21 | February | 2017 | The IT Nerd

Archive for February 21, 2017

Alison launches new courses on R Programming

Posted in Commentary with tags Alison on February 21, 2017 by itnerd

Alison, one of the world’s largest free e-learning platforms, has launched two new courses on popular programming language R. Although R is sometimes seen as a simpler programming language than others, there is a steep learning curve to begin with as it uses a different syntax model to most common languages.

In the US, the average salary for an R programmer is paid between $76,000-100,000, and in the 2014 Dice Tech Salary Survey of over 17,000 technology professionals, the highest-paid IT skill was R programming.

The first course, Introduction to R for Data Science, is aimed at people who have a basic knowledge of data science that they want to expand on. It explains how R is used, and teaches the data structures and types found in R. The second course, R for Data Analysis, moves on to more sophisticated forms of data manipulation, with a strong focus on identifying underlying patterns and predicting trends in data-sets. Check it out today.

Breaking: DHS Employees Locked Out Of Their Networks

Posted in Commentary with tags Homeland Security on February 21, 2017 by itnerd

It’s not clear what’s going on, but news is filtering out that employees of the Department Of Homeland Security are locked out of some of the agency’s networks because their Personal Identity Verification cards are apparently not working:

Employees began experiencing problems logging into networks at 5 a.m. ET on Tuesday due to a problem related to the personal identify verification (PIV) cards used by federal workers and contractors to access certain information systems, one source said. At least four DHS buildings were affected, the source said, including locations used by U.S. Citizenship and Immigration Services.

Another source said the cards did not appear to be responsible. DHS did not immediately respond to requests for comment.

This could be a widespread technical issue, or something more sinister.It isn’t clear which at this point. But this is a story worth watching. As I get more info, I’ll post it here.

UPDATE: The Reuters story that I quoted has been updated with this:

In a statement, a DHS official confirmed a network outage that temporarily affected four U.S. Citizenship and Immigration Services (USCIS) facilities in the Washington area due to an “expired DHS certificate.”

Reuters first reported the incident earlier Tuesday, which a source familiar with the matter said also affected a USCIS facility in Philadelphia.

And this:

The source characterized the issue as one stemming from relatively benign information technology missteps and a failure to ensure network redundancy. There was no evidence of foul play, the source said, adding that it appeared the domain controller credentials had expired on Monday when offices were closed for the federal Presidents Day holiday.

“We are working to track all device certificate issuance and expirations to ensure future lapses of service do not occur,” the DHS official said in the statement.

Loblaw Resets The Passwords Of ALL PC Points Users For Security Reasons

Posted in Commentary with tags Hacked on February 21, 2017 by itnerd

It seems that the hack of the Loblaw PC Points rewards program isn’t going away as every member of the rewards program have gotten e-mails over the weekend that Loblaw has reset their passwords. Meaning that even if they reset their passwords when the hack became public, they’ll have to do it again. Plus the PC Points website has this message communicating the same thing:

capture

This is an indication that the company feels that passwords are the issue and likely continue to be an issue. As a result, they’ve taken this step to try and make the problem go away. Though you have to wonder if after making their users do this, will it address the issue or will this problem simply resurface.

I’ll be keeping an eye out to see what happens.

1 Comment »

Verizon/Yahoo Deal To Take $350 Million Haircut

Posted in Commentary with tags Yahoo on February 21, 2017 by itnerd

The news is out this morning that Verizon’s purchase of horribly insecure Yahoo is going ahead. But with a $350 million discount due to the latter’s inability to not get pwned by hackers:

Under the amended deal, Yahoo will be responsible for 50 per cent of any cash liabilities incurred following the closing related to government investigations and lawsuits related to the breaches. Liabilities arising from shareholder lawsuits and SEC investigations will continue to be the responsibility of Yahoo.

“The amended terms of the agreement provide a fair and favourable outcome for shareholders,” said Marni Walden, Verizon executive vice-president and president of product innovation and new businesses. “It provides protections for both sides and delivers a clear path to close the transaction in the second quarter.”

The security breaches raised concerns that people might decrease their usage of Yahoo e-mail and other digital services that Verizon is buying. A smaller audience makes Yahoo’s services less valuable because it reduces the opportunities to show ads – the main reason that Verizon struck the deal seven months ago.

You have to wonder why Verizon would even bother with this seeing as these breaches, one of which was as recent as last week, keep happening. There must really be something that Yahoo has that Verizon really wants as I would have pulled the plug on this mess ages ago. But Verizon doesn’t see things that way. And that’s why we’re here. It will be interesting to see if anything else happens that encourages Verizon to finally walk away from the deal.

BlackBerry Priv, Android Auto, And Other Oddities Of Life

Posted in Commentary with tags BlackBerry on February 21, 2017 by itnerd

Recently, I started to converse with an individual who had the BlackBerry Priv which refused to play nice with his recently purchased Hyundai Santa Fe Sport. Now, my first thought was that seeing as the BlackBerry Priv is a Android device, it should work. But in his case, when you plugged it into the car via the USB port, the infotainment system said “not media compatible” which meant that the infotainment system is unable to talk to the device to figure out what it is. Now, he had done a lot of the troubleshooting for me, including running the update from Hyundai Canada that gives some owners of 2017 Hyundai Canada vehicles Apple CarPlay. But he wasn’t further ahead. Intrigued by this, I made a trip up to Newmarket Ontario to see this first hand.

The first thing that I noticed is that the BlackBerry Priv when plugged into the car wasn’t visible to the Android Auto instance that was installed on the car. That said to me that this wasn’t an Android Auto problem. The second thing that I noticed is that the car couldn’t see any of the media on the device. I reasoned that this was due to the BlackBerry Priv not being able to switch into MTP or Media Transfer Protocol mode properly which is what is required for the phone and the infotainment system to talk to each other. That was further confirmed when I observed that when the phone was plugged in, a notification would display that it was in charging mode. When I tapped the notification, it gave me the option to switch to MTP. But when I did that, I observed it trying to do so and failing. Then the infotainment system would give the “not media compatible” error message. However, there was one occasion where upon connecting it, it did work and Android Auto popped up fine. But I was unable to replicate that success again.

What I believed was going on was that BlackBerry had altered the behavior of how Android interacts with the USB ports in the interest securing the device from being hacked via the USB port, and that was affecting the ability to connect to Android Auto. How to overcome that I honestly had no idea. But based on what I observed, the owner of the phone was able to come up with a way around this issue. He put the phone into developer mode and enable USB debugging mode. By doing that, Android Auto now works. Likely because he’s bypassing the security that BlackBerry puts on the device.

Here’s why what he did is a #fail:

The fact that developer mode even exists on a phone that is supposed to be secure is a #fail because he was able to bypass some of the security that the BlackBerry Priv offers via instructions found easily using Google. If you can do that, how truly secure can the phone be?
It’s pretty clear that BlackBerry didn’t test the Priv out with Android Auto before shipping it. That seems to be backed up by people who own VW’s or Honda products among others who are having similar issues. What’s doubly strange is that a lot of infotainment systems in cars have the QNX operating system running on them, and BlackBerry owns QNX. You’d think that one BlackBerry product would talk to another BlackBerry product. But clearly that’s not the case.

But what’s really problematic about this whole situation is that this person could have been caught in the middle of two companies pointing fingers at each other had he pursued this on his own. In other words, Hyundai would blame BlackBerry, and vice versa with no real resolution to the issue. Not to pump my own tires here, but you have to wonder what might have happened to this person had I not got involved to provide some assistance.

I have an offer to the folks at BlackBerry. The person I worked with on this is a fan of your products. I am willing to put you in touch with him so that you can fix this issue for him and all your customers. Seeing as he’s within 90 minutes of your headquarters in Waterloo, this is a great opportunity to see this first hand. You’d really score some brownie points with him and I’d post a very positive follow up on that front. Just reach out to me and we can get the ball rolling. Seriously. While you’re at it, you may want to look at the fact that developer mode even exists on this device as that’s a bit of a problem from a security standpoint as illustrated here.

So how about it BlackBerry? Will you take me up on my offer?