Archive for September, 2017

Whole Foods Pwned….. Credit Card Data Swiped

Posted in Commentary with tags on September 29, 2017 by itnerd

The pwnage continues with Amazon owned Whole Foods getting pwned by hackers. Apparently the hackers managed to swipe credit card data. Here’s the really bad news…. They had no clue until someone else told them about the pwnage:

Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected. When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.

Let me translate above because I’ve been to a Whole Foods store once when my wife dragged me there. Taprooms are a pub by another name which sounds really fancy so that you can spend some cash. So if you’ve eaten at one of these places, you better keep an eye on your credit and debit cards. If you shopped in their stores to buy expensive hoity toity food, you should be fine. Apparently, even though they’re owned by Amazon, there systems aren’t connected so those on Amazon need not worry.

I’d love to understand why it seems that Whole Foods was asleep at the switch to such a degree that someone not working for Whole Foods had to tell them about it. Perhaps someone on Capitol Hill would care to organize a public flogging hearing to find out?

Advertisements

Mr. Smith Goes To Washington To Get Grilled Over Equifax Pwnage

Posted in Commentary with tags on September 29, 2017 by itnerd

Ex-CEO of Equifax Richard Smith is going to Washington next week to participate in the public flogging known as congressional hearings. I am sure that 143 million Americans, 400 thousand Brits and 100 thousand Canadians really want to hear about how he absolutely screwed up to this degree before he “retired”. Examples of this #EpicFail include hiring a CSO with no IT experience or not applying a patch for Apache Srtuts for months, or having a publicly accessible database with username of admin and the password of (you guessed it) admin. I could go on but you get the idea.

In any case, if you want to hear what he has to say, here’s the schedule of where he’s going in Washington next week:

I fully expect this to be a public flogging given the scale of the pwnage that took place. Thus this will be very interesting to watch on TV. Set your PVR and get the popcorn ready.

One Reason For Mac Users To Upgrade To High Sierra: Security At The Firmware Level

Posted in Commentary with tags on September 29, 2017 by itnerd

research paper from Duo Security is recommending that if you want to keep your Mac safe from certain types of pwnage, you should always be up to date with your OS. That’s because according to new research Pre-boot software on Macs is often outdated, leaving Apple fans at a greater risk of being pwned. For example, users would be vulnerable to exploits such as Thunderstrike and attacks originally developed by the NSA and exposed in the WikiLeaks Vault 7 data dumps as they rely on out-of-date firmware. This of course ignores the other security fixes that come with OS upgrades such as the recently released High Sierra.

Now how does High Sierra fix this? It automatically checks and updates the firmware if required when it installs. Not only that, it also checks said firmware on a regular basis to make sure that it hasn’t been pwned by a hacker. Further info on this can be found in a related blog post where Duo Security said that users should not only upgrade to High Sierra, but users should also check if they are running the latest version of firmon their Macs, and it has released a tool to help them to do that.

Review: SanDisk Ultra Flair 32GB USB 3.0 Flash Drive

Posted in Products with tags on September 29, 2017 by itnerd

I walk around with a flash drive on my keychain at all times. The reason being that if I need to back up something in an emergency, or build a bootable USB flash drive in an emergency, I have the means to do it. To ensure that I had space for both possibilities, I decided to get a physically small flash drive with a lot of space. As in 32GB of space. So one trip to Amazon and I ordered the SanDisk Ultra Flair 32GB USB 3.0 Flash Drive which happened to be on special:

IMG_0852.jpg

 

As you can see, the drive is tiny. You hardly know it’s there as it doesn’t take up a lot of real estate. But it is quick. Since it’s a USB 3.0 drive, it’s capable of 150MB/s, Now I can’t confirm that I am getting those speeds, but it is insanely quick. Anything that I’ve done with it since I got it takes way less time than any other USB drive I have used lately.

Because this lives in my pocket, I have to be sure that any USB key will survive that environment as a lot of them won’t. The SanDisk Ultra Flair drive has been in my pocket for just over a week and there isn’t even a scratch on it. And it still works perfectly. It also has the ability to be password protected using SanDisk SecureAccess 3.0 which works with Windows and Mac. I’m not leveraging that feature as I have nothing critical on that drive. But it is an option for those who do.

The 32GB drive retails for $50 USD and comes with a 5 year warranty. But I got it from Amazon for $18 CDN which means it pays to shop around. It’s also available in capacities all the way up to 128GB. Consider it if you need a durable flash drive that doesn’t take up a whole lot of real estate.

#PSA: Stop iOS Apps From Asking You To Do A Review In iOS 11

Posted in Tips with tags on September 28, 2017 by itnerd

Something that has annoyed me for a very long time is apps prompting me to review them. Sure I can click the option to not ask me again every time the prompt appears. But that becomes tiresome after a while. But you can stop apps from asking you for reviews in iOS 11 by doing the following:

  1. Go to Settings
  2. Go to iTunes & App Store and look for this option

IMG_0843

The In-App Ratings & Reviews was turned on in my case. I turned it off and I stopped getting prompted for reviews. At least thus far. Give it a try and see if it works for you. If it does, please leave a comment and let me know.

Bell Canada Wants To Block Access To Pirate Websites…… WTF?

Posted in Commentary with tags on September 28, 2017 by itnerd

If you’re into “acquiring” content via torrent sites and you’re Canadian, you are likely not going to like what I am about to write. In what has to be considered to be an over the top move, Bell Canada is floating the idea of blocking any or all access to websites that are related to piracy:

Canada is a safe haven for internet pirates, Bell Canada says. The telecom giant wants the federal government to fight back by blocking Canadians’ access to piracy websites and stiffening the penalties for violations.

“People are actually leaving the regulated [TV] system, not just because they want to watch Netflix but because they want to watch free content,” Rob Malcolmson, Bell’s senior VP of regulatory affairs, told federal politicians last week. He was speaking at a government hearing in Ottawa on NAFTA negotiations.

According to Malcolmson, this is how the website-blocking plan would work: an independent agency, such as Canada’s broadcast regulator (the CRTC), would create a blacklist of sites that allow people to download or stream pirated content like movies and TV shows.

Internet service providers, like Bell, would then be required to prevent their customers from accessing the sites.

“So you would mandate all [internet providers] across the country to essentially block access to a blacklist of egregious piracy sites,” said Malcolmson. Canadians made 1.88 billion visits to piracy sites last year, according to Bell.

Hmm….. The government and private companies putting together a list of sites they consider “pirates” and blocking them from your view. There certainly no potential for abuse here. None whatsoever. Also, Bell Canada owns the rights to some the content that is being pirated. Thus I am sure that this factors into this proposal, even though they likely won’t admit it.

The fact this that this is an insane over-reach if it were to be adopted. Hopefully Canadian politicians have the common sense to smack Bell Canada into reality as they are way offside here.

Twitter Testing 280 Character Limit

Posted in Commentary with tags on September 27, 2017 by itnerd

Twitter today announced that it is going to “try out” a longer character limit. If successful, it will double the current 140-character limit to 280 characters. This will be rolled out to “only available to a small group” of users at a time and they won’t roll it out to everyone until they are sure it works. Those who get to test this feature will be selected at random/

To be honest, I can’t decide if this is a good thing or a bad thing. I guess we’ll have to see when a critical mass of users gets this new feature.