Archive for July 3, 2020

Rainbow Six Siege Canada Division: Playday 2 Tonight At 6PM EST

Posted in Commentary with tags on July 3, 2020 by itnerd

Not only is it the beginning of the weekend, but Friday also brings us more Rainbow Six Siege Canada Division action!

Today’s match will be between @AltioraGG and @LiViDGG.

As always, you can tune into the matches every Friday at 6PM EDT/3PM PDT on http://Twitch.tv/Rainbow6.

TikTok Doesn’t Belong On Your Phone Because It Is A Privacy & Security Nightmare Says Security Researcher

Posted in Commentary with tags , , on July 3, 2020 by itnerd

According to a security researcher who posted to Reddit, TikTok is one app that if you value your privacy and security, you need to delete ASAP. Here’s why:

TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.

  • Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
  • Other apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload – maybe using as cached value?)
  • Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
  • Whether or not you’re rooted/jailbroken
  • Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds – this is enabled by default if you ever location-tag a post IIRC
  • They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication

The stuff that I’ve listed above is pretty bad. But it gets worse:

Here’s the thing though.. they don’t want you to know how much information they’re collecting on you, and the security implications of all of that data in one place, en masse, are f**king huge. They encrypt all of the analytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can’t see what they’re doing. They also made it so you cannot use the app at all if you block communication to their analytics host off at the DNS-level.

For what it’s worth I’ve reversed the Instagram, Facebook, Reddit, and Twitter apps. They don’t collect anywhere near the same amount of data that TikTok does, and they sure as hell aren’t outright trying to hide exactly whats being sent like TikTok is. It’s like comparing a cup of water to the ocean – they just don’t compare.

This is just downright scary. And this Reddit thread is gaining attention. Security company Zimperium had its own look at TikTok and it says its a security risk. Anonymous has said to “delete this Chinese spyware now.” The Pentagon advises that TikTok should be deleted from phones. Something that the US Army has taken heed of. And while this likely has more to do with a border issue between China and India, the latter has banned a pile of Chinese apps, which includes TikTok.

The point is that it’s pretty clear that TikTok is a security risk of epic proportions. If you value your security, I would read the Reddit thread and then make your own decision as to if TikTok deserves a place on your smartphone. Or your kids smartphone for that matter.

Terranova Security Releases Enhanced Mobile Responsive Version Of Security Awareness Training Library

Posted in Commentary with tags on July 3, 2020 by itnerd

Terranova Security, a global leader in security awareness training, announced mobile responsive security awareness training content enhancements for its platform.

This release allows organizations to train their users on any device, allowing them to access security awareness training modules from their smartphone, tablet, laptop, or desktop. A user’s training progress is always saved to their unique platform profile, ensuring that no learning momentum is lost. These enhancements underscore the Terranova Security dedication to delivering a fun, engaging, powerfully effective omnichannel learning experience.

Major mobile responsive features in this release include:

  • Enhanced flexibility and convenience: Terranova Security is recognized for its high-quality content, strong customer support, its customizable learning material and for ensuring that its content is available to all users. The company has continued to deliver in this area, with security awareness training content that can be enjoyed on any device via an improved mobile-responsive design. This release reinforces the Terranova Security commitment to bring security awareness training to all users on their preferred device for a more flexible, comfortable learning experience.
  • Seamless training access on all devices: Terranova Security is committed to making security awareness training programs engaging and easy to use. This mobile responsive release from Terranova Security enables users to save their progress to their unique platform profile that’s accessible in their favorite browser, regardless of the device being used. This makes switching between a desktop and a smartphone or tablet effortless, uncomplicated, and free of any training data loss.
  • Enhanced mobile responsiveness, same high-quality awareness courses users love: The Terranova Security mobile responsiveness measures included enhancements made to the company’s information security awareness course library. This high-quality training content has become the Terranova Security hallmark and is now available across all devices, giving users the freedom to complete security awareness training modules at a time and on a device that works for their schedule and lifestyle.

The recent explosion mobile device usage has magnified the importance of mobile learning as a vital part of any security awareness training program. Studies show that 70% of learners feel more motivated when training on a mobile device, while smartphone learners tend to complete course material 45% faster than those using a desktop computer.

These trends won’t be fading anytime soon. As of 2019, there are more cellphones on Earth than human beings. By 2025, 72% of internet users will access the web using only their smartphones, making their inclusion in security awareness training more crucial than ever.

The English mobile-responsive version of the Terranova Security security awareness trainingcourse material is available now to new and existing customers. The Terranova Security mobile responsive content will be available in additional languages by the end of 2020.

Read more in their mobile learning blog post.

2/3 of Canadians More Aware Of Cybersecurity Policies Since Lockdown: Trend Micro

Posted in Commentary with tags on July 3, 2020 by itnerd

Trend Micro Incorporated today released survey results that show how remote workers address cybersecurity. Nearly three quarters (72%) of remote workers say they are more conscious of their organisation’s cybersecurity policies since lockdown began, but many are breaking the rules anyway due to limited understanding or resource constraints.

Trend Micro’s Head in the Clouds study is distilled from interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies. It reveals that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness. The survey reveals that the approach businesses take to training is critical to ensure secure practices are being followed.

The results indicate a high level of security awareness, with 85% of respondents claiming they take instructions from their IT team seriously, and 81% agree that cybersecurity within their organisation is partly their responsibility. Additionally, 64% acknowledge that using non-work applications on a corporate device is a security risk.

However, just because most people understand the risks does not mean they stick to the rules.

For example:

  • 56% of employees admit to using a non-work application on a corporate device, and 66% of them have actually uploaded corporate data to that application.
  • 80% of respondents confess to using their work laptop for personal browsing, and only 36% of them fully restrict the sites they visit.
  • 39% of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy.
  • 8% of respondents admit to watching / accessing porn on their work laptop, and 7% access the dark web.

Productivity still wins out over protection for many users. A third of respondents (34%) agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done. Additionally, 29% think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’

The Head in the Clouds study looks into the psychology of people’s behaviour in terms of cybersecurity, including their attitudes towards risk. It presents several common information security “personas” with the aim of helping organizations tailor their cybersecurity strategy in the right way for the right employee.

European Advertisers Whine Like Babies About iOS 14 Ad Tracking Warnings For Users

Posted in Commentary with tags on July 3, 2020 by itnerd

Reuters is reporting that a group of European digital advertising associations has criticized Apple for requiring apps in iOS 14 to seek additional permission from users before tracking them across other apps and websites:

Sixteen marketing associations, some of which are backed by Facebook Inc and Alphabet Inc’s Google, faulted Apple for not adhering to an ad-industry system for seeking user consent under European privacy rules. Apps will now need to ask for permission twice, increasing the risk users will refuse, the associations argued.

You’ll note that some of these marketing associations are backed by Google and Facebook. Both of whom are companies who make tons of money off advertising. That likely goes a long way to explain why they are upset. But what these clowns don’t get is that users want control over what companies know about them. Companies should not have the right to do whatever they want and I for one am perfectly fine with Apple blocking them from tracking me in any manner that they feel like. I criticize Apple for a lot of things, but this isn’t one of them. I say good on Apple for making these companies whine like babies because they will not get the data that they want when iOS 14 ships this fall.