Podcasts about Apache Tomcat

Java-based HTTP web server environment

  • 56PODCASTS
  • 237EPISODES
  • 44mAVG DURATION
  • 1WEEKLY EPISODE
  • May 9, 2025LATEST
Apache Tomcat

POPULARITY

20172018201920202021202220232024


Best podcasts about Apache Tomcat

Latest podcast episodes about Apache Tomcat

Les Cast Codeurs Podcast
LCC 325 - Trier le hachis des concurrents

Les Cast Codeurs Podcast

Play Episode Listen Later May 9, 2025 109:42


Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

The CyberWire
The invisible force fueling cyber chaos.

The CyberWire

Play Episode Listen Later Apr 3, 2025 30:59


A joint advisory labels Fast Flux a national security threat. Europol shuts down a major international CSAM platform. Oracle verifies a data breach. A new attack targets Apache Tomcat servers. The Hunters International group pivots away from ransomware. Hackers target Juniper routers using default credentials. A controversy erupts over a critical CrushFTP vulnerability.  Johannes Ullrich, Dean of Research at SANS Technology Institute unpacks Next.js.  Abracadabra, alakazam — poof! Your credentials are gone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Johannes Ullrich, Dean of Research at SANS Technology Institute, is discussing Next.js and how similar problems have led to vulnerabilities recently. Selected Reading Fast Flux: A National Security Threat (CISA) Don't cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do (CyberScoop) CSAM platform Kidflix shut down by international operation (The Record) AI Image Site GenNomis Exposed 47GB of Underage Deepfakes (Hackread) Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports (Reuters) Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control (Cyber Security News) Hunters International Ransomware Gang Rebranding, Shifting Focus (SecurityWeek) Hackers Actively Scanning for Juniper's Smart Router With Default Password (Cyber Security News) Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability (SecurityWeek)  New Malware Attacking Magic Enthusiasts to Steal Login Credentials (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Security Now (MP3)
SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE

Security Now (MP3)

Play Episode Listen Later Mar 26, 2025 172:59


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

All TWiT.tv Shows (MP3)
Security Now 1018: The Quantum Threat

All TWiT.tv Shows (MP3)

Play Episode Listen Later Mar 26, 2025 172:59


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

Security Now (Video HD)
SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE

Security Now (Video HD)

Play Episode Listen Later Mar 26, 2025 172:59


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

Security Now (Video HI)
SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE

Security Now (Video HI)

Play Episode Listen Later Mar 26, 2025 172:59


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

Radio Leo (Audio)
Security Now 1018: The Quantum Threat

Radio Leo (Audio)

Play Episode Listen Later Mar 26, 2025 172:59


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

Security Now (Video LO)
SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE

Security Now (Video LO)

Play Episode Listen Later Mar 26, 2025 172:59


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

All TWiT.tv Shows (Video LO)
Security Now 1018: The Quantum Threat

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Mar 26, 2025 172:59 Transcription Available


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

Radio Leo (Video HD)
Security Now 1018: The Quantum Threat

Radio Leo (Video HD)

Play Episode Listen Later Mar 26, 2025 172:59 Transcription Available


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

Storm⚡️Watch by GreyNoise Intelligence
OpenAI 'Attack' Debunked: The Real Threat Lurking in Third-Party Wrappers

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Mar 25, 2025 53:40


Forecast: Cloudy with a chance of SSRF attacks. OpenAI's skies clear, but third-party wrappers bring storms. ‍ This week's episode kicks off with a poll asking listeners which virtual assistant they use—Alexa, Siri, Google Assistant, or none at all due to privacy concerns. The results give us a snapshot of how people feel about these ubiquitous technologies and their trust levels in them. We then tackle the headlines surrounding OpenAI and the alleged "attack" on its systems. While media outlets are buzzing with claims of vulnerabilities in ChatGPT, the reality is less dramatic. A third-party wrapper using OpenAI's API introduced an SSRF vulnerability that's being actively exploited. This issue highlights the risks of insecure third-party implementations rather than flaws in OpenAI's core infrastructure. It's a reminder that integrations can be a weak link in the cybersecurity chain, and we explore how this misunderstanding has fueled sensationalized reporting. Next up is a discussion on cybersecurity labeling for consumer IoT devices that have reached their End-of-Life (EOL) or End-of-Service (EOS). The idea is to inform users when their devices will no longer receive updates, but the execution is fraught with challenges. From complex software stacks to secondary markets breaking communication chains between vendors and consumers, we unpack why this labeling initiative is easier said than done. With home networks increasingly tied to employer networks, outdated IoT devices could become major security risks, especially in remote work setups. Privacy concerns take center stage as we examine Amazon's controversial decision to eliminate the "Do Not Send Voice Recordings" feature on Echo devices starting March 28, 2025. This change means all voice data will be processed in Amazon's cloud as part of its Alexa+ upgrade, which promises advanced generative AI capabilities. Critics argue this move erodes user privacy by removing local processing options entirely, raising questions about data retention and misuse. For privacy-conscious users, this might signal the end of their relationship with Echo devices. We also cover two critical vulnerabilities making waves in the cybersecurity world. First is CVE-2025-23120, a post-authentication Remote Code Execution flaw in Veeam Backup & Replication software. Exploitable by any domain user due to weak authentication measures and unsafe deserialization practices, this vulnerability underscores why blacklist-based approaches are insufficient for robust security. Then there's CVE-2025-24813, a remote code execution vulnerability affecting Apache Tomcat servers that can be exploited with just one PUT request. This attack leverages session persistence mechanisms and deserialization processes to gain full remote access without authentication—a stark reminder of how seemingly benign requests can lead to catastrophic breaches. Finally, we touch on updates from our benevolent overlords, including insights into ServiceNow vulnerabilities and upcoming events like NoiseFest at RSAC 2025. These resources continue to provide valuable intelligence for staying ahead of emerging threats in the cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

The CyberWire
Tomcat got your server?

The CyberWire

Play Episode Listen Later Mar 18, 2025 30:57


An Apache Tomcat vulnerability is under active exploitation. CISA rehires workers ousted by DOGE. Lawmakers look to protect rural water systems from cyber threats. Western Alliance Bank notifies 22,000 individuals of a data breach. A new cyberattack method called BitM allows hackers to bypass multi-factor authentication.  A Chinese cyberespionage group targets Central European diplomats. A new cyberattack uses ChatGPT infrastructure to target the financial sector and U.S. government agencies. Australia sues a major securities firm over inadequate protection of customer data. Our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience. Cybercriminals say, “Get me Edward Snowden on the line!” Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Security platformization is transforming the way organizations defend against cyber threats. In this episode of Threat Vector, host David Moulton speaks with Carlos Rivera, Senior Analyst at Forrester, about how unifying security capabilities strengthens cyber resilience. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday.  Selected Reading Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit (Cyber Security News) CISA Rehires Fired Employees, Immediately Puts Them on Leave (GovInfo Security) Western Alliance Bank Discloses Data Breach Linked to Cleo Hack (SecurityWeek) New BitM Attack Lets Hackers Steal User Sessions Within Seconds (Cyber Security News) US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity  (SecurityWeek) Chinese Hackers Target European Diplomats with Malware (GovInfo Security) Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week (Hackread) Australia Sues FIIG Investment Firm in Cyber 'Wake-Up Call' (GovInfo Security) Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Techmeme Ride Home
Tue. 03/18 – The Big M&A Test I Was Waiting For

Techmeme Ride Home

Play Episode Listen Later Mar 18, 2025 15:55


We get that first big test of M&A I was looking for as Alphabet acquires Wiz. Is Roku going to force us to watch ads just to turn on our TVs? The AI coding assistant space continues to be hot. The breakthrough in electric vehicle charging that could really change the game. And what exactly does Lumon Industries do?Sponsors:Robinhood.com/goldLinks:Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz (WSJ)“Awful”: Roku tests autoplaying ads loading before the home screen (Ars Technica)Critical RCE flaw in Apache Tomcat actively exploited in attacks (Bleeping Computer)Cognition AI Hits $4 Billion Valuation in Deal Led by Lonsdale's Firm (Bloomberg)BYD Shares Jump to Record on Five-Minute EV Battery Charging (Bloomberg)They Named Their Companies Lumon. Then ‘Severance' Aired. (WSJ)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Cyber Security Headlines
GitHub repositories targeted, Apache Tomcat RCE exploit, BEC campaigns target Microsoft 365

Cyber Security Headlines

Play Episode Listen Later Mar 18, 2025 9:42


23,000 repositories targeted in popular GitHub action Apache Tomcat RCE exploit hits servers—no authentication required Microsoft 365 users targeted in new BEC campaigns Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals.   With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout. 

Cyber Morning Call
745 - Apache Tomcat e PHP-CGI estão sob ataque

Cyber Morning Call

Play Episode Listen Later Mar 18, 2025 4:33


Referências do EpisódioThreat actors rapidly exploit new Apache Tomcat flaw following PoC releaseStilachiRAT analysis: From system reconnaissance to cryptocurrency theftTechnical Advisory: Mass Exploitation of CVE-2024-4577BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle TechniqueClearFake's New Widespread Variant: Increased Web3 Exploitation for Malware DeliveryRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

ScanNetSecurity 最新セキュリティ情報
Apache Tomcat partial PUT にリモートコード実行、情報漏えいや改ざんの脆弱性

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Mar 13, 2025 0:23


独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は3月11日、Apache Tomcat partial PUTにおけるリモートコード実行、情報漏えいや改ざんの脆弱性について「Japan Vulnerability Notes(JVN)」で発表した。

Modernize or Die ® Podcast - CFML News Edition
Modernize or Die® - CFML News Podcast for December 31st, 2024 - Episode 226

Modernize or Die ® Podcast - CFML News Edition

Play Episode Listen Later Dec 31, 2024 61:19


2024-12-31 Weekly News — Episode 226Watch the video version on YouTube at https://youtube.com/live/BUIfVQV0bhs?feature=share Hosts: Gavin Pickin - Senior Developer at Ortus SolutionsDaniel Garcia - Senior Developer at Ortus SolutionsBig Thanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there including BoxLang.A few ways to say thanks back to Ortus Solutions:Buy Tickets to Into the Box 2025 in Washington DC https://t.co/cFLDUJZEyMApril 30, 2025 - May 2, 2025 - Washington, DCLike and subscribe to our videos on YouTube. Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github Subscribe to our Podcast on your Podcast Apps and leave us a reviewSign up for a free or paid account on CFCasts, which is releasing new content regularlyBOXLife store: https://www.ortussolutions.com/about-us/shopBuy Ortus's Books102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)Now on Amazon! In hardcover too!!!https://www.amazon.com/dp/B0CJHB712MLearn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes  Patreon Support (holly)We have 61 patreons: https://www.patreon.com/ortussolutions. News and AnnouncementsTomcat VulnerabilityTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.https://www.cve.org/CVERecord?id=CVE-2024-56337 How to resolve with Lucee: https://dev.lucee.org/t/cvs-exploit-of-tomcat-9-10-11/14590 End of 2024 - what did it bring itWhat is 2025 bringing? New Releases and UpdatesAdobe Security Updates released December 23rd, 2024 - ColdFusion 2023 Update 12 and 2021 Update 18We have released critical security updates for ColdFusion (2023 release) and ColdFusion (2021 release).Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read.View the security bulletin, APSB24-107, and the tech notes for more information.https://coldfusion.adobe.com/2024/12/released-coldfusion-2023-and-2021-december-23rd-2024-security-updates/An Initial Analysis of Adobe ColdFusion CVE-2024-53961 - from HoyahaxaAdobe released APSB24-107 today, which addresses one vulnerability in ColdFusion tracked as CVE-2024-53961 and described as a path traversal that could lead to file retrieval.  Based on a quick review of the corresponding patches, it appears to be a security enhancement that improves protection (and possibly remediates bypasses) against the attack vectors first addressed in APSB24-14 / CVE-2024-20767 back in March.  https://www.hoyahaxa.com/2024/12/an-initial-analysis-of-cve-2024-53961.html Blog from Charlie on the updates: https://www.carehart.org/blog/2024/12/23/ColdFusion_updates_released_Dec_23_2024 Webinars, Meetups and WorkshopsICYMI - Sac Interactive Meetup: All I Want for Christmas is AI with Luke KilpatrickWed, Dec 18 · 6:00 PM PSThttps://www.meetup.com/sacinteractive/events/303708503/?eventOrigin=home_page_upcoming_events$all Sac Interactive Meetup: January with Kai KoenigCFCasts Content Updateshttps://www.cfcasts.comMerry Xmas - All of the Into the Box 2024 videos are now available for paid subscriptionshttps://www.cfcasts.com/series/into-the-box-2024 Conferences and TrainingITB 2025Location: Washington, DCDates: April 30, 2025 - May 2, 2025 - Washington, DCTickets and more info: https://t.co/cFLDUJZEyM50% off blind tickets$249.50 for the Conference$349.50 for the Conference + Workshop!!!Call for Speakers CLOSEDCFCamp 2025May 22, 23rd - 2025Atomis Hotel Munich Airporthttps://www.cfcamp.org/ Call for Speakers open - https://www.papercall.io/cfcamp2025 Closes February 28, 2025 ( 4am PST )More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Posts, and Videos of the Week12/29/24 - Blog - Ben Nadel - My Internal InVision Feature Demo VideosAlthough InVision is shutting its doors, it's been an amazing journey; and, I've done a lot of work that I'm incredibly proud of. In particular, I feel great about the way in which I embraced experimentation with both arms; and, that I tried throwing as many features against the wall to see which would stick. Some of my experiments ended up being a "nothing burger". But, some of them went on to become highly valuable parts of the application and the user experience (UX). The whole process made me somewhat fearless in the face of opposition; and, taught me to love my failures just as much as my successes.

ScanNetSecurity 最新セキュリティ情報
Apache Tomcat に複数の脆弱性

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Nov 24, 2024 0:18


 独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は11月20日、Apache Tomcatにおける複数の脆弱性について発表した。影響を受けるシステムは以下の通り。

Java Off-Heap
OffHeap 88. Of Smart Agents that help you code better...or worse?

Java Off-Heap

Play Episode Listen Later Nov 19, 2024 67:40


So Coding Agents are here to stay. And they are hitting everywhere we go! (at a cheap price!). So what do we make of them. Do they help? do they hinder? Do we like using them? or, is it risky to use them? There are now practical questions we ponder with as Github Copilot, ChatGPT, Claude, Intellij AI Assistant and others are accessible at the click of a button! https://www.javaoffheap.com/datadog We thank DataDogHQ for sponsoring this podcast episode DO follow us on twitter @offheap https://www.twitter.com/offheap

Les Cast Codeurs Podcast
LCC 317 - les nouvelles paramétriques

Les Cast Codeurs Podcast

Play Episode Listen Later Oct 21, 2024 81:56


De Java 23 à WebAssembly, en passant par l'IA et les design patterns, on a tout passé au crible #java #swift #webassembly #wordpress #webcomponents #llm #mongodb #keycloak #fairsource Enregistré le 18 octobre 2024 Téléchargement de l'épisode LesCastCodeurs-Episode–317.mp3 News Langages Java 23 est sorti ! InfoQ liste toutes les JEPs intégrées à la nouvelle version https://www.infoq.com/news/2024/09/java23-released/ Et FooJay plonge dans le détail https://foojay.io/today/java–23-has-arrived-and-it-brings-a-truckload-of-changes/ JEP 455: Primitive Types in Patterns, instanceof, and switch (Preview) JEP 466: Class-File API (Second Preview) JEP 467: Markdown Documentation Comments JEP 469: Vector API (Eighth Incubator) JEP 471: Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal JEP 473: Stream Gatherers (Second Preview) JEP 474: ZGC: Generational Mode by Default JEP 476: Module Import Declarations (Preview) JEP 477: Implicitly Declared Classes and Instance Main Methods (Third Preview) JEP 480: Structured Concurrency (Third Preview) JEP 481: Scoped Values (Third Preview) JEP 482: Flexible Constructor Bodies (Second Preview) StringTemplate s'en va Un article sur l'API ClassFile qui sera un standard dans le JDK pour manipuler des classes (ala ASM) https://www.unlogged.io/post/class-file-api-not-your-everyday-java-api article long mais qui revient sur les raisons notamment parce que ASM est dans le JDK et qu'ils sont un problème de poule et d'oeuf et sur la forme de l'API a des exemples d'usage tout cela reste en preview dans le JDK des optimisation comme le lazy parsing et le constant pool sharing (en gros faire de la reference sur ce qui n'a pas changé Tip and Tail is back: cette fois une JEP https://openjdk.org/jeps/14 plus qu'une keynote provocative au language summit maintenant une JEP dite informative le language est un pu flou sur l'objectif entre regarder tip and tail pour vos librairies c'est bien et adoptons tous le meme tip du JDK jusqu'aux stack applicatives Apple annonce la sortie de son language Swift en version 6 https://www.swift.org/blog/announcing-swift–6/ Nouvelles plateformes : Swift 6 s'étend à de nouvelles plateformes (tous les grands OS déjà supportés), y compris les systèmes embarqués (sous ARM et Risc V). Swift Testing : Swift 6 introduit Swift Testing, une nouvelle bibliothèque de tests conçue pour Swift. Concurrence : Détection de data race en tant qu'erreur de compilation. Apple annonce travailler sur l'interopérabilité Swift / Java https://github.com/swiftlang/swift-java comme jextract mais dans l'autre sens The news Java https://www.infoq.com/news/2024/10/java-news-roundup-oct07–2024/ JDK 24 : Un calendrier pour la sortie de JDK 24 a été proposé. La première phase de réduction des fonctionnalités commencera le 5 décembre 2024. La version finale sera disponible le 18 mars 2025. JDK 24 introduira des mises à jour avec deux nouvelles API. La Vector API (JEP 489) facilitera les opérations sur des vecteurs, tandis que la Class-File API (JEP 484) permettra une manipulation plus efficace des fichiers de classes Java. Un changement de sécurité important est proposé avec JEP 486. Il prévoit de désactiver définitivement le Security Manager, qui a été déprécié. Cette décision signifie que cette fonctionnalité ne sera plus disponible dans les futures versions, car elle est considérée comme obsolète. Apache Tomcat et Cassandra : Les nouvelles versions de Tomcat (11.0.0) et de Cassandra (5.0.0) sont sorties. Elles incluent des améliorations et des corrections de bogues. Spring Framework : Des mises à jour pour Spring Framework (versions 3.4.0-M2, 3.3.3 et 3.2.8) ont été publiées. Elles intègrent le support d'une nouvelle API qui aide à la gestion de la mémoire. Quarkus : Red Hat a sorti la version 3.15 de Quarkus, qui apporte des corrections et des améliorations. Une nouvelle version, la 3.16, est prévue pour la fin octobre. Commonhaus Foundation : Une nouvelle organisation, la Commonhaus Foundation, a été créée pour aider les projets open source à être durables. Quarkus a rejoint cette fondation. Cassandra, Camel, Lamgchain, Micronaut, OpenLibery, JHipster, Ktor etc. Design patterns revisited: https://www.youtube.com/watch?v=kE5M6bwruhw Design and design patterns. Optional: patterns and anti-patterns. Iterator pattern. Lightweight Strategy. Factory Method using default methods. Laziness using Lambda Expressions. Decorator using Lambda Expressions. Creating Fluent interfaces. Execute Around Method Pattern. Creating a Closed Hierarchy with sealed classes. Popularité des langages de programmation https://www.techspot.com/news/105157-python-most-popular-coding-language-but-challengers-gaining.html Python reste le langage de programmation le plus populaire, surtout dans des domaines comme la science des données et le développement web. Il est apprécié pour sa simplicité et le grand nombre de bibliothèques disponibles, ce qui le rend facile à apprendre et à utiliser. De nombreuses entreprises, y compris des startups, utilisent Python pour diverses applications. Malgré sa dominance, d'autres langages comme JavaScript, Java et Go gagnent en popularité et pourraient défier la position de leader de Python. (Java est monté du poste 4 au 3, en 1 an) Les développeurs qui codent occasionnellement préfèrent Python, montrant ainsi son attrait au-delà des programmeurs professionnels. L'émergence d'outils comme ChatGPT facilite l'accès à la programmation, ce qui pourrait influencer les tendances futures en matière de langages de programmation. Librairies Paramétrer ses tests JUnit 5 avec @CsvSource https://mikemybytes.com/2021/10/19/parameterize-like-a-pro-with-junit–5-csvsource/ l'annotation permet d'avoir ses données de test au plus près de la méthode on écrit les données de test sous forme de CSV (éventuellement avec des délimiteurs de son choix pour plus de lisibilité, pour bien séparer les valeurs) par exemple -> ou maps to les valeurs peut être les paramètres de la method mai aussi les valeur de description du test Infrastructure Turbocharged Development: The Speed and Efficiency of WebAssembly par Danielle Lancashire https://devsummit.infoq.com/presentation/munich2024/turbocharged-development-speed-and-efficiency-webassembly L'utilisation de WebAssembly avec Serverless. Faire tourner des applications plus facilement dans le cloud.WebAssembly est rapide et sûr pour exécuter du code. Cela aide à déployer les applications plus rapidement et à utiliser moins de ressources. De nombreuses entreprises utilisent WebAssembly pour des tâches comme le traitement d'images et de données. Des plateformes comme Cloudflare Workers et AWS Lambda. La communauté autour de WebAssembly granèit. De nouveaux outils et bibliothèques sont créés. Cependant, il y a encore des défis à relever, comme la compatibilité et les performances. Malgré cela, l'avenir de WebAssembly est prometteur. Web C'est la guerre chez Wordpress https://techcrunch.com/2024/09/26/wordpress-vs-wp-engine-drama-explained/ une boite nommée WP Engine fait du hosting de WordPress mais ne contribue pas Automatic, les gens derrière WordPress leur onbt demandé de résoudre ce probleme, soit en payant des droits de trademark soit en contribuant de l'engineering upstream à auteur de 8% de leurs revenus WP Engine dit non Automatic coupe l'accès aux mises a jours de thèmes et de plugins à WP Engine mettant des sites à risque (securité) WP Engine dit que c'est un abus de position du CEO d'Automatic sur les accès WordPress.org Bref c'est le drame le CEO d'automatic propose à ses employés 6 mois de salaire si ils ne sont pas d'accord avec la stratégie https://www.cio.com/article/3550331/one-twelfth-of-automattic-staff-leave-over-wordpress-wp-engine-spat.html 8% ont pris l'offre Les WebComposants ne sont pas le fuitur https://dev.to/ryansolid/web-components-are-not-the-future–48bh un article d'un auteur proéminent de framework JavaScript Discute les avantages et les inconvenients de la standardisation qui permet d'élever le débat mais aussi bloque des avenues d'optimisations beaucoup d'exemples d'inovations en frameworks JS qui auraient été bloqués Les commentaires apres l'article sont interessants aussi (en contre perspective) mais tout le monde n'est pas d'accord avec cet article https://www.abeautifulsite.net/posts/web-components-are-not-the-future-they-re-the-present/ Data et Intelligence Artificielle Conseils et bonnes pratiques lors de l'intégration de LLM dans une application https://glaforge.dev/posts/2024/09/23/some-good-practices-when-integrating-an-llm-in-your-application/ management de prompt effectif versionnage et externalisation des prompts fixer la version des modèles optimisation et caching mettre en place des rails de sécurité évaluer et monitorer le comportement et la performance prioriser la sécurité des données privées Encore une nouvelle version de LangChain4j, avec la version 0.35 ! Guillaume couvre les nouveautés côté Gemini et Google Cloud https://glaforge.dev/posts/2024/09/29/lots-of-new-cool-gemini-stuff-in-langchain4j/ Support des toutes nouvelles versions de Gemini 1.5 (version 002) Un “document loader” pour charger des documents à partir de Google Cloud Storage Un “scoring model” qui permet de faire du “reranking” de résultat, pour trouver les résultats les plus pertinents pour une requête donnée Support de nouveaux paramètres des embedding models (choix de la dimensionalité des vecteurs, du troncage des textes en entrée) Ajout d'un “embedding model” pour le module Google AI Gemini Un estimateur de token pour Google AI Gemini Support des chat listeners Support des enums pour la sortie structurée JSON Et plein de mise à jour de la documentation pour refleter tous ces changements et aditions Self Correction Algo LLM https://www.infoq.com/news/2024/10/google-deepmind-score/ Google DeepMind a récemment publié SCoRe, une nouvelle méthode d'auto-correction pour les modèles de langage (LLM). Elle améliore la capacité des LLM à corriger leurs erreurs lorsqu'ils résolvent des problèmes de mathématiques ou de programmation. Contrairement aux méthodes antérieures, SCoRe utilise des données générées par le modèle lui-même pour créer des dialogues d'auto-correction. Cela permet au modèle de s'améliorer via un processus d'apprentissage par renforcement (RL) en deux étapes. Les modèles ajustés avec cette technique ont montré des améliorations significatives, surpassant les performances des modèles de base. Cette méthode pourrait ouvrir de nouvelles pistes pour rendre les LLM plus précis et robustes dans leurs réponses. MongoDB 8 est sorti https://www.mongodb.com/products/updates/version-release La version 8.0 est plus rapide, avec des lectures plus rapides, une meilleure gestion des mises à jour et des agrégations de séries temporelles jusqu'à 60 % plus rapides. De nouvelles fonctionnalités incluent le support des Query pour les données chiffrées, rendant le traitement des données sensibles plus facile. Beaucoup d'ameliorations pour la performance et scalabilité Guillaume explore les techniques avancées de Retrieval Augmented Generation pour améliorer la qualité des résultats de recherche dans ses propres documents, avec les LLMs https://glaforge.dev/talks/2024/10/14/advanced-rag-techniques/ Présentations et vidéos données lors de la conférence Devoxx Belgique Code des exemples disponibles sur Github Techniques de chunking : sliding window, hypothetical questions, semantic chunking, context retrieval chunking Techniques de retrieval : hypothetical document embedding, query compression, metadata filtering Outillage Article sur les cache alias en Infinispan https://infinispan.org/blog/2024/10/07/cache-aliases-redis-databases Explique comment on peut utiliser Infinispan pour remplacer Redis Explique la différence entre les database de Redis et les caches d'Infinispan Explique l'utilité des alias en général Explique comment on peut avoir un mapping des databases de Redis vers des caches d'Infinispan Sécurité Keycloak 26 est sorti: https://www.keycloak.org/2024/10/keycloak–2600-released Organizations feature: permet aux administrateurs de créer et gérer des structures organisationnelles, facilitant la gestion des rôles et des permissions. Persistent user sessions: Les sessions des utilisateurs sont maintenant stockées par default dans la base de donnée ce qui améliore la cohérence, surtout avec plusieurs instances. Login Theme: Offre un design plus propre et une option de mode sombre qui s'adapte aux préférences des utilisateurs. L'amélioration du déploiement multi-sites renforce la fiabilité et réduit le temps d'arrêt lors des demandes des utilisateurs. Admin recovery: une méthode simple pour récupérer l'accès administrateur si tous les comptes sont bloqués, en créant un compte temporaire via des variables d'environnement. Pour les utilisateurs qui migrent vers cette version, il est important de prêter attention aux changements liés à la gestion des caches et aux sessions persistantes. Loi, société et organisation Introduction des licences fair source https://techcrunch.com/2024/09/22/some-startups-are-going-fair-source-to-avoid-the-pitfalls-of-open-source-licensing/ Certaines startups utilisent des licences “fair source” pour partager leur code tout en protégeant leurs intérêts commerciaux. Les licences FSL (Functional Source License) et BUSL (Business Source License) permettent d'ouvrir le code après 2 ou 4 ans. Ces licences empêchent les concurrents de vendre des produits similaires tout de suite, offrant une protection temporaire. Certains critiques pensent que ces licences sont compliquées et pourraient limiter l'innovation, car elles ne sont pas totalement ouvertes. Le “fair source” est encore un concept nouveau, mais il pourrait devenir un bon compromis entre open source et logiciel privé. definition de fair source: code lisible publique, peut etre utilise et modifié avec des “restrictions minimales” pour proteger le business modele du producteur ; et devient open source de maniere deferée “any purpose other than a Competing Use. A Competing Use means use of the Software in or for a commercial product or service that competes with the Software or any other product or service we offer using the Software as of the date we make the Software available” Outils de l'épisode Un petit outil sympa pour les utilisateurs de Macs avec un écran “wide”, pour partager un écran virtuel : https://github.com/Stengo/DeskPad les écrans larges sont partagés entierement et ceui fait un rendu 16:9 pour les gens qui le voient cet écran acte comme un écran mais il est virtuel et on peut mettre les applications que l'on veut dedans on ne l'a pas testé Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 17–18 octobre 2024 : DevFest Nantes - Nantes (France) 17–18 octobre 2024 : DotAI - Paris (France) 30–31 octobre 2024 : Agile Tour Nantais 2024 - Nantes (France) 30–31 octobre 2024 : Agile Tour Bordeaux 2024 - Bordeaux (France) 31 octobre 2024–3 novembre 2024 : PyCon.FR - Strasbourg (France) 6 novembre 2024 : Master Dev De France - Paris (France) 7 novembre 2024 : DevFest Toulouse - Toulouse (France) 8 novembre 2024 : BDX I/O - Bordeaux (France) 13–14 novembre 2024 : Agile Tour Rennes 2024 - Rennes (France) 16–17 novembre 2024 : Capitole Du Libre - Toulouse (France) 20–22 novembre 2024 : Agile Grenoble 2024 - Grenoble (France) 21 novembre 2024 : DevFest Strasbourg - Strasbourg (France) 21 novembre 2024 : Codeurs en Seine - Rouen (France) 27–28 novembre 2024 : Cloud Expo Europe - Paris (France) 28 novembre 2024 : Who Run The Tech ? - Rennes (France) 2–3 décembre 2024 : Tech Rocks Summit - Paris (France) 3 décembre 2024 : Generation AI - Paris (France) 3–5 décembre 2024 : APIdays Paris - Paris (France) 4–5 décembre 2024 : DevOpsRex - Paris (France) 4–5 décembre 2024 : Open Source Experience - Paris (France) 5 décembre 2024 : GraphQL Day Europe - Paris (France) 6 décembre 2024 : DevFest Dijon - Dijon (France) 22–25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 30 janvier 2025 : DevOps D-Day #9 - Marseille (France) 6–7 février 2025 : Touraine Tech - Tours (France) 25 mars 2025 : ParisTestConf - Paris (France) 3 avril 2025 : DotJS - Paris (France) 10–12 avril 2025 : Devoxx Greece - Athens (Greece) 16–18 avril 2025 : Devoxx France - Paris (France) 7–9 mai 2025 : Devoxx UK - London (UK) 12–13 juin 2025 : DevLille - Lille (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 18–19 septembre 2025 : API Platform Conference - Lille (France) & Online 9–10 octobre 2025 : Volcamp - Clermont-Ferrand (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

ScanNetSecurity 最新セキュリティ情報
Apache Tomcat に TLS ハンドシェイク処理の不備

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Oct 7, 2024 0:19


独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は10月1日、Apache TomcatにおけるTLSハンドシェイク処理の不備について「Japan Vulnerability Notes(JVN)」で発表した。

ScanNetSecurity 最新セキュリティ情報
Apache Tomcat Connector(mod_jk)に不適切なデフォルトパーミッションの脆弱性

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Sep 25, 2024 0:22


独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は9月24日、Apache Tomcat Connector(mod_jk)における不適切なデフォルトパーミッションの脆弱性について「Japan Vulnerability Notes(JVN)」で発表した。

ScanNetSecurity 最新セキュリティ情報
Apache Tomcatにサービス運用妨害(DoS)の脆弱性

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Jul 7, 2024 0:23


 独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は7月4日、Apache Tomcatにおけるサービス運用妨害(DoS)の脆弱性について「Japan Vulnerability Notes(JVN)」で発表した。影響を受けるシステムは以下の通り。

PodQuiz weekly trivia quiz

This week's rounds are Music (Sax Solos), Postage Stamps, Quantities (Quickfire), and Pandas (with guest host Winston). The music is Post A-Priori by Apache Tomcat.

Cyber Security Today
Cyber Security Today, May 17, 2024 - Malware hiding in Apache Tomcat servers, new backdoors found, and more

Cyber Security Today

Play Episode Listen Later May 17, 2024 5:51


This episode reports on the break up of a North Korean scheme tricking American firms into hiring who they thought were Americans app developers to work remotely, and more 

MICHAELBANE.TV™ ON THE RADIO!
An Ideal Revolver?

MICHAELBANE.TV™ ON THE RADIO!

Play Episode Listen Later Feb 21, 2024 46:59


The new line of Rossi revolvers is a great opportunity for people looking to try a revolver without breaking the bank. Also, some thoughts on becoming invisible. MichaelBane.TV - On the Radio episode # 208. Scroll down for reference links on topics discussed in this episode. Disclaimer: The statements and opinions expressed here are our own and may not represent those of the companies we represent or any entities affiliated to it. Host: Michael Bane Producer: Flying Dragon Ltd. More information and reference links: Rossi RP63 Griner Gunworks Cimarron 1873 Deluxe Short Rifle Cimarron 1887 Lever Action Terminator Shotgun Munden's Six-Gun Magic by Jeff Ault Michael Bane Blog Dec. 21, 2017 The Myth of the Gray Man/Dave Merrill, RECOIL Gray Man Strategies 101: Peeling Away the Thin Veneer of Society/Kevin Reeve, Imminent Threat Solutions 10 Lessons from an Urban Escape and Evasion Class/John Schwartze, RECOIL Off-Grid The Music of Apache Tomcat

airhacks.fm podcast with adam bien
Java, Continuations and How Rife Happened

airhacks.fm podcast with adam bien

Play Episode Listen Later Jan 28, 2024 55:11


An airhacks.fm conversation with Geert Bevin (@gbevin) about: early days learning to code on a Commodore 64 and writing a painting program, learning Basic, Turbo Pascal, then C++, building custom software for companies in Belgium using Java and owned the IP, Seaside web framework was written in Smalltalk, Rife web framework, Cameron Purdy on "#16 Java, Caching and How the Information Flows", Cedric Beust on "#134 How EJBGen, TestNG and ...Android happened", the lightweight Spark (web framework), Gradle and Apache Maven, Project Loom and Continuations, BLD build tool, Object-oriented programming, Smalltalk, Seaside (software), ASM (Java bytecode manipulation and analysis framework), Rife and continuations, Rife is based on Servlets, Velocity (software), Spark (web framework), jetty (web server),Apache Tomcat, WAR (Sun file format), JSP, Kotlin, Tangosol, TestNG Geert Bevin on twitter: @gbevin

The CyberWire
Creating PANDA-monium. [Research Saturday]

The CyberWire

Play Episode Listen Later Jul 8, 2023 17:03


Thomas Etheridge from CrowdStrike sits down to discuss their work on "Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft" In May of 2023, industry and government sources detailed China-nexus activity where they found the threat actor dubbed Volt Typhoon targeted U.S. based critical infrastructure entities. CrowdStrike's Intelligence team tracked this actor as VANGUARD PANDA.  With CISA's advisory on VANGUARD PANDA and its link to Chinese adversaries who are increasingly targeting US businesses and critical infrastructure, CrowdStrike's blog dives deeper into the risks of VANGUARD PANDA. The research says "One specific VANGUARD PANDA incident stands out to review in detail. Falcon Complete responded to a detection that was triggered by suspicious reconnaissance commands executed under an Apache Tomcat web server running ManageEngine ADSelfService Plus." The research can be found here: Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft

Research Saturday
Creating PANDA-monium.

Research Saturday

Play Episode Listen Later Jul 8, 2023 17:03


Thomas Etheridge from CrowdStrike sits down to discuss their work on "Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft" In May of 2023, industry and government sources detailed China-nexus activity where they found the threat actor dubbed Volt Typhoon targeted U.S. based critical infrastructure entities. CrowdStrike's Intelligence team tracked this actor as VANGUARD PANDA.  With CISA's advisory on VANGUARD PANDA and its link to Chinese adversaries who are increasingly targeting US businesses and critical infrastructure, CrowdStrike's blog dives deeper into the risks of VANGUARD PANDA. The research says "One specific VANGUARD PANDA incident stands out to review in detail. Falcon Complete responded to a detection that was triggered by suspicious reconnaissance commands executed under an Apache Tomcat web server running ManageEngine ADSelfService Plus." The research can be found here: Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft Learn more about your ad choices. Visit megaphone.fm/adchoices

A Bootiful Podcast
Apache Tomcat contributor extraordinaire Mark Thomas

A Bootiful Podcast

Play Episode Listen Later Mar 23, 2023 98:44


Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long talks to longtime Apache Tomcat contributor extraordinaire Mark Thomas - I wrote a white paper on using Spring Boot 3 AOT and GraalVM https://tanzu.vmware.com/content/white-papers/spring-boot-3 - I did a Spring Tips installment on using Vaadin and Spring Boot 3 together, along with the shiny new AOT support https://www.youtube.com/watch?v=nyR-qzj7O3w - Java 20 is out! the last one to install it is a rotten egg! Get the bits NOW! https://twitter.com/java/status/1638195008162471936 - Want to learn Spring Boot 3? Check out this video I did for the Jetbrains channel a few weeks ago https://www.youtube.com/watch?v=Y2gZz8-yK7Y

ScanNetSecurity 最新セキュリティ情報
Apache TomcatのJsonErrorReportValveにエスケープ処理不備の問題

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Jan 5, 2023 0:20


独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は1月4日、Apache TomcatのJsonErrorReportValveにエスケープ処理不備の問題について「Japan Vulnerability Notes(JVN)」で発表した。

airhacks.fm podcast with adam bien
To MicroProfile, Or Not To MicroProfile?

airhacks.fm podcast with adam bien

Play Episode Listen Later Dec 11, 2022 47:08


An airhacks.fm conversation with Romain Manni-Bucau (@rmannibucau) about: Romain appeared first at "#79 Back to Shared Deployments", kubernetes and portability, minio, nginx kubernetes k0s, MicroProfile SmallRye, self-constraining for productivity, JSON-RPC over GraphQL, yupiik uship - a Jakarta EE subset, "Making the Intentions Explicit with JAX-RPC over JAX-RS", JSON-RPC over GraphQL, Apache OpenWebBeans, Apache Tomcat, JSON-B, Apache Johnzon JSON-B supports Java Records, Romain Manni-Bucau on twitter: @rmannibucau

Craig Peterson's Tech Talk
Did You Hear About the Latest Rip-Off? Non-Fungible Tokens! How Law Enforcement Tracks Bitcoin!

Craig Peterson's Tech Talk

Play Episode Listen Later Apr 22, 2022 82:43


Did You Hear About the Latest Rip-Off? Non-Fungible Tokens (NFTs) Are Already Losing Steam! [10:54] How Law Enforcement Tracks Bitcoin! It is Absolutely NOT Anonymous [20:05] The FBI Is Actively Removing Malware From Private Machines -- Without The Owner's Permission [29:10] Why and When You Shouldn't Trust QR Codes [41:08] Cybercrime in Russia Tracked to a Single Office Building in Moscow! [52:29] The Newest Phishing Scams [01:01:32] Using Wordpress? How Supply Chain Attacks are Hurting Your Business Website [01:10:43] Cybersecurity Tools You Should Be Using! Jam packed today. We're going to start with non fungible tokens. If you don't know what those are, this is a very big deal because so many people are investing in them right now. Are they really investments? I've got a bit of a blow back here. Most people think that Bitcoin is anonymous. We're going to talk about how it absolutely is not. [00:00:20] We're going to talk about anonymous. In fact, the Russians, Microsoft, what they're doing against the Russians and this little comedic thing about cars. [00:00:28] NFTs are very big deal. [00:00:31] I'm going to pull up here on my screen right now. This is a picture of Mr. Jack Dorsey. We'll go full screen, an article from a website called CoinDesk. CoinDesk is one of these sites that really tries to track what's happening out there in the Bitcoin community. Of course, nowadays it's much more than Bitcoin. [00:00:53] Isn't it? We're talking about all kinds of. Different currencies that have a blockchain backend. They're called cryptocurrencies basically. But the big one was of course, Bitcoin. And there is a whole concept. Now, when we're talking about things like cryptocurrencies and these non fungible tokens. People have been investing them in them. [00:01:19] Like crazy people are making millions of dollars every week. Now, remember, I am not an investment advisor and particularly I'm not your investment advisor. So take all the. To your investment advisor. I'm not telling you to buy them. I am telling you to be cautious here though, because these non fungible tokens are designed to give you the ability to be able to just, own something in the digital world. [00:01:48] What might you own in the digital world? We've had a lot of different stuff. We've seen some just crazy monkey things. Have you seen those? These little pictures of monkeys are. Graphic designed and it's all animated. If you will. It's like cartoons and people pay money for them. One of the things that people paid money for was the rights to the first tweet ever on Twitter. [00:02:16] So that's what you're getting. When we're talking about an NFT on a non fungible transaction, it is now yours. So this particular NFT we're talking about was of our friend here, Jack Dorsey. We'll pull it up again, this article, and he had a tweet that was sold last year for $48 million. That is a lot of money. [00:02:43] So people look at this as an investment, but it's not the same as hanging art on the wall. You've got a Picasso that has some intrinsic value. It's a painting. It has all the oil paint on that, it was designed by and painted by a crazy man years ago. And you can take that Picasso and you can. [00:03:07] Turn it around and sell it. It has some real value. If you own the rights to something, let's say it's one of these monkey pictures. It reminds me of a postage stamp and you paid real money for it. Some of these things are going, as I said, for over a million dollars and this Jack Dorsey first tweet went for $48 million. [00:03:27] So let's say that's what you did, right? You bought this thing for $48 million. Really? What do you have? Because anybody can go online and look at that tweet. Anybody can print it up and stick it on a wall. Anybody can go out and get that picture of the monkeys right there. The guy drew, and you can look at it. [00:03:51] In fact, I can pull it up right now, if you want to do. But people paid real money for that. So they've got what really? What do they have? You can't take it off the wall, like you're Picasso and salad, right? Or Banksy, if you're into the more modern art, it's just not. What is doable? How do you make this work? [00:04:12] Only the NFT only gives you bragging rights in reality. That's what it does. You have bragging rights because you could take that digital picture and make a hundred quadrillion copies. Yeah, you'd still own the NFT you would still have in the blockchain for whatever NFT company you're using the rights to it. [00:04:37] They would say this, you owned it. So let's talk about the blockchain behind it. There are a lot of companies that are trying to give you that. Okay. All right. I get it. Yeah, I get to to own it. But who's running the blockchain behind it. Who's validating that you own it with Bitcoin and many of these other blockchain currencies that are out there. [00:05:04] There are various. Companies and individuals who are registered, who have all of the paperwork, if you will saying who owns, how much of what, and who paid, who and everything. And that by the way, is why it takes so long for some of these Bitcoin and other transactions to occur. But how about the NFT? There are tons of companies out there that say they will certify the NFT. [00:05:34] So it gets to be real problem. And when we get into this Jack Dorsey tweet and this article about it, which are will, let me pull it up again here for you guys. This guy, Sina S bought the very first tweet ever from Twitter founder, Jack Dorsey for $2.9 million last year. And he decided that he wanted to sell it. [00:06:03] So he listed it for sale again at $48 million last week. Real. He put it up for open bid and this article and CoinDesk is talking about that. And you can see that if you're watching me on rumble or YouTube, I'm showing you my screen here right now. But this Iranian born crypto entrepreneur named of again. [00:06:28] As TAVI purchased it for $2.9 million in March, 2021. Last Thursday, he announced on Twitter where out, that he wanted to sell this and Ft. And he said, Hey, listen, I'm going to put 50% of the proceeds to charity. The auction closed, this was an open auction. People could go and bid on it and head auction closed. [00:06:55] With an offer of basically $288, $277 at current prices when this article was written $277 and the lowest bid was $6. And as I recall, this is not in this article, but there were only. I handful of bids. Like when I say handful, I mean a half a dozen beds. Crazy. This is a real problem because the deadline is over. [00:07:27] He paid how much for it, right? How much did he pay? Pull that up again. $2.9 million last year. And his highest bid was in the neighborhood of $280. Isn't that crazy. So did he get money on this? Did he win money on this? I don't know. I'm looking at those saying is it worth it to buy something like that? [00:07:54] That you might think, oh, the very first apple computer, an apple. While that's going to be worth some serious money. Yeah, it is. It's something, you can grab onto, you can hold onto it, it's something and you can sell it. You can trade it. You can take a picture of it. You can't make digital copies of it. [00:08:15] You, you, it's a physical thing. That's worth something. Same thing with that Picasso on the wall, it's really worth something that has some basic intrinsic value. Jack's true tweet. The very first tweet. How much is that thing worth? It basically nothing. So the tweet is showing he'll pull it up on the screen again that he's selling ad Jack 2000 6 0 3 21 at eight 50 14:00 PM. [00:08:46] Just setting up my Twitter. So there you go. There's Jack is very first to. And it's absolutely amazing. Is it worth it? Let me pull up some other stuff here for you guys. I'm going to pull this up here is Coinbase launching an NFT marketplace in hopes of appealing to crypto on mainstream users. So here's some examples from a man and FTEs. [00:09:11] I'm going to zoom in on this for those of you guys watching on rumble or on Twitter. All right. Mean. Yeah actually you can see it on Twitter too, but YouTube, here you go. Here's some NFTs it's artwork and it's a creature. So you can buy creature number 7, 8 0 6 right now for six Eve. So let me see. [00:09:34] Value of six. Ethereum is what ether, M two us dollars. So for 3000. And $84. As of right now, you can get a crappy picture that even I could have draw okay. Of this guy and look at all of the work this artist has put in. There's how many of these up here? 1, 2, 3, 4, or five, 10 of them. And it's the same head. [00:10:03] Each time it looks like this almost the same eyes. He changes colors and he's got different background. It's absolutely not. So that's what they're trying to do right now, trying to sell these NFT. So who's going to buy that. Who's going to pay $3,000 for artwork that hunter Biden could have done with a straw. [00:10:25] Anchored around. Here's another one. This is from ledger insights. NBA's launching dynamic NFTs for fans, baseball cards for the NBA that are basically just worthless. They're NF. Non fungible tokens. It has taken the crypto world by storm and people are losing millions as you look, but it really is changing the e-commerce world. [00:10:54] Bitcoin blockchain. All of the rage, a lot of people are talking about it, but I got to say most people who are talking. I don't know much about it. And when it comes to anonymity, Bitcoin is probably the worst thing you could possibly do. It's amazing. [00:11:12] There are a lot of misconceptions out there when it comes to technology, you have almost any kind of technology and blockchain and Bitcoin are examples of a very misunderstood technology. [00:11:25] Now I'm not talking about how does it work? How are these ledgers maintained? How does this whole mining thing work? Why has Chan. Bandit. Why are a lot of countries going away from it, one country. Now the dictator said, yeah, we're going to use Bitcoin as our we're official currency. In addition to the U S dollar what's going on. [00:11:48] It is complicated behind the scenes. It's complicated to use. Although there are some entrepreneurs that have made some great strides there. I saw a documentary on what has been happening in that one country. I mentioned. They are able to pay in us dollars using Bitcoin. So they'll go up to a vendor on the street. [00:12:13] Quite literally they'll have their smartphone with them. The vendor has their smartphone. They type in 15 cents for the taco and a hit send. It goes to the other person and they have 15 cents worth of Bitcoin. By the way, these types of micro-transactions with the way Bitcoin is structured behind the scenes, make things even less manageable in the Bitcoin world than they have been in the past. [00:12:40] And that's why in case you didn't know, Bitcoin is making some major changes here fairly soon. They've got to change the way all of this ledger stuff works because it takes too long. To record and authorized transactions. And these ledgers just get way too long when it comes to all of these kinds of microtransaction. [00:13:04] So there's stuff going on, Bitcoin, there, there are many of these types of currencies out there. Theories comes one. You've heard about doge coin because of course that's Elon Musk has been talking about and many others and they're all different somewhat, but the main concepts are the. One of the big concepts, I'm going to pull an article up here on the screen for those watching on YouTube or also on rumble. [00:13:30] But this is an article from our friends at wired magazine. And now you have subscribed to wired for many years. This particular one is about what wired is calling the crypto. Trap now that's a very big deal. It is a trap and it's a trap and a lot of different ways. And that's what we're going to talk about right now. [00:13:56] Crypto is not what its name implies. A lot of people look at it and say, oh, crypto that's cryptography. That's like the German enigma machine in world war two and all of this new, great crypto that we have nowadays. And there are some pretty amazing new cryptographic technologies that we've been using, but no, that's not. [00:14:17] What's really going on. You see the basic premise behind all of these technologies is the concept of having a. And this wallet has a unique identifier. It has a number assigned to it. So if I'm sending money to you, I'm going to have your wallet, ID, your wallet number, and I'm going to now send you some amount of fraction, most likely of a cryptocurrency and it's certainly if it's Bitcoin, it's almost certainly a fraction. [00:14:49] And so I'm going to send you $100 worth of, let's say. What ends up happening now is these ledgers, which are public, are all going to record the Craig's sent you a hundred dollars worth of Bitcoin. Of course, it's going to be in a fraction of a Bitcoin. So sometimes there's rounding errors is not going to be really exactly a hundred dollars. [00:15:12] Plus there's the amazing amount of. Tivoli volatility in the cyber currencies. So even though I meant just hitting a hundred dollars, mine ended up being 110 of it goes up. It might be 90. If it goes down you get that. You don't understand how that works. So the problem now is I have sent you a hundred dollars. [00:15:33] And public ledgers that anyone can gain access to now say wallet number 1, 2, 3, 4 cent, a hundred dollars, two wallet, number 5, 6, 7, 8. Obviously the wallet, our bruises, a lot longer than that. So then it's fine. And there's a degree of anonymity there it's really called pseudo anonymity because in reality, it's not completely anonymous because people know the transaction occurred and they know the wallet numbers. [00:16:03] Correct. It's like a bank account, and if I'm putting money into your bank account, that bank account number knows that the money came from a check that I wrote. Can you imagine that someone writing a check and that check I had a number on it, a bank account number, right? So it can all be tracked while much. [00:16:19] The same thing is true when it comes to cryptocurrencies, these cryptocurrencies are in public ledgers and those public ledgers can be used with a little bit of work to figure out. Who you are. So this article here from our friends at wired gets really hairy. And it might be of interest to you to read, but this is talking about a take-down that happened, and this is a massive take down. [00:16:51] This take down was of a whole group of people who were involved in some really nasty stuff. In this particular case, what it was kitty. Just a terrible thing and the abuse surrounding it. So this logical goes into not a lot of detail. I'm not going to read it because here on the air, because I don't want to upset too many people. [00:17:15] Cause it's some of the details of this evening to think about them are incredible. But. This the police broke into this middle-class suburb home in the outskirts of Atlanta. And he there was Homeland security. It was a guy from the IRS and they came in, they took all of their electronic devices. [00:17:38] They separated the family, putting the father who is an assistant principal at the local high school assistant printers. And he was the target of this investigation. So they had him in one room, they had his wife and another room and they put the two kids into a third room and they started questioning him. [00:18:00] Now, this is part of a takedown of a, as I said, a whole ring of these people, including this assistant. Principal at a school. Can you believe that? So this IRS guy had flown in from Washington DC to have a look over what was going on, but this agent from the IRS and his partner whose name is let's see, his name was Jenn S Scouts. [00:18:26] I probably got that wrong. And Tigran GAM bar Yan, Cambodian, and they had a small group of investigators and they were at a whole bunch of different federal agencies, not just the IRS. What once seemed to be. Untraceable was no longer untraceable. Now I've talked on this show before about a lecture I went to by the secret service about how they had tracked down and shut down the world's largest website that was being used to sell illegal materials online. [00:19:01] And it's fascinating what they did. But frankly, they're calling this particular boss to proof of concept and that's why they are IRS was in on this as well, but it was huge. Here's a quote from the IRS agent in this wired magazine article. He's saying he remembers how the gravity of this whole thing. [00:19:21] Let me pull this up on the screen too. So you can read along here, but this was a high school administrator, a husband, and a father of two, whether he was guilty or innocent. The accusations, this team of law enforcement agents were leveling against. There are mere presence in the home would almost certainly ruin his life. [00:19:44] And he, as well as these other people were counting on anonymity from Bitcoin. Now, obviously I'm glad they got taken down, but listen, folks, if you think that it's safe, that it's anonymous, it ain't Bitcoin just ain't there. Craig peterson.com stick around. [00:20:05] I've been blamed for really complaining about people not updating their software. And that includes things like firewalls. The FBI has stepped in and they are going ahead and doing updates for you. [00:20:21] What should we be doing as a country? [00:20:26] People are. Updating their software. They're not updating their hardware. And particularly our hardware take a look at what's been happening with the firewalls and the firewall concerns. Everybody has some sort of firewall will almost everybody, but enough people that we can say, everybody has a firewall, you get your internet from you, name it. [00:20:50] And because of the fact they're using something called Nat network address translation, they've got some sort of firewall in front of you. So for instance, You've got your phone, right? You're using your phone and it's got internet on it. You're going through whoever your carrier is. And that carrier is giving you internet access, right? [00:21:14] They don't have enough IP addresses, particularly IPV four, in order for you to get your very own unique little address out on the. No they do. When it comes to V6 things a little bit different, but your device is not completely exposed on the internet. Windows comes to the fire. And by default, the windows firewall is turned on. [00:21:35] Now this gets more than a little concerning because that firewall that's turned on. Isn't really doing anything because I've got a firewall turned on and yet every service is accessible from outside, which is defeating the purpose of the firewall. Again, it's a complaint I've had about Microsoft now for. [00:21:55] Decades, which is they have features that are just check boxes. Yes. Yes. It's got a firewall. Yeah, it's turned on, but the features don't work. So having a firewall and having everything open defeats the purpose of a firewall max do not have a firewall turned on by default, but they do have their services to say. [00:22:18] Which is just as effective if not more effective. So one of the things we advise people to do is go into your windows system, into the firewalls and your security settings, and turn off any services that you're not using. If you're not sharing file systems, then turn that off. In other words, You're mounting the G drive or whatever you might call it from another computer, then you don't need it. [00:22:44] If you're not as server for what's called SMB, then you don't need to share it. So turn off everything that you don't need. That's going to happen is one of your programs isn't going to work, right? And the, what you did last year, you're going to turn it back on and you can do a lot of research online to find out what they are. [00:23:04] We have over 200 settings that we change in windows. When we get a customer. Now on the Mac side, you can turn it on. I liked turning it on. I liked turning off the ability to see my machine. So in other words, the ability to be able to. So I turned it on and I enable specific services. And again, you can do some research on that. [00:23:30] I've got an improving windows security course that people have taken, and we should probably do that again, if not just have some free webinars on how to do this. So you guys can learn how to do it, but not that hard to do. Anyhow, bottom line is. People aren't updating their computers, even the Macs and windows. [00:23:51] We have a client that would just started a new client and we're tightening things up and we've been finding Mac computers that are major multiple major revisions behind. And that to me is shocking. Apple Macs are just so easy to update. It is extremely rare that an apple update will make your computer break unlike in the windows world, where it's pretty common. [00:24:17] So windows guys, I can understand, but your even more exposed, your bigger target, you need to keep up to date. So how about all of the other equipment that we. I've had warnings again and again, with you guys about what's happening with our smart devices that are out there, right? Our security cameras we have up in the corner, right? [00:24:41] We have these smart thermostats, people are using the list goes on and on of all of this equipment that we're using that is exposing us because when was the last time you have. How about the firmware in your router or your wifi, right? Some of the devices that I recommend to people, and if you have any questions, just email me and e@craigpeterson.com. [00:25:05] I can give you recommendations, even if you're a home user. Although my business obviously is working with businesses on what kind of wifi to buy, what you should get, what you should do. I don't charge for any of that stuff. Okay. You get it. But you have to ask. Me@craigpeterson.com. So you get this information and you go ahead and you buy whatever it is, but you don't keep it up to date, which is why I tend to only recommend stuff that automatically updates. [00:25:33] But that also means every few years you're going to have to replace it because unless you're using the good Cisco equipment where you can get a seven year life out of it you're not going to find that in consumer grid. So what's happened here. I'm going to pull this up on my screen for people watching this on YouTube or on rumble. [00:25:52] But here is a thing that came straight out of our friends here from the FBI. This is from CSO. This is a a magazine that I do follow. But they're talking about what they call psych clock. Blink. So the article says for the second time in a year, the FBI has used search and seizure warrant to clean malware from devices owned by private businesses and users without their explicit approval. [00:26:25] The FBI used this approach to disrupt a botnet, believed to be the creation of right. Government hackers. So the calling this SYEP clock cycle clubs, blink malware discovered earlier this year. So here's the problem. What do you do if you're the federal government, how do you try and keep your country safe? [00:26:51] Now we know. We've got these military contractors. They make missiles that take out missiles, right? The provide defensive systems. You've heard of iron dome from years ago, all the way through all of the current stuff. That's what they do, but what do they do? What can they do when there's a botnet? A botnet is where there are multiple computers in this case, probably tens of thousands of computers located in the United States that are acting like sleeper. [00:27:21] They sit there and they wait for commands as to what they should do. Should they try and attack a machine? Should they try and spread more? Malware, what should they be doing? And the, these things are vicious. They are absolutely nasty. And in this case, we're looking at Russian malware. So Russia effectively like the Americans. [00:27:44] You might remember that TV show. It was great show, but that. Computers that are owned by you and me and our businesses and government agencies that are under the control of the Russians. Now you don't even know it. You're using your computer. You're playing games. You're going to Facebook, whatever it is you do on your computer. [00:28:06] Your computer is under command and control of the Russians. So the FBI goes to a court and says, Hey, we've got to go ahead and shut this down. We need a warrant. They get the warrant and the search and seizure warrant lets them now. Get on to these machines that are part of the bot net or the controlling machines for the bot net, and either remove the malware or go ahead and take control of the botnet themselves. [00:28:34] So it can't be used. And by the way, our friends at Microsoft they've gotten involved in this too, which is really frankly, cool in shutting down some of these botnets, Hey, I want to encourage everyone. Take a couple of minutes, go to Craig peterson.com/subscribe. That's Craig Peterson. CREI G P T R S O N. [00:28:57] And subscribe, and I'll be sending you a special report on passwords. Plus two more. I send out the most popular special reports that anybody has ever asked for. [00:29:10] Hey, I've got a little bit more to discuss on what's happening with Russia and Microsoft and more, but I'm also going to talk about QR codes. There is a great explanation. That's in your newsletter from Monday about why you shouldn't trust 'em. [00:29:26] Let's finish up this Russian thing. And then we're going to get into why you cannot trust QR codes and a brand new way. [00:29:36] The bad guys are using QR codes to really mess with us. Now, if you're watching over on either YouTube or on rumble, you'll see this. Let me pull up my screen for you. But here we go. Okay. This is very interesting. Then the last segment, we talked a little bit about what our friends over at the FBI had been doing, which is they have been removing malware from people's computers because people haven't been keeping their computers up-to-date right. [00:30:11] Part of the botnets. So we explained. At the FBI, isn't the only one out there trying to stop these Russians and the hackers anonymous has been very big at it. In fact, let me pull up this other article. This is from security affairs. And here we go. And it's talking about this whole army of these anonymous hackers. [00:30:35] Now none of us have been a nightmare for many businesses that they didn't like. I had an anonymous we'll go ahead and they'll do usually pretty basic stuff. They'll do denial of service attacks and some other things, so they don't like you because of. The don't say gay bill in Florida, and, without bothering to do any research, they'll just start attacking organizations that support it, or organizations that don't support it depending on how they want to do it. So this is an interesting article here, because it's talking about these various. Websites that they've hacked. Now, some of them are government site and some of them are private industries. Now, one of the cool things, bad things about hacking private industry and releasing the emails is now the competitors to these businesses know what they're doing. [00:31:31] And in some cases there's proprietary technology that's being released. Now, when it comes to Russian proprietary technology. The Western world doesn't care a whole lot about some of it, but here's some examples of what these hacktivists of GoDaddy. This is a company called forest 37,000 emails stolen from the company, Russian logging and wood manufacturing firm. [00:31:55] Again, it would give a little bit of an idea into the whole Russian, what are they doing? In the forest industry. This one, I think is a little more concerning for the Russians Aero gap. This is an engineering company that focuses in the oil and gas industry. Their clients include a whole bunch of Russian companies. [00:32:15] They've leaked approximately 100,000 emails from Aero gas. That is a huge deal because so much of the country's revenue, the number one industry in Russia is oil and gas. Petro Fort one of the largest office space and business centers in St. Petersburg, the hackers have leaked approximately 300,000 emails from Petro fork. [00:32:41] Again, you can use that to find out what's happening in your economy. What. Doing how are businesses doing? Are they going to go under so you can see some tweets here. I've got them up on my screen on YouTube and rumble anonymous. What they're saying that they've done and you can follow anonymous directly on Twitter. [00:32:59] Particularly fond of them. They've done a lot of things that I disagree with. This is really telling us about a whole new approach to warfare, right back in the day, you and I couldn't get involved, we could potentially take up arms and go and fight right there and think about the Spanish American war. [00:33:18] Think about what's happening now in Ukraine, where Americans have just gone over there. Taken up firearms in order to help them defend Ukraine. People who are maybe of Ukrainian descent, maybe not right. We have never seen this type of involvement by average citizens because anonymous is not like some big fancy company or government agency anonymous is a bunch of people who are trying to be anonymous and do something. [00:33:50] So they stole 145 gigabytes. Look at this. It's just crazy. So he. The anonymous Twitter thread itself, right? Talking about what. It's absolutely incredible. Incredible. So that's what anonymous is up to. They are hacking Russia and they're hacking Russia in a big way. Now, next stop. We have our friends at Microsoft. [00:34:15] Microsoft has been seizing Russian domains that they are accusing of having been linked to these Russian hackers that have been going after think tanks and government agencies in the U S and the. He knew, I shouldn't say which I'm sure includes the UK cause UK has gotten involved. So this article from the verge is talking about how Microsoft has seized seven domains, belonging to fancy bear apt 28 which is we've seen them active in a number of companies here, right in the Northeast United States. [00:34:57] These companies who are. Trying to provide materials, software, hardware for government contracts, right? So they're not even direct government contractors for the feds. They are just a sub contractors. And then we've seen fancy bear in there. We've seen the Chinese in these companies. It's incredible. [00:35:19] They have no. DIA that all of their intellectual property is being stolen, which is why the federal government has started cracking down on contractors and subcontractors and the, this whole paragraph 70 12 thing. We're getting geeky here, but companies that have to protect even unclassified information, confidential, classified, and they haven't been so Microsoft. [00:35:46] Obtained a court order. You can see this on my screen, over at YouTube and at rumble to take control of each domain on April six, that then started redirecting them to a sinkhole. So what they do is they take control of the DNS for the domain. So the root name servers, now, point to a Microsoft name server, and then send them to a sinkhole. [00:36:09] A sinkhole is basically nowhere you go there. There's nothing on the site, right? Or in this case also servers used by cybersecurity experts to capture and analyze malicious connections. And they'll do this. Oftentimes, when we're talking about these botnets, like we talked about a little earlier today, so apparently they're trying to establish long-term access to the system. [00:36:33] So the targets, what did we just talk about? Long-term acts. But net, right? That's what button that saw. So Microsoft has gotten involved. They've been doing this now for a little while. It's obviously not their normal business model, but it is something that they've been doing. They were also, by the way, the fancy bear link to these cyber attacks on the DNC in 2016. [00:36:57] And they also targeted the UFC election in 2020, which is why, part of the reason why anyways, don't use electronic equipment for our elections, have paper ballot, have people count those ballots yet it takes longer. You can't have the instant thing on TV, which is why all of these new services, they all don't do that. [00:37:18] That's ridiculous. But it's the only thing we can guarantee that these guys, like I got it up on the screen again. Fancy bear the Chinese et cetera. It's the only way they can get in. And if we were doing paper ballots and we had bipartisan people counting the ballots and independence, counting the ballots, observing this, we wouldn't have all of these problems that we had with the last election where people were saying it was stolen. [00:37:48] It was hacked. How do we know it was stolen? How do we know it? Wasn't stolen? How, go back to paper ballots, get rid of the scanning machines and particularly get rid of these electronic voting machines where you touch the screen to cast your vote. Those things are ridiculous. What if there's a software bug in it? [00:38:06] How can you go back and change the vote? People that complained about it again, and wait a minute. I voted for this guy and you had to record my vote for the other guy. It's ridiculous. Anyways. Back to QR codes. Okay. I'm going to pull this up on this screen because I think this is a cool article here. [00:38:25] This is from a, actually a site over in India. It's called scroll.in, and they're talking in here about how hazardous it can be. To use QR codes. Now they're not saying don't use QR codes, we've all had to use them. I've got up on my screen, this picture of being at a table. And you scan the QR code in order to get the menu. [00:38:48] In order to order, I did that. I was in Vermont and we were riding motorcycles or buddy, and I go into the little tiny. Restaurant, small restaurant and I had a half a dozen tables and they didn't have menus. You scanned it, the QR code that was there on the table and you placed your order. And off it goes a lot of places they've been doing that with menus. [00:39:11] You've seen that more and more saves them money as well and lets them change their prices more frequently. Yeah. Thanks for that inflation guys. Why shouldn't you use these QR codes? Why should you be extra careful? Here's the answer. QR codes are the URL of a webpage. That's the bottom line. Would you click a random URL that came in an email? [00:39:37] Would you click on a random URL in an ad or on a web page? We certainly know better than to cook URLs in our email. But that's exactly what the QR code is. And on top of it, the URL in a QR code tends to be what we call a shortened URL. So it might be Bitly, so might be bit.ally/and then some random characters. [00:40:04] How do you know where it's going to take? You don't all you know, is it's going to take you to Bitly, but that Bitly URL could be sending you to a malicious site. And now your phone could be hacked. It could be using your phone for Bitcoin mining for who knows what. So be very careful and the bad guys are using these in a different way that you might not have seen before, which is they are embedding QR code graphics. [00:40:34] Into emails. And they're thinking that people are going to hold up their phone to the email and what are they going to do? They're going to scan the QR code that was in their email. And now they're in trouble. Yeah, that's simple. Hey, visit me online. Craig peterson.com. Make sure you sign up for my newsletter. [00:40:53] Craig peterson.com/subscribe course, Craig Peterson, S O n.com. And I'm going to send you. Top three special reports, absolutely free. We got to take care of these bad guys. [00:41:08] This is a big deal, quite literally a big deal. Russian malware. We have been able to track it down now, track it down to a single site. Yeah. All of these bad guys are in one building in Moscow. [00:41:25] Hi everybody. Of course, you're listening to Craig Peterson. Thanks for taking a little bit out of your day today. As we continue to really talk about the stuff that's most important in the world, and there could be nothing more important, I think, than some of our cyber security, our lives, our fortunes, et cetera. [00:41:44] Last year we have to pay attention to well, This is a very big story and it's a bit of a scary one as well. We've had a lot of ransomware over the years and a lot of ransomware. Have you had it yourself? I bet you, if you haven't, someone who has had ransomware because frankly it is pervasive in every aspect of pretty much everybody's life out there. [00:42:12] So when you get hit with ransomware, Lately something a little different has happened. It's really gone through three phases. The first phase was the ransomware would get on to your system. Usually it came as an attachment, probably embedded in like a word file it's been embedded in PDFs, embedded in all kinds of stuff. [00:42:35] Even drive by downloads on websites, have brought malware. But in this case yeah, it was annoying. It was a problem. It would give you a red screen. You've probably seen it before warning about the ransomware and it told you, okay, here's what you can do to get your files back. And in order to get your files back, you usually. [00:42:57] To go to some exchange online, take dollars, buy of course, Bitcoin, or some other cryptocurrency. And then that cryptocurrency would be used in exchange now for you to get a key that would hopefully decrypt everything. And in reality, it often didn't encrypt hardly anything. So it's been a problem and a problem for a lot of people. [00:43:23] The FBI said that at the time. So this is a gen one of ransomware. You were lucky if 50% of the time you got all your data back, gen two of ransomware is when the bad guys started getting a little bit smarter. They didn't just take your files. Thumb and then say, Hey, pay up buddy. What they did at this point is that got onto your systems and they poked around. [00:43:46] They went we call in the industry, east west on the network. So they got onto you, maybe your kid's computer may, maybe you were hooked up via VPN to the office to do work. And it wasn't a great VPN. And the kid's computer had that virus and that virus weaseled his way all the way over the VPN, directly to the office, because remember. [00:44:09] VPNs are. A network private in that. Yeah. Okay. It's encrypted. And so someone who's got a wire tap isn't necessarily going to get anything, but it's a VPN, it's a tunnel. And that tunnel was used a many times for malware, like brand summer to creep over to the office network. That's an east west is going from. [00:44:30] One machine to another machine. And in businesses, man, you saw that one a lot as that ransomware moved around. So that was the second one. So the rents were going on the machine. It would then look for files that is. You might not want to have exposed. So it looked for files with bank account numbers in them, social security numbers, maybe intellectual property. [00:44:57] We saw a lot of that. Theft is continuing to go on primarily from the Chinese and then an intellectual property theft. And what happened next? While of course it ended up moving the data, the files, and then what they would do. It's encrypt your desk. So before they gripped your desk, they got copies of all of the stuff they thought might be important to you. [00:45:20] So now the threat was in version two of ransomware pay up, or if you don't pay up, you are going to have to pay us to not release your files. If you didn't want all of that client information online, if by law, you would get nailed for having that client information out online. And that's true in most states now, and the federal government's from putting some teeth on some of their laws as well, then what are you going to do? [00:45:49] Yeah, you paid the. So that was version two version three that we're seeing right now of ransomware is simply destructive. And if you go way back in history, you may remember I got hit with the Morris worm, which was one of the first pieces of nastiness out on the internet. And that was early nineties. [00:46:13] My business that I owned and was running, got hit with this thing. Even before that, There was ran. There was a nasty where viruses, if you will, that would get on the computer and destroy everything. It was just a malicious, as I remember, somebody at UC Berkeley, some researcher in it. And he didn't like what that of the researchers were saying about him. [00:46:35] So he put some floppy disk together and on them, he put. Erasing malware and shared all of the stats with anybody. And of course, you plugged that disc into your, that little floppy disc into your windows computer. And it says, okay, I'm going to go ahead and open it up. And, oh, look at this, a virus. [00:46:56] And so he then wiped out the computer of everybody else. That was a competitor of his out there in the industry. Yeah, a little bit of a problem if he asked me, so how did that end up getting around? What ended up happening while everybody got really upset with him, nobody really found out what was happening, who did it, et cetera. [00:47:19] That's what's happened. Now, so version three of malware is like some of the very first malware we ever saw version three of ransomware. So some, again, some of that very first ransomware was pretty nasty is not the sort of stuff you want to see running destroying files, but at least you could get back from a. [00:47:40] Nowadays, a lot of people are doing backups by attaching a disc directly to their machine, or they're backing up to another machine on the same network. Remember that whole east west thing, you didn't want the data going back and forth, it causes problems. Yeah. So what happens now? The Russians apparently are just trying to cause havoc with businesses, anybody who has decided that they're going to be anti-Russian in any way there they're attacking. [00:48:13] So they'll, reraise your desks. They'll erase all of your data. If you have backups on that thumb drive or that USB external. The good news erase that if you have backups on another machine, on the network, hopefully from their standpoint, there'll be able to get onto that machine and erase all of your backups, which is again, why we'd like 3, 2, 1 backups. [00:48:34] At the very least, there's some others that are even better. And if you're interested, send me an email me@craigpeterson.com. I'll send you a webinar that I did on this. I'm not charging you for. But it was a free webinar to begin with what a webinar on backup and how to backup properly and why to do it this way. [00:48:54] Again, me, M E Craig peterson.com. Be glad to do that. What we're seeing now is a huge problem. Let me see if this is going to work for us. Yeah. Okay. It is. I am, by the way, live here we go on my computer. So people who are watching. I can see my desktop. So here we go. This is Russian companies who are linked to this Russian malware. [00:49:24] Ransomware are hiding in plain sight is what they're calling it. So what does it mean. To hide in plain sight. While in this case, what it means is money that's been paid by American businesses to these Russian ransomware gangs, some of who by the way, are actively going after anyone that criticizes Russia found these American researchers. [00:49:50] Yeah. Led to one of Moscow's most prestigious addresses. You can see it up here on my screen. This is a New York times article. It's just a random actor, journalism people, sometimes even the New York times gets it. And they're saying millions of dollars have gone through this. So they've been tracing. [00:50:10] Where did they go? The Biden administration has also apparently zeroed in on the building is called Federation tower east. It's the tallest skyscraper in the Russian Capitol. How would that be to have a business and just this beautiful tall skyscraper and have a view that would be really cool. So they have targeted some companies in the tower. [00:50:32] As what it's trying to do is stop the ransomware guy gang. Maiden cryptocurrencies. Russian law enforcement usually has an answer to why don't you just shut down these bad guys that are out there trying to steal all of our money. They say there is no case open in Russian jurisdiction. There are no victims. [00:50:51] How do you expect us to prosecute these honorable people? That apparently is a quote from this Massachusetts based secure cybersecurity. Called recorded future, but I'm looking at a picture it's up on my screen right now. You guys can see it, but this is the Moscow financial district called Moscow city. [00:51:10] 97 floor Federation tower east. This is really pretty, you wouldn't know this isn't like London or any other major European capital. There's some cranes in the background building up new buildings. The cyber crime is really fueling some growth there in Moscow, which is, if you ask me the exact reason why lad is happy as a clam to just go ahead and have these Russian cyber crime guys. [00:51:43] Just go and bring money in right. Money is bringing in great money for them. The treasury department, by the way, it's estimated the Americans have paid $1.6 billion in ransom since 2011. Huge one ransomware strain called RIAA committed an estimated $162 million. Last year. It is really something. [00:52:07] So when we come back, we've got a lot more to talk about. We're going to talk about the cloud. If it's more secure or why is it calm, broken, give masks work. Why aren't they working right. Anyways, we'll talk about that. When we get back and visit me online, Craig Peter sohn.com. [00:52:26] Stick around. [00:52:29] I hate to say it, but there's another big scam out there right now. And it is hitting many of us, particularly the elderly quite hard. We're going to talk about that right now, what you can do about it and how you can recognize when it's happening. [00:52:45] Interesting article that came out this week in wired. [00:52:49] It's actually in Wired's. Let's see, what is a March 2022 issue. It wasn't this week. Nevermind. And it's talking about a serious problem. I'm going to show you guys who are watching I have this on rumble, YouTube, Facebook as well. So you guys can see along and of course, right here, too. [00:53:11] Now let's not forget about that, but this is an article that says we were calling or excuse me, they were calling for help. Then they stole. Thousands of dollars. I'm going to read parts of this article. It's just amazing. It's by Becca, Andrew's a back channel. What is that? Okay, so that's just a cat. [00:53:33] On December more one December morning, my mother's phone rang. She tugged the iPhone from the holster. She kept clipped to the waist, her blue jeans and wondered who might be calling perhaps somebody from the church who was checking in on her recovery from Corona virus. Hello. She said the voice that greeted her was masculine. [00:53:53] This is just great writing. The color sounded concerned and he told her something was. With her Amazon account, somebody has access to your bank accounts through Amazon and they can take all your money. I'm calling to it. Her mind raced or Lord, she prayed silently. The voice was warm and reassuring them. [00:54:15] My mom tried to focus closely on his words. My dad was driving to work in his truck and she was home alone. She'd been cooped up in the house for weeks with COVID isolated from her community and she missed the bomb. Friendly voice. I D I just love her language here. It's just phenomenal. She tried to steady herself. [00:54:36] The man said he needed to make sure the money was safe. He transferred her to a different male voice. Soothing reassuring, calm. She promised not to hang up a brain injury decades earlier, made it hard for her to follow his instructions, but she stuck with it. The voice explained slowly, carefully, how to swipe and tap her phone until she had installed an app that allowed him to see what was happening on her screen. [00:55:07] Now. You followed her every move. After some hour, she mentioned she had to relieve herself hours. It's okay. I'll stay on the line. He said she parked the phone, outside the bathroom and picked it back up. When she was done as Nooner approached, she told him I have to eat. I'll wait. It's okay. Don't hang up. [00:55:28] We'll lose all our progress. She set the phone down on the counter to make a sandwich, then pulled some chips from the cabinet and padded over to the kitchen. The phone buzz with the text. It was my father checking in. She typed back that there was a problem, but she was fixing it. She had it all taken care of. [00:55:48] She tapped the tiny white arrow next to the message field to send her reply. And then she heard the voice, its volume elevated as sounded angry. She frowned and brought the phone back up to her ear. Why would you do that? You can't tell anyone what if he's in. She felt confused that didn't make any sense, but she also didn't fully trust herself. [00:56:10] She was worn. From her slow recovery and the steroid, she was taken as a treatment, gave her a hollow buzz of energy. Now I want you guys to go have a look at this over on wired site. Read the whole article. It is a phenomenal. Absolutely phenomenal. But what it's doing is telling the story of this woman who was trying to, do the right thing, trusting other people, which many of us do? [00:56:40] I have a default trust with a little trepidation. I will admit that, but with the whole. Down the thing that happened, many of us have just been longing for a little bit of companionship and to hear a stranger who's trying to help out. That's a huge plus it goes on in this article and talks about how reassuring these guys were and what they did. [00:57:06] She installed this cash app and opened up PayPal downloaded. Coinbase set up Zelle so she could send money directly from her bank account. She doesn't know about any of these things. It's just incredible. So the afternoon wore on and the guy said Hey, we're almost done. And her husband of course, was on his way back. [00:57:30] And the sun was down. Father got home. He noticed right away that something was off. And she said she took care of it. And you said you took care of what I'm not supposed to tell you. It said, so the scammer had siphoned away. All of her personal information, the scammers had your social security number, date of birth driver's license number, and about $11,000. [00:57:55] These new financial apps like Zelle and others that are legitimate PayPal apps, right? Zell, you can use to send money legitimately to someone else. But it links into your bank account. That's why I don't like them. I have a friend that's been pushing me. Oh, this happens. Great. It saves you so much money on gas. [00:58:15] Look at how much money I've saved any. He sent a screenshot of it and I re I went online and had a look. And guess what? I read, reviews it again, like this tied into her bank account directly. And. What can happen? Like here, everything was emptied. So in the next few months this author of the story and her father tried to undo the damage. [00:58:40] Very frustrating, getting scanned of course, is really dehumanizing and it just breaks your trust and other people. How could someone do something like that? It's just incredible. Got to go through the stages of grief and everything. She got a, she talked to people, she said she got chili half replies, or just as often silence. [00:59:05] And she was calling around trying to find someone for some empathy. Okay. It's just incredible. Great article. If you can still find it, the March issue of wired, I'm sure it's available online. This goes on. And talks about her mother's seizures getting worse. And of course now they don't have the cash that they had been saving. [00:59:27] And it just very depressing. Now I have this, you might remember about a year ago, I talked about it. I had something like this happen to a friend of mine and I'm still not quite sure what happened, but it looks like it was a password sprain or password stuffing. And they got into his, the app that his company uses to pay people and sure enough, they got in and they directed his next two paychecks to their own account, which went right out of the country like that. [01:00:05] These are bad people. And how do you deal with this? It's incredible because if you've got someone like her mother who has mental problems due to no fault of her own and is a very trusting woman, what do you do? She's walking around all day with her phone on her hip. That's how we started this out. [01:00:27] Do you take that phone away from him? Th that would be dangerous, frankly. So this is a very problem. They had a USAA account was her bank account. USAA is usually good about this sort of stuff. In fact, my other friend had USAA as well. But they did help deactivate Zelle, but they didn't do anything about the $999 that were transferred through it. [01:00:51] Very bad. So they figured out maybe we should change our passwords. She had them change them. And if you would like information about password managers, again, I'm not selling anything. I'd be glad to send them to you. If you sign up for my email list, you're going to get them automatically. Craig peterson.com. [01:01:11] I've got a bunch of data information I want in your hands. It talks about the free stuff, talks about the paid stuff. None of which I'm selling you. Craig Peter sohn.com. Sign up right there on the top of the page. Thanks. Stick around. [01:01:32] We've had some serious supply chain attacks over the last couple of years. And they have caused all kinds of problems for tens of thousands of businesses. If you use WordPress, there was one of those this week. [01:01:47] We have had supply chain problems. Like you wouldn't believe. So let's start out by explaining what is a supply chain problem? [01:01:58] In this case, we're narrowing it down to cybersecurity because we've had supply chain problems from everything from our toilet paper to the food we eat. But what I'm talking about right now is. Supply chains when it comes to cyber security. And one of the biggest problems we had was a company that's supposedly providing cyber security for businesses, right? [01:02:29] Some of the biggest businesses in the world. And I'm looking at an article right now from security Boulevard, say saying how to protect the supply chain from vulnerable third party code. It can be a script that's downloaded online. It can be an open source library. We've seen big problems with get hub lately and pulling in libraries. [01:02:51] We've seen big problems with what are called containers lately, which are little mini versions of computers with all of the software. They're all ready to go. Ready and raring to go. All kinds of supply chain issues for a very long time now. And these supply chain, cyber attacks have been hitting some of our cybersecurity companies, really the hardest I'm pulling this up on my screen right now, if you're watching this on rumble or on YouTube, and you can see links to those, by the way, in my emails, I send out every week. [01:03:28] Craig peterson.com. Craig peterson.com. But you can see here, supply chain hits cybersecurity hard supply chain security is not a problem. It's a predicament. That's uninteresting look because we have to use some of the supply chain stuff. Seesaw the FBI or a sheer wean cybersecurity advisories because of the Russian attack over on Ukraine. [01:03:55] And then the U S the weakest link in supply chain security fears of rising fuel SISA FBI NSA and gestural partners. Issue is advisories Toyota stops production after possible cyber attack at a supplier. Isn't that something this goes on and on. What's a guy to do, right? Many of us are using websites to, in order to run our businesses. [01:04:24] Heck we got websites for our soccer team, for the kids, we got websites for pretty much everything that's out there today and those websites need software in order to run. So the basic idea of the website is nowadays. Content management system, they called CMS CMSs and there have been a lot over the years. [01:04:46] I've used quite a few myself off and on. This is very interesting though, because this particular piece of. Is code that runs a website. I'm going to show you this article from ARS Technica here on the screen, but it's talking about millions of WordPress sites that got a forced update to patch critical plugin flaws. [01:05:13] So when we're talking about supply chain, in this case, we're talking about something. WordPress right. And this WordPress software as good as it is, can have bugs. So WordPress is the content management system. So you load stuff up into, in fact, I'll bring up my site right now. So I'm going to bring up the Craig peterson.com. [01:05:37] And on my site, I have all kinds of stuff, which is why it's so slow to load. I've got to fix that one of these days, but this is an example of a WordPress site. So you can see right at the top of the site, I've got watch this week, show jobs, or top, of course, that was last week. You can watch it on rumble or a new tube, and then it's got my latest show. [01:05:59] So if you click on one of these, here you go. And you can listen to it. Starts right out here. C ta-da. So there, you can listen to my podcast right there on the site, and I've got an automated transcript of it. It's for you, depending on what you want. It's got links over here to take you to iTunes or YouTube or Spotify or SoundCloud or iHeart or Google player audible. [01:06:26] All of these links take you to different places. And this site in survey, Program a site in HTML. What we're doing is we're working. Putting some data in, so we say, okay, I want a default page. Somebody else has already set it up. Somebody else has already got an old program. It just works. And it's all right there for me. [01:06:49] Here's some related posts on the side. Here's the most popular ones that we have right now. This is a content management system. And specifically this of course is WordPress. So what happened. If I had a, yeah. And here's what it looks like over an audible, you can listen for free on. This is what happened this last week, WordPress, which has this great software that I use and tens of thousands of others use out there very popular. [01:07:27] And in order to make it easy for me to have my website, probably your business, probably your kids' soccer club, you name it is using WordPress. It's just over the top hop healer. It is using code that was written by other people. The reason we can make programs so quickly nowadays is we're relying on other programs. [01:07:51] So we'll go ahead and we'll grab this program that does this part of what we need to have done, and ta-da we're up and we're running. I just have to write the glue right? To put it together. The API calls, whatever it might be, because the idea is let's make it easier for programmers. So you've got something called get hub here. [01:08:11] Let me pull it up so you can see that you can go online if you're following along. To get hub.com. And as it says right there on their front page where the world builds software as a beautiful world, isn't it? That blue, you can see the air around it. And that's what it's doing is where the world builds software. [01:08:33] So let's say we want something. What do we want? What's a, let's say we want something to make a chess program. We can talk about chess and let's say, oh, you have to. I Dan didn't want to do this, so I'm just going to skip that for now. But it would come up and tell me, okay here's all of the chess programs that are out there and I find one, that's close to what I want to do. [01:08:54] So what do I do? Point while I go ahead and have a look at the license, a lot of the programs up there have a very open license, so I can just take that code, modify it. And I have a chess program without having to write a chess. It's really that simple that's part of the supply chain. If you bought my chest program, you would actually not just be getting the code that I wrote, which is typically just glue code with maybe some API APIs or application programming interfaces. [01:09:25] In other words, you're using someone else's code would now make it who's program. It's like the Pharaoh's barge. It would make it other people's programs. Not my. So you got to figure out what's in my supply chain. I've got a new client. I do work as a virtual chief information security officer. [01:09:46] Actually, it's a fractional Cecil. And as a fractional Cecil, one of the things I have to do is look at the whole supply chain. Who are they buying even physical things from. And could there be. Did it into their software, into their systems, something that might be coming from yet another supplier. Man, does this get complicated? [01:10:09] Very fast, but this week, our friends at WordPress, they went ahead and forced all WordPress sites to update. Very good. Okay. Otherwise, people could have downloaded a full backup of the sites that are out there, something you really just don't want to happen. Anyways. Go right now, Craig Peter sohn.com while the bits are still hot and sign up right there. [01:10:36] Craig peterson.com for the newsletter and get those special reports that are going to get you started. [01:10:43] This is the moment you've been waiting for. We're going to talk about free cybersecurity services and tools that you can use. Now you have to be a little bit of a cybersecurity expert to use them, but not much. This is from the government. [01:10:59] This is I think an amazing thing. This only came out within the last few weeks. [01:11:07] I have it up on my screen. There we go right now, for those of you who are watching on rumble or YouTube, you can see it right there, free cybersecurity services and tools from. The cybersecurity and infrastructure security agency SISA reminds me of Marvel was shield, that really long name that came up with an acronym for as though they weren't aiming for that acronym in the first place, but there are some tools that you can use there's tools that I use as a cybersecurity professional. [01:11:42] And some of them are obviously going to be pretty darn. Complex. And if you're looking at my screen right now, or if you want to go online at csun.gov/free-cybersecurity-services, dash, and the as tools, or just look it up online, you'll find this on my website as well. I'm going to try and make sure I get that up. [01:12:07] But what they have done is they're showing you what they call their key or the known exploited vulnerabilities. Okay. And this is where they are showing the CVEs, which are. The frankly, these are the ones that I use. It is published by nest, which is the national institutes of standard and Sanders and technology. [01:12:31] And this gives all of the details. So this is CVE 20 21, 27. Okay, and this is detail, and of course I would be using detail. And it's telling you, here's the advisories, there's one from get hub Excel. Leon has one. Here's the weaknesses, the SA the known soccer configurations. So you can find where they all are at and everything. [01:12:56] So all of the details. So they're telling you about that. These are the ones, this was in the vendor product. Project, I should say. So we'll look at the data added to catalog. Here are a few in Cisco right now. So this is their small business series of routers, which we do not use for anyone because they don't provide the type of security you want, but Cisco is taking care of the problems, right? [01:13:23] Many of these update themselves, here's Microsoft windows. And installer contains an unexpected unspecified vulnerability, which allows for privilege escalation, a lot of stuff this week, this is crazy Apache Tomcat, which I am never been a fan of and problems. So all of these came out. On March 3rd and more rights. [01:13:47] This is just page one. So let's look at page two here. Oh wow. More Microsoft Excel exchange server, some more Cisco vulnerabilities. Why Cisco? Why Microsoft? Because they are frankly. The big boys on the block, that why do you Rob the bank? Because that's where the money is. So they list all of those right here, as he said, does the warning you do use multifactor authentication? [01:14:16] I don't want to sound like a broken record, so I'm not going to say use multifactor authentication today. Okay. I just refuse to say use multi-factor authentication. And this one talks about what it is, right? Many names. Now they're trying to make this. But really a Fido key fast at any online considered the gold standard or multi-factor authentication Walt for online. [01:14:40] It is websites, but not for authors. So how would you know that if you weren't an expert? So yeah, this is the government talking, right? So they have the service. So what does, what do I do right? Me, Mr. Idiot. I click on this and they are talking about the service that they've got them showing it up on the screen. [01:15:02] It's called SISA insight. And they're talking about website, defacement, destructive malware, or not Petya want to cry, right? All these things. What can you do

Craig Peterson's Tech Talk
Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools

Craig Peterson's Tech Talk

Play Episode Listen Later Mar 4, 2022 82:33


Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools This is a big deal, quite literally a big deal. Russian malware. We have been able to track it down now, track it down to a single site. All of these bad guys are in one building in Moscow. [Following is an automatic transcript] This is a very big story and it's a bit of a scary one as well. We've had a lot of ransomware over the years and a lot of ransomware. Have you had it yourself? I bet you, if you haven't, someone who has had ransomware because frankly it is pervasive in every aspect of pretty much everybody's life out there. [00:00:40] So when you get hit with ransomware, Lately something a little different has happened. It's really gone through three phases. The first phase was the ransomware would get on to your system. Usually it came as an attachment, probably embedded in like a word file it's been embedded in PDFs, embedded in all kinds of stuff. [00:01:03] Even drive by downloads on websites, have brought malware. But in this case yeah, it was annoying. It was a problem. It would give you a red screen. You've probably seen it before warning about the ransomware and it told you, okay, here's what you can do to get your files back. And in order to get your files back, you usually. [00:01:25] To go to some exchange online, take dollars, buy of course, Bitcoin, or some other cryptocurrency. And then that cryptocurrency would be used in exchange now for you to get a key that would hopefully decrypt everything. And in reality, it often didn't encrypt hardly anything. So it's been a problem and a problem for a lot of people. [00:01:51] The FBI said that at the time. So this is a gen one of ransomware. You were lucky if 50% of the time you got all your data back, gen two of ransomware is when the bad guys started getting a little bit smarter. They didn't just take your files. Thumb and then say, Hey, pay up buddy. What they did at this point is that got onto your systems and they poked around. [00:02:14] They went we call in the industry, east west on the network. So they got onto you, maybe your kid's computer may, maybe you were hooked up via VPN to the office to do work. And it wasn't a great VPN. And the kid's computer had that virus and that virus weaseled his way all the way over the VPN, directly to the office, because remember. [00:02:37] VPNs are. A network private in that. Yeah. Okay. It's encrypted. And so someone who's got a wire tap isn't necessarily going to get anything, but it's a VPN, it's a tunnel. And that tunnel was used a many times for malware, like brand summer to creep over to the office network. That's an east west is going from. [00:02:57] One machine to another machine. And in businesses, man, you saw that one a lot as that ransomware moved around. So that was the second one. So the rents were going on the machine. It would then look for files that is. You might not want to have exposed. So it looked for files with bank account numbers in them, social security numbers, maybe intellectual property. [00:03:25] We saw a lot of that. Theft is continuing to go on primarily from the Chinese and then an intellectual property theft. And what happened next? While of course it ended up moving the data, the files, and then what they would do. It's encrypt your desk. So before they gripped your desk, they got copies of all of the stuff they thought might be important to you. [00:03:48] So now the threat was in version two of ransomware pay up, or if you don't pay up, you are going to have to pay us to not release your files. If you didn't want all of that client information online, if by law, you would get nailed for having that client information out online. And that's true in most states now, and the federal government's from putting some teeth on some of their laws as well, then what are you going to do? [00:04:17] Yeah, you paid the. So that was version two version three that we're seeing right now of ransomware is simply destructive. And if you go way back in history, you may remember I got hit with the Morris worm, which was one of the first pieces of nastiness out on the internet. And that was early nineties. [00:04:41] My business that I owned and was running, got hit with this thing. Even before that, There was ran. There was a nasty where viruses, if you will, that would get on the computer and destroy everything. It was just a malicious, as I remember, somebody at UC Berkeley, some researcher in it. And he didn't like what that of the researchers were saying about him. [00:05:03] So he put some floppy disk together and on them, he put. Erasing malware and shared all of the stats with anybody. And of course, you plugged that disc into your, that little floppy disc into your windows computer. And it says, okay, I'm going to go ahead and open it up. And, oh, look at this, a virus. [00:05:24] And so he then wiped out the computer of everybody else. That was a competitor of his out there in the industry. Yeah, a little bit of a problem if he asked me, so how did that end up getting around? What ended up happening while everybody got really upset with him, nobody really found out what was happening, who did it, et cetera. [00:05:47] That's what's happened. Now, so version three of malware is like some of the very first malware we ever saw version three of ransomware. So some, again, some of that very first ransomware was pretty nasty is not the sort of stuff you want to see running destroying files, but at least you could get back from a. [00:06:08] Nowadays, a lot of people are doing backups by attaching a disc directly to their machine, or they're backing up to another machine on the same network. Remember that whole east west thing, you didn't want the data going back and forth, it causes problems. Yeah. So what happens now? The Russians apparently are just trying to cause havoc with businesses, anybody who has decided that they're going to be anti-Russian in any way there they're attacking. [00:06:41] So they'll, reraise your desks. They'll erase all of your data. If you have backups on that thumb drive or that USB external. The good news erase that if you have backups on another machine, on the network, hopefully from their standpoint, there'll be able to get onto that machine and erase all of your backups, which is again, why we'd like 3, 2, 1 backups. [00:07:02] At the very least, there's some others that are even better. And if you're interested, send me an email me@craigpeterson.com. I'll send you a webinar that I did on this. I'm not charging you for. But it was a free webinar to begin with what a webinar on backup and how to backup properly and why to do it this way. [00:07:22] Again, me, M E Craig peterson.com. Be glad to do that. What we're seeing now is a huge problem. Let me see if this is going to work for us. Yeah. Okay. It is. I am, by the way, live here we go on my computer. So people who are watching. I can see my desktop. So here we go. This is Russian companies who are linked to this Russian malware. [00:07:52] Ransomware are hiding in plain sight is what they're calling it. So what does it mean. To hide in plain sight. While in this case, what it means is money that's been paid by American businesses to these Russian ransomware gangs, some of who by the way, are actively going after anyone that criticizes Russia found these American researchers. [00:08:18] Yeah. Led to one of Moscow's most prestigious addresses. You can see it up here on my screen. This is a New York times article. It's just a random actor, journalism people, sometimes even the New York times gets it. And they're saying millions of dollars have gone through this. So they've been tracing. [00:08:38] Where did they go? The Biden administration has also apparently zeroed in on the building is called Federation tower east. It's the tallest skyscraper in the Russian Capitol. How would that be to have a business and just this beautiful tall skyscraper and have a view that would be really cool. So they have targeted some companies in the tower. [00:09:00] As what it's trying to do is stop the ransomware guy gang. Maiden cryptocurrencies. Russian law enforcement usually has an answer to why don't you just shut down these bad guys that are out there trying to steal all of our money. They say there is no case open in Russian jurisdiction. There are no victims. [00:09:19] How do you expect us to prosecute these honorable people? That apparently is a quote from this Massachusetts based secure cybersecurity. Called recorded future, but I'm looking at a picture it's up on my screen right now. You guys can see it, but this is the Moscow financial district called Moscow city. [00:09:38] 97 floor Federation tower east. This is really pretty, you wouldn't know this isn't like London or any other major European capital. There's some cranes in the background building up new buildings. Cyber crime is really fueling some growth there in Moscow, which is, if you ask me the exact reason why lad is happy as a clam to just go ahead and have these Russian cyber crime guys. [00:10:11] Just go and bring money in right. Money is bringing in great money for them. The treasury department, by the way, it's estimated the Americans have paid $1.6 billion in ransom since 2011. Huge one ransomware strain called RIAA committed an estimated $162 million. Last year. It is really something. [00:10:35] So when we come back, we've got a lot more to talk about. We're going to talk about the cloud. If it's more secure or why is it calm, broken, give masks work. Why aren't they working right. Anyways, we'll talk about that. When we get back and visit me online, Craig Peter sohn.com. [00:10:54] Stick around. [00:10:57] I hate to say it, but there's another big scam out there right now. And it is hitting many of us, particularly the elderly quite hard. We're going to talk about that right now, what you can do about it and how you can recognize when it's happening. [00:11:13] Interesting article that came out in Wired. [00:11:16] And it's talking about a serious problem. I'm going to show you guys who are watching I have this on Rumble, YouTube, Facebook as well. So you guys can see a long and of course, right here, a two. [00:11:30] Now let's not forget about that, but this is an article that says we were calling or excuse me, they were calling for help. Then they stole. Thousands of dollars. I'm going to read parts of this article. It's just amazing. It's by Becca, Andrew's a back channel. What is that? Okay, so that's just a cat. [00:11:52] On December more one December morning, my mother's phone rang. She tugged the iPhone from the holster. She kept clipped to the waist, her blue jeans and wondered who might be calling perhaps somebody from the church who was checking in on her recovery from coronavirus. Hello. She said the voice that greeted her was masculine. [00:12:12] This is just great writing. The color sounded concerned and he told her something was. With her Amazon account, somebody has access to your bank accounts through Amazon and they can take all your money. I'm calling to them. Her mind raced or Lord, she prayed silently. The voice was warm and reassuring them. [00:12:34] My mom tried to focus closely on his words. My dad was driving to work in his truck and she was home alone. She'd been cooped up in the house for weeks with COVID isolated from her community and she missed the bomb. Friendly voice. I just love her language here. It's just phenomenal. She tried to steady herself. [00:12:55] The man said he needed to make sure the money was safe. He transferred her to a different male voice. Soothing reassuring, calm. She promised not to hang up a brain injury decades earlier, made it hard for her to follow his instructions, but she stuck with it. The voice explained slowly, carefully, how to swipe and tap her phone until she had installed an app that allowed him to see what was happening on her screen. [00:13:26] Now. You followed her every move. After some hour, she mentioned she had to relieve herself hours. It's okay. I'll stay on the line. He said she parked the phone, outside the bathroom and picked it back up. When she was done, as noon approached, she told him I have to eat. I'll wait. It's okay. Don't hang up. [00:13:47] We'll lose all our progress. She set the phone down on the counter to make a sandwich, then pulled some chips from the cabinet and padded over to the kitchen. The phone buzz with the text. It was my father checking in. She typed back that there was a problem, but she was fixing it. She had it all taken care of. [00:14:07] She tapped the tiny white arrow next to the message field to send her reply. And then she heard the voice, its volume elevated as sounded angry. She frowned and brought the phone back up to her ear. Why would you do that? You can't tell anyone what if he's in. She felt confused that didn't make any sense, but she also didn't fully trust herself. [00:14:29] She was worn. From her slow recovery and the steroid, she was taken as a treatment, gave her a hollow buzz of energy. Now I want you guys to go have a look at this over on wired site. Read the whole article. It is a phenomenal. Absolutely phenomenal. But what it's doing is telling the story of this woman who was trying to, do the right thing, trusting other people, which many of us do? [00:14:59] I have a default trust with a little trepidation. I will admit that, but with the whole. Down the thing that happened, many of us have just been longing for a little bit of companionship and to hear a stranger who's trying to help out. That's a huge plus it goes on in this article and talks about how reassuring these guys were and what they did. [00:15:25] She installed this cash app and opened up PayPal downloaded. Coinbase set up Zelle so she could send money directly from her bank account. She doesn't know about any of these things. It's just incredible. So the afternoon wore on and the guy said Hey, we're almost done. And her husband of course, was on his way back. [00:15:49] And the sun was down. Father got home. He noticed right away that something was off. And she said she took care of it. And you said you took care of what I'm not supposed to tell you. It said, so this scammer had siphoned away. All of her personal information, the scammers had your social security number, date of birth driver's license number, and about $11,000. [00:16:14] These new financial apps like Zell and others that are legitimate PayPal apps, right? Zell, you can use to send money legitimately to someone else. But it links into your bank account. That's why I don't like them. I have a friend that's been pushing me. Oh, this happens. Great. It saves you so much money on gas. [00:16:34] Look at how much money I've saved any. He sent a screenshot of it and I re I went online and had a look. And guess what? I read, reviews it again, like this tied into her bank account directly. And. What can happen? Like here, everything was emptied. So in the next few months this author of the story and her father tried to undo the damage. [00:16:59] Very frustrating, getting scanned of course, is really dehumanizing and it just breaks your trust and other people. How could someone do something like that? It's just incredible. Got to go through the stages of grief and everything. She got a, she talked to people, she said she got chili half replies, or just as often silence. [00:17:24] And she was calling around trying to find someone with some empathy. Okay. It's just incredible. Great article. If you can still find it, the March issue of wired, I'm sure it's available online. This goes on. And talks about her mother's seizures getting worse. And of course now they don't have the cash that they had been saving. [00:17:46] And it just very depressing. Now I have this, you might remember about a year ago, I talked about it. I had something like this happen to a friend of mine and I'm still not quite sure what happened, but it looks like it was a password sprain or password stuffing. And they got into his, the app that his company uses to pay people and sure enough, they got in and they directed his next two paychecks to their own account, which went right out of the country like that. [00:18:24] These are bad people. And how do you deal with this? It's incredible because if you've got someone like her mother who has mental problems due to no fault of her own and is a very trusting woman, what do you do? She's walking around all day with her phone on her hip. That's how we started this out. [00:18:46] Do you take that phone away from him? Th that would be dangerous, frankly. So this is a very problem. They had a USAA account was her bank account. USAA is usually good about this sort of stuff. In fact, my other friend had USAA as well. But they did help deactivate Zelle, but they didn't do anything about the $999 that were transferred through it. [00:19:10] Very bad. So they figured out maybe we should change our passwords. She had them change them. And if you would like information about password managers, again, I'm not selling anything. I'd be glad to send them to you. If you sign up for my email list, you're going to get them automatically. Craig peterson.com. [00:19:30] I've got a bunch of data information I want in your hands. It talks about the free stuff, talks about the paid stuff. None of which I'm selling you. Craig Peter sohn.com. Sign up right there on the top of the page. Thanks. Stick around. [00:19:51] We've had some serious supply chain attacks over the last couple of years. And they have caused all kinds of problems for tens of thousands of businesses. If you use WordPress, there was one of those this week. [00:20:06] We have had supply chain problems. Like you wouldn't believe. So let's start out by explaining what is a supply chain problem? [00:20:17] In this case, we're narrowing it down to cybersecurity because we've had supply chain problems from everything from our toilet paper to the food we eat. But what I'm talking about right now is. Supply chains when it comes to cyber security. And one of the biggest problems we had was a company that's supposedly providing cyber security for businesses, right? [00:20:48] Some of the biggest businesses in the world. And I'm looking at an article right now from security Boulevard, say saying how to protect the supply chain from vulnerable third party code. It can be a script that's downloaded online. It can be an open source library. We've seen big problems with get hub lately and pulling in libraries. [00:21:10] We've seen big problems with what are called containers lately, which are little mini versions of computers with all of the software. They're all ready to go. Ready and raring to go. All kinds of supply chain issues for a very long time now. And these supply chain, cyber attacks have been hitting some of our cybersecurity companies, really the hardest I'm pulling this up on my screen right now, if you're watching this on rumble or on YouTube, and you can see links to those, by the way, in my emails, I send out every week. [00:21:47] Craig peterson.com. Craig peterson.com. But you can see here, supply chain hits cybersecurity hard supply chain security is not a problem. It's a predicament. That's uninteresting look because we have to use some of the supply chain stuff. Seesaw the FBI or a sheer wean cybersecurity advisories because of the Russian attack over on Ukraine. [00:22:14] And then the U S the weakest link in supply chain security fears of rising fuel SISA FBI NSA and gestural partners. Issue is advisories Toyota stops production after possible cyber attack at a supplier. Isn't that something this goes on and on. What's a guy to do, right? Many of us are using websites to, in order to run our businesses. [00:22:43] Heck we got websites for our soccer team, for the kids, we got websites for pretty much everything that's out there today and those websites need software in order to run. So the basic idea of the website is nowadays. Content management system, they called CMS CMSs and there have been a lot over the years. [00:23:05] I've used quite a few myself off and on. This is very interesting though, because this particular piece of. Is code that runs a website. I'm going to show you this article from ARS Technica here on the screen, but it's talking about millions of WordPress sites that got a forced update to patch critical plugin flaws. [00:23:32] So when we're talking about supply chain, in this case, we're talking about something. WordPress right. And this WordPress software as good as it is, can have bugs. So WordPress is the content management system. So you load stuff up into, in fact, I'll bring up my site right now. So I'm going to bring up the Craig peterson.com. [00:23:55] And on my site, I have all kinds of stuff, which is why it's so slow to load. I've got to fix that one of these days, but this is an example of a WordPress site. So you can see right at the top of the site, I've got watch this week, show jobs, or top, of course, that was last week. You can watch it on rumble or a new tube, and then it's got my latest show. [00:24:18] So if you click on one of these, here you go. And you can listen to it. Starts right out here. C ta-da. So there, you can listen to my podcast right there on the site, and I've got an automated transcript of it. It's for you, depending on what you want. It's got links over here to take you to iTunes or YouTube or Spotify or SoundCloud or iHeart or Google player audible. [00:24:45] All of these links take you to different places. And this site in survey, Program a site in HTML. What we're doing is we're working. Putting some data in, so we say, okay, I want a default page. Somebody else has already set it up. Somebody else has already got an old program. It just works. And it's all right there for me. [00:25:08] Here's some related posts on the side. Here's the most popular ones that we have right now. This is a content management system. And specifically this of course is WordPress. So what happened. If I had a, yeah. And here's what it looks like over an audible, you can listen for free on. This is what happened this last week, WordPress, which has this great software that I use and tens of thousands of others use out there very popular. [00:25:46] And in order to make it easy for me to have my website, probably your business, probably your kids' soccer club, you name it is using WordPress. It's just over the top hop healer. It is using code that was written by other people. The reason we can make programs so quickly nowadays is we're relying on other programs. [00:26:10] So we'll go ahead and we'll grab this program that does this part of what we need to have done, and ta-da we're up and we're running. I just have to write the glue right? To put it together. The API calls, whatever it might be, because the idea is let's make it easier for programmers. So you've got something called get hub here. [00:26:30] Let me pull it up so you can see that you can go online if you're following along. To get hub.com. And as it says right there on their front page where the world builds software as a beautiful world, isn't it? That blue, you can see the air around it. And that's what it's doing is where the world builds software. [00:26:51] So let's say we want something. What do we want? What's a, let's say we want something to make a chess program. We can talk about chess and let's say, oh, you have to. Dan didn't want to do this, so I'm just going to skip that for now. But it would come up and tell me, okay here's all of the chess programs that are out there and I find one, that's close to what I want to do. [00:27:13] So what do I do? Point while I go ahead and have a look at the license, a lot of the programs up there have a very open license, so I can just take that code, modify it. And I have a chess program without having to write a chess. It's really that simple that's part of the supply chain. If you bought my chest program, you would actually not just be getting the code that I wrote, which is typically just glue code with maybe some API APIs or application programming interfaces. [00:27:44] In other words, you're using someone else's code would now make it who's program. It's like the Pharaoh's barge. It would make it other people's programs. Not my. So you got to figure out what's in my supply chain. I've got a new client. I do work as a virtual chief information security officer. [00:28:05] Actually, it's a fractional Cecil. And as a fractional Cecil, one of the things I have to do is look at the whole supply chain. Who are they buying even physical things from. And could there be. Did it into their software, into their systems, something that might be coming from yet another supplier. Man, does this get complicated? [00:28:28] Very fast, but this week, our friends at WordPress, they went ahead and forced all WordPress sites to update. Very good. Okay. Otherwise, people could have downloaded a full backup of the sites that are out there, something you really just don't want to happen. Anyways. Go right now, Craig Peter sohn.com while the bits are still hot and sign up right there. [00:28:55] Craig peterson.com for the newsletter and get those special reports that are going to get you started. [00:29:02] This is the moment you've been waiting for. We're going to talk about free cybersecurity services and tools that you can use. Now you have to be a little bit of a cybersecurity expert to use them, but not much. This is from the government. [00:29:18] This is I think an amazing thing. This only came out within the last few weeks. [00:29:26] I have it up on my screen. There we go right now, for those of you who are watching on Rumble or YouTube, you can see it right there, free cybersecurity services and tools from. The cybersecurity and infrastructure security agency SISA reminds me of Marvel was shield, that really long name that came up with an acronym for as though they weren't aiming for that acronym in the first place, but there are some tools that you can use there's tools that I use as a cybersecurity professional. [00:30:01] And some of them are obviously going to be pretty darn. Complex. And if you're looking at my screen right now, or if you want to go online at csun.gov/free-cybersecurity-services, dash, and the as tools, or just look it up online, you'll find this on my website as well. I'm going to try and make sure I get that up. [00:30:26] But what they have done is they're showing you what they call their key or the known exploited vulnerabilities. Okay. And this is where they are showing the CVEs, which are. The frankly, these are the ones that I use. It is published by nest, which is the national institutes of standard and Sanders and technology. [00:30:50] And this gives all of the details. So this is CVE 20 21, 27. Okay, and this is detail, and of course I would be using detail. And it's telling you, here's the advisories, there's one from get hub Excel. Leon has one. Here's the weaknesses, the SA the known soccer configurations. So you can find where they all are at and everything. [00:31:15] So all of the details. So they're telling you about that. These are the ones, this was in the vendor product. Project, I should say. So we'll look at the data added to catalog. Here are a few in Cisco right now. So this is their small business series of routers, which we do not use for anyone because they don't provide the type of security you want, but Cisco is taking care of the problems, right? [00:31:41] Many of these update themselves, here's Microsoft windows. And installer contains an unexpected unspecified vulnerability, which allows for privilege escalation, a lot of stuff this week, this is crazy Apache Tomcat, which I am never been a fan of and problems. So all of these came out. On March 3rd and more rights. [00:32:05] This is just page one. So let's look at page two here. Oh wow. More Microsoft Excel exchange server, some more Cisco vulnerabilities. Why Cisco? Why Microsoft? Because they are frankly. The big boys on the block, that why do you Rob the bank? Because that's where the money is. So they list all of those right here, as he said, does the warning you do use multifactor authentication? [00:32:34] I don't want to sound like a broken record, so I'm not going to say use multifactor authentication today. Okay. I just refuse to say use multi-factor authentication. And this one talks about what it is, right? Many names. Now they're trying to make this. But really a Fido key, fast identity online considered the gold standard or multi-factor authentication Walt for online. [00:32:58] It is websites, but not for authors. So how would you know that if you weren't an expert? So yeah, this is the government talking, right? So they have the service. So what does, what do I do right? Me, Mr. Idiot. I click on this and they are talking about the service that they've got them showing it up on the screen. [00:33:20] It's called SISA insight. And they're talking about website, defacement, destructive malware, or not Petya want to cry, right? All these things. What can you do to prevent it? And. They make it sound easy. Now I want to say something here because I, I have a couple of mastermind groups and in one of my groups, I rescued a group member from a 40 something thousand dollar loss. [00:33:50] And so I was explaining it in our next mastermind meeting. Cause everyone wanted to know. What should I do? How should I do it? And they all tuned out and I thought I was trying to, I was being simple enough. I was trying to be simple, not like simple, like Kamala Harris explaining that Ukraine is a country beside right next to another country called Russia. [00:34:14] And that's why there's an invasion. Okay. I couldn't believe that. Did you guys hear that? It was just incredible, but I didn't get that simple. And I know you guys are the best and brightest, and you're trying to figure this, all this stuff all out, and that's why you need to make sure you sign up for my email list right now, because I do have simple step-by-step stuff. [00:34:36] And these tools that they're talking about and services are supposedly available. Now, I went to a bunch of these. And I tried to get some services. So they said they'll do a free scan over the network. So I filled it all out and according to their standards, my company, because I do cybersecurity for everything from government contractors, through dentists and manufacturers and distribution companies. [00:35:09] So I, I. The critical infrastructure definition. And I have never heard back from them. I check my spam box at least once a week looking for their reply. So I don't hold up a whole lot of hope, but there is some good information here that you can get email via social media via just all of these different types of things that you. [00:35:34] You could use for it. And again, I want you to look for it online. It's on csun.gov. If you go to their homepage, you'll see their tools, they've got a shields up a warning right now on their homepage because there have been so many attacks coming from China and coming from Russia, but particularly Russia. [00:35:54] And you can see there. Stop ransomware.gov, which has some great tips, particularly for home users and small businesses. The Seesaw culture, height, hygiene services. That they have doing business with CSUN and careers they're looking forward to is okay. It's part of Homeland security. So there's a whole lot that you can do and you can find, but I wanted to let you guys know that this is out there. [00:36:24] A lot of the stuff guaranteed is going to be. Above 98% of people's heads out there. Just in general, even it professionals. So look for information, that's going to help you. That's on your level. And to that end we have right now, three things. If you sign up for the email list, or if you're already on my email list, you can just email. [00:36:50] Me@craigpeterson.com or just hit reply to any of my emails and I'll see it and ask for them. But we've got stuff on your computer, keeping it secure, keeping your password secure comparison between using a one password manager or using last pass, which I am not advising to use right now, but that's in there. [00:37:14] There are a lot of different things that are there that are ready for you to get right away. And then if you have other questions, I've got dozens of little special reports that I've written in response to people's questions. Don't be afraid to send them to me. I'd you know me@craigpeterson.com and I'll make sure I get you an answer because it's that important. [00:37:39] Okay. I'm not here trying to sell you something. I am here because most of you guys can could never get my services. You don't need them. You can't afford them, whatever. I'm a fractional Cecil. I'm one of the guys that keep. It was a cyber security working in a live for businesses. Like it's not going to be everybody, but it's, it is there is, I shouldn't say a lot of information you guys need and need to understand that I want to help you. Okay. I think I've beaten that horse enough and it was probably past dead, but you'll find some of this stuff on my website@craigpeterson.com. [00:38:17] I've been working on some other changes to it. I would also ask you guys. If you're hearing part of the show today, I know a lot of people who are listening on the radio are tend to be out and about in their cars, listening, on the weekend, I listened to a lot of radio then, but go ahead and subscribe to either my podcast. [00:38:38] And there are a lot of ways to do that. And I showed those people who are watching on video, how to do that. And if you would give me a five star. On whatever platform you're using, hopefully I've earned that. And then also if you'd like video, I have my whole show up. It's like about an hour and a half long on multiple platforms. [00:39:04] So rumble.com rumble, R U M B L E. Is a competitor to YouTube. So if you don't like censorship, if you want a site that is trying to keep that information out there, get it out there for you. A rumble is your place. You'll find all kinds of interesting characters there other than myself, right? A lot of conservative people go there to rumble.com. [00:39:28] I have it up on YouTube. Because YouTube, isn't the worst platform in the world. They're also not the best, but they are the biggest. Did you know, YouTube is the second largest search engine in the world. Okay. They have a lot of people on YouTube and then on Facebook as well. You'll find me there on Facebook. [00:39:48] Of course, Craig Peterson, I had. I excuse me at facebook.com/craig Peterson. And I didn't use it for a long time cause I hated Facebook. Just, I looked at it as a time sink that I just didn't need. I got a lot of stuff. I got a lot of people help and so I didn't really do anything with it. And so somebody else got the slash Craig Peterson, but I do have a trick for you. [00:40:12] If you go online with your web browser to Craig peterson.com. That's my website slash. YouTube. It'll take you right to my YouTube page. Ores Craig peterson.com/facebook. Yes. What do your Facebook page? Craig peterson.com/itunes. Good slash sound cloud, et cetera. It'll take you right to my page on all of those sites and have a look at the video. [00:40:41] Let me know what you think. I would appreciate that feedback and make sure you tune in on the radio too. It's great. Don't watch this while you're driving to taking the kids to school, a lot of people listen to this while they're taking the kids to school on podcast. Anyways, take care. Thanks for being with us. [00:41:01] By now you've heard of tick talk. You might use Tik TOK. A lot of people do. It's their go-to site online, especially if you're a little on the younger side. Here is a danger of some of these tick talk challenges and combine that with Alexa. Oh my [00:41:17] This is a little bit on the scary side. We built our house some 25 years ago, we contacted a builder and I put together all of the specs and I made sure that the wood he used was better than average. [00:41:33] It's all plywood, it's not particle board or the composite boards. And I made sure they were thicker than need be that all of the rules. Struts were were closer together than code required. And we had bigger plumbing than what was required all the way through the house. And one of the things I did is I had him wire the house, actually the electrical contractor with a heavier gauge wire than usually. [00:42:05] So that I had 20 amp sockets at every socket in the house. Now we put the special 20 amp sockets on some of them, like in the kitchen, we have a commercial toaster, as a sort of thing you need, when you got eight kids and a half of our married life, we had other families living with us too, that we were helping out everything from training through just getting them through. [00:42:29] Bot. So there were times when we had 20 plus people living in my house, it got gotten it crowded, but I wanted to make sure everything was above code so that it would work well and work well for us and knowing how much juice we tend to use. Yeah, you don't want to see my electric bill. I decided yeah, let's do the heavier gauge wire and let's put the sockets in one of the things I had the electrician do in order to make the sockets a little bit safer. [00:42:59] This was back before you had these. I, frankly, I hate them, but these safety sockets where you push in the plug in Erie really gotta push it in order for something to get plugged in. There are ways to defeat those safety sockets and that's where this problem comes in. I had him install the sockets. [00:43:21] You might consider them to be upside down. So the top of the socket had the little grounding. And then underneath that you had the hot and the neutral lines. So the idea there was, while if something fell onto a plug that wasn't plugged in all the way, or if the kids decided they'd stick something on it, it would go to ground or made sense to be. [00:43:47] And apparently it's worked because none of my kids are dead yet. So that's a good thing, there's these challenges on Tik TOK. You've probably heard of them. In fact, that's how they really got themselves going. They had that, that ice bucket challenge and many others that people were doing and they continue to this day. [00:44:09] One of the tick tock challenges is very stupid and dangerous. And that's where this article from ARS Technica comes. Eric Bankman wrote. The when was this? Oh my gosh, this is right at the beginning of the year, apparently a 10 year old girl and her mother used Amazon Alexa. And what was happening is the kid wanted some challenges. [00:44:34] Mom wanted some challenges and they were doing a whole bunch of things. Physical challenges, like laying down. Rolling over a holding a shot on your foot from a phys ed teacher on YouTube. And the girl just wanted another one. So for those of you who are uninitiated, the plug challenge consists of. [00:44:57] Partially plugging a phone charger into an electrical outlet. Now the phone chargers usually do not have a grounding pin. So my little work around of mounting, all of the sockets upside down wouldn't matter. Cause if you look at that a little charger plug, it's usually just two pins and it actually usually doesn't care about the polarity. [00:45:19] It doesn't have the bigger the side and the smaller side, the. Yeah. I can't remember what they call now, but if they're both the same size, so you can put it in either direction, the spades that you put in. So if you put it in part way, you have defeated the safety mechanism, that's in all of these modern plus. [00:45:41] So you put it in part way, you have to push hard and in it goes, and then you pull it out part way. So that's part one. Can you plug this phone charger intellectual outlet part way so that those two conductors are exposed and then yeah. Then they ask you the challenge is to drop a penny onto the exposed prongs. [00:46:11] So you can get anything from a small spark. That little coin may jump off to a full-blown electrical fire. Now mom was there and she yelled. No Alexa, no. And the daughter said she's too smart to do something. Anyway, and I'm looking at a picture here that ARS Technica published of a wall socket, where a short had happened. [00:46:37] This wall socket is mounted sideways. I don't get that. And the hot side is up. So anything falling against the sock and by the way, the faceplate is metal. And grounded, obviously. So anything falling onto a plug that's only partially plugged in because the sock gets sideways. It falls onto it. It touches the metal face plate, and you've got a fire Bruin. [00:47:08] So they've got a picture of one of these in a house and you can see where the smoke went up. Now. I don't think the whole house caught on fire here, but it was a major zap. It reminds me of the days when we had. The fuses in the basement. And if a fuse blew, all you really needed to do is go down there and stick a quarter in it. [00:47:28] And you're fine, which means it's defeated the purpose. Anyways, you gotta be careful. At Amazon confirmed in a statement to the BBC that it has removed that particular challenge from Alex's database. Obviously these are computer generated and they're based on Tik TOK, idiots. You shouldn't be using Tik TOK for a lot of reasons. [00:47:55] One of them is it has been alleged that they have been spying for the Chinese. It is a Chinese company. It's part of 10 cent. And the, there's just a little stupid thing. So Amazon said, as soon as you became aware of this error, We took action to fix it. So again, you can't necessarily trust your kid at home with a, an Alexa doing challenges. [00:48:20] I just can't believe it. It's just incredible exactly what happened here. Hey, I want to give you a real quick tip. Last week, we went over how you can find out. If your computer has been hacked, basically. In fact, we were a little bit more specific. We said, okay, what I want to do here is know if not just the computers have been hacked, but as someone's stolen my. [00:48:50] Email and or my password. And we explained why and everything else. Then if you missed it last week, you can just go right ahead, online to to oh my I'm just having man's beginning of the year, right? That's what happened. Go online to Craig peterson.com/itunes or slash your favorite podcast player. [00:49:11] And you can listen to it there. So really good little article from. And make use of technology. And they're talking about what are some of the things you can do? You should do. You shouldn't do when it comes to external GPU's and now if you are a regular computer user, you don't even need one of these things and people might've tried to talk you into it. [00:49:38] Now, also that GPU is these graphical processing units are built into all of our computers nowadays. All of these new computers that our friends at apple have come up with, have some amazing GPS built into them. Those are great. They're used to update your actual windows screen that you're looking at hate Microsoft for stealing words like windows, mean things anyways. [00:50:05] But the external GPU is something I use on my main production workstation. So I've got GPU's they work great. And when I'm processing video and doing the edits, and then the final renders, that's when an external GPU comes in. So I can guarantee you if you don't know what I'm talking about here, I guarantee you. [00:50:31] I need an external GPU. Now the couple of other things to know, if you are looking for an, a GPO of any sort to build and put in your existing computer to build in somewhere else, the GPU's are difficult to get right now. And part of the reason for that is so many people have been using them for mining cryptocurrencies, because they're quite good at that. [00:50:57] Now there's special hardware that's being made. To mine, cryptocurrencies, but GPU's frankly are great little work around for anybody that just has a basic computer and wants to try and do a little crypto mining. So you're going to have a hard time getting a hold of these. GPU's just like many other chip sets out there and my own personal experiences. [00:51:21] I don't need the top end one because of it takes a few extra minutes to render something. When I'm making a video, it's not a big deal, cause I'm not making videos all day long. So a little tip for you on GPU's and external GPU's. And do you need them, what should do. Use them for, Hey, I am doing some training every week. [00:51:45] Kind what we just did just now, but about cybersecurity and other things in my weekly newsletter. So make sure you sign up Craig peterson.com AU. And if you could, and if you are a podcast listener, like to invite you to subscribe to my podcast, you can find it at Craig peterson.com/itunes. [00:52:08] We've got the end of a era for a device that was considered to be quite secure. In fact, some of our presidents, particularly the one that comes to mind is president Obama used it extensively, and it isn't what it was. [00:52:25] This device that I'm thinking of right now, and we'll see if you can guess what it is, but it was extremely popular. [00:52:33] It was for sending and receiving messages that even had some other functions, but it was mainly an email thing. I remember having a couple of those back in the day that was strictly email. They were, they actually nice. And then of course texting came along and they kept up with the times a little bit. [00:52:51] What we're talking about is the end of the line. This was a Canadian company, a company that was well-known worldwide by the name of rim. They were providing the Blackberry operating system. They had servers that were designed and built to be secure. So you could rest assured that all of your data was safe, no loud you to send and receive emails. [00:53:25] And it had that wonderful little click keyboard on it. Something that went the way of all the world. That keyboard is now gone and it's gone for good as has the ability to use some of those blackberries that you bought over the years to keep yourself. I just had to play taps underneath that, but it's just incredible. [00:53:53] It is the end of the day for the company, the once dominated the entire smartphone business. If you didn't have a Blackberry, you weren't cool and you weren't secure or secure. And you weren't able to communicate as easily. They were actually. Excellent little devices in their day. I want to add another note here when we're talking about secure, because Blackberry was very big and saying, Hey, listen, it's very secure. [00:54:23] It's all encrypted. We keep all your emails, encrypted, all your communications and gripped and what we found out by the way, is it turned out that the Canadian government, basically the equivalent of the FBI, CIA NSA had the master key for all Blackberry messages. And not only did it have the master key, it shared the master key with the United States secret agencies, the end of the. [00:54:55] CIA, et cetera. So if you were thinking you could use your Blackberry and keep your information safe, you are wrong. You remember when president Obama was elected? One of the first things they scrambled for in the tech business was how do we secure our. Mary. And of course all kinds are not our Blackberry, his Blackberry, all kinds of rumors erupted that, it was people controlling president Obama and they were using the Blackberry and they're using it because it was secure. [00:55:24] You, do you remember the whole uproar around. And the biggest problem was obviously our intelligence knew that they weren't secure and they could read any message they wanted to, as well as the Canadian government. And remember the whole five eyes thing back in the day, these five different governments that shared information on their own citizens. [00:55:47] So it was a real windfall for the United States because Canada was. EV all of this shop software was developed for the Blackberry. It's where all of the servers were located and data could easily be routed to Canadian servers away from us servers if they wanted to monitor somebody. And so Canada was the one spying on you, technically not your government. [00:56:10] They'd never do that. So it was an interesting time, frankly. As of January 4th, 2020, These Blackberry phones will no longer be provided with provisioning services, which means they are going to gradually lose the ability to join networks, including the cellular network, by the way. So it's man, it's something that many kids. [00:56:41] I have never even seen. And I look at it and just think, I remember envied some of the guys that had the blackberries at the time. And I had a couple of other little devices, keyboard driven that were from people who have been guests on my radio show. And I really liked those, but in the Blackberry was just crazy expensive as far as I was concerned. [00:57:04] But Blackberry's leadership really messed up. The guys who are developing Android at the time realized, oh, wait a minute. The iPhone is a pretty popular. It's going to be extremely popular. So Android then they mimic the Blackberry at first, made it look like a Blackberry. And then they switched over and made the Android operating system be like an iPad. [00:57:33] So they can pick, can beat with it, but Blackberry didn't see any of this coming. And it took over a year after the iPhone came out for Blackberry, for rim research and motion to come up with its own touchscreen phone. And the software was really quite a mass where they tried to. Basically crowbar in some new features and they had the old features. [00:57:58] They're still incorporate users during this whole time were falling into love with their apple phones and then eventually the Android phone. Told their IP department, it departments that they needed to support the iPhone and the Android phones. And so they did, and Blackberry eventually gave up on its own phones and they started releasing Android versions. [00:58:23] Do you remember those, the Android phones from. Mary, they got out of the hardware business entirely. And now what they're doing is they're trying to promote corporate security services. And that's really what they're trying to do. It's a new claim to fame. Yeah. Remember I just told you last time they were promoting that they were secure. [00:58:44] They weren't at all. No, they were to some extent, but so the last version of Blackberry opera and he said, The very last release that they had was in 2013. Yeah. 2013 year that hold. So the devices affected here by this shutdown are by all standards, extremely low old. And remember you got to get security updates. [00:59:09] So these machines, I can't even believe this still online when Blackberry hasn't given an update to them since 2013, that's almost a decade now, nine years. So if you're still using it stop, and if you're trying to figure out what to use, get an iPhone. And if you say, oh, Hey, films are too expensive. Don't get the latest, greatest iPhone. [00:59:33] Get a slightly older one because they are supported for five or more years out, unlike everything else out there now, although. We now have Samsung promising some longer support, like five-year support for some of the devices. So we'll see how that ends up going. But frankly, Blackberry, they're done for. [00:59:55] It's a shame. So there's a handful of software services that relied on the Blackberry servers to function. So if you were using Blackberry world or Blackberry link, those also stopped functioning on the 4th of January and the number of people still using it. I don't know. When was the last time you saw a Blackberry and have you used one I'd love to hear from you go ahead and drop me into the. [01:00:23] Craig. Yeah, exactly. me@craigpetersawn.com. Let me know, did you have a Blackberry or were you still using one? And did they bother telling you about the shutdown that was coming up, but this is it. This is the end of what was a very significant technology. So here's to blackberries. All right, stick around everybody. [01:00:52] Make sure you are on my email list. I'm going to do something new too, with the list. I'm going to start sending you my show notes. Now you can opt out of the show notes, just the show notes, if you want to, but expect to start seeing them show up in your email box. And this is the same show notes I send out to all of the radio and television stations I appear on because it's the most important news of the week. [01:01:20] Artificial intelligence is making its way into all kinds of aspects of our lives. And one of them that concerns me maybe the most, in some ways it's a benefit and others is AI in the criminal justice system. [01:01:36] China has developed what it's calls an AI. Or artificial intelligence prosecutor. [01:01:44] And they're saying that they can identify dissident and press charges for common crimes with 97% accurate. Now that is a very big claim. And the whole idea behind this is their servers services. If you will, in the court system are overloaded. We have the same problem. Most countries have the same problem. [01:02:11] I was just looking at India. They've got some 37 million backlog court cases. Absolutely. Phenomenal. So the system now in China can press charges for Shanghai's eight most common crimes. There runs on a standard PC and it takes part in the decision-making process. They say, although apparently it's actually making their decisions, but there are fears. [01:02:40] The machine could be weaponized by the state. Now it's interesting. Looking at the actual charges that it's designed to press right now, they're saying that it was trained using 17,000 real life cases. And it's able to identify and press charges for the eight most common crimes in Shanghai. These include provoking. [01:03:08] Now that's a term used to stifle dissent in China credit card, fraud, gambling crimes, dangerous driving theft, fraud, intentional injury, and obstructing official duties. In other words pretty much everything, right? You go against the government. It's just going to charge you. And that's what they say high prosecutor's going to do. [01:03:31] Now I'm looking to it. Some more details. From the management review journal. And they're saying that the system can replace prosecutors in the decision-making process to a certain extent. Now let's look at some other countries we've got, for instance, Germany, and they're using image recognition and digital forensics to help with their case loads. [01:03:58] China's using a system. No. System 2 0 6 to evaluate evidence a suspect's potential danger and conditions for arrest. Now, we've had some really weird things happening here in the U S with our criminal justice system. Some of them are absolutely idiotic. But things like just letting people out the same day that really should be held because they committed a moderately serious crime. [01:04:23] And we just had cases just at the end of 2021, where we had people. Who had been arrested and got out that same day and then went on to commit serious crimes, rape, murder, and other things. So what are we doing here in the U S unfortunately we have found out that in the us, we are monitoring the. [01:04:52] The funds that people need to put up that are called bail in order to be released from jail. So normally you'd go in front of a justice of the peace and maybe a court clerk, and they would look at what the charges are or what your background is, how sticky you are in the community, family, business ties, et cetera, and then set up. [01:05:18] So you now put up the bail cash or otherwise, and you are released on basically usually your own recognizance. They're very somewhat, so we are all ready in many areas using artificial intelligence for that entire. Process, there's no pleading with the computer's saying I can't afford a $200,000 bail. [01:05:42] There's no pleading with the computer saying, listen, I've been a member of the rotary club for 20 years and I own a business here. I have tight ties to the community that bail is just way too high because in many communities they are using artificial intelligence and relying on it a hundred percent. [01:06:00] That's one of the big problems with computers. People because they don't really understand them. Just say fine. Just yeah, go. The computers is almost always right. Yeah. The other problem is we don't know how it was programmed. Now in the case of this Chinese computer, that acts as a prosecutor for charging. [01:06:23] They fed it 17,000 cases. Do we know what those cases are? Do we know what the computer weighs when it's making its decisions? And we've seen this already, in some cases here in the U S where normally you can face your accuser. Normally you can go to the court and say, this decision by the justice of the peace was not quite right. [01:06:46] It needs to be fixed right now. They did and all well and good. And so if they had someone or they'd come in and testify to say, yeah, you're not a flight risk, et cetera, you're fine. But when it comes to the computers, people tend to just believe them. What were those 17,000 cases? Were they all nasty dissidents? [01:07:09] What did the computer learned from it? And some of these cases that we've had in the us we've found. That even the people that provided the software, that AI software, they don't know what the decision-making process actually was because the computer learned how to do it. And you need to understand AI models and how they're fed data and how they work. [01:07:35] But basically the computers come up with their own way of thinking through things. Just to make this simple. So it's not necessarily totally logic. It's not like back in the day, you'd write software that says, okay, if they have lived in that same home for over twenty-five years, they have kids in school, they own a business, et cetera, et cetera. [01:07:55] So you set up all of the explicit parameters. And from that, now you can say okay, fine. So you've got, went down this path based on. Person was and what their background was. Therefore, you came to this conclusion. That's not what's happening with this newer AI, not at all. And then you also have the question. [01:08:16] Okay. What does 97% accurate? Who's going to take responsibility when there is a mistake. Now I'm not talking about the 3% that they're admitting could be mistakes. I'm talking about the 97% of the time. And then if you now move up to the courts, who are they going to talk to? The prosecutor, the machine, the designer of the algorithm. [01:08:42] Are they going to examine all 17,000 cases that were fed into this? I goes back to what I said before about airplanes. People are not good at monitoring computers, but computers can be good at monitoring people. In other words, in this case, the artificial intelligence may help detect a mistake, but it really cannot replace humans in making a decision. [01:09:09] It's very true. China's relying more and more on AI to boost productivity. They're using AI with facial recognition systems for their social credit score that allows people to get on. Train you can't get on a train unless you have a high enough social credit score. And if you J rock walk, you have now lost points. [01:09:32] So it's it's really crazy. So I'm very concerned about this. I found some great information by the way, online from the justice department about what they are looking to have AI do. And it's basically everything making decisions and informing. What should happen? They're looking at using chat chatbox to provide legal advice for pro se litigants. [01:10:00] In other words, people that are trying to defend themselves can go to a chat box that will give them some direction. That's all in the works. I'm looking at the official documents right now, criminal justice testing and evaluation consortium, looking at artificial intelligence. Hey, make sure you subscribe to my podcast. [01:10:21] Craig peterson.com/itunes, and I hope I've earned a five star review. And if you could take a minute, just give it right there. [01:10:31] We all know the children online suffer some pretty serious consequences in certain cases. The federal trade commission has now won a case against Google. We're going to talk about what's going on. With ads. [01:10:47] The FTC has now been enforcing what's called CAPA, which is the children's online privacy protection rule. [01:10:58] And they have find. In fact they find them. What was it? Almost 200. Yeah, exactly. Let me just find it here. Sorry about that. They have find Google to the sum total of. 170 million. That's what I thought it was almost $200 million penalty. So what had happened here is YouTube. Now YouTube is owned by Google has been for quite a while. [01:11:28] And in fact, YouTube. Advertising to advertisers that quote YouTube is today's leader in reaching children age six to 11 against top TV channels. They also said that YouTube is the number one website regularly visited by kids. Now we know that they are not supposed to be directing any content to children under 13. [01:11:58] Now you could argue, all right, they're not directing content to them, but the facts are the facts of kids are on the site. They're on the site. Yeah. But why would you promote that to advertisers and. You were exactly promoting to children. And that's what the federal trade commission said. Hey, Google, here you are promoting your ability to target these kids by saying you are the number one platform for them. [01:12:30] So you shouldn't be doing that. So this settlement they came up with Google required you tube to pay $170 million penalty. They were also required to implement a system. That permits channel owners to identify content is child directed. So YouTube can ensure it's complying with the rule going forward. [01:12:53] So remember YouTube doesn't make the content that's up on their site. They steal it from you. They don't exact this dealer from you, but anything that you're uploading, they may try and monetize. If enough people watch it and stay on their site longer. Which is the goal, by the way, for your content. [01:13:11] If you put it up, really Facebook's the same way. LinkedIn, everybody, they want eyeballs. They want them to stay on the site so they can show them advertising. The people who are making the content are these content creators, just you and me uploading stuff to YouTube. As well as these people that have somehow become very popular that I just don't understand. [01:13:32] So here are also some things from our dark reading website here. Alison LeFrak, she's senior vice president of public policy. Ads privacy and children's online privacy protection act compliance at pixelate. So she's come up with five things she thinks should be adopted by the industry. First of all, improve transparency ad networks platforms should consider implementing their system that lets online services, identity. [01:14:05] To the ad network or platform that their content is child directed, which is something that the courts are demanding here now. The FTC settlement is I should say, number two, stop collecting children's data once an ad network or a platform like YouTube sets up a system where developers can signal that their app or their software or their. [01:14:30] Oh, the video is directed at children. That ad network needs to take steps to not collect personal information through those websites. Make sense apps or channels. Number three, involve parents when required, even if an ad network is not collecting precise geolocation information from children. If it collects wireless network identifiers to infer precise location, it is required to provide notice. [01:14:56] Teen consent from the parents. I'm loving all of these number four. Protect sensitive data. If an ad network decides to collect children's data, it must maintain the confidentiality, security and integrity of the information. It should only retain the data as long as necessary to fulfill the purpose for which it was collected. [01:15:19] And the ad networks should delete the data in a way that protects against its own authorized use. And number five remained stringent on protecting children. So I think all of those make quite a bit of sense. They're all things that ad networks and these platforms should be doing, but they're not required to do it. [01:15:38] And I, I go back and forth here. My dad and mumble both used to say there ought to be a law. No, that's not how my mom said it, you get the idea. And I'm at the point where I say, man, we got to get rid of most of these laws, rules and regulations, because they are hampering us something. [01:15:57] If you look at the Scandinavian countries, some people say, oh, there are socialists over that. No, they're not. They have very high taxes and they have a lot of community services, but Switz, they're not Switzerland, Sweden, for instance. They know that they have to keep their businesses healthy so that they can collect taxes. [01:16:18] So they stay out of the way versus here, where we already have a so

The Show with Edmund Mitchell

Season 2 of The Show is here! Today's topic was "starting" in creative work, but a major theme of the show became "safe touch". We talk about all the new aspects of The Show, answer some voicemails, and cover current events. (We had serious autofocus issues with the video of this episode...) Watch the video version of The Show on Youtube: https://www.youtube.com/edmundmitchell Thanks to the cast and crew of The Show: Tim Glemkowski Steve Buksh Katie Kuchar Ian Riley Theme Music: When I'm Gone by Apache Tomcat (https://freemusicarchive.org/music/Apache_Tomcat/Whats_Later/) Support The Show and get exclusive content and access! (http://www.patreon.com/theshow) Leave me a voicemail for The Show Call 817-527-1423 to leave me a voicemail, and I'll play it on an upcoming episode. Introduce yourself, ask a question, or let me know what you thought about a past episode or guest. Checkout all the gear I use for videos and podcasting My gear and recommendations. (www.kit.com/edmundmitchell) Want a hug for your brain? Mushroom elixirs are a natural food to support focus and memory. Try Lion's Mane at Four Sigmatic using the offer code HOLYSHROOM to get 10% off! Try some mushrooms here. (http://www.us.foursigmatic.com/#_a_HOLYSHROOM) Special Guests: Ali Hoffman, Johnny Philp, and Nic Gutierrez.

The Show with Edmund Mitchell

A quick show with some announcements about what's in the future of The Show. We also answer a bunch of Instagram questions and voicemails that were submitted. We're going on pause until late February to regroup and make The Show EVEN BETTER. Giving the brand a facelift, getting some new gear, renovating the studio, curating the guest list, and more surprises. Watch the video version of The Show on Youtube: https://www.youtube.com/edmundmitchell If you enjoy The Show and want to help make it even better, support The Show on patreon! (http://www.patreon.com/theshow) Thanks to the cast and crew of The Show: Tim Glemkowski Steve Buksh Katie Kuchar Ian Riley Theme Music: When I'm Gone by Apache Tomcat (https://freemusicarchive.org/music/Apache_Tomcat/Whats_Later/) Support The Show and get exclusive content and access! (http://www.patreon.com/theshow) Leave me a voicemail for The Show Call 817-527-1423 to leave me a voicemail, and I'll play it on an upcoming episode. Introduce yourself, ask a question, or let me know what you thought about a past episode or guest. Checkout all the gear I use for videos and podcasting My gear and recommendations. (www.kit.com/edmundmitchell) Want a hug for your brain? Mushroom elixirs are a natural food to support focus and memory. Try Lion's Mane at Four Sigmatic using the offer code HOLYSHROOM to get 10% off! Try some mushrooms here. (http://www.us.foursigmatic.com/#_a_HOLYSHROOM)

The Show with Edmund Mitchell

Kyle Aubert returns to talk about important cultural moments joined by Michael Sherman. We talk about the Kanye/Drake beef and other strange phenomenon. Watch the video version of The Show on Youtube: https://www.youtube.com/edmundmitchell Thanks to the cast and crew of The Show: Tim Glemkowski Steve Buksh Katie Kuchar Ian Riley Theme Music: When I'm Gone by Apache Tomcat (https://freemusicarchive.org/music/Apache_Tomcat/Whats_Later/) Support The Show and get exclusive content and access! (http://www.patreon.com/theshow) Leave me a voicemail for The Show Call 817-527-1423 to leave me a voicemail, and I'll play it on an upcoming episode. Introduce yourself, ask a question, or let me know what you thought about a past episode or guest. Checkout all the gear I use for videos and podcasting My gear and recommendations. (www.kit.com/edmundmitchell) Want a hug for your brain? Mushroom elixirs are a natural food to support focus and memory. Try Lion's Mane at Four Sigmatic using the offer code HOLYSHROOM to get 10% off! Try some mushrooms here. (http://www.us.foursigmatic.com/#_a_HOLYSHROOM) Special Guests: Kyle Aubert and Michael Sherman.

The Show with Edmund Mitchell

Johnny, Ali, and Nic come on The Show for a Christmas Special. This is the first of the new, once a month format of The Show. We cover current events, a few hot topics, and suggestions for the New Year. Link to news and videos in the description. Watch the video version of The Show on Youtube: https://www.youtube.com/edmundmitchell Thanks to the cast and crew of The Show: Tim Glemkowski Steve Buksh Katie Kuchar Ian Riley Theme Music: When I'm Gone by Apache Tomcat (https://freemusicarchive.org/music/Apache_Tomcat/Whats_Later/) Support The Show and get exclusive content and access! (http://www.patreon.com/theshow) Leave me a voicemail for The Show Call 817-527-1423 to leave me a voicemail, and I'll play it on an upcoming episode. Introduce yourself, ask a question, or let me know what you thought about a past episode or guest. Checkout all the gear I use for videos and podcasting My gear and recommendations. (www.kit.com/edmundmitchell) Want a hug for your brain? Mushroom elixirs are a natural food to support focus and memory. Try Lion's Mane at Four Sigmatic using the offer code HOLYSHROOM to get 10% off! Try some mushrooms here. (http://www.us.foursigmatic.com/#_a_HOLYSHROOM) Special Guests: Ali Hoffman, Johnny Philp, and Nic Gutierrez.

The Show with Edmund Mitchell

Eric Wilkes and Gabby Banzon are on the show to talk about pursuing your passion in a tough market. We also answer some audience questions about Eric's horrible hotel experience, and sing some international Christmas karaoke. Watch the video version of The Show on Youtube: https://www.youtube.com/edmundmitchell Thanks to the cast and crew of The Show: Tim Glemkowski Steve Buksh Katie Kuchar Ian Riley Theme Music: When I'm Gone by Apache Tomcat (https://freemusicarchive.org/music/Apache_Tomcat/Whats_Later/) Support The Show and get exclusive content and access! (http://www.patreon.com/theshow) Leave me a voicemail for The Show Call 817-527-1423 to leave me a voicemail, and I'll play it on an upcoming episode. Introduce yourself, ask a question, or let me know what you thought about a past episode or guest. Checkout all the gear I use for videos and podcasting My gear and recommendations. (www.kit.com/edmundmitchell) Want a hug for your brain? Mushroom elixirs are a natural food to support focus and memory. Try Lion's Mane at Four Sigmatic using the offer code HOLYSHROOM to get 10% off! Try some mushrooms here. (http://www.us.foursigmatic.com/#_a_HOLYSHROOM) Special Guests: Eric Wilkes and Gabby Banzon.

The Show with Edmund Mitchell
36: ⛪️ "Don't Water Down the Faith" is Bad Advice

The Show with Edmund Mitchell

Play Episode Listen Later Dec 5, 2018 77:40


Today the team (Johnny, Ali, and Nic) get together for a conversation about a trend in Church advice articles about how to not "lose" young christians. Watch the video version of The Show on Youtube: https://www.youtube.com/edmundmitchell Thanks to the cast and crew of The Show: Tim Glemkowski Steve Buksh Katie Kuchar Ian Riley Theme Music: When I'm Gone by Apache Tomcat (https://freemusicarchive.org/music/Apache_Tomcat/Whats_Later/) Support The Show and get exclusive content and access! (http://www.patreon.com/theshow) Leave me a voicemail for The Show Call 817-527-1423 to leave me a voicemail, and I'll play it on an upcoming episode. Introduce yourself, ask a question, or let me know what you thought about a past episode or guest. Checkout all the gear I use for videos and podcasting My gear and recommendations. (www.kit.com/edmundmitchell) Want a hug for your brain? Mushroom elixirs are a natural food to support focus and memory. Try Lion's Mane at Four Sigmatic using the offer code HOLYSHROOM to get 10% off! Try some mushrooms here. (http://www.us.foursigmatic.com/#_a_HOLYSHROOM) Special Guests: Ali Hoffman, Johnny Philp, and Nic Gutierrez.

The Show with Edmund Mitchell

A late mini-episode with updates, shoutouts, and we listen to voicemails you've submitted and answer questions. Support The Show and get exclusive content and access! (http://www.patreon.com/theshow) Thanks to the cast and crew of The Show: Tim Glemkowski Steve Buksh Katie Kuchar Ian Riley Theme Music: When I'm Gone by Apache Tomcat (https://freemusicarchive.org/music/Apache_Tomcat/Whats_Later/) Leave me a voicemail for The Show Call 817-527-1423 to leave me a voicemail, and I'll play it on an upcoming episode. Introduce yourself, ask a question, or let me know what you thought about a past episode or guest. Want a hug for your brain? Mushroom elixirs are a natural food to support focus and memory. Try Lion's Mane at Four Sigmatic using the offer code HOLYSHROOM to get 10% off! Try some mushrooms here. (http://www.us.foursigmatic.com/#_a_HOLYSHROOM)

Develpreneur: Become a Better Developer and Entrepreneur
Building Your Service Offering and Resume

Develpreneur: Become a Better Developer and Entrepreneur

Play Episode Listen Later Jul 18, 2018 26:49


One of the first steps once we decide to do consulting as a side-hustle is to define our service offering.  We have the option to be a general consultant and do at large coding or technical support.  However, that is not an easy one to sell or even define.  By its nature, a broad offering will limit your ability to speak directly to a customer's needs. Pick A Path Or A Few Start your offering thoughts with a favorite or ideal project to work on.  This may be something you can do with your eyes closed or what you love to do.  You may find it hard to narrow your focus to a tightly defined project.  That is ok.  Find the most specific point (or points) about an ideal project and start there.  For example, you may be happy doing any web application on Apache Tomcat and Java.  That is general enough, but also has a good enough specificity to it. Your offering, in this case, will focus on building Java web applications.  When you put together your offering you will do best if you include a few examples of websites that have varied goals.  In this case, I would have an example of an e-commerce site, a simple business site, and a membership site.  Those three examples cover a lot of common needs and show a broad range of skill application. Your Resume Your normal resume is an excellent start for this project.  However, you have narrowed your focus in the prior step.  Therefore, a tighter, shorter, more focused resume will be needed here.  There is a bit of an art to crafting a good resume in the IT world.  Most projects have multiple technologies involved and give you experience in multiple specialties. Your service-based resume needs to highlight in each project the work you did related to the service.  If you focus on Java programming then do not include work done in C# on a project.  You will want to list somewhere that you have that C# experience, but leave that out of the project details. Launch Your Website Once you have a service flyer or document and a related resume, you are ready for the website.  You might want to create the site with the technologies you focus on.  This provides yet another reference project for your customers.  That may be an approach that is too time-consuming at this point.  In that case, fire up a Wordpress site with a couple of pages to describe your offerings.  This can be done in a few hours, will be low cost, and looks professional.  Check out our video course to go all out over the period of a few weeks. Register on Work Site Your website is the home of your service offering.  Once you have that looking good, it is time to search for business.  This is easier than it ever has been.  You can create a profile on multiple sites or try your hand at a single one.  Each site is a little different in how it works, the projects offered, and the type of competition you will typically face.  Try before you buy where possible to find the best fit for you and your offering. Your Homework Now stop reading (and listening) and get started.  I have included a sample document to help you out with these steps.  However, here is what you should aim to complete this week. Create a service offering flyer/document Create a service-oriented resume Launch your website Register at a site We will hit the ground running in our next episode so make sure you have these items complete enough for your needs. Example Service Flyer: IntroFlyer Example website: https://rb-sns.com Some Site Links: https://Upwork.com https://Guru.com https://Freelancer.com https://Freeeup.com

The Michael Duprey Variety Hour
#030 Bathroom of the Future, Alan Forrester

The Michael Duprey Variety Hour

Play Episode Listen Later Jun 5, 2017 66:29


Pop-punk band Bathroom of the Future frolicks onto our podcast to showcase their music, their personalities, and their stories -- including how the songwriting process goes, what their favorite music venue in Port Huron is, and more! Also, Assistant Manager of a Cheese Shop Alan Forrester has a dark confession to share. Credits: Tim David, Sean Farquhar, James Layle, John Yar Find Bathroom of the Future on Facebook: https://www.facebook.com/bathroomofthefuture/Bandcamp: https://bathroomofthefuture.bandcamp.com/ John's Podcast: http://www.stitcher.com/podcast/tony-augusty/after-improv Find MDVH on Facebook: https://www.facebook.com/michaeldupreyvh/Twitter: https://twitter.com/MichaelDupreyVH Attributions:“Bounce House” by Bathroom of the Future“Campau Towers (Is Playing Our Song)” by Bathroom of the Future“Idiot's Loop” by Bathroom of the Future Intro Theme:“Don't Weigh Me Down” by Broadcast 2000 Interlude Song:“Somewhere in My Mind” by Apache Tomcat

The Michael Duprey Variety Hour
#029 Kyle O'Neil, Ryan O'Ryan, Todd Copper

The Michael Duprey Variety Hour

Play Episode Listen Later May 29, 2017 60:29


Co-host Kyle O'Neil of the band Fireworks shares a litany of interesting stories, including stories of his life touring as a rock and rollman and meeting Fred Durst of Limp Bizkit. Also, former NHL prospect and current High School hockey coach Ryan O'Ryan discusses his deep discipline and former High School student Todd Copper discusses buying goods at knife point.Credits: Kyle O'Neil, Thomas Stineman Find us on Facebook: https://www.facebook.com/michaeldupreyvh/Twitter: https://twitter.com/MichaelDupreyVH Attributions:“The Only Thing That Haunts This House Is Me” by Fireworks Intro Theme:“Don't Weigh Me Down” by Broadcast 2000Interlude Song:“Somewhere in My Mind” by Apache Tomcat

The Michael Duprey Variety Hour
#028 Penelope Whitlo, Scratchy Steve

The Michael Duprey Variety Hour

Play Episode Listen Later May 22, 2017 63:53


Cotton candy connoisseur Penelope Whitlo tells us about her wide ranging cotton candy products, some more unusual than others. Also, 80's cartoon icon Scratchy Steve tells us what it's like living an animated life in a real world.Credits: Annie Derbabian, Ray DupreyFind us on Facebook: https://www.facebook.com/michaeldupreyvh/Twitter: https://twitter.com/MichaelDupreyVHRay's Twitter - @von_AwesomeAttributions:“Drinks and Jokes With Offenbach” by Arcane WavesIntro Theme:“Don't Weigh Me Down” by Broadcast 2000Interlude Song:“Somewhere in My Mind” by Apache Tomcat

The Michael Duprey Variety Hour
#027 Bryan Bishop, Mike Hanson

The Michael Duprey Variety Hour

Play Episode Listen Later May 15, 2017 61:06


Full-time Father and part-time Pop Country Musician Bryan Bishop joins us on the show to discuss his family life, and how he's been dealing with finding out that his son is straight. Also, famous astronaut Mike Hanson relays what life is like as a spaceman, and urges for help to find a great friend.Credits: Adam Bacigal, JR StuhrbergAttributions:“Restless Cowboy” by Robert Tilly & Wooden AmbulanceIntro Theme:“Don't Weigh Me Down” by Broadcast 2000Interlude Song:“Somewhere in My Mind” by Apache Tomcat

The Michael Duprey Variety Hour
#026 Alana Savard, Maude Van Der Clamp

The Michael Duprey Variety Hour

Play Episode Listen Later May 8, 2017 65:55


Mixed media artist Alana Savard joins us on the show to discuss her unique style of art which includes acrylic paints, candy, nature, and other household supplies on canvas. She also goes into detail about what lengths she would go to for a commissioned project. Also, the world's oldest burlesque dancer chronicles her long life!Credits: Alana Savard, Michelle StuderAlana's Website: https://www.alanasavard.com/Attributions:“I Like Being Me (Big Band version feat. Jean Bean)” by Uncle NeptuneIntro Theme:“Don't Weigh Me Down” by Broadcast 2000Interlude Song:“Somewhere in My Mind” by Apache Tomcat

The Michael Duprey Variety Hour
#025 Mort Horton, Jim Creaser

The Michael Duprey Variety Hour

Play Episode Listen Later May 1, 2017 63:02


Professional Police Line-up Participant Mort Horton joins us on the program to discuss his storied acting career and how the roads of his life led him to filling out police line-ups. Also, Caregiver for the Elderly Jim Creaser goes into detail on the often complicated life of taking care of the seniors of America.Credits: Andy Reid, David HillbomAttributions:“Dirt Baby” by Bad RonaldIntro Theme:“Don't Weigh Me Down” by Broadcast 2000Interlude Song:“Somewhere in My Mind” by Apache Tomcat

The Michael Duprey Variety Hour
#024 Nebr The Tiger, Wets Bloomfield

The Michael Duprey Variety Hour

Play Episode Listen Later Apr 24, 2017 63:09


Local hip-hopman Nebr The Tiger joins us on the program to discuss how his music has evolved and changed over the years, how he has been rebranding himself, and what artists influence him the most. Also, local nomad Wets Bloomfield talks about life travelling around the country in his RV with his pet snake Just Peter and promotes his magazine.Credits: Nebr The Tiger, Lauren DupreyAttributions:“Energy” by Nebr The Tiger“Voodoo (Frank Ocean Cover)” by Nebr The Tiger“Confessions” by Nebr The TigerIntro Theme:“Don't Weigh Me Down” by Broadcast 2000Interlude Song:“Somewhere in My Mind” by Apache Tomcat

The Michael Duprey Variety Hour
#023 The Tom Toms, Ricky Peanuts

The Michael Duprey Variety Hour

Play Episode Listen Later Apr 17, 2017 79:05


Rock group The Tom Toms joins us on the show to discuss their ever-evolving sound, their storied history, and discuss the philosophy behind “Rhythm, Beauty, and Chaos.” Also: Hand for the Future Mayor of Detroit Ricky Peanuts details how the city will be changed in the future and heeds a few dire warnings!Credits: Kayla Day, Chris Day, Elaina Day, Michelle Russell-Mcauley, Ray DupreyAttributions:“Stella” by The Tom Toms“Judgement Day” by The Tom Toms“Liar, Liar” by The Tom TomsIntro Theme:“Don't Weigh Me Down” by Broadcast 2000Interlude Song:“Somewhere in My Mind” by Apache Tomcat