Archive for July, 2020

BREAKING: Florida Teen Busted For Epic Twitter Hack [UPDATE: Three Charged]

Posted in Commentary with tags on July 31, 2020 by itnerd

Today is the day for breaking news. ABC News is reporting that a Florida teen has been arrested in relation to the epic Twitter hack from earlier this month:

The 17-year-old Tampa resident, who was arrested Friday, was hit with 30 felony charges in connection with the hack, according to Hillsborough State Attorney Andrew Warren.

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.” 

The Florida teen was the “mastermind” of the hack, according to a statement from Warren’s office.

That kind of implies that other arrests are coming or perhaps have already been made. Either way, this is huge. Expect more news to come shortly.

UPDATE: Here’s more. A Justice Department release has three people charged in connection to this hack. We only know of one that was arrested (the 17 y/o) in Florida. So I have to assume that the other two are still outstanding.

BREAKING: Microsoft Is Said To Be In Talks To Buy TikTok’s US Operations

Posted in Commentary with tags on July 31, 2020 by itnerd

From the “I didn’t see this coming” department comes this news that Microsoft is looking to buy TikTok’s US operations:

Amid reports that President Donald Trump plans to order TikTok’s parent company, ByteDance, to sell the social-media app’s US operations, Microsoft has emerged as a potential buyer.

News of the talks was reported first by Fox Business Network’s Charles Gasparino on Friday and later by The New York Times and Bloomberg.

In a statement to Business Insider, a TikTok representative said, “While we do not comment on rumors or speculation, we are confident in the long-term success of TikTok.” Microsoft declined to comment.

Well, this is one hell of a plot twist. Clearly I shouldn’t have any plans for this evening as this is an evolving story. Buckle up!

BREAKING: Trump To Sign Executive Order To Force ByteDance To Divest Itself Of TikTok Related Operations In The US

Posted in Commentary with tags on July 31, 2020 by itnerd

According to Bloomberg, the Chinese owned social media network TikTok may be about to face a ban of sorts in the US as President Trump is looking to sign an executive order to force its US operations out of Chinese hands:

President Donald Trump plans to announce a decision ordering China’s ByteDance Ltd. to divest its ownership of the popular U.S.-based music-video app TikTok, according to people familiar with the matter.

The U.S. has been investigating potential national security risks due to the company’s control of the app, and Trump’s decision could be announced as soon as Friday.

Spokespeople for the White House and Treasury Department didn’t immediately respond to requests for comment. A TikTok spokesperson couldn’t be reached for comment.

I wonder just how this will be achieved and most importantly, if China will allow it even assuming that the US administration can pull this off somehow. It’s all very sketchy to me. But I suppose we’ll find out shortly.

BREAKING: Canada Releases COVID-19 Tracing App

Posted in Commentary with tags , on July 31, 2020 by itnerd

The Government of Canada has just released its COVID-19 tracing app today. Called COVID Alert, the app is now available for download for iOS and Android users. It uses the Exposure Notification API developed by Apple and Google which you can read about here. And it was built by Shopify and BlackBerry.

The whole point of the app is that if enough people download it, like 60% or more, then the app will alert you if you have been potentially exposed to someone who has tested positive COVID-19. The app doesn’t use GPS to determine this. Instead it uses Bluetooth to keep track of users of the app that you come across and it is completely anonymous.

For Android, you need to have Android 6 or higher, and for iOS you need iOS 13.5 or later. I’ve downloaded it and it looks simple and easy to use. It also does a good job of explaining the purpose of the app and how it works. I for one hope that as many people across Canada download and use the app so that it will help Canada to flatten the curve and keep it flat.

UPDATE: Here’s a video about the app:

In Depth: KABN

Posted in Commentary on July 31, 2020 by itnerd

KABN knows the importance of online identity.  Our Identity is what makes us unique, but since the inception of the Internet, digital identity has been an afterthought.  With today’s acceleration of online commerce, education, healthcare, government and other services, digital identity and the data that surrounds it is online “gold”.  KABN also believes that ownership of identity is a basic human right and individuals should be the primary beneficiary of any use of their identity.

  • In the “real world,” it’s easy to prove who you are either by visual or traditional identity verification.  It’s a process that most people are accustomed to following.  Most people carry their wallets and keyring to hold their Identity documents and access items (keys) for their valuables (home, car). 
  • In the “online world,” it’s not that easy to prove that “you are you”.  Identity verification is managed on a site-by-site basis and users are required to deliver sensitive documents to unknown 3rd parties, potentially compromising the value of their identity and increasingly exposing themselves to the risk of identity fraud. As more and more services are offered online and more people, especially Millennials and Gen Z’s, spend their lives (play, shop, educate, work) online, it makes it is equally important to have your identity verified in the online realm. Also, every organization has a slightly different way of managing identity.  Some just want your credit card information.  Some may want private identity information, requiring consumers to trust vendors without knowing how their information is stored, used, or who has access to it. There is a lot of “friction” with this, as the process is continually repeated from organization to organization, effectively reducing the value of a person’s private documentation and making them susceptible to identity theft.
  • Proving identity online is not easy. KABN changes all that with KABN ID and Liquid Avatar, and  a suite of services  (KABN ID, LIQUID AVATAR, PEGASUS FLYTE VISA CARD, AND KABN KASH) that starts with a verified, bank grade digital identity that is controlled and managed by the user, is reusable and transportable and, best of all, FREE to consumers.  This process supports both commercial clients and consumers by making it easier to verify, manage and engage with known users. 
  • KABN ID, is a reusable, Always On, compliant, biometrically-based, identity verification and validation platform that forms the engine of the KABN Network.
  • Liquid Avatar, Liquid Avatar – www.liquidavatar.com  isa digital image-based “wallet and keyring” platform that allows usersto manage their digital identity.
  • Pegasus Flyte Visa Card, an approved prepaid Visa card that includes a Mobile Banking Wallet that supports both digital and traditional currencies.
  • KABN KASH, a robust loyalty and engagement platform with cashback and card-linked programs.

HOW IT WORKS:

By visiting www.liquiavatar.com or using the Liquid Avatar App, a user can create a fully custom-designed representation of themselves (character, fantasy, icon, etc.) that can be used online, through email, text, social media, games, and on the web to represent themselves as a person.  Liquid Avatars will work with email, text and social media and across virtually every device, platform and network.

Liquid Avatars are powered by KABN ID, providing users with a reusable, verified digital identity platform powered by blockchain-based technology and biometrics (facial recognition and eventually other factors, like voice, fingerprint, etc.), ensuring that no two Avatars are ever the same and also giving each person easy to use, complete and secure control over their image and connected information.    

Liquid Avatar is applicable to 100% of the online consumer and business markets

There are a host of use cases including:

  • Identity Fraud Reduction – to prove that a user is the intended recipient of any service or offering through multi-factor authentication that includes biometrics.
  • Purchase Validation for eCommerce – confirming that the user is authorized to use credit cards and other payment methods.
  • eSports and Online Gaming – verifying prizing, players and cross-referencing multiple accounts.
  • Information / Data Services – creating aggregated public information to generate offers and solutions exclusively for Liquid Avatar users.
  • Education – verifying that registered students are those actually taking classes, completing work and exams, and receiving academic credit.
  • Government – supporting local, state and national government initiatives.
  • Healthcare – creating privacy, record transfer/sharing and portability.

KABN creates verified, validated online identities that are:

Reusable – Individual users are provided with a KABN ID and don’t have to share/reshare private documents with any KABN partners (about 20 partners and growing)

Always On – KABN ID holders are continuously monitored for AML (anti-money laundering) and Adverse media changes and we can provide our partners with any change to an individual user’s status.

Customer controlled / benefits – KABN ID creates value for its individual users by letting them benefit and control the value propositions that they see based on their aggregated, permission based public identity.  KABN delivers offers and opportunities that fit their public profile, including owned, partnered and 3rd party programs and other data-supported, revenue-driven services.  KABN’s Liquid Avatar program “gamifies” the portability of digital identity.

Guest Post: Darktrace Email Finds: Two WeTransfer Impersonation Attacks Caught By AI

Posted in Commentary with tags on July 31, 2020 by itnerd

By: Dan Fien, Director of Email Security Products for the Americas, Darktrace

In recent months, Antigena Email has seen a surge in email attacks claiming to be from file sharing site WeTransfer. These attacks attempt to deploy malware into a recipient’s device and further infiltrate an organization. 

This is a common technique deployed by attackers, who find success in masquerading behind the trusted brands of well-known SaaS vendors. Darktrace has recently seen similar attacks leveraging both QuickBooks and Microsoft Teams

Incident one

This email was directed at an employee in the accounts department of a leading financial services organization in the APAC region. 

Figure 1: An interactive snapshot of Antigena Email’s user interface.

The subject line of this email – “We sent you an invoice via WeTransfer” – is typical of a solicitation attack. Hidden behind a button reading ‘Get your files’ was a webpage that contained malware but displayed a login page. If a user entered their username and password in an attempt to access this ‘invoice’, the malware would harvest their credentials and send them to the attacker.

Figure 2: The fake login page, branded as Microsoft Excel, which would have likely sent the credentials to a spreadsheet controlled by the attacker.

This attack bypassed the other security tools in place, but was detected by Antigena Email due to a number of anomalies that when stitched together unmistakably reveal a threat.

Figure 3: Antigena Email’s dashboard reveals the true sender of the email.

Critical for Antigena Email’s detection of this attack was that the email contained an anomalous link. It would be highly unusual for WeTransfer to link to SharePoint – a direct competitor – in their emails. The AI also recognized that neither the employee in the accounting department, nor anyone else in the organization, had previously visited the domain in question, and deemed this email to be 100% anomalous. These details, along with other characteristics of the URL, gave Darktrace’s AI reason to tag this email with the ‘suspicious link’ tag, prompting Antigena Email to double lock the offending link and hold the message back from the recipient’s inbox.

Incident two

A second incident leveraging WeTransfer’s name was detected just a week later at a law firm in Europe. This email was more sophisticated and even more convincing, appearing to come from the legitimate WeTransfer domain. However, it still set off over a dozen Darktrace models, again prompting Antigena to lock links and hold the email back.

Figure 4: An interactive UI snapshot of the second email.

This attack went a step further. Whereas in the previous scenario the attacker simply changed the personal name, leveraging <noreply[.]com>, here the attacker manipulated the headers to make the email appear to come from the WeTransfer domain. 

Recent research that will be further unveiled at BlackHat indicates there could be as many as 18 different methods to mislead common email verification checks like Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC). Some of these techniques may be as simple as including two FROM lines in an email header, which may result in a mail server verifying the first FROM header while the email client displays the second FROM address. As a result, an email sent from an attacker’s mail server can be verified as coming from a legitimate address – in this case <noreply@wetransfer[.]com.

The familiarity of the apparent sender of this email is reflected in the ‘Depth’ and ‘Width’ scores below of 19 and 47 respectively, indicating moderate communication history. However, Antigena Email reveals that the true sender is from a rare domain, and one that is unrelated to WeTransfer.

Figure 6: The metrics of the second email.

Darktrace’s AI also detected two suspicious links within the email that were considered highly anomalous given previous communication between WeTransfer and the client. And importantly – the absence of a WeTransfer link!

Figure 7: Two links in the email were considered highly anomalous and threatening

These unusual links combined with the recognition of a spoofing attempt prompted Antigena Email to deem this email as 100% anomalous and intervene, protecting the recipient — and business — from harm. Despite this second email attack employing more sophisticated attack methods, allowing it to evade legacy email tools and closely resembling a legitimate email, Darktrace’s AI was able to recognize an even wider array of indicators that prompted it to hold the email back.

To learn more about Antigena Email, click here >

In Depth: Edgewater Wireless

Posted in Commentary with tags on July 30, 2020 by itnerd

Since 1999, Wi-Fi has followed the same architecture — a single lane road — ideal for connecting one or two devices.  Fast-forward to today, where Wi-Fi has become one of the most wildly successful technologies.  It’s everywhere from your laptop, to iPads, phones, TV’s, gaming platforms and now even thermostats and lightbulbs.  And, it simply wasn’t designed to deal with the proliferation of devices –  3 billion devices shipped last year!

Edgewater Wireless, headquartered in Ottawa, is revolutionizing Wi-Fi and have patented the industry’s first multi-lane highway for Wi-Fi. A multi-lane highway for Wi-Fi, Edgewater’s Wi-Fi Spectrum Slicing, or MCSR™, offers a revolutionary approach designed specifically to tackle the billions of connected devices globally.  

Developed in concert with CableLabs, the global R&D arm of the Cable Industry, Dual-Channel Wi-Fi is an emerging standard that has been designed to address some of the biggest challenges in the $500B cable industry

Dual Channel Wi-Fi™ means:

1. no more dropouts, 

2. no more lag, 

3. seamless connections for video applications or gaming,  

4. Dramatically reduce latency by using two separate channels for connecting devices.  

5. Enable multiple, concurrent downlink-only channels reduces contention and takes legacy WiFi connectivity to the next level.

This is really the start of what could become the next standard in Wi-Fi. The rise of online gaming and over-the-top streaming services such as Netflix has put more stress than was ever intended on traditional Wi-Fi access points, which were first introduced some 20 years ago. Adding dedicated download channels for services with high-bandwidth demands is a more efficient use of Wi-Fi spectrum, he explains, and can essentially reduce data pileups.  This is the equivalent of a single-lane road to a multi-lane highway.

The foundational code to enable dual channel in Wi-Fi access points, tablets, televisions and gaming systems is open source.  Edgewater’s patents and expertise uniquely position the company to capitalize on the global shift in Wi-Fi.

Most importantly, it’s a strong statement by the $33B global Wi-Fi industry that more lanes are the future of Wi-Fi, and wireless, especially with 5G on the way in the near future.  Edgewater’s patented multi-lane approach, Wi-Fi Spectrum Slicing (MCSR™) is at the forefront of what’s an emerging standard for the global Wi-Fi industry.  This is really the start of what could become the next standard in Wi-Fi.”

You can find out more about Edgewater Wireless here.

TextMeAnywhere Helps Retailers Manage COVID-19 Curbside Pickup Logistics Through Text

Posted in Commentary on July 30, 2020 by itnerd

Unite Communications’ recently launched TextMeAnywhere solution helps retailers manage customer curbside pickup during COVID-19 by introducing an easy to use web application that transforms an existing landline, VoIP, or Toll Free number of a business into a textable number.

COVID-19 physical distancing orders mandate that retailers reduce store capacity so customers can remain two meters apart. Curbside pickup is a great option for customers that want to purchase an item online and pick up the same day without having to go into the store.

Retailers have had to quickly adapt to adopt this new option, frequently running into logistics issues when their business phone numbers are landlines. They have had to ask staff to manage multiple phone calls, send emails that get stuck in spam, or purchase mobile phones and numbers to not have to ask staff to use their personal mobiles. 

Retailers deemed essential had an advantage because they were forced to adapt from the beginning and provide curbside pickup as the only option, but now other retailers are beginning to follow. Curbside pickup is an easy, convenient option to offer customers and the TextMeAnywhere solution makes the logistics behind it just as easy and convenient for any retailer.

Here’s a quick explainer video:

For additional information and updates, visit www.textmeanywhere.com

Apple Faces A Multi-State “Batterygate” Investigation

Posted in Commentary with tags on July 29, 2020 by itnerd

If Apple thought that this settlement for their “Batterygate” issues would put it to bed, they were wrong. Arizona is leading a multi-U.S. state probe into whether Apple’s deliberate slowing of older iPhones violated deceptive trade practice laws:

Arizona is leading a multi-U.S. state probe into whether Apple Inc’s deliberate slowing of older iPhones violated deceptive trade practice laws, documents reviewed by Reuters on Wednesday showed. 

Last week, a separate document released by a tech watchdog group showed the Texas attorney general might sue Apple for such violations in connection with a multi-state probe, without specifying charges. 

In the ongoing probe since at least October 2018, investigators have asked Apple for data about “unexpected shutdowns” of iPhones and the company’s throttling, or slowing down, of the devices through power management software, documents Reuters obtained through a public records request showed.

The attorneys general offices in Arizona and Texas declined to comment. Apple did not immediately respond to a request for comment.

Well, that’s a problem for Apple. It means that this issue will stay in the news longer. And it’s entirely possible that other states will jump on the bandwagon which is something else that Apple likely doesn’t want. IT should be interesting to see Apple respond to this latest “Batterygate” crisis.

TikTok’s Woes Mount As Japan Considers Banning It And Other Chinese Apps

Posted in Commentary with tags on July 29, 2020 by itnerd

A group of Japanese lawmakers is seeking to restrict the use of TikTok and other apps developed by Chinese firms, following in the footsteps of India, which has already blocked dozens of Chinese apps, and the U.S., which is floating the idea:

The decision was first reported by Japanese national broadcaster NHK. The lawyers shared the same concern as officials in the U.S. and India that their domestic user data could end up in the hands of Beijing, and planned to submit the proposal to the Japanese government as early as September. Japan was one of TikTok’s first overseas success cases despite being considered a tough nut for foreign internet firms to crack. The nascent localization team went all out to attract celebrity users and made its breakthrough with Kinoshita Yukina, a TV personality, after holding “six or seven rounds of discussions” with her studio. Kinoshita’s participation ushered in other stars, who brought with them flocks of fans to the platform. In the Japanese iOS store, TikTok has consistently ranked at the top among entertainment apps and is the fifth-most downloaded app across all categories in the country as of this writing, according to research firm App Annie.

Much as I thought, the avalanche of countries banning Chinese apps is growing. There is a serious mistrust of Chinese made apps because of the behavior of TikTok and other apps. I predict that you will see more of this as time goes on. Which means that I fully expect that tomorrow, and in the next week or two that you will see more announcements like this which is bad news for Chinese made apps.