Podcasts about jcl

team end of season deano bedingfield jcl

Play Episode Listen Later Dec 18, 2022 79:44

Welcome to the final episode of Season Two! On this extended episode I wrap up the season, going back to competitions that finished as long ago as August such is how far behind I've got! To go through everything I am joined by three of the Japan Cricket Associations finest in Dhugal Bedingfield, Deano Ruhode and Reo Sakurano-Thomas. The boys give their thoughts on an array of competitions, fail miserably to pick a Team of the Year and then go head-to-head in a highly competitive quiz that may or may not have been scored correctly... For those who like to skip through, here are the timings: East Asia Cup (until around 14mins) Japan Junior Leagues (until around 28mins) Japan Cup Finals (until around 38mins) JCL T20 Finals (until around 43mins) JCL (until around 54mins) JCL Team of the Year (until around 62mins) Quiz Thanks as always to BRB Munde for the backing music, and to everyone who has listened this year. See you again in 2023!

JCL Ingénierie

Les offres d'emploi France Bleu Normandie (Rouen)

Play Episode Listen Later Nov 29, 2022 2:08

durée : 00:02:08 - Les offres d'emploi France Bleu Normandie (Rouen)

jcl france bleu normandie rouen

A Conversation with Fr. Mike Clark About Returning to Your Pew After Losing A Spouse Or Loved One

Start By Listening

Play Episode Listen Later Sep 24, 2022 56:32

Welcome to Start By Listening! We are excited to have you on this journey with us toward healing and transformation. Start By Listening is a podcast about sexual harm, trauma and advocacy. Season Three - Hodge Podge - We are taking SBL to the community and speaking with various groups and people on the traumas they encounter in their part of the community and asking how they may want their organization to address trauma survivors in the future. This season, we will be delivering exceptional conversations and creative ideas while creating a safe space for connection and thoughtful experiences. We are going beyond sexual harm and really asking, "What does trauma look like and what does this experience look like for the Western Kentucky communities we serve?" We will be talking with various community members, and delving into difficult conversations where trauma intersects our communities and people. Season Three finds us growing and changing how we do our work. Our goal is to drop 2-3 podcasts per month on Fridays and you will find most of our episodes on YouTube as well! Yes, New Beginnings has a YouTube channel.In this episode, New Beginnings podcasters Jennifer, The Friendly Therapist, and Shelby, Victim Advocate have a very authentic conversation with Fr. Mike Clark of Blessed Mother Catholic Church. Fr. Mike Clark is the priest at Blessed Mother Catholic Church here in Owensboro, KY. In addition to being a priest since 1995, Fr. Mike also has his Juris Canonici Licentiatus, JCL and this is the title of an advanced graduate degree with canonical effects in the Roman Catholic Church offered by pontifical universities and ecclesiastical faculties of canon law. Fr. Mike has served in many roles since becoming a priest. He was the Judicial Vicar for the Diocese of Owensboro from 2004-2017, was on the Review Board for Sexual Abuse for the Diocese of Owensboro from 2011-2022 and has been the Tribunal Judge for the Diocese of Owensboro since 2002. Fr. Mike is just an amazing human and he really provided an interesting and thoughtful perspective on trauma he witnesses as a priest. In fact, our conversation was about the grief experienced when losing a spouse or partner and returning to church without your person in the pew next to you. I think you will find this podcast conversation to be delightful, informative, moving and just beautiful. YOU WON'T WANT TO MISS THIS EPISODE. Remember to subscribe to our Podcast - Start By Listening - found on iTunes, Spotify, Amazon, Deezer and more!YouTube Link for today's episode: https://www.youtube.com/watch?v=iQqKXIzc3dQAlso subscribe to our New Beginnings YouTube channel!! - https://www.youtube.com/channel/UCxT9OQkPpCPSAgcUhhqUkmQStart By Listening will drop on Fridays, 2-3x monthly, bringing you an interesting and intriguing look into the work we do, while educating about trauma and healing. If you would like to reach out and contact Jennifer or Shelby, please email at SBL@nbowensboro.org. Finally, a few shout outs. If you liked our jingle jingle, hop on over to www.uriahwilde.com and talk with Seth Hedges. He created the beautiful music for our podcast. Thank you SETH! Another special thank you to Rodney Newton, he helped us learn how to put this Podcast together and create a beautiful thing. Thank you RODNEY!!!To find local resources for sexual abuse please visit www.RAINN.org or call the National Sexual Assault Hotline: 1-800-656-4673, 24/7/365

Your Crypto Is Being Tracked - Your Passwordless Future - How Safe is WhatsApp? - Business Email Compromise - Facebook Lost Your Data - Ransomware Prevention Cheaper Than Cure

Play Episode Listen Later Aug 12, 2022 85:01

Your Crypto Is Being Tracked - Your Passwordless Future - How Safe is WhatsApp? - Business Email Compromise - Facebook Lost Your Data - Ransomware Prevention Cheaper Than Cure Cryptocurrencies were thought to be like the gold standard of being secure. Having your information stay private. Maybe if you don't want to use regular currency and transactions. But it's changed. [Following is an automated transcript] We have had such volatility over the years when it comes to what are called cryptocurrencies. [00:00:23] Now I, I get a lot of questions about cryptocurrencies. First of all, let me say, I have never owned any cryptocurrencies and I do not own any crypto, crypto, uh, assets at all. Most people look at crypto currencies and think of a couple of things. First of all, an investment. Well, an investment is something that you can use or sell, right? [00:00:46] Typically investments you don't really use. It's like a house. Is it an investment? Uh, not so much. Uh, it's more of a liability, but people look at it and say, well, listen, it went from, uh, you know, what was a 10,000. Bitcoins to buy a pizza to, it went up to $50,000 per Bitcoin. There's a pretty big jump there. [00:01:10] And yeah, it was pretty big. And of course, it's gone way down and it's gone back up and it's gone down. It's gone back up. But the idea of any kind of currency is can you do anything with the currency? You can take a dollar bill and go and try and buy a cup of coffee. Okay. A $10 bill and buy a cup of coffee, um, in most places anyways. [00:01:33] Well, that sounds like a good idea. uh, I could probably use a cup of coffee right now and get a tickle on my throat. I hate that. But if you have something like Bitcoin, where can you spend it? You might remember Elon Musk was saying, yeah, you can use Bitcoin to buy a Tesla. Also Wikipedia would accept donations. [00:01:54] Via Bitcoin, there were a number of places online that you could use. Bitcoin. In fact, there's a country right now in south central America that has Bitcoin as its currency. That's kind of cool too. When you think about it, you know, what is, so what are you gonna do? Latin American country? Uh, I'm trying to remember what it is. [00:02:16] Oh yeah. It's all Salvador. The first country in the world to adopt Bitcoin is an official legal. Now there's a number of reasons they're doing that and he can do it basically. You know, if you got a dictator, you can do almost anything you want to. So in El Salvador, they've got apps that you can use and you can go and buy a tree taco using Bitcoin using their app. [00:02:42] So there you go. If you have Bitcoin, you can go to El Salvador and you can buy all of the tacos and other basic stuff you might wanna buy. But in general, No, you, you can't just go and take any of these cryptocurrencies and use them anywhere. So what good are they as a currency? we already established that they haven't been good as an investment unless you're paying a lot of attention and you're kind of every day buying and selling based on what the movement is. [00:03:11] I know a guy that does exactly that it's, he's a day trader basically in some of these cryptocurrencies, you know, good for. But in reality, is that something that makes sense in a long term? Is that going to help him long term? I, I don't know. I, I really don't because again, there's no intrinsic value value. [00:03:33] So some of the cryptocurrencies have decided, well, let's have some sort of intrinsic value. And what they've done is they've created what are generally known as stable coins. And a stable coin is a type of cryptocurrency that behind it has the ability to be tied to something that's kind of stable. So for instance, one that really hit the news recently is a stable coin that is tied to the us dollar. [00:04:01] And yet, even though it is tied to the us dollar and the coin is a dollar and the dollar is a coin. They managed to get down into the few pennies worth of value, kinda like penny. so what good was that, you know, it has since come back up, some are tied to other types of assets. Some of them say, well, we have gold behind us. [00:04:24] Kinda like what the United States used to do back when we were on the gold standard. And we became the petrol dollar where countries were using our currency, our us dollars, no matter which country it was to buy and sell oil. Well, things have changed obviously. And, uh, we're not gonna talk about. The whole Petro dollar thing right now. [00:04:46] So forget about that. Second benefit. Third benefit is while it's crypto, which means it's encrypted, which means we're safe from anybody's spine on us, anybody stealing it. And of course that's been proven to be false too. We've seen the cryptocurrencies stolen by the billions of dollars. We've seen these cryptocurrencies lost by the billions of dollars as well. [00:05:14] That's pretty substantial. We get right down to it, lost by the billions because people had them in their crypto wallets, lost the password for the crypto wallet. And all of a sudden, now they are completely out of luck. Right. Does that make sense to you? So the basic. Idea behind currency is to make it easier to use the currency than to say, I'll trade you a chicken for five pounds of nail. [00:05:41] Does that make sense to you? So you use a currency. So you say the chicken is worth five bucks. Well, actually chicken is nowadays is about $30. If it's a LA hen and those five pounds of nails are probably worth about $30. So we just exchanged dollars back and forth. I think that makes a lot of sense. One of the things that has driven up the value of cryptocurrencies, particularly Bitcoin has been criminal marketplaces. [00:06:10] As you look at some of the stats of ransoms that are occurring, where people's computers are taken over via ransomware, and then that, uh, person then pays a ransom. And what happens when they pay that ransom while they have to go find an exchange. Pay us dollars to buy cryptocurrency Bitcoin usually. And then they have the Bitcoin and they have to transfer to another wallet, whether or not the bad guys can use the money. [00:06:42] Is a, again, a separate discussion. They, they certainly can than they do because some of these countries like Russia are going ahead and just exchanging the critical currencies for rubs, which again, kind of makes sense if you're Russia. Now we have a lot of criminals that have been using the Bitcoin for ransoms businesses. [00:07:07] Publicly traded businesses have been buying Bitcoin by the tens of millions of dollars so that they have it as an asset. In case they get ransom. Well, things have changed. There's a great article in NBC news, by Kevin Collier. And Kevin's talking about this California man who was scammed out of hundreds of thousands of dollars worth of cryptocurrency. [00:07:33] Now this was a fake scam, which is a fairly common one. It. It tends to target older people who are lonely and a romance starts online and they go ahead and, uh, talk and kind of fall in love. Right. And it turns out she or he has this really almost terminal disease. If only they had an extra, a hundred thousand dollars to pay for the surgery. [00:08:05] You, you know the story, right. So he was conned out of the. What's interesting to me is how the investigation and investigative ability has changed over the years. Uh, probably about five years ago, I sat through a briefing by the secret service and. In that briefing, they explained how they had gone and very, quite cleverly tracked the money that was being sent to and used by this dark web operator who ran a site known as a silk road. [00:08:42] And that site was selling illegal things online. Oh, and the currency that they were tracking was Bitcoin. Yes, indeed. So much for cryptocurrency being secure it, five years ago, the secret service was able to do it. The FBI was able to do it and you know, they couldn't do a whole lot about it. But part of the problem is all of your transactions are a matter of public record. [00:09:13] So if someone sends you a fraction of a Bitcoin. That is now in a ledger and that ledger now can be used because when you then spend. Fraction of a Bitcoin somewhere else, it can be tracked. Well, it is tracked is a hundred percent guaranteed to be tracked. And once it's tracked, well, government can get in. [00:09:37] Now, in this case, a deputy district attorney in Santa Clara county, California, was able to track the movement of the cryptocurrency. Yeah. So this district attorney, okay. Deputy district attorney, not the FBI, not the secret service, not the, the, uh, national security agency, a local district attorney in Santa Clara county, California, not a particularly huge county, but. [00:10:07] Uh, she was able to track it. And she said that she thinks that the scammer lives in a country where they can't easily extradite them. And so they're unlikely to be arrested at any time soon. So that includes countries like Russia that do not extradite criminals to the United States. Now getting into the details. [00:10:26] There's a great quote from her in this NBC news article, our bread and butter these days really is tracing cryptocurrency and trying to seize it and trying to get there faster than the bad guys are moving it elsewhere, where we can't. Grab it. So she said the team tracked the victim's money as it bounced from one digital wallet to another, till it ended up at a major cryptocurrency exchange where it appeared the scammer was planning to launder the money or cash out, they sent a warrant to the exchange. [00:10:58] Froze the money and she plans to return it to the victim. That is a dramatic reversal from just a few years back when cryptocurrencies were seen as a boon for criminals. Amazing. Isn't it? Well, stick around. We get a lot more to talk about here and of course, sign up online Craig peterson.com and get my free newsletter. [00:11:24] There have been a lot of efforts by many companies, Microsoft, apple, Google, to try and get rid of passwords. Well, how can you do that? What, what is a password and what are these new technologies? Apple thinks they have the answer. [00:11:41] Passwords have been kind of the bane of existence for a long while. And, and if you'd like, I have a special report on passwords, or I talk about password managers, things you can do, things you should do in order to help keep your information safe, online things like. [00:11:59] Bank accounts, et cetera. Just email me, me, Craig peterson.com and ask for the password special report and I'll get it to you. Believe me it it's self-contained it's not trying to get you to buy something. Nothing. It is entirely about passwords and what you can do again, just email me, me@craigpeterson.com and we'll get right back with you. [00:12:22] Well, you know, give us a couple of days. Passwords are a problem. And over the years, the standards for passwords have changed. I remember way back when some of the passwords might be 2, 3, 4 characters long. and back then, those were kind of hard to crack. Then Unix came along. I started using Unix and, uh, when was that? [00:12:47] Probably about 81. And as I was messing around with Unix, I. They used to had a couple of changes in how they did passwords. They added assault to it. They used basically the same cipher that the Germans used in world war II, that enigma cipher, which again was okay for the times today, we have much more powerful ciphers and the biggest concern right now, amongst real cybersecurity people. [00:13:14] Government agencies is okay. So what are we going to do when these new quantum computers come along with their artificial intelligence and other things, that's going to be a bit of a problem because quantum computers are able to problems in fractions of a second. Even that traditional computers cannot solve it. [00:13:40] It's a whole different thing. I want you to think. Something here. I, if you have a handful of spaghetti, uh, now we're talking about hard spaghetti, not cooked spaghetti and they all dried out and they are a varying links. How could you sort those into the smallest to largest, if you will, how could you find which ones were the longest, perhaps? [00:14:08] Which ones were the shortest? Well, there's kind of an analog way of doing that and there's a digital way of doing that. So the digital way for the computer would be. To measure them all and compare the measurements and then identify how long the longest one was. And then maybe you'd have to go back and try and find that. [00:14:27] So you can imagine that would take some time, the analog way of doing that. Cuz there still are analog computers out there and they do an amazing job in certain tasks, but the analog way of doing that is okay. So you take that bundle of various length spaghetti and you slam it on the table. What's gonna happen while those pieces of dried spaghetti are going to self align, right? [00:14:54] Uh, the shortest ones are going to be down at the bottom and the tallest one's gonna be sticking out from the top. So there you go. There's your tallest, your longest pieces of spaghetti, and it's done. Instantly. So that's just kind of an idea here, quantum, computing's not the same thing, but that's a comparison really of digital and analog computers, but it's the same type of thing. [00:15:17] Some of these problems that would take thousands of years for digital computer. To work out, can just take a fraction of a second. It's absolutely amazing. So when we're looking at today's algorithms, today's programs for encrypting things like military information, secret telegrams, if you will going back and forth in inside the secretary of state embassies worldwide. [00:15:43] Today they're considered to be quite secure, but with quantum computing what's gonna happen. So there are a lot of people out there right now who are working on trying to figure out how can we come up with an algorithm that works today with our digital computers and can be easily solved by quantum computer. [00:16:06] We have a pretty good idea of how quantum computers are going to work in the future, how they kind of work right now, but this really gets us to the next level, which is kind of cool. Franklin. That's a, a little bit here about cybersecurity. Well, how about you and your password? How does this all tie in? [00:16:26] Well, there are a few standards out there that people have been trying to pass is it's no longer the four character password you might remember. Oh, it needs to be eight to 10 characters, random mix of upper lowercase, special digits, character numbers. Right? You remember those? And you should change it every 30 days. [00:16:45] And those recommendations changed about three or four years ago when the national Institute of standards and technology said, Hey guys, uh, pass phrase is much better than the, what we've been doing because people are gonna remember it and it can be longer. So if you are using like, I have some pass phrases I use that are 30 characters or more. [00:17:09] And I mix up the case and I mix up mix ins on special characters and some numbers, but it's a phrase that I can remember and I have different phrases for different websites. Cause I use a password manager right now. I have about 3,100 entries in my password manager. That's a lot. And I bet you have a lot more passwords or at least a lot more websites and accounts than you realize. [00:17:40] And so that gets to be a real problem. Well, how do you make all of this work and make it easy for people? One of the ways that, uh, that. They're looking at using is something called the Fido alliances, um, technique. And the idea behind Fido is actually similar to what I do right now. Cause I use one password.com. [00:18:03] I have an app on my phone and the phone goes ahead and gives me the password. In fact, it'll. Put it in. I have plugins in my browsers. It'll put it right into the password form on the website. And then it'll ask me on my phone. Hey, is that really you? And I'll say yes, using duo and TA I'm logged in it's it's really quite cool. [00:18:28] Well, Fido is a little different than that, but kind of the same, the whole idea behind Fido is you registered a website and the website will send a request to the Fido app. That's on your phone. So now on your phone, you'll use biometrics or maybe, uh, one time pass key, you know, those six digit keys that change every 30 seconds. [00:18:54] And so now you, you, uh, on your phone, you say, yeah, yeah, yeah. That's me. That's good. That's me. Yeah. Okay. And then the app will exchange with the website using public key cryptography. A public key and it's gonna be unique public key for that website. So it'll generate a private key and a public key for that website. [00:19:17] And now TA a, the website does not have your password and cannot get your password. And anytime you log in, it's going to ask you on your smartphone. Is this. And there there's ways beyond smartphones. And if you wanna find out more about passwords, I've got, again, that free, special report, just Craig peterson.com. [00:19:42] Email me, just email me@craigpeterson.com and I'll make sure we send that off to you and explains a lot about passwords and current technology. So Fido is one way of doing this and a few different companies have gone ahead and have invested some. Into final registration, because it requires changes on the websites as well in order to. [00:20:08] With Fido. Now you might use a pin, you might use the biometrics, et cetera, but apple has decided they've come up with something even better. Now there's still a lot of questions about what apple is doing, but they are rolling it into the next release of iOS and also of Mac operating system. And you'll be able to use that to secure. [00:20:31] Log into websites. I think Apple's gonna get a lot of traction on this and I think it's gonna be better for all of us involved here. We'll see. There's still a lot of UN unanswered questions, but I'll, I'll keep you up to date on this whole password technology stick around. [00:20:51] There are ways for us to communicate nowadays easy ways, but are, are the easy ways, the best ways, kind of the question here, frankly. And part of this answer has to do with WhatsApp and we'll talk right now. [00:21:07] Many people have asked me about secure messaging. You probably know by now that sending text messages is not secure. [00:21:18] In fact, it could be illegal if you have any personal information about. Patients or maybe employees, you just can't send those over open channels. So what apple has done for instance is they've got their messaging app and if the message is green, it's just reminding you that this is a text message. Now they stuck with green because that was kind of the industry's standard. [00:21:45] Green does not mean safe in the apple world when it comes to iMessage. Blue does. So they've got end to end encryption. So if the message is blue, that means the encryptions in place from side to side, there are on the other end of the spectrum. There are apps like telegram, which are not. Particularly safe. [00:22:06] Now, telegram has pulled up it socks a little bit here, but in order to have end to end encryption and telegram, you have to manually turn it on. It is not on by default. I also personally don't trust telegram because of their background, things that they've done in the past. So, you know, avoid that. [00:22:28] WhatsApp is something I've been asked about. I had a family member of a service member who was overseas, ask if WhatsApp was safe for them to communicate on cuz they didn't want third parties picking. You know, private messages, things you say and do online with friends and family are not necessarily things there are for public consumption. [00:22:51] So the answer that I gave was, well, yeah, kind of, you might remember Facebook getting, uh, WhatsApp. They bought it and deciding they were going to make some changes to the privacy settings in. now that was really a big mistake. They said we're gonna add advertisements. Well, how are you going to effectively advertise? [00:23:15] If you don't know what we're talking about, have you noticed advertising platforms? If you look up something or someone else in your house looks up something, if your neighbors are looking up, so. They assume that you might be interested in it as well. So what do they do? They go ahead and show you ads for that brand new pair of socks that you never really cared about, but because the algorithms in the background figured, well, yeah, that's what you've been talking about. [00:23:45] Well, let's pass out your pair of socks. So if Facebook is going to. Add into WhatsApp, what's going to happen. Are they going to be monitoring what you're saying? And then sending you some of these messages, right? These ads, because of that, a lot of people started looking for a more secure. Platform and that's frankly, where Moxi Marlin spike comes in kind of a fun name, the bloom in this case, but he started a company called signal. [00:24:21] He didn't just start it. He wrote the code for it, the server code, everything. And the whole idea behind signal was to have a guaranteed safe end to end way to communicate. A a third party with a friend, a relative, et cetera. So signal is something that I've used in the past. And I used from time to time now, as well, depending on who I'm talking to. [00:24:49] And it does allow you to send messages. It does allow you to talk. You can do all kinds of stuff with it. So now, now there's an issue with signal. It's disappointing. Moxi has stepped down from running signal. There's a company behind it in January, 2022. And he said, you know, the company's begin off. They can run themselves. [00:25:12] He's still on the board of direct. And the guy who's currently the head of signal is also a very privacy kind of focused guy, which is really good too signal by the way is free. And you can get it for pretty much any platform you would care to have it for a very, very nice piece of software. I like what they've done. [00:25:34] Now the problem is that some of those people at signal have decided that they should have a way of making payments inside signal. So a few months ago, they went ahead and added into signal, a piece of software that allows you to send. Payments online. Now this is a little concerning, uh, and the let's talk about some of the reasons for the concern. [00:26:06] Basically what we're seeing is a cryptocurrency that Moxi himself helped to put in place now, you know, I guess that's good cuz he understands it. It's supposedly a cryptocurrency that is privacy. Focused. And that's a good thing. Well, what type of crypto is it? That's privacy focused. And how good is it going to be? [00:26:33] You know, those are all good questions, but here's the biggest problem. I think that comes from this. We've got our friends at Facebook, again, trying to add crypto payments to their various messenger and, and other products. We're seeing that from a lot of these communication systems, cuz they can skim a little off the top legally, right. [00:26:55] Charge you a fee and then make their money that way. But. What happens when you put it into an encrypted messaging app? Well, bottom line, a lot of bad things can happen here because now all of a sudden you come under financial regulations, right? Because you are performing a financial. Function. So now potentially here, there could be criminal misuse of the app because you could have ransomware and they say, reach us on signal. [00:27:34] Here's our signal account. And go ahead and send us crypto. it's called mobile coin by the way, this particular cryptocurrency. Uh, so now all of a sudden you are opening up the possibility of all kinds of bad things happening and your app signal, which was originally great for messaging now being used nefariously. [00:27:59] I think that's a real problem. Now, when it comes to money transfer functions with cryptocurrencies to say that they're anonymous, I think is a hundred percent a misnomer because it it's really pseudo anonymous. It's never completely anonymous. So now you've increased the legal attack surface here. So now the various regulators and countries around the world can say, Hey. [00:28:28] This is no longer just a messaging app. You are using it to send money. We wanna track all money transactions. Right. And so what does that mean? Well, that means now we need to be able to break the encryption or need to shut down your app, or you need to stop the ability to send money. So the concern right now with signal is we really could have some legal problems with signal. [00:28:56] And we could potentially cause some real life harm. On the other side of, this is what Moi Marlin spike has been really driving with signal over the years, which is we don't want anyone to be able to break into signal. So there's a particularly one Israeli based company that sells tools that you can buy that allow you to break into smartphone. [00:29:24] And they're used by everybody from criminals. You can even buy some of these things on eBay. And they're used also by law enforcement agencies. So he found that there was a bug in one of the libraries that's used by this Israeli soft. To where that causes it to crash. And so he puts some code into signal, at least he threatened to that would cause any of the scanning software that tries to break into your smartphone to fail to crash. [00:29:56] Yeah. Yeah. Kind of cool. Greg Peterson here on online, Craig peterson.com and really you are not alone. [00:30:14] I got some good news about ransomware and some bad news about B E C business email compromise. In fact, I got a call just this, uh, just this week from someone who had in fact again, had their operating account emptied. [00:30:31] Ransomware is a real problem, but it, it's interesting to watch it as it's evolved over the years. [00:30:40] We're now seeing crackdowns driving down ransomware profits. Yes, indeed. Ransomware's ROI is dropping the return on investment. And so what we're starting to see is a drive towards more. Business email compromise attack. So we'll talk about those, what those are. And I have a couple of clients now that became clients because of the business email compromises that happened to them. [00:31:15] A great article that was in this week's newsletter. You should have received it Tuesday morning from me. If you are signed up for the free newsletter. Craig peterson.com/subscribe. You'll get these usually Tuesday morning. It's my insider show notes. So you can kind of get up to speed on some of the articles I'm talking about during the week that I talk about on the radio. [00:31:43] And of course talk about here on the radio show and podcast and everything else as well. So what we're seeing here, according to dark readings, editor, Becky Bracken is some major changes, a pivot by the bad guys, because, uh, at the RSA conference, they're saying that law enforcement crackdowns try cryptocurrency regulations. [00:32:11] We've been talking about that today and ransomware as a service operator. Downs are driving the return on investment for ransomware operations across the world all the way across the globe. So what is ransomware as a service? I think that's a good place to start because that has really been an Albert Cross Albert Cross around our next for a long time. [00:32:36] The idea with ransomware is they get you to download some software, run some software that you really should not be running. That makes sense to you. So you get this software on your computer, it exfil trades files. So in other words, it takes files that you have sends them. Off to the bad guys. And then once it's done that, so it'll send like any word files, it finds Excel, other files. [00:33:06] It might find interesting, uh, once it's done that, then it goes ahead and encrypts those files. So you no longer have access to them and it doesn't just do them on your computer. If you share a drive, let's say you've got a, uh, Gdrive or something else on your computer that is being mounted from either another computer or maybe a server. [00:33:31] It will go ahead and do the same. With those files. And remember it, isn't just encrypting because if you have a good backup and by the way, most businesses that I've come into do not have a good backup, which is a real problem because their, their backups fail. They haven't run. I, I had one case where we helped the business out and it had been a year and a half since they had a successful backup and they had no. [00:34:00] They were dutifully carrying home. Uh, these USB drives every day, plug in a new one in, and the backups were not running. Absolutely amazing. So anyhow, ransomware is a service then. Well, so they they've encrypted your files. They've exfiltrated. In other words, they've taken your files and then they demand a. [00:34:24] So usually it's like this red screen that comes up and says, Hey, uh, you know, all your files are belong to us and you need to contact us. So they have, uh, people who help you buy Bitcoin or whatever they're looking for. Usually it's Bitcoin and send the Bitcoin to them. And then they'll give you, uh, what's hopefully a decryption. [00:34:50] Now what's particularly interesting about these decryption keys is they work about half of the time. So in other words, about half of the time, you'll get all your data back about half the time. You will not, it's just not good. So if you are a small operator, if you are just a small, bad guy and it's you and maybe somebody else helping you, you got your nephew there helping you out. [00:35:14] How are you going to. Help these people that you're ransoming by the cryptocurrency. How are you going to threaten them with release of their documents online? Unless you have a staff of people to really help you out here? Well, that's where ransomware's a service comes in. The whole idea behind Raz is. [00:35:38] You can just be a one man shop. And all you have to do is get someone to open this file. So you go ahead and register with the ransomware service provider and they give you the software and you embed your little key in there, so they know it's you. And then you send it off in an email. You, you might try and mess with those people to get them to do something they shouldn't do. [00:36:03] And. That's all you have to do because once somebody opens up that file that you sent them, it's in the hand of these service guys and ransomwares the service guys. So the, these ransomwares of service people will do all of the tech support. They'll help people buy the Bitcoin. They'll help them pay the ransom. [00:36:25] They'll help them recover files, you know, to a certain extent. Right. Does this make sense to you? Yeah, it's kinda crazy. Now I wanna offer you, I I've got this document about the new rules for backup and again, it's free. You can get it. No problem. Just go ahead and email me, me@craigpeterson.com m@craigpeterson.com because the backups are so important and. [00:36:52] Just like password rules have changed. The rules have changed for backups as well. So just drop me an email me@craigpeterson.com and ask for it and we'll make sure we send it off to you and is not trying to sell you more stuff. Okay. Uh, it's really is explaining the whole thing for you. I'm not holding anything back. [00:37:11] Well, these ransoms, the service operators, then get the payment from you and then pay a percentage anywhere from 80% to 50%, sometimes even lower to the person who ransom due. Isn't that just wonderful. So our law enforcement people, as well as in other countries have been going after the ransomware as a service providers, because if they can shut down. [00:37:40] These RAs guys just shutting. One of them down can shut down thousands of small ransomware people. Isn't that cool works really, really well. So they have been shut down. Many of them there's one that just popped its head back up again. After about six months, we'll see how far they get, but it is a very big. [00:38:06] Uh, blow to the whole industry, you know, ransomware really because of these O as a service operators has become a centralized business. So there's a small number of operators responsible for the majority of these thousands of hundreds of thousands of attacks. Really. It's probably worse. So couple of dis big groups are left the KTI group and lock bit, and they've got more than 50% of the share of ransomware attacks in the first half of 2022. [00:38:40] But now they're going after them. The feds. And I think that makes a whole lot of sense, right. Because who do you go for while you go for the people who are causing the most harm and that's certainly them. So I expect they'll be shut down sometimes, sometimes soon, too. So. Ransomware had its moment over the last couple of years, still a lot of ransomware out there, still a lot of problems, but now we're seeing B C business, email compromise tactics, and I did a. [00:39:14] At television appearance, where I was working with the, um, the, the newsmaker or whatever they call them, right. Talking heads on that TV show and explaining what was happening. And the most standard tactic right now is the gift card swindle. I should put together a little video on this one, but it was all, it's all about tricking employees into buying bogus gift cards. [00:39:43] So this, this good old fashioned Grif is still working. And what happened in our case is it, it was actually one of the newscasters who got an email, supposedly from someone else saying, Hey, Uh, you know, we wanna celebrate everybody. And in order to do that, I wanna give 'em all gift cards. So can you go out and buy gift cards? [00:40:10] And so we messed around with them. It was really kind of fun and said, okay, uh, you know, what denomination, how many do you think we need? Uh, who do you think we should give them to? And of course we knew what we were doing. Their English grammar was not very good. And it was really obvious that this was not. [00:40:30] The person they were pretending to be. So that happens and it happens a lot. They got into a business email account, the email account of that newscaster. So they were able to go through their email, figure out who else was in the business, who was a trusted source inside of the business. So they could pretend that, uh, that they were that newscaster and send emails to this trusted source. [00:41:01] And today these business email compromise attacks are aimed at the financial supply chain. And once these threat actors are inside, they look for opportunities to spoof vendor emails, to send payments to controlled accounts. And the worst case I know of of this is a company that sent $45 million. To a scammer. [00:41:28] And what happened here is the, this woman pretended to be the CEO who was out of the country at the time and got the CFO to wire the money to her. Uh, an interesting story. We'll have to tell it to you sometime, but it it's a real problem. And we just had another one. We've had them in school districts, look, 'em up online, do a duck dot, go search for them and you'll find them right. [00:41:56] Left and center because social engineering works. And frankly, business email compromise is a clear threat to businesses everywhere. I, I, as I mentioned, we had one listens to the show, contact us just last week. Again, $40,000 taken out of the operating account. We had another one that had a, I think it was $120,000 taken out of the operating account. [00:42:25] And another one that had about $80,000 taken out of the operating account. Make sure you're on my newsletter. even the free one. I do weekly free trainings. Craig peterson.com. Make sure you subscribe now. [00:42:43] Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? You know, did you fall victim for that? Hey, upload your contacts. We'll find your friends. Well, they don't know where your data is. [00:43:00] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes now, you know, there's always a lot of rumors about different companies and particularly when they're big company and the, the news headlines are kind of grabbing your attention. [00:43:34] And certainly Facebook can be one of those companies. So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. well, it came from a leaked document. Yeah, exactly. So I, we find out a lot of stuff like that. Right. I used to follow a, a website about companies that were going to go under and they posted internal memos. [00:44:08] It basically got sued out of existence, but there's no way that Facebook is gonna be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So of course, if you're older, we used to call those TIAL waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:44:37] So Facebook, internally they're engineers are trying to figure out, okay, so how do we deal? People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:45:01] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How are they all CATA categorized? Now we've got the European union. With their gen general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:45:26] That's not my specialty. My specialty is the cybersecurity side. But in article five, this European law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected and used for a specific purpose and not reused for another purpose. [00:46:04] So there's an example here that vice is giving in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, you know, feature as well as. Advertisers. Yeah. Interesting. Eh, so Gizmoto with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice. [00:46:31] Cuz this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. And most people. Right. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online and nothing. [00:46:53] Right? I think I probably even uploaded it back then thinking, well, that'd be nice to see if I got friends here. We can start chatting, et cetera. Well, according to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal me, uh, memo, this European regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leak document shows that Facebook may not even have the ability to limit. [00:47:28] how it handles users data. Now I was on a number of radio stations this week, talking about this and the example I gave, I is just look at an average business from the time it start, you know, Facebook started how right. Well, you scrape in pictures of young women off of Harvard universities. Main catalog, right. [00:47:52] Contact page, and then asking people, well, what do you think of this rate? This person rate that person and off they go, right. Trying to rate them. Yeah, yeah, yeah. All that matters to a woman, at least according to mark Zuckerberg or all that matters about a woman is how she looks. Right. Do I think she's pretty or not ridiculous what he was doing? [00:48:13] It just, oh, that's Zuckerberg, right? That's. Who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then opening up even wider and wider. [00:48:37] And of course, that also created demand because you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certain you're starting to collect data and you're making more money than God. So what do you do? Well, you don't have to worry about inefficiencies. [00:48:58] I'll tell you that. Right. One thing you don't have to do is worry about, oh, GE we've got a lot of redundant work going on here. We've got a lot of teams working on basically the same. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that, uh, money to this group or that group. [00:49:20] And they put together all of the basic information, right. That, that they want. They are. Pulling it out of this database and that database, and they're doing some correlation writing some really cool sequel queries with some incredible joins and everything else. Right. And now that becomes part of the main code for Facebook. [00:49:43] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, uh, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And, uh, they, one of the groups inside Facebook says, yeah, yeah, yeah, here, here we go. [00:50:07] Here's all of the information we have about everybody and it's free. Don't worry about it. Right. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No, no, no, but, but the Obama. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:50:34] And according to this internal memo, they still don't know. They don't even know if they can possibly, uh, comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the us Canada of course, has their own Australia, New Zealand think about all the places Facebook makes a lot of. [00:50:59] So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water. Okay. And it flows every. [00:51:22] The document red. Right. So how do you put that ink back in the bottle, in the right bottle? How do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from it? Apparently they don't even know where they got some of this information. [00:51:43] This data from kind of reminds me of the no fly list. Right. You don't know you're on it and you can't get yourself off of it. Right. It is kind of crazy. So this document that we're talking about was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of a monetization strategy monetization strategy. [00:52:10] And is the engine that powers Facebook's growth. interesting, interesting problems. And, and I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And I've talked about as well along comes Elon Musk and he says, well, wait a minute now. [00:52:32] Now I can make Twitter way more profitable. We're gonna get rid of however many people it's well over a thousand, and then we are going to hire more people. We're gonna start charging. We're gonna be more efficient. You can bet all of these redundancies that are in Facebook are also there on. and Twitter also has to comply with all of these regulations that Facebook is kind of freaking out about. [00:53:00] Well, it, for really a very good reason. So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does, but most companies, right. [00:53:25] You grow. I, I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be, because it grew organically. Right. You, you started out with a little consumer firewall, router and wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. [00:53:48] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian looters. [00:54:04] Thanks for being with me today. I really appreciate it. And I'm honored, frankly, to be in front of this micro. , this is really something, you know, we, we know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that that looting is kept to an absolute minimum. [00:54:27] Certainly the Americans, the British, even the Nazis during world war II, the, the, uh, the socialists they're in. Germany, uh, they, they tried to stop some of the looting that was going on. I, I think that's probably a very good thing, right. Because what you end up with is just all of these locals that are just totally upset with you. [00:54:56] I found a great article on the guardian and there's a village. Had been occupied for about a month by Russian troops and the people came back, they are just shocked to see what happened. They're giving a few examples of different towns. They found that alcohol was stolen and they left empty bottles behind food rappers, cigarette buts, thrown all over the place in apartments and homes. [00:55:25] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the clothes. This is a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and lingerie. This is really, really something. The SIUs didn't do this, but now Russian. [00:55:49] Military apparently does. So over the past couple of weeks, there've been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidences suggests looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:56:16] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto Euro trucks, everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioners. [00:56:41] Being shipped back, just like, you know, you might use ups here, they have their equivalent over there. A lady here who was the head teacher in the school. She came back in, of course, found her home Lood and in the head teacher's office. she found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're gonna destroy it. [00:57:07] They don't only leave anything behind. They found the Russians had taken most of the computers, the projectors and other electronic equipment. It, it, it's incredible. So let's talk about the turnaround here. A little. You might have heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:57:27] So they get into the apple store. They grab laptops on iPads, no longer iPods, cuz they don't make those anymore. And I phones. And they take them and they run with them. Well, nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is, is they take some parts and use them in stolen equipment. [00:57:53] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:58:16] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, let's say they put 'em on wifi. They don't get a SIM card. They don't. service from T-Mobile or Verizon or whoever it might be. So now they disconnect to the wifi and it calls home, cuz it's gonna get updates. [00:58:36] So on download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erased, et cetera. [00:59:02] Now, police have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're, they're doing things like putting them into Fairday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:59:26] You steal it. It's not gonna do you much. Good. So one of the things the Russian stole when they were in, uh, it's called, uh, I think you pronounce it. Uh, Mela me pole, uh, which is again, a Erian city is they stole all of the equipment from a farm equipment dealership and shipped it to Chenia. Now that's according to a source in, uh, a businessman in the area that CNN is reporting on. [00:59:59] So they shipped this equipment. We're talking about combines harvesters worth 300 grand a piece. They shipped it 700 miles. and the thieves were ultimately unable to use the equipment, cuz it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [01:00:26] It's autonomous. It goes up and down the fields. Goes any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, right. Of your property being very, very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [01:00:52] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a, what not terribly profitable business. It certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? Well, what they do is they. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [01:01:20] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not gonna come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [01:01:46] Right? You see where I'm going with this so that they can get their equipment in the hands of more farmers cuz the farmers can lease it. It costs them less. They don't have to have a big cash payment. Right? You see how this all works. So when the Russian forces stole this equipment, that's valued. Total value here is about $5 million. [01:02:07] They were able to shut it all. And obviously, if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and you know, there's pros and cons to that. I think there's a lot of cons, but, uh, what are you gonna do? How's that gonna work for you? Well, it. Isn't going to work for you. [01:02:28] And they were able to track it. It had GPS trackers find out exactly where it was. That's how they know it was taken to Chenia and could be controlled remotely. And in this case, how'd they control it. Well, they completely. Shut it off. Even if they sell the harvesters for spare parts, they'll learn some money, but they sure can be able to sell 'em for the 300 grand that they were actually worth. [01:02:54] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show note. And every week I have a quick five. Training right there in your emails, Craig Peter san.com. That's S O N in case you're wondering. [01:03:20] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're gonna talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world. [01:03:36] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [01:03:47] We had improved all of their systems and their security and one of their. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine, all of a sudden TA, guess what it had ransomware on it. One of those big reds. [01:04:09] Greens that say pay up is send us this much Bitcoin. And here's our address. Right. All of that sort of stuff. And he called us up and said, what what's going on here? What happened? Well, first of all, don't bring your own machine into the office. Secondly, don't open up particularly encrypted files using the password that they gave. [01:04:32] and thirdly, we stopped it automatically. It did not spread. We were able to completely restore his computer. Now let's consider here at the consequences of what happened. So he obviously was scared. Uh, and within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. [01:05:00] So the consequences there, they, they weren't that bad. But how about if it had gotten worse? How about if they ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. Right. Would, do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [01:05:27] Right? Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. Well, I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [01:05:54] And if you're interested, I can send you, I I've got something. I wrote up. Be glad to email it back to you. Uh, obviously as usual, no charge. and you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [01:06:18] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's two, two factor, right. First is they've encrypted your data. You can't get to it. And then the second side of that is okay, well, I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they they'll put it out there. [01:06:42] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing, uh, you can lose your license for your business. You can U lose your ability to go ahead and frankly, uh, make loans and work with financial companies and financial instruments. [01:07:06] It could be a very, very big. so there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And we, again, we've got a client that, uh, we picked up afterwards. That, uh, yes, indeed. They lost all of the money in their operating account. [01:07:31] And, uh, then how do you make payroll? How do you do things? Well, there's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [01:07:52] Uh, one is by the way, KTI, which is a big ransomware gang that also got hacked after they said we are going to attack anyone that. Uh, that doesn't defend Vlad's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. Uh, first of all, the largest ransom demand is $50 million. [01:08:20] And that was in 2021 to Acer big computer company. Uh, 37% of businesses were hit by ransomware. In 2021. This is amazing. They're they're expecting by 2031. So in about a decade, ransomware is gonna be costing about $265 billion a year. Now on average, uh, Ransomware costs businesses. 1.8, 5 million to recover from an attack. [01:08:52] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? Right? If you're a car dealer, you have a license to print money, right? You you're selling car model or cars from manufacturer X. And now you have the right to do that and they can remove that. [01:09:15] Right? How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, 20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom demand. So about her third paid ransom demand. [01:09:40] Last. it's it's actually down. Cuz my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it's it's a little, little better than 50%, but 65% of paying victims recovered their data. [01:10:11] Now isn't that absolutely amazing. Now 57% of companies are able to recover the data using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get backed? Probably took weeks, right? [01:10:34] For a, a regular computer over a regular internet line. Now restoring from backup's gonna be faster because your down link is usually faster than your uplink. That's not true for businesses that have real internet service, like, uh, ours. It it's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [01:10:57] So it's very, very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be incredibly expensive for you incredibly. So here you. The number one business types by industry for ransomware tax retail. [01:11:31] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware, conscious of doing what, of keeping their data secure of having a good it team, a good it department. So there's your bottom line. [01:11:58] Uh, those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And so, as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [01:12:24] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to Craig peterson.com. And I'll also send you my special report on how to do passwords stick around will be right back. [01:12:42] You know, you and I have talked about passwords before the way to generate them and how important they are. And we we'll go over that again a little bit in just a second, but there is a new standard out there that will eliminate the need for passwords. [01:12:59] I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [01:13:09] Yeah, 360, you know, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements in, but you had a username. [01:13:38] You had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang. And, uh, his password was always some sort of a combination of RA Lang. So it was always easy to guess what his, what his password was. Today, it has gotten a lot worse today. We have devices with us all of the time. [01:14:01] You might be wearing a smart watch. That requires a password. You of course probably have a smart phone. That's also maybe requiring a password, certainly after boots nowadays they use fingerprints or facial recognition, which is handy, but has its own drawbacks. But how about the websites? You're going to the systems you're using when you're at work and logging in, they all require passwords. [01:14:31] And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for, for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to log. Now that's really kind of an interesting thing, right? [01:14:59] Just looking at it because we're, we're so used to having this password only authentic. And of course the, the thing to do there is make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe mix. [01:15:21] Upper lowercase a little bit. In those words, those are the best passwords, you know, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cuz I use a completely different password for every website and right now, Let me pull it up. [01:15:43] I'm using one password dot com's password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. Entries here in my password manager, 3,100. That is a whole lot of passwords, right? As well as, um, software licenses and a few other things in there. [01:16:11] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I, I really do like that. Uh, some others that I've liked in the past include last pass, but they really messed. With some of their cybersecurity last year and I lost, lost my faith in it. [01:16:33] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless sign in. and they're gonna make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [01:16:56] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're gonna work with the Fido Alliance and they're gonna create this passwordless future. Which I like this idea. So how does this work? Well, basically you need to have a smartphone. [01:17:16] This is, I'm just gonna go with the most standard

united states america god tv ceo california canada donald trump australia europe google israel business uk apple lost training real americans british germany russia european green depression ukraine government data german elon musk russian left microsoft new zealand safe iphone barack obama institute bank harvard fbi pass cnn patients bitcoin nbc tesla nazis fall in love military medical idea cure whatsapp crypto euro charge id mac platform roi ios ipads gps focused prevention israelis bc privacy ukrainian ebay ibm mark zuckerberg cfo payments sim excel shut pulling el salvador function user ge downs latin american ipods qr verizon usb gdpr passwords greens vlad upper deputy electrical ransomware t mobile cheaper log santa clara publicly firefox john deere checkpoint advertisers bec raz entries petro mozilla rsa cuz internally fido imessage piles tracked acer fraction cata unix webex motherboard mdm froze lpn whatsapp business greg peterson google microsoft andrew lang business email compromise fido alliance lood moxi grif gdrive jcl craig peterson erian kti kevin collier their english

S2 - E9: JCL T20 Preview with Dhugal Bedingfield

spotify apple music bedingfield jcl

Play Episode Listen Later Aug 8, 2022 25:27

A new competition starts on Saturday 13th August, the Japan Cricket League T20! 16 teams will battle it out and so I invited podcast regular Dhugal Bedingfield to come and chat about it. We run you through all the groups as well as make some wildly unscientific predictions, which will inevitably leave us with egg on our faces. Prior to that there's the usual JCL round up as well. As always if you have time to rate or review the show that would be great, or even just recommend it to one other person who might be interested, that'd be good too. You can follow the show on Instagram and you should also check out BRB Munde on Spotify, Apple Music or wherever you get your tunes, big thanks to him for the backing music for the show.

Solar Cells Are Polluting Our Groundwater - Resurrection of Coal Plans By MIT - Latest Cyberattacks - Will Elon Musk Beat Twitter?

Play Episode Listen Later Jul 22, 2022 86:10

Solar Cells Are Polluting Our Groundwater The Resurrection of Coal Plans By MIT Latest Cyberattacks Will Elon Musk Beat Twitter? We all want a green world. I can't think of anybody that doesn't want one, but there are people with ulterior motives. That's a different thing, but California has really caused itself a whole lot of non green. Rooftop solar, right? That's gonna be the solution to all of our problems. [Automated transcript follows.] Not the fact that the electric cars, people buy use three times as much electricity as our air conditioners yet. Not the fact that we have rolling blackouts because we don't have enough. Power cuz we've shut down plants before we were actually ready to replace that power. Not that Texas is right now having blackouts as is California having blackouts because of this stupidity. [00:00:52] Of some of these regulators. It's absolutely crazy. You know, we are the greenest country in the world. All of our plants, our coal plants are cleaner than anybody else's anywhere in the world. And California's. Really got itself into a big problem here, because again of shortsightedness, I just don't get it. [00:01:16] You know, maybe it is follow the money, maybe, you know, Nancy Pelosi's husband making millions of dollars and, and, uh, using inside information is, is absolutely true. And, uh, maybe it. To do with that, right? It's not really green it's to enrich the politicians. How can you go to Washington DC on the salary? [00:01:37] Congress has as expensive as it is in Washington, DC and come out a multimillionaire. Uh, there's only one way that can happen. Right. I, I remember the, the trade that Hillary Clinton made, what was it? Beef or something. Right. And she made like $80,000. Well, you know, that sort of tip is a sort of thing. [00:01:58] That'll put Martha Stewart in jail, but not our politicians. It's absolutely crazy. I don't get it. So California, they have been a pioneer in push. For rooftop, solar panels. Now I get it. They're cool. I get it. It's really nice to have the grid buy electricity back from you when there is plenty of sun and when the grid needs it, but the grids aren't really set up for this sort of stuff. [00:02:31] But I, I know a few listeners that really love their solar panels. There's one guy. Who has put a whole bunch of panels up solar panels in a field, and he has some cattle and horses and stuff. And so they, they live with these solar panels in the field and he bought himself a couple of Nissan leaves. [00:02:52] These are these electric cars from Nissan. You might remember them. They've been around for a while and he's just tickled pink that yeah. He had to buy the solar panels. Yeah. He had to install of them. Yeah. He has to keep the snow off of them. Yeah. He has to clean the dust off of them. Yeah. He has to clean, uh, all of the bird stuff off of them, but it's. [00:03:14] Right. Yeah. Okay. So he gets to drive around and he says, you know, I don't usually go much further than the grocery store or maybe a quick under tractor supply. And it, it, it doesn't cost him anything incrementally. So California decided it was going to go green, green, green, green. Right. And what's one of the best ways to do that. [00:03:36] Well, we need more electricity. Let's go for rooftop. Solar in. California decided it would go ahead and subsidize these wonderful solar panels on people's roofs all over the place. Not, not like one big central farm, uh, out in the Mohave desert, that's collecting all of the solar. It can possibly collect and then turn it into electricity that can feed into the grid. [00:04:04] No, it's all decentralizes on all of these rooftops now. We're talking about 20 years later, there are 1.3 million rooftops estimated to have solar cells on them out there in California. And the real bill is coming due. It isn't cleaning the, you know, the bird increment off. Yeah. The real bill in California for the rooftop solar isn't getting the snow off of them. [00:04:32] Keeping them clean. No, it has to. With completely non-green stuff here. 90% of all of these solar cells that were put onto roofs in California that have been taken down 90% of them have ended up in landfills. Yeah, absolutely. Now the lifetime expectant, uh, lifetime of these solar panels is, uh, 25, maybe 30. [00:05:05] As long as they're not damaged, or if you really wanna keep up with the technology because solar panels are increasing in efficiency, as time goes on, might be a lot less, right. Might be like a 10 to 15 years cycle. If you have that much money out there. But many of these are now winding up in landfills. [00:05:25] And the real concern is that they could contam. Groundwater. I've talked about this before. If these solar panels crack, what could happen while they have heavy toxic metals in them such as lead, we know how bad lead is, right. Can't have lead in your house anymore. A selenium cadmium. Right? All things you don't want to have mercury, mercury vapor, you don't want to go anywhere near mercury vapor. [00:05:54] Uh, except for the fact that the federal government forced us to put them into our homes in the form of purely Q light bulbs. Remember those things? Yeah. Highly toxic breaking. One of those light bulbs, a fluorescent light makes your home a toxic waste site. According to EPA regulations. So I'm sure if you ever had a, a fluorescent light bulb break and that includes the bigger ones, right. [00:06:21] You might have in the roof, uh, up on the, the top of your office, uh, you know, wherever it might be, you, you, you must have, um, went out and you, you bought, maybe you even had standing by for you some really wonderful. Plastic that you could put up, you know, tape up so that you can isolate the room that has the toxic waste in it, from breaking that light bulb that the federal government made you buy, because you couldn't buy regular incandescent bulbs that you wanted anymore. [00:06:52] And, uh, they encouraged you and they gave you discounts on it and they subsidize. Yeah. Yeah. Those bulbs. And then, uh, of course you went in with a full respirator and a full suit on that, uh, you know, Tyvec and you taped it up, make sure that tape up around the gloves onto the Tyvec suit so that none of that mercury gets. [00:07:12] Onto your skin. And, and then you obviously used a specialized vacuum cleaner for toxic hazardous waste and, and vacuumed up like the carpet or the floor, maybe it got onto your couch. Right? You, you did all of that. And then you put it all into a sealed, uh, container of some sort, typically like a glass bottle or something. [00:07:36] So it's not gonna be able to. Out right. You, you must have done all of that because I I'm sure everyone knew what was going on with those fluorescent bulbs, those little curly Q bulbs. Right. Does that make sense to you? Yeah. Yeah, exactly. So now, California. has 1.3 million rooftops with rooftops, solar power on them. [00:08:04] Now it isn't like it's out in, as I mentioned a great place, but it out in the Mojave desert, right. They got more sun than they need out there. And so it's all one place and they can take those panels and they can recycle them. No, no, because it's illegal to recycle them in California. Because of the heavy metals, the toxic metals. [00:08:26] So instead of that, people are just dumping them in their trash and taking them to landfills, et cetera, et C. We're talking about truckloads of waste, some of this stuff badly contaminated, and it really shows how short sight, uh, environmental policy can create incredible problems that were easily foresee right though, the industry's supposed to be green, but in reality, According to Sam Vanderhoff, who is a solar industry expert, chief executive recycled PV solar. [00:09:01] He says the reality about this industry. is not that it's green, but in reality, it's all about the money. Wait a minute. Isn't no, there's not what I just said earlier. Yeah, yeah. Yeah. So California came early with solar power. They granted $3.3 billion in subsidies for installing solar panels on rooftops. [00:09:26] And yet, you know, barreling ahead with this renewable energy program, they are now at a point where they have rolling blackouts. They have problems with electricity generation. They have problems with the rooftop, solar, and as it is aged, getting rid of it. Have you seen those pictures of Hawaii with those windmill farm? [00:09:50] that are just sitting there rusting away. Cuz the windmills aren't turning you'd think Hawaii, right? A lot of wind isn't that a great way to do it, but it takes a lot of space kills some birds and uh, it takes a lot of maintenance. They're very expensive to maintain. So they just let some of these, uh, wind farms just totally rested away. [00:10:12] We need to elect people, send them to Washington, DC that don't touch things like this with a 5,000 foot pole. The, the reason is that you look at a great investor, a great business investor. That they make money, right? Oh, wouldn't it be great to be mark Cuban or one of the sharks, right? That are making money, investing money. [00:10:39] Well, yeah, it, it certainly would be, uh, they at best, at best make money out of one out of 10 investments, federal government, it bats pretty close to zero. Zero, right. Oh, oh no, that's not true. Right. Uh, we talked about the millions of dollars that Congress people make. Yeah. Yeah. So they don't bat zero, the Congress and, uh, this political crack class bats, a thousand in their own pocket. [00:11:13] Let's stop this stuff from Washington DC. It's insanity. Thank goodness California did this so we can see how insane these solar rooftop policies are. At least for the near future. [00:11:27] Well, we've talked about solar cells. We've talked about the new nuclear, which is incredible stuff. Well, there is a new MIT spinout that's tapping into a million year energy supply right here. [00:11:44] Government has been terrible about picking winners. It, it kind of reminds me of a quote from Henry Ford where you said, if I had asked people what they wanted, they would've said faster horses, and that's kind of the mentality of government, whatever they're investing in, or their friends, their buddies, their, their voters, their donors are investing in. [00:12:07] That's what they'll push. So we haven't had a fair shake of some of these technologies, really, you know, the hydrogen who knows what else we could be powering our cars with that hasn't come forward because government's been putting just literally trillions of dollars of support into electric cars. Okay. [00:12:29] And electric cars. Great. Don't get me wrong. They're the cool technology. I wouldn't mind owning one of them. The government should not be the one who decides the winners and losers. That's the communist way. That's central planning. Central planning does not work. I, I I'm really on a bit of a rampage today. [00:12:52] It's it? This is just crazy, but this, this is a reason right now. What I'm gonna talk about, why central planning has failed us yet again. Right. Just because it's a big problem. Doesn't mean it's a federal government problem. And the big problem is okay. All of us want green stuff, right? Not this green movement. [00:13:17] That's all about again, central planning, government control, not that stuff, but we want. Clean environment. We want good, healthy food. We want all of this stuff. That's going to make us healthy. The world healthy, the earth, healthy feed the population of the world. Everything everybody does. I don't get it. I don't know why they, well, anyways, we won't get into that. [00:13:44] Right. Here's this here's an example. Government has been moving us directly towards solar panels, which we've talked about and, and how they really can and do hurt the environment very, very badly. We talked about the disposal of them. We've talked before about the manufacturing of solar panels and how it is horrific when it comes to the health of our. [00:14:12] How about this one, this M I T group. These are, it's really kind of cool here. Qua energy is this company that they founded and it is a spin out from MIT. And what they're looking to do is use the power potential that's beneath our feet in order to create a literally a carbon free pollution, free energy source. [00:14:39] Absolutely amazing. Now we've talked about this for a long time. You, you look at some of these countries in the world that have a lot of volcanic activity. I'm particularly thinking about Iceland right now and how they are taking all of this geothermal thermal potential and turning it into electric. [00:15:02] Which is fantastic. Right? And when you look at the stability of geothermal, it is dead on it is there, it is always there. If you're looking at the stability of geothermal, for instance, doesn't think of a volcano. How often do the volcanoes move? It it's pretty solid, pretty long term. Certainly there's tectonic activity and the plates move, but it's at, at just an incredibly slow rate. [00:15:32] You're talking about inches a year. Well, they've looked at a couple of things. One is this abandoned coal power plant in upstate new. And as overall people are looking at it saying, it's just, it's worth nothing. Right? It's a Relic from ages gone by heaven. Forbid we burn coal and I, I would rather not burn coal personally, but get down and think about this. [00:15:57] Now you've got a cold power plant. What is planned? What does that have in it? That might be useful. It still has transmission lines that run to the grid, the power grid, it's a central producer of electricity, which is exactly how our power grid is set up. We're not set up for having every home or, you know, half of them or whatever it is, generating electricity with solar power or having windmills here and there we're set up for having centralized. [00:16:32] Power generation Nicola, Tesla aside, right? That's how we're set up. So this old cow coal power plant has transmission lines. It still has a power turbine. How does a coal plant work? How does a nuclear plant work? It generates heat and that heat creates steam. And that steam is used to drive a tur. Much like what happens at a hydroelectric dam, the water drives a turbine, and then that turbine, ultimately of course drives a massive alternator of some sort, some sort of a, a generator, if you will. [00:17:10] And that's hooked up to our power lines. Now, what's really interesting here. Is their technology. You might have heard about this place. I remember reading about this and all kinds of interesting stories, a about this hole that was drilled in, in Russia. I think it was, and they went down. What was it like 5,000 feet or something? [00:17:37] Um, Uh, and they abandoned it. Right? Cause they were trying to do the whole thing, but here's the interesting part of what the MIT guys are saying that the crust anywhere in the world about it kind of varies a little bit, but basically about, uh, 10 to 20 kilometers deep has the enough geothermal energy. [00:18:09] to drive something like this power plant, this old coal power plant in upstate New York. But the problem is how do you drill that deep? The Russians, a Soviet union had a hard time doing it and they didn't, they didn't reach their ultimate goal, uh, and interesting backs stories on all of that, that we don't have time for today. [00:18:30] what these guys are doing is they have created an approach that vaporizes the rock. So they're not drilling. And if you've ever seen drilling operations, watched it on the discovery channel or something, which I have, it's really cool. You, you realize that when they start hitting hard rock granite bedrock, they stop. [00:18:55] Cuz it becomes so slow. So they use the diamond. Tip drill heads and, and they drill and it's slow, but what's happening right now is they're using gyro trons to heat the material it's been done for years in nuclear fusion experiments, but they're taking that basic technology and using it for new geothermal drilling technique. [00:19:23] That is cool. So these gyal trons, haven't been well known in the general science community fusion researchers know about it, but what they're saying is this is going to give them the ability to drill. These massive holes, you know, depth wise. And right now 400 feet is kind of as far as we can usually drill, but this is gonna let them go kilometers into the earth. [00:19:52] They're gonna be able to tap into that, the energy here, basically, you're talking about what you get out of a volcano, right? That sort of energy, that heat bring it up and then boil the water and run it through that coal power. At least the infrastructure that's in there, the generators and everything else. [00:20:13] So very, very cool. And this is something that's being done right now. They expect within a few years to have an actual functional demonstration of this blasting its way through melt. Rock and some of the hardest rock on the surface of the earth. Hey, you should have received my insider show notes Tuesday morning. [00:20:38] If you didn't, you can get 'em for free. Just go to Craig peterson.com. And if you have any questions, just email me, me, Craig peterson.com. [00:20:53] Do you remember this moment from the fifth element? Old tricks are the best tricks? Eh, yeah. Well, we're talking about attackers right now, cybersecurity and the old tricks are the best tricks. No doubt about that. They're back to the old ways. Yep. Oh, well, [00:21:10] There are a lot of security firms out there. It's just absolutely amazing to me. [00:21:16] I get ads all of the time, as you can imagine, from dozens and dozens of startups and big guys, and I'm looking at a page right now and there was what, six different ads on here for cybersecurity stuff. This is a site called dark reading. It's one. Pay some fairly close attention to, because they are talking about cybersecurity stuff. [00:21:40] So I guess that makes sense. But attackers are doing things every day right now. What are they doing? That's what Robert Lamos is talking about. And he's looking at a report that was produced by yet another security firm called Tetra defense and they analyzed data from the first quarter 2020. Now, when you think about cybersecurity and the problems we have, what do you think about, what do you think of? [00:22:12] Is it ransomware, fishing, maybe? What, what do you think it is? Well, what this Tetra defense found is that 54% more costs. From compromises caused by user actions comes from drum roll. Pete, please. I, I don't know if I said that very, very well. Let me just do that one more time. Okay. Take two. uh, compromises cost victims 54% more. [00:22:47] When we're talking about unpatched servers. And vulnerable remote access systems like Microsoft RDP, remote desktop, 54% more. That is huge, absolutely huge. Who would've thought of that by the way, these unpatched vulnerabilities from the first quarter and exposing risky services, such as remote desktop protocol account for 82%. [00:23:17] Of successful attacks while social engineering employees. And that includes things like fishing accounted for just 18%. Of successful compromises that my friends is a very, very big deal. And as I said, at the very beginning, it is, uh, no trick that they've been up to for a long time. So what I'm trying to get at here, I know I'm kinda wandering a little about a little here mentally, but I'm trying to get at the point that we. [00:23:50] To patch our systems and we have to apply patches ASAP. We have to make sure those patches are in place because it's, it's an absolutely horrible situation out there. I know a lot of companies that use Microsoft's remote desk. Top. And it has been just a horrific battleground when it comes to hackers because of all of the bugs that have been found in there and major vulnerabilities, uh, the log four shell bug. [00:24:21] This is the one that's tying into Java has been reported on a whole lot, but it is used in about 22% of breaches. So that's not bad for one vulnerability. And it's a crazy vulnerability. This is a problem with languages like Java, where you have people writing code that don't realize what's happening in all of these libraries are pulling in, you know, in Java you just say, okay, uh, write this out to a file for me. [00:24:52] And don't realize that the code that's actually doing that is parsing what you send it, and it might have a command in it that you. To it and it'll execute the command and that's the basics of that particular problem. Okay. So we're expecting all of these tactics to continue. There are a finite amount today of vulnerable exchange servers, which is another problem that the attackers have been using to really cause a whole lot of problems for us. [00:25:24] There will be new problems in the future. There's always new software introduced and the new software always has more problems. And there are a lot of people in the cybersecurity business that say, we should just assume that systems are compromised. So instead of trying to protect them as much, let's look for the compromises, which is an interesting way of doing things. [00:25:46] Frankly. So cloud misconfiguration, that's another big one that's out there. And I'm seeing that all of the time right now, we're working with a client. That's using a lot of Microsoft Azure stuff and Microsoft Azure, Amazon. But in fact, Amazon S three buckets, which are a way to store files up in the cloud inside. [00:26:10] Have really been hit hard because of misconfiguration. You see, when it gets very difficult to configure something, people tend to take shortcuts, don't think it through. And in this case they have lost a whole lot, but. It's hard to estimate the damages, but looking at it, we're talking about major cybersecurity in incidents, accounting for about two to 10% of annual revenue cost wise. [00:26:40] So a company that has maybe a hundred million in annual revenue could be looking at as much as 10% of that. In other words, 10 million as a financial impact of a cybersecurity incident. Now it's probably not gonna cost them 10 million to secure everything, but it might cost them a million a year and they just don't do it. [00:27:06] It's just, they don't bother doing it. Look at the huge breaches that we've had from some of these, uh, credit reporting agencies. If you will, that keep all this personal information and data on. that have lost data for 200 million Americans. Right. Really? They cared and yet they, they just rake in money. [00:27:28] They just print money. It's it's absolutely crazy. By the way, there was another report that was released a little earlier this year from crowd strike and it has a report that's based on incident data. And the one they released earlier this year was from 2021. And it's showing the breaches related to ransomware attacks had grown by 82% and the data showed that mal. [00:27:58] Had only been used in 38% of successful intrusions and 45% of attackers were manually conducting the attacks. So if you thought early on, when we started talking here that ransomware was maybe the biggest problem, you're not entirely wrong because ransomware is the biggest growing problem that we're seeing out there right now. [00:28:22] So it's absolutely crazy. The average time to move from an initial compromise. Remember, they're doing these things automated up front to try and find vulnerable systems or to try and get the ransomware out into your hands. That might be through a fishing attack, which by the way, fishing attacks increased 29%, that cent, that, that, um, so from the time they get that initial compromise to the time they're attacking other systems on the network. [00:28:55] It's still about one and a half hours, according to the data that came outta CrowdStrike. Now that is concerning too, because that means you basically have an hour and a half after you've been compromised to detect it and do something about it. And that's why we use automated systems with our clients that really keep a close tab on everything. [00:29:18] Look for various types of compromises, et cetera, et cetera. And I think it's, uh, an important thing to do because if you can't tell if you've been compromised, you just can't defend yourself. Hey, if you sign up for my newsletter, I will send you my most popular. Special reports that includes password special reports, how to use password managers, what the best ones are absolutely free. [00:29:44] Right. I got a couple of others that I'll send you and you will get my weekly show notes that come out Tuesday mornings most weeks. And that will allow you to keep up to date on all of this. Be a little bit ahead, in fact of the radio show, because I'm talking about stuff that was in my insider show notes on Tuesday. [00:30:03] So you get it in. Of everybody else. Just go to Craig peterson.com, sign up right there and you will be well on your way. Hey, stick around, cuz we'll be right back. Any questions me@craigpeterson.com. [00:30:21] We've got a couple of things to talk about right now. We've got Elon. Mokis gotta be worried about this lawsuit. That's coming up and we'll tell you about that. And then also TikTok is in the news here. We've got two different problems with TikTok that talk about today. [00:30:42] Hi, you are not alone. At least when it comes to your security and privacy. Hi, I'm Craig Peter son, and you are listening to news radio, w G a N a M five 60 and FM 98.5. I'd like to invite you to join me Wednesday mornings at 7 34 with Mr. Matt, we'll keep you out to. You know, of course about this whole thing. [00:31:11] Elon Musk said he wanted to buy Twitter for a measly. What was it? 44. Billion dollars, right. Real money. And that's a, you know, a problem, especially when Twitter is alleged to be not worth as much as Twitter appears to be. You see, Twitter has had to file with the securities and exchange commission reports about. [00:31:39] Their income, obviously writing expenses and management, and they have forward looking statements about what they're gonna be doing in the future. And all of that goes into a pot and kind of gets stirred up. And once it's all stirred up the investors, look at it and say, yeah, okay. I, I wanna invest in Twitter. [00:31:59] One of the big variables that goes into the pot has to do with advertising revenue, which is based on eyeballs, how many eyeballs can Twitter attract? And of course that means Twitter wants to keep as many eyeballs as possible on this site at once. Right. And for the longest time possible. So that all makes some sense, but Twitter's been reporting in its public reports that less than 5% of the users slash postings there on Twitter, but less than 5% of the users are actually bots. [00:32:39] These bots are used by. Bad guys, evil companies. And, uh, there are a lot of those out there that are trying to promote themselves. Look at how great we are. Yes. Yes. Look at wow. We're trending on Twitter. You should buy our stuff. And in reality, what they're doing is they are paying people who have bought to post thousands of tweets from different accounts using the company's hashtag it, it makes me ill, frankly, to think about this stuff, but that's what they do. [00:33:17] So. If Twitter has a lot of these bots that are fake and are just trying to drive up the investors' price for some random product, or maybe it's what happened during the last few election cycles where Russia, China were Medling and getting people to vote for Trump against Trump, for Hillary against Hillary Biden, etcetera. [00:33:46] Is it worth as much as investors thought. So I've been worried about what's gonna happen here. Elon Musk. He he's got to be worried if he actually ends up buying it, what's gonna happen. Is the securities and exchange commission going to do an investigation? Are they already doing one? Frankly? Probably are. [00:34:08] And is he going to be liable for it? So Twitter's value has dropped. Now, it, it obviously went up when Musk made that, uh, that generous $44 billion purchase offer, but it has gone down since then. And since there are so many analysts saying, well, there's at least 10% bots, others saying it's 40%, it's 60%. [00:34:34] And, and that kind of is based on the traffic, right? The amount of traffic, the bots are generating versus the number of accounts that are bought accounts. What, what happens? What should they do? How should they do it? What, how should they account for it? And if, if it's that high and there's questions about how high it is, then Twitter stock value is going to go down. [00:34:55] So Musk pulled out of this whole thing and yeah, I can see why he did. However Delaware is where a lot of these public companies ha are incorporated. That's where their, you know, corporate headquarters are, if you will. That's where they get their authority to operate as a company. And the reason a lot of them do that in Delaware is Delaware has laws and taxes that are very favorable to publicly traded companies. [00:35:29] And that says something right there too. Doesn't it? Well, Delaware has this thing called the court of Chancery and the judge that's handling Twitter's lawsuit against Musk. Her name is Kathleen McCormick. She is the chief judge in this case is called the court's chance. Has what Reuters called a no nonsense reputation, as well as the distinction of being one of the few jus who has ever ordered a reluctant buyer to close a us corporate. [00:36:06] Merger. And specifically she ordered last year, an affiliate of a private equity firm to close its $550 million purchase of a holding company that makes cake decorating products. But because of the lockdown, the value of that cake decorating company drop. Pretty dramatically cuz people just weren't going out and buying this stuff to make cakes. [00:36:31] They weren't celebrating, they weren't having parties. They didn't have cake cakes. Right. So she forced them to buy. This other company at the original price, even though the value of the company that holding company had dropped. So this is going to be really rather interesting. If you look at her ruling. [00:36:55] She said the buyers lost their appetite for the deal shortly after signing it as government entities issued, stay at home orders around the country and the weekly sales declined dramatically rather than use reasonable efforts to work around a definitive credit agreement. The buyers called their litigation council and began evaluating ways to get out of the. [00:37:20] Without input from the management, they prepared a draconian reforecast of the projected sales based on uninformed and largely unexplained assumptions that were inconsistent with real time sales data. That's where Elon Musk may have an out. if he's played his card right now, what really kind of confused me about all of this is that they, the guys at Twitter have a pretty solid case because they were able to negotiate as part of this potential purchase or merger, whatever you might wanna call it really it's a purchase. [00:38:01] They have a pretty solid case cuz they got some amazing language into this agreement. I, I just can't believe that Elon Musk and his attorneys allowed it to go in there. Now these cases here in the Delaware court of Chancery are decided by the presiding judge and not a jury. Although a judge can get an advers, uh, advisory, excuse me, jury, to help consult, but the judge's decision can be appealed to the state Supreme court. [00:38:33] And then the decision is final and Twitter proposed a four day trial with a September 19th start. Date and the court, I believe said, we're gonna push it off to October. I'll try and keep an eye on this case, cuz I think it's fascinating to see what happens here as we go forward to our friend, Elon Musk now. [00:38:57] TikTok, Ugh, man, if you didn't get my newsletter this week, which you should have had my insider show notes on Tuesday morning and follow through and read these two articles on TikTok, you really missed something, but I'll, I'll give you a quick summary here. Right now. We spoke. About TikTok and what they have done here with this blackout challenge. [00:39:21] Now it's not TikTok. They, they're not the ones promoting the challenge, but they are making money off of it and they're promoting their site. It's just yet another challenge that to has. well, one of the things that's been happening in Ukraine with this Russian invasion is people have been making TikTok videos and they have been posting them and they include all kinds of stuff. [00:39:47] Uh, I'm sure there's dead soldiers in there. Russian tanks that have been completely blown apart. What a bad design, by the way, and many other things, and TikTok says, Hey, wait, wait a minute. We, we, we, okay. Well, we, we can't keep these, even though they have been asked to preserve the Ukraine content for warm war crime investigations. [00:40:13] What has come out recently, you remember orange man, bad said that, uh, TikTok needed to be shut down. They, they wanted it out. He wanted it out of the, and not just him, but other people, uh, out of the app stores, because it's being used by Chinese intelligence and they're doing all kinds of stuff. Yeah. Yeah. [00:40:34] Well, it turns out that our friends at TikTok have been in fact sending. All of the stuff that you are filming to China now, TikTok is illegal to use in China. So they're not sending it to China to show the Chinese because China is smart enough to not allow people to use TikTok. They're using it for ESP espionage TikTok, even just a few weeks ago, changed its usage. [00:41:06] Uh, document here, right? Terms of use saying, uh, oh, we we're going to use. The video that you submit, uh, we're gonna collect biometric information. We're gonna collect information about things and people in the foreground things and people in the background. In other words, they're now putting together what you might call a social matrix. [00:41:29] So they know who your friends are or what you're doing. They know about you. They're doing facial recognition of you. It goes on and on and on very, very bad, but because it's so popular with these young Ukrainians and even Russian troops who are posting footage of the war, they've got some stuff that would be great for the war crime investigators. [00:41:54] And re remember when president Trump said, oh no, we gotta cut out TikTok. And, and the left, his opposition was saying, no, no, you know, TikTok is great. It's wonderful. Oh. And TikTok said, yeah, we have, uh, us based servers, nothing to worry about here. I don't know what Trump is talking about. The guy an idiot. [00:42:13] Uh, well, as I just mentioned, we found out absolutely that yeah, they're saving it. They're sending it to China. And remember now, The Chinese communist party is a friend of Russia's. They're buying oil for very cheap prices. They're providing Russia with a number of different things. They're being a little cautious about it, but they will not allow war crime investigators to look at TikTok videos that have to do with the war in Ukraine. [00:42:48] Absolutely amazing. Absolutely amazing. Lot of data pulled from your device sent back to China biometrics, face prints, voice prints, keys, stroke patterns, rhythms, search, and browsing history, location information. Do not let your kids go to TikTok. And this week I got an email from a listener saying that one of her close friends. [00:43:14] Child died because of the blackout challenge. If that's not enough. [00:43:20] Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? You know, did you fall victim for that? Hey, upload your contacts. We'll find your friends. Well, they don't know where your data is. [00:43:36] This whole thing with Facebook has kind of exploded here lately. [00:43:42] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes now, you know, there's always a lot of rumors about different companies and particularly when they're big company and the, the news headlines are kind of grabbing your attention. [00:44:16] And certainly Facebook can be one of those companies. So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal data? well, it came from a leaked document. Yeah, exactly. So I, we find out a lot of stuff like that. Right. I used to follow a, a website about companies that were going to go under and they posted internal memos. [00:44:49] It basically got sued out of existence, but there's no way that Facebook is gonna be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So of course, if you're older, we used to call those TIAL waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:45:19] So Facebook internally, they, their engineers are trying to figure out, okay, so how do we deal? People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:45:42] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How are they all CATA categorized? Now we've got the European union. With their gen general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:46:07] That's not my specialty. My specialty is the cybersecurity side. But in article five, this European law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected and used for a specific purpose and not reused for another purpose. [00:46:45] So there's an example here that vice is giving in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, you know, feature as well as. Advertisers. Yeah. Interesting. Eh, so Gizmoto with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice. [00:47:13] Cuz this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. And most people. Right. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online and nothing. [00:47:34] Right? I think I probably even uploaded it back then thinking, well, that'd be nice to see if I got friends here. We can start chatting, et cetera. Well, according to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal me, uh, memo, this European regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leak document shows that Facebook may not even have the ability to limit. [00:48:09] how it handles users data. Now I was on a number of radio stations this week, talking about this and the example I gave, I is just look at an average business from the time it start, you know, Facebook started how right. Well, you scrape in pictures of young women off of Harvard universities. Main catalog, right. [00:48:34] Contact page, and then asking people, well, what do you think of this rate? This person rate that person and off they go, right. Trying to rate them. Yeah, yeah, yeah. All that matters to a woman, at least according to mark Zuckerberg or all that matters about a woman is how she looks. Right. Do I think she's pretty or not ridiculous what he was doing? [00:48:54] I, it just, oh, that's Zuckerberg, right? That's. Who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then opening up even wider and wider. [00:49:19] And of course, that also created demand cuz you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certain you're starting to collect data and you're making more money than God. So what do you do? Well, you don't have to worry about inefficiencies. [00:49:40] I'll tell you that. Right. One thing you don't have to do is worry about, oh, GE we've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that, uh, money to this group or that group. [00:50:02] And they put together all of the basic information, right. That, that they want. They are. Pulling it out of this database and that database, and they're doing some correlation writing some really cool sequel queries with some incredible joins and everything else. Right. And now that becomes part of the main code for Facebook. [00:50:24] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, uh, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And, uh, they, one of the groups inside Facebook says, yeah, yeah, yeah, here, here we go. [00:50:49] Here's all of the information we have about everybody and it's free. Don't worry about it. Right. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No, no, no, but, but the Obama. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:51:15] And according to this internal memo, they still don't know. They don't even know if they can possibly, uh, comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the us Canada of course, has their own Australia, New Zealand think about all the places. [00:51:38] Facebook makes a lot of money. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water. [00:52:00] Okay. And it flows every. The document red. Right. So how do you put that ink back in the bottle, in the right bottle? How do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from it? Apparently they don't even know where they got some of this information. [00:52:24] This data from kind of reminds me of the no fly list. Right. You don't know you're on it and you can't get yourself off of it. Right. It is kind of crazy. So this document that we're talking about was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of a monetization strategy monetization strategy. [00:52:51] And is the engine that powers Facebook's growth. interesting, interesting problems. And, and I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And I've talked about as well along comes Elon Musk and he says, well, wait a minute now. [00:53:13] Now I can make Twitter way more profitable. We're gonna get rid of however many people it's well over a thousand, and then we are going to hire more people. We're gonna start charging. We're gonna be more efficient. You can bet all of these redundancies that are in Facebook are also there on Twitter. and Twitter also has to comply with all of these regulations that Facebook is kind of freaking out about. [00:53:42] Well, it, for really a very good reason. So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does, but most companies, right. [00:54:06] You grow. I, I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be, because it grew organically. Right. You, you started out with a little consumer firewall, router and wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. [00:54:29] This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:54:49] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian looters. [00:55:06] Thanks for being with me today. I really appreciate it. And I'm honored, frankly, to be in front of this microphone. , this is really something, you know, we, we know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that that looting is kept to an absolute minimum. [00:55:29] Certainly the Americans, the British, even the Nazis during world war II, the, the, uh, the socialists they're in. Germany, uh, they, they tried to stop some of the looting that was going on. I, I think that's probably a very good thing, right. Because what you end up with is just all of these locals that are just totally upset with you. [00:55:57] I found a great article on the guardian and there's a village. Had been occupied for about a month by Russian troops and the people came back, they are just shocked to see what happened. They're giving a few examples of different towns. They found that alcohol was stolen and they left empty bottles behind food rappers, cigarette butts, thrown all over the place in apartments and homes. [00:56:26] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the clothes. This is a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and lingerie. This is really, really something. Uh, it, the Soviets didn't do this, but now Russian. [00:56:50] Military apparently does. So over the past couple of weeks, there've been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidences suggests looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:57:18] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto Euro trucks, everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioners. [00:57:42] Being shipped back, just like, you know, you might use ups here, they have their equivalent over there. A lady here who was the head teacher in the school. She came back in, of course, found her home Lood and in the head teacher's office. she found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're gonna destroy it. [00:58:08] They don't only leave anything behind. They found the Russians had taken most of the computers, the projectors and other electronic equipment. It, it, it's incredible. So let's talk about the turnaround here. A little. You might have heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:58:28] So they get into the apple store. They grab laptops on iPads, no longer iPods, cuz they don't make those anymore. And I phones. And they take them and they run with them. Well, nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is, is they take some parts and use them in stolen equipment. [00:58:55] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:59:17] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, let's say they put 'em on wifi. They don't get a SIM card. They don't. service from T-Mobile or Verizon or whoever it might be. So now they disconnect to the wifi and it calls home, cuz it's gonna get updates. [00:59:37] So on download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erased, et cetera. [01:00:03] Now, police have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're, they're doing things like putting them into Fairday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [01:00:28] You steal it. It's not gonna do you much. Good. So one of the things the Russian stole when they were in, uh, it's called, uh, I think you pronounce it. Uh, Mela me pole, uh, which is again, a Erian city is they stole all of the equipment from a farm equipment dealership and shipped it to Chenia. Now that's according to a source in, uh, a businessman in the area that CNN is reporting on. [01:01:01] So they shipped this equipment. We're talking about combines harvesters worth 300 grand a piece. They shipped it 700 miles. and the thieves were ultimately unable to use the equipment, cuz it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [01:01:27] It's autonomous. It goes up and down the fields. Goes any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, right. Of your property being very, very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [01:01:54] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a, what not terribly profitable business. It certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? Well, what they do is they lease it. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [01:02:22] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not gonna come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [01:02:47] Right? You see where I'm going with this so that they can get their equipment in the hands of more farmers cuz the farmers can lease it. It costs them less. They don't have to have a big cash payment. Right? You see how this all works. So when the Russian forces stole this equipment, that's valued. Total value here is about $5 million. [01:03:08] They were able to shut it all. And obviously, if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and you know, there's pros and cons to that. I think there's a lot of cons, but, uh, what are you gonna do? How's that gonna work for you? Well, it. Isn't going to work for you. [01:03:29] And they were able to track it. It had GPS trackers find out exactly where it was. That's how they know it was taken to Chenia and could be controlled remotely. And in this case, how'd they control it. Well, they completely. Shut it off. Even if they sell the harvesters for spare parts, they'll learn some money, but they sure can be able to sell 'em for the 300 grand that they were actually worth. [01:03:56] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show note. And every week I have a quick five. Training right there in your emails, Craig Peter san.com. That's S O N in case you're wondering. [01:04:21] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're gonna talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world. [01:04:37] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [01:04:48] We had improved all of their systems and their security and one of their. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine, all of a sudden TA, guess what it had ransomware on it. One of those big reds. [01:05:10] Greens that say pay up is send us this much Bitcoin. And here's our address. Right. All of that sort of stuff. And he called us up and said, what what's going on here? What happened? Well, first of all, don't bring your own machine into the office. Secondly, don't open up particularly encrypted files using the password that they gave. [01:05:33] and thirdly, we stopped it automatically. It did not spread. We were able to completely restore his computer. Now let's consider here at the consequences of what happened. So he obviously was scared. Uh, and within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. [01:06:01] So the consequences there, they, they weren't that bad. But how about if it had gotten worse? How about if they ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. Right. Would, do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [01:06:28] Right? Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. Well, I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [01:06:55] And if you're interested, I can send you, I I've got something. I wrote up. Be glad to email it back to you. Uh, obviously as usual, no charge. and you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [01:07:19] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's two, two factor, right. First is they've encrypted your data. You can't get to it. And then the second side of that is okay, well, I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they they'll put it out there. [01:07:43] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing, uh, you can lose your license for your business. You can U lose your ability to go ahead and frankly, uh, make loans and work with financial companies and financial instruments. [01:08:08] It could be a very, very big deal. so there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And we, again, we've got a client that, uh, we picked up afterwards. That, uh, yes, indeed. They lost all of the money in their operating account. [01:08:32] And, uh, then how do you make payroll? How do you do things? Well, there's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [01:08:53] Uh, one is by the way, KTI, which is a big ransomware gang that also got hacked after they said we are going to attack anyone that. Uh, that doesn't defend Vlad's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. Uh, first of all, the largest ransom demand is $50 million. [01:09:21] And that was in 2021 to Acer big computer company. Now 37% of businesses were hit by ransomware. In 2021. This is amazing. They're they're expecting by 2031. So in about a decade, ransomware is gonna be costing about $265 billion a year. Now on average, uh, Ransomware costs businesses. 1.8, 5 million to recover from an attack. [01:09:53] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? Right? If you're a car dealer, you have a to print money, right? You you're selling car model or cars from manufacturer X. And now you have the right to do that and they can remove that. [01:10:16] Right? How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, 20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom demand. So about her third paid ransom demand. [01:10:41] Last. it's it's actually down. Cuz my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it's it's a little, little better than 50%, but 65% of pain victims recovered their data. [01:11:12] Now isn't that absolutely amazing. Now 57% of companies are able to recover the data using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get backed? Probably took weeks, right? [01:11:35] For a, a regular computer over a regular internet line. Now restoring from backup's gonna be faster because your down link is usually faster than your uplink. That's not true for businesses that have real internet service, like, uh, ours. It it's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [01:11:58] So it's very, very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be incredibly expensive for you incredibly. So here you. The number one business types by industry for ransomware tax retail. [01:12:32] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware, conscious of doing what, of keeping their data secure of having a good it team, a good it department. So there's your bottom line. [01:12:59] Uh, those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And so, as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [01:13:26] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to Craig peterson.com. And I'll also send you my special report on how to do passwords stick around will be right back. [01:13:44] You know, you and I have talked about passwords before the way to generate them and how important they are. And we we'll go over that again a little bit in just a second, but there is a new standard out there that will eliminate the need for passwords. [01:14:00] Passwords are kind of an, a necessary evil, at least they have been forever. I, I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [01:14:17] Yeah, 360, you know, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements in, but you had a username. [01:14:47] You had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang. And, uh, his password was always some sort of a combination of RA Lang. So it was always easy to guess what his, what his password was. Today, it has gotten a lot worse today. We have devices with us all of the time. [01:15:09] You might be wearing a smart watch. That requires a password. You of course probably have a smart phone. That's also maybe requiring a password, certainly after boots nowadays they use fingerprints or facial recognition, which is handy, but has its own drawbacks. But how about the websites? You're going to the systems you're using when you're at work and logging in, they all require passwords. [01:15:39] And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for, for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to log. Now that's really kind of an interesting thing, right? [01:16:07] Just looking at it because we're, we're so used to having this password only authentic. And of course the, the thing to do there is make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe mix. [01:16:29] Upper lowercase a little bit. In those words, those are the best passwords, you know, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cuz I use a completely different password for every website and right now, Let me pull it up. [01:16:52] I'm using one password dot com's password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. Entries here in my password manager, 3,100. That is a whole lot of passwords, right? As well as, um, software licenses and a few other things in there. [01:17:19] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I, I really do like that. Uh, some others that I've liked in the past include last pass, but they really messed. With some of their cybersecurity last year and I lost, lost my faith in it. [01:17:41] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless sign in. and they're gonna make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [01:18:05] And you can bet everybody else is going to follow along because there's hundreds of other companies that have de

god new york amazon california texas tiktok canada donald trump australia power europe google uk china rock washington water training real americans british child germany russia chinese european depression ukraine government washington dc elon musk russian dc microsoft mit new zealand resurrection iphone barack obama hawaii congress harvard fbi pass cnn bitcoin tesla nazis military medical euro id billion beef ipads gps hack privacy ukrainian ibm mark zuckerberg terms solar iceland hillary clinton delaware plastic sim supreme shut pulling esp nancy pelosi tip soviet cuban user ge epa ipods qr verizon reuters gdpr passwords merger coal java automated greens nissan vlad martha stewart upper electrical ransomware t mobile henry ford cyberattacks rooftop firefox john deere crowdstrike checkpoint relic advertisers soviets entries mozilla pv cuz internally fido mojave piles microsoft azure acer cata webex geothermal motherboard qua groundwater mdm tetra lpn forbid polluting google microsoft andrew lang solar cells chancery fido alliance lood and tiktok mohave jcl craig peterson erian kti

Do You Know Anyone Who Uses TikTok? Kids Are Dying Because of It!

Play Episode Listen Later Jul 15, 2022 81:06

Do You Know Anyone Who Uses TikTok? Kids Are Dying Because of It! TikTok has been in the news for a lot of reasons. It is now confirmed. It is used for Chinese spy operations, but the big problem right now is the kids that are dying because of TikTok. [Automatic transcript follows] You are not alone. I'm Craig Peterson TikTok has been in the crosshairs for quite a while. This is a Chinese company. Tencent is the Chinese company that started them up and they really kind of got their foundation through what you'd call challenges probably. [00:00:37] Everybody remembers the ice bucket challenge and that ice bucket challenge was floating around. They were doing it on YouTube, TikTok everywhere, and it was to benefit really ALS. Which is absolutely kind of fantastic. And this was eight years ago, I guess. I don't know, 10 years, 2014, I think actually, uh, a long time ago. [00:01:03] I remember like it was yesterday and they raised apparently $115 million. The idea was that you would challenge someone else to do this ice bucket challenge and in, so doing, you would donate money to ALS. That is really kind of cool. What a great idea for ALS. So I would, for instance, get challenged by someone who dumped a bucket of ice water over their head. [00:01:34] To do the same and donate to ALS Lou Gehrig's disease. That's kind of cool. Obviously they're not supporting Lou Gehrigs are supporting the research and due stopping it. Right. And people did it. And as I said, $115 million later, ALS research is probably a little further along. You kind of hope so it's easy in a big organization to chew up $115 million. [00:02:00] That's for sure. But bill gates did it. Ton of celebrities did it. And ultimately people took that basic idea and, and tried to put it into other types of fundraisers. You know, that's all well and good, you know, it kind of kind of died down, uh, for a while. They did a whole bunch of other things I'm looking right now, by the way. [00:02:28] Uh, let's see. Yeah, it was ALS association. This is Wikipedia, which is, uh, sometimes to believe be believed most of the time not. And a, the ALS site was where I was quoing from before Wikipedia is saying that. There was over 220 million worldwide raised for ALS research. So it's probably the difference between worldwide and in the us. [00:02:54] So they wanted to make it kind of an annual event. It just didn't happen. And the cold water challenge. It started really in 1991. So they, they took it and they ran with it. Well, one of the things that TikTok has been doing a lot of is challenges and they they're different kinds of challenges. They have musical challenges where someone will. [00:03:20] Post, uh, some music usually by a star of some sort. And they'll go ahead and have a, maybe a dance challenge and maybe a, you know, a challenge for your kitty cat or your dog, whatever, what, whatever it might be. But it's been really good for TikTok to grow. And a lot of people are doing it. Different, crazy things that they've done. [00:03:45] You've got the gorilla glue girl. Do you remember her? she, she decided to use gorilla glue in her hair rather than I guess some sort of, uh, I don't know. Oil or something to hold her hair down. And it definitely held her hair down. She sued, she sued them. It's absolutely crazy what she did. So the gorilla glue girl, probably not really a challenge, but she, uh, this is CRA, this is when the New York post undoubtedly cemented her place on talk's most stupid Mount Rushmore. [00:04:20] Because she slathered her hair with gorilla glue and she had to go in and get it. Surgically repaired. It took four hours, $20,000 in donations came in hundreds of free air products, even a full-time agent. The DIY vampire fangs. Uh, this is crazy. This is in Halloween a couple of years ago. Super gluing costume vampire fangs to your teeth. [00:04:50] Uh, 9 million views on that one. Tooth filing. Oh, this is crazy, absolutely crazy. They I'm, I'm looking at a picture of it right now of the video, one of the videos. Anyway, anyways, it was on TikTok and, uh, you know, this is kind of the realm of toothless TikTok challenges, but. They, uh, they were attempting to fix their uneven smiles by using a nail file to sand their teeth down the incisors. [00:05:24] If they were, were a little bit too big. Oh, man, the dentist got upset about that for very good reason. You're destroying the enamel on the outside of your teeth. Irreparable damage, the face wax challenge. Oh, look at this picture. This is crazy billions of videos in counting. Uh, they they're putting wax, although wax all over people's face. [00:05:50] Oh, my goodness. So they caked the whole face, including the eyes with wax, like it's, you know, casting mold. Have you seen those things before they even have wax dip Q ticks tips stuck in their noses to get rid of those nasal hairs? Oh man. Very, very traumatic. Um, I'm not gonna talk about this one. It involves a sensitive body part, the corn cob challenge. [00:06:22] Uh, this is, uh, cons eating corn by attaching the cob. That or to a spinning drill bit. If you can believe that. Oh man, 22 hamburgers. Here's another one. The cereal challenge. Uh, a person pours milk and cereal into the open mouth of a person laying down and eats breakfast from the human bowl. Choking hazards. [00:06:50] Obviously there, the skull breaker challenge, this apparently started in Venezuela and it depicted three friends jumping next to each other as the book ending, Bud's kick in the middle guy's feet out from under him. So what ends up happening is that person crashes to the ground landing on their back, hitting. [00:07:12] The head in the process injuries reported Miami, New York, New Jersey, Arizona, uh, Dayton beach, Florida police have charged two high school teens with misdemeanor, battery and cyber bullying, Mexico. The penny challenge. Oh my gosh. Um, This involves. And I talked about this one here on the radio, too, taking a penny and putting it on a plug. [00:07:41] So you partially plug. A plug into the wall, into the socket and then you stick a penny behind it to shore out the leads. Yeah. So when the, when the penny or whatever coin you're putting in there hits those metal prongs there's sparks electrical system damage, and some cases fire, uh, them fire marshal down in, uh, one of the towns. [00:08:08] Ostro key, I guess it is in mass. Uh, has a photo of a scorched outlet in Holden. Oh, there you go. Reportedly caused by the viral prank. The Benadryl challenge, Chacha slide, pee your pants. Uh, [00:08:31] there's another one, the other side, verbal abuse challenge, mom and dads verbally abusing their kids. I color them a mistake in some cases mentioning the word abortion. Oh my goodness. Flash mobs. Uh, dipping challenge. Oh, that'll make you sweet eating and swallowing dip and the blackout challenge. That's the one we're talking about right now. [00:08:54] There there's so many of these things. If you don't know what's going on on TikTok, this is it, right. I, I just told you a bunch that are dangerous. Absolutely crazy. Nobody should be doing that sort of stuff, but they are, well, parents are saying now the TikTok failed to act after the first reported death in this blackout challenge, as you can guess, the blackout challenge is where kids black out. [00:09:25] They have to strangle themselves until they pass. This was in my emails this week, this whole thing, I've got a link to some of these articles. You'll find it@craigpeterson.com. If you didn't get it on Tuesday morning, make sure you go to Craig peterson.com and sign up right now. But parents of two girls, these are two of the seven kids that are known to have died from this blackout challenge. [00:09:53] Are suing these girls, their daughters that died were ages eight and nine nine. They're claiming according to ours, Technica that their kids became addicted to TikTok. They were fed a constant stream of seemingly harmless challenge videos, persuading them to participate and then died after attempting the blackout challenge. [00:10:22] So they're seeking damages from TikTok for the product design. Now remember TikTok, isn't the one coming up with these challenges. It's the users who are on TikTok that are coming up with them. Now TikTok did respond. He told the New York, they told the New York times the spokesperson that the, the company would not comment on continuing litigation. [00:10:45] And they also linked a prior company statement to people magazine about a 10 year old girl who also died after attempting the blackout challenge. At that time, TikTok said the disturbing challenge predated their platform and had never become a TikTok. Trend now we know TikTok just a few weeks ago. [00:11:06] Confirmed has been sending all of the videos, all of the user information, everything to China. So there you have it avoid TikTok and man, don't let your kids on it. Stick around. We'll be right back. [00:11:25] Hey, Microsoft is giving me nightmares again, and frankly, much of the cybersecurity community because of their change. They just change direction in a way that is much, much less safe. I, I don't know what's going on there. [00:11:42] We over the years have seen Microsoft be just kind of the bane of our existence. Anybody that's trying to stay secure, it's been terrible. [00:11:55] There's software, just horrible. It was not designed but frankly, find frankly. All it's just crazy. And then they brought Dave Cutler in and I worked on NT, the pre one, oh, versions, windows, NT, their new technology, which kind of underlines all of the modern versions of Microsoft windows. And what happens well, instead of doing things securely, really following in the footsteps of a. [00:12:28] Call print system, digital equipment corporation. They decided to just go completely different direction and, uh, rip things out and must make this compatible with anything that's ever been written, kind of the Intel philosophy. And by doing all of that, they lost all of the wonderful security that VMs had. [00:12:48] This operating system that Dave Cutler had kind of led up over in the deck world. we ended up with a piece of garbage, really? It was just terrible. Oh my goodness. And I I've been absolutely amazed since I got rid of bill gates and got rid of that other guy that was in there running things for a wild bomber, who was just incredibly, just terrible. [00:13:18] Uh, and they've really come a long way. Their new CEO, the last few years has done some. Wonderful things. Some really amazing things here to increase. Microsoft's not just productivity for the users, but their profitability and their cyber security, which is why now I am so. Puzzled, because one of the things that has been a killer for cybersecurity has been this whole concept that micro has Microsoft has of well had anyways of, well, let let's make it so that you can write programs and put them into this spreadsheet. [00:13:56] Visual basic visual C plus plus C. We'll make things ever so much better. And of course, what was visual basic used for in some of our word documents and our Excel documents, it was used to hack our computers. Yes, indeed. The bad guys used a programming language to cause. All kinds of havoc, who would've thought a, so Microsoft decided, well, Hey, listen, uh, we are going to turn off macros by default because they are too dangerous. [00:14:35] Boy, are they too dangerous? Whatever programming language you're using. Come on, look at Java. Java has just been a nightmare as well. Over the years for cybersecurity, it's gotten better. Of course they've tightened it. But I can remember what, 15, 20 years ago, first using Java and seeing all of the problems. [00:14:57] We still got them. I've got a new client that I've been helping. They're a startup and they are using Java for a lot of the stuff that they are writing. And it's a nightmare trying to get them to. Up to date on the Java engines that they're using and, and they're using some that have massive known vulnerabilities and that's kinda what happens with the macros. [00:15:23] It, yeah. Great. Look at, you can write files to desk. You can do all kinds of really cool things. Isn't this just wonderful. Yeah. If the whole world was kind and generous and wasn't trying to break into our computer computers. Uh it's. It's incredible. So in February, 2022, Microsoft announced a major change. [00:15:49] And it put this change in place to, as they said, combat the growing scourge of ransomware and other, uh, really malware attacks. So they're going to block the downloaded macros and office versions, going back to office 20. Team they're gonna be releasing patches for them. And you could still enable macros for these different files, PowerPoint, what, whatever you're doing here, but it's much more difficult to enable it because they are so dangerous. [00:16:24] Absolutely. Dangerous and, uh, well, we can get into all of the details behind it. You know, the zone identifier tag. And if you have an NTFS volume, it can be in there market, the web it's already used in office. They're kind of emulating what apple has been doing for quite some time in order to really try and focus you saying, Hey, listen, you downloaded that app from the internet. [00:16:50] Do you really, really. Really want to use it. Uh, you don't think this through a little bit and sure enough, you know, they decided, yeah, this is a bad idea. We can't let people just run macros willy-nilly uh, by the way, why, why were all these things happening? Well, if I was to boil it down, you probably could read between those lines. [00:17:11] When I was talking earlier really bad. Product management inside Microsoft. Now they've got some great programmers, but, uh, and some great minds there. I, I know a few people, well, I mentioned Cutler who went over there, but I know a lot of other guys that went over there to work for Microsoft, but they just don't have the product management that frankly they need to have. [00:17:35] And that is caused just all kinds of nightmares. So what's happened. Well, Microsoft made a very big announce. They have decided that they are going to let you know, nevermind. Nevermind. They have reversed course, and they're going to allow untrusted macros to be opened by default in word and other office applications. [00:18:05] So, uh, they also said here just a few days ago that, Hey, um, Um, you know, the, nevermind. We said that we are gonna allow macros, uh, just by default in everything. Um, yeah, well that that's gonna be temporary, I guess. It's, you know, temporary in passing just like inflation, right? Don't don't worry about it. Uh, nothing is here. [00:18:28] This is absolutely crazy. Make up your mind. Macros have been the bane of existence for so many. Of us cybersecurity people out there. And another thing too, that's just been really bad is their wonderful little scripting language, their, their power shell, which is being used all the time now by the bad guys to infect machines because your standard malware. [00:19:00] You know, this antivirus software that you buy, the, you know, not the really good stuff, but the stuff that you buy as a consumer would buy you'd get at staples or Walmart or online does not work against it. And again, it's just like, they're stealing again. This one's from the Unix world. We've had shells in Unix since the seventies. [00:19:25] and, uh, you know, they, they just, they do it, they do it wrong. They. And they make it, uh, just worse. I'm shaking my head. I, I, you can tell I am no Microsoft fan, right? Uh, people are using it mainly because businesses buy it. And why do businesses buy it? Because the purchasing guy. Looks for check boxes. Oh yes. [00:19:48] Microsoft windows checks all these boxes and the purchasing guy doesn't care about the user interface. The purchasing guy doesn't really care about how secure it is. It doesn't care about how Des well designed it is. It doesn't care about its network connectivity. So yeah, that's why we have so many copies of windows out there. [00:20:07] This is a sad decision blocking Microsoft office macros would do infinitely more to actually stop real threats out there than all of the Intel blogs that are out there that are telling us about the problems. I just don't get it. It's absolutely crazy. Everybody is criticizing the move that's in the cybersecurity space. [00:20:36] Bad decision again from Microsoft. So make sure your macros are turned off. You can find this article. I sent it out my show notes on Tuesday. Craig peterson.com. [00:20:52] There's been a lot of talked about Elon Musk, this whole Twitter deal. But I think everybody that I have read articles from is missing the boat here. So I'm gonna give you my view of what's happening as a business person, myself. [00:21:08] Elon Musk made a $44 billion bid to buy Twitter. You've I'm sure you've heard of this. [00:21:17] It's been talked about now for months and months and months. And I, I want to talk about what happened from my. Perspective with Elon Musk saying, no, um, this deal is over. I'm not gonna follow through on this. And again, this is my opinion. This is me doing a little bit of mind reading here of, of Elon MOS and maybe one or two of the things that. [00:21:43] That he thought about when he canceled this deal. Now, remember, initially he's put that offer out. And the Twitter board of director said, no, no, no, we're not gonna take it for whatever reason. Right. What's the real reason they might. They, they they'll say what. They want you to hear about what the reason is, but it's not necessarily the reason. [00:22:06] So initially Twitter said, no, we're not gonna do it. And then Twitter said, yeah. Okay. We'll do it because there was frankly, this is again, me, a lot of. People who were investors in Twitter that were pretty upset that this offer from Musk, that was a very good offer. He was offering more than the stock was trading for would go away. [00:22:30] They wanted it. They wanted to get out of Twitter. You know is not what you're supposed to be doing. Right. You're making money. Even if you keep your stock, you're, you're gonna be well vested. And that's what you're trying to do is make some money for yourself or your investors. So many of us have retirement money that's in the stock market. [00:22:52] Yeah. Like you haven't noticed that. Right. There's the, your retirement's gone down by 50% or more it's in the stock market. So you want the people who are running these companies to make good fiscal fiscal decisions so that your money that's invested in there, isn't going away. So you have some money for retirement. [00:23:15] So that pressure on the Twitter board is really what got them to move and say, yeah, we'll accept the offer. Now Elon Musk made that offer based on the valuation of Twitter and its stock, because really what Musk had to do is buy at least a controlling interest in Twitter stock in order to take it over. [00:23:42] So Elon's there saying, okay. I'm offering 44 billion and it is based on public information. How does this work? Public companies have to provide stockholders and investors and, and the general community out there in information about their company. So they'll have things you've probably heard terms like forward looking statements. [00:24:11] They'll say things that Elon Musk has certainly got in trouble before for saying things that weren't done through the securities and exchange commission. So, yeah. Okay, great. Uh, we're not doing, we're not doing as well as we thought we would. Uh, you know, when these companies are making announcements, the, all of these, uh, analysts are looking at what they think they're going to announce and how much of earnings per share they'll have, and whether they're gonna pay dividends. [00:24:45] You've heard about all of this. Well, one of the things that has to go into those security and exchange commission filings, the S E C is the number of actual eyeballs you have. So you see an advertisers interested in how many people are on Twitter and how many people are seeing the ads, cuz that's how they're paying. [00:25:10] Right? That's how they justify paying Twitter to run ads. Makes sense. I think, well, the same thing is true for the investors. They wanna know how many eyeballs are on there because that is what the ads are worth and based on what the ads are worth, that is exactly, uh, what we value the company had. Right? [00:25:35] So, so all of these things and of course more, but those are the core things that go into valuing a business such as Twitter. So Twitter's there, they're putting out the S E C filings and they're telling the securities and exchange commission. Yeah, we have 5% of our Twitter accounts are operated by bots as many as 5%. [00:26:04] That's what they're saying. Now various experts who have looked for the behavior, that would be a bot have said, the number may be closer to 15%. And I've even, I've heard numbers that are saying that the traffic on Twitter could be. Gen bot generated, uh, at 40 to 60% rates. So obviously you have count accounts that are bots, and then you have the traffic that they generate different numbers in both cases. [00:26:37] So you've got all of this traffic being generated by bots, and that means it's not legitimate traffic. now what's a bot, a, a bot is, and you know, I've explained this before. Apologize for people that have heard it, but a, a, a bot is a kind of a robot think of it that way. And these robots go ahead and they repost things. [00:27:06] They post things using hashtags and they're used by evil people. Uh, yeah, I I'm, I'm using that term now. Evil people, people who are trying to get you to do something and are manipulating. so very frequently, we have seen evil people out there who are trying to manipulate the value of a stock by going ahead and using their hashtag their keyword and having bots mention it thousands of times. [00:27:43] So now that keywords going up and you as a regular user on Twitter, you see that keyword, maybe you're doing some research based on that keyword. And you find that yes, indeed. Uh, these people really have, uh, got a great business and this is gonna be fantastic. So they get eyeballs. And hopefully you're clicking through to their website and maybe they're looking for investors. [00:28:10] And so you invest in them. You, you see what they're doing. So instead of getting it organically, instead of doing it the way I've done business, and my, I have a friend that says, Hey, Craig, if you were a, as unethical as these other people, like Zuckerberg, like bill gates, like so many others, if you were unethical, you'd be a billionaire too. [00:28:32] My ethics say that you should not be manipulating people, right? I, if I've got something to offer that you want great, but these bots are used for manipulation purposes only, only. So if it's 5% bots, as much as 5% Twitters has a certain value. And if it's 15%. It has a different value. And that's what Elon Musk has been saying. [00:29:03] What's the real value of Twitter. Now that it's come out, that the number of bots on Twitter is probably much higher than Twitter's been saying. While now you get the securities and exchange commission upset with you, and I bet you, there are investigations underway, criminal and otherwise against Twitter. [00:29:29] And more than we've even heard about. So Elon Musk would be a fool to buy Twitter. And when you buy a company, you inherit all of its problems, including its lawsuits and potential lawsuits. So can you imagine the tens hundreds of millions of dollars they're gonna be spent defending Twitter and its board of directors? [00:29:55] If indeed these things are true. Yeah. Hey, I've got a great article this week from the orange county register, talking about this, explaining. It all out, not as well as I did, but make sure you get my newsletter. My insider show notes, Tuesday mornings, Craig Peter son.com. [00:30:16] Our technology related businesses. Now this includes everybody from apple, all the way through, um, car manufacturers, like Ford or GM. They have a disaster scenario that we're gonna talk about right now. And hopefully it doesn't happen. [00:30:33] I have been kind of warning about this for a while. And I definitely been thinking about this for a long while and a great article that came out in nine to five Mac this week that I have a link to in my newsletter. [00:30:50] This is in my insider show notes newsletter that comes out Tuesday mornings. This is the, the same show notes that I use. For the radio show and for my radio and television appearances. So make sure you are subscribed to keep you up to date. And of course you can subscribe right@craigpeterson.com. So this is a great little article it's titled Apple's disaster scenario is a real possibility. [00:31:23] Say us and UK security services. What is the disaster scenario? It is the Chinese takeover of Taiwan, which would be very bad. We're about to explain why China, you probably have heard this before. Claims Taiwan is its own and Taiwan claims mainland China as its own, as they. Had, uh, the, the rulers, if you will, of China at the time of the communist takeover fled to Taiwan, basically a government in exile. [00:32:00] So good luck Taiwan taking over China again, that that just isn't gonna happen. But the other side really. Could happen. So the heads of both the us and UK security services gave an unprecedented warning. This is I five and FBI heads. And, uh, of course that's director Christopher Ray. They're very, very worried. [00:32:30] This is an unprecedented joint appearance in London. You probably did not hear about this anywhere else. This might be the first time you're hearing about it, but they said that China was quote the biggest long term threat to our economic and national. Security. They talked about how China's interfered in the politics, including recent elections. [00:32:55] Of course, I've talked about that here. And of course, Russia also does some of that, but China, China, excuse me, is the real threat. I five's had said that they have more than doubled the work against Chinese activity in the last three years. They're going to be doubling it again. I five is now running seven times as many investigations related to China. [00:33:21] Compared to 2018, uh, FBIs Christopher Ray warn that if China was to forcibly take Taiwan, it would represent one of the most horrific business disruptions the world has ever. Scene. And then China responded and said that the I five was trying to hype up the China threat theory, casting away imagined demon. [00:33:48] Think about what happened with the lockdown. Have you heard about any sort of shortage shortage in semiconductors in computer chip? Yeah, of course you have. We've got major automobile manufacturers that have had to shut down lines, shut down shifts because they can't get the computers to control the cars. [00:34:12] Cars are being shipped without seat heaters. They're being shipped without electric windows, even because they cannot get the chips. And that's because of a lock. Not a war, not China invading Taiwan. You see the problem is that Taiwan makes almost all of our chips that are used today in computers. and then China assembles much of the computer technology that we have today now. [00:34:49] Yes, the, the top quality, the top technology manufacturing devices for chips comes from the [00:35:01] United States, but it's sitting in Taiwan. So this becomes a very, very big problem. So let's talk about Apple's disaster scenario, cuz it's, it's absolutely horrifying because apple is hugely dependent on Taiwan. You've got the, a series M series S series chips all fabricated by TSMC that's Taiwan, semiconductor manufacturing company. [00:35:30] Almost all of the apple production takes place in the company's plants. Within Taiwan, an armed conflict would have a devastating impact on Taiwan and its people and would cause massive disruption to manufacturing operations. What kind of manufacturing? Semiconductor who needs semiconductors? Pretty much everybody in the United States. [00:35:58] Even if you are not reliant on high tech in your manufacturing, uh, you know, to include chips in your designs, which really light bulbs have computer chips in them nowadays, you are reliant on semiconductors for your manufacturing lines themselves, the controllers that are there, the robots that are. So the second point in this nine to five article is that it's inevitable that the us and most of the rest of the world would respond to the Chinese takeover of Taiwan. [00:36:36] The same way that the world has responded to the Russian invasion of Ukraine. And that is sanction. So think about that. Let's say that China just marches in and takes over. No bloodshed, no buildings destroyed no problem with shipping, but we would all implement sanctions. Now, if the sanctions are as wide ranging as the ones that have been imposed on Russia, apple could no longer give any business to Chinese companies. [00:37:14] which is where the vast majority of the apple products are manufactured. That's your iPhones, your iPads, your apple watches, your Mac, you name. The greatest volume of every apple product is assembled in China with a lot of the components made there as well and made in Taiwan. So we just cannot overlook the threat that it's posing to apple. [00:37:40] And the facts that the fact that the, uh, heads of the MI five and FBI have chosen for the first time ever to raise this scenario as a real and present danger. So it's something that's gotta be terrifying, apple senior execs. Now we've been talking about apple here, but we're really talking about every. [00:38:03] Four GM Chrysler all have parts that are coming using just in time inventory techniques from China and from Taiwan. The same thing is true for our European partners. Look at VW. They're just in time manufacturing. Also relies on Taiwan and on China for the parts to arrive just in time. Now, many parts are coming from different parts of the world. [00:38:35] Many of our companies are smartening up saying, well, maybe we don't want to make everything in China. A lot of it's moving to different parts of Southeast. and it it's helping a lot of people in Southeast Asia. Some of this stuff is actually moved from China to different countries in Africa, particularly when we're talking about textile operations. [00:39:01] but you are not gonna be able to get your windows PC either because your windows PC needs those chips, whether it's made by Dell quote unquote made by Dell, right? Who, who gets parts and they're sitting in the parts bins, and they assemble your computer for you or HP or Cisco, or whoever makes your. So this is a huge, huge deal. [00:39:28] Absolutely crazy deal. The Chinese takeover of Taiwan. And I think that this war in Ukraine that was started by Russia has been a blessing in disguise for every last one of us, because China's ambitions to take over Taiwan, I think have been stalled. because of what they have seen in Ukraine, but also because Russia is a partner with China in so many ways, China and India have been buying oil and gas from Russia at substantially discounted prices because of the Ukraine war. [00:40:13] So China doesn't want to step on Russia's foot. They have seen what the sanctions have done to Russia. In some ways they've really helped the Russian economy because now they're getting people buying rubles so that they can buy the oil from Russia instead of using the us dollar, the petrol dollar that's been in place for so long. [00:40:36] So it, you know, sanctions are a two edge sword. Ultimately I think they. Us more than they hurt Russia and they would hurt China more than they hurt us. But what we're looking at is a short period period of time, relatively speaking, transitory, that we would be hurt pretty badly because of the sanctions. [00:41:00] I mean really badly. Oh, my goodness. The things that these, uh, modern administrations have been doing, right. Oh, I wish it was, was different. Uh, let's talk a bit about the Z. He has made what a ink magazine is calling a huge mistake and ink is predicting. It really could destroy meta and Facebook. [00:41:26] Zuckerberg came out and said in public, realistically, there are probably a bunch of people at the company who should not be here. Zuckerberg said he's turning up the heat. And he's really adding some unnecessary pressure, making a bad situation, worse and prioritizing ruthlessly. As he said, with stricter management and monitoring of employee performance is moving a lot of. [00:41:57] People into second place, third place, it's prioritizing the bottom line while forgetting the people who are responsible for the company's success. So expect a real down environment as employees move, frankly, out of meta and Facebook. And then of course the whole thing that happened recently with Carol Sandberg over there a second in command. [00:42:25] I guess it's kind of a mess. Hey, visit me online. Make sure you get my newsletters. Craig Peter san.com/subscribe. [00:42:34] Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? You know, did you fall victim for that? Hey, upload your contacts. We'll find your friends. Well, they don't know where your data is. [00:42:51] This whole thing with Facebook has kind of exploded here lately. [00:42:56] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes now, you know, there's always a lot of rumors about different companies and particularly when they're big company and the, the news headlines are kind of grabbing your attention. [00:43:30] And certainly Facebook can be one of those companies. So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal data? well, it came from a leaked document. Yeah, exactly. So I, we find out a lot of stuff like that. Right. I used to follow a, a website about companies that were going to go under and they posted internal memos. [00:44:04] It basically got sued out of existence, but there's no way that Facebook is gonna be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So of course, if you're older, we used to call those TIAL waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:44:33] So Facebook internally, they, their engineers are trying to figure out, okay, so how do we deal? People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:44:57] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How are they all CATA categorized? Now we've got the European union. With their gen general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:45:22] That's not my specialty. My specialty is the cybersecurity side. But in article five, this European law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected and used for a specific purpose and not reused for another purpose. [00:46:00] So there's an example here that vice is giving in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, you know, feature as well as. Advertisers. Yeah. Interesting. Eh, so Gizmoto with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice. [00:46:27] Cuz this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. And most people. Right. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online and nothing. [00:46:48] Right? I think I probably even uploaded it back then thinking, well, that'd be nice to see if I got friends here. We can start chatting, et cetera. Well, according to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal me, uh, memo, this European regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leak document shows that Facebook may not even have the ability to limit. [00:47:24] how it handles users data. Now I was on a number of radio stations this week, talking about this and the example I gave, I is just look at an average business from the time it start, you know, Facebook started how right. Well, you scrape in pictures of young women off of Harvard universities. Main catalog, right. [00:47:48] Contact page, and then asking people, well, what do you think of this rate? This person rate that person and off they go, right. Trying to rate them. Yeah, yeah, yeah. All that matters to a woman, at least according to mark Zuckerberg or all that matters about a woman is how she looks. Right. Do I think she's pretty or not ridiculous what he was doing? [00:48:08] I, it just, oh, that's Zuckerberg, right? That's. Who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then opening up even wider and wider. [00:48:33] And of course, that also created demand cuz you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certain you're starting to collect data and you're making more money than God. So what do you do? Well, you don't have to worry about inefficiencies. [00:48:54] I'll tell you that. Right. One thing you don't have to do is worry about, oh, GE we've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that, uh, money to this group or that group. [00:49:16] And they put together all of the basic information, right. That, that they want. They are. Pulling it out of this database and that database, and they're doing some correlation writing some really cool sequel queries with some incredible joins and everything else. Right. And now that becomes part of the main code for Facebook. [00:49:38] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, uh, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And, uh, they, one of the groups inside Facebook says, yeah, yeah, yeah, here, here we go. [00:50:03] Here's all of the information we have about everybody and it's free. Don't worry about it. Right. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No, no, no, but, but the Obama. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:50:30] And according to this internal memo, they still don't know. They don't even know if they can possibly, uh, comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the us Canada of course, has their own Australia, New Zealand think about all the places. [00:50:53] Facebook makes a lot of money. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water. [00:51:15] Okay. And it flows every. The document red. Right. So how do you put that ink back in the bottle, in the right bottle? How do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from it? Apparently they don't even know where they got some of this information. [00:51:39] This data from kind of reminds me of the no fly list. Right. You don't know you're on it and you can't get yourself off of it. Right. It is kind of crazy. So this document that we're talking about was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of a monetization strategy monetization strategy. [00:52:06] And is the engine that powers Facebook's growth. interesting, interesting problems. And, and I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And I've talked about as well along comes Elon Musk and he says, well, wait a minute now. [00:52:28] Now I can make Twitter way more profitable. We're gonna get rid of however many people it's well over a thousand, and then we are going to hire more people. We're gonna start charging. We're gonna be more efficient. You can bet all of these redundancies that are in Facebook are also there on Twitter. and Twitter also has to comply with all of these regulations that Facebook is kind of freaking out about. [00:52:56] Well, it, for really a very good reason. So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does, but most companies, right. [00:53:21] You grow. I, I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be, because it grew organically. Right. You, you started out with a little consumer firewall, router and wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. [00:53:44] This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:54:03] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian looters. [00:54:20] Thanks for being with me today. I really appreciate it. And I'm honored, frankly, to be in front of this microphone. , this is really something, you know, we, we know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that that looting is kept to an absolute minimum. [00:54:43] Certainly the Americans, the British, even the Nazis during world war II, the, the, uh, the socialists they're in. Germany, uh, they, they tried to stop some of the looting that was going on. I, I think that's probably a very good thing, right. Because what you end up with is just all of these locals that are just totally upset with you. [00:55:12] I found a great article on the guardian and there's a village. Had been occupied for about a month by Russian troops and the people came back, they are just shocked to see what happened. They're giving a few examples of different towns. They found that alcohol was stolen and they left empty bottles behind food rappers, cigarette butts, thrown all over the place in apartments and homes. [00:55:41] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the clothes. This is a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and lingerie. This is really, really something. Uh, it, the Soviets didn't do this, but now Russian. [00:56:05] Military apparently does. So over the past couple of weeks, there've been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidences suggests looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:56:32] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto Euro trucks, everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioners. [00:56:56] Being shipped back, just like, you know, you might use ups here, they have their equivalent over there. A lady here who was the head teacher in the school. She came back in, of course, found her home Lood and in the head teacher's office. she found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're gonna destroy it. [00:57:22] They don't only leave anything behind. They found the Russians had taken most of the computers, the projectors and other electronic equipment. It, it, it's incredible. So let's talk about the turnaround here. A little. You might have heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:57:42] So they get into the apple store. They grab laptops on iPads, no longer iPods, cuz they don't make those anymore. And I phones. And they take them and they run with them. Well, nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is, is they take some parts and use them in stolen equipment. [00:58:09] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:58:32] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, let's say they put 'em on wifi. They don't get a SIM card. They don't. service from T-Mobile or Verizon or whoever it might be. So now they disconnect to the wifi and it calls home, cuz it's gonna get updates. [00:58:52] So on download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erased, et cetera. [00:59:18] Now, police have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're, they're doing things like putting them into Fairday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:59:42] You steal it. It's not gonna do you much. Good. So one of the things the Russian stole when they were in, uh, it's called, uh, I think you pronounce it. Uh, Mela me pole, uh, which is again, a Erian city is they stole all of the equipment from a farm equipment dealership and shipped it to Chenia. Now that's according to a source in, uh, a businessman in the area that CNN is reporting on. [01:00:15] So they shipped this equipment. We're talking about combines harvesters worth 300 grand a piece. They shipped it 700 miles. and the thieves were ultimately unable to use the equipment, cuz it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [01:00:42] It's autonomous. It goes up and down the fields. Goes any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, right. Of your property being very, very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [01:01:08] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a, what not terribly profitable business. It certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? Well, what they do is they lease it. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [01:01:36] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not gonna come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [01:02:02] Right? You see where I'm going with this so that they can get their equipment in the hands of more farmers cuz the farmers can lease it. It costs them less. They don't have to have a big cash payment. Right? You see how this all works. So when the Russian forces stole this equipment, that's valued. Total value here is about $5 million. [01:02:23] They were able to shut it all. And obviously, if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and you know, there's pros and cons to that. I think there's a lot of cons, but, uh, what are you gonna do? How's that gonna work for you? Well, it. Isn't going to work for you. [01:02:44] And they were able to track it. It had GPS trackers find out exactly where it was. That's how they know it was taken to Chenia and could be controlled remotely. And in this case, how'd they control it. Well, they completely. Shut it off. Even if they sell the harvesters for spare parts, they'll learn some money, but they sure can be able to sell 'em for the 300 grand that they were actually worth. [01:03:10] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show note. And every week I have a quick five. Training right there in your emails, Craig Peter san.com. That's S O N in case you're wondering. [01:03:36] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're gonna talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world. [01:03:51] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [01:04:03] We had improved all of their systems and their security and one of their. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine, all of a sudden TA, guess what it had ransomware on it. One of those big reds. [01:04:25] Greens that say pay up is send us this much Bitcoin. And here's our address. Right. All of that sort of stuff. And he called us up and said, what what's going on here? What happened? Well, first of all, don't bring your own machine into the office. Secondly, don't open up particularly encrypted files using the password that they gave. [01:04:48] and thirdly, we stopped it automatically. It did not spread. We were able to completely restore his computer. Now let's consider here at the consequences of what happened. So he obviously was scared. Uh, and within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. [01:05:16] So the consequences there, they, they weren't that bad. But how about if it had gotten worse? How about if they ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. Right. Would, do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [01:05:43] Right? Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. Well, I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [01:06:10] And if you're interested, I can send you, I I've got something. I wrote up. Be glad to email it back to you. Uh, obviously as usual, no charge. and you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [01:06:34] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's two, two factor, right. First is they've encrypted your data. You can't get to it. And then the second side of that is okay, well, I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they they'll put it out there. [01:06:58] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing, uh, you can lose your license for your business. You can U lose your ability to go ahead and frankly, uh, make loans and work with financial companies and financial instruments. [01:07:22] It could be a very, very big deal. so there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And we, again, we've got a client that, uh, we picked up afterwards. That, uh, yes, indeed. They lost all of the money in their operating account. [01:07:47] And, uh, then how do you make payroll? How do you do things? Well, there's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [01:08:07] Uh, one is by the way, KTI, which is a big ransomware gang that also got hacked after they said we are going to attack anyone that. Uh, that doesn't defend Vlad's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. Uh, first of all, the largest ransom demand is $50 million. [01:08:36] And that was in 2021 to Acer big computer company. Now 37% of businesses were hit by ransomware. In 2021. This is amazing. They're they're expecting by 2031. So in about a decade, ransomware is gonna be costing about $265 billion a year. Now on average, uh, Ransomware costs businesses. 1.8, 5 million to recover from an attack. [01:09:08] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? Right? If you're a car dealer, you have a to print money, right? You you're selling car model or cars from manufacturer X. And now you have the right to do that and they can remove that. [01:09:31] Right? How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, 20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom demand. So about her third paid ransom demand. [01:09:56] Last. it's it's actually down. Cuz my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it's it's a little, little better than 50%, but 65% of pain victims recovered their data. [01:10:26] Now isn't that absolutely amazing. Now 57% of companies are able to recover the data using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get backed? Probably took weeks, right? [01:10:50] For a, a regular computer over a regular internet line. Now restoring from backup's gonna be faster because your down link is usually faster than your uplink. That's not true for businesses that have real internet service, like, uh, ours. It it's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [01:11:13] So it's very, very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be incredibly expensive for you incredibly. So here you. The number one business types by industry for ransomware tax retail. [01:11:46] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware, conscious of doing what, of keeping their data secure of having a good it team, a good it department. So there's your bottom line. [01:12:14] Uh, those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And so, as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [01:12:40] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to Craig peterson.com. And I'll also send you my special report on how to do passwords stick around will be right back. [01:12:58] You know, you and I have talked about passwords before the way to generate them and how important they are. And we we'll go over that again a little bit in just a second, but there is a new standard out there that will eliminate the need for passwords. [01:13:15] Passwords are kind of an, a necessary evil, at least they have been forever. I, I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [01:13:32] Yeah, 360, you know, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements in, but you had a username. [01:14:01] You had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang. And, uh, his password was always some sort of a combination of RA Lang. So it was always easy to guess what his, what his password was. Today, it has gotten a lot worse today. We have devices with us all of the time. [01:14:24] You might be wearing a smart watch. That requires a password. You of course probably have a smart phone. That's also maybe requiring a password, certainly after boots nowadays they use fingerprints or facial recognition, which is handy, but has its own drawbacks. But how about the websites? You're going to the systems you're using when you're at work and logging in, they all require passwords. [01:14:54] And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for, for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to log. Now that's really kind of an interesting thing, right? [01:15:22] Just looking at it because we're, we're so used to having this password only authentic. And of course the, the thing to do there is make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe mix. [01:15:44] Upper lowercase a little bit. In those words, those are the best passwords, you know, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cuz I use a completely different password for every website and right now, Let me pull it up. [01:16:06] I'm using one password dot com's password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. Entries here in my password manager, 3,100. That is a whole lot of passwords, right? As well as, um, software licenses and a few other things in there. [01:16:34] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I, I really do like that. Uh, some others that I've liked in the past include last pass, but they really messed. With some of their cybersecurity last year and I lost, lost my faith in it. [01:16:56] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless sign in. and they're gonna make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [01:17:20] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're gonna work with the Fido Alliance and they're gonna create this passwordless future. Which I like this idea. So how does this work? Well, basically you need to have a smartphone. [01:17:39] This is, I'm just gonna go with the most standard way that this is going to work here in the future. And you can then have a, a. Pass key. This is kind of like a multifactor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, I'm giving a password and then it comes up and it asks me for a code. [01:18:03] So I enter an a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password dot. In order to generate that code. So that's how I log into Microsoft sites and Google sites and all kinds of sites out there. So it's kind of a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses. [01:18:31] We have biometrics tied in as. so to log into our systems, I have to have a username. I have to have a password. Uh, I then am sent to a single sign on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am. [01:18:56] So, yeah, there's a lot there, but I have to protect my customer's data. Something that very, very few it's crazy. Um, actual so-called managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list. [01:19:21] I'll send that to you. That's what we're sending out right now for anyone who signs up new@craigpeterson.com. And if you'd like a copy of it and you're already on the list, just go ahead and email me M E. At Craig peterson.com and ask for the password special report where I go through a lot of this sort of thing. [01:19:39] So what will happen with this is you go to a website and it might come up with a QR code. So you then scan that QR code with your phone and verify it, authorize it on your phone. You might again have it set up so that your phone requires a facial recognition or perhaps it'll require a fingerprint. And now you are in. [01:20:02] Which is very cool. They fix some security problems in Fido over the last few years, which is great over the coming year. You're g

united states god ceo new york tiktok canada halloween donald trump australia europe google kids uk china apple mexico training real americans british germany miami africa russia office chinese arizona european depression ukraine elon musk russian microsoft evil new jersey team public new zealand iphone barack obama harvard security fbi pass cnn bitcoin nazis military product medical walmart diy dying pc dangerous als cars euro gm id mac flash boy venezuela taiwan wikipedia ipads trend gps sec privacy ukrainian ibm mark zuckerberg perspective intel sim visual oil excel shut pulling southeast asia user ge mount rushmore hp southeast confirmed ipods cisco qr verizon powerpoint makes gdpr passwords apologize java tooth greens vlad automatic upper bud electrical ransomware nevermind t mobile nt vw tencent firefox macros john deere checkpoint advertisers reportedly soviets semiconductors entries mozilla choking cutler cuz internally fido tsmc cha cha piles cra acer cata unix webex vms motherboard benadryl mdm puzzled lpn ntf google microsoft andrew lang ostro fido alliance lood als lou gehrig surgically jcl christopher ray technica craig peterson erian kti

Christians in Congress

Triple F Podcast

Play Episode Listen Later Jul 7, 2022 28:21

Christians in government represent their values and their respective churches. So what happens when a professed member goes against their faith values? Fr. Mark Gantley, JCL, joins Eva and Jim to talk about why people can be denied communion when they don't follow church teachings.

christians congress jcl

How Private is Crypto? What About WhatsApp and Signal?

Play Episode Listen Later Jun 18, 2022 82:20

How Private is Crypto? What About WhatsApp and Signal? Cryptocurrencies were thought to be like the gold standard of security, of having your information stay private. Maybe you don't want to use regular currency and transactions. It's all changed. [Automated transcript follows.] [00:00:14] We have had such volatility over the years when it comes to what are called cryptocurrencies. [00:00:21] Now I get a lot of questions about cryptocurrencies. First of all, let me say, I have never owned any cryptocurrencies and I do not own any crypto assets at all. Most people look at crypto currencies and think of a couple of things. First of all, an investment. An investment is something that you can use or sell, right? [00:00:42] Typically investments you don't really use. It's like a house. Is it an investment? Not so much. It's more of a liability, but people look at it and say listen, it went from what was a 10,000. Bitcoins to buy a pizza to, it went up to $50,000 per Bitcoin. There's a pretty big jump there. [00:01:03] And yeah, it was pretty big. And of course, it's gone way down and it's gone back up and it's gone down. It's gone back up. But the idea of any kind of currency is can you do anything with the currency? You can take a dollar bill and go and try and buy a cup of coffee. Okay. A $10 bill and buy a cup of coffee in most places anyways. [00:01:26] That sounds like a good idea. I could probably use a cup of coffee right now and get a tickle on my throat. I hate that. But if you have something like Bitcoin, where can you spend it? You might remember Elon Musk was saying, yeah, you can use Bitcoin to buy a Tesla. Also Wikipedia would accept donations. [00:01:45] Via Bitcoin, there were a number of places online that you could use. Bitcoin. In fact, there's a country right now in south central America that has Bitcoin as its currency. That's cool too. When you think about it, what is, so what are you gonna do? Latin American country? I'm trying to remember what it is. [00:02:05] Oh yeah. It's all Salvador. The first country in the world to adopt Bitcoin is an official legal tender. Now there's a number of reasons they're doing that and he can do it basically. If you got a dictator, you can do almost anything you want to. So in El Salvador, they've got apps that you can use and you can go and buy a tree taco using Bitcoin using their app. [00:02:31] So there you go. If you have Bitcoin, you can go to El Salvador and you can buy all of the tacos and other basic stuff you might wanna buy. But in general, No you can't just go and take any of these cryptocurrencies and use them anywhere. So what good are they as a currency? we already established that they haven't been good as an investment unless you're paying a lot of attention and you're every day buying and selling based on what the movement is. [00:02:59] I know a guy that does exactly that it's, he's a day trader basically in some of these cryptocurrencies, good for. But in reality, is that something that makes sense in a long term? Is that going to help him long term? I don't know. I really don't because again, there's no intrinsic value. [00:03:18] So some of the cryptocurrencies have decided let's have some sort of intrinsic value. And what they've done is they've created what are generally known as stable coins. And a stable coin is a type of cryptocurrency that behind it has the ability to be tied to something that's stable. So for instance, one that really hit the news recently is a stable coin that is tied to the us dollar. [00:03:46] And yet, even though it is tied to the us dollar and the coin is a dollar and the dollar is a coin. They managed to get down into the few pennies worth of value, kinda like penny. so what good was that, it has since come back up, some are tied to other types of assets. Some of them say we have gold behind us. [00:04:09] Kinda like what the United States used to do back when we were on the gold standard. And we became the petrol dollar where countries were using our currency are us dollars, no matter which country it was to buy and sell oil. Things have changed obviously. And we're not gonna talk about. The whole Petro dollar thing right now. [00:04:30] So forget about that. Second benefit. Third benefit is while it's crypto, which means it's encrypted, which means we're safe from anybody's spine on us, anybody stealing it. And of course that's been proven to be false too. We've seen the cryptocurrencies stolen by the billions of dollars. We've seen these cryptocurrencies lost by the billions of dollars as well. [00:04:58] That's pretty substantial. We get right down to it, lost by the billions because people had them in their crypto wallets, lost the password for the crypto wallet. And all of a sudden, now they are completely out of luck. Does that make sense to you? So the basic. Idea behind currency is to make it easier to use the currency than to say, I'll trade you a chicken for five pounds of nail. [00:05:25] Does that make sense to you? So you use a currency. So you say the chicken is worth five bucks. Actually chicken is nowadays is about $30. If it's a LA hen and those five pounds of nails are probably worth about $30. So we just exchanged dollars back and forth. I think that makes a lot of sense. One of the things that has driven up the value of cryptocurrencies, particularly Bitcoin has been criminal marketplaces. [00:05:53] As you look at some of the stats of ransoms that are occurring, where people's computers are taken over via ransomware, and then that person then pays a ransom. And what happens when they pay that ransom while they have to go find an exchange. Pay us dollars to buy cryptocurrency Bitcoin usually. And then they have the Bitcoin and they have to transfer to another wallet, whether or not the bad guys can use the money. [00:06:25] Is a, again, a separate discussion. They certainly can than they do because some of these countries like Russia are going ahead and just exchanging the critical currencies for rubs, which again, makes sense if you're Russia. Now we have a lot of criminals that have been using the Bitcoin for ransoms businesses. [00:06:49] Publicly traded businesses have been buying Bitcoin by the tens of millions of dollars so that they have it as an asset. In case they get ransom. Things have changed. There's a great article in NBC news, by Kevin Collier. And Kevin's talking about this California man who was scammed out of hundreds of thousands of dollars worth of cryptocurrency. [00:07:15] Now this was a fake romance scam, which is a fairly common one. It. It tends to target older people who are lonely and a romance starts online and they go ahead and talk and kind of fall in love. And it turns out she or he has this really almost terminal disease. If only they had an extra, a hundred thousand dollars to pay for the surgery. [00:07:45] You, you know the story, so he was conned out of the money. What's interesting to me is how the investigation and investigative ability has changed over the years. Probably about five years ago, I sat through a briefing by the secret service and. In that briefing, they explained how they had gone and very, quite cleverly tracked the money that was being sent to and used by this dark web operator who ran a site known as a silk road. [00:08:22] And that site was selling illegal things online. Oh, and the currency that they were tracking was Bitcoin. Yes, indeed. So much for cryptocurrency being secure it, five years ago, the secret service was able to do it. The FBI was able to do it and they couldn't do a whole lot about it. But part of the problem is all of your transactions are a matter of public record. [00:08:52] So if someone sends you a fraction of a Bitcoin. That is now in a ledger and that ledger now can be used because when you then spend. Fraction of a Bitcoin somewhere else, it can be tracked. It is tracked is a hundred percent guaranteed to be tracked. And once it's tracked government can get in. [00:09:15] Now, in this case, a deputy district attorney in Santa Clara county, California, was able to track the movement of the cryptocurrency. Yeah. So this district attorney, okay. Deputy district attorney, not the FBI, not the secret service, not the national security agency, a local district attorney in Santa Clara county, California, not a particularly huge county, but. [00:09:44] She was able to track it. And she said that she thinks that the scammer lives in a country where they can't easily extradite them. And so they're unlikely to be arrested at any time soon. So that includes countries like Russia that do not extradite criminals to the United States. Now getting into the details. [00:10:03] There's a great quote from her in this NBC news article, our bread and butter these days really is tracing cryptocurrency and trying to seize it and trying to get there faster than the bad guys are moving it elsewhere, where we can't. Grab it. So she said the team tracked the victim's money as it bounced from one digital wallet to another, till it ended up at a major cryptocurrency exchange where it appeared the scammer was planning to launder the money or cash out, they sent a warrant to the exchange. [00:10:35] Froze the money and she plans to return it to the victim. That is a dramatic reversal from just a few years back when cryptocurrencies were seen as a boon for criminals. Amazing. Isn't it? Stick around. We get a lot more to talk about here and of course, sign up online Craig peterson.com and get my free newsletter. [00:11:01] There have been a lot of efforts by many companies, Microsoft, apple, Google, to try and get rid of passwords. How can you do that? What is a password and what are these new technologies? Apple thinks they have the answer. [00:11:17] Passwords have been the bane of existence for a long while. And if you'd like, I have a special report on passwords, where I talk about password managers, things you can do, things you should do in order to help keep your information safe, online things like. [00:11:34] Bank accounts, et cetera. Just email me, Craig peterson.com and ask for the password special report and I'll get it to you. Believe me it's self-contained it's not trying to get you to buy something. Nothing. It is entirely about passwords and what you can do again, just email me, me@craigpeterson.com and we'll get right back with you. [00:11:56] Give us a couple of days, passwords are a problem. And over the years, the standards for passwords have changed. I remember way back when some of the passwords might be 2, 3, 4 characters long. and back then, those were hard to crack. Then Unix came along. I started using Unix and when was that? [00:12:16] Probably about 81. And as I was messing around with Unix, I. They used to had a couple of changes in how they did passwords. They added assault to it. They used basically the same cipher that the Germans used in world war II, that enigma cipher, which again was okay for the times today, we have much more powerful ciphers and the biggest concern right now, amongst real cybersecurity people. [00:12:43] Government agencies is okay. So what are we going to do when these new quantum computers come along with their artificial intelligence and other things, that's going to be a bit of a problem because quantum computers are able to solve problems in fractions of a second. Even that traditional computers cannot solve it. [00:13:10] It's a whole different thing. I want you to think. Something here. I, if you have a handful of spaghetti now we're talking about hard spaghetti, not cooked spaghetti and they all dried out and they are a varying links. How could you sort those into the smallest to largest, if you will, how could you find which ones were the longest, perhaps? [00:13:37] Which ones were the shortest? There's an analog way of doing that and there's a digital way of doing that. So the digital way for the computer would be. To measure them all and compare the measurements and then identify how long the longest one was. And then maybe you'd have to go back and try and find that. [00:13:55] So you can imagine that would take some time, the analog way of doing that. Cuz there still are analog computers out there and they do an amazing job in certain tasks, but the analog way of doing that is okay. So you take that bundle of various length spaghetti and you slam it on the table. What's gonna happen while those pieces of dried spaghetti are going to self align, right? [00:14:22] The shortest ones are going to be down at the bottom and the tallest one's gonna be sticking out from the top. So there you go. There's your tallest, your longest pieces of spaghetti, and it's done. Instantly. So that's just an idea here, quantum, computing's not the same thing, but that's a comparison really of digital and analog computers, but it's the same type of thing. [00:14:45] Some of these problems that would take thousands of years for digital computer. To work out, can just take a fraction of a second. It's absolutely amazing. So when we're looking at today's algorithms, today's programs for encrypting things like military information, secret telegrams, if you will going back and forth in inside the secretary of state embasies worldwide. [00:15:10] Today they're considered to be quite secure, but with quantum computing what's gonna happen. So there are a lot of people out there right now who are working on trying to figure out how can we come up with an algorithm that works today with our digital computers and can be easily solved by quantum computer. [00:15:34] We have a pretty good idea of how quantum computers are going to work in the future, how they work right now, but this really gets us to the next level, which is cool. Franklin. That's a little bit here about cybersecurity. How about you and your password? How does this all tie in? [00:15:51] There are a few standards out there that people have been trying to pass is it's no longer the four character password you might remember. Oh, it needs to be eight to 10 characters, random mix of upper lowercase, special digits, character numbers. You remember those? And you should change it every 30 days. [00:16:09] And those recommendations changed about three or four years ago when the national Institute of standards and technology said, Hey guys pass phrase is much better than the, what we've been doing because people are gonna remember it and it can be longer. So if you are using I have some past phrases I use that are 30 characters or more. [00:16:33] And I mix up the case and I mix up mix ins on special characters and some numbers, but it's a phrase that I can remember and I have different phrases for different websites. Cause I use a password manager right now. I have about 3,100 entries in my password manager. That's a lot. And I bet you have a lot more passwords or at least a lot more websites and accounts than you realize. [00:17:03] And so that gets to be a real problem. How do you make all of this work and make it easy for people? One of the ways that that. They're looking at using is something called the Fido alliances technique. And the idea behind Fido is actually similar to what I do right now. Cause I use one password.com. [00:17:24] I have an app on my phone and the phone goes ahead and gives me the password. In fact, it'll. Put it in. I have plugins in my browsers. It'll put it right into the password form on the website. And then it'll ask me on my phone. Hey, is that really you? And I'll say yes, using duo and TA I'm logged in it's really quite cool. [00:17:48] Fido is a little different than that, but the same, the whole idea behind Fido is you registered a website and the website will send a request to the Fido app. That's on your phone. So now on your phone, you'll use biometrics or maybe one time pass key, those six digit keys that change every 30 seconds. [00:18:13] And so now you on your phone, you say yeah. That's me. That's good. That's me. Yeah. Okay. And then the app will exchange with the website using public key cryptography. A public key and it's gonna be unique public key for that website. So it'll generate a private key and a public key for that website. [00:18:35] And now TA a, the website does not have your password and cannot get your password. And anytime you log in, it's going to ask you on your smartphone. Is this. And there's ways beyond smartphones. And if you wanna find out more about passwords, I've got, again, that free, special report, just Craig peterson.com. [00:18:59] Email me, just email me@craigpeterson.com and I'll make sure we send that off to you and explains a lot about passwords and current technology. So Fido is one way of doing this and a few different companies have gone ahead and have invested some. Into final registration, because it requires changes on the websites as well in order to. [00:19:25] With Fido. Now you might use a pin, you might use the biometrics, et cetera, but apple has decided they've come up with something even better. Now there's still a lot of questions about what apple is doing, but they are rolling it into the next release of iOS and also of Mac operating system. And you'll be able to use that to secure. [00:19:48] Log into websites. I think Apple's gonna get a lot of traction on this and I think it's gonna be better for all of us involved here. We'll see. There's still a lot of UN unanswered questions, but I'll keep you up to date on this whole password technology stick around. [00:20:08] There are ways for us to communicate nowadays easy ways, but are the easy ways, the best ways, the question here, frankly. And part of this answer has to do with WhatsApp and we'll talk right now. [00:20:23] Many people have asked me about secure messaging. You probably know by now that sending text messages is not secure. [00:20:34] In fact, it could be illegal if you have any personal information about. Patients or maybe employees, you just can't send those over open channels. So what apple has done for instance is they've got their messaging app and if the message is green, it's just reminding you that this is a text message. Now they stuck with green because that was the industry's standard. [00:21:01] Green does not mean safe in the apple world when it comes to iMessage. Blue does. So they've got end to end encryption. So if the message is blue, that means the encryptions in place from side to side, there are on the other end of the spectrum. There are apps like telegram, which are not. Particularly safe. [00:21:22] Now, telegram has pulled up it socks a little bit here, but in order to have end to end encryption and telegram, you have to manually turn it on. It is not on by default. I also personally don't trust telegram because of their background, things that they've done in the past. Avoid that. [00:21:43] WhatsApp is something I've been asked about. I had a family member of a service member who was overseas, ask if WhatsApp was safe for them to communicate on cuz they didn't want third parties picking. Private messages, things you say and do online with friends and family are not necessarily things there are for public consumption. [00:22:06] So the answer that I gave was yeah, you might remember Facebook getting WhatsApp. They bought it and deciding they were going to make some changes to the privacy settings in. now that was really a big mistake. They said we're gonna add advertisements. How are you going to effectively advertise? [00:22:27] If you don't know what we're talking about, have you noticed advertising platforms? If you look up something or someone else in your house looks up something, if your neighbors are looking up, they assume that you might be interested in it as well. So what do they do? They go ahead and show you ads for that brand new pair of socks that you never really cared about, but because the algorithms in the background figured yeah, that's what you've been talking about. [00:22:55] Let's pass out your pair of socks. So if Facebook is going to. Add into WhatsApp, what's going to happen. Are they going to be monitoring what you're saying? And then sending you some of these messages, right? These ads, because of that, a lot of people started looking for a more secure. Platform and that's frankly, where Moxi Marlin spike comes in a fun name, the bloom in this case, but he started a company called signal. [00:23:30] He didn't just start it. He wrote the code for it, the server code, everything. And the whole idea behind signal was to have a guaranteed safe end to end way to communicate. A third party with a friend, a relative, et cetera. So signal is something that I've used in the past. And I used from time to time now, as well, depending on who I'm talking to. [00:23:56] And it does allow you to send messages. It does allow you to talk. You can do all kinds of stuff with it. So now there's an issue with signal. It's disappointing. Moxi has stepped down from running signal. There's a company behind it in January, 2022. And he said, the company's begin off. They can run themselves. [00:24:19] He's still on the board of direct. And the guy who's currently the head of signal is also a very privacy focused guy, which is really good too signal by the way is free. And you can get it for pretty much any platform you would care to have it for a very nice piece of software. I like what they've done. [00:24:38] Now the problem is that some of those people at signal have decided that they should have a way of making payments inside signal. So a few months ago, they went ahead and added into signal, a piece of software that allows you to send. Payments online. Now this is a little concerning and the let's talk about some of the reasons for the concern. [00:25:09] Basically what we're seeing is a cryptocurrency that Moxi himself helped to put in place now, I guess that's good cuz he understands it. It's supposedly a cryptocurrency that is privacy. Focused. And that's a good thing. What type of crypto is it? That's privacy focused. And how good is it going to be? [00:25:34] Those are all good questions, but here's the biggest problem. I think that comes from this. We've got our friends at Facebook, again, trying to add crypto payments to their various messenger and other products. We're seeing that from a lot of these communication systems, cuz they can skim a little off the top legally, charge you a fee and then make their money that way. But. What happens when you put it into an encrypted messaging app? Bottom line, a lot of bad things can happen here because now all of a sudden you come under financial regulations, right? Because you are performing a financial. Function. So now potentially here, there could be criminal misuse of the app because you could have ransomware and they say, reach us on signal. [00:26:33] Here's our signal account. And go ahead and send us crypto. it's called mobile coin by the way, this particular cryptocurrency. So now all of a sudden you are opening up the possibility of all kinds of bad things happening and your app signal, which was originally great for messaging now being used nefariously. [00:26:57] I think that's a real problem. Now, when it comes to money transfer functions with cryptocurrencies to say that they're anonymous, I think is a hundred percent a misnomer because it's really pseudo anonymous. It's never completely anonymous. So now you've increased the legal attack surface here. So now the various regulators and countries around the world can say, Hey. [00:27:26] This is no longer just a messaging app. You are using it to send money. We wanna track all money transactions. And so what does that mean? That means now we need to be able to break the encryption or need to shut down your app, or you need to stop the ability to send money. So the concern right now with signal is we really could have some legal problems with signal. [00:27:53] And we could potentially cause some real life harm. On the other side of, this is what Moi Marlin spike has been really driving with signal over the years, which is we don't want anyone to be able to break into signal. So there's a particularly one Israeli based company that sells tools that you can buy that allow you to break into smartphone. [00:28:20] And they're used by everybody from criminals. You can even buy some of these things on eBay. And they're used also by law enforcement agencies. So he found that there was a bug in one of the libraries that's used by this Israeli soft. To where that causes it to crash. And so he puts some code into signal, at least he threatened to that would cause any of the scanning software that tries to break into your smartphone to fail to crash. [00:28:53] Yeah. Yeah. Cool. Greg Peterson here, online Craig peterson.com and really you are not alone. [00:29:09] I got some good news about ransomware and some bad news about B E C business email compromise. In fact, I got a call just this just this week from someone who had in fact again, had their operating account emptied. [00:29:27] Ransomware is a real problem, but it's interesting to watch it as it's evolved over the years. [00:29:36] We're now seeing crackdowns driving down ransomware profits. Yes, indeed. Ransomware's ROI is dropping the return on investment. And so what we're starting to see is a drive towards more. Business email compromise attack. So we'll talk about those, what those are. And I have a couple of clients now that became clients because of the business email compromises that happened to them. [00:30:10] A great article that was in this week's newsletter. You should have received it Tuesday morning from me. If you are signed up for the free newsletter. Craig peterson.com/subscribe. You'll get these usually Tuesday morning. It's my insider show notes. So you can get up to speed on some of the articles I'm talking about during the week that I talk about on the radio. [00:30:38] And of course talk about here on the radio show and podcast and everything else as well. So what we're seeing here, according to dark readings, editor, Becky Bracken is some major changes, a pivot by the bad guys, because at the RSA conference, they're saying that law enforcement crackdowns try cryptocurrency regulations. [00:31:05] We've been talking about that today and ransomware as a service operator. Downs are driving the return on investment for ransomware operations across the world all the way across the globe. So what is ransomware as a service? I think that's a good place to start because that has really been an Albert Cross around our next for a long time. [00:31:30] The idea with ransomware is they get you to download some software, run some software that you really should not be running. That makes sense to you. So you get this software on your computer, it exfil trades files. So in other words, it takes files that you have sends them. Off to the bad guys. And then once it's done that, so it'll send like any word files, it finds Excel, other files. [00:32:00] It might find interesting once it's done that, then it goes ahead and encrypts those files. So you no longer have access to them and it doesn't just do them on your computer. If you share a drive, let's say you've got a Gdrive or something else on your computer that is being mounted from either another computer or maybe a server. [00:32:24] It will go ahead and do the same thing. With those files. And remember it, isn't just encrypting because if you have a good backup and by the way, most businesses that I've come into do not have a good backup, which is a real problem because their backups fail. They haven't run. I had one case where we helped the business out and it had been a year and a half since they had a successful backup and they had no. [00:32:52] They were dutifully carrying home. These USB drives every day, plug in a new one in, and the backups were not running. Absolutely amazing. So anyhow, ransomware is a service then. So they've encrypted your files. They've exfiltrated. In other words, they've taken your files and then they demand a ran. [00:33:14] So usually it's like this red screen that comes up and says, Hey all your files are belong to us and you need to contact us. So they have people who help you buy Bitcoin or whatever they're looking for. Usually it's Bitcoin and send the Bitcoin to them. And then they'll give you what's hopefully a decryption. [00:33:38] Now what's particularly interesting about these decryption keys is they work about half of the time. So in other words, about half of the time, you'll get all your data back about half the time. You will not, it's just not good. So if you are a small operator, if you are just a small, bad guy and it's you and maybe somebody else helping you, you got your nephew there helping you out. [00:34:03] How are you going to. Help these people that you're ransoming by the cryptocurrency. How are you going to threaten them with release of their documents online? Unless you have a staff of people to really help you out here? That's where ransomware's a service comes in. The whole idea behind RA is. [00:34:25] You can just be a one man shop. And all you have to do is get someone to open this file. So you go ahead and register with the ransomware service provider and they give you the software and you embed your little key in there, so they know it's you. And then you send it off in an email. You might try and mess with those people to get them to do something they shouldn't do. [00:34:49] And. That's all you have to do because once somebody opens up that file that you sent them, it's in the hand of these service guys and ransomwares the service guys. So the, these ransomwares of service people will do all of the tech support. They'll help people buy the Bitcoin. They'll help them pay the ransom. [00:35:11] They'll help them recover files, to a certain extent. Does this make sense to you? Yeah, it's kinda crazy. Now I wanna offer you, I've got this document about the new rules for backup and again, it's free. You can get it. No problem. Just go ahead and email me, me@craigpeterson.com m@craigpeterson.com because the backups are so important and. [00:35:38] Just like password rules have changed. The rules have changed for backups as well. So just drop me an email me@craigpeterson.com and ask for it and we'll make sure we send it off to you and is not trying to sell you more stuff. Okay. It's really is explaining the whole thing for you. I'm not holding anything back. [00:35:54] These ransoms, the service operators, then get the payment from you and then pay a percentage anywhere from 80% to 50%, sometimes even lower to the person who ransom due. Isn't that just wonderful. So our law enforcement people, as well as in other countries have been going after the ransomware as a service providers, because if they can shut down. [00:36:21] These RAs guys just shutting. One of them down can shut down thousands of small ransomware people. Isn't that cool works really well. So they have been shut down. Many of them there's one that just popped its head back up again. After about six months, we'll see how far they get, but it is a very big. [00:36:46] Blow to the whole industry, ransomware really because of these O as a service operators has become a centralized business. So there's a small number of operators responsible for the majority of these thousands of hundreds of thousands of attacks. Really. It's probably worse than. So couple of dis big groups are left the KTI group and lock bit, and they've got more than 50% of the share of ransomware attacks in the first half of 2022. [00:37:18] But now they're going after them. The feds. And I think that makes a whole lot of sense, because who do you go for while you go for the people who are causing the most harm and that's certainly them. So I expect they'll be shut down sometimes soon, too. Ransomware had its moment over the last couple of years, still a lot of ransomware out there, still a lot of problems, but now we're seeing B C business, email compromise tactics, and I did a. [00:37:50] At television appearance, where I was working with the the newsmaker or whatever they call them, talking heads on that TV show and explaining what was happening. And the most standard tactic right now is the gift card swindle. I should put together a little video on this one, but it was all, it's all about tricking employees into buying bogus gift cards. [00:38:18] So this good old fashioned Grif is still working. And what happened in our case is it was actually one of the newscasters who got an email, supposedly from someone else saying, Hey we wanna celebrate everybody. And in order to do that, I wanna give 'em all gift cards. So can you go out and buy gift cards? [00:38:42] And so we messed around with them. It was really fun and said, okay what denomination, how many do you think we need? Who do you think we should give them to? And of course we knew what we were doing. Their English grammar was not very good. And it was really obvious that this was not. [00:38:59] The person they were pretending to be. So that happens and it happens a lot. They got into a business email account, the email account of that newscaster. So they were able to go through their email, figure out who else was in the business, who was a trusted source inside of the business. So they could pretend that that they were that newscaster and send emails to this trusted source. [00:39:31] And today these business email compromise attacks are aimed at the financial supply chain. And once these threat actors are inside, they look for opportunities to spoof vendor emails, to send payments to controlled accounts. And the worst case I know of this is a company that sent $45 million. To a scammer. [00:39:57] And what happened here is the, this woman pretended to be the CEO who was out of the country at the time and got the CFO to wire the money to her. An interesting story. We'll have to tell it to you sometime, but it's a real problem. And we just had another one. We've had them in school districts, look, 'em up online, do a duck dot, go search for them and you'll find them right. [00:40:24] Left and center because social engineering works. And frankly, business email compromise is a clear threat to businesses everywhere. I, as I mentioned, we had one listens to the show, contact us just last week. Again, $40,000 taken out of the operating account. We had another one that had a, I think it was $120,000 taken out of the operating account. [00:40:53] And another one that had about $80,000 taken outta the operating account. Make sure you're on my newsletter. even the free one. I do weekly free trainings. Craig peterson.com. Make sure you subscribe now. [00:41:10] Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [00:41:26] It's going to be a great time today because man. This whole thing with Facebook has exploded here lately. [00:41:35] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes now, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention. [00:42:08] And certainly Facebook can be one of those companies. So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal data? It came from a leaked document. Yeah, exactly. So I, we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:42:38] It basically got sued out of existence, but there's no way that Facebook is gonna be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So of course, if you're older, we used to call those TIAL waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:43:08] So Facebook internally, they, their engineers are trying to figure out, okay, so how do we deal? People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:43:31] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How are they all CATA categorized? Now we've got the European union. With their gen general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:43:56] That's not my specialty. My specialty is the cybersecurity side. But in article five, this European law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected and used for a specific purpose and not reused for another purpose. [00:44:34] So there's an example here that vice is giving in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Eh, so Gizmoto with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice. [00:45:01] Cuz this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online and nothing. [00:45:21] I think I probably even uploaded it back then thinking that'd be nice to see if I got friends here. We can start chatting, et cetera. According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal me memo, this European regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leak document shows that Facebook may not even have the ability to limit. [00:45:53] how it handles users data. Now I was on a number of radio stations this week, talking about this and the example I gave, I is just look at an average business from the time it start, Facebook started how right. You scrape in pictures of young women off of Harvard universities. Main catalog, contact page, and then asking people what do you think of this rate? This person rate that person and off they go, trying to rate them. Yeah. All that matters to a woman, at least according to mark Zuckerberg or all that matters about a woman is how she looks. Do I think she's pretty or not ridiculous what he was doing? [00:46:35] I, it just, oh, that's Zuckerberg, right? That's. Who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then opening up even wider and wider. [00:47:00] And of course, that also created demand cuz you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certain you're starting to collect data and you're making more money than God. So what do you do? You don't have to worry about inefficiencies. [00:47:20] I'll tell you that. One thing you don't have to do is worry about, oh, GE we've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:47:41] And they put together all of the basic information, that, that they want. They are. Pulling it out of this database and that database, and they're doing some correlation writing some really cool sequel queries with some incredible joins and everything else. And now that becomes part of the main code for Facebook. [00:48:02] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says yeah here we go. [00:48:25] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the Obama. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:48:50] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the us Canada of course, has their own Australia, New Zealand think about all the places. [00:49:12] Facebook makes a lot of money. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water. [00:49:34] Okay. And it flows every. The document red. So how do you put that ink back in the bottle, in the right bottle? How do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from it? Apparently they don't even know where they got some of this information. [00:49:58] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It is crazy. So this document that we're talking about was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of a monetization strategy. [00:50:22] And is the engine that powers Facebook's growth. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And I've talked about as well along comes Elon Musk and he says wait a minute now. [00:50:41] Now I can make Twitter way more profitable. We're gonna get rid of however many people it's well over a thousand, and then we are going to hire more people. We're gonna start charging. We're gonna be more efficient. You can bet all of these redundancies that are in Facebook are also there on Twitter. and Twitter also has to comply with all of these regulations that Facebook is freaking out about. [00:51:09] It, for really a very good reason. So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does, but most companies, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be, because it grew organically. You started out with a little consumer firewall, router and wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. [00:51:54] This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:52:13] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian looters. [00:52:30] This is really something, we know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:52:45] Certainly the Americans, the British, even the Nazis during world war II the the socialists they're in. Germany they tried to stop some of the looting that was going on. I think that's probably a very good thing, because what you end up with is just all of these locals that are just totally upset with you. [00:53:10] I found a great article on the guardian and there's a village. Had been occupied for about a month by Russian troops and the people came back, they are just shocked to see what happened. They're giving a few examples of different towns. They found that alcohol was stolen and they left empty bottles behind food rappers, cigarette butts, thrown all over the place in apartments and homes. [00:53:39] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the clothes. This is a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and lingerie. This is really something. It, the Soviets didn't do this, but now Russian. [00:54:02] Military apparently does. So over the past couple of weeks, there've been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidences suggests looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:54:29] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto Euro trucks, everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioners. [00:54:53] Being shipped back, just you might use ups here, they have their equivalent over there. A lady here who was the head teacher in the school. She came back in, of course, found her home Lood and in the head teacher's office. she found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're gonna destroy it. [00:55:19] They don't only leave anything behind. They found the Russians had taken most of the computers, the projectors and other electronic equipment. It's incredible. So let's talk about the turnaround here. A little. You might have heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:55:38] So they get into the apple store. They grab laptops on iPads, no longer iPods, cuz they don't make those anymore. And I phones. And they take them and they run with them. Nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is they take some parts and use them in stolen equipment. [00:56:03] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:56:26] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, let's say they put 'em on wifi. They don't get a SIM card. They don't. service from T-Mobile or Verizon or whoever it might be. So now they disconnect to the wifi and it calls home, cuz it's gonna get updates. [00:56:45] So on download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erased, et cetera. [00:57:11] Now, police have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're doing things like putting them into Fairday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:57:36] You steal it. It's not gonna do you much. Good. So one of the things the Russian stole when they were in it's called I think you pronounce it. Mela me pole which is again, a Erian city is they stole all of the equipment from a farm equipment dealership and shipped it to Chenia. Now that's according to a source in a businessman in the area that CNN is reporting on. [00:58:06] So they shipped this equipment. We're talking about combines harvesters worth 300 grand a piece. They shipped it 700 miles. and the thieves were ultimately unable to use the equipment, cuz it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [00:58:33] It's autonomous. It goes up and down the fields. Goes any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, of your property being very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [00:58:58] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a, what not terribly profitable business. It certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? What they do is they lease it. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [00:59:26] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not gonna come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [00:59:51] You see where I'm going with this so that they can get their equipment in the hands of more farmers cuz the farmers can lease it. It costs them less. They don't have to have a big cash payment. You see how this all works. So when the Russian forces stole this equipment, that's valued. Total value here is about $5 million. [01:00:11] They were able to shut it all. And obviously, if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and there's pros and cons to that. I think there's a lot of cons, but what are you gonna do? How's that gonna work for you? It. Isn't going to work for you. [01:00:32] And they were able to track it. It had GPS trackers find out exactly where it was. That's how they know it was taken to Chenia and could be controlled remotely. And in this case, how'd they control it. They completely. Shut it off. Even if they sell the harvesters for spare parts, they'll learn some money, but they sure can be able to sell 'em for the 300 grand that they were actually worth. [01:00:57] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show note. And every week I have a quick five. Training right there in your emails, Craig Peter san.com. That's S O N in case you're wondering. [01:01:22] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're gonna talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world. [01:01:38] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [01:01:49] We had improved all of their systems and their security and one of their. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine, all of a sudden TA, guess what it had ransomware on it. One of those big reds. [01:02:12] Greens that say pay up is send us this much Bitcoin. And here's our address. All of that sort of stuff. And he called us up and said, what's going on here? What happened? First of all, don't bring your own machine into the office. Secondly, don't open up particularly encrypted files using the password that they gave. [01:02:33] and thirdly, we stopped it automatically. It did not spread. We were able to completely restore his computer. Now let's consider here at the consequences of what happened. So he obviously was scared. And within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. [01:02:59] So the consequences there they weren't that bad. But how about if it had gotten worse? How about if they ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. Would, do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [01:03:25] Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [01:03:52] And if you're interested, I can send you, I've got something. I wrote up. Be glad to email it back to you. Obviously as usual, no charge. and you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [01:04:15] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's two, two factor, first is they've encrypted your data. You can't get to it. And then the second side of that is okay I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they'll put it out there. [01:04:38] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing you can lose your license for your business. You can U lose your ability to go ahead and frankly make loans and work with financial companies and financial instruments. [01:05:00] It could be a very big deal. so there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And we, again, we've got a client that we picked up afterwards. That yes, indeed. They lost all of the money in their operating account. [01:05:24] And then how do you make payroll? How do you do things? There's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [01:05:44] One is by the way, KTI, which is a big ransomware gang that also got hacked after they said we are going to attack anyone that. That doesn't defend Vlad's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. First of all, the largest ransom demand is $50 million. [01:06:11] And that was in 2021 to Acer big computer company. Now 37% of businesses were hit by ransomware. In 2021. This is amazing. They're expecting by 2031. So in about a decade, ransomware is gonna be costing about $265 billion a year. Now on average Ransomware costs businesses. 1.8, 5 million to recover from an attack. [01:06:41] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? If you're a car dealer, you have a to print money, right? You're selling car model or cars from manufacturer X. And now you have the right to do that and they can remove that. [01:07:03] How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, 20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom demand. So about her third paid ransom demand. [01:07:27] Last. It's actually down. Cuz my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it's little better than 50%, but 65% of pain victims recovered their data. [01:07:55] Now isn't that absolutely amazing. Now 57% of companies are able to recover the data using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get backed? Probably took weeks, right? [01:08:19] For a regular computer over a regular internet line. Now restoring from backup's gonna be faster because your down link is usually faster than your uplink. That's not true for businesses that have real internet service ours. It's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [01:08:39] So it's very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be incredibly expensive for you incredibly. So here you. The number one business types by industry for ransomware tax retail. [01:09:13] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware, conscious of doing what, of keeping their data secure of having a good it team, a good it department. So there's your bottom line. [01:09:40] Those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [01:10:06] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to Craig peterson.com. And I'll also send you my special report on how to do passwords stick around will be right back. [01:10:24] You and I have talked about passwords before the way to generate them and how important they are. And we'll go over that again a little bit in just a second, but there is a new standard out there that will eliminate the need for passwords. [01:10:40] I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [01:10:49] Yeah, 360, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements in, but you had a username. [01:11:18] You had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang. And his password was always some sort of a combination of RA Lang. So it was always easy to guess what his password was. Today, it has gotten a lot worse today. We have devices with us all of the time. [01:11:40] You might be wearing a smart watch. That requires a password. You of course probably have a smart phone. That's also maybe requiring a password, certainly after boots nowadays they use fingerprints or facial recognition, which is handy, but has its own drawbacks. But how about the websites? You're going to the systems you're using when you're at work and logging in, they all require passwords. [01:12:10] And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to log. Now that's really an interesting thing, right? [01:12:37] Just looking at it because we're so used to having this password only authentic. And of course the thing to do there is make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe mix. [01:12:59] Upper lowercase a little bit. In those words, those are the best passwords, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cuz I use a completely different password for every website and right now, Let me pull it up. [01:13:21] I'm using one password dot com's password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. Entries here in my password manager, 3,100. That is a whole lot of passwords, right? As well as software licenses and a few other things in there. [01:13:48] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I really do like that. Some others that I've liked in the past include last pass, but they really messed. With some of their cybersecurity last year and I lost my faith in it. [01:14:08] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless sign in. and they're gonna make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [01:14:32] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're gonna work with the Fido Alliance and they're gonna create this passwordless future. Which I like this idea. So how does this work? Basically you need to have a smartphone. [01:14:50] This is, I'm just gonna go with the most standard way that this is going to work here in the future. And you can then have a, a. Pass key. This is like a multifactor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, I'm giving a password and then it comes up and it asks me for a code. [01:15:14] So I enter an a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password dot. In order to generate that code. So that's how I log into Microsoft sites and Google sites and all kinds of sites out there. So it's a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses. [01:15:41] We have biometrics tied in as. so to log into our systems, I have to have a username. I have to have a password. I then am sent to a single sign on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am. [01:16:06] Yeah, there's a lot there, but I have to protect my customer's data. Something that very few it's crazy. Actual managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list. [01:16:29] I'll send that to you. That's what we're sending out right now for anyone who signs up new@craigpeterson.com. And if you'd like a copy of it and you're already on the list, just go ahead and email me M E. At Craig peterson.com and ask for the password special report where I go through a

united states america god tv ceo california canada donald trump australia europe google israel business uk apple training real americans british germany russia european green depression ukraine government german elon musk russian left microsoft new zealand iphone barack obama institute bank harvard fbi pass cnn patients bitcoin nbc tesla nazis fall in love military medical idea private whatsapp crypto euro id mac platform roi ios bottom ipads gps focused israelis bc privacy ukrainian ebay ibm cryptocurrency mark zuckerberg ra blow cfo payments sim excel shut pulling signal el salvador function user ge downs latin american ipods qr verizon gdpr passwords automated greens vlad upper deputy electrical ransomware t mobile log santa clara publicly firefox john deere checkpoint advertisers soviets entries petro mozilla rsa cuz internally fido imessage piles acer fraction cata unix webex motherboard mdm froze lpn greg peterson google microsoft andrew lang fido alliance lood moxi grif gdrive jcl craig peterson erian kti kevin collier their english

Facebook Has No Idea Where Your Data Is and What They Do With It?!

Play Episode Listen Later May 13, 2022 82:20

Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes, no, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention and certainly Facebook can be one of those companies. [00:00:57] So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. It tamed from a leaked document. Yeah, exactly. So we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:01:23] It basically got sued out of existence, but there's no way that Facebook is going to be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So Gores, if you're older, we used to call those tidal waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:01:53] So Facebook, internally, their engineers are trying to figure out, okay. So how do we deal with. People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:02:16] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How were they all cat categorize now we've got the European union. With their general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:02:41] That's not my specialty. My specialty is the cybersecurity. But in article five this year, peon law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected in use for a specific purpose and not reused for another purpose. [00:03:19] As an example here, that vice has given in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Hey, so Gizmodo with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice because, and this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. [00:03:54] And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online then nothing. I think I probably even uploaded it back then thinking it'd be nice to see if I got friends here. We can start chatting, et cetera. [00:04:12] According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal memo this year, PN regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leaked document shows that Facebook may not even have the ability to live. [00:04:37] How it handles user's data. Now I was on a number of radio stations this week, talking about this. And the example I gave is just look at an average business from the time it start, Facebook started how right? Wildly scraping pictures of young women off of Harvard university. Main catalog, contact page, and then asking people what do you think of this? This person, that person. And off they go, trying to rate them. Yeah. Yeah. All that matters to a woman, at least to Courtney, to mark Zuckerberg girl, all the matters about a woman is how she looks. Do I think she's pretty or not? [00:05:15] It's ridiculous. What he was doing. It just, oh, that's zackerburg who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then open it up even wider and wider. [00:05:42] And of course, that also created demand because you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certainly starting to collect data and you are making more money than God. So what do you do? You don't have to worry about any efficiencies. [00:06:02] I'll tell you that. Right? One thing you don't have to do is worry about gee. We've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:06:24] And they put together all of the basic information, that they want. Pulling it out of this database and that database in there doing some correlation, writing some really cool CQL queries with mem credible joins and everything else. And now that becomes part of the main code for Facebook. [00:06:45] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says, yeah here we go. [00:07:09] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:07:34] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the U S Canada of course, has their own Australia and New Zealand think about all the places. [00:07:57] Facebook makes a lot of. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well-described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water and K and it flows every year. [00:08:22] The document read. So how do you put that ink back in the bottle? I, in the right bottle, how do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from? Apparently they don't even know where they got some of this information. [00:08:43] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It's crazy. So this document that we're talking about, it was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of our monetization strategy. [00:09:06] And is the engine that powers Facebook's growth. Interesting. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And then I've talked about as well along comes Elon Musk and he says wait a minute. [00:09:29] I can make Twitter way more profitable. We're going to get rid of however many people over a thousand, and then we are going to hire more people. We're going to start charging. We're going to be more efficient. You can bet all of these redundancies that are in Facebook are also there. And Twitter also has to comply with all of these regulations that Facebook is freaking out about it for a really a very good reason. [00:10:00] So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does the button. Most companies you write, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be because it grew organically. [00:10:32] Do you started out with a little consumer firewall router, wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. [00:10:52] Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:11:02] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian Looters. [00:11:19] We know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:11:32] Certainly the Americans, the British, even the Nazis during world war II the the socialists they're in. Germany they tried to stop some of the looting that was going on. I think that's probably a very good thing, because what you end up with is just all of these locals that are just totally upset with you. [00:11:57] I found a great article on the guardian and there's a village. I hadn't been occupied for about a month by Russian troops and the people came back. They are just shocked to see what happened in there. Giving a few examples of different towns. They found that the alcohol was stolen and they left empty bottles behind food wrappers, cigarette butts, thrown all over the place in apartments in the home. [00:12:26] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the closes as a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and laundry. This is really something. The Sylvia's didn't do this, but now Russia. [00:12:49] The military apparently does. So over the past couple of weeks, there have been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidence to suggest looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:13:17] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto your old trucks. Everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioner. [00:13:41] Being shipped back, just you might use ups here or they have their equivalent over there. A lady here who was the head teacher in the school, she came back in, of course, found her home looted and in the head teacher's office. She found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're going to destroy it. [00:14:07] They don't wanna leave anything behind. They found the Russian to take in most of the computers, the projectors and other electronic equipment. It's incredible. So let's talk about the turnaround here. You might've heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:14:27] So they get into the apple store. They grab laptops on iPads, no longer iPods, because they don't make those anymore. And I phone. And they take them and they run with them. Nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is they'd take some parts and use them in stolen equipment. [00:14:52] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:15:15] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, they didn't say they put them on wifi. They don't get a SIM card. They don't. Service from T-Mobile or Verizon or whoever it might be. So now they just connect to the wifi and it calls home. [00:15:33] Cause it's going to get updates and download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erase, et cetera. [00:16:00] Now, please have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're doing things like putting them into Faraday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:16:25] You steal it. It's not going to do you much. Good. So one of the things the Russian stole when they were in a it's called a, I think you pronounced. Melad Mellott DePaul which is again, a Ukrainian city is they stole all of the equipment from a farm equipment dealership and shipped it to check. Now that's according to a source in a businessman in the area that CNN is reporting on. [00:16:56] So they shipped this equipment. We're talking about combine harvesters were 300 grand a piece. They shipped it 700 miles. And the thieves were ultimately unable to use the equipment because it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [00:17:23] It's atonomous it goes up and down the field. Goes to any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, of your property being very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [00:17:49] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a what not terribly profitable business. And certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? What they do is they use. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [00:18:16] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not going to come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [00:18:41] You see where I'm going with this so that they can get their equipment in the hands of more farmers because the farmers can lease it. It costs them less. They don't have to have a big cash payment. You see how this all works. So when the Russian forces stole this equipment, that's valued, total value here is about $5 million. [00:19:02] They were able to shut it all off. And th the, obviously if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and there's pros and cons to that. I think there's a lot of cons, but what are you going to do? How's that going to work for? Isn't going to work for you. [00:19:22] And they were able to track it and had GPS trackers find out exactly where it was. That's how they know it was Tara taken to Chechnya and could be controlled remotely. And in this case, how did they control it? They completely. Shut it off, even if they sell the harvesters for spare parts to learn some money, but they sure aren't gonna be able to sell them for the 300 grand that they were actually worth. [00:19:48] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show notes. And every week I have a quick. Training right there. New emails, Craig Peterson.com. [00:20:05] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're going to talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world! [00:20:20] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [00:20:31] We had improved all of their systems and their security, and one of them. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine all of a sudden, guess what it had ransomware on it. One of those big. Green's that say, pay up and send us this much Bitcoin, and here's our address. [00:21:00] All of that sort of stuff. And he called us up and said, what's going on here? What happened? First of all, don't bring your own machine into the office. Secondly, don't open up as particularly encrypted files using a password that they gave. And thirdly, we stopped it automatically. It did not spread. [00:21:20] We were able to completely restore his computer. Now let's consider here the consequences of what happened. So he obviously was scared. And within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. So the consequences there, they weren't that bad. But how about if it had gotten worse? [00:21:47] How about if the ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. What do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [00:22:08] Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. All I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [00:22:35] And if you're interested, I can send you, I've got something I wrote up. Be glad to email it back to you. Obviously as usual, no charge. And you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [00:22:58] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's to two factor, first is they've encrypted your data. You can't get to it. And then the second side of that is okay I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they'll put it out there. [00:23:22] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing you can lose your license for your business. You can, you lose your ability to go ahead and frankly make loans and work with financial companies and financial instruments. [00:23:45] It could be a very big. So there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And again, we've got a client that we picked up afterwards. That yes, indeed. That lost all of the money in their operating account. [00:24:09] And then how do you make payroll? How do you do things? There's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [00:24:29] One is by the way, Conti, which is a big ransomware gang that also got hacked after they said we are going to attack anyone. That doesn't defend Plaid's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. First of all, the largest ransom demand is $50 million. [00:24:55] And that was in 2021 to Acer big computer company. 37% of businesses were hit by ransomware. In 2021. This is amazing. They're expecting by 2031. So in about a decade, ransomware is going to be costing about $265 billion a year. Now on average. Ransomware costs businesses. 1.8, $5 million to recover from an attack. [00:25:25] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? If you're a car dealer, you have a license to print money, right? You're selling car model or cars from manufacturers. And now you have the right to do that and they can remove that. [00:25:48] How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, $20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom. So about a third Peter ransom demand. [00:26:12] Lastly. It's actually down because my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it ends it a little better than 50%, but 65% of pain victims recovered their. [00:26:41] Now isn't that absolutely amazing. Now 57% of companies were able to recover their data, using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get back? Probably took weeks, right? [00:27:05] For a regular computer over a regular internet line. Now restoring from backups is going to be faster because your downlink is usually faster than your uplink. That's not true for businesses that have real internet service like ours. It's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [00:27:28] So it's very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be credibly expensive for you incredibly. The number one business types by industry for ransomware attacks, retail. [00:27:59] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware or conscious of doing what a, of keeping their data secure of having a good it team, a good it department. [00:28:24] So there's your bottom line. Those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [00:28:52] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to craig peterson.com. [00:29:00] You and I have talked about passwords before the way to generate them and how important they are. We'll go over that again a little bit in just a second, but there's a new standard out there that will eliminate the need for passwords. [00:29:16] Passwords are a necessary evil, at least they have been forever. I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [00:29:31] Yeah, 360, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had a remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements. [00:29:58] And, but you had a username, you had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang, and his password was always some sort of a combination of RA Lang. So it was always easy to guess what his password was. Today. It has gotten a lot worse today. We have devices with us all the time. [00:30:22] You might be wearing a smart watch. That requires a password. You course probably have a smartphone that also maybe requiring a password. Certainly after it boots nowadays they use fingerprints or facial recognition, which is handy, but it has its own drawbacks. But how about the websites? You're going to the systems you're using in you're at work and logging in. [00:30:49] They all require password. And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to. [00:31:15] Now that's really an interesting thing, right? Just looking at it because we're so used to have in this password only authenticate. And of course the thing to do there is to make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe. [00:31:41] Upper lower case a little bit. In those words, those are the best passwords, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cause I use a completely different password for every website and right now, Let me pull it up. [00:32:03] I'm using one password dot coms, password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. And trees here in my password manager, 3,100, that is a whole lot of passwords, right? As well as software licenses and a few other things in there. [00:32:30] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I really do like that. Some others that I've liked in the past include last pass, but they really meant. With some of their cybersecurity last year and I lost my faith in it. [00:32:51] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless. And they're going to make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [00:33:15] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're going to work with the Fido Alliance and they're going to create this passwordless future. Which I like this idea. So how does this work? Basically you need to have a smartphone. [00:33:33] This is, I'm just going to go with the most standard way that this is going to work here in the future, and you can then have. Passkey, this is like a multi-factor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, given a password, and then it comes up and it asks me for a code. [00:33:57] So I enter in a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password. In order to generate that code. So that's how I log into Microsoft site and Google sites and all kinds of sites out there. So it's a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses. [00:34:24] We have biometrics tied in as. So to log into our systems, I have to have a username. I have to have a password. I then am sent to a single sign-on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am. [00:34:49] Yeah, there's a lot there, but I have to protect my customers. Something that very few it's crazy. Actual managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list. I'll send that to you. [00:35:13] That's what we're sending out right now for anyone who signs up new@craigpeterson.com. And if you'd like a copy of it in you're already on the list, just go ahead and email me. At Craig peterson.com and ask for the password special report where I go through a lot of this sort of thing. So what will happen with this is you go to a website and I might come up with a QR code. [00:35:37] So you then scan that QR code with your phone and verify it, authorize it on your phone. You might again to have it set up so that your phone requires a facial recognition or perhaps it'll require a fingerprint. And now you are. Which is very cool. They fix some security problems in Fido over the last few years, which is great over the coming year. [00:36:02] You're going to see this available on apple devices, Google Microsoft platforms, and it really is simple, stronger authentication. That's sort of Fido calls it. But it is going to make your life a lot easy, easier. It is a standard and the passwordless future makes a whole lot of sense for all of us. Now, I want to talk about another thing here that just bothered me for a long time. [00:36:30] I have a sister. Who is in the medical field and gives prescriptions, doctor thing. And I think she's not quite a doctor. I can't remember what she has. She's an LPN or something. And anyhow, so she. We'll get on a zoom call with someone and they'll go through medical history and what's happening right now and she'll make prescriptions. [00:36:57] And so I warned her about that saying, it is very bad to be using zoom because zoom is not secure. Never has been, probably never will be right. If you want secure. To go and pay for it from one of these providers like WebEx, that's what we use. We have a version of WebEx that is set up to be secure. [00:37:20] So I talked to her about that and said, Hey, listen, you can't do this. You've really got to go another way here. And so she started using one of these mental or. Medical health apps. What I want to talk about right now specifically are some checks that were just performed some audits on mental health apps. [00:37:45] That's why I messed up a second ago, but what they looked at is that things are a serious problem there. And then fact, the threat post, just calling it a. Frankly, just plain old creepy. So they've got some good intentions. They want to help with mental health. You've probably seen these or at least heard them advertise. [00:38:06] So you can get on the horn with a mental health professional, a doctor or otherwise in order to help you here with your psychological or spiritual wellness. And people are sharing their personal and sensitive data with third parties and have 32 mental health and prayer mobile apps that were investigated by the open source organization. [00:38:32] 28, 28 of the 32 were found to be inherently insecure and were given a privacy not included label, including others here. So this is a report. That was released here by the open source organization, tied into Mozilla. Those are the Firefox people. They have what they call their minimum security standards. [00:38:56] So things like requiring strong passwords, managing security, updates, and vulnerabilities, et cetera. 25 of the 32 failed to meet. Even those minimum security standards. So these apps are dealing with some of the most sensitive mental health and wellness issues people can possibly have, right? Depression, anxieties, suicidal fonts, domestic violence, eating disorders. [00:39:23] And they are being just terrible with your security Mozilla researchers spent 255 hours or about eight hours per product pairing under the hood of the security, watching the data that was going back and forth, right between all of these mental health and prayer apps. It was just crazy. So for example, eight of the apps reviewed, allowed weak passwords, that range. [00:39:52] One digit one as the password to 1, 1, 1, 1, while a mental health app called a mood fit only required one letter or digit as a password. Now that is very concerning for an app that collects mood and symptom data. So be very careful. Two of the apps better help a popular app that connects users with therapists and better stop suicide, which is a course of suicide prevention app have vague and messy, according to Mozilla privacy policies that have little or no effect on actual. [00:40:30] User data protection. So be very careful. And if you're a mental health, professional or medical professional, don't just go and use these open video calls, et cetera, et cetera, find something good. And there are some standards out there. Again. Visit me online, get my insider show notes every week. Get my little mini trends. [00:40:56] And they come up most weeks. Just go to Craig peterson.com. And I'll send you my special report on passwords and more. [00:41:06] We know the Russians have been attacking us. I've talked a lot about it on the radio station, all kinds of stations. In fact, here over the last couple of weeks, and I am doing something special, we are going through the things you can do to keep safe. [00:41:23] Last week we started doing something I promise we would continue. [00:41:27] And that is how can you protect yourself when it comes to the Russians, right? When it comes to the bad guys, because the Russians are definitely the bad guys. There's a few things you can do. And there's a few things, frankly, you shouldn't be doing. And that's exactly what we're going to talk about right now. [00:41:45] So last week he went over some steps, some things that you can look at that you should look at that are going to help protect you. And we are going to go into this a whole lot more today. And so I want you to stick around and if you miss anything, you can go online. You can go to Craig peterson.com, make sure you sign up there for my email. [00:42:08] And what I'm going to do for you is. Send you a few different documents now where we can chat back and forth about it, but I can send you this. Now I'm recording this on video as well as on audio. So you can follow along if you're watching either on YouTube or. Over on rumble and you can find it also on my website. [00:42:32] I've been trying to post it up there too, but right now let's talk about what we call passive backend protections. So you've got the front end and the front end of course, is. Stuff coming at you, maybe to the firewall I've mentioned last week about customers of mine. I was just looking at a few customers this week, just so I could have an idea of their firewalls. [00:42:59] And they were getting about 10 attacks per minute. Yeah. And these were customers who have requirements from the department of defense because they are defense sub subcontractors. So again, Potential bad guys. So I looked up their IP addresses and where the attacks were coming from. Now, remember that doesn't mean where they originated because the bad guys can hop through multiple machines and then get onto your machine. [00:43:28] What it means is that all, ultimately they ended up. Coming from one machine, right? So there's an IP address of that machine. That's attacking my clients or are attacking my machines. That just happens all the time. A lot of scans, but some definite attacks where they're trying to log in using SSH. [00:43:48] And what I found is these were coming from Slovakia, Russia, and Iran. Kind of what you were expecting, right? The Iranians, they just haven't given up yet. They keep trying to attack, particularly our military in our industry. One of the things we found out this week from, again, this was an FBI notice is that the Russians have been going after our industrial base. [00:44:15] And that includes, in fact, it's more specifically our automobile manufacturers we've already got problems, right? Try buying a new car, try buying parts. I was with my friend, just this. I helped them because he had his car right. Need to get picked up. So I took him over to pick up his car and we chatted a little bit with this small independent automotive repair shop. [00:44:40] And they were telling us that they're getting sometimes six, eight week delays on getting parts and some parts. They just can't. So they're going to everything from junkyards on out, and the worst parts are the parts, the official parts from the car manufacturers. So what's been happening is Russia apparently has been hacking into these various automobile manufacturers and automobile parts manufacturers. [00:45:10] And once they're inside, they've been putting in. A remote control button net. And those botnets now have the ability to wake up when they want them to wake up. And then once they've woken up, what do they do? Who knows? They've been busy erasing machines causing nothing, but having they've been doing all kinds of stuff in the past today, they're sitting there. [00:45:31] Which makes you think they're waiting, it's accumulate as much as you possibly can. And then once you've got it all accumulated go ahead and attack. So they could control thousands of machines, but they're not just in the U S it's automobile manufacturers in Japan. That we found out about. [00:45:50] So that's what they're doing right now. So you've got the kind of that front end and back end protections. So we're going to talk a little bit about the back end. What does that mean? When a cybersecurity guy talks about the backend and the protections. I got it up on my green right now, but here's the things you can do. [00:46:10] Okay. Remember, small businesses are just getting nailed from these guys, because again, they're fairly easy targets. One change your passwords, right? How many times do we have to say that? And yet about 70% of businesses out there are not using a good password methodology. If you want more information on passwords, two factor authentication, you name it. [00:46:37] Just email me M e@craigpeterson.com. I want to get the information out now. You got to make sure that all of the passwords on your systems are encrypted are stored in some sort of a good password vault as you really should be looking at 256 bit encryption or better. I have a vendor of. That I use. So if you get my emails every week, when them, there's the little training. [00:47:06] And so I'll give you a five minute training. It's written usually it's in bullet point for, I'm just trying to help you understand things. That provider of mine has a big database and there's another provider that I use that is for. So the training guys use the database of my provider. [00:47:27] In using that database, they're storing the passwords and the training providers putting passwords in the clinics. Into the database, which is absolutely crazy. So again, if you're a business, if you're storing any sort of personal information, particularly passwords, make sure that you're using good encryption and your S what's called salting the hash, which means. [00:47:53] You're not really storing the password, just joining assaulted hash. I can send you more on this. If you are a business and you're developing software that's, this is long tail stuff here. Configure all of the security password settings so that if someone's trying to log in and is failing that, and you block it, many of us that let's say you're a small business. [00:48:15] I see this all of the time. Okay. You're not to blame. You, but you have a firewall that came from the cable company. Maybe you bought it at a big box retailer. Maybe you bought it online over at Amazon, as hurricane really great for you. Has it got settings on there that lets you say. There's 20 attempts to log in. [00:48:38] Maybe we should stop them. Now, what we do personally for our customers is typically we'll block them at somewhere around three or four failed attempts and then their passwords block. Now you can configure that sort of thing. If you're using. Email. And that's an important thing to do. Let me tell you, because we've had some huge breaches due to email, like Microsoft email and passwords and people logging in and stealing stuff. [00:49:06] It was just a total nightmare for the entire industry last year, but limit the number of login retries as well as you're in there. These excessive login attempts or whatever you want to define it as needs to lock the account. And what that means is even if they have the right password, they can't get in and you have to use an administrative password in order to get in. [00:49:31] You also want to, what's called throttle, the rate of repeated logins. Now you might've gotten caught on this, right? You went to your bank, you went to E-bay, you went to any of these places and all of a sudden. And denied you write it blocked you. That can happen when your account is on these hackers lists. [00:49:51] You remember last week we talked about password spraying while that's a very big deal and hackers are doing the sprain trick all of the time, and that is causing you to get locked out of your own account. So if you do get locked out, remember it might be because someone's trying to break. Obviously you have to enforce the policies. [00:50:16] The capture is a very good thing. Again, this is more for software developer. We always recommend that you use multifactor or two factor authentication. Okay. Do not use your SMS, your text messages for that, where they'll send you a text message to verify who you are. If you can avoid that, you're much better off. [00:50:36] Cause there's some easy ways to get around that for hackers that are determined. Okay. A multi-factor again, installed an intrusion. system. We put right at the network edge and between workstations and servers, even inside the network, we put detection systems that look for intrusion attempts and block intrusion attempts. [00:51:02] A very important use denied lists to block known attackers. We build them automatically. We use some of the higher end Cisco gates. Cisco is a big network provider. They have some of the best hardware and software out there, and you have to subscribe to a lot of people complain. I ain't going to just go buy a firewall for 200 bucks on Amazon. [00:51:24] Why would I pay that much a month just to to have a Cisco firewall? And it's like praying pain for the brand. I've got by logo chert on here. Oh, I wouldn't pay for that. No, it's because they are automatically providing block lists that are updated by the minute sometimes. And then make sure you've got an incident response plan in place. [00:51:50] What are you going to do when they come for you? What are you going to do? [00:51:55] Now we're going to talk about prevention. What can you do an order to stop some of these attacks that are coming from Russia and from other countries, it is huge. People. Believe me, this is a very big problem. And I'm here to help. [00:52:12] We've reviewed a number of things that are important when it comes to your cyber security and your protection. [00:52:20] We talked about the front end. We talked about the backend. Now we're going to talk about pure prevention and if you're watching. Online. You'll be able to see my slides as they come up, as we talk about some of this stuff and you'll find me on YouTube and you'll also find me on rumble, a fairly new platform out there platform that doesn't censor you for the things you say. [00:52:44] Okay. So here we go. First of all, enabling your active directory password protection is going to. Four's password protection all the way through your business. Now I've had some discussions with people over the months, over the years about this whole thing and what should be done, what can be done, what cannot be done. [00:53:09] Hey, it's a very big deal when it comes to password protection and actor directory, believe it or not, even though it's a Microsoft product is pretty darn good at a few things. One of them is. Controlling all the machines and the devices. One of the things we do is we use an MDM or what used to be a mobile device manager called mass 360. [00:53:34] It's available from IBM. We have a special version of that allows us as a managed security services provider to be able to control everything on people's machines. Active directory is something you should seriously consider. If you are a Mac based shop. Like I am. In fact, I'm sitting right now in front of two max that I'm using right now, you'll find that active directory is a little bit iffy. [00:54:04] Sometimes for max, there are some work around and it's gotten better mastery. 60 is absolutely the way to go, but make sure you've got really good. Passwords and the types of passwords that are most prone to sprain the attacks are the ones you should be banning specifically. Remember the website? Have I been poned? [00:54:28] Yeah. It's something that you should go to pretty frequently. And again, if you miss anything today, just email me M e@craigpeterson.com. Believe me, I am not going to harass you at all. Okay. Now, the next thing that you should be doing is what's called red team blue team. Now the red team is a group of people, usually outside of your organization. [00:54:54] If you're a big company they're probably inside, but the red team is the team that attacks you. They're white hat hackers, who are attacking you, looking for vulnerabilities, looking for things that you should or shouldn't be doing. And then the blue team is the side that's trying to defend. So think of, like war games. [00:55:12] Remember that movie with Matthew Broderick all of those decades ago and how the, he was trying to defend that computer was trying to defend that it moved into an attack mode, right? Red team's attack, blue team is defend. So you want. To conduct simulated attacks. Now w conducting these attacks include saying, oh my let's now put in place and execute our plan here for what are we going to do once we have a. [00:55:44] And you darn well better have a breach plan in place. So that's one of the things that we help as a fractional chief information security officer for companies, right? You've got to get that in place and you have to conduct these simulated attacks and you have to do penetration testing, including password spraying attacks. [00:56:04] There's so many things you can do. The one of the things that we like to do and that you might want to do, whether you're a home user, retiree or a business is go and look online, you can just use Google. I use far more advanced tools, but you can use Google and look for your email address right there. [00:56:23] Look for the names of people inside your organization. And then say wait a minute, does that data actually need to be there? Or am I really exposing the company exposing people's information that shouldn't be out there because you remember the hackers. One of the things they do is they fish you fish as in pH. [00:56:47] So they'll send you an email that looks like. Hey let me see. I know that Mary is the CFO, and I know that Joe's going to be out of town for two weeks in The Bahamas, not a touch. So while he's got. I'm going to send an email to Mary, to get her to do something, to transfer the company's funds to me. [00:57:06] Okay. So that's what that's all about. You've got to make sure, where is our information? And if you go to my company's page, mainstream.net, you'll see on there that I don't list any of the officers or any of the people that are in the company, because that again is a security problem. [00:57:24] We're letting them know. I go to some of these sites, like professional sites lawyers, doctors, countenance, and I find right there all, are there people right there top people or sometimes all of them. And then we'll say, yeah, I went to McGill university, went to Harvard, whatever my B. It's all there. So now they've got great information to fish you, to fish that company, because all they have to do is send an email to say, Hey, you remember me? [00:57:56] We're in Harvard when this class together. And did you have as a professor to see how that works? Okay. You also want to make. That you implement, what's called a passwordless user agent, and this is just so solely effective. If they cannot get into your count, what's going to, what could possibly go wrong, but one of the ways to not allow them into the count is to use. [00:58:24] Biometrics. We use something called duo and we have that tied into the single sign-on and the duo single sign-on works great because what it does now is I put in, I go to a site, I put it into my username and. Pulls up a special splash page that is running on one of our servers. That again asks me for my duo username. [00:58:48] So I've got my username for the site then to my dual username and my duo password single sign on. And then it sends me. To an app on my smart device, a request saying, Hey, are you trying to log into Microsoft? And w whatever it might be at Microsoft, and you can say yes or no, and it uses biometric. [00:59:11] So those biometrics now are great because it says, oh, okay, I need a face ID or I need a thumb print, whatever it might be that allows a generalized, a password, less access. Okay. Password less. Meaning no pass. So those are some of the top things you can do when it comes to prevention. And if you use those, they're never going to be able to get at your data because it's something you have along with something, it works great. [00:59:45] And we like to do this. Some customers. I don't like to go through those hoops of the single sign-on and using duo and making that all work right where we're fine with it. We've got to keep ourselves, at least as secure as the DOD regulations require unlike almost anybody else in industry, I'm not going to brag about it. [01:00:09] But some of our clients don't like to meet the tightest of controls. And so sometimes they don't. I hate to say that, but they just don't and it's a fine line between. Getting your work done and being secure, but I think there's some compromises it can be readily made. We're going to talk next about saving your data from ransomware and the newest ransomware. [01:00:36] We're going to talk about the third generation. That's out there right now. Ransomware, it's getting crazy. Let me tell ya and what it's doing to us and what you can do. What is a good backup that has changed over the last 12 months? It's changed a lot. I used to preach 3, 2, 1. There's a new sheriff in town. [01:00:58] Stick around Craig peterson.com. [01:01:02] 3, 2, 1 that used to be the standard, the gold standard for backing up. It is no longer the case with now the third generation of ransomware. You should be doing something even better. And we'll talk about it now. [01:01:19] We're doing this as a simulcast here. It's on YouTube. It is also on rumble. [01:01:27] It's on my website@craigpeterson.com because we're going through the things that you can do, particularly if you're a business. To stop the Russian invasion because as we've been warned again and again, the Russians are after us and our data. So if you missed part of what we're talking about today, or. [01:01:50] Last week show, make sure you send me an email. me@craigpeterson.com. This is the information you need. If you are responsible in any way for computers, that means in your home, right? Certainly in businesses, because what I'm trying to do is help and save those small businesses that just can't afford to have full-time. [01:02:15] True cyber security personnel on site. So that's what the whole fractional chief information security officer thing is about. Because you just, you can't possibly afford it. And believe me, that guy that comes in to fix your computers is no cyber security expert. These people that are attacking our full time cybersecurity experts in the coming from every country in the world, including the coming from the us. [01:02:44] We just had more arrests last week. So let's talk about ransomware correctly. Ransomware, very big problem. Been around a long time. The first version of ransomware was software got onto your computer through some mechanism, and then you had that red screen. We've all seen that red screen and it says, Hey, pay up buddy. [01:03:07] It says here you need to send so many Bitcoin or a fraction of a Bitcoin or so many dollars worth of Bitcoin. To this Bitcoin wallet. And if you need any help, you can send email here or do a live chat. They're very sophisticated. We should talk about it some more. At some point that was one generation. [01:03:29] One generation two was not everybody was paying the ransoms. So what did they do at that point? They said let me see if they, we can ransom the data by encrypting it and having them pay us to get it back. 50% of the time issue got all your data back. Okay. Not very often. Not often enough that's for sure. [01:03:49] Or what we could do is let's steal some of their intellectual property. Let's steal some of their data, their social security number, their bank, account numbers, et cetera. They're in a, in an Excel spreadsheet on their company. And then we'll, if they don't pay that first ransom, we'll tell them if they don't pay up, we'll release their information. [01:04:10] Sometimes you'll pay that first ransom and then they will hold you ransom a second time, pretending to be a different group of cyber terrorists. Okay. Number three, round three is what we're seeing right now. And this is what's coming from Russia, nears, everything we can tell. And that is. They are erasing our machines. [01:04:31] Totally erasing them are pretty sophisticated ways of erasing it as well, so that it sinks in really, it's impossible to recover. It's sophisticated in that it, it doesn't delete some key registry entries until right at the very end and then reboots and computer. And of course, there's. Computer left to reboot, right? [01:04:55] It's lost everything off of that hard drive or SSD, whatever your boot devices. So let's talk about the best ways here to do some of this backup and saving your data from ransomware. Now you need to use offsite disconnected. Backups, no question about it. So let's talk about what's been happening. [01:05:17] Hospitals, businesses, police departments, schools, they've all been hit, right? And these ransomware attacks are usually started by a person. I'll link in an email. Now this is a poison link. Most of the time, it used to be a little bit more where it was a word document, an Excel document that had something nasty inside Microsoft, as I've said, many times has truly pulled up their socks. [01:05:45] Okay. So it doesn't happen as much as it used to. Plus with malware defender turned on in your windows operating system. You're going to be a little bit safer next step. A program tries to run. Okay. And it effectively denies access to all of that data. Because it's encrypted it. And then usually what it does so that your computer still works. [01:06:09] Is it encrypts all of you, like your word docs, your Excel docs, your databases, right? Oh, the stuff that matters. And once they've got all of that encrypted, you can't really access it. Yeah. The files there, but it looks like trash now. There's new disturbing trends. It has really developed over the last few months. [01:06:31] So in addition to encrypting your PC, it can now encrypt an entire network and all mounted drives, even drives that are marrying cloud services. Remember this, everybody, this is really a big deal because what will happen here is if you have let's say you've got an old driver G drive or some drive mounted off of your network. [01:06:57] You have access to it from your computer, right? Yeah. You click on that drive. And now you're in there and in the windows side Unix and max are a little different, but the same general idea you have access to you have right. Access to it. So what they'll do is any mounted drive, like those network drives is going to get encrypted, but the same thing is true. [01:07:20] If you are attaching a U S B drive to your company, So that USB drive, now that has your backup on it gets encrypted. So if your network is being used to back up, and if you have a thumb drive a USB drive, it's not really a thumb drive, right? There's external drive, but countered by USP hooked up. [01:07:45] And that's where your backup lives. Your. Because you have lost it. And there have been some pieces of software that have done that for awhile. Yeah. When they can encrypt your network drive, it is really going after all whole bunch of people, because everyone that's using that network drive is now effective, and it is absolutely. [01:08:10] Devastating. So the best way to do this is you. Obviously you do a bit of a local backup. We will usually put a server at the client's site that is used as a backup destiny. Okay. So that servers, the destination, all of the stuff gets backed up there. It's encrypted. It's not on the network per se. It's using a special encrypted protocol between each machine and the backup server. And then that backup servers data gets pushed off site. Some of our clients, we even go so far as to push it. To a tape drive, which is really important too, because now you have something physical that is by the way, encrypted that cannot be accessed by the attacker. [01:09:03] It's offsite. So we have our own data center. The, we run the, we manage the no one else has access to it is ours. And we push all of those backups offsite to our data center, which gives us another advantage. If a machine crashes badly, right? The hard disk fails heaven forbid they get ransomware. We've never had that happen to one of our clients. [01:09:29] Just we've had it happen prior to them becoming clients, is that we can now restore. That machine either virtually in the cloud, or we can restore it right onto a piece of hardware and have them up and running in four hours. It can really be that fast, but it's obviously more expensive than in some. [01:09:51] Are looking to pay. All right, stick around. We've got more to talk about when we come back and what are the Russians doing? How can you protect your small business? If you're a one, man, one woman operation, believe it. You've got to do this as well. Or you could lose everything. In fact, I think our small guys have even more to lose Craig peterson.com. [01:10:16] Backups are important. And we're going to talk about the different types of backups right now, what you should be doing, whether you're a one person, little business, or you are a, multi-national obviously a scale matters. [01:10:32] Protecting your data is one of the most important things you can possibly do. [01:10:36] I have clients who had their entire operating account emptied out, completely emptied. It's just amazing. I've had people pay. A lot of money to hackers to try and get data back. And I go back to this one lady over in Eastern Europe who built a company out of $45 million. By herself. And of course you probably heard about the shark tank people, right? [01:11:07] Barbara Cochran, how she almost lost $400,000 to a hacker. In fact, the money was on its way when she noticed what was going on and was able to stop it. So thank goodness she was able to stop it. But she was aware of these problems was looking for the potential and was able to catch it. How many of us are paying that much attention? [01:11:34] And now one of the things you can do that will usually kind of protect you from some of the worst outcomes. And when it comes to ransomware is to backup. And I know everybody says, yeah, I'm backing up. It's really rare. When we go in and we find a company has been backing up properly, it even happens to us sometimes. [01:11:59] We put them back up regimen in place and things seem to be going well, but then when you need the backup, oh my gosh, we just had this happen a couple of weeks ago. Actually this last week, this is what happened. We have. Something called an FMC, which is a controller from Cisco that actually controls firewalls in our customer's locations. [01:12:26] This is a big machine. It monitors stuff. It's tied into this ice server, which is. Looking for nastiness and we're bad guys trying to break in, right? It's intrusion detection and prevention and tying it into this massive network of a billion data points a day that Cisco manages. Okay. It's absolutely huge. [01:12:48] And we're running it in a virtual machine network. So we. Two big blade. Chassies full of blades and blades are each blade is a computer. So it has multiple CPU's and has a whole bunch of memory. It also has in there storage and we're using something that VMware calls visa. So it's a little virtual storage area network. [01:13:15] That's located inside this chassis and there are multiple copies of everything. So if a storage unit fails, you're still, okay. Everything stays up, it keeps running. And we have it set up so that there's redundancy on pond redundancy. One of the redundancies was to back it up to a file server that we have that's running ZFS, which is phenomenal. [01:13:40] Let me tell you, it is the best file system out there I've never ever had a problem with it. It's just crazy. I can send you more information. If you ever interested, just email me@craigpeterson.com. Anytime. Be glad to send you the open source information, whatever you need. But what had happened is. [01:13:57] Somehow the boot disk of that FMC, that, that firewall controller had been corrupted. So we thought, oh, okay, no problem. Let's look at our backups. Yeah, hadn't backed up since October, 2019. Yeah, and we didn't know it had been silently failing. Obviously we're putting stuff in place to stop that from ever happening again. [01:14:27] So we are monitoring the backups, the, that network. Of desks that was making up that storage area network that had the redundancy failed because the machine itself, somehow corrupted its file system, ext four file system right then are supposed to be corruptible, but the journal was messed up and it was man, what a headache. [01:14:51] And so they thought, okay, you're going to have to re-install. And we were sitting there saying, oh, you're kidding me. Reinstalling this FMC controller means we've got to configure our clients, firewalls that are being controlled from this FMC, all of their networks, all of their devices. We had to put it out. [01:15:07] This is going to take a couple of weeks. So because I've been doing this for so long. I was able to boot up an optics desk and Mount the file system and go in manually underneath the whole FMC, this whole firewall controller and make repairs to it. Got it repaired, and then got it back online. So thank goodness for that. [01:15:33] It happens to the best of us, but I have to say I have never had a new client where they had good backups. Ever. Okay. That, and now that should tell you something. So if you are a business, a small business, whatever it might be, check your backups, double check them. Now, when we're running backups, we do a couple of things. [01:15:57] We go ahead and make sure the backup is good. So remember I mentioned that we h

god amazon donald trump australia europe google uk starting japan giving online service training real americans british germany russia european green depression ukraine data elon musk russian microsoft price new zealand iphone barack obama meaning keys clients hospitals harvard fbi cnn bitcoin iran nazis medical pc protecting id mac computers active ipads gps privacy ukrainian ibm mark zuckerberg ip cfo controlling mount sim excel iranians shut pulling backup bahamas user sms eastern europe ipods cisco qr verizon usb gdpr passwords pulls upper devastating electrical ransomware usp dod slovakia t mobile no idea mcgill cpu firefox john deere vmware checkpoint u s ssd conti advertisers mozilla biometrics internally backups matthew broderick fido plaid piles gizmodo acer faraday unix chechnya webex pn motherboard ssh mdm lpn fmc configure lto google microsoft andrew lang fido alliance zfs jcl craig peterson cql

2022-04-22 - THE GERMAN SYNOD ON NOTICE, UNEXPECTED BLESSINGS, SPEAKING OUT AGAINST CHINA, CHINA'S ZERO COVID STRATEGY

WORLD OVER

Play Episode Listen Later Apr 22, 2022 60:00

THE GERMAN SYNOD ON NOTICE EDWARD PENTIN, Rome Correspondent for The National Catholic Register and PHILP LAWLER, editor of Catholic World News discuss the big stories of the week in Vatican & Church news. UNEXPECTED BLESSINGS ROMA DOWNEY, TV producer and author talks about her new book, Unexpected Blessings: 90 Inspirations to Nourish Your Soul and Open Your Heart. SPEAKING OUT AGAINST CHINA FR. VINCENT WOO, JCL, priest of the Diocese of Hong Kong and NINA SHEA, director of The Center for Religious Freedom, discuss Communist China's ongoing crackdown on religious liberty in mainland China and and Hong Kong. CHINA'S ZERO COVID STRATEGY STEVEN MOSHER, president of The Population Research Institute and author of Bully of Asia talks about Communist China's Zero-COVID strategy and its effect on the world's economy.

S2 - E2: The Men In Blue with Gurdeep Dua

women men japan club cricket delhi blue origin first experiences season review coach development jcl gurdeep super club

Play Episode Listen Later Apr 15, 2022 52:12

This week we have four centuries and a five-fer to cover in the round up, before getting into a great conversation with Gurdeep Dua, founder of a genuine Super Club in Japan: the Men In Blue. As always I discuss where Gurdeep grew up and how his love of cricket developed, as well as how he ended up in Japan, before getting into detail about how the club was formed and then developed into the force they are today. If you have time please do follow the show on Instagram: www.instagram.com/japan_cricket_podcast, and feel free to message me there in the comments section for each episode, and if you have the time then a rating or review on whichever platform you listen would be much appreciated. For those who like to skip through shows, here's a guide to what you can find where (times not exact): Start - 5:55 Intro and Domestic Scores Round Up 5:55 - 9:10 Early life in Delhi 9:10 - 11:10 First Experiences in Cricket 11:10 - 15:50 Move to Japan and Cricket in Japan 15:50 - 20:45 Men in Blue Origins 20:45 - 28:50 Coming into JCL and Club Structures 28:50 - 31:30 Developing Junior and Women's Cricket 31:30 - 34:30 Coach Development 34:30 - 36:45 Work/Life/Cricket Balance & Shared Responsibility in the Club 36:45 - 41:10 2021 Season Review 41:10 - 47:30 Cricket Questions 47:30 - End Japan Questions

Episode 69: Doctor Father Michael Knipe, Judicial Vicar of the Diocese of Tulsa & Eastern Oklahoma

Glory Be

Play Episode Listen Later Mar 28, 2022 27:36

Very Reverend Michael Knipe is the pastor of Sts. Peter and Paul Parish in Tulsa and Judicial Vicar of the Diocese of Tulsa. He was ordained to the priesthood in 1988 and has served the diocese as pastor of several parishes and as chaplain at Bishop Kelley High School. Fr. Mike was educated at Northeastern State University (Tahlequah), received his Bachelor of Arts from Conception Seminary College (Missouri), his Master of Arts in Theology from the University of Dallas,, his STB in theology and JCL in Canon Law from The Catholic University of America (DC) and recently completed his JCD in Canon law from Universidad Pontificia de Salamanca (Spain). He is fluent in English and Spanish and is committed to the spread of the gospel and Catholic social teaching. He also loves traveling the world.

The Gote Talk: LA's Finest Edition Vol.1

Double OT

Play Episode Listen Later Feb 8, 2022 52:26

Join Alan and myself as we welcome two of LA's most talented up and coming artists Saucey.Duece and JCL on to the Gote Talk for the first time. I'm this episode we shared some passionate opinions on what the NFL is currently facing with their alleged purposeful tanking amongst teams, which teams in the NBA's Eastern and Western Conferences are the real contenders, as well as some Q&A to wrap it all up. JCL and Saucey.Deuce both open up about their passion for music and where it originated as well as recent projects and released music. Enjoy

nfl nba finest western conference deuce duece saucey jcl gote

S1 - E15: Japan Cricket League Special with Sameep Dewar & Dhugal Bedingfield

Play Episode Listen Later Nov 25, 2021 34:22

A shocking break from tradition and all previous rules thrown out of the window as I have not one but two guests on the podcast today and release the episode 24 hours earlier than normal with the Japan Cricket League Grand Final taking place this Saturday. In this episode I give a very brief explainer of the JCL before inviting on the captains of the two clubs who are participating. Firstly Sameep Dewar discusses the Tokyo Falcons rise from winless in 2019 to final favourites in 2021, how the club has developed and the key players who have carried them to the brink of glory this year. Following that I am finally able to welcome Dhugal Bedingfield onto the pod to discuss the Chiba Sharks season, how their run to the final of the Japan Cup has given the club a confidence boost and why the decision to invest in youth has paid off so spectacularly as they go into their third final in four years. We also get an update on his "exploding" hamstring... Catch the match live on the JCA YouTube Channel: www.youtube.com/JapanCricket, you may even be able to hear me commentate if I can escape from quarantine. As always, please do remember to rate and review the show...if you liked it...and you can comment on the Instagram account www.instagram.com/japan_cricket_podcast should you so desire. You can also follow the Japan Cricket Association on various social platforms such as: www.twitter.com/CricketJapan www.facebook.com/cricketjapan www.instagram.com/japan_cricket While there is also plenty of information on www.cricket.or.jp

japan league cricket dewar bedingfield jcl

S1 - E14: Richie Bracefield

uk japan japanese richie kane williamson jcl

Play Episode Listen Later Nov 19, 2021 52:50

After a one week break for a trip back to the UK the pod returns this week with another Tokyo Wombat: Richie Bracefield. the former club president talks to us about his near perfect debut in the JCL back in 2016, the challenges of running a one-team club, his Japanese heritage and how Kane Williamson caused him to break up with his girlfriend. If you'd like to learn about Richie's favourite place in Japan you can check it out through this link. As always, please do remember to rate and review the show...if you liked it...and you can comment on the Instagram account www.instagram.com/japan_cricket_podcast should you so desire. You can also follow the Japan Cricket Association on various social platforms such as: www.twitter.com/CricketJapan www.facebook.com/cricketjapan www.instagram.com/japan_cricket www.youtube.com/JapanCricket While there is also plenty of information on www.cricket.or.jp ps - thanks to all those who reached out to check I was OK after missing a week...all zero off you. Harrumph

S1 - E3: Vinay Iyer

Play Episode Listen Later Aug 27, 2021 37:39

The in-form player in Japan joins me this week, fresh from a career-best innings in the JCL. Listen to Vinay Iyer talk about his early years in Mumbai, how he was nearly lost to cricket altogether due to his love of a different sport, the secret behind his recent performances and the two Indian superstars he came up against in his youth. Please do remember to rate and review the show...if you liked it...and you can also comment on the Instagram account www.instagram.com/japan_cricket_podcast should you so desire. Remember you can follow the Japan Cricket Association on various social platforms such as: www.twitter.com/CricketJapan www.facebook.com/cricketjapan www.instagram.com/japan_cricket www.youtube.com/JapanCricket While there is also plenty of information on www.cricket.or.jp

japan indian mumbai iyer jcl

Introduction to Investment Properties

new jersey insurance commission securities investment properties exchange commission sec jcl

Play Episode Listen Later Jun 10, 2021 21:07

An investment property is real estate purchased for the purpose of generating income. Buying an investment property can come with many challenges, such as maintenance costs and stricter financing requirements. This can include higher interest rates and a larger down payment compared with mortgages on primary homes. During this episode of Financial Roll Call, host James Fay welcomes back expert loan officer Anthony Marone to educate our listeners and the law enforcement community on this very important topic. Anthony has been on previous episodes of this podcast to educate us on various other mortgage topics, and he does a great job here of breaking down the process of owning an investment property. There are many variables to consider when purchasing an investment property, but, before you dive in headfirst, you should start by doing your research. +++ Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

Understanding the Importance of Your Credit Score

new jersey insurance credit commission securities credit score exchange commission sec jcl

Play Episode Listen Later Jun 3, 2021 22:41

Credit scores directly impact mortgage interest rates. A difference of just 100 points could cost, or save, you thousands. In this episode of Financial Roll Call, host James Fay interviewed a familiar face to the podcast. Anthony Marone, a loan officer with NJ Lenders, once again educated our listeners and law enforcement community. This time, he provided a better understanding of why your credit score is so important. Anthony does a great job of breaking down the many different factors that go into your credit score and some of the reasons why it is a good idea to maintain a good credit score. When you build and maintain strong credit, mortgage lenders have greater confidence when qualifying you for a mortgage because they see that you have paid back your loans as agreed and used your credit wisely. Strong credit also means your lender is more apt to approve you for a mortgage that has more favorable terms and a lower interest rate. NerdWallet: What Is a Credit Score, and What Are the Credit Score Ranges? +++ Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

Know Before You Go - 20 and Out: The “Burnout Bill”

new jersey burnout insurance commission securities exchange commission sec know before you go jcl

Play Episode Listen Later Apr 29, 2021 15:28

With one stroke of the pen, New Jersey Governor Phil Murphy has allowed approximately 8,000 PFRS members with 20 years of service to retire early. In this episode of Financial Roll Call, host James Fay discusses the legislation known as the “Burnout Bill” which allows public safety workers who will have 20 years of service within the next two years to retire with a pension, which they can start collecting immediately, regardless of their age. James expresses his concerns on issues that officers might face if they consider this retirement option without first developing a financial exit strategy. Having a plan might be the difference between success and failure. +++ Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

What happens when you name a minor child as a beneficiary?

child new jersey insurance commission minor securities beneficiaries exchange commission sec jcl

Play Episode Listen Later Apr 14, 2021 17:48

Should I name my children as beneficiaries? This is a question that is asked often. You should know that if your children are still minors, you need to take additional steps if you choose to name them as beneficiaries. During this episode of Financial Roll Call, host James Fay welcomes back expert estate planning attorney Michele Clark to educate our listeners and the law enforcement community on this very important topic. Michele has previously been on several episodes of this podcast, educating us on various estate planning topics, and she does a great job of breaking down the process of naming your minor children as beneficiaries on this episode. A key benefit of both knowing and understanding this process can help your heirs avoid probate court and its associated expense and inconvenience. • • • Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

What Does a Title Agency Do?

new jersey clear insurance agency commission securities exchange commission sec title insurance jcl

Play Episode Listen Later Apr 8, 2021 16:24

Are you cleared to close? The housing market has been on a tear for quite some time now. This has caused a lot of questions with regards to buying a new house or refinancing an existing mortgage. Being that there are a lot of moving parts to securing a mortgage, we thought it would be best to spend some time educating our listeners and the law enforcement community on Title Insurance. And, more importantly, what a Title Agency does. In this episode of Financial Roll Call, host James Fay interviews Ron Osadacz, a Title Insurance Professional with the Clear to Close Title Agency. Ron does a great job of breaking down the role of a title agency, which is to verify that the title to the real estate is legitimately given to the home buyer. He further explains how Title Insurance is just a one-time premium that is paid at closing. Title Insurance is a way to protect yourself from financial loss and related legal expenses in the event there is a defect in the title to your property that is covered by the policy. This conversation with Ron Osadacz will help you gain a better understanding of how that process works. • • • Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

The Rules of Refinancing a Mortgage

new jersey insurance commission mortgage securities refinancing exchange commission sec jcl

Play Episode Listen Later Mar 31, 2021 19:15

Since mortgage rates have been (and still are) at historically low levels over the past year, it has caused a lot of people to ask the question: “Should I refinance my mortgage?” In this episode of Financial Roll Call, host James Fay interviews a familiar face to our podcast. Anthony Marone, a loan officer with NJ Lenders, is back once again to educate our listeners and law enforcement community. This time, Anthony speaks about the rules of refinancing. He does a great job of breaking down the many different factors that go into refinancing a mortgage, as well as some of the reasons that homeowners might want to refinance. With mortgage rates slowly moving up, now might be the time to investigate whether you should be looking to refinance your mortgage. The goal of this episode is to help you decide if now is the right time for you to do that. • • • Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

Financial Impact of Promotions

office new jersey investing captain insurance promotion commission securities financial impact exchange commission sec jcl

Play Episode Listen Later Mar 25, 2021 33:35

Investing in yourself could prove to have the best rate of return. During this episode of Financial Roll Call, host James Fay interviews Ed Esposito, who is a Captain with the Essex County Sheriff's Office and more importantly the founder of ESPOS Test Prep which provides comprehensive training for promotional law enforcement exams. The financial impact of being promoted throughout your career directly affects your pension in retirement. The monetary figures are very eye opening and should be motivation to put yourself in a position to get promoted and rise through the ranks. Remember... you are your #1 asset! • • • Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

Do You Have an Investment Philosophy?

ceo founders new jersey investment insurance commission basis securities exchange commission sec investment philosophy jcl jason lamb

Play Episode Listen Later Mar 17, 2021 36:49

What is your investment philosophy? When asked, this question generally produces a lot of blank stares. During this episode of Financial Roll Call, host James Fay interviews Jason Lamb, who is the CEO and Founder of Shore Point Advisors. It is Jason's vision and passion that has shaped the investment philosophy we use here at Shore Point Advisors. An investment philosophy is a set of beliefs and principles that guide an investor's decision-making process. Most investors who achieve long-term success develop and refine their investment philosophies over time and do not frequently switch between philosophies as market conditions change. Investment philosophies should include: Basis of the investor's goals, Their timeline or horizon, Their tolerance to experience risks of various types, And their individual capital status or needs. Take the time to understand the philosophy behind your investments, because “to make money” is not a philosophy, it is a wish. • • • Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities.

NJ Police & Firemen's Retirement System Mortgage Program

system new jersey police retirement insurance commission mortgage police officers securities exchange commission sec firemen jcl

Play Episode Listen Later Mar 11, 2021 17:54

As a New Jersey Police Officer, are you taking advantage of this exclusive mortgage program? During this episode of Financial Roll Call, host James Fay interviews Anthony Marone, who is considered an expert with originating the Police and Fire Mortgage for New Jersey's Police Officers. As a police officer himself, Anthony understands the unique stresses and financial burdens which our everyday heroes go through daily. The Police and Firefighter Mortgage is a huge benefit to members who are eligible. Anthony does a great job of explaining the eligibility and terms of this program. Through his experience as a loan officer, he explains that many of his past law enforcement clients had their monthly payments reduced significantly using this mortgage program. It is worth the time to review this program and see how you may benefit. • • • Shore Point Advisors is an investment adviser located in Brielle, New Jersey. Shore Point Advisors is registered with the Securities and Exchange Commission (SEC). Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Shore Point Advisors only transacts business in states in which it is properly registered or is excluded or exempted from registration. Insurance products and services are offered through JCL Financial, LLC (“JCL”). Shore Point Advisors and JCL are affiliated entities. Learn more: https://shorepointadvisors.com/

435. Jonas Fagerström - Nycklarna till att bli störst på sociala medier, Short

Framgångspodden

Play Episode Listen Later Nov 29, 2020 38:46

Influencern, youtubern och entreprenören Jonas Fagerström gästar Framgångspodden och lär oss nycklarna för att ta över sociala medier! Tillsammans med humorgruppen JLC har han blivit utsedd till en av Sveriges mäktigaste influencers, han driver vid sidan av detta flera bolag och är nu aktuell i den nya serien ”Pappas Pojkar”. Vi går självklart in på hela arbetet bakom JCL, vad som krävts för att bli störst och får även höra om humorklippen som aldrig fick publiceras. Vi pratar om Jonas olika bolag, om Elton Wood och hur armbanden som de skapar har hjälp honom att själv ta sig igenom en orolig tid för hans familj – något han aldrig tidigare delat med sig av. Dessutom pratar vi om dildos, föräldraskap, kändislivet, besvarar frågor från er lyssnare och massor av annat! Tusen tack för att du lyssnar! Besök Framgångsakademin: www.framgangsakademin.se Anmäl dig till Framgångsakademins Webbinarium den 4 dec: https://webinar.framgangsakademin.se/4-dec-anmalan Beställ "Mitt Framgångsår": https://bit.ly/3jGuZyJ Alexander Pärleros Instagram: www.instagram.com/alexanderparleros Bästa tipsen från avsnittet i Nyhetsbrevet: www.framgangspodden.se I samarbete med A Good Company: https://agood.com/ Elton Wood: https://www.eltonwood.com/ MyStamp: https://www.mystamp.se/ See acast.com/privacy for privacy and opt-out information.

sveriges dessutom tillsammans bes good company tusen framg influencern sociala medier anm jlc jcl fagerstr nyhetsbrevet

435. Jonas Fagerström - Nycklarna till att bli störst på sociala medier, Original

Framgångspodden

Play Episode Listen Later Nov 29, 2020 83:49

original sveriges dessutom tillsammans bes good company tusen framg influencern sociala medier anm jlc jcl fagerstr nyhetsbrevet

Deacon Gerald Jorgensen: Role of Law Award Response 2018

Play Episode Listen Later Jul 9, 2020 14:02

Role of Law Award Citation The Reverend Monsignor John J. M. Foster At every annual convention since 1973, the Canon Law Society of America has recognized one of its members with the Role of Law Award, the Society's highest honor. The Board of Governors selects the recipient based on his or her (1) embodiment of pastoral attitude, (2) commitment to research and study, (3) participation in the development of law, (4) a response to needs or practical assistance, and (5) facilitation of dialogue and the interchange of ideas within the Society and with other groups. This year's recipient was born and raised in the upper Midwest, attending public schools until the third grade and then switching to Catholic schools through the completion of college. Our honoree was both a high school valedictorian and college valedictorian. Discerning that he was not called to the priesthood, our colleague became a National Defense Education Fellow in the counseling psychology program at Colorado State University. As a fellow, he interned at the VA hospital in Palo Alto, California before earning both masters and doctoral degrees in psychology. Following the completion of his training in psychology, tonight's honoree served as an assistant professor of psychology and director of the Counseling Center at Clarke College before moving to Loras College, where he rose to be an associate professor of psychology and education and Vice President for Student Development and Dean of Students. His résumé in the field of psychology highlights his chairmanship of the Iowa Board of Psychology from 1984 through 1990 and again in 2008 and his service as vice president and president of the Federation of Associations of Regulatory Boards and the Association of State and Provincial Psychology Boards. In 1995, our honoree served as the general secretary of the First International Conference on Licensure, Certification, and Credentialing of Psychologists in New Orleans. Named a fellow of the Association of State and Provincial Psychology Boards in 1993, he received the Association's Morton Berger Award in 1996. Taking the Divine Master at his word to place his talents at the service of the Church, the recipient of this year's Role of Law Award started his studies for the JCL at the Catholic University of America in 1994. He sat directly behind me in class during the two summers we studied together. In fact, our honoree was the first person I ever heard use the term 1095—as if he knew what he was talking about. Come to find out, he did! Graduating from CUA in 1998 with a licentiate in canon law, our colleague has served this Society as the chair of the Marriage Research Committee, on the Board of Governors as secretary and consultor, and on tribunal review teams. He has used his education, training, and experience in psychology in numerous presentations at national and regional canon law meetings; as an advocate, promoter of justice, and judge in penal cases; and as a peritus, assessor, and judge in marriage cases. His publications in both psychology and canon law are numerous. In 1979, tonight's honoree was ordained as a permanent deacon for the Archdiocese of Dubuque. Since then, he has served as the assistant director and director of the Office of the Permanent Diaconate in Dubuque. At the national level, he has served as the treasurer and secretary of the National Association of Diaconate Directors. For the first time, the Role of Law Award is presented to a permanent deacon—and a most worthy one at that. Please join me in congratulating Deacon Gerald Jorgensen.

Deacon Gerald Jorgensen: From the Table of Resolution to the Table of Reconciliation

Play Episode Listen Later Jul 3, 2020 22:15

ROLE OF LAW AWARD CITATION The Reverend Monsignor John J. M. Foster At every annual convention since 1973, the Canon Law Society of America has recognized one of its members with the Role of Law Award, the Society's highest honor. The Board of Governors selects the recipient based on his or her (1) embodiment of pastoral attitude, (2) commitment to research and study, (3) participation in the development of law, (4) a response to needs or practical assistance, and (5) facilitation of dialogue and the interchange of ideas within the Society and with other groups. This year's recipient was born and raised in the upper Midwest, attending public schools until the third grade and then switching to Catholic schools through the completion of college. Our honoree was both a high school valedictorian and college valedictorian. Discerning that he was not called to the priesthood, our colleague became a National Defense Education Fellow in the counseling psychology program at Colorado State University. As a fellow, he interned at the VA hospital in Palo Alto, California before earning both masters and doctoral degrees in psychology. Following the completion of his training in psychology, tonight's honoree served as an assistant professor of psychology and director of the Counseling Center at Clarke College before moving to Loras College, where he rose to be an associate professor of psychology and education and Vice President for Student Development and Dean of Students. His résumé in the field of psychology highlights his chairmanship of the Iowa Board of Psychology from 1984 through 1990 and again in 2008 and his service as vice president and president of the Federation of Associations of Regulatory Boards and the Association of State and Provincial Psychology Boards. In 1995, our honoree served as the general secretary of the First International Conference on Licensure, Certification, and Credentialing of Psychologists in New Orleans. Named a fellow of the Association of State and Provincial Psychology Boards in 1993, he received the Association's Morton Berger Award in 1996. Taking the Divine Master at his word to place his talents at the service of the Church, the recipient of this year's Role of Law Award started his studies for the JCL at the Catholic University of America in 1994. He sat directly behind me in class during the two summers we studied together. In fact, our honoree was the first person I ever heard use the term 1095—as if he knew what he was talking about. Come to find out, he did! Graduating from CUA in 1998 with a licentiate in canon law, our colleague has served this Society as the chair of the Marriage Research Committee, on the Board of Governors as secretary and consultor, and on tribunal review teams. He has used his education, training, and experience in psychology in numerous presentations at national and regional canon law meetings; as an advocate, promoter of justice, and judge in penal cases; and as a peritus, assessor, and judge in marriage cases. His publications in both psychology and canon law are numerous. In 1979, tonight's honoree was ordained as a permanent deacon for the Archdiocese of Dubuque. Since then, he has served as the assistant director and director of the Office of the Permanent Diaconate in Dubuque. At the national level, he has served as the treasurer and secretary of the National Association of Diaconate Directors. For the first time, the Role of Law Award is presented to a permanent deacon—and a most worthy one at that. Please join me in congratulating Deacon Gerald Jorgensen.

Reverend Kevin McKenna: Shedding Light on the Rights of the People of God

Play Episode Listen Later Jun 12, 2020 20:32

Reverend Kevin McKenna was ordained a priest for the Diocese of Rochester in 1977. After serving two parishes he was asked to study canon law at the Gregorian University in Rome, where he earned his JCL. In 1990 he earned his JCD at St. Paul University in Ottawa. Fr. McKenna served as Vice-Chancellor, Chancellor and Director of Legal Services for the Diocese of Rochester until 2000 when he was appointed pastor of St. Cecilia Church. He also served the CLSA as Vice-President, President and Past President, and was presented with the Role of Law Award in 2007. The followng year, Fr. McKenna was appointed as Pastor/Rector of Sacred Heart Cathedral Community. On top of this service to the Society and hie diocese, Fr. McKenna is author of numerous articles (such as those in America magazine) and books, including A Concise Guide to Canon Law and A Concise Guide to Catholic Social Teaching. He also serves as general editor for Ave Maria Press' Concise Guide series. Fr. McKenna is also a proud, die-hard Toronto Bluejays fans!

Rev. Kevin McKenna: Role of Law Response 2007

Play Episode Listen Later Jun 12, 2020 13:03

Sharon Euart, RSM: Role of Law Response 2015