Archive for September 14, 2017

A Plot Twist On The Rogers/Apple Watch Series 3 Story [UPDATED]

Posted in Commentary with tags on September 14, 2017 by itnerd

You might recall that on the day that the Apple Watch Series 3 was announced, Rogers was missing from the list of carriers that would support it. That set off a bit of a firestorm online as you’d expect it to. Well, there’s a bit of a plot twist to that. About 15 minutes ago, the app that I use to scan Twitter for anything interesting spotted this:

I have also taken a screenshot of it in case Rogers decides to delete the Tweet:

Rogers

 

What precisely does that mean? It’s a very odd response from Rogers as unless I am missing something, you don’t need Rogers or any other cell phone carrier to pair a non-LTE Apple Watch Series 3. But the fact that according to this Tweet you can bring in an Apple Watch Series 3 to pair with your iPhone on the Rogers network (presumably) is a bit of plot twist. Though there’s no details on how that would work in the Tweet. After all, you only have 140 characters to work from. A more robust statement from Rogers would be helpful. I am in the process of reaching out to them to find out what the deal is. If I get a response from them, I will post it here.

UPDATE: The plot twists continue. This Tweet from Rogers got my attention:

https://twitter.com/dawnetiller/status/908377389624844288

So now the story has changed. Twice. Let’s recap. Just shortly after the Apple announcement, Rogers said this:

In other words, it was an answer that didn’t answer the question as to if they are going to carry the Apple Watch Series 3. Then over the last few hours, the party line changed to this:

That sounds like they weren’t going to carry the Apple Watch Series 3, but if you bought one elsewhere, they’d activate it for you. Then in the last few minutes the answer from Rogers became what I posted above.

It really looks like Rogers for whatever bizarre reason don’t seem to have their act together from a public relations standpoint and as a result they completely flubbed the message that they wanted to get out to the public. Then when the predictable blowback from die hard Apple users who were also Rogers customers happened, they muddied the waters further and made things worse. To me, this seems like the Rogers from a few years ago who would be famous for finding new and creative ways to invent PR disasters that didn’t need to be invented. Perhaps if they said from moment one that they would carry the Series 3 Apple Watch next year as soon as they built the infrastructure to support it, we would not be here talking about this PR mess now. If I were their PR humans, I’d get out a statement to every media outlet that made it clear what their intentions are in terms of the Apple Watch Series 3 and I’d do it right now as this constant shifting of what the message happens to be is making them look like it’s amateur hour in their PR department.

UPDATE #2: I got a response from Rogers….. That really isn’t a response in my opinion. Your opinion may differ. Their response was to send me an image of the entire Twitter interaction:

Rogers lame response

To be fair, it does clarify one point. If you bring in an Apple Watch Series 3 to a Rogers store, they will pair it with a iPhone on their network. But based on the above, your brand new Series 3 Apple Watch will only work over WiFi and Bluetooth. The net result is that people will feel like this person who reached out to me on Twitter:

The PR disaster continues.

UPDATE #3: A reader of this blog brought this Tweet to my attention that has slightly more clarity to it:

And then there’s this:

The thing is, not having support for eSIM would be weird. The tech has been around since 2015 so you’d think that Rogers would support this tech. But that seems to be the case as the same reader that brought these latest Tweets to my attention provided me with this:

This has a person who wanted to activate a eSIM device on Fido in May 2017, and Fido didn’t support the technology. Fido is owned by Rogers which means that if Fido doesn’t support eSIM, Rogers doesn’t either. Which is to be frank, is quite shocking.

UPDATE #4: There’s been another plot twist in this story. Details here.

10 Comments »

Breaking: FTC To Investigate The Pwnage Of Equifax

Posted in Commentary with tags on September 14, 2017 by itnerd

I’m going to go out on a limb and say that in the words of Russell Peters, “someone is gonna get a hurt real bad.” I say that because Reuters is reporting that Equifax is going to get investigated in terms of that massive data breach by the FTC. How do we know this? The FTC in a unusual move actually said so:

“The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” spokesman Peter Kaplan said in a brief email statement.

That’s not good if you’re Equifax. It pretty much means that you’re about to get slapped silly. And that’s even before the lawsuits and public floggings known as congressional hearings happen. Let’s hope the FTC does its job and punish these guys for this colossal mess that they have put millions of people in.

Leave a comment »

Should You Upgrade To The New iPhones? Here’s Some Thoughts

Posted in Commentary with tags on September 14, 2017 by itnerd

I’ve gotten a number of e-mails from people asking if they should upgrade to the new iPhones. And if so, which iPhones is best for them. The answer is that it depends what iPhone you’re upgrading from… Assuming of course you’re not coming from an Android phone. To help you out, I’m going to share my thoughts on the three phones that Apple announced earlier this week:

iPhone 8/8 Plus: If you’re an owner of an Android phone, or you own anything before an iPhone 7/7 Plus, this is the phone you should upgrade to. What it brings to the table is a significant enough jump over what you have to make it worthwhile to upgrade. Now you’re likely wondering why I am not including iPhone 7 and 7 Plus owners in this. Well, the iPhone 8/8 Plus is faster and it does offer wireless charging. But that’s really it. Unless you really want wireless charging or you need the speed increase from the A11 Bionic chip, I don’t see enough of a value proposition to make the jump to an iPhone 8 if you own a 7 or 7 Plus. One other thing to consider is that this is an iterative upgrade from Apple which means the risk level to upgrade to this phone is low.

iPhone X (Pronounced “iPhone 10”): This is the flagship phone from Apple that they would like everyone to upgrade to. And to be frank anyone that has an Android phone or any iPhone including the iPhone 7/7 Plus should go to this phone assuming that you can afford it as it is not cheap. But I have a word of caution. This phone is the bleeding edge in terms of iPhone technology from Apple. And I tend to avoid the cutting edge from Apple as I don’t want to really work the bugs out of any new product that they have. For example TouchID took a while to become really reliable, and I expect the same to be true for FaceID. Plus this is Apple’s first leap into OLED screens. Thus while I don’t expect problems on that front, something could crop up. Thus you should be mindful that if you jump to the iPhone X, you are going to be an early adopter with everything good and bad that comes with that. Thus it might be better to wait until the next version of this phone to appear before grabbing one unless you love being on the bleeding edge.

Other Notes: You don’t have to go to the latest and greatest that Apple is offering as Apple has taken their existing lineup prior to the arrival of these three phones, and given them a price break. The iPhone 7/7 Plus, The iPhone 6S /6S plus and the iPhone SE all got price cuts when the iPhone 8/8 Plus and iPhone X were announced. And they’re all proven products having been out for a year or more. Thus you can buy with confidence. But here’s how I wold approach those models. If you need the smallest iPhone, go for the iPhone SE. Otherwise, your choice should be the iPhone 7 or 7 Plus. Completely ignore the iPhone 6S/6S Plus unless the iPhone 7/7 Plus price point is too high for you.

Hopefully that helps you make up your mind if you should upgrade to the latest iPhone and which one you might upgrade to. If you have any thoughts that might help readers of this article, please leave a comment and share your thoughts.

1 Comment »

Equifax Pwnage Was Due To Failure To Apply A Security Patch To Their Website

Posted in Commentary with tags on September 14, 2017 by itnerd

Equifax has apparently admitted that a failure to install a patch on its website led to the biggest data breach in the history of the universe. Here’s what they posted on their www.equifaxsecurity2017.com/ site:

Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.

Now, here’s why this is a #fail. CVE-2017-5638 was reported on March 10 2017 as per this NIST notification. The key part of this notification is this:

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

So, what that means is that Equifax had to be running a version of Apache Struts that was earlier than either 2.3.32 or 2.5.10.1. Which implies if they upgraded to either of those versions, they would have been fine. But it appears that this did not happen. What’s worse is that according to Equifax, they were pwned in “mid May 2017”  and figured it out in July 2017. So if we work back from “mid May 2017” to the time that the security issue was discovered, Equifax had nine to ten weeks to install an updated version of Apache Struts. But they didn’t, and now we have pwnage on a scale that has never been seen before.

Clearly this is another data point that shows that Equifax dropped the ball here. And to be frank, it’s as bad as having a public facing database with a username of admin and password of admin. Hopefully, everyone from politicians to the average consumer is paying attention so that this company can get the punishment that it deserves.

2 Comments »