| Cache |
Today there is a ton of stuff going on in the world of Technology and we are going to hit a number of topics from the dangers of Android phones to various scams involving hiring and Black Friday and some tips on staying safe -- so stay tuned.
For more tech tips, news, and updates visit - CraigPeterson.com
Reduce Vulnerabilities by Ditching Android
Tackling Ransomware on Windows
Cellular Throttling and Why it cost AT&T a Chunk of Change
Big Data, Data Brokers and Your Information
The hanging of an MSP “Shingle” and Your Business Security
Hiring and Issues with Scam Online Applications
Another “Pay--ment” System Introduced
Hand in Hand On Black Friday --- Shopping and Privacy
Imposter Retailers Outnumber Legitimate Ones
Automated Machine-Generated Transcript:
Hey, hello, everybody. Craig Peterson here on the air at WGAN and all over the world on podcasts. You can listen to me by just going to Craig peterson.com slash iTunes that'll bring up the 800-pound gorilla podcast site.
You can also go to Craig Peterson dot com slash iTunes in and listen to my podcasts there, of course, and you can listen on right here to this station also on tune in radio. Additionally, listen to me when I'm on the air, three mornings a week now different stations different coverage. All of those end up on my podcast feed. I appreciate everybody who is going there and giving me a five-star rating. I know there are also a lot of people that are tuning in for the first time. Welcome. Welcome to all of you guys and gals. It is a wonderful, wonderful experience for me because we get new people, and I get to help teach you guys, help you to be able to understand the latest in technology. That's what I talk about every week. I have been in the technology business for many, many decades now. And I am still enjoying it. But you know, it's time for me to start giving back and start trying to help everybody understand what's going on. We spend a lot of time discussing security, what you should do for your home, what you should be doing for your Small Office/Home Office. Many of us, like me, work out of their houses now. That means you have different problems. When we catch China, Russia, and North Korea and then all of the criminal organizations all over the world. We've got all of those people trying to attack us. It gets very, very difficult to keep our data set. safe. And of course also, with all of the new technology, how do you use it? How do you make it work? Just this morning, we were on with a client, and they were meeting this is common, okay. But they were misusing the system that they have in place. They have a system that's in place to allow them to do diagrams, engineering diagrams. And unfortunately, the people they trusted to put it together to configure it, they did not do it anywhere near properly, nothing is SPECT, right, etc. And I know you'd think an engineering firm would understand that the specifications are there for a reason. They're there to be followed, right. And so the system has just been kind of, you know, hack together trying to make this thing work. And there ended up being an air coming up on their screen, and then the Good news, I guess for them is they had us be able to help them because I don't think there's anybody else out there. That is, you know, easy enough to find someone that could help them with this problem because the air looked like it was a licensing problem. The problem was that the database that they were using had lock records on it. Here's how they were using it. They have a database and applications that are running on this underpowered server. They were being accessed remotely by someone using a VPN on a laptop. And you know it all sounds pretty reasonable. The way they were doing it was running the application over on the laptop instead of on the server. So what they should have been doing is using either a virtual machine that that person could Connect remotely or use a terminal server that Microsoft provides. What happens is now he's running the app, the app is accessing the database via the VPN. So far, so good, right? Make sense? This virtual private network is letting his laptop think it's on the corporate network. This company has dozen-plus employees and a server with a database on it. The database is handling all the queries it's going through. Now, when you're talking about databases, I'm trying not to get too technical here, everybody. When you're talking about a database for a program, the database, hopefully, has what is called business rules in it. For instance, if you add a customer, you're not just putting one record in the database, you have a record that gives the basic information about the customer. It includes the name, maybe the address, and then you've got another record that's got the customer contact, who it is. Then there are also records about what they would buy for from us with totals, encounters, and things. It's called D normalizing a database. So all of these different records are created in different tables, maybe even different databases, but it's almost always one database. And so in order to keep all this information properly synchronized, because you don't want to have a record for the company, a business a client, and then have the, the your programs trying to access now how do I get ahold of this client and so it tries to go to the phone number database, so I'm just oversimplifying this slightly. Still, there's no record for the phone number database, you don't want that to happen. So what you do is you use a lock, and the lock helped to enforce these business rules to make sure Hey if I'm creating a new customer, I want to make sure I have their name, their address, the contact that we have. And so a contact record, and the type of company, maybe an inventory item, just in time stuff, whatever it might be, all of that needs to be there in the database. What happens is, there's what's called an atomic transaction. The database program, the software that you're running, identifies the customer contact and his records and returns the records for the company itself, the records for the inventory, and the shipping information records. And then it says, commit this all to the database. At that point, the database already has all of these records and reports it is ready to commit. Everything is there. What was happening with this client is they were on a VPN. And they were running the software over on the laptop. The software on the laptop was saying, Okay, so here's, here's the client we're dealing with, and we've got some new information for them. So let's insert this new information in the database. And so the database does a lock to hold. So we can get a customer number to generate all of this stuff in case somebody else is trying to do it. And then, the VPN connection goes away, or the laptop crashes. Something happens, right? Now, the application could crash crash, and if its on the server, the database could crash on the server, all of that stuff could happen. So when you get right down into it, there are tools to try and recover. But in this case, records were locked. They weren't lost. They were locked. So now when they went back in they were getting in an error message, they really couldn't understand what's going on here. Why? Why am I getting this error? We had to delve into it and contact the app developers and look at the databases, and then we had to remove the locks manually. Now, that's just great. We remove the locks. What that probably means they have a corrupted database, one that was corrupted silently, in a way that no one understands. And in some cases, if it's a real expensive application, it probably has stuff that does continuity checks and makes sure there's congruence between all the records. But that's not the case here. You know what it reminds me I saw the same thing at a doctor's office. They've been using the same software for many, many years. And the software uses a very, very basic database and This database, and I don't even know if I would call it a database, right? But I think of the old retrieve stuff if you're an old-timer like me, and what we used to do with those and which is great because it the beat trivalent, you put data out into files and then allows you to access it very, very quickly. But by today's standards, you would not consider that a database. So over the years, when they had a problem, they would just shut off the computer and then turn it back on, reboot, right. So now we're helping them win factory finish migration of all of their data from this very old it using 30-year-old technology, this ancient system for the doctors practice to a very modern one on Max, and it's cool the stuff they can do. You know, they can immediately while you're sitting there with the doctor, the doctor can check right away, what drugs you're on from other providers because the pharmacy that you use keeps all that information, it's all tied right in real-time. And the doctor can check for possible conflicts of some of these medications and immediately issue the prescription. So it's before you leave your consultation with the doctor. It's all done. It's just amazing for them, and they're having a hard time with some of these concepts. And I get that right. If you're using 30 old 30-year-old design software, which so many people are you know, some of these companies like Kronos, they have some new stuff, but they're selling some stuff that's just decades old. It's just been, you know, modified, modified. And so the basic concepts behind the software aren't there. So they had been turning off their computers. Off and on resetting control, alt, delete, right, all of those things that we've all done before. And their database was as corrupt as can be. And manual processes instead of automated processes to try and get their database up to snuff. So anyways, an engineering firm, we got it taken care of for them. Still, their databases almost certainly got corruptions in it, because they're not doing it as backed by the manufacturer. Right. And you'd think as I said, they know better. And we've got the doctor's office all up and running too. So that's good. So anyway, if you ever want to know a little bit about databases, you just learned it. When we come back. Hey, we're going to be talking about shopping Black Friday, Cyber Monday privacy. That's coming up today, and we're going to talk about Android again, and a whole lot more. Of course, you're listening to Craig Peterson online, Craig Peterson, calm and I'm WGAN
Hello, everybody, Craig heater song here hopefully you're enjoying today's show so far. Let's give a little bit of a rundown of what's coming up. We've got our Black Friday, Cyber Monday shopping information coming right up here shopping and privacy on today's show the number of imposture retailers. It is crucial, and I'm going to help you understand these sites because they are the imposter websites is outnumbering the legitimate websites for retailers and we're getting caught all of the time. We're going to talk a little bit about the IM and MSP shingle to your business security. I saw this again, and some of these ms peas MSS peas are they break from shops is what we call them. In other words, you call them when you have a problem. They're not proactive. But it turns out now not only they're not good at security, but they are a massive target for hackers. We'll talk about how that's a problem for your business and some things you can do about that. Hiring issues. Right now. If you're looking for a job that some of this scam online application stuff with this going on will tell you more targeting and tackling here some ransomware on Windows, which is way way up. Big Data brokers and your information. We talked a little bit last week about what Google's doing with Project Nightingale, which is scary enough, but we're going to get into that.
Facebook is introducing a new payment system. You might remember they were trying to launch this whole cryptocurrency, and it fell flat. Well, we'll talk a little bit about this Calibre wallet that's coming to our way, and cellular throttling and why it cost AT&T a chunk of change. If you use AT&T, you may be getting a check. You will have to fill out some forms. Then I discuss how you can reduce vulnerabilities by ditching Android. It is amazing. There's a study that just came out. And this is an article from Wired magazine that I have up on my website at Craig peterson.com.
Android is not Android is not Android. Every manufacturer has a different version of Android. Now, some of the core modules are the same, but they have to add their device drivers. They typically add bloatware is what we call it to the phones, and of course bloatware, you also see in Windows computers a lot. And those are those ads that come up that lets you get all of these premium features. All you have to do is pay us extra. They're out there doing all of this. And so my warning has always been, if you are considering buying an Android phone, remember that it might only be good for six months. I'm not talking about the hardware; some of the equipment is great. When I say some of the phones only be suitable for six months. It's because the security patches that are going to be needed for your phone will no longer be available. And my accountant came by last week and he just bought a new Android phone I told him don't buy another Android get an apple get an iPhone. If you can't afford a new iPhone by you don't even have to buy us To buy a model or two older iPhone, you will be much much happier and you will be much, much safer. But he got another Android phone. Why did he ask me about or why did he bring up because he knows I'm not an Android fan, right? So. So when we're sitting down, he's, he's not going to be sitting there pulling his phone today, Greg, that's great. No android phone I have because he knows I'm going to be all right. And in this case, it was I bought this phone now a couple of months ago, and I can't get updates for it anymore. Two months, two months, he had that phone, and he couldn't get updates for his Android phone. So it's not even six months in some cases is a lot less than other cases it's longer. If you're going to make the mistake of buying an Android phone, make sure it is the number one model in volume in sales. That manufacturer right now is Samsung. And the goal with that, but here's this story. And I've got some stuff I wrote up about it.
Every android phone is unique. Because the manufacturers can freely create applications, they've got to make changes to the device drivers, the interfaces, the carriers, which then upload their information into the cellular tables that are in it. They might have a different transmitter than was planned for they go for the cheapest, cheapest. And so they've got to rewrite that low part of the operating system completely. You're getting that right now. Well, here's what we have just found. Every Android has pre-installed as of today. Now, remember, I'm saying that some of these phones you can't get security updates after six months and only two months in some cases. Maybe it's a year. But there's a study out right now, that is saying that on average when you buy an Android phone, there are 146 vulnerabilities pre-installed on your phone. So these are bugs in the software that Google has already fixed.
Some of these were zero-day attacks. Many of them weren't. But on average, your new Android phone, according to this study, already has 146 security vulnerabilities before you even open the box. Right. Now, does that make sense to you? Now, if you buy an iPhone, you're going to find that the first thing that you're gonna want to do is you set it up, you put in, your Apple account or you create one they're absolutely free. Apple does not harass you about any of this stuff. They give you iCloud backup automatically. But you're going to set up your iPhone. One of the very first things that it does is it updates itself.
Apple, just with the most recent release of its operating system going to look this up right now. Age of an iPhone six, they just recently stopped supporting their newest operating system that doesn't mean patches for security problems. But their newest operating system does not support the straight-six. It supports the six s but not the straight-six. So I'm looking right now in Wikipedia, and it was released there we go in on 24 14. So right now, while we're talking, it is more than five years old. It's been over five years since it was released. So Apple provided full support soup to nuts support for the software on iPhone sixes for more than five years. And that's very typical for Apple and the iPhones. So if you buy, you can still purchase the six ass I would not personally because it's not going to be fully supported. The next time we come up with another phone, so you know next year or maybe early in 2020. If you are considering buying an iPhone and you want to save some money, you can still buy a seven, or you can always buy an iPhone eight. You can even buy the 10. My mom, who is well into her 80s now, wanted to replace her phone. I think she had an iPhone four and she just last week returned it. I said they go out and buy because she was confused. I said, go out and buy the iPhone XR. That iPhone 10 XR, which she did. It is a great deal. It is a fantastic phone. And it's going to last year another five years with full software support from Apple. So keep that in mind. You can open that brand new box with your Android phone with 146 security bugs in it before you even open it up, and it's not going to update itself to the latest patches. None of that's going to happen. Depending on the phone in the manufacturer. But get an iPhone right forget all of this stuff about Android. I do not sell iPhones I to make money off of iPhones. I do not work for Apple. Okay. My company, however, is a certified Apple authorized Support Center
Hello, everybody, Craig Peterson, here on WGAN live online, you can find me at Craig peterson.com. I often have some of these free pop up pieces of training and I've been doing Facebook Lives lately and just trying to get the word out, helping people understand what is happening in technology today. And we're on show number 1037. Now, the way I number shows is that's actually week number 1037. We should have done some big deal when we hit show 1000 but I, I didn't I probably should have But anyhow, so that's 1037 weeks of being on the air every week, which is pretty amazing when you get down to it and it's thanks for You guys, I so appreciate what you guys do by listening and supporting the stations I'm on and of course listening to the podcast and and the easiest way, by the way if you are an avid listener, if you will, is to go to Craig Peterson comm slash iTunes. And if you wouldn't mind, give me a five-star review and, and let me know what you think of the show right there. And I do read those and a quick shout out to people on the air frequently. I do.
Now, you know, I mentioned a little bit earlier than I do a lot of computer security. And it's a huge deal, and it's very, very difficult. I also mentioned these break-fix shops. Those are businesses that do computer support, but basically, you call them when there's a problem as opposed to them being proactive and taking care of issues for you. Which is what my company and I do alright, so there you go. That's what I do. Well, let's get into this whole MSP thing. I am an MSP RIR, and MSP managed security services provider. And I want to roll the clock back because I have something here that I remember pretty well. And then I want to talk about it because I have a cup of coffee in front of me. And it's sitting on a napkin. And so I want to tell you a little bit of background. And this has to do with experience, really, and knowledge if you're old enough to remember the whole y2k thing. And the biggest problem with y2k was, hey, and we've been writing software for years that rely on next year, being One year more than this year. Back then, we had to be very careful with all of our data and how much storage we were using. Instead of storing the year as we do now as 1975, we would save the year as just 75. Hey, it's not going to matter for another, what, 35 years. Y2k is going to cause the world to come to an end because nothing's going to work. That is, it had only been 50 years that this code. And we all know that there was a whole industry that developed to help companies make sure they are y2k compliant. Some people wrote software that reviewed other software to make sure that these mistakes weren't in it. And then y2k came and went with very, very few incidents.
Now, the reason people were worried about was legitimate. If you had an older GPS this year, say one that was more than five years old, maybe ten years old, you might have noticed that it stopped working? Did you see that? And the reason these things stopped working was the same problem everybody was worried about and y2k while almost the same problem. And that is counters rolled over from the GPS satellites. If you didn't have a big enough counter on your GPS receiver, you were in big trouble. The satellites themselves were fine. It was your little GPS receiver that's built into your navigation system, right.
Huge deal. You had to buy a new one. Well, it's a much bigger deal for the bank, but thinking what else was happening around the year 2000. I started building commercial internet properties as soon as it became legal because I'd been on the internet since the early 1980s. I've been designing and helping to design and implement internet solutions since the early 1980s. And I've been doing network work, and computer network works professionally since 1975. I've been doing security work, managed security for my clients since the early 1990s. There was a lot of work done out there. I go back now and think about the late 1990s. My coffee mug is sitting here on a napkin. And you know, you go to a coffee shop, the napkins are three by three inches square, give or take. And if you are getting a muffin, you might get a napkin that you could unroll, and that's maybe what eight and a half by 11. Give or take, right? It's pretty big. Well, in the mid to late '90s, people were going to specific coffee shops. I remember this so well out in Silicon Valley in California. They went to these p coffee shops because it was where angels hung out. Angels are people who if you don't know, invest money in early-stage startups, in other words, when a company is first going, and so if I were today to talk to an angel and say, Hey, I need some money, the angel would say, Okay, well, let's look at the business plan. We go through all the financials, I better have some customers already some sort of a proof of concept, minimum viable product that I can show them and say, yeah, look at this is looking really good. So I need 1,000,005 million to take this to the next level. Well, back then, in the late 90s. They would sit and have coffee with one of these angel investors. And they'd say, hey, I've got an idea for a business and they pull out a napkin. And they take a, pencil and they would sketch on the back of that napkin. What their idea why it's because it's going to be great. And the investors just based on that napkin, no product, no team, nothing but an idea. Based on that napkin, the investors were giving out five and $10 million checks to these people who, in my mind, were, were, fraudsters. You know, they convince themselves that they had the best idea in the world, and they were going to become the next billionaire. Maybe the first billionaire under 20 years old. A lot of these investors, Of course, we're a little older, and they didn't know how to deal with the internet. They didn't know much about it and very immature back in the late 90s. Although I'd already been on it for 30 years, well, you know, around it for 30 years and on for more than 20 then, so they were giving them crazy money just based on a napkin. So what does everybody do? Well, where's the money while the money is on the internet, and it's out in the Bay Area of San Francisco, San Jose. So I'm going to go out there. And some of these people, literally, I knew people that did this, they hopped on an airplane. They flew out to San Jose, with the intent of going to one of these coffee shops or about a half a dozen of them, that were known to be frequented by angel investors and venture capitalists. And it's kind of like somebody flying to LA Working Yeah, I'm an actor, and they're working in a coffee shop. And they're Bariza hoping to get spotted by that director to get their big break. A big problem. And because everybody saw that the internet was the place to be. Everybody hung up a shingle about the internet. So stick around. We're going to talk more about this. We're going to tie this into exactly what's happening today, to you to your business, when it comes to security. And so many of these firms that are out there right now trying to sell you stuff. So stick around. We'll be right back.
You're listening to Craig Peterson, right here on WGAN and online pretty much everywhere and at Craig peterson.com stick around. We'll be right back.
Hello, everybody, welcome back, Craig beater song here. Of course, we're on WGA. And we are online, Craig Peterson calm. And good news. I'm on pretty much every podcasting platform out there. And I've had more than 20 million podcast downloads since I started podcasting 15 years. The numbers are picking up. We just had got another 100,000 downloads recently. I'm pretty jazzed with that. It is all because of you guys. The more you are of you who subscribe to my podcast, the more it gets noticed, and the more people hear about it, and of course, then what that means is, we're able to help more people, and that's why I'm here. It is a labor of love. Alright, so let's get into the rest of the story from what I was talking about earlier, which is if you missed it, I talked a little bit about the history of the internet and internet investment. These companies that were spun up from a business plan that was nothing more than a rough sketch on the back of a napkin at a coffee shop. Okay. It's a big deal here. But we'll let's think about some of the biggest failures on the internet. And you've heard of some of these. You've probably heard of like pets.com let me just run through a few here. Ship raise 62 million dollars and failed. That's SHYPBP raised 149 million before they got wiped out. Juicer, all Yeah, that's a reasonably recent one 118.5 million pepper tap 51 million Sprague 56 million yak yak 73 million. And you can go online, look for some of these things. I found an article that had 323, startup failures, and post-mortems for all of them going back, just kind of way back. But, you know, back to 2014, which isn't the start of the internet, right. That's not the reach. The time we're talking. Okay. Timo meter, and this is a great one, by the way. Multiply $30 times one client times 24 months. Wow, we'll be rich. Okay. They got funding, right. Why didn't we get funding? Why didn't you get funding right with your great idea? So everybody started throwing their hat into the ring. They were going to these coffee shops out in Silicon Valley pitching and hopefully come with a good idea.
Of course, the investors wanted to have a billion-dollar company. Hey, it's not so bad. I put, you know, 5 -10 million in and I'm able to take a billion dollars out with a big company that's got a 5 billion valuation right. Wow, we're all going to be rich. And of course, that is the extremely rare case. So let's fast forward to today. And talk a little bit about what's happening right now. I've got an article up on my website that we put together called "I am an MSP shingle and your business security." Think of that word shingle. We talked about all of these. I don't know what to call these people, because they were out trying to get money for their ideas and were quite convincing. They weren't thieves, necessarily, although some of them probably were. But they didn't know any better. They didn't know what they should have known. Today, of course, the internet's much more mature. It's still not fully mature. It's changing every day, the way things are sold and marketed and used, and everything on the internet is just constant change. But right now, what are we talked about on this show before when it comes to open jobs, we know that the economy pretty much has full employment. But for the past three years, I think ever started ever since I started running the webinars for the FBI info guard program, ever since I started running those. There's indeed been somewhere between one and a half and 3 million open cybersecurity jobs. So Let's get right down to the economics of all of this. And I, I was following some stuff, and I've been developing material carefully in the industry because this is kind of the industry that I'm in. And I found out something that I thought was just kind of a DA moment, right? That's when you hear something, and it's I should have thought of that. I don't know why I didn't think of that. Right. We all have those. And so I had this moment, which is, if you have been a break-fix shop of what you've been doing is you take a call from somebody, and you sell them a computer, or you g a call from somebody, and you go out, and you spend two hours with them and you charge them three or 400 bucks for that service call. First of all, I don't think that serves the customer very well because the customer is going to be worried about calling you and the poor person that's having the problem doesn't want the boss to get upset because they called you right? So that's not helping the business very much. And on the other side, if you're trying to sell hardware nowadays, you know, we'll sell someone at $3,000 $4,000. workstation for one of their employees to use not even a high end one. And our margin is like 50 bucks on it. Nowadays. It obviously depends on the manufacturer, but there's like no margin in that business anymore. So if you were faced with that, if you owned a company, that all they really did was they sold some computer hardware when there was a refresh. And you went out and you did some repairs and some telephone support. And what would you be thinking? Why are retailers closing on you're basically a retailer? That's the business you're in. You're competing against Amazon, you're competing against Dell online, you're competing against all these guys. So what I've noticed happening, and I've noticed it because my company is what's called a master managed security services provider. We're a master security services provider because we work with these smaller companies that don't have the security expertise, and they know it.
Now there, there's a lot of people that don't know it. We just talked about all of these failures. Back in the boom days of the internet, hundreds of millions of dollars, billions just went down the drain. So some of these people think they know enough, but they don't. So they'll come to somebody like us, who is a master managed security services provider, and we'll be the people behind the scenes designing the networks and security infrastructure. They can meet the DFARS requirements or ITAR or HIPAA or PCI or some of them, many, many TLA's and FLA's out there, right. TLA is is a three-letter acronym, and an FLA is a four-letter acronym. So in business, we all have those. But that's what they'll do. Now, I got to tell you, the vast majority and I'm going to say 99% from my personal experience. And so I don't know what the real numbers are. I don't think anybody has the actual numbers for this. But, and I'm going to say 99% because I have never seen an exception to this rule. But 99% of these companies out there don't know enough to make the right decisions or to help the customer make the right decisions when it comes to security. Now, this presents a huge problem for everybody. Because we have all of these people who were PC repairs and Windows support people, these companies relied on Windows coming out with a new version from Microsoft. And it will work on your old hardware because you need more memory, you need more space on your desk, you need to have a faster computer to run Windows eight, right? And then Windows 10 comes out. And a lot of people what they've done over the years is they say, you know, my machine is old, it's slow. It's cluttered. I could probably reload windows and get my speed back. But I just assumed by new computer, and that's what these people relied on for literally a couple of decades here. You are in the crosshairs of hackers if you're a business and even if you're just a regular home user. Oh my gosh, the problems you guys all have because now the hackers have figured out that these companies that call themselves managed services providers, but don't have enough knowledge about security, to protect even themselves adequately. These so-called managed services providers have now become a significant target for the hackers, including nation-state, think about it for a second. If you've hired a managed soft or managed services company of some sort, you've given them access to all of your computers, and they probably have your passwords, right? They have all of this stuff. There is an attack going on right now against Connect wise and directly against Ms. Peas. They've scanned the internet to find anybody that mentions MSP on their website, and then they start attacking them. Cause they have the keys to the kingdom, your kingdom. So here's the advice to minimize your risk.
We had two weeks ago an attack that hit an IT services firm Everest, which is a subsidiary of NTT, one of the largest MSP is in Spain. They had to shut everything down, cut network links, try and figure out what happened. And in this case, it was ransomware. But they're also going straight for the data. It's happening every day. Okay, this is one of the largest, so yeah, my gosh, Here's what you have to do. You have to treat your managed security services provider as an insider risk. Just like any employee, you have your own IT staff. They are a risk to your business. They have access to All of your intellectual property, your client lists your employee records, right? They have access to all of it. So treat them like an insider. Understand the risks, do not let them keep your passwords or other information. And what we do for our clients is we never keep them. We cannot tell you what your password is, and we have to reset it. And we use specialized software, that when we access one of our client's computers, it keeps track of the right passwords and those are changed frequently and can be changed. Every time a technician connects, it is a huge deal, there you go. Some people are hanging out their shingle, saying I'm an MSP. Be very careful if you treat them like an insider, and mitigate your risks. All right, when we come back, by the way, in the next hour, we're going to be talking about online shopping. You're listening to print Peterson on WGAN.
Hey, hello everybody, Craig Peterson here on WGAN online at Craig peterson.com. I appreciate everybody being with us today. We went through a bunch of stuff in the last hour. And we talked about, you know, MSP insider threats a little bit. I want to finish up the whole thing about insider threats. People have been asking if they should treat any managed services provider, break-fix shop, or any third party who is taking care of our computer equipment as an insider with a potential insider threat. So how do we treat insiders and this whole insider threat thing? Well, I should do a training on this up pop-up training.
The veryfirst thing you have to do is figure out what is your most valuable asset in your business. Now, for most of us, it's our intellectual property. Frankly, those are our plans, our designs, our engineering diagrams, and it's our money, you know, bank account information, employee information, anything that could cause you to fail an audit. If you get audited, do you have all of the records? But if you are in a business that requires that you have security, what's going to happen when they come in and audit, okay, so any of that sort of data is information that you should protect. That means a lot of different things. I've taught some courses on this before, but it includes things like segmenting your networks so that people who don't need to get it at data can't get the data. In this day and age, for the truly paranoid, we see this more and more, it's called a zero-trust network. So people or machines can only get at things that you explicitly allow. So it isn't as though anyone in accounting can get to this, it's this person in the accounting can get to this. So all of your data is segmented. And again, don't let them keep your passwords. Try and do some of the administration stuff yourself, at least on the password side. Change the password and save it in an encrypted password manager to keep track of those passwords. Then when you have to call your managed services provider or your break-fix shop or, or your niece, whoever it is, who's taking care of your computers, you give them the password for that machine. They can get on and can do their thing. They get everything working, you watch them as they're working, which is another thing that we do. We're only on the machine when there's someone else watching, remotely. And we record all those sessions. By the way, anytime any one of our techs gets onto any machine, we have someone watching them. That is important. When the tech completes their work change the password.
The whole idea here is that they don't need to have them. And as I mentioned before, we've seen a growing number of managed services providers from around the world being targeted and compromised by hackers, including the large ones. That goes to show again, and even the big guys aren't as concerned about security. Or maybe they don't know enough about security as they should be. I was out at a prospect's place just a couple of days ago. We're talking with them about their managed services provider that they had. I mentioned earlier, this 99% number, and this is my number. But I say 99% because I have yet to find a single managed services provider that is doing security reasonably well. I have yet to find one. And that's kind of bad news, frankly, when you get right down to it. And so that's why I say 99%, right, I give the 1%. Now, I know there are Managed Security Services Providers that know how to do it, but this is a challenging world. Bottom line, is if you can find someone that you trust 100% implicitly, they are not keeping your password, not getting into machines, without permission, then you have to trust them as an insider, basically, an employee that you kind of trust, but you don't absolutely imagine and make sure obviously, you keep those employees in line too. We're going to be coming up here in just very soon, actually another segment or two, with what you need to worry about for your holiday shopping. I want to start this whole thing off by talking about what you should be doing and how to verify a site and whether it's legitimate because it turns out there are three times more fake shopping sites than there are real ones out there. So be very, very careful of that. Now, before we get into that, let's do about these bogus hiring scams, it confuses me because when you get down to it, we have such high employment rates right now. It makes you wonder why the bogus ones are having such success out there. I don't know. Maybe people are just trying to look for a raise because there are so many great job opportunities. I don't know. Okay, employment is at an all-time high. With the economy buzzing like this, finding workers for seasonal part-time work is getting harder and harder. Think about what Black Friday means. Black Friday is when retailers finally become profitable or "in the black" as far as books go. It's not quite as true as it used to be. It used to be that most of the year retailers operated in the negative and it took until right around Thanksgiving before things turned around, because that's when people start shopping for the holidays. So these employers are now having to compete with the spam employment opportunities on top of it all. And the whole online application process is just fraught with opportunities for fishers to glean all the information they could need to impersonate you. So you've got to be very careful, and one of the things you can do, and this is the same thing if you're looking to purchase online, is verify that you did not end up on a scam site. So bottom line, if you're looking for a job, and most people are going to start their job search on Google, which is an okay place to start, and they might top in or type in seasonal opportunities. Just yesterday, I was sitting with my wife, and she did a download to the latest version of Microsoft PowerPoint. We subscribe to Office for all of our employees, including my wife, as she helps out with the business. Anyway, she did a Google search, and instead of "office," she typed "orifice," and you know slip up, and you know how it is when you kind of automatic type sometimes. She typed for Microsoft for this download, and we got results that were all scam websites. It was all set up to make you think that you were on the Microsoft Office website and that you were downloading legitimate Microsoft Office software. I was sitting right next to her. I suspect many of you might have clicked on some of that stuff, you never know what's going to happen? Because again, she was automatic typing, she didn't notice she had mistyped it. And she might not have seen these sites weren't a legitimate site. So you have to keep an eye on that. If you're looking for part-time jobs and they come up in the Google results, you might try typing in the website directly. So let's say you want to take a part-time job, but Walmart or Target or something, go to the Target.com website and make sure it's legit. How do you make sure it's legit? Well, we're going to talk about that a little later in this hour. We're going to talk about verifying the shopping sites, but if you go to their website, and if there are multiple pages on the website that all look legit like there's a real shopping cart, there's real stuff online, there's real privacy, disclaimers, etc. That's probably a real target site, and it's not a scam site. And then you can go ahead and fill out the Hiring information. I would be cautious about putting in things that are a little too personal. You want to give them your background and a way to contact you. But be careful with things like your social security number or bank account numbers. Many employers nowadays are asking for your social media account information. So it's one thing to say while you can go to twitter.com slash Craig Peterson and you'll see my Twitter feed. It's quite another to give them access to your Twitter account, and some of them are asking for that. They want your Twitter account username and password and your Facebook username and password. Because many times we are sending stuff using direct messages back channels, hidden channels that they're not going to see when they go to your public-facing Twitter page or Facebook page. And so Martin Employers are saying hey, listen, we want to have a good inside look at your social media account. So I would not give them any that sort of information. Remember if it is a scam, even if it's not a scam if they get hacked, which has happened before to target all of the TJ Maxx, guys, etc. that information could leak out. Alright, so I'll stick around when we come back we're going to talk about tackling ransomware and Windows. And we're going to also talk about a new payment system that's was announced and then we'll finish up with what you should be doing for the holidays. You're listening to Craig Peterson here on WGAN and online at Craig peterson.com. I am on pretty much every major podcast platform. Thanks for listening today. Stick around. I'll be right back.
Hello, everybody, welcome back, Craig Peterson here listening to me on WGAN and online. Hey, if you enjoy the show, if you listen to podcasts at all, I encourage you to subscribe to your favorite podcast platform that helps get the show noticed and gets it out. And even better if you could share it with a friend and make sure you subscribe. I'd appreciate it. You know, we put a lot of work into these. I think we're giving great information. I get great feedback and emails. I had a couple over the last few weeks here actually two weeks that were saying that these were some of the best shows of mine they've ever heard. And I've done well over 1000 shows. So I think that's, that's an excellent thing, and I appreciate those types of messages that I get from you guys. So you can always email me, let me know what you think. What is it about Though the show that you liked, maybe you have some ideas or some topics that you want me to cover all of that stuff is just great and I would love to hear from you again. Me M-E at Craig peterson.com couldn't be much simpler than that could it.
Let's get into this. We got a couple more quick security articles. Just general information here about Windows and Facebook, and then we're going to get into Black Friday scams, and of course it doesn't just go for Black Friday, this is throughout much of the holiday shopping season; actually, these all apply all year. Then we have these fake retailer sites I'll tell you about them how they're popping up and, and a little bit more about the signs. We covered that in that last segment a little bit when we were talking about the hiring scam, so stick with us today. We got a lot more to cover here before we're off the air, hard to believe two hours, can go by so fast. So let's start with windows here. Ransomware has been a problem for a long time. And for those that don't know, ransomware is where some software gets on your computer. There are a lot of mechanisms for nowadays, but it gets on your computer, it encrypts your files so that they become useless to you. And then it asks for money, the typical payment in Bitcoin, which is, by the way, attributed to be the number one reason Bitcoin Bitcoin has risen in price, and I can see that.
There is a new study released. We've got more than 1 billion Windows operating system powered PCs in use in the world today. And that makes them a huge target for hackers. Now, just this morning, I was talking with one of our engineers, and I was saying how impressed I am with Microsoft recently. Since Balmer and Gates left, it has been a fantastic, amazing company. They've been able to maintain compatibility with older software right now for the most part while increasing their security, and they have turned a lump of coal into something that's, that's worthwhile, right? I still don't think it's anywhere near as good as something like Mac OS is on the apple side. But not everybody can run Mac OS, not everybody understands it. So major kudos to our friends over at Microsoft. It's amazing. But they are a big target, and they do have a large attack surface. In other words, there are a lot of things in Inside Microsoft Windows that can be and are currently under attack. You have to be kind of leery about some of these potentially unwanted applications that are on your machine. You might have heard me mentioned before some of the bloatware that gets installed by the computer sellers. And what they do is they load up all their programs. And they get paid. It's like five bucks. They'll get paid to load 50 different games, and you know, anti-spyware, software, and McAfee or Norton, all software that is practically useless to you. And then you have to spend hours removing that bloatware from your computer. But it's not just the bloatware that's out there. There are crypto coin miners installed on our computers, unbeknownst to us. There are all kinds of vulnerability exploits Trojans, and nowadays, ransomware and what's called file-less malware. Fileless malware is why 100% of the antivirus solutions that are out there today don't work anymore because it's a file, so it never hits the disk, so they don't have a chance to examine it. So having white label type of antivirus not white-labeled, but whitelist might be beneficial. But even in those cases, there's a lot for us consider. Now we're finding ransomware that's crypto locking, is growing, the number of attacks is growing. The number of successful computer accesses is growing. Now, to me, the most disappointing part of the numbers as I've looked through this in some detail, in this report that came out.
The thing that disappoints me the most is much of the time. They are using exploits that have been around available for a couple of years or more. Many of these were patched by Microsoft, Adobe, and Oracle years ago. These are the ones that upset me the absolute most. We see now, the most significant year-on-year increase of any malware in the ransomware community, almost 75% increase since last year. So if you know someone that has had ransomware and I bet you you do somewhere in your circle of acquaintances, I don't think he would have to go out too deep right. I think it is about a 75% increase. According to Bit Defender, the number of ransomware reports dropped in the first half of the year due to one big hacking group called Grandacrab, who throttled down their efforts due to ramped-up law enforcement efforts. Now, ransomware is rising again, as these new ransomware groups are emerging to fill the void left by Grandacrab. I'm not going to go through the names of all of this different type of ransomware. These profit-motivated cybercriminals and they're just spending a little bit of time and a little bit of money because the to buy this ransomware. Some of this stuff is even licensed now. Where they have to, they download it for free. They can try it out on so many people, and then they have to go to a registration site and buy a license to use the ransomware. And then off it goes in that can be just 100 bucks. It's incredible. Here but they're also saying that they're seeing reports of miners and Phylis malware out there too. So coin miners, those are where you go to a website, then you know how the site says, Hey, can we send you news updates and you say allow or disallow yes or no on that you've seen those before, right? Those are not all illegitimate. Many of them are, most of them are legitimate. But that's how the coin miners are working. And so they will embed some code in a website, a legal site, and the coin miner will then start using your web browser to mine for various types of like Bitcoin type currencies that are out there. Okay. So we see a lot more in the ransomware style. We've got to be very, very careful. And about 40% of the population of the 1 billion people that use Windows about 40% admit the They have not applied security patches even though they're available. So make sure you ask them nowadays you don't have to go out and spend a lot of money to buy a license for Windows, you can pay monthly. And you don't have to worry about Windows upgrades anymore, because included. That's what we do with all of our customers; we include everything. Okay, we try and make it very, very easy for them. This article, as well as all of the other ones I've talked about today, and a few others we're not going to be able to get to today are all up on my website at Craig peterson.com. Please visit me there, you'll learn about the pop-up pieces of training. I have some of the Facebook Lives. The themes for the week and all of that stuff. You know, I'm not going to spam you with marketing messages. I'm just trying to get this out the truth out, Craig Peterson dot com. Hey, stick around. We'll be right back here listening on WGAN and online as well.
Hello, everybody, welcome back, Craig Peterson here on WGAN and online at Craig Peterson calm and on your favorite podcasting app. And please do spend a minute and subscribe if you haven't already. Well, we talked about cryptocurrencies, many, many times, when they first started coming out for started rising to prominence. I had set up a little mining operation to figure it out, and I had my wallet and everything and, and it was a little too late in the game to find Bitcoin, like right off the bat. That's why I stopped because I was only interested in finding out more about the technology. So you have to use it if you want to understand it. That's kind of the bottom line on it. And I looked at it as kind of a gimmick, and of course, we now know that the cybercriminals online found Bitcoin To be phenomenal when it comes to being able to get paid in a more or less, kind of a quiet way, right? Where people are not aware of where the money's coming or going. Now, remember that Bitcoin is not anonymous. None of this data is genuinely anonymous, bottom line, but it is kind of, you know, private, more or less. So they use it for pain ransoms. I attended an excellent briefing by the Secret Service about how they tracked down some of the bad guys that are using Bitcoin. And it was frankly fascinating, and how they've been successful at that. So don't think that you're going to somehow because you're using a cryptocurrency going to be out of the reach of the hands of the law because you're not going to be okay criminals will get caught. But we had another end enterprise, and I don't like it. Some people would probably call them a criminal enterprise called Facebook out there. And you might remember Facebook decided they were going to come up with this whole new network, they're going to do Libra and it was going to be a cryptocurrency. Now, cryptocurrencies are getting to be a serious business. You have, for instance, the government of China active in developing a cryptocurrency. China frankly, wants to be able to have a currency that they control that they can peer into the becomes the International Monetary standard, instead of the U.S. dollar. So China has been working on this for about five years, and frankly, next year, I think you can expect that China is going to have a state back state-sponsored cryptocurrency that they're going to be pushing all over the world. They are going to try and get oil valued in their cryptocurrency. I think that's a bit of a problem for us here in the U.S. and will be a challenge for our economy too. But when we look at somebody like Facebook, where they're trying to set up this network, called the Libra network, I was thinking good thoughts about it.
I know you are wondering, wait a minute, is this the Craig I've grown to know over the years What's going on here? I was kind of happy about it, as it possible for anyone anywhere in the world to have a financial transaction with you. For instance, I know some ladies who are in Africa, and they're impoverished women and trying to make ends meet and just have not been able to earn $100 a month. And many of these women are brilliant. Some of them are entrepreneurs, and they want to get a business going. And this particular group of women is now making themselves available after a friend of mine trained them here been in some technology, how to use computers and how to be a virtual assistant system. They are making themselves available as a virtual assistant. What could be more accessible for these women, and for the people who might want to hire them, than to make their transactions a cryptocurrency of some sort? A currency that they could use at their home that we could use at home. A currency that we could trust to a high degree. Remember, coins like if you have a U.S. dollar bill that you want to spend, the only reason it's worth anything, is because it's considered to be Legal Tender backed by the United States government. Now it isn't supported by silver anymore or gold anymore but deemed to be reasonable, legitimate currency. Initially, the Facebook Libra network announced they had a dozen or more of the foremost financial institutions in the United States. They would all work together and cooperate in developing this currency. Now, several reasons got squashed, not the least of which is governments and wanting to tax them and not being able to track some of the transactions easily. But I'm sure Facebook would have provided the governments with all the transaction information they wanted. Okay. So frankly, it would make it even easier for governments to track transactions than it is now. But the thing I loved about it was thinking about these women that my friend trained over in one of the poorest countries in Africa and how it would change their lives. I don't know if you've watched those some of this stuff here on micro-investments or watch how they're working. There's one organization called Shanta (https://www.shantafoundation.org) that quite impresses me. They're working in Myanmar. Interesting what they're doing, but when the basic idea with micro-investments is that somebody like you, were I, we might put $1,000 into this. And you've got someone in some countries somewhere that wants to buy a cow for the milk, and they're going to sell the milk, or they want to buy a goat or for the milk or whatever it might be micro to us. And so they're lent $100 to start a business. And they go out, and they get that business going, and they repay the loan, and that money is just put right back into another loan to another person that wants to do it. I've been following these micro-investments, and am very, very impressed with what many of these places are doing. And that led me to notice something else, which was the presence of phones, just regular cell phones that can send text messages, not smartphones. But the presence of phones and cell service coming into these tiny, tiny villages. And how most women were taking these phones. And we're using them to create businesses to support themselves and their families. Just absolutely amazing and many of these women, in fact, I think almost all of the ones my friends been teaching our single women, they've been either abandoned by their husbands Or the kids, Father, whatever you might want to call them. And they have to do all of the support. And so they're spending a whole month's wages, they're spending $100 to go through this program, this one-month long program that my friend runs. And so she's been looking for donations of laptops, just regular windows laptops, to help these women out as well. But these women get these cell phones and just with the cell phone now, there is some technology out there right now we don't use it in this country. Still, in several other developing countries that they can send money to people and receive money to people just using text messages. So just using their cell phones brought them out of extreme poverty. Now you know, we have poverty in the U.S., but poverty in the new in the U.S. looks like somebody that's upper class in these countries does. Okay. We don't know what poverty is. What we call poverty isn't, you know,' it's just astounding to me. So I got excited when I saw this whole idea behind the Libra network and what Facebook was doing with Calibra wallet. So we got to go for break, and we're going to come back I'm going to finish this up because there's something new and exciting that's happening in this space now. And then we're going to get into our Black Friday scams, and some more fake retailer sites. If you want more details, you're going to have to go to my website at Craig Peterson dot com. I'm not going to be able to cover it entirely in either the radio show today here on WGAN or my podcasts. You can find my Podcasts on pretty much every podcasting platform or my website, Craig Peterson dot com stick around, more to come
Hey, Craig Peterson, back here on WGAN. I can't believe it's been two hours since we've been together today. Man does time fly. So going back because I want to finish up our last topic here about the microtransactions and about what our friends at Facebook had been doing trying to put a cryptocurrency in place. It completely fell apart about a month ago. Facebook is planning to start rolling out something called Facebook Pay on messenger and on Facebook itself. Today, it's going to be initially available for fundraisers person to person payments, event tickets, in-game purchases, and from some pages and some businesses that are on the Facebook marketplace. And they're planning on bringing this to more people and more places. They're going to be adding not just messenger, but adding Instagram and WhatsApp to this. So basically, what they're trying to do now is use this technology to make it possible for people to pay each other no matter where they are. Now, you already know because you're just listening, you already know that I think that's a unique idea. And that is going to lift people out of poverty. Just like capitalism has, it's the best system the world has ever invented, to lift people out of poverty. And if Facebook successful this, they will save lives as well. And of course, there's the other side, Facebook's going to make a ton of money on this. Because they're going to, obviously they'll have some form of transaction fees, and they'll be making some money over that. Okay, so we got more stuff we're not going to get to today because I want to get to the Black Friday scams and the retail stuff. There either is a new secret consumer score that you have never heard of before. And I am not, unfortunately, to get time to do much. With that, I say now it's been out there for probably the better part of a decade. I found some information about it from the New York Times back in 2012, and the Wall Street Journal back in 2018. There is a scoring system that's keeping track of us, and one with which you are probably not familiar. So that's up on my website, Craig peterson.com and 18 T's and green to pay $16 million to settle a legal dispute over smart throttling smartphone plans. So they came to that agreement with the Federal Trade Commission. Okay, so now into Black Friday scams. These are happening all the time. They are souped-up during Black Friday and Cyber Monday when there's a lot of people buying stuff online, and I'll let's get into it here. This shopping fever lasts for about four days right now. Some sites like Walmart start on Wednesday, and others are ready underway here. But let's go into some of these top scams. Man, we've only got about 10 minutes left here.
So number one, this is a great article. It's from Heimdal Security dot com. I've got it up on my website at Craig Peterson dot com. If the website insistently asks you to download its application. Now, we already probably have apps from merchants. I've got Amazon, for instance, there are apps from Walmart Target, Ollie Express, Rakuten, Barnes and Noble, and the little guys are having a hard time competing there, but they try nonetheless. Now, a lot of these websites are going to talk you into downloading their mobile apps. And there's nothing wrong with that. But remember that not all of these retailers are legit, and not all of the legitimate retailers the apps are legitimate because it's rare that they would be developing the app themselves. So they probably had a third party do it. Who knows, right? So don't just willy nilly install apps from retailers are going online number two, the website looks fishy. And of course, this is pH fishy. And what that means is you might be on a cloned site. Right now, there are I was saying three earlier, but I was wrong. According to research from Venafi, they were looking at what is called TLS certificates. These are SSL certificates used basically if the website says HTTPS, then they're using TL. So they examine these. And they found that there are four times more fake retailer sites than the real one. Okay? So there are typos, squatting domains. I mentioned one of them earlier in the show today that my wife accidentally typed orifice instead of office when she's tr