Jan 28, 2020
Welcome!
Good morning, everybody. I was on with Mr. Jim Polito this morning and we discussed these Fake Jobs that are being offered on-line, spoofed websites and ID theft. Then we got into who was responsible for hacking Jeff Bezos's phone and why we have to be careful who we hire. So, here we go with Mr. Polito.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Automated Machine Generated Transcript:
Craig
You know, Make America Great Again, that would not be a great
password. Yeah, but some random words strung together are much
harder to crack on a computer than anything else because of the way
the cracking technologies work nowadays. The cracking technology is
much different than it used to be.
Craig
Morning, everybody that was me with Mr. Jim Polito, and we broke
down a couple of things today. First of all, a couple of security
things, the truth about your passwords. We went into the whole hack
here that led to the most expensive divorce in history, and also
employment scams on the rise. Why is it happening? What should you
be cautious of if you're looking for a new job? The FBI has a
special warning out. So here we go with Jim.
Jim
Always ahead of the curve. Always bringing us the latest from the
world of tech talk, our good friend, Craig Peterson. Good morning,
sir.
Craig
A good morning. You know things are always changing out there in
the industry. I'm going to bring something up. You mentioned
earlier today. What they're trying to with this Data Privacy Day is
to bring some visibility into the whole password problem, right?
And you talked about some of the advice that they were giving and,
and, what iHeart makes you guys do. What is it? Change your
passwords every three months,
Jim
Yes, every three months. We have to change our password, and it
can't be even close to the previous password.
Craig
That's a widespread thing out there in the industry, just in
general. But I got to tell you that the National Institute of
Standards and Technology, which is the organization within the
federal government that comes out with all of these security
standards, change that about a year ago. So You now have something
to use against them. Here's why. Here's what's going on. If they
make you come up with a new password every three months, what are
the odds that it's going to be an excellent password? Next, what
are the chances that you're not going to write it down somewhere
like where the cleaning lady can find it? Maybe in your drawer,
taped to the bottom of your keyboard, or even worse, and I know
people are listening that are going to go into the office today and
immediately and take down their post-it notes. If you can believe
it, people place post-it notes right on their computer. The current
recommendations are, you come up with a great phrase. Yeah, you
don't have to use special characters and numbers and all this other
stuff. But come up with a few random words. Pick four or five words
that you can remember that you can associate together. Oh, and you
don't have to change it every three months. Once a year is probably
enough and phrase with three or four words that are there aren't
things like, you know, make America great again, that would not be
a de password. Yeah, but some random words that are harder to crack
on a computer than anything else because the way the crackers are
working nowadays, the cracking technologies is much different than
it used to be. So just a quick word of advice to people if you're
worried oh my gosh, I don't change my password every three months,
and I don't have special characters and digits in it. Best password
according to nest is just four maybe five words. random ones strung
together and that's your passwords more accessible cookie-cutter
type two,
Jim
But I have a new one it is Could I please MooMoo face banana? No.
Can I please use MooMoocen face banana face to the dog patch
Craig
That would work. I think
Jim
I think Steve Martin said that one. I'm stealing it from Steve
Martin. But yeah, you don't want to use one like that. Then someone
if they know that expression will say, Oh, yeah, I remember Steve
Martin said that. If they just get a few words they'll say, they'll
say, I'd like to guess at solving the puzzle. Especially if you say
it on the radio.
Craig
All right. Well, it's data privacy day. And that's why I brought it
up. So great day to have you with us. And a great day to warn
people about a new scam. The FBI is talking about, so you think
you're applying for a job online? And then maybe we even got the
job. And the fact is, you're talking with a scammer online.
Unknown Speaker 4:57
Yeah, that's something.
Craig
The trick behind that right now, the scammers, the bad guys. What
are they doing? They always go after the latest stuff, maybe
something that's in the news, etc., etc. And you know what, it
turns out I don't know, I listened to some of the house hearings.
It would seem as though the job markets terrific the economy is
falling apart, and we've got the worst president in history. But I
think readability is more along the lines of, Hey, you know, I've
had this job for 234 years now. If you're a millennial, hey, I've
had this job for six months now. I wonder if there's a better job
of it. I keep hearing that people are getting paid more. So they're
looking for jobs. So you have even though the job market is tight
for employers, you have all these people looking for jobs. So the
scammers have figured out. You know what, we can get a lot of
information from somebody that applies for a job. Because people,
people will fill out forms, right, Jim, and they'll give me their
social security number, their employment history, their home
address their phone number. So people are now going online, they're
looking for new jobs to see if they can do a little bit of an
upgrade, which makes a whole lot of sense to me. And they are
getting the victims to not only give all of this information to
them, but they're also even getting people to pay them. And we're
talking about these criminals who are, you know, have these fake
jobs averaging about $3,000 per person, according to the FBI
advisory?
Jim
Hey $3,000, which also means, by the way, some people were out
$100,000
Craig
Yeah, exactly. So they're now using the spoof web page to harvest
this personally identifiable information. And a spoof website, of
course, isn't like instead of going to I heart, you go to I dash
hearts calm. Yep. Right. And you don't notice that you went to the
wrong website. And the criminals are also they're all putting
advertising in legitimate ads from legitimate employers. So you go
to the site, it looks real, right? These bad guys are stealing ads
from legitimate employers. They're doing everything. But that's
because now employees are busy looking for other jobs. Because what
the heck, they might just find them.
Jim
We're talking with Craig Peterson, our good friend Tech Talk guru.
I have to be careful. When applying online, make sure you know to
whom you're talking. If it sounds too good, it probably is not
real. Craig in the time we have left, I want to ask about this week
john had the story. Last week, we learned that Jeff Bezos's phone
hack that led to the exposure of his affair. It turns out the Saudi
prince accused of masterminding the murder of a journalist is the
same one charged with the hack on Jeff Bezos's phone, of course,
the founder of Amazon. I'll be talking about this a lot more in my
on my podcast this weekend, which you can also find on the iHeart
as well.
Jim
There we go. Yeah, and the easiest way to find it is you just go to
Craig Peterson dot com.
Craig
But here's what happened. Guys, man has a media been getting this
report wrong. But let's start at a high level. First of all,
remember Jeff Bezos bought this fish wrapper out of Washington DC,
remember when that happened, right? It was the Washington Post. So
he bought this newspaper down in Washington DC, and is, you know,
it's been around for a very long time. Okay. It broke some national
stories over the years, but it's just gone left. Well, Jeff hired a
journalist, Jamal Khashoggi, and he began writing for the
Washington Post had been criticizing the Saudi Crown Prince because
of the murdering of this Jamal Khashoggi. And then they were saying
a lot of nasty things about it. So what ended up happening now
apparently, this is all allegations at this point. But apparently,
the Saudi Crown Prince got pretty upset that the Washington Post
was saying all these bad things about him and that they murdered
this. I'll use the term journalist kind of loosely because I think
that does apply here in the case of Khashoggi. Yeah, at any rate,
he wanted the Crown Prince, apparently to have a little vengeance.
So the owner of The Washington Post, ultimately, is Jeff Bezos.
Yep, the richest man in the world. Yep. He, here's what he did. And
this is kind of interesting because we use these apps all the time.
And apps are, you know, they can be significant. They sometimes can
be monitored. And there's something called an end to end
encryption. And when people are looking at apps to communicate, you
want an end to end encryption. In other words, you don't want it
set up and in a way that somebody can intercept it. So apparently,
Jeff Bezos exists. An App called WhatsApp, which is owned by
Facebook and does have an end to end encryption. But here's what
happened. It looks like they used some of the hacker hacking
software that's known as a zero-day attack against whats app. And
apparently, there was a bug inside of the WhatsApp app. Now let's
think about this for a minute from people that use WhatsApp or use
any kind of a chatting or messenger program. If you're using your
iPhone, it comes up and says, this half WhatsApp wants access to
your photos and videos. And so you're sitting there thinking, Okay,
what am I, you know, let's find I'm going to want to share videos
and photos. So yeah, go ahead. Let's what WhatsApp has access to,
and that's true, obviously on Android as well. A little more
confused than Android, but it's right in both cases. So apparently
what happened was, there was a bug that some people There's still
allegations here, I'm not positive on the reality there is I'm not
going to make any names or, or other allegations here. Researchers
found a bug in WhatsApp that allowed them to send you a WhatsApp
user a video. And that video broke into and took over WhatsApp. And
almost immediately after Jeff Bezos received this video from the
Saudi prince, you know whether or not it was him as a different
story, but received it from the Saudi prince. His phone started
exfiltrating data. In other words, all of a sudden, his phone
started sending pretty much everything that was in his pictures and
videos to Saudi Arabia. And then what do you have, you have the
most expensive divorce in history.
Jim
It was the most expensive divorce in history, how many? Meaning she
didn't even get half. It was still, what did she get, like
38,000,000,048 billion bunch of property.
Craig
Wow, it's tough. It's tough to live on that. So it's he noticed
something has just started slowing down. It was sending video data
out at a rate of 106,000,000%. Higher than previously. So he
noticed something was wrong. And he took it to a forensics group
who started having to look at the phone, but it was a bug in
WhatsApp. And that kind of concerns me I'm sure it's going to be
fixed if it hasn't been already. But you know, this has to do with
again, having 100 200 apps on your phone. Think about it, all of
those apps on your phone, what bugs do they have in them? How many
apps to use. And as part of security awareness today, and I've said
this for a long time, delete apps that you do not use frequently.
If If you want real secure communications, if you're using iPhone
messages is probably all you need messages and FaceTime, they both
do a great job. And because Apple's paying close attention to it,
bugs like this are likely to get fixed very, very quickly. And this
is what happened to this is the new world that we're living in
today. All of these application developers and these cool little
apps that we have, you know the ones make it look like you're 20
years older or younger are stealing our data in some cases like
this morphine app, the data is sent directly to Russia. You lose
all rights to any pictures you uploaded. Worse yet, who knows what
they're doing with those photos once they get there. So get rid of
these apps that you're not using and don't trust them. 100% of you
think something weird is happening that might be. And one real
quick thing I have to say, and that is that when we get involved
with an investigation for business on behalf of a company that
thinks they might have been hacking, something might be going on
99% of the time, Jim, we get a call. Something's going on with our
email. We're not sure what it is. And then when we dig into it more
refined Chinese backdoors Russian hack,
Jim
yeah.
Craig
Right now, everyone's attacking our customers. It's just amazing
what's happening out there.
Jim
All right. Now you know what's happening out there. He's told you
about the latest security stuff you need to know during this
segment. If you want more of this information, get on board with
Craig Peterson. All you have to do is text my name, Jim, to this
number 855-385-5553. That's just texting Jim to 855-385-5553.
Standard data and text rates apply. And Craig Peterson will not
annoy you bother you sell you something or hack you. Don't worry
about it. Craig, thank you so much. Great segment. We'll talk with
you next week.
Craig
Thanks, Jim. Bye-bye.
Craig 16:31
All right. Hey, everybody, I want to let you know we have been
working hard creating a new course for you. I will have exclusive
giveaways for you as part of the course. It is going to be the best
webinar ever, of course, all centered on transforming your
security, your security posture, and more. So keep an eye out on
your email, Greg peterson.com slash subscribes, but see the only
one Didn't find out about it. Take care, everybody. Be back
tomorrow. Bye-bye
Transcribed by https://otter.ai
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553