Archive for August, 2019

Apple Apologizes For Contractors Listening To Siri Requests…. Vows To Make Changes

Posted in Commentary with tags on August 28, 2019 by itnerd

It’s not every day that Apple apologizes for anything. But today is one of those days. A few minutes ago, this was posted to the Apple website where they said this among other things:

As a result of our review, we realize we haven’t been fully living up to our high ideals, and for that we apologize. As we previously announced, we halted the Siri grading program. 

Wow. An apology from Apple. Mind blown.

The company also committed to making changes:

  • First, by default, we will no longer retain audio recordings of Siri interactions. We will continue to use computer-generated transcripts to help Siri improve. 
  • Second, users will be able to opt in to help Siri improve by learning from the audio samples of their requests. We hope that many people will choose to help Siri get better, knowing that Apple respects their data and has strong privacy controls in place. Those who choose to participate will be able to opt out at any time. 
  • Third, when customers opt in, only Apple employees will be allowed to listen to audio samples of the Siri interactions. Our team will work to delete any recording which is determined to be an inadvertent trigger of Siri.

All these changes are great. But I have to agree with the thoughts of YouTube star Aaron Zollo:

I would have expected a company that claims to take privacy as seriously as Apple claims to would have done this from the jump. But clearly that wasn’t the case and now they are paying for that. Hopefully they learn from this and make future decisions with privacy at the forefront as clearly this did not happen in this case.

UPDATE: Apple has posted an FAQ on Siri privacy and grading.

Advertisements

Is Apple Releasing New Apple Watch Models Or Not? Let’s Look At The Evidence….

Posted in Commentary with tags on August 28, 2019 by itnerd

Normally I don’t jump into the rumor mill when it comes to Apple products, or any other products for that matter. But because I’ve gotten so many emails in terms of the potential of a new Apple Watch, I figured that it would be more efficient to just discuss what is out there in terms of what Apple might be bringing to market.

First, Apple last week registered a number of new products in the Eurasian database which is a required activity for companies in that region of the planet if they want to sell anything there. Among the new iPhones and MacBooks that were registered were four unreleased models of the Apple Watch. This appeared on MacRumors, 9to5Mac, and AppleInsider at about the same time which isn’t a shock as entries in this database are a reliable means to figure out what Apple is about to release. Also of note, the existing Series 3 and 4 Apple Watches were re-registered with watchOS 6. Something confirmed by MacRumors in a tweet to me:

Tied to this was this find in iOS 13 beta 7 by Brazilian site iHelpBR of assets that show two new Apple Watch variants. A ceramic version and a titanium version. Apple has had ceramic versions of the Apple Watch in the past, but they don’t presently offer that case material as an option. And there’s never been a titanium version. Though having one would make sense as many high end watches are made of the metal and Apple has tried to go high end with the Apple Watch in the past.

So what does this all mean? Here’s my guess. Apple is about to release 40mm and 44mm ceramic version and titanium versions of the Apple Watch that will use the Series 4 hardware. These will be sold alongside the existing aluminium versions and possibly the stainless steel version. I say possibly because I can see a scenario where the stainless steel version gets replaced by a titanium version as titanium is more durable and lighter.

Another thing to note is that only four new models made it into the Eurasian database. In the past, when Apple has released a new version of the Apple Watch, the company has entered six or more variants into this database. Thus this implies that Apple is not doing anything new and cool with the Apple Watch this year from a hardware perspective. And there is precedent for this as Apple went about 18 months between the release of the original Apple Watch (April 24, 2015) and the release of the Series 1 and 2 (September 16, 2016).

Another factor is that the Series 4 Apple Watch was the closest thing to a redesign of the Apple Watch that we’ve seen via the bigger screens that were present on that model. While Apple isn’t above blowing up the universe a year after redesigning a product, I am thinking that you can expect a hardware redesign to support things like a longer battery life and sleep tracking next year. And that may come via a microLED screen replacing the OLED screen as that would make the Apple Watch far more power efficient while maintaining the screen quality that Apple Watch users expect.

Finally, here’s the key thing about this. Rumors of an Apple Watch “Series 5” have been close to non-existent with the exception of the above and this picture. But if you look at rumors about a new iPhone or new MacBook Pro, they’ve been rampant. That suggests to me that Apple is either keeping what they are doing with the Apple Watch a secret, or nothing new is coming other than what I explained above. Thus my take on this is that Apple will still be selling the Series 3 and 4 Apple Watches, but add in ceramic version and titanium versions into the mix to boost sales. And a new and cool Apple Watch will be inbound next year. It will be interesting to see if I am right on or around September 10th which is when I expect the Apple Event that announces all of these products to take place.

 

Jim Lee Launches New Backpack for Comic Book Artists And Collectors

Posted in Commentary with tags on August 27, 2019 by itnerd

HEX, award-winning fashion accessory brand, launches the new Jim Lee Collectors Backpack. Working with Jim Lee, Hex realized that not only do the artists need a better backpack solution, but so do their fans! Comic conventions have become immensely popular events where collectors can gather to follow their favorite characters and artists. They buy, sell and collect comic books, posters, autographs, etc etc. Comic books are not kids business anymore as many of these books reach values well into six-figure territory. But there was no way to safely transport them.

The HEX x Jim Lee Collectors Backpack has been created for comic book collectors as a way to safely transport comics. Comic convention goers routinely carry hundreds if not thousands of dollars of comics around in flimsy bags. This backpack provides secure and safe storage for comic book enthusiasts.

Inside the top of the backpack is a file folder with individual sleeves so that multiple bagged and boarded or slab comics can be held securely. Additionally, there’s a fleece lined laptop section. It’s even possible to lock the top of the files for extra security.

There is an easy access pocket that is the exact size of the Overstreet Price Guide. Plus, there’s an expandable mesh pocket on each side to carry poster tubes.

The Collectors Backpack features the same custom Batman lining as the Artists Backpack. There is also a Special Edition version of the Collectors Backpack that extends the Batman artwork to the external pocket. Other unique features include “Batarang” zipper tags.

HEX x Jim Lee Collectors Backpack Features:

  • Individual Fleece Lined Comic Carrying Pockets
  • Padded Laptop Sleeve
  • Overstreet Price Guide Pocket
  • Anti-theft Zipper Lock
  • Poster Tube Holder
  • Exterior Phone Pocket
  • Organizer
  • Custom Jim Lee Batman Lining
  • Water Resistant 600D Polyester with PU Coating
  • Limited Edition Only Features
  • Jim Lee Front Pocket
  • “Batarang” Zipper Pulls

Trend Micro Report Reveals 265% Growth In Fileless Events

Posted in Commentary with tags on August 27, 2019 by itnerd

Trend Micro Incorporated today published its roundup report for the first half of 2019, revealing a surge in fileless attacks designed to disguise malicious activity. Detections of this threat alone were up 265% compared to the first half of 2018.

The findings in 2019 so far confirm many of the predictions Trend Micro made last year. Namely, attackers are working smarter to target businesses and environments that will produce the greatest return on investment.

Along with the growth in fileless threats in the first half of the year, attackers are increasingly deploying threats that aren’t visible to traditional security filters, as they can be executed in a system’s memory, reside in the registry, or abuse legitimate tools. Exploit kits have also made a comeback, with a 136% increase compared to the same time in 2018.

Cryptomining malware remained the most detected threat in the first half of 2019, with attackers increasingly deploying these threats on servers and in cloud environments. Substantiating another prediction, the number of routers involved in possible inbound attacks jumped 64% compared to the first half of 2018, with more Mirai variants searching for exposed devices.

Additionally, digital extortion schemes soared by 319% from the second half of 2018, which aligns with previous projections. Business email compromise (BEC) remains a major threat, with detections jumping 52% compared to the past six months. Ransomware-related files, emails and URLs also grew 77% over the same period.

In total, Trend Micro blocked more than 26.8 billion threats in the first half of 2019, over 6 billion more than the same period last year. Of note, 91% of these threats entered the corporate network via email. Mitigating these advanced threats requires smart defense-in-depth that can correlate data from across gateways, networks, servers and endpoints to best identify and stop attacks.

To read the complete report, Evasive Threats, Pervasive Effects: 2019 Midyear Security Roundup, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/evasive-threats-pervasive-effects.

 

Dell Technologies Advances Software-Defined Networking

Posted in Commentary with tags on August 27, 2019 by itnerd

Today at VMworld 2019, Dell Technologies (NYSE:DELL) announces new advancements in software-defined networking so customers can simplify and help lower the cost of networking in today’s multi-cloud world.

Dell EMC SD-WAN Solution

Legacy wide area networks (WANs) struggle to keep up with the modern, multi-cloud traffic demands. At the edge, the new Dell EMC SD-WAN Solution helps customers move away from complex, slow-to-innovate and expensive branch office networking to a SD-WAN platform that uses cloud capabilities and economics. Previewed at Dell Technologies World, the new solution is now globally available and supported.

This Dell EMC SD-WAN Solution delivers all-in-one simplicity – combining VMware SD-WAN by VeloCloud software available as a flexible subscription with highly-engineered and efficient modern appliances in multiple configuration options – all backed by world-class Dell EMC support, supply chain, and services.

VMware SD-WAN by VeloCloud includes: a choice of public, private or hybrid cloud network for enterprise-grade connection to cloud and enterprise applications; branch office enterprise appliances and optional data center appliances; software-defined control and automation; and virtual services delivery. Software subscription options can be upgraded to accommodate changing business requirements for features, duration and bandwidth.

The Dell EMC SD-WAN Solution has three key components:

  • SD-WAN Edge powered by VMware – networking specific, purpose-built appliances designed for high efficiency and reliability
  • SD-WAN Orchestrator – cloud-based management and orchestration software services from VMware, managed by Dell EMC
  • SD-WAN Gateways – a global network of more secure, application-focused access gateways from VMware to handle WAN traffic

Dell EMC SmartFabric Director – Visibility for Both Physical and Virtual Networks

Dell EMC and VMware also announced SmartFabric Director – an innovation in software-defined networking that enables the physical switch underlay infrastructure to keep pace with the changing demands of virtualized and software-defined networks.

Dell EMC SmartFabric Director enables data center operators to easily build, operate and monitor an open network underlay fabric based on Dell EMC PowerSwitch Series switches. This is important for organizations that have embraced software-defined networking and need to help make sure their physical underlay networks are finely tuned for that overlay environment. A lack of visibility between the two layers can lead to provisioning and configuration errors, hampering network performance.

This innovative solution from Dell EMC and VMware extends the companies’ shared vision of a software-defined data center by simplifying the definition, creation and deployment of data center fabrics with intent-based auto-provisioning and enhanced visibility and management between virtual and physical network environments.

Key features include:

  • VMware vSphere and VMware NSX-T Data Center Integration – Tight integration with VMware vCenter and NSX-T enables the physical underlay/fabric to be correctly provisioned for the smooth functioning of application workloads in a VMware software-defined data center
  • Leaf/Spine Fabric Automation – SmartFabric Director uses a declarative model that allows the user to express intent with a set of three well-defined fabric types. Fabric discovery is an ongoing process and ensures that the wiring is consistent with the user-defined intent and removes guesswork for rapid auto-provisioning
  • Fabric Visibility – SmartFabric Director supports highly scalable and flexible streaming telemetry to gather key operational data and statistics from the fabric switches. Comprehensive, highly-intuitive visualization of the time-series data and other information greatly simplifies day-to-day fabric operations
  • Fabric Lifecycle Management – Upgrading switch images is a critical operation in a data center. SmartFabric Director automates the download, install and verification process and ensures that switches are upgraded with the correct images

Availability

  • Dell EMC SD-WAN Solution is now globally available
  • Dell EMC SmartFabric Director will be available globally in September 2019

 

Apple Has Patched That Vulnerability That They Accidentally Unpatched…. And In The Process Show That Said Bug Was More Widespread Than Previously Thought

Posted in Commentary with tags on August 27, 2019 by itnerd

Yesterday, Apple released iOS 12.4.1 which was meant to patch the vulnerability that they accidentally unpached when they released iOS 12.4. If you have an iDevice, you should go download it now. Really. You should do it right now. The reason being is that this vulnerability allows one to “jailbreak” the device. Which means that one could install software from outside the App Store or customize it. But it also means that the same method that is used to “jailbreak” the device could be weaponized to take control of any iOS device by going to a compromised webpage for example. Or joining suspect WiFi.

Now what was weird was that not only did Apple release iOS 12.4.1, but they also released watchOS 5.3.1, tvOS 12.4.1, and an update to macOS 10.14.6. That sort of got my attention. Thus I did some digging. As a matter of course I read the security information that Apple posts when they release a software update, and in the security information for everything but the watchOS update, there are versions of this entry which refers to the vulnerability in question:

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel

We would like to acknowledge @Pwn20wnd for their assistance.

 

This is present in the iOS 12.4.1 security information, the tvOS 12.4.1 security information, and the security information for macOS 10.14.6. And you will notice that they also thank @Pwn20wnd for their assistance as he’s the guy who discovered this vulnerability. This means that this issue wasn’t just an iOS issue. It was a lot more widespread and a lot more people who used Apple products were at risk. I guess I shouldn’t be shocked by that as Apple software shares a fair amount of code across their various platforms. But it does mean that any and all of your iDevices needs to be updated because this isn’t just an iPhone problem.

Dell Technologies Announces Solutions Portfolio Expansion At VMworld’19

Posted in Commentary with tags on August 26, 2019 by itnerd

Dell Technologies is announcing a host of advancements and new options that allow organizations to benefit from Dell Technologies Cloud for both traditional applications and cloud-native environments.

More than half of organizations formulating hybrid cloud strategies have cited seamless compatibility with their on-premises infrastructure as the most important consideration, according to new research from analyst firm ESG. Dell Technologies Cloud, from the No. 1 provider of cloud infrastructure, combines the power of VMware cloud software and Dell EMC infrastructure to remove cloud complexity by offering consistent infrastructure and operations across private clouds, public clouds and the edge.

 

Dell Technologies Cloud Adds Kubernetes Support

Organizations continue to accelerate cloud-native application development while also running traditional, virtualized applications. To help organizations balance both imperatives, Dell Technologies Cloud will support automated deployment of VMware PKS on Dell EMC VxRail, adding integrated support for Kubernetes and containers. This helps organizations to more nimbly adopt flexible and secure cloud-native approaches. This introduction offers Dell Technologies Cloud Platforms customers a single, consistent platform for both traditional and cloud-native workloads, streamlining deployment and operation with full lifecycle management of multiple clusters and enhanced automation, performance and security.

 

Introducing Dell Technologies Cloud Validated Designs

New Dell Technologies Cloud Validated Designs offer additional infrastructure options for organizations building hybrid cloud environments. Validated Designs consist of pre-tested infrastructure with deployment guidance using Dell EMC best-of-breed compute, storage and networking, validated with VMware Cloud Foundation. Organizations now can meet the varied demands of workloads by independently scaling storage and compute, allowing infrastructure-intensive applications to be supported most efficiently. New Validated Designs available now include:

  • Dell Technologies Cloud Validated Designs for Dell EMC PowerMax and Dell EMC Unity storage arrays – Dell EMC storage arrays are the first to be validated with VMware Cloud foundation for using Fibre Channel as primary storage, within workload domains, in addition to the Network File System (NFS) protocol. This offers customers deployment flexibility for workloads that have unique external storage-specific requirements including independent capacity and advanced features such as integrated data protection.
  • Dell Technologies Cloud Validated Designs for Dell EMC PowerEdge MX servers – With VMware Cloud Foundation interoperability, administrators can now gain maximum resource utilization, enabled by PowerEdge MX servers and OpenManage Enterprise – Modular Edition, allowing customers to dynamically provision storage and assign workloads to individual drives as needed

 

Dell Technologies Cloud Data Center-as-a-Service now available

Introduced at Dell Technologies World 2019, the fully-managed Dell Technologies Cloud Data Center-as-a-Service offering, VMware Cloud on Dell EMC, is now available to U.S. customers, making it the first to market VMware “Project Dimension” solution in customer data centers. Additionally, Dell EMC is now a preferred partner offering data protection for VMware Cloud on Dell EMC, allowing organizations to benefit from the added support of key Dell EMC data protection solutions while leveraging VMware Cloud on Dell EMC.

By providing tight integration of VMware cloud tools and Dell EMC VxRail hyperconverged infrastructure, this solution combines the hands-off operational simplicity and subscription-based pricing of the public cloud with the security, control and performance of on-premises infrastructure.

 

Dell Technologies Cloud flexible consumption options, and expanded services accelerate customer success

The availability of Flex on Demand allows organizations to deploy Dell Technologies Cloud and pay only for the technology they use. This includes access to elastic capacity and payments that adjust up or down to match usage.1 Flex on Demand simplifies buffer capacity for customers, charging only for utilized capacity, so they can enjoy public cloud-like agility on-premises without paying for all deployed capacity. This approach also gives organizations the freedom to innovate more quickly by paying for technology resources as needed to support new projects.

Additionally, new ProConsult Migration Services for Dell Technologies Cloud use a mature, highly repeatable migration framework that helps organizations rapidly realize the benefits of Dell Technologies Cloud offerings. This proven approach speeds time to cloud and enables customers to focus on higher priority initiatives.

 

Dell Technologies Cloud Offers Consistent Operations for Hybrid Clouds Across Private Clouds and Leading Public Clouds

Organizations have a variety of options for Dell Technologies Cloud environments:

  • Dell Technologies Cloud Platforms – The combination of VMware Cloud Foundation on Dell EMC VxRail hyperconverged systems offers the easiest and fastest path to a consistent hybrid cloud, complete with automated lifecycle management
  • Dell Technologies Cloud Validated Designs – Now available today, these integrate VMware Cloud Foundation with Dell EMC servers, storage arrays and networking, delivered as pre-tested infrastructure with deployment guidance, offering additional options to meet a diverse set of workloads and customer needs.
  • Dell Technologies Cloud Data Center-as-a-Service – Offered as VMware Cloud on Dell EMC, this delivers a fully-managed hybrid cloud service for on-premises data centers and edge deployments
  • Dell Technologies Cloud Partner Clouds – Extending the consistent cloud experience to the public cloud, with support for VMware Cloud on AWS, Azure VMware Solutions, as well as the recently announced VMware for Google Cloud Platform, IBM Cloud and more than 4,200 VMware Cloud Provider Program providers globally

 

Availability

Dell Technologies Cloud Platforms with VMware PKS on Cloud Foundation on Dell EMC VxRail has planned global availability in September 2019. Dell Technologies Cloud Validated Designs are now available globally with support for Dell EMC PowerMax and Dell EMC Unity XT storage arrays and Dell EMC PowerEdge MX servers. Dell Technologies Cloud Data Center-as-a-Service, delivered as VMware Cloud on Dell EMC, is now available in the US. Dell EMC Data Protection for VMware Cloud on Dell EMC also is available as an option.

Additional resources