It does not happen often but when it does, it is time to pay attention. The NSA has issued an advisory about a particular vulnerability that is present in some of the top VPNs out there. If the NSA is warning you it is probably because there are nation-states using the vulnerability. Listen in and I will break it down more
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Hey everybody, welcome back, Craig Peterson here on WGAN. And of course online as well, you’ll find me there at Craig Peterson dot com and, you know, streaming pretty much everywhere and, and having a good old time helping people out. I just totally appreciate all of the notes from people special shout out to Brad, in fact, this week because of a couple of things he said, and I just totally, totally love it. When the listeners go ahead and let me know what they like about the show and some of the pros and cons to things so good all the way around. And you can reach me, by the way, anytime by just going ahead and emailing me me at Craig Peterson dot com or, of course, you can text me anytime. Just at 855-385-5553. All right, everybody. We’ll give that number out a little bit again, later on. We have as usual, just a whole ton of stuff going on. And in this last hour, we’re going to be talking about an NSA advisory on some VPN problems if you have been hearing about VPN, I’m going to talk about VPN a little bit here later on. And this is probably the number one question I have from people is all about VPN, what, you know, what should they use? When should they use it? Because we’re hearing these ads for these, you know, $3 a month Norton VPN and other so why are they so cheap? And what are they doing? So we’ll talk about that. And this NSA warning. And this NSA warning applies primarily to VPN, that are being used by businesses, so businesses that buy VPN, VPN software and hardware, we’re going to talk about money, Microsoft, they are warning right now that there are 4700 machines compromised every day right now. So are you one of the 5000. So we’ll talk about that and what you can do about it. And a couple of fun articles, as well, we’ll get to about some autonomous vehicles. Both of these are about autonomous vehicles, different ones, ones from a company called Smart can and one from a company called Tesla. So anyways, everybody, thanks for being with us today. And for following along. I’m fairly new on WGAN. And so just by way of introduction, I have been doing security cyber security for businesses now for going on. Well, actually, yeah. 30 years. Now, that sounds like a long time, doesn’t it? But any. I’ve been doing this for a very long time. And I follow it closely, because I’m what happened to me, because I was effectively hacked back in the early 90s. And I had a business that I had been building for more than a decade and, and thank goodness, I didn’t lose much. But I certainly lost a lot of goodwill for my client. So it really got me to wake up find out more. I finally found out why antivirus software was even useless. Back then 2530 years ago, and also how, frankly, the bad guys use zero day vulnerabilities and everything else. So that’s what I’ve been helping businesses with forever, because I’ve been on the internet since about 80. Man, what was it 83? I guess it was somewhere around there. Yeah, probably about 83. I’d have to look at my my chart, my dossier of the stuff I’ve done over the decades, but I’ve been on the internet for a very long time. And it started out as this wonderful Kumbaya place. Everybody on it was an engineer, you either were in a university, or maybe you were working for a federal government or government contractor. And it was really, it was a fun time back then. We kind of all knew everybody because there are so few people on the internet back then. And of course, the internet itself goes back a good decade before that. And then it didn’t become public until October of 91, September, October, when you could finally legally conduct business on the internet, you couldn’t do it legally before then. And then it’s grown to the point we have it today many years later. So we’ve got a big anniversary coming up in 2021 will have to make sure we do little celebration there. So I’ve been involved for a long time I got hit I learned on I’m kind of one of those pioneers that got all the arrows in my back. And now I’m trying to get that information out to everybody. And as you know, brands comment this week, in fact, and you so you may not know. But I really try and help and I give away a ton of stuff for free, of course have to keep my lights on. So I do have paid clients as well. But I give away a lot more than anyone else in the industry. That’s what I’m told all of the time. And you should have this week gotten copies of you signed up for my security summer, I reset all 28 of my so called cheat sheets that amount to over 100 pages of content on what to do in various aspects of cyber security. So that’s business that’s home, I have a whole retiree thing that you should have gotten yesterday, if you are on my list. So I’m I’m just you know we’re producing content. And typically when I share with you guys for free is the stuff that’s a beta stuff kind of my first time around it ZU very useful, as Brad and many others have said, but it also is kind of leading in so I’ll take that and turn it into some paid projects as time goes on products I should check. Alright, so where to start here. Let’s start with the VPN thing. And then we’ll get into the Microsoft thing. And then we’ll have the fun stuff here at the end. But the NSA, this is no such agency, you, man that used to be what they were called the federal government denied his existence. And, of course, we had not very long ago now, maybe a decade. I don’t know, man, time flies. But we had Edward Snowden coming out who was an NSA contractor, who were saying, whoa, wait a minute now the NSA is doing all kinds of things that Americans aren’t going to like and that are potentially beyond their charter ended turned out that yes, indeed, they were beyond their charter. A lot of people got very upset. And the Department of Justice ended up saying, Hey, Mr. Snowden, we’ve got to watch out for your arrest. So he’s been hiding out in various embassies, you know, the Ecuadorian embassy for a long time over in Russia and stuff, so that the NSA doesn’t find him so that they they don’t abduct him and bring him back to the United States due to face trial? I don’t remember if they tried him and obscenity or not.
You know, they might have I’m really not sure. But whole chain. So the NSA once again, and this is as of about a month ago, President Trump has changed their charter a little bit, which I actually like, instead of just trying to break into people’s computers, monitor American citizens phone calls, who are they calling? What are they calling? Where are they calling from, etc, etc. The NSA charter has been altered a little bit to say, hey, NSA, when you find vulnerabilities instead of just trying to use them, in order to hack into foreign governments, computers or Americans computers, we want you to share that information with the public, a very, very big deal. And so the NSA actually has been doing that. And they are warning right now in this is from an article on dark reading that you’ll find that Craig Peter song calm. There on my homepage, just scroll down a bit. And you’ll find that on in it’s called NSA issues advisor on VPN, vulnerability tree, tree Oh, here, there you go. That there are three major VPN providers out there that are in big, big trouble. Now these are called enterprise vulnerabilities. Certainly, as I’ve filed them with their vulnerability databases, solar winds, main major problem with their Daimler Mini, remote client, SAP Financial Consolidation, very big problems. See here, some other ones here. But they boil down to a number of specific pieces of hardware, that from some specific other vendors names you might recognize. And those names are Palo Alto, which I know a number of businesses that are running the Palo Alto stuff I have learned about that Palo Alto was definitely cheaper than Cisco. But they’ve had more security problems or younger company, they’re criminals nowhere near as fast. And they don’t have the Telos team behind them. So I’m not a fan of Palo Alto. So But anyways, big time Palo Alto global connect or excuse me, palo a global protect VPN, remote execution bug here that’s in the wild. For dinette. Another company that I very familiar with, and we can sell with Mike from my company, but we don’t, for the net for the gate VPN client has another one here, active exploitation. And there’s a couple of others. But here’s the bottom line, okay, this, this applies to everybody. If you have a VPN client, or a VPN server, if you’re a business, that’s usually what you do, make sure you update your software now know that it’s very, very difficult to do, especially if you’re talking about a piece of hardware, where you have to update the firmware that’s in that device. But believe me, you want to do that. So if you have any sort of hardware right now, please take take the time this could take you hours, okay? Because if it can be very, very difficult, and I wish I could produce an information product about this stuff. But the problem is there’s so many pieces of hardware, so many manufacturers, each manufacturer has multiple pieces of hardware, each piece of hardware may have multiple ways of updating it. But you’ve got to update it, you got to download the firmware for your Wi Fi devices. You got to download your firmware for your firewalls. And as it turns out, right now, even some of these enterprise VPN controllers need to make sure we need to make sure that you update the firmware in those things too, because there are some serious problems with it. All right, we’re going to talk more about VPN when we get back so stick around. You’re listening to Craig Peter sauna WGAN online. Craig Peter song.com Peterson with an old By the way, stick around We’ll be right back.
Transcribed by https://otter.ai
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: