Today there is a ton of stuff going on in the world of Technology, and we are going to hit several topics today. From Technological Protection to tactics. Zero-Day Browser Vulnerabilities, Malware Infected Phones, Vulnerable Broadcom Chipsets in Cable Modems. Why connections always mean hacking. Social Engineering. The absolute need for Updates, Patches. The Coming Cyber War is already here, and more on Tech Talk with Craig Peterson on WGANand more on Tech Talk With Craig Peterson today on WGAN and even more. It is a busy show — so stay tuned.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine Generated Transcript:
Hello, everybody, Craig Peterson here a big week when it comes to security updates, and I mean a massive weekend. Welcome to show number 1043. That’s weeks people. I’ve been doing this for a very long time, glad you have joined us, and if you are watching over on YouTube, I’d love to hear from you. Just email me at Craig Peterson calm you know if you’re on YouTube or, or Facebook, I’ve noticed a few people who have subscribed, and I love that thank you very, very much. I hope you get a lot out of the show. If you’re listening on the radio, of course, you can also email me at Craig Peterson calm with any questions that you might have. And I always try and answer them now sometimes it takes me a little longer than others. As you can imagine, I am a busy guy. It is kind of a labor of love, but we do want to answer your questions and help You out with everything. Keep an eye on your mailbox this week. Because I am finishing the course of courses. I am so excited about this, so proud of what we’re doing. And what I’m trying to do here is help you get to the point where you have all the information you need. If you’re the Operations Manager now responsible for it in a company, or you’re a smaller company, you know, doctors office, etc. It is going to be great. So keep an eye on your email. Because what I want from you here as I’m finishing this course up is your questions. I want to make sure they all get answered. As I’ve been going through putting the course together, I’ve even noticed that there are things that would help take that kind of extra mile if you will, you know there are these concepts that people just don’t understand. And I’m going through this thinking oh my gosh, you know, to me, it’s so obvious, but to so many people, it’s just not because this isn’t what they do every day, and they’ve done every day for years and years. So we’re adding a bunch of different things to this course, different bonuses that are going to help. Of course, as we always do, I will still do free training, that’s always part of one of these courses when we lead up to it. And there’s a lot of people out there that say, Hey, listen, I can get everything I need just from the free training. And you know, between you and me, that’s not true. But you can learn a lot from those. So I hope you will attend. And if you’re not on my email list right now, even if you’re a home user and not a business person, you’re not an office manager. Let’s say you’re a small business owner, and you’re wondering if this is something that you should do or not. I think the answer is yes. Because really, I’ve never been so excited about something ever. It is something I think you’re going to love. I know I have put mine all into this and solos my wife. I’ve had a couple of other people here in our team helping out as well had a great meeting this week. And it’s just man, this is exciting. So anyway, if you’re not on my email list, sign up right now so that you can get on you can get not just this, but every week I send out videos, I send out a newsletter. I do Facebook Live training and YouTube Live, and we have pop-up training when there’s something that’s hit the news that you know you’re trying to stay ahead of we do all of this stuff, and that’s all for free, but you got to be on that particular email list. So subscribe by going to Craig Peterson comm slash subscribe, make sure you’re there. I think you’re like it. You know, you can always unsubscribe, which some people do, right? It’s not for everybody, but most people have been on there for years now. I have people on there. That man, I’m trying And remember, but it’s been probably 25 years on that list. So join now Craig Peterson, calm slash subscribe. Now I started by saying that we have some real security problems this week. So I want I’m going to mention this a couple of times during the show, I want to make sure you guys know first of all, huge, huge, huge windows problem out there. And this problem was reported by the National Security Agency. Now, I made mention of this on the radio this week when I was a guest on the morning drive show, but I think it’s worth mentioning again, and that is The National Security Agency when they have found these types of bugs. What do they do? They keep them for themselves. They don’t want other people to know about the virus, because then they use that bug now to go and grab onto other people’s computers, you know, foreign agencies, bad Guys, good guys, people that they’re not sure of right all of this stuff. They’ve been using it for years. We saw this from Edward Snowden and his leaks, right? He went out, saying everything they are monitoring, and that they are capturing and, and they’re putting up on to their computers and their data storage over there in Utah and just terrible things. So we know they’re doing this stuff. Well, this was amazing to me, because I realized that here under the Trump administration, this is the first administration where the National Security Agency has recognized a more significant responsibility. It isn’t just hacking into other people. It’s providing security to us, to you to me, right, and helping us to understand what we need to do which yea yea yea right. I’ve always been trying to help everybody. Get more secure. So I’m glad the NSA is doing that. Now. They didn’t do it under the Obama administration or the Bush administration or the Clinton administration, right? They just haven’t done this, and I don’t think ever. So kudos to them if they’re listening. And of course, we know they are. And kudos to the government agency. So this is a big, big deal here with Windows. And we need to understand kind of what it is it’s going on. But basically, it has to do with encryption. It has to do with that part of the windows that we use to try and keep ourselves safe. Now, it’s not all encryption. I don’t want to get too technical. Everybody, you know, my show here is really to help you guys understand things and not get all cliquey and clinical and buzzwordy, although sometimes I am accused of doing that frequently, I try not to. So it has to do with encryption. And it turns out that in the cases of this time, encryption. Microsoft isn’t even validating keys, which, as you can gas, if you don’t know anything about encryption, is a huge deal. So update windows pronto. Now, there are no known attacks in the wild, but you can be sure those are coming. Also, a big update this week from Firefox because of a massive security hole. You probably know, I love the Firefox browser. I use that Firefox browser. And I hope you do too. It is important if you use Facebook, because of Firefox browser has a special thing where it’s fencing Facebook in so that it can’t read all these other sites visited. It’s great for that, but there is a security bug. So that’s news, I guess. We want to make sure we fix that main, and you can do that by updating Firefox. Now Firefox is one of those browsers that updates itself. So hopefully you’ve recognized it Firefox came up and said, Hey, I want to restart to install patches, and then let it restart, you have to let it restart. And Chrome started doing that as well. Again, never, ever use Microsoft Internet Explorer, it is the definition of a problem for you. Okay, security and otherwise, so don’t use Internet Explorer. And also, of course, the Edge browser. I wouldn’t use either. And I’m not fond of Google browser, Google Chrome unless you have to use it, right, because some applications only work well in Chrome. So let’s get to our first article of the day here. We’re talking about half protected is half empty, and you can see behind me, technology can only protect you and me so much. Many of these threat actors, these cyber guys that are out there, they are coming after you and me. And one of the easiest ways to come after us is using phishing smishing some of these other tactics, and we’re going to come up here in another segment Today, I’ll be talking about smishing. And how bad that has gotten and how you can avoid it six tips. I’ll give you here to avoid smishing. But in reality, right now, we’re talking about the human element. And what the wetware You and I, right versus hardware and software you and I are doing, and we’re getting confused, and they are taking us to task on this. But we’ve got to be careful here with our security controls. We got to make sure that people only have as much access to data as they need to know so so many businesses will see this all the time. And I understand if you’re doing this because it gets kind of complicated to do it the right way. But so many businesses are sharing their file server with everybody. They’ve got an Active Directory server or some sort of a network-attached storage device, etc. And all of their files are on it, and everybody has access, you don’t want to do that. Because all it takes is one person to get fooled into clicking on a link, downloading some of the malware software. And once that malware loads onto their computer, start to spread. Where is it going to spread? Well, heck, it says Look at this, a network-attached file system a file share. I’ll just try start to spread that way, and it does. So keep your security controls in place. Make sure you have the minimum necessary access. Make sure when it comes to your password management, be sure that you are using password vault at a very minimum. You can go all the way up to things like Thychotic, which is just phenomenal; it changes passwords and everything as used. But be very, very careful because this can go a long way towards helping your business to stay safe. Train your personnel and make sure they know what they should be doing. You Google has some free tools you can use. I have some tools. In my weekly newsletter, a lot of businesses use that as their training. They have people go through that read it and then answer some questions. So that’s all free at Craig Peterson, calm slash subscribe. So stick around. We’re going to come back, and we’re going to talk more about this whole Firefox warning. And we’ll talk a little bit about browsers. You’re listening to Craig Peterson. I’m of course on the air on WGN radio and other stations online at correct Peterson dot com
Hey, hello, everybody, Craig Petersson here. Welcome back. We’re going to talk a little bit right now about browsers. You know, this is the biggest problem I think many of us have when it comes to being online. which browser should I choose? And where am I going to see the problems? Well, as I just talked about in the last segment, and we’re going to talk a little bit about now, we have a security vulnerability out there for Firefox. Now, Firefox is a browser made by the group known as Mozilla. And they’ve been making this browser for quite a few years. Now. I love this browser. I used to use it almost exclusively. Now, I’ve changed my tune a little bit. And I have a few different browsers that I use, frankly, for different reasons. So let’s go through those reasons pretty quickly. One, if I need the most compatibility in a browser. And this usually means I’m using some sort of software as a service online. So I might be trying to do something extraordinary with a Canva, for instance, which is an amazing tool when it comes to graphics. And it doesn’t always work so well with other browsers. It refuses to run under the Opera browser. So if I need the highest level of compatibility, it’s Google, Google Chrome. And Google Chrome browser is the most supported, and it’s number one out there, the most supportive browser, bar none. It didn’t use to be, but it sure is now, the second browser level browser that I use for everything except for Facebook. Lately, I’ve been using Opera O-P-E-R-A. Now opera has browsers for your desktop, whether it’s a Mac or Windows machine. Has it for tablets, it has it for your smartphones. P-opera is great. It is Every fast. That’s kind of its claim to fame. It’s the fastest browser, but it also has the highest level of security. Well, almost right? But of the common browsers that are going to work with most websites opera. So that’s number two. Number three is the Firefox browser. Now, remember, I said, I don’t run Facebook, inside of opera. And that’s because Firefox has an incredible feature. When it comes to running Facebook. It fences it in quite literally see what far what Facebook’s trying to do is get all the information they can get about you. Now, that’s not necessarily a terrible thing. Because Facebook is frankly, selling advertising and they Want to know? What are you most likely to buy? And you know what this world runs on advertising. We see ads all the time on TV. We hear ads all the time on the radio like right now, if you’re listening to me on the radio, you’re going to hear ads, right? That’s how the lights get kept on at all of these businesses. Now, would you rather see an ad for cars, new cars, when you’re looking to buy a new car? Or do you want to see ads for cars all the time? Personally, if I’m looking for a new car, that’s what I want to see. ads for a new car. If I’m looking for shoes, that’s what I want to see ads for shoes, right? you get the point here. So if Facebook’s able to kind of track what you’re interested in what your friends are talking about, then it can give you the ads, and it thinks you’re going to be interested in I love that concept. And as somebody who owns a business, I particularly love that concept. So I’m not wasting time or money, not wasting the time of people who aren’t my customers and would never become a customer by showing them an ad, right? It’s like the Super Bowl ads coming up in a couple of weeks here. But those Super Bowl ads that are almost useless and cost millions of dollars, you know, those are almost useless. So from an advertising standpoint, I love the fact that Facebook keeps that information. As a consumer, I love the fact that pays Facebook keeps that information. However, What I don’t like is Facebook’s habit of doing what’s called cross-site tracking. What that means is Facebook knows Hey, I went to this site I went to that site, and it can help them with selling stuff it knows Hey Greg just went to the Ford website Ford trucks he was looking at, etc. etc. And so now it says Hey, Mr. Chevy dealer Are you interested in maybe buying some advertising is handed off to good old Craig there. And that’s how they’re making money as well. And so the Chevy guys happy because his ad went to somebody who was potentially going to buy the competition, which by the way, I buy an F 150. Any day over so many of the other products on the market, let me say that we can talk about that some other time, or a rather lengthy discussion. But that’s what they’re doing. So in the faith in the Firefox browser, when you’re running Facebook, what it’s doing is it is blocking that cross-site tracking. Because when you like something on Facebook, you might not be aware of it, but it can use some of that information for the cross-site tracking stuff. And there’s a lot of information that I just don’t want Facebook to have any of their business. Remember, it ends up in the hands of who knows who. Everyone to the Obama campaign. Did you want all of your information given to a political party? Then when Trump ran, they sold some of the information through a third party over in the UK to the Trump campaign. Alright, and so I certainly get it What? Why weren’t people upset that the record of literally billions of people was handed right over to the Obama campaign, and yet, few only 10s of millions went to the Trump campaign, and everybody freaks out. Well, I guess that’s part of the Trump derangement syndrome, right? So that’s why I don’t like Facebook to do cross-site tracking. none of their business was out. I’m going online, frankly. And that’s where I use the Firefox browser. It’s got some excellent cross-site tracking features built-in Plus it has some other features about advertising. And one of the ways that the web sites can figure out who you are, even if you turn off tracking, is to look at what plugins you have installed in your browser, right? A little bit about the history, the cache, the memory in your browser and your computer, right? The operating system version, the computer, the version of the browser, all of that stuff gets pulled out together, come up with a unique picture of who you are. So even if they can’t say cookies, they can get all of this information, figure out who you are. Blocking Facebook from doing that when you are on Firefox, and in fact, Firefox blocks that kind of information gathering, no matter which website you’re going to, it isn’t just Facebook, so check it out. But the Department of Homeland Security now has come out issued a notification encouraging People to upgrade the Firefox browser. It is because there are serious critical actions where they use a security problem with the version of the Firefox browser. So they’re warning us, they’re advising us, they are encouraging us to make sure we update our Firefox browser up to at least version 72. Now the beautiful thing about the Firefox browser is it always tries to keep itself up to date. And so if your browser, whether it’s Chrome or Firefox or anything if your browser comes up and says, Hey, I want to do an update, just let it do the update. Okay? Which usually means you have to quit the browser and restart it. So that’s a huge deal because it’s likely unless you configured it differently. You can tell it hey, I want you to reopen all the tabs I had open before all of the windows I had open and I do that all the time. I have, by the way, a little browser plugin that I use that you might like, it is called the Great suspender. I figured I should mention this to you guys, the great suspender. And what the great despite suspender does is if you go to a web page in a tab, it will automatically be suspended after an hour, 15 minutes whenever you set it for saving your computer memory and saving your computer execution time. Alright, so if you’re like me, and you have a ton of tabs open, check that out the great suspender. So, in summary, if you have to have absolute compatibility, Google Chrome, normal browsing, you probably want to use opera and then Firefox for one year using Facebook, and then you know banks and things. Facebook or excuse me, and Firefox is pretty good. You’re listening to Craig Peterson WGAN stick around because I’ll be right back
Welcome back everybody Greg Peter song here on WGAN and, of course, online as well. If you are watching on YouTube, and you want to see the articles, I post my videos on YouTube. This week we posted a few on Facebook as well. Hopefully, we’ll be able to get them all up this week on Facebook as well as YouTube. So how do you find them? simplest way? Go to Craig Peterson comm slash YouTube if your YouTube user or Craig Peterson comm slash Facebook if you are a Facebook user, you know some of us like Facebook some of us don’t like Facebook, I use it because of business. There are people on Facebook who are clients and who asked questions I often will put together these pop-up Facebook groups to address specific problems that people are having or the come up in in the news cycle as well. So all of that online at Craig Peterson calm, I’m also we’re in the process of changing the website look and feel we got the new one laid out. But we don’t have it up and active yet, but we should have it up hopefully within the next few weeks. So keep an eye on that too. I think you’re going to like it a lot less confusing homepage than what used to be there. There’s just too much stuff on there. So the new homepage has a couple of videos from the weekly summary of the articles. So you can click on them and read them and watch me as well. And then it has this is a new feature that we’re adding to our newsletter right now. And that is, we have the top security tactics for the week. So the things you need to So like this week, as I mentioned at the top of the show, we’ve got a huge Microsoft huge security problem that the NSA told us about Homeland Security warned us about a problem with some of the older releases of Firefox. What software is being attacked right now in the wild? What needs attention now. So that’s going to be a new feature of our newsletter as well. So keep an eye out for that. Lots of stuff going on as we get ready for our big training course that’s coming up in just a few weeks from now. So keep an eye on your email box, because we’re finishing up the course and I’m going to ask you guys what you think maybe I should add, make sure I have in the course. And I’m sure it’s going to result in us having to produce a little bit more content than we thought, but the goal is to help you guys understand the security stuff. Now, this article is just mind-blowing to some people. It is from Forbes magazine. You’ll find it at Forbes calm. And of course, I have a link to it on my website as well at Craig Peterson calm. But the United States has these programs. You remember all of the bragging people that, wow, I got my Obama phone now that President Obama took over and somehow they figured that it was from him, right. But we have had a program for a very long time for people who don’t have much income. And I remember people with dial old rotary phones that got free phones, and the idea was that they could be used to call your doctor to call 911 or something that happened. A quick call to your family and friend. It was even back in the day when the phone call Company charged per minute to make a phone call on a landline. So these programs have been around for many, many years. And more recently, the government has been giving out to people, some of these smartphones. Now they’re usually more limited functions and features, and they’re trying to keep the costs of these phones down and keep them simple. But in this day and age, I look at it and say, Hey, listen, if we want people to be able to find jobs, they need an online web browser of some sort. So yeah, I love the idea of giving them a smartphone, you know, providing them a charity shouldn’t be doing it. The government is doing it right now. But they should be able to go online and do some shopping. Some of the numbers I’ve seen out of Africa are amazing to me some of these charities I’ve worked with, who have gone and given phones even just the basic old phones you know, with the ten keypads on It that you can use to what was that called the T something rather. But you could use to spell out words and websites, and it would go there. And they’ve been giving them those phones, and now they’ve given them smartphones. But they have had some amazing results, particularly with women in Africa. They were able to build businesses now because they could communicate. Right? capitalism is a terrible, terrible name. Because the capitalists aren’t the ones starting the companies. Then it’s the entrepreneurs, and it’s the people like you and me. Were the ones creating the companies? We’re the ones taking the risk of the capitalists are the guys in the banks, who say, yeah, hey, if you don’t need the money, we’ll loan it to you. Right. Those are the capitalists, the people that are buying and selling stocks, and these big public companies. Yeah, those are capitalists. When we’re talking about these African women, who have been some subsistence living for their whole lifetimes. Now being able to have a business where maybe they’re making something selling it online, maybe they’re selling their herds of animals buying herds, cheese, milk, whatever it might be. Those are entrepreneurs. And giving them the tools that they need, like the ability to be able to communicate is a huge, huge deal. Very, very big. So what are we doing here in the US? For years, the government has provided low-income households with cheap phone service, cheap cell service, and even free smartphones. Sometimes they are completely free, particularly if they are ill or injured, you know, on disability, etc. Well, one provider called assurance wireless, you probably heard of them before, offers a free Android device, along with free data, free trial. 16 and minutes now, this is all in this Forbes magazine article. So it sounds fantastic, right? smartphones can be expensive. Even if you buy the ones I say till I say don’t buy, right like the Android phones, they can still be expensive, and they can still be $1,000. For some of these phones, it’s not a cheap deal at all. But according to some researchers, the article goes on. There’s a catch. The Android phones come with a pre-installed Chinese malware, which effectively opens up a backdoor onto the device and an endangers their private data. One of the malware types is impossible to remove, according to the researchers, and now the researchers here, our company called malware bytes. If you have bought one of my courses before you know Malwarebytes is one of the pieces of software, I recommend that you get it Not perfect right, but it helps much better than antivirus software, right? My gosh, did you realize antivirus software today? Today is effective against zero percent of the newest attacks is zero percent right, so having Malwarebytes is probably an excellent idea. So Malwarebytes said that they tried to warn assurance wireless, which is a Virgin Mobile company. And assurance wireless never got back to them. These devices that we’re talking about have a backdoor and one that looks like it’s impossible to remove. Those companies are still are those phones that are still out there. Man. So Forbes then after they found out from Malwarebytes about what was going on, Forbes reached out as well to assurance to wireless. Nothing happened. Okay. Then apparently, after the initial publication, this article a spokesperson for Sprint, which owns Virgin Mobile, and assurance wireless said, we are aware of this issue. We are in touch with the device manufacturer, unit max to understand the root cause. However, after our initial testing, we do not believe the applications described in the media are malware. So there you go. Chinese spying on Android smartphones. Well, that’s nothing new. Having your phone coming pre-installed with malware. Hey, didn’t we just talk about that a few weeks ago, how the latest releases from some of the major manufacturers of Android come pre-installed with over 100 vulnerabilities? So again, don’t buy an Android period. Anyhow, let’s see if the Craig Peters song. And here on WGAN online and Craig peterson.com. And we’re going to talk about the ring controversy when we get back So stick around.
Hey, welcome back, everybody Craig Peterson here on WGAN and online at Craig Peterson dot com. Thanks for joining me today. I appreciate it. We enjoy putting the show together, getting the information out helping everybody understand what’s going on in the world of technology, you know, and I try and not use some of these industry terms that confuse people. And I’ve been told many times, that’s one of the reasons people love to listen and to watch, and you can do both online at Craig Peterson dot com, and you can find me almost guaranteed in your favorite podcast app. No matter what it is. I’m pretty much there. I’ve been doing this whole podcasting business now for upwards of 20 years. So I am out there, and I appreciate every listener. Hey, if you enjoy the podcast, If you’re listening to this podcast on TuneIn, make sure you spend a minute if you wouldn’t mind and go to Craig Peterson dot com slash iTunes. Now iTunes is the 800-pound gorilla still in the marketplace, and they do a lot of statistical tracking. Go to Craig Peterson dot com slash iTunes. And if you would give me a five-star review, let me know what it is you like about the show, the best things. Hopefully, we can get even more people signed up. But I’m also on tune in, and I heart and all over the place. So you can go to Craig Peterson dot com slash, your favorite, whatever that might be tune in, and it’ll take you right there, and then you can subscribe to the podcast.
Well, we’ve talked many times about this general problem, and this is called the Internet of Things. What are you supposed to do? What is Well, we’ll start there very briefly for those that aren’t, you know up to date on this, because it is changing all the time. The Internet of Things now includes some of your clothing, yes, computers embedded in your clothes. Computers are built-in to the newest televisions, obviously, and into the refrigerator and your washer and dryer. At the Consumer Electronics Show, I saw some of the kitchen appliances like your stove, right? You no longer have to turn that knob on the stove.
Now you go to an app, and you get your phone out, and it’ll turn on or turn off whatever. That’s the Internet of Things. The Smart light bulbs that we have the turn on and off the at the front door where you have maybe used to have a key, and now you can hold your phone up near that’s the Internet of Things. Now, it brings about a whole lot of significant use cases and, and I love the Internet of Things. I have some of the devices at my home in my office that is all connected to the internet. And there’s a good reason for it. And it works well for us. So that’s the Internet of Things. Ring, which is a company that was acquired by Amazon a couple of years ago for $1 billion, is a security company. And their claim to fame was this video doorbell that they made, and they still do, and it’s even still called Ring, and it’s now being sold by Amazon who owns the company, as I mentioned. And the idea is you replace your doorbell on the front door, side door, whatever it might be with this little ring device. And the ring device has built into it a camera, and it’s also hooked up to the internet. So if someone rings the doorbell, it will go ahead now, and it’ll pop up and alert on your phone. And it’ll say, hey, someone’s at the door. Now you can not only look at the person at the door, and know that they are, who they are you can talk to them, you can hear what they’re saying, you can go ahead and respond to them, have a conversation with them, whatever you might need to do. And then there are other ring devices now, and other devices in your home so you could unlock that front door. And Amazon has a service now that is used primarily in the bigger cities, where they’ll walk into your home and leave the package inside by using a unique door lock that they can unlock.
I don’t know about you, Walmart is doing the same thing. With Walmart, that door lock is exclusive again, but Walmart will only use employees who have been with Walmart for more than a year and have a spot free record. Now that makes sense to me. You don’t just want anybody walking in. But I don’t want anybody walking into my house. So the idea behind Ring is you can be on that beach, you can be at work, you can be picking up the kids doesn’t matter. And you know who has been at your home. So if you got a porch pirate, you can go back and look at the video. You can even turn it over to the police, which is where part of this problem starts. Because Ring has been doing some things that a lot of people say whoa, wait a minute now. Ring has stored all of these video recordings from the front doorbells and storing it in the cloud. Now just because it’s in the cloud doesn’t mean everyone has access to it, although we have certainly seen that with some cloud databases, which I believe is the problem that Ring had. So what happens then? Because now all of the videos that your ring devices have captured is online.
Another problem that these companies had (Ring, Amazon Alexa, and Apple Siri) is that some contractors were looking at these video files listening to the audio. And people thought that was a terrible thing. Oh, you know, frankly, that’s not a terrible thing. Because how are you going to make the voice recognition better? If nobody verifies the voice recognition, right? You have to have somebody listened to it.
Well, in Rings’s case, it turned out that some of their devices were getting hacked. Now we know this happens with the Internet of Things devices. Most of it’s like 90 95%. I think all of the security cameras that we have in the United States get manufactured in China. Many of them are eminently hackable. I mean, in a very, very big way. So, if you have a device that’s hacked, what does it matter to you? Well, it mattered to some of these people who claim someone hacked that their Ring device because they had a camera in their kid’s room. And the bad guy took over the camera and started having a conversation with their kids. Now, if that’s not a problem, I don’t know what it is. Remember the LA Unified School District with their laptops. And the cameras on the laptops are being turned on remotely by their IT people at the school district. And young ladies had their laptops open in their bedrooms while they were getting changed. Think about the consequences here. They can be pretty steep, and there’s no question about it.
One of these days, we’ll make a comparison of some of the smart devices that are out there. As far as things like smart-speakers go, Amazon has been excellent. They design their echo devices to have a hardware limit on them. So they can’t just sit there and listen, unlike Google Home. There are some malicious apps on Google Home that could sit there and listen for hours on end and stream everything said. They heard streaming it all up to the internet. Okay, so Alexa is kind of the way to go there. There are these people whose kids’ rooms now had hacked cameras and microphones and speakers going after the company. And in November senator Ed Markey, Democrat from Mass said that he wants to make some changes to something else that Ring has been doing. The other thing the Ring did was cooperating with police departments. What they’ve been doing with the police departments is sharing the video, live video as well as recorded video, from the doorbells, hopefully just the doorbells. The police are doing an investigation in the neighborhood. The idea is, hey, we can grab. They’re up all this stuff from all of these different cameras. We can see this car that went through the neighborhood and spied on people. Right? Maybe, someone marking to come back to later and steal things. Now, that sounds perfectly reasonable to me. The problem was that people didn’t know it was going on and didn’t sign up for it. They were not aware they could opt-out of it, which is a huge, huge problem. When you get right down to it, we don’t have the kinds of standards I think that we should have. There are some significant technical flaws in some of these devices. There have been Hackers accused of breaking into ring products, using the cameras and speakers to yell obscenities at customers in their home and harass children. It is an enormous thing, leaving data online uttering racial slurs issue violent and all kinds of extortion threats to residents. So it’s a very, very big deal. Now Amazon responded to these charges, and this was Brian Huisman, an Amazon vice president said they take customer privacy and protection of customer data very seriously.
Amazon acknowledged that on for occasions in the last four years, they fired employees for improperly accessing customer videos, and that’s what I was talking about before. Ring used to have it set up so that anyone could access anything. It’s kind of like God Mode over on Uber, where any of the employees could track any movement of anyone using Uber editor. Employees were using God Mode to track celebrities. It was just incredible login credentials, and a breach of more than 3600 Ring account holders last month. That’s personal information. We’ve got to get more careful. If you are a company that has custom software that you’ve designed or that is designed for you, I urge you have it code reviewed. Make sure you are using the highest standards available so that you’re not going to end up in a lawsuit. Ring is going to end up in a lawsuit over this. It’s not just going to be Ed Markey going after him. Hey, you’re listening to Craig Peterson on WGAN online and Craig Peterson dot com. Stick around. We got some more news, this time about cable modems.
Hey, good afternoon. Welcome back. I should say I like Good morning anyways, it’s a better greeting, isn’t it then Good afternoon or good evening or Good night. So good morning, everybody. Craig Peterson here on WGAN and of course online and Craig Peterson dot com. We are also putting all of the show up on YouTube and Facebook. And you’ll find all of that if you dig a little bit over on Craig Peterson calm, so hopefully, you’ll be able to check it out over there. Now we have Greally seen a lot of security problems this week. You might even call it kind of a week of security problems. So just started with just a quick reminder to get everything patched up significant issues with Microsoft this week, and Firefox as well. Now the Microsoft problem was so severe that they released a patch for Windows the same day they announced the bug. They kept everything under wraps, which is how they try and do it. Typically someone will report it. Usually, they’ll give 30 to 90 days to the vendor to get it fixed before they all kind of open source it before they tell the world about it. They want the vendor to fix the problem if it’s a white hat guy, right? Of course, this time, had the NSA involved. And they did wait until Microsoft had a patch. But sometimes these vendors they’ll sit on it for six months or more. And so they the guys that discovered it, say Okay, forget about it, we’re just going to go ahead, we’re going to release it out into the wild. We know everybody knows, you can usually expect attacks within a month after that happens. So make sure you patch up and patch up soon. You should have automatic updates turned on. We’re going to be discussing this during the training that’s coming up here in this course. It is going to be phenomenal. Let me tell you, but some of the free training, we’re going to talk a little bit about that. We can’t do this on the radio because I want to show you screenshots and where to go and what to do and how to do it. But make sure you have that all turned on. Okay. So now let’s talk about our next article of the week. And this also has to do with the security problem. Now, if you are a listener to any of the radio shows that I’m on if you listen to have Jeepers, all over New England, any of these stations, you know, this week I was mentioned, I was talking about this problem with cable modems. And there are some huge, huge issues with them. And, you know, we got to be careful when it comes to our networks because that’s how the bad guys get in and once they’re in whether they came in on your system. Or they came in on that little thumb drive these stuck in the computer. Or maybe they came in some other way no matter how they came in. What we found is they use the network to spread. So what kind of network stuff can you get? What should you do? And most of us want to rely on it. We rely on our cable company, maybe our telephone company, etc., etc. So I’m pulling up right now. I’m just checking some pricing active here on my computer. What should you get? So first of all, this chipset that’s used by several different significant vendors out there, including Campolo, net gear, sage, calm, Technicolor, they have ten different models that the researchers have found are vulnerable, which is not a good thing. And right now we know of over 200 Hundred Million cable modems that are affected. It means if you’re a small business and man, we see a lot of these guys that get a cable modem because it’s cheaper, right? It’s going to save a couple of hundred bucks a month as opposed to getting fiber coming in with real professional gear. Yeah, the professional equipment is going to cost you more, but what’s ultimately going to cost you more if you get attacked, right? Because 20% of the businesses filed for bankruptcy in less than a week.
You know what’s going to save you money. There’s also the problem of you not knowing what to do or how to do it, and that is the reason I have created courses that help explain it to you? But with 200 million cable modems that are open right now in this is a massive, huge deal. So I’ve got an article up on my website talking about this that I got from Forbes.com. They don’t require any authorization these cable modems to analyze what they call their analyzer. And they have two more. Two more of these vendors used an undeniably awful combination of this software and usernames and passwords a new spectrum for the username and the password to be able to get into these. So a very, very big deal. So what do I recommend? I have a lot of this in my, in my course, right, the DIY course that did last year. It’s almost been a year, and I think since I did that course. But what I’m recommending right now, for most people in their homes is something get out a pencil, piece of paper, to text it to yourself, whatever you might need to do. It’s called a net gear, or B or B i. Now, you can find these things at the big box retailers. You can buy it from Amazon, and you can get them all over the place. Now you know, I don’t like Google stuff because I don’t trust Google.
Netgear has not been the best when it comes to security stuff. So they came out that’s the main reason they came up with this thing. The RV allows you to have your main unit that plugs into the cable modem. And now that from that main unit, you can have used a mesh network is what it’s called, you can have other Orbi devices around the house and get excellent coverage. Now in this day and age where everybody’s streaming, the kids have streaming televisions in their rooms. Hopefully, you do not use the built-in Smart TV functions, but you have an external little smart box. But our kids have them in the room, so you need more bandwidth. If you see jerkiness when you’re watching videos and having troubles on the internet, that’s probably why, and you may only be using the old fashioned networks, the 2.4 gigahertz stuff as opposed to the five gigahertz stuff. Orbi of takes care of all of this for you now, it is not cheap. It is also not a professional grade. If you’re a business, you should not be using this, and you should be moving up to the better Cisco stuff. Now, thank goodness Cisco got rid of the low-end line. They Cisco had bought, I think it was next year actually and some of their low-end equipment. And they can confuse the industry because people’s you know, I got Cisco Well, no, really actually when she got was a home-based router, firewall, whatever it was. Small businesses medium, particularly in large businesses, you should have a Cisco network. Juniper doesn’t have anywhere near the security stuff. Palo Alto Networks, nowhere near the security stuff. Cisco is 100%. Okay, so we count me on this. Back to the home users, and the real small business like a small office, Home Office, this Netgear Orbi, a tri-band whole-home mesh Wi-Fi system, is what you want. Three gigabits a second speed. It’s very, very good. It’s this particular model I’m looking at right now, and Amazon is called an RBK 50. It’s a router, and the extender covers up to 5000 square feet. It is two-pack, and it is right now selling for $286 for the pair. You get the main unit, and then you also get another unit that is part of the mesh system that kind of expands the coverage and gives you the coverage you need in this day and age right because we have so much that’s going on via the internet. So this works with all internet providers saying replace your existing Wi-Fi router and extender compatible with any internet provider, including cable, satellite fiber, DSL, and more. It has wired Ethernet ports and parental controls and even pauses device internet access. You can view history usage filter websites for free set online time limit schedule, device internet access, and more for five bucks a month, and they have advanced cyber threat protection. Now, it’s not a tip. It’s not the real commercial Advanced Threat Protection, but this is better than you’re getting from the cable company. Okay. Advanced cyber threat protection, what they call net gear armor. And this is something a bit defenders provided but defenders you probably know something I like. Its network-wide anti-virus anti-malware fraud, phishing ransomware security on an unlimited number of devices, and comes to the free 30-day trial. And this is $70 a year for that service. Now you’re paying per year like if you’re a business and you buy equipment from us, you are paying monthly, and every year we at least right we do major software upgrades we keep the hardware up to date and because we’re using the professional’s stuff from Cisco. They’re taking up literally hundreds of millions of endpoints. They’re watching what’s going on, and we’re providing updates hourly for the commercial gear. Okay, so this is quite good. It’s using, you know, mu MIMO. I’m not a big MIMO fan. Smart Connect for one Wi-Fi name being formed beamforming technologies, which is Primo. What that means is it aims a signal at the device so that it’s not the kind of stomping over itself and stomping all over other devices, which is just fantastic. It has to be Bay to wireless security protocol, which is the lowest you want to use. It’s quite good. Includes guest Wi-Fi access DLS which is a denial of service firewall VPN, Mr. Now we here’s why I say guess Wi-Fi is excellent. You know home always talking about how you’ve got to be careful when it comes to your Internet of Things devices, like your Amazon Echo or your light bulbs or whatever. What you do when you set them up is you configure them to go on to your guest Wi-Fi network, which can still have a password, and then they cannot easily get on to your main Wi-Fi network and go after your computers. So there goes some actionable stuff. We learned that cable modems just aren’t what they used to be, especially the ones we get from the cable company. I’ve got some courses that go into a lot of detail on this, but if you’re kind of a techie person, you can probably figure this out. I brought up that at least right now. I still like this Netgear Orbi. It is a great little device. I’m seeing it at this very minute. Over on Amazon. com on the Amazon business site, by the way, an Amazon business they’re selling it for $286. So good deal all the way around. Stick around. You are listening to Craig Peterson on WGAN. We will be right back.
Hello everybody. Welcome back. Craig Peterson here. Glad you can join us today we are, of course, on WGAN and online at Craig Peterson dot com. Right now, I want to talk a little bit about a problem that you may not have heard about. You’ve probably heard of phishing, and you know, I talked about that all the time. That’s the P-H-I-S-H-I-N-G. That’s where someone sends you an email pretending to be someone that they’re not trying to get you to do something. Often, it looks like it’s from your bank, or maybe a bank you used to have dealings with, and they try and get you to click on something, and that might cause you to download and install something, and now all of a sudden, you are hacked. A lot of times that use this whole phishing thing to use it as a part of social engineering, right? They are trying to get you to do something, so you reveal your password and account numbers to them. Then they can get in, and they approach you and them, you know, make it look like it’s all legitimate and hey, you know, we really want to help you out, and it just doesn’t happen. That is the basics of phishing. If you’re still if I’m not clear if you’re still wondering what that is, just think of that good old standby right, the Nigerian prince scam from all those years ago. I wrote some software to help stop some filters. But that particular type of fishing doesn’t go on like it used to. It’s changed. And part of the reason it’s changed is that our habits have changed. Now, how have our habits changed? Well, one of the ways that they have changed and changed hugely is that they have started using SMS. So you know, we’re on our phones all of the time, these devices are formerly known as cell phones, these smartphones, these computers in our pockets. And if you look at the overall internet traffic, more than half of it now comes from these smartphone devices. So, by the way, if you have a business and you are not using a smartphone first strategy, you are probably missing out and maybe missing out massively. So make sure you handle that right handle that, okay, handle that for me. So, smartphones are a huge deal. Well, the bad guys aren’t stupid. They’re just greedy, and maybe even a little bit lazy. And that’s where we get into this whole concept now of switching from email, where they’re sending you phishing email trying to get you to do something to today, where they have switched over to SMS, where they are trying to get you to do something based on a text. They send you Now, and it used to be that if you send someone a text, the normal text was open within seconds after it was received nowadays. Now, with so much nastiness going on, we very frequently don’t pay attention to the text messages. But they’re doing the SMS phishing, and they’re doing it more. So I wanted to cover five different attack examples so that you can see what they’re doing and what it might mean to you. Alright, so let’s go through them right now. So the first one up on the screen is a smishing. Example. Now. smishing is fishing over SMS. SMS is, of course, texting or a simple messaging system. Okay. That’s what it is. That’s what it was. So the first one is your bank account is locked. So you’ll get a text message. It looks relatively legitimate. And it’ll say from and the biggest example out there right now is the one that’s up on my screen. You can see this by the way, by going to Craig Peterson comm slash YouTube, or Craig Peterson comm slash Facebook, if you’re a Facebook user, you can see all of the videos from today’s show. But it’ll say from US Bank, separate US Bank unusual activity. It’ll tell you your account is frozen.They want you to unlock it, and you want to go to a URL. Now they’re not getting fancy with most of these URLs. And in this particular smishing case, it’s taking them to their site. And then it has a question mark US Bank. So you look at it and say, Oh, well, this is from US Bank. I’m going to the US Bank website. I can click on that. so fast that this is not us banks URL at all. When you’re looking at a URL, which of course, is what the browser uses to get you somewhere, the question mark just means pass this through to the program that’s running on the original website. So there you can use it as a tracker saying, oh, wow, our US Bank submission attacks are working well, right now much better than the XYZ bank. So we’re going to send out more than with the US Bank. Okay. So that’s that after that question mark, in this case, is used for tracking but not always, right? There’s a there are excellent legitimate uses. Not that tracking is not an illegitimate use. But in the case of bad guys, it’s illegitimate. So that’s number one. Number two is an urgent message about your credit card. And in this case, it’s claiming to be from American Express. So if you look at this on the screen, you’ll see it’s from Amex. the message, which there is no such thing, right. And as you got a card alert and noticed the URL on this. It’s WW, Http colon slash slash, www dot American Express dash message.com. So let’s break down that URL for a little bit here. First of all, it’s HTTP and not HTTPs. It doesn’t matter a whole lot to you, if it’s a scammer, because what they’re trying to do most likely is avoid some of the tracking ability that’s inherent in an HTTPS request. To be able to have an SSL certificate or a secure server certificate. They’re going to have to at the very least go to a website and get a free certificate, and it’s going to do a double verify, making sure they are who they say they are. That’s going to record the Right. It’s just a big hassle. So they’re not going to bother doing that HTTPS thing. So that’s why it’s HTTP more than likely. And then it says www dot American Express dash message.coYou see that part? Well, again, that is not an American Express URL, not that you know, right. And not that you can verify when you go there. When you go there now, they kind of have Yeah, now in SMS, once you see, and you click on is where you’re going. It’s not like in an email where you can kind of hide what the real URL is people are going to, and it’s going to show you the whole real URL. And when you get there, it’s not going to know anything about you. But it’s going to look like the American Express website. And it’s going to have the login and password, and you’re getting a card alert. So you’re going to go there you can enter your username you can enter in your password. And tada, you’re out of luck. Because now they have a username, password. And then they might redirect you to the real American Express website, and you have to log in again. You say, Well, that’s weird. And you go on with life. No big deal. Well, in reality, what just happened is you gave it to them. And they’re all set. So they’re going to send you on over to the American Express website. And then you’re done. Okay, next one up on the screen is you won a prize and click here to get it machine attack. You can see this one appears to come from our friends at Walmart. It says the example here on the screen is congrats, Kelly, we printed your code on your last receipt. You are among seven we randomly picked for $1,000 Walmart gift card promotion, and then it’s got a link to a redirect Type site k three x VC dot-info, slash blah, blah, blah, blah. So if you click on that, you’re going to their site. And again, they’re going to squeeze you in this case for some Walmart information, maybe a bank account saying, Hey, we’re going to wire the money to you what’s your bank account number. And number four is, we’re going to have to go through these last two real quick here and pretending to be from Amazon. You can see these up on the screen right now. And this last one is an unusual account activity from Apple support. So make sure you check these all out Craig Peterson dot com slash YouTube, or Craig Peterson dot com slash Facebook. I’ll try and put this up on my homepage as well. You can see examples of these newest mission attacks. Stick around. We’re going to talk about why some of these businesses are not patching and are leaving us vulnerable. You’re listening to Craig Peterson on WGAN.
Wow, can’t believe it man is our last half hour together right now. You’re listening to Craig Peterson here on WGAN. Thanks for joining me and online Craig Peterson dot com. Make sure you subscribe to my email list. You’ll get all of the updates, and my most important videos of the week. You’ll also find out about when the nasties are happening like they’re happening this week as well. Sign up Craig Peterson dot com slash subscribe. I’d love to see you there. We’re going to talk about the biggest problem we as consumers have, we as business people have. These lines cross because businesses are holding our data. With this new California law that’s been in place for consumer privacy and keeping everything information safe, letting us know what businesses have about us and requesting its removal. There’s a movement afoot to help get a handle on our personal information. You probably know that the Europeans passed a similar law, that when in fact that got teeth last year, went in a couple of years ago, just like the California law did last year. And these laws are rolling out all across the country. Massachusetts has it, and the federal government is looking at a law similar to California has to pass on a national basis. So what this ultimately means is, we could be in better shape as consumers and we could be in a lot worse shape as businesses, as we’ve been getting calls from businesses lately about how do I go ahead and protect myself as a business here? What do I have to comply with when it comes to this whole California Yeah, consumer privacy thing, right? Very, very, very big deal. So how do we do this? Well, as a business, the simplest thing we need to do is start at the very beginning, because the California law lots and lots, a customer client or prospect come to you and say, Show me the data you have. But there are crazy teeth in place in pretty much every state now that if you lose their data, you are in even deeper trouble. Look at what happened with Equifax. Look at what happened with TJ x right the TJ Maxx type companies who lost tons of our data Home Depot. Some of these companies had good security tools in place, but their people did not know how to use them. They couldn’t read the reports. They had multiple vendors tools in place, and they didn’t have just a single pane of glass. Lastly, they didn’t have the type of automated systems that really can get rid of the false alerts. Man do we are there a lot of false alerts, every day hundreds of thousands, my company it for our clients we get 10s of thousands no think of it of these alerts every day. Oh my gosh, it’s crazy. So you as an individual, whether you are just all just right, but if you are a consumer, or if you are a business, you have to patch now it’s painful I get it. It is in nowhere near as painful as it used to be, you know, you used to install the windows patch and, and it was like putting your marble on red and Vegas, right? The odds are what 5050 not even quite that you’re going to win it, it’s crazy because you would install a patch and your machine Wouldn’t boot. And so now you had to spend days sometimes trying to figure out, Why won’t my machine reboot? What can I do? I think I’ll get a new machine and move my data over. Make a good backup and write all of this stuff back and forth. The pros and cons. So how do you do all of that? How do you make that happen? Well, today, it’s a lot less of a problem. Most of the time, when Microsoft releases patches, you’re okay. It’s not like the apple environment with a Mac where it’s scarce that you ever have a problem with your Mac, okay, with an upgrade. It’s sporadic. So keep that in mind as well. And now, let’s go back to this. So if you are a big business like an Equifax and you find out that there is a major security problem with, let’s say, some of the middleware that you’re using. Now middleware is the stuff that sits between the front, which is typically the way site or your customer service people, and the backend, which is typically your set of databases. So that’s your middleware. So let’s say that there’s a patch for the middleware, which there was. And you look at it and say, Oh, my gosh, this middleware changes. Because usually when they issue a patch, it isn’t like, Hey, this is just a patch, install it, and you’re fine. It’s usually a hey, we’ve made a bunch of changes to improve things in our middleware, or our software and our web browser or web server software. We’ve made these changes. And as part of this, by the way, we fixed this other security problem. So when you as a business person now who have complex systems in the background, and you’re trying to do an upgrade to make sure that middleware is up to date, or that database software or that front end software is up to date. It may not work properly anymore. It probably won’t. Now you have to spend a bunch of engineering time to figure out what do I have to change? What other components do I need to modify? How can I make this whole thing work properly again, and that can cost you a lot of money. So what a lot of businesses have been doing is burying their heads in the sand. Hopefully, that’s not you, but burying their heads in the sand. All of a sudden, before you know 200 million US citizens, data is out there. You have all of this inside information about people because your Equifax right now people lost jobs when it came to, to these hacks I just mentioned earlier, and that’s probably a good thing. But I also empathize with them because I do outsource CISO, chief information security officer tasks for people. I can tell you most of the people who are in these positions have in their drawer, right there next to them, their resume. If they do get hacked, they’ll pull out the resume and start shopping around again because they know it’s over with. And yet they could not get the authority from the business to do the upgrades and the updates. So I have done this myself. You sit there, and you say, Oh, my gosh, what’s the win here? It is not going to generate more revenue by doing these patches. And I’m just one of what millions of companies worldwide that using this software, open-source or otherwise, probably nothing that I need to worry about. So forget about it. I’m not going to mess with it. Have you fallen victim to that I know I have, and that can end up being a problem and a real problem depending on who you are? So pay businesses is upgrading. Sometimes it’s because they don’t know, which by the way, is another reason to be on my newsletter list. It’s free. But every week now, we’re telling you here are the top problems that are out there right now from a security standpoint that are being exercised right now by the bad guys in the wild. And if you don’t have these patches done, you are in deep trouble. So that’s easy to do just credit Peter song.com slash subscribe, and you’ll get those types of things. But we’re looking right now this particular article that came from secure World Expo, and they’re talking about Paul’s secure VPN, which we don’t use for any of our clients. We have a much much better VPN software from Cisco. But anyways, patches came out for this a long time ago. months. In fact, and it turns out that most organizations have not done the patches yet. So be very careful here. If you’re a member of a board of advisors, a board of directors if you’re a business owner, if you have questions, reach out to me at Craig Peterson calm, I’ll do what I can, but you have a responsibility. And now, it’s fiscal responsibility. Coming June this year, depending on what kind of manufacturer you are, there are criminal liabilities tied into this including, ten years in prison. So hey, guys, pull up your socks and start taking this seriously. So you’ll find me online. Greg Peterson dot com, and, of course, I’m right here on WGAN and make sure you subscribe to that newsletter. Craig Peterson dot com slash subscribe. We’ll be right back.
Hello, everybody, Craig Peterson here. Welcome back. Wow, the last segment of the show today. It’s just going by fast, and I love it. I’m so excited about everything now. We have so many, so many things that are going to help you in the works right now. It’s just been a phenomenal, phenomenal time for all of us here. So thanks for joining us. I want to do a quick review of what we’ve covered today. So let’s go back here. I got my slides up. And we’ll go right back here. So we started with some of our training and tactics. And we talked about technology and how it can only protect us so much. And in fact, part of the problem we have is the wetware. It’s you, and it’s me responding to things. Next up, we talked about some zero-day browser vulnerabilities. And in this case, we specifically were talking about Firefox and significant weaknesses this week in Firefox. And I told you what version of Firefox you should be running and what you need to do for the windows security vulnerabilities was exposed this week by the NSA. So you know, congrats to them. By the way.
Here is your free phone, right? The Obama phones while it’s not Obama’s phone, it goes back for decades now, this program that we have in place to help underprivileged people who don’t have much money, who maybe need some way of contacting their doctor, etc. Well, it turns out that some of these phones from one manufacturer, in particular, come with malware pre-installed. We explained what’s involved, who the manufacturer is, who was involved, and the research company. It is like I say if it’s connected, it is hackable. It has to do with our ring doorbells with the security cameras that we’re always using. And that even the federal government is having trouble getting rid of these Chinese made security cameras because also though the name on the outside might be a US company, the odds are terrific. That inside that camera is Chinese technology that imminently hackable or even worse, is wide open, or comes with a pre-installed piece of malware. We’ve seen that before — routers, significant problems with over 200 million routers right now. Completely compromisable. I gave you my advice on routers, what it is you should be getting for your home, for your business, and how you should be configuring them. I also told you how to keep all of those Internet of Things devices like your Amazon Alexa or Google Homes or your smart speakers or smart light secure.
What you need to do to help keep yourself safe with all these devices. We also talked about social engineering attacks and how they are starting to affect us. We had a couple of segments about different angles on this one today. I know of cases personally, because these are businesses that are now my clients, where they lost their entire operating account. That’s the account that they use for payroll for paying vendors etc. Money was gone. And a lot of that is happening via these types of social engineering attacks. We also talked about patching early patching often what we need to do there to keep ourselves safe. And we just did that last segment. And now we’re going to be talking about this new cyberwar. Frankly, it isn’t just coming. It is already here we have seen an uptick of better than 50% over the last two weeks of Iran attacking us. We’ve had these people mostly in Eastern Europe, but all over the world who are coming after us. They’re targeting the elderly, who may not be aware of things are small businesses, etc. We’re used to that right. The big companies where they have been attacking for a long time have tightened up their security belt so, and now they are going after the small-medium businesses. Iran is doing something different than what we have typically seen. And instead of stealing our information and emptying our bank account, they’re going after businesses, specifically to destroy them, destroy the company, because they want to hurt the United States economy. What a more accessible way to dam the economy, then going after the small business people, because we are the ones that create the majority of new jobs, we’re the ones that do the real research and development. These big companies now they don’t bother spending real money on r&d anymore. They wait for some startups to succeed. They wait for that industry to settle down, and then they buy the winner. That’s what they’re doing. It’s us, we do the jobs, we take the risk, and I’m afraid we’re taking a little too much when it comes to risks because of these bad guys out there. So I wanted to spend a few minutes going through the top 10 attacks that are enemy friends, I don’t think there are friends, and I don’t quite believe there are enemies are doing in Iran right now to come after us. Okay, so we need to understand this pretty well. Number one, they’re doing what is called credential dumping attacks. The article Secure World Expo goes through some mitigations, and it is excellent. I’ve got it up on my website at Craig peterson.com. Make sure you check it out because it’s a literal checklist that you can go through to help mitigate some of these Iranian attacks if you’re a business person. So number one.
Based on the US cybersecurity infrastructure Security Agency, the CIA NSA. They are MCC credential dumping, and they want you to manage your access control list for replicating directory changes and other permissions that are associated with your domain controller. So if you’re using Microsoft domain, which I’m afraid a lot of people are using, it’s one that whole battle right actor directory server. You’ve got to consider that NTLM a challenge-response authentication protocol, but I don’t want to get into detail here because I don’t want everybody to disappear. There’s a whole list here with four or five different things, how to detect obfuscated files or information attacks. Now, this is something that that you and I could see. I’ve seen this on hacked systems before, too. So what they do is they’ll, they’ll use a file name that looks legitimate, or maybe it is hiding amongst a bunch of valid files. That starts obfuscation. Gating is right, trying to try to hide something. It’s what the government has, right? Information attacks, anti-malware scan interface MC on Windows 10 to analyze command. You know, that particular router is great, because it doesn’t look as though coming in and out. It is trying to protect you from some of these external threats, including you downloading stuff you shouldn’t. But if that data that you’re downloading is in a zip file, or it’s compressed some other way, or it’s in a zip file that is encrypted. That kind of low-end hardware can figure out what’s in there. It’s It takes the more commercial stuff to figure that out. So if you are a business, make you correctly set up your firewall. Use a next-gen or real next-generation firewall, not what many of these companies go yo next generation because, yeah, this is our fifth version. Well, that doesn’t mean that it’s able to open up zip files as people are trying to download them and examine the contents of it to see what it’s trying to do. Okay, so make sure that’s turned on PowerShell it. It is one of my pet peeves, you know, come on Microsoft, again. There are industry-standard shells out there. They have been around for 50 plus years. I’ve used them in the Unix world forever. And so Microsoft comes out, hey, there’s a whole new idea here, use a command line. We’ve got power shell, and they change it all up. It just drives me batty. But anyhow, significant attacks on power shells, you go Got a lock that all down something that we can do for our clients as well. We’re starting to do that more and more user execution attacks. So application whitelisting something you might want to do detection, scripting attacks, remote file copy attack. It is what Iran is doing right now. Spear Phishing link attacks, spear phishing, attachment attacks, registry run critical startup folder attacks. Okay. So this is the top 10 ways Iran is launching cyber attacks and how to detect them right from the US cybersecurity and infrastructure security agency.
Make sure you follow up on this if you are the IT person for your business. If you have any questions, I’m always welcome the questions and here to help, and I try and get back pretty quickly to people. I can send you a link to this article. You’ll find it at Craig Peterson dot com, or you can email me at Craig Peterson dot com. Now you might be asking if you’re only a regular home user, and you don’t know anything about it, what should I do? The simple answer for you, get a Google Chromebook. I know you know that I’m not a big Google fan.
The basis of the Chromebook is not Windows but Linux. And it is designed with security in mind. And Google is automatically applying patches to things. It is what security researchers use all of the time, Google Chromebook. So look that up. That probably should be your next laptop. Now you can still edit Word documents and Excel spreadsheets and things. But you won’t be using the Microsoft tools to do it. You’ll be using the Google tools to do it. Okay. And they come from you can find them as cheap as $150 for a laptop which is a pretty good price up through 1000. And even North the net for the longer battery life for just all kinds of very cool features. Samsung just released a very nice one out at CES that I love to get in my hands. Okay? So check that out and think that through. That’s my advice to you. If you are starting or you are, you know, maybe you don’t want even to learn the IT stuff. I want to thank you for being with us today. And I want to remind everybody you need to be on my newsletter list. And the only way you can get on there is by going to Craig Peterson dot com slash subscribe. I send out a weekly newsletter. I am not going to hammer you. I will tell you about the training I am doing that’s coming up and different things that we’re doing to help the community all of that online Craig Peterson dot com. You’ve been listening to me on WGAN and, of course, online. Thanks for being with us.
Transcribed by https://otter.ai
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: