Dec 22, 2020
Good morning, everybody. I was on WTAG this morning with Steve Fourni We discussed VPNs and Man in the Middle Attacks (MITM,) Here we go with Steve.
For more tech tips, news, and updates, visit - CraigPeterson.com.
Automated Machine Generated Transcript:
Craig Peterson: [00:00:00] Hey, good morning everybody. I was on with Mr. Steve Forni this morning, Jim Polito is out. He is sick. Oh my gosh. This COVID thing apparently got them, but anyway, I don't think that's secret information, but It might be insider stuff. But anyway, I spoke with Steve Forni, who is one of the producers he's in central mass this morning.
And we really got into this whole VPN thing. And how Google now has removed another. VPN that uses a man in the middle attacks. So explain what that all is and everything else. And if you are interested in finding out more about VPNs, just email email@example.com. I can send you a link to a webinar I did about VPNs.
All right, take care. Here we go.
Steve Fourni: [00:00:50] Steve Forni here in Springfield. Danny is in Worcester and that music, that means it's time to hang out with our tech talk guru, Craig Peterson, to give us high-tech information at a like a fourth-grade reading level which is easy for us all to digest, which is great. Craig, thank you so much for taking the time today, buddy. Appreciate it.
Craig Peterson: [00:01:09] Hey, glad to be here. No, I try and aim high or at least seventh grade.
It had a problem. I don't know if you've used some of these online sites. I love Grammarly by the way. If you've never heard of it and you ever have to write anything and you want to make sure it's correct.
Use Grammarly. It is just amazing. I've subscribed to that for a while now. There are other sites too, that tell you what grade level you're writing is at? I was consistently writing at like grade 13 or something, the first year of college. I use those tools to get it down to about seventh grade. Just the seventh grade so that most people can understand it, because who here is really going to go for a college degree in computer security and technology. Okay. You nailed it. I'm just impressed. Steve. You understand what I'm trying to do?
Steve Fourni: [00:02:01] Well, I appreciate that. I admit I am a word nerd and I even refuse to end my tweets with a preposition.
Craig Peterson: [00:02:07] But
Steve Fourni: [00:02:07] I know I'm a little different maybe, but I also, I can't do math, so there's that.
Craig Peterson: [00:02:13] So here's that to boldly go where no man has gone
Steve Fourni: [00:02:15] before.
That's right. So obviously a lot of people working from home trying to figure out the whole deal of getting it done here. Preferably on the fly for a lot of people and VPN has become an issue here. Can you tell us at least about the one that Google had to shut down?
Craig Peterson: [00:02:31] Oh, this is a real problem, frankly, for everybody I've done a whole course on it. And I promise I am going to do another course after the first of a year because of the VPNs or something, people really don't understand very well.
With this whole lockdown thing that we've been doing, it's been a problem because we all of a sudden started using VPNs, remote desktop, and all of these things. They have been a very real problem. And we've seen it now. In a few different places out there. And one of them is what you just mentioned with our friends over at Google.
And Google has removed that shady Android VPN app. They've removed, not just one, but multiples of these that were in the place store. It's called the super VPN. Free VPN clients. Now the problem to just make this really short and simple. Now. After the first of the year, probably early February, maybe late January, maybe we'll try and do it earlier, but we'll have more details on VPN and how to use them, how to set them up, and everything else.
But here's the bottom line. This VPN allowed what's called a man-in-the-middle attack. We've seen governments doing this now around the world. And what that means is think of the days of the string telephones that we'd make the little kids with the cans. Have you ever played this where you have a friend who's talking into the queue one, can it transmit over the string to the other cans? They have that up to one ear and then you have another friend with another string and another set of cans. So you hear it from a friend a and you speak into the can to friend B to relay it along so that you can go long distances 30 feet and that's a man in the middle.
So you're relying on that man in the middle to relay your message properly like a broken telephone, a game we've all played. And what happens with this? A man in the middle attack is the VPN that you're using is actually being used. There's somebody in the middle using your VPN that you thought made your life safer.
But in fact, They are intercepting everything. They're decrypting, everything. They're looking at everything. And now they have your usernames, your passwords, the whole nine yards. So Google just removed it yet. Another one of these VPN apps. It routed the place store. These things exist. There are so many reasons not to use a public VPN bottom line just don't use VPN services.
And if you want more on this, I did a webinar earlier this year on VPN, and I can send you a link to be able to watch this. Cause I did record it on VPNs. And what are the risks? In most cases with most of these VPN services, you're actually making your data and do you less safe, not safer. So how is that Steve?
Steve Fourni: [00:05:42] Craig, it brings me to what I guess we opened up with was bringing things down to a level. People can understand I'm wondering if. If any of this own onus falls on it department for whatever company you work, for which again, can't really tell at your average employee, everything that they need to know about the VPN instead, they're just like, okay, here's the icon put in your username and password and hit connect.
That's all you need to know. Don't worry about anything else. As opposed to telling them things, to look out for updates, like using this, you don't use that. Taking that from an elementary level and bringing the knowledge to the employees up a little bit. So they know what to look out for.
Maybe that's a conversation that's not being had.
Craig Peterson: [00:06:25] I think you're right about them, but it still gets so complicated. So quickly. I one, I'm using an example here, a friend of mine yesterday, a really good friend. He and I ride motorcycles together all the time. And I got a call from him, Steve yesterday morning and Hey, can I come over?
I said, okay, why do you want to come over? You? Nothing personal love to see you. And he says I gotta talk about he's retired. And he's delivering for grub hub and people have ordered from that's this food service where you can have a, buy something from a local restaurant habit delivered right to your home.
So he drives around in his little Volvo and picks up from the restaurant and then delivers it to the home and makes a few bucks from it. He even does it to me. And so I spent four hours with him yesterday, cause his account was hacked. All of his pay was going to somebody that hacked into his Microsoft email account.
And had gone in and changed his grub hub, paid to account to another bank account that was owned by the hacker. And then the hacker also took over his email account. So that any time now, because he's using the same Microsoft email account for everything, same password for everything, or at least almost everything.
Do you see the warning flags going up, Steve? They took it over. It took us four hours for me to figure out what had been going on, what happened. And I got him using a password manager yesterday. One password is what I have them using. It's five bucks a month for a family of five. You can share passwords, you can have your own individual passwords and it creates new passwords, but I got him all cleaned up.
And when you're talking about this problem, Steve, with VPN and businesses, and do we understand all of this? Here's the guy that hangs out with me. Okay. I'm talking to pump his stuff all the time. I don't just play this on the radio. This is what I do. And he still hadn't done it cause it was April, it was very confusing for him to try and figure this all out.
So the businesses that have their own VPN. That are properly protecting those VPNs with what's called nowadays zero trust, but those ones, Steve are quite safe. The ones that are not safe are these public ones where you sign up, you, you hear them advertise Norton VPN or this VPN, or that VPN uses our VPN super VPN free.
As we just found out, got removed from Google. Those are the ones that get really dangerous, but even the VPN services, the businesses are using internally have problems because a VPN is just a network. And anything attached to it can potentially get through. So businesses are really now finding the problems they have with the VPN because they're using just a low level one.
They don't have a really good next-generation firewall. Steve and the bad guys have taken control of home computers like my buddy's computer and have gone from the home computers through the VPN, and now attacked the business itself. And we're finding that more and more. We've got FBI warnings and everything else anyway, blah, blah, blah ramble.
Steve Fourni: [00:09:59] Oh, cause one more quick question on that before we get to another topic because I'm wondering if there's a way that, that people might be able to tell if one is legit or not. Like for instance, our company wifi is honestly, it's a pain in the rear to get on the thing. I have to put in this password, then they have to send a notification to my
Craig Peterson: [00:10:15] phone.
Then I have to hit it
Steve Fourni: [00:10:16] on that thing. And then I got to go back to the computer and I got, it's like a four-step process just to log on. Whereas maybe some of these places are just like, Oh, what's your name, Steve. Okay. You're in. Yay. Like maybe that's a, is that a flagger or are they all making it intense?
Craig Peterson: [00:10:31] There's just something I think is a norm across every industry. And that is incompetence around runs rampant in every profession. So at a company like iHeart, of course, you've got some really good people who are doing it right. Most of the time. And that's all I'm asking for is most of the time, but yeah, you're, I think your point is a great one.
If it's just, I log in with this password, if you're using Microsoft remote desktop to connect. Wow. That is being used like crazy by the bad guys out there. And then of course we have the huge act from last week where now it looks like Russia got into the federal government agencies. Tens of thousands of businesses affected here.
Steve Fourni: [00:11:17] talking with Craig Peterson, our tech guru, and one other topic before I wanted to let you go. Cause we are, we're talking about Russia and China. And now it looks like Kazic Stan wants in, on the action. What is happening over there?
Craig Peterson: [00:11:29] This is true in China as well, but yeah, Tasic Stan.
What they've done here now is they have it set up so that you have to install it. Some software from the government in order to go online. And what that software does, is it installs a key in the very least, you have to install this key on your computer. And that I was like, sound government, see everything anybody is doing now.
On ongoing, online, any of their citizens, anybody that installed stops on Google Mozilla. Those are the guys that make Firefox Apple and Microsoft have all joined forces now. And all of those browsers received updates recently that blocked this trick that the Kazakhstan government is playing on it. I'm going to use the term citizens here residents at the very least because it was sending all of their data in the clear for the government to read.
And just real quick, Steve. Met in the UN embassy last Mueller earlier this year, I got down in Washington, DC with an African government and they have a data center that is, was built by the Chinese. And we can talk about this one for hours. But they wanted to secure it in the bottom line is there is no way because governments like this Kazakhstan government, Chinese government that is now by the way, providing computer equipment all around the world have completely infiltrated all of those systems.
And now as part of this recovery, economic package out there, they are going to be helping smaller internet service providers. And that means some of our listeners here, Steve, and this area in the Northeast, they are going to help them buy plane pain, to rip and remove this Chinese equipment that has been found to be spying on all of us.
So that, I guess a little bit of good news, a trillion here, a trillion there, maybe some of it will go to good use.
Steve Fourni: [00:13:35] And if they put these efforts towards things like infrastructure, maybe the country of Kazakhstan would be in a little bit better shape. They just need to focus all this energy elsewhere, but that's another topic for another day,
Craig, you provide a wealth of knowledge and helpful information for folks, where can they go to get more of that information?
Craig Peterson: [00:13:55] The best place is probably to go to is Craig peterson.com. You'll see lots of stuff there. My podcasts are pretty much everywhere and of course, you can listen right here on TAG and W H Y N I think just those two stations right now, but you can listen right here. On Saturday or Sundays at 11:00 AM.
I knew I could get it straight. I haven't had my coffee yet.
Steve Fourni: [00:14:18] You know what that 11:00 AM on H Y N and leads right into sports Sunday with Steve Forni at noon. How about that, Craig? You and me back to back? How about that?
We'll talk we're, we're going to talk this week about Canada, not wanting to come to the US to play hockey.
So maybe you want to tune in for that one.
Craig Peterson: [00:14:31] Cause they don't want to. Your folks up there,
Steve Fourni: [00:14:35] Craig Peterson. Thanks so much for the time. We'll catch up.
Craig Peterson: [00:14:38] All right, bye-bye.
Steve Fourni: [00:14:39] And Merry Christmas too, by the way, Craig. Yeah, Merry Christmas. My friend there goes our buddy, Craig Peterson. Good stuff there. As always,
Craig Peterson: [00:14:45] I am planning on recording a new show for this weekend, so I'll keep an eye out for that and be back tomorrow.
Take care, everybody.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: