Dec 18, 2018
Craig is on the Jim Polito show as he discusses with Jim the Equifax breach and the new bug that left your Microsoft account wide open to hackers.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
A Bug Left Your Microsoft Account Wide Open To Complete Takeover
Equifax Breach Was Just As Infuriating And Dumb As You Thought, New House Report Finds
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 12/18/2018
Big Data Dirty Little Secret Ties To Government - Microsoft Vulnerability
Craig Peterson: 0:00
Hey, good morning, everybody. Craig Peterson here. This morning I
was talking to Jim Polito about security and safety online. The
report came out from Congress what happened with the Equifax hack?
We talked about that I gave away a dirty little secret here about
our government and kind of another type of spying operation that's
been going on. And we started out by talking about another major
ability over Microsoft, although this one was finally closed after
being at least wide open for five months for at least five months.
So anyhow, I hope you guys are having a great week. I am so looking
forward to Christmas next week. I hope you guys are to having a
great year whether you celebrate Christmas or not, and I will be
back tomorrow as well. So here we go with Jim
Unknown 0:54
Here he is the man myth and legend by he's actually from the future
or you know, he's a machine and he's masquerading as a man. It's
part of that whole matrix thing. Here is our friend Craig Peterson
Good morning, sir.
Unknown 1:12
Hey, good morning. And greeting to our robot overlords.
Unknown 1:19
I do love the Matrix movies. It's great, but it scared the Matrix.
And of course, the Terminator movies. They all scare the heck out
of me. So before the machines take over
Unknown 1:32
what's going on with Microsoft and your Microsoft account? Like my
office documents, my outlook emails, which just happens to be two
programs that I use,
Unknown 1:48
the hackers could have gotten in there, or did they get in there?
Craig? What's the story?
Unknown 1:54
Yeah, there's a lot to worry about this year. And if the FBI has
out some new warning about some different types of scams going on.
You got to be careful if you're buying gift card we can talk about
that ticket scams oh my gosh, what's going on this year, but
Microsoft gave us a special kind of a pre Christmas precipice here
they laugh consumer a series of different vulnerabilities your
account if you have Microsoft accounts, everything from your Office
documents your Outlook email yeah pretty much wide open to hacking
and there was this whole calc takeover thing you know I'm shaking
my head gives you think that these companies would know better and
this is a very big problem but if this is a little bit complicated
but basically what happened is the security researcher was able to
take over our Microsoft domain what are their sub domains success
office.com and he was able to trick the applications to ask off
success at office calm the Microsoft applications on potentially
millions of people's computers trick them into sending all of the
users confidential information to him now he reported it to
Microsoft in June they finally fix that but he never took control
of the domain but he received any and all data coming to it's going
from it and again it's you know we've got these large complex
systems and everybody silos so that the office people you know
you're working on on word I'm working on best you're working on
that you're working on the authorization you're working on the lock
in your and those teams don't have any oversight because the whole
system is just so powerful complex How can somebody know everything
about everything this is just frankly bound to happen and and
that's where my Christmas present comes in. Jim
Unknown 4:11
yeah and early I'll take
Unknown 4:12
it a week early Sure. Okay. We finally finished that special report
on what to do to freeze your credit freeze your information so the
bad guys you know they almost certainly already have all of your
termination check back yeah but because they have all of that and
because of the new tax law there are new ways now to protect your
credit your personal you know my whole personal side of it that you
didn't have before they're absolutely free so I'm going to play
around this yeah but I finally got this report all finished we're
sending it out this week so I'm going to send out an email keep an
eye out for the probably Thursday and you're going to love this is
it step by step what do you do how do you do it how do you stop the
bad guys now from using your stolen information and as usual
absolutely free and absolutely I think very very useful it just
took us like two weeks to get it together but that's my Christmas
present or or Hanukkah Happy holidays or wanna call it
Unknown 5:29
What about festival yeah yes that's right
Unknown 5:35
favorite
Unknown 5:35
yeah
Unknown 5:37
so that's something that if you are on Craig Peterson's list you
will get and at the end of this segment I'm going to give you a
number I recommend that you text My name to that number Craig will
know where you're coming from and then he will provide you with
that information and then as you go forward folks who have already
registered with Craig they'll get it anyway way so any won't sell
your name you won't exploit you and standard data and text rates
apply that's a nice little that's a nice little early present now
the folks at Equifax which don't they happen to be the gift that
keeps on giving speaking of the Now there were in a holiday and
Christmas motif
Unknown 6:27
there remember they had their the folks who do credit rating and
they had a big data breach and once again Craig Peterson to the
rescue for listeners to the show as to what to do but there's a new
report by house investigators Congress as to
Unknown 6:49
the breach and it's actually worse than we thought it was right
again why is it every time there's one of these hacks data breaches
every time I'm we hear about it it gets worse
Unknown 7:03
yeah yeah this is the House Oversight and Government Reform
Committee and they released on Monday and 96 page long report and
this is just absolutely astounding to me because I have clients
that have come to me and they say hey Craig Can you help us out
Unknown 7:27
because they lost just credit cards just credit cards and the
Payment Card Industry if you accept credit cards now requires you
to sign this document that is almost 250 pages printed out yeah and
and they say hey we lost some of these credit cards were getting
fined and that they they ended up settling some of the fines but I
had one company come to me Jim and the fines were in the millions
of dollars because his face on how many credit cards you have
accepted over the years okay yeah but this company so very very big
deal What do you think you know Equifax is fines were what do you
think you know how many people got fire people went to jail
Unknown 8:19
now folks the whole Equifax thing and and as I said Craig Peterson
did a lot to help people to protecting and you're still
recommending that people freeze their credit. Right?
Unknown 8:33
Yeah, that's the only way around this and you know it really is ok.
But here's what
Unknown 8:39
I want to get. I want to get to your points. Are you freezing
credit. But
Unknown 8:44
how many people got fired? Zero? Maybe maybe one and he was the
intern every other Tuesday who came in from Columbia University
finds.
Unknown 9:00
I don't know a $5 for every person who was hacked because that's
what you had to pay wasn't it originally to freeze your credit or
$1? I don't know
Unknown 9:13
yeah, basically that's what it was it was Equifax has to offer free
credit reporting services right and then they offered a free credit
freeze but that was only one of the agencies you've got a freezer
that all three major agency right
Unknown 9:30
right
Unknown 9:30
so yeah and you're right about the intern basically nobody I'm at
upper level got fired on that was absolutely
Unknown 9:38
crazy credible.
Unknown 9:40
It's incredible. So here's There are five key findings. First of
all of our house report says it was entirely preventable. There was
a lack of accountability management they had complex and entirely
outdated IT systems. These are a little legacy systems been around
a long time and they hadn't bothered to update anything that was
essential here. They were unprepared to support affected customers.
You you remember we talked about this, what they sent them from
these weird email addresses. The sites weren't working and here's
the worst one right. But in terms of animal Equifax, a wild over
300 security certificates to expire, including 79 security
certificates for monitoring the business critical domains. And they
did not renew an expired digital certificate for 19 months. This
one important 119 months which left Equifax without visibility on
the X filtration of data during the attack. And other words that
the data was being stolen was being pulled out of echo fact they
didn't notice they couldn't know
Unknown 11:01
employee. They didn't keep their certificates up today. Can you
imagine that?
Unknown 11:08
I mean, I mean, like a company. Okay. It's one thing if you have to
say to me, Tim, did you update your antivirus? Did you do this? Do
you have the latest software for your Wi Fi? And for this? It's one
thing if you you know, that's me. Now we're talking about a
corporation
Unknown 11:29
that what do they do? These are the crowded guys, they have
everything. You and I we don't even do business with them. Right.
When was the last time you said that factor check because of that
wonderful service?
Unknown 11:43
Because you're doing a great job.
Unknown 11:45
Yeah, yeah. Are you kidding me? And the laws that we have in place
allow for all kinds of exceptions for them where they can do just
tons of stuff that would if you and I were collecting some of this
data, we will being serious trouble that the federal government
can't even collect it. And you know what Jim Bakker the deep dark
secret here to end this foldable discussion. Yes the deep dark
secret is the federal government cannot collect information certain
information on our that citizens. And so what did we do we want to
the Five Eyes apparently we went to the UK we went to Australia and
said, Hey, can you spire Trump for us? That's what it was like
happens because we can't do it. Here's the dirty little secret you
don't want. They go they go to these data aggregation providers.
They go to companies like Equifax and they say hey, has Jim done
this or that? Who are they talking to? What's he been buying? What
are the trends in his Spencer's look like and these data
aggregators have everything, what kind of car you drive, how old it
is, if it's registered, if they even have your photo and your
driver's license information, depending on the stage you're in, and
the federal government uses them to track
Unknown 13:05
and so are they really incentivized to come clamping down on these
data aggregators? No, we're not
Unknown 13:14
trying
Unknown 13:15
a little dirty secret for Christmas
Unknown 13:18
a little dirty secret. Now, here's another gift for everyone. If
you text My name to this number
Unknown 13:25
855-385-5553. That's 855-385-5553
Unknown 13:33
standard data and text rates apply. Craig Peterson will get back to
you with all of this information. Plus more you'll be honest list
when there's a big hack when there's a big problem, he will reach
out to you and don't worry again because he won't sell your name to
anyone and won't give it to hackers. And again, standard data and
tax rates apply. Craig, thank you so, so much. Hey, a very, very
Merry Christmas to you, sir.
Unknown 14:02
Hey to you, too. I'm looking forward to listening to you on
Tuesday. All right. Oh, wait a minute.
Unknown 14:07
And Happy Happy Boxing Day. Okay. Yeah, I know very. My Canadian
friend. Happy boxing. Say Craig. Everybody. Craig Take care.
Unknown 14:18
Bye bye. All right, don't go anywhere
Unknown 14:22
and as you heard I finally have a document ready about what to do
and I don't know we might want to turn it into a whole course for
people so it's step by step you know screen instruction and helping
them out but anyways it is finally available make sure you're on my
list http://CraigPeterson.com/subscribe and take care. Talk to you
tomorrow.
---
Don't miss any episode from Craig. Visit http://CraigPeterson.com/itunes. Subscribe and give us a rating!
Thanks, everyone, for listening and sharing our podcasts. We're really hitting it out of the park. This will be a great year!
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553