about the favorite fruit or vegetable, but the rest of it does the genealogy. Does they now know who was in the police department, who was in the military, who their family is, what their permanent address is. Okay. You see the problem here and the biometrics as well in the biometrics are part of this us system that we were using called hide H I D E. [00:36:41] And this whole hide thing was a biometric reader. The military could keep with them. There were tens of thousands of these things out in the field. And when they had an encounter with someone, they would look up their biometrics, see if they were already in the database and in the database, it would say, yeah, they're friendly, they're an informant. [00:37:03] Or we found them in this area or w we're watching them. We have concern about them, et cetera, et cetera. All of their actions were in. Turns out that this database, which covered about 80% of all Afghans and these devices are now in the hands of the Taliban. Now, the good news with this is that a lot of this information cannot be easily extracted. [00:37:32] So you're not going to get some regular run of the mill Taliban guy to pick one of these up and start using. But the what's happening here is that we can really predict that one of these surrounding companies like Pakistan that has been very cooperative with the Taliban. In fact, they gave refuge to Saddam, not Saddam Hussein, but to a bin Ladin and also Iran and China and Russia. [00:38:04] Any of those countries should be able to get into that database. Okay. So I think that's really important to remember now, a defense department spokesperson quote here, Eric Fay on says the U S has taken prudent actions to ensure that sensitive data does not fall into the Tolo bonds. And this data is not at risk of misuse. [00:38:29] Misuse that's unfortunately about all I can say, but Thomas Johnson, a research professor at the Naval postgraduate school in Monterey, California says not so fast, the taller Bon may have used biometric information in the Coon dues. So instead of taking the data straight from the high devices, he told MIT technology review that it is possible that Tolo bond sympathizers in Kabul, provided them with databases of military personnel, against which they could verify prints. [00:39:07] In other words, even back in 2016, it may have been the databases rather than these high devices themselves pose the greatest risk. This is very concerning big article here in MIT technology review. I'm quoting from it a little bit here, but there are a number of databases. They are biometric. Many of these, they have geological information. [00:39:35] They have information that can be used to round up and track down. Now, I'm not going to mention world war two, and I'm not going to mention what happened with the government too, before Hitler took over, because to do that means you lose that government had registered firearms, that government had registered the civilians and the people and Afghanistan. [00:40:04] The government was also as part of our identification papers, registering your religion. If you're Christian, they're hunting you down. If you were working for the military, they're hunting you down. And this is scary. That's part of the reason I do not want biometric information and databases to be kept here in the U S Hey, make sure you get my show notes every week on time, along with free training, I try to help you guys out. [00:40:41] If you've never heard of the Carrington event, I really hope, frankly, I really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the sun. [00:40:58] Solar storms are something that happens really all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle. [00:41:22] You see what happens is that the sun charges, the atmosphere. That if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. [00:41:46] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the bow. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago. [00:42:08] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are. [00:42:41] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change. [00:43:10] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth long. [00:43:36] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. There's other things too, for instance. eruption can spew all to hold a lot of carbon dioxide. [00:44:01] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, come on, people. Really, and now we're seeing that in this last year, we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls. [00:44:32] We also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020. [00:44:54] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Something called a coronal mass ejection. This is seriously charged particles. That tend to be very directional. So when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere. [00:45:21] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very close shave that we had most newspapers didn't mention it, but this could have been. [00:45:51] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these solar flares, if you will, are very extreme, the CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere. [00:46:19] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this back hit with an E and yeah, here we go. And March 13th, 1989. [00:46:50] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes. [00:47:13] Of this solar storm. Now they, these storms that I said are quite directional depending on where it hits and when it hits things can get very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cute. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the eclipse. [00:47:50] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this 11 year cycle and possibly another bigger cycle too, that we don't really know much about. [00:48:22] But when this hit us back in the 1850s, what we saw was a a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that. [00:48:48] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here knocked out Quebec electric. Nine hour blackout of Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale. [00:49:27] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that would be just terrible and we would also lose internet connectivity. [00:49:52] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. [00:50:20] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass. [00:50:45] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. [00:51:12] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared. Of course, you're listening to Craig Peterson, cybersecurity strategist. [00:51:42] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes. [00:51:52] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go. [00:52:09] Google's web browser. It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really bad and they have finally completely and totally shot it in the head. [00:52:42] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded. [00:53:04] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome. [00:53:35] Is they released it so they could track you, how does Google make its money? It makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is a standard browser, which is a great. [00:53:55] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. There is what is being called here in Forbes magazine, a shocking new tracking admission from. [00:54:17] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. [00:54:42] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use it. The reality is that Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your data. [00:55:19] That's not true with Chrome. In fact, it's not protecting you from tracking and Dave data harvesting. And what Google has done is they've said, okay we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically. [00:55:43] You they'd be able to put you in a bucket. So they'd say, okay, you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you liked dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you. [00:56:12] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. It's the same thing. And in fact, it's easier for Google to put you in a bucket than to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. [00:56:34] It's easier for them to not have to reverse engineer all of the data the Google has gathered in instead. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding. [00:56:59] It's really what's going on out there. They are trying to figure out what they should do, why they should do it, how they should do it, but it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time. [00:57:19] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, nobody agrees on everything. Here's a quote from them. [00:57:41] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being. [00:58:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No. The answer is 100% of what you do is probably being tracked in some way online. [00:58:41] Even these VPN servers and systems that say that they don't do logs. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking guess what they handed over the IP addresses of some of the users to a foreign government. [00:59:09] So how can you do that? If you're not logging, if you're not tracking. Yeah, they are. And the same thing is true for every paid VPN service I can think of. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy. [00:59:36] Their flagship browser is totally into it. It's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, the buckets that I mentioned, isn't realistic, frankly. Google's privacy sandbox is supposed to Fitbit fix it. [00:59:56] I should say. The whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google is not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others. [01:00:20] I do use Firefox and I use. Which is a fast web browser. That's pretty good shape. Hey, if you sign up for my shows weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using. [01:00:46] Sign up right now. Craig peterson.com. [01:00:50] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers. [01:01:07] Now, the reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering. [01:01:17] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time. [01:01:45] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are. [01:02:11] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or windows or tablet, whatever. And you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files. [01:02:41] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that, not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can document that pretty easily, even in things like Microsoft. [01:03:11] The verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you yeah. I'm I might've misspoken. Let me see, what does it say? It says users of Azure cloud competing service. [01:03:36] So that's their cloud. Microsoft's big cloud. Okay. Their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that's exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customer's data. [01:04:12] Completely exposed. Okay guys. So this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB. [01:04:46] Okay. I'm actually familiar with that one and let's see what small companies let's see here. Some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Let me see. Could any of these people like maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, about our health and social security numbers and account numbers and credit cards. Names addresses. That's again, why I used to get so upset when these places absolutely insist on taking my social security number, right? It, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security. [01:05:34] And the law even said it could not be used for anything other than social security. And then the government started expanding it. And the IRS started using it. To track all of our income and that's one thing right there, the government computers, they gotta be secure. All of these breaches we hear about that. [01:05:52] Can't be true. So how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead. That's being used to track me. [01:06:18] Is it this isn't a socialist country like China is, or the Soviet union was right. It's not social. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information? [01:06:40] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, you missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private. [01:07:13] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? [01:07:33] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database 3,300 customers looks like some of them are actually big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that might be yeah. [01:07:57] Why. Why are we trusting these companies? If you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. [01:08:24] Does that make sense to you? Did I say that right? You don't need the information and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers. [01:08:48] And maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found it. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through a, this database hack or a vulnerability anyways. [01:09:17] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time consumers are the people I help the most, I wish I got a dime for every time I answered a question. [01:09:38] Just email me@craigpeterson.com and stick around. [01:09:44] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. There are some other parts of the world that are doing a lot more. [01:10:00] Australia has. I don't know. I think that they went over the deep end that much, the same thing is true right next door to them. [01:10:11] And I am looking at a report of what they are doing with this new app. You might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. It wasn't terribly successful. Some states put some things in place. [01:10:38] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? Good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown. [01:11:03] They have COVID quarantine orders. Now I think if you are sick, you should stay here. I've always felt that I, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home. [01:11:26] You don't want to get everybody else in the office, sick and spread things around. Doesn't that just make sense. They now in Australia, don't trust people to stay home, to get moving. Remember China, they were taking welders and we're going into apartments in anybody that tested positive. [01:11:42] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada. [01:12:07] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the, of course now inflated prices for the hotel, because they're a special quarantine hotel. [01:12:34] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you. They have pretty hefty fines. [01:12:54] What Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location. [01:13:32] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said, we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check. [01:13:59] Very intrusive. Okay. Here's another one. This is an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic. [01:14:27] So there you go. People nothing to worry about. It's just a trial. It will go away. Just for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. And we all know that world war one isn't over yet. [01:14:47] So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has China and Russia have some interesting things going on. [01:15:08] First of all, Russia is no longer. Country, they are. They aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics. [01:15:35] Not so much on history, not so much on, on politics. But definitely heavy on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. According to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays. [01:16:02] Okay. So basically what they're doing, I reverse that what they're doing is they're only allowing the kids three hours of gaming per week. In other words, they can play between eight and 9:00 PM, Friday, Saturday, and Sundays. I think that might overload some gaming servers. Cov gaming addiction has affected studies and normal lives. [01:16:23] And many parents have become miserable. That's China's press and public administration. Sedna state. Okay. There's going to be some relief during the school holidays. Children will be allowed 60 minutes per day for gaming hard to say how China plans didn't force it, but they have their ways, identity cards. By the way required for playing online. They've got a facial recognition system introduced in July by 10 cent. Remember all of the uproar around 10 cent and their apps and president Trump trying to get them blocked here in the U S yeah, there you go. Facial recognition bill right into the app, and it's proven effective at catching children pretending to be adults in order to get around government gaming curves. [01:17:12] So this goes on and on and Korea as well, South Korea has had some very big problems. You might remember it was headlines just a few years ago of some of these south Korean kids dying because they were playing video games four days straight with no sleep, no real food. Just taking all of these energy. [01:17:37] And we'll literally gaming themselves to death. So South Korea passed a law that prevented young people from playing online video games late at night. So that was introduced back in 2011 and it's targeted at players 16 or up. And south Korean miners were prevented from playing online PC games between midnight and six, 8:00 AM. [01:18:03] Now South Korea has scrapped that law. Interesting. So they're saying it's out of respect for younger citizens, right? They're going to abolish this law, replace it by. Permit system that allows players to request a permit per game and play during self-assigned hours that their parents will sign off on. [01:18:27] This is in an article from GameSpot, by the way, a gamespot.com. You might remember them too, the whole Robin hood scandal. But I think it's an interesting question. When my kids were young lo those many years ago I got this box that the, you took the TV wire, you ran it into the box and you could program. [01:18:51] So that each kid had their own code and you could specify how much time the kid could watch TV or how much time or when they could watch TV and how much time cumulative the kids could have. And it actually worked pretty well. And the kids certainly complained a lot about it. And a couple of them tried to work the way around it hard to when the plug is inside the box. [01:19:17] Yeah, ingenuity as they are. They were able to do that. They cut the wire off and put another power connector on the end of the TV wire. Anyhow Microsoft, we've been talking about them a lot. This show. I do not like Microsoft, that already the windows 11 is coming out and we talked about. [01:19:38] Before, because windows 11 is plying. Microsoft is planning on requiring you to have a very modern computer. You need to have a TPM in it, which is this special security module. You need to have a certain speed, et cetera, but the TPM is a big thing. That's going to make it. So most of your computers won't work. [01:20:04] Tons of pushback on that. I can see what Microsoft is trying to do it. They really would love to have a clean operating system that really wasn't getting hacked all the time. And this will help it won't solve their problem, but it will help. So that they're going to be doing now is they're going to over

    You Need to Start Using Burner Identities ASAP

    Play Episode Listen Later Aug 28, 2021 83:25

    You Need to Start Using Burner Identities ASAP! In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business email compromises. It's really crazy. That's what we're going to talk about. [Automated transcript] An essential part of keeping ourselves safe in this day and age is to confuse the hackers. The hackers are out there. They're trying to do some things. Ransomware, for instance, like[00:00:30] business email compromise, is one of the most significant crimes times out there today. It hits the news legitimately. It's terrifying. It can really destroy your business, and it can hurt you badly. If you're an individual, you don't want ransomware. How about those emails that come in? In fact, I just got an email from a listener this week, and they got a phone. His wife answered, and it was [00:01:00] Amazon on the phone, and Amazon said, Hey, listen, your account's been hacked. We need to clear it up so that your identity doesn't get stolen. And there's a fee for this. It's a $500 fee. And what you have to do is just go to amazon.com. Buy a gift card, and we'll then take that gift card number from you. And we'll use that as the fee to help recover your stolen information. [00:01:30] So she went ahead and did it, and she went ahead and did all of the things that the hackers wanted. And now they had a gift card. Thank you very much. We'll follow up on this and. Now she told her husband, and of course, this isn't a sex-specific thing, right? It could have happened to either one. My dad fell for one of these scams as well. So she told her husband, or her husband looked at what had happened and [00:02:00] said, oh my gosh, Don't think this is right. Let me tell you, first of all, Amazon, your bank, various credit card companies are not going to call you on the phone. They'll send you a message right from their app, which is usually how I get notified about something. Or they will send an email to the registered email app. No, that you set up on that account. So that [00:02:30] email address then is used by them to contact you, pretty simple. Or they might send you a text message. If you've registered a phone for notifications, that's how they contact you. It's like the IRS. I was at a trade show, and I was on the floor. We were exempt. And I got no less than six phone calls from a lady claiming to be from the IRS, and I needed to [00:03:00] pay right away. And if I didn't pay right away, they were going to seize everything. And so all I had to do was. Buy a gift card, a visa gift card, give her the number and use that to pay the taxes. And this lady had an American accent to one that you would recognize. I'm sure. And it's not something that they do now. They do send emails, as I [00:03:30] said. So the part of the problem with sending emails is it really them? Are they sending a legitimate email to a legitimate email address? Always a good question. Yeah. Here's the answer. Yeah, they'll do that. But how do you know that it isn't a hacker sending you the email? It can get pretty complicated. Looking into the email headers, trying to track. Where did this come from? Which email servers did it go through? [00:04:00] Was it authenticated? Did we accept? Did the provider use proper records in their DNS, the SPIF, et cetera, to ensure that it's legitimate? How do you follow up on that? That's what we do for our clients. And it gets pretty complicated looking at DKMS and everything else to verify that it was legitimate, ensuring that the email came from a registered MX server from the actual [00:04:30] server. There is a way around this. And this has to do with the identities, having these fake burner identities. I've been doing this for decades myself, but now it's easy enough for anybody to be able to do it. There are some services out. And one of the more recommended ones. And this is even the New York times; they have an article about this. They [00:05:00] prefer something called simple login. You can find them online. You can go to simple login dot I O. To get started now, it's pretty darn cool. Cause they're using what's called open-source software, it's software. So can anybody examine to figure out this is legitimate or not? And of course, it is fair, but it's all out there for the whole world to see. And that means it's less likely in some ways to be hacked. There are people who [00:05:30] argue that having open-source software means even more. In some ways, you are, but in most ways, you're not; anyway, it doesn't matter. Simple login.io. Now, why would you consider doing this? Something like simple login? Simple login is friendly because it allows you to create dozens and dozens of different email addresses. And the idea is with a simple login, it will [00:06:00] forward the email to you at your actual email address. So let's say you're doing some online shopping. So you can go ahead and set up an email address for, whatever it is, shopping company.com that you're going to use a shopping company.com. So you'd go there. You put into simple login "I want to create a new identity," and you tag what it's for. You then go to some shopping company.com and [00:06:30] use the email address generated for you by simple login. Now you're a simple login account. Is it going to be tied into your real email account, wherever that might be if you're using proton mail, which is a very secure email system, or if using outlook or heaven forbid Gmail or one of these others, the email will be forwarded to you. You will be able to see that indeed, that [00:07:00] email was sent to you. So shopping company.com email address or your bank of America, email address, et cetera, et cetera, that makes it much easier for you to be able to tell, was this a legitimate email? So, in other words, if your bank's really trying to get ahold of you, and they're going to send you an email, they're going to send you an email to an address that you use exclusively. For bank of America. In reality, you only have the one email [00:07:30] box over there wherever proton, mail, outlook, Gmail, your business Excel. You only have that one box you have to look at, but the email is sent to simple login. Does that make sense? You guys, so you can create these alias email boxes. It will go ahead and forward. Any emails sent to them, to you, and you'll be able to tell if this was indeed from the company, because [00:08:00] that's the only place that you use that email address. That makes it simple, but you don't have to maintain dozens or hundreds of email accounts. You only have one email account. And by the way, you can respond to the email using that unique aliased email address you created for the shopping company or bank of America or TD or whomever. It might be, you can send from that address as well. [00:08:30] So check it out online, simple login dot IO. I really liked this idea. It has been used by a lot of people over, out there. Now here's one other thing that it does for you, and this is important as well. Not using the same email address. Everywhere means that when the hackers get your email address from shopping company.com or wherever, pets.com, you name it. [00:09:00] They can not take that and put it together with other information and use that for business, email compromise. Does that make sense? It's it makes it pretty simple, pretty straightforward. Don't get caught in the whole business email compromise thing. It can really hurt. And it has; it's one of the worst things out there right now, dollar for dollar, it's right up there. It, by the way, is one of the ways they get ransomware into your [00:09:30] systems. So be very careful about that. Always use a different email address for every Website you sign up for. Oh, and they do have paid plans like a $30 a year plan over at simple IO will get you unlimited aliases, unlimited mailboxes, even your own domain name. So it makes it pretty simple, pretty handy. There are other things you might want to do, for instance, use virtual credit cards. [00:10:00] And we'll talk about those a little bit. As well, because I think this is very important. But, hey, I want to remind everybody that I have started putting together some pieces of training. You're going to get a little training at least once a week, and we're going to put all of that into it. What we have been calling our newsletter. I think we might change the name of it a little bit, but you'll be getting those every week. And the only way to get those is to be on [00:10:30] that email list. Go to Craig peterson.com/subscribe. Please do that right now. I am not going to harass you. I'm not going to be one of those. And I've never been one of those internet marketers that sending you multiple dozens of emails a day. But I do want to keep you up to date. So stick around; we will be back here in just a couple of minutes. And, of course, you're listening to Craig Peter's son. [00:11:00] And again, the Website, Craig peterson.com. Stick around. Cause we'll be right back. One of the best ways to preserve your security online is by using what we're calling burner identities, something that I've been doing for more than 30 years. We're going to talk more about how to do that right now.  You can do some things [00:11:30] to help keep yourself and your identity safe online. We've talked about email and how important that is. I want to talk now about fake identities. Now, a lot of people get worried about it. It sounds like it might be sketchy, but it is not to use fake identities to confuse the hackers to make it. So they really can't do the [00:12:00] things that they. To do, they can't send you fishing ear emails, particularly spear-phishing emails. That'll catch you off guard because you're using a fake. How do you do that? I mentioned to you before that I have thousands of fake identities that I created using census data. And I'm going to tell you how you can do it as well. There's a website out there called fake [00:12:30] name a generator. You'll find it online@fakenamegenerator.com. I'm on that page right now. And I'm looking at a randomly generated identity. It has the option right on this page to specify the sex. And it says random by default, the name set, I chose American the country United States. So it is applying both American [00:13:00] and Hispanic names to this creation. And now remember it's creating based on census data and some other public data. But, still, it is not giving you one identity of any real people. So I think that's important to remember, and you're not going to use these identities for illegal purposes. And that includes, obviously, when you set up a bank account, you have to use your real [00:13:30] name. However, you don't have to use yours. If you have an actual email address, you can use things like simple login that will forward the email to you, but we'll let you know who was sent to. And if you only use that one email address for the bank, you know that it came from the bank or the email address was stolen from the bank. All of that stuff. We've talked about that already. So, in this case, The name that has come up with [00:14:00] for me is Maurice de St. George in Jacksonville, Florida even gives an address. In this case it's 36 54 Willis avenue in Jacksonville, Florida. So if I go right now two, I'm going to use Google maps, and I will put in that address. Here we go. Jacksonville willows avenue, all the guests. What? There is Willis avenue in Jacksonville [00:14:30], and it showing hoes oh, from Google street view. Let me pull that up even bigger. And there it is. So ta-da, it looks like it gave me. Fairly real address. Now the address it provided me was 36 54, which does not exist. There is a 365, but anyway, so it is a fake street address. So that's good to know some, if [00:15:00] I were to use this, I'm going to get mine. Am I male saying about I pass. Maurissa tells you what Maurice means, which is neat. It'll give you a mother's maiden name. Gremillion is what gave me here a social security number. So it creates one that passes what's called a checksum test so that if you put it into a computer system, it's going to do a real quick check and say, yeah, it looks good to me. So it was not just the right [00:15:30] number of digits. It also passes the check, some tasks. Well-known how to do a checksum on their social security numbers. So again, it's no big deal. And remember, you're not going to use this to defraud anyone. You're going to use this for websites that don't really need to know; give me a break. Why do you need all this information? It gives me a phone number with the right area code. And so I'm going to go ahead and look up this phone number right now. Remember, use duck go. Some [00:16:00] people will use Google search, and it says the phone number gave me is a robocall. As I slide down, there's some complaints on that. So there you go. So they giving us a phone number that is not a real person's phone number, country code, of course one, cause I said United state birth date. Oh, I was born October 7th, year, 2000. I'm 20 years old. And that means I'm a Libra. Hey, look at all this stuff. So it's giving me an [00:16:30] email address, which is a real email address that you can click to activate or right there. Again, I mentioned the simple login.io earlier, but you can do a right here, and it's got a username and created for me a password, which is actually a pretty deal. Password. It's a random one, a website for me, my browser user agent, a MasterCard, a fake MasterCard number with an expiration and a [00:17:00] CVC to code all of this stuff. My height is five-six on kind of short. My weight is 186 pounds own negative blood type ups tracking number Western union number MoneyGram number. My favorite color is blue, and I drive a 2004 Kia Sorento, and it also has a unique ID. And you can use that wherever you want. So the reason I brought this up again, it's called [00:17:30] fake name generator.com is when you are going to a website where there is no legal responsibility for you to tell them the truth. You can use this. And so I've used it all over the place. For instance, get hub where you have it's a site that allows you to have software projects as you're developing software. So you can put stuff in, get hub. They don't know to know, need to [00:18:00] know who I really am. Now they have a credit card number for me. Because I'm on a paid plan. I pay every month, but guess what? It isn't my real credit card number. It isn't the number that I got from fake name generator. My credit card company allows me to generate either a single use credit card numbers, or in this case, a credit card number for get hub dock. So just as an example, that's how I use it. So we've get hub gets hacked, the [00:18:30] hackers, have an email address and a name that tipped me off right away, where this is coming from. And if the email didn't come from GitHub by no, they either sold my information to a marketing company, or this is a hacker. Trying to manipulate me through some form of his fishing scheme. So I know you guys are the breasts and best and brightest. A lot of you understand what I'm talking about, and I'm talking about how you [00:19:00] can create a burner identity. And let me tell you, it is more important today to create a burner identity. Than it has ever been at any point in the past, because frankly, burner identities are one of the ways that you can really mess up some of the marketing firms out there that are trying to put the information together, these data aggregator companies, and also the hackers. And it's really the hackers that [00:19:30] were off up against here. And we're trying to prevent them from. Getting all of this information. So when we come back, I want to talk about the next step, which is which credit cards can you get? These single use card numbers from? Should you consider using PayPal when my Google voice be a really good alternative for you? So we're going to get into all that stuff. Stick around in the [00:20:00] meantime, make sure you go to Craig peterson.com/subscribe. Get my newsletter. All of this. Is in there. It makes it simple. It's a simple thing to do. Craig Peterson.com. And if you have any questions, just email me, M e@craigpeterson.com. Having your credit card stolen can be a real problem for any one of us. It gives the bad [00:20:30] guys, a lot of options to spend a lot of money very quickly. We're going to talk right now about virtual credit cards. What are they, what does it mean?  Virtual credit cards come in two basic forms. One is a single use credit card, which was quite popular back when these things first came out, and another one is a virtual credit card that has either a specific life. In other words, it's only good for 30 days [00:21:00] or that can be used until you cancel it. If you have a credit card, a visa, MasterCard, American express, discover all of the major card issuers will give you the ability to reverse any charges that might come onto your cards. If your card is stolen or misused. Now that makes it quite easy. Doesn't it? I want to point out that if you're using [00:21:30] a debit card, as opposed to a credit card, there's not much challenging you can do with the credit card. You can say, I am not going to make my payment. And because of this, that, and the other thing, this was stolen, et cetera, they can file it as a disputed charge. They can do an investigation to find out. Yeah. I'm you probably were not at a bus terminal down in Mexico City, which happened to me. Because I was up [00:22:00] here in New Hampshire, quite a ways down to Mexico City. And so they just reversed it out. That money never came out of my bank account because it was on a credit card. If I were using a debit card. That money would have come right out of my account. Now, mind you, a bus ticket in Mexico city is not very expensive, but many people have had charges of many thousands of dollars. And if you need that money in your checking account, [00:22:30] and you're using a debit card, you got a problem because your check for if you ever have to pay rent again, red check is going to. Bound because they just empty it out to your bank account. So now you have to fight with the bank, get the money back. They will eventually refund it, but it could make some of you. Transactions that you might've written a check or something, it'll make them bounce. And that could be a real problem. These, it could make them [00:23:00] bounce. So using a credit card is typically less of a hassle online. So why would you want to use a virtual card or also known as is a master credit card masked and may S K E D? The main reason behind this is to allow you. Control payment. I've used them. In fact, I use them exclusively on every Website [00:23:30] online. And I'm going to tell you the names of some of them here in just a couple of minutes, but I use them all the time. And part of the reason is let's say, I want to cancel. A service. Have you ever tried to cancel a service before and you have to call them many times, and so you're arguing with somebody overseas somewhere who doesn't want you to close the account. And of course, Bump you up to the next level person who also doesn't want you to close the account. And [00:24:00] so you have to fuss. Have you ever had that experience and I'm sure you have. It just happens all the time. So with using the virtual credit card, the advantage to me is, Hey, if you are going to try and fight with me, I don't care because I'm just going to cancel that credit card number. So I don't have to cancel my credit card. I don't have to have the company reissue credit card for me. I don't have to do any of this sort of thing that [00:24:30] makes my life pretty easy. Doesn't it? And because of that, I am now I think in a much better. Place, because it just, I don't have to fight with people anymore. So that's one of the reasons I used it. The other big reason is if it gets stolen, they can cause less harm. Some of these credit card it's virtual credit cards are set up in such a way that you can limit the amount that's charged on them. Do you like that? [00:25:00] So if you are using it on a site that maybe is charging you $50 a month, no problem. $50 a month comes off of the credit card. And if someone tries to charge more bounces and then hopefully you find out, wait a minute, it just bounced on me. Then next step up is okay. It bounced and. I'm just going to cancel the card, and then you issue a new credit card number for that Website. So an example. In my case is [00:25:30] get hub.com. We keep software up there, and they charge me every month if get hub were to get hacked and that credit card number stolen I'm I really don't care because there's almost nothing that can happen. And if good hub doesn't properly cancel. My account, I can just cancel the credit card and let them come after me. This isn't going to happen. So then it's also called a master credit card number, cause it's a little safer than using your [00:26:00] real credit card details. I also want to point out something about debit card. I went for years with no credit cards at all. Nowadays, many of my vendors will take a credit card for payment. And in fact, give me a bit of a better deal. And then with the credit card, I can get 2% cashback, which I use to pay down the credit card. It couldn't get any better than that, but when you're using a debit card, what I always do. [00:26:30] Is I had two accounts that I could transfer money between at the bank. So I had one checking account. That was my main operating, if you will account. And then I had another checking account where I would be. Just moving money out of it. Or you could even do it with a savings account, but some banks, they only let you do so many transactions a month on a savings account. So the idea is I know that I have this much credit card [00:27:00] obligate while debit card obligations for this month, that money is going to be coming out. So I make sure that. In the debit card account to cover the legitimate transactions I know are coming up and then I keep everything else in the other account. And then I manually transferred over every month. So that's how I dealt with the whole debit card thing. And it worked really well for me. Bottom line. I think it's a really great idea. So there you go, who are the companies that [00:27:30] you can use to do this? I've used some of these before all of them have worked really well. If you have a capital one credit card, they have something called Eno, E N O, and it's available to all capital one cardholder. Eno even has an extension for your web browsers. So if it notices you're on a webpage, it's asking for credit card number, it'll pop up and say, do you want me to create a [00:28:00] credit card number or a virtual one for this Website you can make your payment. Does it get much easier than that? Citibank has something they call a virtual credit cards available to all Citibank cardholders, master pass by MasterCard. That's available to any MasterCard visa, American express discover diners club cardholders, credit, debit, and prepaid cards by their way. So you might want to check that one out. Yeah, [00:28:30] so that's the only one I see on my list here. That will do it for debit cards, master pass by MasterCard American express checkouts available to all American Express cardholders. Chase pay available to all chase cardholders, Wells Fargo, wallet visa checkouts, available to all visa, MasterCard, and American express and discover color cardholders, credit and debit cards. Plus. Prepaid cards. Okay. So it does [00:29:00] do the debit cards as well. Final that's all owned by Goldman Sachs and is not accepting any new applicants and entro pay. Also not accepting new applicants. There's a couple online. All right, everybody, make sure you check me out. Craig peterson.com/subscribe. We're going to wrap up how you should be using these burner identities of [00:29:30] few more tips and tricks that are going to help keep you safe from the hackers that are out there. So here we go.  There are a lot of hackers out there. The numbers are just astounding. The cost of these hackers coming in and stealing our information is just unbelievable. And it goes all the way from big corporations, from things like the colonial [00:30:00] pipeline, the US government all the way on down through you and me. I want to tell you a little story about a friend of mine. He is about 75 years old, and he supplements his income by driving for Uber eats and one other company. And so what he'll do is someone puts in an order for food somewhere. He'll go pick it up and then he'll drive it to where whoever wanted, whoever ordered it. Now, [00:30:30] there are. Pricing number of scams with this. So he's very careful about some of that orders, a cookie, for instance, because it's usually a bit of a scam anyway, we won't get into those, but I'll tell you what happened to him. His information was stolen online as it was probably yours. Mine I know was as well. So it's all stolen. What do you do? In his case, what ended up [00:31:00] happening is they managed to get into his email account. Once they're in his email account, they now had access to the emails he was getting from one of these companies. Now it wasn't the Uber eats guy. He was, there was another company. So let's just explain this a little bit. Uber eats sends him a request for him to go ahead and do a deliver. Go to the restaurant, pick it up and take it to this client's house. [00:31:30] And in order for him to register, he had to register an email address. Now, of course, he uses the same email address for everything. All of it. Now, personally, that drives me a little bit insane, but that's what he does. And he has just a few passwords. Now. He writes them down a little book and heaven forbid he ever lose the book so that he can remember them. He [00:32:00] just wants to keep his life simple. He's 75. He's not technophobic, he's not up on all of this stuff. What he found was a paycheck didn't show. And it was an $800 paycheck. We're talking about real money that he should have had in his pocket. It didn't show up. So he calls up the company and says what happened to my paycheck and a record show? Yes, indeed. It had been paid. We [00:32:30] paid you, we deposited right into your account. Just like you asked. Yeah. ACH into the account. Great. Wonderful. What had happened is bad guys had gone, gained control of his email address and use that now. Because they figured I see some emails in his account from this food delivery service, let's try and see if this email address that we're looking at right now. All of his emails let's [00:33:00] look and see. Okay. Yeah. Same. Email address and same password as he used at this email address? Yeah, it worked. Okay. Great. So now we have access to this guy food delivery account. So they changed. The bank account number, no easy enough to confirm. They change it, Mel. Hey, I want to make sure that it was you until the bad guys, the hackers, click out, yada. Yeah, it was [00:33:30] me and then lead the email. So he doesn't see it. And now his $800 paycheck. In fact, I think there were a couple of different checks is deposited directly into the bad guy's bank account and. The money of course has transferred out pretty quickly. Now the, that guys, these hackers are using what are called mules. You might be familiar with that in the drug trade. They'll have a third [00:34:00] party deliver the drugs just to mule. They don't know what all is going on. They probably know the delivering drugs in this case. Most of the meals are useful idiots, of which there are many in this country, unfortunately. Political and otherwise. And these people are convinced that all they need to do is transfer the money into this account so that the hackers can then pull it out. And now [00:34:30] they're gonna take care of their grandmother who is stuck in the hospital and they have no way to pay for it. And they can't transfer the money out of the country directly. That's one of the stories they use for people. And in many cases, these mules know what they're doing. The FBI earlier this year arrested a whole group of mules out in California that were purposefully transferring the money. They knew what they were doing. So his money was now out [00:35:00] of the country. No way to get it. And this food delivery company was not about to pay him. So it isn't just the big guys it's you and me as well. So what I want to talk about right now is multi-factor authentication. Now. You guys are the best and brightest. I hope you understand this. If you have questions, please reach out to me. I am more than glad to send you some good material on this. Just [00:35:30] me. M E add Craig peterson.com. I am here to help. What multi-factor authentication does is allows you to not just log in by using an email address and a password, or maybe a username and a password. Which is much better, by the way. I don't like it. When sites require an email address to log in. Although as I use multiple email addresses, and I think you should as well, a different email address for every site [00:36:00] out there beyond question, you should be doing that. So anyway, this is. You should be doing with multi-factor authentication. They will have you put in your email address, have you put in your password, and then they'll do something that is supposedly something you have. So the best security is something, along with something you physically have. So in most cases, they'll use two factor [00:36:30] authentication by sending you a text message with a code. And then you type in that usually six digit code, and now you're in, and it only does that. If it doesn't recognize the browser, are you using, or in many cases of, it needs to be a little more secure than that it's only good for 24 hours or maybe a week. That is not good enough. You should be using a code generator. Google [00:37:00] has one for free, but I want you guys to use something called one password. That's the digit one password. You'll find it online. You'll find it in all the app stores. It is what we use for the most part. It's great for families. And it's great for businesses because you can have different vaults and you can share them and control access. Now there's a couple of reasons why that we're talking about multi-factor authentication right [00:37:30] now. So the first reason kind of the biggest reason is you can use it for generating passwords. Fairly random ones or fairly memorable ones. And then when you go to a site, one password can pop up and give you the password for the site. So you don't even have to look it up. You don't have to remember it. You don't have to look it up. Isn't that phenomenal. And then it also has built into it. Token this six digit [00:38:00] key generator. I'm trying to keep this simple. So you can then use that for the site. So it says, okay, what's the code go to your code generator. So you just go to one password. There it is. Copy it and paste it right in. And you're in that alone would have prevented my buddy's account from getting there. It's that simple, one more thing that you want to use one password. And that is those questions that you're [00:38:30] asked to verify. It's you many sites out there banks are really big into this and I don't get it cause it's not very good in most cases. So they'll ask you things like where were you born? What's your mother's maiden name? Where did you go on your first day to what was the car that you owned first? Or, your dog's name, et cetera. The reason, those things are so bad is because the hackers can go online, look at your [00:39:00] social media and figure out the answers to a lot of those questions. Bad. So what you should be doing is using one password, and it allows you to put notes pretty much anything you want to in the record for that Website. So you go to the Website and you log in, create your account right. To log in. So you're going to give it your, probably your email address, which is a bad idea, but [00:39:30] that's, what's required use one password. To generate a strong password for you that you'll put in. You'll use one password. Hopefully they have multi factor authentication that allows you to use one of these code generators. Google has theirs is called Google authenticator, and one password is compatible with that. Microsoft has done. Own thing. And it's not compatible with almost any Website online. So don't use the [00:40:00] Microsoft authenticator other than for Microsoft products, like using the, a windows 365 thing that they have does use Microsoft authenticator, but you can also use the Google one and the one password one, and then in the notes section, make up answers to the questions. So it asks you, what was your mother's maiden name? And say something different insecurity, where, what is your high school? It was named [00:40:30] movie elementary school, make something up a stream. Okay. Use random answers. Record them in one password. You're going to have to look them up. If you ever on the phone with the bank or whomever, because you're not going to remember them, but that's good because they don't appear in your. Social media anywhere and they don't appear anywhere else other than your secured encrypted one password fault. [00:41:00] Thanks for being with us. I appreciate you guys listening, and you can find all of this. I'm going to turn all of these and did a little mini-courses here over the next few weeks, and there's only one way you're going to get it. And that is by being on my email list. Craig peterson.com/subscribe. Go there right now. Craig peterson.com/subscribe. As if this year and last year haven't been enough weirdness, [00:41:30] it looks like George Orwell is kind of lending some help here. You won't believe what the us department of Homeland security is planning on doing well, maybe it will. If you missed the last hour, it is absolutely must-listen radio. And so what I'm going to be doing is I will put it up online for you guys. You can get it by going to Craig [00:42:00] peterson.com/podcast. Hopefully, I'll get it up soon after the show today, but I went through and explained ways. That you can protect your privacy online. Absolutely protect it. So you don't get that kind of advice or most people, most people are trying to sell you a product that just doesn't really work that well. I I'm telling you what does work, what the experts do, what Edward Snowden would do. What I [00:42:30] have been doing for more than 30 years personally, in order to help keep my identity safe. So check it out again. Craig peterson.com/podcast. Now I want to point out too, that if it's not upon you, look, make sure you refresh your browser. So you're going to want to do what's called a cache clear refresh. So. And the browser by that URL bar, you'll see a little, it's usually a little circle [00:43:00] with an arrow on the end. That's your refresh, but you need to also reflect, refresh your cache. So you're going to hold down the shift. And hit that little circle with the arrow on the end, and then you'll be able to listen to all of that. And I'm thinking right now, I'm probably going to try and turn that into a series of emails so that you guys can just read. Through it over the course of a few weeks. Cause man, did I cover a [00:43:30] lot? And you can get that when those come out in. And even if I don't get around to this, I do do emails with training in them. And with of course the latest news. And you get that by subscribing again, Craig peterson.com. We've got to help you guys out. You need to know this. Okay. Absolutely. You, you personally need to know that. Well, this whole or wellbeing thing is scary, frankly. [00:44:00] I just finished going through reading George Orwell's 1984 again, and it was just so eyeopening. I read it many moons ago, and I learned a lot from it then, but now I see it out in the streets. I see it with what's been happening with government and even businesses. And we've complained about them many times here on the show. Haven't we, some of the deep [00:44:30] state, big tech ties that go between each other. It's no longer really the military-industrial complex. We're talking about the deep sea. High tech complex. It's a bad thing. It's a scary thing. Well, what they're doing right now, and this is a great article from news busters.org is they've got this Alliance between the department of Homeland security and private [00:45:00] companies that they're trying to put together. Now, news semesters, isn't saying. That it's already in place. They're saying this is what they're planning on, putting them place. However, I know what they have in place, and they're already doing a bunch of this. Again, it goes back to that app. Isn't really free that app that supposedly is free, is doing something it's gathering information, data on you, and then it's selling it. And the people that are buying it are data. Aggregators is what they're called. [00:45:30] 20 years ago, I had some of the top data aggregators on the show and I sat down with them and I said, well, let's look me up because they have information, public records, some private stuff, like obviously buying it from these app developers. And I said, let's look me up, find out what you have on me. So we looked me up, and I would say about three quarters of it was wrong. Which was really kind of interesting. And this is [00:46:00] data that was used back then, mainly for what's called skip tracing. So you have a bill to pay. You don't pay it. You move out of town. That's the process to find do is called skip tracing. And that's what they would do nowadays. It turns out that local. Federal police departments and other agencies are buying this data from the data brokers so that they can now track you. Now they're not allowed to, by [00:46:30] law track you, you know that, right. But the government is doing what one might call lawyering. That's what we called it in robotics. I was part of a us robotics team with kids, and they would always look at the rules, and they would get reprimanded. The teams would if they lawyered the rules. In other words, if they met the exact definition of what it was in the rules, but they didn't meet the spirit of the rule.[00:47:00] They would get reprimanded. They might even get kicked out. And that did happen a few times. However, if you're the government and you get to say which laws you want to follow, which court rulings you want to follow, think of what's been happening lately, right? We're not going to, yeah, I know. I know I can't do this. I can't do this. I can't do this. I can't do this. I have a pen and a phone. I'm going to do it anyway. Or just reverse all of the actions of the prior administration. [00:47:30] And even though the Supreme court says, Hey, you cannot do this, but we're not going to rule on it because the this policy is only in place for a couple more weeks. And then you do it again. Anyways, the government isn't, isn't even obeying the rules. Th the strict letter of the law. They're not even obeying, let alone the spirit of the law just drives me crazy. The wall street journal just reported, uh, about a week [00:48:00] ago here last Sunday that the department of Homeland security is considering hiring private companies to analyze public social media for warning signs of extremist violence, spurring debate within the agency over how to monitor for such threat while protecting American civil liberties. Now I'm glad they're at least giving you. Lip service to protecting our civil civil liberties, right. That I think is a very good [00:48:30] thing. They should be protecting them, but this just has the tendency to continue to inch forward again and again and again. So this effort has not received approval and has not been. But it's going to involve. According to the wall street journal is sifting through large flows of internet traffic to help identify online narratives that might provide leads on developing tax weather from home [00:49:00] or. Eh, this is, this is just amazing. Now I mentioned on the radio, uh, previously that I have personal experience with one of these large federal law enforcement agencies that has been doing what I considered to be completely unreasonable things with people's information and also completely unreasonable things [00:49:30] in defining. Where the thread is. You've probably heard it all over the news that, that it's all these conservative groups that are the real threat. Well, it's not the conservative groups that have been out there, burning down cities, demonstrating, beating people with clubs, pulling people out of cars, and BD. No, it's not. So where, where are these people coming from, and how do they define these [00:50:00] extremist actions? How do they define it? Right. Well, you can tell that there's obviously some extremism involved when there's a riot, but they will respond to a riot in Washington, DC after Trump rally, but they don't respond to riots all over the country and major cities. And in many cases they don't even do arrests. Oh, it's absolutely amazing what's going on. So I'm very, [00:50:30] very worried about this fusion of big tech and deep state government, because it's become really kind of a hallmark of the Biden administration. Senator Josh Holly's Republican from Missouri really went after the Biden administration for pressuring private companies to help spy on the techs of American citizens. This is back in July and he said that the big government, big corporation [00:51:00] Alliance is the real danger here. And. Absolutely have to agree. This is going to be a problem. And giving the government access to more personal data is going to be an even bigger problem in months and years to come. Particularly if we just let them do. Willy nilly and that's kinda what's happening. What kind of oversight is there really think about the Pfizer courts that are [00:51:30] supposed to be providing oversight for monitoring, uh, people who are not citizens. And yet it looks like. Our law enforcement agencies. We're targeting citizens specifically through the Pfizer courts who are playing games. So I absolutely don't want this to happen. I don't want any administration, Republican-Democrat, you name it. I don't want any of them to have access to [00:52:00] this type of deal. And I go right back on this and a, here's a great quote to explain why I'm going to use a quote from lever inti barrier. He was the most ruthless and longest-serving secret police chief in Joseph Stalin's reign of terror. He said, show me the man and I'll show you the crime. That should scare all of us, because even though the administration today, isn't doing that [00:52:30] types of things Stalin was doing, obviously we don't know what's going to happen in the future and we cannot let the hackers gain access to this information because believe me, they're going to be going after it as well. So don't collect it in the first place. Let's do think that surveillance on citizens, criminal and otherwise, is a rarity. We're going to talk about the New York police department [00:53:00] and their secret funds used for surveillance tools alone.  Here we go. This is from wired magazine, you know, definitely not a right wing entity. They have been reporting on a number of situations where the government has really overreached when it comes to our information and our privacy. And they have this report now that has been [00:53:30] released. And. Yeah, that and some other documents and Sydney fossil wrote this article, and he's saying that the documents are showing that police bot facial rec recognition, software vans, equipped with x-ray machines and stingers. Cell site simulators with no public oversight. And I'm going to explain what each one of these things is and what they are typically used [00:54:00] for. But this is amazing. No problem. Oversight now that's according to documents released last Tuesday. So when all these documents are showing that the New York police department spent at least $159 million over the last 15 or so years through this little known special expenses fund, the did not require [00:54:30] approval by the city council or any other municipal official. Frankly. I think one PP has something to answer for here. We'll have to ask Tom Selleck about it. Right? The documents are made public by two civil rights groups, the legal aid society and their surveillance technology oversight project would says that what the N Y P D was doing amounted to our surveillance slash fund. [00:55:00] It's just crazy, um, stops director, which is again, the, uh, surveillance technology oversight project stop. Their executive director said that the police are still blocking other records needed by the public to understand the way New York is being policed. This is just something out in 2018, the New York police department awarded almost $7 million to the [00:55:30] idea solutions company, which by the way, sells biometric tools, including facial recognition. So what they have done in essence now is set things up in New York. Kind of like they are over in China where they have cameras located all over the place. And those cameras are capturing pictures of pedestrians. How the only kind of saving grace nowadays is a lot of people are wearing [00:56:00] face mask, although, and because a lot of people were in face masks, there's new software that will recognize people, even if they're aware. A face mask obviously depends on the type of face mask, but you know, it's still doing that. So they have all of these cameras. They have this facial recognition software. And they can track you as you're walking around the city. In fact, they can do it in reverse, [00:56:30] which frankly is kind of cool that there are also these airplanes in the sky, over many of our big cities. Now, New York, they're concerned about it. Of course of what happened on nine 11. People get really nervous seeing airplanes over there. So they're using high flying drones that can't really be seen with the naked eye or heard, and they are taking continual video of the entire city [00:57:00] and of all of the streets. So let's say a bank gets robbed, they can try. Those robbers back in time using these drones or airplanes, along with the surveillance software in the cities, mash of cameras and find out where they came from. Okay. So it looks like this was the staging area for the bank robbers, and then they can go back further in time and see where the bank robbers came from. What were they [00:57:30] doing? Where did they go? That technology all exists. Now, it's not that good yet, but you know, it ended up, it will end up being that good. But this goes right back to what I was talking about a little earlier with, uh, show me the man, I'll show you the crime. What happens if those cameras pick you up on a street where a drug deal was going down? Now you've seen it on TV. You've seen it in the movies where they poem money back and forth a POM, [00:58:00] the drugs, you wouldn't even know that a drug deal was happening and now you get pulled into it. How about what happened on January six in Washington, DC? There was a riot. We all know that the Capitol building, but now the FBI and other law enforcement agencies are pulling people in who cell phones pinged in the general area. In Washington, DC. So if you were down there and you [00:58:30] were part of a school tour that day, and you went to maybe the Trump rally, maybe you didn't maybe just went to the reflection pond down there. They investigated you. If you were in our hotel, they investigated you. If you used a credit card in the area, they investigated. And that's being alleged right now by some of these people that were investigated and have had minor charges brought [00:59:00] against them that this was a total witch hunt. It was fabricating the crime. Again, show me the man. I'll show you the crime. I mean, under Stalin, the dictator over in the Soviet Union, you know, socialist government for those that aren't familiar with it. These contracts that were received through kind of a freedom of information request to buy these civil rights groups were heavily [00:59:30] redacted. And so I made it very difficult to understand how many single tool functions were purchased, how they could work together to create a surveillance Dragnet. Over people in New York City, this secrecy also blocks a more complete understanding of the relationship between the New York police department is vendors in the public. So again, it's a double-edged sword it's yet. You want to catch the bank robber. You [01:00:00] want to catch the murderer, but most of the time, those people know how to. Fool the system, don't they, uh, in 2014, the New York police department signed a five-year $800,000 contract with Elbit Systems, which is Israel's largest defense contractor. And by the way, they aren't just in Israel. They're also, they have a plant in New England. Uh, kind of all over [01:00:30] and Elbit provides a wide range of surveillance tools used by customs and border patrol on our borders, including cameras and sensors that make up this virtual border Raul wall that we have on our Southern border. It, this is not good. And I want to add one more thing. I said, I explained what these things are, you know what x-ray is. And some of these trucks are using millimeter-wave stuff and are our x-ray and people [01:01:00] walking down the street, supposedly to see if they have a weapon. Huh? Okay. So just walking past one of these vans expose you to health risks, no warning about that cancer risks from these mobile x-ray vans and these stingray devices are fake cell phone towers. So they capture your information. Who you're calling where you're calling and your text messages, whether you are a target [01:01:30] of an investigation under court order, or just someone walking around the streets in New York, check me out online. Craig peterson.com. Investment money is rolling into these high tech startups. That means if you're looking for a new job in high tech, it may be your lucky day, particularly if you want a job with a startup. So here we go. Jobs in tech have always been [01:02:00] pretty good. Generally speaking, technology is what drives the economy. It is what boosts productivity, and it is right now, a really hot job market there. More small businesses, startups are being funded by angels and venture capitalists than there have been for a few years. That means we've got money now pouring into [01:02:30] these little startups. There's a great little article in ARS Technica by Ariel pod dress. And she's talking about this company called revenue. This is a startup. They just closed their Series B, which means they had their second investment round. And this is a platform for managing in-app subscriptions. They just got $40 million in the idea behind this $40 million series [01:03:00] B series B is to grow the company and. To hire more people. And of course, it's hard to grow the company without hiring more people, even if you're in the software business. So we're talking about a 35 person. Startup that's getting $40 million. That's more than a million dollars per existing employee. They want to get another 50 employees by the end of the year and a hundred by the end of next year. [01:03:30] Now I've got to say, I, I had a startup, it was me and it was me and it was me. Right. I started it. I worked really hard, and I built it up to 50 employees. I didn't have a dime of investment money, but now this investment money is out there like crazy, but revenue, cat's having a hard time along with most of these other startups, hard time hiring people. So, what they've done now [01:04:00] is they've got a whole bunch of extra perks. Things like unlimited vacations. Yes, indeed. No more. Two weeks you earn an extra day for every year. You work there or a seven. These other rules that around for a very long time unlimited vacations. They'll give you a stipend. If you have an office at your home that you're working. Plus, they're also providing equity and salaries on par with some of [01:04:30] the big tech companies, regardless of where you live. Right now, Facebook is, and Google are both looking at saying, Hey, listen, you know, you live a hundred miles outside of Silicon Valley. You don't deserve to be paid as much as an employee that lives right here in San Jose. So now we're going to cut your pay by 10%, 15%, sometimes even more. So these little guys are saying, Hey, listen, you can [01:05:00] work for us. We don't care where you live. Timbuktu in Northern Africa just doesn't matter. As long as you can work from home, we'll pay you the same as if you're living right here in Silicon Valley in California. And we'll even give you extra money because we know it costs you money to be able to work from home because you're probably going to have to get a better internet line. You're going to have to have a phone that works so that we can call you. Maybe you have to call customers. [01:05:30] These types of offers really weren't around before the lock. But now we're seeing high-tech salaries, being driven, even higher benefits that are really being massively beached up, uh, beefed up, I should say. And companies that are offering incredible salaries and flexibility. So there you go. These companies are basically competing with Google, [01:06:00] Facebook, et cetera. So what does that mean? Well, these small startups like revenue cat are getting a lot of money, almost $300 billion invested in these startups worldwide. And it's really hurting the big guys because they're talking about cutting salaries, even though they don't need to. It's not as though they're suffering. They're these big companies, they're still sitting on [01:06:30] billions of dollars in cash. Isn't that something. And so they are starting to really hurt because the small guys are stealing employees, quote-unquote, from the dice, which is, has this industry career database is saying overall tech job postings are up 16% this year. We're seeing also, by the way, a whole [01:07:00] bunch cut backs because of the technology in how many people, these companies need to have a look at restaurants. Now they're doing QR codes for the menus QR codes to pay your bills. So there's even fewer people. That have to work in restaurants going forward. We've got meetings that are being held on WebEx or zoom. You don't go see the doctor anymore. You're using telehealth software programmers. [01:07:30] Engineers are being used more broadly between March and July. There are more than 300,000 openings for software and, uh, other types of computer high-tech engineers. It's 13% higher than even 2016. It is absolutely amazing. I had one person who responded. And when I offered, maybe it makes sense for me to do kind of a career [01:08:00] webinar on high-tech jobs. Right. What would it take to get into specifically the cyber security industry? Because it's something I know it's something I've been helping to drive the whole industry now for over 30 years. And I had only had one person respond. Uh, although I know of. I have a few listeners that have actually done that. They went and got themselves qualified in cyber security, but only one person makes me [01:08:30] think that, you know, what does one person represent maybe a hundred listeners. So there are some of you. I don't think I'm going to end up doing this little thing. Cause I was going to just do a free webinar and what it takes to become a cybersecurity analyst. Uh, but uh, we'll see what happens here kind of going forward, but there's a lot that can happen. There's tech co-workers out there who are leaving some of these high tech firms. There are also [01:09:00] lawsuits about the golden handcuffs, so that have been put on people, you know, that say, Hey, you can't compete with us or you can't even be in the same industry. Some of those. Contracts are being knocked down in some states. Uh, it's kind of interesting to see what happens. Um, there's a couple more things. Yeah. Here, different hedge funds, but it's a really great article. It's in ours. Double-check [01:09:30] your newsletter that I sent out or is going out this weekend. If you haven't received it yet, you should get it at some point this weekend. A very interesting one. If you're considering high tech jobs, ARS, Technica, Vicky. Now, if you want to track technology and cybersecurity, you know, already I go through thousands of articles every week. Now you can talk to my wife about it right in the evenings. And even sometimes you're in the day I'm [01:10:00] sitting there reviewing articles and all these sites, I put them together for you guys. So, you know, what's happened. And cyber security, what the latest breaches are, what you can do about it. I am going to continue with some of the trainings, pick them up again here within the next couple of weeks so that we can keep you guys up to date, but there's only one way you can find out about them. There's only one way that you can get involved, and that's, by making [01:10:30] sure you subscribe to my show notes newsletter, and you can get that by going to Craig Peter sohn.com/subscribe. You'll get all of these free trainings. You'll find out about what's going on, what you need to do in your. Small business door also in your home computers and environment, but everything from the CEO on down Craig peterson.com/subscribe. [01:11:00] I've been complaining about Facebook and what they have been doing to potential competitors for years, the same types of complaints I can make against Microsoft and Google to a lesser degree. While now the federal trade commission's coming out, agreeing with me. This is something that I think has been a long time coming. And this is the federal trade commission's lawsuit against Facebook. Now, lest you think that this is a Trump thing. [01:11:30] This is a Biden thing. Trump administration had filed suit, and then the suit was dropped, and now the federal trade commission has refiled the lawsuit against Facebook and has included some additional proof. That it hopes is going to Boyce bolster its case. The last one was rejected by the court. Great article by ARS Technica as Tim D chant. You'll find that in [01:12:00] my newsletters as well. Craig peterson.com/subscribe. You can get my show notes for absolutely free. Well, this refiling is in response to the federal trade commission's initial case thrown out in June by us district, judge James Boasberg, who didn't think that the agency provided enough information or a real strong definition, what you might call a bright line in [01:12:30] legal terms of Facebook's market in its first five. This is really kind of an interesting problem here because basically, the federal trade commission is alleging that Facebook lacked the business and human and technical talent to survive the transition to mobile. That's according to Holly Vedova, she's the acting director of the federal trade commission's bureau of [01:13:00] competition. She also said after failing to compete with the new innovators, Facebook illegally bought or buried them when the popularity became any sense. Or existential, she said threat. Now, this is the same type of thing we've seen Microsoft do for decades and worse, frankly. It's similar things that Google has done to competition. Although I think Google hasn't been as bad at this as [01:13:30] Microsoft or Facebook have been, but the federal trade commission filed this original lawsuit in December. And that was under Joseph's Simmons, who was appointed by former president Trump, of course. And he cast the Simmons, the deciding vote in the initial filing with the two Republican commissioners voting against it. Now that to me is surprising because I'm all for free trade. In this [01:14:00] case of Facebook has been doing all kinds of anti competitive things. And it's interesting to see the statement here from the federal trade commission that FAPE spoke, lacked the business acumen and technical talent to survive. So that again tells you that Facebook might have a lot of really great political people in there working and censoring and deleting posts and some great marketing [01:14:30] people, but they sure don't have it. The technical talent. I love that. I would love to see the judge ultimately rule that way, but here's the problem. Facebook acquired Instagram and WhatsApp. And I've talked about this on the show before. And the other thing that they did and the way they acquired them was a problem. We'll talk about that in a second. The other thing they did that I haven't talked about before is. The way they blocked [01:15:00] competitors from accessing the API APIs now API APIs or application programming interfaces. It's what all of us programmers use nowadays. So rather than that, developing. For where that does, what Facebook does. I just go ahead and use Facebook's published interfaces. So the idea is I call an API using some methodology, and I say, I want this post to go. [01:15:30] In my Craig Peterson account or in my tech talk channel, right. Our group is actually what Facebook calls it. And then Facebook says, okay, great. And it publishes it for me. And that saves me from having to have to go to every Website out there that I post my radio show that I post my blog, Kat, my blogs on too. The podcast. It saves me from having to go to every one of those places online and repost, everything [01:16:00] manually. Those are API APIs. So I actually use a service that does that for me, using API APIs from Facebook and other places. I use it to publish onto YouTube. I use it to publish onto some of the instep platforms, et cetera, et cetera. But what happened here is Facebook invited developers to start using these APS, the eyes that they had put together, and then later trained the API [01:16:30] policies to actually be an antique competitive weapon. Developers could only access Facebook's platform and its user base. If they agreed to not compete with Facebook or the other thing that they could not do, if they wanted to use API APIs from Facebook is they could not help facilitate. The growth of rivals. That is absolutely amazing. So the FTC lawsuit [01:17:00] says Facebook recognize that the transition to mobile posed an existential challenge and that Facebook had a brief window of time to stymie emerging. Threats. This is right in the lawsuit. Failing to compete on business talent. Facebook developed a plan to maintain its dominant position by acquiring companies that could emerge as or aid competitive threat by buying up these companies, Facebook [01:17:30] eliminated the possibility that rivals might harness the power of the mobile internet to challenge Facebook's dominance. So when we look at things like WhatsApp, for instance, here's a small company that they acquired. Okay. So let me see. This is from Investopedia online and the title is WhatsApp. The best Facebook purchase ever. Question mark. Okay. [01:18:00] Facebook acquired WhatsApp in 2014. Now, how much did they acquire for how much was WhatsApp really worth at the time? It's hard to say, but you can compare it with other companies of similar size and it was probably worth 20 million, maybe 50 million at most. Right. Um, initial bid from Facebook for WhatsApp was $16 [01:18:30] billion for a company that was probably worth $50. Okay. Yeah. Uh, it brought in 10 million in revenue. WhatsApp did at the time, and it lost 150, $38 million in that same period. So let me see. The company loses $138 million on revenues of $10 million. And Facebook buys it for 16 billion in their initial offering. Well, [01:19:00] that was the, that was the initial purchase price. You can read up all you want on this. There's lots of information. So why did Facebook do it? Because they wanted to buy it potential competitor to Facebook messenger. And that's exactly what they did. And they've done that again and again, paint far more than what the market would really dictate so that they could get rid of a competitor. Another one is [01:19:30] an ANOVA, O N a V O. This was a VPN service that tracked users activities that they bought back in 2013 and Facebook called the Novo. Cool. This is a quote from the lawsuit. Again, according Facebook execs that the acquisition of the VPN service would be really cool for identifying acquisition targets. With our acquisition of a Nova. We now have insight into the most popular apps. We should [01:20:00] use that to help us make strategic acquisition. So in other words, by having a VPN server, so what have I said about VPN. Don't use these public VPN services because no matter what, they're promising you, it's not true. I did a whole webinar on this. In fact, I did it like two or three times last year. Um, but they buy the VPN service. They get people using the VPN service. They're tracking everything that's going on [01:20:30] on that VPN service. And now they know what's popular out there and anything that's popped. Facebook buys. Why are they buying it? Well,

    Apple is Adding Tech to Look At Your Photos For Child Abuse

    Play Episode Listen Later Aug 21, 2021 11:59

    Apple is Adding Tech to Look At Your Photos For Child Abuse This is a tough one. Apple has decided that it will build into the next release of the iPhone and iPad operating systems, which monitors for child porn. [Automated transcript] Apple has now explained that they will be looking for child abuse images in specific ones. And I just am so uncomfortable talking about this, but the whole idea behind it is something we need to discuss. Apple said they're going to start scanning for these images and confirmed the plan. In fact, when people said, are you sure you're going to be doing that? [00:00:44] Here's what. IOS 15, which is the next major release of Apple's operating system for I-phones. And for I pad is going to use a tie to something called the national center for missing and exploited children. And the idea behind this is to help stop some of this child abuse. And some people traffic in children; it's just unimaginable. [00:01:14] What happens out there really is some people. It's just such evil. I, I just don't get it. Here's what they're going to be doing. There are ways of taking checksums of pictures and videos so that if there is a minor change in something that might occur because it was copied, it does not mess it up. [00:01:40] It still can give the valid checksum and. Iman, that technology is detailed, but basically, just think of it as a checksum. So if you have a credit card number, there is a checksum digit on that bank accounts have checked some digits. If you mess it up a little bit, okay, it's an invalid checksum, so that number's obviously wrong in this case. [00:02:04] What we're talking about is a checksum of a pitcher or oven. And these various child safety organizations have pictures of children who are abused or who are being abused, who are being exploited. And they have these checksums, which are also called hashes. So that is now going to be stored on your iOS device. [00:02:34] And yes, it's going to take some space on the device. I don't think it's going to take an enormous amount of space, considering how much space is on most of our iPhones and iPads that are out there. Apple gave this detection system is called CSam, an absolute thorough technical summary. It is available online, and I've got a to this article in this week's newsletter, but they released this just this month, August of 2021. [00:03:07] And they're saying that they're using a threshold, that is. Quote set to provide an extremely high level of accuracy and ensures the less than one in 1 trillion chance per year of incorrectly flagging a given account. So now I can say with some certainty in having had a basic look through some of the CSM detection documentation that they're probably right about that, that the odds are excellent. [00:03:40] Small that someone that might have a picture of their kids in a bathtub, the odds are almost so close to zero. It is zero that it will be flagged as some sort of child abuse because it's not looking at the content of the picture. It's not saying that this picture maybe a picture of child exploitation or a video of her child being exploited. [00:04:02] If it has not been seen before by the national center for missing exploited. It will not be flagged. So I don't want you guys to get worried that a picture at the beach of your little boy running around and just boxer trunks, but a lot of skin showing is going to get flagged. It's not going to happen. [00:04:25] However, a pitcher that is known to this national center for missing and exploited children is, in fact, going to be flagged, and your account will be flagged. Now it's hard to say precisely what they're going to do. I haven't seen anything about it, of the apples. Only say. That that they're going to deploy software. [00:04:51] That will analyze images in the messages application for a new system that will warn children and their parents from receiving or sending sexually explicit photos. So that's different. And that is where again, a child, you put parental settings on their iPhone. If they're taking these. Pictures, selfies, et cetera. [00:05:14] Girls sending it to a boyfriend, sending it to his girlfriend, whatever it might be. The parents will be warned, as are the children looking for things that might be of sexual content. Okay. It really is. It's really concerning. Now let's move on to the part that I'm concerned about. I think everyone can agree that both of those features are something good that will ultimately be very good, but here's a quote. [00:05:41] Apple is replacing its industry-standard end-to-end encrypted messaging system with an infrastructure for surveillance and censorship. Now, I should say this guy who's co-director for the center for democracy and technology security and surveillance product project. He's Greg, no, him, no Chaim, is saying this. He said Apple should abandon these changes and restore its users, faith in the security and integrity of apple devices and services. [00:06:15] And this is from an article over a tech. So this is now where we're getting. Because what are they doing? How far are they going? Are they going to break the end encryption in something like I messages? I don't think they are going to break it there. So they're not setting up, necessarily, an infrastructure for surveillance and censorship. But, still, Apple has been called on, as has every other manufacturer of the software. [00:06:45] I remember during the Clinton administration, this whole thing with eclipse. The federal government was going to require anyone who had any sort of security to use this chip developed by the federal government. And it turns out, of course, the NSA had a huge backdoor in it, and it was a real problem. [00:07:04] Look at Jupiter. That was another encryption chip, and it was being used by Saddam Hussein and his family to communicate. And it turns out, yeah, there's a back door there too. This was a British project and chip that was being used. So with apple, having resisted pressure. To break into phones by the US government. [00:07:28] But some of these other governments worldwide that have been very nasty have been spying on their citizens who torture people who don't do what apple are not happy, what the government wants them to do been trying to pressure Apple into revealing this. So now I have to say, I have been very disappointed in all of these major companies, including Apple. When it comes to China, they're just drooling at the opportunity to be there. [00:07:57] Apple does sell stuff there. All of these companies do. Yeah, Google moves their artificial intelligence lab to China, which just, I cannot believe they would do something like that. AI machine learning, those or technologies that will give the United States a real leg up technology-wise to our competitors worldwide. [00:08:18] They move to China, but they have complied with this great firewall of China thing where the Chinese people are being censored. They're being monitored. What's going to happen now because they've had pressure from these governments worldwide to install back doors in the encryption systems. [00:08:39] And apple said, no, we can't do that because that's going to undermine the security for all users, which is absolutely true. For example, if there is a door with a lock, eventually, that lock will get picked. And in this case, if there's a key, if there's a backdoor of some sort, the bad guys are going to fight. So now Apple has been praised by security experts for saying, Hey, listen, we don't want to undermine security for everybody, but this plan to do ploy, some software that uses the capabilities of your iPhone to scan. [00:09:16] Your pictures, your photos, videos that you're sharing with other people and sharing selected results with the authorities. Apple is really close to coming across that line to going across it. Apple is dangerously close to acting as a tool for government surveillance. And that's what John Hopkins university cryptography professor Matthew Greene said. [00:09:47] This is really a key ingredient to adding surveillance to encrypted messages. This is again, according to our professor over John Hopkins, green professor green, he's saying that would be a key in Greece and then adding surveillance, encrypted messaging, the ability to add scanning systems like this to end encrypted messaging systems has been a major ask by law enforcement, the world. [00:10:15] So they have it for detecting stuff about missing and exploited children. That's totally wonderful. And I'm okay with that. No problem. But that now means that Apple's platform can add other types of scanning. All right. We'll see what ends up happening next, which is warning children and their parents about sexually explicit photos is also a bit of a problem here. [00:10:47] Apples. Yeah, on this is messages uses on-device machine learning to analyze image attachments and determine if a photo is sexually explicit. The feature is designed so that Apple does not get access to the messages it's saying. If it detects it, they're going to blur the photo. The child will be warned, presented with helpful resources, and reassured it is okay if they do not want to view them. [00:11:17] And the system will let parents get a message. If children view a flagged photo, similar protections are available for child attempts to send sexually explicit images. Interesting. Isn't it. Interesting world. So I think what they're doing now is, okay, they're really close to that line, going over. [00:11:39] It could mean the loss of lives in many countries that totally abuse their citizens or subjects, depending on how they look at them. Hey, make sure you check me out online. Craig Peterson.com.

    The IRS Has Been Selling Bitcoin - Pay Up!

    Play Episode Listen Later Aug 20, 2021 8:55

    The IRS Has Been Selling Bitcoin - Pay Up! Bitcoin is all the rage. In fact, many people have considered investing in these cryptocurrencies or something. Of course, many have invested in it. I played around with them about a decade ago, and the IRS seized 1.2 billion worth of it. [Automated transcript] You might remember, we talked years ago about the IRS trying to tax things in the virtual world. So if you were in one of these real-life-type things and you owned property, as it were inside this virtual world, they wanted to tax it. So, of course, if you sold something with real hard money and. You sold it inside that real world with real hard cash, you would end up having to pay taxes. [00:00:43] Just if you sold a hammer to someone, that's the way it works. A lot of people have decided that, for some reason, cryptocurrency is entirely untracked. Now we know about cases. I've talked about them here where some of these coins, in this particular case, are talking about Bitcoin or have been used online. [00:01:11] And in fact, the government has found out who was using it and really stepped in, in a big way. Silk Road is the most significant example. This was an online black market for everything you can think of, from illegal drugs to firearms, to all kinds of illicit commodities for sale online. [00:01:36] Back in 2013, they used Bitcoin to buy and sell things in this free trade zone. I think they called themselves, and Silk Road was just thriving. But then, on comes the federal government and federal agents in the United States really cut their teeth in crypto search and seizure. With taking down the silk road, you might remember this was very unprecedented. [00:02:06] People had no idea. What they could do. How could the federal government monitor this? Can I buy and sell these Bitcoins? All of that sort of thing. And 20 years as the chief of money laundering and asset forfeiture. Yeah, us attorney's office for the Southern District of New York. Sharon Levin said that this whole takedown or silk road was utterly unprecedented, and it was new technology. [00:02:37] What do you do well because of people. Here cryptocurrency and crypto, of course, being short for cryptography, they figure that okay. While obviously, it is absolutely untraceable, untrackable. Tell that to the people that this year has tried to ransom money out of enough. US corporations, some of the major -- consider Colonial Pipeline and what happened with them and how at least half of their cryptocurrency was returned to them. [00:03:11] So don't think that this stuff is a way that you can get away with breaking in the law or not paying taxes. It is not the whole. Business, if you will, of crypto seizure and sale is growing incredibly fast. In fact, the federal government just enlisted the help of the private sector to manage and store these crypto tokens that have been seized. [00:03:43] Now, I mentioned that the IRS has seized about $1.2 billion worth of cryptocurrency this fiscal year. That is a whole lot of cryptocurrency. And what are they doing with it while it's the same thing? Remember the drug dealers back in the day. Miami, what was happening? I used to love the Miami Vice TV show. What happened there while they seized boats, they confiscated cars. [00:04:09] They seized cash. Obviously, they can just be put back into circulation, but what do they do everything else? Cores, they go ahead, and they sell it at auction. And that's what they've been doing. Then in June, they started auctioning off Litecoin and Bitcoin cash. They had 11 different lots on offer. [00:04:34] It was a four-day auction, and it included 150.2, 2 5 6 7 1 5 3 Litecoin. You like that. Remember, cryptocurrency is not necessarily a whole coin. It's like having a gold coin. That's worth 500 bucks. How are you going to use that to buy a loaf? But what happens with these cryptocurrencies is you can buy and sell fractions of a coin. [00:05:00] So that's why you get into the millions of a piece of a coin. So they sold 150 ish Litecoin and about 0.00022 in Bitcoin cash worth more than 21 grand. So that's one of the 11 lots that were out there. And this crypto property is what they're calling. It had been confiscated as part of a tax noncompliance case. [00:05:30] I'm looking right now at the public auction sale notice. And where it was, where you could go online. It was on https://gsaauctions.gov. Suppose you want to check these things out, as in the general services administration. In that case, auctions.gov, GSA, auctions.gov, and they were selling it, and it was a taxpayer, it tells you all kinds of information about them. [00:05:52] It's a. Crazy here, but you have to pay by cash to certified cashiers or treasures check drawn on different banks. And it's really cool to look at some of these things, but you can find them online. So if you're interested in buying them might be an excellent way to buy them, these various cryptocurrencies if you want to get into them. [00:06:15] But a lot can refer to almost anything could be, as I said, boats or cars like it was on Miami vice. It could be some number of crypto coins that are being auctioned. So they're going to be doing more and more of that. So then, apparently, the feds are saying that they have no plans to step back from being basically a crypto broker. [00:06:41] Here is the bottom line here because they're seizing and selling all of these assets. So keep an eye out for that. Remember what is going on? The silk road site that I mentioned had been shut down or operating on the dark web. It used Bitcoin exclusively nowadays are using various types of coins. [00:07:04] Most of them are ultimately traceable, and we're not going to get into all of the details behind it, but the bottom line is, so what do they do now? Think about this. Silk road had 30,000 Bitcoin that they were able to identify in CS. And it was probably the most significant Bitcoin seizure ever. And it sold for about $19 million. [00:07:32] So that was quite a few years ago. Somebody just pulls up a calculator here, say 30,000 times, and what's Bitcoin nowadays. I'm not quite sure. Let's say it's $15,000. So in today's money, it had half a billion dollars. Today's value, a half, a billion dollars worth of Bitcoin in there isn't that something, and that was all seized, and it was all auctioned off. [00:07:58] So keep an eye on that. They're following the money is the technique they're using. You can find out a lot more at us, marshals.gov, and that is how they found it. If you've got pictures. You're going to have to sell it. You're going to have to transfer. You have to do something with it. And that's where they're getting. [00:08:19] Bottom line, particularly if you take the Bitcoin and turn it into something else, but this would take a while to explain. And I was thrilled to be able to sit in on a presentation done by the treasury department on how they handle all of this. It's frankly very fascinating. So, hey, make sure you spend a couple of minutes and join me online. [00:08:44] Craig peterson.com. You can sign up for my newsletter. You can listen to my podcasts, and you can get some free, special reports just for signing up.

    The "Great Resignation" in Big Tech - Better Jobs, More Money

    Play Episode Listen Later Aug 20, 2021 9:06

    The "Great Resignation" in Big Tech - Better Jobs, More Money There seems to be a worker shortage. And many businesses are finding that, frankly, people involved in technology are resigning; they're calling it a great resignation of workers. We have a lot of problems as business people, filling jobs nowadays. [Automated transcript] [00:00:20] And one of the things I've thought about doing is maybe even starting a course for people who want to figure out if this whole cybersecurity thing is right for them. I think that might make a lot of sense for some people. And there are some of you listeners. I know, because I've talked to you who have gone out and. [00:00:40] Gotten into, is that a word who have changed careers into the cybersecurity realm? So does it make sense for you? I don't know. Do you think it would make sense for me to offer something? A cybersecurity course to give you guys the basics and help you understand it and see if it might be good for you. [00:01:00] Only, you know that, and if you're interested, make sure you drop me a note just to me, M E Craig peterson.com, and let me know what you think. Still, the big tech is suffering from this great resignation of workers and workers in the technology field right now. So it's a good time to leave. Now, this isn't the same as many workers who, for instance, were in the restaurant business for many years, were in food service. [00:01:31] You make money. Maybe you don't make money. Who knows those. And, of course, those jobs pretty much disappeared during the lockup. Big tech, it's different from big tech. Most of these people, most of us, frankly, retained our jobs. We were still able to work, still able to do the stuff we'd always been doing. Still, we were doing it from home, and many employees looked at the situation and said, I am not going to leave. [00:02:05] Because I don't know if I'll be able to get a new job. Does that make sense to you? So we have a bit of pent-up demand in the tech field of people who maybe didn't like the boss, didn't really like what they were doing but kept the job because at least it was a job. It paid some bills. And from the bottom-line standpoint, it didn't make sense to. [00:02:29] Now we see something else going on; people are leaving like crazy Facebook here. There's a quote in an article in MarketWatch. Lost this guy named Raymond Andres. Who's now the chief technology officer at the air table. Now I've used air table before I was a client of theirs for a while. It's really something. [00:02:52] If you need to do some essential project management or have a process for doing something. That needs to be tracked, and maybe something handed over to another person when it meets a particular stage. Check it out, air table.com online. Still, he left Facebook, and he said there's been a burst of activity of people leaving. [00:03:15] If anything. The lockdown delayed decisions. And that's exactly what I was saying. I've been saying that for a very long time, but there's another factor involved when it comes to technology. And that is the funding, which is just amazing. You might remember a couple of years ago we had this. Brakes on IPO's on initial public offerings. [00:03:40] These tech companies just were not going to go public at all. And because of that, many angel investors and venture capitalists said, forget about it. I'm not going to go ahead and make any sort of investment. So that is when many of these small companies just failed, and of course, incomes the lockdown, and even more of them died. [00:04:03] But now. But the investors are a spinner spending a lot of money so far this year. There have been 84 initial public offerings in the US alone. Isn't that amazing? 50 plus billion dollars in IPO's. Now that's up from about 38 billion. Last year. So there's obviously money in the IPO world. So that gets the venture capitalists interested. [00:04:36] So VC money is also at record highs. This year's track is to be the best year yet. According to PitchBook through June. This year 2021, $150 billion has been raised among about 7,000 deals. Now that's ahead of last year's record, a total of $164 billion for the year. So we're looking at some significant money going in. [00:05:10] And we have many people leaving from Google and Facebook and Amazon and Apple, maybe your company as well, who are saying, wow there's some real opportunity now I could get in on the ground floor. The VC money is a record high, so I can take at least some salary enough to make it heck I haven't had to pay rent for a year. [00:05:33] So I can afford to do that, to try and. Something with some of my friends, and that's precisely what they're doing. Robert half, a company I've had on my show before Robert half international, did a survey. They found that about one-third of the almost 3000 information technology professionals. [00:05:57] They surveyed said they planned to look for a new job in the next few months. They're also saying Robert half is that while employers posted more than 365,000 job openings in June alone, they're not getting filled; that's, by the way, the highest monthly. In about since September 2019, according to CompTIA, which is an industry trade group. [00:06:25] I'm a member of that. My company is a member of comp Tia as well. So there are a lot of things happening that are really driving people to startups. And there's a lot of advantages to that. So here's another guy. This is an engineering manager who left Facebook last year. And he quickly returned. [00:06:46] He said working at a startup, you have much more connection with employees, and things moved faster. So tiger graph, by the way, also hired ex-Googlers. And they're increasing the workforce this year too, about 300 from 90. So think about what they're doing. So that's not, yeah, technically, it's probably still a startup, but it's 300 employees. [00:07:10] That's not us. That is a lot of employees, and they've got a lot of money behind them. Here's another guy. And she's saying, I thought I would be a lifer at Amazon. But this was a tremendous opportunity. I can have a far more significant impact and more influence on the company's trajectory, which quite frankly was harder at Amazon. [00:07:33] And we're seeing more and more of particularly the younger employees looking at that. Her name's Anna fag fabric. Sorry about the names butchering here, but she's now at freshly. Officer. So many people are saying in this survey from Robert half international that having a chance to impact a smaller company was a significant reason for leaving. [00:08:01] And that's after years of massive growth at big tech companies. So again, IBM in the 1970s. They were the ruler; they were the king. It was impossible. If you work for IBM, man, they're going to be around forever. And, of course, they still are. And they have excellent products, especially the Z series mainframe, but they're not the company they were. [00:08:24] And I think we now are seeing. The next step in these big high-tech, but is no longer being the companies that they were innovation is going to leave with these employees, and they're going to really be hurt and hurt quite a bit. All right. So coming up, we're going to talk, of course, more about some of the more critical tech stuff you've got to. If you haven't already get on my email list, I'll send you a couple of special reports that we. [00:08:54] As well as, of course, every week, one or two newsletters, not sales documents, newsletters, Craig peterson.com.

    Windows 11 Will Require a New Piece of Hardware

    Play Episode Listen Later Aug 20, 2021 11:00

      1126-01-windows_11_and_tpm [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years; they are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market that they considered being competitors of theirs, so they have used their position at the top of the market with billions of dollars in cash to really nail anybody that tries to challenge them. And it's incredible to me what has happened over the years. But, of course, you might know Microsoft did. [00:00:57] Putting an investment into Apple. And many people say that investment that bill gates authorized really saved apple from total collapse. And I can see how is this a reasonable audience or argument? But the bottom line, when we get down to it, is that Microsoft Windows has never been a great operating system. [00:01:21] It's always had issues. It's always had glitches, and we could go into a lot of reasons for that. But I think one of the main ones is that it has really tried to stay compatible with everything, all of the. When you were a kid, you certainly rode a bicycle. But, still, the bike you might be riding when you're in your thirties or forties will probably not have three wheels. [00:01:46] And it's probably not going to have a pedal connected to the front wheel. It will be a whole lot different, and Microsoft, over the years, has tried to make their more modern operating systems as time has gone on. Compatible with older operating systems of theirs. And that inevitably leads to problems. [00:02:06] If you're trying to fix a problem, Einstein said this, right? If you're trying to fix a problem, you cannot use the thinking that created the problem in that first place. So to fix a problem, you have to think at a different level. And when it comes to software and operating systems, you actually. To program at a different level. [00:02:29] And the entire structure of the programs has to be different than it is when you're starting. Microsoft has been doing that a little bit. And with Windows 11, they are really trying, they've gotten such black eyes over the years for security problems, and I think they deserve them for the most part. [00:02:50] Now they're forcing you to use what's called a TPM. Now, these TPMS have been around for quite a while. You see them built into your Macs, and they've been built into your apple Macs now for years, built-in frankly to your iOS devices for your iPhone also for years. But this is a trusted platform module TPM. [00:03:17] And the idea behind a TPM is that your computer hardware is locking. All of this information and the senior TPM. Now there are a lot of complicated implementations of TPMS. The implementation that apple uses stores, all kinds of stuff that makes sure you're booting properly, security, keys, et cetera. What Microsoft is doing now is for windows 11. [00:03:47] If you're going to. Your machine has to have a TPM and not just an older TPM 2.0. Now there are alpha images available right now for developers of Windows 11. And I have to absolutely encourage you if you are a software developer to get an alpha version of windows so that you can double-check, is my software is still going to be able to run in this. [00:04:13] And I also want to encourage you if you are relying on particular applications. Maybe they're a little older, perhaps they're not, but if your business requires you to use a piece of software, you really should get windows 11. Right now, get the alpha code, follow it through beta and test your software. [00:04:36] Make sure it works. If it isn't working, then talk to your software vendors, warn them that it's. Because Windows 11 requiring TPM support, although it doesn't need it right now in this alpha version that they're releasing, it does require it. Supposedly when they finally release Windows 11, the computers you have today probably don't have this chip. [00:05:07] We have a client who decided they would go out and buy their own server against our judgment. And what we told them they should be doing. So they went out, and they purchased an HP server from HP enterprise, and they did. And it did not have most of the security staff they needed, including it did not have a TPM. [00:05:27] It did not have one of these trusted platform modules on it. Now, in their case with this HP server, they could buy one after the fact and install it. Although the entire machine had to be destroyed entirely and reloaded, that's a minor price to pay versus purchasing a whole new server. [00:05:48] The TBM is not necessarily going to be compatible with the new version of windows. In fact, Microsoft surface tablets. I look this up to their highest-end surface tablets, Microsoft branding all over it. Microsoft certified $6,000 almost to buy this top-end surface tablet with all the bells and whistles you can get on it. [00:06:15] It will not work with windows 11. How's that? So the reason Microsoft is doing this, I think, is a good reason. They really want to lock down this system to no longer have as many security problems. And we're not going to get into all of the different types of security problems that TPM is not going to solve a lot of them, but it's going to solve. [00:06:40] Some of them, but the program manager over Microsoft, her name is Al area. I guess it is Carly. She said that the hardware floor of TPM 2.0 support will be in place for the final version. We'll see. I think a lot of people are going to push back. However, Microsoft really does and legitimately does want to make sure that everything is safe. [00:07:07] So keep that in mind. There are a lot of people complaining about it, the alpha version. And that is why you have an alpha version. They're complaining about it because of the TPM, but also because of some of the other things that are going on with windows 11, at least right now, some of the things Microsoft has announced they've got, for instance, group policy will not let you get around hardware enforcement for windows 11. [00:07:34] Microsoft is still going to block you from upgrading your device. To make sure your devices stay supported and secure. So that's good news, and it's good news because many times in the past, how many of us we've upgraded our machines and a new version of the operating system. And I use "upgrade" with air quotes around it, but we've upgraded our machines, and they won't work with the new version. [00:08:00] The audience here for her short statement, which was part of this, a Microsoft tech community user questions, was agitated. They did not like the answers that she was giving. And this is according to windows central, the videos, top comment, read, quote, a lot of these answers come off as super Tone Deaf. [00:08:22] It is looking like Windows 11 will be another problem. So for those of us, that know, yeah. Windows eight was really quite the flop member. They very quickly came out with windows eight one, and Microsoft is the only tone-deaf company out there. I've got to say, I think Apple has been remarkably tone-deaf in many different ways. [00:08:44] Now they seem to be waking up doing some things a little bit better, so kudos to them for that. But a lot of companies, really. Tone, deaf to what users want. And there's a lot of blog posts here. We'll have to see if what they're saying ultimately ends up in windows 11. If it does, things will be a bit of a problem. [00:09:08] But part of the reason we don't know. Because Microsoft disabled any more comments on the video, they were getting so many of them. And of course, there are trolls people who hate Microsoft. I'm certainly not one of them. They also, by the way, deleted all existing comments on the video here about windows 11 with their program manager in response to the negativity. The voting is still open on this video, and 2,700 dislikes and only 146 likes as of this last week. It's interesting. Microsofts are really rushing to these new hardware requirements. They're being very aggressive, and I think they're handling it. Sound familiar. We've heard these sorts of things before, but now we'll see here into the legitimacy of this. How much is it going to benefit is limited because where are we solving our biggest problems? [00:10:09] People cooking, links, things get installed, et cetera, that nothing to TPM will be able to handle. The TPM is going to make sure that you have a secure boot that's it's missing. The goal in life. So how was it? We will help with a lot of this other stuff we will see, and I'll definitely keep you up to date on this? [00:10:28] It's real. Hey, I want to remind you guys, go to Craig peterson.com. Hopefully, you got my newsletter last week. I gave you a private link to a webinar that I did about VPN because there's a lot of people selling VPNs. Unfortunately, most of them are misrepresenting what they can. And in fact, most of them make you less safe. [00:10:53] So don't miss another thing. Go to Craig peterson.com right now. And subscribe

    Weekly - Microsoft is planning on making you buy a new computer

    Play Episode Listen Later Aug 19, 2021 82:41

    [Automated transcript] Weekly - Microsoft is planning on making you buy a new computer [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years. They are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market that they considered being competitors of theirs, so they have used their position at the top of the market with billions of dollars in cash to really nail anybody that tries to challenge them. And it's incredible to me what has happened over the years. But, of course, you might know Microsoft did. [00:00:57] Putting investment into Apple. And many people say that investment that bill gates authorized really saved apple from total collapse. And I can see how is this a reasonable audience or argument? But the bottom line is that Microsoft Windows has never been a great operating system when we get down to it. [00:01:21] It's always had issues. It's always had glitches, and we could go into a lot of reasons for that. But I think one of the main ones is that it has really tried to stay compatible with everything, all of the. When you were a kid, you certainly rode a bicycle. But, still, the bike that you might be riding when you're in your thirties or forties is probably not going to have three wheels. [00:01:46] And it's probably not going to have a pedal connected to the front wheel. It is going to be a whole lot different, and Microsoft, over the years, has tried to make their more modern operating systems as time has gone on. Compatible with older operating systems of theirs. And that inevitably leads to problems. [00:02:06] If you're trying to fix a problem, Einstein said this, right? If you're trying to fix a problem, you cannot use the thinking that created the problem in that first place, in order to fix a problem, you have to think at a different level. And when it comes to software and operating systems, you actually. To program at a different level. [00:02:29] And the entire structure of the programs has to be different than it is when you're starting. Microsoft has been doing that a little bit. And with Windows 11, they are really trying, they've gotten such black eyes over the years for security problems, and I think they deserve them for the most part. [00:02:50] Now they're forcing you to use, what's called a TPM. Now these TPMS have been around for quite a while. You see them built into your Macs, and they've been built into your apple Macs now for years built-in frankly to your iOS devices for your iPhone also for years. But this is a trusted platform module TPM. [00:03:17] And the idea behind a TPM is that your computer hardware is locking. All of this information and the senior TPM. Now there are a lot of difficult implementations of TPMS. The implementation that apple uses stores, all kinds of stuff that makes sure you're booting properly security, keys, et cetera. What Microsoft is doing now is for windows 11. [00:03:47] If you're going to. Your machine has to have a TPM and not just a older TPM 2.0, now there are alpha images available right now for developers of Windows 11. And I have to absolutely encourage you if you are a software developer to get an alpha version of windows so that you can double-check, is my software still going to be able to run in this. [00:04:13] And I also want to encourage you if you are relying on certain applications and maybe they're a little bit older, maybe they're not, but if your business requires you to use a piece of software, you really should get windows 11. Right now, get the alpha code, follow it through beta and test your software. [00:04:36] Make sure it works. If it isn't working, then talk to your software vendors, warn them that it's. Because Windows 11 requiring TPM support, although it doesn't require right now in this alpha version that they're releasing, but it does require it. Supposedly when they finally release windows 11, your computers that you have today probably don't have this chip. [00:05:07] We have a client that decided they were going to go out and buy their own server against our judgment. And what we told them they should be doing. So they went out and they bought we're going to get an HP server from HP enterprise and they did. And it did not have most of the security staff that they needed, including it did not have a TPM. [00:05:27] It did not have one of these trusted platform modules on it. Now, in their case with this HP server, they could buy one after the fact and install it. Although the entire machine had to be completely destroyed and reloaded, that's a minor price to pay versus buying a whole new server. [00:05:48] The TBM is not necessarily going to be compatible with the new version of windows. In fact, Microsoft surface tablets. I look this up their highest end surface tablets, Microsoft branding all over it. Microsoft certified $6,000 almost to buy this, or, top end surface tablet with all of the bells and whistles you can get on it. [00:06:15] It will not work with windows 11. How's that? So the reason Microsoft is doing this, I think is a good reason. They really want to lock down this system so that we're no longer having as many security problems. And we're not going to get into all of the different types of security problems that TPM is not going to solve a lot of them, but it's going to solve. [00:06:40] Some of them, but the program manager over Microsoft, her name is Al area. I guess it is Carly. She said that the hardware floor of TPM 2.0 support is going to be in place for the final version. We'll see. I think a lot of people are going to push back. However, Microsoft really does and legitimately does want to make sure that everything is safe. [00:07:07] So keep that in mind. There are a lot of people complaining about it, the alpha version. And that is why you have an alpha version, they're complaining about it because of the TPM, but also because of some of the other things that are going on with windows 11, at least right now, some of the things Microsoft has announced they've got, for instance group policy will not let you get around hardware enforcement for windows 11. [00:07:34] Microsoft is still going to block you from upgrading your device. To make sure your devices stay supported and secure. So that's good news and it's good news because many times in the past, how many of us we've upgraded our machines and to a new version of the operating system. And I use upgrade with air quotes around it, but we've upgraded our machines and they won't work with the new version of it. [00:08:00] The audience here for her little statement, which was part of this, a Microsoft tech community user questions was very upset. They did not like the answers that she was giving. And this is according to windows central, the videos, top comment, read, quote, a lot of these answers come off as super tone. [00:08:22] Deaf is looking like Windows 11 will be another windows. So for those of us that know yeah. Windows eight was really quite the flop member. They very quickly came out with windows eight one and the Microsoft is, and the only tone-deaf company out there, I've got to say, I think Apple has been very tone-deaf in a lot of different ways. [00:08:44] Now they seem to be waking up doing some things a little bit better, so kudos to them for that. But a lot of companies really. Tone, deaf to what users want. And there's a lot of blog posts here. We'll have to see if what they're saying ultimately ends up in windows 11. If it does, things will be a bit of a problem. [00:09:08] But part of the reason we don't know. Is because Microsoft disabled, any more comments on the video, they were getting so many of them. And of course there's trolls people who hate Microsoft. I'm certainly not one of them. They also, by the way, deleted all existing comments on the video here about windows 11 with their program manager in response to the negativity, the voting is still upon this video and. [00:09:37] 2,700 dislikes and only 146 likes as of this last week. It's interesting. Microsofts are really rushing to these new hardware requirements. They're being very aggressive, and I think they're handling it. Sound familiar. We've heard these sorts of things before, but now we'll see here into the legitimacy of this, how much is it going to benefit is limited as well because where are we having our biggest problems? [00:10:09] People cooking, links, things get installed et cetera, that nothing to TPM is going to be able to handle. The TPM is going to make sure that you have a secure boot that's it's missing. Goal in life. So how was it we're going to help with a lot of this other stuff we will see, and I'll definitely keep you up to date on this. [00:10:28] It's a real. Hey, I want to remind you guys, go to Craig peterson.com. Hopefully you got my newsletter last week. I gave you a private link to a webinar that I did about VPN, because there's a lot of people selling VPNs. Most of them are misrepresenting what they can. And in fact, most of them make you less safe. [00:10:53] So don't miss another thing. Go to Craig peterson.com right now. And subscribe [00:10:59] There seems to be a worker shortage. And a lot of businesses are finding that frankly, people who are involved in technology are resigning, they're calling it a great resignation of workers. We have a lot of problems as business people, filling jobs nowadays. [00:11:20] And one of the things I've thought about doing is maybe even starting a course for people who want to figure out if this whole cybersecurity thing is right for them. I think that might make a lot of sense for some people. And there are some of you listeners. I know, because I've talked to you who have gone out and. [00:11:40] Gotten into, is that a word who have changed careers into the cybersecurity realm? So does it make sense for you? I don't know. Do you think it would make sense for me to offer something? A cybersecurity course to give you guys the basics and help you to understand it, to see if it might be good for you. [00:12:00] Only, you know that, and if you're interested, make sure you drop me a note just to me, M E Craig peterson.com and let me know what you think, but the big tech is suffering from this great resignation of workers and workers in the technology field right now. It's a good time to leave. Now, this isn't the same as many workers who, for instance, were in the restaurant business for many years, were in food service. [00:12:31] You make money. Maybe you don't make money. Who knows those. And of course, those jobs pretty much disappeared during the lockup. Big tech, it's different in big tech. Most of these people, most of us, frankly, we retained our jobs. We were still able to work, still able to do the stuff we'd always been doing, but we were doing it from home, and many employees looked at the situation and said, I am not going to leave. [00:13:04] Because I don't know if I'll be able to get a new job. Does that make sense to you? So we have a bit of a pent up demand in the tech field of people who maybe didn't like the boss didn't really like what they were doing, but kept the job because at least it was a job. It paid some bills. And from the bottom-line standpoint, it didn't make sense to. [00:13:28] Now we see something else going on, people are leaving like crazy Facebook here. There's a quote in an article in MarketWatch. Lost this guy named Raymond Andres. Who's now the chief technology officer at air table. Now I've used air table before I was a client of theirs for a while. It's really something. [00:13:51] If you need to do some basic project management, or if you have a process for doing something. That needs to be tracked and maybe something handed over to another person when it meets a certain stage, check it out, air table.com online, but he left Facebook and he said, there's been a burst of activity of people leaving. [00:14:15] If anything. The lockdown delayed decisions. And that's exactly what I was saying. I've been saying that for a very long time, but there's another factor involved when it comes to technology. And that is the funding, which is just amazing. You might remember a couple of years ago we had this. Brakes on IPO's on initial public offerings. [00:14:40] These tech companies just were not going to go public at all. And because of that, many angel investors and venture capitalists said, forget about it. I'm not going to go ahead and make any sort of investment. That is the time when a lot of these small companies just failed and of course, incomes the lockdown and even more of them failed. [00:15:03] But now. But the investors are a spinner spending a lot of money so far this year, there have been 84 initial public offerings in the U S alone. Isn't that amazing? 50 plus billion dollars in IPO's. Now that's up from about 38 billion. Last year. So there's obviously money in the IPO world. So that gets the venture capitalists interested. [00:15:36] So VC money is also a record hives. This year's track to be the best year yet. According to PitchBook through June. This year 2021, $150 billion has been raised among about 7,000 deals. Now that's ahead of last year's record, a total of $164 billion for the year. So we're looking at some major money going in. [00:16:09] And we're have a lot of people that are leaving from Google and Facebook and Amazon and Apple, maybe your company as well, who are saying, wow there's some real opportunity now I could get in on the ground floor. The VC money is a record high, so I can take at least some salary enough to make it heck I haven't had to pay rent for a year. [00:16:32] So I can afford to do that, to try and. Something with some of my friends and that's exactly what they're doing. Robert half, which is a company I've had on my show before Robert half international, they did a survey and they found that about one third of the almost 3000 information technology professionals. [00:16:56] They surveyed said they planned to look for a new job in the next few months. They're also saying Robert half is that while employers posted more than 365,000 job openings in June alone, they're not getting filled that's by the way, the highest monthly. In about since September, 2019, and that's according to comp Tia, which is a, an industry trade group. [00:17:24] I'm a member of that. My company is a member of comp Tia as well. So there are a lot of things happening that are really driving people to startups. And there's a lot of advantages to that. So here's another guy. This is an engineering manager who left Facebook last year. And he quickly returned. [00:17:45] He said working at a startup, you have much more connection with employees and things moved faster. So tiger graph, by the way, also hired ex-Googlers. And they're increasing the workforce this year too, about 300 from 90. So think about what they're doing. That's not, yeah, technically it's probably still a startup, but it's 300 employees. [00:18:10] That's not us. That is a lot of employees, and they've got a lot of money behind them. Here's another guy. And she's saying, I thought I would be a lifer at Amazon. But this was a tremendous opportunity. I can have a far greater impact and more influence on the company's trajectory, which quite frankly was harder at Amazon. [00:18:32] And we're seeing more and more of particularly the younger employees looking at that. Her name's Anna fag fabric, sorry about the names butchering here, but she's now at freshly she's their chief criminals commercialization. Officer. So a lot of people are saying in this survey from Robert half international that having a chance to have an impact at a smaller company was a major reason for leaving. [00:19:00] And that's after years of massive growth at big tech companies. So again, IBM in the 1970s. They were the ruler, they were the king. They was impossible. If you work for IBM, man, they're going to be around forever. And of course, they still are. And they have amazing products, especially the Z series mainframe, but they're not the company they were. [00:19:24] And I think we now are seeing. The next step in these big high-tech, but is no longer being the companies that they were innovation is going to leave with these employees, and they're going to really be hurt and hurt quite a bit. All right. So coming up, we're going to talk, of course, more about some of the more important tech stuff, you've got to, if you haven't already get on my email list, I'll send you a couple of special reports that we. [00:19:54] As well as of course, every week, one or two newsletters, not sales documents, newsletters, Craig peterson.com. [00:20:04] Bitcoin is all of the rage. In fact, these cryptocurrencies or something, a lot of people have considered investing in of course, many have invested in it. I played around with them about a decade ago, and the IRS seized 1.2 billion worth of it. [00:20:19] You might remember, we talked years ago about the IRS trying to tax things in the virtual world. So if you were in one of these real life type things and you owned property, as it were inside this virtual world, they wanted to tax it. Of course, if you sold something with real hard money and. You sold it inside that real world with real hard money, you would end up having to pay taxes. [00:20:47] Just if you sold a hammer to someone, that's the way it works. A lot of people have decided that, for some reason, cryptocurrency is completely untracked. Now we know about cases. I've talked about them here where some of these coins in this particular case, we're talking about Bitcoin or has been used online. [00:21:15] And in fact, the government has found out who was using it and really stepped in, in a big way. Silk road is the biggest example. This was an online black market for everything you can think of, from illegal drugs to firearms, to all kinds of illegal commodities that were for sale online. [00:21:40] This was back in 2013, they were using Bitcoin to buy and sell things on this free trade zone. I think they called themselves and silk growed was just thriving. On comes the federal government and federal agents in the United States really cut their teeth in crypto search and seizure. With taking down the silk road, you might remember this was very unprecedented. [00:22:10] People had no idea. What they could do. How could the federal government monitor this? Can I buy and sell these Bitcoins? All of that sort of thing. And 20 years as the chief of money laundering and asset forfeiture in. Yeah, us attorney's office for the Southern District of New York. Sharon Levin said that this whole takedown or silk road was completely unprecedented and it was new technology. [00:22:41] What do you do well because people. Here cryptocurrency and crypto, of course, being short for cryptography, they figure that okay. While obviously it is absolutely untraceable untrackable. Tell that to the people that this year have tried to ransom money out of enough. US corporation, some of the major consider for instance, colonial pipeline and what happened with them and how at least half of their cryptocurrency was returned to them. [00:23:15] So don't think that this stuff is a way that you can get away with breaking in the law or not paying taxes. It is not the whole. Business, if you will, of crypto seizure and sale is growing incredibly fast. In fact, the federal government just enlisted the help of the private sector to manage and store these crypto tokens that have been seized from. [00:23:47] Now I mentioned that the IRS has seized about $1.2 billion worth of cryptocurrency this fiscal year. That is a whole lot of cryptocurrency. And what are they doing with it while it's the same thing? Remember the drug dealers back in the day. Miami, what was happening? I used to love Miami vice TV show. What happened there while they seize boats, they seized cars. [00:24:13] They seized cash. Obviously, they can just put back into circulation, but everything else, what do they do? Cores, they go ahead and they sell it at auction. And that's what they've been doing. Then in June, they started auctioning off light coin and Bitcoin cash. They had 11 different lots on offer. [00:24:38] It was a four day auction and it included 150.2, 2 5 6 7 1 5 3 light coin. You like that. Remember cryptocurrency is not necessarily a whole coin. It's like having a gold coin. That's worth 500 bucks. How are you going to use that to buy a loaf? But what happens with these cryptocurrencies is you can buy and sell fractions of a coin. [00:25:04] So that's why you get into the millions of a piece of a coin. So they sold 150 ish like coin and. Above 0.00022 a Bitcoin cash worth more than 21 grand. So that's one of the 11 lots that was out there. And this crypto property is what they're calling. It had been confiscated as part of a tax noncompliance case. [00:25:34] I'm looking right now at the public auction sale notice. And where it was, where you could go online. It was a GS, a auctions.gov. If you want to check these things out, as in the general services administration, auctions.gov, GSA, auctions.gov, and they were selling it, and it was a taxpayer, it tells you all kinds of information about them. [00:25:56] It's a. Crazy here, but you have to pay by cash to certified cashiers or treasures check drawn on different whatever banks. And it's really cool to look at some of these things, but you can find them online. If you're interested in buying them might be a good way to buy them, to buy these various cryptocurrencies if you want to get into there. [00:26:20] But a lot can refer to almost anything could be, as I said, boats or cars like it was on Miami vice. It could be some number of crypto coins that are being auctioned. So they're going to be doing more and more of that. Then, apparently, the feds are saying that they have no plans to step back from being basically a crypto broker. [00:26:46] Here is the bottom line here because they're seizing and selling all of these assets. So keep an eye out for that. Remember what is going on? The silk road site that I mentioned had been shut down or operating on the dark web. It used Bitcoin exclusively nowadays are using various either types of coins. [00:27:09] Most of them are ultimately traceable, and we're not going to get into all of the details behind it, but the bottom line is so what do they do now? Think about this. Silk road had 30,000 Bitcoin that they were able to identify in CS. And it was probably the biggest Bitcoin seizure ever. And it sold for about $19 million. [00:27:37] So that was quite a few years ago. Somebody just pull up a calculator here, say 30,000 times, and what's Bitcoin nowadays. I'm not quite sure. Let's say it's $15,000. So in today's money, it had a half, a billion dollars. Today's value, a half, a billion dollars worth of Bitcoin in there isn't that something, and that was all seized and it was all auctioned off. [00:28:03] So keep an eye on that. They're following the money is the technique they're using. You can find out a lot more at us, marshals.gov, and that is how they found it. If you've got pictures. You're going to have to sell it. You're going to have to transfer. You have to do something with it. And that's where they're getting. [00:28:24] Bottom line, particularly if you take the Bitcoin and turn it into something else, but this would take a while to explain. And I was very happy to be able to sit in on a presentation that was done by the treasury department on how they handle all of this. It's frankly very fascinating. Hey, make sure you spend a couple of minutes and join me online. [00:28:49] Craig peterson.com. You can sign up for my newsletter. You can listen to my podcasts, and you can get some free, special reports just for signing up. [00:28:59] This is a tough one. Apple has decided that they are going to build in to the next release of the iPhone and iPad operating system. Something that monitors for child porn. [00:29:12] Apple has now explained that they are going to be looking for child abuse images in specific ones. And I just am so uncomfortable talking about this, but the whole idea behind it is something we need to discuss. Apple said, they're going to start scanning for these images and confirmed the plan. In fact, when people said, are you sure you're going to be doing that? [00:29:43] Here's what. IOS 15, which is the next major release of Apple's operating system for I-phones. And for I pad is going to use a tie to something called the national center for missing and exploited children. And the idea behind this is to help stop some of this child abuse and there's people who traffic in children, and it's just unimaginable. [00:30:13] What happens out there really is some people it's just such evil. I, it I just don't get it. Here's what they're going to be doing. There are ways of taking checksums of pictures and videos, so that if there is a minor change in something that might occur, because it was copied that it does not mess it up. [00:30:39] It still can give the valid checksum and. Iman, that technology is detailed, but basically just think of it as a checksum. So if you have a credit card number, there is a checksum digit on that bank accounts have checked some digits so that if you mess it up a little bit, okay, it's an invalid checksum, so that number's obviously wrong in this case. [00:31:03] What we're talking about is a checksum of a pitcher or oven. And these various child safety organizations have pictures of children who are abused or who are being abused, who are being exploited. And they have these checksums, which are also called hashes. That is now going to be stored on your iOS device. [00:31:33] And yes, it's going to take some space on the device. I don't think it's going to take an enormous amount of space considering how much space is on most of our iPhones and iPads that are out there. Apple gave this detection system is called C Sam, a real thorough technical summary. It is available online, and I've got a, to this article in this week's newsletter, but they released this in just this month, August of 2021. [00:32:06] And they're saying that they're using a threshold that is. Quote set to provide an extremely high level of accuracy and ensures the less than one in 1 trillion chance per year of incorrectly flagging a given account. Now I can say with some certainty in having had a basic look through some of the CSM detection documentation, that they're probably right about that, that the odds are very good. [00:32:39] Small that someone that might have a picture of their kids in a bathtub, the odds are like almost so close to zero. It is zero that it will be flagged as some sort of child abuse, because it's not looking at the content of the picture. It's not saying that this picture, maybe it is a picture of child exploitation or a video of her child being exploited. [00:33:01] If it is not one that has been seen before by the national center for missing exploited. It will not be flagged. So I don't want you guys to get worried that a picture at the beach of your little boy running around and just boxer trunks, but a lot of skin showing is going to get flagged. It's not going to happen. [00:33:24] However, a pitcher that is known to this national center for missing and exploited children is in fact going to be flagged and your account will be flagged. Now it's hard to say exactly what they're going to do. I haven't seen anything about it, of the apples. Only say. That that they're going to deploy software. [00:33:50] That's going to analyze images in the messages application for new system that will warn children and their parents from receiving or sending sexually explicit photos. So that's different. And that is where again, a child, you put parental settings on their iPhone. If they're taking these. Pictures, selfies, et cetera. [00:34:13] Girls sending it to a boyfriend, sending it to his girlfriend, whatever it might be. The parents are going to be warned, as are the children that is looking for things that might be of a sexual content. Okay. It really is. It's really concerning. Now let's move on to the part that I'm concerned about, because I think everyone can agree that both of those features are something good that are ultimately going to be very good, but here's a quote. [00:34:40] Apple is replacing it's industry standard end to end encrypted messaging system with an infrastructure for surveillance and censorship. Now, this is a guy who's co-director for the center for democracy and technology security and surveillance product project, I should say. He's Greg, no, him, no Chaim, is saying this, and he said apple should abandon these changes and restore its users, faith in the security and integrity of their data on apple devices and services. [00:35:14] And this is from an article over an tech. So this is now where we're getting. Because what are they doing? How far are they going? Are they going to break the end encryption in something like I messages? I don't think they are going to break it there. They're not setting up necessarily an infrastructure for surveillance and censorship, but apple has been called on as has every other manufacturer of software. [00:35:44] I remember during the Clinton administration, this whole thing with eclipse. Where the federal government was going to require anyone that had any sort of security to use this chip that was developed by the federal government. And it turns out, of course, the NSA had an very big backdoor in it, and it was a real problem. [00:36:04] Look at the Jupiter. That was another encryption chip and it was being used by Saddam Hussein and his family in order to communicate. And it turns out yeah, there's a back door there too. This was a British project and chip that was being used. So with apple, having resisted pressure. To break into phones by the US government. [00:36:27] But some of these other governments worldwide that have been very nasty, who've been spying on their citizens who torture people who don't do what apple are not happy, what the government wants them to do have been trying to pressure Apple into revealing this. Now I have to say, I have been very disappointed in all of these major companies, including apple, when it comes to China, they're just drooling at the opportunity to be there. [00:36:56] Apple does sell stuff there. All of these companies do. Yeah, Google move their artificial intelligence lab to China, which just, I cannot believe they would do something like that. AI machine learning, those or technologies that are going to give the United States a real leg up technology wise to our competitors worldwide. [00:37:17] And they move to China, but they have complied with this great firewall of China thing where the Chinese people are being censored. They're being monitored. What's going to happen now because they've had pressure from these governments worldwide to install back doors in the encryption systems. [00:37:38] And apple said, no, we can't do that because that's going to undermine the security for all users, which is absolutely true. If there is a door with a lock, eventually that lock will get picked. And in this case, if there's a key, if there's a backdoor of some sort, the bad guys are going to fight. Now Apple has been praised by security experts for saying, Hey, listen, we don't want to undermine security for everybody, but this plan to do ploy, some software that uses the capabilities of your iPhone to scan. [00:38:15] Your pictures, your photos, things that videos that you're sharing with other people and sharing selected results with the authorities. Apple is really close to coming across that line to going across it. Apple is dangerously close to acting as a tool for government surveillance. And that's what John Hopkins university cryptography professor Matthew Greene said on. [00:38:46] This is really a key ingredient to adding surveillance, to encrypted messages. This is again, according to our professor over John Hopkins, green professor green, he's saying that would be a key in Greece and then adding surveillance, encrypted messaging, the ability to add scanning systems like this to end encrypted messaging systems has been a major ask by law enforcement, the world. [00:39:14] So they have it for detecting stuff about missing and exploited children. That's totally wonderful. And I'm fine with that. No problem. But that now means that Apple's platform has the ability to add other types of scanning. All right. We'll see what ends up happening these the next thing, which is warning children and their parents about sexually explicit photos is also a bit of a problem here. [00:39:46] Apples. Yeah on this is messages uses on-device machine learning to analyze image attachments, and determine if a photo is sexually explicit. The feature is designed so that Apple does not get access to the messages it's saying, if it detects it, they're going to blur the photo. The child will be warned, presented with helpful resources and reassured it is okay if they do not want to view them. [00:40:16] And the system will let parents get a message. If children do view a flagged photo and similar protections are available for child attempts to send sexually explicit photos. Interesting. Isn't it. Interesting world. So I think what they're doing now is, okay, they're really close to that line, going over. [00:40:38] It could mean the loss of lives in many countries that really totally abuse their citizens or subjects, depending on how they look at them. Hey, make sure you check me out online. Craig peterson.com. Hey, sorry about having to talk about this, but man, this isn't. [00:40:57] It's time for a little bit of good news. We now have satellite internet performance. That's pretty much on par with fixed broadband, and it isn't just in the us. We're going to talk about that right now. What are the options? [00:41:13] You might remember the whole Sputnik thing and what happened there really drove the space race forward very rapidly, but we're using much fancier satellites than Sputnik, which of course, all it was doing was sending out a beep. [00:41:30] It was alive. And I remember I went over to a friend's house. I have an advanced class amateur radio license, and I went over to a friend's house, and he had some satellite equipment. He was also a ham, and we were able to tune his satellite in his satellite dish into a couple of the satellites up there. [00:41:52] Now the amateur radio community has one or more satellites. I'm not sure. We were really impressed with all of the stuff that's up there in the sky. There are satellites, of course, that we don't even know what they're doing because they're top-secret government satellites. And they're probably a decade ahead of the rest of the industry. [00:42:15] But he was pulling down images from some of these satellites that were open-source of what's happening on the earth and just all kinds of things back before heavy encryption. It was very cool to think that these satellites were miles up in space. No, I'm looking@somestatisticsherefromspeedtest.net. [00:42:37] I don't know if you've ever tried it. You should try and go to speed. Test one word.net on your web browser. And it'll open up a little window. It's a company called Uber. And that window will allow you to start a test. And the first thing it does is it tries to find, okay, where are you located? And who has the closest reflector that we can use for speed testing? [00:43:02] Usually there's something not too far away from you. If you are out in the Netherlands and of course, many of you listening, kind of our Netherlands, when it comes to internet access, you have pretty slow internet and speed test dot nettle. I'll put there's three numbers, you, or maybe four, you really have to pay attention to. [00:43:25] You've got the download number and that's telling you how fast the data comes down to your browser from that particular spot, which is typically, as I said, close to you, although nowadays something that's far away on the internet, isn't going to be that much. So download matters and then probably what matters the most for most people. [00:43:48] The next thing to look at is upload most of the time. If you have a regular consumer internet link, your upload speed is about 10, maybe as much as 20% of your download speed. So if you're getting megabit down, It's going to be 10% of that megabit down, maybe as much as 20%. So you're going to get about a hundred K up versus the megabit down it again, it varies. [00:44:21] A lot of places will have 50 megabits down and 10 megabits up so it can vary. Now the up speed, the uplink speed is what's going to affect you when you are trying to upload a file. So maybe you're trying to upload something to work, or you are trying to stream a video cause you're trying to run a webinar. [00:44:45] That's what that is. The next number that you have to pay attention to is the round trip time. So that's the time it takes from a packet to get from your computer to the server that you're connected to. And then back again. Usually that's measured in milliseconds. And I remember the very first time I was using the ethernet, it was thick wire, ethernet, and 10 megabits. [00:45:16] And wow. I was just so fast and very expensive to use. And the delay pinging another machine. In other words, sending a packet from my machine to another machine on the network. And then having that packet returned to me was anywhere from if it was like lightning fast, 10 milliseconds, and more likely it was 30, 40, 50, even a hundred milliseconds on the same day. [00:45:44] Nowadays, if you're looking@yournumbersonspeedtest.net, you are probably seen speeds that just blow away what I was using back then because things have just gotten so much faster. You've probably seen a few milliseconds in speed round trip, speed time again, depending on how good your link is. And then the fourth one you have to pay attention to is. [00:46:11] And jitter is where you are seeing inconsistent speeds in those round trip times. And that's going to affect live stuff, particularly live audio, which we'll notice a lot to that. Hey, the audio is just terrible. It's dropping out at me. Maybe sounds digitized. Usually. Parts dropout gamers care a lot about the jitter because that's going to affect their game and how they play their game. [00:46:42] So I just ran it here on my studio computer. Now we have fiber optics. We have a business line that goes directly to Comcast backbone and I'm seeing. From where I am to a server that's about 90 miles away, I would say my ping time round trip is three milliseconds. It's just, I'm still blown away by that. [00:47:08] Cause I remember using dial up modems that were 110 bits per second, 110. And that was just absolutely amazing. And then 300, can you believers? 300 bod and it's changed a lot, right? So three milliseconds round trip time for me. And I'm trying to brag or make you feel bad. I'm just telling you what it can be. [00:47:30] My download speed is 720. Megabits per second. And that's because right now we're downloading a few different things and my upload speed is a gigabit per second. So you can see in a commercial link, typically your download and your upload speeds are the same. It is not, it is in 10% obviously is exactly the same. [00:47:54] So those are the numbers you should look at. I don't see on my results. The jitter, maybe there's not reporting that anymore, or maybe they only reported on bad lines. I'm not sure, but again, speed test.net. So they have released this guys@speedtest.net, some stats on the satellite companies, because our friends over at startling, that's Elon Musk's company think Tesla and SpaceX, they are showing. [00:48:28] Amazing download speeds. They're showing 97 megabits a second download. Now that doesn't of course, I really approach the gigabit that I'm seeing, but this is from a satellite. It's just amazing. And they're going to see if more now all fixed all speeds of everyone. One in the United States that has gone to speed test.net and ran speed tests. [00:48:56] All speeds averaged out in the United States come to 115 megabits. So Starlink is almost as fast as the average broadband connection in the United States. Now here's a little, here's where they really shine to upload speed of about 14 megabits a second. So that's not bad that still fits within our model that we talked about latency. [00:49:24] 45 milliseconds. Now compare that with what I had, which was what three milliseconds it's slow, but it's again, remember it's a satellite. So it's going from the earth station while it's actually going from your computer to their satellite dish at your location is going up to the satellite is coming back down to an earth station is picking up the signals from the satellite, and then it's going to the server. [00:49:53] So 45 milliseconds is pretty good. I want to put that in perspective, though. The two biggest competitors right now, satellite internet are Hughes net and ViaSat Hughes net. This is again, according to speed, test.net. Download speed is averaging a little less than 20 megabits a second. So it's 20% of the speed of startling. [00:50:20] Yeah, pretty bad. A and star links latency. Remember, and this matters a lot. If you're trying to do live video or you're trying to run your phone over it, latency is 724 milliseconds. So that's three quarters of a second. From the time a packet goes out until it comes back. So that will affect any sort of phone calls that you're making on HughesNet and then ViaSat none, much better download speed of 18 megabits a second, which is worse, but the upload is slightly better than HughesNet and their latency is slightly. [00:50:56] What I'm saying is Starlink is really starting to shine. And Elon Musk is saying they are going to be even better. They're going to be much better. Give them a little bit of time. The reason that Charlene has the faster latency. Much, much faster latency than our friends at HughesNet or ViaSat is that they have low earth orbit satellite. [00:51:23] So they are sitting up there. They do have some drag from our atmosphere, so they will come down. There's things in place to take care of all of that sort of stuff. But Starlink it's going to be available pretty much everywhere. The country. India is very excited about this because they've had real problems with the internet in some of the rural areas. [00:51:48] But Hey, if you are out in the middle of nowhere in the United States, there is hope check out, Starlink online, lots of great stuff. Hey, stick around. We will be right back. You're listening to Craig Peterson. [00:52:05] The hackers are still going after with ransomware, they're still doing just blanket attacks. They're still doing massive fishing, but they have glommed on to something that is being much more effective. That's what we're going to be talking about. [00:52:21] This is a huge problem. We have seen some very high profile ransomware lately. Think of what happened with colonial pipeline, the whole solar winds attack, and much more the bad guys are trying to figure out a way to more inexpensive. Ransom money from us to more inexpensively, get all of our confidential information. [00:52:48] I have a client that before he was my client, all of his data was stolen and they run right to the Chinese. I have another client who's operating account was completely emptied. And the problem in both of these cases, Was really the client not doing what they should be doing, but supply chain problems, supply chains, the software, you have the hardware you have that you're relying on it. [00:53:19] One of the major types of businesses that are being attacked right now are our managed security services, company, security researchers who are trying to do, with all the effort they can maybe keep ourselves safe. But they're not doing what they should be doing. You've heard me complain for many years about programmers. [00:53:43] I'm saying that in air quotes, people who have learned how to do Microsoft C sharp or visual basic, whatever it might be. At a very high level in share. Yeah, they can put stuff together. It reminds me of when the spreadsheets first started hitting the boardrooms, all of a sudden, business people, managers all the way on up through the board were saying I don't need the it department anymore. [00:54:09] In order to get these numbers, I can just gather them in myself and put together a spreadsheet. I'll be safe. Everything will be great. I'm going to get that information now instead of having to wait for it, to get some programmers involved and get it done. The problem in all of these cases is exactly this. [00:54:29] These are non-professionals that are trying to do the job. Those spreadsheets, many of them had bad data on them. They compiled into even worse data because there were in many cases. Problems with the spreadsheet. I remember when I was a professor at Pepperdine University and I was teaching management information systems out there in the west coast and beautiful campus, by the way, if you've never been there out at Pepperdine, right on the coast. [00:54:59] But when I was working with those students, who were, it was his MIS 4 22 last year undergraduate. I ended up emphasizing spreadsheet. Because I realized most of them didn't really know how to do it. Yeah. Okay. They could go ahead and put a little thing in there that says, add up all of these columns and this row and multiply by that and cut out. [00:55:25] I've got a number coming out, but is that number correct? It's like a county. And that's why accountants use double entries in the accounting systems to make sure everything zeroes out. Make sure everything is correct. And by having someone who's a manager using this spreadsheet, you might get some great information and might get it quickly. [00:55:46] It might be absolutely correct, but it's very possible that it won't be. And from my experience and programmers are the worst of the worst, because many of them started when they were kids, very bright kids who were working on stuff and hacking it things. That's where the term hacker comes from. [00:56:05] Hacker wasn't necessarily a bad thing. They certainly. Bad guys. They were just hacking it. The computer's trying to figure out how to program, and if something went wrong, they would hack at the code a little bit more to try and fix it and figure it out. Non-professional they were just hacking that stuff. [00:56:23] And that's what we called them hackers. And so it was a derogatory term for someone that didn't really know what they were doing, but they were hacking their programming or hacking it. Some other part of it. Versus having people who are actually trained and experienced Microsoft got sued because of how bad windows millennial edition was and windows Vista. [00:56:49] And they found that the majority of the code had been written by interns, by kids, right out of school without the experience. What does that mean? Why am I really bashing the younger generations? It has to do with the ability to foresee problems and the best way to be able to foresee a problem is to have seen it before, for instance, that you've gotta be careful when you're allocating right. [00:57:15] And that it's not necessarily going to be cleared properly, or if at all, and that the return points can be changed in programs. That's one of the things that hackers do most nowadays. So if you have software that's written by people that don't realize all of the implications of what they're doing, you could be in trouble. [00:57:38] I like to use the analogy of a car. Back in the day, many of us are turned a wrench and we tinkered with the older cars. We had a whole lot of fun with them trying to figure out how can I improve this? And we'll do this to the carb and we'll change this and look at this airflow problem, pretty basic stuff. [00:57:56] But today, what we're dealing with is a car that is a whole bunch of major components. We went to replace an air intake because of a bad sensor in a Ford Crown Vic. And it was one of the last model years. And back in the day, you could pretty easily fix that. You just buy the little sensor and put it in there. [00:58:20] And you're all set. We had to buy the whole component, which included the air intake, manifold all the way on back to the sensor and everything that was behind it. It was absolutely crazy and cost a lot of money. So think of someone who is trying to build a car today, we might equate this to you by a transmitter. [00:58:43] You buy an engine, hopefully they fit together. If all right, have you ever tried to match a transmission to an engine and it's not right. Do you have to get a converter or make a converter that goes in the middle, or do you have to drill it out in order to make it Mount properly? All of those sorts of problems. [00:59:00] And then you've got all of the other components in the vehicle as well that are mix and match. That's what programmers are doing nowadays. Nowadays, a programmer grabs this library that does something. So, for instance, Apple has a library you can use that identifies faces, but you don't know how it works. [00:59:22] You don't know that transmission, how it works. Is it really going to work for you? It wasn't smart to combine that 600 horsepower engine with a Vega Chevy Vega transmission. For those of you old enough to remember what that is. But it didn't stop you from doing that either. And that's what we're seeing. [00:59:42] That's what these supply chain attacks are all based on that. So much software is written by people that have not had the experience to think through the potential problems. And Microsoft is to blame for making it really easy for anyone to write a program, just like you could blame VisiCalc back in the day for making it really easy for anyone to make a spread. [01:00:07] But those spreadsheets weren't accurate. The software that we're getting from our suppliers, which include Microsoft. This latest, huge hack came right through Microsoft exchange. It was a zero day bug. The same types of problems that we've had with some of the other software that's out there. Think about how we got the solar winds attack. [01:00:31] Think about some of these other ones that we've had that are just absolutely massive. It can kill us and kill us in a very big, when we're talking of course, about all of our systems and software. Hey, I want to remind you guys, just spend a couple of minutes. If you would go online, Craig peterson.com. [01:00:51] You're going to get the sort of thing. Last weekend. I sent out a video that I chaired with some friends, and I shared it with anybody on my list. Last weekend, it was just part of the newsletter on VPNs, who you can tell. Who you can't trust and the best ways and times to use a VPN. All right. Stick around. [01:01:12] We'll be right back. You're listening to Craig Peterson online@craigpeterson.com. [01:01:20] So now, a little bit about what supply chain attacks are. We're going to get into that a little bit more now, what can you do about it? And this European union-funded study that came in the wake of these two major cyber attacks. [01:01:36] The European Union has now forecasted that there's going to be four times more software supply chain attacks in 2021 than there were in 2010. That, my friend, is a very big deal. These cybercriminals are now shifting to larger cross border targets. [01:01:59] This is just an amazing report. You can look at it. It's called threat landscape for supply chain attacks. And they looked at 24 supply chain incidents that have occurred between January 20, 20 and July, 2021. The basics here are a supply chain attack is where a software provider or some sort of a trusted provider is hacked. [01:02:25] Usually they're are hacked in a way that they don't realize they've been hacked and then they pass off. The hacked software to you. I can remember a Microsoft product back when they used to ship them on DVDs or CDs. And we got that thing. One of the first steps was always to scan it for viruses, and we did. [01:02:48] And sure enough, Microsoft was shipping out software with a virus on it all. The same sorts of things have been happening with thumb drives some of these ones, particularly cheap ones that you buy online often have built right into them. Malware. Now with some of the reason for the malware is legitimately purposeful. [01:03:12] Okay. What they're trying to do is get you to have their little ransomware work for them so they can make some money off of you. In other cases, you have a thumb drive that a friend gave to you, and you're now using a little thumb drive and guests. Yeah, you are a little thumb drive has some nastiness on it. [01:03:32] Same, thing's true with Microsoft word documents that might have macro viruses, if you will, that are built into them. These little Trojans do the same thing with the Excel spreadsheets and on. But what they're finding right now is that these hackers are trying to get to the companies that provide services for the bigger companies. [01:03:55] And that's where it can hurt you and hurt you in a big way. I was just talking about how many programmers just aren't terribly professional. And some of that has to do with their lack of experience and those programmers might be using a library. So, for instance, get hub, which I use, and it's very common to be used out there online. [01:04:18] It has all kinds of source code called open-source code. So you can use it. You can model. That some of that software has been infected. And then there are people who are using languages that are nice and simple, like Python and others. And you write in this scripting language and pull in libraries that come from public sources that do things for you. [01:04:41] So they might do something like display something on this screen. They might go out and grab something from a URL online or connect to a database. And what the bad guys have found out is we're not, double-checking all of the sources of all of this software, and that is causing some huge security holes. [01:05:04] And what ends up happening is companies like solar wind are using some of this soft. And they then might be including it in the software they're providing you now, in the case of solar winds, it's a little bit different, but it's the same concept. Solar wind software was being used by a large number of companies in the U S. [01:05:29] Agencies were using solar wind software. And so we're regular old, small businesses because what happens is you hire a managed services provider and they don't have time to look at all of your computers all of the time. So they have software that they're using called a Ryan in this particular case. And I'll Ryan is installed on all of your computers. [01:05:55] So probably unbeknownst to you there's software on your computers. That is not being written by that managed services provider. But in this case was being written and provided by solar winds. Solar winds got hacked and the hackers put into solar wind software. Code that would eventually end up on your computer and your computer getting hacked. [01:06:18] So you just see how complicated this gets, right? You guys are the best and brightest, but you've probably got your eyes spinning a little bit here because we're talking about multiple layers of like again, direction, right? So these attacks, which mode, it looks like it began maybe in March 20, 20. [01:06:38] We're only detected in December last year, and they have been linked to this Russian organization called cozy bear, but we'll see what happens. We've got the more recent ones, which is the reveal. Ransomware got gang, this R E V I L reveal. And they exploited vulnerability. In Casias VSA, which again is another management platform that's used by many of these companies out there that are providing managed services. [01:07:09] Now I've got to say by means of full exposure here. We had to use both of these pieces of software before. And when we looked into them, we found that they. Insecure. In fact, it sounds like some of these companies had been warned by their own employees, that the entire architecture of their software was insecure. [01:07:33] Okay. So we ditched them all. We're using Cisco's software, they're advanced malware protection. The real high-end firewalls with special software, the backend that's running. So we're not getting into all of these crazy acronyms and names right now. So just so you know, that's what we use. That's what we use for our customers. [01:07:56] I even have that at my house. Okay. So a little bit more expensive, but it's a lot cheaper than having to hire a whole bunch of it. People to keep track of everything else now, because say. I had gotten, I had this ransomware that was distributed to Casa, his client. And potentially to kiss his clients, and this reveal gang demanded a $70 million ransomware payment say is denied that it paid it. [01:08:28] They may or may not have paid it. You might remember in the Trump years, they said, absolutely. Don't pay ransoms, or we may come after you because that is illegal to pay a ransom by. Because you are supporting a terrorist organization. So you gotta be careful with stuff like that. Don't pay ransoms, right? [01:08:48] Because it also tells them that you are a company that pays ransoms. So guess who they're going to come after again, you, because they know you'll pay. So a lot of incidents, I'm looking at a timeline of the attacks that were studied in this report coming out of the European. Yeah. And it is amazing here. [01:09:06] The unit max beans. That's one of those libraries. I was talking about the able desktop as Sydney. Was Vera excelling on VC or excuse me, VG, solar winds, big knocks, Mon pass Ukraine, SEI, click studios cast private stock investment manager goes on Fujitsu ledger. So this is a huge problem. And this is the sad part. [01:09:34] European union's predicting. It'll go up four fold this year. So what do you do? You have to audit your vendors. And that usually means you have to have an agreement plays. They accept the responsibility if you are hacked. So keep it up. Yeah. Let me know if you'd like more help with that. You can always email me M e@craigpeterson.com. [01:09:59] I think I got a couple of those contracts kicking around these vendor contracts. If you'd, I'll send one to, but you have to reach out to me. M E. At Craig peterson.com. All right, stick around. We've got one more segment today, and I want to make sure you spend a couple of minutes online. Craig peterson.com. [01:10:20] And go ahead and sign up. Sign up for my weekly newsletter. [01:10:28] We're going to do a little bit of wrap up right now, including talking about I message some of the changes that have come in Apple's messenger application, that many people are saying it shocking, and you should stop using it right now. [01:10:44] This is an article in Forbes by Zach Dorfman, where he's talking about why you should stop using iMessage after what he's calling the shock iPhone app. [01:10:58] Has had a number of major problems here recently that have been in the news. Of course they have about half of the smartphones in the country, right there. But things have become a little worse for apple here recently. And what we're worried about is, for instance, this whole Pegasus that we talked about a couple of weeks ago, where it is, what's called a zero-click piece of metal. [01:11:25] Where they can send you a text message, even if they're not a friend of yours and take over your phone. And we've seen things like that before. In fact, I think it was in Saudi Arabia, where was it? The crown prince received a video from somebody. He played it, and it exploited some vulnerabilities in the video player and allowed them to have full access to his phone. [01:11:49] And don't remember all of the details, but that part, I do remember. So the big question is, have all of these major security issues being fixed by apple is I messaged say for not, apple is saying it is encrypted end to end. They don't keep messages. There's some question about that because of a major incident back in 2018, where Apple was going to make sure it encrypted all of your backups and then. [01:12:18] FBI apparently spoke to apple and got them to change their opinion on the whole thing, which is another interesting problem. Isn't it. So what do you do, what do you do with that? And what do you do? Very good question. Earlier this year we had WhatsApp make a major change. They had course also said we've got end to end encryption with WhatsApp or wonderful. [01:12:41] And then people really questioned it because it was now owned by our friends over at Facebook. Is there privacy thereon WhatsApp? Is it legitimate? Is it just a bad PR move? What's going on WhatsApp, by the way, with 2 billion users worldwide and WhatsApp Facebook said, Hey, listen, we're gonna start giving you ads. [01:13:05] And basically people were worried about them examining the content of their messages in order to give them targeted ads, et cetera. So now apples just confirmed what Forbes is calling the most shocking and controversial update in the platforms. History. And here's what's going on. Pegasus, of course, as I mentioned, this click attack, Apple's got his new update now, right? [01:13:32] That is using machine learning. In order to see if a minor child might be sending a picture pornographic or otherwise they should not be sending or receiving. And we also have built into it. Now, this child sexual abuse. Check some set of people. That looks on your devices to see, do you have any photos that match, just check some part of the problem with this isn't that I'm not worried about these children that are being exploited. [01:14:06] Cause I am, I'm absolutely against that. But the bigger question here is, okay, so what's next is apple going to capitulate to the government and let them know if you have a certain picture of something rather the government doesn't like, where is this going to end? So in other words, Apple's phones being a lockbox. [01:14:30] The Apple iPad is being a lockbox is really. No longer going to be true. It is no longer going to be that encrypted lockbox that has been promised to us the electronic frontier foundation. As a little comment here, they say Apple's compromise on end to end encryption may appease government agencies in the U S and abroad, but it is a shocking about phase four users who have relied on the company's leadership in privacy. [01:15:00] And security, which is absolutely true. Now there's not much controversy, frankly, about limiting the spread of child sexual abuse material, but where we go on from there, that's where it starts getting a little more questioning here. Here's a, this is a Jake Moore over at east set. You said the initial. [01:15:21] Potential concern is that this new technology could drive CSM further underground. See Sam being this child abuse material, but at least it is likely to catch those at the early stages of their offending. The secondary concern, however, is that it highlights the power in which apple holds with the ability to read what is on devices and match any images to those known on a database. [01:15:47] This intrusion is grown with intensity and often packaged in a way that is for the greater good, right? Isn't that always the case. So we're doing it for the children. I talked about this extensively earlier. You can find it in my podcast, go to Craig peterson.com/podcast. Right now you can listen to it there. [01:16:08] Take a look in your emails from the newsletter. Pretty good about trying to send those out the last few weeks. I haven't been that great because of issues here, family issues and others. So it's been a little tough. So I apologize for that, but we all want to see technology develop. That's going to help tackle abuse. [01:16:27] It's going to stop the real bad guys that are out there. But what happens when China says we want access to this? We want to know when there's any pictures of a weaker symbol, for instance, or something else. What's Apple going to do they get, they can no longer say, oh, that's not taught. We don't have that technology. [01:16:45] There's nothing we can do. Just like Apple has done with the iPhones in the past, saying we don't have a back door. There is no backdoor key. We can't crack into that. That doesn't stand up when they say, okay, China comes to them or Iran or Saudi Arabia, or you name the country and says, Hey, we don't want people to see these particular messages. [01:17:08] Absolutely amazing. So timing on this dreadful. Okay. Part of iOS 15, apparently Pegasus raised two serious concerns that Apple's ecosystem, including I message has sti