Tech Talk with Craig Peterson Podcast: What really happened in TX, New MAC malware, Apples Electric Vehicles and More

1:19:15
 
シェア
 

Manage episode 289638013 series 1107025
著作 Craig Peterson の情報はPlayer FM及びコミュニティによって発見されました。著作権は出版社によって所持されます。そして、番組のオーディオは、その出版社のサーバから直接にストリーミングされます。Player FMで購読ボタンをタップし、更新できて、または他のポッドキャストアプリにフィードのURLを貼り付けます。

Welcome! We have had a very busy week this week so this is a reply of the show aired the end of February. I'll be back next week.

It was also another busy week on the technology front and we are going to delve into what actually caused the energy problems in Texas. There is a new type of malware that is affecting Macs and it is has a different MO. Then we are going to discuss Apple and their ventures into automated electric cars and what we can expect. Why are states having issues making appointments for vaccines? In a word, it is bureaucratic incompetence. Then we have a new type of hack out there. It is called Buy-to-Infect and there is more so be sure to Listen in.

For more tech tips, news, and updates, visit - CraigPeterson.com.

---

Tech Articles Craig Thinks You Should Read:

This Basic Math Shows How Wind Energy Failures Contributed To Texas’s Deadly Power Loss

An Insider Explains Why Texans Lost Their Power

New malware found on 30,000 Macs has security pros stumped

Report: Nissan shot down Apple deal to avoid becoming Foxconn of cars

N.Y.’s Vaccine Websites Weren’t Working

Apple is already working on developing 6G wireless technology

Owner of an app that hijacked millions of devices with one update exposes the buy-to-infect scam

Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing

Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees.

Hi everybody. Craig Peterson here. I'm so glad to be here. I'm happy you're here as well. There are so many ways to listen.

I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had been already involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems.

What I did there was design for Unix systems a way to check for malware, a way to manage them remotely. Yes indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.

I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got a lot of older people who are listening who are saying, yeah, I remember that. It brings back memories.

In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a cool little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. That was made by Timex. If you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course was like an 8080, which was Intel's, big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.

The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties and we had some terrible operating systems that many people were running like Windows, just absolutely horrific.

Remember windows three-point 11 and XP and the millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code, it came out in one of the lawsuits, for one of these versions of Windows.

It was a different world and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties and I was hosting email for companies and websites and doing some filtering and things with some kind of precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys and all of a sudden customers started calling me because the email wasn't working. It turned out it was working, but it was extremely slow and I had to figure out why.

I telneted to my server. I got on, started poking around the servers.

I had a computer room and the first floor of the building that I owned and I was up on the second floor. Off we go looking around trying to figure out what is going on. It was me actually. I said us, but it was really me. Cause I knew the most about this stuff.

There were these processes that just continued to fork and I was trying to figure out why is it creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten rules of the internet about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine.

You just send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.

I saw some of this stuff going on. I was trying to figure out what it was, but, we trusted everybody. So my mail server was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.

Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't then what they are today.

In fact, one of our engineers just had to run out to a client who did something we told them not to do. They were using the Sonic wall firewall on their network as well as they had our stuff. So we had a really good Cisco firepower firewall sitting there, and then they have this SonicWall so that they're people, remotely could connect to the Sonic wall firewall, because it's good enough. SonicWall says it's compliant. The SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.

So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's been really bad.

Boy, am I wandering all over the place?

Back to this, we would allow people to get onto our network to fix things. If something was wrong, if we were misconfigured, they could help us and they could get on and do it because Sendmail configuration was not for the faint-hearted.

In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. I was trying to run a business where we hosted email for businesses, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.

That's what I wanted to do. That was my business.

Later on, I ended up helping 80% of my clients find the other web hosts after, these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago, went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working he was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He was hosting all of these 150 at a site, the charges, the eight to $10 a month for web hosting. He had all of these sites on top of a machine that was already split up hundreds of ways. It's just amazing what people do.

Man alive. We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get cheap, and see what happens to you. Some of them, we still maintain a good relationship with and so we help them out from time to time, right?

What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.

What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That to me makes a ton of sense. Why not do that?

This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added in this basically malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the biggest exploits that are being used by the bad guys right now is the security team's poor relationship with other employees within the organization.

I promise we'll get to this a little bit more and explain the bottom line here. What's going on and it goes back to this customer that we just had to run out to.

Why did they do what we told them not to do?

Stick around.

We're getting into the battle between cybersecurity senior officers in companies, owners, business owners, and the, even the employees. There has been such a battle going on. I saw two examples this week.

Hi, everybody, it's a difficult world out there, but I find some comfort in listening to, of course, news radio. It keeps me up to date on what's going on. It helps me to really understand the world a lot better.

I mentioned that one of my guys just had to run out to a client who did something we absolutely told them not to do. They had been using this company that was a break-fix shop, I guess is the way you would put it. They had a business that would respond to problems and they charge by the hour. I think right now their hourly rate is like 160 bucks or something. It is not cheap, but anyhow, That they would sell people equipment and then move on, right? Your problems aren't my problems. Just leave me alone, go away. It's a beautiful model because their employees at this break-fix shop don't have to understand much. They just have to know more than you do as a customer.

There's one level of understanding that you have, and for someone to appear to be an expert, all they have to do is have slightly more understanding.

That has bothered me so many times listened to the radio and they talk about somebody that's just this great expert, in reality, of course, they are not. But you don't know. That person talking about the expert doesn't know either because they just don't have enough knowledge. Of course, the person that's labeled the expert isn't going to say anything about it.

They were doing what most companies do, which is okay. We know we need a firewall, so let's get a firewall. They went out and they talked to this company and they did their Google research because of course, Dr. Google is an expert on everything. Even with those differing opinions, you're going to go with the opinion that you like the best. That's what they did.

They bought a Sonic wall firewall from this vendor, which was a break-fix shop. Now that's all well, and good. The sonic wall is not terrible stuff. They've got some amazing stuff as well.

The problem is this device has been out of support for more than two years now. Even though they're not as advanced as some of the systems we can install, not that we always use the most advanced systems. It's not a bad, a little thing for a small business. We warned them that because they were using an out-of-date firewall that they could not get fixes for known vulnerabilities. Now that's a big deal too. Most people are not aware of the vulnerabilities that are on their machines.

Do you go out every month and check the firmware versions on your firewall? You should be, even if you're a home user. Are you checking to make sure the firewall that the cable company provided you with is up to date, configured correctly? You've changed the password and the admin username, right? No?

Most people haven't. He hadn't, right. He didn't know. We told them we did a little research and said here's your problem.

That's part of his cyber health assessment. We told them what kind of firewall do you have? What's the version of software on it and we do that. We have a bunch of people that have asked for cyber health assessments. We've got them on a list because we're busy. So we have to schedule these and make them happen.

So we said, do not plug that machine in. Of course, what do they do? They plugged it back in again. So now all of a sudden this morning, we get a wake-up call from our monitors that are running they're on their Cisco firepower firewall, where we have their extensive suite of additional software. This isn't just an off-shelf, Cisco firewall.

It's telling us that the SonicWall or something through our, via the SonicWall. Is going through all this customer's network. It's actually attacking the Cisco firewall from inside the network. Absolutely amazing.

Why does that happen? In this case, the business owner, and it is a very small business. It has about 5 million in revenue per year, I would guess. It's a small business by every stretch. The owner just doesn't want to spend the money he doesn't absolutely have to spend. He's not looking at this saying I could lose all my intellectual property. I could get sued by these people. I could lose my clients who find out that their data was released. Their orders were released. Everything was stolen.

He looks at it and says, Oh wow. It's 200 bucks a month. Wait a minute guy, you have how many employees? You're worried about 200 bucks a month. I personally, I don't understand that. Why would you do that?

Now, you're in a poor country. Okay. I get it right. That's a lot of money to spend, but not here in the United States. Doesn't make sense.

A lot of this is really the reason I brought it up. It's showing how there is a disconnect between business owners, C-level people, and cybersecurity people. Basically, if you have less than 200 employees, you cannot afford to have your own cybersecurity team. It's impossible. It's way too expensive.

Then the numbers start to change outsourced cybersecurity, which is what we do. We do this for this customer and. The in-house cybersecurity people, but we all have the same basic problem. The owner has a problem too, right? He has to weigh the costs of cybersecurity against the risks involved, which is what Equifax did.

What so many of these big companies do, right? There's this, the norm Equifax said it's going to be way cheaper to just pay out $10 million in fines. When we get fined by the federal government for losing everyone in the country's personal financial information then it is to do this or we're not going to bother.

Man, I'd love to see the smoking gun email on that, where they made that final decision, probably doesn't exist. They're smart enough to know that they would get sued and they have been sued because of this.

We've got another problem right now because of people working from home. I mentioned, in fact, this week, you should have gotten an email from me on Thursday. That was a little audio thing that I put together. We call these things, audiograms, and it's a kind of a video that'll play.

This particular one is about part of this problem. We've talked extensively about that water plant in Florida, that was hacked for lack of a better term. It might've been an insider thing. It might've been someone external, et cetera, et cetera. The reason it happened is that business, the water plant for a town of 15,000 people, which would be in a normal world, a small business. That small government operation was all of a sudden faced with lockdowns. What do we do? They didn't have a plan. They didn't have a business continuity plan, which is so important. I talked about it extensively last week as well. They had no way to manage this. So what did they do? They went out and bought team viewer licenses for everybody in the business. That put, well not the business, in this case, the agency, that put the agency at risk.

That is putting our businesses at risk too, in such a big way. That's what the audiogram I emailed out on Thursday explaining this a bit.

So stick around. We're going to continue this conversation.

Of course, you're listening to Craig Peterson online@craigpeterson.com.

We have people working from home. We didn't really plan for this. We're doing it because of the lockdown. Maybe, you found that it's actually better for your business, from whatever angle. What are the risks here of people taking computers home?

Hello. Everybody Craig, Peterson here. So glad to be with you today. Glad you're taking a few minutes out of your day as well to listen in.

Now I am very concerned about people using computers that they're taking home. I want to make a definition. Maybe there's a better way of saying this, computers that are used at home, home computers should never be used for work.

I'm going to explain why. Computers that are at work probably should not be taken home. We saw the example of this, just this last couple of weeks.

I was talking about this wonderful plugin that I've been using and recommending people use here for a very long time, called the Great Suspender. We've talked at length really about what happened there with the company being bought and then becoming evil, right? Just buying their way into 2 million people's computers.

Sometimes these Chrome extensions that are installed on personal computers get automatically installed and synchronized to your work devices. In fact, that's the default. If you log into Chrome and you're using Google Chrome as your browser and you log into it on your home computer, and when you log into your same account over on your business computer. All of a sudden, now it's syncing. It's syncing things like passwords, which you should not be having Google store for you. You should definitely be using a good password manager and there are a few out there.

If you're not familiar with them or don't know which one to use or how to use them. I have a great little special report on passwords and using password managers. I'd be glad to send it to you. Just email me@craigpeterson.com and I'll send that on-off, right? I'm not making a dime off of that. I want to make you safer.

I don't want to have happened to you what's happened to millions of Americans, including my best buddy who had his information stolen. I've been after him to use password managers. He never did it. I don't know why.

Until his paycheck got stolen. Then he came over and I explained it and set it up with them and really helped him out.

Maybe we should do a whole webinar showing you how to use these password managers, how to get them set up because it is a little bit tricky. It's certainly different than you're used to. Many people are using their browser Chrome in this example, to save passwords. When you go to a website, you'll automatically have the password there. Maybe you've got it set up so that it'll automatically log you in with all kinds of cool stuff. But there is a very big problem and that is that there is a huge risk with running these extensions, like the Great Suspender. The Great Suspender was approved by Google. It was in the Google store. You could download it from their app store. Absolutely free.

In January of this year in 2021, we had someone out on Twitter, tweet that there was a problem with the security on the Great Suspender. It had been changed. It was being used now to send ads out and other things. That's pretty, pretty bad. The extension wasn't banned until about a month later and you as an end-user had no official notification that this extension was potentially malicious.

Apparently, they could, with this malicious software they embedded, not just show you ad, not just insert their own ads to generate revenue onto the webpage as you were visiting, they could also grab files from your machine. That's a very bad thing.

Now, presumably, if you're at work, you have a team that's helping you outright. The IT security team, there may be different teams and maybe the same person who also is the office manager, who knows. It does vary. Businesses cannot know what you're doing when you're starting to install those extensions and they are pushing their way onto your office computer because you're using the same Google account in both places.

Now, despite the risks, of course, I installed this Great Suspender used it for years and I was pretty happy using it. I know many other people who were in the same boat. Security teams have some great tools. I mentioned my son who's one of our team members got called out to a client. During the break, I was just chatting with him briefly. What had happened is they plugged in this firewall we told them not to plugin. It was apparently hacked from the outside. It had known security vulnerabilities. He had not, this small business owner had not yet paid for maintenance on his little firewall, so he was not getting security updates.

In fact, my team member looked at this and found that it had been three years since the firmware on his firewall had been updated. The bad guys got into his network through this secondary firewall, which we told them not to have not to plugin. Our firewall only noticed it because this malware started scanning everything on the network. Of course, it scanned two of our machines, one being the firewall.

Remember this isn't a regular firewall that we put in there. This is a firepower firewall with a whole bunch of extra software on top of it. In our data center, we have some huge machines that are sitting there watching what's going on remotely. On our client's networks via that firepower firewall.

We started getting all these notices as to what was going on, but this is a great example. We're not updating some of that software. He had a security team and he ignored the security team. We were the security team. We're outsourced cybersecurity that's what we do, but that happens many times.

Many business owners and others look at the cybersecurity situation as having many different shades of gray. What should you do? What shouldn't you do? The teams that are working in these businesses, including us. We have to tell them, Hey, don't use that firewall. Do not plug it in. You don't need it. If you plug it in, it's going to make it way easier for some of your people to work from home. This is not set up correctly and you're going to have problems. That's a difficult conversation to have with a business owner. We had it and he ignored it much to his peril.

In this case, this one is hard to tell how much data was stolen from his business. The impact from this could last for months, and there could be investigations who knows what's going to end up happening here. That business owner and I, because I spoke to him as well about this whole situation before this particular event happened just about two weeks ago. In fact, that was a reminder cause they had plugged it in again. Six months before that we had told the business owner, you can't plug this thing in, you cannot be using it.

How do you do that? How do you let an impacted employee, somebody who's working from home, maybe using their own computer to do work for the business? How can you approach them and tell them, Hey, you cannot use Google Chrome? You cannot save your passwords on your browser. You cannot install extensions. Even if you had a list of extensions today that were bad, that list is going to be out of date tomorrow, which is going to be a very big problem.

Individual users do not have the ability to check this. Frankly, most businesses don't either. Again, that's why a business under 200 employees cannot afford to do this yourself. You just can't. This is a specialty.

We were talking yesterday with a prospect who had been brought to us by a break-fix shop and trying to get this concept through. We're going to talk a little bit more about that. What should you be doing? How can you pay attention? How can you even be safe in this day and age?

Hi everybody. Craig Peterson here. We've been talking about supply chain problems. That's a technical term for it, but the software that we rely on becoming evil, and what can we really do about it?

Hello, everybody. You're listening to Craig Peterson.

How do you talk to a business owner and help them understand? That's a problem. Isn't it? Look at what happened a few years back with TJX stores. Them as maybe TJ max, that's one of their stores. They have a number of others.

Their cybersecurity guys did something I have seen done before. That is, they went to the management of this massive public company and said, Hey, TJX, we need to get this hardware. We need to get this staffing. The hardware course pretty expensive and it sits there and it does much the same stuff. Even back then. Nowhere as good as today. It's exponential, as to how much better it gets every year, but it was good hardware. It really could have stopped the hack that happened and it did.

Here's what it did. It noticed the hack was going on. The problem was they were able to say yes to the hardware, the senior management said yes. They got the hardware, but senior management would not get the security technicians that were needed to monitor and run that hardware. They were short-staffed.

That's another problem we're seeing. That's why the companies you're dealing with, whether it's Equifax, with who you do not have a direct business relationship with, and yet have all this information about you and sell that. Or maybe it's just some other website. That's why they lose your data. It's a real bad idea. The bad guys are just waiting out there just siphon all of your data. In many cases, when you're talking about a business and a business website, or even your home computer, they're looking to redirect you to malicious websites.

What they'll do is for instance, again, the Great Suspenders' an example, that they claim it's been fixed now. With something like an extension or a plugin that you put in your browser, they could rather easily code it up so that you are going to a website that's malicious.

It could look like Bank of America's website and you go there and you enter in your information. You put in your username, you put in your password, it asks you a security question. Maybe maybe not, but your username and password. Then it says incorrect. Then your screen refreshes while your screen just refreshed because you were not at the Bank of America, originally. You were at a malicious website and you entered in your username and password. Now the bad guys have your username and password to your banking system, to your login, to your bank accounts. They got that. That's all they needed. They didn't want you to know that this was going on so they just went ahead and redirected you over to the real bank website. Hence, the supposed reload.

It's a very big weakness here in how IT and security teams operate because too few security teams really can relate with the CEO and vice versa. I've seen that all of the time with people working for me in cybersecurity, you've got a really good idea of what needs to be done, how it needs to be done when it needs to be done. To you, it's the most important thing in the world, right? You don't want the business to go under, you're going to lose your job, maybe your pension retirement plan is tied to that business. You don't want it to happen, but have you got the trust built up with the senior management?

Then how about the other side of this relationship? How about if you're a cybersecurity person? Even if, again, you're not a professional, you're just the person tasked with it in the office or you're the person tasked with it at home. How do you go to the other employees and tell them you can't use your Google Chrome account here in the office? How are you going to enforce it? How are you going to tell your husband or wife, Hey, that's dangerous? I don't want you installing any of these extensions on your computer. One of the really bad things that people do with their browsers is they put on these real fancy little extensions that give all kinds of extra wonderful information. It ends up as a toolbar and it lets you do searches on this site or that site. Maybe it keeps you up to date on the stocks that you have in your portfolio. You're telling hackers what stocks you own, really? It might be legitimate, right. But who knows? That's the problem. Something like that can really mess you up and send you to malicious sites. You know that your spouse is using that or your kids are using that. How do you talk to them? How do you solve those problems? It's a real problem.

There are some interesting tools that you can use, as professionals. There's a Slack channel I can send you to, if you're interested, actually, it'll be in the newsletter that comes out on Sunday. At least it should be under one of those articles. It is a problem.

Netflix, by the way, is really trying to help you out too. Not only did the Netflix security team provide some feedback for what's called the honest security guide, but it's also made some of its user tools, the tools that you might use at your home to find a movie, et cetera, it might help really to secure you.

Git Hub has this. It is called, this is a Netflix skunkworks, the stethoscope app. It's a desktop application created by Netflix that checks security-related settings and makes recommendations for improving the configuration of your computer. It doesn't require central device management or reporting. You can have a look at that. If you are interested, let me know. I can probably point you in the right direction to the stethoscope app. That's what we want to see in this honest security guide. You'll find it online. At honest security is a guide to your devices, security, which in the biz we call endpoint security and it is cool. You can run through all of this list is a big checklist and talking about why honest, and they're saying dishonesty stops you from doing the right thing.

That's why in my courses, I spend a lot of time, more time in fact, on the why than the how. I want you to understand honestly, why you should or should not do something.

There are so many people who are out there yelling and screaming, jumping up and down. Particularly your antivirus companies. You fake VPN companies who are trying to get you to buy their products that not only do not need in most cases but will actually make your computer less secure.

So we have to be careful about all of this stuff. We have to make sure we are talking. We've got to have a trust relationship set up with the owners of our business. Cause you guys, some of you, I know own businesses, some of you work for a business. We've got people listening to this all over the world and every continent I've even seen a listener down in Antarctica. I really can say every continent. It's important that we know how to work with our fellow employees, with our management, with our family members, to help them to know what they need to do. There is no time to wait. We have never seen as many attacks as we're seeing now. We've never seen the government using its resources to attack us more than we have now.

We've never seen more billions of dollars stolen per year by the bad guys. There are some basic tenants that you can follow that will make you way more secure. And that's why you're listening. That's why I go through some of these things to help everybody understand.

That's also why I go ahead and make sure that I answer your emails. If you have a question, make sure you go ahead and ask. You can just email me at me@craigpeterson.com. If it's something urgent, I have a form on the bottom of my homepage @craigpeterson.com. You can give me a little bit more information. I tend to keep an eye on that a little bit better than my general email, although I do use some amazing email software that helps me to keep track of the real email and get rid of the spam and put things in boxes and stuff craigpeterson.com. It's that simple email me me@craigpeterson.com. If you have questions.

I hope that Google is going to continue to improve itself. I love the fact that they found out that this one extension was malicious.

For those of you who might've just tuned in, we're talking about something called the Great Suspender something I've used for years, it became malicious, but they need to do more.

As people who are concerned about security, we just can't wait for the next incident. Just again, this client of mine, who we've been warning about this for months, he's stopped doing what we told him to do, and then decided well it's just too difficult. That's something we hear a lot from businesses. Oh, it just hampers the work. It hampers it because now we have to get permission from it in order to mount this particular drive or gain access to those files or materials. Yes you do, because we have to stop the internal spread of all of this malware and all of these hackers.

It is absolutely worth it.

All right, everybody. Thanks again for joining me today. I really hope you've been enjoying this. I have years' worth of podcasts out there and you'll find all of those at craigpeterson.com/podcast or on your favorite podcast platform.

If you subscribed under iTunes, you might've noticed, ah, yeah, I just released a whole batch there too.

I expressed concerns about owning an Apple watch. I held off for a long time. I want to talk about these devices now, the security concerns, but also the amazing health tools that are built right in.

Hey, welcome back. This Apple watch is really fascinating. It has been around now for six generations. There are a number of other watches that have had, or tried, I should say, to compete with Apple. They haven't been very successful. You might've noticed that. I have a friend that bought some watches for his family and to him that monitor all of the basic vitals and record them and send them up to his phone. It's a 20-ish dollar watch. He got it from South Korea probably are parts made in China, but it is an inexpensive watch and it does some of the basics at the other end of the scale.

Let's have a look right now. I'm going to go to apple.com online, and we're going to click on watch. Here we go, Oh, my they've got special watches so you can buy their watches. It looks like the new one, the Apple watch series six for starting at 400 bucks or they have two different sizes. . They have a more basic watch called the Apple Watch SE that starts at about $300. You can still get the Apple watch series three. Now, these all can monitor high and low heart rates. They can give you irregular heart rhythm notification, but it's only a-fib atrial fibrillation, I think is the only one they can monitor, but all three of those can monitor that.

As I said, my buddy's watches, he got for his family at 20 bucks apiece are able to do most of that as well.

These are water-resistant to 50 meters, which is really cool. The series six also has an ECG app. That is very cool. You open the app, you put your finger on the crown of the watch and it gives you an EKG right there on the watch and it feeds it to your phone.

On your phone, you can turn it into a PDF. You can share it with your doctor on and on. It's just amazing. It's a three-lead type, I was in emergency medicine, right? A med-tech EMT, EMT-PD can't remember. I had a whole bunch of different certifications back in the day. But it's fantastic for that.

It also has a blood oxygen app that monitors your blood oxygen levels. It ties all of this into their new exercise app, which is amazing. That ties into your phone or your iPad. I will go down in the basement onto the treadmill and I'll select your treadmill workout. It has dozens of them.

Have you seen this really fancy treadmill? A couple of years ago they got in all kinds of trouble because they advertised it around Christmas time and apparently this woman really wanted a treadmill and she got one and she was all excited. All of these people jumped out of the woodwork. All your you're saying she's fat, et cetera. No, she wanted a treadmill.

These are amazing treadmills because they have built into them. These streams and you can join classes, et cetera. With the Apple Watch, my iPad, and a subscription to this iHealth app, which you can get as part of this Apple plus thing you can buy for 30 bucks for the whole family, 30 bucks a month.

I don't know how many I have seen probably a hundred different workouts on there. It has different workouts, different types of weightlifting, running, jogging, treadmills, elliptical machines, everything. You can pick your pace. You can pick your instructor, you can pick everything.

Then your Apple watch is monitoring your body. As you're working out. So it's telling you how many calories you've burned. What's your heart rate is to help keep your heart rate in the best range for you, depending on what kind of a workout you're doing. It also lets you compete against other people.

Does this sound like an ad for the Apple watch?

You can compete with other people your age doing the same workout and see where you're at. I was really surprised because typically I am at the front of the pack when it comes to my treadmill workouts. That's really cool as well.

Those are some of the basics. There are other things too, that Apple is doing. We've found, right now, that Mount Sinai just came out with an announcement and they said that the Apple watch can predict COVID 19 diagnosis up to a week before testing can detect it. Yes. Isn't that something? Not only can the Apple watch help with certain heart arrhythmias, but it can predict that you have COVID-19 too a week before testing normal testing. Those swabs can find it out.

This is from the journal of medical internet research, which is a peered review journal. And they found that wearable hardware and specifically the Apple watch can effectively predict a positive COVID-19 diagnosis up to a week before the current PCR-based nasal swab tests.

They called this the warrior watch study. They had a dedicated Apple watch and the iPhone app, and they had some participants from the Mount Sinai staff and it required, of course, these staff members to use the app to turn on the health and data monitoring and collection, and also asked them to fill out a survey every day to provide some feedback about their potential COVID-19 symptoms. As well as other things like stress can obviously make your heart rate, go up your blood pressure, go up, et cetera. Oh. By the way, Apple, supposedly the rumors are, we'll have a BP sensor in the Apple seven that'll be out later this year, most likely.

So they had several hundred healthcare workers and the primary biometric signal. I know that the studies authors were watching was heart rate variability. This is fascinating to me because it's something that I learned about fairly recently. Then when I got my Apple watch, I read up more about this, but basically, heart rate variability is what it sounds like. It's your heart rate. Let's say your heart is beating at 60 beats per minute. It is not beating once every 10 seconds. It is not beating once a second. Your heart rate will vary over the course of that minute. If you're healthy. Obviously, a beat every 10 seconds isn't 60 a minute.

Let's use that as an example. Somebody who's almost dead and has six beats per minute. The first heartbeat might be at 10 seconds. The second heartbeat might be at 22 seconds because your heart is supposed to vary its rate of contractions based on immediate feedback. It's not just that you're going out in your running and now you've driven up your heart rate and you're doing your cardio and it or you just walked up a flight of stairs or you stood up, which is another test, by the way, what we're talking about here.

You might just be sitting there, but your cells have a different need for oxygen or for the blood. The heart slows down slightly or speeds up slightly. This heart rate variability is something built into the Apple watch and into the iPhone app that you attach to the Apple watch. Isn't that useful without an iPhone, frankly? Then you can look at your heart rate variability right there.

They said, combining that with the symptoms that people reported, these Mount Sinai staff, that the symptoms that they reported that were associated with COVID-19 including fever, aches, dry cough, gastrointestinal issues, loss of taste and smell corresponded with changes in the heart rate variability. I thought that was just absolutely phenomenal because heart rate variability is considered to be a key indicator of strain on your nervous system. COVID-19 obviously is going to put a strain on the nervous system. Just very neat. It says here that the study was not only able to predict infections up to a week before tests provided confirmed diagnosis but also revealed that participants' heart rate variability patterns normalized fairly quickly after their diagnosis or turning to normal run about one to two weeks following their positive tests. That's from a TechCrunch, that particular quote.

I am very excited about this, but I am also on the concerned side. I'm concerned because they are collecting vital data from us. All of the major companies, Google and Microsoft and Apple want to be the company that holds all of your personal medical records.

We're going to get back to that when we come back here. What is happening? How is your doctor managing your medical records? I was really shocked to find out how that industry is working.

Of course, you're listening to Craig Peterson. Check it out online. Craig peterson.com.

Welcome back. What are you doing? Are you asking your doctor how they are handling your medical records? Because I think you probably should based on what I learned just this week.

Hi everybody. Craig Peterson here. Thanks for joining me. We were just talking about health. We're talking about the Apple watch and the fact that there's a lot of competitors out there, some of them, a fraction of the cost. If you buy the Apple watch on terms, you're going to pay less in one month's payment on terms to Apple than you would for some of these other watches out there, but Apple watches do have more features.

Mine even has a built-in cellular modem. Even if I don't have my phone with me, phone calls come through to my watch and text messages, and I can respond and answer. It's really nice. Medically I am very impressed. It has been good at motivating me to do some exercise, to get up, and about just to do a bunch of things I had never, ever done before. Consider that.

It is collecting our data. Apple now has potential access to all of my cardiac data. They've got EKGs that I have run on my watch. They know about my heart rate. They know how often I exercise, and how hard I exercise when I exercise. They know all of this stuff about me. I had a conversation with someone just saying why does that matter? Maybe it's Apple, maybe it's somebody else. Why does it matter?

It does matter. Think about an evil genius, right? The thing about somebody that might want to target Americans and might want medical information about Americans. They can gather it in a number of different ways. We're going to talk about medical records here in a little bit.

One of the things they could certainly do is grab all of our watch data. Some of these watches, including my Apple watch, have GPS built into them. When you're out running or jogging, you know where you went, you can plan your route and it'll remind you, Hey, turn here, turn there. That's one of the things I love about the Apple Watch when I'm using it with Apple maps out driving, it taps me on the wrist and reminds me, Hey, in 500 feet, you got to turn.

If I look at the watch, it'll even show me the turn I need to make coming up in 500 feet. It's really amazing. All of this information is being compiled and hopefully, it's being compiled by a company that we can trust. At this point, we can probably trust Apple. Hopefully, they're not going to be broken into. Now, their margins or profit is high enough that they certainly can afford a security team, one capable of defending them and defending our data. I hope they are. I suspect that they are for the most part.

How about some of these others? We know Google, for instance, is in the business of collecting and selling our information, is having all of our medical information. Not just the stuff from our watches, but the stuff from our doctors. Are they to be trusted with that kind of information?

Going back to that bad guy, that mad scientist we can, and probably do engineer viruses that are targeted at specific things. In fact, the Russians have been doing it. The Soviets' started it, they came up with a phage. That can attack certain viruses and it acts like a virus it gets in and does this little thing. We've got right now, these COVID-19 vaccines and they act like a virus they're messing with, well effectively, the DNA. In fact, it's the RNA, but it's pretending, Hey, I got a message from the DNA, here it is.

What if a bad guy knew that are a certain population in a certain area, and that area was right by this important military base or whatever they came up with something that would target them and they'd have all of the data to do it now. That's obviously an extreme example. A more common example would be that your medical data is there. It's being sold to advertisers and you're going to end up with something.

For instance, there's a company, very big company out there and they sell baby products. What they did was they tracked and they bought this information, but they tracked women who were purchasing certain things. Now, they weren't purchasing things that were directly related to having a baby, right? They weren't purchasing diapers or little jumpsuits or whatever it is. They were purchasing things that were not directly related maybe people wouldn't even think they were typically related to having a baby. Yet they were able to figure this out. They got that good with the data. So they thought, Oh, okay let's get wise here. Let's send out a postcard, congratulating them on their pregnancy and offering them a discount on something. Yeah. Not a bad idea, frankly.

However, in this case, some of these moms I hadn't told anybody that they were pregnant yet and didn't want to tell anybody that they were pregnant yet. It fell on its face. Didn't it?

How about these ambulance-chasing lawyers that are out there? Are they going to want to gain access to this, to your medical records?

How about your employer? Your employer wants to know I'm going to train this person. Hopefully, they'll stick with us for a while, but is he going to be a burden on our medical plan? Keyman insurance, health insurance, life insurance. Have access to everything about you. That's what really concerns me about these, all of these devices.

Right now, pretty confident that I can give Apple this information and they will keep it pretty safe. But, I said the same thing about the Great Suspender, right? I don't know about the future.

Then I found something out this week that was in my mind extremely disturbing. We have a new clinic that we've picked up as a client. They needed to have security. They had a couple of little security issues. They were worried. They knew they were not HIPAA compliant. They approached us because they know that's what we do is cybersecurity and audits and remediation. Fixing the problems. We pick them up. They're a client. We're in there. They had told us in advance that all of their medical record systems were on-line. It was on the web. All they needed was a web browser to run their business. Okay. That could be a problem. It might be okay. The medical records manufacturer might have good security on all of the records. So we may be safe, although in HIPAA unless you have a business process agreement in place with that vendor if that data is lost, it falls back on the doctor's shoulders.

Anyhow, what I found out was, first of all, it wasn't completely web-based, which just shocked me. I'm not talking about they have to scan records or they got the x-ray machine or whatever. It really wasn't web-based and secondarily the company they were using for the medical records was a free service.

The doctor, that clinic, was not paying for their medical records management software. The way it works is this medical records management company when the doctor prescribes something when the doctor performs a procedure and bills and insurance company, it's all done through this one company and that company takes a chunk of their money.

In some cases we found seems to have been inflating the bills that went off to the insurance companies and that, as it turns out is a common practice in the industry. According to the doctors at this clinic, I was shocked, amazed.

Something you might want to look at. Ask your doctors where are your records kept and are they secure?

Now we had HIPAA. We thought that would secure it, but it doesn't.

Stick around.

Hey, we got a name now for what happened to the Great Suspender and QR code scanner apps over on the Google stores. One at Google Play, the other one over on the Google Chrome store. It's become that popular.

Hey, everybody, I wanted to mention this whole new category of malware really, and they're calling it, right now, Buy to infect. What happens is a bad guy, a malware guy buys a legitimate app and then starts infecting it. We know, obviously, about the one that I've been talking about a lot the Google extension that I used to use all of the time, the Great Suspender. I mentioned this one a few weeks ago, it's called QR code scanner. It's been on the Google play store for a long time, had more than 10 million installs and then all of a sudden it became malicious.

This is a little bit of a different angle on it because, with the Great Suspender, the ownership of that software actually transferred to somebody. With QR code scanner, they were working on a deal with a company and this company wanted to verify the Google play account for QR code scanner. This is all according to the owner, the original owner of QR code scanner. They said that what had happened is part of this purchase deal. I let them have a look and gain access to the software's key and password prior to purchase so they could confirm the purchase, which doesn't sound too bad. Apparently, as soon as they got a hold of the software's key and password, forget about the purchase, we're going to start infecting it right away. It ended up getting that app, the QR code scanner app, pulled right from the Google play score store. Of course, now you don't need that quite as much because most of the phone apps when you go to take a picture, the camera apps have built into them, a QR code scanner.

I thought that was fascinating what they did. They totally cheated the company. They didn't even bother buying it. So a little word for the wise out there.

Got another Apple story cause this is showing how the computer industry is really shifting. We've talked about some of the shortages of chips and the shortages of computer chips are so bad that General Motors has had to shut down two-thirds of its manufacturing lines in at least one plant. Every major automobile manufacturer is having problems making cars because they can't get the chips.

Remember nowadays, a car, a truck is essentially just a computer on wheels. Not really actually computer on wheels. It's really dozens of computers all linked together with a network on wheels.

Apple has been worried about that, right? Supply chain. That's one of the things you're supposed to worry about as a public company. What are the risks going forward including to my supply chain? Obviously your supply chain matters. You gotta be able to make something you need parts, right? Apple has been upset with Intel for a while. You might remember Apple. When it first came out, was using a Motorola chipset, which was exceptional much better than the Intel chipsets. Of course, that's my opinion, a lot of people agree with me. You had the 68000, 68010, and 20, et cetera. Very good chips.

When Apple started getting into the laptop business, that's when the problems started to happen. These Motorola chips gave off a lot of heat and used up a lot of electricity. At the time Apple looked around and said our only real alternative right now is Intel. Intel has a whole line of chips, different speeds, and they have mobile chips. Those mobile chips use much less power than the Motorola chips for the main CPU. They also use less battery. Those two go hand in hand and generate less heat. That's it all goes hand in hand. So they said, we'll start working with Intel. They did. Intel really disappointed them more than once, which is a shame. They disappointed them with the 64-bit migration. AMD, advanced micro devices, beat Intel to the punch. Shockingly Intel started making AMD compatible CPUs right. The 64-bit extensions to the CPU were AMD extensions. They had problems with some of their other chips as well. Mobile chips getting the power usage under control, the heat dissipation problems under control, and they never really lived up to what Apple was hoping for. What everybody in the industry was hoping for. In many ways, Intel has been a huge disappointment, which is really a shame.

We'll look at what they did to the industry, with these predictive instructions, the hyper-threading, and stuff. Where bad guys were able to bring a computer to its knees. What does Intel say? Here's a firmware patch you can apply to our CPU, those little CPUs you pay upwards of $2,000 for a piece for one chip. Those CPU's and by the way, it's going to, cut its performance by a minimum of 20%, maybe 50%, that's okay.

What are you kidding me? A lot of people were upset with Intel and Apple and Microsoft and everybody released patches that use the new Intel microcode. You might've noticed when this happened a couple of years ago that your computer slowed down. I certainly noticed, actually, it was little more than a year, anyway, I noticed it because I own a data center. That has a lot of Intel chips in it where we're running mostly Unixes, Linux, and BSD, but we're also running Windows. So the only way to work around this bug was to apply the patch and slow everything way, way down.

Imagine how Apple and Google felt with their huge data centers. IBM too. IBM has Intel-based data centers, as well as its own chips, and boy talking about phenomenal chips, as far as processing power goes, IBM, man, they are still the leader with the power chips and their Z series. That just wow. Mind-blowing.

Most of us are stuck in the Intel world. Apple said we can no longer trust Intel. So what are we going to do? Apple said we've been developing this chip for a long time. Apple took the chip design, they licensed it from this open sourcee type of company that has a number of members. They took this arm architecture and were able to improve it, and keep adding to it, et cetera. They're still part of this Alliance. They started using these in their iPhones. The iPhones have been using these chips the whole time and they started improving them after they released the first iPhones. Intel didn't really get them upset until a little later on, too.

They came up with newer ones, faster ones, better ones, right to all of these A10 their bionic chips. They've got AI chips, machine learning chips, all Apple designed. Chips, of course, manufactured by third parties, but that's what Apple is using. Apple has now said we expect all of their Macintosh computers to be based on Apple's CPU within the next two years.

There's already some really good ones out there right now that people like a lot. We've been using them with some of our clients that use Apple. Not everybody has had great luck with them, but Apple is not only ditching Intel, that's not the big story here. Apple's got some job listings out there looking to hire engineers.

So when we get back, we'll tell you more about what Apple is doing and what frankly, I think the rest of the industry should look at. Guess what? They are.

It's been Intel versus the rest of the world. They've been winning for years in many categories, but now they're starting to lose, as major manufacturers are starting to leave Intel behind. But there's more to the story still.

Hi, everybody.. Craig Peterson here. Thanks for tuning in. We're glad you're here. In the last segment of the day, I want to point everybody to the website, of course. You can get my newsletter. It comes out every Sunday morning and it highlights one of the articles of the week. It gives you a pointer to my podcast. So you can listen right there. There's just a lot of great information. Plus I'm also doing little training. I'm sending out, hopefully, next week, two little training sessions for everybody to help you understand security a little better, and this applies to business. However, it's not. Strictly business, much of what I talk about is also for home users. So if you want to go along for the ride, come along, we'd be glad to have you. There's a lot to understand and to know that you won't get from anywhere else. It's just amazing. Many other of these radio shows where they are just nothing but fluff and commercials and paid promotions. I'm just shocked at it. It goes against my grain when that sort of thing happens. Absolutely.

We were just talking about Apple and how Apple got upset with Intel, but they're not the only ones upset. We also now have seen a lot of manufacturers who have started producing Chromebooks and surface tablets that are based on chip sets other than Intel's.

This is going to be a real problem for Intel. Intel has almost always relied, certainly in the later years has relied on Microsoft and people bought Intel because they wanted Windows. That's the way that goes. It's just like in the early days, people bought an Apple too, because they wanted a great little VisiCalc, the spreadsheet program.

Now, what we're seeing are operating systems that do not require a single line of Microsoft software. Google Chrome is a great example of it. Linux is another great example and people are loving their Google Chrome laptops, and you can buy these laptops for as little as 200 bucks. Now you get what you pay for and all the way up to a couple of grand and they don't have a line single line of Microsoft code. Yet you can still edit Word documents and Excel documents, et cetera. They do not contain any Intel hardware. What was called, well, they might have a chip here or there, but not the main CPU. What used to be called the Wintel monopoly. In other words, Windows-Intel monopoly is dying. It's dying very quickly.

Apple is not helping now. Apple, they've had somewhere between seven and 10% market share in the computer business for quite a while. Personally, I far prefer Apple Macintoshes over anything else out there by far. I use them every day. So that's me. I don't know about you. There's a little bit of a learning curve. Although people who aren't that computer literate find it easier to learn how to use a Mac than to learn how to use Windows, which makes sense. Apple has really done a great job. A bang-up job.

With these new chips, it's getting even faster. We are now finding out from a report from Bloomberg who first started these, that Apple has been posting job listings, looking for engineers to work on 6G technology. 6G, right now we're rolling out 5g, which hasn't been a huge win because of the fact that if you want really fast 5g, like the type Verizon provides, you have to have a lot of micro-cell sites everywhere. They have to be absolutely everywhere. Of course, it's just not financially reasonable to put them up in smaller communities. If the Biden administration continues the way they're going with the FCC and the open internet type thing of a-bits-a-bit, then there will be no incentive for any of these carriers to expand their networks because they can't charge more for better service. If you can imagine that. Ajit Pai fought against that for many years, Trump's appointee as chairman to the FCC, but things are changing. The wind has changed down in Washington, so we'll lose some of those jobs and we're not going to get all of the benefits of 5g. If he keeps us up. 6G is coming.

What that means is Qualcomm, who is the manufacturer of record for most of the modems that are in our cell phones. Qualcomm has also missed some deadlines. Apple is tired of dependencies on third parties because Qualcomm might have somebody else that buys way more chips. It might be able to sell the same chip to the military of whatever country for a much, much higher price. They can sell it to consumers. Maybe they just change the label on it and call it a mill spec, and often goes right, who knows? What they're doing out there, but Apple doesn't want to do that anymore. They are looking for engineers to define and perform the research for the next generation standards of wireless communications, such as 6G The ads say you will research and design next-generation 6G wireless communication systems for radio access networks with emphasis on the physical Mac L two and L three layers. Fascinating, eh? What do you think? I think a huge deal as Apple continues to ditch, many of its vendors that have not been living up to the standards Apple has set.

Apple has moved some of the manufacturing back to the United States. More of the assembly has been moved here. The manufacturing, it's starting to come back again. We'll see the Trump administration really wanted it here. We need it here, not just for jobs, we needed it here for our security.

We've talked about that before, too, right? I want to also point out speaking of Apple and manufacturing, China, of course, does most of it for Apple and Foxconn is the company in China that makes almost all of this stuff for Apple. It's huge. Foxconn owns cities. Huge cities. They have high rises where people basically don't see the light of day, these high rise factories. You live there, you eat there, you shop there, you work there.

Like the old company store who is it, Tennessee Ernie, right? Owe my soul to the company store. That's what's happening over there. And Foxconn has kept its costs low by bringing people in from the fields, if you will, out there being farmers and paying them extremely low wages. On top of all of that, in some cases they're using slave labor. I found this article very interesting, from Ars Technica's, Timothy B. Lee. He's talking about a potential partnership between Apple and Nissan. Let me remember. I mentioned Apple talking with Kia and Kia is denying it.

The financial times reported on Sunday that this potential deal between Apple and Nissan fell apart because Apple wanted Nissan to build Apple cars, they would have the Apple logo on them. They all be branded Apple. It wouldn't say Nissan unless you took something seriously apart you might find it inside.

Nissan wanted to keep the Nissan brand on its own vehicles. Bloomberg reported last week that the negotiations with Kia and of course its parent companies Huyndaiin South Korea had ended without a deal. The Financial Times said that Apple has also sounded out BMW as a potential partner because Apple doesn't make cars.

So how are they going to do this? Apparently the talks faltered with Apple and Nissan because Nissan had a fear and apparently this is true of Kia too, of becoming quote the Foxconn of the auto industry, unquote, which is a reference to this Chinese well it's Taiwanese technically, but a group that manufacturers are while actually assembles the iPhones. Fascinating. Isn't it fascinating.

When you start to dig into this self-driving technology and the numbers behind it, that's where you wonder, why is Apple even trying at this point, Apple's test vehicles only traveled 18,000 miles on California roads. Between 2019 and 2020, or over the course of about a year, late in both years. 18,000 miles in a year. Heck, I've done that before with my own car.

Waymo, which is Google's self-driving project put on more than well, about 630,000 miles in California. Likely a lot more in Arizona where they doa lot more testing. Cruise, which is this startup that was put together by GM and Honda logged even more miles than Google's Waymo, 77,000 miles on California roads.

So this is going to be interesting. Apple sitting on 77 billion dollars in cash and short-term investments. That's more than the market capitalization, the entire market gap of a number of major market car makers, including Nissan, Ford. Actually, you add those two together and you haven't reached the amount of cash Apple has on hand and Stellantis, the parent company of Chrysler Fiat. They have the money potentially they could buy out one of these companies. We'll see what happens, the automated cars market's going to be huge. I'm looking forward to it. We're going to have a lot of struggles between now and then.

Hey everybody, if you haven't done it go right now to Craig peterson.com/subscribe. You'll get my newsletter. You'll get these trainings. You'll get to listen to my appearances if you miss them. You can find my podcasts on almost any platform out there.

Just check it out. Craig peterson.com. If you have a minute, leave a hopefully five star review for me. I'd really appreciate it.

Take care, everybody. Bye-bye.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553

1453 つのエピソード