Archive for May 1, 2020

Apple Does Not Deliver On Its Promise To Release A Emergency Patch To Fix The Messages Bug

Posted in Commentary with tags on May 1, 2020 by itnerd

Earlier this week Apple promised that an emergency patch would be released this week to address a Messages bug that can cause your iDevice to crash, or even worse force you to restore from a backup. And possible it was also going to fix a zero day iOS Mail exploit that is allegedly being exploited. Well, as I type this it is Friday at 2:21 PM EST and no patch has been released. While I will admit that Apple has been known to occasionally release updates on Fridays, or even Saturdays, or even late in the day beyond the 1PM EST that they tend to release updates, I’m going to go out on a limb and say that the patch isn’t coming today.

For a company that claims to take this sort of stuff seriously, and seeing that at present users are unprotected at present, this really isn’t good optics for Apple. They could at least release some sort of statement saying that the patch isn’t being released today and when users can expect to see it. But I am not holding my breath. Apple hasn’t been the sort of company to be completely transparent and I don’t expect them to start now. Which is a shame as these two exploits require a better response from them.

Do Not Fall For This Canada Emergency Response Benefit Text Message Scam

Posted in Commentary with tags on May 1, 2020 by itnerd

There’s a text scam involving the new Canada Emergency Response Benefit (CERB) that is meant to help Canadians who lose their job due to the COVID-19 pandemic that has turned our planet upside down. I first started to hear about it when the Canada Emergency Response Benefit was rolled out, but today this hit home for me as I got one of these scam messages. I took a screen shot of it for you:

I blanked out the URL that was included in the message. But when I clicked it, it took me to a site that asked me to pick my bank and asked me to enter my banking credentials. Clearly this is a phishing scam as no Canadian Government agency would ever ask you for any personal information in this manner. I did some research and I found that some versions of this scam also ask you for your SIN (Social Insurance Number) and your passport number. There’s even a variant that tries to install malware on your computer. That makes this scam highly dangerous. Thus if you get one of these messages, delete it and don’t click on the link and keep yourself safe.

Mujjo Serves Up Sitewide Discount In Time For Mother’s Day

Posted in Commentary with tags on May 1, 2020 by itnerd

Just in time for Mother’s Day, Mujjo is offering up a discount of 15% sitewide until May 10th.

Just use coupon code: #mujjomothersday at checkout for 15% discount sitewide for all products on mujjo.com until May 10th! Mujjo has a great selection of gifts from iPhone Cases to touchscreen compatible gloves, so you’re sure to find something that Mom will love.

If You Have A Xiaomi Phone, It May Be Spying On You

Posted in Commentary with tags on May 1, 2020 by itnerd

According to an exclusive report from Forbes, cybersecurity researcher Gabi Cirlig discovered that his Xiaomi Redmi Note 8 smartphone was watching much of what he was doing and sending that data to remote servers hosted by Chinese tech giant Alibaba, which were ostensibly rented by Xiaomi:

The seasoned cybersecurity researcher found a worrying amount of his behavior was being tracked, whilst various kinds of device data were also being harvested, leaving Cirlig spooked that his identity and his private life was being exposed to the Chinese company. When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode. 

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing. Meanwhile, at Forbes’ request, cybersecurity researcher Andrew Tierney investigated further. He also found browsers shipped by Xiaomi on Google Play — Mi Browser Pro and the Mint Browser — were collecting the same data. Together, they have more than 15 million downloads, according to Google Play statistics. Cirlig thinks that the problems affect many more models than the one he tested.

Xiaomi shot back very quickly denying this….. Though the evidence is pretty black and white:

In response to the findings, Xiaomi said, “The research claims are untrue,” and “Privacy and security is of top concern,” adding that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.” But a spokesperson confirmed it was collecting browsing data, claiming the information was anonymized so wasn’t tied to any identity. They said that users had consented to such tracking. 

But, as pointed out by Cirlig and Tierney, it wasn’t just the website or Web search that was sent to the server. Xiaomi was also collecting data about the phone, including unique numbers for identifying the specific device and Android version. Cirlig said such “metadata” could “easily be correlated with an actual human behind the screen.”

Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode. Both Cirlig and Tierney, however, found in their independent tests that their web habits were sent off to remote servers regardless of what mode the browser was set to, providing both photos and videos as proof.

When Forbes provided Xiaomi with a video made by Cirlig showing how his Google search for “porn” and a visit to the site PornHub were sent to remote servers, even when in incognito mode, the company spokesperson continued to deny that the information was being recorded. “This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience through analyzing non-personally identifiable information,” they added.

Sorry, I really don’t buy this response from Xaiomi for the following reasons:

  • Xiaomi says that “Privacy and security is of top concern,”. This is also said by Facebook and nobody says that Facebook has a great history of protecting your privacy and ensuring your security on the platform.
  • When presented with evidence, Xiaomi denied and put some spin on it.

The fact is that this looks shady as hell. Which means that if anyone asks me if they should buy a Xiaomi phone, I will say that if they value their privacy, they may want to take a hard pass on that brand of phone. Privacy and security is important, and any company that doesn’t value that and decides to harvest information from your phone doesn’t deserve your money.

Guest Post: NordVPN Discusses Why People Find Password Management As Stressful As Retirement

Posted in Commentary with tags on May 1, 2020 by itnerd

 Password management can be as stressful as planning for retirement, reveals new research by NordPass. More than 30% of people think that resetting and coping with passwords is hugely stressful, and can be compared to the stress of ceasing to work. 

However, losing a vital password without a password reset option is far more stressful. 68% of the respondents agreed that it’s as stressful as dismissal from work or changing jobs.

Data breach and identity theft were deemed even more stressful. 77% of respondents compared data breach to personal injury, illness, and financial problems. 81% compared identity theft to having personal documents stolen or losing a wallet.

Too many passwords

Why is password management so difficult? 67% of the survey respondents say that it’s because they simply have too many accounts to manage. 44% can’t remember which password is for which account, and 41% can’t remember because they use unique ones for every account.   

“It is not surprising that people struggle with effective password hygiene. Our study revealed that 7 out of 10 respondents have more than 10 password-protected accounts for personal use. 2 out of 10 have more than 50 such accounts. On top of that, add all work and school-related accounts, and it ends up being a huge amount of information,” says Chad Hammond, security expert at NordPass.

Not all accounts are the same

NordPass research also confirmed that people view some accounts as more important than others. For example, 85% of people think it would be very harmful if their bank accounts get hacked. 76% agree that having their personal email hacked would be extremely damaging, and 72% feel that way about large online store (such as eBay or Amazon) accounts. In comparison, only 44% of people perceive it harmful if online forums (such as Reddit or Medium) or fitness apps get hacked.

“People tend to worry about financial accounts more. But it’s important to remember that if you use weak or repurposed passwords, it doesn’t matter which account gets hacked. In essence, all accounts become jeopardized,” says Chad Hammond, security expert at NordPass.

Sadly, even the most critical accounts are left insufficiently secured. For example, only 56% use a unique password to protect banking or other financial accounts. Similarly, only 47% protect their personal email account with a unique password.

Even cybercrime victims don’t take appropriate actions

Out of all the people surveyed, 22% have been victims of cybercrime. Out of all victims, 52% consider themselves tech-savvy, 50% are between the ages of 25 and 44, 14% are business owners, and 11% are managing directors.

“We started seeing a pattern when comparing the data of cybercrime victims and those who have never fallen prey. People who have been hacked tend to have more password-protected accounts. They’re also more ready to admit it’s extremely challenging to manage them,” says Chad Hammond, security expert at NordPass.

The study also reveals a different attitude towards passwords by those who have been affected by cybercrime. “Victims become more concerned about their email, forums or entertainment, communication, health apps’ accounts. They also acknowledge the necessity of strong passwords for these accounts more often. However, they don’t seem to take any action. Victims of cybercrime don’t tend to secure their accounts with unique passwords more often than those who haven’t experienced cybercrime,” says Chad Hammond, security expert at NordPass.