Created with Sketch.
Craig Peterson - America's Leading CyberSecurity Strategist
85 minutes | Jul 1, 2022
Saving 79% on Prescriptions - Microsoft Outlook Attack in Progress! - Does Your Business Use eMail? FBI Warning
Saving 79% on PrescriptionsMicrosoft Outlook Attack in Progress! Does Your Business Use eMail? FBI Warning About one-third of Americans are taking a prescription drug -- And this is kind of the scary part. The average person who is on a prescription has four prescriptions and we're paying dearly for it. But mark Cuban has an answer. [Following is an automated transcript] Well, you know, I do a lot of stuff in cybersecurity and I've got a few different courses coming up. [00:00:22] And of course, we do a little bit of weekly training for anybody who's on my email list, you know, on the free list. Absolutely free as well as you get my insider show notes. And if you got my show notes, you probably noticed this. Tidbit here on Tuesday when I sent it out. And that is mark Cuban. Now for those who don't know mark Cuban, he started way back in the internet. [00:00:48] Boom days he lucked out. He had a, a company called broadcast.com. and he was able to turn that into, I think it was well over a billion dollars. I don't remember the exact amount, but it, it was a very, very big chunk of money. And then he's gone on to become an investor. You might know him as the owner of a basketball team. [00:01:10] You might have seen him on a TV show called shark tank. He's been out there and he's a bright guy. He's been helping a lot of people and causing a lot of problems too. Right. But he has a new business that he has started with his billions of dollars only. He has at least 1 billion and it's called. Cost plus drugs. [00:01:35] Now this is where it comes into affect every American, because I mentioned, you know, how many Americans are on various prescriptions? Well, many of the prescriptions that we could be taking are actually generics. So for instance, if you go to the Walmart pharmacy or Walgreens or wherever it. Be you'll find that they have options for you. [00:02:00] If the doctor says, yeah, generic's okay. They'll say, Hey, listen, I'll give you the generic and you can save a whole lot of money. I don't know if you've looked at good RX at all. But good RX. I have saved a ton of money with that. And what they do is help you find free coupons. Compare the prices at, at Walmart Walgreen, CVS Rite aid, you know, at the major pharmacies. [00:02:24] And we'll tell you where you can go to get your best deal. Plus. They also have some really cool discounts. So it, it acts kind of like a discount card. So I'm on their site right now. Good rx.com. And I look, I'm looking up their number one drug, which is Lipitor, apparently it's used for coronary art or coronary disease and high cholesterol. [00:02:51] So they're saying, well, wait a minute. Now here. You can get a few different, uh, options. I'm looking now, for instance, CVS pharmacy nor normal retail, by the way is $126 at CVS. You can get it using a good rx.com card. 76% off for $30 instead of $126. Walmart, $15. Uh, Walmart neighborhood market, $15 now, Walmart, that's what they consider to be their retail price. [00:03:27] Although, as I mentioned, some of these other ones have much, much higher retail prices. So you can see that going. For instance, for Lipitor, you might be. Paying a premium for a brand name. Now there, there's a good reason for that. There's a reason why prescription drugs can be expensive and, and they're called patent drugs. [00:03:48] And the reason they're call patent drugs is they've put a lot of money in. They've put a lot of research time. They've, they've put up with a whole lot of regulation and going back and forth with various government agencies. And they finally were able to come forward with a drug that works. Put all of that together. [00:04:09] And you've got a very expensive research and development product, right. Or project, frankly. So I don't, I don't really hold it against them. If we're having some of these drugs being rather expensive. You might remember that, uh, epi epinephrine a few years ago, this guy got a hold of the company that made epinephrine and the, um, You know, the, the whole problem with I'm looking it up right now, like EpiPens, they used to be expensive and then they became crazy expensive. [00:04:44] So let me see here, EpiPens, EpiPens, and who needs it? There's a whole lot of information. It's not telling how much they are, but he raised the price. Like what was it? 2000% or something insane, again, a prescription drug and one that some people really need in order to save their lives. You know, I'm a beekeeper, right. [00:05:08] And I used to have a really bad reaction to be stings, wasp stings. Now we just. Reaction, right. We thought at the time I was allergic, but no, it was just a bad reaction, which I still have. Right. It gets stung multiple times a year, but, uh, it still swells up. When, when, uh, our friend mark Cuban started looking at this, he said that this is kind of crazy. [00:05:31] So what he's done now is mark Cuban has built, uh, I think it's all up and running just outside of Dallas. Let's see here. Yeah. Okay. Just outside of Dallas, a huge, huge building. It's a 22,000 square foot plant. Now most of the pharmaceuticals are actually easy to make and. To make. And that's what kind of gets confusing because you've got all of the R and D and the government regulations, everything else that's expensive, but actually making them is pretty cheap, but he's built this $11 million plant near downtown Dallas. [00:06:14] And he says right now, looking at what the expenses are that Medicare could have saved as much as are you ready for this? 3.6 billion per year. Now that's where we're talking about everybody. Because if you pay taxes, you are paying for some of this Medicare money, 3.6 billion per year in savings. By buying it from cost plus drugs. [00:06:46] So there's something else I want you to check out. So the first one was good. rx.com. The second one is cost plus drugs. They have over a hundred generic prescription medications right now. And what they're doing is they're taking the actual cost of production. And I'm sure that includes right. The loan on the building, et cetera, but the cost of production, plus a 15% margin because you need to keep the lights on. [00:07:13] You need to be able to expand. Profit is not a bad word. That's how people save for retirement by investing in companies, buying stocks, and that profit then becomes their money for retirement. I think that's an important thing. So. 15% margin and an $8 pharmacy dispensing and shipping fee. That is absolutely cheap. [00:07:41] So this is, uh, Husain Liani who did the research on this? And he published it in the annals of internal medicine. Looking at that just absolutely amazing. And that's something you can do too. One third of Americans, again, we are on prescription drugs and the average person is on four. Wow. So researchers compared the price charge by cost plus drugs for 89, generic medications to the cost for the same drugs paid. [00:08:17] Medicare in 2020, they found the government program could have saved 37% on 77 generic drugs by buying from Cuban's company cost plus drugs. Once in January drug to consumer bypasses, wholesalers bypasses, pharmacies bypasses, I PA passes insurance. All of those are driving up the cost of medicine. So direct to consumer. [00:08:43] Uh, how easy could that be? And I'm on their website right now, looking at a couple of things here. Let me see, let me go back there. Cost plus drugs, and I'm believing this go to cost plus drugs.com. Yes you can. I am there as we are talking. So he's got, oh, here's one tib. Uh, which is the generic for gleek I'm. [00:09:08] Now I'm not familiar with that myself retail price, $2,502. cost. Plus, are you ready? $14. Can you believe that that is crazy. Yeah. Wow. And it'll look, it'll look different obviously, cuz it's a generic. So you saved $2,488 for a 30 count supply. That is just amazing. So when I, I, I was talking about the savings here, where. [00:09:41] Okay. They could have saved 37% on 77 generic drugs. But when you start getting into these really expensive drugs, that's where the 3.6 billion really, really starts to add up in savings. This is something so what you can do once you're on cost plus drugs.com, you can contact your doctor for a prescription. [00:10:04] They've gotta get started button. They have the strength that you want in this case, a hundred milligrams or 400, the quantity you want. And then all that has to happen is your doctor has to approve it. You pay $14 instead of $2,500 and it gets shipped straight to you. Wow. Now, is that cheaper than Medicare part B right? [00:10:28] Or your regular insurance? Wow, sure. Is just absolutely amazing. So you can find all of this stuff. This is mark Cuban doing this, and I gotta say, I am impressed. He is going to help a whole lot of people. Yeah, I'm, I'm just looking at this. Wow. Here's another one retail price. $9,600. And at cost plus drugs, you can get it for 39. [00:10:57] So there you go. Two options, mark Cuban's new venture, which is online now at costplusdrugs.com and goodrx.com. Wow. It's just amazing, right? This world. What's it coming to? Great little great little drug company. So we're gonna talk if you are a user of outlook, this is important to you because a major attack is underway. [00:11:26] Major scam underway. If you are an outlook customer, you are in the crosshairs of a very successful credential stealing campaign. So I'm gonna tell you about that, what it means, what you can do and, uh, how you can stay safe. [00:11:43] This is a very big problem for people who are using Microsoft 365, that is really common, used to be called office 365 and you pay a, a flat monthly fee, 20, 25 bucks. [00:11:59] It kind of depends on what level you get. They have some real cheap ones as well, and it lets you use all of what Microsoft used to call Microsoft office applications. And one of those applications is outlook. And I've never particularly liked. they have gotten better in recent years. And I actually do use it right now, as well as MacMail I use both of them, but there is a hack going on against Microsoft 365 and outlook customers in the us. [00:12:34] Here's what's happening. They are sending you an em
85 minutes | Jun 26, 2022
Been to a Hospital Website Lately? Facebook May Have Your Personal Information!
Been to a Hospital Website Lately? Facebook May Have Your Personal Information! Hey, Facebook isn't the only company doing this, but there's an article from the markup. They did a study and caught Facebook. This is absolutely crazy -- receiving sensitive medical information. We're gonna talk about that right now. [Automated transcript follows] This is really concerning for a lot of people. And, and for good reason, frankly, I've been talking about this. [00:00:22] I, I think the first time I talked about it was over a decade ago and it has to do with what are called pixels. Now, marketers obviously want to show you ads and they want show you ads based on your interest. And frankly, as a consumer, if I'm looking for a new F one. I wouldn't mind seeing ads from competing car dealers or, you know, used car places, et cetera, to try and sell me that Ford truck. [00:00:53] It makes sense, right? If I'm looking for shoes, why not show me ads for shoes, but what happens when we start talking about the medical business about the legal business things get murky and people get very upset. You see the way these pixels work is you'll put a pixel, like for instance, a Facebook pixel. [00:01:15] If you go to Craig peterson.com, I've got this pixel on there from Facebook. And what it allows me to do now is retarget Facebook user. So you go to my site to go to a page on my site, and this is true for, uh, pretty much every website out there. And. I know that you went and you were looking for this, so I can retarget you in an ads. [00:01:37] I'll show you an ad. In other words, on Facebook now I've never actually done that ever. Uh, I I'm like the world's worst marketer, frankly. Uh, and, uh, but I do have that on there because it gives me some other numbers, statistics, and, and really helps you to understand how the website's being used, which I think makes a whole lot of sense. [00:01:58] So there are marketers that are using this for obvious reasons. Now, I think you understand what the pixel is. It is literally a little picture that is one pixel by one pixel, and it tends to blend in, I think even in most cases, now these pixels from different. Places like Facebook are actually transparent. [00:02:19] So you, you don't even see it on the page, but the idea is now they have a foothold on a website that doesn't belong to them. In this case, Facebook now has access to information about a website that you visited that has nothing to do with Facebook. okay. So that's the basics of how these pixels work and they're almost impossible to get rid of because in reality, many websites, mine included will even grab graphics from other websites just because you know, it it's, I'm quoting another article I pull in their graphic. [00:03:00] Of course, they'm gonna point to that other site. Why would I take that picture? Put it on my site. I don't own the rights to it. But if he'll let me that other website will, let me go ahead and show that graphic on my website, cuz there's ways to restrict it. If they don't want me doing that, they could stop me from doing it. [00:03:18] Then I I'm going to just go to the original website so they can get the credit for it's their property still. I'm not violating any copyright laws, et cetera. Does that make sense to. So what's the difference between the Facebook pixel and a picture I'm pulling from another random website? Well, the obvious thing is it's coming from a Facebook domain of some sort. [00:03:40] So, so there are ways to stop it, but there's just as many ways to get around stopping it, frankly. Well, Let's move on to something a little more sensitive. We have had problems that I reported on years ago of people going to an emergency room in a hospital. Now, when you're in that emergency room, your phone has GPS capabilities still. [00:04:06] It knows you went in the emergencyentrance to the hospital and you are. Opening it up. Maybe you're looking around, maybe you're reading articles, maybe you're plotting your trip home using Google maps. You are being tracked depending on what apps you have on your phone. If you have an Android versus an iPhone, what you've enabled, what you haven't enabled. [00:04:29] Right? All of that sort of stuff. well, this now has become a problem because as I reported there have been people who went to the hospital, went to the emergency room and started seeing ads from what you might call ambulance, chasing lawyers. Have you been injured? Is it someone else's fault? Call me right now. [00:04:54] Do he cheat him in. if that sort of thing showed up on your phone, would you get a little upset, a little nervous saying, what are they doing, trying to cash in on, on my pain, maybe literal pain. And it's not as though those ads are just showing up while you are in the emergency room, because now they've tagged you. [00:05:15] They know that you are in that emergency room. So off they'll. They will go ahead and track you and send you ads even after you leave. Hey, I wanna remind you if you want to get this, uh, this week's list of articles. I, I put out every week, my insider show notes. It has become very popular. Thousands of people get that every week. [00:05:41] Go right now to Craig peterson.com. I'll also send out a little bit of training. I do that. I have special reports. I send out. I've got more stuff I'm doing, but you gotta be on the email list. Craig peterson.com to get on my free email list now. What's happened here now is markup went ahead and looked at Newsweek's top 100 hospitals in America. [00:06:06] They went to their websites and they found about a third of the hospitals using what's called the Meel. That is the Facebook pixel I was referring to earlier. So it sends a little bit of data. Whenever someone clicks a button to let's say, schedule a doctor's appointment. Why does it do that? Well, because the Facebook pixel is on the scheduling page. [00:06:33] Let's say there's scheduling page for oncology on the website. I guess who knows that you are going to see an oncologist? Facebook? Why? Well, because the hospital has put a Facebook tracking pixel on that page. So Facebook knows, Hey, he was on the oncologist page. Maybe he has cancer. I should start showing him ads from other hospitals and from cancer medications, et cetera, etcetera, that is happening. [00:07:03] Right now, 33 of these top 100 hospitals in America. Th these are the top 100, according to Newsweek's list. Have that information. Now that data is connected to your internet. Address. So it's kinda like your computer's mailing address and they can link that back to usually to a specific individual or to a household. [00:07:30] So now they have a receipt of the appointment request. that's gone to Facebook now. They don't have everything you filled out on the page or anything, you know, you added in your social security number, maybe other medical information. Facebook didn't get all of that, but they do know that you visited the hospital's website and which pages you visited on that website. [00:07:56] So markup went ahead and contacted these hospitals. So, for example, John John's Hopkins hospital, they did find a Facebook pixel tracking on the appointment, scheduling page. They informed John's Hopkins of how that is a leak of personal information. And after being contacted by the markup, they did not remove the track. [00:08:27] also, by the way, when the markup reached out to them, the hospital did not respond UCLA Reagan medical center. They had of course a pixel and they did remove it from the scheduling page. Although they declined to comment, New York Presbyterian hospital, all these hospitals have that pixel and they did not remove it. [00:08:49] Northwestern Memorial hospital. Again, they got the tracking pixel did not remove it after they were informed about the security problems, duke university hospital, same thing. Most of these, by the way, did not respond to them. University of Pennsylvania, Houston Methodist hospital, the university of Chicago medical center. [00:09:11] Uh, the last two of those did remove the pixel. Uh, Scripps Memorial hospital out in LA JOA, California. There are many Brigham and women's Faulkner hospital. They were informed that they had the tracking picture pixel on the, on the, uh, scheduling page. They did not remove it, but you know, the time of this article, a Tufts medical center, same thing did not remove it, uh, out in Sanford in San Diego. [00:09:39] Same problem. John's Hopkins Bayview medical center, John Jefferson health, Thomas Jefferson university, hospitals, Loyola. These are big name hospitals. I'm looking at these that goes on and on sharp Memorial hospital, Henry Ford hospital. Uh, let's see some more, I'm trying to, oh, Massachusetts general hospital. [00:10:00] They did not have the tracking pixel Brigham in women's hospital, no tracking pixel on the scheduling page. So some of these hospitals were already doing it right. They re they recognized that putting this Facebook. Pixel on may help them with some of the marketing and understanding the market a little better, which is what I do, but it's also giving personal information, personal health information to Facebook and Facebook's advertisers. [00:10:32] So they didn't put it on so good for them. Again, mass general Brigham and women's, uh, Sanford Mount Sinai, university of Michigan hospital and, and others, of course. So very good news there in general. Again, don't be worried about a pixel on just a random website because it probably is being used to help with stats to know what's being used on the website. [00:10:58] And maybe, maybe just maybe using it to send a little ad to you on Facebook later. Of course, you're listening to Craig Peter son. You can get my insider show notes for absolutely free. And my little mini trainings. Oh three to five minutes every firstname.lastname@example.org. Just sign up on the homepage. [00:11:23] You know, I've got it on my homeowner's policy. I have a special business policy for it. And it's something that you should seriously consider, but you need to understand first. So we're gonna talk about it. What is cyber insurance? Uh, that's what's up now? [00:11:41] Cyber insurance is
82 minutes | Jun 18, 2022
How Private is Crypto? What About WhatsApp and Signal?
How Private is Crypto? What About WhatsApp and Signal? Cryptocurrencies were thought to be like the gold standard of security, of having your information stay private. Maybe you don't want to use regular currency and transactions. It's all changed. [Automated transcript follows.] [00:00:14] We have had such volatility over the years when it comes to what are called cryptocurrencies. [00:00:21] Now I get a lot of questions about cryptocurrencies. First of all, let me say, I have never owned any cryptocurrencies and I do not own any crypto assets at all. Most people look at crypto currencies and think of a couple of things. First of all, an investment. An investment is something that you can use or sell, right? [00:00:42] Typically investments you don't really use. It's like a house. Is it an investment? Not so much. It's more of a liability, but people look at it and say listen, it went from what was a 10,000. Bitcoins to buy a pizza to, it went up to $50,000 per Bitcoin. There's a pretty big jump there. [00:01:03] And yeah, it was pretty big. And of course, it's gone way down and it's gone back up and it's gone down. It's gone back up. But the idea of any kind of currency is can you do anything with the currency? You can take a dollar bill and go and try and buy a cup of coffee. Okay. A $10 bill and buy a cup of coffee in most places anyways. [00:01:26] That sounds like a good idea. I could probably use a cup of coffee right now and get a tickle on my throat. I hate that. But if you have something like Bitcoin, where can you spend it? You might remember Elon Musk was saying, yeah, you can use Bitcoin to buy a Tesla. Also Wikipedia would accept donations. [00:01:45] Via Bitcoin, there were a number of places online that you could use. Bitcoin. In fact, there's a country right now in south central America that has Bitcoin as its currency. That's cool too. When you think about it, what is, so what are you gonna do? Latin American country? I'm trying to remember what it is. [00:02:05] Oh yeah. It's all Salvador. The first country in the world to adopt Bitcoin is an official legal tender. Now there's a number of reasons they're doing that and he can do it basically. If you got a dictator, you can do almost anything you want to. So in El Salvador, they've got apps that you can use and you can go and buy a tree taco using Bitcoin using their app. [00:02:31] So there you go. If you have Bitcoin, you can go to El Salvador and you can buy all of the tacos and other basic stuff you might wanna buy. But in general, No you can't just go and take any of these cryptocurrencies and use them anywhere. So what good are they as a currency? we already established that they haven't been good as an investment unless you're paying a lot of attention and you're every day buying and selling based on what the movement is. [00:02:59] I know a guy that does exactly that it's, he's a day trader basically in some of these cryptocurrencies, good for. But in reality, is that something that makes sense in a long term? Is that going to help him long term? I don't know. I really don't because again, there's no intrinsic value. [00:03:18] So some of the cryptocurrencies have decided let's have some sort of intrinsic value. And what they've done is they've created what are generally known as stable coins. And a stable coin is a type of cryptocurrency that behind it has the ability to be tied to something that's stable. So for instance, one that really hit the news recently is a stable coin that is tied to the us dollar. [00:03:46] And yet, even though it is tied to the us dollar and the coin is a dollar and the dollar is a coin. They managed to get down into the few pennies worth of value, kinda like penny. so what good was that, it has since come back up, some are tied to other types of assets. Some of them say we have gold behind us. [00:04:09] Kinda like what the United States used to do back when we were on the gold standard. And we became the petrol dollar where countries were using our currency are us dollars, no matter which country it was to buy and sell oil. Things have changed obviously. And we're not gonna talk about. The whole Petro dollar thing right now. [00:04:30] So forget about that. Second benefit. Third benefit is while it's crypto, which means it's encrypted, which means we're safe from anybody's spine on us, anybody stealing it. And of course that's been proven to be false too. We've seen the cryptocurrencies stolen by the billions of dollars. We've seen these cryptocurrencies lost by the billions of dollars as well. [00:04:58] That's pretty substantial. We get right down to it, lost by the billions because people had them in their crypto wallets, lost the password for the crypto wallet. And all of a sudden, now they are completely out of luck. Does that make sense to you? So the basic. Idea behind currency is to make it easier to use the currency than to say, I'll trade you a chicken for five pounds of nail. [00:05:25] Does that make sense to you? So you use a currency. So you say the chicken is worth five bucks. Actually chicken is nowadays is about $30. If it's a LA hen and those five pounds of nails are probably worth about $30. So we just exchanged dollars back and forth. I think that makes a lot of sense. One of the things that has driven up the value of cryptocurrencies, particularly Bitcoin has been criminal marketplaces. [00:05:53] As you look at some of the stats of ransoms that are occurring, where people's computers are taken over via ransomware, and then that person then pays a ransom. And what happens when they pay that ransom while they have to go find an exchange. Pay us dollars to buy cryptocurrency Bitcoin usually. And then they have the Bitcoin and they have to transfer to another wallet, whether or not the bad guys can use the money. [00:06:25] Is a, again, a separate discussion. They certainly can than they do because some of these countries like Russia are going ahead and just exchanging the critical currencies for rubs, which again, makes sense if you're Russia. Now we have a lot of criminals that have been using the Bitcoin for ransoms businesses. [00:06:49] Publicly traded businesses have been buying Bitcoin by the tens of millions of dollars so that they have it as an asset. In case they get ransom. Things have changed. There's a great article in NBC news, by Kevin Collier. And Kevin's talking about this California man who was scammed out of hundreds of thousands of dollars worth of cryptocurrency. [00:07:15] Now this was a fake romance scam, which is a fairly common one. It. It tends to target older people who are lonely and a romance starts online and they go ahead and talk and kind of fall in love. And it turns out she or he has this really almost terminal disease. If only they had an extra, a hundred thousand dollars to pay for the surgery. [00:07:45] You, you know the story, so he was conned out of the money. What's interesting to me is how the investigation and investigative ability has changed over the years. Probably about five years ago, I sat through a briefing by the secret service and. In that briefing, they explained how they had gone and very, quite cleverly tracked the money that was being sent to and used by this dark web operator who ran a site known as a silk road. [00:08:22] And that site was selling illegal things online. Oh, and the currency that they were tracking was Bitcoin. Yes, indeed. So much for cryptocurrency being secure it, five years ago, the secret service was able to do it. The FBI was able to do it and they couldn't do a whole lot about it. But part of the problem is all of your transactions are a matter of public record. [00:08:52] So if someone sends you a fraction of a Bitcoin. That is now in a ledger and that ledger now can be used because when you then spend. Fraction of a Bitcoin somewhere else, it can be tracked. It is tracked is a hundred percent guaranteed to be tracked. And once it's tracked government can get in. [00:09:15] Now, in this case, a deputy district attorney in Santa Clara county, California, was able to track the movement of the cryptocurrency. Yeah. So this district attorney, okay. Deputy district attorney, not the FBI, not the secret service, not the national security agency, a local district attorney in Santa Clara county, California, not a particularly huge county, but. [00:09:44] She was able to track it. And she said that she thinks that the scammer lives in a country where they can't easily extradite them. And so they're unlikely to be arrested at any time soon. So that includes countries like Russia that do not extradite criminals to the United States. Now getting into the details. [00:10:03] There's a great quote from her in this NBC news article, our bread and butter these days really is tracing cryptocurrency and trying to seize it and trying to get there faster than the bad guys are moving it elsewhere, where we can't. Grab it. So she said the team tracked the victim's money as it bounced from one digital wallet to another, till it ended up at a major cryptocurrency exchange where it appeared the scammer was planning to launder the money or cash out, they sent a warrant to the exchange. [00:10:35] Froze the money and she plans to return it to the victim. That is a dramatic reversal from just a few years back when cryptocurrencies were seen as a boon for criminals. Amazing. Isn't it? Stick around. We get a lot more to talk about here and of course, sign up online Craig peterson.com and get my free newsletter. [00:11:01] There have been a lot of efforts by many companies, Microsoft, apple, Google, to try and get rid of passwords. How can you do that? What is a password and what are these new technologies? Apple thinks they have the answer. [00:11:17] Passwords have been the bane of existence for a long while. And if you'd like, I have a special report on passwords, where I talk about password managers, things you can do, things you should do in order to help keep your information safe, online things like. [00:11:34] Bank accounts, et cetera. Just email me, Craig peterson.com and ask for the password special report and I'll get it to you. Believe me it's self-contained
83 minutes | May 28, 2022
Using Punchlists to Stop Ransomware
Using Punchlists to Stop Ransomware I really appreciate all of the emails I get from you guys. And it is driving me to do something I've never done before now. I've always provided all kinds of free information. If you're on my email list, you get great stuff. But now we're talking about cyber punch lists. [Automated transcript follows] [00:00:16] Of course, there are a number of stories here that they'll come out in the newsletter or they did, excuse me, go in the newsletters should have got on Tuesday morning. [00:00:26] And that's my insider show notes, which is all of the information that I put together for my radio appearances radio shows. And. Also, of course, I sent it off to the hosts that these various radio stations. So they know what taught because, oh, who really tracks technology, not too many people. And I get a little off-put by some of these other radio hosts, they call themselves tech people, and they're actually marketing people, but. [00:00:57] That's me. And that's why, if you are on my list, you've probably noticed I'm not hammering you trying to sell you stuff all the time. It's good. Valuable content. And I'm starting something brand new. Never done this before, but this is for you guys. Okay. You know that I do cybersecurity. As a business and I've been doing it now for more than three decades. [00:01:22] I dunno if I should admit that right there. Say never say more than 17 years. Okay. So I've been doing it for more than 17 years and I've been on the internet now for. Oh, 40 years now. Okay. Back before it was even called the internet, I helped to develop the silly thing. So over the years, we've come up with a number of different strategies. [00:01:43] We have these things that are called plan of action and milestones, and we have all kinds of other lists of things that we do and that need to be done. So what we're doing right now is we're setting up. So that you can just email me M email@example.com. And I will go ahead and send you one of these punch lists. [00:02:09] Now the punch lists are around one specific topic. We've got these massive. Punch lists with hundreds and hundreds of things on them. And those are what we use when we go in to help clean up the cybersecurity and accompany. So we'll go in, we'll do scans. We will do red team blue team, or we're attacking. [00:02:30] We do all kinds of different types of scans using different software, trying to break in. We use the same tools that the hackers use in order to see if we can. Into your systems and if the systems are properly secured, so we do all of this stuff and then it goes into all of the paperwork that needs to be done to comply with whatever might be, it might be, they accept payment cards. It might be that they have. But information, which is healthcare information. And it might be also that they're a government contractor. So there are hundreds and hundreds of things that they have to comply with. Most of them are procedural. So we have all of this stuff. [00:03:13] We do all of this stuff. And I was talking with my wife here this last week about it and said, yes, That's so much of this could be used by small companies that can't afford to hire my team to come in and clean things up. And I don't want them to suffer. So here's what we're doing. We're starting this next week. [00:03:36] We have a punch list for you on email. So what are the things you can do should do for email? Just very narrow on email so that you can recognize a Fisher. Email, what you might want to do to lock down your outlook, if you're on windows or your Mac mail. So we're taking these massive spreadsheets that we have and we're breaking them up. [00:04:03] So the first one that's available to you guys, absolutely. A hundred percent free. Is the one on email. So just send me an email. Me M firstname.lastname@example.org. Now, remember I am, my business is a business to business, but almost everything in these various. Punch lists applies to individuals as well. [00:04:27] So I got an email this last week from a guy saying, Hey, I'm 80 years old and retired and I don't know much about computers. And that's what got us thinking about. No, we need to be able to help him. We need to be able to help you out. Okay. And if you're a small business and we've dealt with a lot of them over the years, and as a small business, you just don't have the funds to bring in an expert, whether it's me or somebody else, although yeah. [00:04:56] You want the best anyways. It it is going to allow you to do it yourself. Okay. So absolutely free. All of these punch lists on all of these topics. We're probably going to end up with more than a hundred of these punch lists. And all you do is email me M email@example.com. Just let me know in there what you're interested in. [00:05:19] So even if we haven't got that punch list broken down for you yet, we will go ahead and put that on the. To do right. We need the priorities. What kind of a priority should we have as we're putting these things together for free for people. And the only way we know is if you ask, so the first one's on email, you can certainly ask for email. [00:05:39] We've got, as I said, more than a hundred others, that we think we're going to be able to pull out of the exact. Plan of action worksheets that we use so that you can go through this yourself, whether you're a home user or you are a small business or even a big business, we were talking with a gentleman who's probably listening right now, who has a business. [00:06:06] They have three offices, they have some requirement because of the military contracts for high level. Cybersecurity. And they would work for him too. All right. So they, this is all of the punch list stuff. He probably know what a punch list is. It's used in the construction industry a lot, but in our case, it's indeed to do this. [00:06:27] You need to do this, you need to do this. Okay. So that's what that's all about. So enough rambling on that. It's going to take us some time to get them all together. I'm also. And then her do more video stuff again, training. So just like on the radio show where we're talking about what's in the news, we're going to talk about watch what's in the news. [00:06:49] When it comes to small businesses, what you should be paying attention to with of course, an emphasis on cyber security and. Putting those up on my firstname.lastname@example.org. In fact, we've already got some up there already, and then we are going to also be putting them on YouTube and rumble. So if you don't like YouTube and Google, then you can certainly go to rumble. [00:07:14] You'll see them there. But if you're on the email list, Starting to put links in the bottom of the emails. So you can go and watch those videos. If you're a video type person that you know, more visual. So it's, I think all good. And it's good news for everybody. And this is what happens, I think, as you get more mature, In the business. [00:07:36] As I said, I've been on the internet for more than 40 years, helped develop some of that software that some of it's still in use today and now it's time to do more give back. And I really am trying to give back, okay, there's this isn't. This isn't a joke. No joke. So go ahead. Email me at Craig Peterson. [00:07:57] Tell me which punch list that you would like. And I can also put you on my email list so that you get my insider show notes, and you can just do that yourself by going to Craig Peterson. Calm. You'll see right up at the top of the page. If you scroll down a little bit, it'll pop up. It's a big red bar that goes across the top. [00:08:17] I try not to be too intrusive and you can sign up there for the newsletter. So you'll get some of these trainings automatically. You'll get my insider show notes, all of this stuff. It's absolutely free. Okay. This is my give back to help you out. It really is. Okay. As I mentioned at the very beginning. [00:08:37] Peeve by some of these people that represent themselves as tech experts. And in fact, all they are marketers. We've got a client that decided that I was too expensive. My team. So they went out and shopped around, tried to find the cheapest company they could. And so now the company that they're bringing in is saying, you're saying Hey so how does this work? [00:08:59] How do you do zero trust? Why do you have a firewall here? Why do you bother to have a direct fiber link between the offices? All this stuff? Because they need it. Okay. I get it. You use. Barracuda spam firewalls and Barracuda firewall holes it, yeah, this is a different league. Okay. So you're going to be getting these punch lists from me that are really going to help you understand and secure your systems. [00:09:29] This isn't your average run of the mill, managed security services provider or managed services or break fix shop. You're getting it from the guy that the FBI. InfraGuard program went to, to do their trainings. That was me. Okay. So for two years I set up the program. I ran it. And if we ever sitting down and having a coffee or a beer, sometimes I'll tell you why I left. [00:09:53] Okay. But think about FBI and I think you might have a clue as to why I decided not to do that anymore. I trained thousands of businesses, government agencies, state local. Federal, you name it. So you're getting what you really need, which is another problem. I keep hearing from people, you do a search for something on YouTube or Google and you get what a million, 5 million pages, as supposedly that it says are available and they give you, okay, then here's the top one. But what you need is an integrated, single. To do things where everything works together. And that's what I'm trying to do for you guys, because there's so many little products, different products that just don't work so well together. [00:10:46] So we'll be covering that as well in these, but you gotta be on that email list. Craig peterson.com. Craig Peterson, S O n.com/subscribe. We'll take you right to the subscription page and I'll keep you up to date. This is not my paid newsletter. All right, stick around. We'll be right back. And I promise I'll get to Russia. [00:11:12] Some of the high-tech companies and oth
83 minutes | May 21, 2022
Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K?
82 minutes | May 13, 2022
Facebook Has No Idea Where Your Data Is and What They Do With It?!
Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes, no, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention and certainly Facebook can be one of those companies. [00:00:57] So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. It tamed from a leaked document. Yeah, exactly. So we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:01:23] It basically got sued out of existence, but there's no way that Facebook is going to be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So Gores, if you're older, we used to call those tidal waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:01:53] So Facebook, internally, their engineers are trying to figure out, okay. So how do we deal with. People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:02:16] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How were they all cat categorize now we've got the European union. With their general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:02:41] That's not my specialty. My specialty is the cybersecurity. But in article five this year, peon law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected in use for a specific purpose and not reused for another purpose. [00:03:19] As an example here, that vice has given in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Hey, so Gizmodo with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice because, and this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. [00:03:54] And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online then nothing. I think I probably even uploaded it back then thinking it'd be nice to see if I got friends here. We can start chatting, et cetera. [00:04:12] According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal memo this year, PN regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leaked document shows that Facebook may not even have the ability to live. [00:04:37] How it handles user's data. Now I was on a number of radio stations this week, talking about this. And the example I gave is just look at an average business from the time it start, Facebook started how right? Wildly scraping pictures of young women off of Harvard university. Main catalog, contact page, and then asking people what do you think of this? This person, that person. And off they go, trying to rate them. Yeah. Yeah. All that matters to a woman, at least to Courtney, to mark Zuckerberg girl, all the matters about a woman is how she looks. Do I think she's pretty or not? [00:05:15] It's ridiculous. What he was doing. It just, oh, that's zackerburg who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then open it up even wider and wider. [00:05:42] And of course, that also created demand because you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certainly starting to collect data and you are making more money than God. So what do you do? You don't have to worry about any efficiencies. [00:06:02] I'll tell you that. Right? One thing you don't have to do is worry about gee. We've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:06:24] And they put together all of the basic information, that they want. Pulling it out of this database and that database in there doing some correlation, writing some really cool CQL queries with mem credible joins and everything else. And now that becomes part of the main code for Facebook. [00:06:45] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says, yeah here we go. [00:07:09] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:07:34] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the U S Canada of course, has their own Australia and New Zealand think about all the places. [00:07:57] Facebook makes a lot of. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well-described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water and K and it flows every year. [00:08:22] The document read. So how do you put that ink back in the bottle? I, in the right bottle, how do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from? Apparently they don't even know where they got some of this information. [00:08:43] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It's crazy. So this document that we're talking about, it was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of our monetization strategy. [00:09:06] And is the engine that powers Facebook's growth. Interesting. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And then I've talked about as well along comes Elon Musk and he says wait a minute. [00:09:29] I can make Twitter way more profitable. We're going to get rid of however many people over a thousand, and then we are going to hire more people. We're going to start charging. We're going to be more efficient. You can bet all of these redundancies that are in Facebook are also there. And Twitter also has to comply with all of these regulations that Facebook is freaking out about it for a really a very good reason. [00:10:00] So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does the button. Most companies you write, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be because it grew organically. [00:10:32] Do you started out with a little consumer firewall router, wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. [00:10:52] Just straighten them out as well. Hey, stick around. I'll be right back and sign up email@example.com. [00:11:02] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian Looters. [00:11:19] We know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:11:32] Certainly the Americans, the British, even the
83 minutes | May 7, 2022
Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You?
Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You? You're worried about surveillance. Hey, I'm worried about surveillance. And it turns out that there's a secretive company out there that to prove their mustard tracked the CIA, and NSA yeah. Fun thing. [Following is an automated transcript.] [00:00:16] This is a company that is scary. We've talked before about a couple of these scary guys. [00:00:22] There's this Israeli company called NSO group. And this it is, so group is absolutely incredible. What they've been doing, who they'll sell to these. Guys are a company that sells cell phones, smart phone exploits to its customers. And there are alleged to have sold their software to a variety of human rights abusers. [00:00:53] We're talking about NSO group coming up with what we would term a zero day hack against I-phones against Android phones against pretty much anything out. So in other words, I hacked that no one ever seen before and then use that in order to get into the phone and find information, they views things like the, I think it was what's app and video that was sent and usually. [00:01:22] To hack Saudi Arabian phones. You might remember Chris Shogi this journalist. I guess he was who apparently was murdered by them. Big problem. So this Israeli group. Yeah. Yeah. They sell to anybody that's willing to pay. At least that's what the allegations are. I've never tried to buy their stuff, but yeah, they're assisting government with hacks with. [00:01:48] Ultimate in surveillance. Another one clear view. We've talked about them on the show before this is a company that has done all kinds of illegal stuff. Now some of it's technically not illegal. They're against the terms of usage, what Clearview has done. And now they've gotten involved in this Russian Ukrainian. [00:02:12] War that's been going on here and they've gotten involved with a number of legal cases in the us. What they did is they said, okay great. Let's do something. You remember Facebook, right guys. So you've heard of that before. And how Facebook got started. Mike Zuckerberg. MK went ahead and stole the pictures of the women that were in Harvard's cattle. [00:02:41] And I will, when I'm, when I say catalog, okay, this isn't like a catalog of women, order one mail order type thing. We're talking about their index, their contacts, there is a catalog of all of the students that are there in the school. So Zuckerberg goes and grabs those against policy. [00:03:00] Okay. Maybe it wasn't strictly against policy at the time. And then he puts up some. Called the Facebook where people can look at a picture of a girl and decide whether or not she should get a five or a 10 or a one. Yeah. That sort of stuff, abusing people that really is abuse. I can't imagine. [00:03:19] The way people felt, I had seen their ratings by people that didn't know them, that somehow their Def definition of beauty really defined who they are. It's crazy what the stuff he did. So he started his business by stealing stuff. Microsoft started his business by. By going ahead and misrepresenting, some would say lying to IBM about what he had as far as an operative system goes right, again and again, we're seeing dishonest people getting involved, doing dishonest things to get their companies off of the ground. [00:03:54] And I have a friend who's an attorney who says, and Craig, that's why you will never be wealthy because you just wouldn't do any of that. So Clearview is another example of these types of companies. In this case, clear view, went to Facebook and crawled any page. It could get its little grubby crawlers on. [00:04:18] So it found your public fake Facebook page. It went. Over the internet. There's a number of websites. Some are out of business now, but the, you upload your pictures to you. People can rate them, can share them. You can share them. Hey, you got your own photo gallery here that you can share with friends and a million other people. [00:04:39] I'm right. That's what ended up happening. That's how those guys made the money. They're selling you on, Hey, you can look at how convenient this. And you can have your own little photo gathered at gallery and you can take that full load photo gallery and share it with your friends. And then if you read the fine print at T and we'll make money off of showing your pictures and showing ads well, Ah, Clearview went and scanned every website. [00:05:08] It could get its grubby little scanners on crawled through the mall, downloaded pictures of any face that it could find. And then went ahead and digitized information about people's faces. So it spent years scraping and then it put together its technology, facial recognition technology, and went to the next level, which is, Hey, please department, get my app so you can get the clear view. [00:05:41] And do you encounter someone? You can take a picture of them and upload it, which now gives them another face. Doesn't it. And then once it's uploaded, it'll compare it. It'll say, okay. Found the guy here. So with the Russia Ukrainian war, what they were doing is taking pictures of dead and injured, Russian soldiers, running them through this database online of all of these spaces, found out who they were and went so far as to use. [00:06:14] Stolen data online. Now this is war, right? The whole thing is crazy, but the stolen database online find out who their mothers were, the phone numbers for the mothers, and to have people all over the world, sending text messages to mom about their dads. Yeah. Okay. So Clearview sells it to police departments. [00:06:38] They sell it to pretty much the highest bidder they say, Hey, listen, we don't do that. Come on right now. There's other data brokers. And I've had a few on my show in the past who are using harvested information from phone apps to provide location data. To law enforcement so that they can then circumvent. [00:07:03] What you have a right to privacy. Don't you it's codified right in the bill of rights. I was first 10 amendments to the U S constitution and it was all defined by the Supreme court's carpenter decision. So we have protections in the constitution, natural, right? That were confirmed by the Supreme court that say, Hey, the federal government, you cannot track all of the citizens. [00:07:31] You can't track what they're doing. You can't harvest their information. And yet at the same time, They go to the data brokers that have put together all of these face pictures, figured out who your friends are, you sign up for Facebook and it says, Hey, you want me to find your friends? [00:07:49] See if they're already on Facebook. Just hit. Yes. Here, not blowed your contact list. So I'll go. Facebook says, oh, look at all your friends. Or we found isn't this exciting. And in the meantime, in the background, Facebook is looking at all of this data and saying, we now know who your friends are. And so many people have wondered I wait a minute. [00:08:10] I didn't talk about. I didn't do a search for product X online, and yet I'm getting ads for product X. Well, did you mention it to a friend who might've done a search for it? Because these search engines, these companies like Facebook know who your friends are, what they're interested in, and they'll sell ads to people who are going to promote to you the same items they're promoting to your friends. [00:08:35] It's absolutely crazy. So this company. It's called and they're very quiet, very low key. The website doesn't say anything at all, but they took their software. That's pulling all of this data together and compiling it. Yeah. And ASX pointed all of this technology towards the national security agency and the C I a and Jews, their own cell phones against them. [00:09:08] Now, why did they do this? They didn't do it to prove something about how, you shouldn't allow this sort of thing to happen and they didn't do it to prove that man, we've got to have tighter controls because look at what we can do. If we can do it, other people can do it. No. According to audio, visual presentations and recordings of an ACX presentation reviewed by the intercept and tech inquiry. [00:09:36] claimed that it can track roughly 3 billion devices in real time. That's equivalent to a fifth of the world population. You're not going to find anything out about Asics it's called anomaly six. Good luck online. If you find it, let me know firstname.lastname@example.org. I'd love to know more about these guys. The only thing on a website for them as an email address and a six anomalies six in that presentation showed the nation spooks. [00:10:13] Exactly what knew about. All right. Apparently is also ignoring questions from journalists and will only respond to emails from people in upper levels of federal agencies, which means, and maybe this is a supposition from our friends over at tech dirt. I don't know. But then what that means is they're looking to sell your information in real time. [00:10:43] To the feds to get around the carpenter decision and the constitution just absolutely amazing. Hey, go online right now. Craig peterson.com. I'll send you my special report on passwords and my two other most popular Craig peterson.com. Stick around. [00:11:06] Have you ever wondered about search engines? Which one should you be using? You're not alone. It's probably the number one question I get from people. What should I use? Google is falling behind, but we're going to talk about the top engines and the why. [00:11:23] Google has been an amazing company moving up. Of course, we're just talking about the cheats. [00:11:31] So many companies have taken over the years and Google has certainly had its share of cheat. I haven't seen anything about them just doing completely underhanded things to get started. I think. They were pretty straightforward. They had a great idea back in the beginning, where they were just looking at links, how many sites linked into this one particular site? [00:11:57] And that gave this concept of a page rank. Very simple, very easy to do. Of course, are problems with. Because you would end up with pages that are older, having more links to them, et cetera. And they ha
73 minutes | May 2, 2022
How Does Big Government Collaboration With Big Tech Raise the Costs of Everything?
How Does Big Government Collaboration With Big Tech Raise the Costs of Everything? We're going to talk about the Senate bill that has big tech scared, really scared. I'll talk about a new job site problem for a number of different industries because of hackers, the cloud, the cost and reliability. [Following is an automated transcript] This tech bill. It has the Senate really scared. He is frankly, quite a big deal for those of you who are watching over on of course, rumble or YouTube. I'm pulling this up on this screen. This is an article. ARS Technica and they got it originally from wired it's it was out in wired earlier in the month. And it's pointing out a real big problem that this isn't just a problem. This is a problem for both the legislature. In this case, we're going to talk about the Senate and a problem for our friend. In big tech. So let us define the first problem as the big tech problem. [00:01:00] You're Amazon. You are Google. Those are the two big targets here of this particular bill. We're going to talk about, or maybe your Facebook or one of these other Facebook properties, et cetera. If you are a small company that wants to compete with any of these big guys, What can you do? Obviously you can do what everyone's been telling us. Oh, you don't like the censorship, just make your own platform. And there've been a lot of places and people that are put a lot of money into trying to make their own platform. And some of them have had some mild successes. So for instance, I'm on. You can watch my videos there. And there have been some successes that rumble has had and making it into kind of the competition to YouTube. But YouTube is still the 800 pound gorilla. Everybody wants to be where the cool kids are. So for most people. That YouTube. They look at YouTube as being the [00:02:00] popular place. Thus, we should be, we are obviously saw the whole thing with Elon Musk and Twitter, and the goings on there. And Twitter really is the public square, although it's died down a lot because of this censorship on Twitter. Interesting. So as time goes forward, these various big companies are worried about potential competition. So how do they deal with that? This is where the real problems start coming in because we saw Amazon, for instance, in support of an internet sales tax. You remember that whole big deal. The internet had been set aside saying, Hey, no states can tax the internet and that's going to keep the internet open. That's going to help keep it free. And people can start buying online. And that worked out fairly well. A lot of people are out there, why would Amazon support a sales tax on the internet? They are the biggest merchant on the internet, probably the biggest [00:03:00] merchant period when it comes to not just consumer goods, but a lot of goods, like a staples might carry for business. So they'd have to deal with what they're 9,000 different tax jurisdictions in the United States. And then of course all these other countries, we're not going to talk about them right now, but the United States 9,000 tax jurisdictions. So why would Amazon support an internet sales tax when there's 5,000 tax jurisdictions? The reason is it makes life easier for them when it comes to competition. So if you are a little. And do you want to sell your widgets or your service? Whatever it might be online. You now have to deal with 9,000 tax jurisdictions. It's bad enough in the Northeast. If you are in New Hampshire, if you live in New Hampshire and you spend more than, I think [00:04:00] it's 15% of your time south of the border and mass, then mass wants you to pay income tax for that 15% that you are spending your time there. Now they do that with the. Baseball teams with football teams, hockey, you name it, right? So the big football team comes into town. The Patriots are paying the New York jets or whatever it might be. The Patriots have to pay New York state taxes, income tax now because they stepped foot in New York heaven forbid that they try and do business there and help New York state out. And they now have to pay income tax. Now they only have to pay income tax for, or for the amount of time. They're more New York. Various states have various weirdnesses, but if you're only playing 1, 2, 3 dozen games a year, It isn't like your normal work here, which is 2080 hours. We're talking about their plane to New York and they're only spending maybe 10 hours working in New York, but that [00:05:00] represents what percentage, 10, 20, 30% of their income, depending on how many games they play and how they're paying. And so they got to keep track of all that and figure it out. Okay. We played in New York, we played in New Jersey. We're in mass. We were they weren't in New Hampshire, certainly the Patriots plane, but they got to figure it all out. Guess what? Those big pay. Football players, hockey, baseball. They can afford to have a tax accountant, figure it all out and then battle with them. I had a booth one time at a trade show down in Connecticut. Didn't say. Thing it was terrible trade shows, man. They aren't what they used to be. And they haven't been for a long time. This is probably a decade plus ago, maybe even 20 years ago. So I had a little booth, we were selling our services for cybersecurity and of course, nobody wanted to bother pain for cybersecurity who needs it. I haven't been hacked yet. [00:06:00] Although there's an interesting article. We'll talk about next week based on a study that shows. Small businesses are going out of business at a huge rate because of the hacks because of ransomware. And if you're worried about ransomware, I've got a really great little guide that you can get. Just email me, email@example.com. I'll send it off to you, right? It's a free thing. Real information, not this cruddy stuff that you get from so many marketers, cause I'm an engineer. They'll go out of business. So they figured I haven't got a business yet, not a big deal. And so no body. There's big trade show. And I was so disappointed with the number of people that even showed up for this silly thing. So what happens next while I get back to the office and about a month to two months later, I get this notice from the state of Connecticut they're tax people saying that I haven't paid my Connecticut taxes yet. [00:07:00] And because I was in connected. I should be paying my income tax for that day that I spent and wasted in Connecticut. Oh. And plus every company in Connecticut that I'm doing business with now, I need to collect their taxes and pay them the taxes that I'm collecting for those Connecticut businesses are resident. I didn't sell a thing. You know what it took almost, I think it was three or maybe four years to get the state of Connecticut to finally stop sending me all of these threatening notices because I didn't get a dime from anybody in Connecticut. So I'd love the internet from that standpoint saying you don't have to collect taxes in certain cases, certain states, et cetera, unless you have a legal nexus or a legal presence there in the state. So back to Amazon, Amazon loves the idea of having everything on the internet packs. They love the fact that there's 9,000 plus [00:08:00] tax jurisdictions. When you get right down to city, state county Lilian, either local taxes, or you look at those poor residents of New York state, or they're poor residents out in Washington state that have to worry about that, right? There's county taxes, state sales tax. City sales tax, and income taxes are much the same, the, all of these crazy cities and states around the country. Yeah. The ones that are in serious trouble right now, they are those same ones. Those particular jurisdictions are hard to deal with. So from Amazon standpoint is just like the Patriots football players. We've got plenty of money. We've got teams of lawyers. We have all kinds of accountant. We can handle this and you know why Amazon really loves it because it provides another obstacle for any competitors who want to enter the business. That's the [00:09:00] real reason, so many big businesses don't go ahead and charge you serious money so that they can use that money against you. Okay. You see where I'm going with this? Because if you want to start a business that competes with Amazon, if you want to have a doilies, you're making doilies. My grandmother used to make them all the time and she had them on the toilet paper in the bathroom, little doily holders. Doilies everywhere. And then of course, the seashells shells on top of the toilet paper holders. If you want to do that and sell it, how are you going to deal online with 9,000 tax jurisdictions? All what you're going to do is you're going to go to Etsy, or you may be going to go to Amazon marketplace and sell your product there. An Amazon marketplace. So Amazon is taking its cut out of it at is taking it's cut off. And you still ultimately have some of that tax liable. [00:10:00] Amazon loves it. It's the same reason you see these groups forums, right? Barbers saying, oh, we've got to be regulated. Really you need to have a regulation in place for barbers. You need to have licensing for barbers. Why do they do that? They do that. Not just barbers, right? It's all of these licensures and various states. They do that really to keep people. To keep their prices high. That's why they do it because someone can't just put up a sign and say, Hey, I am now a barber. Come get a haircut. And if you don't like the barber, if they do a lousy job, you go elsewhere. We don't need all of the bureaucracy on top of this to enforce licensure. Anyways, when we get back, let's talk about that Senate. It's a big deal. And I am coming down in the middle of this thing. Hey, visit me online. Sign up right now. Craig peterson.com and get my special report on passwords.[00:11:00] We just talked about how big business uses its advantages to crush potential competition. Crush them. And it's a shame and it's happened to me and many people I know, and now the Senate's getting involved and making things worse. This is a huge problem. This happened to me a number of years ago, and I will never forget it. It was a really bi
83 minutes | Apr 22, 2022
Did You Hear About the Latest Rip-Off? Non-Fungible Tokens! How Law Enforcement Tracks Bitcoin!
Did You Hear About the Latest Rip-Off? Non-Fungible Tokens (NFTs) Are Already Losing Steam! [10:54] How Law Enforcement Tracks Bitcoin! It is Absolutely NOT Anonymous [20:05] The FBI Is Actively Removing Malware From Private Machines -- Without The Owner's Permission [29:10] Why and When You Shouldn't Trust QR Codes [41:08] Cybercrime in Russia Tracked to a Single Office Building in Moscow! [52:29] The Newest Phishing Scams [01:01:32] Using Wordpress? How Supply Chain Attacks are Hurting Your Business Website [01:10:43] Cybersecurity Tools You Should Be Using! Jam packed today. We're going to start with non fungible tokens. If you don't know what those are, this is a very big deal because so many people are investing in them right now. Are they really investments? I've got a bit of a blow back here. Most people think that Bitcoin is anonymous. We're going to talk about how it absolutely is not. [00:00:20] We're going to talk about anonymous. In fact, the Russians, Microsoft, what they're doing against the Russians and this little comedic thing about cars. [00:00:28] NFTs are very big deal. [00:00:31] I'm going to pull up here on my screen right now. This is a picture of Mr. Jack Dorsey. We'll go full screen, an article from a website called CoinDesk. CoinDesk is one of these sites that really tries to track what's happening out there in the Bitcoin community. Of course, nowadays it's much more than Bitcoin. [00:00:53] Isn't it? We're talking about all kinds of. Different currencies that have a blockchain backend. They're called cryptocurrencies basically. But the big one was of course, Bitcoin. And there is a whole concept. Now, when we're talking about things like cryptocurrencies and these non fungible tokens. People have been investing them in them. [00:01:19] Like crazy people are making millions of dollars every week. Now, remember, I am not an investment advisor and particularly I'm not your investment advisor. So take all the. To your investment advisor. I'm not telling you to buy them. I am telling you to be cautious here though, because these non fungible tokens are designed to give you the ability to be able to just, own something in the digital world. [00:01:48] What might you own in the digital world? We've had a lot of different stuff. We've seen some just crazy monkey things. Have you seen those? These little pictures of monkeys are. Graphic designed and it's all animated. If you will. It's like cartoons and people pay money for them. One of the things that people paid money for was the rights to the first tweet ever on Twitter. [00:02:16] So that's what you're getting. When we're talking about an NFT on a non fungible transaction, it is now yours. So this particular NFT we're talking about was of our friend here, Jack Dorsey. We'll pull it up again, this article, and he had a tweet that was sold last year for $48 million. That is a lot of money. [00:02:43] So people look at this as an investment, but it's not the same as hanging art on the wall. You've got a Picasso that has some intrinsic value. It's a painting. It has all the oil paint on that, it was designed by and painted by a crazy man years ago. And you can take that Picasso and you can. [00:03:07] Turn it around and sell it. It has some real value. If you own the rights to something, let's say it's one of these monkey pictures. It reminds me of a postage stamp and you paid real money for it. Some of these things are going, as I said, for over a million dollars and this Jack Dorsey first tweet went for $48 million. [00:03:27] So let's say that's what you did, right? You bought this thing for $48 million. Really? What do you have? Because anybody can go online and look at that tweet. Anybody can print it up and stick it on a wall. Anybody can go out and get that picture of the monkeys right there. The guy drew, and you can look at it. [00:03:51] In fact, I can pull it up right now, if you want to do. But people paid real money for that. So they've got what really? What do they have? You can't take it off the wall, like you're Picasso and salad, right? Or Banksy, if you're into the more modern art, it's just not. What is doable? How do you make this work? [00:04:12] Only the NFT only gives you bragging rights in reality. That's what it does. You have bragging rights because you could take that digital picture and make a hundred quadrillion copies. Yeah, you'd still own the NFT you would still have in the blockchain for whatever NFT company you're using the rights to it. [00:04:37] They would say this, you owned it. So let's talk about the blockchain behind it. There are a lot of companies that are trying to give you that. Okay. All right. I get it. Yeah, I get to to own it. But who's running the blockchain behind it. Who's validating that you own it with Bitcoin and many of these other blockchain currencies that are out there. [00:05:04] There are various. Companies and individuals who are registered, who have all of the paperwork, if you will saying who owns, how much of what, and who paid, who and everything. And that by the way, is why it takes so long for some of these Bitcoin and other transactions to occur. But how about the NFT? There are tons of companies out there that say they will certify the NFT. [00:05:34] So it gets to be real problem. And when we get into this Jack Dorsey tweet and this article about it, which are will, let me pull it up again here for you guys. This guy, Sina S bought the very first tweet ever from Twitter founder, Jack Dorsey for $2.9 million last year. And he decided that he wanted to sell it. [00:06:03] So he listed it for sale again at $48 million last week. Real. He put it up for open bid and this article and CoinDesk is talking about that. And you can see that if you're watching me on rumble or YouTube, I'm showing you my screen here right now. But this Iranian born crypto entrepreneur named of again. [00:06:28] As TAVI purchased it for $2.9 million in March, 2021. Last Thursday, he announced on Twitter where out, that he wanted to sell this and Ft. And he said, Hey, listen, I'm going to put 50% of the proceeds to charity. The auction closed, this was an open auction. People could go and bid on it and head auction closed. [00:06:55] With an offer of basically $288, $277 at current prices when this article was written $277 and the lowest bid was $6. And as I recall, this is not in this article, but there were only. I handful of bids. Like when I say handful, I mean a half a dozen beds. Crazy. This is a real problem because the deadline is over. [00:07:27] He paid how much for it, right? How much did he pay? Pull that up again. $2.9 million last year. And his highest bid was in the neighborhood of $280. Isn't that crazy. So did he get money on this? Did he win money on this? I don't know. I'm looking at those saying is it worth it to buy something like that? [00:07:54] That you might think, oh, the very first apple computer, an apple. While that's going to be worth some serious money. Yeah, it is. It's something, you can grab onto, you can hold onto it, it's something and you can sell it. You can trade it. You can take a picture of it. You can't make digital copies of it. [00:08:15] You, you, it's a physical thing. That's worth something. Same thing with that Picasso on the wall, it's really worth something that has some basic intrinsic value. Jack's true tweet. The very first tweet. How much is that thing worth? It basically nothing. So the tweet is showing he'll pull it up on the screen again that he's selling ad Jack 2000 6 0 3 21 at eight 50 14:00 PM. [00:08:46] Just setting up my Twitter. So there you go. There's Jack is very first to. And it's absolutely amazing. Is it worth it? Let me pull up some other stuff here for you guys. I'm going to pull this up here is Coinbase launching an NFT marketplace in hopes of appealing to crypto on mainstream users. So here's some examples from a man and FTEs. [00:09:11] I'm going to zoom in on this for those of you guys watching on rumble or on Twitter. All right. Mean. Yeah actually you can see it on Twitter too, but YouTube, here you go. Here's some NFTs it's artwork and it's a creature. So you can buy creature number 7, 8 0 6 right now for six Eve. So let me see. [00:09:34] Value of six. Ethereum is what ether, M two us dollars. So for 3000. And $84. As of right now, you can get a crappy picture that even I could have draw okay. Of this guy and look at all of the work this artist has put in. There's how many of these up here? 1, 2, 3, 4, or five, 10 of them. And it's the same head. [00:10:03] Each time it looks like this almost the same eyes. He changes colors and he's got different background. It's absolutely not. So that's what they're trying to do right now, trying to sell these NFT. So who's going to buy that. Who's going to pay $3,000 for artwork that hunter Biden could have done with a straw. [00:10:25] Anchored around. Here's another one. This is from ledger insights. NBA's launching dynamic NFTs for fans, baseball cards for the NBA that are basically just worthless. They're NF. Non fungible tokens. It has taken the crypto world by storm and people are losing millions as you look, but it really is changing the e-commerce world. [00:10:54] Bitcoin blockchain. All of the rage, a lot of people are talking about it, but I got to say most people who are talking. I don't know much about it. And when it comes to anonymity, Bitcoin is probably the worst thing you could possibly do. It's amazing. [00:11:12] There are a lot of misconceptions out there when it comes to technology, you have almost any kind of technology and blockchain and Bitcoin are examples of a very misunderstood technology. [00:11:25] Now I'm not talking about how does it work? How are these ledgers maintained? How does this whole mining thing work? Why has Chan. Bandit. Why are a lot of countries going away from it, one country. Now the dictator said, yeah, we're going to use Bitcoin as our we're official currency. In addition to the U S dollar what's going on. [00:11:48] It is complicated behind the scenes. It's complicated to use. Although there are some entrepreneurs that have made some great strides there. I saw a docume
83 minutes | Apr 1, 2022
Are You Ready For Data Wiping Attacks?
Are You Ready For Data Wiping Attacks? Yet another warning coming out from the federal government about cyber security. And this one is based on what's been happening in Ukraine. So we're going to talk about that situation, the whole cyber security over there and why it's coming here. [Automated transcript follows] CISA is the cybersecurity and infrastructure security agency. How's that for a name it's not as bad as what does that shield right over from the Marvel universe, but the cybersecurity and infrastructure security agency is the agency that was created to not just protect federal government systems, although they are providing information for. [00:00:41] People who protect those systems, but also for businesses and you and me and our homes. So they keep an eye on what's happening, what the various companies out there are finding, because most of the cybersecurity information that we get is from private companies and they. But it altogether, put it in a nice little wrapping paper. [00:01:05] In fact, you can go onto their website anytime that you'd like to, and find all kinds of stuff that is going to help you out. They've got a ton of documents that you can download for free little steps that you can take. It's at csun.gov, C I S a.gov. And they've got the known exploited vulnerabilities catalog. [00:01:30] That's something that we keep up to date on to help make sure our clients are staying ahead of the game. They've also got their review board securing public gatherings. They also run the stop ransomware.gov site that you might want to check out. And we'll be talking a little bit more about ransomware and the ways to protect yourself a little later today. [00:01:52] Now Seesaw is interesting too, because when they are releasing information, most Americans really aren't aware that they even exist. They do. And they've got a big warning for us this week. There's a site that I follow called bleeping computer that you might want to keep an eye on and they have. [00:02:15] I'll report just out this week that you, crane government agencies and corporate entities were being attacked. This was a coordinated cyber attack last Friday, a week ago, where websites were defaced data wiping malware was deployed and causing all of these systems to become not just a corrupt, but some of these windows devices to be completely. [00:02:45] Operable now that is a bad thing. The reason for this, this is speculation, but it isn't a whole lot of speculation. Right? Am I getting out of, on a limb here particularly, but the whole idea behind this is a cyber war, that Russia's got, what is it now? 130,000 troops, whatever it is over a hundred thousand. [00:03:08] On the border of Ukraine, they invaded Ukraine a few years ago. Russians shot down a passenger airline in Ukrainian air space. This that was a few years back. They've been doing all kinds of nastiness to those poor Ukrainians. They also had a massive ransomware attack in Ukraine. That was aimed at their tax software. [00:03:35] Some countries do the electronic filing thing a lot differently than the us does. A couple of examples are Ukraine. France is another one that comes to mind. We have clients in France that we've had to help with cyber safety. And we're always getting popups about major security problems in the tax software, because they have to use this software that's provided by the French government. [00:04:03] Ukraine's kind of the same way. The biggest. Company providing and the tax filing software for Ukraine was hacked and they use that hack to then get into the tech software and make it so that when that software was run by these Ukrainian companies, they would get ransomware. It was really rather nasty. [00:04:30] So the Russians had been playing games over in Ukraine for quite a while. But what's apparently happened now, is that a thing? Those things, same things are coming our way now. It's not just because of the fact that a Ukraine is being threatened, maybe they're going to encroach even more, take more than Crimea, which they did last time. [00:04:56] We're in the U S and what are we doing? President? Biden's been sending troops to Europe, troops to Poland, Germany, and also advisors to the Ukraine. He's removed the embassy staff, at least the vast majority of it from Ukraine. And I just I think. To what happened with his completely unplanned withdrawal that we did in Afghanistan and how things just got really bad there. [00:05:28] And I'm not worried about what's going to happen in Ukraine because the Russians aren't particularly fond of the idea that we are sending aid and support to. Yeah, it's a bad thing. President Obama sent them blankets, but Biden is sending them military weapons and ordinance, which is what they'd need to fight. [00:05:53] So Russia has shown that they will attack a country via electronic means cyber means, right? Cyber attacks. And so what's happening now is the bad guys from. That have been the facing websites and who have been doing more than that, wiping computers and making them completely unusable could well come after us because they're really going to be upset with what's happening now. [00:06:27] And that was CNN has reported the Ukrainian it services company that helped develop many of these sites was also a big. And of course that means bottom line, that this is what's called a supply chain attack. What I mentioned earlier with the Ukrainian tax software, that's a supply chain attack where you are buying that software, or you're mandated to use the software to file your taxes by the government. [00:06:57] And what happens while it turns out that software is contaminated, that's called a supply chain attack. Now crane issued a press release about a week ago, saying that the entities were hit by both attacks, leading them to believe that they were coordinated. This is a quote here. Thus, it can be argued with high probability that the interface. [00:07:24] Of websites have attacked government agencies and destruction of data by Viper are part of a cyber attacking, but causing as much damage to the infrastructure of state electronic resource that's from the Ukrainian government, not the best English, but their English is much better than my Ukrainian or Russian. [00:07:44] So you, crane is blaming these attacks on Russia, incomes, CS. So you says now urgent. Business people in the us and other organizations to take some specific steps. So quote, here from the Seesaw insights bulletin, the CSO insights is intended to ensure that senior leaders at the top of every organizational where the cyber risks and take urgent near term steps to reduce the likelihood and impact of a potentially damaging compromise. [00:08:19] All organizations, regardless of the sector or side should immediately implement the steps outlined below. So here's the steps and there are a lot of them. One I'm going to do these, you should find in your newsletter today. Hopefully that all made it in. But three basic things. One reduce the likelihood of a damaging cyber intrusion. [00:08:46] And we're going to talk about the best way to do backups here a little later on today. Make sure your software is up to date. Make sure your organization's it personnel disabled, all ports and protocols, not essential for business purposes. This is all basic stuff, but I got to say. I bet you, 98% of businesses and organizations, haven't done these things. [00:09:07] The next major category here, take steps to quickly detect a potential intrusion, and then ultimately maximize the organizations resilient to destructive. Incident. So that means doing things like testing your backup procedure, make sure your data can be restored rapidly, or you have a way to get your business back online quickly. [00:09:31] What we tend to do is in our backup strategy, depending on how much the company can afford, to be down. To be out of business if they lose all of their stock versus what it costs to do this, but we will put a server on site at the company and that server then does some of the backups, right? It does all of the initial backups. [00:09:55] And then what happens is it gets relayed to us. It gets pushed to tape and tape is really good. We'll talk about that in just a few minutes, but the other big thing is. The backup that we have local to their business also has what's called a virtual machine infrastructure built on it. So if a machine goes down, If it gets wiped or if it just crashes and can't be recovered easily, we can spin up that machine. [00:10:27] A copy of it in our little virtual environment in just a matter of minutes. So these are all things you should be considering. If you're interested, you can send an email to firstname.lastname@example.org. I can send you a checklist that a little more extensive than this, or I can help you with any other questions you have. [00:10:47] I get lots of questions every week from everything for on retirees, wondering what they should do all the way through businesses that we help government contractors and others. This isn't good. Russia is likely coming after us. Based on this. Visit me online. Craig peterson.com or email email@example.com with your questions. [00:11:14] With all of this talk about hackers, ransomware data, wiping systems. What's the best way to protect yourself, but what do you do to really protect against ransomware? I can tell you, it's not just plugging another hard disk into do backup. [00:11:31] We've got so many hackers out there. We're talking about a multi-billion dollar industry to go after us. [00:11:39] It's just depressing. Really. When you think about it, I think about the old days where security, wasn't a huge concern, right? Physical security. I had one of my first jobs was at a bank and I was, this was back way back in the a G it would have been the mid seventies and I was one of the operators of the main. [00:12:05] And so as a mainframe operator, we'd load up the tapes and we would ship them places. We'd also go ahead and put them in the vault so that they were in a fireproof vault, and we could recover anything we needed to recover. It worked out pretty darn well, and it was a fun job, but most of the time it was cleaning th
84 minutes | Mar 26, 2022
Which Anti-Hacker Techniques Can You Use Against the Russian Hackers?
Weekly Show #1158 We know the Russians have been attacking us. I've talked a lot about it on the radio and TV over the last couple of weeks. So I am doing something special; we are going through the things you can do to stay safe from the latest Russian attacks. Last week, we started doing something I promised we would continue -- how can you protect yourself when it comes to the Russians? The Russians are the bad guys when it comes to bad guys. So there are a few things you can do. And there are a few things; frankly, you shouldn't be doing. And that's precisely what we're going to talk about right now. Today, I explain: - How to protect your back-end - Preventative measures - The new rules of backing up your computer As usual, we'll cover the What, Why, and How's. [Automated transcript follows] [00:00:39] So last week he went over some steps, some things that you can look at that you should look at that are going to help protect you. And we are going to go into this a whole lot more today. And so I want you to stick around and if you miss anything, you can go online. You can go to Craig peterson.com, make sure you sign up there for my email. [00:01:01] And what I'm going to do for you is. Send you a few different documents now where we can chat back and forth about it, but I can send you this. Now I'm recording this on video as well as on audio. So you can follow along if you're watching either on YouTube or. Over on rumble and you can find it also on my website. [00:01:26] I've been trying to post it up there too, but right now let's talk about what we call passive backend protections. So you've got the front end and the front end of course, is. Stuff coming at you, maybe to the firewall I've mentioned last week about customers of mine. I was just looking at a few customers this week, just so I could have an idea of their firewalls. [00:01:52] And they were getting about 10 attacks per minute. Yeah. And these were customers who have requirements from the department of defense because they are defense sub subcontractors. So again, Potential bad guys. So I looked up their IP addresses and where the attacks were coming from. Now, remember that doesn't mean where they originated because the bad guys can hop through multiple machines and then get onto your machine. [00:02:22] What it means is that all, ultimately they ended up. Coming from one machine, right? So there's an IP address of that machine. That's attacking my clients or are attacking my machines. That just happens all the time. A lot of scans, but some definite attacks where they're trying to log in using SSH. [00:02:42] And what I found is these were coming from Slovakia, Russia, and Iran. Kind of what you were expecting, right? The Iranians, they just haven't given up yet. They keep trying to attack, particularly our military in our industry. One of the things we found out this week from, again, this was an FBI notice is that the Russians have been going after our industrial base. [00:03:09] And that includes, in fact, it's more specifically our automobile manufacturers we've already got problems, right? Try buying a new car, try buying parts. I was with my friend, just this. I helped them because he had his car right. Need to get picked up. So I took him over to pick up his car and we chatted a little bit with this small independent automotive repair shop. [00:03:34] And they were telling us that they're getting sometimes six, eight week delays on getting parts and some parts. They just can't. So they're going to everything from junkyards on out, and the worst parts are the parts, the official parts from the car manufacturers. So what's been happening is Russia apparently has been hacking into these various automobile manufacturers and automobile parts manufacturers. [00:04:03] And once they're inside, they've been putting in. A remote control button net. And those botnets now have the ability to wake up when they want them to wake up. And then once they've woken up, what do they do? Who knows? They've been busy erasing machines causing nothing, but having they've been doing all kinds of stuff in the past today, they're sitting there. [00:04:24] Which makes you think they're waiting, it's accumulate as much as you possibly can. And then once you've got it all accumulated go ahead and attack. So they could control thousands of machines, but they're not just in the U S it's automobile manufacturers in Japan. That we found out about. [00:04:44] So that's what they're doing right now. So you've got the kind of that front end and back end protections. So we're going to talk a little bit about the back end. What does that mean? When a cybersecurity guy talks about the backend and the protections. I got it up on my green right now, but here's the things you can do. [00:05:03] Okay. Remember, small businesses are just getting nailed from these guys, because again, they're fairly easy targets. One change your passwords, right? How many times do we have to say that? And yet about 70% of businesses out there are not using a good password methodology. If you want more information on passwords, two factor authentication, you name it. [00:05:30] Just email me M firstname.lastname@example.org. I want to get the information out now. You got to make sure that all of the passwords on your systems are encrypted are stored in some sort of a good password vault as you really should be looking at 256 bit encryption or better. I have a vendor of. That I use. So if you get my emails every week, when them, there's the little training. [00:05:59] And so I'll give you a five minute training. It's written usually it's in bullet point for, I'm just trying to help you understand things. That provider of mine has a big database and there's another provider that I use that is for. So the training guys use the database of my provider. [00:06:20] In using that database, they're storing the passwords and the training providers putting passwords in the clinics. Into the database, which is absolutely crazy. So again, if you're a business, if you're storing any sort of personal information, particularly passwords, make sure that you're using good encryption and your S what's called salting the hash, which means. [00:06:46] You're not really storing the password, just joining assaulted hash. I can send you more on this. If you are a business and you're developing software that's, this is long tail stuff here. Configure all of the security password settings so that if someone's trying to log in and is failing that, and you block it, many of us that let's say you're a small business. [00:07:08] I see this all of the time. Okay. You're not to blame. You, but you have a firewall that came from the cable company. Maybe you bought it at a big box retailer. Maybe you bought it online over at Amazon, as hurricane really great for you. Has it got settings on there that lets you say. There's 20 attempts to log in. [00:07:31] Maybe we should stop them. Now, what we do personally for our customers is typically we'll block them at somewhere around three or four failed attempts and then their passwords block. Now you can configure that sort of thing. If you're using. Email. And that's an important thing to do. Let me tell you, because we've had some huge breaches due to email, like Microsoft email and passwords and people logging in and stealing stuff. [00:07:59] It was just a total nightmare for the entire industry last year, but limit the number of login retries as well as you're in there. These excessive login attempts or whatever you want to define it as needs to lock the account. And what that means is even if they have the right password, they can't get in and you have to use an administrative password in order to get in. [00:08:25] You also want to, what's called throttle, the rate of repeated logins. Now you might've gotten caught on this, right? You went to your bank, you went to E-bay, you went to any of these places and all of a sudden. And denied you write it blocked you. That can happen when your account is on these hackers lists. [00:08:45] You remember last week we talked about password spraying while that's a very big deal and hackers are doing the sprain trick all of the time, and that is causing you to get locked out of your own account. So if you do get locked out, remember it might be because someone's trying to break. Obviously you have to enforce the policies. [00:09:09] The capture is a very good thing. Again, this is more for software developer. We always recommend that you use multifactor or two factor authentication. Okay. Do not use your SMS, your text messages for that, where they'll send you a text message to verify who you are. If you can avoid that, you're much better off. [00:09:30] Cause there's some easy ways to get around that for hackers that are determined. Okay. A multi-factor again, installed an intrusion. system. We put right at the network edge and between workstations and servers, even inside the network, we put detection systems that look for intrusion attempts and block intrusion attempts. [00:09:56] A very important use denied lists to block known attackers. We build them automatically. We use some of the higher end Cisco gates. Cisco is a big network provider. They have some of the best hardware and software out there, and you have to subscribe to a lot of people complain. I ain't going to just go buy a firewall for 200 bucks on Amazon. [00:10:18] Why would I pay that much a month just to to have a Cisco firewall? And it's like praying pain for the brand. I've got by logo chert on here. Oh, I wouldn't pay for that. No, it's because they are automatically providing block lists that are updated by the minute sometimes. And then make sure you've got an incident response plan in place. [00:10:44] What are you going to do when they come for you? What are you going to do? Bad boys. Bad. Stick around. We've got a lot more to talk about here as we go. I am explaining the hacks that are going on right now and what you can do as a business and an individual doubt. Protect yourself. Don't go anywhere. [00:11:07] Now we're going to talk about prevention. What can you do an order to stop some of these attacks tha
82 minutes | Mar 18, 2022
Why Is Russia Password Spraying Hurting You? What Are They Trying to Do? And What Is It?
Why Is Russia Password Spraying Hurting You? What Are They Trying to Do? And What Is It? This is one of the top topics I've had people ask about lately: How can you protect yourself and your business against Russian hackers? So I've got a presentation. We're going to run through it. We're going to talk about what you can do about it. [Automated transcript follows] This has been a long time coming. I have been doing a lot over the years of webinars of online meetings, trying to help people understand what's going on, what can be done. [00:00:28] And I got a great email this week from one of the listeners. Who's been a man on my email list now for years, I'm not even sure how many years. And he was saying, Hey, thanks for giving all of this information for free for small businesses. And afford it. And I got to thinking because there've been a lot of requests lately, for instance, backups how should I be doing them? [00:00:52] What should I be doing? And a number of other topics that really all go together into the, how do I protect myself, my business. From ransomware from these Russian hackers. So that's what we're going to be talking about today. We're going to go through a few of these. This is going to be a series. [00:01:10] We're going to continue this here and weeks ahead, and I appreciate all your feedback. And if you miss part of it, make sure you email me just M. Craig peterson.com. Let me know, and I'll be glad to send some of it to you. Now I'm recording this on video as well. So it's great when you're driving around and listening in picking up some tidbits. [00:01:34] And if you do want to see the recorded version again, dropping them in an email to email@example.com or search for me on YouTube or on one of the other sites that are out there like grumble and you'll. This as I release it. Cause this is going to take a few weeks to really get into the whole thing. [00:01:55] So let's get started. I'm going to pull this up here. Full screen. For those watching at home and what this is called today, we're talking about protecting your business and your self from Russian hackers because they have been out there. They have been causing just all kinds of problems, but there's a few things that you can do. [00:02:18] And I have them up on the screen here. Let me pull them up, but I want to get into the background first. Russian ransomware group. They're a bunch of bad guys and it's called Conti. Now. Conti has been around for a long time. These are the guys that have been ransoming us. They're the guys who ran to mean the businesses they've been rants. [00:02:40] Government, you might've heard them. They've got into hospitals. They have been all over the place and they've raised a whole lot of. For the Russians. I'm also going to tell you about a couple of things you can do here. Cause there's a real neat trick when it comes to keeping Russians out of your computers, but Conti decided, Hey, listen, we are all for Russia and president and Putin. [00:03:03] So they came out with an official warning, oh, I want to read this to it says if anybody. We'll decide to organize a cyber attack or any war activities against Russia. We are going to use our all possible resources to strike back at the critical infrastructures of an enemy. Yeah, no, not the best English, but much better than my Russian. [00:03:25] I got to say that I know two words or so in Russian, but they said that they were announcing full support for president. That's a pretty bad thing. If you asked me, they also have ties to Russian intelligence intelligence, but what are we talking about really? Think of the KGB. [00:03:43] The FSB is what they're called nowadays, but directly tie. China and North Korea, Iran, or also now tied in with Russia to varying degrees, but all of them are a little bit concerned about getting into it a little too much, but we're going to talk about their tactics. That's what's important today. What are they doing? [00:04:05] Why are they doing it? What can you do about. So the first thing is password sprain. This is big deal. I've got a nice big slide up here. I like that color blue. I don't know about you, but I think it's pretty, but password sprain is something we all need to understand a little bit better. It's a brute force attack that has been really hurting. [00:04:30] Many of us. Let me see if I can get this to work. For some reason it has decided it just doesn't want. Let me see here. What is up? Oh, is something isn't it's just, I'm getting a white screen, but it's a brute force attack targets users who have common passwords. Now this is a problem. When we're talking about passwords. [00:04:55] If you have a password that has been breached in any of these breaches that have gone on over the last, however long, right? 30 years plus now that password is known to the bad guy. So what they'll do is they'll take that common password and they'll start to try it. So password sprain is where they will go to a bank site or they'll go to Google. [00:05:21] The, oftentimes they're trying to get at your email accounts. So if you have Google email or Yahoo or Hotmail, they'll try it. Use passwords that they have found against accounts that they have found on those various sites that ends up being quite a big problem for everybody out there. Okay. I got that screen back here. [00:05:42] So I'll put that up for those people who are well. But they will send multiple times attacks using variations of these passwords. And it's known as a low and slow method of password hacking because if they were to go bam, and send all of these passwords and login attempts. They get caught. [00:06:06] The automated systems would say, Hey, wait a minute. This is not good. We're going to cut you off. In fact, that's what I do for my client. We have remote access using SSH, which is a an encryption session so that we can have a terminal session. And if you try and log in three times, We automatically zap you, right? [00:06:28] We shut you down. So they take a very slow approach to this password sprain technique. And they're also going after volume, which makes a whole lot of sense. And there are right now, billions of passwords usernames, email addresses that have been stolen that are sitting out in the dark. So you've got to make sure that you are not reusing passwords. [00:06:54] How many times have we talked about that? You've got one common password that you're using over and again, while that's a problem, but they're not going to keep hacking your account. They're going to switch from one account to another because they don't want to get locked out. [00:07:09] Just like I lock out somebody who's trying to get in. So if someone's coming from that same. IP address that same internet site. And they're trying to log into that same account multiple times. Bam. They are gone. So with path's word sprain, they're trying to get around the problem of you noticing they're trying to get into a bunch of different accounts and they try and leverage it. [00:07:34] So they'll oftentimes use multiple computers that they've stolen access to. We've talked about that before too. It gets to be a real big. Now they're also targeting these single sign-on and cloud-based applications, because once they're on. Using one of these federated authenticated authentication protocols, they can mask the malicious traffic. [00:08:00] We've heard some of these hacks lately where they're using a token that they managed to pick up from somebody's email, I account, or they got onto Microsoft and they got into the email account on Microsoft. That happened recently. In a supply chain attack, solar winds. You heard about that 20, 21, right? [00:08:21] So they're going after these email applications, including Microsoft or Microsoft has done they're going after routers and internet of things, devices for a very good reason, those IOT devices, which are things like your smart lights, they can be. Controlling the cameras outside, they go on and on there's thousands, millions of them. [00:08:44] Now I actually all the way through your microwave, they tend to not be very well protected. So that's a real big target for them. So step. They want to acquire a list of usernames. Step two, they're going to spray the passwords. Where do they get those passwords in those usernames? Or they get them from breaches. [00:09:06] So again, if you have an account that's breached at some online shopping site, a big one, a small one, it doesn't really mean. That particular breach is now well known and they can, will and do gain access to your account which is step three, gain access to it. It gets to be a serious problem. [00:09:26] Okay. How do you know if you are under attack? Number one? There is a spike in failed. Log-ins this is where having a system and there's technical terms is tough for this. I'm trying to avoid a lot of those terms, but this is where the system is watching logins, noticing that there's a problem and going ahead and stopping it, not just noticing that, but stop. Very important to do. There are a high number of locked accounts, which means what it means that again, someone's been trying to log in. You should make sure that your account, if there are invalid, lock-ins automatic. Locks it out after some number of attempts and five attempts is usually considered to be okay. [00:10:14] I know on my phone, for instance, I have a higher number of the neck, cause sometimes the grandkids get at it. But when it comes to your business account, when it comes to your bank account, you probably don't want to have a whole bunch of. Of a attempts, and then in known or valid or invalid, I should say user attempts again. [00:10:36] Why are they trying to log in with a username that just doesn't exist? Yeah, it can be a problem. Hey, when we come back. We're going to talk about some steps. Like you can take here to really remediate, maybe even stop a password spraying attack. I've already given you a few ideas here, but what are some act of things that you can do, particularly for a small business to really protect yourself? [00:11:04] Hey, stick around. We'll be right back. Craig peterson.com. [00:11:10] Russia has, hacking our
82 minutes | Mar 12, 2022
What Can Be done About Russia? What Can You Do?
What Can Be done About Russia?What Can You Do? There is a whole bunch going on when it comes to Russia, of course, the invasion of Ukraine. Why are people calling to have dot RU deleted? This is really a big deal. And if you're watching from home, I'm going to go full screen on this article. [Automated transcript follows.] [00:00:23] This is an article from ARS Technica, and I've been talking about it all week, which is that I can won't revoke Russian in Jeanette domains, says the effect. Devastating. This is frankly pretty darn fascinating to me because I can, as this international organization, it was put together in order to help make the internet international. [00:00:49] And I'm not talking about the data international, but control of it. A lot of countries work. Because of course the internet was created in nodded states. It was created by us tax payers, money for the DOD. And it was designed to be very resilient, in fact, so resilient that there could be a nuclear blast and that nuclear blast and. [00:01:13] Causing problems, but yeah. Yeah, the internet is still going to work. And the whole idea behind it was you could have multiple routers. They're all talking to each other nowadays. They're talking BGP four and they can say, how can I get from here? To there. And so the idea behind BGP is they all share this information once the least cost way. [00:01:36] What's the easiest way to post way. If you will, for me to get from point a to point B and it changes all the time. So you might be on a phone conversation. You might be listening to me right now, online streaming or watching the video you might be doing, who knows what out there with digital communications. [00:01:57] But the communications channel that you think you're using, where the data is going from, let's say my microphone, ultimately to your device, your ears, that data path, once it becomes dated. Can be changing multiple times a second. Now it actually changes quite a bit. Initially as these internet backbone routers, send the least cost, routing information back and forth to, and fro a very good thing, frankly, because it helps to speed everything up. [00:02:28] And there's other tricks that we're using you. Might've seen. For instance, Akamai and some of the URLs before have sites that you've gone to, and that's called a content delivery network and that helps get the content to be closer to you. So if you're on a website in California and you're in New Hampshire, that website video, that website graphic, et cetera, is going to be coming from a server local to me here in New Hampshire. [00:02:59] All right. That's how that all is supposed to work. So we have names you guys know about that internet, domain names and those domain names. You already know those are turned into internet addresses, and those addresses are then used by the routers to figure out where to go, how to get the data. The problem that we're having right now, of course, is Russia seems to be substantially abusing the intranet Putin, put a kill switch on to the Russian internet sometime ago. [00:03:31] And the idea behind the skills, which was, Hey, listen, if we don't want the world to be talking to us, we'll just cut it. Now he's tested it a couple of times, but what he has not done is shut it down and he hasn't shut it down. As part of this Ukraine, more, what they did is they passed laws saying, Hey, if you publish something that disagrees with what we're saying, you get 15 years. [00:03:59] And even these people who've been protesting on the streets, they're getting a bound 60 days, 30 to 60 days in jail, just for protesting what's going on. So a lot of people have been saying why don't we just, we turn off the Russian internet now we're not going to use Putin's kill switch in order to shut it all off. [00:04:19] We're not going to do a well, a few things. She decided not to do, denial of service attacks, et cetera. Although there are hackers doing that and we are going to talk about that today, but they're saying what? Let's just go ahead and let's kill their dot R E. The country domain. And I can, the guy who heads it up said, Hey, listen our mission is just to make sure that the internet works. [00:04:46] So shutting off the dot R U domain so that no one can go ahead and. We send right. A request out to the domain name servers and get a resolution to an IP address. So if you try and go to Kremlin dot REU or something, you will get blocked and you will get blocked. Not blocked. No, I like the great firewall of China or of Russia. [00:05:10] Now they've got one going pretty good. Yeah. Thank you. You ain't using us technology. It's crazy. What we've got. But what it does is it says, oh, I hide dot, are you, I don't know. What are you talking about? So there have been a lot of people who have been pushing for it. And you'll see on my screen here that you cranes requested to cut Russia off from some of these core parts of the internet. [00:05:35] And I can, which is the internet corporation for assigned names and numbers. I couldn't remember what that was earlier said that I can must remain neutral and their mission they say is not to take punitive actions. It's to make sure the internet works. So are they really taking punitive actions of the cat Russia off? [00:05:56] It's really interesting to me because look at what has been going on. You've got companies like Facebook as the great example who has gone ahead and just shut off people. They didn't like what they were saying. My goodness. At one point of you said you should wear a mask during this pandemic. [00:06:15] You would be cut off from Facebook. And then of course, if you said, no, you don't, you shouldn't don't need you, you shouldn't wear a mask that at that point you would be cut off, because science right. Sciences, we know exactly what we're doing now. It goes on and on. If you said that it came from a lab in China, you would have your account suspended. [00:06:35] Now of course their whole tune has changed and yeah probably came from a lab in China. It's crazy what these people have been doing. So we have arbiters of truth, who are some contractors sitting in their home or wherever it is the contractors for Facebook that are going through posts that people are flagging as Incorrect as fake news. [00:07:02] So what happens is people say fake news and then that goes off to their team that then looks at it and says okay. Yeah, fake news because we disagree with it. It just blows my mind. We have to have free and fair and open discussions. Don't we. You have that line at Facebook and Google does some of the same. [00:07:22] A lot of these sites do a lot of the same. You get our major media outlets that are all deciding what they want to report on and what they want to label as fake and fake news. I'm just shaking my head because it's hard. It's hard to believe. What about. Russia is putting out fake news, as I've said many times before the E the first casualty in war, this isn't my quote. The first casualty in war is what, it's the truth. So if truth is the first casualty, then that means we've got a lot of propaganda going on. We had propaganda coming out of Ukraine. We've caught some of those, like the, what was it? The. Chat goes, fighter, pilot, whatever it was who had killed, what was it? [00:08:12] Five Soviet or Russian jets, Soviet era using silver deer, techno era technology on the part of the Ukrainians turns out well. Okay, that, that was false news. That was fake news. The whole thing about snake island, where you had that Russian military. I know what it was a frigging but anyways boat sitting there saying we are a Russia. [00:08:33] Warship, you will surrender or, whatever. Do you remember that snake on just the small place, 13 guys and supposedly they shelled it and they killed all 13 turns out that was probably fake news as well. So that's from the Ukrainian side and on the Russian side they hardly reported I as to how many. [00:08:57] The we're in fact, initially for quite a while, they were saying there are no desks. Then at the same time, the Ukrainians are saying they're 2,500 Russians dead. And that number keeps going up, who knows what it is today. It gets really crazy in the time of war. So if Facebook is going to stop someone from saying don't wear masks or do wear masks, depending on what day of the week it is basically right. [00:09:20] Wednesday. It's okay to say that Thursday is not okay to say that we're back. No it's not. Or then why can't that type of censorship? Move on to the next. I that's a big question I have now. Should we be shutting it off? I'll pull this back up on the screen again. And it, this article from ARS, Technica is saying that experts have warned, whoever they are that shutting down the dot R U domain. [00:09:53] Is going to cause just incredible problems for Russians, which man would it ever talking about a major blow to the economy. And it would also cause problems for people who are trying to find out more truth about. Russia cause you couldn't get to their site. Now we've seen some amazing things in Russia. [00:10:15] We had the Russian, one of the Russian news agencies are T which is broadcasting and here in the U S that their entire staff just walked out saying, forget about it. We're not going to promote this fake news, but this is a little to do trip question me personally. I don't think anybody should be censoring any. [00:10:38] For almost anything. Yo, there are some limits, but they're pretty extreme in my book. I'd rather know someone is an idiot because they're allowed to say stupid things, and counter, counter it, counter their arguments. You've got to have discussions [00:10:54] Microsoft. Yeah, they've been around a long time. They've been helping us. They've had lots of cybersecurity problems. People use Microsoft software on their desktop. Some people use it for servers, which is crazy, but listen to what they're doing now. [00:11:10] This is a little concerning. I'm going to pull this article up on the screen. [00:11:15] For those of you who are watching a long, either on rumble or YouTube ARS, Technica article, they have some really great articles. This particula
83 minutes | Mar 4, 2022
Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools
Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools This is a big deal, quite literally a big deal. Russian malware. We have been able to track it down now, track it down to a single site. All of these bad guys are in one building in Moscow. [Following is an automatic transcript] This is a very big story and it's a bit of a scary one as well. We've had a lot of ransomware over the years and a lot of ransomware. Have you had it yourself? I bet you, if you haven't, someone who has had ransomware because frankly it is pervasive in every aspect of pretty much everybody's life out there. [00:00:40] So when you get hit with ransomware, Lately something a little different has happened. It's really gone through three phases. The first phase was the ransomware would get on to your system. Usually it came as an attachment, probably embedded in like a word file it's been embedded in PDFs, embedded in all kinds of stuff. [00:01:03] Even drive by downloads on websites, have brought malware. But in this case yeah, it was annoying. It was a problem. It would give you a red screen. You've probably seen it before warning about the ransomware and it told you, okay, here's what you can do to get your files back. And in order to get your files back, you usually. [00:01:25] To go to some exchange online, take dollars, buy of course, Bitcoin, or some other cryptocurrency. And then that cryptocurrency would be used in exchange now for you to get a key that would hopefully decrypt everything. And in reality, it often didn't encrypt hardly anything. So it's been a problem and a problem for a lot of people. [00:01:51] The FBI said that at the time. So this is a gen one of ransomware. You were lucky if 50% of the time you got all your data back, gen two of ransomware is when the bad guys started getting a little bit smarter. They didn't just take your files. Thumb and then say, Hey, pay up buddy. What they did at this point is that got onto your systems and they poked around. [00:02:14] They went we call in the industry, east west on the network. So they got onto you, maybe your kid's computer may, maybe you were hooked up via VPN to the office to do work. And it wasn't a great VPN. And the kid's computer had that virus and that virus weaseled his way all the way over the VPN, directly to the office, because remember. [00:02:37] VPNs are. A network private in that. Yeah. Okay. It's encrypted. And so someone who's got a wire tap isn't necessarily going to get anything, but it's a VPN, it's a tunnel. And that tunnel was used a many times for malware, like brand summer to creep over to the office network. That's an east west is going from. [00:02:57] One machine to another machine. And in businesses, man, you saw that one a lot as that ransomware moved around. So that was the second one. So the rents were going on the machine. It would then look for files that is. You might not want to have exposed. So it looked for files with bank account numbers in them, social security numbers, maybe intellectual property. [00:03:25] We saw a lot of that. Theft is continuing to go on primarily from the Chinese and then an intellectual property theft. And what happened next? While of course it ended up moving the data, the files, and then what they would do. It's encrypt your desk. So before they gripped your desk, they got copies of all of the stuff they thought might be important to you. [00:03:48] So now the threat was in version two of ransomware pay up, or if you don't pay up, you are going to have to pay us to not release your files. If you didn't want all of that client information online, if by law, you would get nailed for having that client information out online. And that's true in most states now, and the federal government's from putting some teeth on some of their laws as well, then what are you going to do? [00:04:17] Yeah, you paid the. So that was version two version three that we're seeing right now of ransomware is simply destructive. And if you go way back in history, you may remember I got hit with the Morris worm, which was one of the first pieces of nastiness out on the internet. And that was early nineties. [00:04:41] My business that I owned and was running, got hit with this thing. Even before that, There was ran. There was a nasty where viruses, if you will, that would get on the computer and destroy everything. It was just a malicious, as I remember, somebody at UC Berkeley, some researcher in it. And he didn't like what that of the researchers were saying about him. [00:05:03] So he put some floppy disk together and on them, he put. Erasing malware and shared all of the stats with anybody. And of course, you plugged that disc into your, that little floppy disc into your windows computer. And it says, okay, I'm going to go ahead and open it up. And, oh, look at this, a virus. [00:05:24] And so he then wiped out the computer of everybody else. That was a competitor of his out there in the industry. Yeah, a little bit of a problem if he asked me, so how did that end up getting around? What ended up happening while everybody got really upset with him, nobody really found out what was happening, who did it, et cetera. [00:05:47] That's what's happened. Now, so version three of malware is like some of the very first malware we ever saw version three of ransomware. So some, again, some of that very first ransomware was pretty nasty is not the sort of stuff you want to see running destroying files, but at least you could get back from a. [00:06:08] Nowadays, a lot of people are doing backups by attaching a disc directly to their machine, or they're backing up to another machine on the same network. Remember that whole east west thing, you didn't want the data going back and forth, it causes problems. Yeah. So what happens now? The Russians apparently are just trying to cause havoc with businesses, anybody who has decided that they're going to be anti-Russian in any way there they're attacking. [00:06:41] So they'll, reraise your desks. They'll erase all of your data. If you have backups on that thumb drive or that USB external. The good news erase that if you have backups on another machine, on the network, hopefully from their standpoint, there'll be able to get onto that machine and erase all of your backups, which is again, why we'd like 3, 2, 1 backups. [00:07:02] At the very least, there's some others that are even better. And if you're interested, send me an email firstname.lastname@example.org. I'll send you a webinar that I did on this. I'm not charging you for. But it was a free webinar to begin with what a webinar on backup and how to backup properly and why to do it this way. [00:07:22] Again, me, M E Craig peterson.com. Be glad to do that. What we're seeing now is a huge problem. Let me see if this is going to work for us. Yeah. Okay. It is. I am, by the way, live here we go on my computer. So people who are watching. I can see my desktop. So here we go. This is Russian companies who are linked to this Russian malware. [00:07:52] Ransomware are hiding in plain sight is what they're calling it. So what does it mean. To hide in plain sight. While in this case, what it means is money that's been paid by American businesses to these Russian ransomware gangs, some of who by the way, are actively going after anyone that criticizes Russia found these American researchers. [00:08:18] Yeah. Led to one of Moscow's most prestigious addresses. You can see it up here on my screen. This is a New York times article. It's just a random actor, journalism people, sometimes even the New York times gets it. And they're saying millions of dollars have gone through this. So they've been tracing. [00:08:38] Where did they go? The Biden administration has also apparently zeroed in on the building is called Federation tower east. It's the tallest skyscraper in the Russian Capitol. How would that be to have a business and just this beautiful tall skyscraper and have a view that would be really cool. So they have targeted some companies in the tower. [00:09:00] As what it's trying to do is stop the ransomware guy gang. Maiden cryptocurrencies. Russian law enforcement usually has an answer to why don't you just shut down these bad guys that are out there trying to steal all of our money. They say there is no case open in Russian jurisdiction. There are no victims. [00:09:19] How do you expect us to prosecute these honorable people? That apparently is a quote from this Massachusetts based secure cybersecurity. Called recorded future, but I'm looking at a picture it's up on my screen right now. You guys can see it, but this is the Moscow financial district called Moscow city. [00:09:38] 97 floor Federation tower east. This is really pretty, you wouldn't know this isn't like London or any other major European capital. There's some cranes in the background building up new buildings. Cyber crime is really fueling some growth there in Moscow, which is, if you ask me the exact reason why lad is happy as a clam to just go ahead and have these Russian cyber crime guys. [00:10:11] Just go and bring money in right. Money is bringing in great money for them. The treasury department, by the way, it's estimated the Americans have paid $1.6 billion in ransom since 2011. Huge one ransomware strain called RIAA committed an estimated $162 million. Last year. It is really something. [00:10:35] So when we come back, we've got a lot more to talk about. We're going to talk about the cloud. If it's more secure or why is it calm, broken, give masks work. Why aren't they working right. Anyways, we'll talk about that. When we get back and visit me online, Craig Peter sohn.com. [00:10:54] Stick around. [00:10:57] I hate to say it, but there's another big scam out there right now. And it is hitting many of us, particularly the elderly quite hard. We're going to talk about that right now, what you can do about it and how you can recognize when it's happening. [00:11:13] Interesting article that came out in Wired. [00:11:16] And it's talking about a serious problem. I'm going to show you guys who are watching I have this on Rumble, YouTube, Facebook as well. So you guys can see a lo
83 minutes | Feb 26, 2022
Considering a change in employment? Apple/China/Green Army/Bitcoin seizure and Cybersecurity Jobs!
Considering a change in employment? Apple/China/Green Army/Bitcoin seizure and Cybersecurity Jobs! Apple has upended a lot of industries over the years, and it is about to upend yet another one. Square is a company that has been making a lot of money and its run by same guy that ran Twitter. You know that Rasputen-looking guy? What's Apple doing to the finance industry? [Following is an automated transcript] This is a real big deal. Apple has been for a long time upending industries. [00:00:23] You might remember, of course, the music player. In fact, I still have an old MP3 player. You can't really see it very well from this angle, but it was right over there. And then. And it was a five gigabyte player. Just amazing thing was huge. It was actually designed by digital equipment corporation, licensed by this other manufacturer, put them together. [00:00:44] Great audio quality. They had these little costs, headphones that came along. I loved the thing. Absolutely loved it. And apple came along, they weren't the first and they introduced their own MP3 player. That was called an iPod. And it did very well. It just slaughtered everybody else. You might remember the Microsoft came out with their zoon and many others came out with their own little MP3 players. [00:01:12] No, nobody could touch our friends over at apple with their iPod. And then what happened? Around 2010, think for a minute. What new product did apple introduce around 2010? Of course it was this right. It was the I phone now the iPhone cut dramatically into Apple's market and for a good reason. It was a phone. [00:01:38] It was a smart phone. It could play all of your music. I still have and still use 120 gigabyte. I iPod. At the kind of the classic I think is what they had called it. And 120, it was just amazing. Just that much music. Of course, me, I have a lot of lectures, a lot of audio books and other things I listened to on that, on those iPods and what happened. [00:02:05] Of course. Now you can get these I-phones with a terabyte of memory in them, just incredible amount of space. And that's a pretty good thing, frankly, because you can store everything. But at the same time, our networks are getting faster. Aren't they? So our networks, like what we have for our cellular phones and stuff are faster than they have ever been. [00:02:29] So you don't really need as much storage do you, as you used to have. On your phone or your iPod or your MP3 player. So it's an interesting game. How much space do you need? And I'm asked that all of the time and the newest iPhone is coming out, have a lot more memory. I think they have eight gigabytes of Ram in them. [00:02:48] And as I said, a terabyte of storage. But what apple was doing is saying, Hey, we own this iPod market, the MP3 player market. And of course it's more than just MP3s, lot of other formats out there for the music or audio books, but they owned it. But they knew that if they were going to survive in the industry, they had to do something else. [00:03:13] Came out with a product that competed with their award winning and just top of the line product, the iPhone and your iPhone works every bit as well as an iPod ever did. And of course ever so much better because now you don't have to download the music on your iPhone to listen to it, to you. You can stream it over the internet, over wifi, right over the cellular data connection, those things we've gotten fast. [00:03:38] Two great option for. What Apple's doing now is saying we need to append another market. Have you ever had, again, like you, you got your phone, right? And let's say you're a small merchant, maybe your coffee shop, or maybe you're even smaller. Maybe you're just out at a flea market selling stuff that you might want to peddle. [00:03:59] You have to get an, a credit card. Don't you. And back in the day that credit card reader would plug right into the headphone Jack and with a headphone Jack, you'd be able to go online. No problem. Life is good. And once you're online, then you can take the credit. Now you didn't just have to go online with your iPhone, but you had to be able to go on line with your phone and the reader, because when they got rid of that wonderful little headphone port, you now had to use Bluetooth, didn't you and you still. [00:04:37] So you get that reader from square or that reader from PayPal or somewhere else it's acting as your merchant account. And that reader then uses Bluetooth to talk to the phone and then it can read the credit card or the chip. And of course, with the chip it's by directional, it has to get the information to, and from that trip, And then you've got the credit card that you can process all well, and good. [00:05:04] We're all happy about that, but here's your next problem? Bluetooth. Isn't always working. That reader has to be charged. Did you charge it before you brought it before you started using it? So apple said wait a minute. In our I-phones we have built in a few different things. Do you ever used apple pay? [00:05:25] It's probably the safest way to pay online bar? None. It doesn't actually give the merchant the credit card. And it gives them a code that they can read Dean in order to go ahead and get the money from the transaction so that transaction can then be redeemed by the merchant. And that's all stuff handled by your merchant account. [00:05:48] You don't have to worry about it makes life. However now what they've done is they've said let's reverse this. You can use your iPhone with apple pay in order to pay for things. And it has, what's called near field technology in it that allows it to act like those tap and go credit cards I've ever used. [00:06:08] One of those where you can just tap it and it makes the transaction happen. Pretty simple. So it has that in there, but it also has the ability. To read those tap and go transactions. So it's going to be interesting to see exactly what happens here. This is a very big industry. There is a whole lot of money in it, and there's an article this week from our friends over in ink magazine. [00:06:36] I got up on my screen for those who are watching a video here on rumble or YouTube. And it's talking about this feature that they introduced quite quietly. Because this new capability is going to change things. Now you are still going to have your merchant account. So you still might have to have a Stripe or a PayPal or direct merchant account with your bank. [00:07:02] But this is allowing contactless credit and debit cards and other digital wallets to be able to be read from any one's iPhone, which is really quite. Now there's things like Venmo and others out there that people use. My kids use a lot more than I do, but they use it to send money back and forth to each other. [00:07:23] It's a pretty good little thing that they've got going, but with something like this, you wouldn't even need to use a Venmo. So those are the guys that are going to get really nailed by it. And Stripe really is phenomenal. It's so easy to use and I use it as well. I use. For my courses. If you sign up, for course, to almost always going through Stripe, I know there's some other alternatives out there right now that are a little more friendly to the non-mainstream, but I haven't been able to integrate those yet in Vermont payment processors, but there's still going to need it. [00:08:01] You can use cash app, Venmo. It's not going to stop you from doing any of that, but it does stop you from having to have another. Piece of equipment with you, which is just something else to go bad, or dig to have, get dirty to, to not be able to work for you. So we'll see what happens. This is cutting out. [00:08:22] These companies like square. They'll no longer be able to. Have from the front to the back, they'll still have the back, frankly, but they'd be able to accept payments from pretty much anything that's contactless, which is I think a very good deal. We'll see what happens. But again, this is not apple going after Apple's existing customer base, like it did with the I Paul. [00:08:50] Transition to the I phone. This is apple going after another piece of the retail space. And remember what I said earlier, it's not even just that app. Has the ability to enter market, but we've seen time and again, where apple enters a market that's already established. It's not quite mature, right? You haven't had all of those acquisitions going where the companies are buying each other up, but it is going to make a huge difference because again, apple up. [00:09:23] And apple has ties in to a couple of banks that they use for processing their apple cards. Think it's Goldman Sachs, and they could potentially provide you with the merchant account stuff on the backend. So I think that's pretty cool. And it's going to allow us all to have a cashless. The yeah, if this was a political show, that's probably what we'd be talking about. [00:09:50] Wouldn't it? Because there's certain problems with doing that as well. Hey, I want to invite everybody to take a few minutes right now. I am making some changes. I've been working on some of these for weeks, but I've got a lot of clients. I've got two. Take care of first, right? I've been doing a lot of CSO work, CIS, so chief information security officer, just on a fractional or part-time basis as a contractor for a few different companies to try and keep them up-to-date with all of the latest in technology. [00:10:22] So it's been really fun, but I haven't been able to do everything I want to do yet on the radio show. So my wife and I are reaching into our pockets and we're going to be hopefully pulling out somebody to help us with some of this, because what I want to do is send. My show notes to you guys every week. [00:10:41] So you can see what I'm talking about. You have the direct links, as well as my newsletter, and I want to start doing my Wednesday wisdoms trainings more regularly. It's really hit or miss. So trying to do all of that, and I'd really appreciate it. If you would go right now to Craig peterson.com and make sure you sign up right there for my email list, Craig peterson.com. [00:11:07] Get it. All right. [00:11:10] We've been very worrie
82 minutes | Feb 19, 2022
Are You Ready For "Shields Up"?
Conservative/libertarian host Craig Peterson is heard throughout New England every week giving his opinion on Cybersecurity, new Technologies, and Government involvement. This week, Craig talks about the latest announcement from the Feds: "Shields Up!" They're warning about Cyber attacks against the US. Coming from Russia, they expect untold carnage. But how likely is it? Also this week: Senators trying to spy on all our digital information (including a RINO Republican). The "Right to Repair" backfires. Six reasons Meta/Facebook is failing. The top Cyber problems in 2021. More malware attacking Apple Mac computers. The five things businesses need to do for Cyber Security right now. We've got a big alert from this CISA. That's our cybersecurity and infrastructure agency to come down about a week or so ago. It's been going up and down and of course the tensions out there are causing problems. So let's talk about it. [The following is an automated transcript.] [00:00:17] CISA is an agency of the federal government. And it's one that I follow frankly, pretty closely, because they are the ones that are supposed to be helping us in industry, as well as helping the federal government keep their security stuff in order now, are they well, yeah, they are. They are, but the bottom line is they've got a whole bunch of rules. [00:00:44] Cool new things. And I'm going to show that to you here. This is called shields up over at CISA. For those of you who are watching online, you'll be able to see it right here. So let me just switch over. You've got it up now. Let me just go full screen on that so you can see the whole thing, but this is see. [00:01:06] C I S A.gov and they have a whole ton of cybersecurity resources there. One of the things I hear the most from people is just how freaking difficult it is to try and keep track of things, even understand the regulations, let alone learn all of this stuff, but you can see on their site that. [00:01:28] Training and exercises summit, that's coming up, combating cyber crime, and many other things. So what we're concerned about right now is. But this whole thing with Russia. Now you've heard about Russia or a lot, of course we've caught the germ report talking about Russian fake collusion, frankly. And we have Russians who have been hacking us. [00:01:53] In fact, I've got an article on that today. Let me pull that up as well. You'll be able to see it. It is an incredible thing when you get right down to it. What Russia has been trying to do is attack and steal things directly from our agencies, right? The DOD as well. If you are a contractor, You are in a great deal of trouble. [00:02:18] I don't have that article handy, but they are going after all of our friends at the DOD and all of their contractors and subcontractors. So what happened? There was technology that was supposed to believe be implemented at all of the contractors that of course did not get implemented. So that's a problem if you ask me, but it's now changed. [00:02:43] Okay. 2022, what has happened? 20, 20, 22, they decided that the regulations that were in place were not tough enough. Not even close to being tough enough. So what. Is they added teeth, incredible teeth to these what are called CMMC regulations, which are the regulations that are about the cyber security maturity, if you will, of these DOD contractors. [00:03:12] So now we're looking at this article, I'll pull it up on my screen again here that this has particular ones from security Boulevard, but it is warning about the risk of the Russians really hacking us. Now that's nothing new. We've known about that for a long time. We've known that the Russians and the Chinese are both trying to get in. [00:03:34] I have customers who I picked up after they'd been hacked. And in fact, in most cases they didn't even know they'd been hacked was just something weird that was going on. So this alerts highlighting several cybersecurity vulnerabilities that these nation states and cybercriminals are likely to be leveraging. [00:03:56] And they've outlined certain steps that organizations can take to reduce the risk. So what are those steps? I'm going to bring them up right now for those of you who are watching, but I may make it a little. How do you do this while they're saying let's break it down. We want you to reduce the likelihood of a damaging cyber intrusion. [00:04:19] Again, sisa.gov. If you want to follow along at home, cis.gov, validate that all remote access to the organization's network and privileged or administrative access. Requires multi-factor authentication. We're setting that up for a company right now. In fact, ensure that software is up-to-date prioritizing updates, that address known exploited vulnerabilities identified by CISA. [00:04:44] So you see that link that's right there. That brings us to this massive. Database, if you will of known vulnerabilities just 38 pages, 377 known vulnerabilities. So how does this work? When you get right down to it, you can look at the CVS. CVS over here on the left. If you cook on one of the CVS. [00:05:07] It gives you some really good information, including some information about how to fix it, how to patch it and what the severity is. So what you want are those that are being actively exploded in the wild, basically 10 or a nine. There is a scale of zero to 10. Probably not even zero, but that's where the scale is. [00:05:31] You notice here, by the way I add Dole bay is their top one. They are terrible when it comes to a lot of their software. So you can start. By whatever you might want to sort it by when it was added the action and the due date, which is for again, federal government people and federal government contractors and there's notes there as well. [00:05:55] So this is something, if you are responsible for the cybersecurity in your business, you might be the office manager. That's so common in small companies and as the office manager, you are supposed to be. In charge of the computers. I can tell you with a great deal of assurance that most of the companies that are providing computers service are not providing these types of updates in a timely manner. [00:06:25] Why because it's difficult to do so you have to do it. You have to track it. Okay. So shields up, let's go right back to that. They're talking about the other things that you should do. If you're using cloud services, this is just incredible because there's more. To do Microsoft. I had to put this in a proposal this week because the company didn't realize you're using all of this Microsoft 365 thing. [00:06:53] You've probably heard about that. They've got email, they've got SharePoint, they've got all these other wonderful services and it's nice in an expensive to use, but here's your. The problem is that these particular services don't provide you with backups. It's not a guarantee, data, integrity, any data loss is your problem. [00:07:15] And Microsoft has been sued on this unsuccessfully so far I might add. So just because it's in the cloud, not only does it mean it's not safe, it is just another word for someone else's computer and it can be completely. Unsafe. So you gotta watch it. You gotta be careful. So CSUs warning about that. [00:07:35] They've got this free hygiene service. Now I applied for this. I'm going to pull this up again on my screen here for those who are watching live. But. The hygiene services. Very interesting because they say, Hey, listen, we'll go ahead and do it. And these CSUs cyber security assessment services are available at no cost, so who can receive them. [00:07:58] Now, remember, I'm involved with the infra guard program. I put together their training for two years, I established that whole program training thousands of government and business sector people on cybersecurity. So you'd think they would respond to me. This is a huge program. There are people have probably even been on my webinars that I've held. [00:08:23] They didn't get back. They say, okay, you can receive these free services while federal state, local tribal territorial, government, public, and private sector, critical infrastructure organizations will that to me, my clients, every last one of my clients is in a critical infrastructure service. [00:08:43] Now it can be a dentist office. That's pretty critical. Just ask someone, who's got an infection. It, I have other people who are in the DOD. Base or providing materials and also products, manufactured products to government contractors, et cetera. So did these people get ahold of me return my email? No, nothing. [00:09:07] So you can have look at this if you want to. But I got to tell you, it really turned me off from some of these CSUN people. So anyways, you can sign up, but you can't get it right. Take steps to quickly detect a potential intrusion. There's a lot of subsets here. You can see on my screen, or you can just go to sisa.gov/shields-up. [00:09:29] I'll try and put a link to this in my newsletter this week ensure the organization is prepared to respond. If an intrusion occurs, that's a very big. As well, you have to have people, you have to have drills. You have to know what's happening when to do it. This is everybody right? This is HR. This is your public relations people. [00:09:47] This is your it people. This is everybody all the way through the business. They've all got to be involved in this maximize the organization's resilience to destructive cyber incident. What is the. What has been happening lately? Coming out of Russia, isn't just ransomware it's they destroy your data. [00:10:07] A very bad thing. If he asked me, and if he asked a lot of other companies out there, so you got to understand this, you got to be careful with this. Make sure you are following this rather closely, frankly, and this type of alert it's there. It's going to be there for a long time. No question about it. [00:10:25] Shields. I liked that. I think it's neat. Obviously we got some star Trek fans in the work, so I don't know, just star wars have the, they have shields, but I don't remember them saying chills up. That was a card thing. Wasn't it? So there you go. Every organization is at risk. This is a
43 minutes | Feb 12, 2022
Is Your Email On The Dark Web? Let's Check Now!
Is Your Email On The Dark Web? Let's Check Now! Do you know how to find out if you have had your private information stolen? Well, you know, the odds are probably that you have, but where was it stolen, when, and what has been stolen? How about your password and how safe that password is? We're going to show you real hard evidence. [The following is an automatic transcript.] [00:00:16] Knowing whether or not your data has been stolen and what's been stolen is very important. [00:00:24] And there is a service out there that you can go to. They don't charge you a thin dime, anything, and you can right there find out which of your account has been compromised. And. Out on the dark web. Now the dark web is the place that the criminals go. That's where they exchange information they've stolen. [00:00:49] That's where they sell it. That's where you can buy a tool to do Ransomware hacking all on your own. Far less than 50 bucks. Ransomware as a service is available where they'll do absolutely everything except infect people. So you just go ahead and sign up with them; you pay them a 20% or sometimes more commission. [00:01:12] You get somebody to download, in fact, to themselves with the Ransomware, and they do everything else. They take the phone call; they find out what it is. The company is doing, and they set the ransom, and they provide tech support for the person that got ransomed to buy Bitcoin or sometimes some of these other cryptocurrencies. [00:01:38] In fact, we've got another article in the newsletter this week about cryptocurrencies and how they may be falling through. Floor because of Ransomware. We'll talk about that a little later here, but here's the bottom line. You want to know this. You want to know if the bad guys are trading your information on the dark web; you want to know what data they have so that you can keep an eye on it. [00:02:11] Now you guys are the best and brightest, you know, you have to be cautious, or you wouldn't be listening today. And because, you know, you've been caught, you need to be careful. You have been cautious, but the time you need to be the most cautious is right after one of the websites that you use that hasn't been hacked because the fresher, the information, the more it's worth on the dark web, your identity can be bought on the dark web for. [00:02:38] Penny's depending on how much information is there. If a bad guy has your name, your email, the password you've used on a few different website, your home address, social security number, basically the whole shooting match. They can sell your personal information for as little as. $2 on the dark web. That is really bad. [00:03:02] That's sad. In fact, because it takes you a hundred or more hours. A few years ago, they were saying about 300 hours nowadays. It's less in order to get your identity kind of back in control. I suspect it probably is closer to 300, frankly, because you. To call anybody that pops up on your credit report. Oh, and of course you have to get your credit report. [00:03:29] You have to review them closely. You have to put a freeze on your. Got an email this week from a listener whose wife had her information stolen. He had lost a wallet some years ago and she found because of a letter that came saying, Hey, thanks for opening an account that someone had opened an account in her name. [00:03:51] Now the good news for her is that it had a zero balance. Caught it on time. And because it was a zero balance, it was easy for her to close the account and he's had some problems as well because of the lost wallet a few years back. So again, some basic tips don't carry things like your social security card in your wallet. [00:04:17] Now you got to carry your driver's license because if you're driving, the police wanted, okay. Nowadays there's in some ways less and less of a reason to have that, but our driver's license, as you might've noticed on the back, many of them have either a QR code or they've got a kind of a bar code scan on them, but that big QR code contains all kinds of information about. [00:04:41] You that would normally be in the online database. So maybe you don't want to carry a bunch of cash. Although, you know, cash is king and credit cards can be problematic. It kind of depends. And the same thing is true with any other personal identifiable information. Keep it to a minimum in your wall. But there is a place online that I mentioned just a minute ago that does have the ability to track much of the dark web. [00:05:13] Now this guy that put it together, his name's Troy hunt, and Troy's an Australian he's been doing this. Public service for forever. He tried to sell his little company, but the qualifications for buying it included, you will keep it free. And there are billions of people, or I shouldn't say people there's billions of requests to his website about people's private information. [00:05:42] So, how do you deal with this? What do you do? Well, the website is called, have I been poned? Have I been E and poned P w N E D. Ponying is an old term that comes from. Uh, these video games before they were online. And it means that basically I own you, I own all of your properties. You've been postponed and that's what Troy kind of followed here. [00:06:11] Have I been postponed to.com is a website that you can go to now. They have a whole bunch of other things. They have API calls. For those of you who are programmers and might want to keep an eye out for your company's record. Because it does have that ability as well. And it has a tie ins too, with some of the password managers, like one password to be able to tell is my new password, any good. [00:06:41] And which websites have been hacked. Does that make sense? And so that is a very good thing, too, because if you know that a website that you use has been hacked, I would like to get an email from them. So the first thing right there in the homepage, you're going to want to do. Is click on notify me. So you ensure in your email address, I'm going to do that right now, while we're talking, they've got a recapture. [00:07:12] I'm not a robot. So go ahead and click that. And then you click on the button. Notify. a lot of people are concerned nowadays about the security and safety of their information. They may not want to put their email address into a site like this. Let me assure you that Troy. Is on the op and up, he really is trying to help. [00:07:39] He does not use any of the information that you provide on his website for evil. He is just trying to be very, very helpful. Now his site might get hacked, I suppose, but it has been just a huge target of. Characters and because of that, he has a lot of security stuff in place. So once you've put your email address right into the notify me box, click on notify me of [00:08:06] Of course you got to click the I'm not a robot. So once you've done that, It sends you a verification email. So all you have to do at that point, it's just like my website. When you sign up for my newsletter, keep an eye out for an email from Troy from have I been poned.com asking you if you signed up for his notification service? [00:08:31] Obviously it is a very good idea to click on his link in the email. Now I caution people, it costs. And you guys all of the time about clicking on links and emails, because so many of them are malicious, but in the case of like Troy or my website, or maybe another one that you sign up for, if you just signed up for. [00:08:54] You should expect an email to come to your mailbox within a matter of a couple of minutes, and then you should spend just that minute or so. It takes to click on that email to confirm that you do want to get the emails from the website, because if you don't hit that confirmation, you're not going to get the emails. [00:09:17] Let me explain a little bit about why that is. Good guys on the internet don't want to spam you. They don't want to overload you with all kinds of emails that may matter may not matter, et cetera. They just want to get you information. So every legitimate, basic a guy out there business, a organization, charity that is legitimate is going to send you a confirmation email. [00:09:50] The reason is they don't want someone to who doesn't like you let's say to sign you up on a few hundred different emails site. And now all of a sudden you're getting. Well, these emails that you didn't want, I had that happen to me years and years ago, and it wasn't sites that I had signed up for. In fact, some of them were rather pornographic and they kept sending me emails all of the time. [00:10:19] So Troy is going to send you just like I do another legitimate website, send you an email. The link that you must click. If you do not click his link, you are not going to get the emails. It's really that simple. Now, Troy looking at a site right now has information on 11 billion pond account poned accounts. [00:10:47] Really? That is huge. It is the largest collection that's publicly available of. To count. So I'm, we're going to talk about that a little bit more. And what information does he have? How does he protect it? What else can you find out from? Have I been poned? This is an important site. One of the most important sites you can visit in order to keep yourself safe. [00:11:16] Next to mine. Right? Make sure you visit right now. Craig peterson.com/subscribe and sign up for my newsletter and expect that confirmation email to. [00:11:29] Have you been hit by Ransomware before? Well, it is a terrible thing if you have, but what's the future of Ransomware? Where is it going? We've talked about the past and we'll start with that and then move into what we're expecting to come. [00:11:46] The future of Ransomware is an interesting one. And we kind of have to look at the past in Ransomware. [00:11:55] Ransomware was pretty popular in that bad guy. Just loved it. They still do because it is a simple thing to do. And it gives them incredible amounts of flexibility in going after whoever they want to go. After initially they were sending out Ransomware to anybody's email address. They could find and hoping people would click on it. [00:12:24] And unfortunately, many people did click.
83 minutes | Feb 4, 2022
Are You Ready For the Latest Cyber Attack From Russia?
Are You Ready For the Latest Cyber Attack From Russia? Yet another warning coming out from the federal government about cyber security. And this one is based on what's been happening in Ukraine. So we're going to talk about that situation, the whole cyber security over there, and why it's coming here. [Automated transcript follows] CISA is the Cybersecurity and Infrastructure Security Agency. How's that for a name? It's not as bad as what does S.H.I.E.L.D mean? Over from the Marvel universe. But the cybersecurity and infrastructure security agency is the agency that was created to not just protect federal government systems, although they are providing information for. [00:00:41] People who protect those systems, but also for businesses and you and me and our homes. So they keep an eye on what's happening, what the various companies out there are finding, because most of the cybersecurity information that we get is from private companies and they. But it altogether, put it in a nice little wrapping paper. [00:01:06] In fact, you can go onto their website anytime that you'd like to, and find all kinds of stuff that is going to help you out. They've got a ton of documents that you can download for free little steps that you can take. It's at csun.gov, C I S a.gov. And they've got the known exploited vulnerabilities catalog. [00:01:30] That's something that we keep up to date on to help make sure our clients are staying ahead of the game. They've also got their review board securing public gatherings. They also run the stop ransomware.gov site that you might want to check out. And we'll be talking a little bit more about ransomware and the ways to protect yourself a little later today. [00:01:53] Now Seesaw is interesting too, because when they are releasing information, most Americans really aren't aware that they even exist. They do. And they've got a big warning for us this week. There's a site that I follow called bleeping computer that you might want to keep an eye on and they have. [00:02:16] I'll report just out this week that you, crane government agencies and corporate entities were being attacked. This was a coordinated cyber attack last Friday, a week ago, where websites were defaced data wiping malware was deployed and causing all of these systems to become not just a corrupt, but some of these windows devices to be completely. [00:02:45] Operable now that is a bad thing. The reason for this, this is speculation, but it isn't a whole lot of speculation. Right? Am I getting out of, on a limb here particularly, but the whole idea behind this is a cyber war, that Russia's got, what is it now? 130,000 troops, whatever it is over a hundred thousand. [00:03:08] On the border of Ukraine, they invaded Ukraine a few years ago. Russians shot down a passenger airline in Ukrainian air space. This that was a few years back. They've been doing all kinds of nastiness to those poor Ukrainians. They also had a massive ransomware attack in Ukraine. That was aimed at their tax software. [00:03:36] Some countries do the electronic filing thing a lot differently than the us does. A couple of examples are Ukraine. France is another one that comes to mind. We have clients in France that we've had to help with cyber safety. And we're always getting popups about major security problems in the tax software, because they have to use this software that's provided by the French government. [00:04:04] Ukraine's kind of the same way. The biggest. Company providing and the tax filing software for Ukraine was hacked and they use that hack to then get into the tech software and make it so that when that software was run by these Ukrainian companies, they would get ransomware. It was really rather nasty. [00:04:30] So the Russians had been playing games over in Ukraine for quite a while. But what's apparently happened now, is that a thing? Those things, same things are coming our way now. It's not just because of the fact that a Ukraine is being threatened, maybe they're going to encroach even more, take more than Crimea, which they did last time. [00:04:56] We're in the U S and what are we doing? President? Biden's been sending troops to Europe, troops to Poland, Germany, and also advisors to the Ukraine. He's removed the embassy staff, at least the vast majority of it from Ukraine. And I just I think. To what happened with his completely unplanned withdrawal that we did in Afghanistan and how things just got really bad there. [00:05:28] And I'm not worried about what's going to happen in Ukraine because the Russians aren't particularly fond of the idea that we are sending aid and support to. Yeah, it's a bad thing. President Obama sent them blankets, but Biden is sending them military weapons and ordinance, which is what they'd need to fight. [00:05:54] So Russia has shown that they will attack a country via electronic means cyber means, right? Cyber attacks. And so what's happening now is the bad guys from. That have been the facing websites and who have been doing more than that, wiping computers and making them completely unusable could well come after us because they're really going to be upset with what's happening now. [00:06:28] And that was CNN has reported the Ukrainian it services company that helped develop many of these sites was also a big. And of course that means bottom line, that this is what's called a supply chain attack. What I mentioned earlier with the Ukrainian tax software, that's a supply chain attack where you are buying that software, or you're mandated to use the software to file your taxes by the government. [00:06:58] And what happens while it turns out that software is contaminated, that's called a supply chain attack. Now crane issued a press release about a week ago, saying that the entities were hit by both attacks, leading them to believe that they were coordinated. This is a quote here. Thus, it can be argued with high probability that the interface. [00:07:24] Of websites have attacked government agencies and destruction of data by Viper are part of a cyber attacking, but causing as much damage to the infrastructure of state electronic resource that's from the Ukrainian government, not the best English, but their English is much better than my Ukrainian or Russian. [00:07:44] So you, crane is blaming these attacks on Russia, incomes, CS. So you says now urgent. Business people in the us and other organizations to take some specific steps. So quote, here from the Seesaw insights bulletin, the CSO insights is intended to ensure that senior leaders at the top of every organizational where the cyber risks and take urgent near term steps to reduce the likelihood and impact of a potentially damaging compromise. [00:08:19] All organizations, regardless of the sector or side should immediately implement the steps outlined below. So here's the steps and there are a lot of them. One I'm going to do these, you should find in your newsletter today. Hopefully that all made it in. But three basic things. One reduce the likelihood of a damaging cyber intrusion. [00:08:47] And we're going to talk about the best way to do backups here a little later on today. Make sure your software is up to date. Make sure your organization's it personnel disabled, all ports and protocols, not essential for business purposes. This is all basic stuff, but I got to say. I bet you, 98% of businesses and organizations, haven't done these things. [00:09:07] The next major category here, take steps to quickly detect a potential intrusion, and then ultimately maximize the organizations resilient to destructive. Incident. So that means doing things like testing your backup procedure, make sure your data can be restored rapidly, or you have a way to get your business back online quickly. [00:09:31] What we tend to do is in our backup strategy, depending on how much the company can afford, to be down. To be out of business if they lose all of their stock versus what it costs to do this, but we will put a server on site at the company and that server then does some of the backups, right? It does all of the initial backups. [00:09:55] And then what happens is it gets relayed to us. It gets pushed to tape and tape is really good. We'll talk about that in just a few minutes, but the other big thing is. The backup that we have local to their business also has what's called a virtual machine infrastructure built on it. So if a machine goes down, If it gets wiped or if it just crashes and can't be recovered easily, we can spin up that machine. [00:10:28] A copy of it in our little virtual environment in just a matter of minutes. So these are all things you should be considering. If you're interested, you can send an email to email@example.com. I can send you a checklist that a little more extensive than this, or I can help you with any other questions you have. [00:10:47] I get lots of questions every week from everything for on retirees, wondering what they should do all the way through businesses that we help government contractors and others. This isn't good. Russia is likely coming after us. Based on this. Visit me online. Craig peterson.com or email firstname.lastname@example.org with your questions. [00:11:14] With all of this talk about hackers, ransomware data, wiping systems. What's the best way to protect yourself, but what do you do to really protect against ransomware? I can tell you, it's not just plugging another hard disk into do backups. [00:11:31] We have a lot of problems nowadays. We've got so many hackers out there. We're talking about a multi-billion dollar industry to go after us. [00:11:43] It's just depressing. Really. When you think about it, I think about the old days where security, wasn't a huge concern, right? Physical security. I had one of my first jobs was at a bank and I was, this was back way back in the a G it would have been the mid seventies and I was one of the operators of the main. [00:12:09] And so as a mainframe operator, we'd load up the tapes and we would ship them places. We'd also go ahead and put them in the vault so that they were in a fireproof vault, and we could recover anything we needed to recover. It worked out pretty darn well, and it
21 minutes | Jan 29, 2022
Have You Been Phished? Email Spoofing is in full swing!
Have You Been Phished? Email Spoofing is in full swing! In this video, I review what's happening right now. The how, why, and and you can do about it!
85 minutes | Jan 29, 2022
Do You Know How Hackers are Spoofing You? All About Email spoofing!
Do You Know How Hackers are Spoofing You? All About Email spoofing! We just got an email this week from a customer and they're saying, "Oh no, my email has been hacked." What does that mean? Was it really hacked? We're going to talk right now about email spoofing, which is a very big deal. [Following is an automated transcript] [00:00:15] Email spoofing is being a problem for a long time, really? Since the 1970s. I remember when I got my first spoofed email back in the eighties and there was really a little bit of confusion. [00:00:30] I went into it more detail, of course, being a very technical kind of guy, and looked behind the curtains, figured out what was going on. Just shook my head. I marveled at some people. Why would you do this sort of thing? The whole idea behind email spoofing is for you to receive an email, looks like it's from someone that it's not now, you've all seen examples of this. [00:00:55] Everybody has. And those emails that are supposedly from the bank, or maybe from Amazon or some other type of business or family friend, this is part of what we call social engineering, where the bad guys are using a little bit about what they know about you, or maybe another person in order to. Frankly, fool you. [00:01:19] That's what spoofing really is. There were a lot of email accounts that were hacked over the last what, 30, 40 years. And you might remember these people sending out an email saying, oh, my account got hacked because you just got emails. Back in the day, what people were trying to do is break into people's email accounts and then the bad guys after having broken in now knew everybody that was in the contact list from the account that was just broken into. [00:01:54] Now they know, Hey, listen, this person sends an email. Maybe I can just pretend I'm them. Days it, the same thing still happens. But now typically what you're seeing is a more directed attack. So a person might even look in that email account that they've broken into and poke around a little bit and find out, oh, okay. [00:02:16] So this person's account is a purchasing manager at a big company. So then they take the next step or maybe this tab after that and try and figure out. Okay, so now what do I do? Oh, okay. So really what I can do now is send fake purchase orders or send fake requests for money. I've seen in the past with clients that we've picked up because the email was acting strangely where a bad guy went ahead, found. [00:02:49] Invoices that have been sent out by the purchasing person and the send the invoices out and changed the pay to information on the invoice. So they took the PDFs that they found on the file server of the invoices went in and changed them, change the account that they wanted, the funds ACH into. And once they had that happen, they just sent the invoice out again saying overdue. [00:03:18] Off goes in the email and the company receives it and says, oh okay, I need to pay this invoice. Now. Sometimes it marked them overdue. Sometimes they didn't mark them overdue. I've seen both cases and now the money gets sent off and that invoice gets paid and then gets paid to the wrong person. [00:03:38] Or maybe they go ahead and they don't send the invoice out, but they just send a little notification saying, Hey, our account has changed. Make sure you. Direct all future payments to this account. Instead. Now you might be thinking wait a second here. Now they send this email out. It's going to go into a bank account. [00:03:57] I can recover the money while no, you can't. Because what they're doing is they are using mules. Now you've heard of meals before. He might've even seen that recent Clint Eastwood movie. I think it was called. But typically when we think of mules, as people we're thinking about people who are running drugs well, in this case, the bad guys use mules in order to move money around. [00:04:24] And now sometimes the people know what they're doing. The FBI has had some really great arrests of some people who were doing this, particularly out in California, some of them cleaned. Yeah. I didn't know what was happening. It was just somebody, asked me to send money. It's like the Nigerian scam where the Nigeria in the Nigerian scam, they say, Hey I'm, I'm Nigerian prince, you've heard of these things before. And I need to get my money out of the country. I need to place to put them. And so if you have a us account, I'm going to transfer money into it. You can keep a thousand dollars of that 5,000 and I'm going to wire in just as a fee. Thanks for doing this. I, this is so important and it's such a hurry and I'm going to send you the. [00:05:11] What they'll often do is send you a money order. It couldn't be a bank check, could be a lot of things, and then you go ahead and you cash it and oh, okay. Or cash just fine. And then you wire the $4,000 off to the bad guy. The bad guy gets the money and is off. Running in the meantime, your bank is trying to clear that bank check or that money order. [00:05:38] And they find out that there is no money there because frankly what might've happened? I, this is one I've seen, I'm telling you about a story w we helped to solve this problem, but I had taken out a real money order from a bank, and then they made copies of it. Basically, they just forged it. And so they forged a hundred copies of it. [00:06:01] So people thought they were getting a legitimate money order. And in some cases, the banks where the money order was, you mean deposited, did conf confirm it? They called up the source bank. Oh yeah. Yeah. That's a legit money order and then they all hit within a week or two. And now the, you are left holding the bag. [00:06:22] So that's one thing that happens. But typically with these mules, the money comes to them in that account. They are supposed to then take that money and put it in their PayPal account and send it off to the next. And it might try jump to through two or three different people, and then it ends up overseas and the bad guys have gotten so good at this and have the cooperation of some small countries, sometimes bigger countries that they actually own. [00:06:54] The bank overseas of the money ultimately gets transferred into. And of course there's no way to get the money back. It's a real. So with spoofing, they're trying to trick you into believing the emails from someone that you know, or someone that you can trust. Or as I said, maybe a business partner of some sort in most cases, it's some sort of a colleague, a vendor or a trusted brand. [00:07:22] And so they exploit the trust that you have, and they ask you to do something or divulge information. They'll try and get you to do something. So there's more complexity tax. Like the ones that I just explained here that are going after financial employees, there might be some, an accountant, a bookkeeper, or bill payer and receivables payables. [00:07:48] I've seen CFO attacks, but the really the spoofed email message looks legitimate on the surface. They'll use the legitimate logo of the company that they're trying to pretend that they're from. For instance, PayPal. Phishing attack. They have a spoofed email sender and typical email clients like you might be using for instance, on Microsoft outlook. [00:08:13] The sender address is shown on the message, but most of the time nowadays the mail clients hide the actual email address, or if you just glance at it, it looks legit. You've seen those before these forged email headers. Yeah, it gets to be a problem. Now we use some software from Cisco that we buy. [00:08:38] You have to buy. I think it's a thousand licenses at a time, but there were some others out there, Cisco again, by far the best and this, the software. Receives the email. So before it even ends up in the exchange server or somewhere else online, that email then goes through that Cisco server. They are comparing it to billions of other emails that they've seen, including in real time emails that are. [00:09:06] Right now. And they'll look at the header of the email message. You can do that as well. With any email client, you can look at the header, Microsoft and outlook calls, it view source. But if you look at the email header, you'll see received. Headers that are in there. So say, receive colon from, and they'll give a name of a domain and then you'll see another received header and give another name of a machine. [00:09:33] And it'll include the IP address might be IVF IPV four of your six, and you can then follow it all the way through. So what'll happen is partway through. You'll see, it took a hop that is. Not legitimate. That's where it comes in. Nowadays, if you have an email address for your business, man, a domain, you need to be publishing what are called SPF records. [00:10:01] And those SPF records are looked at there compared to make sure that the email is properly signed and is from. The correct sender. There's a SPF records. There's a mother's too, that you should have in place, but you'll see that in the headers, if you're looking in the header. So it gets pretty complicated. [00:10:24] The SPF, which is the sender policy framework is a security protocol standard. It's been around now for almost a decade. It's working in conjunction with what are called domain based message, authentication, reporting, and conformance. Heather's D mark headers to stop malware and phishing attacks. And they are very good if you use them properly, but unfortunately when I look, I would say it's still 95% of emails that are being sent by businesses are not using this email spoofing and protection. [00:11:00] So have a look at that and I can send you a couple articles on it. If you're in trusted Craig Peterson.com. [00:11:07] So we've established that email spoofing happens. What are the stats to this? And how can you further protect yourself from email spoofing? Particularly if you're not the technical type controlling DNS records, that's what's up right now. [00:11:24] There's so much going on in the cybersecurity world. It affects all of us. Now, I think back to the good old days 40 years ago where we weren't worried about a lot of this stuff, spoofing, et cetera. [00:11:38] But what we're talk
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2022