Feb 20, 2021
We lost a Radio Icon this week and he had a big impact on me, I have a short tribute to him but it was also another busy week on the technology front. We are going to get into the differences between Backups, Disaster Recovery and Business Continuity, often these get tossed around in discussions as one in the same - they are not. Then we will discuss Bitcoin and it metoric rise and why that happened. Next we'll discuss Apple and Google and why Google is trying to play hardball but may end up getting burned. Then we are headed to Space and NASA space travel and a discussion on Rocket Fuel for future missions to Mars and there is even more, so be sure to Listen in.
For more tech tips, news, and updates, visit - CraigPeterson.com.
Tech Articles Craig Thinks You Should Read:
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] I've got to say the big story of the week is this breached water plant and how it really affects all of us. Not just because our water could be poisoned by a hacker, but it gives us a bit of a lesson on what we should be doing and what we did.
Hi everybody. Craig Peterson here.
There are many things that we did over this lockdown. Things we did. In fact, the lockdown itself to try and help stop not just the spread of the virus, but remember it was a two week lockdown just so that we did not overwhelm our hospitals. Who could disagree with that, right?
We all stayed home for two weeks that makes sure that we're flattening the curve, that we're not going to have a lot of. People in hospitals. Unfortunately other people who couldn't make it into the hospitals that needed it. That two week locked down to flatten the curve has turned into what? Now, almost a year later we are still seeing these lockdowns. These lockdowns have caused havoc.
We've talked about many of them. Of course, you hear them all the time on radio. Everything from suicides of our children. Through our parents dying in these homes and without the comfort of their family and without human touch for almost a year. It's just so, so, so sad to see.
Now I'm not going to get into the political sides of this and what should we have done? What shouldn't have we'd had done. I've got my opinions on some of this. What I want to talk about is what we did with our jobs? What we did with our businesses? I think we did some terrible things there, too.
What I'm talking about is we need to stay home, but we have certain businesses that need to stay open. Now, frankly, every business needs to stay open. It's a business because it's fulfilling a need, right? It is so basic. It's hard to think that people don't understand this, but obviously they don't.
We shut down businesses. Businesses that will never, ever come back. People's lives destroyed. People whose entire savings, their entire retirement plan, everything was based on the business. That's where their money was. The people working there were counting on having that money to pay the rent, to pay the electric bills and other utilities. To pay for all of the things in life that we need to pay.
It's one thing to have credit card bills that you can't pay, because they're not a whole lot they can do about unsecured debt. They can certainly harass you. When it comes to things like your home or whatever it is, you're renting, whether you own it or not, how can you make those payments if you don't have money coming in. The money that the government is issued has just been a mere pittance. I get it.
In some cases, people had just incredible amounts of money compared to what they were normally making with unemployment, with the federal subsidies, et cetera. That didn't last. PPP money, this payroll protection money, lasted for about six weeks for those businesses that could get it. Those that qualified.
My business didn't qualify for PPP money. Not because it's too big, but because it's too small. Most of what happens in my business is done by my family members. I've got myself, I've got my wife, of course, you've probably seen Karen mentioned in some of my emails that go out.
I've got my eldest son involved. He loves security. He's great at it. He's been working with me now for more than 10- 15 years on this. I've got one of my daughters working with this on me. So it's primarily a family business. We've got contractors who will do different things for us. We have a lot of suppliers and we have to pay those bills, but no payroll per se. You know what? That's a lot of businesses. The number of businesses that were in the same boat as me is huge. That's how things get started in this country.
All of these companies that could have started. The companies that had started that had entered into lease agreements. That had started to provide services for their customers. Whether it be B2B like mine, business to business or business to consumer they were all stifled.
What have we done to ourselves? Really? What have we done? The virus itself is obviously pretty nasty and can be lethal in a lot of cases. It has been. Now we found out that people like governor Cuomo apparently just cooked the books. Cooked the books, something awful.
We went home, we started working from home. Our businesses said, what can we do? We had people getting very, very busy trying to figure it out. There are a lot of little remote programs that you can use in one of those is Team Viewer.
Now there's nothing particularly wrong with Team Viewer. I'm not fond of the idea of things like Team Viewer, remote desktop, and others, but sometimes it is the best solution for a particular problem. Team viewer in this case was used by a small government agency. Think about what would have happened. You had to shut down, you still had to do work. What did you do as a business?
You probably got something like Team Viewer, one of these login, remote login programs. Maybe you set up remote desktop so people could get in remotely. Maybe you set up a VPN because that's going to solve all of your problems. Which of course it causes almost as many as it solves, but most people don't realize this.
That's the case here. We're talking about a small town, 15,000 people, called Oldsmar. I don't think it's because they're a small town. I think this problem happened because they did what most of us did. We were not ready for a shutdown.
As businesses, we wern't ready for shutdown. In fact, the year before they did the shutdown, they had this massive pandemic planning session about eight months before. They all agreed that a shut down was the wrong thing to do in the case of a worldwide pandemic. They also redefined pandemic. I think maybe getting the angle I'm coming from here. Right.
They decided no, we're not going to do that. They did not plan for pandemic. In fact, they didn't plan for a lockdown.
Obviously, you don't. Well, I don't know, maybe you do plan for a pandemic. If you're coming up with a virus you're going to release, but they were not planning for a pandemic. They were not planning for the lockdown and neither were businesses. Most businesses, government agencies and NGOs, had no plans in place, even for disaster recovery or business continuity. You may or may not be aware of this, but there's different levels.
You've got basic backups and you should be doing backups because hard disks fail. One of my customers CEO thought that hard desks never fail. She was really upset when a disc crashed that we'd been warning her about, because we keep an eye on things called smart stats on the disks. We said you've got this disc it's going to fail. You probably need to fix things because you're not in a raid array. You've fallen out of that already. Things didn't just get worse.
You have a backup. You hope that Mac going to work. If you get ransomware and I got to tell you, nowadays, the answer's no. There's two sides to ransomware, but we've talked about that before. I'm not going to get into it right now.
You've got the backup mainly in case the disk fails, or you accidentally delete a whole bunch of files and you want to get them back.
The next step that you have is disaster recovery. You have a disaster, like there's massive snow storm that caused a water main to break in the roof. All of your computer equipment is covered with water and none of it will work anymore. In a disaster recovery situation, you now take your backups and you get new machines and you load it all on and hopefully your backups are remote. They weren't damaged by the water. Unfortunately, most businesses, again, not thinking this through just hoping, crossing their fingers, that they're not going to be one of those 50% of businesses that is out of business because of a disaster. Actually is closer to 75%.
It depends on whose numbers you're looking at. So they're hoping. No, no, I'm going to be part of your disaster. Disaster recovery. Is just think of that, of a snow storm and the roof collapses of a fire and the computers have burn. Can you get your business back in business?
Then there is business continuity. That's a whole other level of planning and business continuity is where you say, Hey, I need to make sure my business continues to conduct business. If you have a hundred, 200, 300 employees, You're much better off being able to let's say the computer room burns down as an example that or that roof caves in because of the snow and you've lost those computers. You're much better to be back in business in four hours or less. We've had business continuity solutions where we had equipment on site in a different part of the building. If there was a problem in one part of the building, we could fail over to the other part. Now this is an awfully big building and we had fiber links between them, but they could be back in business in less than 10 minutes. It's just that quick. That is business continuity, right?
If you are a public company or you are a division of a public company by law, you cannot be out of business for more than four hours. Now, that's just public companies. By the way, those same rules are in place for doctor's offices, for hospitals, any medical personnel you have to be able to get at the patient's records within four hours.
How many of us are ready for that? Then along comes a shutdown, remote workers. We're going to get into this a little more detail. We're going to talk about these SCADA systems, supervisory control and data acquisition. What does that mean? And why is this a problem for all of our infrastructure. How did this guy poison or at least try to a town of 15,000.
You're listening to Craig Peterson.
What happened to that town, a Florida city of about 15,000, Northwest of Tampa when hackers got into their water supply and hacked up the amount of lye by a factor of 100.
Hello everybody. Craig Peterson here.
This whole concept of having a backup versus some sort of a disaster recovery plan versus business continuity is something most businesses really don't pay enough attention to. Now, we've got another problem which is really a business continuity problem. What do you do when your employees can't get into the business?
When we've set up business continuity for businesses, in the past, what we've done is I mentioned earlier this data center where we duplicated part of it in another part of this massive building. If there was a problem with something, could just be some of the core switches go down or something, we could automatically fail over and continue running within 10 minutes. That's one way to do it.
But how about if the rest of the building went away? How about if your main servers okay, but the roof collapses or there's some sort of a fire? What happens if your employees can't come into work because there's a lockdown? There are so many reasons you need to have business continuity in place.
We didn't have it right. Not we, as in me, but so many people, so many companies didn't have that. That's what happened in Oldsmar, Florida. They have a water plant. Of course, they have all of the normal things any city of 15,000 people would have. They had in their water treatment plant these devices that are called SCADA devices that are used to control valves. These valves are exactly what you think in a water plant. They're used to control the mixture of various chemicals to divert water around the plant. The source of the water, the type of filter switched over to a new filter so that older filter can be replaced. In many cases, the main filtration is just done through sand and it has to backwash every once in a while. This is all controlled by computer, nowadays.
They were running a Windows seven machine. No I know you're saying, well, I've got Windows seven I'm okay. The problem is Windows seven is no longer supported by Microsoft, unless you're paying them ungodly amounts of money. I'm talking about $50,000 a year per machine sort of money. It's just crazy amounts of money. Most companies don't have that, right? I don't know anybody outside the federal government that actually has that. There's probably some, but they will not release it to the general public.
Sometimes they'll release a few little security patches because something was just so apparent that they had overlooked. But most of the time, no. Most of the time these security patches just aren't available for older versions of Windows. So they had a Windows machine that was controlling this network with all of these valves on it.
They had that machine hooked up to something called Team Viewer. The idea behind Team Viewer is, Oh, this is really handy. I can put Team Viewer on our control machine. Then I can have my employees be at home and then use that control machine remotely over Team Viewer .
That's what Team Viewer is designed for, isn't it? Well, as it turns out, they were using Team Viewer throughout the water district. That became a bit of a problem because they did not have proper firewalls to protect it. And they were all sharing the same password.
Interesting advisory that came out about this particular problem from the Commonwealth of Massachusetts, if you can believe it. This cybersecurity advisory for public water suppliers is talking about how water suppliers can guard against cyber attacks on water supplies. It goes through a lot of these basic things that I've talked about. They should listen to my show every once in a while, right? Or attended the briefings that I had put on for the FBI's InfraGuard program. It would be pretty simple for them. The state of Florida came out with some guidelines, et cetera, after the fact. As did Massachusetts.
They were running Windows seven. They were remotely accessing plant controls. The computer had no firewall installed. Well, that's what they're saying. In reality, Windows ships with a firewall installed, but that doesn't mean it's going to do any good. I talk a lot about that in some of my courses, but the computer was visible to the internet apparently. Okay.
They all shared the same password. What do you want to bet it was a bad password and employees could remotely log into city systems using this Team Viewer application. It was really that simple.
Now this actor's here apparently is more than one and they are unidentified. So we don't have a whole lot of information on it, but I did get a notice. It's called a pin, which is a notice from the FBI it's labeled green, which means I can share it with everybody. It's saying that they obtained unauthorized access to it.
Now, here's the most important part. These cyber actors likely access the system by exploiting cybersecurity weaknesses, including poor password security and outdated Windows seven operating system to compromise the software used to remotely manage water treatment.
The actor also likely use the desktop sharing software Team Viewer to gain on authorized access to the system. We've seen this, not only with Team Viewer, we have seen this with remote desktop and many other systems that people have been using to allow their workers to get in remotely. All of this because of the lockdown, people working at home. All of this should have been handled properly by having a business continuity plan in place. It's really that simple.
Now the putting the plan together, isn't that simple, frankly, but we've got to think about what happens here.
No. I also think about this particular hack and who did it. Well, it could have been the Russians, right? It could have been the Chinese or the North Koreans. We know Vietnam has gotten into the game lately. It could have been any of those guys.
But do you know who the most likely people are to do this sort of thing? It's somebody who works for the company or in this case, very likely that it's a disgruntled employee. They all shared the same password. They use Team Viewer. I said, I'm not blaming Team Viewer here, but this is not good. This is really bad. This is not just something that could happen at a water plant where they're moving the amount of lye from a hundred parts per million to 11,000 parts per million. They're using it in drinking water to change the Alkalinity, the acidity of the water.
I don't know, I don't know. We've got to do something about this. I'm going to have some training on this, what you should be doing for remote workers.
If you're interested, let me know I'm going to plan some, but I'm not going to do it until I hear from you to know it's worth my time to put it all together. Email me M E at Craig Peterson. Let me know that you'd like to know about remote workers or maybe this whole business continuity idea. Again, email me email@example.com. Let me know.
Hey, you'll find a whole lot of stuff. If you go to Craig peterson.com and it's all good information that you need. Make sure you sign up for my newsletter right there. Craig peterson.com
Hey, we can't go without talking about Bitcoin. It has surged surged surged. It may go up, it may go down. I'm not somebody who advises on investments, but we're going to talk about what it is and why people are mining it.
Hello everybody. Craig Peterson here.
Well, we have a real big thing to talk about when it comes to Bitcoin, but first I have to take a minute and honor a man who has inspired me in broadcasting for decades. A man who has changed the whole face of radio. AM radio was pretty much dead. Then he started his national show. Of course, I'm talking about Rush Limbaugh.
Whether you agree with him politically, and I think most of you guys probably do. We all have our differences, or not, he is a man that deserves great respect. He changed the face of American politics. He literally single handedly saved AM radio. He created this whole concept of a national syndicated talk radio show, and it has helped to educate millions of people.
I started listening to him back in the late eighties, quite a while ago. I was just amazed with him and the way he did it. One of the things that inspired me about it is he took callers, but they weren't the guest, he was the guest. They were asking him questions. That is so topsy turvy from how, even today, most radio shows are.
People would call him up and they would ask him questions and he'd be able to answer them. He also asked them some questions, obviously, in order to figure things out, he also was not afraid to take opposing calls. He would look for those and he would put those to the top of the queue. He would take those callers that disagreed with him before he took callers that agreed with him, his ditto heads, as they like to call themselves.
When I heard this week that he had passed, I knew it was coming, but it hit me hard. It hit me really hard. He's not that much older than me. Although I remain in really good health, knock on wood here I am just flabbergasted. I don't have words for his passing. So it would not be right for me not to have mentioned a man who inspired me, who educated me and played a role in my life, such that when he passed, I was just gobsmacked.
It's absolutely a sad, sad time. I really wish my best, obviously to his wife. I guess Catherine is his fourth wife, so I'm guessing he didn't have the best home life out there. Things obviously didn't do well on that front. I think he's a little bold and brash and maybe that's part of it.
But my memories of him being down in Cambridge, Mass. I was working as a contractor for about a year and a half at the Open Software Foundation. I was working on the operating system and that was rewriting the TCPIP stack. If you know what that is, it's the basis of the internet today and the Open Software Foundation provided its code to pretty much everybody out there. That's how I can say with high degree of confidence, the code I wrote is still in use today to help run the internet. I was working down there as a contractor for about 18 months. I also put in the i18n, the internationalization code into many of the Unix libraries and at lunchtime. I had a small radio with me and I would go out and walk around for lunchtime and listen to Rush Limbaugh while I was out walking around. He had been quite the companion for me, gave me a lot of things to think about, disagree with him on, and agree with him on. Conversations were spurred with other people.I've come to realize, I mentioned this to my wife, as well, this week after he passed that as someone who's on radio, call us personalities or whatever you might want to call us. But as someone on radio, this is a very personal medium. I've come to realize that Rush taught me something. I realized it when he passed, I've never met the man. I have a photograph of him signed by him around here, somewhere. He taught me something else and that is, I never met the guy, yet I felt attachment to him that I had never felt really to anybody else.
Certainly I've never felt that way about a movie actor that died. I've never felt that way about an author whose books I loved. I've missed some of them, some of these books where there a series of books and the author died. You could tell mid book that the voice changed and it was being written at that point by someone else. I was just disappointed by that. I didn't feel that sense of loss that I felt this week. It helps me to realize. How important it is for me with you guys. Without you guys listening, we wouldn't have a radio station. Without you guys buying from the advertisers it couldn't afford to, to pay for the electricity, and all of the people that are involved. It's the listeners. Right.
I have an obligation to you to present the information that you need in a way that you can understand and hopefully in a way that you can use it, right?
What good is a show like this? If I'm giving you stuff that there's nothing you can do about it? You notice, I always try and do that, but that's the way Rush was too. Rush wouldn't just sit there and complain. Rush would talk about the facts, what's happening, where he thinks it should go, and what we should be doing. What we should be doing as a nation and what we should be doing as individuals. To me, that was very inspirational. Frankly, that's how I've patterned this show. I've had this radio show for over 20 years and I've patterned it that way, where I try and help. If you've ever sent me an email you get a personal reply from me because I am here to help. And I felt that way about Rush.
I've sent him emails. I'd never gotten responses, right? But you, I feel this attachment to these people. That's part of the beauty of these smaller radio stations, where there are people, we are local, we do care about you. These advertisers tend to be local as well. Certainly local businesses advertise locally, and we really have an obligation to you, to every one of you. So I appreciate you. I really do. I really to want to help. I am beginning to understand some of the responsibility that I have it isn't just to help you understand technology a little better to keep your machines clean, to stop your businesses from being stolen from, by hackers or by Snowfall that might bring your building down.
It is to help you as best I can, as often as I can. So that's why I do it. That's why I do these courses, the newsletters, everything else. Rest in peace, Rush. We're going to miss you.
Visit online as well, craig peterson.com and sign up for my newsletter so I can help you a little more.
Well, we really, are going to talk about Bitcoin in this segment. So stick around. I had to talk about Rush this last time around. Bitcoin, the prices are surging. People are mining. What does that mean? And why are they using more electricity than the country of Argentina?
Craig Peterson here.
Bitcoin has been around for a while. I don't think anybody out there has not heard about Bitcoin. It is a power in and of itself. We don't know who actually came up with this whole concept. There's a concept behind Bitcoin called blockchain technology. Blockchain technology is based on the concept of ledgers. Where you have ledgers, just like a bank ledger that keeps track of every transaction. There are hundreds of thousands. Just so many ledgers in the world. In order to verify transactions, half of those ledger entries have to agree. So it's pretty basic on that level.
What is the Bitcoin itself, which sits on top of this blockchain technology? Well, if you want to look at it, simply take a look at prime numbers.
Hopefully you can name the first five prime numbers, right? What do we got? One, three, five, seven, 11. There you go those are the first five prime numbers and a prime numbers a number that is only divisible by itself and one, which is why one is a prime number.
We use prime numbers a lot nowadays. Most of the encryption that you're using is based on prime numbers. If you go to a secure website, you're using something called SSL, which is the secure socket layer and that's what shows up in your browser, in that URL line as a little lock, if you see that lock that you have effectively a VPN, a virtual private network between your browser and that remote site.
Guess what? You already have a VPN, right? Why use one of these VPNs that spies on you?
That is encrypted data and it's very difficult to encrypt in between. How does it do that? It's using something known as public key technology, the RSA algorithm. We're not going to go any further down that, but basically it's allows someone to have a public key and use that public key to encrypt a message. then you, the person who's receiving the message whose private key was used to do the encryption can decrypt it using their private key. So the public key side, the private keys side, it allows the encryption from end to end. That's what the SSL is all about.
Well, when we're talking about Bitcoin, we are talking about something that goes and uses some of the similar technology. What it's doing is using these prime numbers. That's what the RSA algorithm is using this encryption algorithm, using these very large, very complicated prime numbers because you get past 11 and lets see 12. That's not a prime, right? Uh, because it's divisible by. Two and six and three and four, and then let's see 13. Okay. That's a prime 14, no 15, no 16. No. It gets more difficult.
I remember way back when, writing a little program that just found prime numbers and it looked for prime numbers and the easiest way to do it was I would start, first of all, you take a number, divide it into. There's no reason to go any higher than that when you're trying to figure out if it's prime or not. Then I would start looking at some of the base numbers to try and figure it out. Of course, real mathematicians were able to figure out better ways to find primes.
Well, when we're talking about Bitcoin and some of these other cryptocurrencies, they are also using these very large prime numbers, just like you're being used for this public key encryption. They also have some other parameters around some of these prime numbers.
To have a Bitcoin is to have this digital number that represents a unique prime number. If you want to mine, what you're doing is you are trying to find a prime number that no one has ever found before, just to oversimplify things a little bit. You find that prime number and Tada now you have a Bitcoin. Sounds easy enough, sounds quick enough. It is not easy and it is not quick.
It's not just the based on the prime number algorithm, but we're keeping this simple here. We have found millions now of these Bitcoins. I should look that up and find out exactly how many, but there are many Bitcoins. The whole algorithm, the whole system is set up to do some restrictions here, there's only a certain number of these Bitcoins that will ever be mined.
It's estimated that something like 20% of the Bitcoins that were found have been lost because the encryption was used to keep the keys. People forgot it.
You probably heard about this guy that has a quarter of a billion dollars in Bitcoin in this wallet. He only gets eight tries before it auto destructs. He hasn't found them yet. There's a quarter of a billion dollars that's unreachable, but that's what we're talking about here.
Bitcoin mining. In this day and age, Bitcoin mining is so hard and it takes so much computing power that it is using a couple of things. First of all, the thing that bothers me the most is it's using up these GPU's these graphical processing units, because GPU, which we typically use for graphics processing are set up so that we have are hundreds, thousands of processes that can be happening on that card simultaneously, various small little tiny processes that can be set up to somewhat be optimized for Bitcoin mining or mining, any of these other cryptocurrencies.
Then the people who really want to make money on mining these cryptocurrencies have machines that are special machines. They are designed specifically to mine, one type of coin, one of these crypto coins. We're talking about Bitcoin. There are machines that are designed to mine bitcoins, go to E-bay and look for Bitcoin miner. They used to have themon Amazon. I haven't checked in a while, but you'll find them in both places. At least you used to be able to, you can certainly still find the money bank. You'll find some that are old, that are used and some brand new ones.
Well, it is expensive to mine them. One of my sons and I, we decided years ago to try and do a little mining. We probably should have tried harder but we gave up. It was a, who knows what's going to happen with Bitcoin.
There are so many cryptocurrencies and today there are people introducing new cryptocurrencies all of the time. I avoid those like the plague because you never know what's going to happen.
Bitcoin is definitely the 800 pound gorilla out there. We were able to mine I guess my son said he mind a couple of other little currencies they're worth a penny or two, not a very big deal.
We have now so many people in China that were doing Bitcoin mining China could not produce enough electricity to mine the Bitcoins. China went around and shut down anybody that was mining Bitcoin. We have something called the Cambridge Bitcoin electricity consumption index. This is an index designed to figure out how much electricity is being used in order to mine Bitcoin.
This is, of course, over in England, the university of Cambridge the judge business school. I'm looking at a graphic right now that they have, and this is showing the electricity and Bitcoin mining. They actually have all of the data for downloading, if you ever wanted to do some serious analysis. It's showing there was hardly anything, if anything, back in 2016. The summer 2017, when it started to jump up and that's, of course, when the price of Bitcoin started to go up.
Why? Well, mainly because of ransomware. People having to pay ransomware and buy Bitcoin in order to pay that ransom.
In terawatts. Now we are showing at about, okay, this is Wednesday, February 10, 2021 288 terawatts of electricity on that one day. Isn't that something. The amount of electricity that's being used has been surging because, of course, the price of Bitcoin has been going up. Just been going up in crazy, crazy rates. The amount of mining going on has doubled, almost doubled since October last year. We're talking about using more electricity than the entire country of Argentina, the Netherlands and the United Arab Emirates. It is absolutely amazing, amazing how much we're using. People are alarmed by this. Countries are having major problems in trying to figure this out.
What else is funny about it? They talk about Bitcoin being one of these so-called green technologies. Well, it turns out that Bitcoin because of the electricity that it's using for people to mine now has a carbon footprint comparable to the entire country of New Zealand. It's producing about 37 mega tons of carbon dioxide per year. I think that's funny, frankly, because they call it green. Right?
It's like green cars that are electric. Well, guess what? They, aren't green in so many ways. They're cool as heck don't get me wrong, but don't think they're green because they're not. A lot of reasons for that. I've talked about it many times in the past, on my radio show.
If you go to my website, you can just look that up and you can find out why, and I've got hard numbers there, anything else?
All right, everybody make sure you visit me online. We have started some new stuff. If you are a frequent reader of my, now Sunday newsletter, which has my show notes. You are getting also one or two other newsletters during the week just short trainings.
I'm trying to help you out, but if you're not opening that newsletter, if you don't download the images. That's how I tell that you opened it, then you're not going to get all of the supplemental material, including some audio programming that you can't get anywhere else. So make sure you go to Craig peterson.com and sign up for the newsletter. Open the silly thing.
So you get all of this free training and more. Craig peterson.com.
Apple has been really busy trying to make sure we know who's using our data and what they're using it for turns out Google's not too happy about that. You'll be surprised what they did this week.
Hi everybody. Thanks for joining me.
I've talked here about how Apple is really taking some major steps up in trying to defend our privacy. Apple does not make money off of our data. They don't sell it. They don't compile it and then sell it, Google however, is trying to be the repository of all of our information. So much for the don't be evil thing. Right?
Well, Apple's got these almost like nutritional labels. You remember when the CDC or it wasn't the CDC, it was some federal agency, I can't even remember forced food companies to put labels on the packaging, telling us about calories, fat, various other types of things. You could make a bit of an informed decision by looking at that.
Obviously there's other stuff that I don't know what this word means. I don't know what that is. What's red dye, number two, all of those types of things, but at least it brings it to your mind. You can also see how many servings there are. It'll say this muffin is a 500 servings and only a calorie a piece, right.
The reality is that box is really meant to be two or three or four servings, including that Coke that you might be drinking. I am more of a Pepsi man, but I haven't drank either in years now, frankly.
Well, Apple is trying to do kind of the same thing. They've got millions of apps up on their app store. In the app store, of course you can not only find the apps, but you can download them. You can buy them depending on what the app is. Most of these apps that are free, are really not free right? We've talked about that before. I don't know that we need to get into in a lot of detail, but it goes back to that saying of if it's free, then your, probably the product.
That's been very true. Apple and Google both have caught a lot of companies. Who've been trying to steal our information successfully in some cases. Obviously, that's a bad thing particularly when you don't know about it.
So these labels that Apple is having app developers put on their apps have got a whole bunch of people upset, Google ran full page ads in newspapers, complaining about it and how it's going to hurt small business.
Reality is, it is going to hurt some small businesses that do advertising. That's very, very narrow. It's going to hurt me if I'm doing that type of advertising no question about it. I don't do that. But one of these days, I hope to be able to do it.
What it is doing now, is stopping companies like Facebook. Facebook has always been doing tracking, not just when you're running their app. Facebook has been getting information from other websites from web pages like mine, for instance, I've got a Facebook pixel on my website so I know if you came from Facebook, what you're interested in and in what you're doing so that I can present information to you based on your interest.
I'm doing now for the very first time, this week, a similar thing. With my newsletter. If you have, for instance said that you're interested in my improving windows security course, the newsletter, isn't going to bother you about that anymore because I have this little signature at the bottom with, here's a few things that I could do for you. If you want a little extra help. Some of it's paid, some of it's free, obviously, but. I think it's annoying personally to keep getting the same message every week. I've put into my email program, some conditional stuff so that if you've asked for the improving windows security course, I'm not going to bother you about that anymore. By the way, no, the course hasn't started yet. It's a labor of love. What can I say?
There are a lot of different types of tracking that are done and not all of them are bad. For instance, I just gave you an example of something that I've started doing, and I am doing some tracking in order to do that because I don't want to annoy you. I want to give you the information you need when you need it, right? Bottom line. It's like, I've always said, if I'm interested in buying a Ford F150, then I don't mind seeing ads for it, but if I'm not interested in buying a pickup truck or a Silverado, why would I want to see a GM ad when I'm going to get a Ford, right? It's really that simple.
Google, as I mentioned, has been complaining. They've done the full-page ads. They've complained to Congress critters they've spent so much money. Lobbying, it's a real problem and a difficult solution to it. If you want to get rid of lobbyists, obviously the bottom line is you have to get rid of the money going to, and coming from Washington DC. If they don't have control over our money. If they don't have control over our lives. Then the lobbyists aren't going to be going there.
I don't care which side of the aisle you are on, or if you're a right in that middle of the aisle. Lobbyists do not represent our interests as a nation. That's the bottom line.
Google's down there spending money saying, Oh, you're going to hurt the small businesses. When in reality, the biggest target that's going to be hurt by Apple cracking down on people taking our information without letting us know is Google.
It's going to be a problem for Google, so how to get around it. One of the things that Apple has for its apps that are on your iPhone and on also your tablets is a tracker. When was the last time that app was updated. Of course, when the app gets updated, Apple has a look at it and tries to see if there's anything malicious going on.
Now it's impossible to catch everything. Some of the stuff is very well, obfuscated. I can't blame Apple or Google for letting some of this malware through. But the bottom line is they want to know. When did you update it? What's going on?
Google apparently flagged its own Apple apps. The apps designed for iOS.
Think about the Google apps, obviously. There's the Google app itself. There are Google maps. Apps can be very useful, including Waze. I was so upset when they bought Waze, but that goes into the anti-trust stuff that is going on right now in Congress.
But I was looking at the phone and looking at the app and they were flagged as out of date. It had been two months since Google updated iOS apps. It has been updating its apps in the Android space, but not the iOS apps. The theory is that Google has not been doing updates on its Apple apps because of this new privacy labeling that Apple's come up with.
You see back in early January, Google could have said, we haven't been updating our apps because of the lockdown. The engineers are busy trying to handle this and that. We just had the holidays and I would have accepted that you would have accepted that. Well, that was what now six weeks ago. Google has, every year around the holidays a code freeze, which means no one can make any changes, that is done with right now. The company Google should have released two new versions, particularly since they come out with the new versions for the Android operating system, Gmail, Google maps, Google search, Chrome, drive, photos, keep and duo have all been frozen since Apple launched these privacy requirements.
What do we think is going on? Well, it looks like frankly, Google just doesn't want us to know what data they're trying to get at. What they're doing? What they're selling? What they're tracking, the inter app tracking.
The Google's been doing as well as Facebook and many of these others. What's the easiest way to not have to worry about that don't have a new release so that you don't have to abide by the new terms from Apple, which include, Hey, what information are you gathering? How are you gathering? What are you doing with my personal information?
It looks like Google took the easy way out again. It's a phenomenal. I'm looking right now, Gmail and it has not been updated on iOS since December 1st. The Android version of Gmail has had four updates since then. That's a pretty big deal, frankly.
Apple's definitely got people's attention. The app developers attention. I am glad they're doing it as a user. I'm not so sure. I'm glad if I decide to try and do targeted marketing through some of these online pay-per-click and some of these other ways of reaching people. But you guys, already how I feel about you and I'm going to be giving you lots of good information.
I some of you guys become my clients cause your businesses and you need that little extra help for your poor overworked IT people internally.
Lots of what's going on with Google. We'll see when they do come up with the next update, but it's a real problem.
Hey, if you want to get my weekly email where I have my show notes.
Now these show notes are what I use here on the show. They're also what I send to people like Matt Gagnon who I am on with every Wednesday morning. That's what he picks from. That's what all of these stations pick from, my show notes. The only way you can get them and get information about what's going on in the world and things you have to do right now, is by signing up for my email.
Boy, I love space stuff. I have for years. I was so excited to play an extremely minor role, but to get involved with the NASA space shuttle program. Let's talk a little bit about what's next up for it.
I remember that day. I can't remember what day of the week it was, but that day when we landed on the moon watching it live. It was just mind blowing. Of course the newspaper, first time I had ever seen a color cover on a newspaper and it was a picture of our astronauts there on the moon. It was just so incredible.
Of course, you're listening to Craig Peterson.
NASA has been trying to get back to the moon for a long time. We haven't been funding them. Priorities have changed. A lot of people say why don't we spend the money domestically rather than on the space program?
The space program has provided us all kinds of benefits over the years. It's benefited mankind, not just by giving us things like Tang, for instance. It's given us all kinds of technology and science that we would never have had any other way. I'm looking right now at a report that was put together by AIESEC, which is the international space exploration coordination group. It just a top level executive summary. Numerous cases of societal benefits, new knowledge and technology from space exploration, things like solar panels came from the space program, implantable heart monitors. Cancer therapy, lightweight materials, water purification systems, improved computing systems, a global search and rescue systems, course rockets as well. There's so much more, things we just weren't expecting. Thin materials, power generation, energy storage, recycling and waste management, advanced robotics, health and medicine, transportation, engineering, computing, and software. Not just the $800 hammers. Okay.
Culture and inspiration. As you can tell I find this very, very inspiring. We've got all kinds of things that we are using just day-to-day that we don't even think about it. As the space scientists, engineers overcome obstacles, in some cases, we never even realized were there and I think that's another phenomenal thing.
Well, right now, what we're doing is having private organizations competing to send our missions up. For many years now, since the space shuttle program was ended and it lasted far longer than they expected it to. But now that the space shuttle program has been over.
We've mostly been using Russian rockets to get our astronauts into space and also to get things to things like the international space station. What are we going to end up doing in the future?
We already know who was it, Bob and somebody, right? A couple of astronauts. The went up on the Elon Musk rocket, and docked with the space station.
It was again, one of the most amazing things ever. I sat there glued watching it on the computer. It was just, wow. To see that.
We're looking at going to Mars. Now, we're looking at exploring some of Mars is moons more than we have in the past, doing all kinds of things that are just going to make a huge, huge difference to humanity.
It's been quite a while since that Apollo program of 50 years ago took humans to the moon and they were using chemical propulsion. What that means that you had rocket engines burn liquid oxygen and hydrogen in a combustion chamber. Nowadays we're playing around with hydrogen peroxide in order to get that oxygen.
They use have their advantages and that gives NASA the ability to start and stop an engine really quickly. Back in the sixties, this was the most mature technology for space travel. We'd been using rockets. They were really piloted in world war two. It made a lot of sense back then.
However, now we've got some other problems we've gone to prepare for. We're going to be sending four or more astronauts to Mars. We want to colonize Mars, but relying on chemical propulsion to get beyond the moon, bottom line, it just won't cut it. The main reason is the amount of rocket fuel. Most of that rocket fuel is going to be consumed getting out of the atmosphere.
It's crazy how much we're talking about $2 billion for a flight of one of these huge rockets. These block one B configurations, NASA's SLS or space launch system rocket, is going to be able to carry 105 tons to lower earth orbit. That's a lot of money. They're not going to be able to get that many of them up there. That only takes it to lower earth orbit.
Now, of course, the idea is to do what in fact, the Apollo mission had looked at, which is get the fuel up to orbit and then have a rocket up there that maybe is assembled an orbit and is refueled in orbit. Then it goes to the moon. That was actually the plan NASA was originally going to pursue.
We're looking at that now, when we're talking about going to Mars while we're talking about going even further out there. What can we do? Just for the fuel, by the way $20 billion just to get the fuel up. That's just absolutely crazy.
There were some tests that were done, some studies that were done on behalf of NASA for a mission to Mars in 2039. So this one's quite a ways out. Of course, Elon Musk wants to do it even sooner. He is relying on these chemical rockets. By the way, to get back home from Mars, he's relying on being able to make rocket fuel right there on the surface of Mars and then charge up the rocket engines in the launch vehicle and then launch back up to get back to earth.
It's going to be really, really interesting to see what we end up doing. They are looking at a nuclear propulsion system. It's going to be interesting. NASA has had budget for this. They got $110 million for nuclear, thermal propulsion development. We know a lot about nuclear fuel nuclear propulsion. We'll see what happens.
This star ship concept that space X is building to send humans to Mars using chemical propellant. They're countering the costs involved with the chemical propellant by having this low cost reusable launch system. We just saw one blow up here a few weeks ago, but that's okay there was no intent of having astronauts sitting on that candle. That was just a test system. We've seen him repeatedly now land successfully.
All of those boosters and it's amazing what's been happening now. They're not the only ones. We've got a number of other companies that are working on these types of systems. Space X ultimately we're talking about pushing the boundaries of reuse and heavy lift rockets to extreme limits which is exactly what space X is trying to do. They're looking for some other answers.
Hey, make sure you sign up Craig peterson.com. I want you to make sure you have all of the latest materials.
We're going to talk about how some of our technology we're bringing into our homes to keep us safe is actually ending up in killing people. Yeah. Yeah. Death by police officer. Here we go.
If you want to see my show notes, all you have to do is subscribe. Craig peterson.com. And once you're there, you'll see all of the information that I have available my podcasts and a little articles that we've written, and you'll also have the opportunity to subscribe to my newsletter.
I just want to get the message out is my bottom line.
We have these home cameras that we have welcomed into our homes. And one of the ones has been getting a lot of heat lately is the ring camera. I don't know if you've seen these things. They've been advertised on television and it's basically like a little doorbell. You put it out there by your front door, side door, whatever, and it has a doorbell button.
And it also has a camera and a speaker that's built into it. Then the microphone, obviously. So someone comes to the door or rings to the doorbell. There's an app that you can have on your phone. So you could be at the beach. You could be at the DMV. Someone comes to your home and hits that button. You can now converse with them and tell them to leave the package or go away or whatever it is you want to do.
There have been some problems. One of them that has been rather controversial is that there are a number of police departments that are part of a program with ring that gives them alive. Real-time access to all of the ring doorbells in neighborhoods. And the idea there is the police can patrol the neighborhoods without having to spend money on cameras that might be up on telephone poles, et cetera.
And they get their feeds alive from people's doorbell cams, these ring doorbell cams. So that could be considered good. It could be considered bad, just like about almost anything. Now we're seeing that they have been hacked. Yes, indeed. There is a hack that's out there that has been used and hijackers have been live streaming peoples ring, doorbell cameras.
Now where this gets really dangerous and where it hasn't been really dangerous is something called swatting. You probably know about SWAT teams, the police have, and unfortunately, most federal agencies have their own SWAT teams, which just constantly blows my mind because why. Does this little department or that little department need of full SWAT team, it should really be a police department of some sort, but at any rate the whole idea behind a SWAT team is they have special weapons and tactics that they can use in a situation where there might be a hostage or maybe there's a report of a bomb or something else that they have to take care of.
And thank God these teams exist in, they do drills. They'll do drills in schools. I know my police department does that fairly frequently and I was involved with some of those when I was a volunteer on the ambulance squad here in town. All make sense, but what has happened in a number of occasions and far more than we like to talk about is that there are.
The bad guys or people who don't like their neighbor and call in hoaxes. Okay. Yeah. Yeah, exactly. So there here's an example in Wichita, Kansas, this happened a couple of years back where a man had been arrested after allegedly swatting prank led police to shoot dead 28 year old man. So this guy, 28 years old, Wichita, Kansas, please surrounded his home.
After they received a hoax emergency call from a man claiming to have shot dead his father and taken his family hostage. And this call apparently stemmed from a kind of a battle between two online gamers playing call of duty online. The way these games work is you can talk back and forth. You can have.
Teams and you or your team members can be from almost anywhere around the world. And you sitting there with headphones on and talking back and forth. You've got these teams and in some cases, this is just one person against another. And apparently they believe the report was an act of swatting where.
Somebody makes a false report to a police department that causes the police to respond with a SWAT team. Now the audio of this emergency calls been made public, a man can be heard telling the authorities. This is according to the BBC that he had shot his father in the head and claimed to have taken his mother and siblings hostage.
The color also said he had a handgun at had poured fuel over the house and wanted to set the property on fire. Sounds like the perfect thing for. A SWAT team to come to. Please say they surrounded the address. They called her given and we're preparing to make contact with the suspect reportedly inside.
When Mr. Finch came to the door, they said one round was released by the officers after the 28 year old failed to comply with verbal orders to keep his hands up. Why would he, what did he done wrong? Obviously. The police ordered you to put your hands up. You probably should put your hands up.
And they said he appeared to move his hands towards his waist multiple times when she probably did. Please say Mr. Finch was late found to be unarmed and was pronounced dead at a local hospital. A search found four of his family members inside. None of them dead. Injured North taken hostage. His family told local media, he was not involved in online.
Gaming. Gaming is a little different than the call of duty and stuff. Gaming typically is gambling. Now we're finding that the, that hackers are out there who do this swatting maneuver on somebody. And then they have the hacked ring camera at that house and they watch the SWAT team respond. Can you believe that?
And the FBI is saying that this is the latest twist on the swatting prank, some prank, right? Because victims had reused passwords from other services when setting up their smart devices. How many times do I have to warn about this? My buddy, I was just telling you guys about a couple of weeks ago, he's done that his.
His revenue, his pay from the work he was doing, delivering food to people's homes was stolen by a hacker because he was using the same email address. Yes. To log in and the same password as had been stolen before. Absolutely incredible. There's also been reports of security flaws in some products, including the smart doorbells have allowed hackers to steal pet network passwords, et cetera.
In one case in Virginia. Police reported hearing the hacker shout helped me after arriving at the home of a person they had fought might be about to kill himself. That's swatting that using technology you've brought into your home, it causes death, many examples of that, and we're still reusing passwords. Give me a break.
We were busy trying to defend the election this year and had the, what did they call it? The most secure election in history, which baffles me.
But anyway our businesses and government got broken thats what we're going to talk about right now.
Let's get into our big problem here this week. And this has been continuing for what now about two or three weeks we've known about it? This is a hack of a company called SolarWinds. This hack apparently allowed intruders into our networks for maybe a year and a half. But certainly since March of 2019, this is. A huge deal. We're going to explain a little bit about that here.
Who got hacked? What does it mean to you there? And I'm going to get into it just a little bit of something simple. It could be, haven't been done, right? That I have been advising you guys to do for a long time. Does this, like earlier I mentioned, Hey, change your passwords, use different passwords.
And in fact, That's a big problem still, but we'll talk about this right now. SolarWinds is a company that makes tools to manage networks of computers and the network devices themselves. And my company mainstream was a client of SolarWinds. Sorry. I want to put that on the table. However, about a year and a half to two years ago, it's probably been about two years.
We dropped SolarWinds as a vendor, and the reason we dropped them and we made it very clear to them was we had found security. Vulnerabilities in their architecture, the way they were doing things. We reported these security vulnerabilities to SolarWinds a couple of years ago, and they wouldn't do anything about it.
So we said goodbye, and we dropped them as a vendor. Yeah, we were customer SolarWinds. We were using their stuff, but then we abandoned them when they wouldn't follow what we considered to be basic security guidelines. It turns out they weren't and we got it as a country. This has been called the Pearl Harbor of American information technology.
Because the data within these hack networks, which included things like user IDs, passwords, financial records, source code can presumed now to being the hand of Russian intelligence agent. This is from. The United States of America's main security guide general Paul NACA sewn. It's just incredible what he's admitting here.
He said SolarWinds, that company that the hackers used as a conduit for their attacks had a history of lackluster security for its products. What did I tell you, making it an easy target interviews with current and former employees suggest it was slow to make security a priority even as its software was adopted by federal agencies expert note that our experts noted that it took days after the Russian attack was discovered before SolarWinds websites stopped offering client the compromised programs.
Microsoft by the way said that it had not been breached and initially here, but now this week it discovered it had been breached and resellers of Microsoft software had been breached to, and we've got intelligence officials now very upset about Microsoft not detecting it. It's just absolutely incredible here.
This wasn't something like we had with Pearl Harbor, but this attack may prove to be even more damaging to our national security and our business prosperity. This is really fast. I love the fact. I'm not going to say I told you because I, I didn't tell you guys this, but I do love the fact that I was right again.
How unfortunately I'm right too often when it comes to security and it is very frustrating to me to work with some clients that just don't seem to care about security. And I want to jump to an opinion piece here from our friends over at CNN. This is an opinion piece by Bruce.
Schneider. You've probably seen him before. He is also, I think he writes for the Washington post. But remember when this came out the word about the SolarWinds hack, president Joe Biden said we're going to retaliate which I don't know that makes a whole lot of sense in this particular case for a number of reasons.
Not the least of which we're not a hundred percent sure it's the Russians, but how are we going to retaliate? Cyber espionage is frankly business as usual for every country, not just the North Korea, Iran, Russia, China, and Vietnam. It's business as usual by us as well. And that it States is very aggressive offensively.
In other words, going out after other countries in the cyber security realm. And we benefit from the lack of norms that are in cybersecurity, but here's what I really liked. The Bruce said. And I agree with entirely. I'm glad he must listen to the show. The fundamental problem is one of economic incentives.
The market rewards, quick development of products. It rewards new features. It rewards spine on customers, end users collecting and selling individual data. Think of Facebook when we're saying this, our Instagram or any of these services that we're using all the time. So back to the quote here, the market does not reward security, safety, or transparency.
It doesn't reward reliability past a bare minimum, and it does not reward resilient at all. And this is what happened with SolarWinds. SolarWinds ended up contracting software development to Eastern Europe where Russia has a lot more influence and Russia could easily subvert programmers over there.
It's cheaper for Russia, not just for SolarWinds short-term profit. That's what they were after here was totally prioritized over product security, and yet their product is used to help secure. It just drives me crazy out there. Just absolutely crazy what some people are doing. I read a little quote down.
I'm looking here to see if I've got it handy on my desk and I just don't see it. But they are prioritizing everything except. Security. And that is, I think, frankly, completely in excusable, right. Inexcusable. So this is happening with SolarWinds right now, but it's going to be happening with other places out there.
We have probably 250 federal government agencies that were nailed by this. Can you imagine that? The man who owned SolarWinds is a Puerto Rican born billionaire named Orlando Bravo. His business model is to buy niche software companies, combine them with competitors, offshore work, cut any cost he can and raise prices.
The same swapping corrupt practices that allowed this massive cybersecurity hack made Bravo a billionaire. Another quote here. This is from tech beacon. Hey, this is just crazy. Okay. So we know. Okay. I've established it. Craig, stop the stop. The monotonous. Okay. But I got to mention, we've got the US treasury department was hacked the US department of Commerce's national telecommunication infrastructure administration, department of health, national institutes of health, cyber security, and infrastructure.
Agency. SISA the department of Homeland security, the US department of state, the department of justice, the national nuclear security administration, the US department of energy, three US state governments, the city of Austin, many hundreds more including Microsoft, Cisco, Intel, VMware, and others. I use two of those.
We use Cisco and VMware. We use Intel, but only peripherally and we actually prefer other processors. So this is a real problem. How are we going to change it? I don't know that we can, you and I, but I can tell you what you can do. Just like I keep reminding everybody use a password manager and I will have a course on that this year.
Absolutely guaranteed using a password manager, use a password manager and generate different passwords for every website using the password manager, use the manager to log in. Okay. So that's step number one. That's the best thing you can do right now for your cybersecurity next to keeping all of your soccer up to date.
The second thing that we can do. Is block this malware from getting out of your network. If you are a business, and if you consider yourself an it security person, you need to block all outbound connections. All of them. Only allow connections where they are absolutely mandatory. For instance, your accounting department may need access to some form of cloud services out there.
Heaven forbid. Okay. Maybe you're using an Oracle product, et cetera. Only those people that need access to that cloud service should have access to the cloud service. Does that make sense? Email? You should bring it in through a single server. So you only have 1.4 email coming in and going out SMTP Imam.
They should be controlled and controlled pretty tightly. According to the department of justice, apparently their email accounts were compromised about 4,000 dish. People's accounts were compromised through this hack. So from a professional standpoint, there's a lot of things you could do, but it costs money.
It takes time. How about the rest of us? What can we do to protect ourselves? Use open DNS or Cisco's umbrella service. Umbrella, we sell the professional version that's used by businesses. That's what you need because it allows you to tune it to the people and what they need access to? Umbrella and open DNS will stop most malware from getting out. Most of it, not everything. That is huge defense.
Hey, if you want more information, if you want to go to my initial here, Microsoft security course, that's coming up in a couple of weeks. Just email firstname.lastname@example.org and let me know, be glad to send you stuff.
Take care guys.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: