Mar 12, 2022
Be done About Russia?
What Can You Do?
There is a whole bunch going on when it comes to Russia, of course, the invasion of Ukraine. Why are people calling to have dot RU deleted?
This is really a big deal. And if you're watching from home, I'm going to go full screen on this article.
[Automated transcript follows.]
[00:00:23] This is an article from ARS Technica, and I've been talking about it all week, which is that I can won't revoke Russian in Jeanette domains, says the effect. Devastating. This is frankly pretty darn fascinating to me because I can, as this international organization, it was put together in order to help make the internet international.
[00:00:49] And I'm not talking about the data international, but control of it. A lot of countries work. Because of course the internet was created in nodded states. It was created by us tax payers, money for the DOD. And it was designed to be very resilient, in fact, so resilient that there could be a nuclear blast and that nuclear blast and.
[00:01:13] Causing problems, but yeah. Yeah, the internet is still going to work. And the whole idea behind it was you could have multiple routers. They're all talking to each other nowadays. They're talking BGP four and they can say, how can I get from here? To there. And so the idea behind BGP is they all share this information once the least cost way.
[00:01:36] What's the easiest way to post way. If you will, for me to get from point a to point B and it changes all the time. So you might be on a phone conversation. You might be listening to me right now, online streaming or watching the video you might be doing, who knows what out there with digital communications.
[00:01:57] But the communications channel that you think you're using, where the data is going from, let's say my microphone, ultimately to your device, your ears, that data path, once it becomes dated. Can be changing multiple times a second. Now it actually changes quite a bit. Initially as these internet backbone routers, send the least cost, routing information back and forth to, and fro a very good thing, frankly, because it helps to speed everything up.
[00:02:28] And there's other tricks that we're using you. Might've seen. For instance, Akamai and some of the URLs before have sites that you've gone to, and that's called a content delivery network and that helps get the content to be closer to you. So if you're on a website in California and you're in New Hampshire, that website video, that website graphic, et cetera, is going to be coming from a server local to me here in New Hampshire.
[00:02:59] All right. That's how that all is supposed to work. So we have names you guys know about that internet, domain names and those domain names. You already know those are turned into internet addresses, and those addresses are then used by the routers to figure out where to go, how to get the data. The problem that we're having right now, of course, is Russia seems to be substantially abusing the intranet Putin, put a kill switch on to the Russian internet sometime ago.
[00:03:31] And the idea behind the skills, which was, Hey, listen, if we don't want the world to be talking to us, we'll just cut it. Now he's tested it a couple of times, but what he has not done is shut it down and he hasn't shut it down. As part of this Ukraine, more, what they did is they passed laws saying, Hey, if you publish something that disagrees with what we're saying, you get 15 years.
[00:03:59] And even these people who've been protesting on the streets, they're getting a bound 60 days, 30 to 60 days in jail, just for protesting what's going on. So a lot of people have been saying why don't we just, we turn off the Russian internet now we're not going to use Putin's kill switch in order to shut it all off.
[00:04:19] We're not going to do a well, a few things. She decided not to do, denial of service attacks, et cetera. Although there are hackers doing that and we are going to talk about that today, but they're saying what? Let's just go ahead and let's kill their dot R E. The country domain. And I can, the guy who heads it up said, Hey, listen our mission is just to make sure that the internet works.
[00:04:46] So shutting off the dot R U domain so that no one can go ahead and. We send right. A request out to the domain name servers and get a resolution to an IP address. So if you try and go to Kremlin dot REU or something, you will get blocked and you will get blocked. Not blocked. No, I like the great firewall of China or of Russia.
[00:05:10] Now they've got one going pretty good. Yeah. Thank you. You ain't using us technology. It's crazy. What we've got. But what it does is it says, oh, I hide dot, are you, I don't know. What are you talking about? So there have been a lot of people who have been pushing for it. And you'll see on my screen here that you cranes requested to cut Russia off from some of these core parts of the internet.
[00:05:35] And I can, which is the internet corporation for assigned names and numbers. I couldn't remember what that was earlier said that I can must remain neutral and their mission they say is not to take punitive actions. It's to make sure the internet works. So are they really taking punitive actions of the cat Russia off?
[00:05:56] It's really interesting to me because look at what has been going on. You've got companies like Facebook as the great example who has gone ahead and just shut off people. They didn't like what they were saying. My goodness. At one point of you said you should wear a mask during this pandemic.
[00:06:15] You would be cut off from Facebook. And then of course, if you said, no, you don't, you shouldn't don't need you, you shouldn't wear a mask that at that point you would be cut off, because science right. Sciences, we know exactly what we're doing now. It goes on and on. If you said that it came from a lab in China, you would have your account suspended.
[00:06:35] Now of course their whole tune has changed and yeah probably came from a lab in China. It's crazy what these people have been doing. So we have arbiters of truth, who are some contractors sitting in their home or wherever it is the contractors for Facebook that are going through posts that people are flagging as Incorrect as fake news.
[00:07:02] So what happens is people say fake news and then that goes off to their team that then looks at it and says okay. Yeah, fake news because we disagree with it. It just blows my mind. We have to have free and fair and open discussions. Don't we. You have that line at Facebook and Google does some of the same.
[00:07:22] A lot of these sites do a lot of the same. You get our major media outlets that are all deciding what they want to report on and what they want to label as fake and fake news. I'm just shaking my head because it's hard. It's hard to believe. What about. Russia is putting out fake news, as I've said many times before the E the first casualty in war, this isn't my quote. The first casualty in war is what, it's the truth. So if truth is the first casualty, then that means we've got a lot of propaganda going on. We had propaganda coming out of Ukraine. We've caught some of those, like the, what was it? The. Chat goes, fighter, pilot, whatever it was who had killed, what was it?
[00:08:12] Five Soviet or Russian jets, Soviet era using silver deer, techno era technology on the part of the Ukrainians turns out well. Okay, that, that was false news. That was fake news. The whole thing about snake island, where you had that Russian military. I know what it was a frigging but anyways boat sitting there saying we are a Russia.
[00:08:33] Warship, you will surrender or, whatever. Do you remember that snake on just the small place, 13 guys and supposedly they shelled it and they killed all 13 turns out that was probably fake news as well. So that's from the Ukrainian side and on the Russian side they hardly reported I as to how many.
[00:08:57] The we're in fact, initially for quite a while, they were saying there are no desks. Then at the same time, the Ukrainians are saying they're 2,500 Russians dead. And that number keeps going up, who knows what it is today. It gets really crazy in the time of war. So if Facebook is going to stop someone from saying don't wear masks or do wear masks, depending on what day of the week it is basically right.
[00:09:20] Wednesday. It's okay to say that Thursday is not okay to say that we're back. No it's not. Or then why can't that type of censorship? Move on to the next. I that's a big question I have now. Should we be shutting it off? I'll pull this back up on the screen again. And it, this article from ARS, Technica is saying that experts have warned, whoever they are that shutting down the dot R U domain.
[00:09:53] Is going to cause just incredible problems for Russians, which man would it ever talking about a major blow to the economy. And it would also cause problems for people who are trying to find out more truth about. Russia cause you couldn't get to their site. Now we've seen some amazing things in Russia.
[00:10:15] We had the Russian, one of the Russian news agencies are T which is broadcasting and here in the U S that their entire staff just walked out saying, forget about it. We're not going to promote this fake news, but this is a little to do trip question me personally. I don't think anybody should be censoring any.
[00:10:38] For almost anything. Yo, there are some limits, but they're pretty extreme in my book. I'd rather know someone is an idiot because they're allowed to say stupid things, and counter, counter it, counter their arguments. You've got to have discussions
[00:10:54] Microsoft. Yeah, they've been around a long time. They've been helping us. They've had lots of cybersecurity problems. People use Microsoft software on their desktop. Some people use it for servers, which is crazy, but listen to what they're doing now.
[00:11:10] This is a little concerning. I'm going to pull this article up on the screen.
[00:11:15] For those of you who are watching a long, either on rumble or YouTube ARS, Technica article, they have some really great articles. This particular one is about our friends at Microsoft. This is cool. Microsoft announced today? This was like a week or so ago that Microsoft would be suspending all new sales of Microsoft products and services in Russia.
[00:11:45] Following the countries, unjustified, unprovoked, and unlawful invasion of. Now Microsoft didn't give any specifics about the products, but it really is likely to be a blanket ban of all of the Microsoft products. This is very cool because Microsoft has taken an approach I've never seen them do before, which is okay.
[00:12:10] When. Gets hacked. You get our friends at apple, putting together patches and getting them out. They get them up pretty quick. Microsoft had been doing much the same. The problem was some months there were patches every day that you had to apply. That's how bad this software is. And they decided that man, let's be like politicians here.
[00:12:34] Let's release some very damning news Friday. At about 4:30 PM before a long weekend. So no one will notice. Yeah. Y'all are friends of politicians do that all the time. What Microsoft decided they do is, Hey, wait a minute. We're going to have patches. It's not going to slow down. And because our code is terrible.
[00:12:56] So what we're going to do, let me see here. How about we just release all of them at once and we'll just call it patch Tuesday, right? Because people were complaining about how much work it was, how much effort was effort. It was to try. They hate them. These machines apply these patches every day. Huge problem for everybody from home users to big companies out there.
[00:13:21] So Microsoft has said, okay let's do that. Let's burry it. So nobody will notice okay that's what Microsoft does. And now we've gotten used to that. Now we have. We remember two guys, right? Bill gates followed by Steve Ballmer. Steve Ballmer was a nut job. Bill gates was a bad man.
[00:13:40] I think he's just been trying extra hard to compensate for all of the evil he did over the years. But what we're looking at now is new management and that he's been in there now for a few years, doing a great job, cleaning up Microsoft, making it a very competitive company. He has done some amazing things.
[00:14:02] One of the things that he has decided to do, that's been very effective is how about this? How about we go ahead. And we work with various governments to help stop these Russian hackers. And I mentioned this a couple of weeks ago, what was happening and the Microsoft had reached out to the white house and said, Hey, listen.
[00:14:27] What we have been looking at the hacks that have been coming from the Russian hackers, and we've been preparing fixes for some of those hacks. How about we work directly with some of these other countries? This reminds me a whole lot of the lend lease program in world war two. You might remember this thing, but the us of course, initially was not involved in the war and they decided, okay we've got to help the United Kingdom.
[00:15:00] How are we going to help them? The UK doesn't have the money to buy ships, to have us make weapons, bullets know. What they did is they had people donate the rifles, the guns, AML from home. Plus they made them the government, instead of selling them to the UK, they lent them to the UK because the UK could not afford everything that it needed in order to fight a war against the national socialist in Germany.
[00:15:28] So what did they do? We just shipped the stuff over there and called it a lend slash lease. I think that's a great idea. And what Microsoft is doing is also great idea. They have been decoding, reverse compiling, if you will, and interpreting the code, looking at what some of the ransomware and other malicious code the Russia has been using against Ukraine, and they have been providing.
[00:15:57] All kinds of insight information to these other countries. Now, this is a great idea for a few reasons, one of the reasons, and I think maybe the biggest reason is that the ransomware, the viruses, all of this malware that they're producing is. Not particularly discriminating. Do you guys remember maybe I dunno, what was it?
[00:16:22] Six months ago, I taught, told you how to avoid getting most of this Russian ransomware. And it was as easy as just installing. Yeah, installing a keyboard on your computer windows or Mac, windows. Those are the machines are always getting attacked quite successfully most of the time, but the windows keyboard.
[00:16:49] Russian language. Now you didn't even have to use it. You don't have to have a keyboard, right? This isn't a Russian keyboard that I'm holding up here on camera. This is just a regular us keyboard. You can just install a virtual, Russian keyboard. And once that keyboard was installed, you're pretty safe.
[00:17:06] Why? Because Vladimir poop. Dictator for life of Russia decided he would just go ahead and stop anybody that was trying to hack Russian. Companies businesses, government agencies and what's the best way for the hackers to do that. Cause they didn't want to end up in Siberia for the rest of their lives because of a hack.
[00:17:29] Now they went ahead and said, okay if there's a Russian Cyrillic keyboard on the machine, we're not going to activate. So if the software, the malware on your computer, all you need to do is have a Russian keyboard. Yeah, that's it pretty simple. I told you that months ago, now what we're seeing is these indiscriminant types of software that are being used in Ukraine.
[00:17:57] Why doesn't the keyboard trick work while some of Ukrainians peak Russian, we could go in. To the background on that of the massacre, the starvation purposeful starvation of Ukrainians by the Soviet union over many years ago. And how they then gave their property, their homes to Russians to move into in order to occupy Ukraine.
[00:18:23] So there's people in Ukraine who are Russian speaking of course. Now we're talking two or three generations, four, maybe down the road from when the Soviet union killed all of those millions of people. But there are some fights that to say, there's Russians, Russian speaking people there. Let me put it that way.
[00:18:41] Perfect. In Southeastern Ukraine anyways I'm going on and on I, this is not an education on war or history. This we're talking about cyber security. So the, they have, they been, Microsoft found many cases of Russians putting destructive. And disruptive or even more than that data wiping malware onto computers, it spreads indiscriminately.
[00:19:13] So Microsoft looking at what's happening, you crane, trying to get patches together for all of us, letting other countries know about what's going on is going to be. Amazing because this malware, which is wiping computers, primarily, it's not really just straight up ransomware give us money and we'll give you your data back.
[00:19:35] This is just showing your data, that malware is going to leak outside of Ukraine. Yeah. Cause us all kinds of book tension, probably. When we get back, I want to talk about this here. This is our friend Ilan Musk, and we've been following along with some of the stuff been going on with his new satellite system in Ukraine.
[00:19:58] The whole concept of these satellites and circling the earth, providing us with internet, just regular guides. It's going to be in our smartphones is changing everything. We're going to talk about Elon Musk and what's happened over in Ukraine.
[00:20:15] Our friend Elon Musk has done a lot of things over the years. He has really helped us for frankly, the Tesla and what's been happening there.
[00:20:26] Space sex, his main concern being let's get. Off of a single planet on to multiple planets, right? The movement to Mars, NASA's working on a serious moon base. I reminded him of space 1999. You guys remember that show, but yeah, we're going to have a moon base by then and it makes a lot of sense. So who's going to go to these well, there's some interesting lotteries people have to apply and everything else, but he's done so much, right?
[00:21:00] He's got the boring company you'd already know about Tesla and boring company in case you didn't know makes underground tunnels. He has also. A few other things has got a huge battery manufacturing facility. They're working on new battery technologies to make all of our lives a little bit better, particularly if we have an electric house or electric car, because this is what good is it to have electricity that you can't use.
[00:21:25] And that's really what they're trying to do is make it so that electricity is available 24 7 for you. And. Those space X, which is what I mentioned as well as what we're going to talk about right now. I'm going to pull this up on my screen. For those of you who are watching over on rumble, or of course, YouTube, this is fascinating.
[00:21:49] He said there's a high probability of Russian attacks on Starlink in Ukraine. Now that is fascinating because what he's done is he has sent over truckloads. I'm showing a picture of a truck. In fact, with these Starling terminals in it, that's from ARS Technica. Just double-checking it here, but this is very cool.
[00:22:12] This is posted by the vice prime minister over there in Ukraine. And they are talking about these terminals. Now a terminal in this case is something that allows your devices to talk to the Starlink satellites, or there's going to be a huge constellation. They've got 2000 satellites up and they're putting another 12,000.
[00:22:38] These types of satellites are much different than what we've been used to over the years. We typically we've had these massive things sitting up in space. I worked with RCA Astro space many years ago and I saw. They're testing facilities, which are just incredible. They had this huge vacuum chamber that they brought me in to see as we were working on space shuttle software.
[00:23:05] Yeah. I wrote software that they used to put the space shuttle together yeah. Way back in the day. So that was a pretty proud moment. Anyways. It's we're not talking about these huge satellites, like they used to launch, we're talking about very small cell. And they're not just sitting way, way up there.
[00:23:26] These are in basically in low orbit around the earth and they're geostationary. In other words, they stay in one spot. I believe this is the way they've got these things set up. So these satellites then allow because they're so close to the earth, allow them to use less power. And also the other advantage to that is.
[00:23:49] The delay, right? The delay between having to send it all the way up and back down, because electricity takes time, right? Yeah. Travels at the speed of light. But nowadays you might've noticed it can take your quarter second, half a second. When you're talking to someone, when I'm on the radio with some of these radio stations or the delay can be absolutely incredible.
[00:24:11] Like I half second to a second sometimes. And that's just because they're being cheap. This type of technology where you have these constellations and it isn't just Elon Musk. It isn't just Starling, but constellations with will ultimately we'll have tens of thousands of satellites up there. Not, there's all kinds of other potential problems not getting into that right now.
[00:24:34] But what it does mean is. Can communicate and we've never had this sort of thing before we had the us military, the Navy in fact, put together a communication system that lives on top of the internet and called nowadays. Generically the dark web. And it was set up to allow our military, our state department to be able to communicate with people in countries that are back in the day under Soviet control, all kinds of potential problems.
[00:25:10] So whenever those problems existed, they just went ahead and used this onion network, which is a part of the dark web, et cetera, et cetera. So let's say we had before. Now what happens if you're a country like Ukraine, where 100% of your internet comes from Russia, Russia obviously can sit there and listen in.
[00:25:32] Hopefully your encryptions. Good. A lot of Russians have been using telegram and already get real news about what's happening in their country and other places. And Della Graham is not that secure, frankly. WhatsApp pretty secure signal is the one you want to pay close. Attention to signal is considered to be the most secure of all of these secure communications apps.
[00:25:57] But there's a level above all of that, because if they can tell that you're communicating, even that is enough to give them some information. So they might not know what was in that transmission, but if the transmission is all of a sudden, a tons of activity coming over, lots of data, lots of messages going back and forth, they can say maybe there's something about to happen.
[00:26:21] That came out. You might remember the old orange book for security way back in the eighties, I think is when it came out. But part of what you had to do was cover up your. Actual real communication. So it's one thing to have the communications encrypted, but you wanted to always have about the same amount of communications going back and forth.
[00:26:42] So people couldn't figure out what you're doing now with these types of devices. That kind of problem still exists. And this is part of what Elon Musk is warning about here. Pull it up on my screen again, for those people who are watching Elon Musk is urging users of his satellite system to put their Starlink antennas as far as.
[00:27:08] From people as possible. Now, why would he be doing that? Because frankly, that terminal is transmitting to the satellite as well as receiving from the satellite. And it is entirely possible that there could be some evil software that is listening in for the satellite transmissions and sends a little missile your way.
[00:27:36] Also, of course the Russians have satellites in space that can look down on the ground. Now it's something as small as a terminal four Starlink, little hard to see, but Elon Musk is saying, Hey, listen guys, go ahead and camouflage it. You might want to spray paint. It just don't use metallic paint so that they can't see it and place it as far away from where people are as post.
[00:27:59] So you can still use it and only use it when you need to use it. Don't keep it up and running all the time. But this is the start of something great. Something where you can't easily block people's communication. So Russia has tried to do. And they have been jamming the Starlink satellites. So what did must do?
[00:28:23] He delivered all of his engineers to working on how can we get around the Russian Jack? And according to Elon Musk, they have gotten around it and they now have their satellite systems completely jammed free from the Russians. I think that's fascinating. They're probably using some good spread spectrum technology that was actually known about it and world war II.
[00:28:47] And then we can talk about that for a long time. Heady, you might remember her anyways, skip that for now. Stick her out. We got more when we. A whole bunch of pandemonium out there because of what Russia's been doing in Ukraine and how it's flowing over to us as well. Hey, this is not great news.
[00:29:15] Pandemonium is the name of the game over there in Russia. And they are being very successful. We're going to talk about what happened in Bella ruse. We'll talk a little bit about what happened in Ukraine with cybersecurity and what's happening right here right now.
[00:29:36] Complete ARS Technica today. They've got some great articles this week, looking into the Russians. What are they doing? What kind of problems is that causing us? But we are seeing some interesting attacks back on. And back in very big way. Russia has been going after you crane in the cyberspace for a long time, we spoke a few years ago about what Russia had been doing with the tax software for Ukraine.
[00:30:12] We don't do this in the U.S. Or in Canada, but my number of European countries do you, where you have to have. The old official tax preparation software put together by the government for your business or for your person, depending on the country you're living in France is a great example of this. And Ukraine is another one.
[00:30:36] So Ukraine says, Hey guys, you got to go ahead and use our software. That means every business in Ukraine is using their software. To manage their tax payments and their accounts, frankly. And that wonderful little piece of software was hijacked by our friends in Russia. So they grabbed a hold of it. They in.
[00:31:02] Did some code into it that added rent somewhere to the software. So now all of the businesses in Ukraine are pretty much guaranteed to be using this hacked software. We have a client who has offices over in France, and we found a really interesting problem with them because. The French software that was being used for taxes for French businesses had an extra little problem.
[00:31:33] And that extra problem was, it was insecure as can be whoever wrote this, must've taken a Microsoft programming course and had no idea DIA about the consequences of what they were. So it was very insecure. The, it was using a version of SSL, which is an encryption that's based on another type of increase.
[00:31:57] I don't want to get too wonky here, but that was just one of its many problems and bad keys, et cetera, et cetera. And keys by the way, was using keys that have been revoked, which you should never do. Bottom line. Oh my gosh. Hey, if you want more information on this, just drop me a note.
[00:32:16] firstname.lastname@example.org. Just let me know. So in this case, we had to help that company in France. Ignore the security restrictions that were on their systems so they could use the French tax system. So anyways, I told you that, so I could tell you that the same thing happened to Ukraine.
[00:32:45] In a different way, their software was pre infected. So when they downloaded it, ta-da. They got that piece of ransomware that virus had spread. It was just a nightmare. And of course it robbed. If you will, Ukraine, government of funds, that would have been. So we had now a bit of a shift. I'm going to pull this up on the screen again, this article, because what this shift has shown is that the hackers are now operating on the side of you.
[00:33:21] Crazy. Which is just fascinating. So the group called anonymous, you might be familiar with them. Of course, they've been doing a lot of hacking for a lot of years, releasing private information, government and information, all that sort of stuff. And they have a mast what they're calling a volunteer.
[00:33:44] It. And this it army has been going and doing what well hacking Russian sites apparently. So this article is just absolutely fascinating and they pulled some of from wired as well, but the Russian space research Institute, their website was hacked, leaked files that were stolen from the Russian space agency, made it all the way on to the.
[00:34:13] The space agency was hacked in their website said, leave Ukraine alone, Alto anonymous. Will you up even more? They also did. What's called a D O S. Which is a distributed denial of service attack. Those can be very difficult to protect against unless you're set up in advance to help protect yourself.
[00:34:39] And that pretty much destroyed Russia's dot are you top level domain? So we've talked about how domain services work, right? So Doug are, you is like.com except dot R U is for running. And so the domain name servers that handled our, you were knocked off the air because no one could really get to them.
[00:35:02] They used amplifying attacks and stuff without getting into all of the details. So basically they were trying to cut off access and they did for a lot of people to any. That ended in, are you? It's great. These are just some of the latest in this surge of hacktivism. That's been going on one of the ones I mentioned a couple of weeks ago with the Belarusians deciding they were going to hack the Belarus railroad, which was being used.
[00:35:31] To bring Russian troops, supplies, tanks, et cetera, all on rail, right on down right to the border of Ukraine. So that was hacked so that they couldn't use it in order to go after. Of course Russia was able to get to Ukraine, but there's also been protests around the world. 48 Russian cities raise millions of dollars through cryptocurrency donations.
[00:36:01] Now, I'm not a big cryptocurrency guy and I'm not a big crypto currency guy because while. Cryptocurrency is likely to be outlawed by most, if not all governments. And they certainly could shut it down and it is not anonymous. All right. So using cryptocurrency does not mean it does not equate to completely anonymous.
[00:36:28] They have done a lot of donations. They're big companies including, we just talked earlier about Microsoft, but also apple shell, BP, a McDonald's Starbucks. And these hacktivists have really joined in. And w we talked about a couple of other things, so this is messy. Because even more than in peace time, these active combat that are really hacking happening right now, rendering, hacktivism, any effectual and largely just distracting because we are now in a hot war right now.
[00:37:10] Maybe we don't have our. Eric planes bombing Russian movements or other things, but there is a kinetic war going on over there. There are bullets, et cetera, mean exchanged. So the hacktivist efforts have been, visible. There's no question about that. But what have they done? See, that's an advantage to being a country like Russia, or like the Ukraine, or excuse me, Ukraine, because both of those countries there, their industrial base, the military industrial base is not heavily automated unlike ours.
[00:37:50] What could you do? What can you shut down? So what you shut down the Russian space agency's website, how far did you get into it? Probably not very far. We also have a couple of groups and we talked about these guys many times the Conti group, which has been.
[00:38:07] Terrible and hurting us businesses, individuals, government agencies, and stuff, the Cuming project, both of them have declared their allegiance to Russia. You might remember a few weeks ago, we talked here about how we have had some researchers track down most of these Russian hacker groups and their money.
[00:38:30] And they all ended up in one building in Moscow. No, that should tell you something, right? In fact, the most expensive real estate right there in downtown Los gal, the tallest building, et cetera. So these groups getting together in order to protect the father land there in Russia. Ah interesting problem.
[00:38:52] How much of this is really controlled by the Kremlin? It's a very good question. Context. Was dismantling its infrastructure. It, some of their top people were arrested by Putins military. Not military, but police state over there. And that was interesting too. That was again before the invasion, but why would Putin be shutting them down at all?
[00:39:20] Apparently they said some things. That they shouldn't have said. So now they've come out and have decided they're going to support Russia in its entirety. Now we mentioned Microsoft and how Microsoft has decided they are going to protect other countries. As well as you crane, at least as far as the Russian malware goes, and they've been very active in that.
[00:39:46] And there are a number of cybersecurity companies and other organizations that have released free versions of some of their software, these digital defense tools. Free offerings. Our big cranes defend the networks. Google says it's human rights focus de dos protection service project shield is now in use by more than 150 Ukrainian websites.
[00:40:12] So it's very good. Bottom line propped up by the way, published this massive trove of personal data. Allegedly identifying 120,000 Russian soldiers deploy. In Ukraine that was Ukrainian prov, not the old good old Russian Sophia Pramata man. I remember I bought one of those on new standing Canada once.
[00:40:36] And I had a friend who was from Yugoslavia and he said, oh, can I show that to my wife? He showed it to his wife. She tore it up. I said, I want my Pravda, Craig Peterson dot com.
[00:40:47] The tech world is all a buzz with this log for J or log for shell. However you want to call it because we are looking at what is probably the biggest security vulnerability the internet has had in a long time. I don't know how to express it anymore, but there are multiple problems here. And even the patch that was released to fix this problem was broken as being exploited in the last 24 hours. There've been no less than 30 different new. Variations of the exploit. So what is going on? There is a computer language that's used by many programmers, particularly in larger businesses called Java.
[00:41:37] You might remember this, I've been following it and using it now, since it first came out very long time ago from sun Microsystems. Java is a language that's designed to have kind of an intimate. CPU processor. So think about it. If you have an Intel chip that is an x86 type chip, what can you use instead of that Intel chip to run that code?
[00:42:03] There are some compatible chips made mainly by AMD advanced micro devices, but you're really rather limited. You have problems. Power. Guess what you're stuck. You're stuck in that architecture. And then on the other end of the spectrum, you have some of these devices that are designed by companies like apple, Google has their own.
[00:42:24] Now that our CPU's their graphics processing units as well. And they completely replaced the Intel architecture. But the Intel code, the programs that are written for the Intel architecture that are compiled for Intel are not going to work on the apple chips and vice versa. So what did apple do? Apple, for instance, just moved from Intel over to.
[00:42:51] Own chipsets and these chips don't run Intel code. So how can you run your old apple apps? Apple has a little translator. They call Rosetta. It sits in the middle and it pretends it's an Intel processor. This really rather simple. And they've done an amazing job on this. And w Rosetta is actually a third party company and they helped apple as well with the transition from the IBM power series chips to the Intel chips.
[00:43:23] So how do you move the code around while you either have. Recompile it, you may have to redesign it, rearchitect it for the new type of processor and the new types of computers that are supported by that processor. Or you may do what Apple's done here a couple of times now, and that is having an interpreter in the middle that pretends it's something else pretends as an Intel chip.
[00:43:49] And then you can still run your in. Code because it knows, okay. It was designed originally for this apple Intel architecture. So I know how to make all of this work Java steps in and says why are you doing all of that? That's crazy. Isn't it moving all of your code around all of the time. So Java's original claim to fame was what will make life easy for?
[00:44:14] What you do is you write your code. Using Java in Java is very similar to C plus in some of these other languages that are out there. And that language, when you're writing your source code will be compiled into an intermediate. Code. So what happened is sun Microsystems designed this virtual machine?
[00:44:36] Now don't think of it like a normal VM, but we're talking about a CPU architecture and CPU instructions. And so what it did for those CPU instructions. Which is really quite clever, as I said we'll come up with what we think are the most useful. And it's a Cisco architecture for those of you who are ultra geeks like myself.
[00:44:59] And we will go ahead and implement that. And so the compiler spits out code for this CPU that doesn't actually exist anywhere in the known universe. And then what happened is sun went out and said, okay we'll make an interpreter for. Artificial CPU that'll run on Intel chips and we'll make another one that runs on these chips, that chips and the other chips, beautiful concept, because basically you could write your code once debug it and run it off.
[00:45:32] Anything that was one of the original claims to fame for Unix, not so the run at anywhere part of it, but the part that says it doesn't take much work to move your code to different machine, and we're not going to get into Unix and its root I've been around the whole time. It's crazy.
[00:45:51] I just finished reading a book and saying, I remember that. And they were going through all of the history of everything I was in the middle of that. I did that. That was the first one to do this. It was fun. Anyhow, what Java has done now is it's really solidified itself in the larger enterprises.
[00:46:11] So basically any software that you might be using, like our website that is particularly with a larger business. Is going to be using Java and that Java language is using libraries. So in programmers, instead of doing what I used to do way back when which is write in assembly code, or even in COBOL, and basically you had to write everything, every part of every program, anything you wanted to have done, you had to write, or maybe you borrowed somebody else's code and you embedded it in.
[00:46:45] And mind you, we only had 32 kilobytes of memory in the mainframe back then the 360 30, for those of you who remember those things, but here is where things really changed. You now had the ability to take that code that you wrote and put it on a smart. You could take that exact same code, no recompiling or anything, and take that code and run it on a mainframe on our super computer in a car.
[00:47:15] So Java became very popular for that. Very reason in these libraries that Java provided, made it even quicker to program and easier to program. Now there's some problems with languages. Java, which are these object oriented languages where you can, for instance, say one plus one equals two. That will make sense.
[00:47:38] But what does it mean when you use a plus sign? When you're talking about words? So you say apple plus oranges, what's that going to eat? That's called overloading an operator, and this is not a course on programming languages, but what happens is a person can write the library and says, oh if the programmer says a non-Apple plus an orange or string plus a string, what I want you to do is concatenate the strings.
[00:48:06] Now that programmer who wrote that has to figure out a couple of things, make some assumptions. Oh I should I put a space between apple and. Or not. And what do they really mean? Okay. So this is how I'm going to interpret it. So that, it's a very simple example. But the concept is that now with these overloaded opera operations and these libraries that can go deep deep, you now have the additional problem of people designing and writing the libraries, making assumptions about what the programmer wants and what the programmer needs.
[00:48:43] Enter the problem with the log for J vulnerability. This is a very big deal because we're talking about a library function that is being used in Java by programmers. Now, you know that I have been warning everybody. Android for years, the biggest problem with Android isn't its user interface. It isn't that it's made by somebody else.
[00:49:10] The biggest problem. And of course, this is my opinion is that Android software is provided by Google and. It is given basically to any manufacturer that wants to license it. And then that manufacturer can't just take Google and run it. Have you ever tried to install windows or Linux or free BSD?
[00:49:36] It's mainly a windows problem, frankly, but you go on ahead and install that. And what do you need in windows? You're going to need driver. Oh wait a minute. This laptop is three years old. So how can I find them? And then you go around and you work on it and takes you a day and you finally find everything you need.
[00:49:53] And you've got all of the drivers and now it works. But Microsoft provided you with the base operating system. Why do you need drivers? You know the answer to that and it's because every piece of equipment out there is different. Think about this in the smartphone market. Think about it in the more general.
[00:50:10] Android market. There are thousands of these devices that are out there and those different devices are using different hardware, which require different drivers. So when Google comes up with a software patch, how well we just fix the log for J issue that patch. Has to be given to the devices manufacturer who then has to talk to the manufacturers of the various components and make sure that the device drivers that they're using by the manufacturer are actually compatible.
[00:50:50] They're going to. Got the upgrades, wire it all together, and then test it on all of the different phones that they have and cars because the cars are running it. Now you see how complicated this get. And most Android devices will never. Get another update. They will never get a security patch versus apple.
[00:51:14] Right now. They're still supporting the apple six S that came out in 2015. If I remember right, it's five or six years old. Now you don't find that in the Android space. You're lucky if you get two years worth of support, we're going to continue this. But this is this is really important. I'm going to talk more about the actual problem.
[00:51:36] What is being done about it? What you can do about it as an individual, a home user, and as a business, in fact, keep an eye on your mailboxes. Cause I've got some more links to some sites about what you can do and how to do it and how to test for it.
[00:51:53] We're talking about what is likely to be the biggest set of hacks in internet history right now. It's absolutely incredible what's going on. So we're going to talk about what it means to you and what's really going on. This whole problem is probably bigger than anybody really realizes because Java, as I explained is a very common computer programming language.
[00:52:23] And it has a lot of features that bigger businesses love. They love the ability to have multiple programmers working on something at the same time. They love the inheritance and multiple inheritance and all of these wonderful features of Java. One of the really cool features is that you can, while your program is running, have the program change.
[00:52:48] It's. That's effectively what it's doing. It's pulling in libraries and functions in real time. And that's where this particular problem comes in. This has been a nightmare for Java forever. It's one of the reasons I have never migrated to Java for any of the projects that I have. Don, it just gets to be a nightmare.
[00:53:12] It reminds me of Adobe flash. It was the biggest security problem that has ever been. And the number two Java and Java is running in the Android operating system. It is the core of the operating system. All of the programs are almost certainly written into. And now we're seeing Java up in the, not just entertainment systems in our cars, but in the actual computers that are driving the cars, running the cars.
[00:53:45] And I get very concerned about this. We had two major outages just this week before this log for J thing came about over at Amazon. And those two Amazon outages knocked thousands of businesses. Off the air out of business. You couldn't get to them. You remember the big problem with Facebook that we talked about a little while back and in both cases, it looks like they were using some automatic distribution of software sent out the wrong stuff.
[00:54:15] And now you are effected. What happens? What happens with the cars? If they push out a bad patch, how are we going to know. What's that going to mean? And if your car has Java in it, are you going to be vulnerable to this? You wouldn't be vulnerable to log for J if your computer wasn't hooked up to anything, but nowadays the cars are hooked up to the net.
[00:54:39] We've had a couple of car dealers for our clients. Who've had the Mercedes we've had Acura Honda and others over the years. And it's interesting going in there now and working with them because they are doing massive downloads of firmware whenever a car comes in. So that car, if they don't have the right kind of networks, that car can take hours to do.
[00:55:07] Dates. And I got to tell you, man, I'm just shocked by so many businesses, not willing to spend the money that it really takes. So the poor technician is sitting there waiting for it to happen. We could make it happen in 15 minutes, but they're stuck there waiting for three or four hours sometimes for some of these downloads, no it's called cash them locally.
[00:55:26] These cars, some of them need new and different firmware. Some of them use the same and have. A reliable, fast internet connection. And we've done that for many companies. Anyways, I'm going off on a bit of a tangent here. So forget that let's get back into this with Java. You can have a routine.
[00:55:48] Call another routine that was not even necessarily thought of by the programmer. Now, can you imagine that? So you're programming and you're not considering adding something that's going to send email out and yet you could have a log in. That's part of the DNS and it gets logged that actually causes an email to be sent or causes anything else to happen.
[00:56:17] That the exact problem we're seeing right now, it's absolutely crazy patterns in text fields, things like you can put a user desk agent. Which is normal for nature. UDP connection. You say, this is usually a guy who using Chrome version bar or Firefox or safari, but you put the user agent field.
[00:56:40] And then after that, you've put in some, a little bit of code that tells Java, Hey, what I want you to do is this. This is a problem because we're finding now that I'm, again, I said the last 24 hours, 30 different exploits over a million companies have been attacked on this. And we're talking about 10.
[00:57:05] Companies, absolutely hacked every minute right now. Can you think of, let's just think about that. And we're in the middle of what, right? The big holiday season, we've had some holidays, there's people online, shopping there's businesses that are trying to buy stuff, business stuff, almost every one of those sites is likely to be compromised.
[00:57:31] It's that bad. It's absolutely nuts. What's happening here. This is a huge flaw. And by the way, it is flaw. Number this you ready for? This 44,228. In the year 2021. So the written 44,000 flaws that have been discovered and reported, this is the CVE system for those of you who are interested, but this really is a worst case scenario.
[00:58:02] Because this log for J library is being pulled in to so many pieces of software out there on so many different platforms. The paths to to exploit this vulnerability are almost unlimited. And because there's so many dependencies on this particular log for J library, it's going to make it very difficult to patch without breaking other things.
[00:58:32] And the fact the exploit itself fits in. Tweet come injected almost anywhere. So it's going to be a very long weekend for a lot of people, but let me tell you this. It is not going to be solved in a few days, a week, a month. We're going to be seen this. Years, because you have to be the person that wrote the program that has the source code to link in the new libraries, distributed out to your customers.
[00:59:03] Do you see what a nightmare? This is now? Some people are saying let's blame this on open source. This is an open source product. Yeah, it is an open source project and it turns out that even though anyone can grab this, these, this library routine or any of these pieces of code, anybody can grab it.
[00:59:21] Anybody can look at it. It turns out it's one guy. Who actually maintained this, who has a budget of $2,000 a year to maintain it. Nobody else pitched in. And all of these big companies are all out there grabbing this code that this guy has been working on and not paying much attention to it. Not donating to the project.
[00:59:46] Which is saving them millions of dollars, not that one project, but all of these projects collectively in the open source community, it's it is more far reaching than this stretch vulnerability. You might remember this drug vulnerability that's was, that was the root cause of the massive breach at Equifax that Explo exposed all of our personal information.
[01:00:14] To the dark web. That's how bad this is. Oh my gosh. So Hey, if you want information, I've got a links, a bunch of links set up here on what to do while you're waiting for the log for J updates from your vendors, how you can find on your servers. If they have the log for J vulnerability, I've got a bunch of information that I've stored up on that.
[01:00:41] And some others just email me. M email@example.com asked for the list of the log for Jay's stuff or the Java's stuff. I'll figure it out. Be glad to send it to anyone that's interested. And if you need to scan to find out yourself and your business, let me know to firstname.lastname@example.org.
[01:01:03] Wow. I was just going through a list published by Seesaw, this federal government agency that tracks some of these types of vulnerabilities. And wow, this list is daunting of all of these pieces of software that are vulnerable to this huge hack.
[01:01:19] This is now a problem for each and every one of us.
[01:01:23] I think I've established the man. This is nasty. So what do you do? First of all, I sent out. Email a list of things have in fact, a few different lists of things that you can do. So I had one for consumers, one for businesses and a general thing as well. And then a bunch of references.
[01:01:47] Of course there's even more references and more great information now because I got that email. Pretty early. So I hope hopefully you had a chance to really look through that, but here let's just talk a little bit about this, what to do thing you already know because you guys really are the best and brightest that you need to be careful when you're on.
[01:02:11] You cannot be online, Willy nilly, clicking on things. And that includes emails and links. And this time of year in fact, all year long, we're looking for. Wow, let's see. Is there a great bonus here? Look at they're having a sale, a discount. Oh no. I've only got three hours to respond or the deal's going to go away.
[01:02:33] I've usually been of the sort that I just am, not that influenced by some of these deals, but. I do sometimes want to find out what it is. So I find myself this week clicking through on. I'm on a lot of marketing lists because I like to follow what different marketers are doing, that's technology.
[01:02:55] And it's something I want to keep you guys informed about. And I found myself just crazy amount of double checking to make sure the link was valid. Now I'm sure you guys have, if you're on my email list, you might notice that the from address is not the me at Craig Peterson. Calm email address. You can always send email to email@example.com and it ends up in my email box.
[01:03:21] And it might take me a few days, or even as much as a week or two to get back to you. If it's something there's an emergency, you really need to fill out the form on my website, but I will get back with you. But the problem that some people have noticed lately is. It doesn't say return address or sent from firstname.lastname@example.org.
[01:03:45] It's got this rather long convoluted convoluted URL that has nothing to do with Craig peterson.com, sows a number of people question it, it is a tracking. When can the idea is if I am going to be able to get back to people and if Karen is going to be able to nudge. I have to have these things tracked.
[01:04:09] So the email from address, when you hit reply, it is going to go to the, again, my email list server guys, and it is going to get tracked so I know. Okay. Okay. So now I've got a few minutes or an hour. Let's sit down and go through a lot of these emails so I can get back to people. That's a problem for many people, that's even more of a problem today than it ever has been in the past.
[01:04:38] Now there's been a few sites that have done something about tracking because many people don't like to be tracked. My self included, although, as I've always explained on the show, it's a double-edged sword because I would rather see commercials or ads for a Ford F-150 pickup truck. When I'm looking to buy.
[01:05:00] Car or certainly a truck. I don't want to see ads for things I don't care about. And you probably don't either. So the tracking, I don't think is a huge deal. The statistics that have come out from apple recently are very interesting because what apple ended up doing is they put some new technology and to stop tracking.
[01:05:25] And to stop you from being tracked. And basically what they're doing is a couple of things. One, they've got this new feature where they will download images and emails from their website, so that it's not they're not being able to localize where you are and then they're also doing something where you.
[01:05:49] Are you are, you can't be tracked like you used to be able to be tracked. Let me just put it simply like that applications now have to have that little label warning label in the app store to let you know what they might be tracking, et cetera. So they've been accepting anti tracking behavior that came from our friends from.
[01:06:13] Apple now Google, Facebook and others have been very upset about this thinking that they were going to lose a lot of business here in the advertising side, because you wouldn't be able to track them. So if you've got an apple iOS device, you probably noticed, it says, allow app to track your activity across other companies.
[01:06:36] And websites, your data will be used to measure advertising efficiency. I don't know that's such a bad thing. And looking at the stats right now, I'm looking at Google's income. And a lot of that comes from YouTube after. Apple launched its new privacy initiative and it looks like Google really wasn't hit very badly.
[01:07:00] What Facebook was worried about that they would just be losing all kinds of revenue. Also didn't turn out to be true. So it's an interesting thing to see and I've got to really compliment apple again. At this time on trying to keep our information private, I read a really great book this, so this is how the world ends talking about the whole cyber race and where things are likely going.
[01:07:30] And it's frankly impressive. To see what Google has done to try and keep out our government from their networks, as well as foreign government and the whole thing with the Chinese hackers we've talked about before, where I've found them. Active inside our customer's network before. And this is where we get called in because there's a problem.
[01:07:57] We look around, we find indications of compromise. We find the Chinese inside. Okay. So it isn't something that we were protecting them, the Chinese got in, but we come in after the fact and have to clean up the mess. But what we have really seen happen here is the largest transfer in. Of wealth, I should say, in history, the largest transfer of wealth in history to.
[01:08:25] From us and from other countries, but primarily from us because of what they've stolen. And so Google really has fought hard against it. The Chinese have been in their systems have stolen a lot of stuff. Apple has fire fought hard against it, but we know about the apple stuff. Google's seems to be a little quieter about some of it.
[01:08:45] So they may be selling our information to advertisers, but there certainly are trying to keep nation states out. I'm really wondering too, what is Google doing? Moving that artificial intelligence lab to China. It just it's insane. We know we, if we're going to get out of this financial position, we're in as a country, we need to have an amazing new technology.
[01:09:09] So people are coming to the United States and we're certainly not seeing that. At least not yet. It's all been stolen. So what to do, man. I started talking about that and we got a little sidetracked. So I will talk about that a little bit more here coming right up and what to do if you're a consumer, if you're a business person.
[01:09:32] And of course, as I mentioned earlier, I have. Quite a list. I'm more than glad to send you. If you go ahead and just email me, M email@example.com. I'll keep you up to date, let you know what's happening and give you those links that you can follow to find out exactly what is happening and what you can do.
[01:09:53] Including some tools. There are some tools out there to check to see if that vulnerability exists inside your networks or systems MI. Ed Craig peterson.com. And I'll be glad to reach out, reach back to you.
[01:10:09] I'm gonna tell you what to do as a consumer because of this massive internet hack that is underway. It is huge. Also going to talk a little bit about apple and what they're doing with their tracker detect app on Android devices.
[01:10:24] This will be going on for months and probably years in some cases, because there are many systems that will never.
[01:10:35] Patched for this vulnerability. So from now on, you need to be doubly cautious about almost everything, the big targets for this. Then people who tend to be the most valuable. Big businesses. And I can send you a list of devices that are known to be either immune to this they've been fixed or patched and devices that are known to have this problem.
[01:11:03] You send me an email. Excuse me. If you have any questions about it. So it's me M firstname.lastname@example.org. I'd be glad to send you that list. Seesaw has it online. You can certainly search for it yourself. If you're interested in. So for you as an individual, it's just extra caution, use these one time, use credit card numbers.
[01:11:31] I have talked about this before. And that is, I use fake identities as much as I possibly can online. And I'm not trying to defraud anyone. Of course, that would be legal. What I'm trying to do is not make myself as easy at target. As is frankly pretty much anybody who uses a computer out there, because if you're always using your, in the same name and email address and having forbid password, then you are a bigger target than you have to be.
[01:12:07] And I have a whole index file. I have a spreadsheet that I put together with 5,000 different identities, different names, of course, different sexes, races, origin stories, everything. And the whole idea behind that is why does some company that's providing me with some little website thing, need my real info.
[01:12:31] They don't obviously you give you real info to the banks or. Counts, but you don't need to give it to anybody else. And that's what I do. That's my goal. So if you can do that, do that. Apple also has a way for you to use random. Email address a suit can set up a different email address for every website you visit.
[01:12:57] There are a few services out there that can do it. If you're interested, drop me an email. email@example.com. I'll send you a list of some of them. I think they're all paid except for the app. But you have to have an apple account in order to use it. One of the things that businesses really need to do is do a scan.
[01:13:19] Again, I can send you a list of scanners so that you can look at your network, see if there's any. Obvious that might have huge implications for your business. Again, firstname.lastname@example.org, one of the things apple has come up with that I really have turned out to and I think I mentioned them before on the air, but it's these news.
[01:13:41] Trackers that apple has, that you can put on things. And we spoke a little bit last week about the problem with these trackers being put on to high-end cars, and then being used to track the car. Now apple got around that problem a while ago, by letting you know, Hey, there is a tracker following you isn't that handy.
[01:14:04] Wait a minute, somebody dropped one of these little tags into my purse. Coat my car or whatever it might be. And so now you can have a look and see where is this thing that's following me and get rid of it. Of course, in order to know that there's one of these apple tags tracking, you've needed to have an apple phone.
[01:14:26] Because it'll warn you. Apple now has something called tracker detect. If you are using an Android phone, I would highly advise you to get this app tracker detect app on Android. And it's designed to help you Android users from being tracked by apple airtight. 'cause if you don't know you're being tracked right, then you can't know if you're being tracked.
[01:14:55] If you don't have an iPhone, unless you get this app so good for them, apple has it up now on the Google play store. That's just in the last week or so, and it lets you locate nearby air tags. So let's I think a very good thing kind of wonder if apple isn't using the Androids also for part of the.
[01:15:16] Crowdsourcing for the air tags, but that's a different conversation. Great article in vice this week by Aaron Gordon, about how car companies want you to keep paying. Features you already have, and they specifically made a call out about a car manufacturer. Toyota. Who's now charging $80 a year for people who bought their car years ago, six years ago, $80 a year.
[01:15:51] If you want to keep using the remote start function on your key. Yeah, so you paid for it and life was good. You went a few years, really nice on a cold winter day or a hot summer day, warm up the car or cool it down all automatically. But now Toyota is charging. $80 a year. So people are saying why I bought it?
[01:16:16] Why would I pay for that? Apple's now claiming that the several first years were merely a free trial period, but this isn't even the big play for these car companies, this $80 a year for marginal features like remote start instead. Is probably going to happen. And I agree with this author as well is we're going to see a, an approach that Elon Musk has used with his Teslas.
[01:16:47] They're going to charge extra for performance, for range, for safety upgrades, for electric vehicles that actually make the car better car, a better car. So upgrades used to be difficult or impossible with gas cars. A lot of these are trivial for the electric cars, with the dashboards that have games that you can play while you are charging.
[01:17:13] Some of them were complaining about it being for when they're on the road. Of course that's going to happen because frankly, when, once we get a full autonomous car, what are outs are you going to do? I should also mention this isn't really a, but Mercedes-Benz has been awarded the very first license for the manufacturer sale and distribution of a fully autonomous vehicle.
[01:17:39] The very first they are licensed for up to, I think it was 37 miles per hour. On their car and anything beyond that, you still have to retain control, but that's an amazing thing. And it only works on roads that are mapped. And what Mercedes is doing is they have these super high definition maps. So the car knows exactly where it is.
[01:18:08] If you are a Tesla owner, you know that a few years ago, Paid, I think it was $2,000 for your Tesla to be able to drive itself. And of course they haven't been able to drive themselves. They, yeah, there's been features here and there, but how were you getting those features? How will you going to get that self-driving mode?
[01:18:30] We'll test those, calling them over the air upgrades. And they're also saying. Th this is part of the Tesla ownership experience to quote their website. All right. So they've had all kinds of over the air upgrade. They've had some free software. They've had paid ones, Tesla charges, thousands of dollars for its autopilot.
[01:18:54] Now a lot of money, I think it was five grand. Now they've got this beta driver assist system as well, and they also have. To others. You might remember the ludicrous speed. Long range model three would dual motors is capable of accelerating from zero to 60 in 3.9 seconds. But when you buy the car, the zero to 60 time is a half a second longer.
[01:19:25] So pay an extra $2,000 and you get that extra half second and accelerate. Yeah, there's nothing different. They don't even have to change. Really changed the software. There's no hardware differences. It's just, you pay them two grand and they, your cars catheter to the internet and they just unlock a key is not something.
[01:19:48] Now there some people that hack the way around that paywall, but then Tesla blocked it and reversed the hack as well. Tesla has sold their cars now for years with the same 75 kilowatt hour battery. But software locked them to 60 and 70 kilowatt hours might remember. We talked about this with a hurricane that came ashore down in Texas, where Tesla, anyone in that area provided them with an automatic upgrade for extra batteries.
[01:20:19] So they could go further in order to get out of the zone of their herd. Before them in software lock-in and a 60 and 70 kilowatt hours, unless you paid an additional $3,000 for that extra 30 or 40 miles of range. Isn't that something. Yeah. So Tesla has temporarily unlocked them, but this is where we're going.
[01:20:43] You're going to be going into the car dealership while in Tesla's case. It's on the internet, which I think is better. Frankly, dealerships are handy in order to get a repair, but. You can get a repair at some of these little specialty shops it's often better and certainly cheaper than what the dealership sells, but you're not only going to be haggling over the price of the vehicle and delivery times.
[01:21:08] You're going to be haggling over all of these different features. And it's never going to end because they're going to keep having software upgrades that you're going to have to pay for. Pollstar star. This is an electric vehicle company spun off from Volvo new member. Volvo is now Chinese company.
[01:21:25] Yeah. Chinese. Yeah. So much for safety, right? They're going to charge an extra thousand dollars for a slight increase in horsepower and torque, just like Tesla does. So this is the future. Of car companies. Hey, I want to remind everyone, if you go to my website, Craig peterson.com. Right now you can sign up for my weekly newsletter.
[01:21:48] It is packed full of great information for you. Every week. We've got some free boot camps coming up after the first of the year, and you need to be on my email list to find out about it. CraigPeterson.com/subscribe.