Archive for October, 2018

Canada & U.K. politicians Summon Mark Zuckerberg To Give Evidence Relating To Cambridge Analytica Data Scandal

Posted in Commentary with tags on October 31, 2018 by itnerd

Mark Zuckerberg must have said WTF when he work up today to this:

I can’t think of a time where something like this has ever happened. And he’s got until this time next week to say yes to this. What this group is looking for is greater detail about Facebook’s digital policies and information governance practices. Seeing as Facebook can’t stop from getting pwned in one way or another, those would be good things to ask about. We will see if Zuck ignores this like he has ignored many previous invites in the past. But I suspect things have reached a point that if he does ignore this, bad things will happen to him and Facebook.

Advertisements

Finally! An Extortion Phishing Email That Is Worth Investigating!

Posted in Commentary with tags on October 31, 2018 by itnerd

I’ve been tracking these extortion phishing emails for some time now and I have another one for you. But this one is different. Let me start with the text of the email:

Good evening,
 
we don’t think that it’s wrong to pleasure yourself from time to time.
Certain things are just best kept private, if your relatives and friends are confronted by this it will be something to worry about.
Something any person would be totally embarrassed with.
And will be having serious affects to your personal life and wellbeing.
For a period of time we have been monitoring your computer trough a trojan virus that has been installed by yourself and has infected your computer.
You have been infected by clicking on an advert on one of our infected pornographic websites.
A trojan virus gives us access to your computer and any device that is connected to it, whether it is trough wifi or bluetooth.
We have been monitoring your screen and everything you have been doing, trough a live feed, without you being aware of this.
We also have control over your camera and microphone which we can switch on and off whenever we want.
Any information that has been interesting or relevant to us has been stored privately.
For example: contacts, social media,emails,etc.
We have recorded a video where you can be seen pleasing yourself, and we have added the video you was watching as an split screen footage.
With one press of a button I can forward this video to all your contacts, social media, etc.
If you want to prevent this from happening transfer the amount of  750$ to the following bitcoin address.
 
Bitcoin address: [Bitcoin address redacted]
 
Buying bitcoin is very easy and straightforward ( usually verification is needed) trough the following websites:
http://www.coinbase.com
http://www.localbitcoin.com
http://www.coinmama.com
http://www.bitit.io
http://www.bitpanda.com
http://www.bittylicious.com
 
 
 
As soon as payment has been submitted your details and video footage will be deleted.
We will give you a timeframe of 5 days to make this payment.
Failing to do so will leave you with the consequences that you have been made aware of.
We don’t make mistakes.
Reporting this is useless, it is impossible to track this email address and these emails have been sent via an external server abroad.
These accounts have been hacked.
If you make the stupid choice to do report this or contact anybody about this message we will directly release your footage and forward it,
any other things we obtained that can possibly harm you will be used against you too.
We will get notified as soon as this email has been opened, from that moment the clock starts running.
You have 5 days exactly  not a minute longer.
 
With kind regards

So this email doesn’t offer up any proof like a password or anything of the sort that I’ve come across in some of the other scam emails. But I did note this:

Screen Shot 2018-10-30 at 9.54.46 PM

If you note, there’s a question mark at the bottom of the page. That’s where a graphic is supposed to go. Sometimes people who send out email will use a small graphic to determine if the email has hit your inbox or if you’re read it. You can read more about that technique here. Since it was an HTML email, I figured that I could view the source code behind the email as most email clients allow one to do that. When I did that, I found HTML code that was written to communicate to a server with the email address that the scam email was sent to. The domain of the server in question was called mailing.press which was registered to a entity in India based on my Whois lookup:

domain:       PRESS

organisation: DotPress Inc.

address:      Directiplex

address:      Next to Andheri Subway

address:      Old Nagardas Road, Andheri (East)

address:      Mumbai

address:      Maharashtra

address:      400069

address:      India
contact:      administrative

name:         Manager

organisation: DotPress Inc.

address:      Directiplex

address:      Next to Andheri Subway

address:      Old Nagardas Road, Andheri (East)

address:      Mumbai

address:      Maharashtra

address:      400069

address:      India

phone:        +1.4154494774×8522

fax-no:       +91.2230797508

e-mail:       admin@radixregistry.com
contact:      technical

name:         CTO

organisation: CentralNic

address:      35-39 Moorgate

address:      London EC2R 6AR

address:      United Kingdom

phone:        +44.2033880600

fax-no:       +44.2033880601

e-mail:       tld.ops@centralnic.com

I am pretty sure that none of the information above is accurate or real. Though I would not be shocked if this scam ran out of India.

Even though it is incredibly unlikely that they have anything on you, I’m willing to bet that the scammers are using this method to allow them to send follow up emails to scare you into paying. Or they’re using this method to refine their mailing lists. So in the interest of science, I’m going to play along with it to see what happens next. They say bad things will happen to me in five days if I don’t pay up? Fine, I’m not going to pay these scumbags and see what they do. This should be fun. And way better than simply writing about stuff like the last seven extortion phishing scams that I told you about in the last few months.

Apple Pulls watchOS 5.1 Update After Reports Of The Update Bricking Some Apple Watches

Posted in Commentary with tags on October 30, 2018 by itnerd

As I type this Apple has pulled the watchOS 5.1 update that was released earlier today after reports of the update bricking devices started to pop up on  Reddit, Twitter, and other places. The symptoms that people are seeing are that after installing the watchOS 5.1 update, users getting stuck on the Apple logo. Restarting the Apple Watch and paired iPhone doesn’t seem to fix the issue and some users have been waiting several hours with no change in behavior. The only fix that seems to be out there is a full Apple Watch replacement.

How many Apple Watches are affected by this? That isn’t clear. It is clear that not everyone who owns an Apple Watch is affected as I was able to update just fine for example shortly after the update was released. But whatever the issue is, it brings back memories of Apple pulling iOS 8.0.1 when it killed cellular service for iPhone users and watchOS 3.1.1 being pulled by Apple after it bricked devices.

Today was a really good PR day for Apple having released a ton of new hardware that was well received. Too bad that this day ended on a major downer for them. I hope for their sakes that they can get this sorted and quickly, and if they are smart they should bundle in a public apology too for this PR disaster.

So…. What Did Apple Announce In New York Today?

Posted in Commentary with tags on October 30, 2018 by itnerd

Quite a bit was announced at an Apple event in New York this morning. Let me run through the list:

  • Apple announced a new MacBook Air which includes a 13″ Retina Display(!). It hits the streets with two Thunderbolt 3 ports, and one headphone jack. From a looks perspective it looks like a MacBook as it comes in three colors. Apple’s T2 security chip is on board along with an 8th-gen Intel Core i5 processor with up to 16GB of RAM and up to 1.5TB of SSD storage. You can order it today and expect to get it a week from today starting at $1199 USD.
  • We finally have a new Mac Mini that is clearly aimed at pro users as the starting price of $799 USD is a healthy increase over what Apple had out there. The new Mac mini can include up to 64 GB RAM and Core i7 processors, and all models feature solid state drives up to 2TB. The Apple T2 chip is on board along with gigabit Ethernet, four Thunderbolt 3 ports, HDMI port, and USB-A. You can also configure it with 10 Gigabit Ethernet if you so choose. Oh year, there’s a new space gray finish too. You can order it today and it will be available next week.
  • There’s a new iPad Pro with a full-screen design, flat edge, rounded corners, Face ID, and insane storage and performance. The screen is a Liquid Retina display just like the iPhone XR. Under the hood is a A12 Bionic X process with 8-cores and a 7-core GPU. That serves up 35% faster CPU year-over-year. 90% faster CPU for multicore. 1000x faster graphics performance. 1TB of storage is available and so is USB-C. There’s a new Apple Pencil and automatically pairs and charges wirelessly. It magnetically snaps to the new iPad Pro too. There’s also a Smart Keyboard Folio also a new accessory with an adjustable screen-angle. iPad Pro 11-inch priced from $799 USD, and iPad Pro 12.9-inch priced from $999 USB. You can order it today and it will be available next week. Also of note, the older iPad pros are still available.

Also, it was mentioned that iOS 12.1 is out today at most likely 1PM EST. It will bring Group FaceTime, dual SIM support for the new iPhones, and 70 new emojis. I would not be surprised if a macOS Mojave, tvOS 12, and watchOS 5 update ships as well.

I am also watching to see if anything else pops up because Apple does have a habit of making changes after an event without letting anyone know about it. So stay tuned to this post as I will update things accordingly.

UPDATE: The full video of today’s event is available here.

UPDATE #2: As expected, just after 1PM EST this happened:

I have confirmed that tvOS 12.1 is out too along with an update to the HomePod. In other news, Apple apparently has killed off the rose gold 12″ MacBook. It has been replaced with a gold version.

Guest Post: NordVPN Discusses How to Protect the Privacy of One’s Mobile Device

Posted in Commentary with tags on October 30, 2018 by itnerd

According to a Q4 report by We Are Social of 2018 Global Digital Trends, there are almost 4.2 billion people using the internet and 3.4 billion active social media users.

Millions of new users, especially across Africa and South Asia, have started using the internet for the first time in the past few months. Most of them are connecting through mobile devices.

In general, mobile internet usage accounts for more than half of all global web traffic. Google’s Consumer Barometer survey says that users are five times more likely to go online via their phones.

“Mobile phones are now our favorite tools for internet browsing. However, not many people realize that mobile devices have even more data privacy concerns than computers,” said Ruby Gonzalez, Communications Director of NordVPN. “Basically, a mobile phone acts as a spy – it tracks its owner’s location and gives a lot less control over privacy than a computer would.”

People rely on their mobile phones not only for social interactions but also for banking, sharing data, storing passwords and other sensitive information. As such, they are vulnerable to security breaches, as well as personal hacking attacks, especially when using public Wi-Fion their phones.

NordVPN has put together some advice on how to protect one’s privacy on a mobile phone:

1. Recognize suspicious SMS. One of the most common “smishing” attacks is a text message that contains a link to mobile malware. Once a user clicks on it, a malicious app can be installed on their smartphone. In another example, a scammer can use techniques that are common for charities when a disaster strikes. A charity may send a text message saying “Flood,” and once a user responds with the code word “Prevent,” they automatically donate a certain amount of money to the organization.

Users should be careful about clicking on any SMS links or replying to messages. It’s also a good idea to use NordVPN’s CyberSec feature, which is designed to block malicious sites and phishing links.

2. Be careful when downloading apps.There are fake apps designed specifically to collect one’s information or install malware. It’s best to download apps directly from official app stores (iTunes, Android or Amazon) and to check for any signs that might scream the app is fake. For example, grammar mistakes indicate an app is not legitimate and so do requests to enter one’s private information.

3. Install a mobile VPN app.A VPN encrypts all the traffic flow between the Internet and a user’s device. When shopping, banking, or sharing personal information online, users are advised to be aware of unique threats mobile device users face and to always use a VPN. NordVPN’s mobile app (available for iOS and Android devices) provides secure encryption and user-friendly design and functionality.

4. Make sure your software is up to date.Hackers often exploit privacy and security holes – those holes are patched up withsoftware updates. Therefore, it’s important to keep one’s software always up to date.

In addition, NordVPN recommends usinge passcodes to lock one’s phone (they should be more difficult than “1234” or one’s birthday) and not to click on any suspicious links received by email.

 

 

Text Message Spam & “Spam” Hit Rogers Wireless Customers

Posted in Commentary with tags on October 30, 2018 by itnerd

It seems that if you’re a Rogers Wireless customer, you’re getting hit spam and “spam.” I’ll start with the actual spam. Rogers customers seem to be receiving messages like this one:

Needless to say this is spam and it looks like a new version of this scam that I came across some time ago. Thus if you are a Rogers customer and you get one of these text messages, don’t click on the link. Instead, forward the message to 7726 (SPAM) and Rogers will investigate.

Now onto the “spam.” Something that blew up my inbox overnight is the fact that Rogers customers are getting text messages via Rogers  “GeoTxt” ad service which used to be called Rogers Alerts. It sends coupon offers when a user is geographically close to a Rogers partner. And this isn’t going over too well with customers.

Ryan Cash, the founder of Built by Snowman which is part of the reason why he has a blue checkmark on his Twitter account and his message to Rogers to the point. This is how Rogers responded:

In short, by being a Rogers customer it appears that you automatically opt in to this service. And that isn’t good as it kind of reminds me of the Negative Option Billing fiasco that blew up in 1996 here in Canada. Consumers reacted negatively to that at the time, and there seems to be a similar reaction now:

Rogers really would be well advised to change this practise ASAP as it clearly has upset customers. That doesn’t help with retention rates. Nor does it help with Rogers reputation. I’ll be watching to see what happens next in terms of Rogers addressing this or hoping that this blows over.

OpenText Announces Extended ECM for Microsoft Dynamics 365

Posted in Commentary with tags on October 29, 2018 by itnerd

OpenText a global leader in Enterprise Information Management (EIM), today announced the availability of OpenText Extended ECM Enabler for Microsoft Dynamics 365 for Customer Service. The new solution, developed in partnership with Contesto, integrates OpenText’s leading Enterprise Content Management (ECM) portfolio with Dynamics 365 for Customer Service to deliver a complete set of content services to enrich business processes flows, and enable seamless customer engagement.

OpenText Extended ECM Enabler by Contesto for Dynamics 365 for Customer Service enables intelligent and connected enterprises to transform sales, marketing, customer and field service automation by securely and seamlessly integrating content services into business processes.

The integration of OpenText’s ECM solutions with Dynamics 365 for Customer Service enhances business processes – specifically in sales and service scenarios such as lead-to-cash and problem-to-resolution – driving improved productivity, collaboration and customer service. The integration also enables the enterprise to maximize the value and insight from both unstructured content and structured data.

The OpenText Extended ECM Business Workspace is at the center of the integration. It allows customer-facing roles to remain within the Dynamics 365 business application, while simultaneously having access to the full breadth of information and documentation from across the organization needed to provide efficient and outstanding customer service.

OpenText also continues to invest in connecting the digital workplace to the digital business. Customers can now benefit from a tighter integration with Microsoft Teams. OpenText Extended ECM for Microsoft Office 365 allows organizations to augment the repeatable and consistent collaboration of Business Workspaces with the workplace chat, meetings and notes that Teams brings to internal and external stakeholders,

Additional certified OpenText EIM solutions available on the Azure platform include:

  • OpenText Content Server
  • Documentum Content Server
  • Media Management
  • Archive Center
  • Application Governance & Archiving for SharePoint
  • Extended ECM Platform
  • Web Site Management and Capture Center.