Sign up to save your podcasts
Or
Share AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Adobe Flash and VPNs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Adobe Flash and VPNs
Welcome!
Good morning, everybody. I was on with Steve Fourni sitting in for the vacationing Jim Polito and we discussed Adobe Flash and why it went from Cool to Get it off my machine and why VPNs may not be keeping you safe. Here we go with Steve.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Automated Machine Generated Transcript:
[00:00:00] Craig Peterson: They might not realize it, but you probably have not been using it for a year or more. And if you're an Apple iOS user, you've never used it.
Whoa, man. Things are moving fast this morning. Craig Peterson here, I was on with. Steve Forni on a couple of stations down in mass, WHYN and WTAG covering central Western Mass parts of Rhode Island and Vermont and Connecticut.
And we were talking about three or four different things. But to me, the thing that mattered the most was this discussion about VPNs at home and at work. Anyhow, here we go with this morning's radio hit.
Steve Fourni: After the eight 30 news on Tuesdays, we bring in our tech talk guru prey. Craig Peterson has got all kinds of good stuff for us today.
Good morning, Craig. How are you, sir?
Craig Peterson: Hey, good morning. I'm doing really, really well. You know, living West of the four [00:01:00] 95, it's just a different world. Isn't it? Somehow there's no COVID testing. No nothing.
Steve Fourni: We're just a, we're living in our own little world out here. Aren't we? It's unbelievable.
Craig Peterson: Yeah, it's unbelievable.
And now we've got our own time zones, not their own area code it's yeah,
Steve Fourni: yeah. It's we're yeah. We're we might as well just start. Our own form of government will be the people's republic of western mass of, the other two-thirds of the state. thanks for listening to the show, Craig.
Craig Peterson: It's a great show. I've enjoyed it. I've enjoyed it. I'm looking forward to Jim coming back. You've been great, Steve.
Steve Fourni: Thank you. I appreciate that. And I'm also looking forward to Jim's return. But you got all kinds of good stuff for us today. Let's start with something that I never understood. Why all of a sudden Adobe flash player went from the only thing to use to borderline dangerous.
Do not get the Flash upgrade. Do not do this. I don't know what happened there, but maybe you can tell us a little bit about Adobe flash player and what happened.
[00:02:00] Craig Peterson: Yeah, I've been warning about it here for a few years out. It wasn't really great because Flash was the first time on the internet that we actually saw things moving and it was so cool.
It was so easy to do. I remember when I first author tool to make these flash little animated videos, advertisers started using them. All of a sudden, everything was jumping out at you and moving around. Well, like so many things today, including Zoom, Flash was created in a hurry in a big hurry by people who did not understand the implications of what they were doing. They continued to add features to flash.
[00:03:00] So it wasn't just like move this little guy let's animate something. Yeah, it was, well, you know what? We really need to be able to store stuff on the user's computer. So the next time they come to the site, it's going to go faster. You know what? We gotta be able to read this stuff from the user's computer because we wrote it last time.
So flash, you guys got to give us access to the person's computer. Oh. We need to be able to use more CPU and memory in order to do all of this stuff. So you had all of this feature creep added on, added on, added on without a real major revision to the security policies, and what we have now is something that's just horrifically insecure.
It's kind of like Java it, you know, great language. I have a friend that works on the Java compiler and engine, and it's just evolved to the point where it's not that's useful. And it's very dangerous. In fact, iOS, which is Apple's operating system for iPads, and iPhones 10 years old now has never supported Adobe flash.
[00:04:00] And as of the end of this year, Google's Chrome will no longer support it. Firefox doesn't support it anymore. So, you know, you're still using flash where you're a business. You better ditch it quick.
Steve Fourni: How about other Adobe products? Like, I mean, we use Adobe audition for all of our audio and recording and editing and stuff.
Are other Adobe products besides flash, just as dangerous or was it this sort of flash specific?
Craig Peterson: [00:05:00] Really it's Flash specific. Adobe Audition is great. They've got video editors, of course, Photoshop. So many people use and variants of it. They just have the normal security problems that you might find in almost any software that's out there nowadays. Nothing's a hundred percent secure, but Flash is about 90% insecure. That's an overstatement, right? But with the new protocols, if you will, that are in place for the internet and called HTML five. This new programming language, your browser is actually an operating system unto itself. Anything you could do with flash and more, you can now do with it.
Just the basics that are supported in every browser that's made today. So you're okay. Most of the rest of the Adobe software, but flash is something that you might not realize it, but you probably have not been using it for a year or more. And if you're an Apple iOS user, you've never used it.
Steve Fourni: Yeah, that's interesting.
We're talking with Craig Peterson, our tech talk guru. I know you've got quite a list here of stuff that to talk about at all, pretty relevant. especially now that we're working from homes, let's move on to VPNs, which we were, I mean, we all thought we're safe and we're all thought we're doing the right thing.
And companies tell us to go home and use the two-factor authentication and do all this stuff. And now maybe it's still sort of vulnerable to, huh?
Craig Peterson: [00:06:00]Yeah. I, if you attended my courses, cause I do all of these free classes and pieces of training and I'm doing more and more of them to try and help people out.
But if you attended my training on VPN, you really is that in almost all cases, it makes you less secure, then not using a VPN. Well, there's, there's a lot of details here. And if someone has a question I'm more than glad to answer that question for them, they can just drop me an email and I'll definitely help them out.
[00:07:00] But now we've got a warning from the national security agency, an agency that never, ever used to produce warnings to people. In fact, they liked to these bugs because they use them to break into. So, you know, governments and businesses that they wanted to spy on foreign businesses supposedly, but the agency, cybersecurity director over at the NSA, by the way, it was launched and put in place by President Trump who mandated that they start helping businesses as opposed to going after them.
Just collecting all of our data. They said VPN gateways, in particular, are prone to network scanning brute force attacks, zero-day vulnerabilities. So the bottom line here is network administrators. Yeah, hopefully, you're listening closely right now. Make sure you have a strict traffic filtering rule to limit these people that are coming.
I mean, in, on the VPN, right? What ports they can get to the protocols, they can use the IP addresses. They can reach within your network that is going out to these VPN devices because remember VPNs were designed to replace leased lines for businesses. So it connects one network to another network. So you've got somebody working at home.
Who's using their home computer on their home network and is now VPNing into your business. You now [00:08:00] have piggybacked to their network onto your network. And so now, who knows what that 16, 18-year-old boys, been going to online, right? All of that data, all of that ransomware, all of that malware can now spread to your business network.
So VPNs, huge, huge surety risk. And then those people who use them for home. Home users, get you going. You use these free VPN servers and services. You are actually being spied on even more by using those services than if you never used them in the first place.
Steve Fourni: So what, so what are we supposed to, what are we supposed to do then?
I mean, there's some, there's some stuff that I, I can't access from home without connecting to the VPN. Like I can't, I can't, you know, share a screen from my work computer from home without VPNing in.
Craig Peterson: Yeah, man, again, I can't speak to your network. I'm not sure exactly what they've [00:09:00] done.
Maybe they did everything right. Because it is possible to do this stuff. Right. But you cannot do it with even the prosumer technology. You got to get into the enterprise stuff. So, What do you do? Well, most of the time, what you should be looking at are screen applications. So for instance, you might be on your home computer and you might have a machine that you use at the office.
So you could use something like log me in, which is a Massachusetts based company here Logmein.com. And so there's a client sitting on. Your computer at work that allows you to drive your work computer. As though you're sitting in front of it, anywhere in the world, it can be controlled and regulated, et cetera.
But the idea here is now you don't have a VPN, the stuff that's on your computer at home, on your network, on the other computers at home. It's not going to cause problems at the [00:10:00] office. Bottom line. So using those types of things, like log me in there are many others out there is, is really where you'll see the wind here.
Don't just knee jerk. Like so many businesses have done. Don't we're going to do another class on this. Steve, I've convinced myself because this is so important, but don't just do a knee jerk and put it in a VPN in place and say, okay, well, there you go. Now we're all set. Use some of these other services, Microsoft has something they used to call terminal services.
Now the remote desktop, what we've done for a lot of clients, we do not expose remote desktop because there are all kinds of security problems with that again and again and again, but, basically, you can just have of a big server that could have 50,000, a hundred thousand people on it. Each has its own individual virtual machines that they can access from anywhere.
[00:11:00] Again, getting rid of the need for these VPNs that more often than not according to the national security agency is misconfigured.
Steve Fourni: Wow. That's very interesting. We're talking with Craig Peterson, our tech talk guru. And I did want to get to this one too because I do think that in some way, shape or form, we're going to have.
Students learning at home, at, and again, I think there's this thought that, Oh, well we're just learning from home. Just go fire up the computer and have at it. but I mean, again, cybersecurity is going to be so big for not only the students that are at work but for. The teachers for the schools themselves, administrators, what, how are, what is the, I guess the dangers, and what are some of the things we need to focus on?
If our kids are at home learning and keeping them safe from things like cyber-attacks and the like.
Craig Peterson: I was one of the members of the technology committee for back to school for the state. And we came up with a number of guidelines, looking at this and schools have always had trouble with cybersecurity.
And the biggest problem they have the budget. Right? It's somebody is [00:12:00] it person in the school district. Hey, here you go, you get to be the cybersecurity czars. So now they struggle. Yay. Come up to speed and get that title and maybe get an extra a dollar per week. And that's very, very difficult.
So you're continually hearing about schools getting ransomware. You know on top of all of that, you've got these kids that are hacking in trying to do the Ferris Bueller thing and change their grades. So, you know, my heart goes out to these people just again and again, but there are a lot of shortcomings in this.
They just don't have dedicated the funding. They don't have the skilled personnel to continuously vet and improve cybersecurity defenses.
You know, when you look at businesses with a thousand employees, they are having to investigate more than 100 cybersecurity incidences a day with a thousand employees.
Well, how about a thousand kids? So many of the schools are [00:13:00] saying, well, we'll just use the web, right? Because of the cloud, because the cloud is secure, which of course just isn't true at all. And this pandemic now, Yeah, it has amplified all of these risks and they're using VPNs in many cases, which makes things even worse than that haven't adequately secured data in the platforms.
So the FBI has a warning out right now saying K to 12 institutions are vulnerable to cyber-attacks because of limited resources. Yeah. Dedicated to network defense. So we've, we've gotta be careful in the last 30 days alone, Steve we've had more than 4.7. Million malware, incidents in the education industry worldwide.
[00:14:00] Wow. Almost 5 million. Yeah. And malware incidents in the last 30 days in school. This is really, really problem they're, ill-equipped, they're ill-trained and I don't know what the real answer to this is because we're. We're not putting the money into the schools and you know what, with all of this Cove and stuff, there's even less money, the schools are worried about making sure the kids can connect online, particularly in more rural areas because they just don't know.
I have the bandwidth. They might not have the hardware at home is a nightmare that is coming down at us. Rolling full steam ahead.
Steve Fourni: Well, very interesting Craig, somebody to keep an eye on and, people want more information. They can sign up for, the helpful service that you provide free of charge. All they have to do is text. my name Steve that's right. My name that's Steve, with a V to this number
Craig Peterson: Eight-five five three eight five five 53. And if that doesn't work, you can just email me ME @craigpeterson.com.
Steve Fourni: I love that, Craig. Thanks again for the time. Appreciate it. And, we'll get up with it with a Jim next week, but we appreciate the time and have a great day.
Craig Peterson: Take care of Steve.
Steve Fourni: Thank you. Take that, take it easy. There goes a Craig Peterson. Good stuff. We'll [00:15:00] have a final word.
Craig Peterson: We're going to be kind of doing some of the sneaky stuff here. See how this works with some lives, with some video content and yes, Craig is finally getting into the more digital age and I'm definitely gonna do that VPN. Training again. In fact, I think I'll break it up into a few different pieces of training because I think a lot of people had trouble following some of it. Although we had 95% of the people stay from beginning to end for my VPN training. And that's pretty typical for all of my pieces of training, frankly. Keep an eye out for that because I will be doing that again soon.
Go online. If you haven't already Craig peterson.com/subscribe.
Take care, everybody. Talk to you later. Bye-bye.
---
More stories and tech updates at:
www.craigpeterson.com
Don't miss an episode from Craig. Subscribe and give us a rating:
www.craigpeterson.com/itunes
Follow me on Twitter for the latest in tech at:
www.twitter.com/craigpeterson
For questions, call or text:
855-385-5553
View all episodes
By Craig Peterson
5
2323 ratings
Welcome!
Good morning, everybody. I was on with Steve Fourni sitting in for the vacationing Jim Polito and we discussed Adobe Flash and why it went from Cool to Get it off my machine and why VPNs may not be keeping you safe. Here we go with Steve.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Automated Machine Generated Transcript:
[00:00:00] Craig Peterson: They might not realize it, but you probably have not been using it for a year or more. And if you're an Apple iOS user, you've never used it.
Whoa, man. Things are moving fast this morning. Craig Peterson here, I was on with. Steve Forni on a couple of stations down in mass, WHYN and WTAG covering central Western Mass parts of Rhode Island and Vermont and Connecticut.
And we were talking about three or four different things. But to me, the thing that mattered the most was this discussion about VPNs at home and at work. Anyhow, here we go with this morning's radio hit.
Steve Fourni: After the eight 30 news on Tuesdays, we bring in our tech talk guru prey. Craig Peterson has got all kinds of good stuff for us today.
Good morning, Craig. How are you, sir?
Craig Peterson: Hey, good morning. I'm doing really, really well. You know, living West of the four [00:01:00] 95, it's just a different world. Isn't it? Somehow there's no COVID testing. No nothing.
Steve Fourni: We're just a, we're living in our own little world out here. Aren't we? It's unbelievable.
Craig Peterson: Yeah, it's unbelievable.
And now we've got our own time zones, not their own area code it's yeah,
Steve Fourni: yeah. It's we're yeah. We're we might as well just start. Our own form of government will be the people's republic of western mass of, the other two-thirds of the state. thanks for listening to the show, Craig.
Craig Peterson: It's a great show. I've enjoyed it. I've enjoyed it. I'm looking forward to Jim coming back. You've been great, Steve.
Steve Fourni: Thank you. I appreciate that. And I'm also looking forward to Jim's return. But you got all kinds of good stuff for us today. Let's start with something that I never understood. Why all of a sudden Adobe flash player went from the only thing to use to borderline dangerous.
Do not get the Flash upgrade. Do not do this. I don't know what happened there, but maybe you can tell us a little bit about Adobe flash player and what happened.
[00:02:00] Craig Peterson: Yeah, I've been warning about it here for a few years out. It wasn't really great because Flash was the first time on the internet that we actually saw things moving and it was so cool.
It was so easy to do. I remember when I first author tool to make these flash little animated videos, advertisers started using them. All of a sudden, everything was jumping out at you and moving around. Well, like so many things today, including Zoom, Flash was created in a hurry in a big hurry by people who did not understand the implications of what they were doing. They continued to add features to flash.
[00:03:00] So it wasn't just like move this little guy let's animate something. Yeah, it was, well, you know what? We really need to be able to store stuff on the user's computer. So the next time they come to the site, it's going to go faster. You know what? We gotta be able to read this stuff from the user's computer because we wrote it last time.
So flash, you guys got to give us access to the person's computer. Oh. We need to be able to use more CPU and memory in order to do all of this stuff. So you had all of this feature creep added on, added on, added on without a real major revision to the security policies, and what we have now is something that's just horrifically insecure.
It's kind of like Java it, you know, great language. I have a friend that works on the Java compiler and engine, and it's just evolved to the point where it's not that's useful. And it's very dangerous. In fact, iOS, which is Apple's operating system for iPads, and iPhones 10 years old now has never supported Adobe flash.
[00:04:00] And as of the end of this year, Google's Chrome will no longer support it. Firefox doesn't support it anymore. So, you know, you're still using flash where you're a business. You better ditch it quick.
Steve Fourni: How about other Adobe products? Like, I mean, we use Adobe audition for all of our audio and recording and editing and stuff.
Are other Adobe products besides flash, just as dangerous or was it this sort of flash specific?
Craig Peterson: [00:05:00] Really it's Flash specific. Adobe Audition is great. They've got video editors, of course, Photoshop. So many people use and variants of it. They just have the normal security problems that you might find in almost any software that's out there nowadays. Nothing's a hundred percent secure, but Flash is about 90% insecure. That's an overstatement, right? But with the new protocols, if you will, that are in place for the internet and called HTML five. This new programming language, your browser is actually an operating system unto itself. Anything you could do with flash and more, you can now do with it.
Just the basics that are supported in every browser that's made today. So you're okay. Most of the rest of the Adobe software, but flash is something that you might not realize it, but you probably have not been using it for a year or more. And if you're an Apple iOS user, you've never used it.
Steve Fourni: Yeah, that's interesting.
We're talking with Craig Peterson, our tech talk guru. I know you've got quite a list here of stuff that to talk about at all, pretty relevant. especially now that we're working from homes, let's move on to VPNs, which we were, I mean, we all thought we're safe and we're all thought we're doing the right thing.
And companies tell us to go home and use the two-factor authentication and do all this stuff. And now maybe it's still sort of vulnerable to, huh?
Craig Peterson: [00:06:00]Yeah. I, if you attended my courses, cause I do all of these free classes and pieces of training and I'm doing more and more of them to try and help people out.
But if you attended my training on VPN, you really is that in almost all cases, it makes you less secure, then not using a VPN. Well, there's, there's a lot of details here. And if someone has a question I'm more than glad to answer that question for them, they can just drop me an email and I'll definitely help them out.
[00:07:00] But now we've got a warning from the national security agency, an agency that never, ever used to produce warnings to people. In fact, they liked to these bugs because they use them to break into. So, you know, governments and businesses that they wanted to spy on foreign businesses supposedly, but the agency, cybersecurity director over at the NSA, by the way, it was launched and put in place by President Trump who mandated that they start helping businesses as opposed to going after them.
Just collecting all of our data. They said VPN gateways, in particular, are prone to network scanning brute force attacks, zero-day vulnerabilities. So the bottom line here is network administrators. Yeah, hopefully, you're listening closely right now. Make sure you have a strict traffic filtering rule to limit these people that are coming.
I mean, in, on the VPN, right? What ports they can get to the protocols, they can use the IP addresses. They can reach within your network that is going out to these VPN devices because remember VPNs were designed to replace leased lines for businesses. So it connects one network to another network. So you've got somebody working at home.
Who's using their home computer on their home network and is now VPNing into your business. You now [00:08:00] have piggybacked to their network onto your network. And so now, who knows what that 16, 18-year-old boys, been going to online, right? All of that data, all of that ransomware, all of that malware can now spread to your business network.
So VPNs, huge, huge surety risk. And then those people who use them for home. Home users, get you going. You use these free VPN servers and services. You are actually being spied on even more by using those services than if you never used them in the first place.
Steve Fourni: So what, so what are we supposed to, what are we supposed to do then?
I mean, there's some, there's some stuff that I, I can't access from home without connecting to the VPN. Like I can't, I can't, you know, share a screen from my work computer from home without VPNing in.
Craig Peterson: Yeah, man, again, I can't speak to your network. I'm not sure exactly what they've [00:09:00] done.
Maybe they did everything right. Because it is possible to do this stuff. Right. But you cannot do it with even the prosumer technology. You got to get into the enterprise stuff. So, What do you do? Well, most of the time, what you should be looking at are screen applications. So for instance, you might be on your home computer and you might have a machine that you use at the office.
So you could use something like log me in, which is a Massachusetts based company here Logmein.com. And so there's a client sitting on. Your computer at work that allows you to drive your work computer. As though you're sitting in front of it, anywhere in the world, it can be controlled and regulated, et cetera.
But the idea here is now you don't have a VPN, the stuff that's on your computer at home, on your network, on the other computers at home. It's not going to cause problems at the [00:10:00] office. Bottom line. So using those types of things, like log me in there are many others out there is, is really where you'll see the wind here.
Don't just knee jerk. Like so many businesses have done. Don't we're going to do another class on this. Steve, I've convinced myself because this is so important, but don't just do a knee jerk and put it in a VPN in place and say, okay, well, there you go. Now we're all set. Use some of these other services, Microsoft has something they used to call terminal services.
Now the remote desktop, what we've done for a lot of clients, we do not expose remote desktop because there are all kinds of security problems with that again and again and again, but, basically, you can just have of a big server that could have 50,000, a hundred thousand people on it. Each has its own individual virtual machines that they can access from anywhere.
[00:11:00] Again, getting rid of the need for these VPNs that more often than not according to the national security agency is misconfigured.
Steve Fourni: Wow. That's very interesting. We're talking with Craig Peterson, our tech talk guru. And I did want to get to this one too because I do think that in some way, shape or form, we're going to have.
Students learning at home, at, and again, I think there's this thought that, Oh, well we're just learning from home. Just go fire up the computer and have at it. but I mean, again, cybersecurity is going to be so big for not only the students that are at work but for. The teachers for the schools themselves, administrators, what, how are, what is the, I guess the dangers, and what are some of the things we need to focus on?
If our kids are at home learning and keeping them safe from things like cyber-attacks and the like.
Craig Peterson: I was one of the members of the technology committee for back to school for the state. And we came up with a number of guidelines, looking at this and schools have always had trouble with cybersecurity.
And the biggest problem they have the budget. Right? It's somebody is [00:12:00] it person in the school district. Hey, here you go, you get to be the cybersecurity czars. So now they struggle. Yay. Come up to speed and get that title and maybe get an extra a dollar per week. And that's very, very difficult.
So you're continually hearing about schools getting ransomware. You know on top of all of that, you've got these kids that are hacking in trying to do the Ferris Bueller thing and change their grades. So, you know, my heart goes out to these people just again and again, but there are a lot of shortcomings in this.
They just don't have dedicated the funding. They don't have the skilled personnel to continuously vet and improve cybersecurity defenses.
You know, when you look at businesses with a thousand employees, they are having to investigate more than 100 cybersecurity incidences a day with a thousand employees.
Well, how about a thousand kids? So many of the schools are [00:13:00] saying, well, we'll just use the web, right? Because of the cloud, because the cloud is secure, which of course just isn't true at all. And this pandemic now, Yeah, it has amplified all of these risks and they're using VPNs in many cases, which makes things even worse than that haven't adequately secured data in the platforms.
So the FBI has a warning out right now saying K to 12 institutions are vulnerable to cyber-attacks because of limited resources. Yeah. Dedicated to network defense. So we've, we've gotta be careful in the last 30 days alone, Steve we've had more than 4.7. Million malware, incidents in the education industry worldwide.
[00:14:00] Wow. Almost 5 million. Yeah. And malware incidents in the last 30 days in school. This is really, really problem they're, ill-equipped, they're ill-trained and I don't know what the real answer to this is because we're. We're not putting the money into the schools and you know what, with all of this Cove and stuff, there's even less money, the schools are worried about making sure the kids can connect online, particularly in more rural areas because they just don't know.
I have the bandwidth. They might not have the hardware at home is a nightmare that is coming down at us. Rolling full steam ahead.
Steve Fourni: Well, very interesting Craig, somebody to keep an eye on and, people want more information. They can sign up for, the helpful service that you provide free of charge. All they have to do is text. my name Steve that's right. My name that's Steve, with a V to this number
Craig Peterson: Eight-five five three eight five five 53. And if that doesn't work, you can just email me ME @craigpeterson.com.
Steve Fourni: I love that, Craig. Thanks again for the time. Appreciate it. And, we'll get up with it with a Jim next week, but we appreciate the time and have a great day.
Craig Peterson: Take care of Steve.
Steve Fourni: Thank you. Take that, take it easy. There goes a Craig Peterson. Good stuff. We'll [00:15:00] have a final word.
Craig Peterson: We're going to be kind of doing some of the sneaky stuff here. See how this works with some lives, with some video content and yes, Craig is finally getting into the more digital age and I'm definitely gonna do that VPN. Training again. In fact, I think I'll break it up into a few different pieces of training because I think a lot of people had trouble following some of it. Although we had 95% of the people stay from beginning to end for my VPN training. And that's pretty typical for all of my pieces of training, frankly. Keep an eye out for that because I will be doing that again soon.
Go online. If you haven't already Craig peterson.com/subscribe.
Take care, everybody. Talk to you later. Bye-bye.
---
More stories and tech updates at:
www.craigpeterson.com
Don't miss an episode from Craig. Subscribe and give us a rating:
www.craigpeterson.com/itunes
Follow me on Twitter for the latest in tech at:
www.twitter.com/craigpeterson
For questions, call or text:
855-385-5553