Archive for December 10, 2019

A Great Reason To Update Your Apple Watch, iPhone, and Mac ASAP: Apple Fixes A FaceTime Bug That Appears To Be Very Serious

Posted in Commentary with tags on December 10, 2019 by itnerd

Apple as many of you are aware released a number of software updates today. Specifically:

  • watchOS 5.3.4
  • watchOS 6.1.1
  • macOS Catalina 10.15.2
  • Security Update 2019-002 Mojave
  • Security Update 2019-007 High Sierra
  • tvOS 13.3
  • iOS 12.4.4
  • iOS 13.3
  • iPadOS 13.3
  • Safari 13.0.4

I spent part of my day reading through the security info of all these updates. That is something that I do as a matter of course because it helps me to judge if I need to install an update now or if it can wait a day two. And after reading through the security info, users of following OSes should update ASAP

  • iOS 13
  • iPadOS 13
  • iOS 12
  • macOS Catalina
  • watchOS 5
  • watchOS 6

The reason being is that all of these OSes share a FaceTime bug in common. Specifically this one (copied from this page related to watchOS 5.3.4):

FaceTime

Available for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to a device with iOS 12 installed

Impact: Processing malicious video via FaceTime may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8830: Natalie Silvanovich of Google Project Zero

The key part is that this was reported by Google’s Project Zero team. Now Google Project Zero doesn’t report trivial bugs. They only report the most serious ones. Thus whatever this bug that allow “arbitrary code execution” from a malicious video via FaceTime has to be pretty serious. Which means that you by default must take it seriously because there’s a very good chance that if it isn’t already being exploited, it will be now.

As an aside, in case you are wondering why watchOS is on this list, the Apple Watch Walkie Talkie feature uses FaceTime audio, and it has historically been buggy.

Thus if I were you, I would set aside some time to update your Apple Watches, iPhones running iOS 12 or 13, and Macs running Catalina ASAP as there is likely a clear and present danger that you need to protect yourself from.

UPDATE: Macrumors is reporting that another serious flaw that is related to AirDrop on iOS has been fixed. That’s another reason to update ASAP. Strangely, this issue isn’t listed in the security info for iOS 13.3. Nor is it listed in the release notes for iOS 13.3. Strange.

Leave a comment »

My Apple Watch Would Not Install watchOS 6.1.1 ….. Here’s How I Fixed It

Posted in Commentary with tags on December 10, 2019 by itnerd

Today Apple released watchOS 6.1.1 and I decided to update my Apple Watch from the watch itself at the same time that I was was updating my iPhone. By that I mean using the software update function on each device so that they would update independently of each other. I have done that before and nothing bad has happened. But this time that turned out to be a mistake as the watchOS update would not install. It prompted me with an “Install” button  on the Apple Watch. Then it went to “verifying”, and then it put me back to “Install”. I tried rebooting the Apple Watch and that did not help.

So after I updated my iPhone to iOS 13.3, I tried doing the update from there and got exactly the same behavior. That was interesting. I tried rebooting the iPhone and that didn’t help either. So I tried this as my next troubleshooting step:

  • I opened the Watch app on my iPhone
  • I went to General > Usage > Software Update.
  • I then deleted the update file and tried  to download and install the update again. What was curious about that was that it sat there for a very long time and said it couldn’t communicate with my Apple Watch. Then it deleted the update. Weird.

Now by doing that, I got a different issue. It downloaded the update, but it said that It could not communicate with the Apple Watch. I checked the Bluetooth settings and it said it was connected. But I figured that it wasn’t really connected, so I put both the Apple Watch and iPhone into airplane mode and then took it out of that mode and let them connect to each other. I then tried updating again and it worked.

So, it seemed that I had a couple of problems and I believe that it all started with me trying to update my iPhone and Apple Watch at the same time. That’s something that I will not be doing again going forward. Instead I will do the watchOS update from my iPhone after I install the iOS update. That seems to not only the safer choice, but it would have saved me an hour of troubleshooting this. But hopefully my pain is your gain if you find yourself in a similar situation.

UPDATE: Apparently, many other people are in a similar situation with watchOS 6.1.1:

The symptoms above are the same ones I had before I was successfully able to upgrade. And on top of that, one person responded directly to my Tweet trying to solicit help from Apple Support on Twitter:

Clearly there’s some sort of issue with watchOS 6.1.1. I’ll be keeping an eye on this.

Leave a comment »

Canadian Small Businesses Are Facing Detrimental Barriers Impacting Growth Forecasts: Intuit

Posted in Commentary with tags on December 10, 2019 by itnerd

As 2020 approaches Canada’s economy continues to face speculation of major challenges and barriers – despite this, new research from Intuit QuickBooks Canada has shown small businesses remain optimistic.

The research showed 83 per cent of Canadian small business owners planning to grow their businesses in the next two years, however, 85 per cent of these businesses feel held back by a lack of knowledge in the hiring process.

The research also highlighted how small business owners continue to be caught in their day-to-day, and are unable to look towards future growth, for example:

  • Cashflow woes:Nearly half (45 per cent) of small business owners have difficulty with managing cash flow and a similar amount (44 per cent) struggle with payroll.
  • Big losses: 1 in 10 small businesses have had an employee leave because of a pay dispute (9 per cent).
  • Taking a personal hit:Over half have had to pay themselves late so they could pay their employees on time (53 per cent).

As well, the findings show that there’s a gap between growth potential and knowing where to start, especially when it comes to hiring.

  • Overwhelmed and unprepared:Over 2 in 5 Canadian small business owners who plan to hire feel unprepared for their business to grow (43 per cent).
  • Held back at hiring: Nearly 2 in 3 (60 per cent) don’t feel completely prepared to manage the hiring process.
  • ‘Untalented’ at hiring: 3 in 5 Canadian small business owners struggle with their lack of knowledge about sourcing talent (62 per cent).
  • It’s all about the money: Almost 3 in 5 (56 per cent) Canadian small business owners planning to hire are unsure about how to determine appropriate compensation.

You can read the blog post that is related to this report here.

Leave a comment »

2020 Will Be A Year Of Experience-Driven Innovation: Citrix

Posted in Commentary with tags on December 10, 2019 by itnerd

Emboldened by the tightest labour market the world has ever seen, employees are demanding a simpler, smarter, more flexible way to work. And in 2020, they’ll get it. Citrix has outlined 4 major predictions they see as being the future of work and technology in 2020.

Citrix predicts that this will be a year of experience-driven innovation that will prioritize employees and their work more than ever. This shift in focus to a people-centric approach will force business leaders to discover how and where their employees work best and, powered by modern technology, will unlock a new way of working that offers higher levels of efficiency and flexibility. Citrix predicts the following in 2020:

  • The employee experience is more important than ever, resulting in new methods of tracking behaviours that can inform new technologies and processes, ultimately improving the value of the organization
  • Technology will adapt to human workflows, enhancing how an individual wants to work and adapting to that individual through people-centric computing
  • Working from home will become the new norm, allowing businesses to discover how and where their employees work best, providing flexible and accessible work environments powered by modern technology
  • Collective migration to hybrid cloud, enabling digital services to be more accessible, affordable, and capable than ever before.

Stay tuned in 2020 to see if these predictions from Citrix prove to be accurate.

Leave a comment »

The CRTC Is Implementing Tech To Stop Scam Calls…. Except That It Will Not Work

Posted in Commentary with tags , on December 10, 2019 by itnerd

Yesterday the CRTC announced that it was getting Canadian telcos to implement STIR/SHAKEN technology to stop scam calls. You know, the calls for duct cleaning services, or the ones where scammers pose as government agencies who threaten you with all sorts of bad things if you don’t pay up. Here’s how the CRTC explains STIR/SHAKEN technology:

STIR/SHAKEN will enable service providers to certify whether a caller’s identity can be trusted by authenticating and verifying the caller ID information for Internet Protocol-based voice calls. This new framework will empower Canadians to determine which calls are authenticated, reducing the frequency and impact of caller ID spoofing.

In case you are not familiar with caller ID spoofing, which is faking the number that someone is calling from, this Wikipedia article can help with that.

Now it sounds good on the surface. You’ll be able to tell at a glance if the call is coming from a legitimate source, or is a scam call. So in theory by the time this fully rolls out in September 2020, Canadians should be safe from the scumbag scammers of the world.

Well, not so fast. There’s two reasons why this may be a short lived victory:

  • It’s entirely possible that these scammers will simply change their tactics. Right now many overseas call centers utilize VoIP calling, but route all of that activity through a private branch exchange (PBX) based in the United States or Canada.  That means it appears as a phone call originating in the U.S. or Canada. While STIR/SHAKEN would mean that scam calls originating from suspect PBX operators would start to get marked as spam, they could just set up shop with another PBX and be back in business. In other words, it would be like play whack a mole.
  • STIR/SHAKEN is currently only supported in the U.S. and Canada. Other countries would have to sign on for STIR/SHAKEN to be really effective. And as far as I am aware, that hasn’t happened with any other country on the planet. So seeing as the majority of scam calls come from countries like India, this may not make that much of a difference. And as an aside one has to question if the government of India has the will to actually implement STIR/SHAKEN seeing as scammers in that country are basically bringing in large amounts of money into their economy. Though they are doing it in less than legal ways.

So STIR/SHAKEN is a good step in terms of cutting down on scam calls. But it’s only a step. More has to be done to keep people safe from the scumbags who are behind these calls and I hope that the CRTC and others are working on that.

 

2 Comments »

Trend Micro Named A Leader in Cloud Workload Security

Posted in Commentary with tags on December 10, 2019 by itnerd

Trend Micro Incorporated today announced that it received the highest score in the current offering and strategy categories, and among the second highest scores in the market presence category, in The Forrester Wave™: Cloud Workload Security, Q4 2019. Trend Micro believes that this recognition underscores the leadership of its cloud offerings and strategy as the peak of the cloud security market.

Forrester rigorously evaluated 13 competitive security vendors across 30 criterion and in three distinct areas: current offering, strategy and market presence.

In addition to its comprehensiveness, Forrester recognized Trend Micro’s cloud security offering in multiple areas including:

  • “The solution is ideal for large firms with broad Cloud Workload Security (CWS) needs across workloads, hypervisors and containers.”
  • “The OS level, agent-based protections are very strong and include malware and memory protection, file integrity monitoring, host-based firewall, intrusion detection/intrusion prevention, log inspection and application binary control,” the report noted.
  • “Role-based access control (RBAC) is very flexible for administrators. Container runtime and pre-runtime checks are comprehensive, and the solution exposes a broad API for Deep Security policy control.”

Trend Micro provides optimized protection for workloads running on Amazon Web Services, Microsoft Azure, Google Cloud, VMware and Docker, allowing customers to automate deployment for streamlined compliance and seamlessly secure DevOps.

To download a complimentary copy of the full report, click here.

Trend Micro believes that this report complements another recently published recognition by another top analyst firm. The company was named the #1 vendor in Software-Defined Compute (SDC) workload protection by IDC in their new independent report: Worldwide Software Defined Compute Workload Security Market Shares, 2018 (DOC #US45638919, NOVEMBER 2019). This report revealed Trend Micro achieved a market share lead of 35.5%, almost triple its nearest competitor in 2018.

Leave a comment »

Review: ASUS ZenBook 14 UX434F

Posted in Products with tags on December 10, 2019 by itnerd

The ASUS ZenBook UX434F is the latest ZenBook 14 laptop to come with ASUS’s revamped ScreenPad. Which is a trackpad that’s also a touchscreen. Here’s a look at the latest effort from ASUS:

64E17F96-814A-4437-B777-F2670EFA1D4E_1_201_a

Here’s the specs that matter:

  • 14″ UHD screen
  • 1.8 Ghz Intel I7 Whiskey Lake processor
  • 16GB RAM
  • 512GB SSD
  • Nvidia GeForce MX250 with 2GB VRAM
  • 802.11 ac WiFi
  • Bluetooth
  • Windows 10
  • 3D camera that supports Windows Hello

As for ports:

4B72A5E0-CE90-45BC-BE2B-2CBD316C06A3_1_201_a

Here you see a power port, HDMI port, USB 3.0 port, and a Thunderbolt 3/USB-C port

2773D064-3648-4714-8D0F-5038425B0105_1_201_a

And on the other side you see a headphone jack, USB 3.0 port, and microSD card reader.

Weighing just 1.3kg and measuring 7.83mm deep when closed, the ZenBook 14 is both light and slim. That makes it easy to tote around. The screen is bright, sharp, and easy to read. It is a bit glare prone though. It has a 92% screen to body ratio and has a resolution of 1920×1080 resolution. The keyboard has great feel and is great for touch typists like me. Apple could take a few lessons on how to make a great feeling keyboard from this ZenBook 14. The keyboard is backlit to allow you to work at night. The build quality is excellent. But I’ve come to expect that from ASUS as the build quality of their products is always on point. The speakers are made by Harmon/Kardon and are a bit of a mixed bag. Music sounds okay. But I wouldn’t be using it to throw a party or anything. Watching YouTube or Netflix is just fine however.

The ScreenPad 2.0 (5.6-inch ScreenPad 2.0 gives you 2160 x 1080 with a 18:9 ratio) is the ZenBook’s main talking point.

img_1480

It is a very cool and attention-grabbing feature that’s a little tricky to get to grips with at first. But once you get used to it, it works fine as both a trackpad and as a second screen. Fortunately there’s a tutorial that pops up when you first set up the ZenBook 14 can help you to get to grips with it though. You can toggle between the ScreenPad being on and off with a tap of the F6 button. One cool trick is that you can do handwriting on the ScreenPad and it even comes with a few apps that leverage it. Other apps that support the ScreenPad are of the your mileage may vary variety. Battery life was decent at 9 hours of browsing the web and using office. It takes two hours to charge in case you need to top it up during the day. I can live with that battery life and I am sure that the target audience of any person who require a ultra portable notebook can live with.

What does all this ASUS goodness go for? About $1500 on Amazon. But you can find it for less if you hunt around. If you’re a student, or someone who needs a small light laptop that has the party trick of a touchpad that doubles as a second screen, you should take a look at the ASUS ZenBook 14.

 

Leave a comment »

Serj Tankian x HEX – The Backpack With Its Own Song

Posted in Commentary with tags on December 10, 2019 by itnerd

HEX, award winning fashion accessory brand, is proud to announce its latest collaboration with System of a Down frontman and iconic musician and artist, Serj Tankian: a backpack that brings with it a unique experience through a mix of art, music, technology and style.

Like his artwork, the Serj Tankian backpack has its own unique sounds accessible through the augmented reality app, Arloopa. With Arloopa, you can point to the bag with your phone’s camera to unlock new, unreleased music from Tankian.

The Serj Tankian bag is finished in a sleek, steel grey brushed nylon and features a lining printed with Tankian’s own “Space Clock” artwork, a unique Space Clock pin, and tonal stripes art on the front pocket and straps.

The practical everyday backpack was designed by HEX with Serj, who travels all over the world. Features include a plush lined laptop pocket, separate tablet pocket, a hidden earbud pocket, and a host of internal pockets for hard drives and other tools of the music trade. MSRP $195.95.

IMG_5728

Leave a comment »

5 Major Cybersecurity Threats For 2020 Identified In Straight Edge Technology Report

Posted in Commentary with tags on December 10, 2019 by itnerd

To help businesses prepare their IT security for 2020, Straight Edge Technology released a report naming five major cybersecurity threats and their solutions for 2020 and beyond.

According to the report, approximately 43% of today’s cyberattacks target small businesses. This barrage of cyberattacks on small and medium-sized businesses will only increase as more data is stored on online servers and the Cloud.

The report states that employee education is critical to business security. Modern hackers focus on social engineering attacks that target employees and rely on human error. In fact, 93% of data breaches come from social engineering attacks.

Training employees on the strategies and tactics of social engineering cyberattacks can greatly increase a business’s cybersecurity.

In the report, found here, Straight Edge Technology identifies the following five major cybersecurity threats for businesses in 2020:

  • Phishing – Hackers use false identities to trick employees into giving sensitive information. The most common methods are through email, social media and instant messaging.​
  • Malware and Ransomware – Hackers exploit security flaws to steal, freeze or destroy data.
  • Database Exposure – Hackers access databases with stolen credentials or through unprotected servers. This gives hackers access to data that they can steal.
  • Credential Stuffing – Hackers access multiple programs with weak and insecure login credentials. This is most common when the same login credentials are used for multiple programs.
  • Accidental Sharing – Employees accidentally release data that hackers can access and steal. Human error is usually the cause of accidental sharing.

The report includes the solutions and strategies businesses can implement to protect their IT from these threats. It also includes a brief history of cyberattacks and four common cyberthreats.

For questions on cybersecurity or the report, feel free to contact Straight Edge Technology.

Leave a comment »

Clario Launches Today With A Consumer-Focused Digital Privacy & Security View

Posted in Commentary with tags on December 10, 2019 by itnerd

Clario Tech Ltd (www.clario.co), a newly formed digital privacy and security company, today announces its intent to reinvigorate the stagnant digital security industry and fight the $6 trillion cybercrime crisis, through the development of a security software solution that seamlessly integrates human support with intuitive UX and powerful features.

The new company, headquartered in the UK, has acquired both IP and human capital from Kromtech Alliance Corp., originators of the MacKeeper performance and protection app. Clario will continue to support MacKeeper for its three million active users while finalizing the development of its product, Clario.

Clario will spend $30 million in 2020 to develop and market Clario with a team of 800 people including 600 on-demand tech experts, with a goal of becoming the consumer champion in the security software space. The new product will be showcased for the first time at CES 2020 in Las Vegas and a limited number of users will be able to sign up for a preview of the product at that time. A retail version is expected to ship in Q2.

Clario will initially be focused on meeting the needs of Apple customers through apps designed for both MacOS and iOS. It plans to later support other platforms including Windows and Android.

With the completion of the acquisition of assets, Kromtech will be wound down as an operating entity. This will accelerate the transformation of MacKeeper, which has been criticized for its past use of third-party affiliates, who engaged in aggressive sales techniques to promote the sale of the software.

As part of Clario, MacKeeper has eliminated these techniques and also has now been AppEsteem certified- the gold standard for app quality and reliability – something that none of the leading brands in the market have achieved. AppEsteem’s Certification process requires companies to undergo a rigorous and demanding review that entails detailed substantive analyses for both consumer-protection criteria and multiple levels of a technical review.

Leave a comment »