Rogers Is Being Sued Over Unlimited Data Plans

Posted in Commentary with tags on December 24, 2024 by itnerd

Something that caught my eye last night is the fact that Rogers is being sued by the Canadian Competition Bureau over the fact that the telco makes claims that they have unlimited data plans, but in fact have plans that severely restrict data once you reach a certain threshold.

Now according to this CBC News story, Rogers is pushing back on this:

A spokesperson for Rogers said it disagreed with the bureau’s assessment of its phone plans, which were introduced in 2019, adding the company would fight the claims.

“These plans represent the norm in Canada and the Bureau’s decision to single out Rogers after five years is quite concerning,” a spokesperson said in a statement.

Rogers has a point here. Let me explain. First, let’s look at how Rogers markets their data plans:

So Rogers uses the word “infinite” in the marketing their plans. And they state that you get a given amount of data, and after you use up that data, you get throttled. The Competition Bureau has an issue with the word “infinite” as it could mislead consumers.

The thing is, Rogers isn’t the only one of the “big three” who have a plan like this. If I have a look at TELUS, I see this:

And if you read the fine print, you see this:

TELUS is using the word “unlimited” even though it isn’t an “unlimited” plan. Yes they clearly state that you have a certain amount of data, and once you use that data up, you’ll be throttled. In my mind, this isn’t any different than Rogers and their use of the word “infinite”.

And if I have a look at Bell, I see this:

If you look at the amount of data you get, you will see that they clearly state that you get 100GB or 200GB of data, and then your speeds are throttled after that. So it’s the same scheme as TELUS and Rogers, but the word “unlimited” or “infinite” is not present.

Here’s where I’m going with this. Based on looking at these three telcos and how they market their data plans, I have the following observations. Bell for one has nothing to worry about when it comes to the Competition Bureau as this telco clearly markets their plans to avoid any impression that they offer unlimited data plans. However, using the Competition Bureau’s logic, TELUS should have been sued along with Rogers, or they should be expecting to be sued as on the surface they appear to be doing a version of what Rogers is being sued over. But strangely they are not being sued. At least not yet as a lawsuit might be inbound as I type this. I would love to hear from the Competition Bureau as to why Rogers is in the spotlight here and TELUS isn’t. They likely won’t comment. But they should as this looks kind of suspect to me.

1 Comment »

Twitter Announces MASSIVE Price Increases For Subscribers

Posted in Commentary with tags on December 23, 2024 by itnerd

In the most obvious sign that Elon Musk owned Twitter is bleeding cash like a gunshot victim, the floundering social media platform has announced a massive price increase for its Premium Plus subscription tier.

  • Monthly rates in the US have gone up from $16 to $22, representing a 37.5% increase.
  • The annual subscription cost will also rise from $168 to $229.

Now these price increases will vary from region to region, and some regions will face triple digit percentage increases. But you have to wonder if there is any value left in Twitter for anyone to justify paying these prices. I really don’t think so. But Twitter thinks so. In fact they highlighted the following as reasons to pay up:

  • A completely ad-free experience
  • Enhanced access to Grok AI.

To me, that isn’t enough value to convince me to hand over my credit card. And combined with the fact that Elon has really lost the plot and embraced the far right of the political spectrum adds to my lack of desire to pay to be on that platform. Now I might have paid for Twitter in some fashion in the days before Elon took over. But not now as any value the platform had is gone thanks to Elon. And based on the reaction that I am seeing online, others feel the same way. So I truly can’t see this move by Elon is going to succeed.

R.I.P. Twitter.

Leave a comment »

The AbilityTo Back Up A Mac Running Sequoia Has Gotten Worse And Not Better

Posted in Commentary with tags on December 22, 2024 by itnerd

As I type this, we are up to macOS Sequoia 15.2 which was just released to the public. And I have to say that when it comes to backing up your Mac, things are worse than when Sequoia was first released.

Let’s start with the inability to back up using Time Machine. When I wrote this, Time Machine Backups to be frank were inconsistent. And as I type this, I can say that what 15.2 has marginally improved backups via Time Machine. By that I mean that I only see the message that it has failed to back up less often. But I still see it. Now there is the possibility that a fix that I recommended in my original article to disable Time Machine throttling is also responsible for that improvement. But I am not 100% sure about that as I have another Mac that does not have Time Machine throttling disabled, and it has seen the same marginal improvement. That kind of implies that Apple might have done something to make things better. If they did, they in typical Apple fashion aren’t saying anything. I continue to monitor the situation and I will post any updates that may be of value to you here.

By the way, while I have your attention, some of you emailed me about that the fact that the ability to disable throttling of Time Machine only lasts until the next reboot is a bit of a problem. That’s fair and I perhaps should have pointed that out in my original post. But I do have a fix for that. This guy has a method of having this setting remain persistent after a reboot. I’ve done this and it does work without an issue. So you can give that a shot.

So, now you’re wondering why I am saying that if things have had a marginal improvement, why am I also saying that things are getting worse? Well, if you use a third party backup tool, macOS Sequoia seems to have broken two of the most popular ones. SuperDuper is one of those apps, and 15.2 broke the ability to create bootable backups, according to the app’s chief developer Dave Nanian. There are also reports of CarbonCopyCloner having worse issue. With them it’s not just bootable backups, but non-bootable backups as well was also affected were also failing according to this post. Also in the post was the assertion that 15.2 will wipe out Time Machine backups. Now I haven’t seen that, but that doesn’t mean that the problem doesn’t exist. But if that is accurate, this absolutely qualifies as things getting worse.

You have to wonder at what point Apple will get serious about addressing these issues so that things are better and not worse. Right now Apple hasn’t commented of this at all. And the silence suggests that they don’t want to admit to a problem until they come up with a fix, which is typical Apple behaviour. But given that they have effectively impaired at best, broken at worst their customers ability to properly protect their data, they need to do way better than what they are doing right now. Because the status quo is not acceptable.

1 Comment »

Apple Kills Lightning Equipped iPhones In EU

Posted in Commentary with tags on December 21, 2024 by itnerd

The EU has pretty much forced Apple to switch to USB-C. But Apple were still selling a couple of iPhone models with Lightning ports on them. That’s now officially over. A French blog (Translation here) reported last week that Apple was going to stop selling the iPhone SE and the iPhone 14/14 Plus in the EU to comply with a deadline set by the EU to switch to USB-C all the things by the end of this year. And as of today, these phones don’t seem to be on Apple’s various EU online stores.

Now this presents a bit of a problem for Apple as Apple keeps older phones around along with the iPhone SE to compete with cheap Android phones. By not being able to sell these phone in 27 countries, that leaves Apple in a bit of a difficult spot. At least until a new iPhone SE with USB-C comes out. But that’s not likely to happen for a few months. Since this deadline didn’t sneak up on Apple, you have to figure that Apple has some sort of plan as they’re not the sort of company to leave money on the table. How long before we see what that plan is? Your guess is as good as mine.

Leave a comment »

Bell Achieves Canadian First: Successful 50G PON Technology Trial with Nokia

Posted in Commentary with tags on December 20, 2024 by itnerd

Bell is proud to announce a significant achievement in Canadian broadband technology: the first successful test of 50G PON fibre broadband technology in the country. This trial, conducted in partnership with Nokia at Bell’s Advanced Technical Lab in Montréal, Québec, demonstrates a major leap forward in network capacity and capability. 50G PON is the next generation of fibre technology.

This successful trial proves the seamless integration of 50G PON technology with our existing PON networks, utilizing their current fibre infrastructure. This means they can efficiently and cost-effectively prepare for the future demands of high-bandwidth applications while maximizing their existing network investments. 50G PON allows Bell to offer higher speeds over their existing fibre infrastructure, eliminating the need for additional installations.

Key benefits of this Canadian-first 50G PON trial:

  • Unprecedented Speed Increases: Significantly faster upload and download speeds for residential and business customers. On a single fibre, they can reach speeds of up to 10Gbps, 25Gbps, and even 50Gbps.
  • Future-Proof Network: Ensures Bell’s network remains at the forefront of technology, ready to handle exponentially growing bandwidth demands. This future-proofing benefits their customers on their network today.
  • Efficient Upgrade Path: Leverages existing fibre infrastructure, minimizing upgrade costs and environmental impact.
  • Cost-Effective and Enhanced Security: From a business perspective, 50G PON allows Bell to offer services more efficiently at a reduced cost, while also improving security.
  • New Service Opportunities: Opens the door to new, high-bandwidth services, including advanced enterprise applications and robust 5G backhaul capabilities.

As part of Bell’s purpose to advance how Canadians connect with each other and the world, Bell ensure that they remain at the forefront of broadband innovation by embracing next-generation technologies like 50G PON. Their successful work with Nokia to deliver the first 50G PON trial in Canada helps ensure they maximize the Bell fibre advantage for their customers in the years to come.

Leave a comment »

A Very Scary Extortion Phishing Email Scam Has Surfaced

Posted in Commentary with tags on December 20, 2024 by itnerd

Yesterday I got a panic call from a client who received a very scary email from someone who wanted Bitcoin or else they were some embarrassing videos would be released. This is of course the classic extortion phishing scam. But this one has a twist that makes it very scary. I have reprinted it verbatim with personal information redacted:

[NAME REDACTED], I suggest you read this message carefully. Take a moment to chill, breathe, and analyze it thoroughly. We’re talking about something serious here, and I ain’t playing games. You don’t know anything about me whereas I know you and right now, you are thinking how, right? I know that calling [PHONE NUMBER REDACTED] or knocking [ADDRESS REDACTED] would be a convenient way to contact you in case you don’t take action. Don’t even try to escape from this, I know where your family lives and you have no idea what all I can do in [CITY REDACTED]. You’ve been treading on thin ice with your browsing habits, clicking through those girlie videos and clicking on links, stumbling upon some not-so-safe sites. I placed a Malware on one such website & you visited it to have fun (if you know what I mean). And when you got busy accessing that website, my malware gave me total control over your device and your smartphone started out working as a RDP (Remote Protocol). I can look at everything on your display, switch on your camera to record you, and you wouldn’t even notice. Oh! you guessed it right, I have recorded you and I’ve got access to all your contacts, and social media accounts too. Been keeping tabs on your pathetic existence for a while now. It’s simply your misfortune that I saw your misdemeanor. I put in more days than I should’ve looking into your life. Extracted quite a bit of juicy info from your system. and I’ve seen it all. Yeah, Yeah, I’ve got footage of you doing filthy things in your house (nice setup, by the way). I then developed videos and screenshots where on one side of the screen, there’s the videos you were watching, and on the other part, it is your vacant face. With just a single click, I can send this filth to all of your contacts. Your confusion is clear, but don’t expect sympathy. Genuinely, I’m ready to wipe the slate clean, and allow you to get on with your life and forget you ever existed. I will give you two alternatives now. First Option is to turn a blind eye to my email. Y ou should know what is going to happen if you take this path. Y our video will get sent to your contacts. The video was lit, and I can’t even fathom the embarrasement you’ll face when your colleagues, friends, and fam see it. But hey, that’s life, ain’t it? Don’t be playing the victim here. Second wise option is to pay me, and be confidential about it. We will name it my “privacy fee”. Let’s discuss what happens if you choose this path. Your filthy secret remains your secret. I’ll wipe everything clean once you come through with the payment. You will make the payment by Bitcoin only. Pay attention, I’m telling you straight: ‘We gotta make a deal’. I want you to know I’m coming at you with good intentions. I’m a person of integrity. Amount to be paid: $ 2000 BTC ADDRESS: [BITCOIN WALLET ADDRESS REDACTED] (Copy it carefully) Once you pay up, you’ll sleep like a baby. I keep my word. And of course: You got one day to sort this out and I will only accept Bitcoins (I’ve a unique pixel in this email message, and now I know that you have read this mail). Once my system will catch that full Bitcoin payment, it’ll wipe out all the dirt I got on you. Don’t even think about replying to this or negotiating, it’s pointless. The email and wallet are custom-made for you, untraceable. If I suspect that you’ve shared or discussed this email with anyone else or online, the shitty video will instantly start getting sent to your contacts. And don’t even think about turning off your phone or resetting it to factory settings. It’s pointless. I don’t make mistakes, [NAME REDACTED]. Honestly, those online tips about covering your camera aren’t as useless as they seem. I am waiting for my payment.

This was sent in the form of a PDF. And that was likely done to evade spam filters which would look for keywords in the body of the email in order to filter out emails like this one. A PDF solves that problem for the threat actor as it is an attachment that at best is scanned to confirm that it isn’t malware, but isn’t scanned for keywords that would indicate that it is a scam.

What makes this specific scam email unique is that the threat actor is using the name, address, and phone number of the recipient. That’s something that I haven’t seen before, and I am sure that it would freak out anyone who receives such an email. The thing is that it isn’t hard to come up with this sort of information. Two methods that come to mind are a data leak of some sort where a threat actor gets their hands on this information to use it in a scam like this. Or via Open Source Intelligence which is the use of publicly available information. Threat actors can use this information to go after a target. In this case, I’m thinking that this came from a data leak. The sort of people who do these sorts of scams need to get thousands or tens of thousands of emails out there hoping that 1% fall for it which in turn results in a payday for the threat actor. Thus they don’t have time to use Open Source Intelligence to pick and choose their victims. This is strictly a numbers game for them. By the way, you can find out if your address has been part of a data breach by going to haveibeenpwned.com and typing in your email address.

As for the rest of the email, it has the usual traits of a extortion phishing email:

  • The email claims that the threat actor has installed malware that has recorded you doing “naughty” things. Fun fact, anybody who was capable of creating malware of that sort would be working for a nation state employed to go after high value targets such as politicians and sensitive industries. They would not be trying to get Bitcoin from anyone that they send an email to. So the threat actor is lying about that.
  • The threat actor claims that if you pay them, they will know about it and instantly delete everything. This is also false. Bitcoin transactions are anonymous. So there’s no way the threat actor would know who paid them. As an aside, I checked the Bitcoin wallet that was in the email and there was no Bitcoin in it. So at the time of writing, nobody has fallen for this. Yet.
  • Next up is the purported use of the webcam to record the victim. It is possible to remotely take over a webcam in a laptop. So if you’re the least bit paranoid about that, cover yours with tape. Or you can disable it entirely. Ditto for the microphone as well.

Finally, I will leave you with two pieces of advice. If you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. It would also be a good idea to make sure your anti-virus is up to date and fully functioning as well.

And my final piece of advice is that under no circumstances should you pay up. It only encourages the scumbag threat actors, which in turn creates more victims. Thus don’t pay them. Ever.

Leave a comment »

The Dark Side of Christmas: How Scams Exploit the Festive Spirit

Posted in Commentary with tags on December 20, 2024 by itnerd

The SafetyDetectives team has been exploring the evolution, tactics, and impact of Christmas scams to offer our readers actionable advice to avoid falling victim to fraud this holiday season. 

Key findings at a glance: 

  • Different types of scams are present year-round, but the incidents typically increase during the holidays when people may be more susceptible to social engineering. 
  • In 2023, the AARP reported that 80% of adult consumers in the US have experienced holiday-themed fraudulent activity
  • It was found that 1 in 5 adults would provide their personal information or click questionable links for a chance to redeem a desired item at a bargain during the holidays.

Scammers’ practices have noticeably grown in complexity and sophistication over the years, for that reason people should remain vigilant during the season becomes more imperative given the potentially enormous financial and psychosocial fallout of those.

You can access their detailed report here: https://www.safetydetectives.com/blog/christmas-scams-research/

Leave a comment »

Over 1.2 TB of Data Exposed by Builder.Ai

Posted in Commentary with tags on December 19, 2024 by itnerd

A significant data exposure involving Builder.ai, a London based company offering AI software and app development solutions, was recently uncovered by cybersecurity researcher Jeremiah Fowler. 

What happened: 

A database totaling 1.2TB and containing over 3 million records was exposed. The data exposed includes secret access keys, customer PII, cost proposals, NDA agreements, invoices, tax documents, email correspondence screenshots, and more. 

Why it matters: 

This exposure presents serious risks, such as invoice fraud, phishing attempts, and potential business privacy breaches. 

To learn more, read the detailed report here: https://www.websiteplanet.com/news/builderai-breach-report/

Leave a comment »

2025 Predictions From Some Leading Cybersecurity Experts

Posted in Commentary on December 19, 2024 by itnerd

As the year draws to a close, we have gathered predictions from an array of cybersecurity experts who have given insights into trends they see in 2025.

Marina Segal, CEO, Tamnoon

Shift to Cloud-Based Risk Management

Cloud adoption doesn’t show any signs of slowing down in 2025. CISOs and security leaders will be hyper-focused on reducing cloud threat exposure. After all, no CISO wants to be in the spotlight of a high-profile data breach.

As a result, more companies will shift to cloud-based risk management. This change will largely be driven by: 

  • Geopolitical tension and threats to critical infrastructure
  • Sophisticated AI-driven attacks
  • Governments adopting stricter regulations
  • Economic pressures forcing companies to optimize cloud spend and security budgets
  • Consolidation of cloud providers

This will lead to stricter cloud security standards and compliance requirements for all industries — a trend private enterprises will be ready to capitalize on through compliance-friendly solutions. 

More importantly, this trend will highlight the need for more diversified risk management strategies.

Piotr Kupisiewicz, CTO Elisity

In 2025 some verticals will be highly relevant for new microsegmenation projects that enable least-privilege zero trust security policies.

Manufacturing, industrial, and healthcare organizations are prime candidates for microsegmentation projects due to their complex, interconnected environments and high-value assets. These sectors often have a mix of legacy systems, IoT and IoMT devices, and critical infrastructure that require granular access control. Microsegmentation enables the implementation of least-privilege zero trust policies, effectively isolating critical assets and limiting lateral movement in case of a breach. For manufacturing and industrial environments, it helps protect operational technology (OT) systems from IT-based threats. In healthcare, microsegmentation safeguards sensitive patient data and ensures compliance with strict regulatory requirements. The ability to maintain service continuity during cyber incidents is crucial for these sectors, making microsegmentation an essential security strategy.

In 2025 the top cybersecurity frameworks and security regulations and government agencies will increase their pressure for organizations to adopt microsegmentation.

Several prominent cybersecurity frameworks, regulations, and government agencies recommend microsegmentation or network segmentation as critical security measures. These include the NIST Cybersecurity Framework, ISO 27001, HIPAA, PCI DSS, CMMC 2.0, IEC 62443, HHS 405(d), and the EU’s GDPR. The NSA and CISA in the United States strongly advocate for these practices, particularly in the context of zero-trust architecture. The Purdue Model, while not a regulation, is widely used in industrial control systems for segmentation. Additionally, the Federal Zero Trust Strategy mandates network segmentation for U.S. government agencies. These frameworks and agencies recognize the importance of segmentation in limiting lateral movement during cyberattacks and enhancing overall network security posture.

SecureWorks

Ransomware

Opportunistic ransomware and data exfiltration attacks will continue at a high tempo into 2025 as ransomware affiliates, displaced in 2024 from disrupted ransomware operations such as LockBit and ALPHV/BlackCat, continue to form new allegiances with new entrants, previously lower profile groups, or rebranded returnees. Many affiliates will continue to work with multiple groups, some continuing to experiment with operating on their own behalf using leaked ransomware builders. Being able to detect and disrupt attacks at an early stage before data can be stolen or encrypted will remain essential for organizations in all sectors.

China

China will continue to focus on its political, military and economic priorities when collecting intelligence via cyber (or any other) means. The targeting will therefore change little but can always be swayed by political developments around the world.

In terms of more tactical elements: Chinese state sponsored threats will develop zero-day exploits for network perimeter devices that are deemed to be vulnerable targets (there are several firewall and VPN devices/vendors that fall into this category). Chinese state sponsored threats will be driven toward further emphasizing stealth in its operations by the continuing strategy of the U.S. to employ sanctions and indict specific named individuals connected with cyber intrusions.

China will continue to seek to understand as much as it can about Western (particularly U.S.) technology used on the battlefield in Ukraine to prepare countermeasures for a possible future invasion of Taiwan. Its cyberespionage operations will likely be similarly geared to such preparations.

More predictions from Secureworks can be found here.

Leave a comment »

Action1 Makes Its Full-Featured Patch Management Platform Free for Everyone Including Home Users

Posted in Commentary with tags on December 19, 2024 by itnerd

Action1, a leading provider of real-time vulnerability discovery and automated patch management solutions, today announced a significant expansion of its free patch management offering. Previously available exclusively to business users, Action1 is now breaking down barriers to advanced endpoint security for everyone—including nonprofits, independent consultants, small businesses, and home users—ensuring no one is left vulnerable to cyber threats. 

With 100 endpoints free forever, Action1 makes itsrobust, cloud-native patch management solution equitable for both individuals and organizations worldwide, empowering them to combat cyberattacks and safeguard their digital environment.

 Small Targets, Big Risks

Cybercriminals are increasingly targeting the most vulnerable among us—small businesses, nonprofits, and independent professionals. According to Cybersecurity Ventures, more than 60% of ransomware attacks now focus on organizations with fewer than 100 employees. Unpatched vulnerabilities, which account for nearly 60% of all cyberattacks,according to the Ponemon Institute, are particularly harmful to small businesses and individuals with limited resources. Action1 addresses these challenges by delivering automated patching and vulnerability management across both operating systems and third-party applications, ensuring the broader community stays protected without requiring extensive IT or budget resources.

With Action1, users gain the benefits of an autonomous endpoint management solution for the first 100 endpoints at no cost, with features including:

  • Ease of Use: Start patching endpoints in under five minutes and rapidly scale to as many endpoints as needed. No dependency on legacy tools, clunky integrations, or on-premise software.
  • Unified Cross-OS and Third-Party Patching: Automate the entire patching process for remote and onsite endpoints, from identifying and deploying missing updates to real-time reporting. 
  • Vulnerability Discovery and Remediation: Prevent security breaches and ransomware attacks. Detect vulnerabilities in OS and applications in real-time and enforce remediation. 

With this initiative, Action1 now accepts both personal and business emails for new account registration at https://www.action1.com/signup.

To learn more about Action1 Patch Management, visit https://www.action1.com/free-edition/.

Leave a comment »

« Older Entries