Archive for October, 2017

« Older Entries

Why The Fact That iPhones Categorize Bikini, Bra Selfies, & Nude Pix Under The Tag “Brassiere” Is A Non Issue

Posted in Commentary with tags on October 31, 2017 by itnerd

If you’re a woman with an iPhone and you have a habit of taking selfies in your bikini, bra, or outright nude, you might be creeped out by the fact that your iPhone is categorizing them under the tag “brassiere”.

Don’t believe me Here are two examples from Twitter which went viral and sparked this whole discussion. They’re totally NSFW, so click them at your own risk.

Now this seems to be a side effect of Apple Photo’s feature that categorizes photos using image-recognition. Though I should note that image detection is done locally on the device as this document points out:

One of the best things about Photos is how it protects your privacy. iOS is designed to take advantage of the powerful processor built into every iPhone and iPad. So when you search your photos, for instance, all the face recognition and scene and object detection are done completely on your device. Which means your photos are yours and yours alone.

Now if you actually want to be freaked out by something, Google Photos does the exact same thing when you search “brassiere” for example, except your photos are stored on the cloud, in Google’s servers. That to me is a bigger problem than what I am reporting in this story. Which by the way I’m reporting on because it’s a talking point today. But as far as I am concerned it’s been overblown.

Leave a comment »

Here’s Why You Need To IMMEDIATELY Install All The Apple Updates That Were Released Today

Posted in Commentary with tags on October 31, 2017 by itnerd

Normally, I don’t suggest that you should rush out and install the latest updates of anything. Instead I tend to suggest that you wait a day or so to see if anything bad happens. Today I am going to advise that you should rush out and install iOS 11.1, tvOS 11.1, macOS 10.13.1, and watchOS 4.1 for two reasons.

The first reason is that all these updates have a fix for the rather serious KRACK vulnerability where hackers could exploit a flaw in the WPA2 protocol to decrypt network traffic to sniff out sensitive information like passwords. That’s a very good reason to run and install this update.

The second reason is specific to macOS 10.13 users and can be found in the security information document that Apple put out when the update was released:

APFS

Available for: macOS High Sierra 10.13

Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data

Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.

CVE-2017-13786: an anonymous researcher

This kind of sounds like the Thunderstrike vulnerability from a while back. Seeing as APFS is a brand new filesystem for Apple, one has to wonder what else is out there in terms of security issues. Thus, this is another good reason to update away.

I’ll be doing updates of all my iDevices today and if I trip over anything interesting, I’ll post an update here.

Leave a comment »

#Fail: USB Stick Containing Heathrow Airport Security Details Found In The Street

Posted in Commentary with tags on October 30, 2017 by itnerd

If something deserves a #fail it is this. Many outlets including The Sunday Mirror are reporting on the discovery of a USB stick on the street in West London that contained the following:

The USB stick – containing 76 folders with maps, videos and ­documents – was not encrypted and did not require a password.

The man who found it plugged it into a library computer and was alarmed at what he saw. It revealed:

  • The exact route the Queen takes when using the airport and security measures used to protect her.
  • Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas.
  • A timetable of patrols that was used to guard the site against suicide bombers and terror attacks.
  • Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
  • Routes and safeguards for Cabinet ministers and foreign dignitaries.
  • Details of the ultrasound radar system used to scan runways and the perimeter fence.

Encryption? Passwords? Why use those to protect such sensitive information? Totally not required. That was clearly the thought process here.

Seriously though this is a screw up of epic proportions. The person who lost that USB stick should get sacked for that. But more importantly, those who let it out the door without encrypting it first and password protecting it should also get sacked. This is the era of epic pwnage where hackers are out to get info like this. Why would you want to make their job easier by just having this sort of info in a format that is easy to get to?

#Fail indeed.

Leave a comment »

10 million People Use LinkedIn’s Open Candidates Feature

Posted in Commentary with tags on October 30, 2017 by itnerd

One year since LinkedIn introduced Open Candidates – the discreet setting members can use to signal to recruiters that they are open to new opportunities, without alerting their network or employers – more than 10 million LinkedIn members are currently using the feature, and flying under the boss’s radar.

Open Candidates makes life easier for job-seekers and recruiters alike. For job-seekers, simply turning on your Open Candidates signal makes you twice as likely to receive relevant messages from recruiters, and for recruiters, Open Candidates are twice as likely to respond.

Today, LinkedIn also announces several new improvements to Open Candidates:

  • Easier than ever to enable: Your LinkedIn profile you can now let recruiters know you’re open in the Career Interests section within Your Dashboard (only you can see this section)
  • Tailored for the opportunities best suited to you: Members can input their preferences –specific job titles, what cities they want to work in, and how soon they’re looking to make a move – so recruiters can identify their dream job.
  • Coming soon: Personalized suggestions to help members improve their profile, and unique insights on how much attention they’re getting from recruiters.

To learn more about the Open Candidates, please visit LinkedIn’s blog.

Leave a comment »

Guest Post: Simple Ways To Prevent Multimillion-Dollar Losses From BEC

Posted in Commentary with tags on October 28, 2017 by itnerd

An urgent email from the boss likely would make most employees sit up and take notice. This could be an opportunity to step up and deliver results that advance their career, or it could be the chance to explain a major mistake, so the person truly responsible is held accountable. An urgent email from the boss could be about any number of things — but most employees would never think about the possibility that it’s a key step in a well-designed scam that could cost the company millions of dollars.

Many who spend time online are familiar with the concept of “phishing” scams, which entail cybercriminals using legit-looking emails to con people into providing their passwords or other sensitive data. But not nearly enough people are aware that these schemes just as easily can affect businesses. Known as business email compromise (BEC) scams, these crimes work in much the same way as phishing. Through hacking or deception, criminals gain access to corporate email accounts. Posing as high-ranking company officials, these criminals then send out emails seeming to authorize the transfer of money for business purposes. In reality, they’re tricking employees into stealing corporate funds for them, and the losses can be catastrophic. The FBI estimates that over a more than two-year period, more than $960 million was lost due to BEC scams. These scams can strike any size business in any sector at any time. All it takes is a single slip-up by someone in the company to provide the opportunity these fraudsters need.

Although the threat of BEC may come as dire news for your business, there are some simple steps management and IT professionals can take to avoid being victimized by these scams. For example, there should be some form of two-factor authentication required to authorize the transfer of funds. An email requesting the transfer of funds should always be accompanied by another form of verification — whether that’s a verified text message, a PIN or a security question. Regular training for all financial professionals in the company is another important weapon in the fight against these types of cybercrimes. Awareness can ensure that employees are always vigilant against common BEC tricks and tactics.

Although one seemingly minor mistake can be all it takes to expose a company to the risk of a BEC scam, the good news is that this risk can be minimized significantly. Follow the accompanying guide to preventing BEC scams, and any urgent emails that employees get from the boss will be alarming for less costly reasons.

Author bio:

Chris Cronin is a partner, principal consultant and ISO 27001 auditor for HALOCK Security Labs, a leading information security firm in Chicago. Cronin has more than 15 years of experience helping organizations with policy design, security controls, audit, risk assessment and information security management systems within a cohesive risk management process. He is a frequent speaker and presenter at information security conferences and events.

 

 

Leave a comment »

Toronto-Based Rubikloud Is Organizing The Third Annual Startups Warmup Clothing Drive

Posted in Commentary with tags on October 28, 2017 by itnerd

Toronto-based Rubikloud is organizing the Third Annual Startups Warmup clothing drive to provide winter clothing for some of the neediest, including addicts in recovery. They are asking Toronto’s startups and tech community to host a clothing box from Dec 1st – Feb 1st, 2017. Over the past two years more than a dozen companies have participated and they are hoping to beat that this year.

The Cause: Oasis Clothing Bank: http://www.clothingbank.ca/

Unlike other well-funded large organizations, Oasis is small and run on a shoestring budget. Your help could go a long way. They help support recovering addicts integrate back into society. Winter clothing is always in huge demand and short supply.

  • If you want to participate, they will bring a large box to your office. Please send an email back to laura.leslie@rubikloud.com committing to having this box in your office for two months (Dec 1-Feb 1).
  • A company-wide email to your team/portfolio asking them to commit any clothing (especially warm winter clothing).
  • Tweet #Startupswarmup with a photo of your box to Oasis to help raise awareness for their organization.

What Rubikloud and Oasis will be responsible for:

  • They will organize the warm clothing drive and coordinate any admin tasks with Oasis
  • They will put together a deco to put onto the clothing bin indicating you are part of the #Startupswarmup drive
  • They will drop off the clothing bin at the end of November at your office.
  • Oasis will pick up clothing bi weekly so there is no over-flow

Companies that participated either one year or both:

  • OneEleven
  • Pumpup
  • StreetConxt
  • WattPad
  • Pivotal Labs
  • Scalar
  • UXP Systems
  • MaRS Discovery
  • Hubba
  • 500 px
  • TILT
  • Canopy Labs

 

Leave a comment »

City of Toronto endorses Wired Certification

Posted in Commentary with tags on October 28, 2017 by itnerd

There is nothing more frustrating in a work environment than a slow or unreliable internet connection. Starting today, Toronto businesses will be able to identify office buildings that offer the best-in-class connectivity infrastructure to keep their companies online thanks to Wired Certification. Toronto’s most forward-thinking landlords and developers are pursuing Wired Certification, the preeminent international platform that rates the connectivity and technological capacity of office buildings.

Wired Certification has officially launched in Toronto amid a radical digital transformation in a city recognized as the “Silicon Valley of the North” and a time when 99% of the GTA’s office workers said access to reliable internet is critical in a recent survey on the current state of Digital Connectivity in Toronto.

WiredScore has nine launch partners who have committed to Wired Certification for Toronto office properties: Cadillac Fairview, Hines, Menkes Developments, Ivanhoé Cambridge, Canderel, KingSett Capital, Alberta Investment Management Corporation, Bentall Kennedy, and Hullmark with more commercial landlords and developers signing up in the coming weeks.

More than four million tenants in over 1,000 buildings globally trust Wired Certification as the benchmark for internet that meets their needs. Until now there has been little information available to Toronto’s commercial tenants about the quality of internet connectivity in office spaces. Landlords use Wired Certification to provide that transparency and access to information for tenants. The WiredScore team also helps commercial owners understand and improve the digital capacity of their buildings and works with developers to design best-in-class connectivity for new developments or redeveloped properties.

After conducting an independent survey to highlight the benefits of efficient and reliable internet services in Toronto offices, WiredScore found 95% of the city’s office workers say internet outages or poor connectivity negatively impacts their companies and themselves. In addition:

  • 92.5% say companies should prioritize access to reliable connectivity when selecting office space
  • 90.5% experience connectivity problems at the office
  • 67% say poor internet connection has caused tension in the office

For more information on Wired Certification or to find Wired Certified buildings, visit: www.wiredscore.com

 

Leave a comment »

NHS Pwnage Could Have Been Stopped If They Followed “Basic IT Security Best Practice”

Posted in Commentary with tags on October 27, 2017 by itnerd

You might recall that the National Health Service in the UK got pwned by what became known as the “WannaCry” ransomware outbreak that went global. Well, it turns out that they could have easily protected themselves from this outbreak. Here’s what The Guardian had to say on that front:

The National Audit Office (NAO) said that 19,500 medical appointments were cancelled, computers at 600 GP surgeries were locked and five hospitals had to divert ambulances elsewhere.

“The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients,” said Amyas Morse, the head of the NAO.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

And what action could they have taken? Well….:

As early as 2014, the Department of Health and the Cabinet had written to NHS trusts, saying it was essential they had “robust plans” to migrate away from old software. In March and April 2017, NHS Digital issued critical alerts warning organisations to fix the exact bug in their Windows computers that later enabled WannaCry to rapidly spread.

Before the attack, NHS Digital carried out an “on-site cybersecurity assessment” at 88 out of the 236 health trusts in England. None passed, but the agency had no powers to make them “take remedial action even if it has concerns about the vulnerability of an organisation”, the report says.

Well. That’s not cool. This should serve as a textbook example of why every business big or small needs to have their act together when it comes to IT security. Because if you don’t have your act together, you become the NHS. Don’t be the NHS from an IT perspective.

1 Comment »

#Fail: Rogers Website Crashes During iPhone X Pre-Orders [UPDATED]

Posted in Commentary with tags on October 27, 2017 by itnerd

Canada’s largest telco can’t seem to catch a break lately.

At 12:01AM today, you could order an iPhone X. And from browsing around the Internet, it seems that many wanted to. But if you are a Rogers customer, you likely had issues doing so. Starting with the fact that their website crashed causing these sort of reactions on Twitter:

https://twitter.com/RyanPosen/status/923816845294972929

I guess this explains the “anemic” demand that Rogers was seeing for the iPhone 8. People were clearly waiting for the iPhone X. For the record, it seems that Telus and Bell pre-orders went off without a hitch from what I could tell. But in the case of Rogers, this latest issue is really not going to help their public image.

UPDATE: Rogers sent me a statement. I have printed it verbatim below:

I just saw your post about the website crashing and it is incorrect. We opened our pre-orders at 7am as scheduled and everything ran smoothly with no issues.

I believe the customer tweets you posted had the impression that pre-sales launched at midnight which is not accurate.

I’ll buy into that…. Though I will point out that a lot of customers must have had that impression as I got pinged by a whole lot of people overnight on this. And by a lot, I mean on the sort of scale that was in the vicinity of the multi-day outage that Rogers had. Perhaps Rogers may want to look at how this was communicated as clearly there was some sort of miscommunication.

Leave a comment »

BREAKING: Rogers Serves Up An Apology & Vague Promises Of Compensation For Multi Day Outage

Posted in Commentary with tags on October 26, 2017 by itnerd

While I will not take credit for this, it seems that Rogers has decided to take some of my advice from the post mortem that I wrote. Earlier tonight, Rogers posted this on the Rogers Helps Twitter account:

Some commentary about all of this. This apology is as the kids say, on point. It sets the right tone and expresses regret and sincerity.  The promise of compensation is vague, but I guess you can’t get into specifics into how you get compensation and what that looks like in 140 characters. I will be interested to see details on that in the coming days. I have  a tip for Rogers on that front in case they are actually taking my advice…. unlikely as that may be as I am sure that they have a crisis management group working behind the scenes. I would not leave details on compensation hanging out there too long. If it were me running the show, I’d have details on the street by Monday. Because if you leave it any longer, you risk burning the bridge that you’re trying to build.

5 Comments »

« Older Entries