Archive for June 10, 2020

Waze Helps Residents & Visitors Find Their Way Around Oxford County

Posted in Commentary with tags on June 10, 2020 by itnerd

Oxford County recently announced its partnership with Waze, helping residents and visitors better navigate roads. The county will be sharing county-led construction project and road closure information with Waze as part of the Waze for Cities program, as well as with Municipal 511. 

The Waze for Cities program enables cities to use Waze’s data to inform mobility projects and policies, as well as share their own information about street closures or construction directly with their citizens on a daily basis. More than 1,000 cities and other public sector partners are already working with Waze to gain better data and insights, and to make their communities safer. Canada has approximately 50 partners in the program including the City of Winnipeg, City of Toronto, City of Montreal, 407ETR among other regions, cities, townships, counties, and ministries across the country.

While Oxford County is kicking off the platform use within the community for County-led construction projects and closures, other municipalities have been provided access to the Municipal 511 system and will also adopt the system over the coming months.

Canadians Can Ask Clearview AI If Their Photos Are In Their Database…. But You May Not Be Able To Get Them Deleted

Posted in Commentary with tags on June 10, 2020 by itnerd

The CBC is reporting that controversial U.S.-based facial recognition technology firm Clearview AI is apparently allowing Canadians to check whether their face appears in the company’s image database. But you might not be able to delete them. Here’s the details that a CBC reporter got from the company:

Last week, a CBC News reporter submitted a headshot to the company by email and requested they provide all images of him found in the firm’s database. Clearview replied three days later, supplying a PDF file with 12 photos, including several duplicates. 

All pictures were closeups of the reporter’s face.Clearview listed where it had first found the images, including official CBC web pages, Twitter, and other services which appear to scrape social media profiles, such as a website called “Insta Stalker.”

Both Twitter and Facebook, which owns Instagram, have told Clearview to stop using images from their platforms for facial recognition.

Well, that’s scary. If you want to find out if you’re in their database, and chances are you are, here’s how you find out:

“You have the right to request that Clearview AI provides you with copies of your personal data,” the firm’s website states. It says to email the request to privacy-requests@clearview.ai, along with a headshot which will be used for the search.

But Canadians may not be able to get those photos yanked:

Clearview’s privacy policy says it’s possible to ask for personal data to be deleted, but only “under certain conditions,” depending on local data protection rules. Its website provides formsfor residents of various jurisdictions with privacy legislation in effect — such as California, Britain and the EU — to request their images be deleted.

In response to a series of questions from CBC — including whether the firm would comply if a Canadian user requests their data be deleted from Clearview’s database — the firm’s CEO, Hoan Ton-That, provided a one-line statement.

“We process privacy requests for opt-out and data access we receive from Canadian citizens,” he said. 

The “opt-out” option appears to suggest Canadians can get Clearview to stop selling their data to other companies, even though the firm itself says it “will never share or sell user data.” A representative of the company did not respond to a request for clarification on what specifically the opt-out entails. 

This is a lame response from Clearview AI. But not surprising. After all this is a firm that is at best is kind of shady. What needs to happen is that the Canadian Government needs to pass a law to force companies like Clearview AI to delete data upon request. Now this will likely cut into their profits and make their software less effective which is likely why the company doesn’t want to do this. And I am sure that if the Canadian Government does serve up such legislation, Clearview AI will fight it as hard as they can. But it’s clear that as IBM pointed out yesterday, facial recognition has serious problems. Thus all Canadians, if not everyone everywhere needs protections from companies like Clearview AI who want to profit from this tech at any cost.

Honda Pwned… Worldwide Production Temporarily Halted

Posted in Commentary with tags on June 10, 2020 by itnerd

Honda Motor company got pwned by hackers via some sort of ransomware. And the attack took down the car maker globally. That make it the most devastating cyberattacks that I have heard of. Here’s what the BBC reported:

“Honda can confirm that a cyber-attack has taken place on the Honda network,” the Japanese car-maker said in a statement.

It added that the problem was affecting its ability to access its computer servers, use email and otherwise make use of its internal systems.

“There is also an impact on production systems outside of Japan,” it added.

“Work is being undertaken to minimise the impact and to restore full functionality of production, sales and development activities.”

The firm – which makes motorcycles, cars, generators and lawn mowers, among other products – said one of its internal servers was attacked externally. 

It added that “the virus had spread” throughout its network, but did not provide further details.

And:

The company has confirmed that work at the UK plant has been halted alongside a suspension of other operations in North America, Turkey, Italy and Japan.

Dave Palmer, director of technology for Darktrace had this to say:

“This reported attack is a stark reminder of the risks that come from hyper connectivity.

EKANS is a relatively new form of ransomware – a tool which has the power to lock down industrial control systems and machinery in factories.

Critical environments do not fail gracefully. There isn’t the option of reverting to pen and paper and muddling along.

We need to build in cyber resiliency so these systems are able to resist and fight back against cyber-attacks. Last month, AI detected an attempted ransomware attack at a steel manufacturer and automatically stopped the attack from spreading to the sensitive (and much more valuable) industrial control systems avoiding any shut down of systems.

Now that industrial environments cannot simply be air-gapped to keep them safe, we need to invest in artificial intelligence systems that can work in the background to automatically and dynamically block attacks that not only bleed from IT but originate in industrial systems.”

Hopefully Honda will do some sort of post mortem on this and figure out how to improve their environment to avoid this situation in the future. I say that because shutting down production can’t be cheap. I’m going to guess that it’s tens if not hundreds of millions of dollars. Something a company like Honda can afford. I will also say that other companies should be watching so that they can learn from this and don’t become the next Honda.

Previously Unknown Indian Firm Were Apparently Hackers For Hire…. Yikes!

Posted in Commentary with tags on June 10, 2020 by itnerd

Reuters is reporting that a previously unknown IT firm in India were apparently hackers for hire who spied on a variety of high value targets. Here’s the details:

A little-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years. New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence. A cache of data reviewed by Reuters provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after Reuters alerted the firms to unusual patterns of activity on their platforms. On the list: judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States. These dozens of people, among the thousands targeted by BellTroX, did not respond to messages or declined comment. 

Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report here on Tuesday saying they had “high confidence” that BellTroX employees were behind the espionage campaign. “This is one of the largest spy-for-hire operations ever exposed,” said Citizen Lab researcher John Scott-Railton. Reuters was not able to establish how many of the hacking attempts were successful.

This firm at first blush seem to be a version of the rather infamous NSO Group. But to be clear, it doesn’t matter how successful or not that they happen to be. The fact is that groups like these are a legitimate threat that we’ll all need to deal with. Thus my advice for businesses and even individuals would be to make sure that your cyber securities are “on point” as the kids say so that you can avoid being a victim of a group like this.

ASUS Has Some Top Shelf Father’s Day Gift Suggestions For You

Posted in Commentary with tags on June 10, 2020 by itnerd

With Father’s Day less than 2 weeks away, ASUS has a few suggestions for dad that will be sure to make an impact.

  1. For dads embracing WFH: A portable monitor is a great addition to any home office set up, giving you the benefits of a second screen without the added clutter. Consider the ASUS ZenScreen MB16AC portable monitor, which features Low Blue Light technologies to ease eyestrain and a hybrid-signal solution – so it only needs a single USB cable to connect to almost any laptop. ($319 @ Bestbuy.ca)
  2. For those looking to get MMOre out of RPGs: Whether you’re getting ready for World of Warcraft: Shadowlands or looking to blow off steam with friends in Rainbow Six Siege, the ASUS TUF Gaming K5 Gaming keyboard delivers uncompromising performance and durability. Key switches are engineered to deliver crisp tactility with every press and housed in a spill-resistant frame. ($69 @ Bestbuy.ca)
  3. Take it even further by pairing it with the ASUS ROG Chakram. ($219 @ Canada Computers)
  4. For the home media connoisseur: Beyond improving a connectivity in your home, a router – likethe ASUS ZenWiFi AC – can double as a media bridge to improve the reception and performance of any home entertainment system, helping you squeeze more out of your smart TV, streaming hardware, gaming consoles and smart speakers. ($449 @ Canada Computers). I reviewed the ZenWiFi AC and you can read the review here.
  5. For dads that just need a new, no-fuss laptop: Combining good looks, solid build quality, performance and battery life, the convertible 2-in-1 ASUS Chromebook Flip C434 takes Chromebook design to the next level. ($699 @ Bestbuy.ca). I reviewed the Chromebook Flip C434 and you can read the review here.

Siemplify Unveils Cloud-Native SOAR Platform

Posted in Commentary on June 10, 2020 by itnerd

Siemplify, the leading independent provider of security orchestration, automation and response (SOAR), today announced Siemplify Cloud, the industry’s first cloud-native security operations platform. Reimagined for cloud delivery, Siemplify Cloud enables end-users and MSSPs to hit the ground running and derive value from SOAR faster than ever before, removing much of the complexity involved in deploying, maintaining and operating a SOAR platform.

Built using cloud-native technologies, Siemplify Cloud also makes it easier than ever to secure hybrid and multi-cloud environments. Siemplify Cloud seamlessly connects to native cloud threat detection technologies, traditional detection tools, such as SIEM and EDR, as well as any on-premises tools, effectively bridging the gap between cloud and on-premises security operations to deliver unified incident response at the speed of cloud.

The Siemplify Security Operations Platform combines SOAR with end-to-end security operations management to make analysts more productive, security engineers more effective and managers more informed about the SOC. Trusted by many of the world’s leading enterprises and MSSPs, security teams leverage Siemplify to reduce alert overload, build automated processes that slash response times and measure and improve SOC performance.

Siemplify Cloud is available in the following packages:

  • Essentials: For smaller security operations teams looking to automate key use cases quickly and easily. Siemplify Essentials includes all pre-packaged use cases, as well as the ability to build custom playbooks.
  • Professional: For larger security operations teams with more advanced security processes and higher alert volumes, Siemplify Professional features unlimited alert volume, playbook creation and includes a dedicated customer success manager.
  • Enterprise: For enterprise SOCs looking to manage large scale security operations from end to end. Siemplify Enterprise includes advanced capabilities, such as crisis management, business intelligence and premium 24/7 support.
  • Service Provider: For MSSPs looking to deliver high-margin, tailored security services to a diverse and demanding customer base. Siemplify Service Provider includes unlimited multi-tenancy, secure remote connectivity to customer sites and a customer portal for complete visibility into managed operations.

The Siemplify Community Edition continues to be available for free download for the benefit of the security community.

All Siemplify Cloud versions make extensive use of Siemplify’s use case marketplace. Deployed in minutes, use cases are designed to address a specific challenge, such as ransomware or phishing, and come packaged with all the playbooks, integrations and data required to get up and running. New use cases are continuously added by Siemplify experts, as well as members of the Siemplify Community and instantly available to all Siemplify Cloud users.

Starting at $2,500/month, Siemplify Cloud is generally available. Security professionals can sign up for a free 14-day trial of Siemplify Essentials and Siemplify Professional by visiting siemplify.co/get-started.