Oct 15, 2021
How Many Times Per Week AreYou Being Cyber Attacked? From Where? How? Why?
We've got a new study out showing that North Americanorganizations, businesses, and others, are being hit with anaverage of 497 cyber attacks per week, right here in the good oldUSA.
[Following is an automated transcript]
This is a study by checkpoint software technologies. Checkpoint,I used, oh my gosh. It would have been back in the nineties backthen. They were one of the very first genuine firewall companies.And it was a system that I was putting in place for my friends overat troopers. I think it was New England telephone. It might've beenVerizon by then. I can't even remember, man.
[00:00:41] It's been a little while, but it was, a system wewere using in front of this massive system that I designed, I madethe largest internet property in the world. At that time called bigyellow. It morphed into super pages. It might be familiar with. Butit was me and my team that did everything. We built the data centerout.
[00:01:05] We wrote all of the software. Of course they providedall of the yellow pages type listing so we can put it all in. Andwe brought it up online and we were concerned. Well, first of all,You know, I've been doing cyber security now for over 30 years. Andat this point in time, they wanted something a little more than myhome grown firewall.
[00:01:29] Cause I had designed and written one in order toprotect this huge asset that was bringing in tens of millions ofdollars a year to the phone company. So they said, Hey, listen,let's go ahead and we'll use checkpoint and get things going. Wedid, it was on a little, I remember it was a sun workstation. Ifyou remember those back in the.
[00:01:52] And it worked pretty well. I learned how to use itand played with it. And that was my first foray into kind of whatthe rest of the world had started doing, this checkpoint software,but they've continued on, they make some great firewalls and otherintrusions type stuff, detection and blocking, you know, alreadythat I am a big fan, at least on the bigger end.
[00:02:17] You know, today in this day and age, I wouldabsolutely use. The Cisco stuff and the higher end Cisco stuff thatall ties together. It doesn't just have the fire power firewall,but it has everything in behind, because in this day and age,you've got to look at everything that's happening, even if you're ahome user.
[00:02:37] And this number really gets everybody concerned. Homeusers and business users is. Businesses are definitely under biggerattacks than home users are. And particularly when we're talkingabout businesses, particularly the bigger businesses, the ones thathave a huge budget that are going to be able to go out and pay up,you know, a million, $10 million ransom.
[00:03:05] Those are the ones that they're after and thisanalysis. Point software who does see some of those attacks comingin, showed some very disturbing changes. First of all, hugeincreases in the number of cyber attacks and the number ofsuccessful ransoms that have been going on. And we're going to talka little bit later, too, about where some of those attacks arecoming from, and the reason behind those attack.
[00:03:36] According to them right now, the average number ofweekly attacks on organizations globally. So far, this year is 40%higher than the average before March, 2020. And of course that'swhen the first lockdowns went into effect and people startedworking from home in the U S the. Increase in the number of attackson an organizations is even higher at 53%.
[00:04:07] Now you might ask yourself why, why would the U S beattacked more? I know you guys are the best and brightest, and Ibet it, I don't even need to say this because you can figure thisout yourself, but the us is where the money is. And so that's whythey're doing it. And we had president Biden come out and say, Hey,don't attack the.
[00:04:27] well, some of those sectors are under khaki for moreafter he said that then before, right. It's like giving a list to abad guy. Yeah. I'm going to be gone for a month in June and yeah,there won't be anybody there. And the here's the code to my alarm.Right. You're you're just inviting disaster checkpoints.
[00:04:49] Also showing that there were more. Average weeklyattacks in September 21. That's this September than any time sinceJanuary, 2020. In fact, they're saying 870 attacks per organizationglobally per week. The checkpoint counted in September was doublethe average in March, 2020. It's kind of funny, right?
[00:05:14] It's kind of like a before COVID after COVID orbefore the Wu Han virus and after the Wu Han virus, however, wemight want to know. So there are a lot of attacks going on. Volumeis pretty high in a lot of different countries. You've heard me saybefore some of my clients I've seen attack multiple times a second,so let's take a second and define the attack because beingscanned.
[00:05:40] I kind of an attack, the looking to see, oh, where isthere a device? Oh, okay. Here's a device. So there might be a homerouter. It might be your firewall or your router at the business.And then what it'll do is, okay, I've got an address now I know isresponding, which by the way is a reason. The, we always configurethese devices to not respond to these types of things.
[00:06:04] And then what they'll do is they will try andidentify it. So they'll try and go into the control page, which iswhy you should never have when. Configuration enabled on any ofyour routers or firewalls, because they're going to come in andidentify you just on that because all of a sudden them brag aboutwhat version of the software you're running.
[00:06:26] And then if it's responding to that, they will tryand use a password. That is known to be the default for thatdevice. So in a lot of these devices, the username is admin and thepassword is admin. So they try it and now off they go, they'rerunning. Some of these guys will even go the next step and we'llreplace the software.
[00:06:52] In your router or firewall, they will replace it sothat it now directs you through them, everything you are doingthrough them. So they can start to gather information. And that'swhy you want to make sure that the SSL slash TLS. That encryptionis in place on the website. You're going to, so if you go to Craigpeterson.com right now, my website, I'm going to go theremyself.
[00:07:22] So if you go to Craig peterson.com, you're going tonotice that first of all, it's going to redirect you to my securesite and it doesn't really matter. You won't see it. Okay. But youare there because if he. Typically at the left side of that URL barwhere it says, Craig peterson.com. You'll see, there's a littlelock.
[00:07:44] So if you click that lock, it says connection issecure. Now there's a lot more we could go into here. But the mainidea is even if your data is being routed through China or. Both ofwhich have happened before many tens of thousands, hundreds ofthousands of time times. I'm not even sure of the number now.
[00:08:06] It's huge. Even if your data is being routed throughthem, the odds are, they're not going to see anything. That you aredoing on the Craig Peterson site. Now, of course you go into mysite, you're going to be reading up on some of the cybersecuritystuff you can do. Right. The outages what's happened in thenews.
[00:08:27] You can do all of that sort of thing on my side, kindof, who cares, right? Um, but really what you care about is thebank, but it's the same thing with the bank. And I knew mine wasgoing to be up there. And when everybody just check it out anyway,so. So the bad guys, then do this scan. They find a web page login.
[00:08:47] They try the default log in. If it works, the Le theleast they will do is change. What are called your DNS settings.That's bad because changing your DNS settings now opens you up toanother type of attack, which is they can go ahead. And when yourbrowser says, I want to go to bank of america.com. It is in fact,going to go out to the internet, say is bank of America, the badguys.
[00:09:18] Did, and they will give you their bank of Americasite that looks like bank of America feels like bank of America.And all they're doing is waiting for you to type into your bank ofAmerica, username and password, and then they might redirect you tothe. But at that point, they've got you. So there are somesolutions to that one as well, and Firefox has some goodsolutions.
[00:09:44] There are others out there and you had to have thosethat are in the works, but this is just an incredible number. Sohere's what I'm doing, right. I have been working for weeks ontrying to figure out how can I help the most people. And obviouslyI needed to keep the lights on, right? I've got to pay for my foodand gas and stuff, but what I'm planning on doing and what we'vesketched out.
[00:10:10] In fact, just this week, we got kind of our finalsketch out of it is we're going to go ahead and have a success pathfor cyber security. All of the basic steps on that success pathwill be. Okay. So it will be training that is absolutely 100% free.And I'll do a deeper dive into some of these things that I'm doingthat I'm doing right now here on the radio, because you can't seemy desktop.
[00:10:40] It's hard to do a deep dive and it's open to anybody,right? If you're a home user or if you're a business user, all ofthe stuff on that free. Is going to help you out dramatically. Andthen after that, then there'll be some paid stuff like a membershipsite. And then obviously done for you. If the cybersecurity stuffis just stuff that you don't want to deal with, you don't have thetime to deal with.
[00:11:05] You don't want to learn, because believe me, this issomething that's taken me decades to learn and it's changing almostevery day. So I understand if you don't want to learn it to. Thatis the other option. I'll give you, which is done for you, whichwe've been doing now for over 20, 30 years. Stick around.
[00:11:25] We'll
[00:11:25] So which sectors are economy are being hacked? Imentioned that in the last segment, but yeah, there are someproblems and the sectors that president Biden lined out laid outare, are the ones that are under, even more attack after hismessage.
[00:11:42] 497 cyber attacks per week. On average here in theUS, that is a lot of attacks. And we started explaining what thatmeant so that we talked about the scan attacks that are automatedand some person may get involved at some point, but the automatedattacks can be pretty darn automated. Many of them are just tryingto figure out who you are.
[00:12:09] So, if it shows up, when they do that little scanthat you're using a router that was provided by your ISP, that's abig hint that you are just a small guy of some sort, although I'mshocked at how many bigger businesses that should have their ownrouter, a good router, right. A good Cisco router and a really goodnext generation firewall.
[00:12:34] I'm shocked at how many don't have those things inplace, but when they do this, That's the first cut. So if you're alittle guy, they'll probably just try and reflash your router. Inother words, reprogram it and change it so that they can startmonitoring what you're doing and maybe grab some informationfrom.
[00:12:56] Pretty simple. If you are someone that looks likeyou're more of a target, so they connect to your router and let'ssay, it's a great one. Let's say it's a Cisco router firewall orPalo Alto, or one of those other big companies out there that havesome really good products. Uh, at that point, they're going to lookat it and say, oh, well, okay.
[00:13:18] So this might be a good organization, but when theyget. To it again, if when access has turned on wide area, accesshas turned down, that router is likely to say, this is the propertyof, uh, Covina hospital or whatever it might be, you know? And anyaccess is disallowed authorized access only. Well, now theyknow.
[00:13:42] Who it is. And it's easy enough just to do a reverselookup on that address. Give me an address anywhere on theinternet. And I can tell you pretty much where it is, whose it isand what it's being used for. So if that's what they do say theyhave these automated systems looking for this stuff it's found.
[00:14:02] So now they'll try a few things. One of the firstthings they try nowadays is what's called an RDP attack. This is aremote attack. Are you using RDP to connect to your business?Right? A lot of people are, especially after the lockdown, thisMicrosoft. Desktop protocol has some serious bugs that have beenknown for years.
[00:14:25] Surprisingly to me, some 60% of businesses have notapplied those patches that have been available for going on twoyears. So what then button bad guys will do next. They say, oh, isthere a remote desktop access? Cause there probably is most smallerbusinesses particularly use that the big businesses have a littlebit more expensive, not really much more expensive, but much betterstuff.
[00:14:51] You know, like the Cisco AnyConnect or there's a fewother good products out there. So they're going to say, oh, well,okay. Let's try and hack in again. Automate. It's automated. No onehas to do anything. So it says, okay, let's see if they patch,let's try and break in a ha I can get in and I can get into thisparticular machine.
[00:15:14] Now there's another way that they can get into theirmoat desktop. And this apparently has been used for some of thebigger hacks you've heard about recently. So the other way they getin is through credential stuff. What that is is Hey, uh, there areright now some 10 billion records out on the dark web of people'snames, email addresses, passwords, and other information.
[00:15:43] So, what they'll do is they'll say, oh, well this isCovina hospital and it looks it up backwards and it says, okay, sothat's Covina hospital.org. I have no idea if there even is aGavino hospital, by the way, and will come back and say, okay,great. So now let's look at our database of hacked accounts. Oh,okay.
[00:16:04] I see this Covina hospital.org email address with apassword. So at that point they just try and stuff. Can we get inusing that username and password that we stole off of anotherwebsite. So you see why it's so important to be using somethinglike one password, a password generator, different passwords onevery site, different usernames on every site, et cetera, etcetera.
[00:16:29] Right. It gets pretty important per te darn quickly.So now that they're in, they're going to start going sideways andwe call that east west in the biz. And so they're on a machine.They will see what they can find on that machine. This is whereusually a person gets some. And it depends in historically it'sbeen about six days on average that they spend looking aroundinside your network.
[00:17:00] So they look around and they find, oh yeah, great.Here we go. Yep. Uh, we found this, we found that. Oh, and there'sthese file server mounts. Yeah. These SMB shares the, you know, theY drive the G drive, whatever you might call it. So they startgaining through those and then they start looking for our othermachines on the network that are compromised.
[00:17:23] It gets to be really bad, very, very fast. And thenthey'll often leave behind some form of ransomware and alsoextortion, where that extort you additionally, for the threat ofreleasing your data. So there, there are many other ways they'renot going to get into them all today, but that's what we're talkingabout.
[00:17:43] Mirman, we're talking about the 500 cyber attacks perweek against the average. North American company. So we have seensome industry sectors that are more heavily targeted than others.Education and research saw an 60% increase in attacks. So theireducation and I've tried to help out some of the schools, butbecause of the way the budgets work and the lowest bidder andeverything else, they, they end up with equipment.
[00:18:17] That's just totally misconfigured. It's just shockingto me. Right. They buy them from one of these big box onlineplaces. Yeah. I need a, a Cisco 10, 10. And I need some help inconfiguring it and all, yeah, no problems or we'll help you. Andthen they sell it to the school, the school installs it, and it isso misconfigured.
[00:18:38] It provides zero protection, uh, almost zero, right.It provides almost no protection at all. And doesn't even use theadvanced features that they paid for. Right. That's why, again,don't buy from these big box. Guys just don't do it. You need morevalue than they can possibly provide you with. So schools, 1500attacks per week research companies, again, 1500 attacks per week,government and military.
[00:19:10] Entities about 1100 weekly attacks. Okay. That's thenext, most highest attacked. Okay. Uh, health care organizations,752 attacks per week on average. Or in this case, it's a 55%increase from last year. So it isn't just checkpoints data thatI've been quoting here. That, that gives us that picture. There area lot of others out there IBM's has Verizon's has all of these mainguys, and of course in the end, They've got these huge ransoms todeal with.
[00:19:50] Hey, in New Hampshire, one of the small towns justgot nailed. They had millions of dollars stolen, and that was justthrough an email trick that they played in. K again. I T people,um, I I've been thinking about maybe I should put together somesort of coaching for them and coaching for the cybersecuritypeople, even because there's so much more that you need to know,then you might know, anyways, if you're interested in any ofthis.
[00:20:22] Visit me online. Craig peterson.com/subscribe. Youwill get my weekly newsletter, all of my show notes, and you'llfind out about these various trainings and I keep holding. In fact,there's one in most of the newsletters. Craig peterson.com. CraigPeterson, S O n.com. Stick around.
[00:20:43] We've been talking about the types of attacks thatare coming against us. Most organizations here in north America areseeing 500 cyber attacks a week, some as many as 1500. Now, whereare they coming from?
[00:21:00] Whether they're scanning attacks, whether they'regoing deeper into our networks and into our systems who are the badguys and what are they doing? Microsoft also has a report thatthey've been generating, looking at what they consider to be thesource of the attacks. Now we know a lot of the reasons I'm goingto talk about that too, but the source is an interesting way tolook at.
[00:21:29] Because the source can also help you understand thereason for the attacks. So according to dark reading, this is kindof an insider, a website you're welcome to go to, but it getspretty darn deep sometimes, but they are showing this stats fromMicrosoft, which you can find online that in the last yearrush.
[00:21:53] Has been the source of 58% of the cyber cat tax.Isn't that amazing now it's not just the cyber attacks. I, I needto clarify this. It's the nation state cyber tech. So what's anature's nation state cyber attack versus I don't know, a regularcyber attack. Well, the bottom line is a nation state cyber attackis an attack that's occurring and is actually coordinated and runby and on behalf of a nation state.
[00:22:31] Uh, So Russia at 58% of all nation state attacks isfollowed by North Korea, 23% Iran, 11% China, 8%. Now you probablywould have thought that China would be. Right up there on thatlist, but Russia has 50% more of the nation state cyber attackscoming from them than from China. And then after China is southVietnam, Viet, or I should say South Korea, Vietnam, and Turkey,and they all have less than 1%.
[00:23:14] Now, this is this new pool of data that Microsoft hasbeen analyzing. And it's part of this year's Microsoft digitaldefense report, and they're highlighting the trends in the nationstate threat cyber activity hybrid workforce security.Disinformation and your internet of things, operational technologyand supply chain security.
[00:23:35] In other words, the whole gambit before, before allof this, now the data is also showing that the Russian nation stateattacks are increasingly effective, calming from about a 21%successful compromise rate last year to 32%. So basically 50%better this year at effectiveness there, Russians are alsotargeting more government agencies for intelligence gathering.
[00:24:10] So that jumped from 3% of their victims last year to53%. This. And the Russian nation state actors are primarilytargeting guests who us, right? The United States, Ukraine and theUnited Kingdom. Now this is all according to the Microsoft data. Sowhy has Russia been attacking us? Why is China been attacking usand why the change this.
[00:24:38] Well, Russia has been attacking us primarily to rentsome us it's a cash cow for them just like oil and gas. They aremaking crazy money. Now that president Biden has made us dependenton foreign oil supplies. It's just insanity and even dependent on.Gas coming from other places. Well guess where the number onesource of gases now for Europe and oil it's Russia.
[00:25:08] So we are no longer going to be selling to Europe.Russia is so they're going to be making a lot of money off of. Butbefore then they were actually counted on ransomware to help fundthe Russian federal government, as well as of course, these Russianoligarchs, these people who are incredibly rich that have asubstantial influence on the government.
[00:25:33] Don't if you're wondering who they might be, justthink of people like, oh, I don't know. Bill gates and, uh, w whoare on the, some of the other big guys, you know, Tim cook, uh,Amazon's Jeff bayzos Elon Musk, right? Those are by my definitionand looking it up in the dictionary, they are all a. They getexemptions to laws.
[00:25:58] They get laws passed that, protect them. In fact,most of regulations actually protect these big companies and hurtsmall companies. So I would call them oligarchs and that's the samesort of thing in Russia in Russia. Okay. They probably have alittle bit more underhanded stuff than these guys here do, butthat's what Russia has been.
[00:26:21] China has been continually going after our nationalsecrets, national defense, the largest database of DNA of AmericansDNA, of course, is that unique key. If you will building block forall of us, that's what DNA is. And the largest database of all ofthat uniquely identifying information is in. China stole from theoffice of personnel management records of a federal employees,their secret clearance, all of their background check informationwho was spoken with, what did they have to say?
[00:27:03] And on and on. So China has been interested ininfiltrating our businesses that provide things to the military andthe military themselves and the federal state, and even the localgovernments that's who they've been targeting. And that's whythere's 8% number might seem small. Although, as I just mentionedthis year, Russia moved, moved dramatically.
[00:27:30] They used to be about 3% of their attacks or againstthe government agencies. And now it's 53%. So Russia. And China aregoing after our national secrets and they can use them in a coldwar, which as I've said, I think the first shots of the third worldwar have been fired. And frankly, they're all cyber, it's allonline and Russia.
[00:27:57] Isn't the only nation state actor who's changing itsapproaches here as espionage is the most common goal amongst allnation state groups as of this year. Tivity of hackers revealsdifferent motivations in Iran, which quadrupled its targeting ofIsrael. Surprise, surprise. Over the last year. And Iran has beenlaunching destructive attacks, things that will destroy power,power plants, et cetera, and North Korea, which is targetingcryptocurrency companies for profit.
[00:28:29] So they're stealing these various crypto coins again,funding their government. So it's, it's a problem. Absoluteproblem. Government sectors are some of the most targeted 48%.These NGOs non-government organizations that act kind of a quasigovernment functions and think tanks are 31%. Uh, and Microsoft, bythe way, has been alerting customers of nation, state attack,attack attempts.
[00:29:01] Guess how many this year that they had to warn about20,500 times in the past three years. So that's a lot and Microsoftis not a company that's been out there at the front lines. It neverhas been it's in behind. So to have them come out and say, this is.And okay, by the way, your stolen username and password run for abuck per thousand, and it's only gonna take you hundreds of hoursto get it all cleared up.
[00:29:32] Isn't that nice spear fishing for a hire can cost ahundred to a thousand dollars per successful account takeover anddenial of service attacks are cheap from protected sites, roughly$300. Per month. And if you want to be ransomware king, it's onlygoing to cost you 66 bucks upfront 30% of the profit.
[00:29:54] Okay. Craziness. Hey, visit me online. Sign up Craig,peter.com/subscribe.
[00:30:03] I had an interesting mastermind meeting this week.There's six of us. We're all business owners and it opened my eyespretty dramatically because one of the members got hacked, butthat's not what I really want to emphasize.
[00:30:20] This whole cybersecurity thing gets prettycomplicated, pretty quickly. And a friend of mine who is in one ofmy mastermind groups had a real problem. And the here's here's whatwent on. We'll call him Walt for back of a letter, lack of a bettername since that is his name.
[00:30:40] And he doesn't mind me sharing this with you. Walthas a very small business that he and his wife run, and they have acouple of contractors that help out with some things, but hisbusiness is very reliant on advertising and primarily what he doesis Facebook advertising. Now I've been talking for two years, Ithink in this mastermind group about cyber security and the factthat everyone needs good cyber security.
[00:31:13] And he always just kind of pole hum to, uh, wow. Youknow, and it's just too complicated for me. I got to thinking fora, you know, a bit, really a few weeks, what does he mean tocomplicated? Cause there's some basic things you can do. So thisweek on Tuesday, I was on our mastermind groups meeting and Iexplained, okay, so here's what happened to Walt.
[00:31:42] He had $40,000 stolen, which by the way, it's a lotof money for a teeny tiny husband wife company. And. Uh, well,here's what we did. He, we helped them. We got the FBI involvedand, you know, with our direct ties, cause we work with them oncertain types of cases and he got back every dime, which is justtotally unheard of.
[00:32:06] But um, without going into all of the details there,I spent a problem. 1520 minutes with the whole group and themastermind explaining the basics of cyber security. And that reallykind of woke me up, frankly, because of their responses. Now theseare all small business owners and so they're making pretty decentmoney.
[00:32:31] In fact, every one of them and they all have somecontractors and some employees all except for Walt and his wife,they had just have contractors and. I had two completely differentresponses from two members of this group that no. Let me tell youthis was really eye opening for me. And this is why you might'veheard me in the first segment talking about this, but this is why Ihave really changed my view of this stuff, this cybersecuritystuff, because I explained.
[00:33:08] If you're using things like Norton antivirus orMcAfee, antivirus, or really any of them, even the built-inMicrosoft defender this year, those standard antivirus system. Ihave only been able to catch about 30% of the malware out there,30%, you know, that's like having a house and you've got a securityguard posted out front.
[00:33:39] He's armed, he's ready to fight. And yet all of yourwindows are open and all of your doors are unlocked. And allsomeone has to do is crawl in the side window because that guythat's posted up front, he's not going to be able to stop. So 30%effectiveness. And of course, Walt had all of the basic stuff.
[00:33:59] He thought he was good enough. It's not worthspending time or money doing any of this. And of course it turnedout to be well worth the time and money if he had done it. But hehas a friend who has contacts and, and made things happen for him.So I guess he's kind of, kind of lucky in that regard, but Iexplained that and I said, do you know the, the way you.
[00:34:21] To go. If you're a small business, it's about $997 amonth for a small business, with a handful of employees to get thetype of security you really need. There's going to catch. 90something 98%. Maybe if, if things go well of the stuff going on,in other words, you don't just have an armed guard at the frontdoor.
[00:34:46] You've got all the windows closed and blocked and thedoors closed and locked as well. So yeah, somebody can still getin, but they got to really want to get in and risk getting caught.So that's kind of the analogy that I used now. One of the membersof my. Of my mastermind thought, well, okay. Cause you're justbeing Frank with me.
[00:35:09] Right? We're all friends. She said, well, initially Ithought, oh Craig, I'm going to have to have you help out withstuff here. Cause my, you know, I'm concerned about my security. Imake some good money. Uh, she's the one that has employee. She hasa million dollar plus a year business and she wants to keep itsafe.
[00:35:26] But then she. Uh, you know, but, but you know, youwere talking about all of this Norton and stuff and that it doesn'twork. So I, I just, I don't have any hope. And that's when theanother member jumped in and this other member said, well, Uh, oh,that's not what I got at all. I got the, the normal off the shelfstuff that you buy that you're going to get from Amazon, or you'regoing to get from PC connection or wherever that stuff is not goingto work, but there is stuff that does, but it's only professionalstuff.
[00:36:02] You can only get it from professionals that aretrained in certified. Which is the right message. Right. That wasthe message I was trying to relay. Yeah. Don't try and do ityourself because you can't even get the right tools that you need.That is frankly a problem. So that really got me to think. In, in avery big way, because here are two people that have heard me talkabout cybersecurity and their eyes probably glazed over, but nowtheir eyes, I know at least one of these ladies definitely glazedover.
[00:36:36] So I've come to the realization that sometimes I. Alittle too deep into things. And although I can explain it quitewell to many people, sometimes people glaze over and I get emailsfrom you guys saying kind of the same thing. I really appreciateit. I don't understand a lot of what you're saying, Craig, butthanks for being there.
[00:36:59] Listen to you every week here on the radio. Uh, thenthat's good. That's reassuring, but now I've come to realize a fewthings. One is. The I've got to be a lot clearer in my messaging,because even when talking to my friends, it is a little bitoverwhelming for them sometimes. Right. And then the next thing iseverybody needs help because you're being lied to.
[00:37:29] Right. How are people getting ransomware? If thestuff that they're buying work. Maybe it's just me, but I thinkthere's a disconnect there. So a lot of you guys have gone out andyou've hired people and I want to spend just a few minutes rightnow, going through some red flags that you need to be looking outfor in vendor security assessment.
[00:37:56] Now I'm putting one together. As well, right yetanother one. Uh, and what I'm trying to do is help you out, right?This is not as sales tool. It is trying to help you figure outwhere you're at. I'm putting together a webinar that I'm going tobe holding these what I'm calling bootcamps, where I go through andshow you exactly how to do the basic steps that you need to do inorder to be safe on.
[00:38:25] Okay. If an online, all that means is your, isplugged in, right. Okay. It doesn't mean you're going out and doinga lot of stuff out there on the internet just means it's connected.So those are going to be coming out. I will send an email out assoon as all of that. Stuff's ready. Cause. Absolutely free. Andthese assessments, I have the basic one that you can doyourself.
[00:38:47] It's a self-assessment. And then I have the moreadvanced ones that I do that are five grand. Okay. So you've got tobe a decent sized business for this to make sense where we look forall of the security problem. On all of your computers and yournetworks, and then give you a list of things you need to do and howto do them.
[00:39:10] Okay. So it's well worth it for them, but if you're avery small company and you're trying to do some of this yourself, Iwant to help you. So that's what these boot camps are going to beall over. And also what the scorecard is going to be all about. Sothat's coming up, but here are some good red flags and anassessment.
[00:39:30] I found this again on dark reading. This is kind ofan insider website for those of us in the cybersecurity business,but, um, How can you verify the information that vendors are givingyou about their own cybersecurity posture? We've heard in the newsand I've talked about them all year, this year, and for yearspast.
[00:39:56] That are we're vendors can be our worst nightmarebecause some of these hacks come in through our vendors. So you'vegot yourself, a cybersecurity company. How do you know if they arereally telling you the truth? And man, is that hard for you toknow? Right. You're going to ask him questions and the salesmen aregoing to say, oh yeah, yeah, yeah.
[00:40:21] That's why we don't have salesmen. Right. We haveengineers. You talk to me, you might talk to my son or my daughter,people who have been doing this with me, who I have trained andhelped out. So this guy who wrote the article and there's this onattributed, I don't see an attribution on here on this page.
[00:40:41] I definitely want to give him, probably I heard isJohn Babinec wrote this thing and he is a principle threat hunters.What he calls himself over at net and rich. So he says, here's whatyou got to do. And if you're trying to be cost-effective, he putsit in. What I call an ed month clause. And one of these days I'lltell you that story, but he calls it a validity check question sothat an honest vendor would tell you, no, they don't do X and giveyou a good reason why they don't like it's not cost effective.
[00:41:17] It's outside of a reasonable risk model. Does thatmake sense to you? So when you're trying to evaluate a vendor,who's going to be doing your cyber security put in one of thesevalidity checks put in one of these questions. It doesn't reallymatter to you, but it's something that would be very hard for oneof these cybersecurity companies to do.
[00:41:42] And maybe it doesn't fit the risk model that youhave. I think it's just absolutely brilliant. Probably one of thebetter ways when you're trying to evaluate an MSSP as cybersecuritymanaged or otherwise provider stick in something like that. So youhave a red flag that just stands out for you. All right.
[00:42:04] Make sure you are registered online. Craig Petersohn.com/subscribe. So you can find out about all of thesetrainings coming up.
[00:42:17] If you've never heard of the Carrington event, Ireally hope, frankly, I really, really do hope we never have tolive through one of these. Again, there is a warning out thereright now about an internet apocalypse that could happen because ofthe Sun.
[00:42:34] Solar storms are something that happens really kindof all of the time. The sun goes through solar cycles. About everyseven years, there are longer cycles as well. You might know. Ihave an advanced class amateur radio license I've had for a longtime, and we rely a lot when we're dealing with short wave on thesolar cycle.
[00:42:59] You see what happens is that the sun charges, theatmosphere. You see that if you've ever seen the Northern light,that is. Part of the Sunzi missions, hitting our magnetic field andkind of getting sucked into the core of the earth, if you will, asthey get caught in that field. And the more charged the atmosphereis, the more bounce you get.
[00:43:24] That's what we call it bounce. And the reason us hamshave all these different frequencies to use is because of thebattle. We can go different frequencies with different distances, Ishould say, using different frequencies. So think about it rightnow. You've got the earth and I want to talk from Boston toChicago.
[00:43:47] For instance, I know about how many miles it is, andI have to figure out in the ionosphere up in the higher levels ofthe atmosphere, what frequency. To use in order to go up into theatmosphere, bounce back, and then hit Chicago. That's the idea.It's not quite as simple or as complex in some ways, as it sounds,a lot of people just try different frequencies and a lot of hamsjust sit there, waiting for anybody anywhere to talk to,particularly if they are.
[00:44:20] It's really quite fun. Now what we're worried about,isn't so much just the regular solar activity. We get worried whenthe sun spots increase. Now, the solar cycle is what has primaryimage. On the temperature on earth. So no matter what, you might'veheard that isn't your gas, guzzling car or a diesel truck thatcauses the Earth's temperature to change.
[00:44:49] Remember the only constant when it comes to theEarth's temperature has been changed over the millions of years. Wehad periods where the earth was much warmer than it is now had morecommon that carbon dioxide in the atmosphere than it does now hadless. In fact, right now we are at one of the lowest levels ofcarbon dioxide in the atmosphere in earth, long, long.
[00:45:15] So the sun, if you might remember, comes up in themorning, warms things up, right? And then it cools down. When thesun disappears at nighttime, it has a huge impact. It's almostexclusively the impact for our temperatures. If there's otherthings too, for instance, eruption can spew all to hold a lot ofcarbon dioxide.
[00:45:40] In fact, just one, just Mount St. Helens wantederupted, put more carbon dioxide into the atmosphere than man hasthroughout our entire existence. Just to give you an idea, right?So these alarms that are out there, uh, you know, come on, people.Really, and now we're seeing that in, uh, this last year we had a30% increase in the ice cap up in the, in, up in the north, up inNorthern Canada, around the polls.
[00:46:12] Uh, we also had some of these glaciers growing. Itwas so funny. I saw an article this year, or excuse me, this weekthat was showing a sign that was at one of our national parks. Andit said this glacier will have disappeared by 2020. Of course ithasn't disappeared. In fact, it has grown now and it's past2020.
[00:46:34] Anyhow, the sun has a huge impact on us in so manyways. And one of the ways is. Well, something called a coronal massejection. This is seriously charged particles. That tend to bevery, very directional. So when, when it happens, when there's oneof these CMS coronal, mass ejections, it's not just sending it outall the way around the sun everywhere.
[00:47:02] It's really rather concentrated in one. Oneparticular spot. Now we just missed one not too long ago. And letme see if I can find it here. Just mast, a cm E near miss. Here wego. There a solar super storm in July, 2012, and it was a very,very close shave that we had most newspapers didn't mention it, butthis could have been.
[00:47:33] AB absolutely incredible. We'd be picking up thepieces for the next 50 years. Yeah. Five, zero years from this oneparticular storm. And what happens is these, these solar flares, ifyou will, are very, very extreme, they CME. You're talking aboutx-rays extreme UV, ultraviolet radiation, reaching the earth at thespeed of light ionizes, the upper layers of atmosphere.
[00:48:02] When that happens, by the way, it hurts ourcommunications, but it can also have these massive effects where itburns out saddle. And then causes radio blackouts, GPS, navigationproblems. Think about what happened up in Quebec. So let me justlook at this call back, uh, hit with an E and yeah, here we go. AndMarch 13th, 1989.
[00:48:33] Here we go. Here's another one. Now I remembered. Andthis is where Quill back got nailed. I'm looking at a picture here,which is, uh, looking at the United States and Canada from the skyand where the light is. And you can see Quebec is just completelyblack, but they have this massive electrical blackout and it'sbecomes.
[00:48:57] Of this solar storm. Now they, these storms that Isaid are quite directional, depending on where it hits and when ithits things can get very, very bad. This particular storm back in1989 was so strong. We got to see their Rora Borealis, the Northernlights as far south, as Florida and cue. Isn't that something, whenwe go back further in time to this Carrington event that Imentioned, you could see the Northern lights at the equals.
[00:49:35] Absolutely amazing. Now the problem with all of thisis we've never really had an internet up online. Like we have todaywhen we had one of the storms hit. And guess what we're about to gointo right now, we're going into an area or a time where the sun'sgoing to be more active, certainly on this, this 11 year cycle andpossibly another bigger cycle too, that we don't really know muchabout.
[00:50:07] But when this hit us back in the 1850s, what we sawwas a, uh, a. Telegraph system that was brought to its knees. Ourtelegraphs were burned out. Some of the Telegraph buildings werelit. They caught on fire because of the charges coming in, peoplewho were working the telegraphs, who are near them at the time, gotelectric shocks or worse than that.
[00:50:34] Okay. 1859 massive Carrington event compass needleswere swinging wildly. The Aurora Borealis was visible in Columbia.It's just amazing. So that was a severe storm. A moderate severitystorm was the one that hit in Quebec here, knocked out Quebec, uh,electric. Nine hour blackout on Northeast Canada. What we thinkwould happen if we had another Carrington event, something thathappened to 150 years ago is that we would lose power on a massivescale.
[00:51:13] So that's one thing that would happen. And thesemassive transformers that would likely get burned out are only madein China and they're made on demand. Nobody has an inventory. So itwould be at least six months before most of the country would getpower back. Can you believe that that would be just terrible and wewould also lose internet connectivity.
[00:51:39] In fact, the thinking that we could lose internetconnectivity with something much less than a severe storm, maybe ifthe Quebec power grid solar, a massive objection here. Maybe ifthat had happened, when. The internet was up. They might haveburned out internet in the area and maybe further. So what we'reworried about is if it hits us, we're going to lose power.
[00:52:07] We're going to lose transformers on the transmissionlines and other places we're going to lose satellites and that'sgoing to affect our GPS communication. We're going to lose radiocommunication, and even the undersea cables, even though they'renow no longer. Regular copper cables. It's now being carried ofcourse, by light in pieces of glass.
[00:52:32] The, those cables need to have repeaters about every15 miles or so under underwater. So the power is provided by.Copper cables or maybe some other sort of power. So these underseacables, they're only grounded at extensive intervals, like hundredsor thousands of kilometers apart. So there's going to be a lot ofvulnerable components.
[00:52:59] This is all a major problem. We don't know when thenext massive. Solar storm is going to happen. These coronal massejections. We do know they do happen from time to time. And we doknow it's the luck of the draw and we are starting to enter anothersolar cycle. So be prepared, everything. Of course, you'relistening to Craig Peterson, cybersecurity strategist.
[00:53:28] If you'd like to find out more and what you can do,just visit Craig peterson.com and subscribe to my weekly shownotes.
[00:53:39] Google's got a new admission and Forbes magazine hasan article by Zach Dorfman about it. And he's saying you shoulddelete Google Chrome now after Google's newest tracking admission.So here we go.
[00:53:55] Google's web browser. Right? It's been the thing forpeople to use Google Chrome for many years, it's been the fastest.Yeah, not always people kind of leapfrog it every once in a while,but it has become quite a standard. Initially Microsoft is tryingto be the standard with their terrible browser and yeah, I toExploder, which was really, really bad and they have finallycompletely and totally shot it in the head.
[00:54:29] Good move there on their part. In fact, they even gotrid of their own browser, Microsoft edge. They shot that one in.They had to, I know I can hear you right now saying, oh, Craig, Idon't know. I just use edge browser earlier today. Yeah. But guesswhat? It isn't edge browser. It's actually Google Chrome. TheMicrosoft has rebranded.
[00:54:52] You see the guts to Google Chrome are available aswhat's called an open source project. It's called chromium. Andthat allows you to take it and then build whatever you want on topof. No, that's really great. And by the way, Apple's web kit, Katis another thing that many people build browsers on top of and ispart of many of these browsers we're talking about right now, thebiggest problem with the Google Chrome.
[00:55:22] Is they released it so they could track you, how doesGoogle make its money? Well, it makes us money through sellingadvertising primarily. And how does it sell advertising if itdoesn't know much or anything about you? So they came out with theGoogle Chrome browser is kind of a standard browser, which is agreat.
[00:55:43] Because Microsoft, of course, is very well known fornot bothering to follow standards and say what they have is theactual standard and ignoring everybody else. Yeah. Yeah. I'mpicking on Microsoft. They definitely deserve it. Well, there iswhat is being called here in Forbes magazine, a shocking newtracking admission from.
[00:56:05] One that has not yet made headlines. And there areabout what 2.6 billion users of Google's Chrome worldwide. And thisis probably going to surprise you and it's frankly, Pretty nastyand it's, I think a genuine reason to stop using it. Now, as youprobably know, I have stopped using Chrome almost entirely.
[00:56:31] I use it when I have to train people on Chrome. I useit when I'm testing software. There's a number of times I use it,but I don't use. The reality is the Chrome is an absolute terror.When it comes to privacy and security, it has fallen way behind itsrivals in doing that. If you have an iPhone or an iPad or a Mac,and you're using safari, apple has gone a long ways to help secureyour.
[00:57:09] Well, that's not true with Chrome. In fact, it's notprotecting you from tracking and Dave up data harvesting. And whatGoogle has done is they've said, okay, well, we're going to getthese nasty third party cookies out of the whole equation. We'renot going to do that anymore. And what they were planning on doingis instead of knowing everything specifically.
[00:57:34] You they'd be able to put you in a bucket. So they'dsay, okay, well you are a 40 year old female and you are likedriving fast cars and you have some kids with a grandkid on theway, and you like dogs, not cats, right? So that's a bucket ofpeople that may be a few hundred or maybe up to a thousand. Asopposed to right now where they can tell everything about you.
[00:58:04] And so they were selling that as a real advantagebecause they're not tracking you individually anymore. No, we'reputting you in a bucket. Well, it's the same thing. Right. And infact, it's easier for Google to put you in a bucket then to trackeverything about you and try and make assumptions. And it's easierfor people who are trying to buy ads to place in front of you.
[00:58:28] It's easier for them to not have to kind of reverseengineer all of the data the Google has gathered in instead of. Tosend this ad to people that are in this bucket and then thatbucket. Okay. It makes sense to you, but I, as it turns out here,Google has even postponed of that. All right. They really have,they're the Google's kind of hiding.
[00:58:54] It's really what's going on out there. Uh, they aretrying to figure out what they should do, why they should do it,how they should do it, but it's, it's going to be a problem. Thisis a bad habit. The Google has to break and just like any, anybodythat's been addicted to something it's going to take a longtime.
[00:59:16] They're going to go through some serious jitters. SoFirefox is one of the alternatives and to Google Chrome. And it'sactually a very good one. It is a browser that I use. I don't agreewith some of the stuff that Mozilla and Firefox does, but again,right. Nobody agrees on everything. Here's a quote from them.
[00:59:38] Ubiquitous surveillance harms individually. Andsociety Chrome is the only major browser that does not offermeaningful protection against cross cross site tracking and Chromewill continue to leave users unprotected. And then it goes on herebecause. Uh, Google response to that. And they admit that thismassive web tracking out of hand and it's resulted in, this is aquote from Google and erosion of trust, where 72% of people feelthat almost all of what they do online is being.
[01:00:19] By advertisers, technology firms or others, 81% saythe potential risks from data collection outweigh the benefit bythe way, the people are wrong. 72% that feel almost all of whatthey do on online is being tracked. No, no. The answer is 100% ofwhat you do is probably being tracked in some way online.
[01:00:41] Even these VPN servers and systems that say that theydon't do log. Do track you take a look at proton mail just lastweek. Proton mail it's in Switzerland. Their servers are inSwitzerland. A whole claim to fame is, Hey, it's all encrypted. Wekeep it safe. We don't do logging. We don't do tracking, uh, guesswhat they handed over the IP addresses of some of the users to aforeign government.
[01:01:10] So how can you do that? If you're not logging, ifyou're not tracking. Yeah, right. They are. And the same thing istrue for every paid VPN service I can think of. Right. So how canGoogle openly admit that their tracking is in place trackingeverything they can, and also admit that it's undermining ourprivacy and.
[01:01:38] Their flagship browser is totally into it. Right?Well, it's really, it's gotta be the money. And Google does nothave a plan B this anonymized tracking thing that they've beentalking about, you know, the buckets that I mentioned, isn'trealistic, frankly. Uh, Google's privacy sandbox is supposed toFitbit fix it.
[01:02:00] I should say. The, the whole idea and the way it'sbeing implemented and the way they've talked about it, theadvertisers on happy. So Google's not happy. The users are unhappy.So there you go. That's the bottom line here from the Forbesarticle by Zach Dorfman, delete Google Chrome. And I said that fora long time, I do use some others.
[01:02:27] I do use Firefox and I use. Which is a fast webbrowser, that some pretty good shape. Hey, if you sign up for myshow's weekly newsletter, not only will you get all of my weeklytips that I send to the radio hosts, but you will get some of myspecial reports that go into detail on things like which browseryou shouldn't be using.
[01:02:52] Sign up right now. Craig peterson.com.
[01:02:57] Many businesses have gone to the cloud, but the cloudis just another word for someone else's computer. And many of thebenefits of the cloud just haven't materialized. A lot ofbusinesses have pulled back and are building data centersagain.
[01:03:14] The reason I mentioned this thing about Microsoftagain, and the cloud is Microsoft has a cloud offering.
[01:03:23] It's called Microsoft Azure. Many people, manybusinesses use it. We have used it with some of our clients in thepast. Now we have some special software that sits in front of itthat helps to secure. And we do the same thing for Amazon webservices. I think it's important to do that. And we also use IBM'scloud services, but Microsoft is been pitching for a long time.
[01:03:51] Come use our cloud services and we're expecting hereprobably within the next month, a big announcement from Microsoft.They're planning on making it so that you can have your desktopreside in Microsoft's cloud, in the Azure cloud. And they'reselling really the feature of it doesn't matter where you are.
[01:04:17] You have your desktop and it doesn't matter what kindof computer you're on. As long as you can connect to your desktop,using some just reasonable software, you will be able to be justlike you're in front of a computer. So if you have a Chromebook ora Mac, Or a windows or tablet, whatever, and you're at the grocerystore or the coffee shop or the office, you'll be able to get it,everything, all of your programs, all your files.
[01:04:47] And we, Microsoft will keep the operating system upto date for you automatically a lot of great selling points. Andwe're actually looking into that. Not too heavily yet. We'll givethem a year before we really delve into it at all. Cause it takesthem a while to get things right. And Microsoft has always been onethat adds all kinds of features, but most of the time, most of themdon't work and we can, we can document that pretty easily, even inthings like Microsoft.
[01:05:18] Well, the verge is now reporting that Microsoft haswarned users of its as your cloud computing service, that theirdata has been exposed online for the last two years. Yeah, let merepeat that in case you missed it, you, uh, yeah. I'm I'm Imight've misspoken. Right. Uh, let me see, what does it say? Itsays, um, users of Azure cloud competing service.
[01:05:48] So that's their cloud. Microsoft's big cloud. Okay.Um, their data has been. Exposed online. Okay. So that means thatpeople could get the data, maybe manipulate the data that sort ofexposed means for the last two years. Are you kidding me? Microsoftis again, the verge. Microsoft recently revealed that an error inits Azure cosmos database product left more than 3,300 as yourcustomers data.
[01:06:24] Completely exposed. Okay guys. So this, this, this isnot a big thing, right? It can't possibly be big thing because youknow who uses Azure, right. Nobody uses a zer and nobody useshosted databases. Come on, give me a break. Let me see, what elsedoes this have to say? Oh, okay. It says that the vulnerability wasreported, reportedly introduced into Microsoft systems in 2019,when the company added a data visualization feature called Jupiternotebook to cosmos DB.
[01:06:59] Okay. Well, I'm actually familiar with that one andlet's see what small companies let's see here. Um, some Azurecosmos DB clients include Coca Cola. Liberty mutual insurance,Exxon mobile Walgreens. Hmm. Let me see. Could any of these peoplelike maybe, maybe Liberty mutual insurance and Walgreens, maybethey'd have information about us, right.
[01:07:26] About our health and social security numbers andaccount numbers and credit cards. Names addresses. Right, right.That's again, why I got so upset when these places absolutelyinsist on taking my social security number, right? It, it, first ofall, when it was put in place, the federal government guaranteed,it would never be used for anything other than social security.
[01:07:53] And the law even said it could not be used foranything other than social security. And then the governmentstarted expanding it. Right. And the IRS started using it. To trackall of our income and you know, that's one thing right there, thegovernment computers, they gotta be secure. Right. All of thesebreaches we hear about that.
[01:08:12] Can't be true. Uh, so how about when the insurancecompany wants your personal information? Like your social securitynumber? What business is it of? There's really no. Why do they haveto have my social security number? It's a social security number.It's not some number that's tattooed on my forehead.
[01:08:36] That's being used to track me. Is it this isn't asocialist country like China is, or the Soviet union was right.It's not socially. So why are they tracking us like that?Walgreens? Why do they need some of that information? Why does thedoctor that you go to that made the prescription for Walgreens? Whydo they need that information?
[01:09:00] And I've been all over this because they don't.Really need it. They want, it makes their life easier, but theydon't really need it. However, it exposes us. Now, if you missedthe email, I sent out a week ago, two weeks ago now, I guess. Youmissed something big because I, in my weekly newsletter wentthrough and described exactly what you could do in order to keepyour information private.
[01:09:35] So in those cases where websites asking forinformation that they don't really need, right? You don't want tolie, but if they don't really need your real name, why you'regiving them your real name? Why do you use a single email address?Why don't you have multiple addresses? Does that start make senseto you guys?
[01:09:54] And now we find out that Microsoft Azure, their cloudservices, where they're selling cloud services, including adatabase that can be used online, a big database, uh, 3,300customers looks like some of them are actually kind of big. I don'tknow. ExxonMobil pretty big. Yeah. I think so. Walgreens, you thinkthat that might be yeah, yeah, yeah, yeah.
[01:10:22] Y. Why are we trusting these companies? You know it,if you have a lot of data, a lot of customers, you are going to bea major target of nation states to hack you and bat just generalhackers, bad guys. But you're also, if, if you've got all thisinformation, you've also got to have a much higher level ofsecurity than somebody that doesn't have all of thatinformation.
[01:10:52] Does that make sense too? Did I say that right? Youdon't need the information and, and I've got to warn anybody that'sin a business, whether you're a business owner or you're anemployee, do not keep more data than you need the new absolutelyneed to run your company. And that includes data about yourcustomers.
[01:11:16] And maybe, maybe it's even more specifically dataabout your customer. Because what can happen is that data can bestolen and we just found. That? Yes, indeed. It could have been, itwas exposed Microsoft the same. We don't know how much it wasstolen. If anything was stolen. Um, yeah, Walgreens. Hey, I wonderif anyone's going to try and get some pain pills illegally through,uh, this database hack or a vulnerability anyways.
[01:11:47] All right, everyone. Stick around. We'll be back. Ofcourse, you listening to Craig Peterson. I am a cybersecuritystrategist for business, and I'm here to help you as well. You canask any question any time, uh, consumers are the people I help themost, you know, I wish I got a dime for every time I answered aquestion.
[01:12:09] Just email me@craigpeterson.com me@craigpeterson.comand stick around.
[01:12:18] Whether or not, you agree with the lockdown ordersthat were put in place over this COVID pandemic that we had. Uh,there are some other parts of the world that are doing a lotmore.
[01:12:34] Australia has, I don't know. I think that they wentover the deep end. The much, the same thing is true right next doorto them.
[01:12:45] And I am looking at a report of what they are doingwith this new app. Uh, you might be aware that both apple andGoogle came out with an application programming interface. Thatcould be used for contract tack tracking, contact tracking. Thereyou go. Uh, it wasn't terribly successful. Some states put somethings in place.
[01:13:13] Of course you get countries like China. I love theidea because heaven forbid you get people getting together to talkabout a Tannen square remembrance. Now you want to know who all ofthose people were, who were in close proximity, right? So, youknow, good for China a while, as it turns out, Australia is puttingsomething in place they have yet another COVID lockdown.
[01:13:39] They have COVID quarantine orders. Now I think if youare sick, you should stay on. I've always felt that I, you know, Ihad 50 employees at one point and I would say, Hey, if you're sick,just stay home. Never required a doctor's note or any of that othersilliness, come on. People. If someone's sick, they're sick and letthem stay home.
[01:14:04] You don't want to get everybody else in the office,sick and spread things around. Right. Doesn't that just kind ofmake sense. Well, they now in Australia, don't trust people to stayhome, to get moving. Remember China, they were, they were takingwelders and we're going into apartments in anybody that testedpositive.
[01:14:22] They were welding them into their apartment forminimum of two weeks. And so hopefully they had food in there andthey had a way to get fresh water. Australia is not going quitethat far, but some of the states down under. Using facialrecognition and geolocation in order to enforce quarantine ordersand Canada.
[01:14:47] One of the things they've been doing for very longtime is if you come into the country from out of the country, evenif you're a Canadian citizen, you have to quarantine and they'llsend people by your house or you have to pay to stay for 10 days ina quarantine hope. So you're paying the course now inflated pricesfor the hotel, because they're a special quarantine hotel.
[01:15:14] You have to pay inflated prices to have fooddelivered outside your door. And that you're stuck there for the 10days, or if you're at home though, they, you know, you're stuckthere and they'll send people by to check up on you. They'll makephone calls to check up on you and. They have pretty heftyfind.
[01:15:36] Well, what Australia has decided to do is inAustralia is Charlene's even going from one state to another stateare required to prove that they're obeying a 14 day quarantine. Andwhat they have to do is have this little app on their phone andthey, the app will ping them saying, prove it. And then they haveto take a photo of themselves with geo location tag on it and sendit up via the app to prove their location.
[01:16:15] And they have to do all of that within 15 minutes ofgetting the notification. Now the premier of the state of southAustralia, Steven Marshall said we don't tell them how often orwhen on a random basis, they have to reply within 15 minutes. Andif you don't then a police, officer's going to show up at theaddress you're supposed to be at to conduct an in-person check.
[01:16:43] Very very intrusive. Okay. Here's another one. Thisis a, an unnamed government spokesperson who was apparentlyspeaking with Fox news quote. The home quarantine app is for aselected cohort of returning self Australians who have applied tobe part of a trial. If successful, it will help safely ease theburden of travel restrictions associated with the pandemic.
[01:17:10] So there you go. People nothing to worry about. It'sjust a trial. Uh, it will go away. Uh, just like, uh, for instance,income tax, as soon as rule, number one is over, it will be removedand it will never be more than 3% and it will only apply to the top1% of wage-earners. So there you go. Right. And we all know thatworld war one isn't over yet.
[01:17:34] Right. So that's why they still have it in somehow.Yeah, some of the middle class pays the most income tax. I don'tknow. Interesting. Interesting. So there you go. Little news fromdown under, we'll see if that ends up happening up here. News fromChina, China has, uh, China and Russia have some interesting thingsgoing on.
[01:17:55] First of all, Russia is no longer saw. Country, theykind of are. They kind of aren't, they are a lot freer in many waysthan we are here in the United States. Of course, China, veryheavily socialist. In fact, they're so socialists, they arecommunist and China. And Russia both want their kids to have a verygood education in science, engineering, and mathematics.
[01:18:23] Not so much on history, not so much on, on politics.Right. But definitely heavy on the, on the sciences, which I cansee that makes all the sense. I think everybody should be prettyheavily on the science. Well, according to the wall street journalthis week, gamers under the age of 18 will not be allowed to playonline games between 8:00 PM and 9:00 PM on Friday, Saturdays andSundays.
[01:18:53] Okay. So basically what they're doing, I reverse thatwhat they're doing is they're only allowing the kids three hours ofgaming per week. In other words, they can play between eight and9:00 PM, Friday, Saturday, and Sundays. I think that might overloadsome gaming servers. Coke gaming addiction has affected studies andnormal lives.
[01:19:13] And many parents have become miserable. That'sChina's press and public administration. Sedna state. Okay. Um,there's going to be some relief during the school holidays.Children will be allowed 60 minutes per day for gaming, uh, hard tosay how China plans didn't force it, but they have their ways,right.
[01:19:35] Uh, identity cards. By the way required for playingonline. They've got a facial recognition system introduced in Julyby 10 cent. Remember all of the uproar around 10 cent and theirapps and president Trump trying to get them blocked here in the U Swell, yeah, there you go. Facial recognition bill right into theapp, and it's proven effective at catching children pretending tobe adults in order to get around government gaming curves.
[01:20:05] So this goes on and on and, and Korea as well, SouthKorea has had some very big problems. You might remember it washeadlines just a few years ago of some of these south Korean kidsdying because they were playing video games for days straight withno sleep, no real food. Right. Just taking all of these so-calledenergy.
[01:20:31] And will literally gave me in themselves to death. SoSouth Korea passed a law that prevented young people from playingonline video games late at night. So that was introduced back in2011 and it's targeted at players 16 around. And south Koreanminers were prevented from playing online PC games between midnightand six, 8:00 AM.
[01:20:57] Now South Korea has scrapped that law. Interesting.So they're saying it's out of respect for younger citizens, right?They're going to abolish this law, replace it by. Permit systemthat allows players to request a permit per game and play duringself-assigned hours that their parents will sign off on.
[01:21:21] This is in an article from GameSpot, by the way, agamespot.com. You might remember them too, the whole Robin hoodscandal. But, uh, I think it's an interesting question. When mykids were young lo those many years ago, I got this box that the,you took the TV wire, you ran it into the box and you couldprogram.
[01:21:47] So that each kid had their own code and you couldspecify how much time the kid could watch TV or how much time or,or when they could watch TV and how much time cumulative the kidscould have. And it actually worked pretty well. And the kidscertainly complained a lot about it. And a couple of them tried towork the way around it kind of hard to when the plug is inside thebox, but.
[01:22:13] Yeah, ingenuity as they are. They, they were able todo that. They cut the wire off and put a, another power connectoron the end of the TV wire. Anyhow, uh, Microsoft, we've beentalking about them a lot. This show. I do not like Microsoft, youknow, that already the windows 11 is coming out and we talkedabout.
[01:22:37] Before, because windows 11 is plying. Microsoft isplanning on requiring you to have a very modern computer. You needto have a TPM in it, which is this special security module. Youneed to have a certain speed, et cetera, but the TPM is a bigthing. That's going to make it. So most of your computers won'twork.
[01:23:03] Tons of pushback on that. I can see what Microsoft istrying to do it. They really would love to have a clean operatingsystem that really wasn't getting hacked all the time. Right. Andthis will help it won't solve their problem, but it will help. Sothat they're going to be doing now is they're going to over thecourse of months, starting October 5th.
[01:23:28] They're going to release windows 11 to certainpeople, kind of one at a time type approach. So they're not goingto force everyone to upgrade. They're not going to offer it toeveryone. And Microsoft is going to offer a preview of the Androidapps in the Microsoft store for windows insiders in the monthsahead.
[01:23:52] But they're planning on having a phased rolloutthrough winter. Date, and you're not going to see it most likelywhen it starts to roll out, but you will be seen and to end withthe stringent system requirement, apparently what they're going todo is not auto update your computer if it's not new enough.
[01:24:13] And if it doesn't have a TPM, but you can manuallyinstall windows 11, at least that's what they're doing right now.Well, that's it for today. We had some more stuff I didn't get to,but we always have more every week. And I try to keep you up todate. We do trainings, visit me online so you can find out aboutall of this stuff.
[01:24:35] The trainings, most of them are absolutely free.Craig peterson.com/subscribe. Craig peterson.com.