Facebook Tried To Buy An NSO Group Tool To Spy On Their Users….. Perhaps A New Reason To #DeleteFacebook

Posted in Commentary with tags on April 3, 2020 by itnerd

You might recall that Facebook is currently suing the shadowy NSO Group who is known for selling top shelf spyware that often exploits zero day vectors to nation states with questionable human rights records. A real bombshell dropped today via a Vice story which says this:

According to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use certain capabilities of Pegasus. 

At the time, Facebook was in the early stages of deploying a VPN product called Onavo Protect, which, unbeknownst to some users, analyzed the web traffic of users who downloaded it to see what other apps they were using. According to the court documents, it seems the Facebook representatives were not interested in buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo.

“The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices,” the court filing reads. “The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users.”

Facebook proposed to pay NSO a monthly fee for each Onavo Protect user, the filing adds.

The Onavo Protect VPN was eventually dropped by Facebook, but not before they got slapped by Apple because of how shady it was.

Here’s where things get weird. Vice reached out to Facebook for comment. And this is what Facebook said:

In a statement, Facebook suggested NSO is misrepresenting these conversations between NSO and Facebook employees.

“NSO is trying to distract from the facts Facebook and WhatsApp filed in court over six months ago. Their attempt to avoid responsibility includes inaccurate representations about both their spyware and a discussion with people who work at Facebook. Our lawsuit describes how NSO is responsible for attacking over 100 human rights activists and journalists around the world. NSO CEO Shalev Hulio has admitted his company can attack devices without a user knowing and he can see who has been targeted with Pegasus. We look forward to proving our case against NSO in court and seeking accountability for their actions,” the statement from a Facebook spokesperson read.

You’ll note that Facebook is not denying that conversations took place. Which is interesting. I would love to find out in court what the subject of those conversations were. The cynical side of me says that Facebook was looking for new ways to spy on users. But I would like to see if Facebook admits this under oath, or if facts come out that support what NSO Group is saying. And to be clear, NSO Group are not boy scouts. Which is why this needs to come out in court. Hopefully sooner rather than later.

A Concise Guide To Securing Your Zoom Meetings

Posted in Commentary with tags on April 3, 2020 by itnerd

I’ve received a few emails over the last 48 hours asking for a concise guide on how to secure their Zoom sessions seeing as Zoom’s app security is dodgy at best. Though to be fair to Zoom, they are trying to address this. So here are my top tips to secure your Zoom meetings:

  1. Keep your Zoom apps up to date: With so many security researchers looking at Zoom right now, new issues are being discovered at an almost daily rate. And to Zoom’s credit, they are fixing these issues quickly. Thus you want to make sure that as those updates are applied as quickly as possible. I recommend checking for updates on a daily basis inside the Zoom app, or via the App Store or the Google Play Store.
  2. Password protect your meetings: “Zoom Bombings”, or uninvited people crashing your meeting, can only happen if your meeting isn’t password protected. Thus you should enable passwords on your meetings ASAP. The options “Require a password when scheduling new meetings”; and “Require a password for instant meetings” should be set. At the same time, disable the option “Embed password in meeting link for one-click join” and enable “Require password for participants joining by phone.”
  3. Do not share your meetings on social media: Another way that “Zoom Bombings” happen is that the meeting details are freely available online. Which means that miscreants simply have to get the details, dial in, and do their worst. So you can take this off the table by simply not posting your meetings in public.
  4. Enable waiting rooms: Zoom has a waiting room function that allows a host to see meeting attendees arrive, and it allows you to admit them one by one. That way miscreants can’t get into your meetings. This document that Zoom has on the topic can help you to enable this feature.

Now one thing that I should point out is that this is a very fluid situation. So I will say that if additional threats pop up, which they likely will based on what this has gone on this week, and mitigations exist, I will publish them. Related to that, if you have any tips that can help Zoom users, please pass them along.

Sonos Illustrates How Music Can Help Us During This Difficult Time

Posted in Commentary with tags on April 3, 2020 by itnerd

As many people are adjusting to their homes taking on new meaning – place of work, the classroom, the gym, the cinema, the concert venue, and more – here are a few ways Sonos can help by making it easy to stream great sound for anything. 

Home office help

Music can help increase productivity and boost your mood during the work day. In a study we compiled last year (more insights below), 67% of people said listening to music helps them get more done than drinking a cup of coffee. Try a pair of Sonos Ones or One SLs in your home office, or if you find yourself working everywhere from the patio to the kitchen, Move is the most versatile option to bring the music seamlessly from room to room.

Stream it all in brilliant sound 

Whether the latest Netflix binge, a workout on Hulu, a cooking class on YouTube, or a live concert on Instagram – you can listen to it all on Sonos. Meanwhile, your favorite albums, podcasts, and audiobooks are a great way to break up the screen-time. Beam is the best option for people who want great TV sound with Alexa, Google Assistant, and Airplay 2 built in. Sonos also has home theater sets for those looking for 5.1 surround sound. 

Escape with music

As a company, Sonos is obsessed with music and audio. It drives everything they do and is getting all of us through this time. In their research last year, we also learned 80% of parents said they hope their kids like their favorite music, and 65% of people listen to music their parents introduced them to.

With help from Sonos colleagues, they are adding new playlists including one for parents and kids. Here are three of the latest on Spotify (also available on other platforms).  

Finally, along with fast and free shipping, Sonos has extended our return policy to 100 days (money back guarantee) and there are some offers for the next few weeks on Sonos.com for OneOne SLBeam and speaker sets.

Brilliant Sound Survey Insights (global)
Music has a transformative power to increase productivity and reduce stress.

  • 67% of people say listening to music helps them get more done than drinking coffee.
  • 74% of people say listening to music helps reduce stress.
  • 76% of people say that listening to music helps them produce their best work. 
  • 42% of people say podcasts had a relaxing effect on their mood. 
  • 75% of people say music has made them laugh or cry unexpectedly.

Listening Motivates Us Toward Health Goals

  • 68% of people say that music helps motivate them to workout when they’re tempted to skip it. 
  • Majority of listeners say that music helps encourage them to workout longer (52%), push themselves further (55%) and exercise with greater intensity (51%)
  • 75% of people say that music has a bigger impact on their workout regimen than any supplement does.

ASUS ROG Announces New Gaming Laptop Lineup

Posted in Commentary with tags on April 2, 2020 by itnerd

ASUS Republic of Gamers (ROG) today announced the top-to-bottom refresh of its gaming laptops with new 10th Generation Intel® CoreTM processors. Striking new chassis designs and thoughtful quality-of-life additions raise the bar for gamers and content creators, while the latest Intel CPUs, NVIDIA® GeForce® RTX SUPERTM graphics, and custom Intelligent Cooling solutions set a new performance standard.

The ROG Spring 2020 collection is headlined by the Zephyrus Duo 15 and its unique secondary ROG ScreenPad Plus touchscreen, along with refreshed Zephyrus S, M, and G models that are more portable and powerful than ever. For those seeking esports glory, ROG Strix SCAR laptops are built for top-flight competition with up to RTX 2080 SUPER GPUs and 300 Hz panels, while the bold colors of the ROG Strix G15 Electro Punk laptop and its bundle of matching accessories open new possibilities for personal expression.

The very latest components are on full show, from the liquid metal thermal compound rolling out across ROG’s entire 10th Gen Intel lineup, to high-speed DDR4 RAM and blazingly fast displays.

ROG Zephyrus Duo 15

The new ROG Zephyrus Duo 15 integrates the innovative ROG ScreenPad Plus, a secondary touchscreen for innovative multitasking that brings gaming, streaming, working, and chatting together in one portable device. The 14.1-inch 4K (3840 x 1100) IPS ROG ScreenPad Plus sits above the Duo 15’s forward-set keyboard and below its main panel, making for easy second-monitor style interaction or a dramatic continuation of the primary screen.

As the lid opens, a hinge tilts the secondary display up at a 13-degree angle for viewing comfort while exposing a massive 28.5 mm air intake that draws in cool air from above the laptop. This Active Aerodynamic System (AAS) arrangement means that the Zephyrus Duo can house powerful components in a slender chassis, including Intel’s 10th Gen Core i9 CPU and NVIDIA’s trailblazing RTX 2080 SUPER GPU.

The Zephyrus Duo ships with two high-end display options: a lightning-fast 300 Hz FHD display or a 4K UHD display with 100% Adobe RGB coverage for people who split their time between AAA gaming and content production. NVIDIA G-SYNC® technology keeps gaming visuals smooth and tear-free, while ROG GPU Switch technology enables swapping between G-SYNC and NVIDIA’s battery-saving Optimus mode.

With its one-of-a-kind secondary display, premium components, and sleek design, Zephyrus Duo 15 takes over as the flagship ROG Zephyrus laptop. From its thin all-metal chassis to its powerful ThunderboltTM 3 port, from its RAID 0 storage array to its top-of-the-line displays, this laptop embodies ROG’s ruthless drive for excellence.

ROG Zephyrus S17

The new Zephyrus S17 offers an expansive 17.3- inch display with super-narrow bezels in a svelte 18.7- millimeter-thin chassis. With a 300 Hz refresh rate and 3 ms grey-to-grey response time, the screen is a speed demon that can be paired with up to a RTX 2080 SUPER GPU and 10th Gen Intel Core i7 CPU. It shares GPU Switch benefits with the Zephyrus Duo 15 and S15 models, as well as PANTONE® Validated color accuracy making it ideal for creative work and gaming alike.

Zephyrus S17’s chassis gave ROG engineers room to include a few premium extras, including a full desktop-style keyboard with per-key RGB LED backlighting, NumberPad — a combination touchpad and numeric keypad — and an integrated volume roller complete with backlight brightness. System thermals benefit from a unique AAS cooling solution that opens a large intake vent beneath the system when the lid is raised.

Zephyrus S17 proves that big doesn’t have to mean bulky. In a lean, portable chassis, the laptop exploits the expansive screen space while providing a premium ROG experience.

ROG Zephyrus S15

The new Zephyrus S15 was tailor-made to provide serious gamers the specs they need in a package that won’t weigh them down. The compact, 18.9-millimeter-thin chassis includes top-end S17-level components, with configurations maxing out at a RTX 2080 SUPER GPU paired with a 300 Hz / 3 ms display. The combination of G-SYNC technology, ROG’s pre-applied CPU-cooling liquid metal, and an ultrahigh refresh rate makes for silky-smooth visuals even in the midst of frenetic action.

Honeycomb reinforcements under the palm rest keep the S15 sturdy and resistant to flex, with soft- touch paint adding a smooth, fingerprint-resistant finish. Inside, dual M.2 SSDs can be configured in a blazingly fast RAID 0 array. GPU Switch technology makes an appearance here as well, allowing users to toggle between G-SYNC mode for smooth gaming and Optimus mode for extended battery life.

With its slim chassis, Thunderbolt 3 connectivity, and comfortable 15-inch size, Zephyrus S15 makes the dream of ultraportable gaming a reality. It’s the ultimate Zephyrus laptop for the traveling gamer.

ROG Zephyrus M15

The attractively priced ROG Zephyrus M15 offers a range of configurations that make it an easy choice for a wide audience, beginning with the eight cores and 16 threads of a 10th Gen Intel Core i7 processor. Display options including 240 Hz and 144 Hz FHD panels and a 4K UHD panel let users pick the screen that best fits their needs, while GPU options range from the affordable yet capable GeForce GTX 1660 Ti up to the RTX 2070 GPU.

The Zephyrus M15’s slim, professional chassis is made of structurally reinforced magnesium alloy and finished with a classy, soft-touch skin. An ESS Sabre DAC drives a clear, powerful audio signal, and with two easily accessible M.2 slots, it packs the storage capacity to fit creative work alongside a loaded gaming library. The Zephyrus M15 offers a complete connectivity payload, including Thunderbolt 3, dual display outputs, and enough USB ports to connect a mouse, gamepad, and external storage.

ROG Strix SCAR 15/17

From the aluminum skin on the lid to the raised ridges that accent the ventilated 3D flow zone at the rear, ROG Strix laptops are unabashed gaming machines that shine in the spotlight of esports arenas.

ROG Strix SCAR 17 delivers unbridled gaming power built around a 300 Hz IPS-level panel. Thanks to its dizzyingly high refresh rate, this panel displays fast-paced action with unprecedented clarity, allowing gamers to react to on-screen events faster than they realized was possible. With an Intel processor up to the latest eight-core Core i9-10980-HK, up to 32 GB of 3200 MHz DDR4 RAM, and up to the e RTX 2080 SUPER GPU, the Strix SCAR 17 is prepped for peerless performance.

Those who prefer their competition-dominating hardware to be a bit more portable need look no further than ROG Strix SCAR 15. Its 15.6-inch display offers the same tournament-grade 300 Hz refresh rate with undeniable Strix SCAR look. It is powered by an Intel CPU up to a 10th Gen Core i9-10980-HK and up to the RTX 2070 SUPER GPU.

The SCAR series also boldly proclaims its gaming chops with customizable RGB LED lighting effects, including a wraparound light bar, keyboard backlighting, and illuminated RGB logo on the laptop’s lid, as well as the stand-out ROG Keystone II, an NFC-enabled device that docks into the side of the chassis. It can be customized to launch any game or app when inserted, provide access to a secret, encrypted Shadow Drive (exclusive to Windows 10 Pro), and trigger a stealth mode that mutes audio and minimizes all apps when removed.

ROG Strix G15/17

ROG Strix G15 and G17 are powered by 10th Gen Intel processors up to a Core i7. GPU options run up to the RTX 2070 SUPER GPU and drive high-refresh-rate displays built for today’s most popular esports titles. Strix G17 and Strix G15 have 144 Hz displays as standard, but both are also available with an even faster 240 Hz panel. personal style. In addition, Strix G laptops ship in three different color schemes to emphasize personal style.

Both models will be available in sophisticated Glacier Blue and Original Black. The Strix G15 Electro Punk is the real showstopper of the bunch. The contrast between its dark brushed metal and sizzling pink highlights is so striking that ROG gave it a complementary cast of gaming peripherals.

Each Electro Punk Strix G15 will include a 35 x 17-inch Electro Punk mouse pad large enough to cushion a full complement of gear. Certain regions will feature bundles of coordinating peripherals that includes the laptop and pad plus a ROG Strix Go Core Electro Punk Headset, ROG Impact II gaming mouse, and a ROG Ranger backpack, all of which sport the head-turning Electro Punk color scheme. It’s the complete PC gaming experience in one package.

AVAILABILITY & PRICING

The ASUS ROG Spring 2020 collection of gaming laptops and peripherals will be available in North America starting from Q2/Q3 2020. Please contact your local ASUS representative for further information.

Over 35,500 Coronavirus-Related Websites Exist Says Atlas VPN

Posted in Commentary with tags on April 2, 2020 by itnerd

According to Atlas VPN research, cumulatively, scammers created over 35,500 unique websites related to COVID-19 in the last month. Here, they tried to swindle money via phishing scams or selling masks, hand-sanitizers, or even virus testing kits.

The report also shows that at least 2,000 websites related to COVID-19 are created daily, with half of them being scam. Amazon and Shopify are taking matters into their own hands, by removing misleading listings or shutting down suspicious e-shop sites. 

Meanwhile, Interpol announced receiving reports of losses as high as $100,000 per case. During March, the agency blocked 18 bank accounts and froze over $730,000 in fraudulent transactions.

Authorities in the UK also report significant cash losses of its citizens. Police identified 106 cases of fraud where Coronavirus was mentioned, with victim losses totaling over $1.2 million.

To read the full report, head over to: https://atlasvpn.com/blog/over-35500-coronavirus-related-websites-reported-as-scam/

 

Zoom Responds Quickly To Contain The Fallout From Their Security Issues

Posted in Commentary with tags on April 2, 2020 by itnerd

Yesterday, I wrote a story about Zoom’s security issues and what they needed to do to fix them. In the last few hours a lot have happened. For starters, a memo from Elon Musk of Tesla and Space-X was leaked to Reuters. The memo stated that Zoom was banned due to security and privacy issues. Related to that Zoom posted a blog post from its CEO. In it he says this:

For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.

At least he recognizes that he has a problem. This is what he has done to fix things:

We have also worked hard to actively and quickly address specific issues and questions that have been raised.

  • On March 20th, we published a blog post to help users address incidents of harassment (or so-called “Zoombombing”) on our platform by clarifying the protective features that can help prevent this, such as waiting rooms, passwords, muting controls, and limiting screen sharing. (We’ve also changed the name and content of that blog post, which originally referred to uninvited participants as “party crashers.” Given the more serious and hateful types of attacks that have since emerged, that terminology clearly doesn’t suffice. We absolutely condemn these types of attacks and deeply feel for anyone whose meeting has been interrupted in this way.)  
  • On March 27th, we took action to remove the Facebook SDK in our iOS client and have reconfigured it to prevent it from collecting unnecessary device information from our users. 
  • On March 29th, we updated our privacy policy to be more clear and transparent around what data we collect and how it is used – explicitly clarifying that we do not sell our users’ data, we have never sold user data in the past, and have no intention of selling users’ data going forward.
  • For education users we:
  • On April 1, we:
    • Published a blog to clarify the facts around encryption on our platform – acknowledging and apologizing for the confusion.
    • Removed the attendee attention tracker feature.
    • Released fixes for both Mac-related issues raised by Patrick Wardle.
    • Released a fix for the UNC link issue.
    • Removed the LinkedIn Sales Navigator after identifying unnecessary data disclosure by the feature.

He then outlines these steps to fix this situation going forward:

  • Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.
  • Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
  • Preparing a transparency report that details information related to requests for data, records, or content.
  • Enhancing our current bug bounty program.
  • Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
  • Engaging a series of simultaneous white box penetration tests to further identify and address issues.
  • Starting next week, I will host a weekly webinar on Wednesdays at 10am PT to provide privacy and security updates to our community.

These are very good steps and fit within the things that I suggested in the story that I wrote yesterday. But if you’re a Zoom user, you need concrete things that you can do right now to ensure your security. Here is what I would suggest:

  • Update your macOS and Windows clients now. As in RIGHT NOW. The macOS client (Version 4.6.9 (19273.0402)) can be found here, and the Windows client (Version 4.6.9  (19253.0401)) can be found here. Now I tested both versions and I can confirm that the issues that I raised yesterday are fixed.
  • Enable the waiting room functionality. This document that Zoom has on the topic can help you with that.

I have to applaud Zoom on taking action quickly and transparently. And you can bet that lots of people will be watching to make sure that they follow through on their promises. Because it’s a safe bet that if they don’t I among many others will not hesitate to call them on it.

Darktrace Announces Virtual Deployment Of Cybersecurity Products

Posted in Commentary with tags on April 2, 2020 by itnerd

Darktrace has announced that its world-leading cyber security products are now available virtually.

With many organizations now adopting new remote working practices, Darktrace has made its award-winning suite of cyber AI solutions available for virtual deployment. Organizations around the world can now quickly benefit from Darktrace’s proven technology without any hardware, and without employees having to leave their homes, helping them protect critical enterprise systems from cyber-threats.

In addition, Darktrace is also offering to virtually deploy its world-class AI software to new customers free of charge for a trial period, enabling enterprises to experience the value of the cyber defense technology within their own digital environments, including cloud and SaaS services, email systems and traditional corporate networks.

Remote workers are now being offered the ability to trial Darktrace Cyber AI in a ‘virtual proof of value’ of the following core solution areas:

  • Darktrace’s flagship Enterprise Immune System, which learns the ‘pattern of life’ of your devices and organization, and detects novel, emerging threats.
  • Darktrace Antigena, a world-first Autonomous Response technology, which autonomously interrupts cyber-attacks in real time. Available virtually for both Antigena Email and Antigena Network modules.