Archive for July 10, 2019

Zoom Fixes Vulnerability After Saying That It Wouldn’t Fix It…. But This Isn’t Over Yet

Posted in Commentary with tags , on July 10, 2019 by itnerd

Yesterday I wrote about a pretty bad vulnerability with the Zoom videoconferencing product where a malicious web page could be used to take control of the video camera on a Mac. On top of that it was also discovered that when you install Zoom on a Mac, it installs a web server without your knowledge, and said web server can reinstall Zoom if you get rid of it without user interaction.

Now all of this was pretty bad. But the response by Zoom initially was worse via this ZDNet article:

Video conferencing company Zoom has defended its use of a local web server on Macs as a “workaround” to changes that were introduced in Safari 12.

The company said in a statement that it felt running a local server in the background was a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator”.

Well, I guess the blowback from that was epic because by that evening, Zoom had pushed out an emergency update that did the following:

  • The local web server will be completely removed on that device once the update is completed.
  • Zoom is adding a new option to the Zoom menu bar that will allow users to manually and completely uninstall the Zoom client, including the local web server.

Seeing as they took such quick action, the cynic in me says that they could have addressed this at any time but chose not to until this blew up. This is further bolstered via this statement from the company’s blog:

We appreciate the hard work of the security researcher in identifying security concerns on our platform. Initially, we did not see the web server or video-on posture as significant risks to our customers and, in fact, felt that these were essential to our seamless join process. But in hearing the outcry from some of our users and the security community in the past 24 hours, we have decided to make the updates to our service. In response to these concerns, here are details surrounding tonight’s planned Zoom patch and our scheduled July release this weekend:

Just for fun, look this blog entry and see how haphazard the company’s response is. It looks like a really really bad exercise in crisis management. Also, based on how the company responded, you have to wonder if Zoom should be the company that provides your organization video conferencing services.

In any case, the fun isn’t over yet. In an update to his original Medium post, Jonathan Leitschuh who is the guy that discovered this flaw is now sayingthat the vulnerability that plagued Zoom for Mac is also present in Ringcentral which is basically a white labeled version of Zoom. Thus if you run Ringcentral, consider yourself warned that this vulnerability exists with that product as well.

Advertisements

Dell Technologies Achieves Many 2020 Social Impact Goals Ahead Of Schedule

Posted in Commentary with tags on July 10, 2019 by itnerd

Dell Technologies is announcing that it will complete or exceed over 75% of the goals outlined in its 2020 Legacy of Good plan ahead of schedule. These achievements demonstrate how the company has scaled sustainability, empowered people and established technology as an accelerator for positive customer and societal outcomes for years to come.

Final progress report on 2020 Plan
In 2013, Dell Technologies introduced the 2020 Legacy of Good with ambitious sustainability and social goals to put its technology and expertise to work to do the most good for people and the planet. The final report, which was released today, details how Dell Technologies advanced progress has led many initiatives to solve complex global problems. Goals completed or that the company has made significant progress against so far include:

  • Recovered more than 2 billion pounds of used electronics via responsible recycling through programs such as Dell Reconnect, a partnership with Goodwill, and Dell’s Asset Resale and Recycling Services (achieved 2020 goal ahead of schedule).
  • Reused 100 million pounds of recycled content, plastic and other sustainable materials in Dell Technologies’ new products (achieved 2020 goal ahead of schedule).
  • Developed and maintained sustainability initiatives in 100% of Dell Technologies-operated buildings (achieved 2020 goal ahead of schedule).
  • Reduced wastewater discharge in manufacturing by 4.56M cubic meters.
  • Reduced 64% of product portfolio energy intensity footprint.
  • Delivered 5 million service hours to communities globally through initiatives that focused on but were not limited to: Skills-based volunteering, mentoring students, and developing new non-profit technology solutions (achieved 2020 goal of service hours).
  • Enabled eligible team members to participate in flexible work options and increased global participation to 60% (surpassed 2020 goal of 50%).
  • Achieved 89% or higher favorable responses in team member satisfaction globally (surpassed 2020 goal of 75%).
  • Allocated more than $3 billion dollars annually to diverse suppliers within supply chain programs and continued to qualify for the Billion Dollar Roundtable.
  • Rolled out company-wide foundational learning program focused on mitigating unconscious bias called Many Advocating Real Change (MARC) – with 100% participation from all executives globally.
  • Recognized by LinkedIn as a 2019 Top Company, by FairyGodBoss as a Top 10 Tech Company according to women working at Dell Technologies, by the Human Rights Campaign’s 2019 Corporate Equality Index as one of the best places to work for LGBTQ Equality (15 consecutive years) and by Ethisphere® Institute as a World’s Most Ethical Company (6 consecutive years).

A roadmap for progress

The 2020 Legacy of Good plan set a strong foundation for Dell Technologies’ new 2030 social impact vision, Progress Made Real , which focuses in on three key areas: advancing sustainability, cultivating inclusion, and transforming lives with technology. Foundational to the vision is a commitment to upholding strong ethics and privacy. This new vision accelerates a path toward 2030 in an effort to begin tackling the greatest challenges facing Dell Technologies’ business and the world over the next decade. The company plans to release specific goals over the coming year and will continue to demonstrate transparent reporting practices.

Advancing Sustainability

  • Dell Technologies believes business plays a critical role in protecting and enriching our planet together with our customers, suppliers and communities. Looking toward 2030, the company will continue to accelerate the circular economy, reduce the impact of Dell’s operations, support customers’ efforts to reduce environmental impacts, and champion the many people who build our products.
  • After a successful e-waste tracker pilot in partnership with Basel Action Network (BAN), Dell Technologies now makes global tracking technologies part of its existing electronics disposition partner audit program. The pilot program revealed some vulnerabilities in the downstream recycling process, which helped Dell Technologies to quickly take corrective action to address the operational gap.
  • Dell recently launched a process to use recycled material,Polyvinyl Butyral (rPVB), from car windshields to create the protective, waterproof lining of Dell laptop bags and backpacks. The company is also using an innovative method of solution dyeing for these backpacks, which results in 90% less wastewater and 29% less energy, while generating 62% fewer CO2 emissions compared to typical piece-dyeing. The first bags and backpacks with rPVB began shipping in February and are forecasted to avoid approximately 74,000 pounds of landfill waste per month.
  • Additionally, in partnership with suppliers Seagate and Teleplan (a storage device recycling/recovery specialist), Dell identified a new closed-loop process to recover the rare earth magnets from recovered enterprise equipment. The magnets are reformed for reuse in new hard-disk drives. In the initial pilot program, we are using the reformed magnets in 25,000 Seagate hard drives for our Dell Latitude 5000 series laptop.  Reusing rare earth metals helps us avoid the need to mine the earth, which can cause environmental damage and health concerns for local communities.


Cultivating Inclusion

In the midst of a talent shortage, closing the diversity gap is critical to meeting future talent needs and for reflecting new perspectives of a global customer base. Dell Technologies is actively building on several non-traditional hiring program pilots to broaden the company’s talent pipeline. Pilots include:

 

  • The neurodiversity hiring program provides training and possible full-time career opportunities for individuals with Autism Spectrum Disorder. In partnership with HMEAThe Arc of the Capital Area and Neurodiverisity in the Workplace, Dell Technologies’ program removes barriers that may limit an individual from showcasing their true abilities and potential during the typical job interview process. The pilot expanded from Massachusetts to Texas in April, 2019.
  • Re-entry programs like Dell Career Restart offer a re-entry experience for individuals who have been out of the workforce for a year or more, and leverages their previous career experience in a supportive environment. The company launched pilots in the U.S. and India.
  • Skilling and re-skilling programs include Dell Technologies’ partnership with Northeastern University’sAlignProgram, which enables students from diverse backgrounds to transition into a technology career through intensive coursework to earn a master’s degree in computer science. Project Immersion provides undergraduates at Minority Serving Institutions and Historically Black Colleges & Universities with skills for the digital future. Additionally, Dell Technologies’ distance education Laboratory for People with Disabilities (LE@D) online learning platform, teaches technology-based vocational skills to individuals with motor, hearing or other disabilities in Brazil.
  • Dell Technologies is also committed to addressing systemic challenges with diversity and inclusion. The company advocates for inclusive public policies and is a member of strategic coalitions like CEO Action for Diversity & Inclusion, and was also a founding member of the Reboot Representation Tech Coalition.

Transforming Lives with Technology

  • Harnessing the power of technology enables limitless possibilities for advancing human progress and solving complex societal challenges. Dell Technologies is committed to applying its portfolio and partnerships to create a future capable of fully realizing human potential.
  • Dell Technologies continued to expand its solar learning labs to help bridge the educational gap in areas that lack access to consistent energy and technology in partnership with Computer Aid International. These labs are created by transforming shipping containers into classrooms with Dell Wyse Thin Client workstations managed by an air-cooled PowerEdge server for up to 20 students. With solar panels to generate electricity, the container can be deployed in remote locations. Dell Technologies has already funded 18 labs in six countries around the world. Microsoft has recently joined in this collaborative effort, awarding Computer Aid with a Technology for Social Impact grant to further provide technology access through the solar learning labs.
  • To fight pediatric cancer, Dell Technologies’ donated $30 million dollars over 6 years to Translational Genomics Research Institute (TGen) through a partnership designed to use technology solutions and employee volunteerism. Through Dell’s technology, TGen increased computational hours by almost 4x, allowing researchers and doctors to identify treatments faster, by turning a patient’s vast DNA and RNA sequencing data into insights.

Upholding Ethics & Privacy

Ethics and privacy play a critical role in establishing a strong foundation for positive social impact. In this time of rapid innovation, big data, an evolving regulatory environment, and increasing expectations from both our team members and customers, our leadership in ethics and privacy is vital to what sets Dell Technologies apart. Our commitment to continually push to higher ethics and privacy standards will be a guidepost for our Progress Made Real work.

Additional Resources

Microsoft and ServiceNow Announce Strategic Partnership

Posted in Commentary with tags , on July 10, 2019 by itnerd

Microsoft  and ServiceNow today announced a broader strategic partnership intended to significantly enhance the integration and optimization of the companies’ products, platform and cloud capabilities. Through this expanded partnership, the companies will enable enterprise customers in certain highly regulated industries, as well as government customers, to accelerate their digital transformation and drive new levels of insights and innovation. And, for the first time, ServiceNow will house its full SaaS experience on Azure in addition to its own private cloud. The expanded partnership will elevate ServiceNow to one of Microsoft’s strategic partners in its Global ISV Strategic Alliance Portfolio.

The expanded agreement builds on a partnership announced last fall by Microsoft and ServiceNow. As leading enterprise technology platforms, Microsoft and ServiceNow make it easier for customers to integrate and optimize across the two companies’ products and platforms. By collaborating on next‑generation experiences, Microsoft and ServiceNow will leverage technology to bring further cognitive services and intelligence to products across the Now Platform® with Microsoft 365 and Azure.

ServiceNow Selects Microsoft Azure for Certain Highly Regulated Industries

ServiceNow will use Azure Cloud as part of its preferred cloud platform for certain highly regulated industries, benefiting from Microsoft’s deep expertise in data protection, security, and privacy, including the most comprehensive set of compliance offerings of any cloud service provider. ServiceNow will first be available through Azure Regions in Australia and Azure Government in the United States, followed by additional markets in the future.

With ServiceNow available through Azure Government, U.S. government agencies will be able to leverage the compliance coverage across regulatory standards available through Azure. Microsoft is committed to supporting the full spectrum of government data to help agencies quickly and easily achieve their necessary requirements. Azure Government was built specifically to address the capabilities, performance and compliance needs of U.S. government customers and their partners. Azure Government enables innovation with deeply integrated cloud services, data and advanced analytics, and an open application platform that provides the building blocks to rapidly develop, deploy and manage intelligent solutions.

The U.S. federal government continues to look to ServiceNow as a strategic partner as it modernizes its IT infrastructure and accelerates its use of modern technology to digitally transform how it operates.

Microsoft Selects ServiceNow to Digitize Its Workflows

As part of a separate transaction, Microsoft will implement ServiceNow’s IT & Employee Experience workflow products across its own business to improve operations, enhance employee experiences, and deliver stronger business outcomes. With ServiceNow, Microsoft will bring even more digital workflows into its organization, so employees can spend less time on manual tasks.

UAG Releases New Case In Collaboration With Red Hydrogen

Posted in Commentary with tags on July 10, 2019 by itnerd

Urban Armor Gear have announced the launch of their newest case for the HYDROGEN One designed in collaboration with RED HYDROGEN.

This slideshow requires JavaScript.

Creators of RED Digital Cameras have released their HYDROGEN One smartphone, a device designed with content creators in mind. With the rise of content creators pushing further to get the most epic shot, UAG has proven that it is the most protective case to accompany creators on their mission.

RED fanatics can now keep their innovative new device in pristine condition with UAG’s Plyo Series. Created in collaboration with RED, the case securely guards the HYDROGEN One’s state-of-the-art features like it’s Holographic 4-View Screen, A3D Sound System, and 4-View Capture Camera. The Plyo case features air soft corners for cushioning impact and easy access to all buttons and ports providing an exceptional user experience. The lightweight MIL-SPEC case also boasts an armor shell with 360-degree protection, allowing creators to take their HYDROGEN One further.

“We are stoked to collaborate with RED HYDROGEN on our latest case launch. It’s amazing to work with such a confident and forward thinking brand” said Casey Bevington, VP of Brand and Creative at UAG. “Our content creator customer base is growing exponentially and we’re confident that our Plyo Series will offer HYDROGEN One customers unparalleled protection.” 

Plyo Series for HYDROGEN One 

Available colors: Ice

Price: $49.95 | £41.00 | €45,95

  • Air-soft corners for cushioning impact
  • Feather-light composite construction
  • Easy access to touchscreen, ports & buttons
  • Scratch resistant screen surround
  • Meets military drop-test standards (MIL STD 810G 516.6)
  • Impact resistant armor shell

Marriott Is Looking At A $123 Million Fine For Their Massive Data Breach In 2018

Posted in Commentary with tags , on July 10, 2019 by itnerd

You might recall that the Marriott hotels chain got hit with a massive data breach in which I was personally affected because I have stayed at a few of their hotels in the last few years. Well, Marriott is looking at a massive fine because of it thanks to the UK Information Commissioner’s Office (ICO):

Following an extensive investigation the ICO has issued a notice of its intention to fine Marriott International £99,200,396 for infringements of the General Data Protection Regulation (GDPR).

The proposed fine relates to a cyber incident which was notified to the ICO by Marriott in November 2018. A variety of personal data contained in approximately 339 million guest records globally were exposed by the incident, of which around 30 million related to residents of 31 countries in the European Economic Area (EEA). Seven million related to UK residents.

It is believed the vulnerability began when the systems of the Starwood hotels group were compromised in 2014. Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018. The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.

The £99,200,396 fine translates to roughly $123 million USD. And if the agency who is handing out this fine sounds familiar, it’s the same group of people that wants to serve up a massive fine on British Airways because of their data breach.  Now like British Airways, Marriott has said that it would contest the fine. But the fact that these fines are being handed out is a good thing. Companies that handle personal data need to understand that if they screw up and lose control of this data, they will be held accountable and it will hurt. So I am all for these mega fines being handed out as it sends a message that companies cannot ignore.