Archive for March, 2017

« Older Entries
Newer Entries »

Samsung To Sell Refurb Note 7 Phones

Posted in Commentary with tags on March 27, 2017 by itnerd

If you wanted a Samsung Galaxy Note 7, despite the fact that they had this tendency to catch fire and explode, you might be in luck. Samsung today posted a document detailing how that’s going to happen. I’ll let you read the document as it is decently detailed. But it is clear that they’re doing this to try and recoup the billions that they lost because of this debacle.

So, would you buy one of these phones? Please leave a comment below and share your thoughts.

 

Leave a comment »

Review: Apple Watch Series 2

Posted in Products with tags on March 27, 2017 by itnerd

I’ve been skeptical about wearables for some time as I figured that they were some sort of fad. But seeing as everything from fitness trackers to more sophisticated devices are popping up on people’s wrists, it made me start to take a closer look at them in general. I soon zeroed in on the Apple Watch as I have an iPhone 7 Plus and the two are made to work together. So, a trip to the Apple Store and 45 minutes of consultation led to this:

IMG_0052

This is the Apple Watch Series 2 in space grey and with the sport band. You get two choices in size so that it fits your wrist perfectly. Mine is the 42mm model, but you can also get a smaller 38mm case as well. You can customize the color and the bands to get the look that you want. In my case, I wanted something plain and ordinary as I wanted it to fly under the radar a bit. It doesn’t feel heavy and I barely notice it on my wrist. It also looks classy regardless of whether I am in a suit or something more casual. One thing to note is the screen does NOT attract fingerprints which helps with the classy look, and is very bright and visible in all lighting conditions. It also has haptic feedback which is very well done. For example, when an alarm goes off it feels like an old school ringing alarm clock. Or if you are using maps and you’re going to make a turn, it mimics the clicking of a turn signal in a car. I found that very useful in the car as it was an extra cue to ensure that I stayed on course. The watch faces have some degree of customization and you can load some apps from your iPhone for use on your Apple Watch. More on that in a second.

Now if you do get an Apple Watch, the Series 2 is the one to get as it has these features that the original Apple Watch doesn’t have:

  • A water-resistant design that includes a “wet mode” which locks the display and disables touch functionality when activated. It also has functionality that uses sound to ensure that the watch is water free after a swim.
  • A GPS chip
  • A swim tracker
  • A much faster processor

All of this means that it should be able to be used without your iPhone to a limited degree. For example, if you want to go on a run and track your route. I should note that the watch does have WiFi (802.11 b/g/n) built in, but it is limited to WiFi networks that the iPhone knows about and aren’t highly secure such as ones that require certificate authentication. That adds to the limited independence that the Apple Watch Series 2 has. I say that, because most apps on the Apple Watch still need a connection to your iPhone to work.

The fitness aspects are one thing that really caught my attention. For example I now use the Activity app to ensure that I move around to burn calories, exercise for at least 30 minutes, and stand and move for at least 1 minute an hour over a 12 hour period. Realistically though, I only accomplish the first and third goals most of the time. The Breathe app is something else that I use daily. In short, it makes you spend a minute to focus on relaxing by guiding you through meditative breathing exercises using visual and haptic cues. It also tracks your heart rate while doing it as well. It’s a great way to give yourself permission to take a minute for yourself. Both of these features I have to admit are making me marginally more active. At least for now as I wonder if the novelty will wear off after a while. I’ve extended the fitness functions of the Apple Watch by using Runtastic Pro and Strava. When I tested the former when nordic skiing, I found the functionality to be flaky as I was able to start recording my ski on the watch, but the app on the watch either stopped or crashed. But the entire 8km route was recorded on my phone. The downside was that I lost heart rate information about 4km in when it presumably crashed. The results were better with Strava as I was able to start a bike ride record it with heart rate info on the watch, and then upload it to my iPhone with no issues. That was very impressive.

Apps on the Apple Watch are kind of hit and miss. The Starbucks app for example allows you to see your star balance and pay for coffee using your Apple Watch. The Domino’s pizza app doesn’t really do much other than allow you to track a pizza that you’ve ordered to see when it will be delivered. Skype does allow you to respond to instant messages and answer a call from your Apple Watch. The built in Messages app uses a combo of pre-canned responses along with the ability to allow you to scribble a response letter by letter, which for anything above two words is too much work in my humble opinion. Finally, the CBC News app for Apple Watch allows you to see top stories. But to read the details, you need to go to your iPhone. Ditto for the CNN and BBC News Apple Watch Apps. As you can see, the app situation largely depends on the apps that you use. However, The Apple Watch Series 2 also comes with Apple Pay which means that you don’t have to whip out your iPhone to pay for something. Though, I will warn you that every time you use your Apple Watch to pay for something, you’ll get a thousand questions as it will floor people that you can actually pay for stuff on your watch. Ditto for using something in Apple Wallet. There is Siri support on the Apple Watch, though you don’t get to hear her voice and you need to be in range of your iPhone to make it work. Oh yeah, answering the phone with the Apple Watch and using it to talk to people is going to make you look like Dick Tracy and attract some quizzical stares. Having said that, an unexpected benefit to having an Apple Watch is that when notifications appear (which are the same ones that show up on your iPhone), you can discreetly look at them on the watch rather than whip out your phone which attracts way more attention. Ditto for e-mails on your VIP list. That’s handy when you don’t want to attract too much attention, but still see if you need to respond to something.

Battery life is impressive. Daily usage left me with about 75% charge remaining at the end of the day. Meaning I could go at least three days between charges. If I did something athletic like running Strava or Runtastic Pro, I’d drop to about 60% to 65% of a charge remaining which is still impressive. To be honest, I was not expecting battery life to be this good.

So, what’s the downside to the Apple Watch? There are several. I’ve covered the app situation which limits how independent the watch can be. On top of that, only iPhone users need apply to get an Apple Watch. Seeing as even Android Wear devices have token support for the iPhone, the fact that the Apple Watch only works on iOS may be seen as a negative. The last downside is price. My Series 2 Apple Watch cost me $529 CDN which is not cheap. And like a luxury car, the price can escalate very quickly depending on what band you want or what color you want. If that price tag scares you, the original Apple Watch which is now called the Series 1 is still available at a much lower price point as you lose GPS and waterproofing among other items. So if you’re into sports, that’s likely not an option. But if you simply want a wearable, and it must be from Apple, you have a choice.

The bottom line is this. The Apple Watch Series 2 is the Apple Watch that you should get if you want a wearable that works well with your iPhone. But keep in mind that the Apple Watch is still evolving as a platform. Thus the value beyond impressing a few people is going to be one of those “your mileage may vary” things that may get better in the future, but not offer you what you might be looking for right now. For me, I’ve found a few fitness and lifestyle related items that makes it a worthy purchase for me. But I suspect that you’ll have to consider what your use case is before you put down your credit card for one.

15 Comments »

Class Action Lawsuit Over Windows 10 Updates Served Up

Posted in Commentary with tags on March 27, 2017 by itnerd

The Register is reporting on a class action lawsuit related to people being “forced” to update to Windows 10:

The complaint [PDF], filed in Chicago’s US District Court on Thursday, charges that Microsoft Windows 10 is a defective product and that its maker failed to provide adequate warning about the potential risks posed by Windows 10 installation – specifically system stability and data loss.

Microsoft “failed to exercise reasonable care in designing, formulating, and manufacturing the Windows 10 upgrade and placing it into the stream of commerce,” the complaint claims. “As a result of its failure to exercise reasonable care, [the company] distributed an operating system that was liable to cause loss of data or damage to hardware.”

The attorneys representing the trio are seeking to have the case certified as a class action that includes every person in the US who upgraded to Windows 10 from Windows 7 and suffered data loss or damage to software or hardware within 30 days of installation. They claim there are hundreds or thousands of affected individuals.

The complaint enumerates a number of alleged problems with the way the Windows 10 update presents itself to Windows users, noting that it “often installs itself without any action being taken by the consumer.”

While I question the “system stability and data loss” part as that seems a bit over the top, there were a ton of reports of people going to sleep with Windows 7 or 8.1 and waking up with Windows 10. Thus if this lawsuit does have legs, this might be a problem for the folks in Redmond. This might be worth keeping an eye on.

Leave a comment »

Pili Pop Français Released

Posted in Commentary with tags on March 25, 2017 by itnerd

PILI POP LABS, has announced the release of Pili Pop Français to celebrate the 2017 French Language Week. The new application, available on iOS and Android, helps children aged 5 to 10 to learn French while having fun. 

The Paris-based startup also announces the opening of its New York office to accelerate its international development which already represents more than 60% of the company’s turnover.

BASED ON AN INNOVATIVE AND RECOGNIZED METHOD

Created by language experts, the Pili Pop method has been described as «a remarkable educational initiative» by Apple and has already helped more than 700,000 children to learn a foreign language. The defining feature of the Pili Pop method is the focus on oral practice thanks to a unique speech recognition engine tailored for kids. Children get used to speak in a foreign language at home on a daily basis.

LEARNING FRENCH WHILE HAVING FUN

Pili Pop Français helps children recognize and learn everyday life words in French thanks to fun and motivating activities. No prior exposure to French is needed. In the app, they meet the Pilis, kind and curious aliens that travel across the world while learning languages.

New activities are available every month to motivate children to practice in the long term. Thanks to the Pili Report, parents can very easily follow their children’s progress in Pili Pop and help them in their learning.

Here’s a video of Pili Pop Français in action:

Leave a comment »

Guest Post: DocLogix Discusses Private Cloud Solutions

Posted in Commentary with tags on March 25, 2017 by itnerd

An increasing number of companies are adopting cloud technology and implementing it in their business management – not only in the IT sector. Considering the convenience, accessibility and increased efficiency, it’s becoming clear that future is set in the cloud. One of the newest cloud computing perks are business solutions and platforms, implemented right on the cloud. Depending on the size of organization, these solutions can be static or customizable.

However, not everyone is familiar with best solution for a small company, and what changes when a company grows and becomes midsized. Below are some common scenarios.

A small organization (up to 30 employees) can choose a ‘pre-packaged’ (pure) cloud solution (i.e project management, CRM, risk management, etc.), and start using it here and now, paying as they go. However, most existing cloud solutions only allow the functionality that comes with the chosen product, meaning it will not give any possibility of customization. For instance, the organization will not be able to order any additional functions, change the appearance or add any additional fields for extra information.

Big organizations (from 500 employees) have their own processes and need to implement complex solutions on their own servers, such as ERP (Enterprise Resource Planning) or ECM (Enterprise Content Management). Typically, these organizations dedicate separate physical space to host applications on their servers, which they keep on premises.

Midsized companies (50 – 200 employees) are the ones who fall into the “grey area.” They avoid constrained cloud solutions that small organizations might use because they primarily need to adjust the tools they utilize to fit their unique needs, adapting them to the changing processes of the organization. At the same time, midsized companies also tend to look away from complex solutions that they would need to implement on their own servers, because it is too costly. As a result, pre-packaged cloud solutions are too generic, while sophisticated solutions on premises are too costly for midsized companies.

Private cloud: solution for midsized companies?

DocLogix is a document and process management platform with 14 years experience. It shares advice on how to choose, implement and use a completely customized private cloud solution without any risk, which is perfect for midsized companies.

“We understand where the future lies, and we see it in the cloud technology. Therefore, we offer diverse solutions for various organizations based on their size. Small and midsized organizations that want more customization are offered DocLogix Private Cloud service. We implement our platform along with ready to use specific solutions in a cloud, dedicated only to that client,” says Aurimas Bakas, board member of DocLogix.

As the matter of fact, the benefits of private cloud computing are plentiful:

  1. Better security and control.Only the specific company will have access over the private cloud, making in private and safe.
  1. Less expenses.Having a private cloud server is much more affordable than hosting company’s own servers in a separate physical space or buying dedicated servers.
  1. Increased flexibility.Private cloud server allows to relocate resources immediately and increase disk space or add more CPU whenever needed.
  1. Access.Company managers can access needed information from any device and any location.
  1. Data protection.No information will be lost in case of a disastrous computer crash: it’s all on the cloud.
  1. Increased collaboration.Private cloud gives an opportunity for better collaboration and ability to work remotely for all company’s workers.

DocLogix is a unique platform, recognized in 2016 as the most progressive in the world, flexibility being its biggest strength. Any workflow or document form can be customized, while different solutions can be offered, such as office management, contract management, project management and so on.

 

Leave a comment »

Telus Announces LG G6 Pre Orders

Posted in Commentary with tags , on March 25, 2017 by itnerd

The LG G6 officially arrives at Telus on April 7th.  You can pre-order online on telus.com or visit in-store to pre-order their new device. To make the experience even better for Telus customers, they’re including the LG SH2 Sound Bar as a special bonus for those that pre-order.

I will be adding posts as I get more info from Telus.

Leave a comment »

Middle Eastern Arline Appears To Troll US Government On Twitter

Posted in Commentary with tags on March 24, 2017 by itnerd

I’m not sure that this is such a good idea given the current political climate. But Royal Jordanian Airlines is using Twitter to take a unique spin on the electronics ban. First they gave flyers the info that they needed to know:

Then they took an “interesting” look at what to do when you don’t have your laptop or tablet on a very long flight:

Some of this is humor, but number 12 could be seen as a bit of a dig at the electronics ban that may not go over too well with those in Washington. But it underscores the fact that some people, including yours truly and possibly this airline, have wondered about the logic of this ban. After all, are you any safer if a laptop with a bomb in it is in a cargo hold versus a cabin? Plus there’s the fact the optics of this are not that good as this electronic ban only targets airlines from Muslim majority countries. So perhaps Royal Jordanian Airlines has decided that because of all of that, they are going to use to express their displeasure in a way that has some degree of plausible deniability to it. Whatever the logic behind this, if they are trolling the US Government, it is kind of funny.

Leave a comment »

Turkish Crime Family iCloud Data Provided To ZDNet Proven To Be Valid

Posted in Commentary with tags on March 24, 2017 by itnerd

It may be a bit too early to blow of the so called Turkish Crime Family and their threat to cause digital harm to millions of iCloud users. I say that because ZDNet posted a story saying that it had received a set of 54 account credentials from the hacker group for “verification” and subsequently reported that all of the accounts were valid, based on a check using Apple’s online password reset function. What’s interesting is that ZDNet also contact each account holder via iMessage to confirm their password, and found that many of the accounts are no longer registered with Apple’s messaging platform. However, of those that could be contacted, 10 people who were all based in the U.K. confirmed that the passwords were accurate, and they have changed them as a result.

Now these passwords could have been acquired in a number of ways. For example, Yahoo gets hacked and because people tend to use the same password for everything, the rest of their digital lives is under threat. It doesn’t prove that the so called Turkish Crime Family have pwned Apple at all. Which would be consistent with what Apple said yesterday. Also, it is entirely possible that this is all that they have. I say that because of this:

A person representing the group, who is allegedly no longer a member, told me that the data is “handled in groups”, but would not explain how or why. The hackers refused to hand over a US-based sample of accounts

My $0.02 worth? There is a strong likelihood that this is bogus. If someone had some sort of epic exploit on a company like Apple, they’d be asking for way more than $75,000 and they would have provided far more proof that Apple had been pwned. That isn’t the case here. But it doesn’t mean that you shouldn’t take precautions. You should look at your iCloud account in terms of how secure it is. Consider using a strong password that is distinct from other passwords that you have and enabling two factor authentication to ensure that you are as secure as possible. After all, you should do everything possible to avoid getting pwned by this group or any other group of hackers.

Leave a comment »

Guest Post: Eight cyber-threats legacy tools are missing

Posted in Commentary with tags on March 24, 2017 by itnerd

By: David Masson, Canada Country Manager, Darktrace

Some of the most sophisticated cyber-attacks have a common trait – they go unnoticed for weeks, months, or even years until they have caused irreparable monetary and reputational damage. More often than not, the evidence of infiltration was present – but perimeter defenses proved insufficient in detecting them until it was too late.

To give a sense of the kinds of threats that legacy tools miss, I’ve compiled a list of real-world incidents that our AI-powered technology caught but went undetected by a traditional security system. There are a near-infinite number of ways that modern attackers can compromise a network, but here are eight of the more glaring vulnerabilities we’ve detected:

  1. Insider threat: An employee with system administrator privileges decided to leave for a new job. His company had explicit restrictions on cloud usage, but as an administrator, the employee could change the rules about who could access the cloud and from where. The employee attempted to exfiltrate data from the cloud before departing, but because Darktrace provided complete visibility across the entire network infrastructure, including the cloud, the suspicious behavior was spotted. As a result, the company was able to better manage the employee’s departure.
  2. Ransomware: An attacker sent an email containing a fake invoice, supposedly coming from a trusted stationary supplier. An administrative assistant opened the attachment, and JavaScript within the document connected the computer to a server in Ukraine. Within minutes, the downloaded malware began to encrypt company files. Darktrace found the attack by identifying both the connection and download as major deviations from the user and device’s normal ‘pattern of life’, allowing the company to quarantine the infected device before damage could be done.
  3. Compromised video equipment: After a video conferencing unit started to behave strangely, it was determined that a remote attacker had compromised the camera and was sending data outside the network. The attacker moved laterally through the network and attempted to locate Point of Sale (PoS) devices, and they could have been exfiltrating sensitive audio and video. Darktrace detected the compromise after the device initiated a large upload to rare external IPs and began communicating with internal computers that it rarely connected to. Once this behavior was identified, the company immediately disconnected the camera.
  4. Penetration Testing Vulnerability: Darktrace detected a company device updating a penetration testing tool used for attacks on web services. This particular device had never used the pen testing software in the past. Over the next few days, several anomalous behaviors were detected inside the network, including two corporate devices that tried and failed to log in using administrative credentials and an SQL injection attack. The attacks were not associated with any known threat signatures, so they went unnoticed by legacy tools, but Darktrace identified the failed login attempts and the SQL injection attack as highly anomalous behavior for the network.
  5. Credential theft: A healthcare company became infected with a strain of malware built to steal user credentials. Once on the network, the malware spread by copying programs into sensitive folders on other devices and guessing login details. Every infected device was sending programs to sensitive folders on other devices at speeds faster than users could possibly have been acting. The devices were also trying to communicate with a suspicious third-party infrastructure. This particular malware used advanced stealth techniques that allowed it to avoid traditional network defenses, but Darktrace recognized the copied programs and the forced access of password managers as abnormal compared to normal network activity.
  6. Self-modifying malware: Many sophisticated attacks contain ‘active defense mechanisms’ that allow them to avoid detection by traditional cyber security monitoring. In this case, the attacker used the ‘Smoke Malware Loader’ tool, a password grabber that protects itself from detection by evolving its threat signature in real-time and generating fake, redundant traffic. By combining various anomalous factors, including the initial incoming file and beaconing to an external device, Darktrace built a detailed understanding of this highly evolved operation, and quickly determined it was threatening behavior.
  7. BitTorrent risks: Certain types of malware can break themselves up into pieces and attach to bits of torrented files, essentially distributing themselves amongst millions of data packets. In this example, a device contacted a BitTorrent network via SSH – a powerful administrative protocol which an attacker exploited to remotely control the infected device and use it as an entry point into the network. Without quick action, this infection could have developed into a serious security breach. Darktrace identified the BitTorrent behavior and the beaconing activity as highly unusual compared to normal network activity.
  8. Biometric scanner vulnerability: To restrict access to their machinery and industrial plants, a manufacturer had a biometric scanner connected to the corporate network. When Darktrace was installed, it flagged unusual Telnet connections to and from the biometric scanner. Once investigated, it was determined that an external party had compromised the scanner and had started to change its data. No signature existed for that threat type, so it would have gone unchecked by legacy controls. Darktrace’s AI defenses identified the breach in time to avoid a physical intrusion and potentially catastrophic damage.

 

 

 

 

Leave a comment »

Apple Comments On Latest Wikileaks Info Dump

Posted in Commentary with tags on March 24, 2017 by itnerd

Yesterday, Wikileaks did a second info dump which centered around exploits used by the CIA to get into OS X and the fact that the CIA got into the supply chain of iPhone shipments to slip their software onto them. Apple has since come out with a statement that is kind of interesting:

We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

Well….what is in this statement is what I was I was expecting Apple to say as when I read the documents in the dump, it seemed like this was stuff that Apple had already fixed. But one thing to keep in mind is that based on the way the statement is written, they are still looking at this. Thus you can expect that anything that they haven’t already addressed will be fixed very quickly. Another thing to point out is that Apple took the opportunity to take a shot at Wikileaks about their disclosure of the exploits themselves. That’s interesting. I will be interested to see how Wikileaks responds to that.

Leave a comment »

« Older Entries
Newer Entries »