Archive for October 3, 2017

Verizon To World: Every Yahoo Account Was Pwned

Posted in Commentary with tags on October 3, 2017 by itnerd

I wonder where ex-Yahoo CEO Marissa Mayer is right now because I suspect that about three billion people want to know why she didn’t let the world know that every Yahoo account got pwned in that hack on Yahoo a few years back:

Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.

If you still have a Yahoo account, now would be a really good time to follow the instructions on the email that you’re going to get. Or you can close the account seeing as it’s been pwned for years without your knowledge. The choice is yours. While new owners Verizon would prefer that you keep the account. I don’t think you should.

Advertisements

Ex Equifax CEO To Congress: It’s Not My Fault That We Got Pwned

Posted in Commentary with tags on October 3, 2017 by itnerd

It seems that Richard Smith who was the CEO of Equifax until they got pwned by hackers in epic fashion and then “retired” very quickly started attending a variety of Congressional hearings today. In his testimony today, he issued an apology but deflected any blame for this epic pwnage:

During the hearing, Smith gave an inside perspective on how Equifax lost all that data. He opened with an apology, taking responsibility for the breach and the botched response. 

The door was opened for the breach earlier this year. Equifax had learned in March about a weak spot in the Apache Struts software in a key computer system, but never patched it. Smith said Equifax did everything it was supposed to, but still failed to protect its data.

In his testimony, Smith laid the blame on a faulty scanner for not flagging the vulnerability on March 15 and on a single Equifax staffer responsible for mishandling patches on March 9. He did not name the person.

“Both human deployment and the scanning did not work. But the protocol was followed,” Smith said. 

Wait… He was the CEO at the time. That means the buck stops with him as he is the leader of that company. Right? Isn’t that was leadership is about? I guess he doesn’t see it that way. I should note that he somehow didn’t ask if customer data was swiped and he couldn’t remember when he had spoken to people about the epic pwnage. None of that passes the smell test.

Oh, there was also this tidbit.

The company, which has 9,900 employees, only had one person in charge of its patching process, Smith said.

Clearly security wasn’t a focus for this company despite the fact that they handle all sorts of personal information. #EpicFail. One politician summed it up this way:

Several House committee members suggested federal laws to regulate credit monitoring companies like Equifax. [(R) Rep. Greg] Walden bluntly noted that it would be difficult to stop cyberattacks from human errors like the one Equifax suffered.

“I don’t think we can pass a law that fixes stupid,” Walden said.

No, but I think you can pass a law that punishes stupid stuff like this.

Telus To Launch Apple Watch Series 3 LTE On December 1st

Posted in Commentary with tags on October 3, 2017 by itnerd

Telus has let it slip that they will have the Series 3 Apple Watch with LTE available on their network on December 1st. You can pre-register here To get your hands on one. Though pricing hasn’t been served up by the company as of yet.

So as I type this, the only company not supporting the Series 3 Apple Watch is Rogers seeing as Bell already has support for the Series 3 Apple Watch with LTE. Though based on these two stories, it’s an open question when that support might appear on the Rogers network. When it does, Rogers might find that many die hard Apple users might have already defected to either Bell or Telus to get their hands on the latest wearable from Apple.

Sucks to be Rogers right now.

Microsoft Kills Groove Music Service And Punts Users To Spotify

Posted in Commentary with tags on October 3, 2017 by itnerd

Today, Microsoft announced that it is killing Groove Music, which was once Xbox Music. The company has said that it will stop selling Groove Music passes soon. Any customers subscribed to the service will be refunded pro-rata once Groove Music Pass is discontinued on December 31st. After December 31st, Microsoft’s Groove Music app will cease to function.

So that you don’t defect to another service and cost Microsoft some money can still use your playlists, Microsoft is partnering with Spotify to allow the transfer of their playlists from Groove. The update that will allow users to do this will be available on Windows 10 next week.

So, are you affected by the imminent death of Groove? If you are, please leave a comment and share your thoughts.

 

Soundstream Debuts New Apple CarPlay Source Unit

Posted in Commentary with tags on October 3, 2017 by itnerd

Soundstream will be introducing an all-new Apple CarPlay  unit in the coming weeks. As an added bonus, this unit will also be SiriusXM-Ready (SVX300 Connect Vehicle Tuner kit sold separately, SiriusXM subscription required).

0ab87f20-b2ef-41e4-b0f2-d51c2a98cf81.png

The Soundstream VRCP-65 source unit will feature an impressive list of features and will be available at authorized dealers in the coming weeks. This unit marks Soundstream’s first CarPlay head unit which is becoming increasingly popular in the car audio market.

VRCP-65

This source unit is a full multi-media car entertainment center that includes Apple CarPlay, Android PhoneLink and is SiriusXM-Ready.

Other key features offered with this unit are: a rear-view camera input manual and auto-trigger, Bluetooth 4.0 hands-free wireless connectivity, USB audio/video playback and a wireless direct select remote control. All of these features come at no additional cost to the consumer.

The VRCP-65 utilizes a dynamic user interface with a SmartSense Touchscreen. Key benefits of this 6.2” HD quality TFT-LCD display include a capacitive touchscreen with pinpoint accuracy, low reflection industrial grade glass top panel and a large format user interface to reduce distraction.

For further details please visit http://www.soundstream.com/carplay/. Consumers can locate their nearest dealer by visiting www.soundstream.com/where-to-buy.

Guest Post: BluePay Provides 5 Technology Security Tips For You

Posted in Commentary with tags on October 3, 2017 by itnerd

In the wake of recent high-profile cybersecurity breaches such as those experienced by Equifax and Deloitte, the issue of protecting technology and data is on everyone’s mind. Even if your business is not as big of a target as Deloitte or Equifax, protecting your and your customers’ sensitive data is a major obligation. Cybercriminals look for any opportunity to commit a virtual smash-and-grab. Letting your guard down for even a moment typically is all the opportunity they need to commit a crime that can have dramatic and catastrophic effects on your business as well as your customers’ financial stability.

All of this is to underscore how vital it is for small businesses to take some common-sense precautions when it comes to their use of technology. Although having strong cybersecurity protocols in place and partnering with a qualified cybersecurity firm can go a long way to protecting data and technology, following a few simple procedures also can have a significant impact on a small business’ security.

For example, many small business owners conduct their business wherever they happen to be at the moment, which means at certain times relying on public Wi-Fi hotspots for Internet access. Though, these hotspots typically lack the level of security needed to send financial information securely, so small business owners should always refrain from handling financial transactions while connected to these networks.

Another simple-but-essential tip for small businesses when it comes to technology is to utilize successful password management. This means changing passwords every 90 days, using a password manager and requiring multiple authentication factors whenever possible. Using the same password all the time can be the equivalent of leaving a key to the front door under the doormat for opportunistic criminals.

Because the majority of sensitive data is transacted during purchases, it’s crucial for small businesses also to have a reliable e-commerce payment solution they can trust. The right technology integrated into a website can give small businesses and their customers the peace of mind that comes with knowing all sensitive information will be protected throughout the payment process.

Check out the 5 technology security tips below that BluePay has featured one of our blog posts in. If you’re concerned about the security of your company’s sensitive data, common-sense ideas like these can make a huge difference.


Security guide compiled by credit card processing company BluePay

 

NordVPN Launches Proxy Extension for Google Chrome

Posted in Commentary with tags on October 3, 2017 by itnerd

As VPNs are growing in popularity, many providers are launching user-friendly features and extensions to make their more tools accessible to anyone willing to protect their online privacy.

NordVPN has just launched another digital security tool: a proxy extension for Google Chrome. From now on all Google Chrome users will be able to secure their online activities, hide your IP address and safely access their favorite websites. The new proxy extension is extremely light and fast so users can switch between locations with one click.

The Chrome extension provides these benefits:

  1. Hiding identity online. NordVPN encrypts Internet traffic and hides a user’s actual IP address. Once a user connects to one of the remote encrypted proxy servers, their online activities are encrypted, and their Chrome browser is assigned with the IP address of that particular server making it look like they are in another country.
  2. Safe access to websites and services. The new lightweight extension for Chrome will help to safely access anyone’s favorite sites even if they are not protected by HTTPS. Many popular websites, including CNN, BBC, IMDb, still don’t offer HTTPS encryption meaning that snoopers can see anyone’s online activity. When the NordVPN extension is enabled, it encrypts the browser’s traffic, and the surfing becomes safe and private.
  3. Data protection from IP leaks. Even with a VPN, there’s still a chance to experience WebRTC leaks in the browser, which may reveal a user’s original IP address. All sensitive data, including passwords of all accounts, credit card details and even a user’s current location may be visible to snoopers and nefarious users. The NordVPN extension allows disabling Chrome’s default WebRTC protocol, this way ensuring that one’s online identity stays hidden at all times, no matter what.
  4. Shielding against ads and malware. The CyberSec feature is also available in the NordVPN extension for Chrome. When enabled, it protects a user from malware and other cyber threats that lurk online waiting to infect anyone’s device. Additionally, it blocks annoying pop-ups, auto-play ads and other advertisement material.

How to Get NordVPN for a Chrome browser:

NordVPN extension can be downloaded from the Chrome Web Store, and it will appear next to other Chrome extensions. The second it’s downloaded, all user’s online communications are instantly encrypted, and their IP address is hidden, meaning that their Internet activities are now invisible to hackers or any other third-party snoopers.

When a user opens the NordVPN extension, they should click “Choose location” and browse the country list to pick the destination they prefer. Or, if they don’t have any specific requirements, they can simply click “Auto connect” and let NordVPN’s special algorithm pick the best option based on a user’s server load, distance and other specifications.

The NordVPN Chrome extension encrypts HTTP traffic with the Secure Sockets Layer (SSL) protocol, which is widely used to provide security over users’ internet communications.

Please note that this extension is only available for Google Chrome users. Those who wish to secure their other devices can download the full NordVPN version for Windows, macOS, Android and iOS under the same subscription.