Archive for July 15, 2020

BREAKING: Several High Profile Twitter Accounts Have Been Hijacked To Tweet Bitcoin Scams

Posted in Commentary with tags , on July 15, 2020 by itnerd

Happening now is the apparent hijacking of numerous high profile Twitter accounts to promote Bitcoin scams including Apple’s Twitter account as well as the Twitter accounts of Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, Microsoft CEO Bill Gates, and others. Given the number of high profile accounts that have been breached, the hack may have originated from a Twitter security vulnerability or a security vulnerability of an app that speaks to Twitter like TweetDeck or Hootsuite or something of that sort. But that isn’t clear at present. But here is what is known at present:

It’s not immediately known how the account hacks took place. Security researchers, however, found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.

This is serious and it appears that Twitter is investigating and we should have more details soon. But this is likely a good reminder that you need to make sure that your Twitter accounts are secure so that you don’t become a victim of something like this. Twitter itself has some tips on this.

UPDATE: The list of people who have been pwned is growing:

UPDATE #2: Twitter has taken the step of stopping anyone with a verified account from tweeting:

I think this points towards a hack of Twitter at this point. Though I am open to hear alternative explanations for this incident.

UPDATE #3: Most verified Twitter accounts are now once again able to tweet. Twitter is still working on fully fixing the issue:

UPDATE #4: Jack Dorsey who is Twitter’s CEO has commented….. Via Twitter:

This pretty much confirms that Twitter got pwned.

Report: Trump Gave The CIA More Power To Launch Cyberattacks

Posted in Commentary with tags on July 15, 2020 by itnerd

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, Yahoo News reported, citing former U.S. officials with direct knowledge of the matter:

The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations. The finding allows the CIA to more easily authorize its own covert cyber operations, rather than requiring the agency to get approval from the White House. Unlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such as preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and crafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.

The “very aggressive” finding “gave the agency very specific authorities to really take the fight offensively to a handful of adversarial countries,” said a former U.S. government official. These countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well, according to another former official. “The White House wanted a vehicle to strike back,” said the second former official. “And this was the way to do it.” The CIA’s new powers are not about hacking to collect intelligence. Instead, they open the way for the agency to launch offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program.

Assuming that this is accurate, I am not sure that this was a good idea. Having checks and balances to ensure that this is an option that is only used if it is truly required would likely mean that these are targeted operations by the US with a limited scope and a low chance that the target will retaliate. But now that this is out there, countries with the ability to launch these sorts of cyberattacks will likely feel that they have the green light to retaliate. Or launch larger scale cyberattacks of their own with potentially devastating effects. That has the potential to create all sorts of chaos. And it may come back to haunt the US at some point.

Huawei And Other Chinese Tech Employees Banned From Entering The US

Posted in Commentary with tags on July 15, 2020 by itnerd

From the “stay out of the US” department comes news that Secretary of State Mike Pompeo on Wednesday has announced visa restrictions on employees of Chinese technology companies, including Huawei, in the latest Trump administration move against Beijing. Here’s what CNN had to say:

The US “will impose visa restrictions on certain employees … of Chinese technology companies like Huawei that provide material support to regimes engaging in human rights violations and abuses globally,” Pompeo told reporters at a State Department press briefing. The top US did not elaborate on which employees would be targeted or how many people would be affected. Pompeo’s announcement comes a day after President Donald Trump announced he would sign a bill and an executive order punishing China for steps that are widely seen as an attempt to crush democratic freedoms in Hong Kong, and railed at China for “unleashing … upon the world” the global coronavirus pandemic. In an interview with The Hill later Wednesday, Pompeo added that the US is looking at limits on other Chinese tech companies as well.

This is likely retaliation for the Chinese government banning a bunch of US Senators because they were critical of China. Clearly things between the US and China are escalating. And I think it’s safe to say that we’re going to see a lot more of this over the next few days.

Guest Post: TikTok Ban? Companies, Agencies Do Not Have Secure Data If Chinese App Allowed on Company, Personal Phones Says IAITAM

Posted in Commentary with tags on July 15, 2020 by itnerd

The nation of India, the U.S. military, and banking giant Wells Fargo already have either banned TikTok app use altogether or at least on company mobile devices. Should your organization follow suit and prohibit the popular app TikTok on company and even personal phones?  Today, the International Association of IT Asset Managers (IAITAM) warned that allowing employees to use TikTok on any devices (including personal cell phones and tablets in a work-from-home context) with direct access to corporate data is “not consistent with maintaining data integrity.”

The TikTok app is taking the world by storm, with controversy brewing over whether the app’s open-ended permissions pose security risks for corporations, government agencies and other organizations particularly during a time when many employees are still working from home (WFH) due to COVID-19.

Concerns about the Chinese-owned TikTok are reminiscent of earlier security worries about Fitbit and Pokémon Go. In 2016, IAITAM called on corporations to ban the installation and use of Pokémon Go on both corporate-owned, business-only (COBO) phones/tablets and “bring your own device” (BYOD) phones/tablets with direct access to sensitive corporate information and accounts. In 2019, IAITAM advocated against Microsoft’s policy decision to let end-users buy some of their own apps and licenses through Office 365, bringing up concerns over how businesses would track IT assets to ensure compliance. Due to such criticism, the technology giant reversed its decision.

The TikTok app has been found gathering data that includes the user’s clipboard history, location and GPS data, much like the Fitbit security breaches that the Department of Defense experienced in 2018, where fitness trackers used location data to map military bases while soldiers exercised.

Dr. Barbara Rembiesa, president and CEO of IAITAM, said: “The TikTok app unnecessarily endangers data in a way that any government agency or corporation should be concerned about. Combine that with the blending of corporate and personal assets due to work-from-home conditions for employees and you have a perfect storm for sensitive data to be placed into the wrong hands.  As things stand today, allowing TikTok in or near your organization’s environment is not consistent with maintaining data integrity.”

Rembiesa continued: “Acceptable data risk needs to be ascertained prior to downloading software and such software should be managed by an IT asset manager. The risk posed by the data permissions of TikTok does not meet data security best practices.  Diligence and education on ITAM procedures are essential for businesses to implement smart digital policies and mitigate security risks.”

Since March, IAITAM has been at the forefront of work-from-home data concerns during the COVID-19 pandemic, issuing multiple warnings on “nightmare data risks”tech headaches and challenges associated with transitioning to work from home.   

Following ITAM best practices is a roadmap for organizations to protect and get the most out of their IT assets. IAITAM offers courses and training opportunities throughout the year for agencies and businesses seeking to strengthen their cybersecurity and IT asset management.
 

HP Introduces A New Global Partner Program

Posted in Commentary with tags on July 15, 2020 by itnerd

Today, HP Inc. unveiled HP Amplify, a first-of-its kind global channel partner program optimized to drive dynamic partner growth and deliver consistent end customer experiences. Built on a single, integrated structure, HP Amplify provides the insights, capabilities and collaboration tools needed to drive growth as digital transformation and customer purchasing behaviors continue to evolve. The new program goes into effect November 1, 2020 for commercial partners with retail partners slated to transition in the second half of 2021.

By consolidating HP’s best partner products, tools and trainings into one intuitive program, HP Amplify removes complexity, making it easier for partners to take advantage of its many benefits and engage customers on a deeper level. Now comprised of just two distinct tracks – Synergy and Power – with clear compensation levels, HP Amplify provides partners with the flexibility to invest in value-added services and capabilities. The more a partner invests in these capabilities, the higher the rewards.

Experiences at the Speed of Digital

Customers have dramatically altered how they research and buy technology and how they engage with brands, buying more products and services through digital channels, such as e-commerce, partner portals and marketplaces. At the same time, technology and digital transformation are advancing at an astounding pace while business models are shifting from simple transactions focused on selling products to contractual relationships.

For the IT industry overall, and the channel specifically, it means business as usual is no longer an option. With the introduction of HP Amplify, HP is taking decisive actions to capitalize on these shifts, arming partners for future growth and to deliver a more satisfying customer experience.

Performance, Capabilities & Collaboration

Designed to enable progressive go-to-market strategies that cater to a combination of transactional, contractual and hybrid selling models, HP Amplify focuses on three core pillars: performance, capabilities and collaboration.

Performance

As the traditional sales model has been upended, so too has the traditional channel compensation model. While the new program will continue to reward partners based on goals and volume, HP Amplify features an innovative measurement and reward system that accounts for the many strategic efforts partners employ throughout the holistic sales process, from registration volume to average sales value and account retention.

Capabilities

Beyond sales revenue alone, HP Amplify measures rewards based on new capabilities, including investing in and improving digital skills, service delivery capabilities, e-commerce/omnichannel experiences and secure data collaboration.

Capabilities will be specialized and tailored to the sectors customers operate within, creating more personalized experiences and driving invaluable outcomes. HP Amplify rewards partners who invest in the capabilities to compete – and win – in a world dominated by e-commerce and digital-led customer journeys and experiences. The more capabilities around secure data collection, routes to market, services and specializations, the more access and benefits partners will receive.

Collaboration

Collaboration between HP and its partners is critical to our shared success. HP Amplify is designed to turn data analytics into deeper insights that inspire new strategies and steer innovation. HP will collaborate closely with partners to hone their digital skills, such as automated quotes and ordering, to provide a more consistent customer experience across multiple channels and equip partners with valuable research on the most important pain points in the customer journey.

Armed with this added opt-in customer intelligence, partners will have more of a competitive edge, with the intrinsic ability to anticipate and enable more positive customer outcomes. As a result, partners will be able to serve customers more seamlessly through automated inventory updates, product returns and holistic data intelligence. These experiences will continue to build upon the long- standing bonds between customers, partners and HP.

HP Amplify Impact

HP’s dedication to sustainable impact through technology that makes life better for everyone, everywhere has long been integral to its business strategy and operations. Together, HP and its partners can make a lasting difference by acting in lockstep to further fuel innovation and growth in these areas. For this reason, as an extension of the company’s new global program, HP is introducing HP Amplify Impact, inviting all partners to join HP in its pledge to address:

  • Planet: Working toward a circular, low-carbon economy
  • People: Respecting human rights, enable people across the value chain to thrive; and cultivate a diverse and inclusive culture
  • Community: Unlocking educational and economic opportunity while improving the vitality and resilience of local communities  

For partners who choose to join this opt-in pledge, HP will provide training and support, and help identify potential gaps in the goals partners wish to set and provide guidance on how to achieve those goals. HP will provide more details closer to the launch of HP Amplify on November 1, 2020.

Huawei Becomes A Patent Troll To Fight Back Against The US

Posted in Commentary with tags on July 15, 2020 by itnerd

From the “I didn’t see this coming” department comes this Forbes story that describes how out of favor Chinese telco gear maker Huawei is using the US patent system to fight back against US attempts to freeze it out of the country:

Putting Huawei on the Entity List may have stopped it from licensing critical US technology, but Huawei is seeking to earn revenue in other ways. Huawei filed patent infringement claims against Verizon and also for products Verizon acquires from other US companies such as Cisco and Hewlett-Packard; and Huawei is demanding royalty payments for hundreds of patents. Huawei’s patents may not even be practiced in the firms’ products, but Huawei is allowed to use the legal process to compel court discovery on Verizon’s and its suppliers’ confidential information. Huawei may illegally use this data to enrich Huawei’s knowledge of competitors’ products and technology. 

Well, that’s pretty crafty and it is certain that the White House had not considered this possibility. You have to wonder what’s next from Huawei seeing as the metaphorical noose is tightening around it at the moment.

Agility Logistics Brings More Efficiency & Sustainability to Processes & Customer Service With OpenText Content Services

Posted in Commentary with tags on July 15, 2020 by itnerd

OpenText™ today announced Agility Logistics, one of the world’s largest integrated logistics providers, has deployed OpenText™ Content Services to streamline global operations, including freight and shipping via land, air and sea for more than 60,000 customers in 100 countries. 

Agility Logistics works with companies to move, manage and distribute the goods that underpin global commerce. Every shipment produces a physical paper trail of documents – such as airway bills, invoices and bills of lading – which previously took days to reach their destination for cargo processing. To secure end-to-end information resiliency and efficiency, the company implemented OpenText Information Management technologies to provide an integrated, centralized repository for capturing, sharing and managing documents.

After a lengthy evaluation process, Agility chose OpenText™ Content Services solutions, including:

  • OpenText™ Intelligent Capture to automatically scan and transform documents into PDFs while metadata is captured to enable easy search and retrieval
  • OpenText™ Documentum as a content management platform to tightly integrate with the company’s core logistics system and financial applications, ensuring reports and key financial data are automatically stored in an electronic format
  • OpenText™ Documentum xCP to build modern user interfaces tailored to customers’ needs across verticals
  • OpenText™ InfoArchive to ensure data and content retention complies with industry requirements

Agility will also leverage OpenText technologies to improve the environmental sustainability of their operations.

Citizen Care Pod: Bolstering Life-Saving COVID-19 Efforts Just In Time For Reopening

Posted in Commentary with tags on July 15, 2020 by itnerd

After months of closures due to the coronavirus outbreak, provinces across Canada are slowly allowing office spaces, retail and restaurant establishments, and other workplaces to reopen. However, many employees and customers have concerns about the rapid and easy spread of COVID-19 in these enclosed, densely populated spaces. As a result, the healthcare industry is under extreme pressure, doing all that they can in the wake of the economy opening back up.

Thanks to advances, and even breakthroughs in technology, medical organizations and professionals around the world are able to make steady progress in combatting the virus while providing immediate and attentive care for those who are impacted by the disease, easing concerns. 

For example, Canadian-owned company Citizen Care Pod has just launched a new COVID-19 smart screening and testing pod combining intelligent technology with modular design to support a safe, responsible recovery for governments, businesses and communities. The Citizen Care Pod is a customizable unit outfitted with the capabilities to enable turnkey mobile COVID-19 testing in high traffic business environments and communities with the goal to expediate testing, screening, and eventually vaccination on mass scale.

Utilizing modular construction methods, PCL Corporation is manufacturing and assembling the pods by retrofitting shipping containers with customizable options to support rapid delivery and installation to any site, including high-traffic or remote locations. It’s a ready-to-use solution for large-scale businesses, public works, sports and entertainment venues, airports, transit centres and more to support economic recovery. The core focus of the Citizen Care Pod is to not only provide relief to over-burdened hospitals, but also empower businesses and communities to be leaders in health promotion and disease prevention.

Here’s an explainer video: