Archive for August 7, 2020

Reddit Pwned…. Apparently In Support Of Trump

Posted in Commentary with tags , on August 7, 2020 by itnerd

A massive attack has hit Reddit today after at least tens of Reddit channels (subreddits) have been hacked and defaced to show messages in support of Donald Trump’s reelection campaign:

The hacks are still ongoing at the time of writing, but we were told Reddit’s security team is aware of the issue and has already begun restoring defaced channels. A partial list of impacted channels (subreddits) is available below, according to ZDNet’s research: r/NFL, r/49ers, r/TPB (The Pirate Bay’s Reddit channel), r/BlackMirror, r/Beer, r/Vancouver, r/Dallas, r/Gorillaz, r/Podcasts, r/freefolk, r/StartledCats, r/TheDailyZeitgeist, r/Supernatural, r/GRE, r/GMAT, r/greatbritishbakeoff, r/11foot8, r/truecrimepodcasts, r/Leafs, r/weddingplanning, r/Chadsriseup, r/bertstrips, r/CFB …and many many other more.

Now I am not a Trump supporter. Far from it in fact. I am not American either. But this hack is so dumb that it feels like a massive false flag operation. But then again, the whole US political scene is such a clown show at the moment that I wouldn’t be surprised whether it is actual Trump supporters that are behind this hack, or the people behind this are trying to smear them.

Hazing Has Been Replaced By Hacking…. Which Means That Universities Need To Improve Their Cyber Defenses

Posted in Commentary with tags on August 7, 2020 by itnerd

School rivalry takes on a different meaning for university and college students this year, with cyber hackers advancing their methods of attack in the new normal. In the last three months alone, we’ve seen cyberattacks carried out against two of Canada’s largest universities, with both Western University and York University falling victim to a ransomware attacks.

Apparently, covering cars in shaving cream is so last century.

As the long-term shift to online learning becomes a reality, students and institutions alike will need to protect themselves when using tools such as Zoom, Slack and other platforms to complete studies online.

David Masson, Director of Enterprise Security at Darktrace had this to say about universities needing to up their game when it comes to their cyber defenses:

Universities work in an environment based on free exchange of knowledge and national and international cooperation. Threat actors know this and will seek to exploit the relative ease of access to networks provided by the nature of universities’ transparent approaches. 

Security teams who protect universities know that attackers will look to take advantage, and so they use training methods and technology to combat imminent cyber threats. Security teams also realise how difficult it is to defend themselves; it is difficult to have full visibility of their entire digital infrastructure and additionally being able to respond quickly to impending attacks. 

In order to deal with the quantity and quality of threats, which are increasingly complex and happening at machine speed thanks to attackers’ use of AI and developments in 5G, those defending universities need to embrace AI technology themselves to augment and support their security teams to regain the advantage on the defensive side in the cyber arms race.”

LG Velvet 5G Is Now Available On The TELUS 5G Network

Posted in Commentary with tags , on August 7, 2020 by itnerd

The LG Velvet 5G is now available at TELUS, a bold new device featuring AI-optimized sound, sleek design and a 6.8” POLED display, all on the TELUS 5G network

A few key features include:

  • 48 MP camera to capture astonishing detail –  Every memory comes to life in high-res clarity and colour. Photos stay sharp, even when you zoom in. 
  • Immerse yourself in sound  With the LG 3D Sound Engine, AI recognizes what you’re listening to and applies the ideal setting. 
  • 5G-capable for unrivalled performance – TELUS 5G is connecting Canadians for good. Enjoy increased speeds, reliability and capacity with the LG Velvet 5G on the TELUS 5G

With all of the latest technology now at your fingertips, customers can also take advantage of TELUS’ Peace of Mind plans where they’ll enjoy endless data, endless fun without worrying about overages. 

Stadia and xCloud Are Not Allowed On Apple App Store For Reasons That Are Completely Ridiculous

Posted in Commentary with tags on August 7, 2020 by itnerd

Apple won’t allow Microsoft xCloud or Google Stadia on iOS because of strict App Store guidelines that make cloud services effectively impossible to operate on the iPhone. Here’s Apple’s reason why they won’t let these services on iOS:

The App Store was created to be a safe and trusted place for customers to discover and download apps, and a great business opportunity for all developers. Before they go on our store, all apps are reviewed against the same set of guidelines that are intended to protect customers and provide a fair and level playing field to developers.

Our customers enjoy great apps and games from millions of developers, and gaming services can absolutely launch on the App Store as long as they follow the same set of guidelines applicable to all developers, including submitting games individually for review, and appearing in charts and search. In addition to the App Store, developers can choose to reach all iPhone and iPad users over the web through Safari and other browsers on the App Store.

So in short, Apple can’t review the games so the entire service is banned.

To be blunt, and this is one of the few times I’ve been this blunt on this blog, Apple’s explanation is total bullshit.

Netflix is on the iOS platform. And Apple can’t review everything on the Netflix platform to ferret out things like quasi-pornographic material as Apple has a problem with that. But Netflix is still on the App Store. Stadia and xCloud are not any different. I’ll also point out that both Steam Link and PS4 Remote Play are on the App Store, and allow users access to a whole pile of games that I am certain Apple has not reviewed. So why is Stadia and xCloud any different?

The fact is that Apple has Apple Arcade. And Apple wants you using Apple Arcade games because it lines Apple’s pockets with money. Not to mention other games that are available on the App Store that Apple gets a cut of. Conversely Apple won’t get the same levels of money from Stadia and xCloud, thus Stadia and xCloud must not appear on the App Store. In short, it’s Apple being Apple by being protectionist. And hopefully the same politicians that were quizzing Apple among other tech companies about this sort of behavior see this latest example so that they can take action by doing something that makes it clear that Apple can’t behave like this. Like using the anti-trust laws that exist against Apple for starters.

UPDATE: Facebook has apparently launched a similar gaming service today on iOS with no games to protest Apple’s absolutely laughable and stupid stance on game streaming services. Details here.

So… Should You Buy A New iMac?

Posted in Commentary on August 7, 2020 by itnerd

Earlier this week, Apple did a spec bump to their iMac lineup. The new 27″ iMac got these changes:

  • They now use 10th Generation Intel processors
  • SSDs are now the norm as spinning hard disks and Apple’s half spinning hard disk, half SSD Fusion Drive is dead.
  • You get a multitude of graphics chip options from AMD
  • Apple finally figured out that Zoom video calls is a thing and updated the webcam to 1080p.
  • The microphone and speakers have been improved.
  • Apple’s T2 security chip is now on board.
  • You now have the option for a nano texture display to cut down on glare. There is a similar option on the $5000 USD Pro Display XDR.
  • Up to 128GB of RAM, compared with up to 64GB with the previous generation.
  • Up to 8TB of SSD storage, compared with up to 2TB with the previous generation.
  • An option for 10GB Ethernet
  • Bluetooth 5.0

And the 21″ iMac should just be completely ignored. Why? The updates on that are pretty minimal. The 21″ iMac now comes standard with SSDs across the line for the first time. Customers can still choose to configure their 21.5-inch iMac with a Fusion Drive. Why you would do so is beyond me.

Then there’s the iMac Pro. It is bizarre the only real change is the base configuration now comes with the 10-core 3.0 GHz Xeon W chip that was previously an upgrade option. None of the options that are on the new 27″ iMac appear on the iMac Pro, some of which are pro quality items like the new speakers, microphone and nano texture display aren’t available. I don’t get it.

Now the 27″ iMac is a pretty compelling product. But let’s deal with the elephant in the room. Why the hell would you buy one with Apple Silicon Macs coming out later this year? I am sure that Apple considered that this iMac may become a victim of the Osbourne Effect. So I am guessing that this is why they took the 27″ version and made it so compelling that this conversation was bound to happen. Now I did do a story on this when the transition to Apple Silicon was announced, and I said this:

Now I am sure that the reason Apple said that they have new Intel ready to go, and that they will be supported “for years to come” is that they don’t want Mac sales to fall off a cliff. But take it from me. Buying any Intel based Mac is a really, really bad idea.

My thinking is that unless you need a new Mac right now because you need a faster Mac for your workflow, or your Mac is about to die, then it makes the decision easy. You’re buying this Mac. But if you can wait and see what Apple Silicon has to offer, then I would do that. The fact is that nobody really knows what “for years to come” means when Apple says that. The last time Apple made a transition like this, which was PowerPC to Intel, it took 210 days to transition the hardware, and the last version of macOS that supported the PowerPC came out six years after the transition was announced by Apple. So to maximize your investment, I would be waiting for an Apple Silicon Mac.

One other thing, the prices Apple charges for RAM are a total rip off. There’s no other way to put it. So here’s a pro tip. Order your iMac (Specifically the 27″ model as the 21″ doesn’t have user upgradable RAM. Which means that you’re forced to pay the ridiculous prices that Apple wants if you want a 21″ version) from OWC and save a bundle of cash. Full disclosure: I am not sponsored by them nor do I get a cut. But I have never paid Apple’s pricing for memory and you shouldn’t either. Thus I’m lending a hand to help you save some cash.

Intel Pwned By Hackers…. At Least 20GB Of Data Swiped Including Data That COULD Lead To Attacks

Posted in Commentary with tags , on August 7, 2020 by itnerd

Intel is the latest company to be pwned by hackers. According to BleepingComputer, A hacker has released 20GB of confidential chip engineering data stolen from Intel. The data that was stolen contains BIOS information and source code of proprietary Intel technology that could be used in building the means to attack computers that use Intel chips. Which would be most of the planet:

According to Tillie Kottmann, a developer and reverse engineer who received the documents from an anonymous hacker, most of the information is supposed to be protected intellectual property. The developer was told that the information was stolen from Intel in a breach this year.

“They were given to me by an Anonymous Source who breached them earlier this Year, more details about this will be published soon,” Kottmann says.

“Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret,” the developer added.

The following list was provided as a partial overview of the 20GB file:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • (very horrible) Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)

So what does this mean for you? Now that this file is out there, and there is possibly more coming, bad actors will definitely be scraping through this data dump to find any useful vulnerability to attack. That of course is bad.

Intel for its part had this to say:

“We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data” – Intel representative

It still looks really bad on Intel to have this happen. If it’s an internal party, that is easy to deal with. Though I think Intel will still have some questions to answer. But if an external party did this, then Intel will likely find itself having to answer a lot of questions that they likely would not want to answer from a variety of people.

I think it’s safe to say that this is a developing story and we’ll likely be hearing more details about this in the coming days.