Access To Tens Of Thousands Of Chinese Made Cameras Available For Sale By Hackers…. Yikes!

Posted in Commentary with tags on September 25, 2022 by itnerd

This is not only bad, it’s also a textbook example of why you need to stay on top of patching your IoT gear.

Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260. The exploit was given a “critical” 9.8 out of 10 rating by NIST. The higher the number, the worse it is and in this case, this is as close to worst case scenario as you can get without hitting 10.

Now here’s the problem. New research indicates that a year later, 80,000 or so cameras are out there in the world unpatched. And what’s worse, access to these cameras are for sale by hackers:

Specifically in the Russian forums, we have observed leaked credentials of Hikvision camera products available for sale. These can be leveraged by hackers to gain access to the devices and exploit further the path of attack to target an organization’s environment.

That’s bad. Really Bad. The vendor did put out alerts for this along with firmware updates. But because people have a tendency to what I call “install and forget” about IoT gear, here we are talking about it. Thus my advice to anyone who owns one of these cameras is to drop what you’re doing and update them now. And my advice to anyone who has IoT gear of any sort is to make sure you stay on top of your firmware updates so that way nobody tries to use your IoT gear to pwn you.

Review: Apple iPhone 14 Pro

Posted in Products with tags on September 24, 2022 by itnerd

It’s iPhone season and this is my review of Apple’s latest and greatest iPhone ever. Yes that’s sarcasm, or perhaps cynicism as Apple has only managed to marginally move the needle on this this year’s crop of iPhones. In fact, by the time that this review is over, you may not want to upgrade.

The iPhone 14 lineup this year is different than most years. What is the same is that Apple has four phones for you to choose from in two sizes. You can get the iPhone 14 in a 6.1″ size, the iPhone 14 Plus in a 6.7″ size, the iPhone 14 Pro in a 6.1″ size and the iPhone 14 Pro Max in a 6.7″ size. Gone is the iPhone Mini as it apparently didn’t sell all that well. In any case, you should completely ignore the iPhone 14 and 14 Plus as those are essentially a repackaged iPhone 13 with some software updates. That’s because they’ve taken the A15 Bionic processor that was in the iPhone 13 Pro and Pro Max, added some software tweaks and called it job done. Not a whole lot else has changed. Instead, if you want a new iPhone, my recommendation is to focus on the 14 Pro and Pro Max as that’s where Apple has spent a lot of its time and effort.

Let’s start with what you get in the box:

This is the iPhone 14 Pro in space black. More on the colour in a bit. Underneath the phone you see this:

You get the usual pack that has some documentation, a SIM eject tool as I am in Canada and unlike the US, I still get a physical SIM slot, and a white Apple sticker. I also get a USB-C to Lightning cable. And this is where I will start to criticize Apple. They’ve stuck with Lightning instead of moving USB-C. This despite the fact that this phone is capable of creating 90 MB ProRAW photos and gigabytes of ProRES video. This is an issue as Lightning runs at USB 2.0 speeds which is 480Mbps or 60MB/s. In other words it is slow which makes you say WTF as it could take an insanely long time to pull a ProRES video off an iPhone via Lighting. As in an hour or two. Seriously Apple, you need to put USB-C at the very least in the next iPhone and if you want extra brownie points, have it do Thunderbolt 3 or 4 speeds as well because it is 2022 and not 2012 and you need to get with the times. Now Apple likely doesn’t want to do this because Lightning gives them control and a some extra cash via their MFi Program. Which is great for them. But what’s great for us is that the EU will force Apple to USB-C next year. Thus I will call it now. The iPhone 15 will have USB-C, though I suspect that they will do something to implement it the “Apple Way”.

And for those who are wondering, I am so over the fact that the phone doesn’t come with a charging brick.

As for the space black colour, here’s a comparison with my iPhone 12 Pro:

The iPhone 12 Pro is on the right in the graphite colour. Space black is darker but it’s not absolutely black like the desk mat that these phones are on. But it is a welcome change. The sides are made of surgical grade stainless steel, and they are a major fingerprint magnet as has been the case since Apple went to this design. The back is matte glass, and is not a fingerprint magnet. If fingerprints bother you, I’d advise that you get a case. Here are three options for you on to choose from. And a screen protector would be a good idea as well. I use this one for the record.

As for other design elements, it looks like the iPhone 13. And the iPhone 12. As in there’s zero discernible changes on the design front. In fact, I have been walking around for a week with my 14 Pro and nobody has noticed that it’s the newest iPhone around. I guess if you want to fly under the radar with your new iPhone, this phone will accomplish that. But if Apple wanted to get some attention with their latest iPhone, it’s not going to happen here.

The two design elements that have changed start with Apple’s implementation of an always on display. In typical Apple fashion, they couldn’t just have the screen dim down and show a minimal amount of information like pretty much every Android phone out there. Instead, they went above and beyond and added a few party tricks. By that I mean that pictures on your lock screen will maintain the same skin tones and still be largely visible when the screen dims. And in bright lighting conditions, the phone’s screen will be plenty bright which makes me wonder how much power that this feature is sucking back when in use as OLED screens even at minimal refresh rates are not power efficient. It also makes me wonder why Apple didn’t have some sort of option to allow the user to control that. Alternately it will dynamically adjust the brightness down in dim lighting conditions. But Apple didn’t stop there. If you have an Apple Watch and you walk away from the phone, the screen will turn off once the watch gets out of Bluetooth range. Or if you put the phone in your pocket, the screen will turn off. All of this sounds interesting. But the thing is that it took some time for me to adjust to that as since 2012 which is when I got my first iPhone, I have been conditioned that when I see something on my iPhone screen, the phone on and I need to hit the sleep/wake button to turn it off. And that’s true for my wife as well as she’s tried to turn off my iPhone as she thought it was on a couple of times. And I’ve heard this from other people with this phone or the Pro Max variant. So clearly there’s going to be time needed to get used to this feature. One thing that is missing from this feature is the ability to put it into some sort of “nightstand mode” like the Apple Watch where it will very dimly display the time alone when the phone is on a charger. In my mind, that’s a bit of a swing and a miss by Apple. But conversely if you’re in a sleep focus mode, the display turns off entirely. I am guessing that Apple’s use case is that it is one thing to have an Apple Watch display lit at night as that is not likely to bother you, but it’s a bridge too far for the iPhone. Though I suspect that this might change if enough people complain. Another thing that Apple might have to change is the fact that notifications will cause the screen to go to full brightness which doesn’t make a whole lot of sense to me.

The second design change is the “dynamic island”. I’m going to go off on a tangent and ask why anyone at Apple thought that this was the best name for this feature? You know that a bunch of people got into a room and they wrote up a bunch of names on a whiteboard in order to pick the best one. Why did this one win? It honestly sounds like the name of a reality TV show where either someone will find love or people will be voted off the island. Surely a multi-trillion dollar company could have done better than this?

Back to the phone review. What Apple has done is eliminated the notch that has been in every iPhone since the iPhone X and turned it into a pill shaped cutout where all the Face ID hardware and the front facing camera live. But they then took the extra step of creating an entire software feature around it that allows you to task switch between apps and see information as well as interact with items that are in the “dynamic island”. Plus some notifications like Face ID being in use by an application or the orange and green dots for audio and video usage live there too. Effectively, Apple took a feature that people would criticize and made it something that people would be blown away by.

Mission accomplished.

Let me illustrate how the “dynamic island” works with this video.

One thing that I would like to point out is that the “dynamic island” visible in screen recordings. They didn’t bother to do that with the notch in the MacBook Pros that came out last year. Thus I guess that this will be their design language going forward and we can expect to see iPads, and MacBooks with the “dynamic island” soon. But there is one downside to the “dynamic island”. It cuts into full screen video. The notch didn’t do that and some will see this as a regression as a result. Another thing to point out is that you have to press and hold to surface the widget and simply tap the “dynamic island” to bring up the full app. That seems backwards to me.

And i’m calling it now. Every single Android phone will copy this feature.

The screen is different as well. This year besides ProMotion which is Apple’s adaptive refresh rate technology that ramps the screen from 1 Hz to 120 Hz to save battery power, it’s brighter as well topping out at 2000 nits. This is a total win as in bright sunlight the iPhone is extremely readable. And just in general, the screen is bright, clear, and easy to read. And that’s above and beyond my previous iPhone.

One last thing in the design area. Apple removed the SIM tray if you are in the US which slightly alters the design of the iPhone 14 Pro, and forces iPhone customers over to eSIM technology. Everyone else on the planet gets a SIM tray and eSIMs are optional. You can find out the pros and cons of that here. But I suspect that this will spread elsewhere as early as next year.

Now that the design is out of the way, let’s talk specs. Every iPhone this year gets 6 GB of RAM, but only the 14 Pro and Pro Max variants get Apple’s 16 Bionic processor. This processor is built on TSMC‘s 4 nanometer manufacturing process and it features a 6-core CPU, 5-core GPU, and 16-core Neural Engine. It has many improvements over the A15 Bionic from the iPhone 13 Pro (or iPhone 14), such as a new display engine which helps with the new always on display feature, new image signal processor, and more power efficiency. But if you’re expecting it to destroy the A15, it won’t based on these Geekbench 5 results:

A16 BionicSnapdragon 8 Gen 1A15 Bionic
Geekbench 5 (single-core / multicore)1891 / 54691214 / 33611733 / 4718

To be clear, Apple continues to humiliate Qualcomm’s Snapdragon 8 Gen 1 with ease. But the A16 is only a marginal gain over the A15, and you are unlikely to see the speed difference during daily usage. My guess is that the key differences are going to be found in the energy usage and heat it generates as it is manufactured on a 4 nanometer process.

Now over the camera which Apple spent a lot of time talking about during their presentation. Specifically:

  • 48MP quad-pixel main sensor that bins down to 12MP
  • 12MP ultrawide sensor that’s twice as large as the one on theiPhone 13 Pro.
  • The telephoto lens is still 3x which is unchanged
  • You now get 0.5x, 1x and 2x, and the telephoto’s 3x zoom

As part of this camera upgrade, Apple have now come out with the “Photonic Engine” which is not only another questionable name for a feature, but it sounds like something straight out of Star Trek.

<Scene fades in from black showing the bridge of the Starship Enterprise with tense music playing. The red alert siren is audible>

  • Sulu: “Captain! Two Romulan warbirds just decloaked off our port bow!”
  • Kirk: “Chekov! Arm all weapons! Scotty! Prepare to engage the Photonic Engine and get us out of here!”
  • Scotty: “Aye Captain!”
  • Chekov: “Aye Captain!”

Seriously, could they not have come up a better name? After all, this is not a company that’s short of cash so surely their marcom group could have come up with something better than “Photonic Engine”? In any case. The “Photonic Engine” is a new computational photography model that improves mid and low light photos by incorporating Apple’s Deep Fusion technology earlier in the pipeline before the frames get compressed. The “Photonic Engine” promises to enhance dynamic range to bring out detail even in low-light pictures. Let’s test that by taking the iPhone 14 Pro and pitting it against the iPhone 13. Here’s a pair of photos that were taking with dark mode enabled. Starting with the iPhone 13:

Then the iPhone 14 Pro:

Is the iPhone 14 Pro better? Well, you see more detail and it does look brighter. For example if you look at the tree on the left you see the bark of the tree better in the iPhone 14 Pro. But it’s not a quantum leap above the iPhone 13. So the answer is yes the iPhone 14 Pro is better. But the differences are not huge. But they are there.

Let’s look at a low light photo without dark mode, starting with the iPhone 13:

And now the iPhone 14 Pro:

Again, you see more detail and it does look brighter in the iPhone 14 Pro photo. But again, it’s not a huge leap forward.

Now there’s an improved macro mode on the iPhone 14 Pro in play and here’s what it looks like:

The detail level is great in this photo and there’s the right amount of bokeh in the photo. And from the party tricks department comes the ability to look up some objects that you take photos of:

You’ll see the words “Look Up – Plant in the screenshot above. If you click on that you will get this:

That way you know what you’re taking pictures of and you can act like you’re a botanist. It apparently works with animals too, though I didn’t test that. But in any case, this is the power of having a neural engine on a smartphone.

Another improvement is the enhanced cinematic mode. Last year it was 1080P. This year it is in 4K and here’s an example of what you get via a video with yours truly looking as “Gangsta” as possible:

Cinematic Mode mostly works as it enables when it detects me and turns off when I exit the video. I am sure you’ll be able to do some interesting things with it.

Next up is Action Mode which is the only new feature name that Apple came up with that makes sense. It stabilizes video at 2.8K which is a bit of #fail as this is a 4K world. But in the next year or two, I am sure that this will be a feature that works with 4K. But since I review what is on the table in front of me so to speak, here’s a video that illustrates what you get without and with Action Mode:

The only thing that you have to keep in mind with Action Mode is that it requires a lot of light to work well and it will warn you when you don’t have enough light. And if you are in a location that has a borderline level of light, the results may not be that great. Though it does have options that are kind of buried in the Settings app to allow for low light usage at the cost of the level of stabilization that you get.

Earlier I touched on the fact that you get more zoom levels with the iPhone 14 Pro. Specifically that you get 0.5x, 1x and 2x, and 3x zoom which are all optical zoom levels. I tested these zoom levels and compared them to the iPhone 13 which doesn’t have all of these zoom levels which means that you get digital zoom and a less optical photo. First the iPhone 14 Pro:

Followed by the iPhone 13:

Clearly the iPhone 14 Pro photos are better. But Apple really needs to give users a broader zoom range seeing as some Android phones will do 10x optical zoom.

Finally on the camera front, you have the option of shooting pictures in ProRAW format to get all 48 MP rather than photos that are binned down to 12 MP. And returning from previous iPhones, you get the option of shooting video in ProRES format as well.

The next thing that I will cover is battery life. The short answer is that I can make it through a day on a single charge. Which is typically from about 7AM to around 10PM. The long answer can be found in this screen shots.

This is a day where I worked from home mostly and only went out once to deal with a pair of clients who were close to my home. Thus it was plugged into my car a couple of times for 20 minutes or so total. As you can see it had no problem making it through the day having used about 50% of my battery. Which implies that I could have expected plus or minus 10 hours if I emptied the battery which isn’t bad.

This day I was working exclusively from home, but I didn’t charge it once. I used 75% of my battery and I suspect that I could get to 10 hours if I emptied the battery. Now I might get better battery life if I turn off the always on display though. And apparently the haptic feedback from the keyboard plays a part in this too as Apple suggests that this feature eats some battery life. But I’m leaving them on as I like the always on display and the haptic feedback.

Now let me deal with three final items. The first is the obligatory speed test for 5G. Here it is on the TELUS network:

The Qualcomm’s X65 Modem that Apple is using really delivers the goods here. And that’s not the only improvement as this modem promises better power efficiency. Which is welcome as 5G isn’t exactly power friendly. In terms of other wireless, you get WiFi 6, which is odd because WiFi 6E is a thing, as well as Bluetooth 5.3. The latter allows the phone to consume less power, or produce better audio, or have slightly faster data transmission with a compatible device. Which is handy as the new Apple Watches and AirPods Pro both support Bluetooth 5.3. In terms of GPS, the iPhone 14 Pro can receive signals from GPS satellites operating on both the legacy L1 frequency and modernized L5 frequency. L5 satellites broadcast a higher power signal that can better travel through obstacles like buildings and trees when compared to L1 signals. With a combination of the two signals iPhone 14 Pro models should have improved location accuracy in apps like Maps.

Next are two new safety features. The iPhone 14 Pro comes with crash detection which will detect if you’ve been in a car crash, and if you don’t respond it will call emergency services. I didn’t test that and I hope I never do. But this YouTuber did test it and apparently it works as designed. Second is the Emergency SOS via Satellite. Emergency SOS via Satellite can help you connect with emergency services when no other means of reaching emergency services are available. If you call or text emergency services and can’t connect because you’re outside the range of cellular and Wi-Fi coverage, your iPhone tries to connect you via satellite to the help that you need. And Apple has built an entire user interface to help you make contact via satellite along with a quiz that you need to take to allow the feature to transmit your exact needs to emergency services. This feature launches in November and will be free for two years. After that….. Who knows? Apple didn’t say. But seeing as Apple has partnered with Globalstar to deliver these services, and they charge a minimum of $20 USD a month for these services, I am going to guess that it will cost between $20 or $40 USD a month and may likely become part of an iCloud+ plan. Though I suspect that Apple really wants you to buy a new iPhone in two years time.

Pricing in Canada goes something like this:

  • 128 GB: $1399
  • 256 GB: $1549
  • 512 GB: $1819
  • 1TB: $2089

Top Tip: If you plan on using ProRES or ProRAW, skip the 128GB model. ProRES only works on a “Pro” iPhone that is 256 GB or above. And ProRAW photos take up as much as 90 MB of space per photo. Meaning that you need a lot of storage to make that work if taking 48MP photos is your thing.

So, would I recommend the iPhone 14 Pro. That depends on what you’re coming from:

  • If you have no iPhone and you have some cash burning a hole in your pocket, get the iPhone 14 Pro. Apple spent more time and more effort on this phone versus the iPhone 14 making this the one to get. And if you want a bigger screen, there’s always the Pro Max model.
  • If you have an iPhone 13 Pro or 12 Pro and you want to upgrade, I am not sure that there’s enough here to justify the upgrade. Yes the new and improved features are interesting, but they aren’t groundbreaking for the most part and they may not be enough to make buyers say “I must get this phone.”
  • If you have an iPhone 11 Pro or earlier, this is worth upgrading to as there is enough of a feature set delta from your existing phone to make it worth your while to upgrade.

Here’s my bottom line. While there are improvements, and they are all solid improvements, they’re not quantum leaps forward. That makes it difficult for me to say that you should drop what you’re doing to run to the Apple Store to buy one. Don’t get me wrong, it’s a solid phone that you will like if you buy one. What I am saying is that this is a more incremental upgrade which will make you think about whether you should upgrade to it or not.

Adversary Tactics Intel Group Finds Gootloader Threat Actors Use SEO Poison Technique to Exploit Gov, Legal, Real Estate, Med, Ed Victims with Highly Targeted Content

Posted in Commentary with tags on September 23, 2022 by itnerd

Deepwatch has published a new report uncovering Gootloader threat actors using the search engine optimization (SEO) poisoning technique. In the latest report from its Adversary Tactics and Intelligence (ATI) group, Deepwatch looks at a technique where threat actors are compromising legitimate websites, creating fake blog posts, and using overlays to display a fake forum page over blog posts–all to snare government, legal, real estate, medical, and education victims with highly-targeted content.

This is a very sophisticated attack and the report is well worth your time to read.

Review: Spigen iPhone 14 Pro Case Tough Armor (MagFit)

Posted in Products with tags on September 23, 2022 by itnerd

Protecting my new iPhone 14 Pro is top of mind for me because when you spend the kind of cash that Apple wants you to spend on a phone, you want to make sure that nothing happens to it. For that reason, I went with the Spigen iPhone 14 Pro Tough Armor Case (MagFit) to protect my iPhone 14 Pro:

This is a case that offers the following features: 

  • All-new foam technology for an extra layer of shock resistance
  • Combination of TPU and Polycarbonate for dual protection from drops and scratches
  • Reinforced kickstand with raised lips to protect screen and camera
  • Certified [MIL-STD 810G-516.6] protection and Air Cushion Technology for anti-shock protection
  • This case completely covers every edge of the iPhone for complete protection including the camera bump.
  • The screen has raised edges to protect the screen.
  • The case works well with screen protectors.

Let’s dive. Starting with the first two items:

You can see it uses a combination of materials to give it the ability to fully absorb shock. Which is exactly what I want as I want to make sure that this phone will survive a drop. Before you ask, I have used these cases on other iPhones and they’ve survived drops without an issue. Your mileage may vary.

The case has a built in kickstand to allow you have the iPhone in landscape mode on a table handsfree. It’s plastic and locks into place when not in use. Another feature is the addition of MagSafe, and I had no issues with it in terms of charging. The magnets are strong as it passed my “hang from a MagSafe charger” test. And wireless charging works fine as well.

The case has duplicate buttons are very large and tactile in terms of pressing them, and cutouts for the silent switch, speakers, and Lighting port. The edge of the case around the screen is slightly raised, which means that if you put the iPhone face down, the screen isn’t going to touch the surface. It’s also wireless charging compatible and Apple Pay seems to work fine with it. The case isn’t bulky which means it doesn’t change how you hold your iPhone, but it isn’t thin either. Likely because you need it to be that way to provide meaningful drop protection. It also doesn’t add much weight. 

The only thing that I would note as a con for this case is that it attracts fingerprints. Lots of fingerprints. You might want to choose a colour that hides fingerprints better if that matters to you.

I’d recommend the Spigen iPhone 14 Pro Tough Armor Case (MagFit) for daily use or for those who have “butter fingers.” This case is $59.99 USD and as far as I am concerned it’s worth every penny. Especially if you’ve spent a lot of money on your iPhone 14 Pro.

Google Analytics Declared Unlawful In Denmark

Posted in Commentary with tags , on September 22, 2022 by itnerd

Denmark yesterday declared the use of Google Analytics unlawful. The Danish Data Protection Agency concluded that the tool would require the ‘implementation of supplementary measures in addition to the settings provided by Google’. The Agency stated that the decision represents a common European position among the citizens whose personal data is protected. Here are the key details:

The Danish Data Protection Agency has looked into the tool Google Analytics, its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

In sort, if you’re in Denmark you can’t use Google Analytics. Full stop.

Mark Bower, VP of Product Management of Anjuna Security:

     “The ever-expanding bulk collection of consumer data and its handling will continue to land under the EU regulatory microscope, especially with the recent expansion of GDPR scope around inferred data following recent rulings in Lithuania that propagate across the union. Under this new extension, data that is derived from personal data is considered in scope. If breached, it has the same consequence as primary personal identifiers including massive fines. This has sweeping impact and risk for organizations: traditional approaches to compliance that often assume the personal data can be identified in advance of collection and then protected it may no longer work or be fit for purpose, especially with machine learning models where new derived outcomes and inference are coveted by data processors across industry, especially ad-tech, payments, financial services and retail. Organizations handling personal data must therefore look at more thorough and innovative protection strategies in addition to carefully analyze the risk of bulk collection itself. It’s no surprise then that the top of the data food chain is the first to be put in the spotlight – but they will not be the last”

You have to assume that a bunch of people at Google are not happy about this as gathering data and making money off of it is their core business. And I would not be surprised if other places on the planet start to do similar things.

Sucks to be Google.

Optus Pwned By Hackers… Personal Info Stolen

Posted in Commentary with tags on September 22, 2022 by itnerd

Australian telco Optus has disclosed that they suffered a cyber attack which resulted in the personal info of customers including names, DOBs, addresses and contact details being stolen. The attack occurred after hackers broke through the company’s firewall, accessing sensitive information of Optus’ 9.7 million subscribers. The company has confirmed the breach and exposed information but has stated that payment details and account passwords have not been compromised, and that services including mobile phones and home internet were not affected. The thing is, what was stolen is enough to start identity theft campaigns. Which makes this a non trivial event.

Mark Bower, VP of Product Management, Anjuna Security had this to say:

     “Too often we see large scale breaches where payment details and passwords were the only things protected, largely due to regulations like PCI DSS, yet massive amounts of personal data are not. That’s no longer good enough for maintaining customer trust. The types of data breached in this attack put millions of Australians at risk from phishing, social attack and phone scams which can have huge personal anxiety and financial consequences. Modern enterprises can certainly avoid this with a more holistic approach to data security given the availability of tools that can dramatically reduce impact of insiders or advanced attackers even in a total breach situation which is an inevitable and expected scenario for today’s CISO.”

Australia has been very good at investigating stuff like this. Thus I have to assume that the authorities are all over this. Which means we’ll find out how bad this is soon enough.

Review: Mujjo Full Leather Case For iPhone 14 Pro

Posted in Commentary on September 22, 2022 by itnerd

I am someone who customizes the look of the tech depending on what I am doing. For example, if I am doing hiking or something athletic, then I want an iPhone case that is more protective. But if I am want an iPhone case with more style. For the latter use case, that’s where the Mujjo Full Leather Case For iPhone 14 Pro comes in. It will give me some style along with some protection. But let’s have a look at the case from the front and the back.

This fits the space black iPhone 14 Pro that I own. It’s made of vegetable-tanned Ecco leather which in colours other that black will age well. But in black I am unlikely to notice anything different about it unless I scratch it or something like that. Some observations include the fact that there is a 1mm raised leather bezel protects screen from abrasive surfaces. And on the back there’s a raised rear-camera bump protects the lenses. One advantage of this is that it allows the iPhone 14 Pro to sit flat on a table.

One very upscale touch is the addition of metal buttons which works very well.

The inside of the case has Japanese microfibre which gives it a really upscale feel. You’ll also note the MagSafe circle for quick and easy wireless charging. And the magnet strength was great as it passed my “hang from a MagSafe charger” test with flying colours. I should note that in my testing, regular wireless charging works fine too.

The embossed logo at the back is a nice touch.

Now I like the feel of this case. It’s thin and I have no problem holding the case. I also felt that it wasn’t going to slip out of my hand. Fingerprints are a total non-issue as well. As for drop protection, I would guess that this would allow your iPhone 14 to survive some types of drops. But I wouldn’t count on it to survive all sorts of drops. Now that’s not a negative at all because this case wasn’t designed to provide a lot of protection. Thus if you want a case that will give you some style for a hot date or an important business meeting, then the $77 CDN that this case costs is money well spent.

Morgan Stanley Gets Slapped With $35 Million Fine After Failing To Wipe And/Or Encrypt Hard Drives That Eventually Were Resold

Posted in Commentary with tags on September 22, 2022 by itnerd

Well, this is one hell of a screw up.

A reader pointed out to me that the SEC has fined Morgan Stanley $35 million. The press release that the SEC put out has these details:

The Securities and Exchange Commission today announced charges against Morgan Stanley Smith Barney LLC (MSSB) stemming from the firm’s extensive failures, over a five-year period, to protect the personal identifying information, or PII, of approximately 15 million customers. MSSB has agreed to pay a $35 million penalty to settle the SEC charges.

The SEC’s order finds that, as far back as 2015, MSSB failed to properly dispose of devices containing its customers’ PII. On multiple occasions, MSSB hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the PII of millions of its customers. Moreover, according to the SEC’s order, over several years, MSSB failed to properly monitor the moving company’s work. The staff’s investigation found that the moving company sold to a third party thousands of MSSB devices including servers and hard drives, some of which contained customer PII, and which were eventually resold on an internet auction site without removal of such customer PII. While MSSB recovered some of the devices, which were shown to contain thousands of pieces of unencrypted customer data, the firm has not recovered the vast majority of the devices.

The SEC’s order also finds that MSSB failed to properly safeguard customer PII and properly dispose of consumer report information when it decommissioned local office and branch servers as part of a broader hardware refresh program. A records reconciliation exercise undertaken by the firm during this decommissioning process revealed that 42 servers, all potentially containing unencrypted customer PII and consumer report information, were missing. Moreover, during this process, MSSB also learned that the local devices being decommissioned had been equipped with encryption capability, but that the firm had failed to activate the encryption software for years.

Wow. There are a lot of #fails her. And quite honestly if I were a Morgan Stanley customer, I would be pissed.

Yes I said it.

The fact is that in 2015 never mind 2022, this is completely unacceptable. Companies need to handle Personally Identifiable Information or PII with the upmost of care. Morgan Stanley didn’t and it’s cost them. Though seeing as they agreed to pay this fine to make this problem go away as I suspect they figured out that they were in deep trouble when the SEC knocked on their door.

Hopefully, companies who handle PII are paying attention to this and hopefully the SEC doles out more punishment like this to send the message that if you screw this up, you will pay.

Hackers Amplify Phishing Attacks By Creating Multiple Profiles From Compromised Accounts And Use Auto-Delete To Cover Their Tracks: Avanan

Posted in Commentary with tags on September 22, 2022 by itnerd

Researchers at Avanan, a Check Point Company, have discovered threat actors using stolen credentials to create more user profiles to send credential harvesting emails. By doing so, hackers are able to multiply the effect of credential harvesting scams.

In this attack brief, researchers at Avanan, a Check Point Software company, will discuss how threat actors are compromising accounts, creating more user profiles to send out more attacks, then auto-deleting email trails. 

The campaign presents users with an email from Microsoft’s Office 365 notifying them that a form has been shared. Clicking on the link to the form directs users to a malicious site where credentials are stolen. The hacker, now with access to the account, creates more user profiles within the larger admin and sends out phishing emails to over 4,000 addresses. The emails are then set to be auto-deleted from the compromised accounts to cover their tracks. 

You can read the attack brief here.

A New @Microsoft Email #Scam Is Making The Rounds

Posted in Commentary with tags on September 22, 2022 by itnerd

A new email scam that is likely a phishing scam that is using Microsoft as its hook is making the rounds. Here’s the email in question:

The first hint that this is a email scam is that this email does not fit Microsoft’s brand design. But there is a simpler way to tell that this is a email scam:

There’s looking at the email address. In this case, this did not come from Microsoft as this is not a Microsoft domain that is being used. That’s a #fail right out of the gate and should cause you to delete this email immediately.

Going further going down the rabbit hole, it references a Microsoft update. Specifically KB40341836081 which doesn’t exist. Microsoft update numbers are six digits at present and this one is way too long. The English is also horrible. Example “perhaps you may experience difficulties signing into your account following a restart or sign-out.”

It also encourages you to log into a website to fix this. And serves up a lot of technically incorrect information to push you to go to this website. It also tries to reassure you by saying that you don’t have to download anything which will reassure you that you won’t get infected by a virus or something. Finally, it offers a site where you can stop or change these “security alerts”. But that site isn’t actually a link so it’s just there to reassure you that this email is legit, which of course it isn’t.

As for the website that it takes you to, well I couldn’t get it to load. Perhaps it’s been taken out by Microsoft? Or maybe because I did this on a Mac it wouldn’t respond to me because it was looking for a PC to perhaps load malware on it? It’s hard to say.

Regardless, if you see this email show up in your inbox, delete it.