Cryptocurrency Downfall, Apple Closing a Loophole, Windows XP -What to do if you still need it: TTWCP Radio Show- 2018-06-23
Facebook is sharing your data and your friend’s data. What Apple is doing to prevent this.
Are you still using XP? There are companies who are. They have embeded systems that run XP. So what can they do. Craig tells you how he handles it for his clients.
Craig is putting up a new membership site (Yes, it is free, but you have to sign up) On it will have all his special reports that he puts out and you will be the first to get them.
- Critical Patches Issued for Microsoft Products – HIGH THREAT
- Microsoft Confirms New Windows 10 Cumulative Update KB4284835 Issue
- More Reports of Windows 10 Cumulative Update KB4284835 Failing to Install
- Unbreakable smart lock devastated to discover screwdrivers exist
- Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months
- Blockchain’s Once-Feared 51% Attack Is Now Becoming Regular
- Bitcoin’s Price Was Artificially Inflated, Fueling Skyrocketing Value, Researchers Say
- Apple Tries to Stop Developers From Sharing Data on Users’ Friends
- Multiple Vulnerabilities in Microsoft Exchange Server Could Allow for Information Disclosure
- The big picture: We’re getting closer to AI doctors
Airing date: 06/23/2018
Cryptocurrency Downfall, Apple Closing a Loophole, Windows XP -What to do if you still need it
Craig Peterson:[00:00:00] Hello Everybody, Good Morning, Craig Peterson here. Today we’ve got two major topics, I’m sure are going to interest you. If you or anyone you know has been buying and are using things like bitcoin, we’ve got a lot of news that we’ll be talking about today. Also, we are going to be talking about a couple of major security issues here. Why the military can’t quit, Windows XP and should you. If the military’s not doing it, well they have a plan. We’ll talk about that and what Apple is doing to help make sure that the problem that just happened with Facebook and their developers doesn’t happen on the Apple platform. I think they’re going to do a very good job of that. So welcome, and here we go.
[00:00:50] So, we’re going to start by talking about blockchain technologies. Now, these are the technologies that are used to make things, like bitcoin, work. The whole idea behind block change technologies is that you have well, to kind of think of it like, a regular ledger that you might have an accounting. You’ve probably heard of double entry accounting, where things are balanced, right, they’re balanced back and forth between, you know, the receivables and payables. But even more, it gets right down into; this money showed up in the bank account, that completely negates this invoice. Therefore, we know everything’s balance right, and you know if you want to know more code talk to an accountant right. Well, those types of ledgers can be copied. They can be shared. We’ve seen them in movies before, where they’re used by bad guys to try and cheat people out of money. Let’s, put it that way.
[00:01:45] And that’s a problem. But, when we’re talking about bitcoin and blockchain here’s how it works. How do you know a transaction is valid? How do you know someone has some of this money that’s out there? Well, they do it through a system of ledgers, and there are a lot of ledgers. In fact, when it comes to blockchain technology, the idea is that every one that uses a blockchain technology at all, anybody has a copy of all the ledgers. Now you don’t know who the people are, necessarily, all you have is a wallet number. So, you know I’m sending money from here to there, and then all of that information is then distributed and shared with everybody else on the blockchain. So, it’s cool technology; banks are starting to use it now, where they are doing with the overnight lending they’re sending money back and forth. And they need a way to verify that transactions occurred and who got the money and the overnight rate was it at etc. So, that later on, they can go back and get down to it and figure out all of the details. Well, when you’re talking about a ledger like this, where everybody’s copy of the ledger needs to agree. That’s impossible. Some people are going to have a machine that’s offline, some people’s hard disks are going to crash, and they are going to lose their ledger. So, you can never have 100 percent of these ledgers agree with each other. So, how does it work.
[00:03:26] Well, the idea here is that 50 percent plus one of the ledgers have to agree. And, that’s pretty good when you think about a bitcoin, for instance, you’re talking about having thousands. Ten of hundreds, of thousands, of ledgers that are out there and they all have to agree. Now, there is a problem with this, in a few different ways. One is the amount of time it takes, but we’re not going to get into that, for the ledgers to become insane. And, even to distribute the data, well, that 50-plus-one-person percent is a problem because theoretically, you could have an attack where someone can somehow modify half of the ledgers that are out there. Well, guess what, here it turns out that this very well-known attack vector has been used. Look at the mono coin, Bitcoin Gold, and Cass Virge, and light coin cash. All of those have had, what’s kind of the crypto equivalent of, a bank heist. It’s interesting because there’s another article that I have in front of me and we put up on the website, that looks at this and see, that in the last six months, there has been one-point-one-billion dollars worth of cryptocurrency stolen, oh think, about that for a minute. What was thought to be the strength or one of the major strengths to these cryptocurrencies, which is that you have to have all these ledgers, and the ledgers have to be pretty much in agreement? And all of that information can be hacked. Now, how is it getting hacked? You know are we talking about people breaking into hundred-thousand-million-plus machines, to manipulate those ledgers, and move that currency, that cryptocurrency, into the black hats bank account.
[00:05:32] No, actually we’re not, and it’s kind of smart the way these guys are doing it, here. There’s an article I put out from NYU computer science researcher, Joseph Bonneau, and he released research last year where he went through and came up with estimates of how much money it would cost to execute these type of attacks on the top. Blockchain that is out there right now by simply renting power, rather than buying all the equipment and he concluded that these types of attacks were likely to increase. Of course, as we’re talking about right now, it turns out he was right. Here is a quote directly from him when he was talking to Koine desk, he said “generally the community thought this was a distant threat. I thought it was much less distant and I’ve been trying to warn of the risk even. I didn’t think it would start happening this soon.” So, there is there is a huge problem. You know, I have never been a proponent of these cryptocurrencies, for a lot of reasons, or one of them is the fact that they’re not secure enough, and this has now been proven many times this year with at least a half a dozen different cryptocurrencies, OK. So, it’s pretty bad. There’s also another problem.
[00:06:56] You can’t prevent someone from spending the same piece of data five or even a thousand times, at once, without trusting the third party to do all the dirty work. So, you’ve got miners who are the people who are using the machines that are running the blockchain software looking for these highly complex mathematical numbers. So, they are consuming electricity, making sure no one’s getting money’s stolen, and this article is interesting if you are or have been thinking about getting into it at all, have a look. Have a look at the report that came out in this case. These guys in this one case, they were able to amass more than half of the network’s power. We’re talking about computing power here. The Bitcoin Gold attacker was able to double spend to very expensive transactions, sent to an exchange. So, it goes on, and Cass explains Amol, how even small coins are at risk. This is huge, it’s really, really, huge and it’s called a 51 percent attack, although it’s 50 percent plus one, and we’ve got to be careful of it. I have another one that’s up there, right now, on my website called Healthcare Info security. It is the place that I grabbed this from, and it’s showing again, evidence is continuing to mount, the cryptocurrencies seeking criminals are no longer bent, solely on boosting bitcoin or demanding rent, demanding ransomware, but in actually stealing it, directly by being able to get in showing in here from carbon black. The top 10 currencies that are out there right now, of course, this is not surprising to anyone, but bitcoins number one, the 3M RIPL bitcoin cash-like coin, etc. goes on and on. Now Carbon Black says it’s found at least one-point-one-billion in cryptocurrency related thefts since December 2017, and right now when we’re talking here, June 2018. So, the crypto thieves are black hats are leveraging malware phishing attacks, fake advertising campaigns, and they’re just repurposing old tricks. People are falling for all kinds of cheap attack tools, you can get them from anywhere, from a buck to a thousand dollars. It goes on, Krypto Jack and attacks are continuing.
[00:09:29] So, we’ve got a couple more here on the bitcoin stuff before we get into what Apple’s doing to try and stop developers from sharing their data and also about Windows XP. Believe it or not, it is still in use today, and XP came out a very long time ago now. Bitcoins, price now, I mentioned this on the show about a year ago. I think we were talking about bitcoin and how there was a lot of fishy stuff going on when it was launched, and it looks like a couple of guys were involved, and they were able to get bitcoin up to 1000 dollars per coin very quickly, and it appears insider trading may have been happening. We talked about some of the rumors that were out there, and now we have a little bit more of a solid piece here. This is from the New York Times dated March 30.
[00:10:27] And of course putting this all together today, because we are in a mode of talking about bitcoin, today we’re going to kind of cover that thoroughly. So, this article was saying that a concentrated campaign of price manipulation may have accounted for at least half of the increase in the price of bitcoin, and other cryptocurrencies last year. Now, this is according to a paper released at the end of March. It’s an academic; he has a history of spotting fraud in the financial markets his name is John Gryffen, finance professor over at the University of Texas. Isn’t that interesting, here. So, the price the value was driven up artificially and remained artificial because once you get started, that way it just keeps going. Now, it was being manipulated, it looks like, by at least partially backed Livity at Phoenix, it’s largest and one of the least regulated exchanges, in the industry register, in the Caribbean offices, in Asia, and it was subpoenaed by American regulators shortly after article started to appear. Talking about, but halted the digital flow of tokens, in and out of the exchange what was going on. Why were these tremendous price increases happening, last year, and, this paper indicates that manipulation played a large part, in those price increases? So, it’s a very, very, big deal.
[00:11:59] Yet, another reason to stay out of this, if you need another reason.
[00:12:06] To tell your friends, your family, or yourself not to get involved with this. Bitcoin is selling off this year, and they’re concerned that this decline. Could cause a lot of damage in the financial markets. So, Bitcoin is now, nearly a third, of its record high that was reached just six months ago. It’s dropped by almost two thirds. Isn’t that just crazy? So, they’re worried that bitcoins, the bursting bubble could spill over into the equity market. Here’s a quote from Matt Maylee. He’s a strategist over at Miller Tabak, yeah. Miller Tabak, there are things to be concerned about regarding the stock market here with emerging markets and other issues, but I don’t think bitcoin is going to be one of them. And he understands the fear or the steep rise and fall in bitcoin prices; it’s very reminiscent of the 1990s dot-com bust, he said. But the difference now is everybody’s investment wealth. It’s a very, big deal. Everybody is talking about both of those things when they’re in the bubbles. So, it’s looking here, if you look at that article again, we have all of these up on the website, and this particular graph is from CNBC, but it’s showing the correlation, between what happened with our tech bubble and what’s happening with bitcoin. So, keep an eye out for that. This could be a very, very, bad thing.
[00:13:43] Now, we all have heard about Cambridge Analytica and what they did with the Facebook data. They were getting information about friends of friends they were using it, they were manipulating it and, of course, before that eight years, well ten years ago now, the Obama campaign got the information on every Facebook user, worldwide, and of course, there are particularly interested in the United States.
[00:14:08] So, we have a history now of abuse of your Facebook data, here, that stored in social media. So, Apple’s been concerned. You know, they are probably one of the number one companies, out there, when it comes to trying to make sure you retain your privacy, right. So, Apple came out with new rules just last week for the developers. The idea is, to limit how developers use information about the iPhone owners friends and other contacts. So, there was a bit of a loophole, the lead app makers store shared data, without people’s consent. That loophole is being closed. Now some of the apps that you might use, I use like a contact duplicate merger and things those should still work, but they have to keep the data on your iPhone. This whole practice of trying to get information about your contacts has been used for years. When you sign up for Facebook what does it ask for? Hey, is it OK if I help you find your friends on Facebook LinkedIn did the same thing, and now that Microsoft is running it, it is done even more.
[00:15:18] Right. Double time here. So, this isn’t new, but Apple’s new strategy is new. Apple has, of course, the world’s, well one of them right, the world’s most popular smartphone operating system, Android is more popular. But sharing data, as in a friend’s data, without consent is what got Facebook into trouble. They announced all of this at their developer’s conference, a little bit earlier this year. Contact List abuse is what it’s been called, and it’s a huge ecosystem and this will make a very, very, big deal. Interesting article. Want to get into more detail, if you are a developer if you have an Apple iOS app, and a lot of businesses do, make sure you double track this. As far as businesses going with developing their apps, I have got to mention something here, and this is a little self-serving. OK, I’ll say that up front. But we are, my company is the only one that can sell this particular software, and right now, anyways, and that’s why it’s self-serving. Apple and Cisco got together to try and solve a major, major, problem.
[00:16:35] The problem is if you’re a business, how do you keep your data safe when it leaves the office?
[00:16:45] So, if you have sales people they need access to your data. Don’t you think if you have somebody, who has some financial information, they need access to your data? Not all of them, but some of them do. So, how do you control that? Well the way most companies have dealt with it is, they buy some software, and that software runs on that iOS device or that Android device and all of the company data stays within that one. App. One app. So, if you want to use company email, you are using that app to send and receive email. You cannot use any other app; if you want to get into your customer management system, you have to use that app. If you want to get financial data, you have to use that app. If you want to get at your files, you have to use that app, right. So, you’re stuck in this one app, and people have hated that for a very, very, long time for good reason. However, the main reason they had to do that was there was no way to have a check and balance on the apps and what they were doing on the phone.
[00:17:56] Now, with iOS, you can remotely manage, and we do remotely manage iOS devices for businesses. You can, too. There’s even free mobile device management MTM. There’s free mobile device management software out there that you can use, depending on who you are and what hardware you have and what vendor relationships you have. So, look into that. But, all that lets you do is control what apps can be installed. It doesn’t control the flow of data, between the apps, including the flow of data between your apps and what’s happening with your business data. All right, So, I said this was self-serving because we’ve got a got a solution with Cisco and Apple that’s been developed and works great that allows us to control all of the flow of data. Think about the military type system. Think about the Orange Book in the old days, right. How have you compartmentalized the data? And how you don’t have your private home server for Clinton e-mail dot com, right on. Now, we found out Comey did it too when he was investigating the Clinton e-mail scandal, where he was using Google Mail. It doesn’t and does it.
[00:19:10] It’s nutty. So, that became a problem and more of a problem. It just goes on and on. So, with this, you can control everything. And, I think you have to I think we’ve got to start controlling the apps which don’t know what the developers are doing. But you might have a look for this out there. It is available for iOS. It is not generally available right now. We’re the only ones in the world that can sell it. I guess that means, we’re just kind of cool. But, I guess the other side of that is, isn’t it kind of cool that you have a guy, here, that is tied in that tightly, with the security market.
[00:19:50] In fact, I’ve got to go as soon I get off the air, here because I’m doing an interview, that we’re going to be airing, because I’m running webinars for the FBI. Infragard program, which is the infrastructure guard, if you will, for the businesses that have a critical infrastructure. So, I’m doing that right after this. We’re talking about the dark web. In fact, that’s who it will be. I’ll be doing that interview here shortly. You can join InfraGard if you are involved in critical infrastructure. You can find them online InfraGard dot Org. There are chapters in, I think, every state.
[00:20:32] Well, you know Windows XP should not be used, right, don’t even have to repeat that. But the military still is using it. It’s using it in our ships even though the British navy just launched a nuclear submarine a brand-new build from scratch running Windows XP. Now, why do they do that? Well, the bottom line is Windows XP is a known, well-known commodity, very well, known. So, they know where the bugs are for the most part. Microsoft is still supporting it for them at an incredibly high cost, here. But what that means is that the military computers running XP are stuck with legacy hardware. They’re stuck with legacy software that runs on it. So, we’ve got to be careful about this. The rest of the government operations are moving to Windows 10. I think we’ve got all of our clients on to Windows 10 now that are using Windows, and we’re keeping them up to date, obviously, with the patches and we do that all automatically. And we have people that hop on when there are problems, which there are, this week. I’m not getting to it on the radio, but check out my Web site Craig Peterson dot com because there are a bunch of Windows 10 updates and they are not all working. So, I’ve gotten instructions on how to install them which machines are having problems.
[00:21:59] What that means for you and what you should do. So, check that out on my Web site, again, Windows 10 update problems this week. So, they are working on trying to get rid of it; they’ve got Windows XP 2003 other legacy Microsoft products that are out there and the problems just continue to pile up. Now one of the things we have done for companies that are running XP, and you might look at this as well, is we take that Windows XP machine we put it into a virtualized environment, and then we put special firewalls around it with full intrusion detection and prevention. So, you can do that as well, if you’re a business and you’re stuck with Windows XP. We’re doing that for manufacturers, as well, where their hardware, their manufacturing hardware, is running Windows XP. So, we put it in a box, if you will, with all kinds of protection around that. So, keep an eye out, and that’s what’s happening. Make sure you join my mailing list, so you get my weekly e-mails. They come out on Saturday morning, and we have some special reports. Those people who signed up for my insider club here, there is a membership site.
[00:23:13] It is closed but we’ve got some more special reports, we’ll be sending them to you along with information on retrieving them. And that’s something that we’ve offered for free. We shut down that Facebook group by the way because we just won’t get in the activity. I think people are just used to me telling me what’s going on and what should happen right as opposed to the interactive back and forth.
[00:23:36] Although we had some interactivity, and we still have it, multiple times a week, usually it’s via text. If you want to text me, if you want to sign up, if you have any questions, just text me directly 8 5 5 3 8 5 55 53, 8 5 5 3 8 5 55 53 and I’ll let you about any major alerts or other problems that come up, until then, have a great week and we’ll see you online. You’ve been listening to Craig Peterson.