How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?
01:24:46 Share

We've got a new study out showing that North American organizations, this is businesses and others, are being hit with an average of 497 cyber attacks per week right here in the good old USA.

This is a study by Checkpoint Software Technologies. Checkpoint I used, oh my gosh, it would have been back in the 90s. Back then, they were one of the very first true firewall companies. And it was a system that I was putting in place for my friends over at, ah, Jeepers, I think it was New England Telephone. It might have been Verizon by then. I can't even remember. Man, it's been a little while.

But it was a system that we were using in front of this massive system that I designed. I made the largest Internet property in the world at that time called Big Yellow. It morphed into Super Pages. You might be familiar with that, but it was me and my team that did everything. We built the data center out. We wrote all of the software. Of course, they provided all of the Yellow Pages type listing so we could put it all in.

And we brought it up online and we were concerned. Well, first of all, you know, I've been doing cybersecurity now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company.

So they said, hey, listen, let's go ahead and we'll use Checkpoint and get things going. And we did. It was on a little, as I remember, it was a Sun workstation. If you remember those back in the day. And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing. This Checkpoint software. But they've continued on. They make some great software.

firewalls and other intrusions type stuff, detection and blocking. You know already that I am a big fan, at least on the bigger end, you know, today in this day and age, I would absolutely use the Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the firepower firewall, but has everything in behind.

Because in this day and age, you've got to look at everything that's happening, even if you're a home user. And this number really gets everybody concerned, home users and business users as well.

Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay a million, $10 million ransom. Those are the ones that they're after. And this analysis by Check Point Software, who does see some of those attacks coming in,

showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later too about where some of those attacks are coming from and the reason behind those attacks.

But according to them right now, the average number of weekly attacks on organizations globally so far this year is 40% higher than the average before March 2020. And of course, that's when the first lockdowns went into effect. People started working from home.

In the U.S., the average increase in the number of attacks on organizations is even higher at 53%. Now, you might ask yourself, why? Why would the U.S. be attacked more? I know you guys are the best and brightest, and I bet I don't even need to say this because you can figure this out yourself, but the U.S. is where the money is, and so that's why they're doing it. And we had President Biden come out and say, hey, don't attack these sectors because

Well, some of those sectors are under attack even more after he said that than before, right? It's like giving a list to a bad guy. Yeah, I'm going to be gone for a month in June. And yeah, there won't be anybody there. And here's the code to my alarm, right? You're just inviting disaster. The checkpoints also showing that there were more average weekly attacks in September 21, 2020.

That's this September than any time since January 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March 2020. It's kind of funny, right? It's kind of like a before COVID, after COVID or before the Wuhan virus and after the Wuhan virus. However, you might want to look at it.

So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before, some of my clients I've seen attack multiple times a second. So let's take a second and define the attack because being scanned is a kind of an attack. They're looking to see, oh, where is their device? Oh, okay, here's a device.

So there might be your home router, it might be your firewall or your router at the business. And then what it'll do is say, okay, I've got an address now I know is responding, which, by the way, is a reason that we always configure these devices to not respond to these types of things. And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have WAN access.

configuration enabled on any of your routers or firewalls because they're going to come in and identify you just on that because most of them brag about what version of the software you're running. And then if it's responding to that, they will try and use a password that

that is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running.

Some of these guys will even go the next step and will replace the software in your router or firewall. They will replace it so that it now directs you through them, everything you are doing through them so that they can start to gather information. And that's why you want to make sure that the SSL or slash TLS software

that encryption is in place on the website you're going to. So if you go to craigpeterson.com right now, my website, I'm going to go there myself. So if you go to craigpeterson.com,

you're going to notice that first of all, it's going to redirect you to my secure site. And it doesn't really matter. You won't see it. Okay. But you are there because if you look typically at the left side of that URL bar where it says Craig Peterson dot com, you'll see there's a little lock. So if you click that lock, it says connection is secure.

Now there's a lot more we could go into here, but the main idea is even if your data is being routed through China or Russia, both of which have happened before many tens of thousands, hundreds of thousands of times, I'm not even sure the number now, it's huge. Even if your data is being routed through them, the odds are they're not going to see anything that you are doing on the Craig Peterson site.

Now, of course, you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do, right? The outages, what's happened in the news. You can do all of that sort of thing on my site. Kind of a who cares, right? But really, what you care about is the bank. But it's the same thing with the bank. And I knew mine was going to be up there. I want everybody to just check it out anyway. So why not?

So the bad guys then do the scan. They find a web page login. They try the default login. If it works, the least they will do is change what are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead and when your browser says, I want to go to bankofamerica.com,

It is, in fact, going to go out to the Internet, say, where is Bank of America? The bad guys will intercept it and they will give you their Bank of America site that looks like Bank of America, feels like Bank of America. And all they're doing is waiting for you to type in your Bank of America username and password. And then they might redirect you to the real one. But at that point, they've got you.

So there are some solutions to that one as well. And Firefox has some good solutions. There are others out there and yet others that are in the works. But this is just an incredible number. So here's what I'm doing right now. I have been working for weeks on trying to figure out how can I help the most people.

And obviously I need to keep the lights on, right? I've got to pay for my food and gas and stuff. But what I'm planning on doing and what we've sketched out, in fact, just this week, we got kind of our final sketch out of it, is we're going to go ahead and have a success path for cybersecurity. All of the basic steps on that success path will be free.

Okay, so it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing right now here on the radio because you can't see my desktop. It's hard to do a deep dive.

And it's open to anybody, right? If you're a home user, if you're a business user, all of the stuff on that free path is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site, and then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with, you don't want to learn because believe me, this is something that's taken me decades to learn.

And it's changing almost every day. So I understand if you don't want to learn it too, that is the other option I'll give you, which is done for you, which we've been doing now for over 20, 30 years.

Stick around. So which sectors of our economy are being hacked? I mentioned that in the last segment, that yeah, there are some problems. And the sectors that President Biden laid out are the ones that are under even more attack after his message. 497 cyber attacks per week on average here in the U.S. That is a lot of attacks per

And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. So if it shows up when they do that little scan that you're using a router that was provided by your ISP.

That's a big hint that you are just a small guy of some sort. Although I'm shocked at how many bigger businesses that should have their own router, a good router, right? A good Cisco router and a really good next generation firewall. I'm shocked at how many don't have those things in place. But when they do the scan, that's the first cut.

So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from you. Pretty simple.

If you are someone that looks like you're more of a target, so they connect to your router and let's say it's a great one. Let's say it's a Cisco router firewall or Palo Alto or one of those other big companies out there that have some really good products.

At that point, they're going to look at it and say, oh, okay, so this might be a good organization. But when they connect to it, again, if WAN access is turned on, wide area access is turned down, that router is likely to say, this is the property of Covina Hospital or whatever it might be. And any access is disallowed, authorized access only. Well, now they know who it is.

And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet and I can tell you pretty much where it is, whose it is and what it's being used for. So that's what they do. So they have these automated systems looking for this stuff. It's found.

So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown. This Microsoft remote desktop protocol has some serious bugs that have been known for years.

Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years now.

So what the bad guys will do next is say, oh, is there remote desktop access? Because there probably is. Most smaller businesses particularly use that. The big businesses have a little bit more expensive, not really much more expensive, but much better stuff, you know, like the Cisco AnyConnect or there's a few other good products out there.

So they're going to say, oh, okay, let's try and hack in again, automated. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in. Aha. I can get in and I can get into this particular machine. Now there's another way that they can get into the remote desktop. And this apparently has been used for some of the bigger hacks you've heard about recently.

So the other way they get in is through credential stuffing. What that is, is, hey, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords and other information.

So what they'll do is they'll say, oh, well, this is Covina Hospital. And it looks it up backwards and it says, OK, so that's Covina Hospital dot org. I have no idea if there even is a Covina Hospital, by the way. And it'll come back and say, OK, great. So now let's look at our database of hacked accounts. OK, I see this Covina Hospital dot org email address with a password. So at that point, they just try and stuff it in.

can we get in using that username and password that we stole off of another website? So you see why it's so important to be using something like 1Password, a password generator, different passwords on every site, different usernames on every site, etc., etc., right? It gets pretty important pretty darn quickly, doesn't it? So now that they're in, they're going to start going sideways. And we call that east-west in the biz.

And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets involved and it depends in historically, it's been about six days on average that they spend looking around inside your network.

So they look around and they find, oh, yeah, great. Here we go. Yep. We found this. We found that. Oh, and there's these file server mounts. Yeah. These SMB shares, you know, the Y drive, the G drive, whatever you might call them.

So they start scanning through those and then they start looking for other machines on the network that are compromisable. It gets to be really bad very, very fast. And then they'll often leave behind some form of ransomware and also extortionware that extorts you additionally for the threat of releasing your data.

So there are many other ways. We're not going to get into them all today, but that's what we're talking about. We're talking about the 500 cyber attacks per week against the average North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw a 60% increase in attacks.

So their education, and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they end up with equipment that's just totally misconfigured. It's just shocking to me, right? They buy them from one of these big box online places. Yeah, I need a Cisco 1010.

And I need some help in configuring it. And oh, yeah, no problem, sir. We'll help you. And then they sell it to the school. The school installs it. And it is so misconfigured, it provides zero protection whatsoever.

Almost zero, right? It provides almost no protection at all and doesn't even use the advanced features that they paid for. Right? That's why again, don't buy from these big box guys. Just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week.

Research companies, again, 1,500 attacks per week. Government and military entities, about 1,100 weekly attacks. Okay, that's the next most highest attack. Healthcare organizations, 752 attacks per week on average.

Or in this case, it's a 55% increase from last year. So it isn't just Checkpoint's data that I've been quoting here that gives us that picture. There are a lot of others out there. IBM's has, Verizon's has, all of these main guys. And of course, in the end, they've got these huge ransoms to deal with.

hey in new hampshire one of the small towns just got nailed they had millions of dollars stolen and that was just through an email trick that they played okay again

IT people, I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people even because there's so much more that you need to know than you might know. Anyways, if you're interested in any of this stuff,

visit me online, craigpeterson.com slash subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings that I keep holding. In fact, there's one in most of the newsletters, craigpeterson.com, craigpeterson, S-O-N dot com. Stick around. We've been talking about the types of attacks that are coming against us. Most organizations are

Here in North America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? Whether they're scanning attacks, whether they're going deeper into our networks and into our systems, who are the bad guys and what are they doing?

Microsoft also has a report that they've been generating looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too.

But the source is an interesting way to look at it because the source can also help you understand the reason for the attacks. So according to Dark Reading, this is kind of an insider website you're welcome to go to, but it gets pretty darn deep sometimes. But they are showing this stats from Microsoft, which you can find online.

that in the last year, Russia has been the source of 58% of the cyber attacks. Isn't that amazing? Now, it's not just the cyber attacks. I need to clarify this. It's the nation-state cyber attacks. So what's a nation-state cyber attack versus, I don't know, a regular cyber attack?

Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state, a country. So Russia at 58% of all nation state attacks is.

is followed by North Korea, 23%. Iran, 11%.

China, 8%. Now, you probably would have thought that China would be right up there on that list. But Russia has 50% more of the nation-state cyber attacks coming from them than from China. And then after China is South Vietnam, I should say South Korea, Vietnam, and Turkey. And they all have less than 1%.

Now this is this new pool of data that Microsoft has been analyzing. It's part of this year's Microsoft Digital Defense Report. And they're highlighting the trends in the nation state threat, cyber activity, hybrid workforce security, disinformation, Internet of Things, operational technology and supply chain security. In other words, the whole gambit before all of this. Now the data is also showing

that the Russian nation-state attacks are increasingly effective, climbing from about a 21% successful compromise rate last year to 32% this year. So basically 50% better this year at effectiveness.

The Russians are also targeting more government agencies for intelligence gathering. So that jumped from 3% of their victims last year to 53% this year. And the Russian nation state actors are primarily targeting, guess who? Us, right? The United States, Ukraine, and the United Kingdom. Now, this is all according to the Microsoft data.

So why has Russia been attacking us? Why has China been attacking us? And why the change this year? Well, Russia has been attacking us primarily to ransom us.

It's a cash cow for them, just like oil and gas. They are making crazy money now that President Biden has made us dependent on foreign oil supplies. It's just insanity. And even dependent on gas coming from other places. Well, guess where the number one source of gas is now for Europe and oil? It's Russia. So we are no longer going to be selling to Europe gas.

Russia is. So they're going to be making a lot of money off of that. But before then, they were actually counting on ransomware to help fund the Russian federal government, as well as, of course, these Russian oligarchs, these people who are incredibly rich that have a substantial influence on the government. So if you're wondering who they might be, just think of people like

Oh, I don't know. Bill Gates and who are some of the other big guys? You know, Tim Cook, Amazon's Jeff Bezos, Elon Musk. Right. Those are by my definition and looking it up in the dictionary, they are oligarchs.

They get exemptions to laws. They get laws passed that protect them. In fact, most of regulations actually protect these big companies and hurt small companies. So I would call them oligarchs. And that's the same sort of thing in Russia. In Russia, okay, they probably have a little bit more underhanded stuff than these guys here do. But that's what Russia has been doing.

China has been continually going after our national secrets, national defense. The largest database of DNA of Americans. DNA, of course, is that unique key, if you will, building block for all of us. That's what DNA is. And the largest database of all of that uniquely identifying information is in China.

China stole from the Office of Personnel Management records of federal employees, their secret clearance, all of their background check information, who was spoken with, what did they have to say, and on and on.

So China has been interested in infiltrating our businesses that provide things to the military and the military themselves and the federal state and even the local governments. That's who they've been targeting. And that's why this 8% number might seem small. Although, as I just mentioned, this year, Russia...

moved dramatically. They used to be about 3% of their attacks were against the government agencies, and now it's 53%. So Russia...

And China are going after our national secrets and they can use them in a Cold War, which, as I've said, I think the first shots of the Third World War have been fired. And frankly, they're all cyber. It's all online. And Russia isn't the only nation state actor who's changing its approaches here. Espionage is the most common goal amongst all nation state groups as of this year.

The activity of hackers reveals different motivations in Iran, which quadrupled its targeting of Israel, surprise, surprise, over the last year. And Iran's been launching destructive attacks, things that will destroy power plants, etc. And North Korea, which is targeting cryptocurrency companies for profit. So they're stealing these various crypto coins, again, funding their government.

So it's a problem, absolute problem. Government sectors are some of the most targeted, 48%. These NGOs, non-government organizations that act kind of quasi-government functions and think tanks are 31%. And Microsoft, by the way, has been alerting customers of nation-state attack attempts. Guess how many this year that they had to warn about?

20,500 times in the past three years. So that's a lot. And Microsoft is not a company that's been out there at the front lines. It never has been. It's in behind. So to have them come out and say this is very bad, okay? By the way, your stolen username and password run for a buck per thousand, and it's only going to take you hundreds of hours to get it all cleared up. Isn't that nice?

Spear phishing for hire can cost $100 to $1,000 per successful account takeover and denial of service attacks are cheap from protected sites, roughly $300 per month. And if you want to be ransomware king, it's only going to cost you $66 up front, 30% of the profit. Okay, craziness. Hey, visit me online. Sign up, craigpetersong.com slash subscribe.

I had an interesting mastermind meeting this week. There's six of us. We're all business owners. And it opened my eyes pretty dramatically because one of the members got hacked. But that's not what I really want to emphasize here. This whole cybersecurity thing gets pretty complicated pretty quickly. And a friend of mine who is in one of my mastermind groups said,

had a real problem and here's what went on. We'll call him Walt for lack of a better name since that is his name and he doesn't mind me sharing this with you. Walt has a very small business that he and his wife run and they have a couple of contractors that help out with some things but his business is very reliant on advertising and primarily what he does is Facebook advertising.

Now, I've been talking for two years, I think, in this mastermind group about cybersecurity and the fact that everyone needs good cybersecurity. And he always just kind of po-hummed it and, well, you know, it's just too complicated for me.

And I got to thinking for, you know, a bit, really a few weeks. What does he mean too complicated? Because there's some basic things you can do. So this week on Tuesday, I was on our mastermind groups meeting and I explained, okay, so here's what happened to Walt. He had $40,000 stolen, which by the way is a lot of money for a teeny tiny husband-wife company.

And here's what we did. We helped him. We got the FBI involved and, you know, with our direct ties because we work with them on certain types of cases. And he got back every dime, which is just totally unheard of.

But without going into all of the details there, I spent probably about 15, 20 minutes with the whole group and the mastermind explaining the basics of cybersecurity. And that really kind of woke me up, frankly, because of their responses. Now, these are all small business owners.

And so they're making pretty decent money, in fact, every one of them. And they all have some contractors and some employees, well, except for Walt and his wife. They just have contractors. And I had two completely different responses from two members of this group that know me. Let me tell you, this was really eye-opening for me. And this is why you might have heard me in the first segment talking about this, but

This is why I have really changed my view of this stuff, this cybersecurity stuff, because I explained that if you're using things like Norton antivirus or McAfee antivirus or really any of them, even the built-in Microsoft Defender, this year, those standard antivirus systems are

have only been able to catch about 30% of the malware out there. 30%. You know, that's like having a house and you've got a security guard posted out front. He's armed. He's ready to fight. And yet all of your windows are open and all of your doors are unlocked. And all someone has to do is crawl in a side window because that guy that's posted up front, he's not going to be able to stop them.

So 30% effectiveness. And of course, Walt had all of the basic stuff. He thought he was good enough. It's not worth spending time or money doing any of this. And of course, it turned out to be

Well worth the time and money if he had done it. But he has a friend who has contacts and made things happen for him. So I guess he's kind of lucky in that regard. But I explained that and I said, you know, the way you have to go if you're a small business, it's about $997 a month for a small business with a handful of employees to

to get the type of security you really need. This is going to catch 90 something, 98% maybe if things go well of the stuff going on. In other words, you don't just have an armed guard at the front door. You've got all the windows closed and locked and the doors closed and locked as well. So yeah, somebody can still get in, but they got to really want to get in and risk getting caught.

So that's kind of the analogy that I used. Now, one of the members of my mastermind thought, well, okay, because you're just being frank with me, right? We're all friends. She said, well, initially I thought, oh, Craig, I'm going to have to have you help out with stuff here because I'm concerned about my security. I make some good money. She's the one that has employees. She has a million dollar plus a year business and she wants to keep it safe.

But then she said, you know, but you were talking about all of this Norton and stuff and that it doesn't work. So I just, I don't have any hope. And that's when another member jumped in and this other member said, well,

That's not what I got at all. I got the normal off-the-shelf stuff that you buy that you're going to get from Amazon or you're going to get from PC Connection or wherever. That stuff is not going to work, but there is stuff that does, but it's only professional stuff. You can only get it from professionals that are trained and certified.

which is the right message, right? That was the message I was trying to relay. Yeah, don't try and do it yourself because you can't even get the right tools that you need. That is frankly a problem. So that really got me to thinking in a very big way because here are two people that have heard me talk about cybersecurity and their eyes probably glazed over. But now their eyes, I know at least one of these ladies definitely glazed over.

So I've come to the realization that sometimes I get a little too deep into things. And although I can explain it quite well to many people, sometimes people glaze over and I get emails from you guys saying kind of the same thing. I really appreciate it. I don't understand a lot of what you're saying, Craig, but thanks for being there. Listen to you every week here on the radio.

then that's good, that's reassuring. But now I've come to realize a few things. One is I've got to be a lot clearer in my messaging because even when talking to my friends, it is a little bit overwhelming for them sometimes, right? And then the next thing is

Everybody needs help because you're being lied to. Right. How are people getting ransomware if the stuff that they're buying works?

Maybe it's just me, but I think there's a disconnect there. So a lot of you guys have gone out and you've hired people. And I want to spend just a few minutes right now going through some red flags that you need to be looking out for in vendor security assessment. Now, I'm putting one together as well, right? Yet another one. And what I'm trying to do is help you out, right? This is not a sales tool.

It is trying to help you figure out where you're at. I'm putting together a webinar that I'm going to be holding, what I'm calling boot camps, where I go through and show you exactly how to do the basic steps that you need to do in order to be safe online. All that means is your computer's plugged in. It doesn't mean you're going out and doing a lot of stuff out there on the Internet. It just means it's connected.

So those are going to be coming out. I will send an email out as soon as all of that stuff's ready because those are absolutely free. And these assessments, I have the basic one that you can do yourself. It's a self-assessment. And then I have the more advanced ones that I do that are five grand. Okay. So you've got to be a decent sized business for this to make sense where we look for all of the security problems.

on all of your computers and your networks and then give you a list of things you need to do and how to do them. Okay, so it's well worth it for them. But if you're a very small company and you're trying to do some of this yourself,

I want to help you. So that's what these boot camps are going to be all about. And also what this scorecard is going to be all about. So that's coming up, but here are some good red flags in an assessment. I found this again on dark reading. This is kind of an insider website for those of us in the cybersecurity business. But, um,

How can you verify the information that vendors are giving you about their own cybersecurity posture? We've heard in the news and I've talked about them all year this year and for years past that our vendors can be our worst nightmare because some of these hacks come in through our vendors.

So you've got yourself a cybersecurity company. How do you know if they are really telling you the truth? And man, is that hard for you to know, right? You can ask them questions and the salesmen are going to say, oh, yeah, yeah, yeah. That's why we don't have salesmen, right? We have engineers. You talk to me. You might talk to my son or my daughter, people who have been doing this with me, who I have trained and helped out.

So this guy who wrote the article and is this unattributed? I don't see an attribution on here on this page. I definitely want to give him. Oh yeah, here it is. John Babinec wrote this thing and he is a principal threat hunters, what he calls himself over at net and rich. So he says, here's what you got to do in, in a, if you're trying to be cost effective,

He puts in what I call an Edmund clause. And one of these days, I'll tell you that story. But he calls it a validity check question so that an honest vendor would tell you, no, they don't do X and give you a good reason why they don't. Like it's not cost effective. It's outside of a reasonable risk model, etc. Does that make sense to you? So.

When you're trying to evaluate a vendor who's going to be doing your cybersecurity, put in one of these validity checks, put in one of these questions. It doesn't really matter to you, but it's something that would be very hard for one of these cybersecurity companies to do.

And maybe it doesn't fit the risk model that you have. I think it's just absolutely brilliant. Probably one of the better ways when you're trying to evaluate an MSSP, a cybersecurity managed or otherwise provider, stick in something like that. So you have a red flag that just stands out for you.

All right, make sure you are registered online, craigpeterson.com slash subscribe so you can find out about all of these trainings coming up. If you've never heard of the Carrington event, I really hope, frankly, I really, really do hope we never have to live through one of these again. There is a warning out there right now about an internet apocalypse that could happen because of the sun.

Solar storms are something that happens really kind of all of the time. The sun goes through solar cycles about every seven years. There are longer cycles as well. You might know I have an advanced class amateur radio license I've had for a long time.

And we rely a lot when we're dealing with shortwave on the solar cycle. You see, what happens is that the sun charges the atmosphere. You see that if you've ever seen the northern lights.

That is part of the sun's emissions hitting our magnetic field and kind of getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. That's what we call it, bounce. And the reason us hams have all these different frequencies to use is because of the bounce, we can go different frequencies.

With different distances, I should say, using different frequencies. So think about it right now. You've got the Earth. And if I want to talk from Boston to Chicago, for instance, I know about how many miles it is. And I have to figure out in the ionosphere, up in the higher levels of the atmosphere,

What frequency would I have to use in order to go up into the atmosphere, bounce back and then hit Chicago? That's the idea. It's not quite as simple or as complex in some ways as it sounds. A lot of people just try different frequencies and a lot of hams just sit there waiting for anybody anywhere to talk to, particularly if they are abroad. It's really quite fun.

Now, what we're worried about isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary impact on the temperature on Earth. So no matter what you might have heard,

It isn't your gas guzzling car or diesel truck that causes the Earth's temperature to change. Remember, the only constant when it comes to the Earth's temperature has been change over the millions of years. We had periods where the Earth was much warmer than it is now, had more carbon dioxide in the atmosphere than it does now.

In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in Earth's long, long history. So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down when the sun disappears at nighttime.

It has a huge impact. It's almost exclusively the impact for our temperatures. There's other things too. For instance, a volcanic eruption can spew all whole lot of carbon dioxide. In fact, just one, just Mount St. Helens when it erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence.

Just to give you an idea, all right? So these alarmists that are out there, you know, come on, people. Really? Really? And now we're seeing that in this last year, we had a 30% increase in the ice cap up in the north, up in northern Canada, around the poles.

We also had some of these glaciers growing. In fact, it was so funny. I saw an article this year or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course, it hasn't disappeared. In fact, it has grown now and it's past 2020 anyhow.

The sun has a huge impact on us in so many ways. And one of the ways is something called a coronal mass ejection.

This is seriously charged particles that tend to be very, very directional. So when it happens, when there's one of these CMEs, coronal mass ejections, it's not just sending it out all the way around the sun everywhere. It's really rather concentrated in one particular spot. Now, we just missed one.

Not too long ago, let me see if I can find it here. Earth just missed, CME near miss. Here we go. There was a solar superstorm in July 2012.

And it was a very, very close shave that we had. Most newspapers didn't mention it, but this could have been absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah, five zero years from this one particular storm. And what happens is these these solar flares, if you will,

are very, very extreme. These CMEs, you're talking about x-rays, extreme UV ultraviolet radiation reaching the earth at the speed of light ionizes the upper layers of atmosphere. When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out satellites and then causes radio blackouts, GPS navigation problems.

Think about what happened up in Quebec. So let me just look at this. Quebec hit with an EM. Yeah, here we go. And March 13th, 1989. Here we go. Here's another one I remembered.

And this is where Quebec got nailed. I'm looking at a picture here, which is looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black. But they had this massive electrical blackout. And it's because of this solar storm. Now, these storms, as I said, are quite directional.

Depending on where it hits and when it hits, things could get very, very bad. This particular storm back in 1989 was so strong, we got to see the Aurora Borealis, the northern lights as far south as Florida and Cuba. Isn't that something?

When we go back further in time to this Carrington event that I mentioned, you could see the northern lights at the equator. Absolutely amazing. Now, the problem with all of this is we've never really had an internet up online like we have today when we had one of the storms hit us.

And guess what we're about to go into right now? We're going into an area or a time where the sun's going to be more active, certainly on this 11-year cycle and possibly another bigger cycle, too, that we don't really know much about.

But when this hit us back in the 1850s, what we saw was a telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the telegraph buildings were lit. They caught on fire because of the charges coming in.

People who were working the telegraphs who were near them at the time got electric shocks or worse than that. 1859, massive quarantine event. Compass needles were swinging wildly. The Aurora Borealis was visible in Columbia.

It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here, knocked out Hydro-Québec's electric grid. Nine-hour blackout in northeast Canada.

What we think would happen if we had another quarantine event, something that happened 150 years ago, is that we would lose power on a massive scale. So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory of them.

So it would be at least six months before most of the country would get power back. Can you believe that? That would be just terrible. And we would also lose Internet connectivity. In fact, they're thinking that we could lose Internet connectivity with something much less than a severe storm. Maybe if the Quebec power grid, solar mass ejection here, maybe if that had happened when...

They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. We're going to lose transformers on the transmission lines and other places. We're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication and we're going to lose the

And even the undersea cables, even though they're no longer regular copper cables, it's now being carried, of course, by light in pieces of glass.

Those cables need to have repeaters about every 15 miles or so underwater. So the power is provided by copper cables or maybe some other sort of power. So these undersea cables...

They're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. This is all a major problem. We don't know when the next massive solar storm is going to happen. These coronal mass ejections are...

We do know they do happen from time to time. And we do know it's the luck of the draw. And we are starting to enter another solar cycle. So be prepared, everybody. Of course, you're listening to Craig Peterson, cybersecurity strategist. If you'd like to find out more and what you can do, just visit CraigPeterson.com and subscribe to my weekly show notes.

Google's got a new admission and Forbes magazine has an article by Zach Doffman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go.

Google's web browser, right? It's been the thing for people to use Google Chrome for many years. It's been the fastest. Not always people kind of leapfrog it every once in a while, but it has become quite a standard. Initially, Microsoft was trying to be the standard with their terrible browser.

Yeah, Internet Explorer, which was really, really bad. And they have finally completely and totally shot it in the head. Good move there on their part. In fact, they even got rid of their own browser, Microsoft Edge. They shot that one in the head, too. I know I can hear you right now saying, oh, Craig, I don't know. I just use Edge browser earlier today.

Yeah, but guess what? It isn't Edge browser anymore. It's actually Google Chrome that Microsoft has rebranded. You see, the guts to Google Chrome are available as what's called an open source project. It's called Chromium.

And that allows you to take it and then build whatever you want on top of it. That's really great. And by the way, Apple's WebKit is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now. The biggest problem with Google Chrome is they released it so they could track you.

How does Google make its money? Well, it makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is kind of a standard browser, which is a great thing because Microsoft of course is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else.

Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. Well, there is what is being called here in Forbes magazine, a shocking new tracking admission from Google. One that has not yet made headlines. And there are about what? 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you. And it's frankly, it's pretty nasty and it's,

I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use Chrome. The reality is that Chrome is an absolute terror when it comes to privacy and security.

It has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac and you're using Safari, Apple has gone a long ways to help secure your data.

Well, that's not true with Chrome. In fact, it's not protecting you from tracking and data harvesting. And what Google has done is they've said, okay, well, we're going to get these nasty third-party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically about you, they'd be able to put you in a bucket.

So they'd say, OK, well, you are a 40 year old female and you like driving fast cars and you have some kids with a grandkid on the way and you like dogs, not cats. Right. So that's a bucket of people that's maybe a few hundred or maybe up to a thousand people.

As opposed to right now where they can tell everything about you. And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket.

Well, it's the same thing, right? In fact, it's easier for Google to put you in a bucket than to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. It's easier for them.

to not have to kind of reverse engineer all of the data that Google has gathered and has said, I want to send this ad to people that are in this bucket and in that bucket. Okay?

Make sense to you. But as it turns out here, Google has even postponed that. All right. They really have. Google's kind of hiding is really what's going on out there. They are trying to figure out what they should do, why they should do it, how they should do it.

But it's going to be a problem. This is a bad habit that Google has to break. And just like anybody that's been addicted to something, it's going to take a long time. They're going to go through some serious jitters here.

So Firefox is one of the alternatives and to Google Chrome, and it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, right? Nobody agrees on everything. Here's a quote.

And then it goes on here.

because Google responds to that and they admit that this massive web tracking is out of hand.

And it's resulted in, this is a quote from Google, an erosion of trust where 72% of people feel that almost all of what they do online is being tracked by advertisers, technology firms, or others. 81% say the potential risks from data collection outweigh the benefit. By the way, the people are wrong. 72% that feel almost all of what they do online is being tracked. No, no, the answer is 100%.

of what you do is probably being tracked in some way online. Even these VPN servers and systems that say that they don't do logging do track you. Take a look at ProtonMail just last week. ProtonMail, it's in Switzerland. Their servers are in Switzerland. The whole claim to fame is, hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking.

Guess what they handed over? The IP addresses of some of the users to a foreign government. So how can you do that if you're not logging, if you're not tracking? Yeah, right. They are. And the same thing is true for every paid VPN service I can think of, right?

So how can Google openly admit that their tracking is in place, tracking everything they can, and also admit that it's undermining our privacy, and yet their flagship browser is totally into it, right? Well, it's really, it's got to be the money, and Google does not have a plan B.

This anonymized tracking thing that they've been talking about, you know, the buckets that I mentioned isn't realistic. Frankly, Google's privacy sandbox is supposed to fit it, fix it, I should say. But this...

The whole idea and the way it's being implemented and the way they've talked about it, the advertisers are unhappy. So Google's not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dothman. Delete Google Chrome.

And I've said that for a long time. I do use some others. I do use Firefox and I use Opera, which is a fast web browser that's in pretty good shape.

Hey, if you sign up for my show's weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you should be using. Sign up right now, CraigPeterson.com.

Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers again.

The reason I mention this thing about Microsoft again and the cloud is Microsoft has a cloud offering. It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now, we have some special software that sits in front of it that helps to secure it.

And we do the same thing for Amazon Web Services. I think it's important to do that. And we also use IBM's cloud services. But Microsoft has been pitching for a long time, come use our cloud services. And we're expecting here probably within the next month, a big announcement from Microsoft.

They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are.

you have your desktop and it doesn't matter what kind of computer you're on as long as you can connect to your desktop using some just reasonable software you will be able to be just like you're in front of a computer so if you have a Chromebook or a Mac or or Windows or tablet whatever and

And you're at the grocery store or the coffee shop or the office, you'll be able to get it everything, all of your programs, all your files. And we, Microsoft, will keep the operating system up to date for you automatically. A lot of great selling points. And we're actually looking into that. Not too heavily yet.

We'll give them a year before we really delve into it at all because it takes them a while to get things right. Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work. And we can document that pretty easily, even in things like Microsoft Word. Well, The Verge is now reporting that Microsoft has warned users of its Azure Cloud computing service

that their data has been exposed online for the last two years.

- Yeah, let me repeat that in case you missed it. Yeah, I might have misspoken, right? Let me see, what does it say? It says, users of Azure Cloud Computing Service, so that's their cloud, Microsoft's big cloud, okay. Their data has been exposed online. Okay, so that means that people could get the data, maybe manipulate the data. That's what exposed means.

for the last two years. Are you kidding me? Microsoft, this is again, the verge. Microsoft recently revealed that an error in its Azure Cosmos database product

left more than 3,300 Azure customers' data completely exposed. Okay, guys, so this is not a big thing, right? It can't possibly be a big thing because, you know, who uses Azure, right? Nobody uses Azure. And nobody uses hosted databases. Come on. Give me a break. Let me see. What else does this have to say?

Oh, okay. Well, it says that the vulnerability was reportedly introduced into Microsoft systems in 2019 when the company added a data visualization feature called Jupiter Notebook to Cosmos DB. Okay, well, I'm actually familiar with that one.

And let's see what small companies. Let's see here. Some Azure Cosmos DB clients include Coca-Cola, Liberty Mutual Insurance, ExxonMobil, Walgreens. Hmm.

Let me see. Could any of these people, like maybe Liberty Mutual Insurance and Walgreens, maybe they'd have information about us, right? About our health and social security numbers and account numbers and credit cards, names, addresses, right? Right? Right? That's again why I get so upset when these places absolutely insist on taking my social security number.

Right. It, it, first of all, when it was put in place, the federal government guaranteed it would never be used for anything other than social security. And the law even said it could not be used for anything other than social security. And then the government started expanding it. Right. And the IRS started using it to track all of our income.

And, you know, that's one thing, right? The government computers, they got to be secure, right? All of these breaches we hear about that can't be true. So how about when the insurance company wants your personal information, like your social security number? What business is it of theirs? Really? No, really? Yeah.

Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead.

That's being used to track me. Is it? This isn't a socialist country like China is or the Soviet Union was right. It's not socialist. So why are they tracking us like that? Walgreens. Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information?

And I've been all over this because they don't really need it. They want it, makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email I sent out a week ago, two weeks ago now, I guess, you missed something big.

Because I, in my weekly newsletter, went through and described exactly what you could do in order to keep your information private. So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why are you giving them your real name?

Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? And now we find out that Microsoft Azure, their cloud services where they're selling cloud services, including a database that can be used online, a big database.

3,300 customers. Looks like some of them are actually kind of big. I don't know. ExxonMobil? Pretty big. Yeah, I think so. Walgreens? You think that might be? Yeah, yeah, yeah. Why are we trusting these companies? You know, if you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you. And just general hackers, bad guys, right?

But you're also, if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. Does that make sense to you? Did I say that right? You don't need the information. And I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data hidden.

than you need, than you absolutely need to run your company. And that includes data about your customers. And maybe it's even more specifically data about your customers. Because what can happen is that data can be stolen. And we just found out that yes, indeed, it could have been. It was exposed. Microsoft is saying, we don't know how much was stolen, if anything was stolen.

Yeah. Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through this database hack or vulnerability anyway. So, all right, everybody.

Stick around. We'll be back. Of course, you're listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question anytime. Consumers are the people I help the most. I wish I got the dime for every time I answered a question. Just email me at craigpeterson.com. Me at craigpeterson.com. And stick around.

Whether or not you agree with the lockdown orders that were put in place over this COVID pandemic that we had, there are some other parts of the world that are doing a lot more.

Australia has, I don't know, I think that they went over the deep end. Much the same thing is true right next door to them. And I am looking at a report of what they are doing with this new app. You might be aware that both Apple and Google came out with an application programming interface.

that could be used for contract tracking, contact tracking. There you go. It wasn't terribly successful. Some states put some things in place. Of course, you get countries like China that love the idea because heaven forbid, you get people getting together to talk about Tiananmen Square remembrance. Now, you want to know who all of those people were who were in close proximity, right?

So, you know, good for China. Well, as it turns out, Australia is putting something in place. They have yet another COVID lockdown. They have COVID quarantine orders. Now, I think if you are sick, you should stay home. And I've always felt that, you know, I had 50 employees at one point.

And I would say, hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness. Come on, people. If someone's sick, they're sick and let them stay home. You don't want to get everybody else in the office sick and spread things around. Right. Doesn't that just kind of make sense to you?

Well, they now in Australia don't trust people to stay home. Do you remember China? They were taking welders and were going into apartments, and anybody that tested positive, they were welding them into their apartment for a minimum of two weeks. So hopefully they had food in there, and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under,

are using facial recognition and geolocation in order to enforce quarantine orders. Canada, one of the things they've been doing for a very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hotel.

So you're paying the, of course, now inflated prices for the hotel because they're a special quarantine hotel. You have to pay inflated prices to have food delivered outside your door.

and that you're stuck there for the 10 days. Or if you're at home, you know, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you and they have pretty hefty fines. Well, what Australia has decided to do is that Australians, even going from one state to another state,

are required to prove that they're obeying a 14-day quarantine. And what they have to do is have this little app on their phone, and the app will ping them saying, prove it. And then they have to take a photo of themselves with a geolocation tag on it,

and send it up via the app to prove their location. And they have to do all of that within 15 minutes of getting the notification.

Now, the premier of the state of South Australia, Stephen Marshall, said, we don't tell them how often or when. On a random basis, they have to reply within 15 minutes. And if you don't, then a police officer is going to show up at the address you're supposed to be at to conduct an in-person check.

Very, very intrusive. Okay, here's another one. This is an unnamed government spokesperson who was apparently speaking with Fox News. Quote, the home quarantine app is for a selected cohort of returning South Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic.

So there you go, people, nothing to worry about. It's just a trial. It will go away. Just like, for instance, income tax. As soon as World War I is over, it will be removed, and it will never be more than 3%, and it will only apply to the top 1% of wage earners. So there you go, right? And we all know that World War I isn't over yet, right? So that's why they still have it, and somehow...

Yeah, somehow the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under. We'll see if that ends up happening up here. News from China. China and Russia have some interesting things going on. First of all, Russia is no longer a socialist country. They kind of are. They kind of aren't. They are a lot freer in many ways than we are here in the United States.

Of course, China very heavily socialist. In fact, they're so socialist, they are communist and China and Russia both want their kids to have a very good education in science, engineering and mathematics.

Not so much on history, not so much on politics, right? But definitely heavy on the sciences, which I can see. That makes a lot of sense. I think everybody should be pretty heavily on the sciences. Well, according to the Wall Street Journal this week,

Gamers under the age of 18 will not be allowed to play online games between 8 p.m. and 9 p.m. on Fridays, Saturdays, and Sundays. So basically what they're doing, I reverse that, what they're doing is they're only allowing the kids three hours of gaming per week. In other words, they can play between 8 and 9 p.m. Fridays, Saturdays, and Sundays. I think that might overload some gaming servers.

Quote, gaming addiction has affected studies and normal lives, and many parents have become miserable. That's China's press and public administration said in a statement. There's going to be some relief during the school holidays. Children will be allowed 60 minutes per day for gaming.

Hard to say how China plans to enforce it, but they have their ways, right? Identity cards are, by the way, required for playing online. They've got a facial recognition system introduced in July by Tencent. Remember all of the uproar around Tencent and their apps and President Trump trying to get them blocked here in the US? Well, yeah, there you go. Facial recognition built right into the app.

And it's proven effective at catching children pretending to be adults in order to get around government gaming curfew.

So this goes on and on and Korea as well. South Korea has had some very big problems. You might remember it was headlines just a few years ago of some of these South Korean kids dying because they were playing video games for days straight with no sleep, no real food, right? Just taking all of these so-called energy drinks.

and literally gaming themselves to death. So South Korea passed a law that prevented young people from playing online video games late at night. So that was introduced back in 2011 and targeted at players 16 or under. And South Korean minors were prevented from playing online PC games between midnight and 6 a.m. Now South Korea has scrapped that law.

Interesting. So they're saying it's out of respect for its younger citizens' rights. They're going to abolish this law, replace it by a permit system that allows players to request a permit per game and play during self-assigned hours that their parents will sign off on. This is in an article from GameSpot, by the way. GameSpot.com. You might remember them, too. The whole Robin Hood scandal with them.

But I think it's an interesting question. When my kids were young, lo those many years ago, I got this box that you took the TV wire, you ran it into the box, and you could program the box so that each kid had their own code. And you could specify how much time the kid could watch TV or how much time or when they could watch TV and how much time cumulative the kids could have.

And it actually worked pretty well. The kids certainly complained a lot about it. And a couple of them tried to work their way around it. Kind of hard to when the plug is inside the box. But, you know, ingenuitive as they are, they were able to do that. They cut the wire off and put another power connector on the end of the TV wire.

Anyhow, Microsoft, we've been talking about them a lot this show. I do not like Microsoft. You know that already. Windows 11 is coming out. And we talked about that before because Windows 11 is Microsoft is planning on requiring you to have a very modern computer.

You need to have TPM in it, which is this special security module. You need to have a certain speed, etc. But the TPM is a big thing that's going to make it so most of your computers won't work. Tons of pushback on that. I can see why Microsoft is trying to do it. They really would love to have a clean operating system that really wasn't getting hacked all the time, right? And this will help. It won't solve their problem, but it will help.

So what they're going to be doing now is they're going to over the course of months, starting October 5th, they're going to release windows 11 to certain people kind of one at a time type approach.

So they're not going to force everyone to upgrade. They're not going to offer it to everyone. And Microsoft is going to offer a preview of the Android apps in the Microsoft Store for Windows Insiders in the months ahead. But they're planning on having a phased rollout through Windows Update.

And you're not going to see it most likely when it starts to roll out, but you will be seeing it. And with these stringent system requirements, apparently what they're going to do is not auto update your computer if it's not new enough and if it doesn't have a TPM, but you can manually install Windows 11. At least that's what they're doing right now.

Well, that's it for today. We had some more stuff I didn't get to, but we always have more every week, and I try to keep you up to date. We do trainings. Visit me online so you can find out about all of this stuff. The trainings, most of them are absolutely free. CraigPeterson.com slash subscribe. CraigPeterson.com.