Archive for December, 2018

Twitter Claims To Have Fixed A Security Hole….. But It Actually Didn’t

Posted in Commentary with tags on December 31, 2018 by itnerd

The fine folks over at Gizmodo have an eye opening story that goes like this. Security researchers from Insinia Security discovered a hole on the Twitter platform that could allow a miscreant to post unauthorized tweets. They disclosed this to Twitter, and the social media company claimed to have fixed the problem. But when the researchers sanity checked the fix, they discovered it wasn’t fixed:

During a private chat with Gizmodo, however, the hackers appeared to reproduce their experiment, forcing an account belonging to the head of a London-based financial technology company to retweet a tweet from the BBC. Insinia said it verified the flaw remained using “a number of accounts.”

Twitter claims it is investigating this, but this seems like one hell of a screw up. Or worse, Twitter might have been hoping that nobody checked their work. Too bad for them that someone was smart enough to.

Take home message. If you say something is fixed. You should make sure that it is fixed or someone will call you on it.

Advertisements

Why Is The Planet Freaking Out About Huawei?

Posted in Commentary on December 31, 2018 by itnerd

One of the stories that readers told me that I didn’t cover was the ongoing saga of Huawei and the fact that many countries see them as a threat. Readers wanted to know what the big deal with them was and if they are a real threat. Thus I decided to write a quick primer on Huawei and everything that surrounds them.

First, let’s discuss who Huawei are. Huawei Technologies Co., Ltd. is a Chinese multinational telecommunications equipment and consumer electronics company based in Shenzhen, Guangdong. Huawei has deployed its products and services in more than 170 countries, and as of 2011 it served 45 of the 50 largest telecom operators. And that’s where their problems begin. It is perceived by many that Huawei because of its close relationship with the Chinese government is using Huawei equipment to act as a means to spy. Specifically:

  1. There could be “kill switches” in Huawei equipment that even close inspections would miss.
  2. There could be “back doors” which could be used for data snooping which the Chinese government could leverage.

Now even though these security concerns are not new as this Wikipedia article details, they are being brought to the forefront because of the rollout of 5G technology. You see teclos can only buy the back end gear needed to rollout 5G tech from a small number of providers. And Huawei is one of the biggest makers of this sort of back end gear. Given that there’s a significant amount of mistrust of Huawei, and the company hasn’t exactly done itself any favors by saying anything other than “trust us”, here we are talking about it. Countries such as the UK, Australia and New Zealand have banned the company from their networks. The US has suggested that a similar ban is coming and Canada is under immense pressure to do the same. Telcos are either ripping out their gear or at least thinking about doing so. And even sports teams are dumping their gear within their facilities.

What also doesn’t help Huawei is the fact that they have a history of violating sanctions against countries such as North Korea, Syria and Iran. Something that doesn’t exactly go over well with many countries such as the US, the EU and others. That has been brought to light by the arrest of Huawei CFO Meng Wanzhou by Canada at the request of the US. She’s accused of hatching a complex deal to violate sanctions against Iran. Which in turn has set off a diplomatic row between China and Canada with China arresting two Canadians to try and force Canada to release Meng, A full timeline on all of this can be found here.

I should also point out the fact that they have a bit of a history of being accused of stealing intellectual property which doesn’t help their cause. But let’s get to the point of this story. Is Huawei a threat? Before I get to what I think, let me say this. There’s never been any definitive proof that they are as no security has ever found a back door in any of their gear (yet). But at the same time, there’s nothing out there that says that they are not a threat given the fact that other companies from China have had a history of being caught doing things they shouldn’t be doing. ZTE being the prime example of this. Now Huawei has repeatedly stressed it’s a private company that’s owned by its employees and has no connection to the Chinese government. But seeing as company founder Ren Zhengfei was once an officer in the Chinese People’s Liberation Army, it makes people wonder how much independence the company has from the government. No matter how loose the association between is between the company in general, the founder specially, and the Chinese government is. Regardless, you can expect that in 2019 that talk about going after Huawei will ramp up and a lot more time and effort will be put into figuring out if they are a threat or not.

As for what I think, I have been on record as saying that I think that Huawei is a threat that needs to be taken seriously because there’s evidence floating around out there that suggests that they are a threat. But seriously, who cares what I think. If Huawei wants to put this issue to bed once and for all, they need to open themselves up to allow for closer scrutiny. Something that the company has suggested that they will do. But it can’t be a line item on their financials nor can it be a dog and pony show with no substance. The only way this goes away is if the company is completely open and demonstrates without a doubt that they aren’t a threat to anyone. Whether they are willing and capable of doing so is a very open question that will be answered in 2019 one would think.

 

2018: Year In Review

Posted in Commentary on December 28, 2018 by itnerd

At this time of year I like to look back over the past 365 days and pick out the stories that really got my attention. Now if you have something that you think that should be on this list, leave a comment with your thoughts. Now on to the top stories of the year:

#DeleteFacebook: The number one story of the year has to be Facebook. Whether we’re talking about the Cambridge Analytica scandal, other data leakage issues that Facebook disclosed, or the info that Facebook collected on everyone so that they could monetize it,  or Facebook becoming very shifty in terms of taking responsibility anything, this is the story that everyone was talking about. And people talked about getting Facebook out of their lives as the company has pretty much proved that they cannot be trusted. Which is something that I do not believe will go away in 2019 as Facebook is in deep trouble with no clear path to rescue themselves.

The Fall Of Apple: Apple briefly was a trillion dollar company this year. The high points for Apple end there. #BatteryGate carried over from last year, as did their poor software quality which at Christmas was highlighted by iOS 12.1.2 which created issues for cellular data for iPhone users far and wide. Not to mention that a watchOS update bricked a ton of Apple Watches and #KeyboardGate. To add to the low points comes #BendGate 2.0 which involves Apples brand new iPad Pro arriving to customers bent, which somehow according to Apple is “normal”, and Apple deciding to no longer report how many iPhones they sell in a given quarter which implies that we’ve reached peak iPhone sales and the only direction that they will go is down. Something that is clearly highlighted by the fact that Apple for the first time ever is offering incentives for you to buy the iPhone XR. Something that they might not have had to do if they did’t price the things so high. Clearly Apple is a company in deep trouble with issues that likely have Steve Jobs spinning in his grave. Barring some miracle, I see no change in that in 2019.

Rogers On The Back Foot…. Again: Canada’s largest telco was caught out this year again this year on multiple fronts. Let’s start with their problems with the Apple Watch which continued into 2018. Sure they ultimately got support for Apple’s wearable device by September of this year, but only for consumers. Business customers need not apply. Then they muddied the message when Apple announced that they supported the eSIM standard in the new iPhones that came out this year, but Rogers didn’t know anything about that. But what may be a long term issue for Rogers is the fact that their Internet offerings pale in comparison with what Bell Canada offers. And Rogers has no clear path to catch up to Bell. I think it’s safe to say that 2019 is going to be a very difficult year for Rogers as they seem not to be able to get their act together.

Bell Canada Not Helping Their Own Cause: It wasn’t all smooth sailing for Bell. Sure they were aggressively expanding their fibre footprint to make Rogers life miserable. But unfortunately for them, they got slapped by a judge for making deals with customers and changing the terms after the fact. Plus they were the most complained about telco in the land. A total #Fail for a company who because of the tech that they have on offer could take out Rogers with ease. But that won’t happen as long as these issues exist. And to be frank I do not expect this to change in 2019. Though they are free to surprise me.

Hello Telus: My frustrations with Rogers and their lack of Apple Watch support led me to switch to Telus in 2018. Though their pricing was no different than Rogers or Bell, the quality of their customer service was completely different. It was refreshing to see that a Canadian “big three” telco can deliver a high standard of customer service in an era where nobody expects that from a Canadian telco. This level of customer service was more than enough to make my wife switch as well. Something that she later said she should have done years ago. I highly recommend Telus if anyone who wants to do business with a “big three” cellular provider. And if they offered their TV, phone and Internet offerings in Ontario, I’d switch those away from Rogers in a heartbeat.

Extortion Phishing Scam Emails Abound: Much of my year was spent highlighting a new type of scam email that preys upon those who surf for porn (not that there’s anything wrong with that). The emails show that you have to be on your toes to avoid not becoming a victim. This is a trend that sadly I expect to continue in 2019. But what will also continue in 2019 is that I will shine a light on this scam and any others that come to my attention as the scum who come up with these scams deserve to be found out for the low life sub-humans that they are.

Reviews, Reviews, And More Reviews: This year was a busy one for me as I did 48 product reviews this year. On top of all that, I did the fifth annual IT Nerd Awards. Without giving too much away, you can expect to see much more of that in 2019.

And now, here’s my top ten posts in terms of page views from this year:

1. Rogers Rolling Out New Modem/Routers For Ignite Internet…. Why You Should Care

2. Rogers Continued Inability To Support The Apple Watch With LTE Continues To Stoke Frustration

3. How To Fix “Windows can not connect to the printer 0x00000057”.

4. Review: GTA Car Kits Pure Bluetooth Car Kit

5. My Move From Rogers To TELUS Mobility [UPDATED]

6. Rogers Messaging About The Apple Watch With LTE May Be Sending The Wrong Message

7. A Brand New Extortion Phishing Scam Is Making The Rounds….. Here’s How Not To Become A Victim

8. Review: Rogers NextBox 3.0

9. A Plot Twist On The Rogers/Apple Watch Series 3 Story [UPDATED]

10. Don’t Fall For This Interac Scam That Is Delivered By Text Message

As if to highlight the fact that Rogers did not have a good year, FIVE stories related to Rogers pop up in the top ten. Only two were positive. You can push that to six if you count the story on my move to Telus which clearly people wanted to read about. That’s not good if you’re Rogers. Clearly, Rogers has some serious work to do in 2019 to turn this around as from a PR perspective, this is pretty bad. The other thing that I note is that two stories about scams that I tripped over made the top ten. And Microsoft should really do something to address that printer issue as that’s been in the top ten year after year.

And the top ten countries that visited my blog in 2018 are:

  1. Canada
  2. United States
  3. Germany
  4. United Kingdom
  5. Australia
  6. India
  7. Indonesia
  8. France
  9. Singapore
  10. Philippines

In all, people from 191 countries visit this blog. It shows that my blog has a global reach with almost 1.7 million page views this year.

Here’s to 2019 as for better or worse, the tech world is really going to be very interesting. And I will be here to comment on it.

 

 

Happy Holiday’s! Here’s Another Extortion Phishing Scam Email To Be Aware Of!

Posted in Commentary with tags on December 27, 2018 by itnerd

So these extortion phishing scams are continuing to pop up because clearly the loser scumbags behind these scams have nothing better to do during this holiday season. I just got this scam email from a reader which scores low on the originality scale as it is similar to this one that I told you about a few days ago:

Hi, stranger!

I know the [PASSWORD REDACTED}, this is your password, and I sent you this message from your account.

If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?

In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy

(you know what I mean).      

While you were watching video clips, my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.          

What I’ve done?

I made a double screen video.

The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.

What should you do?

Well, I think $742 (USD dollars) is a fair price for our little secret.

You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).

BTC Address: [BTC ADDRESS REDACTED]

(This is CASE sensitive, please copy and paste it)

Remarks:

You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.

However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer “Yes!” and resend this letter to youself.

And I will definitely send your video to your any 10 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.

Bye!

The reader said that this was sent from his email address. That way it looks like his account had been hacked. But just like that last extortion phishing scam email that I reported on, it was being sent from another email server. In this case, it was in Poland. Thus this is clearly a scam and the email should be instantly deleted. The fact is that scumbags who are behind these emails shouldn’t be able to get their hands on your money. And if everyone who got these emails deleted them and didn’t pay these losers, these emails would stop hitting your inbox instantly. Thus if you get one of these emails, simply delete them and continue with your day.

Guest Post: Five Cybersecurity Predictions for 2019 from NordVPN

Posted in Commentary on December 27, 2018 by itnerd

It’s not an easy task to remember a week in 2018 without a major data leak or security breach. Passwords were leaking, new sophisticated malware attacks were spreading, data was breached, and governments around the world once again overturned privacy rules. NordVPN’s Digital Privacy Expert Daniel Markuson says that 2019 will keep getting worse.

“The year 2018 not only (yet again) shocked the world by highlighting systemic cybersecurity issues. Multiple governments adopted new rules and laws, which are making a global impact now and will echo for years to come,” says Daniel Markuson, Digital Privacy Expert at NordVPN. “Still, 2019 can bring some hope for the future – but only if governments and corporations understand the importance of digital privacy and security.”

Based on the outcomes from 2018, NordVPN’s expert lists five significant trends that will shape cybersecurity and digital privacy in 2019:

  1. Identity theft, phishing scams, and personal data loss will hit a new high.

From Facebook and Google to Quora and Marriott, this year’s data breaches have affected more than 1 billion people around the globe. Add that to the existing pool of leaked data, and hackers will have an invaluable resource for tailoring a phishing scam or taking over your Facebook or Netflix account. Without a doubt, it will be used in 2019.

  1. Some governments will lean towards higher data security standards.

The GDPR in the EU established a new set of game rules by regulating the way corporations protect the data of their customers. It is still early to tell whether the new regulations have made a positive impact, but they have brought a shift towards more responsible use of private data. In 2019, some non-EU countries will likely follow the example and introduce a similar set of laws for data protection as well. Next year, all eyes will be on the US, where California has set a high bar by passing the Consumer Privacy Act. However, it is still unclear if other states will follow. We really hope they do!

  1. Use of encrypted communications will face new challenges.

In December, Australia passed the Assistance and Access (A&A) bill, also known as anti-encryption law – all despite an uproar within the society. The bill requires tech companies to create backdoor access to the encrypted communications of their users. It would be used by law enforcement agencies to intercept and read the content of the private messages. Despite the opposition to the law, similar ideas have been floated in multiple countries including the US. Having in mind the everlasting itch to spy on their citizens, it wouldn’t be a shocking surprise if other members of the ‘14-eyes’ countries would follow this example in 2019.

  1. Tech companies will look for new ways to win the trust of their potential customers.

A lot of data has been stolen this year. Despite the companies’ size and significance, despite the self-proclaimed ‘best security practices,’ despite the risk of being fined under the GDPR. It’s no surprise that ensuring customers’ trust will become more critical than ever. Companies will learn (although slowly) from their mistakes and invest in penetration testing, security audits, AI, and implementing zero-trust policies to prove that they are making an effort to protect their clients.

  1. Cloud security will become a bigger issue.

As people change locations and devices, cloud computing becomes inevitable both for private users and corporations. At the same time, it becomes a bigger security problem. GoDaddy, Los Angeles 211 center, Viacom, and just recently the United Nations had their data records harvested from cloud storage. The biggest issue is still simple configuration errors and user neglect. Nevertheless, as we can expect more leaks and breaches here, new cloud security measures and services will come out in 2019.

Review: ASUS ROG STRIX SCAR II Edition GL504GS

Posted in Products with tags on December 26, 2018 by itnerd

Serious gamers who want portability want a gaming laptop that doesn’t feel like a sack of bricks to carry around. But at the same time they want enough power to pwn their opponents in Call Of Duty, Fortnite, or whatever game they’re playing. ASUS can help you with that by serving up the ROG STRIX SCAR II Edition laptop:

fullsizeoutput_c83.jpeg

This is your classic gaming laptop with a full sized mechanical keyboard that feels great when you type on it. It’s also capable of lighting up as you can see from the picture. You will also note that besides the keyboard, the underside of the laptop lights up and the ROG logo on the back lights up as well. That’s either going to be cool to you or it will be a bit over the top.

HiSq5SraTeiduOYjFxEejQ

The left side of the laptop is where most of the ports live, You get gigabit ethernet, HDMI, two USB-A ports, a USB-C port, and a headphone jack.

Bq2Y1zwPS+6pbg0yRoAjOg

The right side has a USB-A port and a SD Card reader slot. Plus there’s a security cable lock slot near the back.

It has a 15.6″ IPS panel that does HD resolution and exhibits zero glare which makes it easy on the eye. The bottom of the screen has a really thick bezel and is the location of the HD webcam as illustrated here:

fullsizeoutput_c82.jpeg

The reason why I am pointing this out is because the camera makes you want to look at it in a very un-natural way. That might be a problem for someone who does a lot of video calls and the like.

Other specs include:

  • 2.2GHz (up to 3.9GHz) Intel Core i7-8750H processor
  • 16GB RAM
  • 256GB PCIe NVMe solid state drive + 1TB FireCuda SSHD
  • GeForce GTX 1070 graphics card with 6GB of dedicated video memory
  • 802.11ac Wave 2 Gigabit WiFi. What’s cool about this is that it has four antennas that provide better WiFi connections to the laptop.
  • Bluetooth 5.0 connectivity
  • Windows 10

It weighs in at around 5 pounds which isn’t light, but far lighter than a lot of gaming laptops out there. The side-firing speakers are excellent. They have a loud but clear and unmuffled sound profile that’s supported by tons of bass. They’re great if you want to game alone and out loud or if you decide to watch a few videos with friends or roommates. You get a ton of apps to aid in your gameplay. Such as utilities to overclock the system, crank up the fans, or making your gameplay better by helping you to play better. It feels very upscale and classy thanks to the aluminum finish.

To test out the power of this laptop, I tried out Zwift which is an online platform that allows cyclists to ride a variety of real and imagined courses assuming you have a stationary software controlled stationary trainer. In my case, this one. That doesn’t sound exciting. But Zwift really pushes a computer because it has to acquire data such has the riders heart rate via a Bluetooth enabled chest strap, their cadence (how fast they are pedaling) via a Bluetooth enabled sensor, and not only determine how fast you are going via the software controlled trainer, but also to the required math to replicate uphills and downhills in 1% gradient increments. All while trying to replicate roads of London, Innsbruck, or wherever else you happen to be riding. Not to mention the dozens or in some cases hundreds of people around you. In short, that’s not easy for any computer to do as there is a lot that is in play. Now, the actual look of Zwift at HD resolution or higher connected to a 4K TV was dead smooth with no stuttering an no lag. However, I did run into issues with connecting my Bluetooth sensors to the ROG STRIX SCAR II laptop. I was able to connect two sensors with ease. But when you added a third to the mix, it had problems with the third sensor staying connected. I was able to replicate this with another set of sensors connected to the ROG STRIX SCAR II laptop. However I was not able to replicate this behavior with another laptop that I was reviewing at the time. Thus I have to assume that the implementation of Bluetooth 5.0 on this laptop is problematic. But the flip side to that is that I am testing using a pretty extreme use case. Thus if you’re sticking to more straightforward games like Call Of Duty or Fortnite which don’t use the sort of sensors that Zwift does it shouldn’t be an issue. Though it should be something that ASUS should look at.

Finally, while battery life is usually an issue on gaming laptops. The SUS ROG STRIX SCAR II Edition GL504GS isn’t any different. You’ll get about 3.5 to 4 hours on battery if you’re surfing the net and watching videos on YouTube. The take home message is that you should not stray far from a power outlet. Having said that, the target market for this laptop isn’t interested in the best battery life possible.

The ASUS ROG STRIX SCAR II Edition GL504GS goes for $2000 CDN at Best Buy which is great price given the power and capabilities of this laptop. If you want a laptop that will allow you to pwn people with power to spare, the ASUS ROG STRIX SCAR II Edition GL504GS should be on your list to look at.

 

Review: MSI PS42 8M-096CA

Posted in Products with tags on December 24, 2018 by itnerd

MSI is rolling out a new pair of laptops that’s aimed at creators of content. Meaning photographers, designers, or 3D animators. The first one that I will look at is the MSI PS42.

NVdcJITnSu6Ke8h4HY00OQ

The first thing that I noted was this laptop was very, very light. It weighs 1.19kg which puts it in the range of the MacBook Air. However, based on these specs, it is way more powerful:

  • Intel Core i7 8550U processor that runs at 1.8 – 4.0GHz
  • Windows 10 Home
  • 16GB RAM
  • Intel UHD graphics
  • Thin bezel 14″ IPS-level panel
  • 512 GB SSD based Storage
  • 802.11ac WiFi
  • Bluetoot 4.1

Those specs on paper crush the MacBook Air rather easily. To confirm what the results would be in the real world, I put that to the test. But before I get to that, let me point out some other things:

UA9KiqlIRRigqr08vA5zXw

On the left side of the PS42 there’s a HDMI port, a USB-C port and a headphone jack.

BdsGZrtMS2iyykyZP7YyFw

On the right side are two USB-A ports, a USB-C port, a card reader slot as well as a security lock slot. In short, unlike the MacBook Air which makes you live the dongle life, you will not have to make any such compromises here as every port that you need is right there.

msLaZNKgRS6tSspkHa0w7g

The web camera which is 720p camera is at the bottom of the screen. I am not a fan of this position as it places your head at an unnatural position when you use it. You’ll also notice that the keyboard is backlit.

fullsizeoutput_c80.jpeg

There’s also a fingerprint sensor built into the trackpad and it works with Windows Hello authentication.

The PS42 feels very solid and it feels like a very quality piece of kit. The screen is bright and the fact that it close to bezel-less makes this a very easy screen to read. The keyboard  does not have a lot of travel. But touch typists shouldn’t have an issue typing once they get used to it. Battery life is outstanding. MSI quotes 11 hours. I got 9.75 hours surfing the web and playing YouTube videos which is more than respectable.

So, in terms of performance, I threw Zwift at it to see what it would do. Zwift is an online platform that allows cyclists to ride a variety of real and imagined courses assuming you have a stationary software controlled stationary trainer. In my case, this one. That doesn’t sound exciting. But Zwift really pushes a computer because it has to acquire data such has the riders heart rate via a Bluetooth enabled chest strap, their cadence (how fast they are pedaling) via a Bluetooth enabled sensor, and not only determine how fast you are going via the software controlled trainer, but also to the required math to replicate uphills and downhills in 1% gradient increments. All while trying to replicate roads of London, Innsbruck, or wherever else you happen to be riding. Not to mention the dozens or in some cases hundreds of people around you. In short, that’s not easy for any computer to do as there is a lot that is in play. Now even at the default settings, Zwift can humble a lot of computers. It taxes my 2015 MacBook Pro every time I run it. But the MSI PS42 had no issues with it at HD resolution while connected to my TV. And this was with the Intel UHD graphics chipset. You can add Nvidia graphics as an option to seriously amp things up. But based on this test, it’s got a ton of power as it is. A couple of things that I noted was that the laptop offered to optimize the sound for game play seeing as Zwift technically was a game. The other thing that I noted was that the aluminum chassis was slightly warm to the touch. If this was my MacBook Pro, it would be really warm if not hot.

This particular MSI PS42 goes $1488 CDN on Amaon.ca. At that price this is a package that makes the MacBook Air look rather pedestrian. Thus if you’re looking for a very lightweight laptop that is still packed with power, take a look at the MSI PS42 and forget the MacBook Air. You’ll be glad that you did.