We are going to hit a number of topics today from the world of Technology. Primaries and Caucuses are underway and with that always comes the topic of technology and security and it is no different this year. Apps are being developed and brought to market without being fully tested. Extensions are being created that have ulterior purposes and are being downloaded by thousands and even more, on Tech Talk With Craig Peterson today on WGAN. It is a busy show — so stay tuned.
For more tech tips, news, and updates visit – CraigPeterson.com
Four States Use A Flaw Filled Mobile Voting App
Iranian Hackers Exploit VPNs Worldwide
IT Disaster Recovery/Business Continuity Exacerbated by Coronavirus
Be Careful of Extensions on Chrome – Many found to Upload Your Private Data.
Sharp Increase in Exposed Records by Third-Party Applications
Automotive Apps originally designed for Personal Owners cause headaches for rental agencies.
1.77 Billion – That is how much Businesses lost last year to Business Email Compromises
Encrypted Communications for the Masses
Automated Machine Generated Transcript:
Hey, welcome, everybody. Craig Peterson here on WGAN. And we’re live on Facebook. And we, of course, can be found over my website as well Craig Peterson, calm. We got a lot of topics for today’s show. But we’re going to start with the one that is really on everybody’s minds right now is we see more of these primary elections beginning to come up, and we see problems. Well, I don’t know, or are they problems or features? I guess they are problems with some of the election technology that has been used over in Iowa. New Hampshire’s technology was rather straightforward as the Secretary of State in New Hampshire says, and it’s hard to hack a pencil, although they’re not using pencils. In New Hampshire. They are using felt pens, which are hard to hack as well. And these cards can like the cardboard that you would have in the back of a shirt when you purchase it.
It’s that type of cardboard that is not shiny or glossy, and then it goes through an optical reader that scans the ballot and places it in the bottom of that machine. An election official stands there to make sure that the balance legitimate. That you are not trying to stuff the ballot box, and that machine counts your vote. Now the unfortunate thing is those machines are kind of old in most states, some of them, I think maybe all of them are still running Windows XP, but there’s no easy way to get it the operating system. It’s never connected to a network. Even though some of these machines that have been examined and have patch levels zero or in other words, no patches of Windows XP, which is quite surprising when you get down to it. That is a big problem in many many cases. In New Hampshire, the primary went pretty well. Of course this weekend, the next one coming up, which is in Nevada. The Nevada caucuses. I don’t know what to believe anymore because
I’ve heard both sides of this. One that voting in Nevada is using the same technology that was used over in Iowa, which to me would be just a shocker and a whole big dismayed because it was just so terrible. As I’ve said on the radio before, in fact, this week when I was on with Ken and Matt, I think it was, might have been with Jim, I’m trying to remember who it was, which show. I pointed out how in when we’re looking at some of this technology, we all well, not all of us, but some of us love the latest greatest technology. I’m one of those guys that like to stick with something that I know works and explore current technologies and newer things. But so many times we get just bamboozled as taxpayers because the people that are in control of the purse strings, they like the latest coolest stuff. They buy equipment from people they know hence the app and iOS.
Former Hillary Clinton staffers ran the company chosen for use in Iowa, and I don’t know how much vetting they did. We do know that the code wasn’t checked. Homeland Security had offered. We also had offers coming in from Federal Investigation Bureaus and from several security companies saying, Hey, listen, we’d be glad to have a look at this. It was all closed source. It wasn’t open-source where you can have a look at that software and say, yes, indeed, everything’s legit. That is excellent software. People can find bugs in it. If they find a bug, they can report it, and it can get fixed, right? There are so many different things that they could have done when we’re talking about trying to make this secure. I see Mary just joined us here on the Facebook Live and which is cool. She and I have worked several elections in the pas,t and we’ve been monitoring them. I have a son that’s been one of these election officials. You know, part-time people that get pulled in to watch the voter checklist and things in New Hampshire, you have to have an ID to vote, which is weird, you know. I liked the way we did it here, Maine’s doing the same thing. Most New England states are in fact as northern New England are doing the same thing where we have a felt pen, we have a piece of paper, we mark it down on that piece of paper, and we can then count it later on. If there’s a problem, right? You can just go to that paper that sits in the closet, pull out the stack, bring it with you. And once you’ve done that, you can have a bunch of people sit around and think about Florida 20 years ago and what happened there with the hanging chads. They at least had a physical card they could look at although you know pregnant chats, hanging chads got to be quite the mess. So now we’re getting concerned because of this new voting app that’s out there. It’s called Votz.
V-O-T-Z is how they spell it. It’s not the same one that was used the caucuses in Iowa. The app that the Democratic Party was using was trying to take the tabulations that were made by the people who were at all of these different precincts and figure out what the vote tallies were and then supposedly put it into the app and it gets sent up. This vote app that we’re talking about right now goes a few steps beyond that. They want military personnel, and people are overseas to use it when they can’t necessarily vote when they want to vote. It’s, you know, panacea, maybe it’s something we can get to in someday, but four states are going to use it this year. It has not undergone the trials that really should have gone down. And it’s using a buzzword that I think got people’s attention.
And they’re saying, Oh yeah, this is going to be safe because it’s using this buzzword called blockchain technology. Blockchain technology is what used behind various cryptocurrencies, like Bitcoin and some of the others, to help secure the transaction. So the whole log is it signed each record inside the register is signed. Just because it has blockchain doesn’t mean it’s secure and doesn’t make it properly designed. I’ve got a quote here in this article from MIT, is computer science artificial intelligence lab saying the whole thing is sloppy. It looks sloppy. It’s in Georgetown Law. It’s awe-inspiring. They were able to find such a pervasive set of vulnerabilities, said Matt Blaze and election security expert and computer science professor at Georgetown Law School. But we should also remember it’s ultimately unsurprising that they would be able to do so because of every expert has warned against Internet voting as being vulnerable to flaws exactly like this goes on.
The University of Michigan here Alex Halderman, saying that it makes vote seemed like a sham. So it is a sham. I think I think it’s a real problem. But we’re going to do it anyways and four states, including West Virginia, this year is going to be a mass. We’ve already seen what happened in Iowa. We saw excellent voting happen in New Hampshire. We’re not sure what’s happening this weekend in Nevada, then Super Tuesday is right on the heels. Some of these states are using these voting apps. Some of them are using the apps used in caucuses. I think thank goodness there aren’t very many caucuses in the country. And we’ll see, but one thing is guaranteed, and that is it will be quite the debacle. It is going to end up being a problem for everybody involved because they didn’t vet this technology. Now, I reported on this a couple of weeks ago, this $10 million grant set aside by the Department of Defense grant, ultimately, and it was to design a voting machine that would be secure. A voting machine that we could trust. I think that’s just wonderful. It hasn’t really been tested yet. They brought it last year to one of these conferences like Black Hat and Defcon. They brought it out there. Every year there is a voting machine village where they have all kinds of voting machines there. They are asking people to go ahead and try and hack into the voting machines. We had a 15-year old that was able to hack a voting machine right there, and they compromised every voting machine except for the device under development on this $10 million contract. Now, that might seem impressive, and that might be kind of encouraging to some of us. I think it kind of is in some ways. However, the reason they did not hack it was it didn’t work.
They were not able to get it online and did not get it online until Sunday, which was the last day of the conference. And so no one got to test it out. But that was last year. Let’s get them a little real a little bit under their belt, a little water under that bridge sometime, and they will be able to do it. And you know, I think they’ll be able to do it ultimately, but I still will be the biggest proponent of a pencil and a piece of paper or a felt tip pen. The software, By the way, those votes VOATz software is being used in Denver, parts of Oregon, Utah and Washington State, we’ll see what happens. West Virginia, as I said, is going to use it. But for disabled voters, the federal government requires all states to have electronic voting machines that can be used by disabled voters. I know here where I live in New Hampshire, we have a thing I don’t know they might have passed. Now they’re kind of getting old. Twins, twin women, and one of them was pretty much deaf, and the other one was pretty much blind. So they were able to help each other out in a massive way, which is kind of cool and get right down to it. But what they did is they kind of both helped each other to vote, but we all have in every precinct people who are there who can help people with disabilities. I don’t like this requirement to have electronic voting machines. But the MIT researchers, these other researchers all agree with me. I’m very
concerned about the Android phone and Android as a platform for people to use. I don’t know if you are if you’re using Android, you know, I’m always saying use iPhones much, much more secure. But I also am not looking at an iOS as being the problem. Cure-all for some of the voting machines. Anyhow, we are live on Facebook, as I’m putting the show together and shout out to everybody who is on there and asking questions. I appreciate it. And I will go back in and answer questions for anybody a little bit later on who has them, and I want you to stick around. I will be back here after the commercial break. We’re going to be talking more about the latest in technology. We’re going to be getting into these Iranian hackers that have been hacking VPN. If you think your VPN is safe. We’ve got another thing coming. So we’re going to shut this one down. And we will be right back. Thanks for joining us, of course, Craig Peterson dot com.
Hello, everybody. Welcome back. Craig Peterson here on WGAN and affiliates. You’ll find me online at Craig peterson.com. And, of course, online at Facebook. I’m doing this Live on Facebook, and also out at YouTube. And we’re going to talk right now about VPN. So hopefully, you have some understanding of them. But some exciting statistics came up this week from our friends in government. The FBI has been warning us a lot lately about what’s been happening over in Iran what they’ve been doing, and we don’t have kinetic war. In other words, we’re not shooting at each other, which is a good thing, right? But Iranian hackers have been right at the forefront of trying to hack into our systems, and they’ve been relatively successful.
I have a few clients that are in the defense industry, because we do, of course, the higher security stuff, right. And they have been under constant attack from Iran for about six, eight weeks now ever since the last little tussle with Iran might have been longer than that. And we’re seeing sustained efforts to hack into them. Well, now we’re getting a report from our friends over at ZD net here about Iranian hackers targeting these VPN services. So I thought I’d start by kind of explaining to everybody a little bit more about VPN services, what they are, what they offer. And because I’m hearing ads about this all the time, and frankly, it’s driving me crazy, because the ads are telling me that Yeah, Craig you need a VPN because it’s the only way you’re going to be safe. It’s the only way you’re going to be secure in your day.
You’ve got companies out there that used to be known for anti-virus, which of course nowadays we know antivirus software is zero percent effective against the latest hacks that are out there. So antivirus software companies are trying to figure out what’s another way that we can make some money because people are starting to realize that this is a scam. And it’s been a scam for a lot of years. You know, antivirus worked pretty well 15 years ago. It doesn’t work at all today, as I just mentioned for the latest now malware nastiness that’s out there. So some of these companies one that comes to mind.
It was purchased not too long ago by another anti-malware company is running a lot of ads. They’re saying this we need our VPN you need our credit watch. They’ve tied in, with one of these companies that watch your credit looking for transactions, it might be a bad guy, and I’m a little concerned because here’s what usually is going on in the VPN industry. Running a good VPN is expensive. When you are using a VPN, all of your data, depending on what type of a VPN, how it’s employed is encrypted from point to point. We’re talking about the right ones and not those that you hear the ads for when you’re using those types of VPNs. Your data is transmitted up to the VPN service provider. Then once it gets there, it is sent out to the internet. So let’s say you’re trying to go to my site, Craig Peterson, dot com. If you’re using a VPN, your web browser is going to ask the VPN server Hey, can I get the Craig Peterson dot com? What’s the best way to do it? How can I get there, and the VPN server will say Hold on a second. I’ll get that page for you. Then the VPN server goes out to Craig Peterson dot com gets the page and sends it back to you.
Now, that would be a caching or proxy VPN server. And some of them will just pass packets through. But the big concern I have is twofold. One of them is this whole Iran thing, and we’ll get into that in just a minute. Because it isn’t only Iran. But the other one remembers if something is free, or if it’s inexpensive, who’s the product? You the product! And since you’re the product, what do you think they’re making money off of selling your personal information, that’s how they make their money. And that is a big problem as far as I’m concerned. So what some of these VPN services are doing is they are tracking you online. Some of them go the next step, and they’re actually acting as full proxies, and they are sometimes acting as a man in the middle attacks.
They’re injecting things into your data stream that you weren’t expecting. So where you think you’re getting the VPN to have some security, and to have some privacy. Some of these VPN services are the exact opposite. They are reducing your privacy because what they’re doing now is taking your data and selling it to the highest bidder that’s out there, right. So I think that’s a problem. And if you think it’s a problem, maybe you shouldn’t use some of these cheap VPN services. And I haven’t gotten any I actually like, okay, I’ve heard advertisements on these radio stations, my shows airing on and I’ve checked them out, and I’m not comfortable with any of them. And the only VPNs I use or VPNs that I run, but remember, your data still has to hit the internet at some point. Remember, you’re using one of these VPN services.
versus your data is going to the VPN service provider. And at that point, it hits the internet. So it’s now out on the internet. Well, if you’re trying to make sure your data doesn’t get on the internet, and people aren’t hacking you, you’ve lost because your information does have to get to the internet. How are Internet Service Providers supposed to get to your bank? How are they supposed to get to my website? How did they suppose to get to Facebook or Google or YouTube? They have to go over the whole internet as well. If you’re using one of these services, and they’re going out to the internet. What do you think is a bigger target you at home, using the internet via your cable company or your telco or maybe your smart device. Is that one device a big target, or do you think that perhaps its the VPN service providers that are the bigger target, right? I’m not sure I need an answer because it’s kind of a rhetorical question. The most significant marks out there when it comes to VPNs are these VPN service providers. And we’re seeing warnings out there right now that Iranian hackers have targeted pulse secure, which has VPN software that they sell to businesses, shown to be insecure. Pulse Secure for the net. Another example of one of these security companies, right that has a VPN service, Palo Alto Networks, a company I have never used and never recommended either. I haven’t recommended any of these companies to anybody ever. We’ve gone up against Palo Alto Networks in some proposals and contracts and, and they won them because of all the whiz-bang, not because they were the best of the safest, and so
So there you go, Paul secure Fortinet, Palo Alto, and Citrix VPN are now being used to provide a back door into larger companies. So if you’re a business person, I’m going to put these right now into this channel so that you can look it up for you or business and seeing and write this in as a comment over here in the Facebook Live that you can find online. Yes, go to Craig Peterson, calm slash Facebook. It’ll take you to my Facebook channel. But there’s the list of them. It is from an article that’s out there on ZDnet. I think they have been publishing some great information lately. I’ve been using them in a number of my alerts that I send out as part of my Saturday morning emails. But some of these attacks have happened according to this firm called clear sky that Iranian hackers have targeted companies.
From the IT telecommunications, oil, gas, aviation government and security sectors, why because that’s where all the real money is. The particular report is dispelling frankly, the notion that it’s their Russian and Chinese hackers or maybe North Korean because the Iranian hackers don’t know what they’re doing right. I’ve heard that before all Iran, don’t worry about it. They know what they’re doing. When in fact, yes, within hours of being disclosed, the Iranian hackers were right in there. It’s terrifying. So keep an eye out. I look. Again, online at Craig Peterson, calm you’ll find this article, and a whole lot more. Make sure you ask your IT department if you’re using any of these VPN services or software. And by the way, in most of these cases, you can get patches to fix it. When we come back. We’re going to be talking about Coronavirus and the new challenges right here on WGAN.
Hey, welcome back Craig Peterson here WGAN and online at Craig Peterson dot com, of course, on Facebook as well. I am live on Facebook, and you can ask questions there you can watch this whole show as it unfurls, and you will find me there. You can ask questions almost anytime. We try and keep you up to date on what is happening out there in the world of technology. Well, you might not have thought of coronavirus as anything more than just a piece of nastiness, right. The virus I know some people are saying well you know we haven’t had as many deaths from the Coronavirus, also known as covin-19. I was trying to remember the name little earlier. We haven’t had as many deaths from that as we have from our regular flu virus every year. Right now is the peak of flu season in the northeast and
Anyways, and in many parts of the country, and what is there to worry about, right? Is it going to hit us? It seems to be slowing down. We don’t have a whole lot of information from our socialist friends in China. Like most socialist governments, they play things very close to the chest. They don’t want people to know what’s happening, including their citizens. But we have some new fears now, and this is a great little article that I have found over on dark reading. It’s pointing out some of the security challenges that we’re facing, because of the whole Coronavirus thing. Everybody’s heard about it, everybody’s scared of it. And when you get right down to it, you’re watching me right now listening to me talking about the Coronavirus because it is an exciting thing to understand. The CDC has not only maps of where the Coronaviruses hitting right now, but the CDC also has information about general flu viruses this time of year. There are outbreaks of different diseases, what’s happening where CDC.gov now I’ve seen some fake stuff like CDC, dash gov.org, just all kinds of fake sites. With phishing, we’ve got to make sure that all of our employees, family, friends, know not to click on any of those links. Don’t click on them. However, people do and when you click on them, who knows what’s going to happen, you might be downloading malware, you might just be confirming this is a valid email address for more and future spamming, right there might be a lot of different things that it can do to you. Don’t do that. The next one I think that that’s very interesting is something most businesses have not addressed. What would happen if maybe covid-19, or something else, actually becomes a pandemic? What if it is not even a pandemic. What if you have an office with five or ten people in it and everybody comes down with the flu or cold? At the same time?
Have you prepared for a business continuity challenge? And it isn’t just what might happen if you’re sick. It might also be a little bit further than that. What might happen if the business burns down? Or there’s flooding, or no one can get into the office for a day or two because of some natural disaster? Maybe, it’s just a really nasty ice storm like we had here? What a decade ago, where there were portions of New England that had no power for six weeks, in the middle of winter. That’s a very, very big deal. What would your business do? Most people will haven’t had a good hard look at business continuity, just in general, although we really should.
And when we’ve got the cyber attackers coming after us, it also brings to mind what would happen if they got through, and let’s say it was a version of ransomware that encrypted all of your data or deleted all of your data and demanded a ransom. Are you going to be able to handle that? Right? It’s a big question.
Will you be able to continue with your IT people, whether they’re outsourced or in-house? How about your security operations people?
It could be a huge problem.
Let’s move it up-scale because I know we’ve got a lot of people listening, who have more substantial companies. Maybe a 200 person company, perhaps something more prominent and it would be interesting to know you can just drop it in the channel like to know a little bit. But if you’ve got to hundred people working in one building and it’s a contagious virus that’s getting spread, the odds are pretty darn good, that 10 to 15% of your workforce is going to get nailed with that bug. Okay. Here’s an example from the article.
If it’s by the way, if it’s something that might be pandemic, there’s an excellent chance the government’s going to quarantine everybody anyways, whether the people get sick or not. Okay, and what’s that going to do to your business? It is a consultant over Accenture working in Mexico City during the h1 in one virus spread ten years ago.
They were saying that the current quarantine protocols are 14 days. So think about that. What happens if your business if your employees are out for 14 days if you’ve got a large outsource facility. Your security management, any facility, with a large number of people and you probably don’t want to bring 100 people together and put them in a small room unless you-yourself have evidence that none of them have been affected. The second part of the challenges they may not be able to get there even want to get there. Now, this is the business continuity side. Can your business continue if there is a spread of these types of diseases, this could be huge? Some Indian companies have reported, according to dark reading, they’ve reported disruptions because of stoppages and shipments from China. They’ve got 45,000 Plus Now I don’t know what the number is confirmed infections over 1000 deaths. So if you part of your supply chain now is affected, in this case with the Covid-19. Of course, most businesses are worried about the supply chain from China. There’s supply chain manufacturing the low-cost components from China to Indonesia and all kinds of places in Southeast Asia what happens if that goes away too? If you have parts being made anywhere in the world, keep in mind that businesses are starting to move if they haven’t already. Then with all of the phishing that’s going on, It can get to be a very big problem. Proof point and Cisco Talos have reported messages purporting to provide tips for virus protection. They appeared to be sent not only by official government organizations but by the own businesses itself, upper management. So there’s an example of spearfishing going after a specific company, and the messages get used to stealing credentials drop malware like mo tap, and in lures specifically targeting manufacturing and shipping industries. The nano core remote access software, these are back doors, like the kind I’ve talked about on the show that we have found in business and that is before backdoors get put in there by China or that Iran now has become a big player in all of this. So very, very big problems. Hey, if you have joined me on Facebook for the Facebook Live Welcome, welcome. I appreciate the comments, like seeing the thumbs up, so please do give that to me. Otherwise, you can find me online at Craig Peterson dot com. I post all of everything we talked about every week, right there Craig Peterson dot com and I started sharing videos and, and other things as well on YouTube and a little bit more on Facebook. When we come back after the break, we’ve got more to discuss. Next up. We’re going to talk about these 500 Chrome extensions that have been secretly uploading people’s information. How’s that for a scary thing? So stick around because we’ll be right back. If you are on Facebook Live. We’re going to end this Facebook Live and start another one with our new topic in about five minutes on the radio. We’ll be back even quicker than that. So stick around.
Hold on one sec. Here we go, everybody. Welcome. Welcome Craig Peterson here on WGAN and elsewhere. Of course, also on Facebook, Facebook live is where you’ll find me there. Just go to Craig Peterson dot com slash Facebook. You can sign up for my weekly newsletter, where I make sure you have all of the latest news, everything that you need to know. And right now we’re going to talk about everybody’s favorite browser while except for mine. One of the companies that we use goes by the name of Duo and what they have recently found out about our friends over at Google and Chrome. If you are a big follower of mine, and you’ve attended some of my pop-up training, I do quite a few of them.
Those are always free and, and I have some tutorials as well. I talk a lot about extensions because there are quite several extensions that can be fantastic. And I use them all of the time. If I were to bring up my browser here, you would see a whole bunch of extensions that I use continually. I use them to block certain advertising types, and I use them to prevent various kinds of malware. I have some extensions that use artificial intelligence to figure out what is this page trying to do? Because we’ve got things like pop-unders, where it opened something up, and it has little timer was saved for an hour, and then it pops up to this big scary message that you need to update windows or update something now
Because it’s out of date, and there are hackers out there that are trying to get you. And that’s called, by the way, scareware.
These extensions going to track you when you’re online and shopping and tell you where the best deal is? Well, yeah, it’s following you, right? It knows that you’re on a shopping site because you give that extension access to all of your browsing history. Then it knows what you’re looking at up the site and knows what you are searching. Because so many of these extensions come with their little search bar up top right. Yahoo was one of the big guys out there in this browser bar extension business. And every last one of them at the very least, despite you. Now, that’s bad, right that it’s bad enough. But now we’re looking at this same mo wait a minute here. We have now uncovered 500 Chrome extensions that have been secretly uploading the private data from millions of users.
Huge deal. An article in Ars Technica, if you are over on the Facebook Live, you’ll see the article, right there has a direct link to it. But this is very bad. It was just discovered on Thursday here. It’s been just about just over a week. And we found out from these guys, that what had happened is that these website extensions had more than 1.7 million installations. It was an independent researcher who worked with Cisco’s own Duo Security. And they found all of these things. They then reported it privately to Google and the researchers and found 71. Google looked at what the researchers had seen, and how those extensions were coded up and how they we’re behaving. Then Google found an additional 430 extensions. And Google has removed all known extensions that were doing this. So that’s the right side of it. But that’s the known extensions. Those are the extensions that we’re doing something that looks suspicious that Google and the security researchers could identify. In this case, reported here, the Chrome extension creators and specifically made extensions that obfuscated the underlying advertising functionality from users. Now it did say advertising in this quote because here’s another thing that they do. If you visit a website, and you have an extension installed, that has access to the websites that you’re visiting, here’s what they’ve been doing. They look for ads from their customers, so you’ve got a bad guy, Inc. Okay. And then what better guy he does is he goes out and says, Hey, listen, I can get you 1000 collects of thousand new views of your page, just pay me up. Then what they’ll do is they will play some ads for you. These are pay-per-click ads.
Every time someone clicks on an ad, they have to pay, right, and some of these ads are cheap at five cents. You don’t see that too much anymore. Some of them are $500 for a single click. That money then goes to Google, who then shares it with whoever had the website where the click originated. Okay, so it’s a pretty lucrative business if you as a bad guy that could guarantee clicks on these expensive websites That is what they’re doing with some of these extensions.
They are watching the pages you’re visiting to look for an ad from one of these sites that they get some money fro, but now they can have your browser click on the ad unbeknownst to you. Your browser now clicks on that ad. They make some money because they have the fake ads that are up so all kinds of nastiness. The other side of this is let’s say the bad guys want their competitors to stop advertising online. Let’s say they make cups, and I make this glass. Other companies out there that make a blue glass kind of like this. They find out what are the ads this other blue glass company is running. They have their little extensions out there. They hire these people that only extension to then clicks on the competitor’s ads automatically for them. The competitor might have a five hundred dollar a day limit with Facebook ads, and all of a sudden now that five hundred whatever it is they’re spending where they’ve put a cap on it, right? So whatever it is they’re spending is being 100% wasted, because you don’t even see the ad. There are so many ways that the bad guys are using these extensions. It is a maze of redirects, malware, and more. Some of these plugins will do Bitcoin mining or other types of blockchain cryptocurrency mining out there.
Man, there’s just all kinds of them hardcoded control servers, which by the way, I’ve got another tutorial coming out telling you how to stop your computer from going on to some of these command and control servers. And that’s going to be phenomenal for you. So keep an eye out for that coming up in a couple of weeks.
Many the redirections because they’re using redirections, as well as part of this, go to ads for products or Macy’s, Dell, Best Buy
large volume of ad content, as many as 30 redirects, the deliberate concealment of most ads from end-users and the use of the ad redirect streams to send infected browsers to malware and phishing sites. It goes on the bottom line, beware of extensions, but I also want you to be aware of apps, right? What are the apps that you are using? What are those apps providing you with? Now I’m talking about apps that are on your smartphone or on your tablet, maybe some programs that are on your computers. Okay, they’re out there? What are those apps
Are those apps something that you need? Many of them spy on you, which is another dangerous thing. They’re stealing your data. They’re taking the information they’re sending to the bad guys. Right? It just goes on and on. So make sure you don’t do that it is dangerous stuff. All right, I am doing this radio show on Facebook Live. If you want to follow me on Facebook, it’s easy enough to do Craig Peterson comm slash Facebook. And if you are not a Facebook fan, and there are a lot of reasons not to be a Facebook fan, then you can also see a lot of these videos up on YouTube. I do YouTube lives, as well. You’ll find that at Craig Peterson comm slash YouTube. And of course, you’re listening on the radio, and you’re going to find me on pretty much every streaming service that’s out there. So I want to quickly ask a question – which browser do you use? If I say create a poll? What’s going to happen here? Oh, there it is. I’m going to publish it right now. I see. Okay. All right. So far it’s showing up. I should have clicked this a little bit earlier. So Facebook Live, you have a poll. Do you prefer Google Chrome, Firefox, Microsoft Edge, or Opera? And I personally use Firefox and Opera, Google Chrome and edge I don’t trust particular Google Chrome, however,
There are times when you have to use one of those two browsers, because your company might be using a website that’s specifically programmed to only work with that particular browser. There. There might be other reasons, but let me know. Click on it there. If you are not watching me on facebook right now Facebook Live, go ahead and answer that poll. I’d really like to know or just drop me an email me at Craig Peterson calm. Let me know what your favorite browser is and why. And make sure that you delete every extension you don’t need. Every app you don’t use and don’t need. We’ve got to cut back because it just presents such a broad attack surface to the bad guys. All right. Okay, so let’s see end of this segment. When we come back, we of course, have a whole lot more to talk about. We’re going to talk about third party breaches, what’s been happening. It’s increased sharply in 2019. If you are a business person, this is for you. Your listening to Craig Peterson WGAN and online at Craig Peterson dot com
hello everybody welcome back Craig Peterson here on WGAN or also on Facebook Live if you have any questions, by all means drop them right here into the channel can always ask me a question to online anytime. Just email me and he had Craig Peterson calm more than happy to respond. You might have to have a little bit of patients I do try and get back ASAP. But if someone or my staff is not noticing or final notice Don’t feel bad. It’s not as though we hate you. But we do try and answer every question that comes our way just me at Craig peterson.com. We’re going to talk right now about third party risks whether you are a small business or a little
large business, this is a huge deal. very huge deal. And it’s also a huge deal if you are an individual, because you are dealing with everything from Cloud services through
a milk delivery company. All of these are third party services provided by third party companies. And many of them have information about us.
And I’ve heard from so many businesses lately, that are now required under the new federal standards, the CMC standards, that they don’t think that they really apply to them because they’re not a primary government contractor. It’s they don’t have a whole lot or any personally identifiable information. You know, why? Why would you come after me? I just don’t matter in the whole big scheme of things. So it’s not something that I should have to worry about.
When the law is clear, they do have to worry about it, but they’re still not worried about it.
And I think the biggest reason is because people just don’t understand the risks involved. You’re using Google spreadsheets, for instance, Google docs for me, you know, Microsoft Word replacement. And, and Google also has kind of a PowerPoint thing called Google Sheets, I think it is, or slides, Google Slides that you can use in order to put the presentation together. And even to show a presentation. It’s, it’s really rather cool stuff all the way around. But this is an example of a third party vendor. We already know that Google is looking at all of those documents and trying to figure out what a can use from that and in order to sell us stuff, right or do seller information to third parties. And in that’s obviously a bit of an issue. But when we’re talking about these smaller businesses that might be selling to
Another government contractor that might be selling to Raytheon who’s selling to the Department of Defense, just as an example. They wonder, why does it matter? That I’m really secure, because I’m making something that’s completely passive. It’s not as though I’m making the software that controls a missile in flight. Right? It is not doing any of those sort of things. So why should it matter?
And I think that it’s a good question, but here’s why it matters. There were some huge hacks of the Department of Defense last year, and those hacks a good 50% of them came from their vendors. We’re talking about a third party risk.
That third party that vendor you’re using, whether it’s Google Docs and Dr. Mike, you might be using a version of Dropbox as
Just a regular end user version might be using an unsecured or improperly secured as your instance or Amazon Web Services instance. You could be using any of those types of things. And guess what’s going to happen if you’re using those.
All of those people who have your data could be used as a way into your computer’s think for a minute. We spoke earlier today about these 500 plus Google Chrome extensions that were leaking your data there, the data is actually being stolen by third parties because of those. If you have software installed that’s being used to manage your supply chain, and that supply chain software is tied into this third party vendor. Your network is is is exposed
Now you may have tried to tighten it down, I might be as tight as could possibly be. And there’s no problem here. But if you’re like an average business, none of that is true. None of that is true at all. All of your data is potentially accessible by the third party. So some interesting stats that came out. And I again, I have this up on my website. I will post let me post this right now here in the Facebook Live channel. Okay. It’s in there now to you can see that right at the end of my comment. They’re showing that there were about 43% of businesses this last year 44% were, in fact, attacked and hacked via third party breaches. So in other words, the bad guys did not come in directly
This wasn’t a phishing attack attack necessarily directly against them. This wasn’t a ransomware attack directly against them. It was against a third party. So it was a vendor who might have had all of their customer information they might have had to how to manufacture certain things. It could be all kinds of different types of information. And that information was then used against them. That’s a very big deal. Think about billing. Think about your, your employees and their paychecks, their w 210 99. Since you send out all of these things to target so we talked earlier about these VPN services that are right now huge, they’re huge attack vector. Now this number is up by the way 35% over the last two years.
The number of records exposed in the breaches skyrocketed. Almost
300% last year, the cost of the breaches have gone up substantially as well. And you’re going to find all of this up on my website, Craig peterson.com. But that’s huge. So 44% of all firms that were surveyed had experienced a significant data breach caused by third party vendor. And remember, these are firms that know that they were breached. So let’s look at an IBM study. This IBM study says it takes an average of 197 days for a company to identify that they have had a data breach almost 200 days to even identify even know that they had a breach and another 69 days to contain it. Fat is inexcusable. In excuse inexcusable, it really is. You know, so many people have fallen through
victim to vendors that say, hey, we’ve got the solution for you Don’t worry about it. This is this is going to be so easy, not a big deal. We’ll take care of it for you and they don’t that’s the only explanation I can come up with here. For what 265 ish days, from the time a breach occurs to the time that they’ve contained it. 265 days, that’s two thirds of a year. Now I believe me I’m this is not I’m not trying to sell you our services here. Okay. If you want to buy him great. I just want to let you guys know 250 days on average to contain it with what we do on average. It is this from this. From the time it happens
to the time is discovered to the time it’s
contain. So from the very beginning of a breach to the time it’s contained. With us, it’s typically six hours. That’s why I say this is in excusable, if you’re a company with 200 employees with 1000 employees, and you’re not using the right stuff. Whose fault is it?
And I gotta tell you another number that I’ve seen before when when I was one of the FBI infragard programs that I ran, I had an expert on, and he was talking about breaches, and you know how many months it takes to discover and then to try and close the hole.
If you take less than 30 days to stop the breach, on average, you save $1 million,
a million dollars. So think about that when you’re thinking about the cost of security. If you are
slightly bigger company, you have a few hundred employees up into thousands of employees. And you can shave that whole massive number of 250 days, down to 30 days or less, you’ve saved yourselves a million bucks. So the million dollars that you might spend on security and by the way, it takes you quite a bit to spend a million dollars to even to get the kind of security I was just talking about, with the six hour to recovery stuff. A million bucks goes a long way now and that’s plus, by the way, you know, all of your other costs, the loss of reputation that you get, so you’re going to lose clients, you’re not going to pick them up, you’re not gonna be able to charge as much as you could before. People aren’t going to trust you. All this is happening because of these third party breaches. So keep that in mind next time.
You are auditing your business, right? You’ve got auditors and think about all of the people downstream from you
who maybe you should be paying some attention to, because they have data that you might find to be sensitive. They might be used as a conduit to break into your systems as well as have their systems breached. Okay. So I know many companies now that are, are auditing their providers, their upstream downstream partners, for very, very good reason. So if you want to find out more, let me know just email me at Craig peterson.com. Be glad to punch in the right direction. You can find this particular order article over and dark reading and it’s written by Jay v. JOHN, and you can find it as well at Craig Peterson calm Of course I post all of that stuff online. And if you have my newsletter, you get that
Every Saturday morning, links to it there too. So stick around. We’ll be right back. We got a lot more to talk about here. In this last hour of the show. We’re going to talk about a rental car risk you might not be aware of. So stick around.
Hey, welcome back. Craig Peterson here WGAN and and elsewhere. We are live on Facebook Live as well. out on YouTube. You can find me and Craig Peterson calm. And of course, listen to my podcasts on pretty much any platform out there. podcast platforms from one platform. I just been doing this for too long. I guess this is the problem. They’ve all found me. Oh no. So this is a great little article from our friends over at Ars Technica. I don’t know if you’re familiar with it. It’s one of those websites that I follow fairly closely because they have so many great things out there. But this one is talking about the rental cars and I want
you to think about cars for a moment because well, I like cars. Hopefully you do too. But what are the problems that we’re seeing today that are actually caused by this latest, newest, most wonderful technology? And there are a lot of them frankly. And some of them have to do shoes me with our phones, right? We plug our phones into the cars, the cars will automatically say, Okay, I want the contacts, people will just blindly say okay, go ahead and upload the contacts.
And all of your contacts are uploaded, and now the car has them and the next driver comes in I love doing this comes into the car and scrolls through all of the phones and sees all of the contacts people have their home addresses in their status home. So you just look up home on the on the cars GPS and and just some poor fool who uploaded all of his contacts into the car, right use
seen that before a music downloads, just all kinds of stuff. So I’m always careful, I never let the car upload my contacts you were probably kind of conscious about that as well. If you’re not making sure that that doesn’t happen right to the car doesn’t have your contacts. You You might also do what I do, which is after I’m done with the car, I go into the Bluetooth settings and disconnect my phone or with Apple Car Play. I make sure my phone is disconnected.
Excuse me. So those are all things I think that most people would know about and think about.
Well, here’s the problem that we’re starting to see today. These cars are getting smarter and smarter and have more and more features on them, don’t they? So there there’s been some research here. Ars Technica did a little dive into it as well. And this Dan Goodin ended up writing an article about
This where he found that the previous driver to his car could start and stop the engine lock and unlock the doors and track the location of the vehicle because you remember again these cars are designed by my guys right and gals obviously but by guys who are not thinking about all of the use cases for the car you know man I had such a fight of one of my my eldest sons who works with me he’s he’s one of the employees and works with a company that is fire jumpers certified for not fire jumper as in the fire department, although he does have a firefighting certificate including tight spaces on ships, but he’s a fire jumper for security when something bad happens. Or please, please have us design the network before something bad happens. He gets some old us all of those. Well. We have all of
Our clients emails run through a set of high end filters provided by Cisco. So all of the emails coming in our filters, look at it, and they are phenomenal. They have cut my email, I was 5000 emails a day. And now I’m down to about 100 hundred and 50 emails a day just by the Cisco filters. So and by the way, I have, I think, in the last year had maybe one false positive, maybe one it’s just these things are so smart the way they work, right? They’re not just looking for keywords or other things are really looking at behavior. Because Cisco sees so much of the internet, right? Cisco runs the internet backbone, but then they see so much of that traffic plus they see so much of the email traffic they can, they can just be phenomenal. So we have all of our customers emails running through our data center and it’s properly secure.
Of course, and running through these special Cisco email filters. And then we take those emails and we forward them on to our customers mail servers. Well, one of the services that is used by quite a few of our customers, because it’s inexpensive, relatively speaking, is the Microsoft Office 365. Now, there’s a lot of levels of old 3065. It’s their cloud services, right? But that’s cloud is in the cloud, right? And we’re not going to get into that right now. But they have a whole bunch of services. And Microsoft had an internal grey list against our Cisco email host that was doing all of the filtering. And Microsoft, you know, they said, Well, you know, we can figure it out. It took us 24 hours to escalate it to people who knew what they were even talking about. We showed them their own tech article on this problem.
them inside Microsoft with Office 365. And said, Here’s your problem. You guys know about it, you have defined it, here it is. And yet, you know, they they start you with the people that say is a computer powered on type, right? Just so, so, so frustrating to me. Well, the problem here is that the Microsoft software did not consider all their software designers did not consider all of the uses usage cases. In this case, the Microsoft software people thought, Well, people using Office 365 they’re just going to be real small businesses and they are going to have you know, dozen through 1000 email accounts maybe. And so the usage patterns are going to be consistent, etc, etc. That’s not true in a case like us, where all of the emails coming in from all over the internet.
To to us for all of our customers, including their deal D contractor customers, right? The people, the customers that have it are compliant, have PCI that have legal compliance issues, accounting compliance issues, right. So they all come to us where they are heavily heavily filtered. And then therefore it on to Microsoft. Well, that’s not a usage case they thought of when they design the software. So we were fighting with them. We had thousands of messages queued up So the good news is, we didn’t lose any of the email. We kept it our systems noticed right away that Microsoft was misbehaving, which they do frequently. And and then we got on the horn with Microsoft, we went the level two right away and then level three No, I’m air quoting levels two and three, because they’re not real levels two and three, not by our standards. By the time you get to level three or somebody like me that or Steve, the fire jumper, somebody that really knows
What’s going on? Right? That’s not the case of Microsoft.
Anyhow, the problem in Ars Technica is found here is that these cars are designed with the idea that there is a single owner. Now there might be multiple drivers to the vehicle, but there’s a single owner, right? She owns the Mustang. She drives it, but you know, the old man drives every once in a while the kids might drive it once in a while as well. Well, in this case, they looked at a Ford Explorer.
And October last year, they put an article in about a guy that was able to remotely start, stop, lock, unlock and track a Ford Explorer that he had rented and returned five months earlier. And they’re saying now something almost identical has happened again to the same enterprise rental car customers. customer. Four days after returning a Ford Mustang, the Ford pass app installed on the phone
continues to give them control of the car. So here we have a usage case where the car is being rented, it was not part of the original design considerations. And the rental car company, in this case enterprise, and maybe it’s just one unit of enterprise, I don’t know. But enterprise is not properly clearing or resetting, whatever they have to do
to that car after somebody has rented it. So it’s a real problem. And it’s something we need to be cautious of. Because it’s, it’s not even something we can necessarily do anything about. But personally, I would go into the menu on the console on the control system, you know, the entertainment system, and I wipe out every phone that’s in there, just so that something like this can happen to me, right? But that’s what I would do and that’s what I advise you to do as well. Okay, stick around. When we get
back. We’re going to talk about a new FBI report that’s talking about what happened to this $1.7 billion right here. Stick around. Craig Peterson and WGAN and live on Facebook.
Hey, welcome back everybody, Craig Peterson here WGAN and and elsewhere. Hopefully you’re able to join me on facebook live this week and we spend some time talking about the articles and answering questions for everybody. And of course you’ll find that online right now kind of all over the place, make sure you get my weekly newsletter. It’ll keep you up to date on all the latest security topics and some of the cooler new technology out there that I think is or maybe isn’t ready for prime time. Going to have a cool guests next week too. I I used to do a lot of guests. I had like a dozen a show back when I had a three hour show. But next week we’re gonna talk with a buddy of mine
Mine, who is actually fairly well known, he’s written a book about sugar. And you probably know if you’ve been listening to me for a while, not all that long. But a while you know that I have been very conscious about my health and doing the intermittent fasting thing and stuff. And so we’ll talk to him about what he has found. You might remember I did the Atkins thing some years ago, but we’ll be talking with him a little bit about that, too. I’m sure next week, so Barry Friedman will be my guest. And I will probably be next week. We’ve got to figure out the calendars first.
No, I hate it when that happens. Sorry about that little bit of a coughing fit. Okay, so let’s get into the article right now. And this has to do with email compromise. Now we all have email accounts, right? You got them. I got them, whether they’re on Google
Shame on you, or if they are Microsoft Office 365. Okay, depends on which level you have. Or if you host them yourself, which is what we’ve been doing for decades now for ourselves and our clients. I like that because they have more control. I don’t have the problems like we had with Microsoft this week with Office 365 for some of our clients. But when you have email, there’s a certain type of exposure that you have. We talked earlier about this whole problem with the coven 19 with the corona virus, and how they’re using it right now to get you to click on links and phishing attacks. click on links in SMS. Those are called smishing. To get you to do something that ultimately you shouldn’t do because they’re using it to download nastiness. And it can be nastiness in the form of ransomware he’d be nastiness in the form of software that
being installed on your computer to use your computer’s resources, maybe as part of a denial of service attack, maybe to attack other people and other computers that are out there, right? It’s all pretty darn evil. Well, the FBI put together some numbers because there’s this thing called a business email compromise. That’s only part of the problem. Because it isn’t just business email, that can be a problem here. It’s also our personal emails. So we’re finding on the personal side that people are getting emails that are again from bad guys, but what they’re trying to do is get you to go a little bit further. So a lot of them for instance, are based around dating sites. So people looking for companionship, they might be out on one of these websites and and they meet somebody.g more coughing meet somebody and as they’ve met that person, they kind of go back and forth and how are you? Oh my we have so much in common and they’re trying to scam you. That is a very, very big and prevalent thing right now. Because so many people are just trying to find somebody that they can love someone they can spend some time with. And enjoy company and you know how I get that pardon my French but this is a real tough time in the world. There’s so many people that are so ostracize that are blocked off from other people
that are just looking for something anything right? Doesn’t have to be love. As I said it can just be companionship. So the FBI has been warning about that. And then we’ve got these business email attacks, that what’s happening here is oftentimes it’s spearfishing. They’re going
After the owner of a company, and and frankly some of these dating things are spearfishing, too, because they know that somebody who’s a little bit older might have some money that they can get out. Yeah. And they’ll ask you Hey listen, I my uncle cousin has this medical bill and and we really need the money can I get $10,000 from you and people, people are sending it in the business email account account. It’s a little bit different. So here’s another article from our friends over dark reading this up on my website as well. But it’s same back in 2013 scams often started with the spoofing of a CEO or CFO his email account, fraudsters send emails appearing to come from these execs to convince employees to send wire transfers to fake accounts. Now we know that within the last six months, this has gone to the next level. We’re there we are using computers to imitate the bosses voice and they’ve been able to take millions anyhow the article goes on. Since then business email compromise has evolved to include the compromise a personal and vendor emails, spoofed lawyer email account and request for W two data. Of course, taxis and everybody. This is a big one w two right now the IRS is warning about that. Attackers often target the real estate sector and or make requests for expensive gift cards. In 2019. The Internet crime center
saw an increase in business email compromised complaints related to the diversion of payroll money.
So the attackers send a fake email to human resources or payroll department requesting an update to a specific employees direct deposit information. This is really really big and you look at these numbers. We’re talking about
1.7 billion in losses. That’s absolutely huge amounts of money. The in 2019, they had a half a million complaints come in costing organizations three and a half billion dollars overall. That’s up almost $3 billion from 2018.
absolutely huge. So we have to be very, very careful.
There are some reports out there email fraud and entity deception trends that are out there about the attackers what they’re doing rise in hybrid attacks, which a victim receives an email making a request, and simultaneously receives a text message from a spoof number designed to seem to seem like the same person saying they just sent an email. It is highly targeted and also highly effective. So you got to be careful of all of this.
We have to be careful of all of this and for business people, we have to be particularly careful about all of this government, government agencies. Did you see what happened with in Atlanta in the last year, how they got nailed multiple times. And it was ransomware. Getting in some of it was some business email compromises. We’ve had cities all over the country who have fallen victim to the business email compromise, and they have wire money to vendors that just don’t exist, etc, etc. We have to be very careful. So how do you avoid this? First of all, don’t send money to people that you really don’t know. You know, you I’m thinking about those of us that are looking for companionship, friendship, maybe for a new lover, somebody that we can spend the rest of our lives with.
Don’t send them money really don’t no matter how bad that sob story is. And then if we’re business people be doubly careful.
Verify everything via the phone. So the boss tells you that they need to move some money into another account. Call the boss you have their number, don’t call the number in the email. If you are getting contact in HR from an employee’s saying, hey, I want you to start direct deposited into my new account, here’s the account number. Call back and verify it. Right That’s always the case. You know, a police officer pulls you over the side of the road. You have a good chance that it’s really police officer because they’re an unmarked car. They have the blue lights going. They have a police officers uniform on. You just don’t know even in that case. So be extra-extra cautious out there. Man. When we come back, we’ve got one more article for the day again, believe that it’s gone so fast. We’re going to talk about the most secure messaging app out there. Hi
You can get it how you can use it. So stick around. You’re listening to Craig Peterson and wg AN. And of course, Facebook Live in YouTube Live. Man, we’re going overboard this week. Stick around because we’ll be right back.
Hey, welcome back, Craig Peters, Melanie or w g. N. and online Of course, we’re doing a Facebook Live even as we speak, having a little fun there as the chuckles we’re all about. Hey, I appreciate you guys joining me and I know that your time is valuable, and I don’t want to waste one minute of it. So I’d love to get your feedback. What do you think of this show? What are the good parts, the bad parts? What do you want to see more of? What do you want to see less of let me know just email me and eat at Craig Peters. on.com. I’d really appreciate it and make sure that you are on my email list so that you get every week the latest in technology news.
With a course in emphasis,
as always from me on security, and what you can and should be doing for security in your home, and in your business, you know, I really focusing on business, because that’s what I’ve been doing for so many years. You know, most businesses aren’t in the cyber security business. And so they’re trying to make their widgets provide their service, etc. And they’re just left hanging when it comes to the security side cyber security. And I know that’s true of you guys, too, who are in smaller businesses, even larger businesses and home users. But the answers the solutions are always the same, although you don’t have as much money to spend so you’re not going to be as well protected. Right? Do you also, hopefully don’t have as many assets at risk. I know a lot of people who are high net worth individuals who come to me in order to get things secured, but as as a whole
Most of the time is business Zilla. So I kind of aim at that. And then every month is well, we have a list of the top security vulnerabilities that there are patches out for telling you, hey, you need to update this software or that software. There’s various vulnerabilities that you have to take care of immediately.
Another coughing fit, man, hope this isn’t assigned to something coming down with something. Here’s the vulnerabilities you have to take care of right now. These are vulnerabilities that are seen in the wild, we know that these are being exploited. So I work with a number of different organizations, as we mentioned, the FBI infragard program, the sands people, NIST, the list goes on and on Homeland Security. They’re all providing information so I boil it down. There is just too much to keep up with as I’m sure you can kind of guess right. survive.
And so I boil that down, put it into one of my newsletters that you’ll get for free. And it comes out once a month. And then once you’ve got that done, you know which Katie bar the door, right? Because now you’re going to be safe against the worst things that are happening right now. So it’s, it’s really in, in in that interest is really easy. It’s kind of a follow along things step by step. So I want to talk about this guy called marlinspike. I don’t know if you’ve heard of marlinspike before that’s one word. It’s his name are marlinspike of course, I know having two kids who are three kids professional Mariners, actually, that’s something to use is it on a knife that is used for weaving the ropes together, it’s a little spike is called a marlinspike. Anyways,
this guy launched an app called signal and the technology that he used and he developed
Then he shared was also used by the WhatsApp people. And of course WhatsApp now is owned by Facebook. But it’s signal that and that technology that’s providing the end to end encryption for WhatsApp. Now, you know, I’ve talked on the show about what happened with Jeff Bezos and his information getting out and how the Saudi royal family Prince was supposedly involved in this. And, man, what a nasty mess that all is. The problem was not in this protocol that was developed and released by Mr. marlinspike. The problem was in the rest of the software that sat on top of it, that allowed access to the videos and the photos on the phone, and also had a bug in the software for some of those videos. So that’s where the problem came from. So this
Guy, Moxie marlinspike how’s that for great name? Kind of reminds me of Who was that guy from New Zealand who had the
that website I can remember changes his name to.com. Anyhow, Marlon Moxie marlinspike was on an airplane. He was sitting down next to a guy who said he while marlinspike said that he thought he was Midwestern in his mid 60s. And this guy asked him for help because you know what it was guys in the 60s do we have to ask young kids for help with technology right? Actually my case it’s usually the opposite but anyways asked him for help. And the guy said he could not figure out how to enable airplane mode on his phone. So marlinspike looks at this Moxie and and he thought it was a setup. We thought this he was being trolled by this guy. Because right there on this guy’s
Home screen on his phone was signal signal is the number one secure app for sending and receiving messages. And they’ve added some more features to it recently. I actually haven’t used it much for a while I’ve been using Apple messages, which is pretty darn secure but it’s not signal. And he thought oh wait wait a minute here I’m being played he’s playing me because he knows who I am. I’m Moxie marlinspike and and and so he was kind of wondering what was going on. But anyways marlinspike
put this whole signal software together some years back, widely considered to be the most secure and encrypted messaging app. It’s probably an old five years, and there is now a private foundation that maintains the code and that Moxie is the head of, but it turns out this 60 something guy next to him on the plane didn’t know any of this stuff. And a Moxie showed him how to enable right airplane mode and gave him the phone back, and he says, I try to remember moments like that in building signal marlinspike told Wired, and this is from a Wired interview, you see this here in my Facebook Live, I put the link to it right there in the live channel.
And he says the choices. We’re making the app we’re trying to create, it needs to be for the people who don’t know how to enable airplane mode on their phone.
You know, that’s right. I can see that. It all goes back to UI design, right? User interface design, you have to design for the least common denominator. That’s one of the reasons iPhones have been so popular. Steve Jobs just kept going after the designer say make it more simple, make it more simple, make it more simple. Think of that first iPod Could it have been more simple
I had an mp3 player, and I still have it, it’s like this big. And for those who aren’t watching here on video on YouTube or Facebook, it was probably what would you say six inches long, and maybe three or four inches wide and a couple of inches thick. And it was phenomenal. The audio quality was better than those original iPods. But it was much more challenging to navigate. And there are so many more things you had to do to load it up and make it all work. Steve Jobs just made it simple. I have to emphasize that because if you’re a business person, you have to make it easy for people to do business with you, not like me, and kind of make it hard, right? But make it easy for people to do business with you. And I’m trying to change that because there’s a lot of things I could do to help people out that could pay my bills. So I’m not worrying about where my next checks going to come from right.
So, five years later, today now Signal is reaching a much, much wider audience. It’s reading the not reaching an audience that includes the 60-something-year-olds on through the younger kids. And I have to say, if you need secure messaging, and frankly, that’s almost everybody. Take a look at Signal. It is free, absolutely free. It is available on iOS on Android. There are now versions for computers as well. And it lets you talk on like on the phone, and they’d let you make video conversations, share pictures, and of course, text back and forth.
And that just goes to prove that it’s not just for privacy diehards or activist because cybersecurity needs to be something that we think about all of the time and needs to be something foremost in our minds, just like everything else you talked about today, I hope that you take a few minutes and go through the whole show this week, you should do it every week. I’m always giving you tips and tricks, the tactics of things to do the strategies of overall what needs to get done out there. And some stories related to it so that hopefully you can see how it does apply in your life. And that’s why I’m doing more and more the Facebook Lives, and YouTube lives. And I am putting together these courses. I’ve got tutorials now that I’m going to be releasing in a couple of weeks that we have spent weeks on I’m going to do some training, some more webinar training that again, that we’ve been spending weeks on because I want you guys to know this stuff, right? You have to know it. I don’t want you to lose your businesses. I don’t want you to lose your life. Saving
Right, I want to be able to communicate. I want you to be able to communicate with your families. And you know, what was it two weeks ago I was on the radio with canon, madam on every Wednesday morning at 737 738. In the morning, during drive time for about half an hour. We talked about security. And I’ve been talking to Ken and Matt about security now for a year, two years. I’m not sure how long I’ve been on with at least a couple years now, maybe even three, and helping them to understand the security and what needs doing. You know, they asked questions is very, very interactive. It’s like the whole reason I’m here. Over on Facebook Live. I’m taking questions as we’re speaking as we’re on the radio because it needs to be interactive. So after two years of speaking to them every week, about security things and things to do, and just talking with them two weeks ago.
Go about the basics again, getting right down to, are you using password managers? Because I’ve given out information on them before free password managers paid password managers? And the answer from both of them was, No, they’re not. And you know, that’s one of the essential things that can be done. So it’s evident to me that we still need to keep talking about this. And I understand how daunting this is. I know the guys selling you the antivirus software are lying to you, the guys that are selling you the VPN services, most of them are misrepresenting or lying to you. Okay, I get it. You’ve tried things they haven’t worked. But I want you to know what you need to know, do what you need to do and be a success, frankly, getting all this together. All right. Hey, thanks for being with me. Make sure you visit me online. Craig Peterson comm check out the Facebook Lives, the training needs, the tutorials, the courses, the webinars, it’s all there. It’s all for you. It’s all available home users through even large businesses. Have a great week. You’ve been listening to Craig Peterson on WGAN.
Transcribed by https://otter.ai
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: