Archive for January 18, 2018

Game On: EGLX 2018 Levels Up

Posted in Commentary with tags on January 18, 2018 by itnerd

Get ready to break out the controllers. EGLX, Canada’s largest gaming convention, will unite 15,000 avid gamers for the ultimate fandom experience this March in Toronto.

EGLX runs from March 9-11, 2018 at The International Centre in Toronto, featuring an expanded virtual reality zone, where guests will be able to demo virtual games and discover specialized arcades opening in the GTA. There will also be a retro gaming zone, where gamers can play on classic consoles and swap childhood gems.

In addition to gaming zones, gamers will be able to interact with special guests and attend creative influencer panels. Headlining EGLX, the entire YouTube rosters of Hidden Block and Normal Boots will be present to compete for the first time during an energized multiplayer event.

Thousands of players will further faceoff at the convention during competitive gaming tournaments. Spotlighted for EGLX 2018, there will be tournaments for Smash Bros., CS:GO, Halo 5, Hearthstone, Street Fighter V and other fighting games. Millions of users will be able to view the live tournaments online and players will be eligible to win awards and cash prizes.

EGLX (Enthusiast Gaming Live Expo) is presented by Enthusiast Gaming Inc. and Destructoid.com. For more information, please visit eglx.ca. Follow Enthusiast Gaming Inc. on Twitter and Instagram , and Like it on Facebook.

Advertisements

Fix For “chaiOS” Exploit Coming Next Week

Posted in Commentary with tags on January 18, 2018 by itnerd

I recently told you about the “chaiOS” exploit which causes an iOS or macOS device to crash. Apple has now confirmed that a fix is coming next week. That isn’t a surprise as I was unable to reproduce this in the latest iOS 11.2.5 beta. Thus it is safe to assume that the same fix is in macOS as well.

In the meantime, if you receive a weird link from friends, don’t click on it, as they could be pwning you with this bug. What will also help is that the link came from a webpage on GitHub. But it’s since been removed which will limit its spread.

Seagate QUIETLY Patches Security Flaw In Their Personal Cloud NAS Devices

Posted in Commentary with tags on January 18, 2018 by itnerd

If you have a Seagate Personal Cloud NAS device, I’d advise you to check for a firmware update because according to a security researcher, there was a nasty bug that Seagate apparently quietly patched after not acknowledging that the flaw even existed:

The vulnerability affects Media Server, a web application that runs on the NAS and allows users to interact with the data stored on the device via a network connection.

And:

The flaw —named an unauthenticated command injection— allows attackers to run commands on the device’s underlying firmware from its web management interface.

Koster put together proof-of-concept code that would use the flaw to enable remote SSH access on the Seagate NAS and then change its root password.

One note is that you have to be on the local network to pull that off. But there’s lots of malware that are capable of getting onto a local network and potentially exploiting something like this. Thus this isn’t trivial.

Here’s the the key point to all of this:

[Security researcher named Yorick] Koster has reached out to Beyond Security’s SecuriTeam managed vulnerability program to inform Seagate of the issue he discovered. Beyond Security, on behalf of Koster, has reached out to Seagate.

“Seagate was informed of the vulnerability on October 16, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory,” Beyond Security wrote.

But Koster has told Bleeping Computer that while ignoring the vulnerability report, Seagate has quietly patched the flaws he reported.

“I can confirm it is fixed on my NAS,” Koster told Bleeping Computer, pointing us to the Seagate Personal Cloud changelog for version 4.3.18.0.

That’s really craptastic handling of this issue by Seagate. The fact that they didn’t respond to this, nor did they wrap any timelines around a fix isn’t cool. The only good news is it looks like they fixed this within the 90 day window that the responsible disclosure protocol demands. But clearly their communication needs to be better. In any case, if you have one of these devices, you need to patch it ASAP.

Current & Former Rogers Employees Say They Are Coached To Agressively Upsell

Posted in Commentary with tags on January 18, 2018 by itnerd

Earlier this week I brought you a story were it came to light that Rogers employees in their call centers were told that they had to make a sale on every call and managers turned a blind eye. Since that report, CBC has been in contact with present and former Rogers call center employees who go into detail about what goes on at the telcos call centers:

An employee who worked at a Rogers call centre in Brampton, Ont., for four years before leaving in 2015 says he and his colleagues were instructed not to mention cancellation fees from other providers when a customer switched to Rogers. CBC has confirmed his employment history, but is not identifying him — or some others in this story — because they fear they will lose their jobs.

“Because these fees were not charged by Rogers itself, we were told to gloss over them as quickly, vaguely and incoherently as possible,” he writes. “Often while the customer was speaking at the same time.”

Another trick, he says, was to secretly reduce certain services — such as the number of television channels a customer received — so he could add new services, such as a home phone line they didn’t necessarily need, but that earned points toward his monthly sales target.

“It was a calculated game of misery,” he says. “How much could you lower their existing services so they wouldn’t immediately notice, while at the same time adding as much in new services as you could?”

He says when he expressed concern over these practices, his manager reminded him that he worked in sales, and said, “It’s not your job to care.”

That sounds pretty bad. But it actually gets much worse than that:

When those customers would ask to speak to a manager, he says agents would just transfer the call to a fellow agent, who would repeat claims that there was nothing they could do to resolve an issue.

“The goal,” he says, “was for the customer to be so frustrated, speaking to someone who couldn’t do anything more than you, that they ended the call.”

Now this is something that I have heard before. I know two former Rogers call center employees who years ago told me that this was a common practice within their call centers. Thus I am not surprised that this is being mentioned in this article. But it still gets worse:

Debbie Sears handled Rogers customer calls from her home in Kingston, N.S., through a third-party company.

“We were constantly being threatened that we would be fired if we did not upsell — add a home line or a cellphone to the account,” she says. “It was a pressure cooker.”

“They expected you to sell on every call. And you were told time and again, ‘Never take no for an answer. Push, push, push!'”

“I have a hard time selling something that’s useless to them [customers],” says Sears. “I told them right from the start, and they said, ‘Oh well, you’ll get used to it.'”

She didn’t. Instead, Sears says she started having panic attacks before starting work, and her blood pressure went “through the roof.”

“My doctor was very worried I’d have a stroke,” she says. “When I got laid off [for not selling], they did me a favour.”

I couldn’t imagine working in an environment like that. But as bad as that sounds, There’s still worse. There are claims that “senior leadership” knew about and encouraged this behavior:

A former Rogers manager also contacted Go Public, admitting he was one of the people who put pressure on workers in the Ottawa call centre.

He says the pressure to upsell was so intense in 2015 that a Rogers memo (provided to Go Public) directed senior leadership to put more than two-thirds of all the call centre workers on a “performance improvement plan” — to encourage them to sell more, or risk getting terminated.

“Every day we’d have a meeting about sales targets,” he says. “A big part of my job was to manage out the low performers. Witch-hunting those people.”

On the other hand, he says, top sellers were protected — even if they behaved unethically.

“Senior leadership would often issue directives to the team managers to protect their top-level performers by turning a blind eye,” he says. “Protect the tops.”

Now you can read into whatever you want when it comes to “senior leadership”, but all of this makes Rogers sound like a horrible place to work. Now Rogers denies all of this and they’ve circled the wagons by sending out talking points to their call center staff since this story first hit the press. But given what I know from people who speak to me on background, as well as my interactions with the company, I suspect that all the claims that are here are more fact than fiction. Which is a problem if you are Rogers. I think that simply denying these accusations won’t get them very far. What they need to do instead is fully and robustly investigate these claims, then come out to the public and say what they found and what they’re going to do about it so that customers don’t feel like the telco is going to rip them off, and what they’re going to do to make sure their employees don’t feel like they’re going to hell every day they’re going to work. Because right now I can say that since these stories have surfaced, the public perception of Rogers, which wasn’t very good, is far worse now. And that’s not a good place to be if you’re Canada’s largest telco.

Apple To Planet Earth: You’ll Be Able To Disable Throttling For Aging iPhone Batteries

Posted in Commentary with tags on January 18, 2018 by itnerd

Speaking to ABC News, Apple CEO Tim Cook revealed the company will be releasing an iOS update which will enable users to disable intentional CPU throttling of devices with aging batteries. So for you iPhone 6 and 6S users, it means that if you’re willing to risk you phone shutting down every so often, you’ll get all the performance that you crave. He also took the opportunity to again apologize for “Batterygate” saying that Apple did tell users about these iOS updates and what was happening when it came to throttling back performance, “but I don’t think many people were paying attention” when they were released.

The update that Cook spoke of is apparently due next month. It will be interesting to see if that update quiets “Batterygate” down or ramps it up even further.