Archive for October 16, 2017

Canadian Companies Among Finalists For Stevie Awards For Women In Business

Posted in Commentary with tags on October 16, 2017 by itnerd

Finalists were announced in the 14th annual Stevie® Awards for Women in Business, the world’s top honors for women entrepreneurs, executives, employees and the organizations they run.

The Stevie Awards for Women in Business are produced by the creators of the prestigious American Business Awards and International Business Awards. The Stevies are widely considered to be the world’s premier business awards.

Among the finalists of this year’s Stevie Awards for Women in Business are 16 companies and women from Canada that have prevailed over the global competition.

The organization with most finalist nominations from Canada is Pink Elephant from Burlington. The global training & consulting provider is candidate for nine Stevie Awards in different categories including Lifetime Achievement (Business), Most Innovative Women of the Year (Business Services) and Female Entrepreneur of the Year in Canada.

Another company with multiple finalists is The Colony Project from Toronto with four award winning entries in the categories Employee of the Year (Business), Most Innovative Woman of the Year (Advertising, Marketing & Public Relations), Company of the Year (Business Services – 10 or Less Employees) and Female Executive of the Year (Business Products –10 or Less Employees).

Other finalists in the Stevie Awards for Women in Business include Tigris Events Inc. (Pickering), She Takes on the World Inc. (Kitchener), Managing Matters Inc. (Toronto) and Marketing CoPilot (Toronto).

This year’s Gold, Silver and Bronze Stevie Award winners will be announced at an awards dinner at the Marriott Marquis Hotel in New York City on Friday, November 17. More than 500 women and their guests from around the world are expected to attend the presentations, which will be broadcast live on Livestream.

More than 1,500 entries were submitted this year by organizations and individuals around the world for consideration in more than 90 categories including Executive of the Year, Entrepreneur of the Year, Startup of the Year, Women Helping Women and Women-Run Workplace of the Year.

Nominations were submitted by organizations in 25 nations including Australia, Bahrain, Canada, Germany, Iceland, India, Italy, Jordan, Kenya, Lebanon, Mexico, New Zealand, Nigeria, Pakistan, Philippines, Portugal, Saudi Arabia, Singapore, South Africa, South Korea, Sweden, Taiwan, Turkey, United Kingdom and the United States.

Visit http://www.StevieAwards.com/Women for a complete list of finalists by category.

Advertisements

Update Adobe Flash ASAP As Exploits Are In The Wild

Posted in Commentary with tags , on October 16, 2017 by itnerd

Stop me if you’ve heard this before, but you need to update Adobe Flash ASAP as there are exploits that hackers are actively using them. The really funny part is that the people who came across this was beleaguered anti-virus company Kaspersky.

Yeah. Those guys.

In any case, this exploit is serious as per this:

The warning came after cyber security firm Kaspersky Lab Inc said a group it was tracking, BlackOasis, used the previously unknown weakness on Oct. 10 to plant malicious software on computers before connecting them back to servers in Switzerland, Bulgaria and the Netherlands.

Kaspersky said the malware, known as FinSpy or FinFisher, is a commercial product typically sold to nation states and law enforcement agencies to conduct surveillance.

Kaspersky said its assessment of BlackOasis shows it is targeting Middle Eastern politicians and United Nations officials engaged in the region, opposition bloggers and activists, and regional news correspondents with the latest version of FinSpy.

The company said victims have so far been observed in Russia, Iraq, Afghanistan, the United Kingdom, Iran and elsewhere in Africa and the Middle East.

Excellent. Here’s what you can do to protect yourself:

Option 1: Download the latest Adobe Flash. Install it and wait for the next Flash based exploit to appear.

Option 2: Uninstall Adobe Flash as there is no real reason to run it. That will make the next Flash based exploit a non-event.

The choice is yours.

Microsoft And Apple Have Already Patched “KRACK” Vulnerabilities

Posted in Commentary with tags on October 16, 2017 by itnerd

Good news for those who are running the latest and greatest, or at least the still supported from either Apple or Microsoft. That rather nasty WiFi vulnerability that I told you about this morning has already been fixed. Apple has disclosed via MacRumors that upcoming updates of iOS, macOS, tvOS, and watchOS will have the fixes on board. Microsoft has told The Verge that if you are running a supported operating system and you installed the patches that came out on October 10th, you’re good to go.

Now that’s great for Apple and Microsoft users. But Android users will have to wait weeks for a patch. Maybe months depending on who’s phone you own. And what happens to those who own IoT devices, WiFi routers, etc.? It’s anyone guess if or when they’ll be patched. That means that this will be a problem for some time to come.

Review: The Essential Phone & Essential 360 Camera

Posted in Products with tags , on October 16, 2017 by itnerd

If you’ve heard of Google, you’ve likely heard of Andy Rubin. He was the guy behind the Android operating system. That worked out well for him. For his next trick, he’s making a phone that runs Android. And it’s called the Essential Phone which is being carried by Telus exclusively in Canada. Here’s what you get under the hood:

  • 5.71-inches, Quad-HD display, 2560 x 1312 resolution
  • 8MP Front camera
  • 13.1MP Dual rear camera
  • 128GB storage
  • 4GB RAM
  • Rear Fingerprint Sensor
  • Android 7.1
  • USB-C

First off, this phone feels solid. That’s due to a titanium frame and ceramic back. The flip side is that this phone is a fingerprint magnet. You’ll need to put it in a case if you want to keep it clean. Another point to make. this phone is neither dust proof or waterproof unlike the likes of the Apple iPhone 7 or Samsung Galaxy S8. Nor does it come out of the box with wireless charging. Oh yeah, the memory is non-expandable. Those could be fatal flaws for a smartphone these days. But strangely I can overlook all of that.

Now one thing that is different is the fact that it has a magnetic connector on the back with wireless data transfer. The first accessory that utilizes this is a 360 degree camera which I will get to in a bit. Then next that’s coming soon is a wireless dock that promises cordless charging to address the fact that it doesn’t have it at present.

Back to the phone. The star of the show is the Quad-HD screen which is in a word, stunning. Except for that cutout for the front facing camera that looks kind of weird. But seeing as the iPhone X has a similar cutout, is this a big deal? Likely not. I should note that Google apps like Maps work best with the cutout. However other apps from developers outside of Google are hit and miss. When it misses, there’s a black bar on the top of the screen. You are either going to love or hate that. In terms of the rest of the phone, it’s insanely minimalistic. Power and volume controls on the right. The SIM tray and USB-C connector are at the bottom which is where the only speaker is. In other words, there’s no stereo speakers. There’s also no headphone jack as well. But there’s a USB-C to 3.5″ adapter in the box if you wish to live the dongle life. If you don’t, there are many Bluetooth and the USB-C headphones for you listening pleasure. On the back is the fingerprint sensor. If that doesn’t minimalistic, I don’t know what does. Good thing the battery isn’t minimalistic as it will last almost two days of usage between charges.

The software is stock Android. And I do mean STOCK with the only non stock apps being the Camera app which is made by Essential and the Telus My Account app. That I love. So is the fact that the phone is quick and everything that I did to the phone couldn’t slow it down.

Speaking of the camera, I’ve got two cameras to cover off today. The stock camera is 13.1MP dual rear camera that’s capable of 4K video. To test this out, it required a trip to Pearson Airport in Toronto to get some shots of planes landing:

All these pictures were easy to take thanks to the simple yet effective camera app. There were no issues in quality. And in terms of video, here’s one shot on 4K:

Again, it was easy to get this video thanks to the easy use camera app. No issues here with the video.

Now onto the party trick that the Essential phone has which is the Essential 360 camera.

IMG_0901.jpg

It attaches magnetically and it uses the smartphone to capture 360-degree stills and 4K video using the camera app. While it’s on your Essential phone, you can’t use the built in camera. It features two 12MP sensors, a pair of fisheye lenses, each with a 210-degree field of view. Now to be honest, going into this review, I have to admit that this camera seemed like a party trick to me. But maybe there’s a use case for it given these results, starting with this 360 degree video which you can interact by clicking and dragging the video. For best results, I’d recommend using the Chrome browser:

It’s an interesting feature is easy to use and works well. But I have to admit that I am still undecided if this is a feature that will set the Essential Phone apart from its competition. And I don’t think that the Essential Phone will appeal to everyone the way an iPhone or a Samsung Galaxy will. But I suspect that it will find a market for those who want a powerful yet minimalistic phone that comes with stock Android and a few tricks up its sleeve. Telus is offering up the phone for $1050 outright, or up to $0 on a 2 year term. The Essential 360 Camera goes for $270. Check it out if you want a different sort of Android phone.

“KRACK” WiFi Exploit Affects Every WiFi Device Out There

Posted in Commentary with tags on October 16, 2017 by itnerd

This isn’t good. There’s a exploit that affects any device that uses WiFi and the WPA2 security protocol. Dubbed “KRACK” or Key Reinstallation Attack, it is scary for this reason:

The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: hackers can eavesdrop on your network traffic.

This affects everything from your iPhone to the debit card machine in a restaurant, not to mention IoT devices. That’s not good. Here’s what’s worse. Patches are slowly rolling out now. But it’s an open question as to when a device might get a patch. Assuming that it gets one at all. So you may end up with a device that never gets patched and is at risk for pwnage via this exploit. Hopefully device manufacturers get it in gear and protect their users quickly.

Subaru Cars Can Be Easily Pwned Via $37 Of Hardware

Posted in Commentary with tags on October 16, 2017 by itnerd

If you own a Subaru, you might want to read this as there is an unpatched exploit that is now out there that makes it very easy to clone key fobs and open cars:

Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes — called rolling codes or hopping code — should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars…

The researcher said he reached out to Subaru about his findings. “I did [reach out]. I told them about the vulnerability and shared my code with them,” Wimmenhove told BleepingComputer. “They referred me to their ‘partnership’ page and asked me to fill in a questionnaire. It didn’t seem like they really cared and I haven’t heard back from them.”

That’s a pity. I guess they didn’t see this as something to be concerned about. I bet that once people read the story above and see the video below demonstrating the pwnage, they might change their tune:

Here’s the kicker, the pwnage was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor. In other words, $37 of hardware was used to pull this off. Subaru really needs to step up and disclose how they are going to protect owners from this. And they need to do it quickly.

Pizza Hut Pwned…. Credit Card Info Swiped

Posted in Commentary with tags on October 16, 2017 by itnerd

This is quickly becoming the year of pwnage. The latest pwnage victim is Pizza Hut who not only got pwned, but did a craptastic job of telling the 60K or so who got affected that they were affected:

Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them.

According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed.

The “temporary security intrusion” lasted for about 28 hours, the notice said, and it’s believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information — meaning account number, expiration date and CVV number — were compromised.

The fact that they took that they didn’t disclose the pwnage right away is problematic to say the least. There should be a law that requires companies to immediately disclose that they’ve been pwned. In this case, the hackers who did this have a one week head start on whatever chaos they want to cause using the credit card info they swiped. Hopefully someone on Capitol Hill takes notice of this and asks the top brass at Pizza Hut not to deliver a pizza, but to deliver some answers instead.