Podcasts about backups

While many organisations are growing aware of the threat of cyberattacks and are strengthening their security, a successful attack is almost inevitable, resulting in system downtime, loss of customer trust and most critically - loss of important data. This is why data backup and recovery is considered a crucial part of cyber hygiene, however over 40% of Malaysian businesses don't practice this. We speak to Sandy Woo, Country Director of Veritas Technologies to understand the importance of data backups and recovery as well as how it can help businesses.Image Credit: Shutterstock | Alexander Supertramp

Air Raid Hour: Judge & Tilt discuss what non-starters could end up playing key roles if Bills starters suffer a long-term injury at any point this season.

The Daily Buckeye Blitz ⭕️⚡️ Tuesday, August 2, 2022 In today's 5-minute episode, I talk about the two-deep for the Ohio State Offensive Line.

Problems are a part of life, but it's how we handle the problems in our lives that makes all the difference in the world.See omnystudio.com/listener for privacy information.

In this episode I step away from my normal monologue style to interview a renowned guest, W. Curtis Preston.  Curtis, the Chief Technical Evangalist at Druva, is also known as Mr. Backup.  Curtis runs his own website, Backup Central dot com with his own Podcast called Restore It All.  He also participates in the No Hardware Required Podcast for Druva. Curtis and I discuss the relationship between backups and cyber security.  He also shares his professional journey and offers advice to students and early professionals related to their professional future. Please make sure to send questions, comments, and episode recommendations to cybergreybeard@gmail.comModern Data Protection by W. Curtis PrestonSnorkel42 Reddit Security CadenceNo Hardware Required PodcastRestore it all PodcastBackup Central WebsiteOVH Cloud Provider FireConte Ransomware GroupFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.HA/DR - High Availability and Disaster RecoveryRPO/RTO – Recovery Point Objective/Recovery Time ObjectiveMFA – Multi-Factor Authentication: What we know, what we have, who we are

Today I'm chatting with “Chief nerd” as he calls himself, at Lightbox consulting, Kale Munster. Kale and I chat about one of my favourite topics, tech and how we can make it personal.   We dive into: Discovering your solution from the pain points Automations for the right parts of your business Backups for your online storage The testing process for new tech   About Kale Passionate about making tech accessible to non-techy people. Kale is passionate about ensuring that tech runs smoothly, so business owners can sleep at night. He has specialised in helping small to medium business with any tech needs from their day to day niggles, setting up new systems, migrating email and websites and ensuring you can connect with the outside world through internet, wifi and phone systems.     Connecting With Our Guest   Connect with Kale on Instagram @lightbox.consulting Kale's website: lightboxgroup.co   Connect with Nicole on Instagram Nicole's website   Join the Take Control with Nicole Facebook Group here Join The Waitlist for the Member's Lounge here     For more detailed shownotes and full transcript of the episode, click here: https://theartisans.com.au/podcast/episode-76/

Enterprise backups as a cybersecurity first principle strategy. This session covers the riveting topic of enterprise backup schemes to improve resilience. Rick discusses the value of data backups, workflow models, recent ransomware trends, and platforms for each use case. The Hash Table provides tangible enterprise backup strategies that encompass centralized, decentralized, and DevSecOps techniques, business continuity and disaster recovery plans, and engaging the Executive team in crisis scenarios and recovery training. In data backups, nothing is easy, but Rick breaks it down to first principles and makes it understandable. With Rick Howard, the CyberWire's CSO and Chief Analyst, joined by Jerry Archer, the Sallie Mae CSO, and Jaclyn Miller, the CISO for NTT, discuss enterprise backups as a first principle strategy. Cybersecurity professional development and continued education. You will learn about: backup tools and platforms, workflow responsibilities and models, disaster recovery and business continuity plans, backups as a tool to improve resilience CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more enterprise backups and cybersecurity first principles resources, check the topic essay.

Enterprise backups as a cybersecurity first principle strategy. This session covers the riveting topic of enterprise backup schemes to improve resilience. Rick discusses the value of data backups, workflow models, recent ransomware trends, and platforms for each use case. In data backups, nothing is easy, but Rick breaks it down to first principles and makes it understandable. Cybersecurity professional development and continued education. You will learn about: backup tools and platforms, workflow responsibilities and models, disaster recovery and business continuity plans, backups as a tool to improve resilience CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more enterprise backups and cybersecurity first principles resources, check the topic essay.

This episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool have a robust conversation with W. Curtis Preston, (on Twitter as W. Curtis Preston), the Chief Technical Evangelist with Druva, Inc.. In this conversation, Mr. Backup himself, explains the difference between backups and archives, reminiscences about tape backups, and provides insight on how backups relate to privacy. As part of this, they discuss guidance from several data protection authorities in Europe on backups (Danish, French, UK) (or at least an acknowledgement of the difficulties of backups) and the ever-beloved right to deletion. Join us to hear his personal experiences and recommendations related to ransomware, restoration, and more. Also, he has published four O'Reilly books, the latest one - Modern Data Protection- available for free as an ebook on Druva's website.Also, catch the next webinar from TrustArc on July 19 - Level Up Your Healthcare Privacy Program. Let them know you heard about it from us!As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy @trustArc and email seriousprivacy@trustarc.com. Please do like and write comments on your favorite podcast act so other professionals can find us easier. 

Doug Neumann, Co-Founder and CEO of Arpio discusses the best practices for good data protection hygiene when moving to the cloud, disaster recovery tips, and keeping safe from ransomware whether on-prem or in the cloud.

Welcome in ladies and gentlemen, boys and girls, to Kindred Spirits on the RFK Refugees Podcast Network . Ted and Jon review another loss for a severely depleted Spirit side while looking ahead to games coming up. Join ushttps://twitch.tv/rfkrefugees ( Live) Monday at 8:30PM andhttps://rfkrefugees.com/subscribe ( Subscribe )so you can get this and every episode wherever you get your podcasts! Thank you for listening! If you like what you hear and you want to help support our show and get exclusive content, head on over to ourhttps://patreon.com/rfkrefugees ( Patreon) or subscribe to ourhttp://twitch.tv/rfkrefugees ( Twitch) page with your free Amazon sub (or your American Fiat Currency!) Vamos! https://rfkrefugees.com/ (RFKRefugees.com)

Football Outsiders' Editor-in-Chief Aaron Schatz (@FO_ASchatz) is joined by Senior Analyst Mike Tanier (@MikeTanier) and Film & Draft Expert Derrik Klassen (@QBKlass) to rank all 32 NFL franchises by the overall strength of their quarterback room.Football Outsiders is covering more than ever before with expanded offseason news, NFL Draft, and USFL coverage. Be sure to get more out of Football Outsiders with a FO+ subscription! Be sure to tune in live throughout the offseason at 1 p.m. EST on YouTube to join the conversation! Subscribe to the podcast by looking for the "Football Outsiders Podcast Network" on your favorite podcast app. Football Outsiders is streaming LIVE every Thursday at 1 p.m. EDT. If you miss the live stream, you can watch or listen to every show on YouTube or listen to the podcast version. Be sure to subscribe to the podcast by looking for the "Football Outsiders Podcast Network" on your favorite podcast app.

Trisha Yearwood stopped by Bobby's house and talks about how she got her start singing demos in the 80's. Trisha has sung backups on more than 100 Garth Brooks songs and got her start opening up for him on his tour back in 91 when she only had 1 song on the radio. Trisha also talks about recording her Frank Sinatra tribute album "Let's Be Frank", her next country album and what she likes to watch on Netflix. See omnystudio.com/listener for privacy information.

Notícias que chamaram a nossa atenção nesta Tera-feira dia 05 de Julho de 2022! Reprodução em áudio do e-mail recebido diariamente pela Newsletters (newsletter@filipedeschamps.com) Newsletter gratuita sobre Tecnologia e Programação: https://filipedeschamps.com.br/newsletter #news #noticias #fdnews #robsonamendonca

Más info en wpradio.es/254

There are a few times I have been taught the value of testing your backups.  That is why even disaster recovery needs to be validated.  The first story I share is probably a worst-case scenario.  However, it can happen, so we need to be aware of failure points.  We must validate our backups regularly to ensure the process we are counting on is there when we need it. Testing Your Backups Before They Are Needed There are many ways to test backups and our disaster recovery plan.  We can do the extreme version, cut power to the required systems, and attempt to replace them via the procedure.  However, that may not be needed.  We may be able to do partial testing and ensure we can restore or copy the required files.  Even simple things like an automated update process can cause issues with our plan.  Therefore, we need to test regularly and ensure we keep the component parts updated and ready for use. Outliers and False Comfort It is easy to fall into a false sense of comfort about your strategy.  That is where the second story comes in.  Do not assume that your process working last month means it is still working this month.  Likewise, ensure outliers such as systems, applications, or files that are rarely (if ever) used are included in the backups.  I know of several situations where all was well until it was determined that some long-ago created file was lost or corrupted.  Then they found out that the file or system was not covered in the DR plan.  Even a simple act of rebooting a system has caused loss, and when that system was not backed up properly, it was a painful loss. If you like this season, you will probably like Scott Adams' book, "How to Fail at Almost Everything and Still Win Big: Kind of the Story of My Life."

Did you know that 43% of small businesses have no cybersecurity plan? If you're in Roswell, Sandy Springs, Alpharetta, Brookhaven, or a surrounding part of Atlanta, Georgia, RSJ Online Solutions (678-221-4556) can help protect your data. Go to https://rsjonlinesolutions.com/services (https://rsjonlinesolutions.com/services) for more information.

Premium Members, click here to access this interview in the premium area. Andrew Darlow of www.backup.fm is a photographer, writer, product developer and inventor. We recently struck up a conversation on LinkedIn about backing up and workflow - where he focuses a lot of attention when helping other photographers. Based in New Jersey, USA, he [...] The post 471: Andrew Darlow – How to manage your photography backups the right way appeared first on Photography Business Xposed - Photography Podcast - how to build and market your portrait and wedding photography business.

Todd Ogasawara and Jon Westfall discuss Jon's "Great Duplication Hunt" project that he worked on for the past two years. They discussed backup and deduplication in the the modern era. Jon also raised the question: When do you upgrade displays? Especially since displays tend to be one of the more stable and dependable accessories that last many many years.

Welcome to Episode 32 of Practical Business Technology, where we keep you in-the-know about technology's impact on business. In this episode on Will Your Backups Save You From Ransomware Dave and Stephanie Kinsey discuss best practices for setting up and monitoring your backups, so that you will be able to recover data in the event of a ransomware attack. Our show is sponsored by the Maricopa County Bar Association, and our host is Dave Kinsey, author, and owner of Total Networks.

View in HD at . Does Time Machine backup all of your files when you are using iCloud Drive? The answer depends on whether you are using the Optimize Mac Storage function. But even with it on, chances are you are well protected.

Techstination interview: Retrospect delivers new cloud solution for backups

If you have photos that are important to you, you should take steps to protect them. Every day someone loses a lifetime of memories because they didn't take these steps. Don't be one of them. In this tutorial I explain how I backup and protect my photos and what my workflow is like. You may find some ideas here that you can use. Links: https://www.amazon.com/Electronic-Automatic-Rotation-Resolution-1280x800IPS/dp/B07QTKQPX4/ref https://www.theguardian.com/world/2007/sep/29/argentina.film https://www.facebook.com/ https://www.google.com/photos/about/ https://www.flickr.com/ https://www.smugmug.com/plans/ https://www.shutterfly.com/ https://beebom.com/flickr-alternatives/ https://www.gimp.org/tutorials/GIMPProfile/ https://www.ahuka.com/gimp/photo-storage-backups-and-workflow/

Diese Folge als Video schauen Aus der Preshow: Technik-Optimierung, Backups, Selfy Software hacking, Dezimal Zahlen, Danke an alle Unterstützer Fast immer dienstags, gerne mal um 18:00 Uhr: Happy Shooting Live. Täglich im Slack mitmachen – auch Audio-/Videokommentare werden gern angenommen. BUNQ-Link für direkte Spenden per Überweisung oder Kreditkarte. Happy Merching CM Magazin #Nachtrag vom Uwe: … „#764 – Ich helfe auch beim anziehen“ weiterlesen Der Beitrag #764 – Ich helfe auch beim anziehen ist ursprünglich hier erschienen: Happy Shooting - Der Foto-Podcast.

Evaluating FreeBSD CURRENT for Production Use, Time Machine-like Backups on OpenBSD, FreeBSD on the Graviton 3, Compiling the NetBSD kernel as a benchmark, Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022, Hardware Detection & Diagnostics for New FreeBSD Users, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Evaluating FreeBSD CURRENT for Production Use (https://klarasystems.com/articles/evaluating-freebsd-current-for-production-use/) Time Machine like Backups on OpenBSD (https://xosc.org/timemachine.html) News Roundup FreeBSD on the Graviton 3 (https://www.daemonology.net/blog/2022-05-23-FreeBSD-Graviton-3.html) Compiling the NetBSD kernel as a benchmark (https://blog.anotherhomepage.org/post/2022/05/25/Compiling-the-NetBSD-kernel-as-a-benchmark/) Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022 (http://undeadly.org/cgi?action=article;sid=20220607112236) Hardware Detection & Diagnostics for New FreeBSD Users & PCs (https://forums.FreeBSD.org/threads/hardware-detection-diagnostics-for-new-freebsd-users-pcs.84596/) Beastie Bits • [NetBSD - Announcing Google Summer of Code 2022 projects](https://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code3) • [Welcome FreeBSD Google Summer of Code Participants](https://freebsdfoundation.org/blog/welcome-freebsd-google-summer-of-code-participants/) • [Network from Scratch](https://www.networksfromscratch.com) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Today we are joined by security expert and host of the Secure Talk podcast, Mark Shriner, to discuss information security. We talk about it from a personal perspective, as well as for organizations. Mark, Curtis, and Prasanna talk about what are the bare minimum things you should be doing as an individual to protect your personal information and data, both from a security and backup perspective. We then move on to talking about it from a company perspective, and how very important things like MFA (while good) do not solve everything, and then we talk about many other things you could be doing. Then there was the moment that created the title of the podcast, where Prasanna disagreed with Curtis – but not quite. When it comes to information security and data protection (and many things in life), perfect is the enemy of good. Try not to be overwhelmed with all the things you could or should be doing; just pick something and do something. Something is always better than nothing when it comes to these areas. This episode is jam-packed with good information you won't want to miss. Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!

It's Josh Blum's first time being on the other side and being a guest on a show. Today, he shares his first-50-episode journey, monetization in podcasting, and the importance of adding value to other people through a thought leadership platform. Be inspired and learn from the pros!     WHAT TO LISTEN FOR Top 3 learnings to create a podcast Best practices to showcase your content EAffect: The What and Why behind it The value of the exchange model Strategies for attracting great guests     RESOURCES/LINKS MENTIONED Mountain Bike Radio Apple & Spotify RODECaster Pro Riverside.fm  Squadcast.fm Zoom H6 Audio Technica ATR-2100 Libsyn Podbean Blubrry MTV Radio Dave Jackson Ep5: How To Monetize Your Podcast - Free Course 5/6 Apple & Spotify Ep10: Not Being Willing To Monetize Your Show - Pitfall #21 Apple & Spotify Ep30: More Ways To Monetize Than You Think - Pitfall #11 Apple & Spotify Matthew McConaughey     ABOUT JOSH BLUM Josh Blum is a father and doer of stuff – paired with Advocate, Builder of Trails and Community. Originally from La Crosse, WI, Josh has been enjoying the outdoors, trails, and mountain bikes since a young age. Always curious and learning about better ways to improve trail users' experiences. Josh is the host and creator of the Trail EAffect podcast, which was done to bring more trail-related content to the masses and inspire others to get involved or just get out and enjoy their local trails.     CONNECT WITH JOSH Podcast: Trail EAffect Website: Evolution Trail Services Instagram: @traileaffect Facebook: Trail EAffect PoEVOLUTION Trail Servicesdcast     CONNECT WITH US If you are interested in getting on our show, email us at team@growyourshow.com. Thinking about creating and growing your own podcast but not sure where to start? Click here and Schedule a call with Adam A. Adams! Upgrading your podcast equipment or maybe getting your first microphone? Get Your Free Equipment Guide! We also have free courses for you on everything you need to know about starting a great podcast! Check out our first six episodes through the links below! Identify Your Avatar - Free Course 1/6 What To Do BEFORE You Launch Your Podcast - Free Course 2/6 How To Launch A TOP Show - Free Course 3/6 Best Marketing And Growth Strategies - Free Course 4/6 How To Monetize Your Podcast - Free Course 5/6  Top 22 Pitfalls On Starting Your Own Podcast - Free Course 6/6 If you want to make money from your podcasts, check out this FREE resource we made. Our clients use a sponsor sheet, and now they are making between $2,000 to $5,000 from sponsorship!  Subscribe so you don't miss out on great content and if you love the show, leave an honest rating and review here!

In the final hour, Mike Mulligan and David Haugh were joined by Brad Biggs of the Tribune to discuss the latest Bears storylines as they continue OTAs. Does is matter that cornerback Jaylon Johnson was working with the backups Tuesday? 

OTAs continue for the Chicago Bears but the guys saw something intriguing yesterday. Why was Jaylon Johnson practicing with the backups? Did JJ get benched by Matt Eberflus? The guys try to get inside the new head coach's mind in today's episode! Learn more about your ad choices. Visit megaphone.fm/adchoices

About SimonFounder and CEO of SnapShooter a backup company Links Referenced: SnapShooter.com: https://SnapShooter.com MrSimonBennett: https://twitter.com/MrSimonBennett TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Finding skilled DevOps engineers is a pain in the neck! And if you need to deploy a secure and compliant application to AWS, forgettaboutit! But that's where DuploCloud can help. Their comprehensive no-code/low-code software platform guarantees a secure and compliant infrastructure in as little as two weeks, while automating the full DevSecOps lifestyle. Get started with DevOps-as-a-Service from DuploCloud so that your cloud configurations are done right the first time. Tell them I sent you and your first two months are free. To learn more visit: snark.cloud/duplo. Thats's snark.cloud/D-U-P-L-O-C-L-O-U-D.Corey: What if there were a single place to get an inventory of what you're running in the cloud that wasn't "the monthly bill?" Further, what if there were a way to compare that inventory to what you were already managing via Terraform, Pulumi, or CloudFormation, but then automatically add the missing unmanaged or drifted parts to it? And what if there were a policy engine to immediately flag and remediate a wide variety of misconfigurations? Well, stop dreaming and start doing; visit snark.cloud/firefly to learn more.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the things that I learned early on in my career as a grumpy Unix systems administrator is that there are two kinds of people out there: those who care about backups an awful lot, and people who haven't lost data yet. I lost a bunch of data once upon a time and then I too fell on the side of backups are super important. Here to talk with me about them a bit today is Simon Bennett, founder and CEO of SnapShooter.com. Simon, thanks for joining me.Simon: Thanks for having me. Thank you very much.Corey: It's fun to be able to talk to people who are doing business in the cloud space—in this sense too—that is not venture-backed, that is not, “Well, we have 600 people here that are building this thing out.” And similar to the way that I handle things at The Duckbill Group, you are effectively one of those legacy things known as a profitable business that self-funds. What made you decide to pursue that model as opposed to, well, whatever the polite version of bilking venture capitalists out of enormous piles of money for [unintelligible 00:01:32]?Simon: I think I always liked the idea of being self-sufficient and running a business, so I always wanted to start a physical business when I was younger, but when I got into software, I realized that that's a really easy way, no capital needed, to get started. And I tried for years and years to build products, all of which failed until finally SnapShooter actually gained a customer. [laugh].Corey: “Oh, wait, someone finally is paying money for this, I guess I'm onto something.”Simon: Yeah.Corey: And it's sort of progressed from there. How long have you been in business?Simon: We started in 2017, as… it was an internal project for a company I was working at who had problems with DigitalOcean backups, or they had problems with their servers getting compromised. So, I looked at DigitalOcean API and realized I could build something. And it took less than a week to build a product [with billing 00:02:20]. And I put that online and people started using it. So, that was how it worked.Every other product I tried before, I'd spent months and months developing it and never getting a customer. And the one time I spent less than [laugh] less than a week's worth of evenings, someone started paying. I mean, admittedly, the first person was only paying a couple of dollars a month, but it was something.Corey: There's a huge turning point where you just validate the ability and willingness for someone to transfer one dollar from their bank account to yours. It speaks to validation in a way that social media nonsense generally doesn't. It's the oh, someone is actually willing to pay because I'm adding value to what they do. That's no small thing.Simon: Yeah. There's definitely a big difference between people saying they're going to and they'd love it, and actually doing it. So.Corey: I first heard about you when Patrick McKenzie—or @patio11, as he goes by on Twitter—wound up doing a mini-thread on you about, “I've now used SnapShooter.com for real, and it was such a joy, including making a server migration easier than it would otherwise have been. Now, I have automatically monitored backups to my own S3 account for a bunch of things, which already had a fairly remote risk of failure.” And he keeps talking about the awesome aspects of it. And okay, when Patrick says, “This is neat,” that usually means it's time for me to at least click the link and see what's going on.And the thing that jumped out at me was a few things about what it is that you offer. You talk about making sure that people can sleep well at night, that it's about why backups are important, about—you obviously check the boxes and talk about how you do things and why you do them the way that you do, but it resonates around the idea of helping people sleep well at night. Because no one wants to think about backups. Because no one cares about backups; they just care an awful lot about restores, usually right after they should have cared about the backups.Simon: Yeah. This is actually a big problem with getting customers because I don't think it's on a lot of people's minds, getting backups set up until, as you said in the intro, something's gone wrong. [laugh]. And then they're happy to be a customer for life.Corey: I started clicking around and looking at your testimonials, for example, on your website. And the first one I saw was from the CEO of Transistor.fm. For those who aren't familiar with what they do, they are the company that hosts this podcast. I pay them as a vendor for all the back issues and whatnot.Whenever you download the show. It's routing through their stuff. So yeah, I kind of want them to have backups of these things because I really don't want to have all these conversations [laugh] again with everyone. That's an important thing. But Transistor's business is not making sure that the data is safe and secure; it's making podcasts available, making it easy to publish to them.And in your case, you're handling the backup portion of it so they can pay their money and they set it up effectively once—set it and forget it—and then they can go back to doing the thing that they do, and not having to fuss with it constantly. I think a lot of companies get it wrong, where they seem to think that people are going to make sustained, engaged efforts in whatever platform or tool or service they build. People have bigger fish to fry; they just want the thing to work and not take up brain sweat.Simon: Yeah. Customers hardly ever log in. I think it's probably a good sign when they don't have to log in. So, they get their report emails, and that's that. And they obviously come back when they got new stuff to set up, but from a support point of view is pretty, pretty easy, really, people don't—[laugh] constantly on there.Corey: From where I sit, the large cloud providers—and some of the small ones, too—they all have backup functionality built into the offering that they've got. And some are great, some are terrible. I assume—perhaps naively—that all of them do what it says on the tin and actually back up the data. If that were sufficient, you wouldn't have any customers. You clearly have customers. What is it that makes those things not work super well?Simon: Some of them are inflexible. So, some of the providers have built-in server backups that only happen weekly, and six days of no backups can be a big problem when you've made a mistake. So, we offer a lot of flexibility around how often you backup your data. And then another key part is that we let you store your data where you want. A lot of the providers have either vendor lock-in, or they only store it in themselves. So… we let you take your data from one side of the globe to the other if you want.Corey: As anyone who has listened to the show is aware, I'm not a huge advocate for multi-cloud for a variety of excellent reasons. And I mean that on a per-workload basis, not, “Oh, we're going to go with one company called Amazon,” and you use everything that they do, including their WorkMail product. Yeah, even Amazon doesn't use WorkMail; they use Exchange like a real company would. And great, pick the thing that works best for you, but backups have always been one of those areas.I know that AWS has great region separation—most of the time. I know that it is unheard of for there to be a catastrophic data loss story that transcends multiple regions, so the story from their side is very often, oh, just back it up to a different region. Problem solved. Ignoring the data transfer aspect of that from a pricing perspective, okay. But there's also a risk element here where everyone talks about the single point of failure with the AWS account that it's there, people don't talk about as much: it's your payment instrument; if they suspend your account, you're not getting into any region.There's also the story of if someone gets access to your account, how do you back that up? If you're going to be doing backups, from my perspective, that is the perfect use case, to put it on a different provider. Because if I'm backing up from, I don't know, Amazon to Google Cloud or vice versa, I have a hard time envisioning a scenario in which both of those companies simultaneously have lost my data and I still care about computers. It is very hard for me to imagine that kind of failure mode, it's way out of scope for any disaster recovery or business continuity plan that I'm coming up with.Simon: Yeah, that's right. Yeah, I haven't—[laugh] I don't have that in my disaster recovery plan, to be honest about going to a different cloud, as in, we'll solve that problem when it happens. But the data is, as you say, in two different places, or more. But yeah, the security one is a key one because, you know, there's quite a lot of surface area on your AWS account for compromising, but if you're using either—even a separate AWS account or a different provider purely for storage, that can be very tightly controlled.Corey: I also appreciate the idea that when you're backing stuff up between different providers, the idea of owning both sides of it—I know you offer a solution where you wind up hosting the data as well, and that has its value, don't get me wrong, but there are also times, particularly for regulated industries, where yeah, I kind of don't want my backup data just hanging out with someone else's account with whatever they choose to do with it. There's also the verification question, which again, I'm not accusing you of in any way, shape, or form of being nefarious, but it's also one of those when I have to report to a board of directors of like, “Are you sure that they're doing what they say they're doing?” It's a, “Well, he seemed trustworthy,” is not the greatest answer. And the boards ask questions like that all the time. Netflix has talked about this where they backup a rehydrate-the-business level of data to Google Cloud from AWS, not because they think Amazon is going to disappear off the face of the earth, but because it's easier to do that and explain it than having to say, “Well, it's extremely unlikely and here's why,” and not get torn to pieces by auditors, shareholders, et cetera. It's the path of least resistance, and there is some validity to it.Simon: Yeah, when you see those big companies who've been with ransomware attacks and they've had to either pay the ransom or they've literally got to build the business from scratch, like, the cost associated with that is almost business-ending. So, just one backup for their data, off-site [laugh] they could have saved themselves millions and millions of pounds. So.Corey: It's one of those things where an ounce of prevention is worth a pound of cure. And we're still seeing that stuff continue to evolve and continue to exist out in the ecosystem. There's a whole host of things that I think about like, “Ooh, if I lost, that would be annoying but not disastrous.” When I was going through some contractual stuff when we were first setting up The Duckbill Group and talking to clients about this, they would periodically ask questions about, “Well, what's your DR policy for these things?” It's, “Well, we have a number of employees; no more than two are located in the same city anywhere, and we all work from laptops because it is the 21st century, so if someone's internet goes out, they'll go to a coffee shop. If everyone's internet goes out, do you really care about the AWS bill that month?”It's a very different use case and [unintelligible 00:11:02] with these things. Now, let's be clear, we are a consultancy that fixes AWS bills; we're not a hospital. There's a big difference in the use case and what is acceptable in different ways. But what I like is that you have really build something out that lets people choose their own adventure in how managed they want it to be, what the source is, what the target should be. And it gives people enough control but without having to worry about the finicky parts of aligning a bunch of scripts that wind up firing off in cron jobs.Simon: Yeah. I'd say a fair few people run into issues running scripts or, you know, they silently fail and then you realize you haven't actually been running backups for the last six months until you're trying to pull them, even if you were trying to—Corey: Bold of you to think that I would notice it that quickly.Simon: [laugh]. Yeah, right. True. Yeah, that's presuming you have a disaster recovery plan that you actually test. Lots of small businesses have never even heard of that as a thing. So, having as us, kind of, manage backups sort of enables us to very easily tell people that backups of, like—we couldn't take the backup. Like, you need to address this.Also, to your previous point about the control, you can decide completely where data flows between. So, when people ask us about what's GDPR policies around data and stuff, we can say, “Well, we don't actually handle your data in that sense. It goes directly from your source through almost a proxy that you control to your storage.” So.Corey: The best answer: GDPR is out of scope. Please come again. And [laugh] yeah, just pass that off to someone else.Simon: In a way, you've already approved those two: you've approved the person that you're managing servers with and you've already approved the people that are doing storage with. You kind of… you do need to approve us, but we're not handling the data. So, we're handling your data, like your actual customer; we're not handling your customer's customer's data.Corey: Oh, yeah. Now, it's a valuable thing. One of my famous personal backup issues was okay, “I'm going to back this up onto the shared drive,” and I sort of might have screwed up the backup script—in the better way, given the two possible directions this can go—but it was backing up all of its data and all the existing backup data, so you know, exponential growth of your backups. Now, my storage vendor was about to buy a boat and name it after me when I caught that. “Oh, yeah, let's go ahead and fix that.”But this stuff is finicky, it's annoying, and in most cases, it fails in silent ways that only show up as a giant bill in one form or another. And not having to think about that is valuable. I'm willing to spend a few hours setting up a backup strategy and the rest; I'm not willing to tend it on an ongoing basis, just because I have other things I care about and things I need to get done.Simon: Yeah. It's such a kind of simple and trivial thing that can quickly become a nightmare [laugh] when you've made a mistake. So, not doing it yourself is a good [laugh] solution.Corey: So, it wouldn't have been a @patio11 recommendation to look at what you do without having some insight into the rest of the nuts and bolts of the business and the rest. Your plans are interesting. You have a free tier of course, which is a single daily backup job and half a gig of storage—or bring your own to that it's unlimited storage—Simon: Yep. Yeah.Corey: Unlimited: the only limits are your budget. Yeah. Zombo.com got it slightly wrong. It's not your mind, it's your budget. And then it goes from Light to Startup to Business to Agency at the high end.A question I have for you is at the high end, what I've found has been sort of the SaaS approach. The top end is always been a ‘Contact Us' form where it's the enterprise scope of folks where they tend to have procurement departments looking at this, and they're going to have a whole bunch of custom contract stuff, but they're also not used to signing checks with fewer than two commas in them. So, it's the signaling and the messaging of, “Reach out and talk to us.” Have you experimented with that at all, yet? Is it something you haven't gotten to yet or do you not have interest in serving that particular market segment?Simon: I'd say we've been gearing the business from starting off very small with one solution to, you know, last—and two years ago, we added the ability to store data from one provider to a different provider. So, we're sort of stair-stepping our way up to enterprise. For example, at the end of last year, we went and got certificates for ISO 27001 and… one other one, I can't remember the name of them, and we're probably going to get SOC 2 at some point this year. And then yes, we will be pushing more towards enterprises. We add, like, APIs as well so people can set up backups on the fly, or so they can put it as part of their provisioning.That's hopefully where I'm seeing the business go, as in we'll become under-the-hood backup provider for, like, a managed hosting solution or something where their customers won't even realize it's us, but we're taking the backups away from—responsibility away from businesses.Corey: For those listeners who are fortunate enough to not have to have spent as long as I have in the woods of corporate governance, the correct answer to, “Well, how do we know that vendor is doing what they say that they're doing,” because the, “Well, he seemed like a nice guy,” is not going to carry water, well, here are the certifications that they have attested to. Here's copies under NDA, if their audit reports that call out what controls they claim to have and it validates that they are in fact doing what they say that they're doing. That is corporate-speak that attests that you're doing the right things. Now, you're going to, in most cases, find yourself spending all your time doing work for no real money if you start making those things available to every customer spending 50 cents a year with you. So generally, the, “Oh, we're going to go through the compliance, get you the reports,” is one of the higher, more expensive tiers where you must spend at least this much for us to start engaging down this rabbit hole of various nonsense.And I don't blame you in the least for not going down that path. One of these years, I'm going to wind up going through at least one of those certification approaches myself, but historically, we don't handle anything except your billing data, and here's how we do it has so far been sufficient for our contractual needs. But the world's evolving; sophistication of enterprise buyers is at varying places and at some point, it'll just be easier to go down that path.Simon: Yeah, to be honest, we haven't had many, many of those customers. Sometimes we have people who come in well over the plan limits, and that's where we do a custom plan for them, but we've not had too many requests for certification. But obviously, we have the certification now, so if anyone ever [laugh] did want to see it under NDA, we could add some commas to any price. [laugh].Corey: This episode is sponsored in parts by our friend EnterpriseDB. EnterpriseDB has been powering enterprise applications with PostgreSQL for 15 years. And now EnterpriseDB has you covered wherever you deploy PostgreSQL on premises, private cloud, and they just announced a fully managed service on AWS and Azure called BigAnimal, all one word.Don't leave managing your database to your cloud vendor because they're too busy launching another half dozen manage databases to focus on any one of them that they didn't build themselves. Instead, work with the experts over at EnterpriseDB. They can save you time and money, they can even help you migrate legacy applications, including Oracle, to the cloud.To learn more, try BigAnimal for free. Go to biganimal.com/snark, and tell them Corey sent you.Corey: What I like as well is that you offer backups for a bunch of different things. You can do snapshots from, effectively, every provider. I'm sorry, I'm just going to call out because I love this: AWS and Amazon LightSail are called out as two distinct things. And Amazonians will say, “Oh, well, under the hood, they're really the same thing, et cetera.” Yeah, the user experience is wildly different, so yeah, calling those things out as separate things make sense.But it goes beyond that because it's not just, “Well, I took a disk image. There we go. Come again.” You also offer backup recipes for specific things where you could, for example, back things up to a local file and external storage where someone is. Great, you also backup WordPress and MongoDB and MySQL and a whole bunch of other things.A unified cloud controller, which is something I have in my house, and I keep thinking I should find a way to back that up. Yeah, this is great. It's not just about the big server thing; it's about having data living in managed services. It's about making sure that the application data is backed up in a reasonable, responsible way. I really liked that approach. Was that an evolution or is that something you wound up focusing on almost from the beginning?Simon: It was an evolution. So, we started with the snapshots, which got the business quite far to be honest and it was very simple. It was just DigitalOcean to start with, actually, for the first two years. Pretty easy to market in a way because it's just focused on one thing. Then the other solutions came in, like the other providers and, you know, once you add one, it was easy to add many.And then came database backups and file backups. And I just had those two solutions because that was what people were asking for. Like, they wanted to make sure their whole server snapshot, if you have a whole server snapshot, the point in time data for MySQL could be corrupt. Like, there could be stuff in RAM that a MySQL dump would have pulled out, for example. Like… there's a possibility that the database could be corrupt from a snapshot, so people were asking for a bit of, more, peace of mind with doing proper backups of MySQL.So, that's what we added. And it soon became apparent when more customers were asking for more solutions that we really needed to, like, step back and think about what we're actually offering. So, we rebuilt this whole, kind of like, database engine, then that allowed us to consume data from anywhere. So, we can easily add more backup types. So, the reason you can see all the ones you've listed there is because that's kind of what people have been asking for. And every time someone comes up with a new, [laugh], like, a new open-source project or database or whatever, we'll add support, even ones I've never heard of before. When people ask for some weird file—Corey: All it takes is just waiting for someone to reach out and say, hey, can you back this thing up, please?Simon: Yeah, exactly, some weird file-based database system that I've never ever heard of. Yeah, sure. Just give us [laugh] a test server to mess around with and we'll build, essentially, like, we use bash in the background for doing the backups; if you can stream the data from a command, we can then deal with the whole management process. So, that's the reason why. And then, I was seeing in, like, the Laravel space, for example, people were doing MySQL backups and they'd have a script, and then for whatever reason, someone rotated the passwords on the database and the backup script… was forgotten about.So, there it is, not working for months. So, we thought we could build a backup where you could just point it at where the Laravel project is. We can get all the config we need at the runtime because it's all there with the project anyway, and then thus, you never need to tell us the password for your database and that problem goes away. And it's the same with WordPress.Corey: I'm looking at this now just as you go through this, and I'm a big believer in disclaiming my biases, conflicts of interest, et cetera. And until this point, neither of us have traded a penny in either direction between us that I'm ever aware of—maybe you bought a t-shirt or something once upon a time—but great, I'm about to become a customer of this because I already have backup solutions for a lot of the things that you currently support, but again, when you're a grumpy admin who's lost data in the past, it's, “Huh, you know what I would really like? That's right, another backup.” And if that costs me a few hundred bucks a year for the peace of mind is money well spent because the failure mode is I get to rewrite a whole lot of blog posts and re-record all podcasts and pay for a whole bunch of custom development again. And it's just not something that I particularly want to have to deal with. There's something to be said for a holistic backup solution. I wish that more people thought about these things.Simon: Can you imagine having to pull all the blog posts off [unintelligible 00:22:19]? [laugh]—Corey: Oh, my got—Simon: —to try and rebuild it.Corey: That is called the crappiest summer internship someone has ever had.Simon: Yeah.Corey: And that is just painful. I can't quite fathom having to do that as a strategy. Every once in a while some big site will have a data loss incident or go out of business or something, and there's a frantic archiving endeavor that happens where people are trying to copy the content out of the Google Search Engine's cache before it expires at whatever timeline that is. And that looks like the worst possible situation for any sort of giant backup.Simon: At least that's one you can fix. I mean, if you were to lose all the payment information, then you've got to restitch all that together, or anything else. Like, that's a fixable solution, but a lot of these other ones, if you lose the data, yeah, there's no two ways around it, you're screwed. So.Corey: Yeah, it's a challenging thing. And it's also—the question also becomes one of, “Well, hang on. I know about backups on this because I have this data, but it's used to working in an AWS environment. What possible good would it do me sitting somewhere else?” It's, yeah, the point is, it's sitting somewhere else, at least in my experience. You can copy it back to that sort of environment.I'm not suggesting this is a way that you can run your AWS serverless environment on DigitalOcean, but it's a matter of if everything turns against you, you can rebuild from those backups. That's the approach that I've usually taken. Do you find that your customers understand that going in or is there an education process?Simon: I'd say people come for all sorts of reasons for why they want backup. So, having your data in two places for that is one of the reasons but, you know, I think there's a lot of reasons why people want peace of mind: for either developer mistakes or migration mistakes or hacking, all these things. So, I guess the big one we come up with a lot is people talking about databases and they don't need backups because they've got replication. And trying to explain that replication between two databases isn't the same as a backup. Like, you make a mistake you drop—[laugh] you run your delete query wrong on the first database, it's gone, replicated or not.Corey: Right, the odds of me fat-fingering an S3 bucket command are incredibly likelier than the odds of AWS losing an entire region's S3 data irretrievably. I make mistakes a lot more than they tend to architecturally, but let's also be clear, they're one of the best. My impression has always been the big three mostly do a decent job of this. The jury's still out, in my opinion, on other third-party clouds that are not, I guess, tier one. What's your take?Simon: I have to be careful. I've got quite good relationships with some of these. [laugh].Corey: Oh, of course. Of course. Of course.Simon: But yes, I would say most customers do end up using S3 as their storage option, and I think that is because it is, I think, the best. Like, is in terms of reliability and performance, some storage can be a little slow at times for pulling data in, which could or could not be a problem depending on what your use case is. But there are some trade-offs. Obviously, S3, if you're trying to get your data back out, is expensive. If you were to look at Backblaze, for example, as well, that's considerably cheaper than S3, especially, like, when you're talking in the petabyte-scale, there can be huge savings there. So… they all sort of bring their own thing to the table. Personally, I store the backups in S3 and in Backblaze, and in one other provider. [laugh].Corey: Oh, yeah. Like—Simon: I like to have them spread.Corey: Like, every once in a while in the industry, there's something that happens that's sort of a watershed moment where it reminds everyone, “Oh, right. That's why we do backups.” I think the most recent one—and again, love to them; this stuff is never fun—was when that OVH data center burned down. And OVH is a somewhat more traditional hosting provider, in some respects. Like, their pricing is great, but they wind up giving you what amounts to here as a server in a rack. You get to build all this stuff yourself.And that backup story is one of those. Oh, okay. Well, I just got two of them and I'll copy backups to each other. Yeah, but they're in the same building and that building just burned down. Now, what? And a lot of people learned a very painful lesson. And oh, right, that's why we have to do that.Simon: Yeah. The other big lesson from that was that even if the people with data in a different region—like, they'd had cross-regional backups—because of the demand at the time for accessing backups, if you wanted to get your data quickly, you're in a queue because so many other people were in the same boat as you're trying to restore stored backups. So, being off-site with a different provider would have made that a little easier. [laugh].Corey: It's a herd of elephants problem. You test your DR strategy on a scheduled basis; great, you're the only person doing it—give or take—at that time, as opposed to a large provider has lost a region and everyone is hitting their backup service simultaneously. It generally isn't built for that type of scale and provisioning. One other question I have for you is when I make mistakes, for better or worse, they're usually relatively small-scale. I want to restore a certain file or I will want to, “Ooh, that one item I just dropped out of that database really should not have been dropped.” Do you currently offer things that go beyond the entire restore everything or nothing? Or right now are you still approaching this from the perspective of this is for the catastrophic case where you're in some pain already?Simon: Mostly the catastrophic stage. So, we have MySQL [bin logs 00:27:57] as an option. So, if you wanted to do, like, a point-in-time of store, which… may be more applicable to what you're saying, but generally, its whole, whole website recovery. For example, like, we have a WordPress backup that'll go through all the WordPress websites on the server and we'll back them up individually so you can restore just one. There are ways that we have helped customers in the past just pull one table, for example, from a backup.But yeah, we geared towards, kind of, the set and the forget. And people don't often restore backups, to be honest. They don't. But when they do, it's obviously [laugh] very crucial that they work, so I prefer to back up the whole thing and then help people, like, if you need to extract ten megabytes out of an entire gig backup, that's a bit wasteful, but at least, you know, you've got the data there. So.Corey: Yeah. I'm a big believer in having backups in a variety of different levels. Because I don't really want to do a whole server restore when I remove a file. And let's be clear, I still have that grumpy old Unix admin of before I start making changes to a file, yeah, my editor can undo things and remembers that persistently and all. But I have a disturbing number of files and directories whose names end in ‘.bac' with then, like, a date or something on it, just because it's—you know, like, “Oh, I have to fix something in Git. How do I do this?”Step one, I'm going to copy the entire directory so when I make a pig's breakfast out of this and I lose things that I care about, rather than having to play Git surgeon for two more days, I can just copy it back over and try again. Disk space is cheap for those things. But that's also not a holistic backup strategy because I have to remember to do it every time and the whole point of what you're building and the value you're adding, from my perspective, is people don't have to think about it.Simon: Yes. Yeah yeah yeah. Once it's there, it's there. It's running. It's as you say, it's not the most efficient thing if you wanted to restore one file—not to say you couldn't—but at least you didn't have to think about doing the backup first.Corey: I really want to thank you for taking the time out of your day to talk to me about all this. If people want to learn more for themselves, where can they find you?Simon: So, SnapShooter.com is a great place, or on Twitter, if you want to follow me. I am @MrSimonBennett.Corey: And we will, of course, put links to that in the [show notes 00:30:11]. Thank you once again. I really appreciate it.Simon: Thank you. Thank you very much for having me.Corey: Simon Bennett, founder and CEO of SnapShooter.com. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this episode, please leave a five-star review on your podcast platform of choice, along with an angry insulting comment that, just like your backup strategy, you haven't put enough thought into.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

This whole episode is a Mr. Backup rant, where he talks about things that people should really stop doing with their backup systems, starting with backing up directly to tape. There is a place for tape, but it is NOT at the front end of the backup system. Curtis and Prasanna passionately discuss and explain several relics of the ways we used to do things, and why they no longer make sense. Another one is repeated full backups - synthetic or otherwise. Many of them can be addressed by just changing how you use your backup product, but a few of them may cause you to think about making a change. (Hint: if your backup product has been around for more than 20 years, it probably can't get away from some of the relics of the past.) Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!

Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes, no, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention and certainly Facebook can be one of those companies. [00:00:57] So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. It tamed from a leaked document. Yeah, exactly. So we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:01:23] It basically got sued out of existence, but there's no way that Facebook is going to be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So Gores, if you're older, we used to call those tidal waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:01:53] So Facebook, internally, their engineers are trying to figure out, okay. So how do we deal with. People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:02:16] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How were they all cat categorize now we've got the European union. With their general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:02:41] That's not my specialty. My specialty is the cybersecurity. But in article five this year, peon law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected in use for a specific purpose and not reused for another purpose. [00:03:19] As an example here, that vice has given in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Hey, so Gizmodo with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice because, and this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. [00:03:54] And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online then nothing. I think I probably even uploaded it back then thinking it'd be nice to see if I got friends here. We can start chatting, et cetera. [00:04:12] According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal memo this year, PN regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leaked document shows that Facebook may not even have the ability to live. [00:04:37] How it handles user's data. Now I was on a number of radio stations this week, talking about this. And the example I gave is just look at an average business from the time it start, Facebook started how right? Wildly scraping pictures of young women off of Harvard university. Main catalog, contact page, and then asking people what do you think of this? This person, that person. And off they go, trying to rate them. Yeah. Yeah. All that matters to a woman, at least to Courtney, to mark Zuckerberg girl, all the matters about a woman is how she looks. Do I think she's pretty or not? [00:05:15] It's ridiculous. What he was doing. It just, oh, that's zackerburg who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then open it up even wider and wider. [00:05:42] And of course, that also created demand because you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certainly starting to collect data and you are making more money than God. So what do you do? You don't have to worry about any efficiencies. [00:06:02] I'll tell you that. Right? One thing you don't have to do is worry about gee. We've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:06:24] And they put together all of the basic information, that they want. Pulling it out of this database and that database in there doing some correlation, writing some really cool CQL queries with mem credible joins and everything else. And now that becomes part of the main code for Facebook. [00:06:45] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says, yeah here we go. [00:07:09] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:07:34] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the U S Canada of course, has their own Australia and New Zealand think about all the places. [00:07:57] Facebook makes a lot of. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well-described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water and K and it flows every year. [00:08:22] The document read. So how do you put that ink back in the bottle? I, in the right bottle, how do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from? Apparently they don't even know where they got some of this information. [00:08:43] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It's crazy. So this document that we're talking about, it was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of our monetization strategy. [00:09:06] And is the engine that powers Facebook's growth. Interesting. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And then I've talked about as well along comes Elon Musk and he says wait a minute. [00:09:29] I can make Twitter way more profitable. We're going to get rid of however many people over a thousand, and then we are going to hire more people. We're going to start charging. We're going to be more efficient. You can bet all of these redundancies that are in Facebook are also there. And Twitter also has to comply with all of these regulations that Facebook is freaking out about it for a really a very good reason. [00:10:00] So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does the button. Most companies you write, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be because it grew organically. [00:10:32] Do you started out with a little consumer firewall router, wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. [00:10:52] Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:11:02] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian Looters. [00:11:19] We know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:11:32] Certainly the Americans, the British, even the Nazis during world war II the the socialists they're in. Germany they tried to stop some of the looting that was going on. I think that's probably a very good thing, because what you end up with is just all of these locals that are just totally upset with you. [00:11:57] I found a great article on the guardian and there's a village. I hadn't been occupied for about a month by Russian troops and the people came back. They are just shocked to see what happened in there. Giving a few examples of different towns. They found that the alcohol was stolen and they left empty bottles behind food wrappers, cigarette butts, thrown all over the place in apartments in the home. [00:12:26] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the closes as a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and laundry. This is really something. The Sylvia's didn't do this, but now Russia. [00:12:49] The military apparently does. So over the past couple of weeks, there have been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidence to suggest looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:13:17] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto your old trucks. Everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioner. [00:13:41] Being shipped back, just you might use ups here or they have their equivalent over there. A lady here who was the head teacher in the school, she came back in, of course, found her home looted and in the head teacher's office. She found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're going to destroy it. [00:14:07] They don't wanna leave anything behind. They found the Russian to take in most of the computers, the projectors and other electronic equipment. It's incredible. So let's talk about the turnaround here. You might've heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:14:27] So they get into the apple store. They grab laptops on iPads, no longer iPods, because they don't make those anymore. And I phone. And they take them and they run with them. Nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is they'd take some parts and use them in stolen equipment. [00:14:52] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:15:15] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, they didn't say they put them on wifi. They don't get a SIM card. They don't. Service from T-Mobile or Verizon or whoever it might be. So now they just connect to the wifi and it calls home. [00:15:33] Cause it's going to get updates and download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erase, et cetera. [00:16:00] Now, please have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're doing things like putting them into Faraday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:16:25] You steal it. It's not going to do you much. Good. So one of the things the Russian stole when they were in a it's called a, I think you pronounced. Melad Mellott DePaul which is again, a Ukrainian city is they stole all of the equipment from a farm equipment dealership and shipped it to check. Now that's according to a source in a businessman in the area that CNN is reporting on. [00:16:56] So they shipped this equipment. We're talking about combine harvesters were 300 grand a piece. They shipped it 700 miles. And the thieves were ultimately unable to use the equipment because it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [00:17:23] It's atonomous it goes up and down the field. Goes to any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, of your property being very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [00:17:49] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a what not terribly profitable business. And certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? What they do is they use. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [00:18:16] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not going to come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [00:18:41] You see where I'm going with this so that they can get their equipment in the hands of more farmers because the farmers can lease it. It costs them less. They don't have to have a big cash payment. You see how this all works. So when the Russian forces stole this equipment, that's valued, total value here is about $5 million. [00:19:02] They were able to shut it all off. And th the, obviously if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and there's pros and cons to that. I think there's a lot of cons, but what are you going to do? How's that going to work for? Isn't going to work for you. [00:19:22] And they were able to track it and had GPS trackers find out exactly where it was. That's how they know it was Tara taken to Chechnya and could be controlled remotely. And in this case, how did they control it? They completely. Shut it off, even if they sell the harvesters for spare parts to learn some money, but they sure aren't gonna be able to sell them for the 300 grand that they were actually worth. [00:19:48] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show notes. And every week I have a quick. Training right there. New emails, Craig Peterson.com. [00:20:05] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're going to talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world! [00:20:20] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [00:20:31] We had improved all of their systems and their security, and one of them. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine all of a sudden, guess what it had ransomware on it. One of those big. Green's that say, pay up and send us this much Bitcoin, and here's our address. [00:21:00] All of that sort of stuff. And he called us up and said, what's going on here? What happened? First of all, don't bring your own machine into the office. Secondly, don't open up as particularly encrypted files using a password that they gave. And thirdly, we stopped it automatically. It did not spread. [00:21:20] We were able to completely restore his computer. Now let's consider here the consequences of what happened. So he obviously was scared. And within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. So the consequences there, they weren't that bad. But how about if it had gotten worse? [00:21:47] How about if the ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. What do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [00:22:08] Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. All I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [00:22:35] And if you're interested, I can send you, I've got something I wrote up. Be glad to email it back to you. Obviously as usual, no charge. And you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [00:22:58] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's to two factor, first is they've encrypted your data. You can't get to it. And then the second side of that is okay I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they'll put it out there. [00:23:22] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing you can lose your license for your business. You can, you lose your ability to go ahead and frankly make loans and work with financial companies and financial instruments. [00:23:45] It could be a very big. So there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And again, we've got a client that we picked up afterwards. That yes, indeed. That lost all of the money in their operating account. [00:24:09] And then how do you make payroll? How do you do things? There's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [00:24:29] One is by the way, Conti, which is a big ransomware gang that also got hacked after they said we are going to attack anyone. That doesn't defend Plaid's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. First of all, the largest ransom demand is $50 million. [00:24:55] And that was in 2021 to Acer big computer company. 37% of businesses were hit by ransomware. In 2021. This is amazing. They're expecting by 2031. So in about a decade, ransomware is going to be costing about $265 billion a year. Now on average. Ransomware costs businesses. 1.8, $5 million to recover from an attack. [00:25:25] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? If you're a car dealer, you have a license to print money, right? You're selling car model or cars from manufacturers. And now you have the right to do that and they can remove that. [00:25:48] How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, $20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom. So about a third Peter ransom demand. [00:26:12] Lastly. It's actually down because my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it ends it a little better than 50%, but 65% of pain victims recovered their. [00:26:41] Now isn't that absolutely amazing. Now 57% of companies were able to recover their data, using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get back? Probably took weeks, right? [00:27:05] For a regular computer over a regular internet line. Now restoring from backups is going to be faster because your downlink is usually faster than your uplink. That's not true for businesses that have real internet service like ours. It's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [00:27:28] So it's very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be credibly expensive for you incredibly. The number one business types by industry for ransomware attacks, retail. [00:27:59] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware or conscious of doing what a, of keeping their data secure of having a good it team, a good it department. [00:28:24] So there's your bottom line. Those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [00:28:52] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to craig peterson.com. [00:29:00] You and I have talked about passwords before the way to generate them and how important they are. We'll go over that again a little bit in just a second, but there's a new standard out there that will eliminate the need for passwords. [00:29:16] Passwords are a necessary evil, at least they have been forever. I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [00:29:31] Yeah, 360, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had a remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements. [00:29:58] And, but you had a username, you had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang, and his password was always some sort of a combination of RA Lang. So it was always easy to guess what his password was. Today. It has gotten a lot worse today. We have devices with us all the time. [00:30:22] You might be wearing a smart watch. That requires a password. You course probably have a smartphone that also maybe requiring a password. Certainly after it boots nowadays they use fingerprints or facial recognition, which is handy, but it has its own drawbacks. But how about the websites? You're going to the systems you're using in you're at work and logging in. [00:30:49] They all require password. And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to. [00:31:15] Now that's really an interesting thing, right? Just looking at it because we're so used to have in this password only authenticate. And of course the thing to do there is to make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe. [00:31:41] Upper lower case a little bit. In those words, those are the best passwords, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cause I use a completely different password for every website and right now, Let me pull it up. [00:32:03] I'm using one password dot coms, password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. And trees here in my password manager, 3,100, that is a whole lot of passwords, right? As well as software licenses and a few other things in there. [00:32:30] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I really do like that. Some others that I've liked in the past include last pass, but they really meant. With some of their cybersecurity last year and I lost my faith in it. [00:32:51] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless. And they're going to make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [00:33:15] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're going to work with the Fido Alliance and they're going to create this passwordless future. Which I like this idea. So how does this work? Basically you need to have a smartphone. [00:33:33] This is, I'm just going to go with the most standard way that this is going to work here in the future, and you can then have. Passkey, this is like a multi-factor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, given a password, and then it comes up and it asks me for a code. [00:33:57] So I enter in a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password. In order to generate that code. So that's how I log into Microsoft site and Google sites and all kinds of sites out there. So it's a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses. [00:34:24] We have biometrics tied in as. So to log into our systems, I have to have a username. I have to have a password. I then am sent to a single sign-on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am. [00:34:49] Yeah, there's a lot there, but I have to protect my customers. Something that very few it's crazy. Actual managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list. I'll send that to you. [00:35:13] That's what we're sending out right now for anyone who signs up new@craigpeterson.com. And if you'd like a copy of it in you're already on the list, just go ahead and email me. At Craig peterson.com and ask for the password special report where I go through a lot of this sort of thing. So what will happen with this is you go to a website and I might come up with a QR code. [00:35:37] So you then scan that QR code with your phone and verify it, authorize it on your phone. You might again to have it set up so that your phone requires a facial recognition or perhaps it'll require a fingerprint. And now you are. Which is very cool. They fix some security problems in Fido over the last few years, which is great over the coming year. [00:36:02] You're going to see this available on apple devices, Google Microsoft platforms, and it really is simple, stronger authentication. That's sort of Fido calls it. But it is going to make your life a lot easy, easier. It is a standard and the passwordless future makes a whole lot of sense for all of us. Now, I want to talk about another thing here that just bothered me for a long time. [00:36:30] I have a sister. Who is in the medical field and gives prescriptions, doctor thing. And I think she's not quite a doctor. I can't remember what she has. She's an LPN or something. And anyhow, so she. We'll get on a zoom call with someone and they'll go through medical history and what's happening right now and she'll make prescriptions. [00:36:57] And so I warned her about that saying, it is very bad to be using zoom because zoom is not secure. Never has been, probably never will be right. If you want secure. To go and pay for it from one of these providers like WebEx, that's what we use. We have a version of WebEx that is set up to be secure. [00:37:20] So I talked to her about that and said, Hey, listen, you can't do this. You've really got to go another way here. And so she started using one of these mental or. Medical health apps. What I want to talk about right now specifically are some checks that were just performed some audits on mental health apps. [00:37:45] That's why I messed up a second ago, but what they looked at is that things are a serious problem there. And then fact, the threat post, just calling it a. Frankly, just plain old creepy. So they've got some good intentions. They want to help with mental health. You've probably seen these or at least heard them advertise. [00:38:06] So you can get on the horn with a mental health professional, a doctor or otherwise in order to help you here with your psychological or spiritual wellness. And people are sharing their personal and sensitive data with third parties and have 32 mental health and prayer mobile apps that were investigated by the open source organization. [00:38:32] 28, 28 of the 32 were found to be inherently insecure and were given a privacy not included label, including others here. So this is a report. That was released here by the open source organization, tied into Mozilla. Those are the Firefox people. They have what they call their minimum security standards. [00:38:56] So things like requiring strong passwords, managing security, updates, and vulnerabilities, et cetera. 25 of the 32 failed to meet. Even those minimum security standards. So these apps are dealing with some of the most sensitive mental health and wellness issues people can possibly have, right? Depression, anxieties, suicidal fonts, domestic violence, eating disorders. [00:39:23] And they are being just terrible with your security Mozilla researchers spent 255 hours or about eight hours per product pairing under the hood of the security, watching the data that was going back and forth, right between all of these mental health and prayer apps. It was just crazy. So for example, eight of the apps reviewed, allowed weak passwords, that range. [00:39:52] One digit one as the password to 1, 1, 1, 1, while a mental health app called a mood fit only required one letter or digit as a password. Now that is very concerning for an app that collects mood and symptom data. So be very careful. Two of the apps better help a popular app that connects users with therapists and better stop suicide, which is a course of suicide prevention app have vague and messy, according to Mozilla privacy policies that have little or no effect on actual. [00:40:30] User data protection. So be very careful. And if you're a mental health, professional or medical professional, don't just go and use these open video calls, et cetera, et cetera, find something good. And there are some standards out there. Again. Visit me online, get my insider show notes every week. Get my little mini trends. [00:40:56] And they come up most weeks. Just go to Craig peterson.com. And I'll send you my special report on passwords and more. [00:41:06] We know the Russians have been attacking us. I've talked a lot about it on the radio station, all kinds of stations. In fact, here over the last couple of weeks, and I am doing something special, we are going through the things you can do to keep safe. [00:41:23] Last week we started doing something I promise we would continue. [00:41:27] And that is how can you protect yourself when it comes to the Russians, right? When it comes to the bad guys, because the Russians are definitely the bad guys. There's a few things you can do. And there's a few things, frankly, you shouldn't be doing. And that's exactly what we're going to talk about right now. [00:41:45] So last week he went over some steps, some things that you can look at that you should look at that are going to help protect you. And we are going to go into this a whole lot more today. And so I want you to stick around and if you miss anything, you can go online. You can go to Craig peterson.com, make sure you sign up there for my email. [00:42:08] And what I'm going to do for you is. Send you a few different documents now where we can chat back and forth about it, but I can send you this. Now I'm recording this on video as well as on audio. So you can follow along if you're watching either on YouTube or. Over on rumble and you can find it also on my website. [00:42:32] I've been trying to post it up there too, but right now let's talk about what we call passive backend protections. So you've got the front end and the front end of course, is. Stuff coming at you, maybe to the firewall I've mentioned last week about customers of mine. I was just looking at a few customers this week, just so I could have an idea of their firewalls. [00:42:59] And they were getting about 10 attacks per minute. Yeah. And these were customers who have requirements from the department of defense because they are defense sub subcontractors. So again, Potential bad guys. So I looked up their IP addresses and where the attacks were coming from. Now, remember that doesn't mean where they originated because the bad guys can hop through multiple machines and then get onto your machine. [00:43:28] What it means is that all, ultimately they ended up. Coming from one machine, right? So there's an IP address of that machine. That's attacking my clients or are attacking my machines. That just happens all the time. A lot of scans, but some definite attacks where they're trying to log in using SSH. [00:43:48] And what I found is these were coming from Slovakia, Russia, and Iran. Kind of what you were expecting, right? The Iranians, they just haven't given up yet. They keep trying to attack, particularly our military in our industry. One of the things we found out this week from, again, this was an FBI notice is that the Russians have been going after our industrial base. [00:44:15] And that includes, in fact, it's more specifically our automobile manufacturers we've already got problems, right? Try buying a new car, try buying parts. I was with my friend, just this. I helped them because he had his car right. Need to get picked up. So I took him over to pick up his car and we chatted a little bit with this small independent automotive repair shop. [00:44:40] And they were telling us that they're getting sometimes six, eight week delays on getting parts and some parts. They just can't. So they're going to everything from junkyards on out, and the worst parts are the parts, the official parts from the car manufacturers. So what's been happening is Russia apparently has been hacking into these various automobile manufacturers and automobile parts manufacturers. [00:45:10] And once they're inside, they've been putting in. A remote control button net. And those botnets now have the ability to wake up when they want them to wake up. And then once they've woken up, what do they do? Who knows? They've been busy erasing machines causing nothing, but having they've been doing all kinds of stuff in the past today, they're sitting there. [00:45:31] Which makes you think they're waiting, it's accumulate as much as you possibly can. And then once you've got it all accumulated go ahead and attack. So they could control thousands of machines, but they're not just in the U S it's automobile manufacturers in Japan. That we found out about. [00:45:50] So that's what they're doing right now. So you've got the kind of that front end and back end protections. So we're going to talk a little bit about the back end. What does that mean? When a cybersecurity guy talks about the backend and the protections. I got it up on my green right now, but here's the things you can do. [00:46:10] Okay. Remember, small businesses are just getting nailed from these guys, because again, they're fairly easy targets. One change your passwords, right? How many times do we have to say that? And yet about 70% of businesses out there are not using a good password methodology. If you want more information on passwords, two factor authentication, you name it. [00:46:37] Just email me M e@craigpeterson.com. I want to get the information out now. You got to make sure that all of the passwords on your systems are encrypted are stored in some sort of a good password vault as you really should be looking at 256 bit encryption or better. I have a vendor of. That I use. So if you get my emails every week, when them, there's the little training. [00:47:06] And so I'll give you a five minute training. It's written usually it's in bullet point for, I'm just trying to help you understand things. That provider of mine has a big database and there's another provider that I use that is for. So the training guys use the database of my provider. [00:47:27] In using that database, they're storing the passwords and the training providers putting passwords in the clinics. Into the database, which is absolutely crazy. So again, if you're a business, if you're storing any sort of personal information, particularly passwords, make sure that you're using good encryption and your S what's called salting the hash, which means. [00:47:53] You're not really storing the password, just joining assaulted hash. I can send you more on this. If you are a business and you're developing software that's, this is long tail stuff here. Configure all of the security password settings so that if someone's trying to log in and is failing that, and you block it, many of us that let's say you're a small business. [00:48:15] I see this all of the time. Okay. You're not to blame. You, but you have a firewall that came from the cable company. Maybe you bought it at a big box retailer. Maybe you bought it online over at Amazon, as hurricane really great for you. Has it got settings on there that lets you say. There's 20 attempts to log in. [00:48:38] Maybe we should stop them. Now, what we do personally for our customers is typically we'll block them at somewhere around three or four failed attempts and then their passwords block. Now you can configure that sort of thing. If you're using. Email. And that's an important thing to do. Let me tell you, because we've had some huge breaches due to email, like Microsoft email and passwords and people logging in and stealing stuff. [00:49:06] It was just a total nightmare for the entire industry last year, but limit the number of login retries as well as you're in there. These excessive login attempts or whatever you want to define it as needs to lock the account. And what that means is even if they have the right password, they can't get in and you have to use an administrative password in order to get in. [00:49:31] You also want to, what's called throttle, the rate of repeated logins. Now you might've gotten caught on this, right? You went to your bank, you went to E-bay, you went to any of these places and all of a sudden. And denied you write it blocked you. That can happen when your account is on these hackers lists. [00:49:51] You remember last week we talked about password spraying while that's a very big deal and hackers are doing the sprain trick all of the time, and that is causing you to get locked out of your own account. So if you do get locked out, remember it might be because someone's trying to break. Obviously you have to enforce the policies. [00:50:16] The capture is a very good thing. Again, this is more for software developer. We always recommend that you use multifactor or two factor authentication. Okay. Do not use your SMS, your text messages for that, where they'll send you a text message to verify who you are. If you can avoid that, you're much better off. [00:50:36] Cause there's some easy ways to get around that for hackers that are determined. Okay. A multi-factor again, installed an intrusion. system. We put right at the network edge and between workstations and servers, even inside the network, we put detection systems that look for intrusion attempts and block intrusion attempts. [00:51:02] A very important use denied lists to block known attackers. We build them automatically. We use some of the higher end Cisco gates. Cisco is a big network provider. They have some of the best hardware and software out there, and you have to subscribe to a lot of people complain. I ain't going to just go buy a firewall for 200 bucks on Amazon. [00:51:24] Why would I pay that much a month just to to have a Cisco firewall? And it's like praying pain for the brand. I've got by logo chert on here. Oh, I wouldn't pay for that. No, it's because they are automatically providing block lists that are updated by the minute sometimes. And then make sure you've got an incident response plan in place. [00:51:50] What are you going to do when they come for you? What are you going to do?  [00:51:55] Now we're going to talk about prevention. What can you do an order to stop some of these attacks that are coming from Russia and from other countries, it is huge. People. Believe me, this is a very big problem. And I'm here to help. [00:52:12] We've reviewed a number of things that are important when it comes to your cyber security and your protection. [00:52:20] We talked about the front end. We talked about the backend. Now we're going to talk about pure prevention and if you're watching. Online. You'll be able to see my slides as they come up, as we talk about some of this stuff and you'll find me on YouTube and you'll also find me on rumble, a fairly new platform out there platform that doesn't censor you for the things you say. [00:52:44] Okay. So here we go. First of all, enabling your active directory password protection is going to. Four's password protection all the way through your business. Now I've had some discussions with people over the months, over the years about this whole thing and what should be done, what can be done, what cannot be done. [00:53:09] Hey, it's a very big deal when it comes to password protection and actor directory, believe it or not, even though it's a Microsoft product is pretty darn good at a few things. One of them is. Controlling all the machines and the devices. One of the things we do is we use an MDM or what used to be a mobile device manager called mass 360. [00:53:34] It's available from IBM. We have a special version of that allows us as a managed security services provider to be able to control everything on people's machines. Active directory is something you should seriously consider. If you are a Mac based shop. Like I am. In fact, I'm sitting right now in front of two max that I'm using right now, you'll find that active directory is a little bit iffy. [00:54:04] Sometimes for max, there are some work around and it's gotten better mastery. 60 is absolutely the way to go, but make sure you've got really good. Passwords and the types of passwords that are most prone to sprain the attacks are the ones you should be banning specifically. Remember the website? Have I been poned? [00:54:28] Yeah. It's something that you should go to pretty frequently. And again, if you miss anything today, just email me M e@craigpeterson.com. Believe me, I am not going to harass you at all. Okay. Now, the next thing that you should be doing is what's called red team blue team. Now the red team is a group of people, usually outside of your organization. [00:54:54] If you're a big company they're probably inside, but the red team is the team that attacks you. They're white hat hackers, who are attacking you, looking for vulnerabilities, looking for things that you should or shouldn't be doing. And then the blue team is the side that's trying to defend. So think of, like war games. [00:55:12] Remember that movie with Matthew Broderick all of those decades ago and how the, he was trying to defend that computer was trying to defend that it moved into an attack mode, right? Red team's attack, blue team is defend. So you want. To conduct simulated attacks. Now w conducting these attacks include saying, oh my let's now put in place and execute our plan here for what are we going to do once we have a. [00:55:44] And you darn well better have a breach plan in place. So that's one of the things that we help as a fractional chief information security officer for companies, right? You've got to get that in place and you have to conduct these simulated attacks and you have to do penetration testing, including password spraying attacks. [00:56:04] There's so many things you can do. The one of the things that we like to do and that you might want to do, whether you're a home user, retiree or a business is go and look online, you can just use Google. I use far more advanced tools, but you can use Google and look for your email address right there. [00:56:23] Look for the names of people inside your organization. And then say wait a minute, does that data actually need to be there? Or am I really exposing the company exposing people's information that shouldn't be out there because you remember the hackers. One of the things they do is they fish you fish as in pH. [00:56:47] So they'll send you an email that looks like. Hey let me see. I know that Mary is the CFO, and I know that Joe's going to be out of town for two weeks in The Bahamas, not a touch. So while he's got. I'm going to send an email to Mary, to get her to do something, to transfer the company's funds to me. [00:57:06] Okay. So that's what that's all about. You've got to make sure, where is our information? And if you go to my company's page, mainstream.net, you'll see on there that I don't list any of the officers or any of the people that are in the company, because that again is a security problem. [00:57:24] We're letting them know. I go to some of these sites, like professional sites lawyers, doctors, countenance, and I find right there all, are there people right there top people or sometimes all of them. And then we'll say, yeah, I went to McGill university, went to Harvard, whatever my B. It's all there. So now they've got great information to fish you, to fish that company, because all they have to do is send an email to say, Hey, you remember me? [00:57:56] We're in Harvard when this class together. And did you have as a professor to see how that works? Okay. You also want to make. That you implement, what's called a passwordless user agent, and this is just so solely effective. If they cannot get into your count, what's going to, what could possibly go wrong, but one of the ways to not allow them into the count is to use. [00:58:24] Biometrics. We use something called duo and we have that tied into the single sign-on and the duo single sign-on works great because what it does now is I put in, I go to a site, I put it into my username and. Pulls up a special splash page that is running on one of our servers. That again asks me for my duo username. [00:58:48] So I've got my username for the site then to my dual username and my duo password single sign on. And then it sends me. To an app on my smart device, a request saying, Hey, are you trying to log into Microsoft? And w whatever it might be at Microsoft, and you can say yes or no, and it uses biometric. [00:59:11] So those biometrics now are great because it says, oh, okay, I need a face ID or I need a thumb print, whatever it might be that allows a generalized, a password, less access. Okay. Password less. Meaning no pass. So those are some of the top things you can do when it comes to prevention. And if you use those, they're never going to be able to get at your data because it's something you have along with something, it works great. [00:59:45] And we like to do this. Some customers. I don't like to go through those hoops of the single sign-on and using duo and making that all work right where we're fine with it. We've got to keep ourselves, at least as secure as the DOD regulations require unlike almost anybody else in industry, I'm not going to brag about it. [01:00:09] But some of our clients don't like to meet the tightest of controls. And so sometimes they don't. I hate to say that, but they just don't and it's a fine line between. Getting your work done and being secure, but I think there's some compromises it can be readily made. We're going to talk next about saving your data from ransomware and the newest ransomware. [01:00:36] We're going to talk about the third generation. That's out there right now. Ransomware, it's getting crazy. Let me tell ya and what it's doing to us and what you can do. What is a good backup that has changed over the last 12 months? It's changed a lot. I used to preach 3, 2, 1. There's a new sheriff in town. [01:00:58] Stick around Craig peterson.com. [01:01:02] 3, 2, 1 that used to be the standard, the gold standard for backing up. It is no longer the case with now the third generation of ransomware. You should be doing something even better. And we'll talk about it now. [01:01:19] We're doing this as a simulcast here. It's on YouTube. It is also on rumble. [01:01:27] It's on my website@craigpeterson.com because we're going through the things that you can do, particularly if you're a business. To stop the Russian invasion because as we've been warned again and again, the Russians are after us and our data. So if you missed part of what we're talking about today, or. [01:01:50] Last week show, make sure you send me an email. me@craigpeterson.com. This is the information you need. If you are responsible in any way for computers, that means in your home, right? Certainly in businesses, because what I'm trying to do is help and save those small businesses that just can't afford to have full-time. [01:02:15] True cyber security personnel on site. So that's what the whole fractional chief information security officer thing is about. Because you just, you can't possibly afford it. And believe me, that guy that comes in to fix your computers is no cyber security expert. These people that are attacking our full time cybersecurity experts in the coming from every country in the world, including the coming from the us. [01:02:44] We just had more arrests last week. So let's talk about ransomware correctly. Ransomware, very big problem. Been around a long time. The first version of ransomware was software got onto your computer through some mechanism, and then you had that red screen. We've all seen that red screen and it says, Hey, pay up buddy. [01:03:07] It says here you need to send so many Bitcoin or a fraction of a Bitcoin or so many dollars worth of Bitcoin. To this Bitcoin wallet. And if you need any help, you can send email here or do a live chat. They're very sophisticated. We should talk about it some more. At some point that was one generation. [01:03:29] One generation two was not everybody was paying the ransoms. So what did they do at that point? They said let me see if they, we can ransom the data by encrypting it and having them pay us to get it back. 50% of the time issue got all your data back. Okay. Not very often. Not often enough that's for sure. [01:03:49] Or what we could do is let's steal some of their intellectual property. Let's steal some of their data, their social security number, their bank, account numbers, et cetera. They're in a, in an Excel spreadsheet on their company. And then we'll, if they don't pay that first ransom, we'll tell them if they don't pay up, we'll release their information. [01:04:10] Sometimes you'll pay that first ransom and then they will hold you ransom a second time, pretending to be a different group of cyber terrorists. Okay. Number three, round three is what we're seeing right now. And this is what's coming from Russia, nears, everything we can tell. And that is. They are erasing our machines. [01:04:31] Totally erasing them are pretty sophisticated ways of erasing it as well, so that it sinks in really, it's impossible to recover. It's sophisticated in that it, it doesn't delete some key registry entries until right at the very end and then reboots and computer. And of course, there's. Computer left to reboot, right? [01:04:55] It's lost everything off of that hard drive or SSD, whatever your boot devices. So let's talk about the best ways here to do some of this backup and saving your data from ransomware. Now you need to use offsite disconnected. Backups, no question about it. So let's talk about what's been happening. [01:05:17] Hospitals, businesses, police departments, schools, they've all been hit, right? And these ransomware attacks are usually started by a person. I'll link in an email. Now this is a poison link. Most of the time, it used to be a little bit more where it was a word document, an Excel document that had something nasty inside Microsoft, as I've said, many times has truly pulled up their socks. [01:05:45] Okay. So it doesn't happen as much as it used to. Plus with malware defender turned on in your windows operating system. You're going to be a little bit safer next step. A program tries to run. Okay. And it effectively denies access to all of that data. Because it's encrypted it. And then usually what it does so that your computer still works. [01:06:09] Is it encrypts all of you, like your word docs, your Excel docs, your databases, right? Oh, the stuff that matters. And once they've got all of that encrypted, you can't really access it. Yeah. The files there, but it looks like trash now. There's new disturbing trends. It has really developed over the last few months. [01:06:31] So in addition to encrypting your PC, it can now encrypt an entire network and all mounted drives, even drives that are marrying cloud services. Remember this, everybody, this is really a big deal because what will happen here is if you have let's say you've got an old driver G drive or some drive mounted off of your network. [01:06:57] You have access to it from your computer, right? Yeah. You click on that drive. And now you're in there and in the windows side Unix and max are a little different, but the same general idea you have access to you have right. Access to it. So what they'll do is any mounted drive, like those network drives is going to get encrypted, but the same thing is true. [01:07:20] If you are attaching a U S B drive to your company, So that USB drive, now that has your backup on it gets encrypted. So if your network is being used to back up, and if you have a thumb drive a USB drive, it's not really a thumb drive, right? There's external drive, but countered by USP hooked up. [01:07:45] And that's where your backup lives. Your. Because you have lost it. And there have been some pieces of software that have done that for awhile. Yeah. When they can encrypt your network drive, it is really going after all whole bunch of people, because everyone that's using that network drive is now effective, and it is absolutely. [01:08:10] Devastating. So the best way to do this is you. Obviously you do a bit of a local backup. We will usually put a server at the client's site that is used as a backup destiny. Okay. So that servers, the destination, all of the stuff gets backed up there. It's encrypted. It's not on the network per se. It's using a special encrypted protocol between each machine and the backup server. And then that backup servers data gets pushed off site. Some of our clients, we even go so far as to push it. To a tape drive, which is really important too, because now you have something physical that is by the way, encrypted that cannot be accessed by the attacker. [01:09:03] It's offsite. So we have our own data center. The, we run the, we manage the no one else has access to it is ours. And we push all of those backups offsite to our data center, which gives us another advantage. If a machine crashes badly, right? The hard disk fails heaven forbid they get ransomware. We've never had that happen to one of our clients. [01:09:29] Just we've had it happen prior to them becoming clients, is that we can now restore. That machine either virtually in the cloud, or we can restore it right onto a piece of hardware and have them up and running in four hours. It can really be that fast, but it's obviously more expensive than in some. [01:09:51] Are looking to pay. All right, stick around. We've got more to talk about when we come back and what are the Russians doing? How can you protect your small business? If you're a one, man, one woman operation, believe it. You've got to do this as well. Or you could lose everything. In fact, I think our small guys have even more to lose Craig peterson.com. [01:10:16] Backups are important. And we're going to talk about the different types of backups right now, what you should be doing, whether you're a one person, little business, or you are a, multi-national obviously a scale matters. [01:10:32] Protecting your data is one of the most important things you can possibly do. [01:10:36] I have clients who had their entire operating account emptied out, completely emptied. It's just amazing. I've had people pay. A lot of money to hackers to try and get data back. And I go back to this one lady over in Eastern Europe who built a company out of $45 million. By herself. And of course you probably heard about the shark tank people, right? [01:11:07] Barbara Cochran, how she almost lost $400,000 to a hacker. In fact, the money was on its way when she noticed what was going on and was able to stop it. So thank goodness she was able to stop it. But she was aware of these problems was looking for the potential and was able to catch it. How many of us are paying that much attention? [01:11:34] And now one of the things you can do that will usually kind of protect you from some of the worst outcomes. And when it comes to ransomware is to backup. And I know everybody says, yeah, I'm backing up. It's really rare. When we go in and we find a company has been backing up properly, it even happens to us sometimes. [01:11:59] We put them back up regimen in place and things seem to be going well, but then when you need the backup, oh my gosh, we just had this happen a couple of weeks ago. Actually this last week, this is what happened. We have. Something called an FMC, which is a controller from Cisco that actually controls firewalls in our customer's locations. [01:12:26] This is a big machine. It monitors stuff. It's tied into this ice server, which is. Looking for nastiness and we're bad guys trying to break in, right? It's intrusion detection and prevention and tying it into this massive network of a billion data points a day that Cisco manages. Okay. It's absolutely huge. [01:12:48] And we're running it in a virtual machine network. So we. Two big blade. Chassies full of blades and blades are each blade is a computer. So it has multiple CPU's and has a whole bunch of memory. It also has in there storage and we're using something that VMware calls visa. So it's a little virtual storage area network. [01:13:15] That's located inside this chassis and there are multiple copies of everything. So if a storage unit fails, you're still, okay. Everything stays up, it keeps running. And we have it set up so that there's redundancy on pond redundancy. One of the redundancies was to back it up to a file server that we have that's running ZFS, which is phenomenal. [01:13:40] Let me tell you, it is the best file system out there I've never ever had a problem with it. It's just crazy. I can send you more information. If you ever interested, just email me@craigpeterson.com. Anytime. Be glad to send you the open source information, whatever you need. But what had happened is. [01:13:57] Somehow the boot disk of that FMC, that, that firewall controller had been corrupted. So we thought, oh, okay, no problem. Let's look at our backups. Yeah, hadn't backed up since October, 2019. Yeah, and we didn't know it had been silently failing. Obviously we're putting stuff in place to stop that from ever happening again. [01:14:27] So we are monitoring the backups, the, that network. Of desks that was making up that storage area network that had the redundancy failed because the machine itself, somehow corrupted its file system, ext four file system right then are supposed to be corruptible, but the journal was messed up and it was man, what a headache. [01:14:51] And so they thought, okay, you're going to have to re-install. And we were sitting there saying, oh, you're kidding me. Reinstalling this FMC controller means we've got to configure our clients, firewalls that are being controlled from this FMC, all of their networks, all of their devices. We had to put it out. [01:15:07] This is going to take a couple of weeks. So because I've been doing this for so long. I was able to boot up an optics desk and Mount the file system and go in manually underneath the whole FMC, this whole firewall controller and make repairs to it. Got it repaired, and then got it back online. So thank goodness for that. [01:15:33] It happens to the best of us, but I have to say I have never had a new client where they had good backups. Ever. Okay. That, and now that should tell you something. So if you are a business, a small business, whatever it might be, check your backups, double check them. Now, when we're running backups, we do a couple of things. [01:15:57] We go ahead and make sure the backup is good. So remember I mentioned that we h

How can backups protect you from ransomware? Richard chats with Karinne Bessette about how backup technology has responded to the need for ransomware protection. Whether it's intelligent backup tape systems that automatically pop out tapes so they won't overwrite or other air-gap strategies for backups, you need to have a backup you can rely on to recover from a ransomware attack without paying the ransom. Backups can also be a part of the requirements for ransomware insurance - and if your backups aren't sufficient, they can void the insurance! It is also crucial to know what it takes to restore from backup, how long it takes, and the order of things when recovering, even from the ground up. Backups aren't going away any time soon!Links:Malware and Ransomware Protection in Microsoft 365Veeam Disaster Recovery OrchestratorBusiness Continuity and Disaster RecoveryMicrosoft SentinelRecorded March 25, 2022

Whether you run a small non-profit or you're a large organization, you almost certainly have a website from which you showcase your work and receive donations from visitors. But, as much as you may think you know about website security, the fact is that you likely haven't been taking steps to protect your sites and data. In this episode, I'm going to explain why you should start backing up your website, the different types of website backups, and the best website backup tools to protect you, your organization, and save you time and effort if something should happen. Check out the show notes by visiting https://wowdigital.com/037

At NAB in Las Vegas, Yev Pusin, Director of Marketing for Backblaze, brings us up to date with all their services that help keep your data secure, and the news about their company. From individual online backup options to the industrial strength B2 Cloud Storage, Backblaze has what you need. This edition of MacVoices is supported by Kolide. Meet compliance objectives in a remote-first world without resorting to rigid device management. Try Kolide with all its features on an unlimited number of devices for free for 14 days; no credit card required, at Kolide.com/macvoices. Show Notes: Support:      Become a MacVoices Patron on Patreon     http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:     http://macvoices.com      Twitter:     http://www.twitter.com/chuckjoiner     http://www.twitter.com/macvoices      Facebook:     http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:     http://www.facebook.com/macvoices/      MacVoices Group on Facebook:     http://www.facebook.com/groups/macvoice      LinkedIn:     https://www.linkedin.com/in/chuckjoiner/      Instagram:     https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes     Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

The Philadlephia 76ers, once considered doomed with an out of shape Harden, are off to a great start in the 2022 NBA Playoffs (Up 2-0 at the time of recording, 3-0 at the time of posting). Standup comedian, Sixers fan, and host of the Bring in the Backups podcast, Erick Hellwig joins in with the optimism. Jon Blue? Not so much. Jon remembers Harden choking over and over for his Houston Rockets. But that's just one series. We're also talking Celtics vs Nets. Timberwolves vs Grizzlies. Suns vs Pelicans. We're talking the rest of the playoff matchups and some of our favorite jerseys. All that and more, this week on Larry! Guests: Erick Hellwig - @ErickHellwig | IG: @erickhellwig Jon Blue Follow @LarryTheAthlete on Twitter and Instagram

Full system backups with FFS snapshots, ZFS and dump(8), tuning recordsize in OpenZFS, Optimizing FreeBSD Power Consumption on Modern Intel Laptops, remember to check for ZFS filesystems being mounted, Use tcpdump to save wireless bridge, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Full system backups with FFS snapshots, ZFS and dump(8) (https://www.unitedbsd.com/d/705-full-system-backups-with-ffs-snapshots-zfs-and-dump8) Tuning Recordsize in OpenZFS (https://klarasystems.com/articles/tuning-recordsize-in-openzfs/) News Roundup Optimizing FreeBSD Power Consumption on Modern Intel Laptops (https://www.neelc.org/posts/optimize-freebsd-for-intel-tigerlake/) I need to remember to check for ZFS filesystems being mounted (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSCheckForMounted) Use tcpdump to save wireless bridge (https://adventurist.me/posts/0027) Beastie Bits • [FreeBSD on the Vortex86DX CPU](https://www.cambus.net/freebsd-on-the-vortex86dx-cpu/) • [HAMMER2 vs USB stick pulls](https://www.dragonflydigest.com/2022/03/22/26800.html) • [New US mirror for DragonFly](https://www.dragonflydigest.com/2022/03/09/26742.html) • [HelloSystem 13.1 RC1](https://github.com/helloSystem/ISO/releases/tag/experimental-13.1-RC1) • [Video introduction to OpenBSD 7.0](https://www.youtube.com/watch?v=KeUsE-3nSes) • [Losses in the community](https://minnie.tuhs.org/pipermail/tuhs/2022-April/025643.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Sam - BSD Laptops (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/451/feedback/Sam%20-%20BSD%20Laptops.md) Reese - Electric Groff (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/451/feedback/Reese%20-%20Electric%20Groff.md) Alexandra - New to BSD (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/451/feedback/Alexandra%20-%20New%20to%20BSD.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Today on the 5: The Verge ran an article yesterday about a pair of smart home companies that recently went under. The article argues the solution is a future where smart home devices are ubiquitous, but I'd rather focus on things people should doing right now.

This episode reports on zero-day bugs, testing data recovery  procedures, the world's biggest penetration test returns and vulnerabilities found in Lenovo laptops

Has Fedora pulled ahead of Ubuntu? We take a look at the new Fedora 36 and Ubuntu 22.04 releases. Special Guest: Alex Kretzschmar.

Rohan gets home from vacation to help Phil break down the 2022.4 release. Rohan describes the issues he's been having with his Bluetooth smart lock For complete show notes and more information about the topics discussed in this episode, be sure to check the notes at https://hasspodcast.io/ha105/ This episode was made possible thanks to our sponsor Home Assistant Cloud by Nabu Casa Easily connect to Google and Amazon voice assistants for a small monthly fee that also supports the Home Assistant project. Configuration is via the User Interface so no fiddling with router settings, dynamic DNS or YAML. Website: https://nabucasa.com ----- Hosts ----- Phil Hawthorne Website: https://philhawthorne.com Smart Home Products: https://kit.co/philhawthorne Twitter: https://twitter.com/philhawthorne Buy Phil a Coffee: https://buymeacoff.ee/philhawthorne Rohan Karamandi Website: https://karamandi.com Smart Home Products: https://kit.co/rkaramandi/ Twitter: https://twitter.com/rohank9 Buy Rohan a Coffee: https://buymeacoff.ee/rkaramandi

Howard Ting, CEO at Cyberhaven discusses data detection & response, the concept of data lineage, and how compliance and regulations affect the ability to analyze and manage data effectively.

Aaron Paul is joined by Ian Dennis, Rob Green and Matt Upson at Wembley to reflect on England's 2-1 win over Switzerland in their friendly. The debutants, formation and team selection are all discussed before a debate around who should back-up captain Harry Kane, who is now level with Sir Bobby Charlton on 49 England goals. John Murray then speaks to Gareth Southgate, Jordan Pickford and Marc Guehi. TOPICS: 03:20 – FA & The Alzheimer's Society 04:20 - Match recap 11:55 – Team selection for friendlies 15:30 – Backups to Harry Kane 19:30 - Gareth Southgate interview 24:18 - Jordan Pickford interview 25:50 - Marc Guehi interview

Weekly Show #1158 We know the Russians have been attacking us. I've talked a lot about it on the radio and TV over the last couple of weeks. So I am doing something special; we are going through the things you can do to stay safe from the latest Russian attacks. Last week, we started doing something I promised we would continue -- how can you protect yourself when it comes to the Russians? The Russians are the bad guys when it comes to bad guys. So there are a few things you can do. And there are a few things; frankly, you shouldn't be doing. And that's precisely what we're going to talk about right now. Today, I explain: - How to protect your back-end - Preventative measures - The new rules of backing up your computer As usual, we'll cover the What, Why, and How's. [Automated transcript follows] [00:00:39] So last week he went over some steps, some things that you can look at that you should look at that are going to help protect you. And we are going to go into this a whole lot more today. And so I want you to stick around and if you miss anything, you can go online. You can go to Craig peterson.com, make sure you sign up there for my email. [00:01:01] And what I'm going to do for you is. Send you a few different documents now where we can chat back and forth about it, but I can send you this. Now I'm recording this on video as well as on audio. So you can follow along if you're watching either on YouTube or. Over on rumble and you can find it also on my website. [00:01:26] I've been trying to post it up there too, but right now let's talk about what we call passive backend protections. So you've got the front end and the front end of course, is. Stuff coming at you, maybe to the firewall I've mentioned last week about customers of mine. I was just looking at a few customers this week, just so I could have an idea of their firewalls. [00:01:52] And they were getting about 10 attacks per minute. Yeah. And these were customers who have requirements from the department of defense because they are defense sub subcontractors. So again, Potential bad guys. So I looked up their IP addresses and where the attacks were coming from. Now, remember that doesn't mean where they originated because the bad guys can hop through multiple machines and then get onto your machine. [00:02:22] What it means is that all, ultimately they ended up. Coming from one machine, right? So there's an IP address of that machine. That's attacking my clients or are attacking my machines. That just happens all the time. A lot of scans, but some definite attacks where they're trying to log in using SSH. [00:02:42] And what I found is these were coming from Slovakia, Russia, and Iran. Kind of what you were expecting, right? The Iranians, they just haven't given up yet. They keep trying to attack, particularly our military in our industry. One of the things we found out this week from, again, this was an FBI notice is that the Russians have been going after our industrial base. [00:03:09] And that includes, in fact, it's more specifically our automobile manufacturers we've already got problems, right? Try buying a new car, try buying parts. I was with my friend, just this. I helped them because he had his car right. Need to get picked up. So I took him over to pick up his car and we chatted a little bit with this small independent automotive repair shop. [00:03:34] And they were telling us that they're getting sometimes six, eight week delays on getting parts and some parts. They just can't. So they're going to everything from junkyards on out, and the worst parts are the parts, the official parts from the car manufacturers. So what's been happening is Russia apparently has been hacking into these various automobile manufacturers and automobile parts manufacturers. [00:04:03] And once they're inside, they've been putting in. A remote control button net. And those botnets now have the ability to wake up when they want them to wake up. And then once they've woken up, what do they do? Who knows? They've been busy erasing machines causing nothing, but having they've been doing all kinds of stuff in the past today, they're sitting there. [00:04:24] Which makes you think they're waiting, it's accumulate as much as you possibly can. And then once you've got it all accumulated go ahead and attack. So they could control thousands of machines, but they're not just in the U S it's automobile manufacturers in Japan. That we found out about. [00:04:44] So that's what they're doing right now. So you've got the kind of that front end and back end protections. So we're going to talk a little bit about the back end. What does that mean? When a cybersecurity guy talks about the backend and the protections. I got it up on my green right now, but here's the things you can do. [00:05:03] Okay. Remember, small businesses are just getting nailed from these guys, because again, they're fairly easy targets. One change your passwords, right? How many times do we have to say that? And yet about 70% of businesses out there are not using a good password methodology. If you want more information on passwords, two factor authentication, you name it. [00:05:30] Just email me M e@craigpeterson.com. I want to get the information out now. You got to make sure that all of the passwords on your systems are encrypted are stored in some sort of a good password vault as you really should be looking at 256 bit encryption or better. I have a vendor of. That I use. So if you get my emails every week, when them, there's the little training. [00:05:59] And so I'll give you a five minute training. It's written usually it's in bullet point for, I'm just trying to help you understand things. That provider of mine has a big database and there's another provider that I use that is for. So the training guys use the database of my provider. [00:06:20] In using that database, they're storing the passwords and the training providers putting passwords in the clinics. Into the database, which is absolutely crazy. So again, if you're a business, if you're storing any sort of personal information, particularly passwords, make sure that you're using good encryption and your S what's called salting the hash, which means. [00:06:46] You're not really storing the password, just joining assaulted hash. I can send you more on this. If you are a business and you're developing software that's, this is long tail stuff here. Configure all of the security password settings so that if someone's trying to log in and is failing that, and you block it, many of us that let's say you're a small business. [00:07:08] I see this all of the time. Okay. You're not to blame. You, but you have a firewall that came from the cable company. Maybe you bought it at a big box retailer. Maybe you bought it online over at Amazon, as hurricane really great for you. Has it got settings on there that lets you say. There's 20 attempts to log in. [00:07:31] Maybe we should stop them. Now, what we do personally for our customers is typically we'll block them at somewhere around three or four failed attempts and then their passwords block. Now you can configure that sort of thing. If you're using. Email. And that's an important thing to do. Let me tell you, because we've had some huge breaches due to email, like Microsoft email and passwords and people logging in and stealing stuff. [00:07:59] It was just a total nightmare for the entire industry last year, but limit the number of login retries as well as you're in there. These excessive login attempts or whatever you want to define it as needs to lock the account. And what that means is even if they have the right password, they can't get in and you have to use an administrative password in order to get in. [00:08:25] You also want to, what's called throttle, the rate of repeated logins. Now you might've gotten caught on this, right? You went to your bank, you went to E-bay, you went to any of these places and all of a sudden. And denied you write it blocked you. That can happen when your account is on these hackers lists. [00:08:45] You remember last week we talked about password spraying while that's a very big deal and hackers are doing the sprain trick all of the time, and that is causing you to get locked out of your own account. So if you do get locked out, remember it might be because someone's trying to break. Obviously you have to enforce the policies. [00:09:09] The capture is a very good thing. Again, this is more for software developer. We always recommend that you use multifactor or two factor authentication. Okay. Do not use your SMS, your text messages for that, where they'll send you a text message to verify who you are. If you can avoid that, you're much better off. [00:09:30] Cause there's some easy ways to get around that for hackers that are determined. Okay. A multi-factor again, installed an intrusion. system. We put right at the network edge and between workstations and servers, even inside the network, we put detection systems that look for intrusion attempts and block intrusion attempts. [00:09:56] A very important use denied lists to block known attackers. We build them automatically. We use some of the higher end Cisco gates. Cisco is a big network provider. They have some of the best hardware and software out there, and you have to subscribe to a lot of people complain. I ain't going to just go buy a firewall for 200 bucks on Amazon. [00:10:18] Why would I pay that much a month just to to have a Cisco firewall? And it's like praying pain for the brand. I've got by logo chert on here. Oh, I wouldn't pay for that. No, it's because they are automatically providing block lists that are updated by the minute sometimes. And then make sure you've got an incident response plan in place. [00:10:44] What are you going to do when they come for you? What are you going to do? Bad boys. Bad. Stick around. We've got a lot more to talk about here as we go. I am explaining the hacks that are going on right now and what you can do as a business and an individual doubt. Protect yourself. Don't go anywhere. [00:11:07] Now we're going to talk about prevention. What can you do an order to stop some of these attacks that are coming from Russia and from other countries, it is huge. People. Believe me, this is a very big problem. And I'm here to help. [00:11:23] hi, I'm Craig Peter Sohn, your chief information security officer. We've reviewed a number of things that are important when it comes to your cyber security and your protection. [00:11:37] We talked about the front end. We talked about the backend. Now we're going to talk about pure prevention and if you're watching. Online. You'll be able to see my slides as they come up, as we talk about some of this stuff and you'll find me on YouTube and you'll also find me on rumble, a fairly new platform out there platform that doesn't censor you for the things you say. [00:12:01] Okay. So here we go. First of all, enabling your active directory password protection is going to. Four's password protection all the way through your business. Now I've had some discussions with people over the months, over the years about this whole thing and what should be done, what can be done, what cannot be done. [00:12:26] Hey, it's a very big deal when it comes to password protection and actor directory, believe it or not, even though it's a Microsoft product is pretty darn good at a few things. One of them is. Controlling all the machines and the devices. One of the things we do is we use an MDM or what used to be a mobile device manager called mass 360. [00:12:51] It's available from IBM. We have a special version of that allows us as a managed security services provider to be able to control everything on people's machines. Active directory is something you should seriously consider. If you are a Mac based shop. Like I am. In fact, I'm sitting right now in front of two max that I'm using right now, you'll find that active directory is a little bit iffy. [00:13:21] Sometimes for max, there are some work around and it's gotten better mastery. 60 is absolutely the way to go, but make sure you've got really good. Passwords and the types of passwords that are most prone to sprain the attacks are the ones you should be banning specifically. Remember the website? Have I been poned? [00:13:45] Yeah. It's something that you should go to pretty frequently. And again, if you miss anything today, just email me M e@craigpeterson.com. Believe me, I am not going to harass you at all. Okay. Now, the next thing that you should be doing is what's called red team blue team. Now the red team is a group of people, usually outside of your organization. [00:14:11] If you're a big company they're probably inside, but the red team is the team that attacks you. They're white hat hackers, who are attacking you, looking for vulnerabilities, looking for things that you should or shouldn't be doing. And then the blue team is the side that's trying to defend. So think of, like war games. [00:14:29] Remember that movie with Matthew Broderick all of those decades ago and how the, he was trying to defend that computer was trying to defend that it moved into an attack mode, right? Red team's attack, blue team is defend. So you want. To conduct simulated attacks. Now w conducting these attacks include saying, oh my let's now put in place and execute our plan here for what are we going to do once we have a. [00:15:01] And you darn well better have a breach plan in place. So that's one of the things that we help as a fractional chief information security officer for companies, right? You've got to get that in place and you have to conduct these simulated attacks and you have to do penetration testing, including password spraying attacks. [00:15:21] There's so many things you can do. The one of the things that we like to do and that you might want to do, whether you're a home user, retiree or a business is go and look online, you can just use Google. I use far more advanced tools, but you can use Google and look for your email address right there. [00:15:40] Look for the names of people inside your organization. And then say wait a minute, does that data actually need to be there? Or am I really exposing the company exposing people's information that shouldn't be out there because you remember the hackers. One of the things they do is they fish you fish as in pH. [00:16:04] So they'll send you an email that looks like. Hey let me see. I know that Mary is the CFO, and I know that Joe's going to be out of town for two weeks in The Bahamas, not a touch. So while he's got. I'm going to send an email to Mary, to get her to do something, to transfer the company's funds to me. [00:16:23] Okay. So that's what that's all about. You've got to make sure, where is our information? And if you go to my company's page, mainstream.net, you'll see on there that I don't list any of the officers or any of the people that are in the company, because that again is a security problem. [00:16:41] We're letting them know. I go to some of these sites, like professional sites lawyers, doctors, countenance, and I find right there all, are there people right there top people or sometimes all of them. And then we'll say, yeah, I went to McGill university, went to Harvard, whatever my B. It's all there. So now they've got great information to fish you, to fish that company, because all they have to do is send an email to say, Hey, you remember me? [00:17:13] We're in Harvard when this class together. And did you have as a professor to see how that works? Okay. You also want to make. That you implement, what's called a passwordless user agent, and this is just so solely effective. If they cannot get into your count, what's going to, what could possibly go wrong, but one of the ways to not allow them into the count is to use. [00:17:41] Biometrics. We use something called duo and we have that tied into the single sign-on and the duo single sign-on works great because what it does now is I put in, I go to a site, I put it into my username and. Pulls up a special splash page that is running on one of our servers. That again asks me for my duo username. [00:18:04] So I've got my username for the site then to my dual username and my duo password single sign on. And then it sends me. To an app on my smart device, a request saying, Hey, are you trying to log into Microsoft? And w whatever it might be at Microsoft, and you can say yes or no, and it uses biometric. [00:18:27] So those biometrics now are great because it says, oh, okay, I need a face ID or I need a thumb print, whatever it might be that allows a generalized, a password, less access. Okay. Password less. Meaning no pass. So those are some of the top things you can do when it comes to prevention. And if you use those, they're never going to be able to get at your data because it's something you have along with something, it works great. [00:19:02] And we like to do this. Some customers. I don't like to go through those hoops of the single sign-on and using duo and making that all work right where we're fine with it. We've got to keep ourselves, at least as secure as the DOD regulations require unlike almost anybody else in industry, I'm not going to brag about it. [00:19:26] But some of our clients don't like to meet the tightest of controls. And so sometimes they don't. I hate to say that, but they just don't and it's a fine line between. Getting your work done and being secure, but I think there's some compromises it can be readily made. We're going to talk next about saving your data from ransomware and the newest ransomware. [00:19:53] We're going to talk about the third generation. That's out there right now. Ransomware, it's getting crazy. Let me tell ya and what it's doing to us and what you can do. What is a good backup that has changed over the last 12 months? It's changed a lot. I used to preach 3, 2, 1. There's a new sheriff in town. [00:20:15] Stick around Craig peterson.com. [00:20:19] 3, 2, 1 that used to be the standard, the gold standard for backing up. It is no longer the case with now the third generation of ransomware. You should be doing something even better. And we'll talk about it now. [00:20:36] We're doing this as a simulcast here. It's on YouTube. It is also on rumble. [00:20:43] It's on my website@craigpeterson.com because we're going through the things that you can do, particularly if you're a business. To stop the Russian invasion because as we've been warned again and again, the Russians are after us and our data. So if you missed part of what we're talking about today, or. [00:21:07] Last week show, make sure you send me an email. me@craigpeterson.com. This is the information you need. If you are responsible in any way for computers, that means in your home, right? Certainly in businesses, because what I'm trying to do is help and save those small businesses that just can't afford to have full-time. [00:21:31] True cyber security personnel on site. So that's what the whole fractional chief information security officer thing is about. Because you just, you can't possibly afford it. And believe me, that guy that comes in to fix your computers is no cyber security expert. These people that are attacking our full time cybersecurity experts in the coming from every country in the world, including the coming from the us. [00:22:01] We just had more arrests last week. So let's talk about ransomware correctly. Ransomware, very big problem. Been around a long time. The first version of ransomware was software got onto your computer through some mechanism, and then you had that red screen. We've all seen that red screen and it says, Hey, pay up buddy. [00:22:23] It says here you need to send so many Bitcoin or a fraction of a Bitcoin or so many dollars worth of Bitcoin. To this Bitcoin wallet. And if you need any help, you can send email here or do a live chat. They're very sophisticated. We should talk about it some more. At some point that was one generation. [00:22:45] One generation two was not everybody was paying the ransoms. So what did they do at that point? They said let me see if they, we can ransom the data by encrypting it and having them pay us to get it back. 50% of the time issue got all your data back. Okay. Not very often. Not often enough that's for sure. [00:23:05] Or what we could do is let's steal some of their intellectual property. Let's steal some of their data, their social security number, their bank, account numbers, et cetera. They're in a, in an Excel spreadsheet on their company. And then we'll, if they don't pay that first ransom, we'll tell them if they don't pay up, we'll release their information. [00:23:26] Sometimes you'll pay that first ransom and then they will hold you ransom a second time, pretending to be a different group of cyber terrorists. Okay. Number three, round three is what we're seeing right now. And this is what's coming from Russia, nears, everything we can tell. And that is. They are erasing our machines. [00:23:48] Totally erasing them are pretty sophisticated ways of erasing it as well, so that it sinks in really, it's impossible to recover. It's sophisticated in that it, it doesn't delete some key registry entries until right at the very end and then reboots and computer. And of course, there's. Computer left to reboot, right? [00:24:11] It's lost everything off of that hard drive or SSD, whatever your boot devices. So let's talk about the best ways here to do some of this backup and saving your data from ransomware. Now you need to use offsite disconnected. Backups, no question about it. So let's talk about what's been happening. [00:24:34] Hospitals, businesses, police departments, schools, they've all been hit, right? And these ransomware attacks are usually started by a person. I'll link in an email. Now this is a poison link. Most of the time, it used to be a little bit more where it was a word document, an Excel document that had something nasty inside Microsoft, as I've said, many times has truly pulled up their socks. [00:25:02] Okay. So it doesn't happen as much as it used to. Plus with malware defender turned on in your windows operating system. You're going to be a little bit safer next step. A program tries to run. Okay. And it effectively denies access to all of that data. Because it's encrypted it. And then usually what it does so that your computer still works. [00:25:26] Is it encrypts all of you, like your word docs, your Excel docs, your databases, right? Oh, the stuff that matters. And once they've got all of that encrypted, you can't really access it. Yeah. The files there, but it looks like trash now. There's new disturbing trends. It has really developed over the last few months. [00:25:48] So in addition to encrypting your PC, it can now encrypt an entire network and all mounted drives, even drives that are marrying cloud services. Remember this, everybody, this is really a big deal because what will happen here is if you have let's say you've got an old driver G drive or some drive mounted off of your network. [00:26:14] You have access to it from your computer, right? Yeah. You click on that drive. And now you're in there and in the windows side Unix and max are a little different, but the same general idea you have access to you have right. Access to it. So what they'll do is any mounted drive, like those network drives is going to get encrypted, but the same thing is true. [00:26:36] If you are attaching a U S B drive to your company, So that USB drive, now that has your backup on it gets encrypted. So if your network is being used to back up, and if you have a thumb drive a USB drive, it's not really a thumb drive, right? There's external drive, but countered by USP hooked up. [00:27:02] And that's where your backup lives. Your. Because you have lost it. And there have been some pieces of software that have done that for awhile. Yeah. When they can encrypt your network drive, it is really going after all whole bunch of people, because everyone that's using that network drive is now effective, and it is absolutely. [00:27:27] Devastating. So the best way to do this is you. Obviously you do a bit of a local backup. We will usually put a server at the client's site that is used as a backup destiny. Okay. So that servers, the destination, all of the stuff gets backed up there. It's encrypted. It's not on the network per se. It's using a special encrypted protocol between each machine and the backup server. And then that backup servers data gets pushed off site. Some of our clients, we even go so far as to push it. To a tape drive, which is really important too, because now you have something physical that is by the way, encrypted that cannot be accessed by the attacker. [00:28:20] It's offsite. So we have our own data center. The, we run the, we manage the no one else has access to it is ours. And we push all of those backups offsite to our data center, which gives us another advantage. If a machine crashes badly, right? The hard disk fails heaven forbid they get ransomware. We've never had that happen to one of our clients. [00:28:46] Just we've had it happen prior to them becoming clients, is that we can now restore. That machine either virtually in the cloud, or we can restore it right onto a piece of hardware and have them up and running in four hours. It can really be that fast, but it's obviously more expensive than in some. [00:29:08] Are looking to pay. All right, stick around. We've got more to talk about when we come back and what are the Russians doing? How can you protect your small business? If you're a one, man, one woman operation, believe it. You've got to do this as well. Or you could lose everything. In fact, I think our small guys have even more to lose Craig peterson.com. [00:29:32] Backups are important. And we're going to talk about the different types of backups right now, what you should be doing, whether you're a one person, little business, or you are a, multi-national obviously a scale matters. [00:29:47] Protecting your data is one of the most important things you can possibly do. [00:29:53] I have clients who had their entire operating account emptied out, completely emptied. It's just amazing. I've had people pay. A lot of money to hackers to try and get data back. And I go back to this one lady over in Eastern Europe who built a company out of $45 million. By herself. And of course you probably heard about the shark tank people, right? [00:30:23] Barbara Cochran, how she almost lost $400,000 to a hacker. In fact, the money was on its way when she noticed what was going on and was able to stop it. So thank goodness she was able to stop it. But she was aware of these problems was looking for the potential and was able to catch it. How many of us are paying that much attention? [00:30:50] And now one of the things you can do that will usually kind of protect you from some of the worst outcomes. And when it comes to ransomware is to backup. And I know everybody says, yeah, I'm backing up. It's really rare. When we go in and we find a company has been backing up properly, it even happens to us sometimes. [00:31:15] We put them back up regimen in place and things seem to be going well, but then when you need the backup, oh my gosh, we just had this happen a couple of weeks ago. Actually this last week, this is what happened. We have. Something called an FMC, which is a controller from Cisco that actually controls firewalls in our customer's locations. [00:31:42] This is a big machine. It monitors stuff. It's tied into this ice server, which is. Looking for nastiness and we're bad guys trying to break in, right? It's intrusion detection and prevention and tying it into this massive network of a billion data points a day that Cisco manages. Okay. It's absolutely huge. [00:32:05] And we're running it in a virtual machine network. So we. Two big blade. Chassies full of blades and blades are each blade is a computer. So it has multiple CPU's and has a whole bunch of memory. It also has in there storage and we're using something that VMware calls visa. So it's a little virtual storage area network. [00:32:32] That's located inside this chassis and there are multiple copies of everything. So if a storage unit fails, you're still, okay. Everything stays up, it keeps running. And we have it set up so that there's redundancy on pond redundancy. One of the redundancies was to back it up to a file server that we have that's running ZFS, which is phenomenal. [00:32:56] Let me tell you, it is the best file system out there I've never ever had a problem with it. It's just crazy. I can send you more information. If you ever interested, just email me@craigpeterson.com. Anytime. Be glad to send you the open source information, whatever you need. But what had happened is. [00:33:13] Somehow the boot disk of that FMC, that, that firewall controller had been corrupted. So we thought, oh, okay, no problem. Let's look at our backups. Yeah, hadn't backed up since October, 2019. Yeah, and we didn't know it had been silently failing. Obviously we're putting stuff in place to stop that from ever happening again. [00:33:43] So we are monitoring the backups, the, that network. Of desks that was making up that storage area network that had the redundancy failed because the machine itself, somehow corrupted its file system, ext four file system right then are supposed to be corruptible, but the journal was messed up and it was man, what a headache. [00:34:07] And so they thought, okay, you're going to have to re-install. And we were sitting there saying, oh, you're kidding me. Reinstalling this FMC controller means we've got to configure our clients, firewalls that are being controlled from this FMC, all of their networks, all of their devices. We had to put it out. [00:34:23] This is going to take a couple of weeks. So because I've been doing this for so long. I was able to boot up an optics desk and Mount the file system and go in manually underneath the whole FMC, this whole firewall controller and make repairs to it. Got it repaired, and then got it back online. So thank goodness for that. [00:34:49] It happens to the best of us, but I have to say I have never had a new client where they had good backups. Ever. Okay. That, and now that should tell you something. So if you are a business, a small business, whatever it might be, check your backups, double check them. Now, when we're running backups, we do a couple of things. [00:35:14] We go ahead and make sure the backup is good. So remember I mentioned that we have. Backup server that sits onsite. Usually it depends on the size of the client. But sits onsite at the client's site. So it will perform the backup and then tries to actual restore of that backup to make sure it's good. [00:35:35] And we can even. Client, depending on what they want. So a higher level, if a machine goes down, let's say it catches fire, or disk explodes in it, or completely fails. We can actually bring that machine online inside our backup server or the customer. Yeah, how's that for fancy and bring it back online in just a matter of minutes instead of days or weeks. [00:36:04] So that's true too. If that machine had been a ransom had this data, you raised whatever might've happened to it. We can restore it now. We've never had to knock on wood, except when there was a physical problem with the machine and as. Starting from scratching it, that machine, the new machine online in four hours or less. [00:36:28] And it's really cool the way it works. If you like this stuff, man, it is great. Okay. Protecting your data. I'm rambling a little bit here. You need an archival service there's companies out there like iron mountain, you can at your local bank, depending on the bank. It ain't like it used to be, get a box, right? [00:36:50] A special box in the vault that you. The tapes and other things in nowadays there's cloud options, virtual tape backup options, which is a lot of what we use and we do. Okay. We also use straight cloud at the very bottom end again. It's not located on the network. It's up in the cloud. It's double encrypted. [00:37:13] It's absolutely the way to do now if you're going to have a backup and if that backup, you want to be secure, it must not be accessible. To the attacker, you've got to put some literal air space between your backups and the cyber criminals. It's called an air gap. So there's no way for them to get to it. [00:37:37] Okay. Now I want you to consider seriously using tape these a LTO. These linear tape drives. They've been around for a long time, but their cartridges you can pull in and out. And they're huge. They they're physically small, but they can hold terabytes worth of data. They're absolutely amazing. There's some great disk based backup systems as what we do. [00:38:02] Some of them are been around a long time and they can be quite reasonably. Price. All right. So it's something for you to consider, but you've got to have at least that air gap in order to make sure that you're going to be protected. What should you be looking for in a backup system? This is called 3, 2, 2 1, which means maintain at least three copies of your data store the backups on two different meters. [00:38:31] Store at least one of the copies at an offsite location store, at least one of the copies offline, and be sure to have verified backups without air. Okay. Does that sound a little complicated? 3, 2, 1, 1 0 is what it's called. Just to be 3, 2, 1. Now it's 3, 2, 1, 1 0. I can send you Karen put together a special report on this based on our research. [00:38:57] And I can share that with you. Absolutely free. Hey guys, if you want it, you got it. But you got to ask me, just email me M e@craigpeterson.com. This is absolutely essential. If you're a small business, a tiny business to do it this way. Let me tell you, okay, this is just huge. Physical backups should be stored off site. [00:39:19] I mentioned the bank fault. A lot of people just go ahead and take them home with. That might be a desk. It might be a tape. It can be a little bit complicated to do. And I've picked up customers that thought they were backing up. They were using a USB drive. They were putting it in due to flee every Monday. [00:39:41] And then every Wednesday, what happened? Every Wednesday they bring in Wednesdays desk and then they bring that disc home and then Thursday, they bring in the Thursday disc. And none of them had been working. Okay. So be very careful. All of your backups should be encrypted. We encrypted at the customer site and then we reencrypt it when we bring it over to us. [00:40:06] Okay. Keys are essential. Particularly if you're using a cloud-based backup, don't use the same keys across multiple backups. Very important there. You should have some good procedures that are well-documented test, test your restores because very frequently. We find they don't work. In fact, that's the number one problem, right? [00:40:30] If they had just tried to restore, even once from their backup, they would've known they had problems. And get those backups scheduled on a regular schedule. Okay. So there's a lot more offline backups and more that we can talk about another time, but this is important. If you want any help, send me an email, just put backups in the subject line. [00:40:55] I'll send you some stuff. Email me, M e@craigpeterson.com. Now I am more than glad to help. Pretty much anybody out there. I'm not going to help. What about blah, blah, Amir Putin. But anybody else I'll help, but you got to reach out. Okay. You listen here. And I know some of this stuff is over some of our heads, some of your heads, you're the best and brightest. [00:41:20] That's why you're listening and I'll help you out. I'll send you some information. That's going to get you on the right track. Me M e@craigpeterson.com. That's Craig Peterson, S O N have a great day. [00:41:35] We just got an email this week from a customer and they're saying, oh no, my email has been hacked. What does that mean was a really hacked, we're going to talk right now about email spoofing, which is a very big deal. [00:41:51] Emails spoofing is being a problem for a long time, really? Since the 1970s. I remember when I got my first spoofed email back in the eighties and they was really a little bit confusing. [00:42:05] I went into it more detail, of course, being a very technical kind of guy and looked behind the curtains, figured out what was going on. Just shook my head. I marveled at some people. Why would you do this sort of thing? The whole idea behind email spoofing is for you to receive an email, looks like it's from someone that it's not now, you've all seen examples of this. [00:42:30] Everybody has. And those emails that are supposedly from the bank, or maybe from Amazon or some other type of business or family friend, this is part of what we call social engineering, where the bad guys are using a little bit about what they know about you, or maybe another person in order to. Frankly, fool you. [00:42:54] That's what spoofing really is. There were a lot of email accounts that were hacked over the last what, 30, 40 years. And you might remember this people sending out an email saying, oh, my account got hacked because you just got emails. Back in the day, what people were trying to do is break into people's email accounts and then the bad guys after having broken in now knew everybody that was in the contact list from the account that was just broken into. [00:43:29] Now they know, Hey, listen, this person sends an email. Maybe I can just pretend I'm them. Days it, the same thing still happens. But now typically what you're seeing is a more directed attack. So a person might even look in that email account that they've broken into and poke around a little bit and find out, oh, okay. [00:43:52] So this person's account I just broken to is a purchasing manager at a big. So then they take the next step or maybe this tab after that and try and figure out. Okay, so now what do I do? Oh, okay. So really what I can do now is send fake purchase orders or send fake requests for money. I've seen in the past with clients that we've picked up because the email was acting strangely where a bad guy went ahead, found. [00:44:25] Invoices that have been sent out by the purchasing person and the send the invoices out and changed the pay to information on the invoice. So they took the PDFs that they found on the file server of the invoices went in and changed them, change the account that they wanted, the funds ACH into. And once they had that happen, they just sent the invoice out again saying overdue. [00:44:54] Off goes in the email and the company receives it and says, oh okay, I need to pay this invoice. Now. Sometimes it marked them overdue. Sometimes they didn't mark them overdue. I've seen both cases and now the money gets sent off and that invoice gets paid and then gets paid to the wrong person. [00:45:13] Or maybe they go ahead and they don't send the invoice out, but they just send a little notification saying, Hey, our account has changed. Make sure you. Direct all future payments to this account. Instead. Now you might be thinking wait a second here. Now they send this email out. It's going to go into a bank account. [00:45:33] I can recover the money while no, you can't. Because what they're doing is they are using mules. Now you've heard of meals before. He might've even seen that recent Clint Eastwood movie. I think it was called. But typically when we think of mules, as people we're thinking about people who are running drugs well, in this case, the bad guys use mules in order to move money around. [00:45:59] And now sometimes the people know what they're doing. The FBI has had some really great arrests of some people who were doing this, particularly out in California, some of them cleaned. Yeah. I didn't know what was happening. It was just somebody, asked me to send money. It's like the Nigerian scam where the Nigeria in the Nigerian scam, they say, Hey I'm, I'm Nigerian prince, you've heard of these things before. And I need to get my money out of the country. I need to place to put them. And so if you have a us account, I'm going to transfer money into it. You can keep a thousand dollars of that 5,000 and I'm going to wire in just as a fee. Thanks for doing this. I, this is so important and it's such a hurry and I'm going to send you the. [00:46:46] What they'll often do is send you a money order. It couldn't be a bank check, could be a lot of things, and then you go ahead and you cash it and oh, okay. Or cash just fine. And then you wire the $4,000 off to the bad guy. The bad guy gets the money and is off. Running in the meantime, your bank is trying to clear that bank check or that money order. [00:47:14] And they find out that there is no money there because frankly what might've happened? I, this is one I've seen, I'm telling you about a story w we helped to solve this problem, but I had taken out a real money order from a bank, and then they made copies of it. Basically, they just forged it. And so they forged a hundred copies of it. [00:47:36] So people thought they were getting a legitimate money order. And in some cases, the banks where the money order was, you mean deposited, did conf confirm it? They called up the source bank. Oh yeah. Yeah. That's a legit money order and then they all hit within a week or two. And now the, you are left holding the bag. [00:47:58] So that's one thing that happens. But typically with these mules, the money comes to them in that account. They are supposed to then take that money and put it in their PayPal account and send it off to the next. And it might try jump to through two or three different people, and then it ends up overseas and the bad guys have gotten so good at this and have the cooperation of some small countries, sometimes bigger countries that they actually own. [00:48:30] The bank overseas of the money ultimately gets transferred into. And of course there's no way to get the money back. It's a real. So with spoofing, they're trying to trick you into believing the emails from someone that you know, or someone that you can trust. Or as I said, maybe a business partner of some sort in most cases, it's some sort of a colleague, a vendor or a trusted brand. [00:48:58] And so they exploit the trust that you have, and they ask you to do something or divulge information. They'll try and get you to do something. So there's more complexity tax. Like the ones that I just explained here that are going after financial employees, there might be some, an accountant, a bookkeeper, or bill payer and receivables payables. [00:49:24] I've seen CFO attacks, but the really the spoofed email message looks legitimate on the surface. They'll use the legitimate logo of the company that they're trying to pretend that they're from. For instance, PayPal. Phishing attack. They have a spoofed email sender and typical email clients like you might be using for instance, on Microsoft outlook. [00:49:48] The sender address is shown on the message, but most of the time nowadays the mail clients hide the actual email address, or if you just glance at it, it looks legit. You've seen those before these forged email headers. Yeah, it gets to be a problem. Now we use some software from Cisco that we buy. [00:50:13] You have to buy. I think it's a thousand licenses at a time, but there were some others out there, Cisco again, by far the best and this, the software. Receives the email. So before it even ends up in the exchange server or somewhere else online, that email then goes through that Cisco server. They are comparing it to billions of other emails that they've seen, including in real time emails that are. [00:50:41] Right now. And they'll look at the header of the email message. You can do that as well. With any email client, you can look at the header, Microsoft and outlook calls, it view source. But if you look at the email header, you'll see received. Headers that are in there. So say, receive colon from, and they'll give a name of a domain and then you'll see another received header and give another name of a machine. [00:51:08] And it'll include the IP address might be IVF IPV four of your six, and you can then follow it all the way through. So what'll happen is partway through. You'll see, it took a hop that is. Not legitimate. That's where it comes in. Nowadays, if you have an email address for your business, man, a domain, you need to be publishing what are called SPF records. [00:51:37] And those SPF records are looked at there compared to make sure that the email is properly signed and is from. The correct sender. There's a SPF records. There's a mother's too, that you should have in place, but you'll see that in the headers, if you're looking in the header. So it gets pretty complicated. [00:51:59] The SPF, which is the sender policy framework is a security protocol standard. It's been around now for almost a decade. It's working in conjunction with what are called domain based message, authentication, reporting, and conformance. Heather's D mark headers to stop malware and phishing attacks. And they are very good if you use them properly, but unfortunately when I look, I would say it's still 95% of emails that are being sent by businesses are not using this email spoofing and protection. [00:52:35] So have a look at that and I can send you a couple articles on it. If you're in trusted Craig Peter sohn.com. [00:52:46] So we've established that email spoofing happens. What are the stats to this? And how can you further protect yourself from email spoofing? Particularly if you're not the technical type controlling DNS records, that's what's up right. [00:53:02] Everybody Craig Peter sawn here, your cybersecurity strategist. And you're listening to news radio, w G a N a M five 60 and 98.5 FM. Join me on the morning. Drive Wednesday mornings at 7 34. Of course in the am. There's so much going on in the cybersecurity world. It affects all of us. Now, I think back to the good old days 40 years ago where we weren't worried about a lot of this stuff, spoofing, et cetera. [00:53:36] But what we're talking about right now is 3.1 billion domain spoof. Emails sent every day. That's a huge thing. More than 90% of cyber attacks. Start with an email message. Email spoofing and phishing have had a worldwide impact costing probably $26 billion over the last five years. A couple of years ago, the FBI, this is 2019. [00:54:07] Reported that about a house. A million cyber attacks were successful. 24% of them were email-based and the average scam tricked users out of $75,000. Yeah. So it's no wonder so many people are concerned about their email and whether or not those pieces of email are really a problem for them. And then anybody else. [00:54:34] So a common attack that uses spoofing is CEO fraud, also known as business, email compromise. So this is where the attacker is spoofing or modifying, pretending to be a certain person that they're not they're impersonating an executive or owner, maybe of a business. And it targets. People in the financial accounting or accounts payable departments or even the engineering department. [00:55:01] And that's what happened with one of our clients this week. They got a very interesting spoofed email. So even when you're smart and you're paying attention, you can be tricked the Canadian city treasurer. Tricked into transferring a hundred grand from taxpayer funds, Mattel tricked into sending 3 million to an accountant, China, a bank in Belgium, tricked into sending the attackers 70 million Euro. [00:55:31] It happens and I have seen it personally with many businesses out there. So how do you protect yourself from email? Spoofing now, even with email security in place, there's some malicious email messages that are still going to get through to the inboxes. Now we're able to stop better than 96% of them just based on our stats. [00:55:54] In fact, it's very rare that one gets through, but here are some things you can do and watch out for whether you're an employee responsible for financial decisions, or maybe you're someone who is. Personal email at work. Here's some tricks here. So get your pencil ready. Number one, never click links to access a web. [00:56:19] Where you're asked to log in, always type in the official URL into your browser and authenticate on the browser. In other words, if you get an email from your bank or someone else, and there's a link in there to click that says, Hey oh man, here's some real problems. You got to respond right away. [00:56:42] Don't do that go to paypal.com or your bank or your vendor's site, just type it into your browser, even though you can hover over the email link and see what it is. Sometimes it can be perfectly legitimate and yet it looks weird. For instance, when I send out my emails that people subscribe to that right there on Craig peterson.com, the links are going to come from the people that handle my email lists for me, because I send out thousands of emails at a time to people that have asked to get those emails. [00:57:22] So I use a service and the services taking those links, modifying them somewhat in fact dramatically. And using that to make sure the delivery happened, people are opening it and that I'm not bothering you. So you can unsubscribe next step. You can, if you want to dig in more, look at the email headers. [00:57:45] Now they're different for every email client. If you're using outlook, you have to select the email, basically in the left-hand side. Okay. You're going to control, click on that email and we'll come up and you'll see something that says view source. So in the outlook world, they hide it from you. [00:58:06] If you're using a Mac and Mac mail, all you have to do is go to up in the menu bar email and view, header and cut off. There it is. I have many times in the past just left that turned on. So I'm always seeing the headers that reminds me to keep a look at those headers. So if you look in the header, And if the email sender is let me put it this way. [00:58:31] If the person who is supposed to have sent it to you is doing headers proper, properly. You're going to see. A received SPF section of the headers and right in there, you can look for a pass or fail and response, and that'll tell you if it's legit. So in other words, let's use PayPal as an example, PayPal has these records that it publishes that say all of our emails are going to come from this server or that server of. [00:59:04] And I do the same thing for my domains and we do the same thing for our clients domains. So it's something that you can really count on if you're doing it right, that this section of the headers. And that's why I was talking about earlier. If you have an email that your sending out from your domain and you don't have those proper headers in it, there's no way. [00:59:31] To truly authenticate it. Now I go a step further and I use GPG in order to sign most of my emails. Now I don't do this for the trainings and other things, but direct personal emails from me will usually be cryptographically signed. So you can verify that it was me that sent it. Another thing you can do is copy and paste the text, the body of that email into a search engine. [01:00:03] Of course I recommend duck go in most cases. And the chances are that frankly they've sent it to multiple people. That's why I was saying our Cisco based email filter. That's what it does, it looks for common portions of the body for emails that are known to be bad, be suspicious of email from official sources like the IRS, they're not going to be sending you email out of the blue most places. Aren't obviously don't open attachments from people that you don't. Special suspicious ones, particularly people we'll send PDFs that are infected. It's been a real problem. They'll send of course word docs, Excel docs, et cetera, as well. [01:00:54] And the more. I have a sense of urgency or danger. That's a part of the email should really get your suspicions up, frankly, because suggesting something bad is going to happen. If you don't act quickly, that kind of gets around part of your brain and it's the fight or flight, right? Hey, I gotta take care of this. [01:01:17] I gotta take care of this right away. Ah, and maybe you. So those are the main things that you can pay attention to. In the emails, if you are a tech person, and you're trying to figure this out, how can I make the emails safer for our company? You can always drop me an email as well. Me, M e@craigpeterson.com. [01:01:43] I can send you to a couple of good sources. I'll have to put together a training as well on how to do this, but as individually. At least from my standpoint, a lot of this is common sense and unfortunately the bad guys have made it. So email is something we can no longer completely trust. Spoofing is a problem. [01:02:05] As I said, we just saw it again this week. Thank goodness. It was all caught and stopped. The account was not. It was just a spoofed email from an account outside the organization that was act Craig peterson.com. Stick around. [01:02:24] The value of crypto coins has been going down lately quite a bit across the board, not just Bitcoin, but the amount of crypto mining and crypto jacking going on. That hasn't gone down much at all. [01:02:48] hi, I'm Craig Peter Sohn, your cyber security strategist. And you're listening to news radio, w G a N a M five 60 and FM nine. Point five, you can join me on the morning drive every Wednesday morning at 7 34, Matt and I go over some of the latest in news. You know about crypto coins, at least a little bit, right? [01:03:15] These are the things like Bitcoin and others that are obstensively private, but in reality, aren't that private. If you receive coins and you spend coins, you are probably trackable. And if you can't spend that, the crypto currencies, why even bother getting it in the first place. One of the big drivers behind the price of these crypto currencies has been criminal activity. [01:03:48] We've talked about that before. Here's the problem we're seeing more and more nowadays, even though the price of Bitcoin might go down 30%, which it has, and it's gone down in bigger chunks before. It does not mean that the bad guys don't want more of it. And what better way to mine, cryptocurrency then to not have to pay for. [01:04:15] So the bad guys have been doing something called crypto jacking. This is where criminals are using really ransomware like tactics and poisoned website to get your computer, even your smartphone to mine, cryptocurrencies for. No mining, a Bitcoin can cost as much in electric bills that are in fact more in electric bills. [01:04:43] Then you get from the value of the Bitcoin itself. So it's expensive for them to run it. Some countries like China have said, no, you're not doing it anymore because they're using so much electricity here in the U S we've even got crypto mining companies that are buying. Old power plant coal-fired or otherwise, and are generating their own electricity there locally in order to be able to mine cryptocurrencies efficiently, effectively so that they can make some profit from it. [01:05:18] It's really quite the world out there. Some people have complained about their smartphone getting really hot. Their battery only lasts maybe an hour and it's supposed to last all day. Sometimes what's happened is your smartphone has been hijacked. It's been crypto jacked. So your smartphone, they're not designed to sit there and do heavy computing all day long. [01:05:45] Like a workstation is even your regular desktop computer. Probably isn't. To be able to handle day long mining that has to happen. In fact, the most efficient way to do crypto mining of course is using specialized hardware, but that costs them money. So why not just crypto Jack? All right. There are two primary ways. [01:06:09] Hackers have been getting victims, computers to secretly mine. Cryptocurrencies one is to trick them into loading. Crypto mining code onto their computers. So that's done through various types of fishing, light tactics. They get a legitimate looking email that tricks people into clicking on a link and the link runs code. [01:06:30] Now what's interesting is you don't, even for cryptocurrency crypto jacket, you don't even have to download a program in. To have your computer start mining cryptocurrencies for the bad guys. They can use your browser to run a crypto mining script. And it runs in the background. As you work right, using up electricity, using up the CPU on your computer. [01:06:58] They also will put it into ads. They'll put it on a website and your browser goes ahead and runs the code beautifully. So they're really trying to maximize their returns. That's the basics of crypto jacking what's been particularly bad lately has been the hackers breaking into cloud account. And then using those accounts to mine cryptocurrency, one of the trainings that I had on my Wednesday wisdoms has to do with password stuffing and my Wednesday wisdoms, you can get by just subscribing to my email over there@craigpeterson.com. [01:07:44] But what happens here is they find your email address. They find. Password on one of these hacks that is occurred on the dark web. You weren't on the dark web, but your username or email address and password are there on the dark web. And then they just try it. So a big site like Amazon, or maybe it was your IBM also has cloud services can be sitting there running along very well, having fun. [01:08:16] Life's good. And. Then they go ahead and try your email address and password to try and break in. Now, you know how I keep telling everybody use a good password manager and this week I actually changed my opinion on password managers. So you know, that I really like the password manager that you can get from one password.com. [01:08:44] It really is fantastic. Particularly for businesses, various types of enterprises, one password.com. However, where I have changed is that some of these browsers nowadays, particularly thinking about Firefox Google Chrome safari, if you're particularly, if you're on a Mac, all have built in password managers that are actually. [01:09:09] Good. Now they check. Have I been poned, which is a site I've talked to you guys about for years. To make sure that your accounts are reasonably safe than not being found on the dark web, the new password that it came up with or that you want to use. They check that as well. Make sure it's not in use. So here's an example here. [01:09:32] This is a guy by the name of Chris. He lives out in Seattle, Washington, and he makes mobile apps for local publishers. Just this year, new year's day, he got an alert from Amazon web services. Now Amazon web services, of course, cloud service. They've got some really nice stuff, starting with light ship and going up from there, I've used various services from them for well, since they started offering the services over very many years and. [01:10:04] They allow you to have a computer and you can get whatever size computer you want to, or fraction of a computer. You want to, he got this alert because it said that he owed more than $53,000 for a month's worth of hosts. Now his typical Amazon bill is between a hundred and 150 bucks a month. My typical Amazon bell is now 50 to maybe $80 a month. [01:10:34] I cannot imagine getting a $53,000 bill from our friends at Amazon. So the poor guy was just totally freaking out, which is a very big deal. So I'm looking at an article from insider that you can find a business insider.com. They were able to confirm that, yes, indeed. He got this $53,000 bill from Amazon and yes, indeed. [01:11:00] It looks like his account had been hacked by cryptocurrency miners. So these guys can run up just incredibly large charges for the raw computing power. They need to produce some of these digital cryptocurrencies, like Bitcoin there's many others out there. But this isn't new. This is happening all of the time. [01:11:23] Google reported late last year, that 86% of account breaches on its Google cloud platform were used to perform cryptocurrency mining. So make sure you are using a good password manager that generates good passwords. And I have a special report on passwords. You can download it immediately when you sign up for. [01:11:48] My email, my weekly email newsletter@craigpeterson.com and it tells you what to do, how to do it. What is a good password? What the thinking is because it's changed on passwords, but do that and use two factor authentication. Multi-factor authentication as well. And I talk about that in that special report too. [01:12:11] And visit me online. Sign up right now. Craig Peter sohn.com. [01:12:17] We're moving closer and closer to completely automated cars, but we want to talk right now about car hacks, because there was an interesting one this week that has to do with Tesla. And we'll talk about some of the other hacks on car. [01:12:33] Connected cars are coming our way in a very big way. [01:12:38] We just talked about the shutdown of two G and 3g in our cars. We, it wasn't really our cars, right? Two G 3g. That was for our cell phones. That was. Years ago course now for four GLTE 5g, even 10 G is being used in the labs. Right now. It's hard to think about some of those older technologies, but they were being used and they were being used by cars, primarily for the navigation features. [01:13:13] Some cars use these data links, if you will, that are really on the cell phone network in order to do remote things like remote start. For instance, I have a friend who's Subaru. Of course was using that. And now she's got to do an upgrade on her car because that 3g technology is going away depending on the carrier, by the way, some of it's going away sooner. [01:13:40] Some of it's going away later, but it'll all be gone at the end of 2020. What are we looking at? As we look into the future, I'm really concerned. I don't want to buy one of these new cars at the same time as I do, because they are cool, but I don't want to buy one of those because of the real problem that we could have of what well of having that car. [01:14:07] I need an upgrade and not been able to do it. I watched a video of a guy who took a Tesla that hadn't been damaged badly in a flood, and it was able to buy it for cheap. Why? Because Tesla will not sell you new motors and a new batteries for a car like that. So he got the car for cheap. He found a Chevy Camaro that had been wrecked, but its engine and transmission were just fine. [01:14:37] He ripped everything out of the Tesla and went ahead after that, cause you got to clean that out, and water damage. You spray wash all to the inside. He got right down to the aluminum, everything that wasn't part of the core aluminum chassis was gone. And then he built it back up again. He managed to keep all of those Tesla systems working, that, that screen that you have upfront that does the temperature control, cruise maps, everything out. [01:15:09] He kept that it was able to work. The, automated stuff, cruise control type stuff. And now he had a very hot car that looked like a Tesla. He took it out to SEMA, which is pretty cool. I'd love to see that, but it was a Tesla with a big V8 gasoline engine in it. He's done a, quite a good job on it. [01:15:33] It was quite amazing to see it took them months. It was him and some of his buddies. These new cars are even more connected than my friend Subaru is they get downloads from the. Some of them are using Wi-Fi and 5g. Really one of the big promises of 5g is, Hey, our cars can talk to each other because now you can get a millisecond delay in going from one car to another versus what you have today, which can be a half a second or more, which can be the difference between having a rear end collision and being able to stop in time when it comes to these automated system. [01:16:15] So they are more connected. They connect to the wifi in your homes. They connect to obviously the 5g network, which is where things are going right now. But what's happening with the hackers because really what we're talking about, isn't a computer on wheels. Oh no. Dozens of computers inside that car and your car has a network inside of it and has had for many years, this can bus network and even fancier ones nowadays that connect all of your systems together. [01:16:50] So your entertainment system, for instance, is connected to this network. And that was used. You might remember a couple of years ago on a Chrysler product where the bad guy installed. Or using the thumb drive onto that entertainment system and had a reporter drive that car down the road. This is all known. [01:17:13] It was all controlled. And was able to the bad guy right there, the demonstration in this case, I guess you'd call them a white hat hacker. He drove that car right off the road while the reporter was trying to steer otherwise because cars nowadays don't have a direct linkage between anything in any. [01:17:36] That's why I love my 1980 Mercedes TESOL. You turn the steering wheel. It isn't act