Craig discusses how you can find out if you have been hacked and when it happened. Then he tells you how you can test your skills at picking out Phishing emails and more.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Okay. I’ve got a couple of sites I want you to visit. We’ll be telling you about those. These have to do with your own cybersecurity and also your business is cybersecurity. We’re going to get in also right now into China. Are they the world’s greatest cyber power?
Hey everybody. Thanks for joining me today. This is Craig Peterson here on WGAN appreciate you being here with me. Of course. You can also find me online. Craig peterson.com got a whole new website a brew’in. We’re almost done. It’s amazing how long some of the stuff takes, right? Yeah. I have a real job too. Securing businesses.
So anyhow, you’ll be seeing that coming up here pretty soon. If you miss this early, I’m going to give out a couple of URLs here in just a second I want you guys to write these down because these are websites that not only do I want you to visit, I want you to make sure your coworkers visit them, particularly if they’re working from home.
These are also sites that I think you as an individual. Should visit. They’re absolutely phenomenal. So the first one I talk about fairly frequently, I want you guys to visit right now is Have I Been Poned.com? Have I been poned and PWNED is spelled- P W N E D. Dotcom. So you’re going to go there and you’re going to type in your email address.
I’m going to do it right now. So I’m going to say me at Mainstream, Mainstream is my company. email@example.com. Me at Craig Peterson.com and let’s see, guess what? No pwnage found. So let me use my Email address that I’ve had for 30 years, firstname.lastname@example.org let’s see. Okay. have I been poned again?
Have I been pwned? P W N E D. So it’s showing me that email address was found on thirteen breached sites and on one paste site, websites that are used to upload big files and share them. Okay. Basically.
So it’s saying eight tracks, plus I remember them, I didn’t know they were still around. So it tells you about it. It says in June 2017, the online playlist service suffered a data breach that impacted eighteen million accounts. So it turned out it was an employee get hub account, not secured using two-factor authentication. Again, everybody, use two-factor authentication. It had a salted one password hash, let’s see Apollo.
This was a sales engagement startup that I signed up for a big collection almost. It was three-quarters of a billion records. It’s called collection number one. This was for credential stuffing.
So what credential stuffing is when the bad guys have your email address, they have one or more passwords that you have used on a website and they were able to steal of them.
Then what they do is they start pushing all of that data to another website. So they’ll go to Bank of America or some other site, and they’ll try your email address with every. Password they have for you. So that’s password stuffing. So that’s what that one is. So it says it had my email address and some passwords, and of course, I changed them frequently and I use a different password on every website, et cetera.
Another one here called Cove. This was February this year. Absolutely massive. This was personal information provided to him after being found left, exposed on a publicly facing elastic search server. So again, here is an example of a problem with the people who have, they don’t even know, and that is a misconfigured cloud service or system.
That’s what it was. it turns out it was originally from the Cove contacts app V E. It had email addresses, job titles, names, phone numbers, physical addresses, social media profiles. Lovely. This is all my data, And that’s why I want you to have a look for yours, data enrichment, and exposer exposure from PDL customers.
A couple of people unprotected another elastic search server holding 1.2 billion records of personal data. So apparently my, at least my email address was in there and that had email addresses, employers geocode, job pedals, name, phone number, social media profiles, drop out box back in mid-2012. How’s a, you Z, Z.
That’s a housing design or website, let’s see, lead Hunter people tracking me online. That’s part of what we have talked about tracking 110 million Rose again, another elastic search server. Onliners spam bot. Yeah, let’s see here. 711 million records, river city media spam list in January 2017.
The massive trove of data. 1.4 billion records, email addresses, IP names, physical addresses. Isn’t that? Something the trick spam botnet gene. I had a bunch of button heads. No wonder I had a, I get so much spam, right? Yeah. I’ve had the same email address for almost 30 years. so this is June 2018 43 million people.
Dot IO. This is an email address, validation service, and a 763 million unique email addresses stored in a model. Go DB instance again. Misconfigured stuff. So yeah, you gotta be very careful. So that was me. All right. That was my Cray. Get mainstream.net email address that I’ve had for years because it’s so heavily spammed, I just don’t pay that much attention to it anymore.
And at least my Me at Craig Peterson hasn’t shown up anywhere yet. So that’s site number one, site. Number two. This is, are a gift from our friends at Google this is a fishing quiz. Now, this is phishing with a pH and it is very good. I think you will like this a lot. This is something that you need to make sure that your friends, your neighbors, everybody.
Who you have contact with, goes to this site. Okay. very important. It’s part of the jigsaw project over from our friends at Google. So here is the URL guys – Ready? Get your pencil out or type it in it’s called fishing quiz. P H I S H I N G Q U I Z. Fishing quiz dot with Google. Dotcom. So there are three words.
The first one is phishing quiz with a pH dot with google.com. You can take the quiz. They’re just going to ask you for a fake name and email address that it’s going to use. You can use a real one if you want, but it’s going to use to try and mess you up. A very good thing for people to do. You absolutely have to make sure that you.
You go online and take this quiz and have your friends take this quiz. So there you go. Two sites to check out right away. Have I been postponed and the phishing quiz with Google, both the, both a website chat to visit them right away, important stuff. All right. When we come back. Okay. I promise we’ll finally get into China here.
we’ve got a new iOS, four privacy setting. That’s really good. Going to hurt a lot of ad targeting businesses. Facebook is pushing back, does not want Apple to keep your information safe. I keep saying, use WebEx, excuse WebEx teams. Don’t you use any of these others that are out there?
Yeah. Now, KPMG, you might be familiar with these guys, KPMG, right? International, a very big company, lots of employees have careers covering a lot of industries that do a lot of research and consulting work. Yeah. they were using Microsoft teams totally messed up.
Now, the KPMG was not doing for themselves. What I do for our cloud customers that are using Microsoft tools, including their email office three 65 now called Microsoft three 65 that is that KPMG trusted Microsoft. We don’t, we try not to trust anybody we were, we back up all of the stuff that Microsoft holds for our customers, just in case highly encrypted too, by the way, KPMG did not.
And they lost 150,000 of their employees, personal chats, Microsoft teams, the way to go guys, stick around Craig Peterson here. We’ll be wrapping up in just a minute.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: