Podcasts about craig peter

Welcome! Craig discusses who is doing the most hacking world-wide.  Any guesses? Listen in to find out. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: Musk says that Neuralink implants are close to ready for human testing Is China the World’s Greatest Cyber Power? Russian tourist offered employees $1 million to cripple Tesla with malware Ransomware Red Flags: 7 Signs You’re About to Get Hit IT blunder permanently erases 145,000 users' personal chats in KPMG's Microsoft Teams deployment – memo Apple won’t let Facebook tell users about 30% Apple tax on events Tesla with Autopilot hits cop car - driver admits he was watching a movie iOS 14 Privacy settings will tank ad targeting business, Facebook warns --- Automated Machine-Generated Transcript: All of the branches of our military now have cyber office operations, defensive as well as offensive. is China now the world's greatest cyber power. That's what we're going to address right now. Here we go. You're listening to Craig Peter, either on terrestrial radio. Yes, indeed. WGAN or online @craigpeterson.com. I appreciate you being with me. I have had a lot of people asking questions lately and I love it. I use it to help build. Not only this radio show and some of the topics we discuss and some of the pieces of training that we do, of course, that's offline, but I try and do a little bit here to help you guys understand things a little bit better, but I also respond to those emails and all, ultimately some of them end up in the weekly newsletter with the question and then my response to it.  I've even some cases recorded a little video explaining things, and you can find all of that in my newsletter, make sure you get that every week. Craig Peterson.com/subscribe. It's important that you do that, cause it's the only way you can find out about all of these things that I'm doing.  believe me, I'm not one to harass you guys, as I just mentioned this last time around I've gotta be the worst marketer in the world. Cause I'm not trying to push anything down anybody's throat  I never really have either. So we got to cyber problems and we know that the Russians have tried to interfere here in the US forever. We know. we have been interfering in other countries elections as well as in some of their industries looked at what happened within Iran with their, nuclear power industry. That probably was more along the lines of a, yeah. Bomb-making thing. But anyway, we've been doing this for a very long time, and we also know that China has been as well.  because China has one central unified government.  because that government is highly socialist, they're trying to be communist. No, one's actually reached pure communism though. A Lennon communism. Oh yeah. It's, it's crazy. They've only killed tens of millions of people. It's not a very big deal, but, China has very little incentive for people to. Create to innovate, just stick their necks out because when you do, you are beaten down. So in a socialist government, like what they have right now in China or in Venezuela or in Cuba, much of what they have also down in Brazil. How do you end up innovating? How can you innovate when people stick their heads up and they get chopped off, that seems to me anyway, to be a little bit of a disincentive for innovation.  in fact, it's a pretty big disincentive for innovation. So what China has been doing is. Developing their cyber intelligence capabilities.  they've been working on these very long and very hard.  they're trying to come up with the ability to just steal the technology.  I know people where that's happened. I know a guy. Who knows a guy who knows a guy? No, I, I know a guy, his name's Mike and he designed a system that would manage a certain part of an entire building.  he had it all put together, all planned out, everything, all done. He's an electrical engineer, just absolutely phenomenal.  it was stolen by the Chinese and, his product is now available for sale in the United States. . he doesn't get a dime for any of those thousands of hours he put into the design but also think about all of the hours as an electrical engineer or everything else he was doing. So that's how socialist governments have to survive. they push everybody down. So everyone's on the same level, which is basically poverty.  then they have to steal innovations from other countries. So let's use it as an example right now. The whole drug situation, how expensive pharmaceuticals are in the US, and yeah, some of the margins on these pharmaceuticals are crazy-ass, right?  with all of these crazy high prices, including high prices, for some pharmaceuticals that are absolutely necessary for life. I'm a beekeeper and I would have an epi-pen handy in case we have a guest over or something happens to them. It gets stung and I could use it to help them out.  I do have a few things where I got the Benadryl, I got this little heat thing, I've got a suction thing, that would be really nice little epi-pen, but they are incredibly expensive. How do you deal with that? we know now that about. Where I know in Canada, in many of the European countries, they pay half as much for the same pharmaceuticals that we have in the US. Now most of these pharmaceuticals, almost all of them were invented in the US almost all of them are made in China, frankly, and shipped from China all over the world. So what are we doing? How do we deal with this stuff? It's a very good question.  what has happened now is the Trump administration has said, Hey, we will not in the US pay more for pharmaceuticals than any other country in the world. Just boil it down so he's trying to squeeze it from that side. Now, if they don't have the incentive to make a drug. They're not going to make it. If the incentive is we're going to make a lot of money off of this drug, I don't see a problem with that incentive, frankly. And if they do come up with a drug that works great as it is, we've already seen the pharmaceutical companies dropping their development of all kinds of drugs, because they look at it and say, it's just not going to be profitable enough. A legitimate concern.  then people say, maybe we should have the government do this and invest in this sort of stuff.  my opinion on that, right? the government is terrible about picking winners, whether it's in the solar cells, batteries just go on and on you just name it.  the government's been bad at it in Canada. They just, this last, over the last few weeks, but just finished the last one last week, they have ordered. Vaccinations for the Wuhan virus from four different companies.  they've ordered hundreds of millions of doses. Now, remember Canada has what? 33 million people. It's a 10th of the population of the US that's a lot of doses because they're trying to cover their bases up there.  hopefully one of them will work and maybe there'll be like an old for world work. So that's what you have to do.  we have seen China actively attacking. Small US companies. like ultra-small 10 person companies, they are attacking to steal intellect real property.  with this friend of mine, it's just him. It was a one-person company that they were attacking to steal his intellectual property. That is a very sad thing.  I see this in our bigger customers when you're in a 100 to 250 employee range, you are a man age, your target, and you're still too small to be able to afford, to do security operations that need to be done. If you're in the hundred. really, if you're under 250 people, 300 is fair to people is the industry standard. If you're under 300 people, then you cannot do security operations yourself. You have to outsource it to a company like mine that has these $300,000 a year employees. That knows what they're doing and can track it and using some of the best hardware and software and everything else out there. Because you can not afford it with 300 employees. You get beyond that and okay. Yeah. Maybe you can to a degree, but then you have to build your team and everything. So it's so much better to outsource for almost every company out there.  when we come in, we almost always find lately anyways, a Chinese backdoor, or more than one. So that's what they're doing. They are hacking us, the US Russia is real. Some of these European countries all have pretty high-end cyber-espionage capabilities and also hacking abilities. But there's one firm out there right now. That's arguing that because China has had to be so aggressive in order for its economy to thrive when it comes to stealing information from other countries, from other people that perhaps that has made China the world's greatest cyber power. A very big deal and a very good question to ask you is that actually the case I tend to think it is. I really do just seeing how much they permeated everything and looking at my daily FBI reports I get that are showing. Multiple, sometimes daily hacks by the Chinese, these Chinese cyber attackers are going to continue to Excel, spanned the targets to going after.  yeah, it's not just the big companies anymore. In fact, the really big companies, the fortune 100, you get up into the North of a thousand employees. you should have very strong cybersecurity. Team with a chief cybersecurity information officer, et cetera, all the way on down, you should be having drills every quarter. What do we do?  that includes your PR people, your attorneys, everybody. Okay. you should be doing all of that. So those companies that a thousand employees plus are pretty well protected.  so the Chinese and these hackers, as I mentioned, this Russian hacker in the show who was trying to really cause some serious harm to Tesla to get them to pay a ransom. He wasn't backed, I don't think anyways by the Russian government, but the only way in for him was to turn somebody. Internally who had access to the systems? So we have to be very careful. One of the largest wealth transfers in human history happened with the Equifax hack because now information personal information is more valuable than gold. It is a very big deal.  when it comes to China, your intellectual property is worth more than gold.  the FBI now has placed the blame on China for that 2017 hack of Equifax.  if Equifax had kept their patches up to date and it would not have been able to use that vulnerability, which was six to eight months old at the time China used it to break into Equifax, stole the personal data on 150 million. Americans and half of the 5,000 counterintelligence investigations currently being conducted in the US are related to China.  some of those are through yours. Truly. Then, we have found in small businesses here in the US. Hey everybody has a great weekend. Make sure you are on my newsletter. So you get all of this and more. Get free training and get my free papers.  now I even have a book coming up here. Craig Peterson.com/subscribe.  join me on Wednesday morning with Mr. Matt Gagnon at seven 30. Take care, everybody. Bye-bye. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Welcome! Craig’s walking you through a deep dive of the Pros and Cons of Online Collaboration Tools for Businesses and the Security implications for Businesses who have Regulatory Requirements.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: Twitter wants to know if you meant to share that article DHS Warns on New Exploit of Windows 10 Vulnerability FBI Says Sudden Increase in Mobile Banking Is Heightening Risks For Users What COVID-19 Teaches Us About Social Engineering UPnP flaw exposes millions of network devices to attacks over the Internet --- Automated Machine-Generated Transcript: We're going to finish up our discussion about Microsoft teams. What are some of the things you might want to use it for? What is this? How was it different from Zoom and everything else on the market? So let's get going. [00:00:21] Hi everybody. Craig Peterson here. Thanks for being with us today. I really appreciate all your comments to me M E at Craig Peterson dot com. A lot of people just respond to my weekly show notes. You get those by signing up for my email list to find out what's going on, what you should be doing, what free trainings we have, what paid courses there are. [00:00:46]We are coming out with a free again, free, free, free. I'm trying to help out here. It really is for you. Okay. A free, special report about all of these apps we're talking about today. So Karen's been working really hard on that with me, and we hope to have it out either this week or maybe the week after. [00:01:09] And it's going to be. Pretty detailed about some of the pros and cons when you should be using it, what policies should you have in place for your employees when it comes to these collaboration apps? So I think it's very important topic, you know, so many of us just knee jerk our way into this with the COVID-19 thing, and we needed something now, please, anything. [00:01:36] And we jerked into Zoom. Most of us, some of us started using Slack. All of these things are, are up in usage. In fact, WebEx had so many people applying for it because it's really the only one. If you're a business that you should be using. That they had to cut back. They were giving it away for free for like two or three months. [00:01:58]Even though they have a huge worldwide infrastructure, they still had some problems with the onboarding, getting everybody set up and ready. So there may or may not be free WebEx stuff going on right now. They're supposed to go. Maybe it was through the end of June until the end of July. I'm not sure what it is right now, but anyway, We're talking about Microsoft teams right now. [00:02:21] Okay. so as I mentioned at the very end with Microsoft teams, you need to integrate your Skype went and we already know Skype is not. Considered to be overly secure. It was actually a little more security before Microsoft bought it. And then Microsoft changed its entire architecture to one where it goes through Microsoft servers. [00:02:45] And that way, if you're in China, Microsoft can sensor you. Or if the law enforcement agencies in the US want to hear what you're saying, Microsoft can provide it to them and they couldn't do it before. So yeah. A little bit of resentment there. You probably noticed in my voice, right, Danielle, back to Microsoft here. [00:03:07] The second big thing is it has this integration that a lot of people are looking for with your business apps. So you can use word Excel, PowerPoint, one-note planners, share 0.1 drive. All integrated with Microsoft teams. And that is a huge win because all of that stuff is right there. Now the integration isn't as clean or as neat or as easy as maybe it should be. [00:03:36] But it is there and it will get better over time. You can still use all of those tools, word, Excel, PowerPoint, et cetera, et cetera, with pretty much any of these apps. They're all designed to be integrated to varying degrees, but Microsoft ultimately will win this battle. Because they own the source code, right. [00:03:58] They own the programs. They're going to take care of themselves first. And they've been sued about that before. So no, no news there. Next point, customized workspace, and every team is different. So Microsoft teams is customizable so that you can integrate it with third-party apps, as well as Microsoft apps. [00:04:21] You know, that's really the trend right now. I see that across all of the industries, Cisco has done an interesting thing, and that is a couple of years ago. They decided to do a policy called API first. Now Microsoft is not doing this, but the whole idea behind API first is. That I'm like Microsoft that tries to play everything close to the chest and give itself advantages over all of its competitors. [00:04:49] Right. And we've seen suits on that forever, like integrating internet Explorer, right into the kernels, supposedly. And so that you could not use other browsers. You always had to have a ye initially, and then they allowed other browsers, but you still had to have I E, and then the courts ruled against them yet again. [00:05:09] And so unlike Microsoft's approach to try and lock you in, Cisco has decided that they want to make. All of the Cisco software uses the same interfaces that third-party vendors have to use. And that is phenomenal when it comes to integration. So if you want to use WebEx or WebEx teams or any component of any of the Cisco stuff, including their firewalls and the routers, et cetera, et cetera, you can. [00:05:41] They've got API APIs for everything. Cause that's the only way they can access their own software. It says absolutely phenomenal. So Microsoft teams do have some third party integration available on it, which can be handy. You also get real-time communications, which as I mentioned can be a problem. [00:06:02] This isn't just true with Microsoft. This is true for WebEx teams and Slack and everything else out there. But it's real-time. So a smart person's going to do something different with email excuse me. something caught in my throat, but, email, you typically try and delay, right? I try and read my email once a day and that's it. [00:06:29] And if someone really needs to get ahold of me, but they probably know how to really get ahold of me. Right. So I'm not getting interrupted. I can work on the stuff I need to get to work on. No, I'm putting his stuff. Together for my lives for my webinars, for my radio show for everything else. And if I get interrupted, particularly if I'm doing some programming work, it can cost me hours of time. [00:06:56] So I put off email and only go through it maybe once a day. Sometimes I'll go two or three days without really paying attention to my email. So I apologize to you. If you send me an email and you're hoping for a quick answer, I don't always get back to you very quickly. Right. I have other people in my team that that's what it's for. [00:07:15] So when we're talking about communicating in real-time with some of these collaboration apps, It's a double edge sword. So instead of having emails, bouncing back and forth, which might take hours and hours, right? Because someone says something and half an hour later, another person reads it and responds. [00:07:36] Now, then that first person an hour later read to them a response, you can just have it go over very quickly. It's phenomenal for productivity. When you need quick productivity, the high priority initiatives that you have can really move a lot faster because it's not an email. It's not getting a push back while you were waiting. [00:07:57] This is really instant messaging. Think of it like texting, right? So everybody can be on the same page with these team's apps you can see who has seen your messages and people can respond to them. They can start a thread. normally how does it work? You're well, you might send an email to everybody. Giving them an update, right? [00:08:18]they reply to you, but maybe not to everybody that happens all of the time. I know people that I, you know, I expect them to copy all because I, you know, I've got two or three people on it that are need to know, and they don't, they just reply directly to me. with these types of teams, apps, everybody's on the same page. [00:08:39] Everybody can see everything. This conversation with email can split into a bunch of different conversations with ideas, being directed at one person when it really should be a group discussion. So keep that in mind as well. When you're considering some of these team's applications, everybody knows what's going on, what the status is, and productivity. [00:09:04] Just keeps flowing. You're listening to Craig Peter's son. I appreciate your being with me today. And of course, you can get me online as well. Craig peterson.com. Make sure you sign up to my email list. Kirk peterson.com/subscribe. And that gets you an email every week. Oftentimes it's Saturday mornings lately. [00:09:27] It's been more like Mondays, you know, summertime COVID-19 every excuse in the book, right. As to why it's been a little bit more delayed, but you know, expected by Monday. And it's got my summary for the week. It's got links to my podcast and also info about classes and courses and lives when they happen. [00:09:46] And then of course, here on the air, take care of everybody. We'll be right back, stick around. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Welcome! Craig’s taking a look at Artificial Intelligence and what it may mean to the future of employment.  Do you have to be worried right now? For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: Could Automation Kill the Security Analyst? --- Automated Machine-Generated Transcript: Could artificial intelligence affect your job? And what does it mean to different business sectors? Well, if you're in a higher pain job, you might be surprised what Brookings Institute had to say. [00:00:18] Hey, welcome back, Craig Peter sauna here, we have had a busy, busy day today. And if you missed any part of today's show, you can go online and find it on your favorite podcasting app. And I'd love to get a little feedback from you. I had one of our listeners just a couple of weeks ago when I asked to show me where you are listening. [00:00:41] He took a picture of the dashboard of his car. He had it playing there in the car. I thought that was pretty darn cool. And I'd love to know from you too. Where are you listening to the podcast? What are you doing? And you can just email me M E and Craig peterson.com. You know, the thing about podcasts is I know how many downloads there have been, but that doesn't tell me much. [00:01:05] It doesn't tell me if the person that downloaded it actually listened to it. If they listen to it in Timbuktu, over in Northern Africa, in case you wonder where that is, or if they're listening to it in downtown Boston, it doesn't tell me anything about anybody. You know, the podcast might just be going into Nowheresville. [00:01:25] Now I know people who listened to him on the radio. Are listening, but I have a similar problem, right? Because I think we could do different things with the show based on where you are and what you're doing. I imagine that a lot of people listen to it while they're driving to and from work. Which is really, you know, very commonplace to listen to it. [00:01:49] Other people listen to it in the gym, and I know at least one of you listens to it in the truck driving around doing chores on the weekend. But if you would please do let me know. You can just send me a picture or send me a note to me@craigpeterson.com. Last week I asked for you guys to reach out and, and let me know what you thought about having a show dedicated. [00:02:13] To windows updates. And I didn't really get a lot of positive responses to that. So I'm going to have to read into that, that you're not interested in understanding how to do updates and windows. If you, if you're one of those people that wants to know, make sure you email me@craigpeterson.com and let me know, maybe it makes more sense to do it as a deeper dive. [00:02:37] It's something. Better for a webinar or I think the radio it's tough. Right? How do I explain click here, do this, you know, I can't explain the concepts and I'm going to try and do that next weekend here on the show so that everybody understands basically what's going on. And then maybe what we'll try and do is have a webinar where I'm really just delving deeply into it and helping you guys understand it. [00:03:05] And I've done these before on it. So it's nothing new to me. So we started out today talking about an application that is absolutely fantastic when it comes to your security and they're adding a new feature to it that will do automatic face blurring. And I gave you a couple of other options. And then we started talking about the new secure DNS settings for Chrome and Firefox and how they can help in some cases. [00:03:34] And they will definitely hurt and other cases. So if you are responsible for the network at your business, you're going to have to listen to that. And then we talked about insider threats. This is crazy 60% of our insider threats. Involve employees in planning on leaving. So, what are some of those signs that an employee might be a flight risk or that they're taking data? [00:04:02] What are the most common ways that they're stealing our information? I went over that today too. And then I started talking about the iPhone looters and I track all because I is, is there no low to the stupidity of criminals sometimes? Right here. They are stealing iPhones and of course, Apple's protecting them. [00:04:24] And then they're posting pictures on Twitter saying, Hey, look at what my iPhone said. It says an Apple is tracking me. Yeah. And now, so is anybody who saw you on Twitter? Uh, we went into something that many small businesses don't realize they've got to pay a lot more attention to, and that is security. If you are a government. [00:04:46] Sub sub-subcontractor, right? These regulations that the federal government has to roll down Hill. And if you're involved with anything that goes, boom, you know, military-type stuff. Man alive, the things they're doing right now with the new CMMC regulations. And I talked about how we helped a couple of businesses out just this week with some major security problems they weren't even aware of. [00:05:15] And now what'll happen with these new, new regulations in place, even if all you're doing. Is making a passive component for one of these military contractors that sell to the military, uh, you know, assembles it and sells it. You just make one small component. You could be out of business because of fines. [00:05:36] There are now 10-year prison sentences, everything else. So we talked about that. We talked about Google getting sued for at least $5 billion over some claimed, um, Inconsistency, shall we say incognito mode? Ain't incognito mode. Let's just leave it at that. A zoom. We just talked about that in how their defenders are citing legitimate reasons to not have end-to-end encryption. [00:06:06] And what that means. And we also talked about what the electronic frontier foundation had to say on that. And if you know those guys and gals, you certainly know what they probably said, and you'd probably be right. So let's get into this study. This is a study that came out from the Brookings Institute about jobs that are going to be lost when it comes to. [00:06:31] AI. Now we used to say, Oh, you're gonna lose your job to a robot. Well, that has happened. Obviously some manufacturing jobs are now being done by robots. But what we're talking about right now is intelligence. It's one thing to have a robot that's just repeatedly doing a specific job, but maybe. It has some cameras on it that allowed to adjust a little bit so that it has less of a tight tolerance for finding that bolt. [00:06:58] It wants to put the nut on too. So that's stage one in that's already happened. Now we're looking at AI artificial intelligence that can do a lot more. So what they found, and this is kind of interesting because the study was put together by a Ph.D. student and he took a whole different way of looking at it and his professors agreed with it and they published it. [00:07:25] And it's just, it's fascinating to look at it. He's got a lot of stats in there, but here are the basic findings number one. Artificial intelligence could affect work in virtually every occupational group. Now we know this, I don't think this is a big surprise to anybody it's going to affect trucking because these trucks are going to self-drive et cetera. [00:07:48] Right. So it's going to kind of hurt everywhere. But number two, Two says that better-paid white-collar occupations may be the most exposed to artificial intelligence, as well as some manufacturing and agricultural positions. Now that's interesting. And they have some graphs in this report that are showing. [00:08:11] That those people that have a high school education or less are basically the going to be the least effective. Those people with a bachelor's degree are the most likely to be affected. And that's typically your middle managers and then slightly less affected by AI and losing their jobs. Are those people with advanced degrees? [00:08:38] But when you think about those advanced degrees in business finance, Man. Those are the types of things that artificial intelligence can easily do. In fact, do better than most humans. The same. Thing's true in tech industries, they're going to be more exposed as well as natural resource and production industries. [00:08:59] Now I want to get into security analyst jobs here in just a minute because I think this is fascinating, but AI looks most destined to affect men. Prime age workers and white and Asian American workers. And number five in the findings was bigger. Higher tech Metro areas and communities heavily involved in manufacturing are likely to experience the most AI-related disruption. [00:09:31] Security is important, right? And security analysts are out there looking at what's going on, trying to figure out what they should do. And a great little article that was up on dark reading called could automation kill the security analyst because we were just talking about it, right? The higher, the skill, the higher the degree, the more likely you're going to lose your job to artificial intelligence. [00:09:58] Well, how about on the security front? Well there another study that was done over a thousand, it security practice practitioners in the US and the UK it's done by the Panama Institute. And they're saying, wow, wait a minute. Automation and I T security workers must work hand in hand to achieve maximum effectiveness. [00:10:23] Automation will never replace the need for the human element, especially for security professionals who have the expertise to manage these new technologies. In fact, 68% of respondents said they believe human involvement is important when using automation. So they've got five tips here to become proficient in how automation technologies operate, seek out an experienced mentor. [00:10:52] And right now we are actually mentoring a couple of people. They don't work for my company, worked for other companies, helping them out with their security roles, highlight, and understanding of automation, technologies, benchmark, how automation is being used, and get involved in organizations to share best. [00:11:11] Practices. And that's part of what we've been very involved in for many years. AI is going to be a huge, huge disruptor, but just like all of the big disruptors in the past, I don't see artificial intelligence as being an absolutely horrific thing. Look at what happened with, of course of a horse and buggy getting displaced by infernal combustion engines. [00:11:38] And we ended up at the Teamsters. Yeah, we got the union out of it, but in reality, we have more jobs now than we used to have, and they're more skilled jobs and that's what we're going to expect to happen in the future. The steam engine did the same thing. The fire probably did the same thing and the wheels certainly did the same. [00:11:59] But we've always had more and more people. And I am hoping I'm looking forward to the star Trek day, where we have the ability to have unlimited energy. And turn that energy into the matter so that we can own kind of have higher pursuits is going to be an interesting thing. But if you want more information on this and more, you'll find it right on my website. [00:12:23] Craig peterson.com. All of this week's articles are posted there as is the podcast. So check it out, make sure you get my newsletter. So you get the information. On special pieces of training, the popups, some doing as well as all of the new technology for the week, the things you need to know, and the things that you can share with your friends and family to help them understand some of the stuff. [00:12:50] You can be the hero to have a great week and we'll be back and next Saturday, one til three right here. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Welcome!   For being locked down do to this Pandemic there is certainly a lot of technology in the news this week.  So let's get into it.  We are finding that managers are surveilling their employees, probably a little more than necessary and an uptick in VPN usage. Big Tech is strangling us and WordPress has a vulnerability plus much more   So sit back and listen in.  For more tech tips, news, and updates visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig Peterson: Hey everybody. Craig Peterson here on WGAN. Spring is in the air. I am so excited about this, you know, I love pretty much every season. I was just thinking the other day how I missed not having, you know, like crunchy snow that you can walk on. I know you might think I'm crazy, right? I know other family members of mine who absolutely think I'm crazy, but it's, maybe it's just a thing from my childhood, you know, being 40 degrees below zero and being outside and just walking in the snow and just having a crunch, crunch, crunch. [00:00:40] But you know, so wintertime makes me enjoy spring makes me enjoy summer to a bit of a lesser degree, but I love going motorcycling so that works right? In the summertime. And then I really like fall probably my favorite season and then winter is pretty good. I'm not a winter sports kind of guy. I should probably do a little bit more of that. [00:01:01] Well, if you saw me on the TV news this week, you know that I was talking a lot about this new surveillance society that we have. Yeah. I'm not just talking about general regular surveillance that we've talked about before. I'm talking about surveillance in the workplace. And now there are two sides of this. [00:01:23] Of course, there are like two sides to everything and there's the side of the employee and then there's the side of the employer. And so we're going to spend a little time right now going through some of the things on both sides. If you're an employer, why you might want to be doing surveillance. In fact, in some ways, why you should be doing surveillance, if you're an employee, what are your rights? [00:01:46] What can you do about it? We'll be talking about that. And then some of the software the businesses are using and what you can expect. So let's sort of been talking about a lot this week over on various radio stations and on television as well this week. So getting right into this, and you'll see some articles about this up on my website as well, at Craig peterson.com [00:02:10] Oh and man did I get a kick in the pants this week, you know I've been doing a little bit of work on the website because we're putting some new stuff together for people. For y'all and I, I went to CraigPeterson.com/subscribe and just tried to check it out. So guess what. It doesn't work. Slash Subscribe to me. I just hate it when that happens. [00:02:35] So if you have tried to subscribe on my website before to get my weekly newsletter or get some of my special reports because you get, I think it's four of them when you subscribe, I send those off to you and you went to CraigPeterson.com/subscribe to subscribe. It may not have worked. So I'm going to be working some more on that this week. [00:02:58] I got that problem and then I've got a problem as well with the text number, the (855) 385-5553 number. And I guess it's kind of like the cobbler's kids that have no shoes, right? Where man. There are so many things that I need to do and I've been doing for customers and lately, I've been doing even more for non-customers, is trying to help everybody out because there are so many people that are in such dire straits right now. [00:03:26] You know, all businesses have changed. Talking about the pivot and pivoting to work at home has been a very big deal. In fact, I'm going to. Probably have a little course on that coming up here in a couple of weeks. What to do if you a business and you're kind of pivoting to homeworkers maybe permanently, but certainly for the next little while. [00:03:45] What should you be doing from the security standpoint? I think it's really important for everyone to understand and to do. Many managers are turning to surveillance software and. I got this idea about a norm reminder really from the Washington Post this week now, Washington post, you know, I don't trust him at all for any of their political coverage because they haven't been honest with any of us for quite a while, but some of their technology coverage isn't bad. [00:04:14] It's kind of like the New York Times. It's such a shame because the New York times has such great. In-depth articles on so many things, and then they completely misrepresent politics all the time, like a hundred percent consistent, and it's, so, I'm just always torn. Do I pay any attention to these guys or not? [00:04:35] You know, I certainly look at their coverage too when it comes to the political stuff, cause I have to make a judgment call myself. But man, I don't mind supporting the regular things, but their editorial things are in their decisions as to which stories to run. Sometimes they're just so antithetical to everything, I believe. [00:04:55] But anyway, enough of that. So the Washington post article. Kind of got me thinking about it. So I did a bunch of research and I have one, two, three pages of a bullet point that I want to go through with you. Because I did research. I looked at a lot of things online. I looked at some of the websites of these companies making this, I don't know if you want to call it spyware, but that's kind of what it boils down to and figured out what's going on there. I had looked at some of the legal issues from the federal government side and from the state government, and here's the bottom line. When in doubt, assume you're being watched now. [00:05:36] I think that's a reasonable assumption in this day and age, right? We've all got our smart devices. We're online. We know that companies like Google and Facebook are compiling information to sell it about us, and I'm not sure that that's an absolutely horrific thing. I get more concerned when we're talking about employers surveilling us because if you have a bad boss or not so great boss, what's going to happen when that boss comes down on you for taking a break. [00:06:09] Right? Even a short break, you know? Yeah. You took a 15-minute break or whatever it was that was not, you know, necessary for them to come down on you. That's where I started getting concerned. People losing their jobs over this. Now, in some cases, if you're a transcriptionist and you're paid by the word, well, you know, why would they bother? [00:06:29] Monitoring me. I'm paid by the word, right? Who cares? You know? Obviously I have to deliver in a certain timeframe, but if it takes me all day and I have a 24-hour guarantee and I'm only typing one word a minute,  it's no skin off my employer's nose. And on the other end of the scale, if you are kind of intellectual work and you're working. [00:06:52] At a higher level, if you will, right? You're not just selling your, your keystroke, your fingers. You're actually thinking about problems. You're trying to logically analyze what's going on, what should be done, what shouldn't be done. If you're that type of person while then it's a completely different thing, right? [00:07:12] Again, how do you measure that? Because you might be reading a book, you might, you might have read a book last night and now you're in the office and you're looking at that book from last night cause you want to make some notes on it because you're one implemented into the office and now your employer's looking at you saying, well why hasn't your screen changed. [00:07:31] So that's the other side. So I get really concerned with the employers somehow thinking that this type of monitoring is a panacea for them. It's not going to motivate their employees to work. It just totally reminds me of when I was a professor on faculty out at Pepperdine University, and I taught, back then it was called MIS management information systems 422 out at Pepperdine. [00:07:57] And one of the things we had to look at was something called the Hawthorne principle. And they had done a study in Hawthorne, California of workers on a manufacturing line. And the big question was do they perform better when they're being monitored or when they're not being monitored? There were some interesting studies to this looking at music in the background. [00:08:21] Do you perform better when you have music playing in the background just at a low volume or better when it's quiet? Well, in all of these cases, it depends on what you're doing. Workers tend to perform better. With music in the background when they're doing kind of a rote task when they're working on an assembly line, and it's the same thing over and over and over again, that tends to help those people. [00:08:50] But when we're talking about an intellectual worker who is planning, who's thinking things through, who's writing marketing materials, who's doing software development, in most cases. They perform worse with music in the background and they're better off just having some basic white noise going on, which could be as simple as a fan. [00:09:13] It could be office chatter, et cetera, and I actually use some things in order to put that into the background myself, and I find them to be very, very helpful. You can find all kinds of them online. If you wanted to know exactly which ones I use, send me an email and I'll let you know, just me@craigpeterson.com but I have a plugin that goes into my browser. [00:09:37] That has a coffee shop, the ring of fire, burning, you know, outside a bird chirping, wind blowing, water lapping just, it has a few of those things. And, and I can select what I want and if I need to kind of focus on something, I find that to be very, very helpful. so when it comes to monitoring in the Hawthorne effect. [00:10:04] What they found is that yes, in some cases monitoring people. Worked out better, they produce better than not monitoring people. And that kind of reminds me of a good war movie that I absolutely loved. I don't think it was a great escape. Oh, no. I remember what it was. it was Schindler's list and there were supposed to be making hinges. [00:10:28] These are, of course, prisoners, that are being used as slave labor. And. They are supposed to be making these hinges. And so the guard comes over, lets me see, we make a hinge and he makes one in a matter of just seconds or minute or whatever it is. And then under the Hawthorne. That'd be principal here. [00:10:48] If he makes one hinge in one minute, he should be able to make 60 hinges in an hour. And yet they were only making, I don't remember what any of these numbers were. It's been a long time since I saw that movie. But, he didn't make his many, so obviously he got in trouble, as did other people who were on the assembly line. You know, if there's a gun to your head, maybe you will work better, maybe you will work faster. But in most cases, that's not true. And that was certainly true of these people who were confined to slave labor. They're in the Schindler's list movie. So we're going to talk a lot more about this when we get back because nearly half of the US labor force is now. working from home. [00:11:30] That's according to a study by MIT researchers in April, so just a couple of weeks ago, stick around. We're going to talk a lot more about this when we get back. You are listening to Craig Peterson right here on WGAN, and you'll hear me every Wednesday morning, give or take at 7:30 on with Matt. [00:11:52] Stick around. We'll be right back. Craig Peterson: Hey, welcome back everybody. Craig Peterson here, on WGAN. I hope you're enjoying your Saturday, or if you're listening to me online, whatever day it is, you're listening, and of course, you can get that online experience through any podcast app. I'm on tune in. I'm on pretty much everywhere. You'll just be able to find me by looking for Craig Peterson. [00:00:28] The easiest way is just go to CraigPeterson.com/your favorite app when it comes to podcasts, whatever it is, and it'll just do a redirect for you, send you right to the right spot, whether it's iTunes or Spotify or whatever it is. So we were talking before the break about what's happening here with surveillance scene, surveilling our employees out there. [00:00:55] And we're seeing some major changes. Now, some of these started actually a few years ago because businesses are rightly concerned about their intellectual property being stolen, and they need to know if an employee is. About to leave and leave with their customer list. And I have certainly seen that happen before. [00:01:17] Unfortunately, we often get these phone calls after the fact, after the data's already been stolen, the employee's gone, or whatever it is. But you know, that's kind of the way it is, right? Most businesses and people aren't willing to do anything about it until it goes over the cliff and this case. So what do we do as employers if we want to protect our information? [00:01:41] Because it's proprietary, right? That's called intellectual property for a reason, and the reason that it's proprietary is you just don't want it stolen and it gives you the advantage that you need to have. MIT researchers, as I mentioned before, are saying the nearly half of the US workforce is now working from home, which is absolutely massive. [00:02:06] We're seeing. VPN usage way up, and you know, I have a whole course on VPNs, the free one that I've been doing, and VPNs are not a panacea at all. In fact, they can make things much worse for you if you're trying to be secure. We've got these tattle wearables. Programs out there now that are doing everything from watching what you're typing and alerting the manager if you're typing in certain words that they think might mean that you are leaving their employee. [00:02:40] Right? So going to a website and employment website could cause, could cause a phone call from your manager. But we do have to check this. We do have to be careful. If you are going to be monitoring your employees, you need to make sure it's in the employee handbook. You want to be upfront with your employees and from the employee's side, remember that some of the software will do everything, like keep track of your keystrokes, watch the websites you're visiting, which is always the case. [00:03:13] A reasonable business is going to be tracking website visits. So keep that in mind. But, They're also going to potentially be screen capturing and maybe even capturing a picture from your camera. Some of them also will listen on the microphone and I get it. You know, it can be very demoralizing. [00:03:36] You've been working for a company for years, maybe decades, and now all of a sudden you've been, you're being spied on. Right? You think you've been a good worker, so talk with them. There are no federal laws against employee monitoring. In the private sector. There are a number of state laws, but many of these employers are crossing these ethical lines by continuing to track the employees after they've clocked out for the day. [00:04:05] So if you're an employee. Your best bet may be to just turn off the computer, turn off the laptop. If you have a smartphone that's been issued by the company, turned that off as well. If you have an app that is from the company, you might want to kill it. So it's no longer tracking and make sure your settings on your iPhone are set to only allow tracking while the app is active. [00:04:32] So those are a few things. You can talk to your HR department if you think something's happening that shouldn't be. And if you filed an internal complaint and nothing is really happening, you can file the same complaint with the securities and exchange commission, the equal opportunity employment commission, or the state organizations. [00:04:53] All right? By the way, you don't have to be informed that you are being spied upon. So keep that in mind. [00:05:01] So next step here, I want to talk about something from American thinker.com there's a great article there about big tech and how it is frankly strangling us right now. We have that 1984 ad. [00:05:17] Do you remember that? where. All of these people were sitting in a kind of Orwellian room, a socialist room. Everybody's dressed the same because you only have one type of clothes you can buy. Yeah. [00:05:29] By the way, Hey, thanks, guys. For this, what has it been two months exhibition of what socialism's really like? There's nothing on the shelves right now. [00:05:38] What do you remember that they're all sitting there and they're fighting this technocratic elite. When that woman runs down and throws the hammer at the screen. And obviously it was a pretty gloomy spot that ran, and I think it didn't have first run during the super bowl if I remember. Bottom line, but the tech giants now, like Apple and Google, all of these guys have really morphed into what is now, I think, near totalitarian giants. [00:06:13] No, they are controlling our speech. You got Candace Owens, brilliant woman. She's suspended from Twitter for challenging the Michigan governor. Facebook has flagged the declaration of independence as hate speech. It's incredible what's going on. We see Aaron Renn reporting that conservative and left-wing groups are being pulled down at Twitter, and that was back in 2016 2019 YouTube has been blocking some British history teachers from. [00:06:49] YouTube entirely for uploading archival material related to Adolf Hitler. Yeah. Heaven forbid that we remember what happened with him and YouTube said that these British history teachers were breaching. Guidelines banning the promotion of hate speech, even though they weren't promoting it, they were trying to let people know, Hey, this has happened before. [00:07:15] It can happen again. It's absolutely incredible. And, and where is that line drawn with the national socialists in Germany? Right? You remember? That's what they were. That's what Nazi stood for. National socialists. So the socialists there in Germany, they put out all kinds of a propaganda film about how great they were. [00:07:35] We were only telling half-truths. Sound familiar, right? and they're these British history teachers. Apparently we're putting some of these apps so people understood what it looked like to have manipulation coming from the government. So they deleted the videos, abrupt loaded to help educate future generations about the risks of socialism. [00:08:00] It's absolutely incredible. Now, Michael Cutler wrote just a couple of years ago that Twitter has, I love this language now morphed into a means of thought control. Through the control of language. Now we have, through the government, through the legislature and the federal level, we have given these companies immunity from prosecution in most cases because we say, Hey, it's like a public bulletin board. [00:08:30] People are up there saying stuff and YouTube and Twitter, et cetera. You're not liable if someone posts, posts, hate speech, et cetera, on your site. And now they're acting as though they might be liable. And so now because they're acting this way, should we remove their, their special treatment of being basically common carrier? [00:08:57] They're, they're saying, Hey, listen, we're, we're more like the telephone company than anything else than a newspaper. We don't have editorial control over the content and we don't control the content. Well, guess what? Those days are long past us. We need to make some changes here, okay? These big internet companies know more about you than you know about yourself, frankly. [00:09:20] And there's a study that came out, this was a years ago, where average consumers are checking their smartphones 150 times a day, and that number. Has grown, so we've got to make some changes. All right, everybody, stick around. We'll be right back. We're going to talk about some attacks that are going on. If you like to go online, visit websites, or particularly if you have your own business or personal website. [00:09:46] I got some news for you about attacks that are underway right now. Stick around. You're listening to Craig Peterson on WGAN. Craig Peterson: Hey, welcome back everybody. Craig Peterson here on WGAN yeah. Big tech is strangling us. We talked about that and how laws really need to change. I know that Chairman Pai over the FCC has been trying to tighten the things up a little bit, but there's been a lot of pushback from the left end from some people in their bureaucracy. [00:00:26]We also all already talked about the managers turning to surveillance software. And I understand why many of them are doing it to protect their intellectual property more than to make sure you're working at least. That's been the case historically. Now they're doing a little bit differently. They're actually trying to make sure you're working. [00:00:46] So if you are someone that has a website and it could be just a basic website, like something that you have for your local boy scout troop, or many, many of the other ones out there, your very likely to be using some open-source software called Wordpress. [00:01:07] WordPress is a great piece of software and I've been using it for many, many years. I used to hand-roll websites, which means I was sitting there writing the HTML code and putting everything in and it just wasn't very pretty. And then I moved over to an Adobe product. To do it. And then, then I went to something called WebGui, which was another piece of software to help run websites and build them. [00:01:35] And then I ended up on WordPress and I've been there for many, many years. Basically, since WordPress started. It has been quite a great little. Tool. So if you're thinking as well, by the way of putting up a website, let's say you want to start a business. Let's say you are a brick and mortar business, and frankly, you're looking to transition from brick and mortar to online first, which is what I think every business needs to be doing. [00:02:03] I want you to have a serious look at this. You can find it online. There are two WordPress sites. There's wordpress.com that you can go to online. And WordPress dot com just takes care of everything for you. They, they're a hosting company. They have themes. You can use a, they make it really quite simple. [00:02:25] It is not the most flexible but let me just give you a little bit of warning, but. All right? In this day and age, it's like 35% of the web is built on WordPress, so I'm looking at the numbers here on their website or their pricing plan. And for personal use, it is $4 a month. That is if you are paying for a year at a time so that that's hard to beat, isn't it? [00:02:59] And for premium, which I say is best for freelancers, it is $8 a month. Again, if you pay a yearly small business, they've got $25 per month and e-commerce. $45 a month. Now, the main difference between all of these different price points for WordPress. It has to do with domain name registration. Like if you're free, you probably don't have your own domain. [00:03:28] If you're a business, you're going to need your own domain name. Some of them have live support, 24/7 some of these, the basic packages only have email support. Premium themes are only available in the higher packages. You know, the business ones, which are premium business and commerce, they've gotten marketing and monetization tools that you can use at the business level. [00:03:54] Some search engine optimization, some advertising analytics, they have just a whole bunch of things that you can do. And then, then the highest end in e-commerce, they're adding on accepting payments and 60. Plus countries. Integrations with top shipping carriers, unlimited products or services, eCommerce marketing tools, premium customizable starter themes for 45 bucks a month. [00:04:22]So then this is kind of a duh, if you are looking to start a little business and have it online, if you have a business and you're looking to move it online, we're talking about WordPress right now. So wordpress.com is where you go for all of that. Now I get more complicated, than any of these provide for. [00:04:45] So I can't just use wordpress.com and I actually use WP engine as well as I self hosts some sites. In other words, I have my own servers because of my company Mainstream, we have our own data center. So why not? Right. But in some cases, like my bigger websites, I have up at WP engine and they maintain everything for me. [00:05:10] It's actually running on a Google platform, but they will automatically size it, resize it, and I can do absolutely anything I want. So if you want to be able to do anything you want, you're not going to use a wordpress.com. You're going to go to wordpress.org. Now, wordpress.org is the software that is behind wordpress.com and it's the software that I, again, 35% or so of the web uses. [00:05:43] I actually think it's probably higher than that, and most places use WordPress nowadays, and it's just so flexible. It's no longer just a blogging platform. And they have some built-in beautiful themes. I use something called Divi, which is a page builder. There's a few of them out there, Beaver, Ellementor. [00:06:03] Those are the three big ones. And if you're interested in, in thinking, Hey Craig, maybe you should do a class on this for us. Well, let me know. I'd be glad to put something together, but you got to tell me. Right? I just don't know. Otherwise, me, Me@craigpeterson.com if you'd like a class on this, and I know some people like Nancy Fields out there who she'll help people with their sites and put them together, but wordpress.org is where you go to get the software you need to put on too. [00:06:36] Some of these hosting services that you can use, and there's a million of them out there. Really. There's a lot, and then the kind of the ultimate, if you will, as the WP engine guys, but I brought this up to let you know the basics, right? This is what you want to look at. If you're thinking about going online. [00:06:54] But on the other side, I want to warn people right now because security teams and businesses have their hands full dealing with these COVID-19 related threats that are out there, and there are a lot of them, and right now the biggest problem isn't the hackers. The biggest problem is people clicking on emails and then getting ransomware. [00:07:16] We have a client that just. Yes. No, it was earlier in the week, I think it was Tuesday, one of their employees downloaded some software and he needed some software for windows to do some screen grabs cause he wanted to just grab a few things for off of the screen and save them the, save that graphic and use it in some documents. [00:07:38] So he went online, he did some searching and he found some screen. grabbing software, and lo and behold, there's this wonderful screen grab software for free that he downloads, and guess what? It's ransomware. So because we were doing all of the stuff for them and we had the really, the top anti-malware software that's out there very advanced stuff. [00:08:03] It detected it, it stopped it, it stopped it from spreading almost. Instantly, and that was just a phenomenal thing to have happened. It stopped it and it stopped the spread right away. So right now in WordPress, we're seeing a 30 fold increase in attacks on WordPress websites out there. , this is just dramatic. [00:08:27] So if you are running a word press word site or website, you're going to want to really, really have a look at it, make sure it's completely patched up because just like windows and Mac, iOS and iOS and Android, you have to apply patches. Man. It's like a grand central station here today. People in an out. [00:08:48] Anyhow, let's see. A million websites were reported, attacked, in the week from April 28th for one week. On May 3rd alone, they counted in excess of 20 million attacks against some half a million WordPress sites. It's just absolutely crazy. And by the way, they're coming in from more than 24,000. [00:09:10] Distinct IP addresses. What that means people are your machine to have been compromised and the bad guys are using them to launch attacks against websites and other people, which is not news, but it is news to most of those 24,000 people whose computers. Are being used to launch attacks. [00:09:32] You are Listening to Craig Peterson. Stick around because we're going to be right back. Talk a little bit about Zoom and how they are going to fix their chats. Stick around. We'll be right back and of course, visit me online at CraigPeterson.com. Craig Peterson: Hello everybody. Craig Peterson here on WGAN. You can hear me here every Saturday from one till 3:00 PM and on with  Matt  Gagnon Wednesday mornings at 734 this week because the mayor was on, let's see, it was Friday at like eight Oh eight or something like that. So. Was very, a little bit, off. But I'm here from one til three. [00:00:31] Anyways. And for those listening online, of course, I am on pretty much every podcasting app out there. And in some ways, I'm one of the pioneers of this thing. I've been doing this podcasting stuff for over 20 years, so for a very, very long time. I don't know, it kind of makes you feel old. So, so far today we just talked about WordPress and how you can use that. [00:00:53] For your business where you can go online and order to find the right hosting environment for your WordPress site. We talked a little bit about how WordPress also has security vulnerabilities like anything else and what is going on right now. I also spoke about half an hour ago here about how big. [00:01:16] Technology is a drag, just strangling, just totally strangulating all of us with their censorship free speech just doesn't exist when you're talking about the big guys. And then, of course, we started out the show talking about surveillance software in what managers have been doing with the surveillance software over the years. [00:01:42] It's really bad, frankly. What's been going on. And right now we're going to talk a little bit about something. Pretty much I think everybody in the country's been on, and that is zoom. Now, if you have not been on zoom, let me just explain it really briefly, and that is zoom is a video conferencing. App, it's been around for a while now, was written by a couple of kids and they did a terrible job with the security side of things. [00:02:14] It works well, it's easy to use, and so they did a very good job on that. And frankly, if they hadn't, they wouldn't be kind of the premier video conferencing app right now. We just used it for mother's day. I set up a zoom conference for my mother and of course my stepfather, and we did another one for my, my father, and my stepmother, and we had the kids on there like 16 people called into it, and I chose zoom. [00:02:48] Knowing that it was easy to use, that a lot of people use zoom and really like it, but also knowing about the major security problems. Right? We're talking about mother's day, so I'm not worried about losing intellectual property. I'm not really worried about having people's zoom bombed me, and that is where zoom bombing has been going on like crazy. [00:03:12] But zoom bombing is where somebody. Gets onto your zoom conference and does something nasty. anything from sexual stuff through, I, I've heard of, swastikas coming up, you know, the good old socialist national socialist party of Germany and world war two I've heard about all just all kinds of terrible things that have been coming up. [00:03:37] So I wasn't worried about Zoom by me, so because I wasn't worried about privacy. Intellectual properties, zoom bombing. Okay. It's fine because I have a small business account on zoom. Now when I am doing something for my business, this business-related or I'm concerned about intellectual property or security, then I use WebEx because it is a, not just a regular WebEx, but a secured WebEx because it is a. [00:04:05] Very well known commodity out there, something that many people, have been looking at and the federal government uses, military uses, et cetera, et cetera. So that's kind of what I do. So zoom has had a very, very bad rap as of late and for, I think, frankly, it's for many, many good reasons. And I'm, I'm on Google right now, and you know, I recommend you use duck, duck, go. [00:04:32] But I'm going to use Google because of the fact that that's what most people are using. And I wanted to have the same results you'd see. So I just went into Google news and I said, zoom security. And it's got a, the latest updates, the highs, the lows. Here's what you need to know. Avoid the app and do this instead. [00:04:53] Here's why. It's from Forbes. Zoom five offers new security and privacy features. That's the new version of zoom, the new major version that they've released. In case you didn't get that notification, make sure you upgrade zoom. zoom settles with New York attorney general over privacy and security concerns. [00:05:13] This is just two days ago. Zooms tips for safety as recommended by video conference, express zoom issues, play security issues, plays a spotlight on other video platforms, privacy troubles. but here's the one that I think is kinda interesting. This one's from. Forbes and that is Zoom buys key base in bold, new security move. [00:05:37] How this could change everything. If you've been listening for a while, you know, I've been talking about how there are still security jobs open. You know, right now, security is kind of at the bottom of the list for most of the businesses out there because businesses are saying, Hey, we just don't know what's going to happen with our business going forward. [00:05:59] So, let's just drop security who need security, right? Yeah, yeah, exactly. That's a bit of a problem if you ask me. And so because of that. I, you know, there, there's probably been a drop, I think, in the number of security jobs that are currently open, but we were talking about two and a half million, you know, up to 3 million open cybersecurity jobs before this whole pandemic. [00:06:26] It is, frankly, we need security now more than ever as business people and at home because we're under attack more than ever. But this is Zoom's first acquisition. Now I would actually call it more of an acquire than an acquisition. And if you're not familiar with that term, it's big probably because it's a pretty new term. [00:06:52] And an Aqua hire is where you find a company that has talent in it that you need or you want. And so how do you hire those people away? You probably can't, and it is a team of people working there, so you got to figure, they probably work together. They know how to work together. They know what some of the things are they need to do to work together. [00:07:19] So you just go ahead and you buy the whole company. So they're calling it an acquisition. In reality, this seems more like an acquire and Zoom got this 90-day plan to improve their security in this whole video conferencing system. We'll see what ends up happening. The terms of this deal weren't disclosed. [00:07:41] I'm sure a part of it is usually, Hey, all of the employees have to stay, or these key people have to stay. And then as part of the acquisition, they'll pay everybody some sort of an amount. So it isn't just the stakeholders. They're stockholders that make money off of this. Everybody stays around, but this is their first acquisition zooms nine years old in case you didn't know that if you thought they just came out of nowhere. [00:08:09] It's one of these overnight successes that took nine years to get there, but they're saying that as of a couple of weeks ago, there were 300 million people. On zoom, that's dramatic. In December, it was estimated that there were 10 million people. Now for the FBI InfraGard webinars that we were running, the FBI wanted us to use Zoom. [00:08:34] I don't know why, but that's what InfraGard wanted us to use. That's what I used. So we were part of that 10 million. To up to 300 million. Can you imagine that kind of growth so you can see how they had to do something, do something fast? They could not just staff up for it, but they're planning on creating a secure private and a scalable video communication system. [00:08:58] Part of the problem they've had recently when it comes to scalability is they have been routing people's teleconferences through China and other parts of the world. And of course, those really upset people when they found out about it because of course China sits there and spies on everything that's going on now. [00:09:19] The company that they acquired is called Keybase. They spent the last six years building a secure messaging and file sharing service. And with this, users can chat and share with team members and communities knowing that the messages are end to end encrypted. So the other thing with this acquire that zoom may be getting is the ability now to have chat and file sharing, which is something that. [00:09:49]Microsoft teams have that WebEx teams have, right? That's what the team's apps have. And even Slack has built-in now some communications ability. You can have small meetings and make calls to other users. And zoom is planning on putting this encrypted end to end meeting mode in for the paid accounts. [00:10:12] So if you have a free account, you're probably not going to get it, at least not initially. And then they're going to use public-key encryption, which is something that is, say, Pattonville a little bit of a go. But it's absolutely the way to do it. So I'm glad to hear that there are some adults in the room now over at zoom and they realized, not invented here syndrome is not going to help them grow. [00:10:37] It's not going to solve their security problems. And so they, I acquired a company that has been doing this type of security for quite a while. So, okay, here we go. This is a, an article from, this is dark reading, I think. Yeah. and they're saying as part of the deal, key basis, team members will become zoom employees. [00:11:00] So there you go. Okay. they, so they are planning on publishing a draft for their cryptographic design, next Friday. So it's coming up pretty soon. So we'll keep you up to date on this. I promised I would in the past let you know what zoom is doing and how they're doing and where they're going, et cetera, et cetera, et cetera. [00:11:21] So I'm really glad to hear that zoom is pulling up their socks. So we are going to go away for a quick break. And when we come back, we're going to talk about one of these companies that has smart hubs and what they have done. And this is kind of a story about what happens at end of life. And it's something that every business needs to think about. [00:11:48] If you're using salesforce.com Microsoft, you name it. Those companies are eventually going to go out of business. What happens when they go out of business? What's going to happen to your data? Whose data is it anyway? And in many cases, these companies are saying. It's my data. We own it, and if we lose it, we don't know you. [00:12:17] Anything. Real problem. If you asked me, so stick around. We'll be back here right after the break with news, et cetera, and we'll be talking more about all of this. You're listening to Craig Peter's son, right here on WGAN, and make sure you visit me online. Go to Craig peterson.com make sure you sign up for my newsletter so you can find out about the various cool stuff we've been working on and then we'll have out for you very, very soon. [00:12:45] Take care of everybody and stick around cause we'll be right back. Craig Peterson: Hey everybody. Welcome back. Craig Peterson here on WGAN and of course online as well at craigPeterson.com. We have been talking about a bunch of stuff today and you know, if you missed any of it, you can go to my website, Craig peterson.com this includes why businesses are using surveillance software. [00:00:25] To where what you can do as an employee if you think they are spying on you and what are your rights when it comes to some of this stuff, I talked also about what is happening with big tech and censorship and it really is a big problem, WordPress and how you can use that as a business. You know, if you are brick and mortar, you probably want to try and transition to more of an online model. [00:00:53] But even if you have a little bit of both, maybe WordPress is the way to go. So we talked a little bit about that when you can get WordPress as a service and also what you can do about it yourself. And by the way, attacks on WordPress are have gone up 30 fold in just the past few days. And then just before the top of the hour, we talked about zoom. [00:01:17] And how they have acquired a company in order to have end-to-end encryption on zoom. And I bet you also because of this acquisition, who they purchased the zooms going to be seen a new feature here where they're going to be doing a little bit of conferencing and. Collaboration. So I think that's going to be a good thing. [00:01:40] It's going to give a little competition to WebEx teams and also to our friends at Microsoft teams. Now, how many of you guys out there have been using some of these services. For your internet of things devices now, internet of things, devices that I'm talking about here. My kind of definition is anything that would normally be considered just a piece of hardware, you know, something that you turn on and use. [00:02:10] A good example would be some of these thermostats many of us have right. We've got these, now it's Google nest thermostats or some of the lights that we have. Well, many of these devices require what are called bridges because they using different technologies. So for instance, in my home, I've got some. [00:02:35] Now Apple home equipment, and of course we use Apple equipment almost exclusively in my business, and we have iPhones with iOS and Apple's home. The Apple home is the most secure way of controlling near your internet of things devices. The problem is that not many people make devices for Apple home, and that is because they are a little bit more expensive to make. [00:03:05] You have to have better encryption software. You have to pay the Apple tax because Apple developed it and Apple is going to charge you as a manufacturer to use their technology. So many of these companies have kind of gone off and done their own thing. We have some hue lights as well. H U E from Phillips. [00:03:25] Great lights, by the way. And those are all, again, controlled remotely, and we've got it tied in so that our iOS devices, our I-phones can turn on and off. The hue lights can turn on and off like our family room lights, et cetera, and can change the colors of lights. But because my internet of things devices are not directly compatible with Apple home, we had to get some special hubs. [00:03:58] So we have a small hub, and that hub speaks both the hue protocol. It speaks to a protocol that is used by the light dimmers in our main rooms, and it speaks Apple's protocol. Now. Were totally geeked out. So guess what? We have Linux running on a box. It does all of that stuff for us, right? So we can maintain it, we can update it, we can upgrade it. [00:04:23] We know what's going on. Just because I'm paranoid doesn't mean they're really not after me. Right. Well, there is a company out there called Wink that many people have been using for quite a while. Wink, I should say, looks pretty darn good. It was launched first about six years ago, and the idea was to be able to connect and control all of their devices through just one master wink interface. So wink exists to really kind of simplify life for somebody, right? [00:05:00] That's really into the internet of things. You've got your lights, you got your locks, your thermostat, your cameras, your appliances. And they're all coming from different brands and they need different apps to operate. [00:05:13] Nowadays. You even see refrigerators and ovens. Man, I think I saw the first internet-connected one about six years ago as well. Our washing machines, dryers, all of these things, and they're different brands, and even though they might be using the same protocol, it doesn't mean as implemented the same way. [00:05:35] So these devices just can't speak to each other. Enter wink. Now there are a number of different devices out there that can be used as a smart hub, but speak to different, you know, different protocols, different vendors, everything else. But a lot of people went to wink because you bought it once. And that's it. [00:06:00] It was free for the rest of your life. Now, wink cost more yes than some of these others, but you did not have a monthly subscription fee that you had to pay. Well, as of this week, Wink is starting to charge on a monthly basis for their devices. The quote from Wink and obviously then they're looking for cash. [00:06:24] Now, who isn't? Wink has taken many steps in an effort to keep your hubs blue light on. That's the light on the Wink Hub. However, long-term costs and recent economic events have caused additional strain on our business. Unlike companies that sell our data to offset costs associated with offering free services, we do not. [00:06:48] Little jab there at Google. Data privacy is one of Winks core values. And we believe that user data should never be sold for marketing or any purpose. So basically what they were doing is, no grandfathering. The mandate here is to pay up or we're gonna shut you off. Here's what they said. Should you choose not to sign up for a subscription, you will no longer be able to access your wink devices from the app with voice control or through the API, and your automation will be disabled on May 13th your device connection settings and automation can be reactivated if you decide to pay up,  excuse me, to subscribe at a later date. [00:07:35] So there's no warning. It's now $5 a month per device. Think about how many devices are out there and how many devices people might have. Right? I'm a little unclear as to whether it's only $5 per house because you might only have the one Wink Hub or if it's $5 per month per device. That's kind of how I read it, so it could be really, really expensive and people are very upset about it. [00:08:05] You know, on Reddit there are thousands of responses to this company's tweet that was posted there. Most people are just absolutely angry. You know, they paid a lot more to get something that had lifetime support, and here it is, no life-time support. Right? So this feels like a variation on a familiar theme because it's happened many times. [00:08:29] You know, these internet-connected light bulbs. Many of them no longer work as a company went out of business and the servers got shut down. Smart scales. Some cases they just got dumb and they show you your weight to no longer show you your history or weight loss or anything, and in some cases, they just don't work at all because the companies pulled the plug on the apps. [00:08:51] These pet feeders. We've talked about a couple of cool ones here. They've gone. Out of business, they completely stopped feeding pets. How about these vacuums that we have in our homes that are all automated? They're running around cleaning the houses. So this is nothing new. We have seen companies go out of business before, right? [00:09:12] You've seen companies go out of business, right? Tell me. You have told me I'm not crazy. And when the companies go out of business and they're providing a monthly service for you. Then what happens? This gets to be a very, very big deal, and I also want to caution businesses because it reveals a major hole in this whole cloud business. [00:09:40] You know, we look at the cloud and say, it's going to make my life simpler. It's going to keep my costs down. I don't have to worry about the side of it anymore. I'll just use this cloud service like Salesforce for instance, or, or Dropbox or whatever it might be in reality. [00:09:59] Now, remember that your core business information, your intellectual property regarding your customers, regarding your orders, regarding your sales, your inventories, all of the stuff that is now in the hands of a third party. So what's going to happen when that third party. Goes out of business, it could be really, really bad for you. And for me. [00:10:27] So one of the things that we always advise our customers is to make sure you have a third party in a place that's securing these cloud-based apps and is doing backups for you. [00:10:43] So for instance, most of them, Microsoft. Office through the, what do they call it now? Windows three 65 plans or whatever it is. Those email accounts don't have backups and there's no guarantee from Microsoft that they will not lose your data. So are you backing that up as well? That I think there's a lot of lessons for all of us in this, and be careful when you're buying something. [00:11:11] We just got a new dryer. I made sure you were not internet-connected. I don't want a dryer from a company sitting in my house on my network, even though I've got it separated out into the internet of things network. I don't want that device sitting there potentially providing a breach for the rest of my network. [00:11:34] So think about that, be careful with that. You're listening to Craig Peterson right here on WGAN. Stick around because we're going to talk about how Microsoft is getting rid of passwords. We'll be right back. Craig Peterson: Hey, welcome back everybody. Craig Peterson here on WGAN. Thanks for joining me today. I always appreciate it and I love getting your emails. I've got a couple of great ones this week. Again, Gary was out there letting me know what he was having some problems with. In fact, I even ended up getting on the phone with him to help him out a little bit with this whole tracking thing. [00:00:26] He was thinking that his GPS was being used to track him, and some people were really trying to mess with him while he's trying to make some money driving around. So I explained how the app he's using as a paid driver works, how tracks him, and how he can stop it from tracking him when he's not working. [00:00:47] So if you're driving for Uber eats or grub hub. Et cetera. That's, that's the sort of thing he's doing. And he was really kind of wondering about, because some people were changing the delivery point on deliveries and he'd show up at the new address and there's nobody there, and there's nobody at the old address. [00:01:07] And so he was really having some issues. Yeah. Obviously that can be a problem. So if you have any questions, whether it's about grub hub or anything else, by all means, just email me, ME@Craig peterson.com. Let me know how I can help. I'm always glad to give a little bit of help for absolutely nothing. [00:01:28] And obviously this is what I do for a living as well. So you know, if, if it's a lot of work, then I'm going to have to charge you. But anyhow, Microsoft. Now. passwords have been kind of the bane of my existence forever. I remember the very first time I had a password, I don't remember what it was. It would have been pretty simple back then but that was the early 1970s, and it was a non-online timeshare. [00:02:00] The Computer, an HP, I think it was like a 2000 access or 2000 after that got upgraded to an a and it was so totally cool. It was my first real computer access and we had a teletype, a TTY33 yay. Seven level. Yeah. So it was an a, it was really, really cool. [00:02:24] And that was my first major introduction to computers way back then and we had passwords now, the head of the, of the math department, and that's where was at the time I was in school then it was inside the math department. He always used some variation of his name for his password. And I still remember to this day, his name was Robert Allen Lang. [00:02:53]So, hi, Mr. Lang. If you're, if you're still around, actually, if you're listening, but He would always use a password that like R A lane or R Allen lane or, you know, you could always guess what his password was, so we would guess his password. And we'd use that to get more access. So for instance, our accounts could only have so much storage and the accounts could only have so much time per week to be used. [00:03:26] We just loved using as much time as we could. Oh, man. One of these days, I'll tell you some stories. And so we would hack into his account. And once we're in doing his account, we then gave ourselves upgraded privileges and online time and kind of everything else. So yeah, you know, that's what you do when you're a kid, but anyhow, you know, teenagers right? [00:03:54] Fast forward to today and passwords are still a problem. I've been using pretty darn good passwords for a very, very long time now, and as you probably are aware, if you sign up for my email list, I'll send you a special report on passwords, but you might be well aware that I really like one password. [00:04:16] It's by far the winner. There was some other half-decent password managers out there last pass being one of them, but 1password, absolutely the winner. And we also use DUO, which is a two-factor authentication system. So between the two of them, we're pretty secure and I have it generate passwords for me, which is really nice, and it'll generate passwords. [00:04:39] It's funny, many times I'll have a like a 20 plus character password and the website I'm on just doesn't support that. Sometimes it'll ask all, you didn't put enough special characters in, which, as you know, just doesn't count anymore. So make sure you get my password special report so you can see what the current advice is. [00:05:01] And it's really changed recently, current advice for passwords and what you should do. So we've got world password day and every year we talk about passwords and what you should do. And this is the first year I think we're seeing more people starting to really use new forms of authentication. We're working from home even at work, and people are starting to understand just how insecure and ultimately how costly passwords really are. [00:05:38] Our cybercriminals don't need advanced techniques when they can just bet on human behavior. Ponemon Institute did a survey in 2019 and this is all on security behaviors. Okay. And they found that 51% of 1700 information technology and information technology security professionals reused an average of five total passwords again and again and again across both their business and their personal accounts. [00:06:17] Now that is a very bad thing to do. There's something called password stuffing where they steal your password. And remember a couple of weeks ago I mentioned a, "have I been pawned" or powned website? And there's a feature that I put out as well. I don't think they're airing on WGAN, but they are on some other stations all about powned passwords. [00:06:41] Well, Once a password has been stolen and they know what it is and they know what your username is, they just start automatically going and checking banks, trying to log in with that email address and that password. So having the same password that you're using on more than one system is a very, very dangerous habit because if they get ahold of just one password, they know they can use it on other sites and they're probably going to be able to get in. [00:07:16] So this single compromised password can create just this chain reaction of theft and liability, frankly, on your part. And on average, one in every 250 corporate accounts is compromised each month. Think of that one in one in 22 really accounts is compromised every year. Wow. That is huge. I don't think I've ever seen that stat before. [00:07:48] So this expense of using passwords is really continuing to grow because we're using more business applications online, aren't we? I just talked about the cloud and some things she needed to be careful of with the cloud. Well, the cloud requires passwords and we're using those same passwords. Man. That is bad. [00:08:12]By the way, password reset is one of the highest support costs, especially in larger businesses. And that means that companies are dedicating 30 to 60% of the support desk calls to just resetting passwords. So. We all have to understand it better. We all need a multifactor authentication. The very least two-factor authentication and Microsoft now has this passwordless login. [00:08:43] You might've used it, you might've seen it where it's using the camera on your computer, and sometimes it's using other biometrics, like your fingerprints, et cetera. And there are new technologies out there that are being deployed, including in web browsers that we'll be talking about in the future as they get a little bit more well adopted. [00:09:03] But some of these keys, these USB authentication keys have a built-in, it's called Fido - FIDO so if you're interested, you can always dig that up and we'll be covering that. To a, you know, a future show, as I said, and I do do some training on that with my mentorship site. All right, everybody, stick around. [00:09:25] You're listening to Craig Peterson on WGAN and I'm going to talk a little bit about remote work and now. The security fight that's happening in the cloud. Make sure you join me as well. Wednesday mornings at 7:34 with Mr. Matt Gagnon morning drive time as we talk about the latest in technology. [00:09:50] Stick around. I'll be right back. Craig Peterson: Hey, good morning everybody. Craig Peterson here. We started out this whole show talking about surveillance here that managers are doing as they're surveilling their employees. I want to talk now a little bit about surveillance where we should be keeping an eye on our cloud devices. And our endpoint. [00:00:28] So let's start out with the cloud. You know, I call them devices. In some places, you might be using a server that's living up in maybe Microsoft Azure or Google's cloud, Amazon cloud, Amazon web services, et cetera. Those systems can all be compromised. And yeah, they're sitting in the data center. Yeah. You don't have to pay for the hardware or the electricity or the cooling, which is really nice. [00:00:58] Yeah. You don't have to hear all of the noise they make in the background, but many businesses have found that, wow, the cloud really isn't the panacea. I thought it was. And they're actually moving it back out of the cloud. And that's particularly true of businesses that have security concerns due to regulations because moving to the cloud does not absolve you, from these regulations. [00:01:27] Now we've got this additional problem of people working from home, so they're using either their own computers or maybe a company computer at home. They might be connecting to the office, but it's just as likely, maybe even more likely that they're connecting to a cloud service somewhere. Not, not just for collaboration or for meetings, but to do their basic work. [00:01:51] As more and more businesses are saying, Hey, why should I be paying for the software or hardware, et cetera. Let's just move it all to the cloud. And we're seeing now States and cities that are starting to lift some of these stay-at-home orders, but frankly, this increased level of employees working from home. [00:02:12] Is not going to disappear. Sure. It'll get a little smaller. Many businesses are going to be calling people back and they are going to be working from that office, but many people are in businesses that are going to continue that move over to the cloud. So what are the security challenges that come from a hybrid infrastructure? [00:02:35] Almost three-quarters of companies expect at least 5% or more of the former onsite employees to work from home on a permanent basis. That's not a lot, but 5% when you add it up over all of the small businesses, that is a lot because half of all employees in the country work for small businesses. And a quarter of businesses are planning on keeping at least 20% of their workers out of the office post-pandemic. [00:03:06] And this is according to a survey of chief financial officers by the, it's maybe you guys know Gartner right? Gartner group. They're research firm, so their numbers are usually considered gospel in the business world. With this remote work comes even more cloud usage, and that could be a problem for a lot of companies that have issues with the visibility into the security of the cloud. [00:03:33] Now. You might be as a business relying on maybe some permitter defenses or maybe some on-premise security software and appliances to help keep your systems and data safe. Now, most of the time, small businesses aren't using the right stuff. They're just using some equipment that they got from, you know, a random break-fix shop or heaven forbid at staples or where they ordered it from Amazon. [00:03:59] You can't, you just can't get the good stuff from any of those places. But that's not going to work anymore at all. When we're talking about remote workers cause people are in their homes and they're using cloud services that you just don't know the security level of, you might not know what the patch level is of windows of the software that's running on windows. [00:04:26] You might not know any of that stuff. Right. But we are going to see a major shift so. Let's talk about it a little bit here. We're just seeing, you know, massive, massive growth. I'm looking at these numbers in telecommuting. It was growing slowly before, but now many technology firms, particularly marketing companies, are relying almost exclusively on people working from home. [00:04:53] IBM had moved people to work from home and then found that experiment to be a failure and moved everybody back into the office. Now, that was back in 2017 they pulled them back in and made them work from an office in one of six cities. While IBM now has moved almost entirely to remote work and they've got 95% of its current workforce working outside of the company offices. [00:05:21] IBM, by the way, is a major player in the cloud in case you weren't aware, they were way more prepared for this problem than many companies. It com and infrastructure information security groups. Absolutely true. So coming out of this, we need to embrace the fact that we have to continually be ready for full. [00:05:43] Remote workforce. What is going to happen? And, and I'm, I'm on governors, the governor's task force here on education, on re-opening education. What are we going to do? And of course, I'm the security guy, the technology guy, actually one of the technology people on that task force. And we had a meeting this week and we were talking about it. [00:06:07] Okay, fine. So we've got the COVID-19 thing and it's eventually going to be a thing of the past. But thinking about the teachers that are 60, 65, 70 years old, what happens when there's another virus? What happens when the annual flu or curves. Are we going to be shutting down our offices again? Are we going to be shutting down our schools again? [00:06:32] Are we going to maybe try and do quarantines as we've always done in the past where we say, Hey, if you are sick. Or if you are vulnerable, you just stay home because this is happening more and more. We, we had SARS very, you know, that wasn't long ago. Right? That was another covert virus that we had. We had to MERS. [00:06:56] That was another COVID virus that we had. We've had a number of these things. I'm thinking about Ebola, which I don't think was a COVID virus. They're happening more and more. And as we have more and more people in the world, the likelihood of them occurring is going to be even greater. So if you are a business person, and then the case of where I'm on the governor's task force, looking at education, if, if we are a school, what are we going to do in the future? [00:07:30] And I really think we have to realize that we have to be able to have our businesses basically work remotely. So I want to encourage everybody to really keep that in mind as we're looking at this going forward. What can you do in order to make your business covert proof? Now, it isn't just the COVID-19 what happens if there's a fire in your building burns down. [00:08:00] What happens if there is a major lightning strike and it burns up all of your computers just zaps them. What's that all going to mean and what's going to happen with the next 12 months? Are we going to have another massive spike in the COVID virus or are you ready for that? We got to think about it. [00:08:21] The other side is the endpoint devices and we're seeing right now. Six and 10 remote workers using personal devices to do work, and almost all of these workers believe that the devices are secure. CrowdStrike had a look at this and said that people are naive. Six in 10 remote workers are using personal devices to do work and all. [00:08:48] Almost none of them. Are properly secured, and we've got attackers now focused on targeting the remote workers. They're going after VPN technology technologies, which is part of the reason I say don't use VPNs, right? It's where the people are and it's where we're getting it back. So be ca

Welcome!   Today there is a ton of stuff going on in the world of Technology and we are going to hit a number of topics today. How will Iran Retaliate - Kinetic or Cyber retaliation, Automotive Automation and LIDAR Sensors, CCPA Takes Full Effect, Updating Legacy Technology, Cloud Migration Considerations, Cybercrime Metrics, Industrial Control Systems under Fire from Hackers, Ramping up Insider Threat Intelligence, Budget and Security Decision Surrounding Cloud Adoption and more on Tech Talk With Craig Peterson today on WGAN and even more.  It is a busy show -- so stay tuned. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Bombs will not be Iran's retaliation - Technological hacks are more likely Soon Most New Cars May feature Light Detecting, and Ranging (LIDAR) Sensors Businesses In For Rude Awakening as CCPA Takes Full Effect Hackers Preying on Old and Decrepit Technology Cloud Migration Considerations to Take into Account Metrics Can Not Adequately Describe The Pain of Cybercrime Zeroing In On our Industrial Control Systems  How Mature is Your Insider Threat Intelligence? Nebulous Budget and Security Concerns Affecting Cloudy Decisions --- Machine Automated Transcript: Hello, Everybody, Welcome. Welcome. Of course, this is Craig Peterson. I'm live on the radio and WGAN and also heard on the Internet at Craig Peterson dot com. I'm on Facebook and YouTube. I did a couple of lives this week that hopefully, you were able to watch. If you didn't see them live, they're essential to know because I was talking specifically about attacks that were underway from Iran this week. And I'm going to be getting into that a little bit as well today. So continue to pay attention to today's show. Now, if you are a Facebook fan, I love it. If you would go ahead and like my page over on Facebook, Follow me just go to Craig Peterson dot com slash Facebook, Craig Peterson dot com slash Facebook now. You know that I'm continually warning people about Facebook and some of the things Facebook is doing some of the things that are well, perfectly legal, but maybe things you don't want to have done to you, like all of the tracking Facebook does. But that means you might want to use something else. So what else you're going to use? Well, Google YouTube, right? Oh, wait a minute. There are problems with YouTube too. Thus, the lesser of two evils for now, and that's where we're at for the time being. I'm thinking about trying to use WhatsApp for this as well. So we'll see how that goes. Let me know if you'd like to watch this on WhatsApp. But if you go to Craig Peterson comm slash YouTube, you will be able to watch those videos right there because I did them lives on in fact, and I can do simultaneously now on YouTube and Facebook. So make sure you check them out and learn a little bit about what you can do. I went through this article from this week here from the US Department of Homeland Security. And I, you know, I didn't go through all of the details because this is restricted distribution. And so there are some things in here that they don't want generally shared. But I am going to go into more detail and to do that, what I'm going to be doing is some specialized pieces of training now these have always 100% free. I give you great information, you should see all of the compliments I have from people, but it's coming up in a probably about a week from now. So you have to be on my email list if you are going to be able to be informed about this stuff. Okay. So on my email list, what does that mean? Go to Craig Peterson comm slash subscribe. Now when you do that, it's going to ask for your name and your email address. Make sure After you submit that Go to that email box, verify that you got the email the confirmation email, and click okay. What I don't want to have happen is for someone to go in and sign up 100,000 people who don't want to be on my email list. And so I send it out to all these people who don't want to be on my email list. And then I get a bad reputation right as a spammer because people say, why don't you send me this email. So what I've done to help protect my reputation online, is I make you do what's called a double opt-in. So you're going to fill out that form at Craig Peterson com slash subscribe. And then, once you fill out that form, it's going to send you an email to that email address, and you have to click that confirmation. So make sure you do that because if you don't click the confirmation, and I noticed there's like 100 people who have not clicked the confirmation. I want to make sure that you do click it so that you get the information that you need, including these pop-up training webinars that I'm going to be doing coming up here in another week. So Craig Peterson calm slash subscribe right now. You can do it on your mobile phone you can do it on your laptop on your computer. And man, I hate to say this, but I'm not sure if it's working right now, but I have a texting thing as well. Where you can text me directly at 855-385-5553, but as I said, I'm not sure it's working. So you know emails easiest way and sign up right there glad to have you on board, and I believe me I don't spam you. I'm not sitting there trying to sell you stuff all of the time my webinars on one of these Hey, hammer, hammer, hammer, bye, bye-bye, hammer, you know, that's not what I do. I want to get the information out. And you know, I do have things for sale, right? I have to keep the lights on. And so for that You know, I'll ask permission from you. Before I ever offer anything, I don't offer things very often. So I guess, I guess that's a good thing to consider. Alright, so let's get into our first article here. We've got a lot today. We're going to be covering your networks and why they need to be updated today. Many businesses are now doing something called unclouding. They're leaving the cloud. So we're going to talk about why they are leaving me why you might want to leave as well. Of course, we're going to get into Iran. It turns out that they are hacking us, and the hacks this week are up over 50%. And so we'll tell you a little bit about what you can do about that. They're also targeting the Trump campaign for 2020. Like that's a surprise, right. We're going to talk about what Iran is doing to our industrial control systems right now. And how that can affect all of us. Right, you don't have to have the kinetic war, you don't have to be sending bombs back and forth. To have an impact on us a little bit more about the cloud, we're going to talk about the decision to move to the cloud, not use the cloud, some of the things involved in that today. And I'm probably going to put together a course on cloud migration a little bit later on this year, and we'll see how that goes. major changes to our automobiles. But this is kind of cool. Because these LIDAR sensors, I did a scan online, I did a little search and now I'm able to find them for under 100 bucks. That's going to change the automobile industry. So we'll talk about what LIDAR is and why it's going to change. California man, if you are a business, you got to pay attention to this. We're going to talk about the new California Consumer Privacy Act, which is in full force now. And we're going to talk about these insider threat programs that businesses have been Frankly, how they need to grow up. So a lot to cover today. And if you miss anything, you're going to find it in the newsletter I send out every week. And again, where are you going to find that? How are you going to sign up? Craig Peterson comm slash subscribe, so make sure you sign up and sign up right there. Okay, so let's get into our first article of the day. This one's from dark reading. And it's talking about cybersecurity misery index. Now, you know a little bit about this whole misery index thing you hear about it when it's a hot, humid day outside. Oh, my gosh, what should I be doing? It's just too hot. I don't want to do anything. Right. And so you've got the wind chill effect. You've got the humidity effect, all of these things that can affect you. So what does this mean? cybersecurity misery. Well, we already know that about 10 to 20% of businesses. bump 20% will file for bankruptcy almost the next day if they get ransomware. Or if they get this wiper software that we'll talk about later from Iran. 20% of businesses Think about that. If you are responsible for the security for your business, how long is your job going to last when the business has filed for bankruptcy the very next day? Not long. How about you as a business owner, where is your retirement, all your money's tied up in your business? How long is that going to last again? pretty much never. So there is a lot of pain when it comes to cybersecurity breaches. that people don't think about it. It's not just dollars lost, like, you know, we get calls from businesses that say, Hey, listen, we just had our operating account emptied. In cases we have been involved with the amounts varied from about $80,000 up through almost a million dollars. One company had money stolen right out of their main operating bank account. Well, that's miserable because you can't make payroll, right? You can't pay your vendors back vendor payments as part of the way they get some of this information. But there is another side to this. You know, no records loss doesn't mean that there is not going to be any sort of a cost to your business. There are other metrics that matter, as well. So this is from Deloitte and Touche married Galligan. She says you would have to take into account the cost of whether there's going to be an increase in insurance premiums, a loss of customer relationships because right now, most businesses could lose 30 to 50% of their customers. If word of a breach got out, is it going to be last contract revenue is my company's name going to be of less value in the marketplace? I guess it goes back to retirement, right? Are you going to be able to retire by selling that business? What's your exit strategy? So there's a whole lot you have to consider here. They go into some stories here, but a small bank, their web-facing patient portal, was hit by a bot swarm. And they did the credential stuffing. And man, there's just so many things that that you have to consider. This week, we found one of our clients had been under attack, and we're trying to figure it out. It kind of looks like it spread in from someone else in an adjacent business. Their Bluetooth was compromised, and Bluetooth on a laptop and then tried to break into and compromise my client systems. So we caught it. We noticed it because we've got this more advanced threat protection, and that's what you have to have this ATP nowadays, Advanced Threat Protection, which is not Norton. Okay? Currently, there's only one product on the market that meets the requirements at Homeland Security for businesses. It turns out that it is the product that we've been selling for quite a while. I'm not trying to sell anything right now. But pain is inevitable, even if you don't get hacked. Because what ends up happening is your personnel have to track it all down. It's 24 seven, that pager goes off, the phone call comes in. They have to review thousands of log entries, and hopefully not make a mistake. So pull up your socks, and we'll be talking about that a little bit more when we get into Iran. All right, everybody, you listening to me on w GAN? You're watching me on YouTube on Facebook and Craig Peterson. com. Stick around because we'll be right back.   Hi, Craig Peterson back here WGAN and online and Craig Peterson dot com. Hey, if you're a Facebook fan, you'll find me on Facebook. One of the easiest ways to get there is Craig Peterson com slash Facebook. And if your YouTube fan Craig Peterson com slash YouTube. Now this week, I did a couple of pieces of training that I hope you're were able to attend these live! The first one was rather short. It was like three, four minutes. The second one was in my book short, it was about 15 minutes, and I went through some of the things you should be doing. When it comes to the Iranian hacks, then I do those fairly frequently, and really, I should be sending out emails. I did send out some text alerts to people about them, and I may do that tomorrow as well. If you want to be on my text alert system, make sure you just email me Me at Craig Peterson calm, let me know you want to be on the text alerts, and I'll be more than glad to add you. I'll need your phone number, and I'll get you all set up for that. Many of us, I think, are a lot like me. Where I am just, you know, hunky-dory happy to have a computer that's ten years old. Because man has, it paid for itself over those ten years. I keep the hardware until it fails. My last laptop was probably the most short-lived I have ever had. It was about three-four years old. And it was an Apple MacBook Pro. And it ended up having like three problems in one year. Apple refunded me 100% of my original purchase price. If you can believe that. Can you believe that? They a three-year-old computer 100% the original purchase price now I had to Apple care on it, and It had been in the shop three times in the last 12 months. So they just gave me my money back. And then, of course, I use that turned around and bought another MacBook Pro. Right. So that's kind of cool. I guess this one will have the same problem in three years. But typically they last us seven to 10 years. Honestly, they do. They're just fantastic computers. I think my wife's Macbook Air is almost 11 years old. They work well while you're using them, plus you have the advantage of their longevity. But the problem is that not everything in that computer is patchable. You take a look at the hardware that's in its like your Bluetooth hardware. What we have found is that while Bluetooth is getting hacked and particularly the old stuff because the chipsets that are in the devices are running a full operating system. It's not like the old days where they only did one little thing. They have a full operating system because they have to handle the interrupt, they have to handle multiple different types of Bluetooth, you know, the new low power extreme low power. Bluetooth is used to control the amount of power that's being output as you walk away from your device, right? That 30-foot range that nowadays can be as far as a quarter-mile. All of that requires some real smart inside this little teeny tiny chip. That's the Bluetooth control chip for your computer. So what happens is like what happened, as I mentioned earlier this week to one of my clients, which is somebody else's Bluetooth, went ahead and kept it to their computer and tried to infect it. Now all of this was caught because of the Advanced Threat Protection that we have in place. That's what we're going to talk about right now. We are All have this old equipment, our operational technology as Derek command key puts it here. And it's not just our laptops, and it's not just the Bluetooth, it's all the devices we have. And those devices, when they become old, have a real drawback. Now it might be that the drawback is, hey, listen, it kind of kinds of a bummer. But you know, this Bluetooth chip has been deprecated and is known to be vulnerable. Okay, well, okay, I get that one. That's a bit of a problem, right? What happens to those computers in the vast majority of businesses? They don't do upgrades. They don't try and fix any problems with the software and the vulnerability in the computer. So what's happening here? what he's talking about is that the cybercriminals, instead of innovating, you know, don't get me wrong, they do innovate. But instead of innovating, they look at these older computers and say, Hey, why are we innovating? I can take you right now on to the dark web on to these websites that sell hacker tools. It includes ransomware, and you can buy some of the old tools for as little as 20 bucks online. That's cheap. Now 20 bucks, is cheap. But to that guy's selling it to are in Eastern Europe or somewhere else in the world, where 20 bucks is a lot of money. Well, to them. Well, as I just said, it's a lot of money, right? So why would hackers spend weeks hours months or a million dollars, which is what it costs for some of these newer zero-day attacks? Why would they try and do any of that when they can just spend 20 bucks? So what they do is they say, Well, I'm going to spend 20 bucks and go out, and they are going to scan systems for different vulnerabilities. We see them every day with our clients and, and our people have to get involved and look into the systems and trying to understand, you know, what's going on here. Is this legit? Is this an attack already protected against it is the system upgraded, right? But most businesses aren't doing any of this stuff. It's usually just the big guys, and we do it for small guys, as well as for ourselves. So we're seeing this all the time. So if your systems are older and not patched, what do you think is going to happen? The bad guys, rather than spending a lot of money or a lot of time, are just going to use old tools. So even though they can innovate, they just don't bother. So for doing that has a stat out right now. And saying that cybercriminals target vulnerabilities ten or more years old, more often than they focus on new attacks. Look at some of these significant breaches that have occurred? They involved vulnerabilities for which patches (fixes) have been available for months or sometimes years. But the organization's never bothered applying the patches, right. They target vulnerabilities from every year between 2007 and now at the same rate as they do vulnerabilities discovered in 2018 and 2019. So that's just huge. They're maximizing their opportunity. It is low hanging fruit to them. And we've got this convergence of operational technology environment with it with our information technology. So I want to make this even a little bit bigger. We're going to talk about this a little bit later on when we get into these control systems we have in our businesses. But when was the last time you patched your photocopier? I got two of them sitting right there. Printers. Okay, well, obviously, it's one in the same scanners. When was the last time you updated the software in your smart light bulbs in cameras? I've got a camera sitting right in front of me, right. Have you been updating all of the software in this operational technology side of things? As well as all of our computers to see, that's where we are falling short, because we got to be thinking about if you're a manufacturing customer, customer, and we have manufacturing customers, right? But if you're in the manufacturing business, how well protected are the valves that control systems, the automated systems that are running your lives, or the robots on the floor? Are those up to date? Think about that are operational technology. We got to learn new tricks. You've got to protect them, right? We got to make sure it all works. Alright, that's it. For right now. We're going to be back. So make sure you stick around. We're going to talk about unclouding. You've heard about cloud services. Have you heard about unclouding services? Right here on WGAN and Craig Peterson dot com.   Hello, everybody, Craig Peter song here on WGAN radio and of course online at Craig Peterson dot com. We're going to talk right now about something you may have never heard about before. If you are using anything basically on the internet, you're using what's generically called "the cloud.". Now "the cloud" is used for email. It is for, and well come to think of it, everything, right, Facebook, etc. But in general, terms, when we're talking about the cloud, we're talking about a business process that is online that you have moved from your business, like the server room in the back, the computer closet, etc. You've taken that function, and you've moved it somewhere like to the Amazon Web Services or Maybe Microsoft Azure, or maybe IBM, all of these places have something that's generically known as the cloud. And frankly, the cloud is just another word for somebody else's computer. Now, why have businesses moved to the cloud? What is this whole unclouding thing, all about? There's a great article over on dark reading by Matt Middleton that got me thinking about this. What is "the cloud"? What is "unclouding"? What does this all mean? Well, I have been involved with cloud services and helping businesses migrate for quite a few years. And as a general rule, I still am on the side of don't move to the cloud. Hey, if it's a core function of your business, do you want it to be on the other end of that internet connection, right? What happens when the internet connection goes down in the data center somewhere? You have no control over the data center. You don't know what kind of security the data center has. Or even what type of system is storing your data. Do you want it to be in the cloud and a data center where you don't know if they're backing up? And you don't know even if they are backing up? Have they tried to do a restore of your data? You don't know if they are handling your data in a way that meets all of these federal and state data handling regulations. And we're going to get into California's new laws here in just a little bit. Do you want all of that? So that's one of the reasons businesses are moving away from the car. In other words, they were on the cloud to bring it back home. That's called uncloudy. Security is a very, very big reason they're doing this. Another big reason that they're doing this is cost. One of the significant promised benefits to the cloud is it is going to save us a lot of money. We will have fewer headaches because we're not going to have to have the equipment, we're not going to have to pay for people to run it, right? We're not going to have to do any of that stuff. It's just going to be cheaper. And yeah, in some cases, it is more affordable. But where the cloud makes sense is in kind of a mixed environment. And we've set this up for many customers in the past quite a number, where we have a cluster of computers at their facility, so they have for, you know, anywhere between 50 really and 100 2200 employees, so 50 to a couple hundred employees, and from time to time, they need more resources. So what we do is we have a cluster that is sitting there on site. That cluster allows us to grow that machine as it needs to because of a more massive load, maybe the end of the month, end of the quarter, perhaps when new shipments come in, etc., and also allows us, so that's just within their walls. But it also allows us to ship their machines up to another data center. Now, frankly, that's pretty cool. We can use the cloud then to extend our current processing capability. So we need some more CPU some more horsepower. Maybe they've brought in some temporary workers that are coming in for some seasonal work, and we throw their stuff up in the cloud. But again, being very cautious of security. So what has happened here is kind of something people weren't expecting and goes right back to businesses unclouding because, frankly, the cloud is not what it was all cracked up to be. Gartner group, you probably know those guys, they're forecasting the cloud revenues going to hit almost $400 billion within the next few years. So Cloud revenue is going to be massive. It's not as though everybody's moving away from the cloud, because they're not. And Microsoft has now shown how, frankly, the cloud has become a core element in their business. Amazon makes a good chunk of the profit. I've seen numbers that show it's more than half of the money that they pulled to the bottom line comes from their cloud services. And Microsoft is now moving salesforce.com over to the Azure cloud. So really, the cloud momentum looks unstoppable. But cloud customers are bumping up against the hard reality. So 48% of organizations, the store sensitive data in the cloud, are considering moving that data back on-premise. Now, that's a very costly and very time-consuming proposition. But businesses are thinking about doing it. The question is, why are half of the companies that are already in the cloud, are thinking about moving off the cloud moving services back in-house? So I want to get right into that right now. Excuse me here, a couple of coughs. So this is according to a recent cloud data security report. And as shown in most cases, organizations are unclouded Because they faced unexpected issues. These moves take a lot of planning, and that's why we're going to talk about cloud migration a little bit later here. But initially, 31% of organizations migrated to the cloud to cut costs. 26% migrated to ensure availability for remote workers, which you don't need the cloud to have remote workers. But the survey results show that organizations are ready to unclouded due to their inability to ensure the desired level of protection one-quarter of the businesses. Due to all of these regulations that have come into play for DFARS, HIPAA, FINRA, the FRCP, the new California protection rules, the GDPR out of Europe, companies are facing some real problems. Now among those who moved data to the cloud to cut costs, 29% are ready to uncloud due to unexpectedly high price, though, among those who move data to the cloud for security reasons, 27% would uncloud due to considerable security concerns. All of this is very legitimate. There are secure clouds that meet these requirements. The federal government has a cloud. The military, and you might have just heard the whole back and forth because it came down to Microsoft Azure and Amazon's web services to run this high-security top-secret cloud for information for the military. And Amazon lost it, and Microsoft picked it up and sold them there's a whole lot of people that are very upset. But that is critically acclaimed. And I don't know that the military is going to have a win by moving to the cloud. And mainly when we're talking about these types of expensive secured clouds. The biggest problem with moving to the cloud is most companies weren't able to figure out correctly, what is migrating? What data is moving? How much data got transferred? You get charged for everything in the cloud. Okay. So it is a huge deal and understanding what your data is understanding what data you have. Doing that inventory of your data assets is something critical, no matter what, because you have to know what to protect, how much you protect it if you need to be able to recover it. How do I have an incident response? You got to figure that out, and that's something we'll be covering later. Listening to Craig Peterson, we'll be right back.   Hello, everybody, welcome. Welcome, Craig Peterson, here. We are going to talk a little bit about retaliation here right now. Of course, you're joining me on WGAN and online at Craig Peterson dot com. Hopefully, you'll see everything up there. We've been trying to, you know, keep everything up to date. There's just so much going on. And frankly, it's my wife and me. So, you know, keeps us crazy, crazy busy trying to get this information out to everybody. Hey, if you have a kind word to say to word of encouragement for us for doing all of this, because this takes days every week, out of my time out of my wife's time, and that's time that we can't spend trying to make some money, and it's time we can't spend with our family. So words of encouragement are always appreciated. Let us know what Do you get out of the show? What is it you appreciate? What is it you like about the show? And you can send that to just me at Craig Peterson calm and he at Craig Peterson. com. I'd love to hear from you, as would my wife and just words of encouragement, I will pass them along to her. And then we have a couple of other people that help as well. So, you know, thanks to them to Well, let's get into this now. Because this I think it is kind of fascinating for a lot of people. And that is Iran retaliation, and I talked about this week on my FacebookLive, and you can see those videos by going to Craig Peterson dot com slash Facebook. Make sure you hit the Follow button on the Facebook page. So you get notified when I have another one of these little pop-up pieces of training. The same thing On YouTube, if you follow me on youtube at Craig Peterson comm slash YouTube, you hit the subscribe button, it will ding you it'll ding in your browser when I go live. And I'm always there to answer your questions. There's a chat channel, and you can add chats to as well. So make sure you check it out online again, Craig Peterson dot com slash Facebook or Craig Peterson dot com slash YouTube. Now coming up in about a week, we're going to be starting some more training so that you know what to do and exactly how to do it. We've got some free training, and we're going to be doing a few of these things on webinars so you can join us online. And for those of you who don't attend webinars, and that's about 70% of you. I'm going to be sending out some written information. There will be some videos afterward as well If you sign up that you'll be able to watch, okay? Just to do that training, you get that information out. Now, if you've been to webinars before, you might think that I'm going to be beating you to death. But if you've ever attended any of mine, you know that really, I'm trying to get good information out to you and make sure it's in your hands. And that's what I'm doing. That's my primary goal. They usually last about 45 minutes to an hour, an hour and a half, depending on what we're covering. And I try and answer every one of your questions from everybody that Sarah on the webinar, because, again, they're LIVE, it's to answer questions to get you going down the right path. So we're going to be talking about all of these things. Most of them came out for Homeland Security this week, with their alert, and there's some of the software. We cannot cover that is lightly classified as though they tell me anything that was classified, right? So we'll be covering those things. What is it that Homeland Security is saying that we should be doing so that this guy can take over our computers, our systems, and I want to put a plug out there for the FBI Infragard program. If you are involved with security and you are at a business, and particularly if it's critical infrastructure, which nowadays means almost anybody that is manufacturing that's providing services. I don't get this, but you know, they even consider lawyers to be critical. Sorry, sorry about that. Glenn and Ken, but and all of you other lawyers who are out there, but if you are the security person, you will do Well to join these because the FBI does give us information not going to get anywhere else period. Okay? So infragard.org is where you're going to find out more. I volunteered, and talk did webinars for the whole National Infragard community for about two years. And it was even more work. You know, we're doing all of this stuff for you guys. But this was kind of in the national interest. So it's about to give back and help out. And that's, that's what I'm t. But so if you're a security person, make sure you check that out. I'm also thinking later on this year, probably in Septemberish, to have a summit on security, a whole SMB summit, and we're trying to figure that out. If you think that might be interesting. I love to hear from you. What is it that you'd like to get from a cybersecurity summit? Or maybe a more General Security Summit. Is that something that might interest you if you're a small business, a medium business owner? If you have one employee or if you have 200 employees or maybe even bigger organizations, we should be covering as well. Like we did, you know, when I was teaching stuff for the FBI Infragard program, so let me know just me at Craig Peterson calm. So make sure you spend a couple of minutes go to Craig Peterson dot com slash Facebook or slash YouTube. Look at the live training I did this week, where I reviewed some of the alerts from Homeland Security and talked a little bit more about this guy over my shoulder. He kind of kicked off our worries and legitimate worries, legitimate concerns, frankly because they are attacking a solid. Let's get into this right now. Iran has to do something about all of these criminal activities with which they are involved. If you're as old as me, you remember the Shah of Iran, and Iran used to be very Western very, very pro-United States. You know, it was kind of a cool place very, very progressive. Women could have real jobs and didn't have to walk multiple steps behind their men. They could be out without having a male escort, which I just don't understand these people that think that Iran has been a beautiful place and that Islam is is the way it's absolutely the way it doesn't make a lot of sense to me. I'm all for everybody having rights, right, everybody having equal rights, not some people having more rights than others, but that's my libertarian band coming out. Widely considered to be one of the world's most malicious online actors. So you've got Iran, you've got China, you've got Russia. You've got North Korea right there. We have defined the four worst actors when it comes to cybersecurity in the world, okay? It's a very, very big deal. There were charges brought up here in the US back in 2016. Again, seven Iranians, apparently they had infiltrated computers, a dozen American dozens of American banks tend to take control of a small dam and a New York suburb. We're going to be talking about that in the next segment about what they're doing there. They these defendants regularly work for is Ron's Islamic Revolutionary Guard Corps quarter the Justice Justice Department, a tax disabled some of the bank's computers. They're doing what's called a DD are distributed denial of service attack, which brings websites and other types of communications down. Sheldon Adelson, a big supporter of the President they attacked a Las Vegas Sands corporation that he owns runs okay. A cripple the casino and replace the company's websites with a photograph of Adelson with Israeli Prime Minister Benjamin Netanyahu. Can you believe that? Yeah, So going on and on, we've got to be very careful because this is a real problem. We must stop Iran from doing this. Now how is it discontinued? Well, that's why I want you to watch them live from this week either on Facebook or on YouTube that I put up there because I explain the basics of what you should do. I'm going to be going into more detail in about a week is going to take us that long to put all of this training together for you guys. But the Allies here are considered fair game. Iran has been hacking this for years as I just mentioned, they have defaced a state site. It was a state treasurer Department website. They are attacking according to the statistics I've seen this week. They are also b attacking federal government sites. State sites trying to find vulnerabilities, throwing every username and password they can at the site to see if they can log in, which is why you should not ever reuse passwords and usernames. However, Nowadays, most of these sites are requiring you to use your email as your username, which is frankly a security problem. I don't like that sort of stuff. But the Saudis are very nervous because Saudi Aramco, which is their biggest oil producer, there, it's state-owned in Saudi Arabia. They were hit and had 30,000 computers destroyed effectively. So what Iran is doing is something called a wiper attack. And that is where they get onto your computer. They erase the data on it. Now they're coming after you. They want small-medium businesses in the United States to suffer these attacks. You might wonder why, well, I explain all of that in the live training this week. So if you watch those, you're going to get all of the detail. But really, we're concerned. Mike Pompeo came out this week. He's the Secretary of State. He's acknowledging some of the dangers of an Iranian response. said the Iranians have a deep and complex cyber capability to sure know that we've certainly considered that risk. So our federal government is I would say about 70 to 80% protected if I don't think that's insider information. And our businesses are about 20%, protected 20%. So that server, we're going to get in about a week into advanced threat protection help you guys understand, on a small business front what you should be doing, and how you should be doing that. Alright, stick around. When we get back, we're going to be talking more about some of the security stuff and things you need to know. We're going to be talking about these industrial control systems, and what the bad guys are doing to them. So stick around, because we'll be right back. You're listening to Craig Peterson. On  WGAN and online Craig Peterson calm.   Hello, everybody, here we go. Welcome back. Craig Peterson, here. Hopefully, you are enjoying the show today, as we go through some of the things in the tech world. We're going to talk about some non-security stuff a little bit from now. But, because of what's been happening in Iran, the show is heavier than usual. I am trying to go through all of this security stuff because you have to understand this. You know, one of the articles I did not get to in the last segment that I wanted to make sure that I brought up is that Iranian hackers have targeted the Trump campaign. You know, I mentioned it in passing, frankly, but this is a huge thing because the 2020 elections are What now it's a November so ten months away from now. And this is back in October as a statistic that Microsoft reported, saying that they had seen 2700 plus attempt to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign. That is my friend, a huge thing. Because frankly, when those bad guys start getting involved and start going after all of these accounts, they've got a door into politics, and this door into politics, maybe a lot more than you realize. Because what we're talking about here is the Potential ability to track people. I don't think I got to this, what about two weeks ago? I think it was. The New York Times was able to locate and follow President Trump based on information. It was able to glean from open sources, in other words, from public information, and also found out the name of some of the Secret Service detail people where they lived their family information. So this is critical. You ask yourself, Well, why would anyone care 2700 plus attempt to identify these people back in October? Well, once identified, you can figure out a lot more because now you can get into the email accounts using social engineering. You might be able to get more information. Remember President Obama, when he first became president, was using the His blackberry that was not secured, because that's what he's used to using. And President Trump had his phone that he was using. I can't remember I think it was, was it an iPhone? I can't remember anyways, and he had his phone that he was using. And we tend to carry multiple phones. And that's a bit of an issue to you know if you got the president, okay. He's got his highly secured phone that he's using for his important emails and messages, etc. I am not sure if he is carrying around his iPhone that he uses to tweet with, but if he is, what information does that give out? So Iran, this is back in October, we know, was going after the Trump campaign. And today, it's, of course, gotten a little bit worse. Well, let's talk about another area of Iran's hacking, and this is about industrial control systems. Now, if you're not sure Or what these things are industrial control systems, are the computers used to control things like valves in industrial facilities, they control numerical machines that do the lathing and other types of things in an industrial area. Nowadays, everything is computer-controlled. Now, some of these machines, I have a client, we had to put in special networks to protect them, a client who has Windows XP down on the manufacturing floor, and it's Windows XP because again, it's what we talked about a couple of segments ago. It's older operational technology that is not up to date. If it's not broken, don't fix it. And the manufacturers aren't going to update the control systems from Windows XP to Windows 10. They don't even provide patches for when Those XP systems. So what are you going to do if you're a manufacturer? Do you want to spend another 200 grand or more on a new piece of equipment? Are you going to stick with what you have? So we've got all of this critical infrastructure manufacturing, but we also have a critical infrastructure. For instance, in our hospitals. You probably know for ten years, I was a volunteer in EMS, emergency medical services. And in the back of our ambulance, I was using all kinds of equipment to monitor cardiac rhythms to do defibrillation, to draw blood to, to give d-50 to help people with diabetes who are in a diabetic coma, if you will. So, all of that equipment When was the last time that was updated? When was the last time they did an update in the hospital? We know about problems with pacemakers and people's chests because there are security vulnerabilities All these pacemakers now, Oh, isn't this cool, we got Bluetooth we can control the pacemaker, when you see your doctor, he makes a couple of changes. You can make some minor changes, as well, as and I'm about to exercise, I need to up my heart rate, or my heart rates going to get high, so don't shock me right with an auto defib unit. How about our water processing plants? We've got gates that go up and down to move water between one area and another. Same thing with fresh water as with black water, where we have our waste from our sewage systems that treated and being run through different channels and into ponds. There are electric systems. Hydro Systems, with all of those gates, move up and down, and they go through different turbines. It's moved around inside, depending on power requirements at that time of day. We have coal and our electrical grid, there are thousands of controls across our electrical grid. One of the things I did when I was running the FBI is Infragard program is made sure we did training on these types of industrial control systems because they are so critical to our businesses. We have to understand these we have to take care of them. We can no longer just say, well, it's working, we're not going to touch it anymore. So, there was a cyberwar conference in Arlington, Virginia, just about two months ago, and Microsoft security researcher by the name of Ted Morin said that he found a shift in the activity in the Iranian hacker group is called ABT33. In this case, all known by a few other names, but Microsoft just watch the group carry out so-called past Word sprain attacks. Over the past year, the try few common passwords across user account at 10s of thousands of organizations. And they're saying that the Iranians have narrowed its password sprain to about 2000 organizations per month. More targets, different targets, and what are they trying to get at? They're trying to get at these industrial control systems. We do know how we were able to nail the Iranians with their nuclear ambitions. It came out that it was the Israelis and us. We had come up with a virus, a particular virus that attacked their industrial control systems inside the nuclear refineries where the refining the yellowcake Basically, and we were able to destroy those. So they learn something from that. And they the Iranians are destructive or in their cyber world here, right? We talked about the wiper attacks, or they're doing during my Facebook Lives this week and YouTube lives, how they're trying to destroy equipment. That's what they want. So this represents, according to Microsoft, a disconcerting move as they moved on here. They haven't named any specific control systems. We know some of them. In December of 2016, Russia used a piece of malware that briefly caused a blackout in the Ukrainian capital of Kiev. Some hackers deployed a piece of malware in Saudi Arabia and an oil refinery in 2017, designed to disable the safety systems, which is what we did to the Iranians. So Those attacks had the potential to inflict physical harm as well as mayhem. So we've got to be very, very careful. If you are a business and you have control systems, make sure they are up to date. I can't say that enough. And make sure the manufacturer the networks are providing you with patches demand the patches, tell them Homeland Security says that they have to deliver updates because they can't expect you to replace all of these control systems. Part of the problem many businesses have is even finding all of these control systems that are out there. It gets to be tough, frankly. What are what do we have? Are they up to date? What are they running? You know, I mentioned already, the Windows XP control systems that some of my clients are still running, and they're slowly but surely upgrading some of their systems. So it's a problem. Make sure you watch this week's Facebook Lives that I recorded this past week. They were alive when they were alive. But you'll find them at Craig Peterson comm slash Facebook I go into this Iranian problem a little bit more. I give you some solution, some actionable steps that you can take, and if you don't like Facebook, you'll find them at Craig Peterson comm slash YouTube as well. And I hope you do check them out. I think it's essential. We got to understand this stuff, and we've got to make sure that we are taking care of the problem as we go forward. We got more training coming up, But anyways, you'll find all of that make sure you're on my email list. So you find out about all of these pop-up training, free training I'm doing Craig Peterson dot com slash subscribe. You're listening on WGAN and online.   Hello, everybody welcomes welcome. Of course, this is Craig Peterson. Here we are on WGAN the also find us online at Craig Peterson dot com. We've been covering a lot about what's going on with Iran and security. There have been updates this week from our friends at Homeland Security. The FBI, CIA, NSA, I guess not the CIA so much, but the NSA even are warning us about these types of attacks. So we've been talking a lot about that today. You'll find out more online at Craig Peterson comm slash Facebook. Make sure you follow my page there so that you'll get informed when I have these Facebook Lives. So I've got about 20 minutes, 25 minutes worth of content there. I think you'll appreciate it tonight. include some graphics things getting fancy here. And then, of course, this show is up on my website you'll see it there I podcast pretty much anywhere tune in radio, of course where you'll find ga n and many other great stations and shows. And I also have a YouTube channel and everything out. So you know, trying to do it all be everywhere all at once. So, man, it's just the way it goes sometimes, isn't it? So we are going to talk right now about this particular problem, which is how do we as business people know if we should be moving to the cloud should not be moving to the cloud, what should we be doing and how we should be doing it? Right. Does that make sense to you guys? And so that's what we're going to talk about right now. There is a great little article from insights for professionals. They have a lot of details on it. I'm also going to be having some specialized training coming up probably in a couple of months here on cloud migration. Now, if you've been listening to the whole show, you know how several companies are unclouding, about half of the companies that are in the cloud right now are thinking about leaving the cloud. And, and it's because of two big problems that I can't tell you how many people I know how many businesses I know, are thinking about going to the cloud for these reasons, which are number one security, because they look at the cloud as being more secure. They don't have to worry about hiring security people or about having the right hardware. Go to the cloud and have no worries about any of that. And then number two cost savings, they think they're going to have cost savings. So about half of the companies in the cloud are looking at it, saying it's not as secure as I wanted it to be. It's not as cures I needed to be. It doesn't comply with the regulations that I must comply with, which, by the way, is almost every business out there. If you have a single employee, you probably have some HIPAA requirements, medical requirements, because you're providing health insurance. You've probably got their social security number, their name, the home address, any one of which is considered personally identifiable information. So are you just going to throw that up on the cloud, randomly? And then you've heard about, of course, all of the cloud hacks that have happened and it's scary. So, security is kind of the number one reason, and the second reason is they have not seen the savings promised by the cloud. They haven't seen the savings and personnel in overall expenditures, etc. So about half of the companies that have moved are saying, we want to move back. One of the first things you have to do if you're considering moving to the cloud is how a good data inventory. Now your data inventory is something you should be doing anyway, frankly, with data inventory, you know what data you have, where it is how much there is. And you have to do that now. And we'll be talking about the new California regulations here in a few minutes. But you have to do that right now. And if you have any European customers, you already had to do this. If you haven't re, yet, count yourself lucky. The fines have started coming all the way down to small companies. With California starting to fine companies as of the first of this year. It's kind of a Greenfield for these scam artists that like to sue companies. And all they have to do is say, yeah, I'm a California resident, and I went to this website, and I asked the company for all the information they have on me, and I have a right to be forgotten under this category. law. And they didn't do that they didn't do any of it. So now they get to sue you because you didn't comply with the crazy California law. So know where your assets are, know where your data is knowing which data needs the most protection, you should do that no matter what. When we're talking about this cloud migration and a cloud decision framework for moving your data to the cloud. We're also talking about taking all of that data, including the security required for that data, and transferring it to the cloud, and it is essential that we fully understand what that is. But don't forget, half of the companies are now thinking about getting out of the cloud. Getting out of the cloud means how do I migrate my data out of the cloud? Because in many, many cases, you got vendor locked in you, you can't do anything about it. It's a big deal. So how are you? You're going to deal with that. So migrating to the cloud and the decision around the migration is one of the most important and consequential decisions that any IT director can ever make for their firm. Absolutely. It's a highly complex process, especially for larger businesses. And it is something that really could mean the end to your business. I say that, but it's true. I also want to point out another discouraging fact about cloud migrations. About a third of them are considered failures. That's a huge number. Now we already know things if you're a business person, you know things like ERP systems, these systems designed to help your business run and it kind of covers everything from the customers and the sales process through the ordering the manufacturing the show. Shipping, right? The just in time inventory, these big era p systems, you already know that more than half of those are considered failures. So just talking about cloud migrations, third of them are considered failures. So how do you do this? How do you take care of this? And how do you make sure the unclouded migrations going to go well, a little bit later on. That's what a cloud decision framework is all about. That's why you have to spend some time here. You have to assess the benefits of moving an application to the cloud, whether it is to office 365. Online, whether it is an application that's integral to your business. I know a lot of businesses now that are moving their era p systems like car dealers and others to the cloud. But is that the right decision, particularly considering half of the businesses Want to move back out of the cloud? Okay, what impact is that going to have on your wider business? What's going to happen when the cloud server crashes? When your network doesn't work? When there's too much bandwidth on your network because transfers are going on? Or maybe as we've seen many, many times, people are streaming YouTube and other videos in their offices that are showing up all your bandwidth, and you don't have any way to throttle that type of access. Okay, the most common myths of cloud computing can hinder you. So here we go. Some executives MV worry of the cloud is I believe the cloud is inherently less secure than on-premise alternatives. Alternatively, they may have gone and bought into the idea that the cloud is good for everything. Neither one of those is true, the cloud is not more secure than the premise, and on-premise is not necessarily more secure than the cloud. It depends, right? And that's what all this research is about, you know, you got to do planning and evaluation, you've got to select the right solution. There are a lot of cloud vendors out there right now. Are you going for software as a service platform as a service? I access all of those things, right? How are they going to handle your data? How are they going to manage your data? How are they going to back it up? How are they going to test the backups? validation and management, anyways, if you are interested in finding out more if your business is thinking about moving to the cloud, let me know. In case I'm thinking about putting together a little bit of training on that as well. Again, me and Craig Peterson Congress drop me a quick note. I'd love to hear from you. And let's see. I think that's it for now. We're going to come back with a LIDAR. It is kind of cool because we're talking about Kaz, who doesn't love that.   Hello everybody, Craig Peterson, here WGAN and, of course online, you'll find me at Craig Peterson dot com. Of course, that's Peterson with an O. Hope you have enjoyed this week, and you're able to attend some of my FacebookLives. There is a lot of training. We've got a lot more coming up. If you want to find out about the training, the best bet is to subscribe to my email list. That's Craig Peterson comm slash subscribe. All free training. I give away hours every year, you know, hundreds literally of hours of different types of training. So make sure that you're on that list Craig Peterson, calm, slash subscribe. Well, I want to talk about something cool right now. And this is something that you're going to be seeing in your life in the fairly near future. It's something called LIDAR. Now I've had the makers and designers of LIDAR on my radio show before. And we talked about what the technology was about how it's going to improve things. But a LIDAR was very, very expensive. It's some of the LIDAR equipment that they use on these test vehicles. Those you see driving around from our friends at Waymo and many others. Even Uber is in the game and, and apples in the game, some others in the game. Still, these cars are driving around with a quarter-million dollars worth of LIDAR on the cars. Now, if you have seen any of these LIDAR pictures in, in the news, it's kind of cool. Let me see if I can pull off up for you. I think I've got Yeah, I do. Okay, so I'm going to pull this up here on the screen. If you're watching and you can see this again at Craig Peterson dot com slash YouTube. Here is a LIDAR picture. Here is showing what looks to be New York Central Park and some of the buildings around, and I'm quite sure that's what it is. And it's a kind of laser radar. And the idea with the laser radar, is I keep wanting to do laser-like our friend. Austin Powers did, right. But this is a kind of laser radar, and you can see it showing the trees and showing buildings and streets and the tops of the buildings. It's very cool stuff. And the idea behind putting this on cars is it gives the car a truly three-dimensional view. What's around it down to the millimeter down to we're just fractions of an inch. It is very cool and beneficial. Now we've got people like Ilan musk out there, who, with his Tesla cars, is exclusively using cameras. And he says LIDAR is useless. We're not going to use LIDAR, and no one's going to use LIDAR forget about LIDAR, why bother with LIDAR? And I can kind of understand why he might want to go that way. When you're talking about a quarter-million dollars worth of equipment in a car. That's a whole different beast. However, I went online today, and I did some searching, and I found those hockey pucks sized LIDAR units wholesale for 100 bucks apiece. That makes it extremely affordable. But you might not want to use those you might want to if you're a car manufacturer have a much better what's word I'm looking for, but a much better provider of the LIDAR. And so this is where everything changes. Bosh, who is a company that makes all kinds of fantastic equipment for cars already, including fuel injection systems, and many other things. Bosh is now entering this crowded LIDAR market. Now what's important about this is Bosh is considered a tier-one provider. They are one of the top providers for automobile equipment in the world. They do some amazing things, things and this Thursday, this last Thursday, Bosh announced that they are going to be providing LIDAR units. Now Bosh can scale this. They've got the infrastructure to do it. unlike so many These smaller companies like the one I found for $99 for a LIDAR unit, okay. Right now, we don't know much about the Bosch LIDAR system. There are several companies. As I said, I interviewed the first one, the guys that came up with the patent. Now, this picture that I have here, this is outing. Here is an Audi. And they have already started shipping some cars with a LIDAR. A Bosch rival makes it by the name of Valeo, and we can expect more carmakers to follow their lead. So the LIDAR doesn't have to be solely in an autonomous vehicle. It can be used for functions like Cadillac uses and many others now. These uses quite a literal radar to track the car in front of you knows it stopped quickly, it'll automatically apply the brakes, that you're getting too close to the jersey barrier in the middle of the road. And so it kind of steers you away from that. There's a lot of things LIDAR in use right now. That's what some of these manufacturers are starting to use it. In the future. The beauty of LIDAR is that it can see everything in 3d. Remember that lady in Phoenix that darted out in front of that autonomous car and was struck. and she probably would have been struck by any driver, whether or not it was autonomous. But she was struck, because the cameras can't see everything, particularly in the dark. And even if you have a camera on each side of the car, looking forward, which gives the car some stereoscopic vision, it is nowhere near as accurate as LIDAR is so this is just a, frankly a huge, huge thing. Another major advantage of LIDAR is the distance involved. LIDAR can see, again, with millimeter precision, over 200 meters in front of the car. So that's the high-end stuff. Audi putting into their cars, they're not going to put a $200,000 LIDAR unit in it, like Google uses when it's driving around neighborhoods, okay? But rumors are suggesting that the LIDAR from Vallejo costs hundreds of dollars in quantity, and it's probably pretty good. So they have a lower range, they have a lower resolution, but they can add a lot of value expect over time. Radar sensors have some real limitations. They have a flat horizontal, vertical resolution like, unlike the LIDAR you saw in that picture. I'll bring it up again here. Let me pull it up. OK, that's up, and behind me, it's put it up big on the screen for those people watching. But you can see the resolution on that this is an expensive LIDAR that took this picture of New York City wall of part of Central Park and part of the buildings. But you can see how good the detail is. And it's plenty of detail for a vehicle to kind of figure out where it is and where it's going. So this is going to improve frankly, everything. Radar can't necessarily distinguish between things like a fire truck and a small car that might be in traveling. Still, it is going to help, and the next generation of this advanced collision avoidance and detection systems are going to be using this used massively. So I think this is very, very cool. So congratulations to Bosch, and Audi for coming up with some of this stuff. And we're seeing More this over at CES this year the Consumer Electronics Show. There are taxis while there's at least one Russian taxi that is over in Vegas right now driving the street with no one behind the wheel at all. And reports are that it hasn't had one accident. Now, if you've driven in Vegas lately, you know how bad the traffic is in Vegas? It has gotten terrible. I was just out there at a wedding just about a month ago and I couldn't believe how bad it now is. Stick around. When we come back. We're going to talk about the new privacy laws. What does that mean to us a consumer? What does it mean to businesses as well? Stick around us into Craig Peterson on WGAN and online.   Hey, hello everybody, Craig Peterson here, man, I can't believe it's been an hour. It just goes so, so fast. Hey, welcome back. Of course, you'll find me here every Saturday on WGAN from one till 3 pm. I also have this recorded in the video. And you can see the video by going to YouTube. But also you'll see it over on my website at Craig Peterson dot com. I do a lot of training. I do a lot of FacebookLives, and YouTube lives, you know, pop-up training like I did this week, where we're talking about what you need to do right now, to help protect yourself from the Iranian attacks that are already underway. They've been underway for many years now, but they've gone up over 50% this year. That is a dramatic number. And I'm just I'm sad to see that sort of thing happening, but you know, it's going to happen. You know, guess what, right? So anyhow, be that as it may. It is a pleasure to be here. We have covered a lot today. And I want to get now into just the last couple of things. We've got a big deal now. Hey, if you're a business and you have any medical records, you are covered by HIPAA, you have to comply. There are fines and all kinds of things. If if you are a manufacturer, who sells things to government bodies, and particularly military, where on the military side they have multiple vendors that are selling components and you're selling these components to the military. Well, now you've probably got DFARS. requirements and door ITAR requirements if you are involved in the financial business at all. You also have requirements that are that fall under FINRA. And it just goes on and on, right that the courts all put every business under FRCP, the Federal Rules of Civil Procedure, and where you have to keep emails, you have to keep documents. You have to do all of this stuff. Are you doing it? How about GDPR that came out a couple of years ago now it's been a few years and then last year, got teeth, and they started finding companies, even small companies huge amounts of money. Well, now we've got our friends in California. They have passed what they call the California consumer Privacy Act (CCPA.) This act is starting to cause some problems and some questions here as companies are trying to figure out organizations, including volunteer organizations, including insurance companies, banking companies, they have to comply. This law went into effect on January 1, 2019. And then January 1 of 2020. This year, it got teeth; you had to comply. And one of the provisions of this law is that if someone requests their information, what is it that you have on me? What is it that you're maintaining about me? If they request that you have 45 days to give them all of their information because they have to know what you know about them. That doesn't seem too bad, and 45 days you should be able to handle that, right? Well, consider California has got 30 million people in it. And what happens if a small percentage of them decide they want that information from you? Maybe they think that, hey, listen, it's going to be cool because I'll be able to make some money because, under this California law, I can sue them. And I can get a whole bunch of

Welcome!   The Holidays are almost here -- Hannakah begins tonight and the middle of next week is Christmas - Boy this year has flown by.  There is a lot of Tech in the News so let's get going! For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Signature Anti-Virus does not adequately protect you from today's Malware Lessons We Failed To Learn and Therefore Are Doomed To Repeat Business Computers Should Only Be Used For Business 5G - Not Ready For PrimeTime...Yet! Are You At Risk from Your Outsourced Software Provider Security - Knowing What You Have Is Essential Chrome 79 will continuously scan your passwords against public data breaches Getting the Perfect Tech Gift for Your Special "Techie" --- Automated Machine-Generated Transcript: Craig Peterson   Hey, hello everybody, Craig Peters on here on w GAM and online at Craig peterson.com. Hopefully, you're able to join me on Wednesday mornings as well as I am on live with Ken and Matt, we always talk about the latest in technology and news and of course in security since that's primarily what I've been doing for the last 20 plus years here in the online world, man, just thinking back, it's, you know, I first got on the internet. Of course, it wasn't called that. But way back in the early 1980s. And I remember in fact when I first started doing networking professionally back in 75, and there was no worry about anything with you know, yeah, okay, we didn't want people to hack into so you'd have leased lines for your business and I was doing a bunch of work. from banks way back when right, one of my first jobs, and I was really enjoying it, I just learned a whole lot up to today. And we're going to cover this here because my gosh, it's it has changed. The Internet used to be very libertarian, everybody on it was very libertarian or conservative. Of course, that's because there were a whole ton of government contractors on the ARPANET as well as some colleges and universities. And you look at it today, and you think that really it's changed dramatically which it has. But I think the ratio is probably still about the same. You've got the silent majority that just doesn't say much about anything, right. And then you've got this hugely vocal minority who's just yelling and screaming all of the time. And then some of these tech companies that are trying to straddle somehow in the middle and not get everybody all upset with them. It's really a Much different world. But when we're talking about security, it is nothing at all like it used to be. You used to go online, and you'd have some fun you, you know, exchange emails with people, you'd share some files and some fun things. I remember this one whole thread on chases. That was just absolutely amazing. I think I came up this time of years while it was all these puns about different cheeses. It was a lot of fun. Now today, we've got a whole different internet out there and a great article by Robert Limos and he is looking at WatchGuard Technologies' latest quarterly report that was published just last week. And this network security firm found that the percentage of malware that successfully bypassed anti-virus scanners IT companies network gateways has increased Significantly, watch guard technology is saying that the amount of malware that signature-based antivirus software catches, has plummeted to about 50%. Now, I think their numbers are high because I think it's more like 20%. But they're getting specific here. They're talking about the amount of malware that comes into a network via an external source. In other words, people are accidentally pulling it from a website they visit, or perhaps it's been injected into their systems through someone who's visiting their network and using another vulnerability. But they're saying that antivirus software This is signature-based stuff, that's what you get from Norton Antivirus. That's what you get from, you know, the Symantec people from McAfee from all of these different antivirus companies out there. It is just horrific what's happening because of what's known as zero-day now you might have heard of this before you might not have but basically what zero-day malware is, is malware is nasty software and malware includes things like viruses, worms, Trojans, etc. It is this type of malicious software that has not been seen in the wild before. And what it used to me is they would, you know, some brilliant person who as my mother would say, Why don't they do something useful with their time, some brilliant PR person would come up with a piece of software, no one had ever seen a way of attacking that no one had ever seen before. And they would attack us and they would get through because there was no signature for it or the engines in the antivirus software just could not manage to handle. You know malware like this new piece of malware that just came out the problem we're having today is that the majority of malware act just like zero-day. So here's what happens with a signature-based attack. You can think of it just like your body's anti-virus system night than what you have in your body. And your body looks at something that it sees and says, Have I seen this before. And if it has seen it before, it knows to attack it before. It grows really big and kind of starts to get out of control, and then the body has to attack it after it's already really, you know, it's taken the beachhead if you will use a military term. I've been watching a lot of world war two movies lately, but it's taken that beachhead and now has control of the beach and is starting to get in further and it's very difficult to get out versus it recognizes it almost right away as a nasty virus. And goes ahead and end the Jackson You know you have more cells in inside your body inside your skin there are more cells that are foreign to your body then there are body cells when you start counting all the bacteria and everything that's in your system and on your skin. It's just incredible. So our body relies on a lot of these things. In order to keep us healthy, if we had no bacteria, you be in trouble. It's like you know if you go on antibiotics, which is an anti-bacterial, what does the doctor tell you to do? Well, you know, start eating yogurt and, and other things. Maybe take some Kombucha or various other things in order to try and stay healthy. Get that good bacteria going in your gut again. Well, when your body is attacked by something that hasn't seen before. That's what we would call in the computer world as a zero-day virus has never been seen by Your body or in the case of a computer's never been seen by this signature-based antivirus software. So what the bad guys have been doing is they figured out how Yes, indeed we are trying to block them. And they figured out that the majority of us are using these signature-based antivirus software packages. So they've designed the viruses and the malware to change itself every time. So no longer can the antivirus software, just look for certain signatures. So for instance, if you were always attacked by blonde-haired blue-eyed Norwegians, you might be cautious next time you see a blonde-haired blue-eyed Norwegian approaching towards you maybe with a baseball bat or whatever it is, they might have in their hands, right? So you get worried about it. What's the old expression? Once burn shame on me. You twice burn shame on me. Right? So we learn we respond based on how we've been attacked before. And so does the antivirus software now it can take them days or weeks, even months to get a signature out and get it all dispersed. You know, I'm talking about the old software, not the newest stuff, not the enterprise stuff we use for our business client. But the stuff that you use as a consumer and Heaven forbid if your business and you're using stuff like Norton Symantec, or McAfee or any of these other a VG antivirus software packages that are based on signatures because they just don't work. So what happens is they change themselves constantly. So it might be a Norwegian, but they dyed their hair they put on colored contact lenses, and they change their clothing. That's effectively what's happening with our computers nowadays. It may be that Viking that's approaching you but you Don't know it because it just doesn't look like they change everything about themselves at least most everything except the malicious intent and what they end up doing once they've got control of you. So watch guard is saying that this is a major change here. Now I'm going to quote directly from them. The big change is that more and more malware is becoming evasive. So the signature-based protection is no longer sufficient. There's nothing wrong with having it because it will catch 50% to two-thirds of the traffic but you definitely need something more. And that's why I've been recommending you guys do a few things you can do the free stuff. If you are not a business, you can go to my favorite right now. Open DNS and sign up for an account. They have some paid stuff. I think it's $20 a month per computer, for business to get the basic business service. It's free. For a regular home user, but it does not allow you to do any customization. And then there are a few packages in between open DNS. Now we use a commercial version of is an enterprise version called brawler. That's where the calling it now, but it's the highest level where we can, you know, watch it and maintain it. So that's step number one of what you need to do get open DNS so that if you do get one of these pieces of nastiness like ransomware, and it tries to call home, it can't get the phone number, right. He can't call home because there's another phone number. And I think that's a very important thing to do. It's free if you're home user, you might want to pay for the family plan would block certain scary sites and certain things you probably don't want your kids to see pornography and other things open dns.com and then the other thing to do, I had it in my big course this last year and that was how to harden Windows machine. It's rather involved. And I'll probably do a course early next year on this. But make sure you harden your machine, you're going to want to turn off stuff you don't need, you're going to want to make sure your firewall is set up properly to do the types of blocks that you need. You're going to want to make sure that you've got Microsoft's new malware software installed properly and running properly. So I'll have a course on this early next year that you can get. Because when you're talking about 50%, and I've seen numbers as low as 20% effectiveness with anti-virus software, you have to do something. Hey, if you're looking to buy some gifts, I'm going to be talking about some of them in today's show, including five g should you get that phone, you're listening to Craig Peterson on w GAN and online. Greg peterson.com. Stick around. We'll be right back.   Craig Peterson   Hey, are you thinking about buying a mobile phone? We're going to talk about that right now. You're listening to Craig Peterson on WGN and online at Craig Peterson calm. Now you've heard about 5g. You're probably using 4g LTE right now, on your phone and maybe mobile devices you may be your iPad or a tablet that you might have. Amazon has its Kindles. They do not, by the way, have 4g LTE on them, at least, for the most part, they're using some of the much older technology because frankly, all they're doing is sending books right? Which are pretty small. But it is that time of year that we're buying presents and there are only a few days left here for that holiday season, purchasing time. And we've got a lot of competition in the 5g world. So let's talk about what this is. And I'll give you some tips. But what is going on? 5g holds a lot of promise. Now I don't know if you remember I remember how shocked I was at how fast 4g was. I bought a phone. And it had 4g LTE in on it. It was an Android phone. And I vowed never again for so many reasons. And you've heard them on the show here before, but I had bought an Android phone, and I didn't have 4g up where I lived. And I drove down. We were heading down. I think it was till Pennsylvania take one of the kids to camp. And I was going through Valley and I noticed Wait a minute. There's a big city right there. I got 4g so I immediately went to speed test.net and I ran the test to see just how fast is for G. And I was just shocked. I was getting like 20 megabits a second, which was absolutely amazing. Because I've been using cell phones since they first came out. And you know, back in the day it was 14 for right? Oh, cell phone so fast. And now just to see 20 megabits was absolutely mind-blowing. But there are some major limitations to the 4g LTE network that we are using today. And those limitations are speed for one. And then the other thing is the number of devices that can be supported. And then the cost of the data and the data transfers. So 5g has been under development for quite a while. And this is not we're not going to get into Huawei and how they stole all their technology. It really appears to be from our friends up at Nortel and put the whole company out of business because of the spine that they did. And thank goodness finally, we've got a president who's trying to do something about it. But five G's real promise for us right now is that we will get two things will get a gigabit worth of data bandwidth, which means by the way, that we may not even bother with Wi-Fi in our homes if you live in an area that has full 4g or 5g coverage because it's just going to be just as fast as your cable is right now. Now the cable companies are probably going to try and compensate by lowering their prices and giving you faster and faster and faster internet. But for a lot of people, it's going to make economic sense because the cost isn't going to be high. And then the second thing that 5g is going to give us is the ability to have billions of devices connected to the 5g network. That means that everything from our cars Which really the next generation of cars self-driving cars really do need 5g so they can talk to each other. So they can continually upload data to the cloud to let all of the routing computers know about local weather conditions and, and road and where the potholes are and everything is just, it's going to be amazing, right? On the one hand, on the other hand, well, there might be some data leakage that we might not want. So the cars are going to have it but so is pretty much every device that you have. A couple of years ago, I talked about the new jacket, the new trucker jacket that Levi's hat out. And that trucker jacket was designed specifically to connect your phone to your phone and allow you to control your phone. So it had Bluetooth in it. You could touch these little wires that were embedded into the sleeve with your hand and use that to control your cell phone. You know, listen to music and Suddenly things are just kind of cool. So our clothes are going to have the internet in them. Our computers, of course, everything you buy a laptop, it's going to have 5g built-in, you're not going to need to have an external device anymore. Just list goes on and on and on. I've everything that's going to happen is going to be phenomenal. But it is not there yet. And Apple did not include 5g with the iPhone 11 this year, it will include it with the iPhone 12. That's coming out next year. And I saw a very, very good summary of what's probably going to be coming out of Apple in September next year. The guy that published it has been spot on with most everything that Apple was coming up with. And they are he's saying that they are going to be having 5G on the phone and it would make a lot of sense. But right now you can put in orders for the Samsung Galaxy Note 10 plus the one plus 70 that's There are other phones that are claimed to have 5g. But listen, everybody, it is still too early to buy a 5g phone. That is really my big tip when it comes to 5g right now, these networks have not fully standardized, they are not running, none of them are running full 5g anywhere except in a couple of major cities. The biggest problem with building out the 5g networks is that they need to have basically what we've come to know as cell towers everywhere. I mean, everywhere. These are little micro things that are not big towers like we have right now. You know, those fake trees that you see that are actually cell towers. Now, these are going to be small boxes and they're going to be on pretty much every street corner in the big cities. They'll be on the sides of buildings. They'll be on the sides of people's houses. Cell companies are going to pay us to put these on our homes so that we can now provide 5g to us and to our neighbors. And then there's going to be people who will be upset because of the radiation, even though it's non-ionizing, and it's not known to cause any harm, people will be upset about it. But these things are going to be everywhere. And that's because remember, I'm talking about one gigabit worth of bandwidth coming down to your device. Well, you cannot do gigabit service on lower frequency so they have moved to higher frequencies. The old UHF TV channels are pretty much I think they're all gone now throughout the country. And the FCC has bought back the bandwidth and has auctioned it off to all of these different companies that wanted to buy it. And it's just everything is going to change and with the high frequencies that they need in order to deliver these beads, they now have a problem and that is these higher frequencies do not penetrate glass. They don't penetrate walls very well at all. And they just don't penetrate metal at all basically, it's really bad. So it T Mobile has announced nationwide 5g available as of last Friday. That is pretty darn cool. It's got a 600 megahertz 5g network which is going to cover most of the country. That is pretty impressive. But the trade-off is it's using low band 5g which means it is good at providing slightly boosted speeds inside buildings and is available in a lot more places than what competitors offer 18 T and Verizon are offering the opposite. They have ultra-wideband networks right now superfast speeds, but very, very small footprints very small pocket, and you got to be standing near one of these towns This is kinda cool T Mobile is expecting with theirs. That actually is p mag is PC Magazine, you can expect a boost of about 15 megabits with their new 5g nationwide. And you might see 150 megabits if you have a new 5g phone or 700 megabits if you have 4g LTE. So not a huge right now, but just wait. Okay, wait until next summer next fall, when things are really going to start happening. All right, stick around. We got a lot to cover still we're going to be talking about some guests who will talk about some of the big hacks of the year. What does it mean to us? What can we do? I'm going to give you some tips and some tricks, what not to do on your work computer third party security risks and some lessons from the National Security Agency. You're getting it right here from Craig Peterson on WGA and Craig Peterson Hello, welcome back. Greg Peterson here on w GAN will be enjoying the show today. We got a lot to cover here. Awesome. Good news, some gift ideas. I've got a very cool article from Ars Technica, about nine gift ideas for the tech enthusiasts in your life. And frankly, I am totally into this. It gave me a couple of ideas in fact of things that I'm going to be getting for people. So you might want to stick around and listen to that for the enthusiast in your life. And we're going to start right now with something that I think pretty much everyone's can be interested in. If you are, you know an employee, if you work at a company, and you use computers, there is a couple of words of caution here. In this segment, Now, first of all, the business computers are owned by the business. And that's kind of where this Bring Your Own Device thing has gotten everything a little bit fuzzy, you know, so if you are using your phone, for instance, your smartphone, and you're using it for work purposes, it's not the businesses phone. So there's not a whole lot that they can say about your phone and how you use your phone. However, the business has an absolute right to its data, and kinking troll, frankly, how you use your phone for the business data, right? Well, how about the computers that are actually owned by the computer? What can you do legally? And what can't you do? What can the business tell you that you should do with it and what can they not tell you what to do? Well, the bottom line is it depends. It depends on the business and what their policies are. So overall, that's kind of the first place you should check your employee handbook. Now we've provided a lot of businesses with employee handbook sections on this and you can certainly get them from your attorney from your corporate attorney, or from HR if you're an employee there. But if you're using a work-issued computer, now that includes a desktop computer includes a laptop, it's going to include things like iPads, even phones, you've probably checked your personal email on that device, you might have stored some files on there. You, you might have used it for a number of different things. Now in many cases, it's not a big deal as far as the company is concerned. You know, if you've got kids right to have a life outside the office, so for you to be able to send an email to the BBC. Or to make a few phone calls because babysitting didn't show up or a kid is sick or whatever. Most employers say that's absolutely fine if I died personally would not work for an employer. That said, That's not fine. I think that's a very, very big deal a very bad thing, the right companies that are like that. But when you start to store your private files on the company's computer, or maybe the company's Dropbox or Google Drive, or you are maybe going down a rabbit hole, as you started with something on Cora or you started with something somewhere else, and all of a sudden before you know it, it's an hour two hours later, or heaven for Ben, you are going to Facebook or some of these other sites to poke around. Then things change. Now many of us use messenger on Facebook in order to keep in contact with family and friends. So is it legit to have a messenger window open? Is it legit to do that, right? Well, the bottom line is you probably shouldn't do any of this on a computer provided by your employer. You're not necessarily breaking the law, but you could get fired if it's against your company's policies. And also, you need to remember that employers can install software to monitor what you do on your work-issued laptop or desktop. Now we do not monitor employees and what they're doing on a computer, except to watch for things that the employees might be doing that might harm the business directly. In other words, if an employee's bringing in a file from home, we're going to check that file. If they're downloading something from the internet. We're going to check that download. We're going to check their emails are going to clean them up, we're going to stop the ransomware we're going to stop the zero-day attacks that I talked about earlier. As well as all of the known types of vulnerabilities. But remember that not everybody is like us, right? We are not interested in getting involved in the businesses Workplace Relations, a lawsuit that a business might want to bring to against an employee, right? That's not what we do. Although we've certainly been pulled into those before in the past. And you need to keep that in mind as an employee because they can monitor what you do, they might put keyloggers on there to see what you're typing, they might have a software that takes a random screenshot. We've done that before with these workers that are doing a specific project. So we outsource something, there might be a graphic or might be writing an article or something, and we're paying by the hour for that contractor to do the work. So as part of the agreement, we have software that sits on the computer and randomly takes screenshots So we have an idea that yes, indeed, they are actually working on our stuff. And it took them five hours and we spent it to take one hour. And it's because they're slow, not because they were out wandering the internet and doing research on the party that's going to be coming up next week at the office or at their home, right. So be very careful about it. And the type of surveillance and security software that's installed on the company computer is usually based on two things, one, how large the company is, and what kind of resources they have to dedicate to watching you, and what type of information you deal within your role. Now, almost all of our clients in fact, now I think of it I think all of our clients are in what are called regulated industries. So if you're a car dealer, you're in a regulated industry, because you have payment card information, you have financing information on all kinds of personal information. So that has to be monitored, right? We have doctors' offices that have HIPAA requirements personal again, personally identifiable information, healthcare information. So security numbers, phone numbers, email addresses, and under the new regulations that are coming out right now, January one in California and Massachusetts in the European Union right now, and they are working on similar regulations on the federal level, even an email address is considered to be personally identifiable information. Until the list goes on and on if you have government contracts, we have clients that have DFARs or Defense Department requirements or FINRA, which is for financial organizations, right? That's what we do. So all of these heavily regulated businesses need to have software that is going to detect that someone is trying to exfiltrate data, shut it down immediately. We need to know that employees are trying to steal information. And in many of these cases, we will work with the company if there are lawsuits and ensue because of the regulation or because of other reasons out there. So if you're working with a company like this, which is frankly, in this day and age, every company, right, what, what employer does not have security numbers of employees? How do you pay them if you don't have the social security numbers, those are all falling under the regulations nowadays. And unfortunately, a lot of businesses don't pay attention to that. So a very small company, they're probably not doing this. But larger companies are definitely going to be doing this. And there's a great little quote here from Jesse crims. He's an Information Security Analyst over the New York Times and he said Without supporting evidence at this scale, at scale, it's pretty rare that people are not doing heavy surveillance and tends to generate a lot of useless data, roped employee into liability issues and generally make the team that monitors the surveillance systems miserable. In other words, you probably don't want to know. And that's the standard we take. We make sure that all of the regulations are complied with, but whether or not someone's sending an email to the babysitter or whatever, it's just not worth it. We're worried about espionage. Okay, so there you go. There are some tips for you. And using business security or using a business computer at work. Stick around. We'll be right back. We got some more stuff to talk about, including some major updates to the Google Chrome browser. Should you be using it anymore. We'll be right back. Craig Peterson Hello everybody, Craig Peterson here. Welcome back. We're listening Of course on WGAN or online at Craig Peterson dot com, you'll find me on pretty much every podcasting platform out there. And if you really enjoy the show, you know one of the best ways to let me know is to share it. I love to see all of the people who are listening and getting feedback from everybody so send me a note as well. But here's where you can go if you would like to give me a five-star review, just go to Craig Peterson comm slash iTunes. And right there, you can give me a five-star review. on Apple, they're still kind of the 800-pound gorilla in this space. Rumor has it that the next release of iOS is going to have some major improvement to this whole podcasting stuff. Apple really kind of started it with the iPod, which is where it got the name from. I still have one of my original iPods kicking around. It was frankly, it was my favorite device for listening to music. Anyhow, let's talk a little bit about some of the browser issues that are out there right now. Many people are concerned about the web browsers you're using. We know we're being monitored. We know we're being watched right now, by these big companies. Google makes its money by what? By selling our information. Facebook's the same way. Now Google is going to sell us advertising, and so is Facebook. And frankly, I would rather know about cars and see advertisements for cars. When it is the time I'm looking to buy a car right? And I'm never going to buy a lot of from Russia, right? So why would I want to see ads for that? So I am Pro, the monitoring in that space. Right. I, you know, you kind of go back and forth about that. You look at what President Obama's team did back when he was running for election the first time where they grabbed all of Facebook's data about everyone. And then they used highly targeted advertising. And then you saw what happened eight years later with President Trump and while the Cambridge Analytica scandal that was Child's Play compared to what President Obama's team did, but somehow President Obama's team didn't get in trouble for it. But President Trump's team certainly did even though Trump's don't get into that right now. But the browsers that we're using are tracking us. And remember, again, this old adage, it's old now, right? It's relatively new frankly. But if you do not pay for service, the odds are you are the product. And Google certainly considers that. And so does Facebook, that you are the product. So when you're looking at browsers, what should you be using the biggest browser out there right now the one that any software developers going to aim at is the Google Chrome browser. Because that's what most people use. It is really a great browser. From a functionality standpoint, people are using Google's Of course search engine, which has been very, very good here over the years. They, they've just done some wonderful things. And Google has added more and more features to their browser. Now, people ask me constantly, what is it that I use? What is it that I recommend? Well, I can tell you that Craig recommends that you don't use the Chrome browser when you can avoid it. Now I do use Chrome. When I am on a website, and I'm trying to do something and one of these other browsers doesn't work quite right. I go over to Chrome because it's not the worst thing in the world. It's not as though it has a direct backdoor into Russia, at least not that we're aware of, or into the CIA or the NSA. We know that Google doesn't like to cooperate with the US military, in some of its research projects, but Google also loves to cooperate with China and has three artificial intelligence labs in China. So it's giving China our next generation of computing technology for free but won't share it with our government. Yeah. Well, anyway, I guess I do get kind of political sometimes on the show. Google's Chrome version 79 just came up with a new feature. Now you know, when it comes to password, That I highly recommend you use some software called one password. They have some free stuff, they have some paid offerings. And what one password does is it keeps all of your passwords keeps them secure. You only have to remember one password, which is, frankly a huge win. And it was great in the business environment where you can set up vaults of passwords so that you know HR can have their own vault and this software development teams can all have their own vaults, and you can have your own personal vault, and it'll create passwords for you that are highly secure, that conform to the requirements for different websites and, and you can share them within vaults. There are just all kinds of wonderful things that you can do using one password. And then if you've been around a while, a couple of years ago, you know I offered a service that we were doing internally. We did this for free for over 1000 People, but we double-checked their password to see if not passwords but email address to see if their email addresses and passwords are out on the dark web. And you know, we checked it at least a month and generated reports for people. And that might be something we decided to do in the future. Well, there is a huge database out there that we've talked about on the show before. Google has now adopted in its Chrome browser. So Chrome 79 has what they're calling as a password checkup extension. So that was what how it all started. It was for desktop versions of Chrome, and it audited your passwords when you entered them, and took a look at them to see if those passwords were known to have been breached. Now, it's not necessarily that your account was breached, although it might have been it the password in the Heres why. Here's why they looked at the password itself. What the bad guys are doing nowadays is they are comparing your password against millions, hundreds of millions, in fact, billions of known passwords that people have used. And they start with the most common passwords and then work their way out from there. So if you're using a password that has been known to been breached in the past, it isn't something you should use. So I thought that was great. They had this password checkout extension. So now what they've done is they've integrated into every Google account and on-demand audit that you can run on all of your saved passwords. And in version 79. Google has a password checkout integrated into both the desktop and mobile versions of Chrome. So what will happen now is that if you are using Chrome to save your passwords, which I do not do as a rule, except for a few accounts I don't really care about because again, I'm using one password to keep my passwords and can keep them all straight? So it is built-in now. And anytime you enter in a password, it's going to check to see if that password has been breached anywhere online. Google is calling this private set intersection, which means you don't get to see Google's list of bad credentials. And Google doesn't get to learn your credentials. But the two can be compared four matches and basically what it's doing is it's doing mild encryption on your password and comparing it against this known setup password. So it's very, very good to do. One password has this feature already built-in password will warn you if I website that you're going to has been known to have been compromised. And Google's figuring here, that since it has a big encrypted database of all your passwords, I might as well compare against, compare them against this 4 billion strong public list of compromised usernames and passwords. They've been exposed in all kinds of security breaches over the years. And little on little later on today, we're going to talk about the top half dozen or so big security breaches, what caused them and then you might want to pay attention to to see if your information was exposed. But the main reason I like to talk about this stuff is so that you can look at your position, you know, at home or at work and ask yourself, hey, listen, there is this breach something that would have worked against us, right? I think it's very, very good. So Here we go. I'm not going to get any details here on what exactly what Google is doing and how they're doing it. If you are a chrome fan, you might want to use it. So let's talk about what the alternatives to Chrome or opera is a big one. And I have heard rumors that the Opera browser, which is kind of my primary browser, I have another one will tell you about in just a second, but opera very fast. It's designed to be secure. It also blocks a lot of spyware out there. Very good. But the rumors are that it is now in the hands of the Chinese government apparently owns it. I'm not sure that's entirely true. But, you know, it's up to you whether you want to take any risks. I'll tell you also about an extension I use in all of my browsers, which makes it much more secure much safer for me. We'll probably have to wait until after the top of the hour to get into that, but I'll tell about that. So what do I use the most? And what do I trust the most? Well, Netscape, the Netscape browser. Mozilla is the next one that I use opera is number one, at least for the time being. I use Firefox as well. Both of them do a lot of blocking, oh, I have a lot of privacy enhancements. Those are the two I use the most. And then I also use Apple Safari. Apple, again, is not selling your information as Google does. So it's considered to be a little bit safer. So far, we haven't known Apple to really leak information. They've been relatively safe, they certainly aren't selling it to anyone. And that's what I use. And then if I have to all fall back to Google Now, if I wanted to be extra safe online, there is another browser out there that I do like, and it's called epic EP, I see the epic browser. And it is actually based on Google's Chrome browser underneath the hood, just as Microsoft's browser is based on Google's Chrome browser. And Google is actually using a base form from Apple's Safari browser, which is kind of interesting. They all share code nowadays. But the epic browser is the browser if you absolutely want to keep your data safe. It even has a built-in privacy VPN. So check it out as well. When we come back, I'll give you a little clue here. A couple of tips on what you can do to keep every browser just a little bit safer. We'll get into some gift ideas and more. So stick around you're listening to Craig Peterson on WGAN and online at Craig Peterson dot com. Stick around. We'll be right back. Craig Peterson Hello, everybody, Craig Peterson here. Welcome back and listening to me on WG A in an online, Craig peterson.com. Hey, if you are a new listener, I just want to let you know a little bit about my background I've been helping to develop the internet, they in fact, just called a pie in the air you the other day, which is kind of interesting to think about. But yes, indeed, I designed and made some of the very first routers and some of the very first firewalls and load balancers and stuff back in the day. Let me tell you back in the day, we had to write these things from scratch because they just didn't exist as commercial products. And, you know, there's a lot of products I could have sold over the years but I'm just wasn't that kind of guy. Anyhow, so now I do a lot of cybersecurity for businesses, government agencies, most particularly really, for anybody in a regulated business, which today in this day and age means any business because we are all regulators I talked about in the last segment. Well, we have some gift ideas. And let me just start with one here. And then we'll get into some more articles from this week. We've we're going to be talking about the NSA here and what their top recommendation is for businesses. But you know, I am a techie guy, and I love tech and tech gifts and it's all just a pretty darn cool thing. When you get right down to it, just like, you know, I just love playing with this stuff. I guess that's the way to put it. And using it and making my life a little easier and faster, more efficient, effective, etc. But I want to talk about the high-end tech gifts that you might want to give, and you might want to give for yourself. In fact, that's exactly what I'm doing with one of these this year. Well, if you have somebody who's a gaming enthusiast, there are so many things out there that you can get for them. There's this one particular mouse that is very highly rated for gamers. It's called the razor Viper. It has some very, very fast, maneuverability stuff built in. Because of course, when you're playing some of these video games interactive, you need to be able to move very quickly so anyhow, we'll leave it at that because I am not a game type person. I used to play some, some games way back when you're in a dungeon with twisty mages, mazes, remember right how things started. But let's get into this. Now. This is one of the things I think would be a great gift for almost anyone, it's great for a computer that has the USBC which is the newest version of the USB cable. It is what the new Mac books come with the new max do as well. It's the next generation of the high-speed stuff that the last generation max had. But it also works with regular USB cable has a little adapter that you can use with it. It's called SanDisk extreme portable SSD. This thing is very, very nice. It's a good option for data you need to have with you wherever you go. It's surprisingly small. It is rated for the extremely high shock it's like 500 G's or something crazy like that. And it will withstand water and dust as well as vibration. You can drop it from six feet in the air without suffering any damage at all. This thing is amazing. And right now it is half price. Over on Amazon. Just look it up there. SanDisk is the name of the company S-A-N-D-I-S-K, it's their extreme portable SSD fits in the palm of your hand that you're going to love this. It's available in 250 gig 500 gig one terabyte and two terabytes now, I would not get the 250 gig, not that it's too small. But for an extra $10 you double your space up to 500 gig. Now when you go up to the one terabyte, which again is twice the space, it's twice the cost. So the one terabyte you're gonna have to ask yourself what makes sense and two terabyte options. But this thing is so fast, or what I love this for is to have different virtual machines on it. It's the one I use when I am doing a demo or for when I need to do a client-side install.  I can have every version of Windows on my need to use Mac OS all the different versions of that a few versions of Linux all right there on the drive. It's very very convenient. And very, very fast you're going to love this thing. In fact, that's one of the fastest portable storage solutions that has ever been tested. It's kind of similar you know you can get Samsung T five SSD, they have very good SSDs. Okay, don't get me wrong here.  The Samsung t five is more affordable but the SanDisk extreme SSD is better. Now I got to tell you that the cost right now on Amazon for this portable drive, there's no moving parts in it. As I said it fits in the palm of your hand. The cost on that is lower on Amazon right now. It's half price is lower than I can buy it from my distributors at So just to give you an idea of what a great value that is, coming up, we're going to talk about, I think the coolest gift you can give to somebody that is truly a hobbyist in the computer world, you're going to love it. And then if you are that person when you go to someone's house for Hanukkah, Thanksgiving, Christmas birthdays, whatever it is, and they say, hey, Craig, come over here for a second. my computer's not working right can you have a look at it will will tell you about the best gift for somebody like that and maybe some need to get get for yourself as well. So I'm going to talk right now about some of the biggest security breaches we'll go over one and then we'll get to some others little later on in this our last hour. And by the way, if you want to listen to the whole show, my podcast and everything. You can just go to Craig Peterson comm slash iTunes or slash tune in if you'd like to listen to it. On tune in or slash pretty much anything well actually if you type in slash pretty much everything you need an error page right? But you'll find me Craig Peters on on most of the major podcast sites that are out there by just going to Craig Peterson comm slash, whatever it is like Sasha Hart or slash SoundCloud or slash tune in, etc, etc. Well, data aggregators are big targets that are out there and who is a data aggregator? Well, let me tell you about what happened when I was at a wedding last week I was staying with my sister in law my wife and I, and there we got home and there was a card in the door and there's from an insurance company members like all state or something and, and it asked for one of my sisters in law, who had been living in that house to call so we thought okay, well, it's just a hoax thing. You know, they're they're trying to sell some insurance or something. So we just ignore that fact, I think we just threw the card in the trash. Well, the next night, we were sitting there at home and there's a knock at the door. And it's the same insurance agent. And she wants to talk to my deceased sister in law. And we get into this a little bit more and talking and talking to her trying to figure out what, what, what, why, what's going on. It turns out that someone was involved in a fatal car accident. And that person gave my deceased sister in-law's identity as her own. Yes, indeed, the dead are, quite frequently in fact, a victim of identity theft. Now we know about the dead voting right particularly in Chicago, and but in other places around the country. Well, in this case, apparently according to the report - she had been involved in a fatal car wreck about six months after she had died, and someone was dead. Obviously, this was a case of mistaken identity, but the insurance lady who's at the door, and she's obviously, some sort of an investigator used one of these skip trace databases in case you're not familiar with those. These are databases that are put together by data aggregators and data aggregators are these companies that suck up data from every public source they possibly can. And even some paid sources. And it includes records from credit card companies, and you name it, they pull it all together, they try and make heads or tails of it. So she had this report from a data aggregator and listed my long-deceased father in law's name is part of this and, and my kids, couple of my kids that had at one point staying for a visit with their grandmother, for a few months, while going to school, etc. and include my wife's name, my name just kind of went on and on. They got a lot of data wrong. And that's what I found to typically 25 to 50%, sometimes even more the data they have is incorrect. But enough of it was correct that she could kind of start piecing things together. And she was able to figure out that this was insurance fraud. Well, these data aggregators have massive databases as frankly, you might imagine. And they have these databases online. Yeah, you know where I'm going. This was a Mongo DB Mongo database, which is used, it's kind of it's called NO SEQUEL. It's an unformatted database. It's perfect for these data aggregators, and a company called verifications.io. That provided email verification services, had a Mongo database Continued over 800 million records publicly accessible to anyone in the world with an internet connection. And they had four sets of data. They'd had email addresses, dates of birth, phone numbers, physical addresses, employer information, IP addresses, business leads and other information. Not everything was sensitive. So when we get back we'll talk about what lessons should be learned what you can pick up from this a couple of tips for you. If you are a business person of any sort, or if you have data that might be in one of these databases, so we'll talk about these big verifications Mongo DB breach from this year and some more gift ideas right area listening to Craig Peters on online and here on WGAN terrestrial radio. Craig Peterson Hello everybody Greg Peterson back here on WG and online at Craig peterson.com. If you enjoy my show, by all means, make sure you subscribe to the podcast. Pretty much everything that I do goes up there my Wednesday mornings with Matt and can during their drive time show Wednesday morning that goes up there Other appearances go up there the whole radio show goes up there as well. Craig Peters on comm slash iTunes and do leave me a review if you wouldn't mind. You know those five-star reviews help get the message out. And we just passed another hundred thousand downloads, which is kind of cool. I appreciate it. Every one of you guys for listening. We try and get as much information as we can. So let's get back to our Well actually, you know There's something I forgot to button up from the last hour. Let's get to that. And then we'll get to some, some gifts and some more risks and what the NSA is saying right now, I had been talking earlier in the show about web browsers, and which browsers you should be using, which ones I recommend, then, you know, if you missed all of that, again, you will find it at Craig peterson.com, slash iTunes, you can listen to the whole thing right there. But I was talking a little bit about a plugin that I use. This is a plugin that works with pretty much any browser out there and works differently than any plugin that you might have been familiar with before. This is from the Electronic Frontier Foundation. Now I've had my disagreements with them in the past. Overall, I agree with a lot of what they're doing. But this is a plugin that goes into Chrome Opera or Firefox or pretty much anything that is called Privacy Badger Privacy Badger. So think about badgers if you know these things, they you'll find them a lot over in England, but they're over here too. They burrow underneath hedges and they like to live in the ground. And they are mean they will fight anything way bigger than they are. They don't care. They're going to win because they go all in. Well, that's what this is all about Privacy Badger. So I am on a website. Right now I'm looking at my browser and the Privacy Badger plugin, and it's got a nine on it right now. So what that means is that Privacy Badger detected nine potential trackers on this web page that I'm on right now. And it has sliders for them up there and it says you shouldn't need to adjust the sliders unless something is broken. So what Privacy Badger does is it watches you As you go to different websites, it looks at the cookies that are placed on your browser from these websites and determines, Hey, wait a minute. Now, this is a cross-site tracker. This is another type of tracker that we probably don't want to have. So it's showing them all to me. So here we go. Here's what I have right now on this website that I'm on. And the website is otter in case you don't use otter it is phenomenal transcription service, very inexpensive. 600 minutes for free every month. otter.ai but it turns out otter is using some tracker. So the first tracker showing me that Privacy Badger blocked is graph.facebook.com. So this is Facebook gathering data about me what I do where I go, the next one that's marked yellow, which is it has three different indications here on the slider. One is a blocks it entire The next one is that it could block cookies and then the far right one is to allow a domain to do it. So graph.facebook.com was blocked automatically static.facebook.com was allowed the regular facebook.com was allowed Google Analytics completely blocked API's Google com was allowed stripe checkout was allowed stripe as a payment service. JavaScript on stripe com was allowed and stripe network usually m dot means it's a mobile site. So that was blocked and Q dot stripe com was allowed but those are tagged the one these all of the ones I mentioned that were tagged, are considered to caution level. So by adding Privacy Badger as a plugin to any of your browsers Basically is going to stop sites from tracking you and it does a very good job. It learns as you go. It is not something that is prefixed with I'm going to block this site or that site. It is absolutely dynamic. I really, really like it. So check that out. This is kind of a flashback, as I said to an earlier segment where I was talking about which browser to use, what the considerations are. And this will work with any of them out there. So just do a search for Privacy Badger, it should come up near the top of your DuckDuckGo search. And it's five the Electronic Frontier Foundation e FF, check it out online. Okay, so now let's get into gifts again. I mentioned my top gift recommendation in the last segment. This one is for total geeks. Now we are using this for actually keeping timing tracking It's called raspberry pi. So we have a special card that goes along with this that has a GPS antenna attached to it and GPS readers so that we can track the satellites in the sky. We use the timing that they provide us with, we do some advertising. So that one of the things we do for our clients is we have to track their logs and keep real detailed records on their logs. We need to know exactly when Did something happen? So that if after the fact heaven forbid, someone gets in, some piece of malware gets in when did it come in? Where did it go? What did it do, right? Because you want to be able to know after the fact Well, what does it get access to? unlike so many of these companies that have no idea what they lost? In fact, most businesses don't even know until six months later that they were even the hack versus what the best in the biz are doing right now is about six hours, not just to detected but to remediation, which is where we sit well, usually within that six-hour time frame. Well, this is called a Raspberry Pi. And they've got the newest version of Raspberry Pi four. This is a small Linux computer. So if anybody that you know likes to hack together science projects or you know, do a little bit of experimenting, this is phenomenal, absolutely phenomenal. You can turn it into a retro game console, it'll play a lot of these old video games. A smart speaker that's a DIY thing. You can build it into your Legos to make a real fancy remote-controlled car. Anything your hobbyist mind comes into mind. This is phenomenal. You can for 100 less than 100 bucks, you can get a complete kit. Okay? The Raspberry Pi fours a lot faster and the older Raspberry Pi three Model B plus faster CPU you can put up to four gigs of ram in this thing. It is a phenomenal USB 3.0 port. So if you are or you know somebody that's really into DIY hobbies, this is the way to go. Okay? The Raspberry Pi four does get closer to your general and genuine desktop PC performance. But it's not really there yet. It's not one running Windows, it does run Linux, as I mentioned. And you can write basic programs for it, which is a programming language Python. If you have a kid that wants to learn Python, this might be a nice way for them to learn because they can kind of hack it together but it's just it's basically just a motherboard, you're gonna have to put it in a case by a case forward, you're gonna have to put a keyboard on it. A mouse, you have to put a display on it, okay, all kinds of stuff, but you can get just the basic Raspberry Pi four For someone that that really, really is a total hacker here, for like 4050 bucks, it's absolutely amazing. Okay, plenty of power for your money. Very versatile. In fact, it's more versatile in many ways than your Windows PC is. And for the budding engineer in your life, they will love you for it. So stick around, we're going to come back, I've got some more ideas for tech gifts that you might like. And we're going to talk about a couple more big hacks this year, and what it means to you. We've got third party security risks, the NSA has some advice for business and we'll tell you about that too. When we get back, you're listening to Craig Peterson right here on w GAN and online at Craig Peter song.com. That's Peterson with an O. Stick around because we'll be right back. Craig Peterson Hello, everybody, welcome back, Craig Peters on here on WGAN. And we're talking about stuff we usually talk about, you know, some of the security things, some of the latest technology that's out there. We're also doing a bit of a recap here some great gift ideas for the techie people in your life, even frankly, some of the non-techie people. And the security side, which is, I think, very important, can't talk enough about that. Because it could destroy your company, it could ruin that, frankly, the rest of your life could be a bit of misery, depending on what the bad guys do to you. Oh, it's absolutely crazy. told the story a little earlier of what happened with my deceased sister in law's identity, and how it was used in a fatal car accident and it's just it's amazing what some of these people are. Doing nowadays. And by the way, one of the most valuable segments of our population. We are know already about the retired people, the older people, right, who might be a little confused, hopefully, have some assets. But one of the most valuable identities out there online is that they have a child because their social security number and their identity are going to be very useful for at least a decade, if not longer because those kids probably not going to use it until they get their first job. So keep that in mind as well. Well, I want to get into these two things before the last half hour, so we'll cover these fairly quickly. But the big one, and that is waking up to third party security risks. Now one of the big attacks this year was Capital One and that's on my list of the ones I wanted to talk about today. They had personal information blog into overall hundred million US individuals and 6 million Canadian residents. Now, this was exposed. And when a former employee at Amazon Web Services inappropriately accessed the data, we could get into all of the real details behind this but the compromised information included names addresses, dates of birth, credit scores, payment history, contact information, and other information on people who had applied for Capital One credit card dating back to 2005. also exposed where the social security numbers of 140,000 individuals and bank account data blogging belonging to 80,000 secured credit card customers. So think about this for a little minute here. How many of us are using a service like Amazon Web Services, how many of us are relying on cloud services to keep our information safe? Right? Frankly, that's most of us, isn't it? And when you're talking about somebody like Amazon Web Services, or now there's Microsoft Azure, those are kind of the two really big players. IBM also has its cloud online that they sell access to. Most businesses look at it as a way to save money. Most businesses consider, hey, I don't need to keep track of the security, because my vendor is keeping track of it for me. And what we found out is, that's not true. So the lessons learned here. We'll start with that here from Capital One is that cloud service may be attractive because it's cheaper than doing it yourself. And that's particularly true, frankly, throughout the whole range, but it's particularly true for large businesses, but even for small business. businesses, can you really afford the right kind of server? Now I know a lot of small businesses go to the local staples store and buy a computer and call it a server, right? And maybe $800,000 later, they're out of there. Whereas a real server that's going to be really reliable is going to last years, you should be looking at more like 15 to $20,000 for. So businesses say, well, I'll just do it in the cloud. I'll use Amazon Web Services for this and we'll hire a consultant who's going to help us set it up. And we're going to use maybe Dropbox for that and maybe office 365 for this and now all of a sudden, I'm safe. Well, you're not. And companies, you guys are putting your data at risk, because you haven't adopted a security infrastructure, with the vigor that you need to apply. It should be at least as good as what You're using for your on-premise stuff. But you know what so many SMEs aren't even doing it right for on-premise stuff. Okay? So you're ending up with all of the financial cost of the penalties that you rack up, and the lawsuit and the cost of those lawsuits, which will vastly outweigh any it savings that you might have down the road. So keep that in mind. And that's what Capital One just learned this year. The Why? Because we're not taking third party security risk to heart Ponemon Institute did a study here 2018 founded 60% of customers surveyed, had suffered a data breach caused by third parties or vendors in the last 12 months. So what's causing it? Well, these applications are being built very different than they were a decade ago. They are online. They're using APIs. And they are not considering the security risks. So all services are connecting internally and externally via these APIs, popular finance websites load on your browser mobile apps, you can see the results. Dozens of third party services, okay, web apps, middleware, other code. This is a real problem. So, protect your own infrastructure, Step number one. Step number two demanded the others protect their infrastructure, okay. And trust yet verify. What we do is we wrap special security software around all of these third party infrastructure Software-as-a-Service sites that are out there, okay. So be very, very careful and you have to test even more for third party sites and you know, businesses just aren't testing as much as they should. So there you go. There's a couple of tips here three tips on what to do. When you are talking about third party security risk, and that is with all of these guys, Okay, number one, make sure your infrastructure is protected that you have the right kinds of firewalls and you have the right kind of malware treatment that's in place. All the other security controls, make sure they're configured right? If you're using something like Amazon Web Services, or Sure, or office 365, make sure you have the right settings. You know, it's difficult I get it, Microsoft has over 10,000 skews 10,000 products that are available in they're all software and services. There are dozens and dozens just for office 365 based systems. So make sure you have the right stuff. Make sure that they have proper compliance and certifications. And remember too that the certifications they have just represented a point in time. Do they still have the right kind of security? And because we are running our technology in this new type of infrastructure, make sure, frankly, that we keep track of everything because a breach can happen quickly do millions of dollars of damages right away. And 20% of businesses will file for bankruptcy the very next day. All right, well, let's talk about another gift here real quick before we go to a quick break. And this is for those of us that we go to a family event, and we go anywhere, and it's a Craig come over here for a minute, I need some help and you go over there and of course, it's questions and problems about their computers. So here's what I recommend. Get that person in your life if they're fixing the computer for that for you. I fix it. Great site painting Go online to find out how to fix physical problems. But they have something called the I fix it pro tech tool kit. I have one of these my kids have one of these. My technicians in my business have one of these. It's a 64-bit driver set that has all these weird types of sockets and everything on them. Because these parts and the computers that have the special locking screws and everything else, you need this Okay, the I fix it pro tech tool kit. Stick around. We'll be back with a wrap up for today's show. And we'll talk a little bit more about some gifts right here. You're listening to Craig Peterson on w GN. And the course online Craig Peterson calm. Stick around because we'll be right back. Craig Peterson Hello everybody Craig Peterson here WGAN and online at, of course, Craig Peterson dot com. Hope you've enjoyed the show today we have covered a lot of different things we talked about third party security risks for businesses which web browser you should be using. If you want to keep safe and some of the updates that Chrome has from Google, they'll keep you safer online. What not to do on your work computer. Why it's still too early to buy a 5g phone and signature antivirus and how it is at best catching 50% of the malware out there. It's getting really, really bad. And we've talked a little bit about some of the top breaches this year and there are some pretty scary Ones out there. But how does it apply to you? And how does it apply to your business as well? And we got one more that was brought up on the website at Craig Peterson calm, you can see all of these up there, a little bit of mind commentary and links to other articles online. But this is about the NSA and what the NSA, the National Security Agency is saying that we should be doing as businesses, but this applies 100% as well, to you as an individual. And the basics are to focus on your assets. And this is a very, very big deal. W

Welcome Back! There is some new Battery technology that I have been experimenting with and so I will tell you what I think and then we will get into some more about Intellectual property theft by Chinese Nationals and what to watch out for.  For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Chinese Using Visas to Import Corporate Spys and Thieves  --- Automated Machine-Generated Transcript: Craig 0:08 Hey, hello, Greg Peterson here on WGAN. And of course online at Craig Peter song.com. Hey, I hope you guys enjoyed it last week. I was doing Facebook Lives pretty much every day and talking about mobile security. I also had my free master class on Thursday. And it went on for a little while, but I made sure I answered everybody's questions. So thanks for all of the questions. I appreciate your involvement here. I'm doing this to help you okay. And if you're not there, obviously, I can't help you. But I really did enjoy the class and teaching it and then helping people out. And coming up this week on Thursday. It looks like, I'm going to have a masterclass on mobile devices. So last week's master class that you guys attended was on Thursday and it was all about VP end. And I will be doing one this coming week. That's all about mobile devices. And we got the got them planned out here for the next few months actually. And it's going to be one ish Master Class A week one ish, right? Because I'm going to be at some conferences, and I have the stuff to do with my clients on different days. I do kind of a chief information security officer. I do that outsourced for a number of businesses, including some multinational public companies, where they need someone on the outside to come in and kind of give them a little bit of coaching and help them out the more senior management in the IT space. So that takes time. From all of this other stuff that I'm doing, it pays for to write. So nobody Can't complain. And we had, I wouldn't say it was about 30 business people on the VPN course, and about two thirds home users and, and these master classes are really aimed at helping small to medium sized businesses, basically under 1000 employees, everything from a small office, Home Office, up to about 1000 employees. That's what these ones are typically aimed at. And about 80% 90%, sometimes, of what we talked about in them has to do with home users as well. So I tend to identify it, say, hey, for you home users, and you business guys, this is for you, or That's for you. And I did all of that too, and my Facebook Live, so if you just want to check out my Facebook Lives, they're all up on replay on both Facebook and on YouTube, by the way, and you can get them on YouTube by just going to Craig Peterson dot com slash YouTube. Guess what? Yeah. Craig Peterson dot com slash Facebook I tried to make it simple right now I don't know sometimes this stuff is just so complicated. I'm not sure if you guys understand or if you're going to understand or more maybe there's something else I should explain but anyways, it is complicated if you need help you now know where to go. Now if you want to sign up for the master class Coming up on Mobile Device security, go to Craig Peterson comm slash master class and you can sign up right there. off and on. I put these signups on my homepage as well at Craig Peterson calm so you can kind of figure this all out and follow it just make it simple and sign up there and I will stay in touch. Okay. By the way, these batteries again pale blue. This is really cool. You'll find them over on Kickstarter. You can see them if you're watching the video right now on Facebook or YouTube or on my website as well. But pale blue, this is neat. These are on Kickstarter, they're going to be for sale I think they're predicting next month you can buy them and they'll start shipping from Kickstarter. But this is neat. It's a lithium polymer battery, a very fast charge. And the way you charge these things is with the micro USB port there on the side. And inside that, there's the triple eighth and I'm showing you the camera right now which is a very small battery inside that it has room for the micro USB connector and for the electronics for all of the smart that is needed by it. Plus it has the storage in the bottom of this battery and you just plug it in, it's like a regular USB battery. And then to charge it you can use any micro USB cable It these batteries, there are four batteries in a box and they come with a little four-way cable to charge them. But you just plug them in and then they have an indicator around the ring of them to let you know if they're charging and how much they're charging or if they are charged. And you can see the red indicator here means that these ones are charging and it's just one little LED that red right now, which means they're mostly charged and then this one with the green around it means Hey, I'm charged I'm ready to use. There's nothing simpler. I'm just so excited about this. We'll see how these things all go but you can find them. Just do a search online for pale blue and Kickstarter will show up and pale blue batteries. You have to have batteries to that and it'll show up under Kickstarter. And you can buy him a couple of bucks savings right now if you buy them on Kickstarter, but just one of these batteries. The information that they're showing shown on their website can replace 3000 normal alkaline batteries that can so can save you thousands of dollars for 30 bucks. It's just amazing. So they sent me these things and I appreciate it but I'm, I'm really excited. I think this is very cool technology. And you know sometimes I share the technologies that I use and that are cool right here on the radio show. We've talked about some of them before, like the beautiful.ai stuff. You know, there's another one I use called Canada, and I should try and get their CEO on as well to talk about it but man if you have to design anything for your business, website stuff, I use Canvas all of the time, like the frames, if you let me just I'll pop this up on my screen right now so you can see this. See here, bam. So Right now if you're watching the video you can see this is from one of my Facebook Lives this week. And it says watch this if you use sensitive burst business or personal information on your smartphone, Part Three mobile part three data leaks. So this whole thing was done in Canada in a matter of like two minutes. It's just amazing what you can do with this stuff. So excuse me, I'll have to get Canva on to so we can talk a little bit more about them. I use Canva all the time. I really love that stuff. So anyhow, that's what I'm sharing this obviously, I'm not getting paid to promote any of this stuff. I don't get paid to do any of this stuff that I do unless you're one of my security clients. Obviously, a business that maybe has HIPAA requirements, you know if your medical practice or if you have any the Defense Department stuff, the D Fars or I tar that's where I come in, right I do the more advanced security stuff. I can do the basic stuff too. But I'm, I'm in there to protect you. So you don't go to prison federal prison charged with a felony because data leaked out and you are a military sub subcontractor, right? So a lot of people in the listening area probably are because of the Portsmouth naval base plus here New England. I'm surprised how many real small companies are that are providing parts that are provided to contractors that contract with the military. And all of those security requirements flow downhill, right? Just like all of the other problems that we have. And that's where I come in, and my team and we put stuff in place that helps. So that leads us to this article that came out this week that I think is phenomenal from the washington times. And they're talking about the FBI chasing down in an increasing number of Chinese nationals. Now, this is interesting because it ties into what President Trump has been talking about, where you know, he's working on negotiations with China because China has been stealing our intellectual property. Well, in perhaps the largest action the Justice Department has taken to try and get this old Chinese spying and corporate espionage under control. The Justice Department hit Huawei with a whole bunch of charges including stealing trade secrets from T Mobile. Now T Mobile is who I have been using the air for a little while. And I switched from Verizon saved a whole bunch of money and where I'm using it, they've got good coverage. Verizon, I think still has the best coverage out there, but they're a little expensive. And I may be changing again, we'll see but that's where I am right now. So a federal judge last week sentenced a Chinese national to nearly four years in prison for trying to steal US space technology. And this is part of the whole ramped up protection of American businesses against the Chinese spies out there. Remember, China's a socialist country, they have people in charge that don't really care what you think they don't really care what your living conditions are just as long as everyone's all of the same. So they have all of these people who are living in what we would consider being slave conditions. You know, people that are living below the poverty line in the US are living like kings compared to what people live in the socialist states of the world, including China. Over the past year, the Justice Department has brought public charges against Chinese nationals and entities in 10 separate trade secret cases. So this is absolutely huge 10 cases compared to three that were brought the prior year. Justice also got a guilty plea or conviction and eight other cases. And that's according to The Washington Times, half of the 16 names on the FBI is counter intelligence. most wanted list are Chinese nationals charged with theft of intellectual property or trade secrets for the socialist Beijing government benefits. So very, very big deal. Be careful out there. We have clients that again, military sub-subcontractors, just little companies, 10 employees, seven employees who have been invaded and hacked by the Chinese. It's crazy what's going on out there right now. But thank god they're prosecuting. You're listening to Craig Peterson dot com and WGAN online, Craig Peterson calm. When we come back, we're going to talk a little bit about VPN. So stick around, we'll be right back. Transcribed by https://otter.ai   --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Welcome Back! We are closing up today's show discussing the Class Action lawsuit against Facebook and why Business Applications are leaking information. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Plaintiffs in Facebook Class Action Awarded Standing  Are your Apps Leaking? Unpatched Vulnerabilities Lead to Leaking Apps  --- Automated Machine-Generated Transcript: Craig Peterson Hey guys, Craig Peterson back again. Welcome. Welcome to everybody. If you haven't heard me before, I am on the radio every Saturday from one till 3 pm here on WGAN. And we talk a lot about technology and my business is entirely based on technology, on networks and security and securing regulated businesses including financial businesses, medical businesses, and DFARs security for military contractor businesses as well. So that's what I do. Why do I talk a lot about security? Because I have been in the boat before where I didn't know what was happening. I got hacked, different type of technique. Basically I got hacked two decades ago. And I almost lost the business that I had been building because of this hack. I was all of a sudden the de facto security person in the business as the owner of the business, right, and as the owner, you have to wear a lot of hats. And then I started helping other business owners with it, and then started helping their people, the office managers, that's a very common title of the people that I work with, who are the de facto it and security people. So I, you know, I've been working with them over the years and I have found that almost to a person, they need some help because it's, it's so complicated. And so many people out there are lying to them, just like we talked about a couple of segments ago with VPN, how these VPN companies are building. Line line line online, which is really, really bad if you ask me. So I try and help straighten them out and straighten it out here on the show. We have a lot of home users, a lot of home listeners, a lot of retirees here who are listeners on the radio. And you guys are some of the biggest targets, believe it or not, because the huge, multi-billion dollar corporations, they can afford security. If you have less than 1000 employees, you can't. And the basic reason you can't is that you can't afford the security people that you need. You might be able to afford some of the equipment that you need. You probably can, but you can't afford to have the people that you need to design that to set it up and to run it. It's a full-time job for a staff of people. And so that's where we come in for those types of companies that really need really want the security but can't afford it, and can't do it themselves and really need help. So that's, that's my business side of things. And you know if you have any questions at all if we can help because this is complicated, let me know. Just email me at Craig Peterson dot com that'll come to me. And I answer pretty much every question that comes our way. Sometimes I answer them here on the radio, if particularly if it's a common question a lot of people have. Sometimes I will just go ahead and email you back. I also have a text number so that you can send questions to me, and my texting number is just 855-385-5553 you can text me anytime. If it's the middle of the night. I'm not going to answer for him in the meeting right. Not answer right away anyways. 855-385-5553 to be things right now. And we'll get to them because this is our last segment of the day. So I have to get to them right now. But I want to get to these. One again is from Ars Technica. Another one is from dark reading. So we got a couple of articles from each of these sites this week. This one is about Facebook. And this has been kind of everywhere online. If you go ahead and do some searches, you'll see this, but Facebook has facial recognition software. And if you go into your security controls on Facebook, you'll see right there that Facebook has a little checkbox that lets you turn off facial recognition. And the idea is with Facebook, hey, listen, we want to let you know when you're in a photo from a friend or a relative. Right And personally, I'd like to know if I'm in a photo from a friend or a relative, right. I think that'd be a great thing. Facebook will let you know. But that this facial recognition technology is far from perfect. And it's been used by the Chinese socialist government to track people and penalize them if they don't do what the government tells them to do. And it's being used in London the most surveilled city in the world. It's being used there to track people. And it's being used, as I mentioned by Facebook. So another landmark lawsuit underway here of federal court declined to hear another appeal to stop a $35 billion class-action lawsuit against Facebook. That's real money. Well, it's real money to you and me, you know, not so much for Facebook, right. But in San Francisco last week, the US Circuit Court of Appeals for the Ninth Circuit, which means it's almost always Going to be overturned. It is the most overturned district Circuit Court in the country. But I think this particular ruling might stand. But the US court of appeals to the Ninth Circuit denied Facebook's protection petition for an unborn Karen in the case. So usually appeals cases are heard by three judges that are picked within the district court. And so they were looking to try and get a larger group of judges, maybe all of them to hear. So in the Ninth Circuit, there's 11 of the 29 judges, judges that would sit for the unbanked punk cases, and the court said none on the three-judge panel was enough. So this class acts as a class action suit that can now move forward includes these three different Illinois residents who filed suit against Facebook back in 2015. That's how long these things take. Okay? The suits that were rolled together into one class action complaint argue that Facebook's collection of users faces for tagging proposes violates the Illinois biometric Information Privacy Act. And that's a law that requires businesses to gather consent from residents of Illinois before the biometric data is used or even collected. Ok. So the Facebook find in Illinois be five grand for each nine violation. There are about 7 million Facebook users in Illinois, hence the $35 billion that they're going for. A very, very big one. Massachusetts brands branch of the ACLU. This week also released results of a test it ran on Amazon's recognition software, in which it mistakenly match many New England professional athletes to mug shots from a database. So fascinating, isn't it? absolutely fascinating. These facial recognition systems not only don't do well with Caucasian faces, but they are horrible. with Chinese, many of the Asian faces, they can't tell them apart. The very bad with African faces. And it's there. There's just a lawsuit potential all over the place for people that are arrested or detained or charged, based on facial recognition, particularly if they are air quotes here, minorities, right? so fascinating stuff there, Facebook's in more trouble. Now, this is from a company called Veracode. You might have heard of them. I've talked about them before on the code. They've got this annual State of software security report. And what they found I thought was very, very interesting. There's something in the software business called regression testing. Now, if you've known me for a while, you know, I was involved very heavily in what's called Colonel software, I helped to develop windows in the kernel, various versions of Unix, in the kernel, various network protocols again in the colonel, and I've done it for some of the biggest names in the world. Okay, absolutely. So we would always do regression tests. In other words, we fixed a bug. Well, before we fix a, you know, and release that, that fix for the bug, we have to test it. And then we put that test into a series of what are called regression tests. So let's say a year or two years from now, there, somebody else has made some changes and, and it might have not touched our code. It might have touched the code that I fixed, right? But it's been a few years. So what happens is, the good companies will do a regression test and they'll make sure that That bug fixed two years ago, did not reappear. Well, it turns out that businesses aren't doing regression tests. And the more at least many of them aren't. Because according to this, many enterprise organizations are to increase breach risk because of aging unaddressed application security flaws. And this isn't just applications like apps that might be on your phone. These are applications that might be web apps, they might be applications that are used to run anything from a green screen through a Mac or Windows computer. They did security tests on more than 85,000 applications and found that on average, companies fix just 56% of all software security issues they discover between the initial and final scans. Most of the flaws that are fixed tend to be newly discovered ones well older previously discovered issues are neglected and allowed to accumulate dangerously. So very codes calling this security debt. It's increasing breach risks that many organizations. And when you get right down to it, those older flaws are usually the easiest for the bad guys to breach. Because it's well known how to breach using those flawed vectors. Very interesting. So, bottom line, pull up your socks companies out there that are developing any sort of software. And don't think that just because you're using a cloud vendor for part of it, are you using various API's to go to various cloud vendors to put your overall business operations together? Don't think that makes you safe because it doesn't. And what we're finding now is more and more, that's actually a dangerous, more dangerous way to do it, than writing the code yourself. Then there's all the open-source code and the problems people have had with that. So anyhow, hopefully, you guys, you were attended my security summer this year. We went through a lot of great security stuff that was absolutely free. My master class this week on VPN, hopefully, you attended that. It was absolutely free. had a lot of great questions that we answered. I also want to remind you of coming up this week, the masterclasses about mobile devices coming up probably Thursday afternoon. Sign up now Craig Peter song.com slash masterclass. Okay, Craig Peterson calm. You'll see it on my homepage as well. Have a great week. You've been listening to me on WGAN and online as well. Sorry I got a frog in my throat just in time. Transcribed by https://otter.ai   --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Welcome Back! We are closing up today's show with a few more articles that I found this week for all of you.  We will talk about Smart Devices and Vehicles -- so be sure to listen in. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Problems You Never Knew Could Be Solved By Smart Devices  Bathroom Humor and High-End Executive Cars  --- Automated Machine-Generated Transcript: Craig  Hey, welcome back WGAN everybody out there listening on streaming services and on my website at Craig Peterson dot com. Let's get into couple more articles but a bit of a wrap up in case you missed anything today you will find these as posters podcasts up on my website all of the segments today at Craig Peter som calm, but we just talked about Microsoft warning, as 4700 machines have compromised every day, the NSA advisory on enterprise VPN, some of the major manufacturers out there have some serious problems, and you need to make sure you get everything patched. 76% of us businesses have experienced a cyber attack in the past 12 months. We talked about voice artificial intelligence systems are going to completely replace our phones in 10 years. It's a great little prediction by very by Gary van der Chuck, why you should lie in your password recovery questions, even lied to your bank and business email compromise attacks have spiked 269% in the past quarter. Absolutely amazing. So you'll find all of that and a whole lot more at Craig Peterson calm. And then I also have my report on passwords my special report that you can get by going to Craig Peterson comm slash passwords. Craig Peterson comm slash passwords, you'll find my 10 page report there, you can sign up for my email list, you're going to get just tons of great stuff from this. Also, if you're on my email list, you would have gotten summaries of today's articles, a little bit of a heads up so you know what I'll be talking about. You can actually kind of follow along at home. And you'll find all of these two, if you're watching this on a replay somewhere, you'll find all of this online as well. So it's a I think it's a good thing. And I get a lot of comments from people, which I love to get. So questions or comments. You can always email me ME at Craig Peterson calm, or you can text me anytime you want. And it's not you don't text like me, me. That's the email address. You're going to text 855-385-5553. And I'll give that number out again here in a minute. But 855-385-5553 that ends up in my hands and I am trying to answer and always every one of them. And sometimes I answer them on the show slash podcast. Sometimes I will respond directly to you. But in fact, because so many people were asking about VPN. That's why we spent so much time on them today. And also why I put together that special security summer cheat sheet on VPN and that email as well. So that's how you can have an impact on this show. I'd love to hear from you what questions you have. So this is fun, fun, fun. We're going to start with your Tesla. Have you ever been in a parking lot? And you're walking in the parking lot and a car comes up behind you, you know that cars there? Because you can hear it right? Unless you have hearing issues? You can hear that cars there? Well, have you ever had one of these electric cars sneak out putting you in a parking lot? I have. And it's very concerning because you, you know, you just assume that you can hear a car because they make so much noise at least enough noise that you can hear him coming right? They don't have to be these loud things like these idiots and take the pipes out of their motorcycles. Oh, did I say that? I'm you know, I'm a big motorcycle guy. I love them. I ride them. I've had 13 motorcycles. I think here's my last count. I just don't like these people that are noxious and take the pipes out and make really loud motorcycles. But anyways, so on the other end of the spectrum, you have the electric vehicles. Now there have been some laws passed in various parts of the country and the world that say that the cars these vehicles have to make noise. Now, it reminds me of the What was it called the nutty professor, like 1960 or so it was a Disney movie about flub, and he had the car, he took an old tin Lizzie. And he modified it took the engine out. And so it just was able to run on flipper. And it basically made no noise, right that kind of a bubbly sound. And he ended up putting the noise maker under the hood that made it sound like it really had an engine in it because it was very concerning to people who were out there and and saw the car driving by wasn't making any noise. So these laws are saying the cars have to make noise. So Elon Musk is kind of giving a little bit of a middle finger to this. One of the complaints that has come out in the last couple of weeks has to do with a newer, autonomous vehicle option that is available for your Tesla. Here's what happens. you park your Tesla, you go into the restaurant you come out, you hit a button on your remote, and the car then leaves its parking spot and drives over to you all by itself. So there's a video posted online, you might find a little bit amusing. I found it concerning where this happens. And a Tesla owner summons his car. And apparently he was actually trying to impress his date, right? One of those, Hey, watch this. And that that's usually followed by some sort of a major problem. So the car started driving, someone noticed the car was moving without a driver in the vehicle, and started to freak out trying to stop the vehicle. And the owner said no, no, no, it's okay. It's just an autonomous car, it's just coming over to me, don't worry about it, not a big deal. So he kind of laughed it off. And okay, I'll all's well and good. That's been a problem. So you've got these Tesla's driving themselves in a parking lot, which, by the way, is the thing that these artificial intelligence machines are worst at. And we had an excellent Don remember this about three weeks ago, who was telling us that that is the hardest part of any autonomous vehicle is the parking lot. Because if you're driving in a parking lot, and you're human, you get visual cues from other people, like they'll look at you, they'll wink, they'll, they'll kind of nod their head just ever so slightly. So you know, okay, I'm clear to go ahead. The Tesla cannot do that. It cannot recognize those little human gestures. Same thing with people walking, right, they kind of look over or they'll, they'll wave their their fingers saying, you know, come on, and because they're going to cross in front of you, but they'll let you go first. All of those types of things, these cars don't know that they can't figure it out. So right now, they just go super slow. And if anything happens, they just stop and then they expect the owner to take some intervention. So this is the most dangerous part. So here's what Tesla is doing with the whole thing thing. Elon Musk announced that the Tesla's are going to have customized horns and movement sounds. And I think this is just hilarious. So you might see a Tesla in the in a parking lot or you know, with a driver without a driver. using one of these new unique sounds this sounds include like this is according to Ilan goat, coconuts, and flatulent. I think that's just absolutely hilarious. So you, you might see a Tesla driving around passing cats in the parking lot. Now the coconut thing is really kind of fun, too. Because, you know, if you listen to me for 1020 years now on the radio, you know that I love Monty Python. And so what he's doing is he's taking the sound similar to he's probably going to recreate them but you know, the the print on supposedly on the horse, right, and they're making the galloping sounds with the coconut because of the king cannot afford the real horses, in actuality, behind just a little inside info on that scene, if you've seen it. Apparently, money, Python didn't have the budget for the horses for that scene, until they came up with the cocaine. That's absolute phenomena. If you haven't seen it. 1975 film is called Monty Python and the Holy Grail. There are so many funny things in there. Anyhow, we've had horns around forever, but this is absolutely new. You'll find that whoo guys sounds, there's just going to be all kinds of very cool stuff. Okay. California, by the way, a horn has to be capable of emitting sound audible under normal conditions from a distance of not less than 200 feet, and it cannot go over 110 decibels that's actually really loud and decibels. So keep an eye out for special sound effects for your electric vehicles, at least from Tesla. And there will be aftermarket just like we talked about Amazon and with the Samuel L. Jackson, voices that are available coming up here for your Amazon Echo for your Alexa, you will be able to buy aftermarket sounds I'm sure for some of these things. And our Our final story of the day also talking about autonomous vehicles. This would totally freaked me out more so than seeing a car without a driver moving. We have our smart homes and you know, we're constantly being warned about the Internet of Things and be careful. Some of this stuff can be very, very negative. We don't want to have you know, real problems here. So none of that is new. But there is a new device out from a company called Smart can SMARTCAN number This isn't just like having your wall talking to you, you know about the temperature. This isn't about, you know all of the normal IO to T things. This is something made by a company called Razzie that I'm going to quote from their site eliminates the need to take a homeowner's garbage can to the curb by providing a plug in play motorized trash can attachment and mobile application so you've got your personal trash can or maybe it's a city issued Trash Trash Can one of those big resin things whatever might be you just put the trash can on this thing and you can have this trash this smart can that one by the way the proto labs cool idea award and no longer do you have to take your trash to the curb it's going to happen happen automatically it's very cool looking at the picture of it I think it might have some trouble with my driveway cuz I need to get my driveway resurface. It's got some major divot but you know normal one certainly a city one where you've got a concrete sidewalk in front of your house it wouldn't work. Anyhow very cool. Smart can check it out. Alright everybody, thanks for being with me today. If you want to pick up my password special report this 10 page special report. You can get it right now. Go to Craig Peterson comm slash passwords, plural passwords Craig Peter song.com slash passwords. And I'll send it right to you have a great week. I'll be back with Ken and Matt. Wednesday morning at 730. You're listening to Craig Peterson online. Craig Peterson dot com. Take care everybody. Bye-bye Transcribed by https://otter.ai --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Welcome Back! It does not happen often but when it does, it is time to pay attention.  The NSA has issued an advisory about a particular vulnerability that is present in some of the top VPNs out there.  If the NSA is warning you it is probably because there are nation-states using the vulnerability. Listen in and I will break it down more  For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Popular VPNs Are Vulnerable To Exploit  --- Automated Machine-Generated Transcript: Craig  Hey everybody, welcome back, Craig Peterson here on WGAN. And of course online as well, you'll find me there at Craig Peterson dot com and, you know, streaming pretty much everywhere and, and having a good old time helping people out. I just totally appreciate all of the notes from people special shout out to Brad, in fact, this week because of a couple of things he said, and I just totally, totally love it. When the listeners go ahead and let me know what they like about the show and some of the pros and cons to things so good all the way around. And you can reach me, by the way, anytime by just going ahead and emailing me me at Craig Peterson dot com or, of course, you can text me anytime. Just at 855-385-5553. All right, everybody. We'll give that number out a little bit again, later on. We have as usual, just a whole ton of stuff going on. And in this last hour, we're going to be talking about an NSA advisory on some VPN problems if you have been hearing about VPN, I'm going to talk about VPN a little bit here later on. And this is probably the number one question I have from people is all about VPN, what, you know, what should they use? When should they use it? Because we're hearing these ads for these, you know, $3 a month Norton VPN and other so why are they so cheap? And what are they doing? So we'll talk about that. And this NSA warning. And this NSA warning applies primarily to VPN, that are being used by businesses, so businesses that buy VPN, VPN software and hardware, we're going to talk about money, Microsoft, they are warning right now that there are 4700 machines compromised every day right now. So are you one of the 5000. So we'll talk about that and what you can do about it. And a couple of fun articles, as well, we'll get to about some autonomous vehicles. Both of these are about autonomous vehicles, different ones, ones from a company called Smart can and one from a company called Tesla. So anyways, everybody, thanks for being with us today. And for following along. I'm fairly new on WGAN. And so just by way of introduction, I have been doing security cyber security for businesses now for going on. Well, actually, yeah. 30 years. Now, that sounds like a long time, doesn't it? But any. I've been doing this for a very long time. And I follow it closely, because I'm what happened to me, because I was effectively hacked back in the early 90s. And I had a business that I had been building for more than a decade and, and thank goodness, I didn't lose much. But I certainly lost a lot of goodwill for my client. So it really got me to wake up find out more. I finally found out why antivirus software was even useless. Back then 2530 years ago, and also how, frankly, the bad guys use zero day vulnerabilities and everything else. So that's what I've been helping businesses with forever, because I've been on the internet since about 80. Man, what was it 83? I guess it was somewhere around there. Yeah, probably about 83. I'd have to look at my my chart, my dossier of the stuff I've done over the decades, but I've been on the internet for a very long time. And it started out as this wonderful Kumbaya place. Everybody on it was an engineer, you either were in a university, or maybe you were working for a federal government or government contractor. And it was really, it was a fun time back then. We kind of all knew everybody because there are so few people on the internet back then. And of course, the internet itself goes back a good decade before that. And then it didn't become public until October of 91, September, October, when you could finally legally conduct business on the internet, you couldn't do it legally before then. And then it's grown to the point we have it today many years later. So we've got a big anniversary coming up in 2021 will have to make sure we do little celebration there. So I've been involved for a long time I got hit I learned on I'm kind of one of those pioneers that got all the arrows in my back. And now I'm trying to get that information out to everybody. And as you know, brands comment this week, in fact, and you so you may not know. But I really try and help and I give away a ton of stuff for free, of course have to keep my lights on. So I do have paid clients as well. But I give away a lot more than anyone else in the industry. That's what I'm told all of the time. And you should have this week gotten copies of you signed up for my security summer, I reset all 28 of my so called cheat sheets that amount to over 100 pages of content on what to do in various aspects of cyber security. So that's business that's home, I have a whole retiree thing that you should have gotten yesterday, if you are on my list. So I'm I'm just you know we're producing content. And typically when I share with you guys for free is the stuff that's a beta stuff kind of my first time around it ZU very useful, as Brad and many others have said, but it also is kind of leading in so I'll take that and turn it into some paid projects as time goes on products I should check. Alright, so where to start here. Let's start with the VPN thing. And then we'll get into the Microsoft thing. And then we'll have the fun stuff here at the end. But the NSA, this is no such agency, you, man that used to be what they were called the federal government denied his existence. And, of course, we had not very long ago now, maybe a decade. I don't know, man, time flies. But we had Edward Snowden coming out who was an NSA contractor, who were saying, whoa, wait a minute now the NSA is doing all kinds of things that Americans aren't going to like and that are potentially beyond their charter ended turned out that yes, indeed, they were beyond their charter. A lot of people got very upset. And the Department of Justice ended up saying, Hey, Mr. Snowden, we've got to watch out for your arrest. So he's been hiding out in various embassies, you know, the Ecuadorian embassy for a long time over in Russia and stuff, so that the NSA doesn't find him so that they they don't abduct him and bring him back to the United States due to face trial? I don't remember if they tried him and obscenity or not. You know, they might have I'm really not sure. But whole chain. So the NSA once again, and this is as of about a month ago, President Trump has changed their charter a little bit, which I actually like, instead of just trying to break into people's computers, monitor American citizens phone calls, who are they calling? What are they calling? Where are they calling from, etc, etc. The NSA charter has been altered a little bit to say, hey, NSA, when you find vulnerabilities instead of just trying to use them, in order to hack into foreign governments, computers or Americans computers, we want you to share that information with the public, a very, very big deal. And so the NSA actually has been doing that. And they are warning right now in this is from an article on dark reading that you'll find that Craig Peter song calm. There on my homepage, just scroll down a bit. And you'll find that on in it's called NSA issues advisor on VPN, vulnerability tree, tree Oh, here, there you go. That there are three major VPN providers out there that are in big, big trouble. Now these are called enterprise vulnerabilities. Certainly, as I've filed them with their vulnerability databases, solar winds, main major problem with their Daimler Mini, remote client, SAP Financial Consolidation, very big problems. See here, some other ones here. But they boil down to a number of specific pieces of hardware, that from some specific other vendors names you might recognize. And those names are Palo Alto, which I know a number of businesses that are running the Palo Alto stuff I have learned about that Palo Alto was definitely cheaper than Cisco. But they've had more security problems or younger company, they're criminals nowhere near as fast. And they don't have the Telos team behind them. So I'm not a fan of Palo Alto. So But anyways, big time Palo Alto global connect or excuse me, palo a global protect VPN, remote execution bug here that's in the wild. For dinette. Another company that I very familiar with, and we can sell with Mike from my company, but we don't, for the net for the gate VPN client has another one here, active exploitation. And there's a couple of others. But here's the bottom line, okay, this, this applies to everybody. If you have a VPN client, or a VPN server, if you're a business, that's usually what you do, make sure you update your software now know that it's very, very difficult to do, especially if you're talking about a piece of hardware, where you have to update the firmware that's in that device. But believe me, you want to do that. So if you have any sort of hardware right now, please take take the time this could take you hours, okay? Because if it can be very, very difficult, and I wish I could produce an information product about this stuff. But the problem is there's so many pieces of hardware, so many manufacturers, each manufacturer has multiple pieces of hardware, each piece of hardware may have multiple ways of updating it. But you've got to update it, you got to download the firmware for your Wi Fi devices. You got to download your firmware for your firewalls. And as it turns out, right now, even some of these enterprise VPN controllers need to make sure we need to make sure that you update the firmware in those things too, because there are some serious problems with it. All right, we're going to talk more about VPN when we get back so stick around. You're listening to Craig Peter sauna WGAN online. Craig Peter song.com Peterson with an old By the way, stick around We'll be right back. Transcribed by https://otter.ai --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Welcome Back !   Technology is advancing and we soon may see that our communications may not involve cell phones at all.  For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: The Future Communication Means No Phones --- Automated Machine-Generated Transcript: Craig 0:08 Hello everybody welcome back Craig Peter song here WGAN online live on YouTube and Facebook you can watch the replays if you want you can just go to Craig Peterson comm slash YouTube if that's where you want to go, or Craig Peterson com slash Facebook. And both of those will take you to where you want to be. And today we've been talking a lot about password so far. Want to point you to Craig Peterson comm slash reports. That's a lot of slashes isn't it. But it takes you right to where you want to be. Or right now on the homepage, you'll get the free special report on the whole thing about passwords here this 10 page report and comparisons between different types of password, you know, pros and cons, password managers by just going to Craig Peterson calm and signing up on the homepage if you don't have that report so far. Now, last week, we gave out this quick start guide. That is never I have never ever given away before. It's always been part of a paid program. We had a few dozen people who picked it up. So congrats to you guys and gals. This is absolutely phenomenal. It is such a good report. So don't miss out this week on my password special report. And then we'll have another one next week. Because we have quite a few of these, we've been producing them getting them out and everybody's hand. And you can get them quite simply. And if you're already signed up on my list, if you're getting my emails, you can pick those up as well. And we link to them in the emails and you can grab them by signing up again, on the on the homepage, you'll only get one copy my email, you can use the same email address, so don't worry about that. We have our phones right there, there's always a newer better phone out there. My phone, if you're watching here on on camera, this phone and I've done this for years has a battery on the back. So the phone is actually not this big. But what the battery lets me do is keep it pretty much fully charged, which is nice. So I do let the battery run down every once in a while lithium ion batteries don't have the same memory problem. As the older types of batteries used to have right? Then nickel metal hydride, and then nine cabs, they were the worst, they were just terrible. So this is really a great little thing that you can do. By the way, it's really handy. So let's talk about this whole thing about phones. There's always a new one, right? We've got the new phones from Google, new phones from Samsung new phones from Apple. How long do you keep your phones for? I tend to keep mine for four or five years. Typically, if there's a feature I really need to have, then I'll get one. But the I still have an iPhone eight. And I got this because I wanted the 4k video. And it turned out I didn't really need it. You know, my whole studio is entirely 4k video that I used to do my trainings and produce some of these different types of videos that I do, right the classes and things. So it's, you know, 4k. So I figured, well, I need to have a 4k camera on my phone in case I want to shoot something. And that just hasn't worked out. I just haven't bother doing that. So what I have done, however, is I have made my phone last as long as I can, right? I don't know, maybe I'm cheap. But But I don't need the latest greatest. I just need the features, right? I buy a phone because of the features. Don't buy a phone because of what I think other people will think of me. But you know, that's me, I have a buddy always buys the latest iPhone always, even though he doesn't even know how to use this silly thing is always buying the latest. And I you know, I think he likes toys. But more than that, I think he he thinks that brings little status to him. And if he's listening right now, he probably knows who he is. So anyways, if you keep your phone for five years, do you realize that you may only have one more phone to buy before phones are obsolete. That is a real fight. Frankly, we're seeing artificial intelligence showing up everywhere. Now I talked about this a lot. My last show, we talked about some of the AI some of the deep fake stuff we talked about the AI the G is using in GS latest car, DR. x ray machine, that's what it is, is a whole set system. And it detects some various types of lung problems, energy texts it in just 15 minutes instead of eight hours, which is what has been taken. So that's really cool. That's what you like to see. Now Amazon has out their new Samuel L Jackson announcement, where he's going to replace the standard voice that's there in your Alexa in your Echo device. And they are also going to have some other voices, but much of its going to be artificially created. There is the other side to this. And there were many, many people who are complaining about the other side, which is when you give a command to one of these devices, if you say turn on the lights, or what's the weather for today, it records what you're saying. And it sends it up to the cloud. Now Apple does not do this apple, most of the processing actually happens in your phone. So your voice isn't recorded. Google and Amazon and some of these others, were using third party contractors to listen to what you said, in order to determine if it did the right thing, which is legitimate, right? You You want to improve the quality, and how else you're going to do it unless you have a human listen to it as well. And so that's what they've been doing. And people got very upset. So Amazon has an automatic feature. Now you can turn on that. delete your recordings, after three months, or 18 months. So the longer you can keep your recordings, the better can understand you because it uses those older recordings to analyze to figure out what you might be asking for what you might be saying etc, right. So all of that is available right there for you from our friends at Amazon. Well, this voice recognition keeps getting better and better and better and better. And we've got an entrepreneur, Gary venue, Chuck, who I have followed in the past as well, Brian little guy, actually is not that small. And he is quoted here in an article from the Daily Star over in the UK, I'm going to pull this up here on my screen. Okay, so that's the last one, let's push over here, okay. And what he's saying is that AI is going to connect us to the internet from anywhere and everywhere. And it's going to let us just talk to our devices to access any information or make any purchases. So basically, what he's saying we'll see in the future is a very simple system where we're wearing maybe like a Dick Tracy watch, think of an Apple Watch, is Apple Watches now even have built into them cellular data modems. So think of something like an Apple Watch. And you're not going to have to type a single thing, which is just absolutely amazing. He was speaking at the World Congress on information technology in Yerevan, Armenia, and he said that humans will only have to speak to an AI that is everywhere around us to get what we want. That part's a little concerning to me, right? Ai is everywhere. Well, if it's on your wrist, that's, that's not really everywhere, you can certainly turn it off, you can leave it at home, etc. But we have seen some amazing AI technology in our homes. And I have to agree with him on that one. Because we have my wife, one of my daughters, I think was the first in our house to get one of these Amazon Alexa echo devices. But there they are everywhere. And we're going to talk at the end of the show today. I've got a couple of really cool fun articles, we're going to talk about some of the ways this technology is going that I certainly wasn't expecting. But we've we've got to be able to who get access to the stuff we want when we want it when we want it. So it's we're going to have the systems tied into our cars and our homes, everybody, our offices. He said there be no reason to grab your phone in the morning to see what the weather is. If you have software like Microsoft Outlook, for instance, for email, it's using a type of artificial intelligence to determine whether or not it should show you an email article. So this stuff is coming. It's here already and within 10 years that for me that's two phone cycles. I'm going to have two more phones. We won't have any of this stuff anymore. So you can watch this live Craig Peterson comm slash YouTube or Craig peterson.com slash Facebook. You can see the video. And of course you're listening right now on WGAN. Will you'll find us on both am and FM stick around We'll be right back. Transcribed by https://otter.ai --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Did you download a game made by Zynga?  If so be sure to change your password. They were the victim of a big hack and lost 218 million users personal information to a Pakistani Hacker who goes by the name, Gnostic-players.  For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Popular Game Breaches Personally Identifiable Information of 218 Million People --- Automated Machine-Generated Transcript: Craig 0:04 Hey, welcome back, everybody, CraigPeterson here on WGAN and online at Craig Peterson dot com. Hey, if you're listening to this as a podcast, I would love to get a five star review from you. That's what helps other people find my podcasts and also course will helps with the dissemination and everything else. It makes it easy for you to be able to listen to it automatically every week, whether or not you have iOS go to Greg Peterson comm slash iTunes would absolutely love to have you give me a five star review over there, even if you don't end up subscribing. So back to Words with Friends. Man, this is an allegation here there is some proof that maybe this guy did it. Zynga did release a statement and saying that Words with Friends did have data compromised, apparently as well as another title called draw something. Quote, we recently discovered that certain player account information may have been illegally accessed by outside hackers, while the investigation is ongoing and we do not believe any financial information was accessed. So what do you think's going to happen here? How many of these people are going to end up going into jail? How how much of a find you think think is going to have? How much you find you think you are? I would have it is absolutely nuts. So this guy, this gnostic players guy told ZD net, by the way, that he hoped to put the data of 1 billion internet users up for sale. And by April of this year, so what about six months ago, he had reportedly stolen about 932 million user records from 44 companies. So it looks like he's actually making some headway here on his threats. And, and that's not a good thing, frankly. So this goes back to the whole password thing. Now I have a password specific special report that you might want to pay some attention to. Because if you have played Words with Friends, or again, the sister software to that called draw something, you need to change your password now, but I want you to understand how to change it, what you should do when it comes to changing your password. Because there are password managers out there, some of this stuff is free. And there are some very good free password managers. There are password managers you shouldn't ever use. And there's some that are really great with teams and pros and cons. So again, here now I've got another free guide for you. Now the Quick Start does lead you through a little bit of the password stuff. But it's only one page out of 32. The special report on passwords is I think it's six pages long. And it's specifically about passwords about using password managers what the best ones are and it'll let you click through to sign up on those password managers if you're interested in them. And I don't make any affiliates on any of that stuff commissions although if I did, it would be pennies. But he because these things are so cheap. So here's how you get that right now now this is going to change I'm sure but right now if you go to Craig peterson.com slash subscribe, Craig Peterson comm slash subscribe, you will get a new subscribe there you will get a my special report on passwords and password management, I think it's very important to do. Because again, you got to change your password. But one of the things that people seem to forget all the time when it comes to passwords is you should never ever use the same username and or password on more than one site. Because here's what can happen. Let's say the guy got your account information from Jenga, because you played Words with Friends. And in that in that account information, let's say there is your email address that you use to sign in. And on top of that, now there is a password that you use to sign in. Now some people will sign in using your Facebook ID or maybe your Google ID. I never ever ever ever do that. I don't use Facebook login. I don't use Google login, for few reasons. But one of them is. In both cases, the main reason they're doing that is they want to track you when you're off of their website. So they know you just logged into Words with Friends, for instance. And in some cases, they get even more information than that, that you may or may not want them to have, frankly. So I never use those. I always use email and passwords. Now here's a trick you might not be aware of. Most email accounts allow you to use a plus sign in your email address. So for instance, with me my my email is me at Craig Peterson calm me at Craig Peterson calm, right people send me email there all the time all day long. But if I want to sign up for a service, I will sign up as me and then the plus sign. And then in this case, I might do Zynga because that's who it is who who I'm signing up with Zynga which is NYNGA or ZYNGA depending on how far north you live. So I would say me plus Zynga at Craig Peterson calm. So what will happen is that email will still get to me and Google does support this I'm quite sure at least I used to. and many others do as well. I think Microsoft Office 365 supports that. I think you have to turn it on. And so what happens is email comes in. So I know for instance, at Zynga sold my email address to somebody or maybe it was stolen from Zynga because I only ever use that email address for Zynga. And yet I'm only I only have the one account. It all goes into my me email box at Craig Peterson calm. So I have made plus single add Craig people on.com I have me plus Cisco, Craig peterson.com, etc, etc. You see the pattern here. And I can also now use filters on my email so that I can set up mailboxes. So anything coming from Zynga gets I don't care to see it right away. So anything that goes to Craig plus Zynga Craig Peter song com or me pluses and got Craig Peter song com goes directly into the Zynga box, or maybe it goes to spam or however I want to handle it right. And then I'm I'm not even worried about the from address because I know that the address I signed up with is unique. So now I have a unique email address for that website. And then I use a unique password every time it's unique. And I use one password personally. And you'll see a description of one password in my password special report that you can get. And you even if you're already signed up for my email list, if you go to Craig peterson.com slash subscribe, you can get this again. Okay, you can sign up again and you'll get the special report on passwords. So I use one password and I have it generate for random words typically. So it'll give me a password that is this dash that that something dash else just as an example here. But for words that make it almost impossible for someone to break. Now some websites are still using the old standards that are proven to be not effective, where they'll require you to use special characters, upper lowercase digits and things. And in those cases, I will use those and one password will generate those for me as well. You can just you can mess with the formula. So I really love it. But the reason I just use plain text words is they're easier to type, especially if you have to type them in on a mobile device. That was one password. It's installed on my workstation, my laptop, my iPhone, my iPad, so I never actually have to remember it. It's all encrypted. It's all saved on iCloud encrypted as well. So if I create a new account on this machine is going to show up over the it's just fantastic so make sure you get this it's very important I think that you do have it because it is going to help you so to get this password special report Hey, it's special report day isn't it? Just go to Craig Peterson comm slash subscribe. That'll get you on my weekly newsletter let you know about the free classes and it will also get you my I think it's six page special report on passwords and password managers. You're listening to Craig Peters on right here on WGAN. Stick around because I'll be right back. Transcribed by https://otter.ai   --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

  Soon we will 50 years of the moon landing, why do some think we were never there? The cybersecurity gap and flaws in both iOS and Android apps. The U.S. launches a cyberattack on Iran How much liability do you have for a data breach? I am planning a Security Summer for my listeners.  I will have some free courses.  I will also introduce you to some of the software that I use for my clients and how you can use it too.  Also, I have some limited opportunities for businesses who have had enough with their security issues to work with me and my team and put their security problems to rest once and for all.   So watch out for announcements on those. For more tech tips, news, and updates visit - CraigPeterson.com --- Transcript:  Below is a rush transcript of this segment; it might contain errors. Airing date: 07/06/2019 In a few short weeks, we will celebrate 50 years of the moon landing. The cybersecurity gap and flaws in both iOS and Android apps, the cyberattack on Iran and data breach liability. ---- Craig Peterson Hello, everybody and welcome course, this is Craig Peterson, your host for the next time, give or take 27 minutes, we're going without commercial interruption again, we are going to be talking about some of the details of our lives are digital lives. And with the 50th anniversary of the moon landing coming up, we wanted to go through some of the facts there, because we've had a lot of people who seem to be confused about it. And it's kind of amazing to me because I remember it so well like it was yesterday. But it's amazing to me to think that more than half of the people alive today. Were not alive when the moon landing occurred. And, you know, that's just a matter of perspective. So you're, you're talking to me, and I'm a little bit older, I guess. And then most people if that's the case, but anyways, talk a little bit about that, the cybersecurity gap. And some interesting observations that were in Forbes magazine here this past week about it. flaws in our iOS and Android apps, you might be surprised. But there are security flaws in almost as many iOS apps from Apple, as our Android will tell you why. And what those are. We have some new Mac malware that's out there right now. And this is an interesting one because this could go both ways. You could call this a user error. Or you might want to call it a security problem that Apple has, or maybe Apple created, but it is behaving the way it's supposed to. Third-Party contractors, this comes from this week, I did a big presentation for University of New Hampshire group here. It is a mastermind group of CEOs. And we were talking about the biggest liabilities, and more than 60% scent of your fast is coming from inside. And that includes contractors. So we'll talk a little bit about that couple of warnings here from 3 am, about business travelers, we got to talk about this, the US has launched a cyber attack, instead of launch launching a kinetic attack, and we'll talk a little bit about the implications to you and your business because of that. And there could be some enormous implications there. And a little bit more here about liability for a data breach. So we're going to talk about all of this right now. So let's get into it. First off liability for a data breach. As I mentioned, I had a great presentation, and I think it was created at a lot of compliments on it, as I spoke at this mastermind group for the University of New Hampshire. And it was kind of fascinating because there were several different CEOs, I guess this group has kind of a non compete thing where none of the members can compete with each other. I'm in a mastermind group, a paid group and there, they don't have that restriction, you have to be a good person. But there are people in your same line of work, I kind of like that. As a general rule, there is a lot of business out there for everybody. When you can talk to someone that speaks your language in your line of work about what's happening is important. I had a few people comment afterward, the stories that I will Vin about clients of mine, that have had security problems, we're unable to solve them themselves. You know, they tried, obviously, but they weren't successful, because they got hacked, they got breached. So, you know, I use a lot of stories with some of these things. And when we're talking about a data breach and your liability, I did bring that up this week. But it's huge. And we're talking about an average cost right now, for a data breach of over $7 million. Here in the US, it's 3.8 million average, worldwide. But it's about twice that here in the United States. As we look at some of the data breaches, it's going to continue to grow. There's going to be more and more companies that are failing to assess their systems for security flaws. And that's why you got to have a third party come in, and you can't trust your CIA. So your security person to do these types of audits, you need a third person to do it. And then you have to plug the holes. And sometimes you can have that third party do it because maybe they know what they're doing. Many times, if you're a slightly bigger company, and you have your own IT staff than your it, the staff is going to do it. But you got to think about who when you get hacked. What are you going to do? Your data is gone, you know, are you out of business is your goose cooked is the expression, great article, and Kiplinger that I have up on my website right now about it? And are you as a business person on the hook for any losses sustained by the client, and I spent some time in the presentation talking about insurance. And that is an essential thing to have. for your business. However, more and more of the cyber liability insurance claims are getting cut back or even denied. Because the company hasn't been doing everything that they should have been doing, even not doing things are listed in the contract insurance contract. So two main ways that civil liability for a data breach can occur. One is finding negligence. You have to be aligned with the peers in your industry, the best practices if you will. If you're not if you could have had better protection, then yes, indeed, you may have civil financial liability and some of those governmental fines we've talked about on the show before. And secondly, even if you did everything that was required to prevent a data breach, it could still happen. So then the next stage is, did you do enough after the event to reduce the harm to the people affected? You know, did you notify them right away? Did you take immediate investigation remediation steps? Did you contact law enforcement? What did you do after the fact is considered reasonable? All the things we need to keep in mind as we are business people. And having that plan in advance can save you a ton. I went through some of those statistics as well. Here are some good points for everyone to pay attention to one have a breach coach who can help you put together your breach plan and then run the ball response and get an attorney involved getting them involved early. Everyone should know what their roles are. That's part of what we have, that's going to be part of our security summer this year. So make sure you're signed up. Because we have some documents about what your plan should look like who should be involved whose responsibility is each part of that, then so that it just makes a huge, huge difference. These people who are most liable if you're a consumer, and you've had your information breached, pay attention to this as well, because you have the other side. One, if you collect payment information for online sales, if you maintain a database of personal information on current past or prospective customers, and say you have employees, if you store information about employees digitally, including social security numbers, medical information, guess what we're getting into their the HIPAA regulations, I bet you thought if you weren't a medical practice, you didn't have to worry about it HIPAA while you do if you have employees, if you rely heavily on technology for daily operations, remember, you're going to be out of business out of operation for days, weeks, or even longer. If you are located in any jurisdiction that has a mandatory Breach Notification laws. Right now, that is true of everywhere in the world. Well, you know, the first world countries, if you will, the United States has them. For every state, there are some federal notification laws. Depending on what type of business you have. Same things true in Canada, the same things true throughout Europe. So be careful here too, with cyber insurance coverage. And we talked about that this week with the UNH co people, and what you should have what you can expect from cyber insurance coverage. And again, we'll talk more about this during our security summer, and if you haven't already, make sure you sign up, go to Craig Peterson dot com, and you'll see a sign-up, come up right at the top of the homepage, you can sign up right there. And I'll let you know when the security summer starts. But we're going to be covering all kinds of stuff about firewalls about backups about the liabilities, CEO type things through home users, and what you can do what you should do. Mac This is called malware. As I said, I kind of debate, whether it is malware, because the software is behaving as expected. Mac OS has something now called gatekeeper. And it keeps an eye on the programs on your computer, what you download where it came from, is it signed. And it allows developers to have software that you download that is signed, and then refers offsite to allow you then to get additional files, get it a database server. And in this particular case, that is being talked about over on ZD net. At lunch, you gain access to a file server, and it's called an NFL server. And this is the calling that ZD next call is a security flaw. I'm not so sure it's a security flaw. Apple has known about it for a month, they haven't patched it, it would be easy enough to patch, but it would also break a lot of good software out there. So here's the trick. If you're running a Mac or a PC or anything, do not download software from sites that you are not 100% confident can be trusted. It's just that simple. It's back to the brass tacks. get right back to it. What are the brass tacks and security one of the first is don't click on stuff? In particularly don't look download and run software that is on your, you know, on a web browser that you're putting on your computer. Now we know President Trump said he was going to respond to the Iranian aggression and shooting down is drunk. And there's dispute by Iran whether or not the drone was in the Iranian airspace. And there's some question about that, too, because the United States, for instance, claims a 200-mile jurisdiction. the international agreement says it's a 12-mile zone, and some are 20 miles, and the Straits of Hormuz are I think it's 12 miles there the narrowest point. So was it an international space? Technically, yes. Did Iran claim the space it was in as their own? Well, they did. So President Trump pulled out of this kinetic attack, we were going to bomb, there, the radar installations and the missile launch in facilities. It came out this last weekend that we hacked them. Now, I found out something exciting about this Russian power security breach that happened a couple of weeks ago, don't know if you heard about that. But apparently, we broke into and had control of several Russian power stations located in Russia. We flipped the lights on and off a few times to let them know - Hey, guys, we're here, Quit messing around with our elections and Quit messing around with any other stuff that's out there. We have that capability. President Obama put some cyber offensive capabilities in place, and President Trump has upped the game there. And apparently what he did this was the report from last week weekends he authorized our cybersecurity guys to attack Iran. Now, when Russia attacked Ukraine, of course, that piece of malware spread worldwide and brought down hundreds, thousands of computers, s down, taken off the internet, and many others were ransom because Russia did not have control over that malware. We got malware into some of their missile launch systems. And we were able to shut them down. And possibly it didn't spend any farther. Just like when we got into their centrifuges for making bombs for their purification of uranium, that code did not get any further than the centrifuges and destroyed them. Now, we went after them, and US businesses now should be ready for what's going to be a massive attack from Iran. We remember Iran doesn't have the finesse we do, and they don't have all of the talent that we do. And they don't care if they're hitting a military target or not. When it comes to CYBER WARS, these retaliatory strikes from there are very likely to hit pretty much anybody here in the US. They've already been attacking us before President Trump launched this attack, apparently against them. According to The Washington Post, Iran has been bombarding US businesses with software designed to wipe the contents of networks and computers, rather than to steal their data, which is rather interesting. It was from Chris Krebs, a director of the Homeland Security department's Cyber Security Division. And what that means is if the Iranians get ahold of your business systems are your home system, they are going to wipe it clean. So make sure you have excellent backups. Again, if you don't make sure you attend my training here my security summer because we're going to be going over that this is free people. It's free for anyone to attend, you can upgrade if you want to that's paid. But you're going to get all of the core information absolutely for free. And I think we're going to do it is no matter where whether they pay you or not, you're going to get all the information for free. The same data, let me put it that way. Whether you decide to get the golden ticket, or Jessica can do it for free, that that's what I'm doing for the radio listeners, anyone can attend because I want to get this information out there. So be prepared for the Iranian attack, they've already started attacking our businesses, we've already had North Korea attack Russia. I mentioned this that the CEO presentation I gave this last week for the UNH group. I was looking at one of our customers, just at their website, and looking at the firewall because we have some very advanced firewalls sitting in front of even web servers. These firewalls that we were looking at just for that one web server, we were logging, five attacks, which was just crazy. Five attacks from Russia! It wasn't as I said, it wasn't only five attacks from Russia, it was five attacks per second, on average, over the last 36 or 48 hours. It was just crazy how they were getting just nailed, nailed, hammered. You guys already know, if you listen to me for a while about a client that we picked up, that had been having email issues. We looked into it, and we ended up we asked the client, it was okay to do this. We ended up bringing the FBI in because we found Chinese back doors into their systems. And they were a manufacturer, they had all of their plans, of course, electronically, all of the manufacturing, etc., etc. So now what now they get to compete against China, with their designs. Amen. To me, that blows my mind, frankly, how could you? How could you do that? It's, but it's ignorance. It thinks you're okay. Going back to this story, let me go back to this is the one from Kiplinger, I was referring to earlier here, here's a great little quote from the author here, Dennis Beaver. He said my father is a dentist, and up in years, his office has all of his patients records stored electronically, which he accesses from home from his laptop by leaving the server always on at the office. I mentioned this to a geeky friend. And the next day, he showed me dental records from my dad's office that he had hacked, he claimed to be doing this as a favor to get my father's attention about cybersecurity, and I believe them. So by the way, be careful, don't just to that without permission. We have ethical hackers in my business here, who are doing penetration testing, but we make sure we've got full approval from the company. So don't, don't just go and do this. So the story goes on. I told that, and he immediately changes passwords but didn't seem too bothered. There was another one. I knew one fortune 500 companies CFO who used the same password for over ten years, most think that it's a joke, but it was improved. It was not so funny after they found his credentials in seven data breaches used to hack the company's email servers, spoof emails, and steal 10s of thousands of dollars without anyone noticing for months. We picked up a client here, a local one here in the northeast who had had $80,000 taken out of their operating account. Of course, they noticed it quickly, but not before the money was gone entirely. So be very, very careful, we're going to cover these things in our security summer, again, just Craig peterson.com. And subscribe right there on the homepage. And we'll let you know when that starts. That's probably going to be mid-July by the looks of things right now. And we're talking about 10 to 15 minutes sessions a couple of times a week. And we're going to keep them up for least a week in case you miss it so that you can watch one of the replays a little bit later on. Okay, man, we are almost out of time here. 76% of mobile apps have flaws, allowing hackers to steal passwords, money, and text. These are some high-risk vulnerabilities that are common across Android and iOS, Android has a little bit more risk than iOS, were talking about, but 5% higher risk. And this is according to a company called positive technology. And they went in and looked at some of these mobile apps and the biggest problem in secure data storage. So be careful about that. Again, Cisco has an answer to that. And with iOS, it's just phenomenal. Nobody has anything like this other than Cisco. But be very, very careful because there are other products out there that could be useful to you. But remember, any data stored can be stolen, you can't necessarily trust the app developers, they might be taking your data. Great article, you'll see it on my website. It is from Forbes, and this is about the cybersecurity skills gap and how classrooms are not the solution. Have a look on my website for that one. Business travelers, something new called visual hacking coming from the Czech Republic. Again, that's up on my website and in this morning's newsletter, and the US launches a cyber attack aimed at Iranian rocket and missile systems. I'll talk a little bit about that. We've got a couple of great articles, online. I spoke with the UNH CEO mastermind group this week about third party contractors and why they are our weakest cybersecurity link. And they're just not being held accountable. You know, if you ask people who are the biggest cybersecurity threats out there, who have I talked about today? I've mentioned what Russia, China, I mentioned North Korea and Iran. You'd be right. But those countries are the most significant foreign threats. As I said this week at the speech I gave, the real problem is internal. And by internal, I don't just mean your employees, I mean, your contractors. It's one of the things you have to go through you have to consider penetration testing, taking an analysis of your business, and the data security. Here's the Customs and Border Protection. I talked about this a couple of months ago, on May 31. So it wasn't even two months ago, they had a breach where 100,000 people were photographed inside vehicles, crossing the border in a couple of lanes, and included images of the vehicle license plates, maybe some other stuff that was that stolen, it was taken through a third-party contractor that was doing work for Customs and Border Patrol. The most signal severe breaches of the last ten years have also been self-inflicted. So let's look at this one. It appears in The Hill from Flexiera. Patches were available for 86% of the vulnerabilities on the day of disclosure. In other words, when these companies came forward and told people about the hacks that had happened 86% of those hacked, it didn't have to happen, because there were patches out already. Okay, other breaches. They gained access by compromising third-party vendors like were talking about and stealing their credentials to log into the corporate network of the eventual target. Speaking of Target, back in 20 1340 million credit cards lost through a third party air conditioning provider that was hooked up to the corporate network, all they had to do is break into the air conditioning system. And now they had a launchpad. Think of what happened out in Las Vegas, a beautiful big fish tank, and they put a smart controller in it that would warn them when their temperature got too cold because the fish are so expensive. It was hooked up to their network, and it was compromised and used it as a launching pad. We see that all the time with cameras security cameras. They breached the Office of Personnel Management through Key Point government solutions. A third party used by the Office of Personnel Management. And it gave China 21 million personnel files including background checks on top security clearances. In 2017, Australian defense subcontractor lost 30 gigabytes of highly sensitive data, including information on the Joint Strike for Strike Fighter program. Crazy. By the way, they had not updated their software in 12 months. In 2018 China compromising network of yet another defense contractor doing work for the Navy. Our technology, our advances our military superiority were stolen from us, again, from the hill in an assessment delivered to Navy SECRETARY RICHARD Spencer in March and reviewed by the Wall Street Journal, the Navy and its industry partners are under cyber siege by Chinese and Russian hackers. So think about all of that when you are thinking about your business and even your home computer. Segment your networks, break them up, use good passwords, this is all stuff we're going to review in our security summer. Again, Craig Peterson calm, you can say him, email me and I'll let you know when it happens. Me at Craig Peterson calm. We're going to cover all of this. So you guys know what to do, whether you're an individual, or small-medium business because in most companies face it, who's the computer guy or gal? It's whoever likes computers the most, or maybe whoever wanted to raise they're not necessarily computer professionals. And it's extremely, rare that their security professionals, security professionals, you know, we're working every day trying to keep up to date. And I've been doing this for 30 years, and I'm still learning stuff. So be careful, hire outside firms. Okay, blah, blah, okay. On to the Apollo program. There are many people I read a book, and I remember reading this back in the early 80s. And I marked it all up. And it was about how the lunar landing was a hoax. Hollywood has made some films about it. And more and more kids nowadays think the whole thing was a setup. So this is a great article, written by Ethan Siegel. There you go. And we are talking a little bit about the moon landing. So let's go through this. People are saying that the entire space program and NASA is nothing more than a hoax. But let's get go through a little bit of evidence. Number one, we can still see the evidence of the Apollo program on the moon even today. If you walk on the sand on a beach, the waves are going to level it out, and there won't be any sign that you were ever there. Right. But none of that exists on the moon. Even in the Sahara Desert on the sand, you've got the shifting winds that shift that sand around. That is not true on the moon. We have pictures from regular people of the moon of the landing site, Apollo 12,14, and 17. They photographed those from Earth. On the Apollo 12 landing sites. There is a ton of stuff you'll see this article. You can view all of the pictures. It is from Forbes magazine. You can see it up on my website at Craig Peter song calm. I have a link to a number to extensive photographic and video evidence from the Apollo missions themselves. The one I like the best is one that I am most personally familiar is the lunar Laser Ranging retro-reflector, and there are many others. But this is one that we HAM's us we can bounce off of the moon there's a reflector that was left up there by the Apollo missions we can bounce a laser off, and we use that scientifically to figure out how far the moon is away. But there are also lunar sighs month the seismometers there is the solar wind composition spectrum lunar surface Magnum, Magnum, meter, magnetometer, lunar dust collector, many more. All were left up there all ran for years. Some of this stuff is still running so we were there to let them tell you otherwise. Take care, everybody. Make sure you sign up for the security summer. Craig Peterson dot com, take care, everybody. Bye-bye. ---  Related articles: Hillary Clinton and CyberSecurity — In What Universe?  What Did You Say? The Forever Recordings of Alexa The Landscape of Streaming TV is Changing be prepared to Pay More IoT Insecurity Its a Problem for Businesses and Consumers Alike Didn’t Update Your Outlook — Watch Out For Iranians Hacks O365 Non-Security – again Crypto trust is costly and hidden Organized crimes latest drive-by’s attacking website visitors   ---  More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Have you ever wondered about the technology behind the signs you pass by as you drive down the road?   Listen as Craig and Jim go into some detail about the billboards and road signs watching you and why you should be extra cautious now with your smart device because it is getting monitored.   Find out more on CraigPeterson.com --- Related Articles: New road signs can detect mobile phones are being used in vehicles --- Transcript: Below is a rush transcript of this segment, it might contain errors. Airing date: 07/24/2018 Road Signs Watching You - Billboards Tracking You - Police Using You To Track Yourself Craig Peterson: [00:00:00] Hey everybody Craig Peterson here. Have you ever wondered about those signs as you drive down the road while there is some technology we're going to talk about today with Jim Polito that goes into some detail about why you should be extra cautious now with your smart device because it is getting monitored. But also we talk about these new electronic licenses the ones for your cars as well as the ones for your smartphones. What are they going to be used for good or evil. You know are you going to get caught because you maybe went a little too fast last week. Wow all of that. More with Jim. So here we go stick around talking about Craig Peterson   [00:00:49] High tech talk to. This is a great one. Going to talk to us about the 10th anniversary of the app store but you should celebrate it by deleting most of your apps. But here's the one that caught my attention. New road signs can detect mobile phones are being used in vehicles. Joining us now our favorite Canadian and tech talker Craig Peterson. Good morning sir.   [00:01:20] Good morning Jim.   [00:01:21] Craig wait a minute. Now we've heard about red light cameras so they catch you running a red light.   [00:01:28] These are these devices can tell if fine texting when I shouldn't be texting.   [00:01:37] Good morning. Yeah I don't know. This is kind of concerning isn't it. You know we've got already billboards up that can detect a car an individual car. It reads the license plates and it knows hey you pass by this sign every day about this time. Now it also there's also tech out there that recognizes this type of car you're driving. So all the way down to the brand and model of the car. So for instance if there's a lot of high expense so high end expensive cars driving by the billboard will change because now they have a new audience that they can market something to. Wow. Which is. Yeah isn't that something. In the case of a car coming by the same time every day if it's like the only car on the road they can actually narrow it right down. You know I see this car coming so I'm going to show this ad that he comes by every day and they try and influence your behavior. Now think about tying a bunch of those billboards together. So they came and know where you go where you drive because the courts have ruled again and again there is nothing illegal with these readers. Right your driver's license right.   [00:03:00] Right so that's step one. It's the employees you know the next step is they are detecting your mobile phone. Now this is really kind of interesting because your phone is typically always giving out some information about itself and about you obviously being aware of who owns me. Yeah. Well the basics are with the phones all have an identifier that's built into them and that identifier is used by your Bluetooth device or your Wi-Fi device that unique identifier so you can connect to a Wi-Fi network. Now Apple made some real cool technology changes here a little while back then really led the field on this one so that if you if you walk into you walk into a store and you have never connected to their Wi-Fi network it uses a random number to identify itself. So every time you go into that store the store thinks hey this is a brand new phone. I've never seen before but if you do connect to the store's Wi-Fi your phone says oh I've seen this Wi-Fi before so it uses the same identifier used last time. Therefore a company like Wal-Mart if you use their Wi-Fi and I'm not real I'm not really picking on Wal-Mart.   [00:04:23] I understand. Yep.   [00:04:25] So you walk into the Wal-Mart store and now the Wal-Mart store says oh I've seen that phone before. And there is technology that is in some stores out there that will track your movements through the store based on your cell phone. So you connect to the Wi-Fi it knows where you are knows you posit a certain point in an aisle and then the analytics are already there where it looks at it all and says Oh what kind of a shopper is as a person. And then when Jim goes out to the cash register here to check out it knows oh ok. So now we can associate what you bought with where you were what you looked at. You know all of this sort of stuff and we we've talked a little bit before about Wal-Mart and how Wal-Mart has now got a patent because of a couple of weeks ago on listening devices. So it kind of could tie this all together. So what we're talking about. So now we move on to our roadsigns here and that type of technology moving over to the roadsigns. Now this is really kind of interesting. And they're looking at this in the U.K. right now because in the U.K. just like here it's illegal to use your cell phone when you're driving. So what these mobile phone doctors are doing that they're putting into some of these signs in the road and not just the big billboards but can be any sign is they're looking again at the signals from your cell phone. And if you're actively using your cellphone to send text messages or receive go online. You know we know the data packages and stuff in there. If you're actively using your phone that's easily detectable even though they're not necessarily monitoring what you're saying because your phones are encrypted to embrace encrypted so that right.   [00:06:20] Right. So they can tell if I'm doing that and then they're going to send me a warning kind of like the speeding sign that they have you know it says speed limit. And it sat up and says your speed. 75 miles an hour you know the speed limit is 45.   [00:06:39] It tells you that it's going to do the same thing.   [00:06:43] Yeah this is Norfolk County over there the UK and they are planning on doing this as of the road safety team. So run a bit more Stephanie on this which is where Californians are now. Yeah California is already experimenting with digital licenses on the cars themselves. So your car will report is a little act of device that there are in your life and your car will report your speed. Massachusetts has already got some work underway on your cell phone. Driver's license there's one state down south that already has that. So think about this for a minute. When you're talking about a driver's license on your smartphone. So you don't have to carry your wallet or credit card against people carrying those like they used to because everything is of no use Apple Pay to use.   [00:07:41] Right. Right.   [00:07:42] Yeah. So mean you've got an app issued by the state that the cop can come up and read and he's got all of your information. That app has access to your TPSAC your speed your travel history everything. So that app could also be reporting on your driving habits what you're doing on and on.   [00:08:06] Is speeding you know just the basics are you are you are you are you last week were you speeding last week.   [00:08:17] Know so we've got some interesting privacy concerns coming up right down the road at us and some of this tech is already there and it's already being experimented with excellent metaphor coming down the road at us folks.   [00:08:29] If you text my name to the number the Craig Peter sends about to give you you'll get this story and many others including the story about the 10 year anniversary of APS and why it's time of the App Store. It's time to clean out your apps. Craig Peterson will send all that information to you no charge and he will not annoy you. So text Jim 2   [00:08:57] 855-385-5553. That's 855-385-5553 and standard data and tax rates apply.   [00:09:09] You'll get this information. If there's a major hack he will notify you he will not sell your name you will not try to sell you something he will just provide you with information like he does here every Tuesday every Tuesday. Craig Acción segment. Appreciate it. And we'll talk with you soon.   [00:09:28] Thank you sir. Take care. Bye bye.   [00:09:30] Thank you Craig Peterson everybody. Great guy. We will podcast that in case. --- Don't miss any episode from Craig. Visit http://CraigPeterson.com/itunes. Subscribe and give us a rating! Thanks, everyone, for listening and sharing our podcasts. We're really hitting it out of the park. This will be a great year!  More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553