Petro Canada Suggests That Users Change Their Passwords

Posted in Commentary with tags , on February 26, 2017 by itnerd

Clearly a lot of companies are being paranoid about getting pwned by hackers as over the weekend, Petro Canada sent out e-mails to participants of their Petro Points program to change their passwords. Here’s a picture of the e-mail:

Screen Shot 2017-02-26 at 8.53.37 PM.png

Now, unlike the e-mail that Cineplex users got, they spun this in a way made you to more likely to not question whether this e-mail was real or not. That’s likely to make sure that users are more likely to change their password. Though, I will admit that this still has a “blame the user” feel to it. But having said that clearly the Loblaw and Canadian Tire hacks has Canadian businesses spooked.

Advertisements

Cineplex Asking Users To Change Their Passwords…. Why?

Posted in Commentary with tags , on February 24, 2017 by itnerd

That’s the question being asked by people who use Cineplex Connect as they got an e-mail this morning asking them to change their passwords. Here’s an example of such an e-mail posted to Twitter by someone who thinks this is an attempt at phishing:

The problem is, that this e-mail is actually legit as confirmed by the Cineplex Twitter account:

So…. Why are they doing this? In my mind, it’s one of these three things:

  1. Cineplex Got pwned by hackers.
  2. Cineplex is watching other Canadian companies like Loblaw and Canadian Tire get pwned by hackers and is simply getting ahead of the curve in terms of trying to keep their users safe.
  3. This is related to the Cloudflare disclosure of leaked data. It is not clear if Cineplex is a Cloudflare customer, but the timing is interesting enough to make that a possiblity.

Whatever the reason, you should likely change your password. To change your password, you need to login to Cineplex’s website, click on the Security tab and follow password change instructions. In the meantime, we’ll have to guess which one of the three reasons that I stated is the truth. I’d like to think it’s the second one, but these days you never know.

Review: Apple iPhone 7 Plus

Posted in Products with tags on February 24, 2017 by itnerd

I needed a new phone for a few reasons. First, I have been bouncing between a couple of phones over the last year. Specifically, the Apple iPhone 5s and Apple iPhone 6. Second, I wanted a phone with more storage as 16GB (the iPhone 6) doesn’t come close to cutting it from a storage perspective and 32GB (the iPhone 5s) is usable but doesn’t give you much runway for the future. Finally, I wanted a bigger screen as that would be much easier on the eyes as using a 4″ screen when you have 40+ year old eyes which also are affected by Keratoconus isn’t workable. But a 4.7″ screen at the very least is workable. After much deliberation and even enlisting the help of my followers on Twitter, I got an Apple iPhone 7 Plus unlocked from the Apple store. Specifically the matte black 128GB model. I went for 128GB because that would give me the room for whatever I needed to install or store on the phone for the next couple of years that I own the phone. But you’re likely asking “why did you go for the Plus model?” The answer is a bit more complicated.

The first reason is the screen. Now Apple was late to the game when it came to a big screen “phablet” style phone. But at least in the iPhone 7 Plus, that delay seems to have been worth it. The 5.5″ screen does 1080p and colors are sharp and vibrant. Plus text is easier to read and I really appreciate that the entire user interface rotates when I rotate the phone from portrait to landscape. That helps to make this the “device to rule them all” that those in the market for a “phablet” are looking for.

The second reason is battery life. This thing lasts and lasts and lasts. For example, I can easily make it through a full day with plenty of charge to spare. As in something north of 65% of a charge. That’s something that I was never able to do with any other iPhone that I’ve owned. On top of that, when I use apps like Runtastic Pro to measure my efforts while cross country skiing, the battery hit after a two hour workout still leaves me with a 70% charge. Of course the fact that this is a bigger phone allowed Apple to shove a bigger battery into it, which of course helps with that. But you have to imagine that there are some power saving tweaks that work into getting results like this as well.

Now over to the size of the phone. One of the main reasons why I have resisted getting a phone with a screen over 5″ is that I always thought it would be difficult to hold and use. Having used the iPhone 7 Plus for a week, I can say that I was mostly wrong. It is easy to hold and use for the most part. And the fact that Apple has a gesture called Reachability that slides the entire user interface downwards so that you can get to the top part of the screen one handed helps greatly. It also fits into loose fitting pants fine, but is snug in shirt pockets. I also had issues popping it into my cross country ski jacket which has pockets at the back that now just hold the phone without becoming uncomfortable. I should also mention that the phone is lighter than I anticipated which is welcome as I try to travel light whenever possible.

I can’t review this phone without touching on the one thing that caused the Internet to explode when it was announced. The removal of the headphone jack which apparently required courage on the part of Apple to do. Apple claims to have done this to facilitate IP67 water and dust resistance (in the case of water it means submersion in up to 1 metre of water for 30 minutes as opposed to being waterproof). And Apple would rather that you use wireless headsets like the AirPods or BeatsX which leverages their new W1 chipset which makes using headsets that support this chipset painless, or a set of Bluetooth headsets to extract more cash from your bank account. To be fair, Apple did include a Lightning to 3.5 mm adapter in the box which of course won’t help you if you want to listen to music and charge the phone at the same time without resorting to using a dongle like this one. This is likely to create two camps. One will go the wireless route and not complain. I however am in the other camp who won’t do that because I often take flights that last 14+ hours where I often listen to music while charging the phone. Most wireless headsets won’t last that long. Thus on my next flight I suspect I will be living the dongle life. Plus I will not replace my great sounding RHA’s that I own simply because Apple thinks I should.

Other things that changed include the lack of a physical home button that does Touch ID. Instead, you get a “button” with haptic feedback. Meaning a fake button click is generated to fool you into thinking that you pressed a real button. This is the expansion of the 3D Touch features that were introduced with the iPhone 6s series which I am using for the first time and I growing to like. You can customize the feel of it and once you get used to it, you don’t really notice it. But it is kind of weird for the first day or so. You also get dual speakers on this iPhone as well. They are loud, but there’s very little if any stereo separation. Likely because they are too close together which is understandable. They’re decent, but the lack a bit on the low end. Thus audiophiles will want to invest in quality external speakers and use the built in ones in a pinch.

Performance from the iPhone 7 Plus is pretty impressive. It has the new A10 Fusion core processor which has four cores. But it doesn’t use all four of them at once. Two of the cores are powerful and used for things like 3D gaming, multitasking and the like. The other two are low powered and are used for less demanding tasks. But it all comes together very nicely to make the iPhone 7 Plus the fastest iOS device I’ve ever used. Particularly with games. The fact that the iPhone 7 Plus also comes with 3GB of RAM which is 1GB more than the iPhone 7 comes with likely helps with that.

The biggest change is the camera. Both the iPhone 7 and the iPhone 7 Plus utilize the same rear facing 12-megapixel camera and front facing 7 megapixel camera. They can take 1080P and 4K video and Apple has jacked up the brightness on the flash too. Finally, both models include optical image stabilization (OIS). But things get more interesting with the iPhone 7 Plus as it has a second telephoto lens that serves two purposes:

  • 2x optical zoom function as opposed to doing “math” to simulate zooming in which can negatively affect the quality of the picture.
  • It allows for “Portrait Mode.” By capturing photos with both lenses simultaneously and analyzing data from the resulting images, the iPhone 7 Plus can create a blurred background effect similar to what you get when shooting portraits with a DSLR camera.

So, how well does this all work? To find out, I first went to Pearson Airport in Toronto to shoot some stills and video. First let’s look at some stills. Click to enlarge:

img_0026

img_0024

Now here’s a video shot in 4k resolution. One thing to note is that you can take stills at the same time you are shooting video. Set it to full screen and 4K to view:

Back to the stills. Here’s two more stills to demonstrate portrait mode. First one with portrait mode. Click to enlarge:

img_0040

And the same picture without portrait mode. Click to enlarge:

img_0039

The difference between the two is easy to spot if you look at the legs of the woman in the top center of the photo.

In the end, the iPhone 7 Plus is clearly the iPhone Apple wants in your hands and that goes beyond the fact that Apple makes more money on each one that they sell. It’s also because the iPhone 7 Plus is pretty much better than the iPhone 7 in every way possible. Camera, speed, screen, it’s all top shelf stuff. If you have to choose between the iPhone 7 and iPhone 7 Plus, go for the latter unless you find it too big for you in terms of size or price seeing as my particular iPhone 7 Plus is $1179 CDN. Trust me, you will not regret it. At least not until the next iPhone comes out.

Cellebrite Claims To Be Able To Get Data From iPhone 6 & Older Models

Posted in Commentary with tags on February 24, 2017 by itnerd

Israel based iPhone hacking firm Cellebrite is now making the claim that they can extract data from iPhone 6 and older models. This is interesting as it was thought that anything from the iPhone 5s or newer was difficult to hack. Here’s what CyberScoop had to say about this:

Cellebrite, the Israel-based firm that makes millions selling smartphone cracking tools to governments around the world, announced Wednesday that it can unlock and extract the full file system from locked iPhones including the 6 and 6+ with their Advanced Investigative Service (CAIS) product in which their customers send phones they urgently need unlocked.

Every version before the 6+ can also be unlocked by Cellebrite whose forensic researchers say they have successfully bypassed Apple’s security and encryption.

And:

Cellebrite’s ability to break into the iPhone 6 and 6+ comes in their latest line of product releases. The newest Cellebrite product, UFED 6.0, boasts dozens of new and improved features including the ability to extract data from 51 Samsung Android devices including the Galaxy S7 and Galaxy S7 Edge, the latest flagship models for Android’s most popular brand, as well as the new high-end Google Pixel Android devices.

“In the majority of devices, Cellebrite’s proprietary boot loader can bypass all security mechanisms, even if the device is locked, without jailbreaking, rooting or flashing the device,” according to the company. Newer devices, particularly iOS devices, present evolving challenges.

It’s interesting that they don’t have the iPhone 6s/6s Plus, 7 or 7 Plus on their list. I am guessing that those phones are different enough that these guys haven’t figured out how to break into them yet. Regardless, this is sure to put them into the crosshairs of Apple who I am sure is going to do their best to figure out exactly how Cellebrite is doing this and then develop countermeasures to stop them from being able to extract data from their shiny iDevices.

Let the arms race begin.

iPhone 7 Plus Catches Fire On Video…. Apple Is Investigating

Posted in Commentary with tags on February 24, 2017 by itnerd

A viral video is of a smoldering iPhone 7 Plus is making the rounds around the Internet. The video made by Brianna Olivas, shows the device burning to the point that the case is melting away and smoke is seen coming out the side of the phone. In a statement to Mashable, an Apple spokesperson said that the company has been in touch with Olivas and is investigating. “We are in touch with the customer and looking into it,”

Here’s the video in question via her Twitter feed:

Now, does this mean that there’s a problem with the iPhone 7 Plus? Likely no. Any device that uses a lithium based battery has a risk of exploding. And iPhones have caught fire every once in a while. The thing to watch for is if this becomes a trend. As in like Samsung’s Galaxy Note 7 debacle where phones were blowing up at a rate that has never been seen before or since.

Another thing to consider is the fact that maybe there’s another cause for this other than a design defect or something similar. Like using a third party charger as it has been found that these can be really dangerous. Or perhaps the phone was dropped which damaged the battery. I’m not trying to blame the victim here. I’m simply providing some perspective that we need all the facts at hand before coming to a conclusion. What will help with that is if Apple shares these facts in a complete and robust manner with the public once their investigation is complete.

Canadian Web Hosting Deploys Customer Intelligence Platform Cloudash In Beta With AI

Posted in Commentary with tags on February 24, 2017 by itnerd

Canadian Web Hosting announced yesterday the first beta release of their Customer Intelligence Platform Cloudash. This platform brings together their expanded Hosting as a Service (HaaS) platform with deep insights driven by artificial intelligence.

Cloudash is an entirely new way to interact with web hosting and cloud hosting services and is built on React using GraphQL. The platform incorporates Canadian Web Hosting’s web hosting services, including Shared Hosting, VPS, Containers, Cloud Computing and Cloud Storage that can be instantly provisioned with a free registered account. React is the same development platform used by leading applications HipChat, Facebook Chat and many others. It delivers proven performance and flexibility for end-users.

This is Canadian Web Hosting’s first application built using GraphQL, an open-source data query language that delivers exceptional latency and bandwidth performance. GraphQL incorporates a new microservices architecture, removes the Rest API layer, thereby improving the time for new product updates and makes it easier than ever for customers to write GraphQL queries directly into their applications.

To support end-users, Canadian Web Hosting has added artificial intelligence capabilities to Cloudash, including deep integration of Watson and AI driven communication platforms to help customers receive actionable insights and easily understand their data.  Customers have the ability to receive real time insights, regular daily and weekly summaries and ongoing resource audits that help customers understand their usage and how to decrease their overall infrastructure and cloud hosting spend.

Canadian Web Hosting’s new major release for Cloudash is scheduled for June that will offer additional capabilities around public cloud computing, OpenStack, object storage and so much more.  To learn more about Canadian Web Hosting or Cloudash, contact Canadian Web Hosting today at 1-888-821-7888 or by emailing sales@canadianwebhosting.com.

Cloudflare Security Breach Exposes Data From 3400 Websites Including, Fitbit & Uber

Posted in Commentary with tags on February 24, 2017 by itnerd

User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in the Cloudflare content delivery network. The goal of a content delivery network is to serve content to end-users with high availability and high performance.But instead, this one leaked data and the leaks were spotted by Google security researcher Tavis Ormandy who has a habit of spotting this sort of thing. A Cloudflare blog post acknowledges that the issue was serious, but says there is no evidence of it having been exploited:

The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.

But Cloudflare’s response was quickly smacked down by Ormandy:

[The company’s blog post] contains an excellent postmortem, but severely downplays the risk to customers.

An unofficial list of sites that may be affected has been posted to Github and it includes sites like Fitbit and Uber, but note that this includes all domains that use Cloudflare DNS. That means that this is a much larger number than use the affected services. In the meantime Google, Bing, Yahoo and other search engines have been working on clearing cached data from the breach before anyone went public. But that doesn’t mean that nothing leaked out as this issue likely existed for months before being patched.