Android vs iPhone For Gifts – How Much Security Do You Need – Breach vs Theft – Who Has Liability: AS HEARD ON WGAN: [10-17-18]
Craig is on with Ken and Matt on WGAN discussing how should the government be coming down on things like data loss versus vulnerabilities if you have software that could be breached.
Airing date: 10/17/2018
Android vs iPhone For Gifts – How Much Security Do You Need – Breach vs Theft – Who Has Liability
Craig Peterson: 0:00 Good morning Craig Peterson here this morning with Ken and Matt we talked about well two different things first of all and these are different things too because you know oftentimes between all of those radio shows online there’s some overlap but no overlap this morning so with Ken and Matt I got into some of the security stuff that we should be concerned about. Ken’s gonna be getting a new Apple Watch for Christmas, he said a little earlier on his show. So if you’re giving a gift this year, should you be giving Apple Android what’s out there? What are the considerations? And then from a legal perspective, this is a different topic, but how should the government be coming down on things like data loss versus vulnerabilities if you have software that could be breached?
Do you have an obligation to tell people that their data might have been breached? Even though there’s no evidence that data was actually stolen? It’s an interesting question. And it’s a kind of a question for the ages. So we get into that as well. This morning. Matt brought that up. So here we go. We Craig Peterson on with Ken and Matt 738 is the time and man is Craig Peterson. He’s our tech guru. He joins us every Wednesday at this time to tell us about what is going on in the world of technology around the world. Greg, How are you this morning?
I am doing well. Yeah, what is going on crazy, crazy, crazy
horse faces out there. Just saying.
Mr. Peterson. Is it equitable that we can be is everybody going to eventually someday be at no matter what we do? Well, I I kind of say.
So and it’s interesting know you’re talking about getting the new Apple Watch for for Christmas and and a lot of people of course over the holidays for various celebrations are going to be getting all kinds of new gizmos and gadgets and I cannot emphasize enough and I know Matt you’re going to disagree with me on hits at least to some degree but I cannot emphasize enough the importance of trying to keep your information secure all of the data secure and when it comes to devices and security there is no question Apple is it it’s where it’s at and Google Android it’s all well and good but it is not secure not anywhere near as close to Apple’s iOS well if that’s the case should not beating myself a blackberry I mean
you could go to a feature phone they I think they help
Right. If you really want security, you don’t put your data anywhere, right. But you don’t put your cursor and it’ll, it’ll be secure and become the unabomber in the woods somewhere. Just kind of unplug from society. That’s my that’s my option. That’s your
way. Yeah, that’s what he did. It was.
It was. Yeah, I was. I was somewhere. Yeah, it was a shack in the woods,
wind and rain. And but that’s no way to live. Is it right? It’s just, you know, you can’t survive today without technology. Which leads us to what Ken was just kind of inferring here, which is that you have to set up everything all of your financial accounts, all of your equipment as though you’re going to be hacked because you may have already had your information stolen and then taking a look at what happened here with the experience that was
Very long ago, Facebook, hundreds of thousands of people apparently lost all of their personal information from this Facebook breach from what we’re learning here just this week. So it’s really good practice, especially if you’re a small business person. But you know, heck, if you’re a retiree, you’ve got money and accounts, you’ve got money, hopefully, and investment accounts of 401k or savings account. So types of accounts, that information is being stolen all the time. We went into a restaurant chain just last week, they asked us to come in and have a look. And they’re using Android tablets for all of their orders, right, and to process credit cards, and they’ve got a whole system set up and it’s quote, cloud-based, unquote, point of sale system for restaurants. And so we go in we have a quick look at it. The Android tablets are
are completely wide open. They’re in developer mode. They, they have all kinds of different software on there, including the ability to go out on the internet and visit the Facebook page, which apparently when we did a little investigation, some of the servers and even some of the management we’re killing and there are cases, known cases by the hundreds or someone who is malicious, puts a little scraper on that machine. And now every credit card fits one. Yeah, it’s going up to the cloud. Yeah, it’s being processed. Yeah, it’s it’s secure when it gets to the cloud. But every credit card swipe done, that Android point of sale system was being captured by a little app that was installed on an Android device and all that interaction was stolen. We had locally here where I live in my town a restaurant that was shut down because the police
arrested the manager that a small restaurant right here my hometown, the rest of the manager because that’s exactly what they were doing. They were grabbing all of the credit cards they were reusing them, people were seeing charges and to wanna and other places. So we’ve, we’ve got to consider that we are under attack. The FBI just last week came up or two weeks ago, I think it was come out with a new announcement saying managed services providers are now becoming the number one target for thieves. So your IT company is the target are they secure this this whole thing, just some simple common sense stuff is going to save you a lot of time. Never ever use Android. Don’t use Windows if you can avoid it, which means unfortunately, use Apple I don’t own any apples to help Okay, I was on animals born
For three years on their advisory board for three years, maximum term, okay, I’ll tell you that but I did it because I wanted to help them improve their products, but
consider that as a business person as a retiree as just a regular homebody. You’ve got to look at everything from a security standpoint. Because even though Experian can survive a hack, 60% of businesses are going to go out of business. If they’re hacked, and you and I have that money stolen, the odds are will never ever get it back. So obviously, I’ve got my soapbox under me, or is it a stump today, but this is a huge deal. I can I see it all the time, people’s lives destroyed.
Speaking of hacks, of course, we’re talking to Craig Peterson, our tech guru Craig when something happens in a company which is what we’ve seen happen over and over again, whether it’s like you know, one of the credit agencies being hacked or you see the day
app get hacked or somebody has a bug somewhere or something happens with a company or tech organization of some kind. What exactly are the rules for telling people about that? I mean, can can realistically, you know, if Facebook got hacked, like it just did, and like if 50 million users had their their, their accounts compromised in some fashion can ever keep that under wraps. Should they ever keep it under wraps? Or what duty do they have to tell us about this kind of thing? Yeah, that’s a really good question. Because it’s, it’s our information, right? It’s our lives and you know, what, what do they happen tell us when do they have to tell it to us is really kind of the question and it varies from state to state. And there are some federal laws about it, but there is a big difference between having for instance of vulnerability in your software and having had your systems breached right, so you
Usually the line is, hey, if you know you were breached, you have a duty to report it. And in some cases, you have to report it within 72 hours. Well, Matt, how many businesses know they’ve been breached? The average time to figure out you’ve been breached to six months right now. Okay. It’s absolutely huge, huge, huge. We had Google Plus Google. Just shut down. Google Plus, you guys. Did either of you ever use Google? I was actually an early adopter plus. No idea what it didn’t believe it or not. Yeah, yeah. Well, the thinking back then was, hey, listen, Google’s going to do social network it’s going to be fake, fake. Fake. Right? And so you tried to do it yeah, I gotta do it. But I started using it early and then I you know, as as the participation in it kind of declines, so did mine But yeah, it’s still existed for years afterwards, even though nobody used it. Yeah, it did it and I also was one of the earlier chapters I thought while but just
going to take off is just because it was Google, right? And there was no real engagement there. And my friends weren’t really there. So I kind of dropped it. But to your point, man, Google Plus is now get shut down. Because they had a problem with what’s called an API, which is what programmers use. This is an application program interface to time to Google Plus. So you could use a developer to develop some software for your Android phone, and you go into that app on your phone, Mac, and you, you now are posting stuff into Google Plus account. Well, that was found out that API was found out to be extremely vulnerable. Now, there were only about 400 people who actually taught a license from Google and might have used the API very few people actually used it. So in that case, we’re talking about a half a million users
By the way, Matt back how many people have registered apparently with Google Plus 500,000 people? So you’re right. There was like, no engagement, but 500,000 people’s data that could have been compromised because of that API. But should that be reported? Should you be told, hey, listen, your data might have been stolen by someone. But we’re not sure. So fence the line. That’s that’s the difficult part. But with technology, the law the rules or regulations always like behind technology and where it’s at, and we’ve got to decide when this is a really big question. When should businesses be reporting Do you report a vulnerability you report an an absolute breach? Do you have a responsibility to be able to tell which consumers what data was stolen? It’s it’s going to be well before we figure this all out.
Google’s case they didn’t bother to tell a soul. It was about six months ago when they figured this out. And they, you know, they closed up the whole of six months ago. And now they’re shutting the whole thing down. Should they have told us should they have told regulators and Google’s attorneys are saying, No, no, no, we didn’t need to tell anyone, because we’re not certain that there was a breach. We don’t know that someone use this extremely vulnerable API to still everybody’s information. I don’t know, right. I really don’t know if the laws that wrap around unauthorized access to user information to personally identifiable information access versus they’ve actually got it some of them are unclear and the lawyers are certainly coming down on the side of Hey, we don’t have to tell nobody unless we know personal data was actually lost.
Our tech guru Craig Peterson joins us every week on Wednesday at 730 and you can go to his website but peterson.com get all the information you don’t have to wait till Wednesday just go anytime you want thanks for joining us Craig will talk to you next week
all right Take care guys next
I wish I had noticed can make in that squeak sound I would have made a little bit of fun at him and he now take care we’ll be back this weekend with my normal radio show as heard on the air am and FM stations carried by I heart Take care. Bye bye.