Podcasts about spamhaus

* Cyber Attacks Target Multiple Australian Super Funds, Half Million Dollars Stolen* Intelligence Agencies Warn of "Fast Flux" Threat to National Security* SpotBugs Token Theft Revealed as Origin of Multi-Stage GitHub Supply Chain Attack* ASIC Secures Court Orders to Shut Down 95 "Hydra-Like" Scam Companies* Oracle Acknowledges "Legacy Environment" Breach After Weeks of DenialCyber Attacks Target Multiple Australian Super Funds, Half Million Dollars Stolenhttps://www.itnews.com.au/news/aussie-super-funds-targeted-by-fraudsters-using-stolen-creds-616269https://www.abc.net.au/news/2025-04-04/superannuation-cyber-attack-rest-afsa/105137820Multiple Australian superannuation funds have been hit by a wave of cyber attacks, with AustralianSuper confirming that four members have lost a combined $500,000 in retirement savings. The nation's largest retirement fund has reportedly faced approximately 600 attempted cyber attacks in the past month alone.AustralianSuper has now confirmed that "up to 600" of its members were impacted by the incident. Chief member officer Rose Kerlin stated, "This week we identified that cyber criminals may have used up to 600 members' stolen passwords to log into their accounts in attempts to commit fraud." The fund has taken "immediate action to lock these accounts" and notify affected members.Rest Super has also been impacted, with CEO Vicki Doyle confirming that "less than one percent" of its members were affected—equivalent to fewer than 20,000 accounts based on recent membership reports. Rest detected "unauthorised activity" on its member access portal "over the weekend of 29-30 March" and "responded immediately by shutting down the member access portal, undertaking investigations and launching our cyber security incident response protocols."While Rest stated that no member funds were transferred out of accounts, "limited personal information" was likely accessed. "We are in the process of contacting impacted members to work through what this means for them and provide support," Doyle said.HostPlus has confirmed it is "actively investigating the situation" but stated that "no HostPlus member losses have occurred" so far. Several other funds including Insignia and Australian Retirement were also reportedly affected.Members across multiple funds have reported difficulty accessing their accounts online, with some logging in to find alarming $0 balances displayed. The disruption has caused considerable anxiety among account holders.National cyber security coordinator Lieutenant General Michelle McGuinness confirmed that "cyber criminals are targeting individual account holders of a number of superannuation funds" and is coordinating with government agencies and industry stakeholders in response. The Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC) are engaging with all potentially impacted funds.AustralianSuper urged members to log into their accounts "to check that their bank account and contact details are correct and make sure they have a strong and unique password that is not used for other sites." The fund also noted it has been working with "the Australian Signals Directorate, the National Office of Cyber Security, regulators and other authorities" since detecting the unauthorised access.If you're a member of any of those funds, watch for official communications and be wary of potential phishing attempts that may exploit the situation.Intelligence Agencies Warn of "Fast Flux" Threat to National Securityhttps://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/fast-flux-national-security-threatMultiple intelligence agencies have issued a joint cybersecurity advisory warning organizations about a significant defensive gap in many networks against a technique known as "fast flux." The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), FBI, Australian Signals Directorate, Canadian Centre for Cyber Security, and New Zealand National Cyber Security Centre have collaborated to raise awareness about this growing threat.Fast flux is a domain-based technique that enables malicious actors to rapidly change DNS records associated with a domain, effectively concealing the locations of malicious servers and creating resilient command and control infrastructure. This makes tracking and blocking such malicious activities extremely challenging for cybersecurity professionals."This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection," states the advisory. Threat actors employ two common variants: single flux, where a single domain links to numerous rotating IP addresses, and double flux, which adds an additional layer by frequently changing the DNS name servers responsible for resolving the domain.The advisory highlights several advantages that fast flux networks provide to cybercriminals: increased resilience against takedown attempts, rendering IP blocking ineffective due to rapid address turnover, and providing anonymity that complicates investigations. Beyond command and control communications, fast flux techniques are also deployed in phishing campaigns and to maintain cybercriminal forums and marketplaces.Notably, some bulletproof hosting providers now advertise fast flux as a service differentiator. One such provider boasted on a dark web forum about protecting clients from Spamhaus blocklists through easily enabled fast flux capabilities.The advisory recommends organizations implement a multi-layered defense approach, including leveraging threat intelligence feeds, analyzing DNS query logs for anomalies, reviewing time-to-live values in DNS records, and monitoring for inconsistent geolocation. It also emphasizes the importance of DNS and IP blocking, reputation filtering, enhanced monitoring, and information sharing among cybersecurity communities."Organizations should not assume that their Protective DNS providers block malicious fast flux activity automatically, and should contact their providers to validate coverage of this specific cyber threat," the advisory warns.Intelligence agencies are urging all stakeholders—both government and providers—to collaborate in developing scalable solutions to close this ongoing security gap that enables threat actors to maintain persistent access to compromised systems while evading detection.SpotBugs Token Theft Revealed as Origin of Multi-Stage GitHub Supply Chain Attackhttps://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/Security researchers have traced the sophisticated supply chain attack that targeted Coinbase in March 2025 back to its origin point: the theft of a personal access token (PAT) associated with the popular open-source static analysis tool SpotBugs.Palo Alto Networks Unit 42 revealed in their latest update that while the attack against cryptocurrency exchange Coinbase occurred in March 2025, evidence suggests the malicious activity began as early as November 2024, demonstrating the attackers' patience and methodical approach."The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs," Unit 42 explained. This initial compromise allowed the threat actors to move laterally between repositories until gaining access to reviewdog, another open-source project that became a crucial link in the attack chain.Investigators determined that the SpotBugs maintainer was also an active contributor to the reviewdog project. When the attackers stole this maintainer's PAT, they gained the ability to push malicious code to both repositories.The breach sequence began when attackers pushed a malicious GitHub Actions workflow file to the "spotbugs/spotbugs" repository using a disposable account named "jurkaofavak." Even more concerning, this account had been invited to join the repository by one of the project maintainers on March 11, 2025 – suggesting the attackers had already compromised administrative access.Unit 42 revealed the attackers exploited a vulnerability in the repository's CI/CD process. On November 28, 2024, the SpotBugs maintainer modified a workflow in the "spotbugs/sonar-findbugs" repository to use their personal access token while troubleshooting technical difficulties. About a week later, attackers submitted a malicious pull request that exploited a GitHub Actions feature called "pull_request_target," which allows workflows from forks to access secrets like the maintainer's PAT.This compromise initiated what security experts call a "poisoned pipeline execution attack" (PPE). The stolen credentials were later used to compromise the reviewdog project, which in turn affected "tj-actions/changed-files" – a GitHub Action used by numerous organizations including Coinbase.One puzzling aspect of the attack is the three-month delay between the initial token theft and the Coinbase breach. Security researchers speculate the attackers were carefully monitoring high-value targets that depended on the compromised components before launching their attack.The SpotBugs maintainer has since confirmed the stolen PAT was the same token later used to invite the malicious account to the repository. All tokens have now been rotated to prevent further unauthorized access.Security experts remain puzzled by one aspect of the attack: "Having invested months of effort and after achieving so much, why did the attackers print the secrets to logs, and in doing so, also reveal their attack?" Unit 42 researchers noted, suggesting there may be more to this sophisticated operation than currently understood.ASIC Secures Court Orders to Shut Down 95 "Hydra-Like" Scam Companieshttps://asic.gov.au/about-asic/news-centre/find-a-media-release/2025-releases/25-052mr-asic-warns-of-threat-from-hydra-like-scammers-after-obtaining-court-orders-to-shut-down-95-companies/The Australian Securities and Investments Commission (ASIC) has successfully obtained Federal Court orders to wind up 95 companies suspected of involvement in sophisticated online investment and romance baiting scams, commonly known as "pig butchering" schemes.ASIC Deputy Chair Sarah Court warned consumers to remain vigilant when engaging with online investment websites and mobile applications, describing the scam operations as "hydra-like" – when one is shut down, two more emerge in its place."Scammers will use every tool they can think of to steal people's money and personal information," Court said. "ASIC takes action to frustrate their efforts, including by prosecuting those that help facilitate their conduct and taking down over 130 scam websites each week."The Federal Court granted ASIC's application after the regulator discovered most of the companies had been incorporated using false information. Justice Stewart described the case for winding up each company as "overwhelming," citing a justifiable lack of confidence in their conduct and management.ASIC believes many of these companies were established to provide a "veneer of credibility" by purporting to offer genuine services. The regulator has taken steps to remove numerous related websites and applications that allegedly facilitated scam activity by tricking consumers into making investments in fraudulent foreign exchange, digital assets, or commodities trading platforms.In some cases, ASIC suspects the companies were incorporated using stolen identities, highlighting the increasingly sophisticated techniques employed by scammers. These operations often create professional-looking websites and applications designed to lull victims into a false sense of security.The action represents the latest effort in ASIC's ongoing battle against investment scams. The regulator reports removing approximately 130 scam websites weekly, with more than 10,000 sites taken down to date – including 7,227 fake investment platforms, 1,564 phishing scam hyperlinks, and 1,257 cryptocurrency investment scams.Oracle Acknowledges "Legacy Environment" Breach After Weeks of Denialhttps://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolenOracle has finally admitted to select customers that attackers breached a "legacy environment" and stole client credentials, according to a Bloomberg report. The tech giant characterized the compromised data as old information from a platform last used in 2017, suggesting it poses minimal risk.However, this account conflicts with evidence provided by the threat actor from late 2024 and posted records from 2025 on a hacking forum. The attacker, known as "rose87168," listed 6 million data records for sale on BreachForums on March 20, including sample databases, LDAP information, and company lists allegedly stolen from Oracle Cloud's federated SSO login servers.Oracle has reportedly informed customers that cybersecurity firm CrowdStrike and the FBI are investigating the incident. According to cybersecurity firm CybelAngel, Oracle told clients that attackers gained access to the company's Gen 1 servers (Oracle Cloud Classic) as early as January 2025 by exploiting a 2020 Java vulnerability to deploy a web shell and additional malware.The breach, detected in late February, reportedly involved the exfiltration of data from the Oracle Identity Manager database, including user emails, hashed passwords, and usernames.When initially questioned about the leaked data, Oracle firmly stated: "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data." However, cybersecurity expert Kevin Beaumont noted this appears to be "wordplay," explaining that "Oracle rebadged old Oracle Cloud services to be Oracle Classic. Oracle Classic has the security incident." This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

In this episode of Email After Hours, spam slayer extraordinaire Sridhar Chandran, Anti-spam Consultant at the Spamhaus Project, shares the secrets to staying on Spamhaus' good side. He'll cover the importance of consent, best practices, and proper list management to maintain a good reputation. Plus, he'll reveal emerging trends in the online threat landscape, like subscription bombing and the use of AI in email.

Episode 163 contains the notable Digital Marketing News and Updates from the week of May 29 - June 2, 2023. And the show notes for this episode was generated using generative AI. And like always, I curated the articles for the show.1. Google Search Console Insights Adds New Report to Track Growing Content - Google has added a new report to Search Console Insights that track your content's growth over time. The report shows you how many impressions and clicks your content has received and how its ranking has changed. This information can help you identify your most popular content and change your content strategy to improve its performance.To access the new report, go to the Search Console Insights page and select "Your Growing Content" from the menu. The report will show you a list of your top content, along with the following information for each piece of content: Impressions: The number of times your content has been shown in Google Search results. Clicks: The number of times users have clicked on your content in Google Search results. Position: The average position of your content in Google Search results. Growth: The percentage change in impressions, clicks, and position from the previous period. You can use the information in this report to identify your most popular content and change your content strategy to improve its performance. For example, you can promote your most popular content on social media, write more content on similar topics, or optimize your content for specific keywords.2. Google Now Treats .ai Domains as Generic Top-Level Domains - Google has updated its search algorithm to treat .ai domains as generic top-level domains (gTLDs), rather than country code top-level domains (ccTLDs). This means that .ai domains will now be eligible to rank for global search queries, not just those specific to Anguilla.This is a significant change for businesses that use .ai domains. In the past, these businesses were limited to targeting local traffic. Now, they can reach a global audience with their websites and marketing campaigns.If you have a .ai domain, you can optimize your website for global search queries today. Here are a few tips: Use relevant keywords throughout your website content. Create high-quality content that will attract and engage visitors. Build backlinks from other high-quality websites. Promote your website on social media and other online channels. Following these tips can help your .ai domain rank for global search queries and reach a wider audience.3. Google Penalizes Websites with Cheap TLDs - Google's John Mueller said on Reddit that Google penalizes websites that use cheap top-level domains (TLDs). Cheap TLDs are domains that cost less than $10 per year and are often associated with spam and low-quality websites.Google's decision to penalize websites with cheap TLDs indicates that the search engine is more aggressive against spam. In recent years, Google has been cracking down on spam and low-quality websites, and this latest update is another step in that direction.If your website uses a cheap TLD, you may want to consider transferring it to a more reputable domain. This will help to improve your website's ranking in Google Search results and protect you from being penalized.How do you know which TLDs are spammy? Check out, Spamhaus.org.4. Google Launches ‘Product Studio' - Google has announced the launch of Product Studio. This free tool uses generative A.I. to create high-quality product images. Product Studio is available to all businesses, regardless of size, and can create images for various purposes, including product listings, marketing campaigns, and social media.To use Product Studio, businesses upload their product images and provide details about the product, such as the product name, category, and color. Product Studio will then use this information to generate high-quality images, including lifestyle images, product shots, and close-ups.Product Studio will be a valuable tool for businesses of all sizes. It can help businesses to save time and money on product photography, and it can help businesses to create more engaging and visually appealing product listings.It's important to note that Product Studio is currently in the pilot phase, and Google is working with a select group of retailers to test and refine it. However, they have expressed their excitement to see what's possible with this technology.5. YouTube Shopping and Discovery Product Ads Requirements - Google has clarified the requirements for YouTube Shopping ads and Discovery product ads. The new requirements are designed to help retailers understand why their ads may not perform well and how to address any issues.The new requirements for YouTube Shopping ads include the following: Your products must be eligible for sale on Google. Your products must be in stock and available for purchase. Your product prices must be accurate and competitive. Your product descriptions must be clear and concise. Your product images must be high-quality and relevant to your products. You can review the Google Shopping ads policy center and free listing policies to understand better how the policies are enforced.6. Microsoft Introduces ‘Insights' for Universal Event Tracking Tags - Microsoft has unveiled ‘insights' for Universal Event Tracking (UET) tags in an exciting development for data-driven marketers. This feature, designed to enhance your understanding of user engagement on your website, will be automatically enabled for all existing UET tags starting June 29.A Microsoft Advertising UET tag monitors visitor activities on your website following an ad click. This tag collects relevant data, empowering you to keep track of conversion objectives and create specific remarketing lists for effective audience targeting. UET tags enable the tracking of various conversion goals, such as purchases, sign-ups, downloads, and more. These goals can be configured based on criteria like visitor count to specific pages, time spent on the website, the number of pages browsed, and clicks on your mobile app, among others.The newly introduced UET Insights bring several advancements designed to provide a more in-depth understanding of user interactions on your website. These insights are integrated into a powerful dashboard that showcases crucial data such as: Overall visits to your website and the number of visits each page has received Breakdown of sessions based on country of origin and device type Data on quick backs (customers who spend only a few seconds on your website) Information on the duration visitors spend on your website Additional indicators like page latencies, interactions (clicks and scrolls), purchase cart carts specifics, cart abandonment details, and JavaScript browser errors are also included.UET Insights extend beyond providing a comprehensive understanding of your website's performance. They help enhance the effectiveness of ads through refined targeting, fraud detection, and minimizing conversion loss. This leads to a richer understanding of user behavior and website performance, resulting in more efficient advertising strategies.Activating UET Insights doesn't require coding. Existing tags were automatically updated, and any new tags created will come pre-equipped with UET Insights. Notably, there's no data sampling involved, ensuring that the information you receive is complete and representative. UET Insights does not adversely affect your site's performance, and the collected data is processed and presented almost instantly on the UET dashboard.Advertisers maintain complete control over UET Insights and can choose to turn them off if needed. Those wishing to opt out can do so through the UET Dashboard in the Microsoft Advertising platform. To learn more, visit the Microsoft Advertising help page.

We got two of the biggest names in deliverability and we had to bend their ears on all deliverability topics in the last 6 months. There's a lot going on right now in the deliverability world such as Spamhaus evolving to better serve their users, how people classify types of bounces and what is truly the best way to protect your email reputation. This is why you really need to listen to this episode because this is the BIG deliverability episode. Email's Not Dead is a podcast about how we communicate with each other and the broader world through modern technologies. Email isn't dead, but it could be if we don't change how we think about it. Hosts Jonathan Torres and Eric Trinidad dive into the email underworld and come back out with a distinctive look at the way developers and marketers send email.

Spamhaus's decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS attack later dubbed “The attack that almost broke the Internet.” The fallout from this attack led to Cyberbunker relocating to a bunker in Germany - but it was the involvement of an Irish drug lord known as 'The Penguin' that led to the bullet-proof hosting company's downfall.

If you're in the email industry you know Spamhaus. Well, luckily we've worked with Matt Stith of Spamhaus and were bringing him to your ears. Hear about the transparency Spamhaus is trying to bring to the community and know that they're super cool. Enjoy! Email's Not Dead is a podcast about how we communicate with each other and the broader world through modern technologies. Email isn't dead, but it could be if we don't change how we think about it. Hosts Jonathan Torres and Eric Trinidad dive into the email underworld and come back out with a distinctive look at the way developers and marketers send email. Download Spamhaus's e-book on deliverability - https://www.spamhaus.com/campaign/email-deliverability/ Visit us at mailgun.com

Uppvärmning/uppföljning Vi testar nya sätt och möblemang, allt för det perfekta ljudet Datormagazin Retro #6: 95% bokat. Jocke har blivit med 11” Macbook Air. Oväntat trevlig återkomst. Jocke säljer sin iMac. Köp och fynda finfin data. Spamflod från en rad nya tld:er. Jocke blockar hårt. Jocke skapar github-repo lajv! Ämnen IOS 16: Tidiga intryck? Fredrik skannar sina öron … och frilägger bilder Stickerclip - det perfekta komplementet Diffusion bee - AI-bilder som tidsfördriv, och Mac-app Film & TV Handmaids Tale säsong fem börjar denna vecka Länkar Zencastr Datormagazin retro #6 är numera i hamn! Nyhetsbrevet Uppsnappat Jockes pappas dator blev kapad - hela historien i avsnitt 323 Elvatums Macbook air När Jocke köpte tolvtummare Köp Jockes iMac Markdown med Github-smak Spamassassin Spamhaus Postfix Jockes Github-repo med blockade tld:er Octocatklistermärken Github-flavored markdown Stickerclip Diffusion bee - AI-bilder som tidsfördriv, och Mac-app DALL-E Stable diffusion Cortex pratar AI som ritar bilder Handmaid's tale, säsong fem Downstream Verge presenterar sin nya design Kollijox Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-325-vi-testar-nagot-annat-som-omvaxling.html

Bonjour à tous et bienvenue dans le ZDTech, le podcast quotidien de la rédaction de ZDNet. Je m'appelle Louis ADAM et aujourd'hui, je vais vous expliquer pourquoi le spam persiste, plus de quarante ans après son invention.  Le spam est presque aussi vieux qu'Internet, et n'est pas près de s'arrêter. Le spam, c'est le nom que l'on donne généralement aux emails indésirables qui polluent nos boîtes mail. Le nom vient d'un célèbre sketch des Monty Python parodiant les techniques publicitaires un peu lourdes d'une marque de jambon britannique. La contraction de « Spiced Ham » donne SPAM.  La première occurrence d'un spam est généralement datée de la fin des années 70. À l'époque, Internet n'existe pas encore, enfin, pas sous sa forme actuelle. Une première version du réseau connue sous le nom d'ARPANET  connecte néanmoins plusieurs milliers d'ordinateurs, généralement détenus par des universités et des centres de recherche académique. Mais l'informatique est déjà un business et la possibilité d'envoyer des e-mails donne des idées à un responsable marketing de la société DEC, qui vend des modèles d'ordinateurs.  En mai 1978, il décide d'envoyer un message à 400 utilisateurs du réseau afin de les inviter tous à une présentation de la nouvelle gamme d'ordinateurs de sa société. Un même mail envoyé à un grand nombre d'utilisateurs, pour vanter les mérites d'un produit dont les destinataires se fichent probablement : les réactions sont plutôt négatives, mais la méthode permet tout de même à la société de vendre quelques machines.  Et c'est là tout le paradoxe du spam : si celui-ci est généralement vu comme une nuisance, l'envoi massif de mails marketing à des utilisateurs permet bien souvent de générer des ventes, pour un coût tout à fait minime. Au fil des années, Internet va progressivement éclipser ARPANET et de plus en plus d'utilisateurs vont se connecter au réseau. Et le spam va gagner en importance à mesure que le nombre d'internautes grandit : en 2020, Kaspersky estimait ainsi que 50 % des emails envoyés sur le réseau pouvaient être qualifié de spam. Une estimation prudente, d'autres sources évoquant plutôt un taux de spam proche des 80 %.  Les techniques de lutte contre cette nuisance ont pourtant évolué depuis les années 80. Les fournisseurs de service mails comme Gmail ont développé des filtres puissants capables d'identifier et de bloquer les mails en amont, avant même qu'ils atteignent votre boîte mail. Des associations, comme Spamhaus ou en France Signal Spam, travaillent également à identifier et à bloquer les organisations diffusant des mails indésirables.  Mais face à cela, les cybercriminels développent aussi de nouveaux outils pour envoyer du spam et contourner les filtres mis en place. Le spam reste rentable : il permet de diffuser de la publicité pour des services et des produits réglementés, comme des médicaments, des casinos en ligne ou la pornographie. Le spam est aussi utilisé pour diffuser des escroqueries, des tentatives de phishing ou dans certains cas des logiciels malveillants.  Et tant que cela continuera à rapporter, le jeu du chat et de la souris continuera. D'autant qu'aujourd'hui,  le spam ne se limite plus aux mails : les techniques du spam peuvent également être déclinées pour les SMS, les logiciels de messagerie, ou directement sur le web. 

Do You Trust Homeland Security And The FBI For Your Cyber Security? What a week the FBI got hacked, Homeland Security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails and how are they trying to con you? And can we trust the Feds for our Cyber Security? [Following is an automated transcript] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone that's sitting there saying gee, if the FBI gets hacked, there's no way my business can possibly survive an attack. Remember that the FBI is a huge target. They have so many systems, so many people and the bad guys really would love to send email out as though they are the FBI. [00:00:47] And in fact, they did, they used the FBI's email servers to send out some of these fake emails. I thought that was funny, but be that as it may, the FBI closed. But there are things you can do to protect yourself, to protect your email. And my wife and I have been working diligently on a guide. [00:01:10] Now, that I protect businesses. I work closely with the FBI, been doing cyber security for more than 30 years. I hate to admit that. But I've been on the internet for more than 40 years. So I've been at this for a very long time and there are things you can do. [00:01:29] So we're making available a guide. So she's taken a lot of my teachings and is boiled it down. It looks like it's going to be 25 ish pages. And it's just the key things, the primary things that you can do. To stop your email from getting hacked, your bank accounts, et cetera. There are some pretty simple things you can do. [00:01:54] So we're putting that together and we're also putting together a bootcamp and both of these are free. Okay. Absolutely free. And in the bootcamp, again, this book isn't about selling you all of the, my services and stuff. It's giving you. Actionable things you can do. Yes, you can do. You don't need to be the FBI or a cybersecurity expert to do them, but five things you can do that will, I don't know, 10 X, your cybersecurity, really? [00:02:30] It's that big a deal. And it's going to take you less than an hour to do all of this stuff. So for those people who like the boot camp, so we're going to have. And one of these zoom things and we're going to do it live and I'm going to explain it to you, spleen it. And you're going to have some homework before the bootcamp, because I want you to have some skin in the game too. [00:02:56] You're not paying me or anything. So I want to make sure that you've done your homework so we can quickly. Go through all of the stuff that we need to cover in the bootcamp and people who are interested in being the example, which means they are going to get more information than anybody else. [00:03:13] You can also say, Hey, listen, yeah, please use mine as an example. So we'll look at all of these different things. We're going to focus in on that first bootcamp primarily on. The stuff with passwords, what should you do? How should you do it? How can you tell if your password has been stolen? If your email accounts been compromised, all of that sort of thing. [00:03:37] And you need to be on my email list in order to find out about this stuff. And in fact, when you sign. I've got three special reports that Karen and I wrote that are really going to be helpful for you. These are three that we've been using with our clients for years, but again, actionable. To do right, is not some marketing sales guy trying to sell you the latest, greatest piece of antivirus software that doesn't work. [00:04:09] So you can get that. If you go to Craig peterson.com right now slash subscribe. If you want the deep link, Craig peterson.com/subscribe. We'll go ahead and sign you up. I have a little automated sequence. It's going to send you the emails with all of the attachments. We got one, that's an introduction to Karen and I, you get to see both of us. [00:04:35] And it's a really cool picture of when we're on vacation one time and you can get all of that again. It's free. This is the free newsletter. This isn't the paid newsletter. Craig peterson.com. Slash subscribe. All right. So I can help you out with all of that free content. And I have lots of it. I'm on the radio every week talking about free, right. [00:04:59] And you can avoid these things. So I hate to bring up this FBI hack because as I discussed again with Karen this week I don't want people to feel like there's nothing that they can do. I have a friend, her name's Laura and she's in one of my mastermind groups. And Laura is, was listening to me because another mastermind member got hacked and it had what was it? [00:05:24] $45,000 ultimately stolen from him. And we helped him out. And so I was explaining, okay, so here's the things you can do. And. Basically all she heard was I'm never going to be able to do this. And she's a technical person. She teaches people how to become business analysts, which is pretty technical, there's a lot of steps involved in doing business and analyst work. And so I was really surprised to hear from her that she had. The securing herself was just too hard. The FBI gets hacked, et cetera. And so that's why when I came to this realization, the bottom line is, yeah. Okay. It can be hard if you're like me and you've been in doing this for 30 years, you've got the curse of knowledge, right? [00:06:16] So all of this stuff, this isn't for you. If you know everything, okay, this is for people who. Quite understand what's going on. Definitely don't understand what they should do. Don't know what they should buy. Don't know how to use the free stuff that Microsoft and apple give you and how to pull it all together. [00:06:37] That's what I want you to be able to understand, and we spend time every. Going through this and every newsletter. I have a, an opening now that is a lot about three to five minute read. If that it can be very quick read and is helping you to understand some of the things that you can and should do. [00:07:00] So you'll get that as part of the newsletter. Again, Craig peterson.com. That's in my free newsletter. You should see the paid newsletter. It's a big deal because it's your life. It's a big deal because it's your business. It's a big deal because it's your job on the line. And most of the time, and when I pick up a new client, it's somebody who's the office manager. [00:07:23] Frankly, more than your office manager, sometimes the business owner, owner operator says to the office manager, Hey, we got to do something about cybersecurity and then I get. Saying, Hey, can you do a cyber health assessment for us and that cyber health assessment, which we'll do for almost anybody out there will tell you the basic self. [00:07:46] Okay. Here's what you got to do. You've got to update this. You should turn off this software or you should do this and that with your firewall so that they have. I a little checklist, that they can run through. That's the whole idea behind one of these cyber health assessment. And then what happens is they say, okay let's talk some more and we go in and talk with them, talk with the owner. [00:08:12] Do they want to do, help them put together a more detailed plan and then they are off and running so they can do it themselves. They can hire someone, they can have us do it for them, whatever seems to make the most sense, but it's very important. To do it, to do something because sitting there trusting the Google's going to take care of you or apple or whomever, it is trusting Norton antivirus is going to take care of. [00:08:43] I was reading a quote from John McAfee. He's the guy that started the whole antivirus industry. Now, of course, he passed away not too long ago, under suspicious circumstances, but he came out and said, Hey, listen, antivirus is. Because right now this year, these weren't his stats. These are stats published. [00:09:04] You can find them online. Just duck, go them. Yeah. I don't use Google for most things. And you'll find that the antivirus is ineffective 77, 0% of the time. What do you need to do? You need to listen to me here because I am going to help keep you up to date here. Some people are auditory listeners. [00:09:23] You need to make sure that you get the newsletter so that you get the weekly updates and you find out about these free trainings and special reports that we put together. Makes sense to you and you can attend the boot camps where we cover the basically one hour meetings on zoom, just like you're used to, and we cover one or more specific topics and we do it live and we use your information. [00:09:54] The information you want us to have a, do you want us to share? So how could that be better? And it's the same sort of stuff, but deeper dives and more interactive obviously than radio. And you can listen to me here every week. I think it's important that you do, and you understand this stuff. So anyways ramble. [00:10:14] It all starts with email. How do you keep your emails safe? You might remember years ago, you, people were getting broken into and emails were sent out using their accounts. That happened decades ago and it's still happening today. Right now, Craig peterson.com. I promise you. I am not a heavy marketer. [00:10:36] Okay. You're going to get good, actionable information that you can put to use in a matter of minutes, Craig peterson.com/subscribe. Hey, stick around. I promise. I'll get you this department of Homeland security warning in just a minute. We'll be right back. [00:10:59] Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a fist sophisticated chain attack. Your, I am trying to put on this like official voice. And it didn't do so well anyways, that's what we're going to talk about. [00:11:14] This is an email that came from the department of Homeland security warning about hackers in our network. [00:11:23] Okay. The subject line here, the one I'm looking at, and this is a justice week, urgent threat. In systems read the email goes on. We tried to black hole, the transit nodes used by this advanced persistent threat actor. However, there is a huge chance you will modify as attack with fast flux technologies. I don't know if that ties into a flux capacitor or not, which he proxies through. [00:11:53] Multiple global accelerators. So this is somebody who doesn't really know what they're talking about. They're just throwing up big words. We identified the threat actor to be. Somebody whom is believed to be in of course, whom wrong usage of the word here is believed to be affiliated with the extortion gang, the dark overlord, comma, uppercase. [00:12:18] We highly recommend you to check your systems and IDs monitoring. Be where this threat actor is currently working under the inspection of the NCC. I see, as we are dependent on some of his intelligence research, we cannot interfere physically within four hours, which could be enough time to cause severe damage to your infrastructure. [00:12:44] Stay safe. USDA department of Homeland security, cyber threat detection and analysis network analysis. Total control panel. So this is classic when it comes to scammers. And the classic part is that you could do. Is the grammars bad. The wording is confusing, his punctuation is wrong and he's throwing out all whole bunch of words that are used when it comes to hackers. [00:13:20] There are things like advanced, persistent threats. That's one of the biggest problems in fact, businesses have today. But in reality, the way he used it, Incorrect now that's something I would notice cause I've been doing this stuff for more than 30 years, but the average person is never going to notice something like this. [00:13:44] So it's been pretty, in fact, pretty successful now, a little different than usual here. These fake messages don't have attachments. They don't have phone numbers. They don't have web links. Therefore what? Your email filter is not going to look at them and say, oh, these look risky. These URL links are going to risky sites. [00:14:11] I'm going to block it. That's what we do. We have the advanced email filtering from Cisco that we use for our clients, or that includes their amazing artificial intelligence for fishing and stuff. So an email like this is not go. To trigger those types of alarms. So they're saying don't panic, avoid contacting the FBI for further details and ignore the accusations that are made in the email. [00:14:39] This is so focused though. So flows is a cybersecurity company. They have a lot of stuff. They have some pretty good stuff. It's not there's not. But spam house is tracking it. Now, if you've ever been blacklisted, it's called black holing really by people who might've used your domain to send spam, or maybe you're a spammer, you've heard of spam house and I've been blacklisted before inappropriately. [00:15:07] The good news is my. That I use for emailing is about 30 years old as well. So it's got a pretty good reputation over the years, but spam house is saying now that this is a scam they've been tracking it. It's a well-known scam and it's been widely circulated. To those office managers that I said are often the people who call us when there's a cybersecurity problem, or we get calls from office managers when something doesn't look right with the emails. [00:15:44] And we have a client that had been getting these weird emails and. We were called saying, what's going on, have a look. We looked and we found all kinds of problems. So that again, an office manager approaching us and thinking everything's fine because they had Norton and they had the more advanced Symantec stuff and it didn't catch. [00:16:09] Any of this really nasty stuff, but that's part of what Spamhaus does. And they're looking at it and saying, oh, okay, wait a minute. Now we're seeing these emails come out. They are definitely not coming from fbi.gov, which is what the return address is. And so spam house tags, it spam. Assassin's going to tag it and it's not even going to make it. [00:16:37] Anything about a log on are our email filter. So a number of people have received it. If you've received this email, I'd love to know it because they really are trying to go after the people who are a little bit more into this now, how do they find them? Apparently? They have stolen the email addresses by scraping them from public sources. [00:17:03] So databases published by Aaron, for instance, the American registry for internet numbers. And I'm assigned my own number is CP 2 0 5 because I was so early on by Aaron they're the guys that have been managing. The basic internet domain stuff here in the U S for very long time. And it also doesn't mean by the way that Aaron had any sort of a breach. [00:17:28] And really just showing that the crooks behind this disinformation campaign have really been focusing on people who appear to be in network administration, because those are the email addresses and names that Aaron is going to have. So why are they doing this? Why are they sending it out into it's frankly, it's kinda hard to tell some of the emails have a QR code in them. [00:17:58] Now that is intriguing because here's how, again, how a lot of these basic email filters work, they look at it, they say what links are in there? How many links, how much of the email is a graphic? And they understand while it's going to internet bad guys.com. There's the link right there. Forget about it. [00:18:22] I'm not going to forward this email to the intended recipient, but if there's a QR code in that email to almost every email filter out through. It only looks like a graphic. So might've been a picture of your mother as far as it knows. Most of them are not very smart. So you getting an email, having a QR code in it and saying, oh, that's interesting. [00:18:47] Let's check out that QR code. That's where the hazard com. All right. So be very careful fake news like this. It's not only unfair to the people who are accused in it, which is what happened here. They can be accusing your own it department. They can be accusing. People within your department, which is typically what's happening and then what they may try and do now that you don't trust your, it people, your security people, because they're mentioned by name in the email, but remember their names are probably scraped off of a. [00:19:27] That you don't trust them. And now they attack you and you don't trust that you've been attacked. So fake news, a term coined by Hillary Clinton during hurricane campaign, but that's exactly what it is entirely fake. So this email, if you get one from Homeland security about threat actors in your systems, almost certain. [00:19:51] Fake stick around. We've got a lot more coming up. Don't forget to subscribe. Get my weekly newsletter. I'm going to be published and even more, I think probably starting next month. I'm going to be sending a couple emails out a week because I got to get you guys up to speed so that you're ready for the upcoming bootcamp. [00:20:13] Stick around. [00:20:15] Everybody knows about the chip shortage, right? Computer chips. They're just hard to find. I'm hearing all kinds of ads from Dell lately on the radio. And they're saying just buy now. They're not selling new high-end machines anymore. [00:20:30] This is a story from the verge about who has allegedly kinda stepped in about Intel's plans to increase chip production. [00:20:42] And you'd think that the white house would be encouraging chip production. Considering the shortages, the justice week, it came out Tesla hasn't been delivering their electric car. Without USB ports. Other manufacturers are no longer providing you with an electric window for your car. It's a crank window. [00:21:05] Car manufacturers did it to themselves, frankly, by stopping orders for chips during the lockdown, thinking that somehow people wouldn't need cars anymore. And yet their sales of cars went up and when they go. Yeah. Guess what happens to the price? The price goes up, right? Inflation. You have more money chasing fewer goods. [00:21:29] So they really nailed themselves. Don't feel so sorry for some of these car manufacturers. We need more chips. I mentioned one of the manufacturers of PCs, the many of us use in our offices and Jews in our homes. Dell is a good company. They have been for a long time. However, you gotta be careful when you're buying computers because Dell makes very low end computers all the way up through good solid servers. [00:21:58] Same. Thing's true with. P Hewlett, Packard, excuse me, Hewlett Packard. Remember those guys back in the day? Yeah. They also make everything from cheap computers that you never would buy should not buy all the way up through really good ones. It's like going to Walmart, you go to the Walmart and you don't want to buy any of the computer sitting there with one exception. [00:22:24] And that is the Chromebook. If you buy a mid tier Chromebook at Walmart, you're going to get a good little computer. Doesn't run windows, doesn't run Microsoft office word, et cetera, but it can still edit those documents. And it's a very good machine that is kept up to date. Just watch the price $110 Chromebook, probably isn't going to last. [00:22:48] It doesn't have much storage on it, et cetera. A $2,000 Chromebook is probably major overhead. So go somewhere in the $400 $500 range for a Chromebook, which is by the way where they're selling some of the laptops. Wouldn't those laptops, same price point. Now again, that's why I just wouldn't buy any of that. [00:23:12] So we need more chips. We need higher end chips. They are very hard to get our hands on right now. We're talking about electrification of everything. And if you've heard me on the radio during morning drive time, I've been just bemoaning how the government's putting the horse before the. They're out there saying electric, and shutting down pipelines and coal mining and coal power plants. [00:23:39] Although coal is one of the cleanest energy sources nowadays because of all of the scrubbing that's going on with the output of the coal plant. And also of course, they're, they've been stomping. Most of the nuclear plants from coming online, even though the new. Technology in nuclear is impossible to fail. [00:24:01] They use basic physics to make sure that these things aren't going to do a Jane Fonda China's syndrome thing. Okay. So it's just crazy. We don't have the electrical. Even if we put up, it would take literally millions of wind farm, our turbines, and obviously millions of rooms and fields covered with solar cells. [00:24:29] We would still need nuclear. We would still need other sources of power because the sun doesn't shine all the time and the wind doesn't blow all of the time. This is just completely backward. People aren't thinking it through. It's again, it's the knee jerk. And of course they're investing heavily. They being the congresspeople of themselves, particularly those Congress people like the Al Gore's of the world and Nancy Pelosi and Chuck Schumer, because they are forcing a move to this technology that isn't ready for prime time. [00:25:05] And at the same time, we are trying to buy electric cars. How are we going to charge them? How are we going to run our homes? It's like Europe, people froze to death last winter in Europe. It's going to happen again this year. And the thing about what happened in Texas last year. Yeah. Some of that was because they weren't prepared, but guess what else happens? [00:25:30] Sometimes the wind isn't blowing in Texas. So there's just all kinds of problems. So Intel is saying we got to increase our chip production. Intel's main business right now, by the way, he seems to be moving towards making chips on behalf of other people, other companies, rather than making their own chips. [00:25:53] Isn't that kind of interesting. And the industry, the chip fab industry, the ones that fabricate the chips, make the chips are spending about $2 billion a week. According to the latest numbers I saw to try and expand the manufactured. Apparently Intel went to the white house because they want some of our tax dollars. [00:26:17] The money they'd take at the point of a gun. They want some of that so that they can build their business, build it back better. And apparently some sources close to the situation told Bloomberg that Intel. Posed making silicone wafers in a Chinese factory, which could start production towards the end of next year. [00:26:44] But in a move that I agree with had the Biden white house, apparently Intel was strongly discouraged due to potential security issues. Yeah, no kidding. Some major security issues here. We don't want to give away our technology to make this leading edge stuff. Think about the us. We were always the country that people came to for technology. [00:27:15] I mentioned this week on the radio, the cotton gin way back when look at how much labor. That that cut look at the internal combustion engine. And again the Teamsters, the horses, the cleanup crews in New York city. All of that went goodbye pretty much because of technology and people got higher technology. [00:27:40] Jobs and everyone became more efficient and that's, what's supposed to happen right now when right now waste, basically we have stagflation in other words, prices are going up, but we're not getting any more productivity out of it. That's a real problem. And that's why they keep talking about the problems we were having in the late seventies. [00:28:01] And I remember those well, I remember gas lines sitting there in California waiting to buy gas. It was incredible what was happening out there. So Intel thinks it needs to secure funding from the federal government in order to ramp up the production. Bloomberg announced, Orwell said that Intel currently has no plans to produce silicone wafers in China after discussing it with governor. [00:28:31] Officials and it will instead consider other solutions. Now I hope those other solutions are to make those plants, those chip fab plant here in the United States. Let's put ourselves back on a leading edge footing here. Google moved its artificial intelligence lab to China talking about. Anti American thing to do moved it to China, artificial intelligence. [00:29:01] That's something we need. The us needs to be the world leader in some of these technologies. And frankly, we're not the leader anymore. It's it frankly, a. So you can check this out. It's on the verge. You'll also find it up on my website. Craig Peter sohn.com. Make sure you sign up for the newsletter so you can get all of these little trainings, five minutes a weekend can make a big difference. [00:29:33] Craig peterson.com. [00:29:35] Hey, I don't want to depress anyone, but Bitcoin is now a 13 year old teenager. And back in January, 2009, Bitcoin was priced at well. Wow. We'll get into this in just a minute. [00:29:51] Bitcoin January 3rd, 2009 is when it was launched. And E Bitcoin was priced at you ready for this point? [00:30:03] Zero 8 cents each. Okay. The and because of that, a lot of people. I have been seen we've got to get into this and that in fact, Elon Musk has been pushing up the price of another digital currency. All of the initial price increases in Bitcoin were due to fraud. [00:30:26] According to a lot of reports and we can get into those if you'd like fraud. Yeah. That's a great way to launch a whole new product. And they also played some other games. For instance, the biggest driver of Bitcoin price for a long time was crux. For ransomware. Yeah. People had to buy ransom and pay ransoms. [00:30:54] How do you pay a ransom while usually it was with Bitcoin and that meant you had to turn us dollars or other foreign currencies into Bitcoin. And as economists in the white house, don't seem to understand when there is more money tracing, a limited commodity, the price of the commodity goes up, whether it's gasoline, food, or Bitcoin, and that's exactly what happened. [00:31:27] Percentage wise, how much of an increase has there been in the value of Bitcoin? Let me see here. If I can figure this out 7 billion, 750000000% increase. Isn't that something now of course we don't all have these magical glasses that let us look forward to figure it out. Out, but it's based on this peer to peer electronic cash system that was written about by someone or a group of people that went by the pseudonym of Natasha Nakamoto. [00:32:07] And there've been a few people over the years who have claimed that they are the person that started it and maybe one of them is, and may be, none of them are who knows, but this was first published, October 31st, 2008. So about a month later is when it started to trade and it is just incredible here. [00:32:29] Bitcoin was really perceived initially. Threat by government and financial institutions. I think it's still perceived as a threat. My government, they are able to track Bitcoin and other cryptocurrencies in many cases and the way they track it as well. If you have Bitcoin, what good is it? Unless you can use the Bitcoin to either buy something or to traded for us dollars or another hard currency, that's how they're tracking. [00:33:03] Without getting into a lot of detail here, but it's interesting to look at because the Bitcoin white papers proposing a solution to prevent what they were calling double spending. And when you don't trust a third party necessarily, and that's where we got these logs, if you will, the. Balance sheets that were being used to track everything. [00:33:29] And then you had the voting, you had to have 50% of these systems that were tracking all of the transactions, agree on a transaction, et cetera. And that's actually been a problem for Bitcoin because of the. Intermediaries, you have to go through or get to approve your transaction. It's a, frankly, a problem that's really slowed down transaction. [00:33:57] So you can't just go like with a credit card and pay for something that's done. It can take your day or more. Now it's interesting that we're getting close to the ultimate limit of Bitcoin offerings. The blockchain's mind blocked number 707,000. Which by the way, offered a mining reward of six and a quarter Bitcoins. [00:34:25] So think about that. It costs you more to mine, Bitcoins than they're worth. If you're trying to do it in the Northeast. Pretty much anywhere in the United States. So don't just run out and start doing it. My son and I don't know, five, eight years ago, something like that, we decided we'd start trying to do some mining and we didn't find any Bitcoins and it was just cooking some machines. [00:34:50] And so we said, forget about it. And we gave out on it. It does have a hard cap. Then it's got a ways to go. I said, it's approaching. It is, but there's 21 million Bitcoin is the hard cap and the community that maintains the software and maintains Bitcoin because it is a committed. Has it been modifying the rules as time went around at about how many Bitcoin you get when you're mining something, into solving these problems and how the blockchain works. [00:35:26] And how many honest and dishonest mentions were in the original Bitcoin white paper and how can they reject invalid blocks? So there's a lot of technical stuff going on and it's changing. All of the time. And ultimately it's the consensus mechanism that has been slowing it. So when it costs you more to mine, a Bitcoin than you get for it. [00:35:54] So let's do a little bit of math here. If we say that how much is a Bitcoin worth right now? So we say current value of Bitcoin. I'm typing it in right now. So it's about $57,000. Per Bitcoin, if say 57,000 here we go. 57,000 times. What did I say? Six and a quarter, right? So $362,000 equivalent is what they, the person who mined this block was paying. [00:36:32] That sounds pretty good. Doesn't it? Yeah, it really does. It adds up quite quickly. But when you consider that it costs more to mine, a Bitcoin than it costs, then you get to paid for it. 350, $6,000. That's a lot of electricity on a lot of hardware. And because of that, China has. Down Bitcoin mining operations, because it uses so much electricity and in the United States and in some other countries, but here in the U S and in the UK, some of these Bitcoin mining operations have been buying. [00:37:11] Coal powered power plants, coal fired power plants so that they can produce their own electricity so they can make it worthwhile to mine. So things are going to change. They're going to be changing the rules. As I said, we've got a total of 21 million Bitcoin ultimately. And so far we've only just mined number 707,540. [00:37:38] So the interchange, the rules, I'm going to keep an eye on this cause that's an interesting one. Elon Musk, his quote is Crip. Cryptocurrency is fundamentally aimed at reducing the power of a centralized government. And that by the way, can be one of the main reasons that Bitcoin hasn't been really adopted in the mainstream yet. [00:37:58] And Ilan has all kinds of tweets. Bitcoin and other cryptocurrencies, he says, Bitcoin is my safe word. Isn't that? Something he's been primarily the guy behind Dodge coin, which is yet another crypto currency, D O G. Coyne D O G E coin doge, coin. And you can find that online. I think it has new doge even publicly traded while it's certainly traded as a crypto. [00:38:28] Okay. So doge coin right now is worth 22 cents. It's down from its month, week, and day highs. I'm looking. Here. Yeah. Yeah. So it's gone up and down. It's been worth more. Yeah. A couple of weeks ago. So that's part of the problem with it. If you don't have money that you can absolutely waste, don't buy this stuff and I'm not an investment advisor, but I've never bought any Bitcoin or any other cryptocurrency. [00:39:01] And the problem is, and from my perspective that it is not real at all. Yeah, you can say, look at this, I could have made 7000000% on that. You could do the same thing almost if you had, instead of buying a brand new Tesla model as eight years ago, seven years ago, and paying $77,000 for that. [00:39:25] If you had bought $77,000 worth of Tesla stock, you'd be in the millions of dollars in value. And so we've got the Raven company out there. I don't know if you know these guys or not. I watched a motorcycle show. They're going from the tip of south America all the way on up to San Diego. And they had this Rivy and electric truck, which is really quite cool. [00:39:52] They are public right now. They just won. And they have a market capitalization. In other words, a value of ribbon, which has only made a couple of dozen vehicles. That's it? Total. And they're owned by people who work for the company. Their market capitalization is 50% more. Then most of the major manufacturers out there, it's just crazy how much it is worth and why it's because people are looking at it saying Tesla appreciated 7000000%. [00:40:30] Ravion's going to do the same. And by the way, they are cool cars. I love the idea behind. Electric vehicles. It's just that we got the cart before the horse who don't have the electricity. We're not making the hard decisions. We're just ripping stuff out. It's absolutely crazy. By the way, they had a 15% drop in the value of their shares on Wednesday. [00:40:54] It'll go up. It'll go down. But it's w it's something we got to test remember? Okay. Cryptocurrency is not it yet of Tesla. Stock is worth something will probably always be worse. Something cryptocurrency is worth something, but tomorrow may be worth zero, and don't go crazy. These market caps of startup companies that have never done anything being worth 50% more than major us auto manufacturer. [00:41:26] What that's crazy. Visit me online. Craig peterson.com. [00:41:33] Clothing prices have been going up. In fact, apparel prices were up 4.2% in the last 12 months that as of August, we've got cotton going up. There's a whole bunch of things that are going up and a company out there called dress X thinks it has a solution for all of these prices. [00:41:58] Hi everybody. I'm Craig Peterson, your cybersecurity strategist, and all around technology guru. And you're listening to news radio w G a. I am five 60 and FM 98.5. I like to invite you to join me on the morning drive right here on w G a N Wednesday mornings at seven 30. The clothing has been going up. [00:42:26] Everything's been going up, I put some gas in my car the other day. I have a, you might know, of course, a 1980 Mercedes and my wife drives a nice little Ford edge, not a particularly big SUV, a, guest's a midsize SUV. And I put, I think it was about 15 gallon Zan and it costs me more. 55, $0. I can't believe it. [00:42:57] We used to have a little diesel little Volkswagen Passat diesel. We would drive around and we were getting pretty close to 60 miles per gallon, around town. And diesel was about a buck, a gallon, and it cost 20 bucks to fill the silly thing up. And we could drive all the way down to New York city and back on. [00:43:17] $20 worth of diesel one fill up. Okay. None of that's true anymore, is it? And we're looking at some increases. It's not like the kind of increase we've seen in certain foodstuffs or gasoline or eating oil. Apparel prices are up and there's a company out there that thinks that maybe they have a bit of a solution for you. [00:43:41] It's called dress ex I found a video online of a young lady. Who's got a lot of followers, interesting lady. And she was trying them out. She'd tried a different dress or different clothes every day for a month. No, I did not watch all of the video, but I got the basic idea. And the idea is that people are buying digital clothes. [00:44:09] Now I think of that for a minute. Would you pay for a designer? And maybe you wouldn't pay for designer dress, already and AOC is dress that she wore, the lady of the people only cost. What was it? $30,000. Per seat for her to go to that banquet. And I think her dress was like five or $6,000. [00:44:33] You can get a dress just like AOC. That's designed by a high-end fashion designer for somewhere between 40 and $60. Okay, but it's a virtual dress. It's not a real dress, not in the real world. It's interesting what they're doing and trying to do. If you have used some of these online sites like Instagram, they have various types of what they call filters. [00:45:01] So you can put a filter on you and there's like a makeup filter, for instance, that makes you look like you're all made up, it gets rid of all of the blemishes on. In, and there's other filters that do backgrounds and do different things and make you look like you're a kitty cat or whatever. They'd all kinds of crazy things. [00:45:22] This company called dress ex has now come out with filters that you can use in their app. And they don't work too well right now, but people have been buying these digital close to. Now you don't wear them out. Okay. There, this is really like the King's new clothes. You might remember that story. [00:45:46] And if all you have on are your digital clothes, you don't have anything on. However, what it does is if you're using their app and you're moving around and with their app, Paste these clothes on you. And it's a little funky right now. It's not the best, but you can bet that's exactly where it's going. [00:46:09] And it reminds me of a blues, a Bruce Willis movie. I can't remember the name of it. And it's I think really bringing up a whole type of. Dysphoria that I think people are going to have more and more where you're living in this artificial life and that artificial life that you're in now that's called SIRA gets, I was just looking up as we were talking that artificial life that you're in is so nice. [00:46:40] You don't want to live. In the real world. And I'm starting to see this now with things like dress X, which you'll find online, address x.com. You can now wear anything you want. You can use the filters that are available generally to change. Parents to change your ethnicity, to change anything you want. [00:47:04] And if you ever saw Sarah gets, it was a very interesting movie. I liked it. I watched it because I generally like Bruce Willis and Rosa Mon pike, who were the two primary actors in this movie. But in the movie, everybody was just sitting there. And they were in these 3d chairs. And while you're in that chair, you could be anybody anywhere doing anything and literally anyone. [00:47:32] And so you're sitting in the chair. If you can see around you, it looks real. It feels real everything about it is real, at least for the most part, but in reality, And none of it's real. And these people, they, some of them got out of those chairs and while they were out a nasty things happen to them. In fact, it was, he was a cop and they were investigating some murders of these people who were again, using what they were calling. [00:48:05] Sarah gets nowadays with what our friends over at face. Or doing, you are going to see it called something else. Facebook, in case you didn't know Facebook changed its name. Now Facebook is still Facebook, but the parent company like Google split off and change the company name Facebook did the same thing. [00:48:27] They're calling it. And the idea is to have this meta universe where again, just like in surrogates gets nothing is real, just like on dress ex you can wear any fashion you want to, and instead of paying thousands of dollars, you pay tens of dollars, basically. Now I mentioned that their video isn't very good. [00:48:53] At least not yet over address X, but you can go to dress X. You can take photos of yourself and send them to dress X. They will go ahead and put whatever clothes you want to be. On you it's basically. Yeah, it's Photoshopping, but they do a pretty good job in general. I looked at a whole bunch of them, but it it, it looked pretty real. [00:49:19] You don't have to consider the fit. You don't have to worry about how big you are because all of these clothes adjust, infinitely a store. Doesn't have to stock a bunch of them. So we're moving. This whole metaverse idea and these digital clothes, which are really a thing nowadays has vice said, vice.com. [00:49:43] We're moving more and more to this unreal world and some real unreal fashions too. I'm looking at some of them and it's hard to even describe them. It looks like there's all of these. Things growing all over the clothes that are coming out and just doing all kinds of weird things. So there you go. [00:50:06] I'm note on fashion. I'm looking right now at a picture that's right in front of the metropolitan museum of art in New York, and a lady is wearing one of the. Digital dresses. Now they tell you what you should be doing. And when you take that picture is aware of skin tight clothes so that they can match the digital close to you a little bit better. [00:50:31] But w we'll see, she's saying that in this. Tweet at the, in front of the mat, she's saying I just can't wait for the met gala. What it will look like in 21, 21, because you know what, she's not wrong about this. It's really coined to change. There's some real cool stuff. Go to my website. If you want to see this, you can find it on vice, but I have a link to it. [00:50:54] Just look for this. Show notes and you'll find it right there. In fact, you're getting even search for on my website because I have everything transcribed. Just look for digital clothes because there are thing now. Hey, I also want to talk a little bit here about. The the next little article, which is what's happening right now with apple. [00:51:17] And you've probably heard about these ID cards in Austria right now, they are stopping people randomly and asking for their papers. They want your papers. If you are, have not been, they call it vaccinated. It's not a vaccine. Really. It's so funny to see the CDC change to the definition of vaccine, just so it meets their jab standards. [00:51:45] But if you're not vaccinated, there's an immediate, it's about of $3,500 fine that the police officer will issue to you. And of course, there's police everywhere. Just stopping people randomly and asking for their papers. Apple is making various us states that have decided they want to use a digital ID card. [00:52:11] For customer support. And also for some of the technology. Now, the initial idea behind this and apple has been working on it for a while, is that you can have your driver's license in the iPhone wallet, app, more secure. It's certainly more convenient for most people. Sometimes you might forget your wallet, but most people don't forget their iPhones. [00:52:38] Yeah. The feature when combined with Apple's biometric security measures really could also cut down on fraud. So we've got about a half a dozen states right now that have signed up with apple and our pain part of the freight for these things. And when they pull you over and ask for your papers, you'll have them right there in your iPhone. [00:53:00] Isn't that handy stick around. We got more to talk about. Thanks for joining. Today and visit me online. Craig peterson.com. Stick around. [00:53:11] I had more than a little guilt installed in me when I was a kid. And I still hear to this day, there's a lot of people who had that right. There was your mother, maybe your father, but man this scammers are using it. [00:53:26] This new scam is an interesting one. [00:53:29] It's a consumer complaint, email scam, and it really is building on your fear of getting in trouble. At work, right? It's your fear of just basically getting in trouble? And man, my, did my mother ever beat that into me as a child. So the bad guys are using this now. Great article over at Sofos and they're naked security blog here. [00:53:59] But the goal of these criminals is really to make you feel guilty, to convince you that if you don't excuse me, that you haven't done anything, you skip doing something, you, maybe you did something wrong and you've caused a serious inconvenience, not only to the company as a whole, but to someone more important than you inside the organization. [00:54:26] Hey, I'm looking at an email right now. It's too Paul Deklan. It says, doc, I'm on my way to the sofa post office. Why didn't you inform us about the class customer complaint in PDF on you? Please call me back now. The main manager assistant is how it's signed. And it's got a link right there to what looks like a customer complaint for. [00:54:51] Supposedly in PDF. So technically this is called spear fishing. It's a targeted attack and this greets you by name and it pretends to come from a manager in your company. So they've done a little bit of research on you and on the company, and that makes it something that really pops out. And because we're all used to ignoring the Nigerian prince scams and I helped to design a system. [00:55:23] In fact, that got rid of those Nigerian prince scams and found some of the scammers. But have you ever had an angry customer who was yelling at you and said something like just you wait, I'm going to report you to your manager. It's scary. I'm going to ask like this, what did I do? I was at a McDonald's this week grabbing a double cheeseburger and the people who were running the drive-through were amazing. [00:55:54] Simply amazing. And the guy who handed me the bag was, again, really great. These, you don't see this type of person very often in so many of these lower end, if you will, jobs. And so I asked to speak to the manager. And so the guy called over his managers says, I don't know what's up. And she came over and I congratulated her on how wonderful per team was that the lady that took the order was just as pleasant and helpful as can be. [00:56:27] And the young man who handed me the food again, Greeted me nicely and just took care of everything. It was just absolutely amazing. But I could tell that he was worried about what I was going to say. Is he going to get in trouble because of something he did or didn't do with his manager? Cause he doesn't want. [00:56:49] Fired obviously, but doesn't want to get down onto her bad side. How about if you got one of these types of messages in your mailbox, because if you're feeling guilty and you're afraid of what's going to happen, they have now activated a center in your brain. Basically the lizard level of the brain that is going to cause you to make mistakes. [00:57:15] And you are going to hurry and feel guilty and click the link. It's just like that customer of ours, where he clicked the link in an email thinking it was from the better business bureau. It's the same sort of thing worried about, oh my gosh, what's going to happen here. Oh, no. Operations manager, the business. [00:57:34] It can be a lot of trouble. The owners are really going to be upset with me and he opens it up. And what is it? It's ransomware now the good news is we were protecting them and since we were protecting them, the ransomware was stopped. In its tracks and that's what you want to have happen. But they were using the same psychological tactic. [00:57:56] So we've gotta be careful, right? This is more believable than a dear colleague or hello. It's got your name in it. And when you look deeply in the headers, you'll see that it's fake. But from the basic text alone, Not so much so interesting. Interesting. Here's another one attention and your name dear you. [00:58:21] You're in big trouble. I suggest you bring your coat. When you come to the meeting, yours sincerely, and it's got the outsourcing manager's name. As a signature. So yeah. Okay. The junior staff in these outsource jobs, like the frontline support, the pressure's high, you're getting these, you're going to make mistakes. [00:58:43] So I just want to warn everyone. Watch for mistakes. Watch what you're doing. The these PDFs that they're sending you are not necessarily legit. You'll click on the link. It's going to have something that usually says something like a customer complaint PDF. You're going to download the thing. And then you're going to click on view my file. [00:59:06] And of course, preview PDF is not really going to preview the PDF. In fact, in this particular case, Sofos is saying that it was a Microsoft app bundle. Okay. It's like a PKG format. So be very careful. The other thing that we've seen a lot of, and it's still happening now is aimed at Adobe. [00:59:29] Now Adobe has had some horrible software from a cybersecurity standpoint, such as flash. You should no longer have flash on your machine at all. Apple has never directly supported flash. They never shipped it because of the major security problems and because of the issues that apple and Adobe had back and forth with each other, that's a kind of a separate thing. [00:59:55] The PDF. Component Adobe reader that so many people have, you don't need it on a Mac is really rare. You need to preview the built-in Mac reader works great. And you can fill out the forms using just preview on a windows machine that doesn't have that feature. So you've got to get the Adobe PDF component knock yourself out and get it, but be careful because. [01:00:23] It is one of the top things people are doing or using to lure you into downloading bad socks. So you can see in this particular case from Sofos, sometimes a trusted app with the check mark and it's totally bogus. Okay. If you click on trusted app, you'll see what purports to be a software bundle from Adobe in the us and the digital signals from an accounting firm in Southeast England. [01:00:56] So it's all stuff to look at. Here's the bottom line. If you get an email like this and you're not. If it claims be from your bank, the IRS, you name it, reach out to them directly. Call them look them up. Do not use a phone number that's in the email. Do not use a phone number. That's in a link page, linked page from the email. [01:01:22] Find out what their number is, call their customer support and find out if it's legit or con. Your security people to find out if it's legit, it's really that simple. Okay. Very simple. So check it out online again, this was a sofa article, but you'll see it at my website. Craig peterson.com. I also want to remind everybody in case you haven't heard, maybe it wouldn't be a reminder, right? [01:01:48] That we're doing some boot camps starting up here in about them. Free cyber-security bootcamps are goon to teach you things you can do over the course of an hour that are going to 10 X, your cybersecurity stance. That's the whole goal of the boot camps and workshops stick around. We'll be right back. [01:02:11] Craig peterson.com. [01:02:13] What are the features these secure email providers are providing? What are the costs? Which ones might you want to consider? We're going to run through the top three right now. What are their features and why would you want to use them? [01:02:30] We started talking a little bit about proton mail, some of the real basics here, and it is still the kind of 800 pound gorilla when it comes to secure email, finally they had to capitulate to the Swiss court because they are located in Switzerland. [01:02:49] So just goes to show that even being Swiss doesn't mean that it is. Completely secured, then there's a difference too. I want to point out between having a government issue, a subpoena and a court order to have your information revealed. There's a big difference between that and a hacker who's trying to hack you and get into your life. [01:03:16] So I think most of us understand that we need to be secure in our documents. We need to have that privacy is guaranteed to us from the constitution, but we also need to have one more level of security, which is okay. How. The hackers. So having a hack free life means you there's a lot of things that you have to be concerned about, email being one of them. [01:03:43] So I'm not too worried about proton mail and the fact that they had a court order to. Provide IP addresses for a specific group of people. And it was a very small group and I can see that. I can agree with that. Proton mail does have a free version. That's the one I have because I want to try it out. [01:04:06] And it has a 500 megabytes of free. The storage, you can get up to 20 gigabytes and proton mail starts at $4 a month. It has end-to-end encryption, which is really important. Again, it means from you all the way to the recipient, all three of these that I'm going to talk about have end-to-end encryption. [01:04:32] They also all have. Two-factor authentication. Remember when we're talking about two factor authentication, a lot of places try to pass off this thing where they send you a text message with a number in it. They try and pass that off as two factor authentication. Yeah, it is a type of two factor authentication, but it's not a. [01:04:53] If you're already doing something like maybe you've got cryptocurrency, you are potentially not only under attack, but I'm very hackable. If you're using a text message in order to verify who you are. So that's an important thing to remember. Proton mail has self-destructing messages, which is a very big thing, very positive. [01:05:18] It tends to be expensive. Proton mail being the 800 pound gorilla kinda dictates what kind of price they want to charge and they are on the more expensive. Side the web client is a little bit on the outdated side. It does not support pop three, which I doubt is an issue for any of you guys out there because nowadays the modern email clients aren't using. [01:05:45] Anyways, any more now proton mail has PGP support. I use PGP, I have a built into my Mac mail and it allows me to send and receive end to end encrypted messages. And that's something you might want to look at a plugin that uses PGP or GPG, which is effectively the same. Which allows you to send and receive encrypted email using your regular email client. [01:06:15] However, the person who's receiving it the far end has to have that PGP client or GPG client as it is. So it might not be the best idea in the world to use that. I use it and I use it for. People within the organization that I know have PGP, because again, we're dealing with third parties information. [01:06:38] We have clients and the clients trust us. So we have to be pretty darn careful with some of that stuff. So that's our first one, proton mail. It's something I've used. I know a lot of you are using it. I had so many responses to that email that I sent out to everybody talking about secure email and specifically proton mail. [01:07:00] And you guys were all telling me, Hey, listen, I'm switched on I'm away from Google forever because Google is by far the least secure of anybody you could be using out there. Now, the next one is called Tata. To U T a N OTA. So it gets just what Tatan call 10 town, tow hours, something like that, but a N O T a I'm sure you guys are gonna all send me pronunciation guides and it has again, a free version, one gigabyte. [01:07:34] So twice as much as proton mail and it doesn't really offer quite as much storage, but it starts at a dollar 18 month. Down from proton mail's four bucks a month. It also has end to end. Encryption also has two factor authentication. It has an encrypted search function, a calendar function, and aliases. I use aliases not only for my hack free life, but I use aliases because I will. [01:08:04] To use a different email address for pretty much everybody I'm dealing with. So these, this way to do that is with an alias. One of the problems here with top I, this is a German company. I bet you it's a German word. Somehow Tottan TOA is that it is injured. Germany is one of those 14 eyes countries. That means it's one of the 14 countries, large countries that share information about people online and spy on each others. [01:08:42] Citizens. See, that's how the government's gotten around it. The government have preclusions from monitoring citizens. So what did they do while they all get together, serve with the five eyes now once twenty-something eyes, but they're part of the 14 eyes agreement. So Germany, for instance, would spy on us citizens while they're in the U S. [01:09:07] And the U S will spy on German citizens while they're in Germany and all over the world. Okay. So that's a negative, however, as a general rule, the European union has pretty good privacy laws, so you're probably safe. And then the third one, which is again, the third in my priorities here too, is called counter mail. [01:09:33] Now it has. Interesting features, for instance, they have what are called Ram only servers. So the server boots up, obviously it has to boot off of some sort of a device, but once it's running, everything's in memory. So if that server loses power, it loses everything. Now that's an interesting thing to do and can be a problem if you're trying to store emails, right? [01:10:01] It has men in the middle attack protection, which all of these due to one degree or another, but counter male makes that a kind of a big deal. They have a safe box and anonymous payment systems that you can use. And it starts at $3 and 29 cents a month. They have a four gig storage limit. They do not have a free version. [01:10:23] So I liked this one counter mail, but I do use proton mail, at least for testing. Some mothers also rans here that allow you to send and receive encrypted mail. Secured mail is Zoho mail, Z O H O mail. The X, Y Z is another one post steel. So I've used Zoho before, by the way post geo P O S T E O. [01:10:51] You might want to look@mailbox.org and start mail. So there you go. Top three proton mail. That's still my recommendation. If you want some secure email and it'll cost you a bit, if you want cheaper, look at this two U T a N O T. T U T a N O T a. All right, everybody make sure you spend right now about a minute. [01:11:16] Go to Craig peterson.com and sign up for my weekly newsletter and training. [01:11:22] Is there no such an example of Silicon valley and they're a attitude of fake it until you make it, or is it the reality of Silicon valley? What's happening out there? We work in another. [01:11:43] Hi, I'm Craig Peter Sohn, cybersecurity strategist. And you're listening to me on news radio, w G a N a M five 60 and FM and 98.5. You can listen to me anytime, anywhere, just grab the tune in app and type in w G a N, or pull out your smartphone. It's all there. Theranose. How many of you guys know about therum knows they had a really great idea and it was started in 2003 by a 19 year old young lady named Elizabeth Holmes. [01:12:24] That is pretty young, but her idea was why do we need to have a whole tube or more of blood in order to do blood? With the technology we have nowadays, we should be able to just use a drop of blood and be able to test for hundreds of diseases with just a pinprick of blood. It seemed pretty incredible at the time, but she was able to. [01:12:51] Been a yarn that got a lot of people right into investing in her company. We're talking about nearly a billion dollars in capital that was put into their nose. How could she have fooled all of these people or was she fooling them? Was she doing what you expect to have done in Silicon valley? That is in fact the argument that her attorneys are using right now. [01:13:21] She is on trial because this company Theranose was never able to produce and tests. They could just take out a drop of blood and run hundreds of tests on it. And there's a lot of evidence that has come out that has shown in fact, a great little documentary that I watched not little on her and the company Theranose. [01:13:47] That showed that they had in fact, been taking vials of blood and using other people's equipment, not the Theranose equipment to do the valuations of the blood, to look for diseases, to look for things like vitamin D deficiency that is in fact, something that could have helped with this whole COVID-19 thing. [01:14:10] A real quick. Check a vitamin D levels in your blood, but what happened? Elizabeth Holmes was really a great talker. She was able to convince a lot of people and a lot of businesses, including Walgreens to invest in her. Not only did she have Walgreens invest in her, but some of the biggest names that you can think of in the investing community, including Rupert Murdoch, he invested in fairness. [01:14:41] Now her argument in her, or at least her attorney's argument is, Hey, listen, we're not doing anything differently than any other Silicon valley company that's out there. It's this whole creed that they have of fake it until you make it. Is that legit. Is it just one more live from Silicon valley? There's a great article that was in Forbes, talking about some of these, what are called unicorns. [01:15:11] These are companies that are startups and are taken under the wing by investors, starting with angels, and then moving into venture capitalist, actually, even before angel. Friends and family and moving into venture capitalist positions, and then eventually public companies, all of these businesses really required proof before they got any funding. [01:15:37] So here's an example from Forbes, Airbnb. Obviously they, hadn't what we consider today to be a rather unique business model. But it had been tried before. The whole assumption was that people would rent rooms in their homes on this huge scale, but they didn't have any. They were the first to make it in this global trend, they built up this whole idea of becoming a hotelier yourself with your home. [01:16:08] But when the founder, Brian Chesky tried to get angel capital, he did not get a dime. He had to prove that renters were interested and people were interested in renting out their homes and that he could pull them together. Once he proved that, then he was able to get the money and prove is you. To have a viable business. [01:16:34] First, it's really rare that you don't have to, Facebook was started by Zuckerberg now, all of those stories, but the whole idea was having Harvard students connect with the. And then he expanded it to students and other universities and then expanded it to the world at large, his natural initial investors, like most are friends and family, people who give the money to you because they want to see you successful. [01:17:01] Eventually. Zuckerberg was able to prove it and get money from Silicon valley. And then VCs, I'm not getting into any of the ethics of how he did it or any of these other people that had Google. Google was started by these two Stanford students page and Brin, and they got angel capital from investors. [01:17:24] And, but these investors were different than most the investors into Google, where people who were already very successful in the computer industry and could understand the ideas behind the algorithm and believed in page and Brynn and that they could grow this company. Microsoft. Again, another company that started with a extremely questionable methods was started by gates. [01:17:52] And now. They didn't have any VCs, either. They started by running programs for other people. They convinced IBM that they needed to license an operating system from Microsoft and Microsoft didn't even have the rights to, and then they went out and acquired it on a non-exclusive basis. IBM acquired it from Microsoft and non-excludable exclusive basis. [01:18:15] Then they got VC money after they started to take off. Okay. Amazon was started by bayzos with funding from his family and small investors from Seattle. He got a VC from Silicon valley after he launched and was already earning thousands in revenues. Bezos had real proof. Walmart was started by Sam Walton with 25 grand from his father-in-law. [01:18:43] He built this business and financing strategy and used his skills to become one of the world's most successful companies as he grew. We work. I don't know if you've seen these. There's a great documentary out there. And we work that I watched too, but again, like Elizabeth Holmes, he was a great guy at standing in front of a group and getting investors to put money. [01:19:08] And he was even great at getting people to buy from. We work that he even started this whole, I think it was called wee life thing where he had people who would move into the building. That they were renting this office space from, and they'd all lived there. They all had their own little units and they'd get together every night and they'd eat together and have community and everything again, collapsed when they couldn't sustain the momentum. [01:19:38] And it was like a Bernie Madoff thing where he needed more money coming in order to support it. And he got incredible amounts of money from this big Japanese investor. And then we've got Theron. Elizabeth Holmes. She failed when this investigative reporter questioned whether the technology really works, the investigative reporter said, Hey, can you really do hundreds of tests reliably with just a drop of blood? [01:20:10] Why did this report, or even have to ask the question at all? How about all of these investors? Huge companies? My, including my medical field companies. How did all of them get built basically into spending about a billion dollars with her in an investor? It is a real problem. And it's a r

Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? What a week. The FBI got hacked. Homeland security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails, and how are they trying to con you? [Automated Transcript Follows] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone sitting there saying, well, gee, if the FBI gets hacked, there's no way my business can survive an attack. Remember that the FBI is a huge, huge target. They have so many systems, so many people, and the bad guys really, really would love to send an email out as though they are the FBI. [00:00:49] And, they did, they used, they used the FBI's email servers to send out some of these fake emails. I thought that was kind of funny, but be that as it may, the FBI closed. But there are things you can do to protect yourself, to protect your email. And my wife and I have been working diligently on a guide. [00:01:13] Now, you know that I protect businesses. I work closely with the FBI, been doing cyber security for more than 30 years. I kind of hate to admit it. But, uh, you know, you know, I've been on the internet for more than 40 years. So I've been at this for a very, very long time and there are things you can do. So we're making available a guide. [00:01:38] So she's taken a lot of my teachings and is boiled it down. It looks like it's going to be 25 ish pages. And it's just the essential things, the primary things that you can do. To stop your email from getting hacked, your bank accounts, et cetera. There are some pretty simple things you can do. So we're putting that together, and we're also putting together a Bootcamp and both of these are free. [00:02:07] Okay. Absolutely free. And in the bootcamp, again, this book isn't about selling you all of the, my services and stuff. It's giving you. Actionable things you can do. Yes, you can do. You don't need to be the FBI or a cybersecurity expert to do them, but five things you can do that will, I don't know, 10 X, your cybersecurity, really? [00:02:35] It it's, it's that big a deal. And it's going to take you less than an hour to do all of this stuff. So for those people who like the boot camp, so we're going to have. And, uh, you know, one of these zoom things and we're going to do it live and I'm going to explain it to you, spleen it. And you're going to have some homework before the bootcamp, because I want you to have some skin in the game too. [00:03:02] Right. You're not paying me or anything. So I want to make sure that you've done your homework so we can quickly. Go through all of the stuff that we need to cover in the boot camp and people who are interested in kind of being the example, which means they are going to get more information than anybody else. [00:03:21] You can also say, Hey, listen, uh, yeah, please use mine as an example. So we'll look at all of these different things. We're going to focus in on that first bootcamp primarily on. The stuff with passwords, you know, what should you do? How should you do it? How can you tell if your password has been stolen? If your email accounts been compromised, all of that sort of thing. [00:03:44] And you need to be on my email list in order to find out about this stuff. Right. And in fact, when you sign. I've got three special reports that Karen and I wrote that are really going to be helpful for you. These are three that we've been using with our clients for years, but again, actionable. To do right, is not some marketing sales guy trying to sell you the latest, greatest piece of antivirus software that doesn't work. [00:04:18] So you can get that. If you go to Craig peterson.com right now slash subscribe. If you want the deep link, Craig peterson.com/subscribe. We'll go ahead and sign you up. I have a little automated sequence. It's going to send you the emails with all of the attachments. We got one, that's kind of an introduction to Karen and I, you get to see both of us. [00:04:44] And, uh, it's a really cool picture of when we're on vacation one time and you can get all of that again. It's free. This is the free newsletter. This isn't the paid newsletter. Craig peterson.com. Slash subscribe. All right. So I can help you out with all of that free content. And I have lots of it. I'm on the radio every week talking about free, right. [00:05:08] And you can avoid these things. So like, I kind of hate to bring up this FBI hack because as I discussed again with Karen this week, I, I don't want people to feel like there's nothing that they can do. I have a friend, her name's Laura and she's in one of my mastermind groups. And Laura is, was listening to me because another mastermind member got hacked and it had like, what was it? [00:05:36] $45,000 ultimately stolen from him. And we helped them out. And so I was explaining, okay, so here's the things you can do. And. Basically all she heard was, uh, I'm never going to be able to do this. And, and she's a technical person. She teaches people how to become business analysts, which is pretty technical, right. [00:06:00] There's a lot of steps involved in doing business and analyst work. And so I was really surprised to hear from her that she had. The securing herself was just too hard. You know, the FBI gets hacked, et cetera. And so that's why when I came to this realization, the bottom line is, yeah. Okay. It can be hard if you're like me and you've been in doing this for 30 years, you've got the curse of knowledge, right? [00:06:30] So you, you know, all of this stuff, this isn't for you. If, if you know everything, okay, this is for people who. Quite understand what's going on. Definitely don't understand what they should do. Don't know what they should buy. They don't know how to use the free stuff that Microsoft and apple give you and how to pull it all together. [00:06:52] That's what I want you to be able to understand, and we spend time every. Going through this and every newsletter. I have a, an opening now that is a lot about three to five minute read. If that it can be very, very quick read and is helping you to understand some of the things that you can and should do. [00:07:16] So you'll get that as part of the newsletter. Again, Craig peterson.com. That's in my free newsletter. You should see the paid newsletter. Uh, it's a big deal because it's your life. It's a big deal because it's your business. It's a big deal because it's your job on the line. And most of the time, and when I pick up a new client, it's somebody who's kind of the office manager. [00:07:42] Well, frankly, more than your office manager, sometimes the business owner, you know, owner operator says to the office manager, Hey, we got to do something about cybersecurity and then I get. Saying, Hey, can you do a cyber health assessment for us and that cyber health assessment, which we'll do for almost anybody out there will tell you the basic self. [00:08:05] Okay. Here's what you got to do. You've got to update this. You should turn off this software or you should do this and that with your firewall so that they have. I a little checklist, right. That they can run through. That's the whole idea behind one of these cyber health assessment. And then what happens is they say, okay, well, let's, let's talk some more and we go in and talk with them, talk with the owner. [00:08:32] Do they want to do, help them put together a more detailed plan and then they are off and running so they can do it themselves. They can hire someone, they can have us do it for them, whatever seems to make the most sense, but it's very important. To do it, to do something because sitting there trusting the Google's going to take care of you or apple or whomever, it is, uh, you know, trusting Norton antivirus is going to take care of. [00:09:04] I was reading a quote from John McAfee. He's the guy that started the whole antivirus industry. Now, of course, he passed away not too long ago, under suspicious circumstances, but he came out and said, Hey, listen, antivirus is. Because right now this year, these weren't his stats. These are stats published. [00:09:24] You can find them online. Just duck, duck, go them. Yeah. I don't use Google for most things. Uh, and you'll find that the antivirus is ineffective 77, 0% of the time. So, what do you need to do? Well, you need to listen to me here because I am going to help keep you up to date here. Some people are auditory listeners. [00:09:46] You need to make sure that you get the newsletter so that you get the weekly updates and you find out about these free trainings and special reports that we put together. Makes sense to you and you can attend the boot camps where we cover the basically one hour meetings on zoom, just like you're used to, and we cover one or more specific topics and we do it live and we use your information. [00:10:17] The information you want us to have a, do you want us to share? So how could that be better? And it's the same sort of stuff, but deeper dives and more interactive obviously than radio. And you can listen to me here every week. I think it's important that you do, and you understand this stuff. So anyways, ramble, ramble. [00:10:37] It all starts with email. How do you keep your emails safe? You might remember years ago, you, people were getting broken into and emails were sent out using their accounts. Well, that happened decades ago and it's still happening today. So. Right now, Craig peterson.com. I promise you. I am not a heavy marketer. [00:11:01] Okay. You're going to get good, actionable information that you can put to use in a matter of minutes, Craig peterson.com/subscribe. [00:11:13] Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a fist sophisticated chain attack. Your, I am trying to put on this like official voice. Right. And it didn't do so well anyways, that's what we're going to talk about, right now. [00:11:29] This is an email that came from the department of Homeland security warning about hackers in our network. [00:11:37] Okay. The subject line here, the one I'm looking at, and this is a, the justice week urgent threat. In systems read the email goes on. We tried to black hole, the transit nodes used by this advanced persistent threat actor. However, there is a huge chance you will modify as attack with fast flux technologies. [00:12:01] I don't know if that ties into a flux capacitor or not, which he proxies through. Uh, multiple global accelerators. So this is somebody who doesn't really know what they're talking about. They're just throwing up big words. We identified the threat actor to be. Somebody whom is believed to be in of course, whom wrong usage of the word here, uh, is believed to be affiliated with the extortion gang, the dark overlord, comma, uppercase. [00:12:33] We highly recommend you to check your systems and IDs monitoring. Be where this threat actor is currently working under the inspection of the MCC. I see, as we are dependent on some of his intelligence research, we cannot interfere physically within four hours, which could be enough time to cause severe damage to your infrastructure. [00:12:59] Stay safe. USDA department of Homeland security, cyber threat detection and analysis network analysis. Total control panel. So this is classic when it comes to scammers. And the classic part is that you could do. Is the grammars bad. The wording is confusing, his punctuation is wrong and he's throwing out all whole bunch of words that are used when it comes to hackers. [00:13:35] You know, there are things like advanced, persistent threats. That's one of the biggest problems in fact, businesses have today. But in reality, the way he used it, Incorrect now that's something I would notice cause I've been doing this stuff for more than 30 years, but the average person is never going to notice something like this. [00:13:59] So it's been pretty, in fact, pretty successful now, a little different than usual here. These fake messages don't have attachments. They don't have phone numbers. They don't have web links. Therefore what? Well, your email filter is not going to look at them and say, oh, these look risky. These URL links are going to risky sites. [00:14:26] I'm going to block it. Right. That's what we do. We have the advanced email filtering from Cisco that we use for our client, or that includes their amazing artificial intelligence for phishing and stuff. So an email like this is not go. To trigger those types of alarms. So they're saying don't panic, avoid contacting the FBI for further details and ignore the accusations that are made in the email. [00:14:55] This is so focused though. So is a cybersecurity company. They have, they have a lot of stuff. They have some pretty good stuff. It's not, um, there's not. But spam house is tracking it. Now, if you've ever been blacklisted, it's called black Coleen really by people who might've used your domain to send spam, or maybe you're a spammer, you've heard of spam house and I've been blacklisted before inappropriately. [00:15:25] The good news is my. That I use for emailing is about 30 years old as well. So it's got a pretty good reputation over the years, but spam house is saying now that this is a scam they've been tracking it. It's a well-known scam and it's been widely circulated. To those office managers that I said are often the people who call us when there's a cybersecurity problem, or we get calls from office managers when something doesn't look right with the emails. [00:16:01] And we have a client that had been getting these weird emails and. We were called saying, what's going on, have a look. We looked and we found all kinds of problems. Right? So that again, an office manager approaching us and thinking everything's fine because they had Norton and they had the more advanced Symantec stuff and it didn't catch. [00:16:27] Any of this really nasty stuff, but that's part of what Spamhaus does. And they're looking at it and saying, oh, okay, wait a minute. Now we're seeing these emails come out. They are definitely not coming from, uh, fbi.gov, which is what the return address is. And so spam house tags, it spam. Assassin's going to tag it and, and it's not even going to make it. [00:16:56] Anything, but a log on are our email filter. So a number of people have received it. If you've received this email, I'd love to know it because they really are trying to go after the people who are a little bit more into this now, how do they find them? Apparently? They have stolen the email addresses by scraping them from public sources. [00:17:22] So databases, uh, published by Aaron, for instance, the American registry for internet numbers. And I'm assigned my own number is CP 2 0 5 because I was so early on by Aaron they're the guys that have been managing. The basic internet domain stuff here in the U S for very long time. And it also doesn't mean by the way that Aaron had any sort of a breach. [00:17:47] And really just showing that the crooks behind this disinformation campaign have really been focusing on people who appear to be in network administration, because those are the email addresses and names that Aaron is going to have. So why are they doing this? Why are they sending it out into it's frankly, it's kinda hard to tell some of the emails have a QR code in them. [00:18:18] Now that is intriguing because here's how, again, how a lot of these basic email filters work, they look at it, they say, well, what links are in there? How many links, how much of the email is a graphic? And they understand while it's going to internet bad guys.com. There's the link right there. Forget about it. [00:18:42] I'm not going to forward this email to the intended recipient, but if there's a QR code in that email to almost every email filter out through. It only looks like a graphic. So might've been a picture of your mother as far as it knows. Most of them are not very smart. So w you getting an email, having a QR code in it and saying, oh, that's kind of interesting. [00:19:07] Let's check out that QR code. That's where the hazard com. All right. So be very, very careful fake news like this. It's not only unfair to the people who are accused in it, which is what happened here. There can be accusing your own it department. They can be accusing. People within your department, which is typically what's happening and then what they may try and do now that you don't trust your, it people, your security people, because they're mentioned by name in the email, but remember their names are probably scraped off of. [00:19:47] That you don't trust them. And now they attack you and you don't trust that you've been attacked. Right? So fake news, a term coined by Hillary Clinton during her campaign, but that's exactly what it is entirely fake. So this email, if you get one from Homeland security about threat actors in your systems, almost certain. [00:20:12] Fake fake, fake, fake stick around. We've got a lot more coming up. Don't forget to subscribe. Get my weekly newsletter. I'm going to be published and even more, I think probably starting next month. I'm going to be sending a couple emails out a week because I got to get you guys up to speed so that you're ready for the upcoming bootcamp. [00:20:35] Everybody knows about the chip shortage, right? Uh, computer chips. They're just hard to find. I'm hearing all kinds of ads from Dell lately on the radio. And they're saying just buy now. Well, they're not selling new high-end machines anymore. The white house. This is a story from the verge has allegedly kinda stepped in about Intel's plans to increase chip production. [00:21:04] And you'd think that the white house would be encouraging chip production. Considering the shortages, the justice week, it came out Tesla hasn't been delivering their electric cars. Without USB ports. Other manufacturers are no longer providing you with an electric window for your car. It's a crank window. [00:21:28] Car manufacturers did it to themselves, frankly, by stopping orders for chips during the lockdown, thinking that somehow people wouldn't need cars anymore. And yet their sales of cars went up and when they go. Yeah. Guess what happens to the price? The price goes up, right? Inflation. You have more money chasing fewer goods. [00:21:52] So they really nailed themselves. Don't feel so sorry for some of these car manufacturers. We need more chips. I mentioned one of the manufacturers of PCs, the many of us use in our offices and, and Jews in our homes. Dell is a good company. They have been for a long time. However, you gotta be careful when you're buying computers because Dell makes very low end computers all the way up through good solid servers. [00:22:22] Same. Thing's true with. P Hewlett, Packard, excuse me, Hewlett Packard. Remember those guys back in the day? Yeah. They also make everything from cheap computers that you never would buy should not buy all the way up through really good ones. It's kind of like going to Walmart, you go to the Walmart and you don't want to buy any of the computer sitting there with one exception. [00:22:48] And that is the Chromebook. If you buy a mid tier Chromebook at Walmart, you're going to get a good little computer. Doesn't run windows, doesn't run Microsoft office word, et cetera, but it can still edit those documents. And it's a very good machine that is kept up to date. Just watch the price $110 Chromebook, probably isn't going to last. [00:23:12] It doesn't have much storage on it, et cetera. A $2,000 Chromebook is probably major overhead. So go somewhere in the $400 $500 range for a Chromebook, which is by the way where they're selling some of the laptops, windows, laptops, same price point. I, again, that's why I just wouldn't buy any of that. So we need more chips. [00:23:37] We need higher end chips. They are very hard to get our hands on right now. We're talking about electrification of everything. And if you've heard me on the radio during morning drive time, you know, I've been just bemoaning how the government's putting the horse before the. They're out there saying electric, electric, electric, and shutting down pipelines and coal mining and coal power plants. [00:24:04] Although coal is one of the cleanest energy sources nowadays because of all of the scrubbing that's going on with the output of the coal plant. And also of course, they're, they've been stomping. Most of the nuclear plants from coming online, even though the new. Technology in nuclear is impossible to fail. [00:24:26] They use basic physics to make sure that these things aren't going to do a Jane Fonda, a China's syndrome thing. Okay. So it's just crazy. We don't have the electrical. Even if we put up, it would take literally millions of wind farm, our turbines, and obviously millions of rooms and fields covered with solar cells. [00:24:54] We would still need nuclear. We would still need other sources of power because the sun doesn't shine all the time and the wind doesn't blow all of the time. This is just completely backwards. People aren't thinking it through. It's again, it's the knee jerk. And of course they're investing heavily. They being the Congress, people of themselves, particularly those Congress people like the Al Gore's of the world and Nancy Pelosi and Chuck Schumer, because they are forcing a move to this technology that isn't ready for prime time. [00:25:31] And at the same time, we are trying to buy electric cars. How are we going to charge them? How are we going to run our homes? It's like Europe, people froze to death last winter in Europe. It's going to happen again this year. And the thing about what happened in Texas last year. Yes. Some of that was because they weren't prepared, but guess what else happens? [00:25:55] Sometimes the wind isn't blowing in Texas. So there's, there's just all kinds of problems. So Intel is saying, well, we got to increase our chip production. Intel's main business right now, by the way, seems to be moving towards making chips on behalf of other people, other companies, rather than making their own chips. [00:26:20] Isn't that kind of interesting. And the industry, the chip fab industry, the ones that fabricate the chips, make the chips are spending about $2 billion a week. According to the latest numbers I saw to try and expand the manufactured. Well, apparently Intel went to the white house because they want some of our tax dollars. [00:26:44] You know, the money they'd take at the point of a gun. They want some of that so that they can build their business, build it back better. And apparently some sources close to the situation told Bloomberg that Intel. Posed making silicone wafers in a Chinese factory, which could start production towards the end of next year. [00:27:12] But in a move that I agree with had the Biden white house, apparently Intel was strongly discouraged due to potential security issues. Yeah, no kidding. Some major security issues here. We don't want to give away our technology to make this leading edge stuff. Think about the U S. We were always the country that people came to for technology. [00:27:43] I mentioned this week on the radio, the cotton gin way back when look at how much labor. That, uh, that cut look at the internal combustion engine. And again, the Teamsters, the horses, the cleanup crews in New York city. Right. All of that went goodbye pretty much because of technology and people got higher technology. [00:28:10] Jobs and everyone became more efficient and that's, what's supposed to happen right now when right now based basically we have stagflation in other words, prices are going up, but we're not getting any more productivity out of it. That's a real problem. And that's why they keep talking about the problems we were having in the late seventies. [00:28:31] And I remember those well, I remember gas lines sitting there in California waiting to buy gas. It was incredible what was happening out there. So Intel thinks it needs to secure funding from the federal government in order to ramp up the production. Bloomberg announced, Orwell said that Intel currently has no plans to produce silicone wafers in China after discussing it with governor. [00:29:01] Officials and it will instead consider other solutions. Now I hope those other solutions are to make those plants, those chip fab plant here in the United States. Let's put ourselves back on a leading edge footing here. Google moved its artificial intelligence lab to China talking about. Anti American thing to do moved it to China, artificial intelligence. [00:29:31] That's something we need. The us needs to be the world leader in some of these technologies. And frankly, we're not the leader anymore. It's it frankly, a shame. So you can check this out. It's on the verge. You'll also find it up on my website. Craig peterson.com. Make sure you sign up for the newsletter so you can get all of these little trainings, you know, five minutes a weekend can make a big difference. [00:30:03] Craig peterson.com. [00:30:05] Hey, I don't want to depress anyone, but Bitcoin is now a 13 year old teenager. And back in January, 2009, Bitcoin was priced at well. Wow. [00:30:19] January 3rd, 2009 is when it was launched. And E Bitcoin was priced at you ready for this point? [00:30:30] Zero 8 cents each. Okay. So, uh, the, uh, uh, and because of that, a lot of people. I have been seen, well, you know, we, we've got to get into this and that in fact, Elon Musk has been kind of pushing up the price of another digital currency. All of the initial price increases in Bitcoin were due to fraud. [00:30:57] According to a lot of reports and we can get into those if you'd like fraud. Yeah. That's a great way to launch a whole new product. And they also played some other games. For instance, the biggest driver of Bitcoin price for a long time was crux. For ransomware. Yeah. People had to buy ransom and pay ransoms. [00:31:25] How do you pay a ransom while usually it was with Bitcoin and that meant you had to turn us dollars or other foreign currencies into Bitcoin. And as economists in the white house, don't seem to understand when there is more money tracing, a limited commodity, the price of the commodity goes up, whether it's gasoline, food, or Bitcoin, and that's exactly what happened. [00:31:58] Percentage wise, how much of an increase has there been in the value of Bitcoin? Um, uh, let me see here. You see if I can figure this out 7 billion, 750000000% increase. Isn't that something now of course we don't all have these magical glasses that let us look forward to kind of figure it out. Out, but it's based on this peer to peer electronic cash system that was written about by, uh, someone or a group of people that went by the pseudonym of Natasha Nakamoto. [00:32:42] And there've been a few people over the years who have claimed that they are the person that started it and maybe one of them is, and may be, none of them are who knows, but this was first published, October 31st, 2008. So about a month later is when it started to trade and it is just incredible here. [00:33:04] Bitcoin was really perceived initially. Threat by government and financial institutions. I think it's still perceived as a threat. My government, they are able to track Bitcoin and other cryptocurrencies in many cases and the way they track it as well. If you have Bitcoin, what good is it? Unless you can use the Bitcoin to either buy something or to traded for us dollars or another hard currency, that's how they're tracking. [00:33:38] Without getting into a lot of detail here, but it's interesting to look at because the Bitcoin white papers proposing a solution to prevent what they were calling double spending. And when you don't trust a third party necessarily, and that's where we got these logs, if you will, the. Uh, balance sheets that were being used to track everything. [00:34:06] And then you had the voting, you had to have 50% of these systems that were tracking all of the transactions, agree on a transaction, et cetera. And that's actually been a problem for Bitcoin because of the. Intermediaries, you have to go through or get to approve your transaction. It's a, frankly, a problem that's really slowed down transaction. [00:34:34] So you can't just go like with a credit card and pay for something that's done. It can take your day or more. Now it's interesting that we're getting close to the ultimate limit of Bitcoin offerings. The blockchains mind blocked number 707,000. Which by the way, offered a mining reward of six and a quarter Bitcoins. [00:35:01] So think about that. Well, it costs you more to mine, Bitcoins than they're worth. If you're trying to do it in the Northeast. Pretty much anywhere in the United States. So don't just run out and start doing it. My son and I, I don't know, five, eight years ago, something like that, we decided we'd start trying to do some mining and we did, and we didn't find any Bitcoins and it was just cooking some machines. [00:35:28] And so we said, forget about it. And we gave out on it. It does have a hard cap. Then it's got a ways to go. I said, it's approaching. It is, but there's 21 million Bitcoin is the hard cap and the community that maintains the software and maintains Bitcoin because it is a committed. Has it been modifying the rules as time went around at about how many Bitcoin you get when you're mining something, into solving these problems and, and how the blockchain works and how many honest and dishonest mentions were in the original Bitcoin white paper and how can they reject invalid blocks? [00:36:18] So there's a lot of technical stuff going on and it's changing. All of the time. And ultimately it's the consensus mechanism that has been slowing it. So when it costs you more to mine, a Bitcoin than you get for it. So let's do a little bit of math here. If we say that how much is a Bitcoin worth right now? [00:36:42] So we say current value of Bitcoin. I'm typing it in right now. So it's about $57,000. Per Bitcoin. If we say 57,000, uh, here we go. 57,000 times, what did I say? Six and a quarter, right? So $362,000 equivalent is what they, the person who mined this block was paying. That sounds pretty good. Doesn't it? Yeah, it really does. [00:37:17] It adds up quite, quite quickly. But when you consider that it costs more to mine, a Bitcoin than it costs, then you, then you get to paid for it. 350, $6,000. That's a lot of electricity on a lot of hardware. And because of that, China has. Down Bitcoin mining operations, because it uses so much electricity and in the United States and in some other countries, but here in the U S and in the UK, some of these Bitcoin mining operations have been buying. [00:37:54] Coal powered power plants, coal fired power plants so that they can produce their own electricity so they can make it worthwhile to mine. So things are going to change. They're going to be changing the rules. As I said, we've got a total of 21 million Bitcoin ultimately. And so far we've only just mined numbers, 707,540. [00:38:21] So the interchange, the rules, I'm going to keep an eye on this because that's kind of an interesting one. Elon Musk, his quote is Crip. Cryptocurrency is fundamentally aimed at reducing the power of a centralized government. And that by the way, can be one of the main reasons that Bitcoin hasn't been really adopted in the mainstream yet. [00:38:42] And Ilan has all kinds of tweets. Bitcoin and other cryptocurrencies, he says, Bitcoin is my safe word. Isn't that? Something he's been primarily the guy behind Dodge coin, which is yet another crypto currency, D O G. Coyne D O G E coin doge, I guess, coin. And you can find that online. I think it has new doge even publicly traded while it's certainly traded as a crypto. [00:39:12] Okay. So doge coin right now is worth 22 cents. It's down from its month, week, and day highs. I'm looking. Here. Yeah. Yeah. So it's gone up and down. It's been worth more. Yeah. A couple of weeks ago. So that's part of the problem with it. If you don't have money that you can absolutely waste, don't buy this stuff and I'm not an investment advisor, but I've never bought any Bitcoin or any other cryptocurrency. [00:39:46] And the problem is, and from my perspective that it is not real at all. Yeah, you can say, look at this, I could have made 7000000% on that. Well, you could do the same thing almost if you had, instead of buying a brand new Tesla model as, uh, you know, eight years ago, seven years ago, and paying $77,000 for that. [00:40:11] If you had bought $77,000 worth of Tesla stock, you'd be in the millions of dollars in value. Right? And so we've got the Raven company out there. I don't know if you know these guys or not. I watched a motorcycle show. They're going from the tip of south America all the way on up to San Diego. And they had this reveal and electric truck, which is really quite cool. [00:40:39] Well, they are public right now. They just won. And they have a market capitalization. In other words, a value of ribbon, which has only made a couple of dozen vehicles. That's it? Total. And they're owned by people who work for the company. Their market capitalization is 50% more. Then most of the major manufacturers out there, it's just crazy how much it is worth and why it's because people are looking at it saying, well, Tesla appreciated 7000000%. [00:41:19] Ravion's going to do the same. And by the way, they are cool cars. I love the idea behind. Uh, you know, electric vehicles. It's just that we got the cart before the horse who don't have the electricity. We're not making the hard decisions. We're just ripping stuff out. It's absolutely crazy. By the way, they had a 15% drop in the value of their shares on Wednesday. [00:41:45] Uh, it'll go up. It'll go down. But it's, uh, w it's something we got to test remember? Okay. Cryptocurrency is not it yet of Tesla. Stock is worth something will probably always be worse. Something cryptocurrency is worth something, but tomorrow may be worth zero, and don't go crazy. These market caps of startup companies that have never done anything being worth 50% more than major us auto manufacturer. [00:42:18] What that's crazy. [00:42:19] Clothing prices have been going up. In fact, apparel prices were up 4.2% in the last 12 months. That's as of August, we've got cotton going up. There's a whole bunch of things that are going up and a company out there called dress X thinks it has a solution for all of these prices. [00:42:40] Everything's been going up, I put some gas in my car the other day. I have a, you might know, of course, a 1980 Mercedes and my wife drives a nice little Ford edge, not a particularly big SUV, kind of a guess a mid-size SUV. And I put, I think it was about 15 gallon Zan and it costs me more. 55, $0. I can't believe it. [00:43:12] We used to have a little diesel little Volkswagen Passat diesel. We would drive around and we were getting pretty close to 60 miles per gallon, around town. And diesel was about a buck, a gallon, and it cost 20 bucks to fill the silly thing up. And we could drive all the way down to New York city and back on. [00:43:31] $20 worth of diesel one fill up. Okay. Uh, none of that's true anymore, is it? And we're looking at some increases. It's not like the kind of increase we've seen in certain foodstuffs or gasoline or eating oil. Apparel prices are up and there there's a company out there that thinks that maybe they have a bit of a solution for you. [00:43:56] It's called dress ex I found a video online of a young lady. Who's got a lot of followers, interesting lady. And she was trying them out. She'd tried a different dress or different clothes every day for a month. No, I did not watch all of the video, but I got the basic idea. And the idea is that people are buying digital clothes. [00:44:25] Now I think of that for a minute. Would you pay for a designer? And maybe you would, maybe you wouldn't pay for designer dress, but you know, already like, and AOC is dress that she wore, you know, the lady of the people, uh, only cost. What, w what is it? $30,000. Per seat for her to go to that banquet. And I think her dress was like five or $6,000. [00:44:53] Well, you can get a dress just like AOC. That's designed by a high-end fashion designer for somewhere between 40 and $60. Okay, but it's a virtual dress. It's not a real dress, not in the real world. It's interesting what they're doing and trying to do. If you have used some of these online sites like Instagram, they have various types of what they call filters. [00:45:21] So you can put a filter on you and there's like a makeup filter, for instance, that makes you look like you're all made up, right. That gets rid of all of the blemishes on. In, and there's other filters that do backgrounds and do different things and make you look like you're a kitty cat or whatever. [00:45:41] They'd all kinds of crazy things. Well, this company called dress ex has now come out with filters that you can use in their app. And they don't work too well right now, but people have been buying these digital close to. Now you don't wear them out. Okay. This is really like the King's new clothes. You might remember that story. [00:46:06] Right. And if all you have on are your digital clothes, you don't have anything on. However, what it does is if you're using their app and you're moving around, uh, and with their app, Paste these clothes on you. And it's a little funky right now. It's not the best, but you can bet that's exactly where it's going. [00:46:32] And it reminds me of a blues, Bruce Willis movie. Can't remember the name of it. And, uh, it's I think really bringing up a whole, a whole type of. Dysphoria that I think people are going to have more and more where you're living in this artificial life and that artificial life that you're in now that's called SIRA gets, I was just looking up as we were talking, uh, that artificial life that you're in is so nice. [00:47:05] You don't want to live. In the real world. And I'm starting to see this now with things like dress X, which you'll find online, address x.com. You can now wear anything you want. You can use the filters that are available generally to change. Parents to change your ethnicity, to change anything you want. [00:47:28] And if you ever saw Sarah gets, it was a very interesting movie. I liked it. I watched it because I generally like Bruce Willis and Rosa Mon pike, who were the two primary actors in this movie. But in the movie, everybody was just sitting there. And they were in these 3d chairs. And while you're in that chair, you could be anybody anywhere doing anything and literally anyone. [00:47:57] And so you're sitting in the chair, you can see around you, it looks real, it feels real everything about it is real, at least for the most part, but in reality, And none of it's real. And these people, they, some of them got out of those chairs and while they were out a nasty things happen to them. In fact, it was, he was a cop and they were, uh, investigating some murders of these people who were again, using what they were calling. [00:48:30] Sarah gets nowadays with what our friends over at face. Or doing, you are going to see it called something else. Uh, Facebook, in case you didn't know Facebook changed its name. Now Facebook, Facebook is still Facebook, but the parent company kind of like Google split kind of off and change the company name, uh, Facebook did the same thing. [00:48:56] They're calling it. And the idea is to have this meta universe where again, just like in surrogates, nothing is real, just like on dress ex you can wear any fashions you want to, and instead of paying thousands of dollars, you pay tens of dollars, basically. Now I mentioned that their video isn't very good. [00:49:21] At least not yet over address X, but you can go to dress X. You can take photos of yourself and send them to dress X. They will go ahead and put whatever clothes you want to be. On you it's basically. Yeah, it's Photoshopping, but they do a pretty good job in general. I looked at a whole bunch of them, but it, uh, you know, it, it looked pretty real. [00:49:48] You don't have to consider the fit. You don't have to worry about how big you are because all of these clothes adjust, infinitely a store. Doesn't have to stock a bunch of them. So we're moving. This whole metaverse idea and these digital clothes, which are really a thing nowadays is vice said, vice.com. [00:50:12] We're moving more and more to this unreal world and some real unreal fashions too. I'm looking at some of them and it's, it's hard to even describe them. It looks like there's all of these. Things growing all over the clothes that are coming out and just doing all kinds of weird things. So there you go. [00:50:36] I'm note on fashion. I'm looking right now at a picture that's right in front of the metropolitan museum of art in New York, and a lady is wearing one of the. Digital dresses. Now they tell you what you should be doing. And when you take that picture is aware of skin tight clothes so that they can match the digital close to you a little bit better. [00:51:01] But, uh, w w we'll see, she's saying that in this project, Tweet at the, in front of the mat, she's saying I just can't wait for the met gala. What it'll look like in 21, 21, because you know what, she's not wrong about this. It's really coined to change. There's some real cool stuff. Go to my website. If you want to see this, you can find it on vice, but I have a link to it. [00:51:24] Just look for this. Show notes and you'll find it right there. In fact, you're getting even search for on my website because I have everything transcribed. Just look for digital clothes because there are thing now. Hey, I also want to talk a little bit here about. The, uh, the next little article, which is what's happening right now with apple. [00:51:48] And you've probably heard about these ID cards in Austria right now, they are stopping people randomly and asking for their papers. They want your papers. If you are, have not been, they call it vaccinated. It's not a vaccine. Really. It's still funny to see the CDC change to the definition of vaccine, just so it meets their jab standards. [00:52:16] But, uh, if you're not vaccinated, there's an immediate, it's about of $3,500 fine that the police officer will issue to you. And of course, there's police everywhere. Just stopping people randomly and asking for their papers. Well, apple is making various us states that have decided they want to use a digital ID card. [00:52:43] For customer support and also for some of the technology. Now, the initial idea behind this, and Apple's been working on it for a while, is that you can have your driver's license in the iPhone wallet, app, more secure. It's certainly more convenient for most people. Sometimes you might forget your wallet, but most people don't forget their iPhones. [00:53:10] Yeah. The feature when combined with Apple's biometric security measures really could also cut down on fraud. So we've got about a half a dozen states right now that have signed up with apple and our pain part of the freight for these things. And when they pull you over and ask for your papers, you'll have them right there in your iPhone. [00:53:32] Isn't that handy stick around. We got more to talk about. Thanks for joining. Today and visit me online. Craig peterson.com. Stick around.

Today's episode on spam is read by the illustrious Joel Rennich. Spam is irrelevant or inappropriate and unsolicited messages usually sent to a large number of recipients through electronic means. And while we probably think of spam as something new today, it's worth noting that the first documented piece of spam was sent in 1864 - through the telegraph. With the advent of new technologies like the fax machine and telephone, messages and unsolicited calls were quick to show up. Ray Tomlinson is widely accepted as the inventor of email, developing the first mail application in 1971 for the ARPANET. It took longer than one might expect to get abused, likely because it was mostly researchers and people from the military industrial research community. Then in 1978, Gary Thuerk at Digital Equipment Corporation decided to send out a message about the new VAX computer being released by Digital. At the time, there were 2,600 email accounts on ARPANET and his message found its way to 400 of them. That's a little over 15% of the Internet at the time. Can you imagine sending a message to 15% of the Internet today? That would be nearly 600 million people. But it worked. Supposedly he closed $12 million in deals despite rampant complaints back to the Defense Department. But it was too late; the damage was done. He proved that unsolicited junk mail would be a way to sell products. Others caught on. Like Dave Rhodes who popularized MAKE MONEY FAST chains in the 1988. Maybe not a real name but pyramid schemes probably go back to the pyramids so we might as well have them on the Internets. By 1993 unsolicited email was enough of an issue that we started calling it spam. That came from the Monty Python skit where Vikings in a cafe and spam was on everything on the menu. That spam was in reference to canned meat made of pork, sugar, water, salt, potato starch, and sodium nitrate that was originally developed by Jay Hormel in 1937 and due to how cheap and easy it was found itself part of a cultural shift in America. Spam came out of Austin, Minnesota. Jay's dad George incorporated Hormel in 1901 to process hogs and beef and developed canned lunchmeat that evolved into what we think of as Spam today. It was spiced ham, thus spam. During World War II, Spam would find its way to GIs fighting the war and Spam found its way to England and countries the war was being fought in. It was durable and could sit on a shelf for moths. From there it ended up in school lunches, and after fishing sanctions on Japanese-Americans in Hawaii restricted the foods they could haul in, spam found its way there and some countries grew to rely on it due to displaced residents following the war. And yet, it remains a point of scorn in some cases. As the Monty Python sketch mentions, spam was ubiquitous, unavoidable, and repetitive. Same with spam through our email. We rely on email. We need it. Email was the first real, killer app for the Internet. We communicate through it constantly. Despite the gelatinous meat we sometimes get when we expect we're about to land that big deal when we hear the chime that our email client got a new message. It's just unavoidable. That's why a repetitive poster on a list had his messages called spam and the use just grew from there. Spam isn't exclusive to email. Laurence Canter and Martha Siegel sent the first commercial Usenet spam in the “Green Card” just after the NSF allowed commercial activities on the Internet. It was a simple Perl script to sell people on the idea of paying a fee to have them enroll people into the green card lottery. They made over $100,000 and even went so far as to publish a book on guerrilla marketing on the Internet. Canter got disbarred for illegal advertising in 1997. Over the years new ways have come about to try and combat spam. RBLs, or using DNS blacklists to mark hosts as unable to send blacklists and thus having port 25 blocked emerged in 1996 from the Mail Abuse Prevention System, or MAPS. Developed by Dave Rand and Paul Vixie, the list of IP addresses helped for a bit. That is, until spammers realized they could just send from a different IP. Vixie also mentioned the idea of of matching a sender claim to a mail server a message came from as a means of limiting spam, a concept that would later come up again and evolve into the Sender Policy Framework, or SPF for short. That's around the same time Steve Linford founded Spamhaus to block anyone that knowingly spams or provides services to spammers. If you have a cable modem and try to setup an email server on it you've probably had to first get them to unblock your address from their Don't Route list. The next year Mark Jeftovic created a tool called filter.plx to help filter out spam and that project got picked up by Justin Mason who uploaded his new filter to SourceForge in 2001. A filter he called SpamAssassin. Because ninjas are cooler than pirates. Paul Graham, the co-creator of Y Combinator (and author a LISP-like programming language) wrote a paper he called “A Plan for Spam” in 2002. He proposed using a Bayesian filter as antivirus software vendors used to combat spam. That would be embraced and is one of the more common methods still used to block spam. In the paper he would go into detail around how scoring of various words would work and probabilities that compared to the rest of his email that a spam would get flagged. That Bayesian filter would be added to SpamAssassin and others the next year. Dana Valerie Reese came up with the idea for matching sender claims independently and she and Vixie both sparked a conversation and the creation of the Anti-Spam Research Group in the IETF. The European Parliament released the Directive on Privacy and Electronic Communications in the EU criminalizing spam. Australia and Canada followed suit. 2003 also saw the first laws in the US regarding spam. The CAN-SPAM Act of 2003 was signed by President George Bush in 2003 and allowed the FTC to regulate unsolicited commercial emails. Here we got the double-opt-in to receive commercial messages and it didn't take long before the new law was used to prosecute spammers with Nicholas Tombros getting the dubious honor of being the first spammer convicted. What was his spam selling? Porn. He got a $10,000 fine and six months of house arrest. Fighting spam with laws turned international. Christopher Pierson was charged with malicious communication after he sent hoax emails. And even though spammers were getting fined and put in jail all the time, the amount of spam continued to increase. We had pattern filters, Bayesian filters, and even the threat of legal action. But the IETF Anti-Spam Research Group specifications were merged by Meng Weng Wong and by 2006 W. Schlitt joined the paper to form a new Internet standard called the Sender Policy Framework which lives on in RFC 7208. There are a lot of moving parts but at the heart of it, Simple Mail Transfer Protocol, or SMTP, allows sending mail from any connection over port 25 (or others if it's SSL-enabled) and allowing a message to pass requiring very little information - although the sender or sending claim is a requirement. A common troubleshooting technique used to be simply telnetting into port 25 and sending a message from an address to a mailbox on a mail server. Theoretically one could take the MX record, or the DNS record that lists the mail server to deliver mail bound for a domain to and force all outgoing mail to match that. However, due to so much spam, some companies have dedicated outbound mail servers that are different than their MX record and block outgoing mail like people might send if they're using personal mail at work. In order not to disrupt a lot of valid use cases for mail, SPF had administrators create TXT records in DNS that listed which servers could send mail on their behalf. Now a filter could check the header for the SMTP server of a given message and know that it didn't match a server that was allowed to send mail. And so a large chunk of spam was blocked. Yet people still get spam for a variety of reasons. One is that new servers go up all the time just to send junk mail. Another is that email accounts get compromised and used to send mail. Another is that mail servers get compromised. We have filters and even Bayesian and more advanced forms of machine learning. Heck, sometimes we even sign up for a list by giving our email out when buying something from a reputable site or retail vendor. Spam accounts for over 90% of the total email traffic on the Internet. This is despite blacklists, SPF, and filters. And despite the laws and threats spam continues. And it pays well. We mentioned Canter & Sigel. Shane Atkinson was sending 100 million emails per day in 2003. That doesn't happen for free. Nathan Blecharczyk, a co-founder of Airbnb paid his way through Harvard on the back of spam. Some spam sells legitimate products in illegitimate ways, as we saw with early IoT standard X10. Some is used to spread hate and disinformation, going back to Sender Argic, known for denying the Armenian genocide through newsgroups in 1994. Long before infowars existed. Peter Francis-Macrae sent spam to solicit buying domains he didn't own. He was convicted after resorting to blackmail and threats. Jody Michael Smith sold replica watches and served almost a year in prison after he got caught. Some spam is sent to get hosts loaded with malware so they could be controlled as happened with Peter Levashov, the Russian czar of the Kelihos botnet. Oleg Nikolaenko was arrested by the FBI in 2010 for spamming to get hosts in his Mega-D botnet. The Russians are good at this; they even registered the Russian Business Network as a website in 2006 to promote running an ISP for phishing, spam, and the Storm botnet. Maybe Flyman is connected to the Russian oligarchs and so continues to be allowed to operate under the radar. They remain one of the more prolific spammers. Much is sent by a small number of spammers. Khan C. Smith sent a quarter of the spam in the world until he got caught in 2001 and fined $25 million. Again, spam isn't limited to just email. It showed up on Usenet in the early days. And AOL sued Chris “Rizler” Smith for over $5M for his spam on their network. Adam Guerbuez was fined over $800 million dollars for spamming Facebook. And LinkedIn allows people to send me unsolicited messages if they pay extra, probably why Microsoft payed $26 billion for the social network. Spam has been with us since the telegraph; it isn't going anywhere. But we can't allow it to run unchecked. The legitimate organizations that use unsolicited messages to drive business help obfuscate the illegitimate acts where people are looking to steal identities or worse. Gary Thuerk opened a Pandora's box that would have been opened if hadn't of done so. The rise of the commercial Internet and the co-opting of the emerging cyberspace as a place where privacy and so anonymity trump verification hit a global audience of people who are not equal. Inequality breeds crime. And so we continually have to rethink the answers to the question of sovereignty versus the common good. Think about that next time an IRS agent with a thick foreign accent calls asking for your social security number - and remember (if you're old enough) that we used to show our social security cards to grocery store clerks when we wrote checks. Can you imagine?!?!

If you have been an email marketer, you’ve used Spamhaus to check your sending domains and IPs. In the first podcast of 2021, we are hosting a special guest, Matthew Stith from Spamhaus, about how blocklists work and what goes into building such lists.  Matt Vernhout and Matthew Stith discuss different perspectives on spam traps, sender evaluation, best practices to avoid a spam trap, and much more in this highly insightful session with our leading email industry experts. They discuss: What are the important lists that people use to evaluate senders from the mailbox service provider perspective? Definition of what's consent-based and illegal Can you follow best practices and still be listed in a blocklist? You got listed on Spamhaus. How do you fix that? What's your opinion on validation services? Is spam trap classification useful? Can you reach out to Spamhaus and ask for assistance for basic health checks on their domains? What is Spamhaus predicting about email and blocklisting in 2021? A message for marketers in 2021

Man kan tycka att fängelsestraff borde stoppa en it-brottsling som Hope Olusegun Aroke, men detta visade sig bara vara ett nytt kapitel i hans karriär på brottets bana. Förutom hans historia, talar vi om Nigeriabrev, hur en "kriminell hjärna" tänker och kommer även in på Spamhaus lista på kända spammare. Show notes här: https://www.itsakerhetspodden.se/show-notes-for-74-nigeriabrev-fran-fangelset/

In this episode, I will discuss email security best practices. Host: Paul Joyner Email: paul@sysadmintoday.com Facebook: https://www.facebook.com/sysadmintoday Twitter: https://twitter.com/SysadminToday Show Links Podnutz Episode discussing Automation http://podnutz.com/podnutz273/ Reverse DNS Checker https://www.debouncer.com/reverse-dns-check?attempt=1 SPF, DKIM & DMARC Information https://blogs.technet.microsoft.com/fasttracktips/2016/07/16/spf-dkim-dmarc-and-exchange-online/ Exchange 2016 Anti-Spam Setuphttp://msexchangeguru.com/2017/08/08/exchange-2016-anti-spam-configuration/ Exchange 2013 Anti-Spam Setup http://techgenix.com/anti-spam-and-anti-malware-protection-exchange-2013-part1/ Exchange 2010 Anti-Spam Setup http://www.mustbegeek.com/configure-anti-spam-agents-in-exchange-2010/ How to Create a rule to prevent spoofing https://www.intrust-it.com/2015/10/14/use-mail-rules-in-office-365-to-tag-emails-with-spoofed-senders/ Preparing for the mandatory use of TLS 1.2 in Office 365https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365 RBL ListSpam Cop:          bl.spamcop.net Surriel:                psbl.surriel.com Spamhaus:         zen.spamhaus.org Sorbs:                  dnsbl.sorbs.net Barracuda:          b.barracudacentral.org Please Support the Channel https://www.patreon.com/sysadmintoday   

Denna vecka pratar grabbarna grus om fler datapartaj för gubbar och gummor, allergier, Fredriks kärlek till John Siracusas utläggningar om luftkonditionering, hemmasnickrad backupserver på minimal budget och gamla datorspel. Bland annat. 0: Allergisnack 3:09: Folk som pratar i telefonen hållen framför sig! Anders Håkansson insåg svaret (Fredrik påminns om blåtandsundran) 6:30: Tonar över till hörlurar 12:29: Skärmsladdar, 128D och semesterstiltje (eller ej) 15:30: Datastorm 2017 - Jocke och Datormagazin retro kommer att var där! Förköpt biljett krävs! Även lite fler nyheter om Datormagazin retro, förbeställ och putta sista biten över gränsen! 22:26: Varför Fredrik gillar när Siracusa pratar luftkonditionering, brödrostar och annat “utanför sin kontext”. Plus ljud från grannar och bostadens omgivning. 28:17: Backupserver av en laptop och en eSATA-disk? Jodå. Expresscard - veckans glömda sunkstandard. 35:23: Spamfilter för mailservrar. Scrollout F1. E-postsäkerhet och inställningsproblem i Windows 10. Det Fredrik - med hjälp av farbror Bing - gjorde var att medelst kommandoprompten ta bort alla inställningar för det aktuella trådlösa nätverket och sedan lägga in det igen från början. 48:22: Fredrik spelar Sacrifice och byter uppställning på jobbskrivbordet, påminns om allt som är larvigt med Apples pekdon. Sacrifices grefikmotor har samma tricks för sig som Apples grafikramverk i IOS 11 och High sierra. Länkar Philips SHB9850NC - Jockes beställda hörlurar M3-recensionen av lurarna Kungsgatan i Stockholm Commodore 128D GGS-data Kodsnack Datastorm 2017 David Jacoby 55: Avsnittet av Reconcilable differences där John Siracusa pratar vibrerande luftkonditionering Den makalösa ESATA Externt grafikkort via Expresscard Expresscard PC card Airport-kort - kort för trådlöst nät av Apple för Apple-datorer Inumbo Spamassassin Mailcleaner Jockes test av Scrollout F1 Spamhaus SPF records Sacrifice Shiny entertainment David Perry Messiah GOG Flatout Fredriks Microsoftmus Settlers - ett underbart gammalt spel Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-84-en-riktig-sunkstandard.html.

In your environment, you deal with threats from all over the world. Many groups out there pool resources to help everyone deal with those #threats. Some come in the form of threat #intelligence from various intelligence companies, like #Carbon #Black, #FireEye, and #Crowdstrike. But what if your company cannot afford such products, or are not ready to engage those types of companies, and still need need protections? Never fear, there are open source options available (see show notes below). These products aren't perfect, but they will provide a modicum of protection from 'known' bad actors, SSH trolls, etc. We discuss some of the issues using them, discuss how to use them in your #environment. Lastly, we discuss #mentorship. Having a good mentor/mentee relationship can be mutally beneficial to both parties. We discuss what it takes to be a good mentee, as well as a good mentor... RSS: www.brakeingsecurity.com/rss Direct Download: http://traffic.libsyn.com/brakeingsecurity/2017-002-mentoring_threat_lists.mp3 iTunes:  https://itunes.apple.com/us/podcast/2017-002-threat-lists-ids/id799131292?i=1000380246554&mt=2 YouTube: https://www.youtube.com/watch?v=oHNrINl1oZE   ---------- HITB announcement: “Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback, or Suggestions?  Contact us via Email: bds.podcast@gmail.com #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582   ---------- Show Notes: HANGOUTS:  https://hangouts.google.com/call/w7rkkde5yrew5nm4n7bfw4wfjme   2017-002-Threat Lists, IDS/IPS rulesets, and infosec mentoring   Threat Lists (didn’t have much time to research :/) THIS EXACTLY - http://blogs.gartner.com/anton-chuvakin/2014/01/28/threat-intelligence-is-not-signatures/    Don’t use threat list feeds (by IP/domain) as threat intelligence Can use them for aggressively blocking, don’t use for alerting https://isc.sans.edu/suspicious_domains.html https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt http://iplists.firehol.org/ https://zeltser.com/malicious-ip-blocklists/ https://medium.com/@markarenaau/actionable-intelligence-is-it-a-capability-problem-or-does-your-intelligence-provider-suck-d8d38b1cbd25#.ncpmqp9cx Spamhaus: https://www.spamhaus.org/ leachers Open rulesets - You can always depend on the kindness of strangers Advantage is that these are created by companies that have worldwide reach Updated daily Good accompanying documentation You can buy large rulesets to use in your own IDS implementation Depends on your situation if you want to go managed or do yourself Regardless you need to test them Managed security services will do this for you I don’t recommend unless you have a team of dedicated people or you don’t care about getting hacked- signatures are way too dynamic, like trying to do AV sigs all by yourself Only a good idea for one-off, targeted attacks DIY IDS/IPS rulesets https://securityintelligence.com/signature-based-detection-with-yara/ http://yararules.com/ http://resources.infosecinstitute.com/yara-simple-effective-way-dissecting-malware/ Yara rules For Mentors Set expectations & boundaries Find a good fit Be an active listener Keep open communication Schedule time Create homework Don’t assume technical level Ask questions Do your own research Find a good fit Put forth effort It’s not the Mentor’s job to handhold, take responsibility for own learning Value their time Come to each meeting with an agenda For Mentees Mentoring frameworks? InfoSec Mentoring https://t.co/mLXjfF1HEr https://gist.github.com/AFineDayFor/5cdd0341a2b384c20e615dcedeef0741 Podcasts (Courtesy of Ms. Hannelore) https://t.co/mLXjfF1HEr https://gist.github.com/AFineDayFor/5cdd0341a2b384c20e615dcedeef074

This week on the show, we'll be talking to Jos Schellevis about OPNsense, a new firewall project that was forked from pfSense. We'll learn some of the backstory and see what they've got planned for the future. We've also got all this week's news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Be your own VPN provider with OpenBSD (http://networkfilter.blogspot.com/2015/01/be-your-own-vpn-provider-with-openbsd.html) We've covered how to build a BSD-based gateway that tunnels all your traffic through a VPN in the past - but what if you don't trust any VPN company? It's easy for anyone to say "of course we don't run a modified version of OpenVPN that logs all your traffic... what are you talking about?" The VPN provider might also be slow to apply security patches, putting you and the rest of the users at risk With this guide, you'll be able to cut out the middleman and create your own VPN, using OpenBSD It covers topics such as protecting your server, securing DNS lookups, configuring the firewall properly, general security practices and of course actually setting up the VPN *** FreeBSD vs Gentoo comparison (http://www.iwillfolo.com/2015/01/comparison-gentoo-vs-freebsd-tweak-tweak-little-star/) People coming over from Linux will sometimes compare FreeBSD to Gentoo, mostly because of the ports-like portage system for installing software This article takes that notion and goes much more in-depth, with lots more comparisons between the two systems The author mentions that the installers are very different, ports and portage have many subtle differences and a few other things If you're a curious Gentoo user considering FreeBSD, this might be a good article to check out to learn a bit more *** Kernel W^X in OpenBSD (https://www.marc.info/?l=openbsd-tech&m=142120787308107&w=2) W^X, "Write XOR Execute (https://en.wikipedia.org/wiki/W%5EX)," is a security feature of OpenBSD with a rather strange-looking name It's meant to be an exploit mitigation technique, disallowing pages in the address space of a process to be both writable and executable at the same time This helps prevent some types of buffer overflows: code injected into it won't execute, but will crash the program (quite obviously the lesser of the two evils) Through some recent work, OpenBSD's kernel now has no part of the address space without this feature - whereas it was only enabled in the userland previously (http://www.openbsd.org/papers/ru13-deraadt/) Doing this incorrectly in the kernel could lead to far worse consequences, and is a lot harder to debug, so this is a pretty huge accomplishment that's been in the works for a while More technical details can be found in some recent CVS commits (https://www.marc.info/?l=openbsd-cvs&m=141917924602780&w=2) *** Building an IPFW-based router (http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/) We've covered building routers with PF (http://www.bsdnow.tv/tutorials/openbsd-router) many times before, but what about IPFW (https://www.freebsd.org/doc/handbook/firewalls-ipfw.html)? A certain host of a certain podcast decided it was finally time to replace his disappointing (https://github.com/jduck/asus-cmd) consumer router with something BSD-based In this blog post, Kris details his experience building and configuring a new router for his home, using IPFW as the firewall He covers in-kernel NAT and NATD, installing a DHCP server from packages and even touches on NAT reflection a bit If you're an IPFW fan and are thinking about putting together a new router, give this post a read *** Interview - Jos Schellevis - project@opnsense.org (mailto:project@opnsense.org) / @opnsense (https://twitter.com/opnsense) The birth of OPNsense (http://opnsense.org) News Roundup On profiling HTTP (http://adrianchadd.blogspot.com/2015/01/on-profiling-http-or-god-damnit-people.html) Adrian Chadd, who we've had on the show before (http://www.bsdnow.tv/episodes/2014_09_17-the_promised_wlan), has been doing some more ultra-high performance testing Faced with the problem of how to generate a massive amount of HTTP traffic, he looked into the current state of benchmarking tools According to him, it's "not very pretty" He decided to work on a new tool to benchmark huge amounts of web traffic, and the rest of this post describes the whole process You can check out his new code on Github (https://github.com/erikarn/libevhtp-http/) right now *** Using divert(4) to reduce attacks (http://daemonforums.org/showthread.php?s=db0dd79ca26eb645eadd2d8abd267cae&t=8846) We talked about using divert(4) (http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/divert.4) with PF last week, and this post is a good follow-up to that introduction (though unrelated to that series) It talks about how you can use divert, combined with some blacklists, to reduce attacks on whatever public services you're running PF has good built-in rate limiting for abusive IPs that hit rapidly, but when they attack slowly over a longer period of time, that won't work The Composite Blocking List is a public DNS blocklist, operated alongside Spamhaus, that contains many IPs known to be malicious Consider setting this up to reduce the attack spam in your logs if you run public services *** ChaCha20 patchset for GELI (https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046814.html) A user has posted a patch to the freebsd-hackers list that adds ChaCha support to GELI, the disk encryption (http://www.bsdnow.tv/tutorials/fde) system There are also some benchmarks that look pretty good in terms of performance Currently, GELI defaults to AES in XTS mode (https://en.wikipedia.org/wiki/Disk_encryption_theory#XEX-based_tweaked-codebook_mode_with_ciphertext_stealing_.28XTS.29) with a few tweakable options (but also supports Blowfish, Camellia and Triple DES) There's some discussion (https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046824.html) going on about whether a stream cipher (https://en.wikipedia.org/wiki/Stream_cipher) is suitable or not (https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046834.html) for disk encryption though, so this might not be a match made in heaven just yet *** PCBSD update system enhancements (http://blog.pcbsd.org/2015/01/new-update-gui-for-pc-bsd-automatic-updates/) The PCBSD update utility has gotten an update itself, now supporting automatic upgrades You can choose what parts of your system you want to let it automatically handle (packages, security updates) The update system uses ZFS and Boot Environments for safe updating and bypasses some dubious pkgng functionality There's also a new graphical frontend available for it *** Feedback/Questions Mat writes in (http://slexy.org/view/s2XJhAsffU) Chris writes in (http://slexy.org/view/s20qnSHujZ) Andy writes in (http://slexy.org/view/s21O0MShqi) Beau writes in (http://slexy.org/view/s2LutVQOXN) Kutay writes in (http://slexy.org/view/s21Esexdrc) *** Mailing List Gold Wait, a real one? (https://www.mail-archive.com/advocacy@openbsd.org/msg02249.html) What's that glowing... (https://www.marc.info/?l=openbsd-misc&m=142125454022458&w=2) ***

2015 年开年第一期节目，我们只讨论一个话题：电子邮件。 每月三十元，支持李如一和 Rio 把《IT 公论》做成最好的科技播客。请访问 itgonglun.com/member。 2015 年的第一期《IT 公论》上线了，由于元旦假期的缘故，我们提前在 2014 年的最后一天录了这一期。因此，本期节目没有像往常那样以最近的新闻为基础展开讨论，我们用一整集谈了一个话题：电子邮件。 Gmail 在中国访问不畅并不是第一次，相信也不会是最后一次。您读到这封信时，或许 Gmail 已经比一周前更容易访问。或许您虽然身在中国，但从来就能自由访问 Gmail（不开 VPN）。或许您很早就发现虽然网页版 Gmail 很难打开，但在 iPhone 上用 Mail 处理 Gmail 邮件却全然无碍，而这招似乎最近也失灵了。（使用 Gmail 的会员若希望改用其它邮箱接收《IT 公论》会员通讯请发邮件到 itgonglun@ipn.li 告诉我们。） 或许您觉得我们用电子邮件来发送会员通讯的行为非常古旧，或许对您来说电子邮件 = 工作。有一件事不用「或许」：您一定曾经被垃圾邮件侵扰。但，或许您不知道，世界上每年发送的电子邮件里，有 90% 是垃圾邮件，而全球第一个发送商业垃圾邮件的人，不仅不认为那是错的，还在论坛上斥责反对自己发垃圾邮件的人是左棍。在他看来，垃圾邮件是言论自由的一部分。 李如一和 Rio 都对电邮有着暧昧的立场。李如一在他的朋友圈（三次元朋友圈，不是微信朋友圈）里以喜欢用电邮沟通闻名，虽然如今也没什么人和他发邮件了。Rio 常年用私人域名后缀的邮箱，也形成了一套令人叹为观止的电邮管理习惯，但他仍然时不时会跟李如一抱怨一下 email 有多反人类。事实上，我们在准备本期节目时使用的临时标题就叫「电邮吮吸」。 如果您在 1990 年代末就有了电子邮箱，已经可谓是资深的电邮用户了。但是《计算机程序设计艺术》的作者高德纳（Donald Knuth）是这么说的： 我从 1990 年 1 月 1 日起就没有电邮地址了，自那以后我成了一个幸福的人。我大约在 1975 年左右开始使用电邮，15 年的电邮人生不可谓不长。 关于电子邮件的历史从什么时候算起，各界并无定论。从字面意思上说，只要是通过电子手段传输的信息都可以称作电子邮件，过去也的确有人管传真叫「electronic mail」。不过，性状和我们今天知道的电邮大体一致的电子邮件始于 1970 年代。最早的电邮要求收发双方同时在线，或是使用同一服务商。就通讯的本质而言，Hotmail 邮箱只能给 Hotmail 邮箱发信，或是中国联通的用户只能给中国联通的用户打电话，都是荒唐怪状。而我们今天恰恰就处在这样的世界里。这也是我们选择用电邮发送会员通讯的理由之一：假如选择微信（或任何一家 IM 服务），不用微信的会员就收不到通讯了。 这里有「服务」和「协议」的区别。上文已经提到了一个不用电邮的人（笑），而你也完全可以说懂中文的《IT 公论》听众没有微信号的几率很可能小于没有电邮地址的几率。但我们这里谈的是权利，而非选择。使用电子邮件不需要接受任何商业公司的用户协议条款，和电子邮件相关的通讯协议也都是开放的，任何人都可以架设自己的电邮服务。假如腾讯倒闭，或是微信这一产品被终止，没有人能保证你一定可以轻易找回微信上的所有书信往来。 当然，如 Rio 所说，开放的系统一定会被玩坏。最典型的例子就是垃圾邮件。如果你时不时发现收不到我们的会员邮件，相信我，那真的是垃圾邮件的错。只可惜这个错在今天似乎已经无法矫正了。 电子邮件有两个重要的，但不大为人所知的特性： 电子邮件的内容是以明文传输的，就像寄信不用信封。电子邮件其实应该叫「电子明信片」。 你看到的发件人地址是可以随便填写的。如果大家记得上学时学的英文书信规范的话，一定记得除了在信封上填写收发件人地址外，在信纸上也要填写。电邮里显示的发件人地址对应的就是信纸上的发件人——你可以填任何地址或任何姓名。（这也是为什么你可以在 Gmail 网页版用任意电邮地址发信。） 第二点让伪造身份这一垃圾邮件的基础技能成为可能，明文传输意味着你的邮件内容可以被他人看到（如果你已经养成了使用 PGP 的习惯就不必听这一期了），而这又是一把双刃剑：出于隐私保护的考虑，你不希望别人能够阅读你的邮件。但假如你对██没有需求，若邮件内容完全加密，过滤垃圾邮件的程序又如何知道这封信里提到了██呢？（为避免被垃圾邮件过滤器误伤，本文此处不得不开始自我审查，隐去高风险词，不然恐怕又要劳烦各位去垃圾箱打捞这封通讯了。）从根本上说，保护隐私和反垃圾邮件是一对矛盾的需求。如果把所有邮件加密，隐私得到了保护，但垃圾邮件过滤程序也起不了作用了。 电子邮件技术经过数十年的发展，已经成为一个复杂的庞然大物。为了和垃圾邮件搏斗，各式标准与技术措施被一层层地叠加。时至今日，已经很少有人敢从底层入手，妄图真正地重新发明电邮。Gmail 很可能是电邮诞生以来最具革命性的尝试，但它依然建立在现存的电邮协议之上。至于近年来流行的 Mailbox 等电邮服务，更加只是从交互入手进行的表层改造。年久失修的电子邮件作为唯一一个全球网民人人都有的开放性身份 ID 具有不可替代的价值，但作为通讯工具的它，已经逐步被封闭而专有移动 IM 软件取代。不管怎么说，对于电子通讯系统而言，隐私、开放、和反垃圾，三者只能取其二。 最近我们读的一些文章 Paul Graham 说美国政府应该放更多外籍程序员进来，Chris Pepper 很愤怒。等 H-1B 签证的人都应该看看 「我不確定這種灌水卻又僵化的用語風潮是什麼時候開始的，根據我自己的成長經驗，起碼到我高中以前在台灣還不常見，反而是在中國大陸很興盛，中國的官方或官樣文章裡常有成串贅詞與廢話連篇的套語，像是喜歡在動詞前面加個「進行」等，這是他們特殊歷史文化背景下發展出來的（壞）習慣，台灣因為分治而得免。可惜的是，就在他們意識到這問題，繼而稍見起色之時，我們卻患上此病（但我不確定是否是「遭到感染」），十數年間到處流行，甚至眼看著就要病入骨髓了。」（嗯？我们有稍见起色吗？） 什么样的志愿才配得上 vision 一词？ 相关链接 Spamhaus FastMail PGP 人物简介 李如一：字节社创始人。 Rio: Apple4us 程序员。

We go inside the epic takedown of SpamHaus, then we break down why CloudFlare’s Flexible SSL is the opposite of security. Followed by a great batch of questions, our answers & much much more!

We go inside the epic takedown of SpamHaus, then we break down why CloudFlare’s Flexible SSL is the opposite of security. Followed by a great batch of questions, our answers & much much more!

We go inside the epic takedown of SpamHaus, then we break down why CloudFlare’s Flexible SSL is the opposite of security. Followed by a great batch of questions, our answers & much much more!

In this second episode of our Monday morning InfoSec quarterbacking, James and I actually got through the news items we had lined up in just about 20 minutes. I count this as a win. Topics Covered Choice Escrow & Land Title, LLC vs. BancorpSouth, Inc. | At issue is the Uniform Commercial Code (UCC) as it applies to commercial entities taking "commericially reasonable methods" to secure their transactions. This one is going to have a major ripple effect, keep an eye out for further developments - http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-cyberheist-victim/ "The biggest cyber attack ever" | Or really, a DDoS feud between a known spammer (CyberBunker) and a spam fighter (SpamHaus) which actually did impact Internet traffic in Europe, but was effectively a tempest in a teapot for most everyone else - http://www.cnn.com/2013/03/27/tech/massive-internet-attack/index.html?hpt=hp_t2 Schnuck's gets hacker by "computer code", but it's OK now | Short version of this story, be careful how hard you play up the 'reputation' angle with your business ...turns out people may not care so much - http://www.stltoday.com/business/local/schnucks-says-credit-card-fraud-source-found-and-contained/article_605469bd-db5d-5a1b-94cf-100f4eabc58f.html Darkleech affects huge amount of Apache servers, silently installs iFrame-based malware selectively | People who name these things come up with some of the coolest names ...seriously! Interesting story. - http://www.h-online.com/security/news/item/Darkleech-infects-scores-of-Apache-servers-1834311.html BitCoin wallet service InstaWallet hacked, shuts down "indefinitely" | Oh, another BitCoin tragedy as the currency suffers yet another blow to its viability as hackers target a wallet service, value bounces. - http://venturebeat.com/2013/04/03/bitcoin-wallet-instawallet-hacked/

SecuraBit Episode 117: The Internet is on Fire! March 27th, 2013 Hosts Chris Gerling – @secbitchris Chris Mills - @thechrisam Andrew Borel – @andrew_secbit Mike Bailey –@mpbailey1911 Guests Jamie Duncan - @jamieeduncan  Hack.RVA (pre-recorded) Topics Hack.RVA events, news, and RVAsec badges! CTF is being put together for offline.  Register at http://securabit.com/ctf/ Security Awareness training Who should provide more than just basic training? Security Vendors Security focused organizations? News Items SPamhaus and Cloud flare’s stupid super DDoS - peaked at 300Gb/sec Missouri court rules against $440,000 cyberheist victim 2009 case.  Reason: Bank did not have 2 people sign off on transfer. Use Our Discount Codes Use code SecuraBit_5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats. Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_5 The training event takes place in Washington, DC – June 15-22, 2013. Upcoming events http://www.secore.info Links http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

This week, a global Internet apocalypse is upon us!... or is it? Twitter turns seven, Blizzard's next Warcraft is not an RPG but a card game, streaming video heats up, the iPhone's on T-Mobile, Scientists plan a real Jurassic Park, and a dongle joke that spiraled way out of control. What We're Playing With Andy:In The Flesh Tosin:PAX East Dive Kick Children of Liberty Johann Sebastian Joust ShootMania Daylight Headlines Biggest DDoS attack in history slows Internet That Internet War Apocalypse Is a Lie Blizzard Announces Next Warcraft Game, But It's A Card Game Yahoo Acquires Hipster Mobile News Reader Summly T-Mobile to carry the iPhone 5 for $99 up front Audible Book of the Week Lean In: Women, Work, and the Will to Lead by Sheryl Sandberg Sign up at AudibleTrial.com/TheDrillDown Music Break: Respect by Aretha Franklin More Headlines A Dongle Joke That Spiraled Way Out Of Control Adria Richards, PyCon, and How We All Lost Fired SendGrid Developer Evangelist Adria Richards Speaks Out HBO starting to think letting people without cable have access to HBO GO might be a good idea Spotify Plans To Take On Netflix And HBO With Streaming Video Service 3 Hurdles Twitter Has To Clear To Last Another 7 Years Music Break: Journey to the Island from "Jurassic Park" by John Williams Final Word Scientists want to bring 22 animals back from extinction Bringing Extinct Species Back to Life Viral Video of the Week Subscribe! The Drill Down on iTunes (Subscribe now!) Add us on Stitcher! The Drill Down on Facebook The Drill Down on Twitter Geeks Of Doom's The Drill Down is a roundtable-style audio podcast where we discuss the most important issues of the week, in tech and on the web and how they affect us all. Hosts are Geeks of Doom contributor Andrew Sorcini (Mr. BabyMan), VentureBeat editor Devindra Hardawar, marketing research analyst Dwayne De Freitas, and Startup Digest CTO Christopher Burnor. Occasionally joining them is Box tech consultant Tosin Onafowokan.

San Francisko staví stadion s největší Wi-Fi sítí, Spamhaus bojoval s masivním DDoS útokem, Microsoft přišel o tajemství Windows Blue a Google ruší své služby v průměru do čtyř let.

Filippo ci spiega perché il motore javascript Nitro è disponibile solamente in Safari, mentre Luca racconta delle interessanti tecniche usate per un attacco DDoS contro Spamhaus.

Adam continues his discussion on international ecommerce and of course his adventures in the orient.Jon interviews Shawn Collins who previews the upcoming Affiliate Summit West 2010 coming to Las Vegas. Marc Phillips, CEO & Founder of SearchForecast fills us in on the upcoming Content Revenue Strategies Event following AdTech New York 2009.Finally, on Kevins Korner , The ClickFather discusses recent additions to Spamhaus and industry changes that could prove to be murder for some mailers.

Email's BCC:, science and technology in India, Profiles in IT (Bob Metcalfe, inventor of Ethernet), AllofPM3 reopens, fight to control the Net, Spamhaus wins appeal, ISPs most supportive of spammers, Google Earth flight simulator,and Ironkey (encrypted thumb drive). This show originally aired on Saturday, September 15, 2007, at 9:00 AM EST on Washington Post Radio (WTWP) Radio.

Email's BCC:, science and technology in India, Profiles in IT (Bob Metcalfe, inventor of Ethernet), AllofPM3 reopens, fight to control the Net, Spamhaus wins appeal, ISPs most supportive of spammers, Google Earth flight simulator,and Ironkey (encrypted thumb drive). This show originally aired on Saturday, September 15, 2007, at 9:00 AM EST on Washington Post Radio (WTWP) Radio.

The man whose blacklists keep email out of your inbox talks to OUT-LAW Radio. Spamhaus founder Steve Linford talks about why he founded Spamhaus and what would happen if his lists didn't exist. Plus: Irish barrister TJ McIntyre talks about trying to have the EU's Data Retention Directive repealed.