Apple Releases iOS & tvOS Update That Fully Fixes HomeKit Exploit

Posted in Commentary with tags on December 13, 2017 by itnerd

If you use HomeKit devices, then you’re aware of a HomeKit bug that was disclosed and partially fixed last week that would give the bad guys remote access to your HomeKit devices. For example, they could unlock the doors and turn off your security cameras before stealing everything from your home. Apple did some back end fixes and disabled the ability to remote access HomeKit devices until they could get out an iOS update that fixed the rest of the issues.

Today, iOS 11.2.1 made an appearance which fixes the rest of the HomeKit issues. Of interest, there’s also a tvOS 11.2.1 fix that came out as well which has HomeKit fixes too. That shouldn’t come as a shock as you need an AppleTV to fully leverage HomeKit. Including the ability to do remote access. You should likely go to your iDevices and download this updates ASAP.

While I’m at it, if you own an Apple Airport Extreme or Express base station, you might want to log into it and check to see if you have a software update waiting. Chances are that you have as Apple has released an update that fixes the KRACK vulnerability in those products.

Advertisements

Almost 45 Million Tons Of eWaste Discarded Last Year – UNN

Posted in Commentary with tags on December 13, 2017 by itnerd

A new study [Warning: PDF] from the United Nations University says that 44.7 million metric tons (49.3 million tons) of TV sets, refrigerators, cellphones and other electrical good were discarded last year, with only a fifth recycled to recover the valuable raw materials inside. That isn’t good for the environment of course.

My take on this goes something like this. Without better disposal/recycling options, it’s going to continue to be like this. People aren’t going to put in the effort to search out methods of recycling electronics, hazardous waste like propane tanks, etc. People don’t have space to store that waste to wait for an opportunity to properly dispose of it. The fact that the trash and recycling service that everyone pays for doesn’t help with this problem. Thus we really need a rethink of how we keep eWaste out of landfills and the like.

 

Why Ontario’s New Ticket Sales Act Won’t Work

Posted in Commentary with tags on December 13, 2017 by itnerd

Today, a bill called The Ticket Sales Act is coming up for final reading in the Ontario Legislature. If passed, which given that the current Liberal government has a majority in the Legislature seems certain, it’s purpose is to do the following:

  • Banning ticket “bots” and the sale of tickets that were purchased using bots
  • Capping the resale price of tickets at 50 per cent above face value
  • Requiring businesses selling tickets to disclose more information to consumers
  • Establishing new enforcement measures to help make sure that ticket selling and reselling businesses are following the rules

All of that sounds great on paper. After all, it’s impossible to get a ticket for a big name concert or sporting event at the moment. Thus it should shift the balance of power back into the hands of consumers like you and I. Right?

Not so fast.

They reason why this act will fail centers around the banning of “bots” which are software programs that are designed to by tickets by the hundreds the second they become available for sale. Now, how do you enforce that ban precisely? Sure someone like a Ticketmaster could trace where a transaction was launched from over the Internet. That’s not hard. But how do they tie it to an individual in Ontario or elsewhere?

They can’t. And that’s part of the problem.

On top of that, you can rent what are called “bot farms” to do everything from take down websites to pwn IoT devices. And I know for a fact that you can rent “bot farms” to buy tickets in bulk for resale. Because the “bot farm” is owned by a third party, the actual ticket broker has plausible deniability if the cops knock on their door. Assuming of course the cops can even find them. Which they won’t. Thus this act is doomed to failure. Simply saying that “bots” are illegal doesn’t stop their use. At best, it modifies how they’re used so the users are less likely to get caught. Unless the Ontario Government is willing to set up enforcement in the form of some sort of team of computer nerds that will hunt down these operations and take them down, this is a futile exercise. And I think it’s safe to say that the Ontario Government isn’t going to do that. Besides, if were truly as simple as hiring a bunch of nerds to take down bots, Ticketmaster would have done it already and we would not be talking about this now.

The bottom line is that the Ontario Government will get to tick off a check box a few months out from an election, but nothing will change for consumers. You still won’t be able to get tickets for the Toronto Maple Leafs, the next U2 concert, or anything else. Because this act does nothing to change the fact that because these “bots” exist, you have no chance. Zip, zero, nada. The real solution is found in making the use of bots ineffective. That requires technology and not legislation.

Here’s Another Tech Support Scam To Be Aware Of: PC Tech Support

Posted in Commentary with tags on December 12, 2017 by itnerd

Fresh off the heels of the tech support scam that I documented here, I’ve come across another one. Or more accurately, one of my clients has. This scumbag got in touch with her and tried to drain her credit cards and bank accounts of whatever money he could get yesterday while trying to perform some sort of tech support “services.” My client let him into her computer and only gave him the boot after about an hour when the price went from $99 for his “services” to over a thousand dollars. That’s when she called me. I had a look over her computer and found that he had installed GoToAssist to allow him to take control of her computer remotely, but not much else was done with it. I plan on doing a follow up later this week, but from what I saw yesterday, she seems to have dodged a bullet.

Now the scumbag in question goes by the name of PC Tech Support and the phone number that they were calling from was 1-888-308-3363. I’m pointing this out because if you see this number on the call display on your phone, hang up. I found their website which I will not link to as I do not want to send them traffic. But I will display a screenshot of their website that clearly uses stock clip art:

scum4

That allowed me to look up who owned the domain that they are using:

scumbags

What caught my attention was the organization name which was S.M.O.K.E. Technologies. I did a search of the name and found their LinkedIn page which again, I will not link to. Instead I will display a screen shot of it:

scumbagThe website that they have doesn’t go anywhere. But if you look at where they have locations, they list Gurgaon, which is a city in India that I’ve been to numerous times, and Jaipur-Rajasthan which is where the registration of the domain came from. That cannot be a coincidence. That was confirmed when I came across the company on Gust.com which is India’s service to connect startup companies with investors:

scum

If you look to the right, you’ll see the name Vivek Kosalla. Vivek is the name that’s in the domain registration above. That too cannot be a coincidence. This seems to point toward this company being behind PC Tech Support. And thus being behind this scam.

These guys seem to be rather unsophisticated scammers from a tech standpoint and I would rank them lower than the scumbags that I wrote about earlier this year. But they did try to go to town on my client’s credit card. Which by the way is now cancelled. She also now has credit monitoring just in case they try to steal her identity or something. So these scumbags will walk away with nothing.

Now let me reiterate something that I said the last time I covered a tech support scam. A legitimate company such as Microsoft, Apple, or Google would never call you in this manner. The exception might be your ISP. There’s a minute possibility that your ISP would call you if your computer has been infected with malware that could be sending out something from your computer. If a caller claims to be from your ISP, ask for the caller’s name, where his or her office is located, and for the office telephone number. Ask why you’re being contacted by telephone, what the issue with your computer is and how the ISP could tell it was your PC specifically that had a problem. If a call sounds legit, hang up and call the ISP yourself, then ask for the tech support department or for the person who called you specifically. Use a phone number listed on your ISP’s website or on your bill, not a number that the caller gave you. That way, you could confirm or deny if this is legit.

Now, if you get a call from a scammer. The best way to deal with them is to hang up. But if you want to do the world a favor, do the following….. Though I will not exactly go out of my way to recommend vigilante behavior like this:

  1. The name of the company the scammer claims to work for, and the company’s website, phone number or address. Even the smallest pieces of info can lead one down the road of finding out who the scammers are and you’d be surprised how willing they are to give up this information to try and gain your confidence.
  2. Hang up.
  3. Report it. Microsoft has a Web page dedicated to reporting tech-support scams. The U.S. Federal Trade Commission has a website for fielding complaints, while the Canadian Anti-Fraud Center is the place to go if you’re in Canada.

So, what happens if you get scammed? You need to act fast. First, shut down the computer. Then do this:

  1. First download and install legitimate antivirus software. Then, run a scan to see if anything has been left behind. Then change the passwords on the user accounts on your PC. You don’t have passwords on the user accounts? You should precisely for this reason. If you don’t feel comfortable doing any of these items, call an IT expert for help.
  2. If you gave the scammer your credit card number, then you really need to act fast. Call your credit card provider and either reverse the charges or cancel the card (my client did the latter).  Then you should also contact one of the three credit-reporting agencies. Namely Equifax, Experian or TransUnion and ask them to place a free 90-day credit alert on your file. For the record, Experian doesn’t operate in Canada but the other two do. The agency you contact will alert the others and you’ll be notified if someone tries to do something in your name.
  3. Report it.

As you can see, getting hit by a scammer is not a trivial matter. You need to be on your toes to avoid this sort of thing. If you are, then you should never have to worry about the negative effects of being scammed. I hope this information helps to make sure that you are not a victim of something like this.

UPDATE: My client wrote down details about these scumbags. Here’s a photo of what she wrote:

IMG_1072

You’ll see the scumbag’s name and phone number (which works when you dial it by the way). I circled the IP address which is 127.0.0.1 which is a loopback address. As in an IP address that loops back to the machine that you’re on. It could never exist on the Internet. Thus this is another sign that these scumbags are rather unsophisticated. But they don’t have to be as this type of scam is about sounding smart so that they can fleece your bank account as opposed to being smart. The other thing that I should update you on is that S.M.O.K.E. Technologies is located in the same location as the registration above:

scum5.JPG

That’s further proof that they’re the ones behind this tech support scam.

UPDATE #2: I just got a threat from these clowns via e-mail. Here’s my response:

I don’t respond well to threats. And I will continue to shine an uncomfortable spotlight on you or anyone else who runs a scam like this. Oh yeah, thanks for sending the threat by e-mail. The header information on that e-mail will be very interesting for law enforcement to see.

iMac Pro Pricing And Specs Announced….. And What A Beast It Is!

Posted in Commentary with tags on December 12, 2017 by itnerd

Apple a few minutes ago has announced that the iMac Pro which is Apple’s pro grade computer will be available to order on Friday. In terms of specs, this thing seems like a beast based on these specs:

  • A 27-inch Retina 5K display
  • Up to an 18-core Intel Xeon processor
  • Up to 4TB of SSD storage
  • Up to 128GB of ECC RAM
  • AMD Radeon Pro Vega 64 graphics processor with 16GB of HBM2 memory
  • Four Thunderbolt 3 ports
  • Four USB 3 ports
  • 10 Gigabit Ethernet port
  • 802.11ac WiFi
  • Bluetooth 4.2
  • SD card slot
  • 3.5mm Headphone jack
  • 1080p front camera

Pricing starts….. the key word is starts at $4999 USD. Given some of the options that are available, that price can escalate very quickly. This is an important launch for Apple as they have taken heat for not taking the pro market seriously as of late. So the stakes are kind of high for them to not mess this up.

Apple Just Bought Shazam

Posted in Commentary with tags on December 11, 2017 by itnerd

It had been rumored for days and just a few minutes ago, it’s been confirmed that Apple has bought the music tagging and recognition service known as Shazam. The word on the street is that Apple dropped $400 million to get the company.

Now Apple had been using the service to power the music nonrecognition feature within Siri. But now that they apparently own the company, you have to wonder what more they can do with the service. On top of that. You have to also wonder what happens to the base of Android users who use the service. When Beats Music was purchased, the Android app was kept around. Perhaps we will see that happen here as well. We’ll have to wait and see.

Review: Netgear Nighthawk X8 AC5300 Tri-Band Router

Posted in Products with tags on December 11, 2017 by itnerd

I’ve been testing a lot of routers lately, and the latest one to end up in my test lab is the Netgear Nighthawk X8 AC5300 Tri-Band Router. This is one of Netgear’s high performance routers and it takes a really conservative approach in terms of looks:

fullsizeoutput_a57

It’s big as it takes up a lot of real estate, but it’s thin and flies under the radar unlike a lot of routers in this class. It has plenty of venting to keep it cool. It’s got four antennas that are non-removable. That might be a bit of a mistake as I’d love to know how you would replace one without having to send the whole router in for service. Oh yeah, the antennas also do this:

XXdj3Jj0QpeUg2j0czqbNw

The tips light up which will be cool to some. Other interesting features include:

MgmCzfG7TZuZb9MT%HnbwA

There are a pair of USB ports for storage via a USB hard drive, or a printer for printer sharing. But they’re behind a door which is kind of strange.

7QC%NWOgTFqekh4w2v6K7w

Lit buttons on the front are there to turn on and off the LEDs, use WPS, and enable and disable WiFi.

wJCvNBugS420D3Yulrym2w

The lights to indicate the status of Internet access and ports are on the top of the router.

fullsizeoutput_a58

You get six gigabit Ethernet ports for all your wired devices. The first two are aggregate ports (via the 802.3ad standard) for those who want extra speed from a wired device that supports this feature.

In terms of WiFi, you get one 2.4 GHz channel running at gigabit speeds, and a pair of 5 GHz channels running at 2.1 gigabits each. What’s cool is that you can take the 5 GHz channels and bond them so that you can have devices automatically float between the two so that no one channel can be overloaded. And from what I could tell, it tended to make the right decisions as to which device needs to go where.

Setting the router up is easy and so is managing it. The wizard that walks you though the setup is clear and easily understandable for all types of users. Advanced users can leverage the advanced settings to get access to all the cool stuff to make devices go faster or lock things down. If using the web based setup isn’t for you, you can use an app called the Netgear Genie app for iOS or Android that gives you the ability to do the same thing from your phone or tablet. And if the standard firmware does nothing for you, there is DD-WRT firmware that is apparently available. Another feature that is available but I didn’t test is Amazon Alexa & the Google Assistant support.

In terms of speed, I’ll simply say that Nighthawk X8 is the new speed champ as far as I am concerned. I got this result over 802.11ac within 5 feet of the router:

Screen Shot 2017-12-09 at 4.45.02 PM.png

This beats the ASUS ROG Rapture AC5300 Gaming Router which clocked a speed of 841 Mbps when I tested it on my gigabit Internet connection. Not only that, I got good coverage in my condo as I was able to get a good signal in places that most routers struggle to reach. The fact that this router supports beamforming likely helps with that. It also supports MU-MIMO to keep things speedy. Speaking of speedy, anything and everything I tossed at it could not slow it down.

What’s missing? Well, it doesn’t have the advanced and somewhat unique security features and massive levels of customization that the ASUS ROG Rapture AC500 Gaming Router has. That may bother some people as they may see those as being desirable features. But there’s enough here that it should not bother you in my opinion. Gripes? I’m not a fan of the non-removable antennas like I mentioned earlier. Other than that, I think of anything to be critical of.

So, what does this all cost? Amazon Canada sells it for $299 CDN. If you look around, you may find it for less. What’s my bottom line? While the ASUS ROG Rapture AC5300 Gaming Router has more features, and I still think is the overall better value, the Netgear Nighthawk X8AC5300 Tri-Band Router is a touch faster. Seeing as it’s about $200 cheaper than the ASUS offering, if you simply want nothing but the fastest router around the Netgear is very much worth a look.