Preview Mode Links will not work in preview mode

Thanks for joining us! Let me know if there are any topics you'd like us to cover by sending an email to me at craigpeterson . com!

May 18, 2019

How can big enterprises protect their networks from all this iOT that is being brought in? Listen in and I will explain.

Isreal has a unique take on how to stop hackers.  Wait 'till I tell you how their solution. 

More Fall out from the Equifax Hack!  It was completely preventable.

What happened in Northern KY this week? Big News there and it involved Jeff Bezos atop a big John Deere Tractor.

Patch Patch Patch -- Intel has Monster computer vulnerability.

President Trump issued an Executive Order against Huawei this week. Listen in to see what I have to say about that

Do you use Mcafee - Norton?  Big news on them this week so be sure to listen in.

For more tech tips, news, and updates visit - CraigPeterson.com

---

Transcript: 

Below is a rush transcript of this segment; it might contain errors.

Airing date: 05/19/2019

Today I will be discussing hospitals and the new approach they're taking to cybersecurity and why they are pushing manufacturers to give them access to their source code. And is Israel bombing hackers. Then more on the fallout from the Equifax hack. And Big news out of  Amazon Jeff Bezos is going after Fedex and UPS. Intel has Monster computer vulnerability and President Trump issued an executive order about Huawei. Big hack on security av manufacturers Mcafee - Norton this week.

0:01 - Craig Peterson

Here we go.

Welcome. Welcome, Craig Peterson here. Of course, we have a lot of technology to talk about. And always, always read a little bit of security as well. So we're going to get right into it today because there is a lot to cover per usual we're going to be talking about hospitals and the new approach they're taking to cybersecurity. I'm going to tell you what one of my clients did to really make their whole hospital chain even safer. In fact, they were very safe, to begin with. Right, so I guess that’s easy. 

Israel, you know, they've been bombing but man, you haven't heard about this. 

What happened with Equifax after that nasty breach? They had you think they didn't pay a penalty? Well, in some ways they didn’t. But we’re going to talk about what ended up happening here with Equifax based on their earnings report. 

Jeff Bezos has been out on the road in a big John Deere Tractor, what's that about? In fact, I was just out by where he is at just a couple of weeks ago.

Microsoft major warnings coming out from all of the major computer manufacturers this week, we'll talk about that. And Apple how fixing this problem if it thinks Intel might cost you a 40% performance penalty, and White House cracking down on Huawei

And anti-virus makers? Do you have Norton or McAfee or Symantec? Oh, you gotta hear this.

So here we go with Tech Talk with Craig Peterson. 

Now, if you want to watch this, you can watch it online, we are streaming this on YouTube, we're putting it up streaming on Facebook, as well. 

So I'm going to be showing some copies of some of these articles as we go through this. And in some cases, obviously, it might be a little difficult if you listen to me on the radio or podcast to kind of figure it out, but I'm gonna do my best I can to describe it all to you as we go. 

Well, it has been a busy week for so many people out there. And I'm showing an article right now, talking about hospitals, this has been crazy. The infusion pump, you've seen these before, right? in hospitals, you get an IV in your arm, and they hook it up with an infusion pump. So that now you can get a drip IV right now. So we used to do this in the ambulance all the time you took it up, you'd obviously you'd have to set the IV up, you'd have to get get a needle every go into the arm, sometimes you'd even have to go as far as the hand, depending on where the problem was and how much fluid they needed. Anyhow, these devices were invented right here, Manchester, New Hampshire. Not too long ago, go Dean came in, of course, that was his first big product.

And if I remember the story, right, his brother was a nurse, and they're trying to figure out how do we make sure that the infusion pumps are working properly, and we're getting the right dosage of the right medication to the patient? Well, those devices are controlled by what they are controlled by computer. How about all these other devices they have in the hospitals? No, hold on a sec, I'm going to move something real quick. Here behind me so that you can see that screen behind me. Here it goes, hopefully, the screen will come up right.

In the hospital, people doctors are performing biopsies, you have the MRI machines. Nowadays, almost everything in the hospital is hooked up to a network. And I remember the issues that I had with one of our clients, Steve was the IT manager for our rather large hospital chain. And he was trying to figure out what do we do? How do we make this stuff safe? We have all these people that are going on getting their email.  Now we've got all the IoT devices, right? The Internet of Things. What do we do with those devices? How do we keep them all secure? And what he ended up doing is actually follow my advice. And we split up the networks, he found that it wasn't as scary as he thought it would be. It wasn't as hard as he thought it would be. And it wasn't as expensive as he thought it would be. Because nowadays you can lease a lot of this equipment, the prices have come down. So he was able to really secure the whole hospital chain. It's not just the hospitals, you remember, you have doctors offices affiliated with the hospitals. So they were responsible for it and for these doctors offices as well. It kind of goes on and on from there. So we now have our friends in the hospitals being very worried about what is going to happen. We have these massive cyber attacks that have been happening worldwide. 

We have, of course, financial institutions that have been hit. I have another client, Lucille was trying to figure out what to do because she was part of a global network and a worldwide Corporation, and how do I protect myself from other aspects of the corporation, how to protect myself from my clients and everything else. So you know, I did a bunch of training with her helped her out as well. 

But that's what hospitals are doing. They're trying to detect weaknesses. But remember, it isn't just in your networks anymore, because it's one thing to segment them out. As I explained in my course, on network segmentation, it's important to do that. But now hospitals are demanding that they see right into the devices that are being connected to the networks. So they're asking even for software, they're saying, Hey, guys, you need to give me access to your source code, which you know, how many software companies are going to be happy about that.

But that's what they're doing. And that's what they have to do. I have a manufacturing client who has all kinds of equipment on the floor, some of that stuff is still running Windows XP. So we had to set up special firewalls right in front of the equipment to protect the Windows XP. And, in this case, she was able to understand how to really do that, because they have to be individually protected.

Because she wasn't about to pay, I think it's like $30,000 a year right now, from Microsoft per XP machine that you want patches for right.

And there's no way she could have afforded that. So we went a little bit of a different route. And we put an individual specialized firewall designed to protect the Windows XP machines that she had. That's all well and good. 

But when you're talking about all of these embedded systems, how do you even know what has what? What's running Linux? which version of Linux? are they running? what's running Windows? which version of Windows? are they running? What can I do to protect it? Does it have a database server in there? Does it? Does it just have a very basic application? Is it going through some middleware? Is it calling home is trying to get updates? Is it bringing the software in? Does it have a backdoor? Think about all the things you have to know in order to make sure your network is safe. And that’s what my whole course cybersecurity DIY is all about, right? How do you know all of that?

So the hospitals are now demanding admission to really admission to the innards of the equipment that's hooked up in their networks. And I think that makes a lot of sense. They're going beyond firewalls, they're looking at all of these different devices that are out there. 

Who owns a piece of cybersecurity, if this piece of equipment gets hacked, whose fault is it? Who has to clean it up? And what's the cost of Boston Scientific have began to add some features disclosing more about the product. And frankly, I think everyone's going to have to do that if you are a manufacturer. If you make something that has to do with software or hardware, right, I'm not just talking about making widgets.

If you sell something that has some sort of embedded intelligent, if you're not already telling your clients what's in it, you need to be and you as a client need to be holding these vendors responsible for some of these issues than that, you know, you might end up having, frankly, due to the security problems that they can pop up from all of us, right. So keep an eye out for that we're going to be covering more of course, as time goes on. And Patrick got a really great article, you know, talking about this very thing right now because it isn't even just the operating system.

It's the processors, it's the chips that might control the network. It's you know, the wireless chips that are in them.

We've got a big vulnerability will be talking about here in just a couple of minutes. 

So let's, let's move on to our next one here. And this is Israel.

We know that they have been under attack from Hamas for some basically forever since their founding. And there have been a lot of rockets flying lately, I have a friend that videographer for CNN, he's over there. He said some pictures of himself, standing there trying to figure out what it is that he needs to be doing taking care of to keep himself safe, right. 

And, you know, there are some things you can do some things you can't do, frankly. But all of those rockets flying, this was a bit of a surprise to me, you can see the article up on my screen from national interest.org. 

But last weekend, the Israeli Defense Forces claimed to have flattened a building used by hackers from Hamas. Now we've talked before about our friends and our North Korea and how they have a whole huge budget set aside for what set aside for hacking. And they have one of the most advanced hacking teams in the world yet North Korea, they send their people over to Western schools to learn about this, then go back and they steal billions of dollars. 

It's amazing when you try and follow the money. And we did a special FBI infer guard webinar that I ran talking about some of this and how they're moving the money around. So it's a very, very big deal.

So, what's cheaper to buy some missiles and lob them over to Israel? Or have your people go to school, learn how to hack, go online, and pay as little as $20 for a ransomware tool?

What's What do you think is cheaper, right? These missiles, I don't know, what that costs thousands of dollars, right? The big ones probably hundreds of thousands of dollars, versus a $20 piece of software off the dark web. 

I think the answer to that is pretty darn obvious, right? The $20 piece of software is going to be a cheaper way to go. And nowadays, most anybody knows how to install software and run it. And some of this software, if you want to pay as much as $100, you can completely pre-configure the software. So the tools you put in your email address how much you want to hold the machine for ransom for how to contact you how to probably get tech support there even our tech support companies that only deal with the hackers and read somewhere that you can hire to take care of it for you. 

So, Israel saying wait a minute, now Hamas is coming after Israel. They're not just lobbing these missiles anymore, these bombs, they are now hacking us. 

So according to the IDF, and there's a photo that accompanies their tweet, it was showing this U shaped building. And it was colored in red presumably indicating where they were going to be attacking from this drone. That was overhead. But IDF didn't provide details on all of this. 

You know, what was Hamas exactly doing with the cyber attack? And exactly how did Israel find it right there. Some things they do keep secret and they kind of need to. But they blew up the building that they said that the Hamas hackers were in? So, how's that for a different way to do it? Right. 

Pentagon's got these new high tech crap weapons like the F 35. How about it getting hacked? I remember an article from a few years back saying that the computer chips that they had ordered, that were to replace some of the chips that were in our defensive and offensive weapons. Our military weapons, these weapons were specifically for a jet aircraft, that used those chips were embedded with malware. And that we kind of found out about it by accident, almost. You know, we did testing and things and we found, wait a minute. Now, this isn't doing exactly what it's supposed to be doing. And they had been manufactured in China who got involved and had messed around with some microcode. And before you know it, we're installing defective chips and not only the effective but chips that may be hackable or shut down double remotely. Right?  This is a very, very big deal. 

So, something to be concerned about. And now Israel is responding apparently to a cyber attack with a bomb and just blew them up. Interesting stuff. 

Well, let's go on to the next one. I don't know how many people are upset by this Equifax security breach that happened? I know I was. I've talked about it a lot I did in another webinar just last week, I think Yeah, aired it. In fact, this just this last week, it was with Laura Lee. And we were talking about how she got involved with cybersecurity. She's been in it for a while now. And she got involved because of this hack. This hack here, I'm going to put it up on the screen, you can see this whole article. But it was a security breach that basically gave up all of the information about everybody in the US. And a lot of people I think almost everybody in Canada, and the much out of the rest of the world, right? 

Not a fun time. And it was Equifax and I was really upset with them because they're basically nothing happened, right? A couple of people were resigned and one or two were fired. And, and, you know, I'm not saying that Equifax does this, but I can say that a lot of companies have it people who are in charge of security. And their security plan is I have in my drawer here, my letter of resignation and my resume.

Because if anything happens, I'm going to be fired. So I'm just going to resign and walk out and find a new job.

And why does that happen? That happens for a few reasons. One of the big reasons, frankly, is that they can't get the budget to do what they need to do. And that's what I'm trying to do with some of this training, right. That's why I have these in-depth training on different parts of cybersecurity. I don't have any training's going on right now. But that's why I do it. 

And some of these are very exclusive, obviously, because there's information that's confidential, and some of its even slightly classified. We don't usually get into real classified stuff.  The IT security department can't do what they need to do. And they don't get the support they need but from management. So, what do you expect them to do? 

So, Equifax got hacked? And let me tell you the examinations of Equifax and what happened is a basic security course. If they had followed what I teach in my course, the hack would have never happened. It was that simple. 

That's how badly Equifax messed up. So are they out of business? No. Did they go to prison? No. Right, what happened? They found a scapegoat and they fired a couple of people. Well, this week, Equifax published its earnings report, and they're saying that they had a $1.4 billion expense, plus legal fees. 

So, in some cases, Equifax was providing people whose information had been stolen. They were providing them with credit monitoring. But you know, the bottom line here, that's a lot of money. And then think of all the legal defense costs here. They exploited a vulnerability that was well known. It just goes on and on. A hundred and 45 million people in the US, the UK. Names, social security numbers, birthdays, home addresses, credit score, dispute forms, credit card numbers, driver's license numbers. Absolutely amazing. And apparently, by the way, this was last year, there were reports that this hack was worse than we initially thought and worse than what Equifax told us. So how's that for fun? Okay, so, yeah, Equifax, they had to pay a bit of a penalty. But you know, who paid the penalty? The stockholders who had to cover that expense? I bet you it was closer to $2 billion. When you add in all of the legal fees. 

Now, I'm going to show you this picture. I think you might like this one. Do you recognize this guy? This is Jeff Bezos. And he is standing on a massive John Deere tractor in an article from TechCrunch here. Why is he standing, you know, on a front loader, with a hard hat on? Well, here's why. 

This, man, this is going to at least it should, scare the daylights out of companies like FedEx, Amazon, you know, they, they about 50% of all retail now is going to Amazon and numbers are just crazy. of the online stuff. It's just nuts. So, Amazon is doing a few things right now to help out right help their people out, to help their business out. 

One of the big things Amazon has done recently is that they are giving people who are current employees, who are interested, they're giving them cash and paid time off to start their own delivery business. So, that’s competing with everybody from the US Postal Service, through FedEx and UPS and, and these delivery companies that have been around for quite a while. 

Well, now, they broke the ground last week on a 3 million square foot prime airport, outside of Cincinnati, just across the line in Kentucky. Now, I want to put this in context here. What does a 3 million square foot airport look like? Well, bottom line, what they're doing is they are building a parking garage that can hold 100 cargo jets.

So, it looks like Mr. Bezos is absolutely going to be not only delivering to your door that last mile as it were, but he is going to be flying his own airplanes via his own airport and doing the delivery. So, he's really going to own the whole thing. This is Amazon, of course, he doesn't have 100 cargo jets, yet. But it is part of the company's logistics ambitions here, man. If anybody's going to pull it off he is. According to Bezos, his tweet, Amazon's investing $1.5 billion in this effort, okay. That’s real, real money. Let me just kind of scroll this up. So you can see this article a little bit, right. It's, I'm showing a couple of pictures here. There he is with a pile of dirt behind him with his tweet. So he's looking he says he's going to be creating 2000 new jobs. Isn't that just amazing? So Amazon's encroaching on the core business now of FedEx and UPS, as well. Of course, the USPS, the US Postal Service. They're not in business per se, but it's going to affect them as well. 

Okay, we got to get on to this one. We are running out of time quickly here. Huge bug week this week. Absolutely huge. Now, those of you who are on my internal lists here who get my subscription for the security newsletters, you know about this already, because I sent this out right away. 

But for everybody else, you got to know this need to know this right now. I even sent it out to my regular mailing list this week. 

Microsoft is warning of this monster, monster computer bug this week, Microsoft announced Tuesday one of the several high profile computer companies to do it and included Apple and many others. 

So let's do this pretty quickly. Bottom line, we have a couple of things happening right now, we've got a major security problem with Intel processors, almost every processor Intel has made since 2011. You heard that right. Almost every Intel processor made since 2011, has a major security problem. 

And Apple, I'm going to pull this article up too.  Apple is saying that bottom-line if you want to protect yourself against yet another Intel CPU flaw, you're going to lose 40% of the performance on your Apple Computer. This isn't an Apple problem, by the way. This is across the board. If you are using a Windows computer, and you want to be completely protected, you're going to lose about 40% of your performance. Because hyperthreads, Hyperthreads are a huge problem right now, because of this particular problem. It’s just crazy here.

And then we've got other flaws that in Microsoft just talking about this week,

I think there was, Karen, 17 this week for Patch Tuesday?

This 74 with along those critical ones 19 critical flaws Microsoft is fixing in Patch Tuesday this month

That's out of over 70 total patches that they're applying. So here's your bottom line. If you have a device that has Intel, anything on it, you are going to want to apply patches, right away! 

All of the major manufacturers have patches out already. Apple's got theirs out, Microsoft has theirs out for Windows, It’s a very, very big deal and you got to take care of this and take care of this quickly.

So okay, patch, patch, patch!

If you haven’t been patching, and I know this is a problem, right. That's why I have the newsletter that describes these problems when you really, really need to patch. Because how many of us are really, really patching, right? 

We wait until we have to because stuff breaks, I've got work to do, I can spend two hours trying to do the patches. That's why we do it for so many clients, we actually take care of it all remotely, for them. All of the patches get applied and everything just automatically. But that's not most people and I understand why you don't want to do it and why you can do it. You just don't have the time to do it. But, right now you've got to do it, right. So, give it another week or so frankly, because you never know if the patches are going to work as well as they should. So far the Apple patches look good. The patches from Microsoft are out there. So questions, right? Wait about a week, and then by next weekend, make sure everything is patched up. 

Now if you have an iOS device, an Apple iPhone, or an iPad, or you have one of these smartphones from Samsung, or almost anybody, very few of those have the Intel chipsets in them. 

However, some of them do have licensed software from Intel does have the same problems. So patch patch patch, okay. This the week to do it. No question about that. 

Okay, I'm gonna pull another one up here on the screen with a couple of minutes left here. Huawei this is a Chinese manufacturer of all kinds of technology, one of the technologies that they are providing right now is 5g for the new cell phone. The new era of cell phone data connectivity. And a lot of people are very worried that because Huawei is the primary provider. We could end up in a huge, huge mess out there. I mean, huge. And the reason for one of the main reasons for the mess is Huawei, of course, like every company in China is controlled by the Communist Party. Yes, there are still communists, there are still socialists in the world. It's not just Bernie Sanders, they are worldwide. And they control the country and the money.

Just like I said a little bit earlier, is it easier for Hamas to hire some hackers or to lob some missiles, hackers. So, we are very worried about what Huawei is doing, very worried, about them being almost a sole-source for some of the 5g technology out there. President Trump just cracked down on it all. So, when this executive order from him this week.

We got a confirmation and a denial from Symantec and McAfee. Oh my gosh, here. Apparently, they were both hacked. There's an advanced intelligence company out in New York. And we put this up on the screen, so you can kind of follow along. Who is saying that, indeed, these two companies got hacked? The hackers known as FX MSP are said to be offering to sell the stolen data that they say they stole about 35 terabytes worth of data from these, I don’t want to call them security companies, so I don't know, security software manufacturers. Obviously, they're not that secure. Right. 

But if this is true, $300,000. Gizmodo who's reporting this has not confirmed it yet reviewed any of this allegedly stolen documents, but we'll see what happens. And you already know, you know me fairly well, that frankly, I’m not a fan of either one of those companies. So no big deal there. 

Alright, well, I want to thank everybody for being with us today. We really, we're going to have to kind of disappear. Because guess what? Time is

up. Time is over. I appreciate you being with us this week. Make sure you go online CraigPeterson.com And we've got a whole new website coming your way. So keep an eye out for that as well with more information. 

Man, this is going to be really good. We’ll have more courses, more classes. We've got to get you up to speed. So I'm taking some of the stuff I've been doing for the FBI infragard. And we are incorporating it into other classes trying to keep you guys up to date with the information you need. 

Right, not the fire hose that we get.

So have a great week and we'll be chatting with you next week. Take care.

Bye-bye.

--- 

Related articles:

Microsoft Warns Of A Monster Computer Bug, In A Week Of Them

Enabling Full Mitigation Against Intel Cpu Attacks Causes Up To 40 Percent Performance Penalty

Security Breach Suffered By Credit Bureau Equifax Has Cost Them $1.4+ Billion

Antivirus Makers Confirm—And Deny—Getting Breached By Hackers Looking To Sell Stolen Data

Israel Bombed Cyber Hackers (That Is Historic, For Many Reasons)

White House Cracks Down On Huawei Equipment Sales With Executive Order

Jeff Bezos Personally Dumps A Truckload Of Dirt On Fedex’s Future

Hospitals Push Device Makers To Improve Security Following Cyberattacks

--- 

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553