Posted in Commentary with tags Adobe on February 17, 2017 by itnerd
If you are still running Adobe Flash for whatever reason, you need to upgrade it now. As in right now. The version that you need to be running 24.0.0.221 as it “address critical vulnerabilities that could potentially allow an attacker to take control of the affected system”. These holes are on Mac, Windows and Linux.
So, if I were you I would run to the Adobe Flash Player Download Center and update away. Or better yet, dump Flash and make your system a whole lot more secure.
Posted in Commentary with tags Fido on February 17, 2017 by itnerd
Cell phone bills are far too expensive in Canada. Thus in the interest in helping to get the most for your hard earned money, I am going to point Fido users towards this Red Flag Deals post where you can score the following for $50 a month:
5GB of data
Mini Voicemail
Call Display
Unlimited text, picture and video messages from Canada to Canadian, US and International wireless numbers
Canada-wide long distance calls
Circle Calling
Call Waiting
A couple of notes. One, you have to bring your own device or you have to be out of contract. The second thing to note is that you will likely have to mention that you have seen something similar from Freedom Mobile. I am guessing that they are causing Fido some grief. I just assisted someone in making this switch via their chat service and the process was largely quick and painless. If you want to take advantage of this, you should hurry as the deal expires on February 22nd.
Posted in Commentary with tags Apple on February 17, 2017 by itnerd
Mac users need to read this and take precautions. Bitdefender has shared on a new form of malware that targets macOS devices. Apparently it can monitor everything that happens on the infected machine. It can log keys strokes, harvest passwords, see running lists of active processes, index files, take screenshots, and even copy iPhone backups. The malware isn’t entirely new however. It is apparently based on the X Agent malware that targets iPhones and Android phones. For that reason, Bitdefender believes it was created by APT28, also known as Fancy Bear, the same Russian government-affiliated group behind the 2016 election hacking and leaks. That shouldn’t make you sleep well tonight if you are a Mac user.
So… how do you protect yourself. Here’s my suggestions:
macOS machines should be prevented from downloading and executing programs that don’t come from the App Store or another approved source.
The malware is usually distributed through “Spear Phishing” attacks. That is a social engineering attack targeted at a specific individual. This article from CSO can help you mitigate these kinds of attacks.
Make sure you run some sort of anti-virus on your Mac. These days, it’s not optional. It’s a requirement.
Posted in Commentary with tags Yahoo on February 17, 2017 by itnerd
It is clear that Yahoo can’t keep its infrastructure secure as the company has had to admit that they’ve been hacked once again. The Hacker News has details on the hack which apparently doesn’t require require your password for hackers to pwn you. What’s even worse, the report says that “state sponsored attackers” are behind this. Affected users are being notified by Yahoo and there is no clear indication of how many users have been pwned.
Thus it’s no shock that Verizon who still wants to buy Yahoo despite all of this, wants a $250 million haircut to close the deal. Personally if I were Verizon, I’d scrap the deal entirely. There’s nothing of value here given that Yahoo is a complete disaster from everything that I see here.
In the meantime, I will be visiting a client who apparently can’t get into her Yahoo e-mail in the last few days. I am hoping that this is not related to this hack. But anything is possible. Update to come.
UPDATE: The customer was one of the people affected by this. She had Yahoo force a password change which locked her account until she made the change. I helped her do that on her computer and iPad and now she’s back in business.
Posted in Commentary with tags Samsung on February 17, 2017 by itnerd
I mentioned that this was likely to happen a month ago and now it has. Samsung Electronics Vice Chairman Lee Jae-yong has been arrested an part of a influence-peddling scandal that reaches to the highest levels of the South Korean government. Reuters has the details:
The special prosecutor’s office accuses Lee of bribing a close friend of President Park Geun-hye to gain government favors related to leadership succession at the conglomerate. It said on Friday it will indict him on charges including bribery, embezzlement, hiding assets overseas and perjury.
The 48-year-old Lee, scion of the country’s richest family, was taken into custody at the Seoul Detention Centre early on Friday after waiting there overnight for the decision. He was being held in a single cell with a TV and desk, a jail official said.
Lee is a suspect in an influence-peddling scandal that led parliament to impeach Park in December, a decision that if upheld by the Constitutional Court would make her the country’s first democratically elected leader forced from office.
Samsung and Lee have denied wrongdoing in the case.
The cops have 10 days to actually indict him or seek an extension. Thus this is a story that is likely to evolve over the next few days. But the optics for Samsung have to suck becuase now exploding phones are not their only problem.
Posted in Products with tags ZTE on February 16, 2017 by itnerd
ZTE has proven that they can make a phone for a low price that packs a lot of value. Their latest effort is the ZTE Grand X 4. Let me get to the price right off the bat. If you’re on Freedom Mobile, you can get it for $99 on a two year plan if the plan is $45 or more. What do you get for that price? A lot actually. Here’s the specs:
Android 6.0 Marshmallow
5.5-inch 1280×720 LCD
1.4 GHz quad-core processor
2 GB RAM
16 GB Storage
microSD slot
13MP rear camera
5MP front camera
USB-C
Bluetooth 4.2 LE
4G LTE
802.11b/g/n WiFi
Those aren’t lightweight specs.
The ZTE Grand X 4 is not a small phone. That said, the curved edges, textured back and a solid in-hand feel make the phone much easier to handle than you might expect. It’s also light. I used it all day to shoot pictures and video at the Canadian International Auto Show media day and I never found it to be bulky and heavy. It also feels solid and well constructed.
Some features stand out to me. First is the fingerprint scanner. A smartphone with a fingerprint scanner isn’t common at this price point. This this is a plus. The second is the screen. Okay, you will notice the pixels on it. But colors were vibrant and images seemed bright to me. I seriously doubt that anyone who sees it will complain. Fingerprints on the screen are a bit of a problem though.
Performance is pretty good. Apps open quickly and I never noticed any significant lag or real slow-downs during casual usage. I have no complaints on this front. But what’s missing is NFC which is understandable as you have to cut costs somewhere to hit this price point. For the record, another area that ZTE saved a few bucks on is WiFi. It only has 802.11b/g/n WiFi in an age where 802.11ac is common. The software is pretty much stock Android with some slight (yet helpful) additions. The most obvious difference will be on the notification area, which does look rather unique.
The camera on the Grand X 4 is pretty decent. I used it to shoot this 1080p video at the Canadian International Auto Show. Set it to 1080p and full screen to see what I mean:
Sound quality is a bit tinny. You’ll also note the fact that it constatly tried to autofocus. To be fair, you can turn that off if it bothers you which is a good thing. In terms of stills, they were decent. Here were a few examples:
There is some pixelation. However, these pictures are decent. Considering that this is a $99 phone, that’s to be expected.
Battery life was great. I started using it at 7:10 AM to tweet, take photos and videos almost non stop, and upload a video to YouTube and got to 3PM with 46% of the battery left. That’s pretty impressive as I was hammering the phone pretty hard. That means that battery life under normal usage will be in the two day range. Pretty impressive from a $99 phone.
The bottom line? If you want a phone at this price point, the ZTE Grand X 4 is hard to beat. Sure it’s not perfect, but this phone has a lot going for it. Enough that you should put it on your shopping list.
Posted in Commentary on February 16, 2017 by itnerd
For the third year in a row, I attended the Canadian International Auto Show media day. Now for those of you who think getting a behind the scenes look at the coolest cars and attending exclusives press conferences is fun…. Well it is.
It is also grueling. Very grueling
My day started at 5:15 AM to be at the Metro Toronto Convention Center at 7:10 AM. Fortunately, they feed us breakfast. The actual events start at 8AM and there were two highlights that I’d like to point out. One was a hyper car from Aston Martin:
From there, it was on the press conferences. Now most of the time, they reveal a car that you have seen elsewhere. But this year, we had something unique. Hyundai had a world premiere of their 2018 Accent. This is a rare for Canada. But sub compact cars are big business here and Hyundai dominates this market in Canada, so it made sense. I did a video of this unique event using the ZTE Grand X4 which made the trip with me:
I won’t go into everything else that I saw. But if you want to, check out my Twitter feed as I live tweeted the event. However, here’s what caught my eye:
This is just a fraction of what I saw today. If you’re into cars, and you’re in or around the Greater Toronto area, check out the Canadian International Autoshow. It runs from Feburary 17th until the 26th at the Metro Toronto Convention Center. Come early as there’s a lot to see and do here, and I’ve only scratched the surface in terms of what’s on offer for visitors to see.
Surveypal Inc. announces the launch of its secure, enterprise survey solution in Canada, designed for Canadian Government and Enterprise users. This solution is compliant with Canada’s Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA). Surveypal’s servers are physically located in Canada which guarantees that data collected with Surveypal by private and public sector commercial organizations meets the requirements of Canadian privacy laws in being stored safely within Canadian borders.
Under PIPEDA, sensitive or Personally Identifiable Information (PII) is explicitly protected by law. Surveypal set up servers in Canada with to address the data privacy issues that many Canadian organizations seek when running customer experience management (‘CEM’) surveys.
The server infrastructure is available to all Canadian Surveypal customers immediately.
Posted in Commentary with tags Citrix on February 14, 2017 by itnerd
There is no one-size-fits-all security solution to address the threat landscape today’s businesses face. Each organization has unique security obstacles and obligations. Billions of dollars have been invested into IT security solutions and increasing annual security budgets has been an imperative. In fact, 98% of business respondents reported they will spend over a million dollars in 2017, per a global study by Citrix and the Ponemon Institute. However, many of the systems and people in place are still not able to handle today’s threats.
Security threats increase as more devices crowd networks and as people have more freedom to work from anywhere, on any device. More devices, especially bring your own (BYO) devices are the new norm, and businesses need to put information security at the top of their priority list to ensure apps and data are secure no matter where they reside or are accessed. On top of this, businesses need skilled staff to plan how they will reduce risk and improve the security of their applications and data.
The global study by Citrix and the Ponemon Institute on IT security infrastructure found that less than half (48%) of survey respondents said their organization has security policies in place to ensure employees and third parties only have the appropriate access to sensitive business information. Not helping is that nearly 70% of business respondents said that some of their existing security solutions are outdated and inadequate.
Top security concerns confirmed in the study:
Poor security deployments: 70% said their organization had made investments in IT security technology that was not successfully deployed (e.g. shelfware).
Unapproved and rogue app deployments: 65% of respondents said their organization is not able to reduce the inherent risk of unapproved applications – increasing risk, including from shadow IT.
Unmanaged data at risk: 64% say their organization has no way to effectively reduce the inherent risk of unmanaged data (e.g. downloaded onto USB drives, shared with third parties, or files with no expiration date).
Talent pool is small: Only 40% said their organization is successfully hiring knowledgeable and experienced security practitioners.
While there’s no silver bullet to fixing security business challenges, survey respondents shared that they believe there are solutions to help better manage security challenges:
Creating a unified view: 53% percent believe a unified view of users across the enterprise.
Becoming proactive: 48% percent answered an ability to keep up with new or emerging attacks.
Respondents also shared that some specific improvements can be made to reduce their overall risk:
Technology improvements: 65% believe an improvement in technologies will improve their overall security posture and reduce risk.
Staffing investments: 72% say an improvement in staffing will improve their overall security posture and reduce risk.
To learn more about the Ponemon Institute survey findings, visit our landing page or read the blog from Citrix vice president and chief technology officer, Christian Reilly.
These findings are the second installment of the global study from Citrix and the Ponemon Institute. The first report reviewed how business complexity is hindering security postures and adding to the shadow IT trend.
UPDATE: If you’re interested in the Canadian-specific data, here’s some highlights:
General Facts:
Most IT professionals in Canada (73%) feel strongly that some of their security solutions were outdated and inadequate.
In fact, Canada is among the top four countries (including U.S., U.A.E. and the U.K.) to agree that their organizations’ existing security solutions are outdated and inadequate.
71% of IT and IT security practitioners say their organization needs a new IT security framework to improve its security posture and reduce risk.
52% of respondents state that their organization will increase budget for IT security in 2017 – equivalent to the global average.
More than any other country, Canadian IT practitioners think that machine learning is the most important technology to reduce security risk over the next two years (85%)
Employee Behaviour
While Canadian IT and IT security practitioners are concerned about their organizations ability to control employee devices and data, they conversely appear to disregard the importance of enforcing employee compliance with security policies.
Canada and Korea (40% respectively) are the least confident that their organization has the right policies and procedures in place to protect data and their infrastructure.
Yet, Canada is the country least concerned (51%) about the inability to enforce employees’ compliance with policies.
67% of Canadian respondents (compared to the global average of 63%) perceive employee use of personally-owned mobile devices in the workplace (BYOD) as a disruptive technology and risk to IT security infrastructure.
Canada is among the top two countries most concerned about the inability to control employees’ devices and apps (81% for Canada, 82% for Mexico).
90% of Canadian respondents believe that employees’ use of social media in the workplace has a negative impact on security. This is 15% higher than the global average.
All Data is Canadian Unless Otherwise Stated
At 12%, Canada had the most respondents state that they were unsure whether their company has a mobile strategy for Bring Your Own Device (BYOD).
89% of Canadian respondents say that the inability to hire and retain expert staff is a factor that decreases their organization’s overall security and increases risk.
More than any other country, Canadian respondents (86%) say that an improvement in staffing would most improve their organization’s overall security posture and reduce risk. Globally on average, only 72% would agree.
Canadian IT practitioners (74%) are only second to Japan (79%) in their concern that having more millennials in the workplace poses a significant risk to security.
#PSA: Update Adobe Flash NOW To Mitigate Security Flaws
Posted in Commentary with tags Adobe on February 17, 2017 by itnerdIf you are still running Adobe Flash for whatever reason, you need to upgrade it now. As in right now. The version that you need to be running 24.0.0.221 as it “address critical vulnerabilities that could potentially allow an attacker to take control of the affected system”. These holes are on Mac, Windows and Linux.
So, if I were you I would run to the Adobe Flash Player Download Center and update away. Or better yet, dump Flash and make your system a whole lot more secure.
1 Comment »