Archive for October 22, 2020

Now I’ve Caught Shimano’s E-Tube App Snooping My iPhone’s Clipboard….. Just Like The Tacx Utility Does [UPDATE: Fixed]

Posted in Commentary on October 22, 2020 by itnerd

You might remember that I recently caught the Tacx Utility snooping the clipboard on my iPhone. Now I have yet to hear from them on that front. But I have seem to have caught a second company doing the exact same thing. And ironically it’s another bike related brand. Japanese based Shimano is the world’s largest bike component manufacturer. They make bike components for all sorts of cyclists including the biggest pro teams in the world. I use their components on my road bike and that includes a power meter which helps me to train effectively. Now the power meter requires firmware updates from time to time which requires me to use the E-Tube app from Shimano to do that. And like the Tacx Utility, it seems to snoop my clipboard. Video below:

So, just like with Tacx, I Tweeted Shimano asking them…. Well… WTF?

And while I was at it, I asked Tacx for an update as I haven’t heard anything from them:

I’m starting to see a trend here where due to sloppy coding or something more underhanded, apps snoop on the clipboard. That’s really unfortunate and whatever the cause, anyone who does this needs to be immediately called out for doing this. Given that iOS 14 makes it real easy to spot this behavior, app developers who do this should expect to have people like me knocking on their doors asking WTF?

Updates to come.

UPDATE: Tacx responded to me:

Shimano has yet to respond to my inquiry. Which says a lot about Shimano I think.

UPDATE #2: On October 26th, Shimano released an updated version of their E-Tube App.

I did some testing and I am unable to replicate this issue any longer. So it appears to be fixed. Though it would have been nice for them to actually acknowledge that they were snooping on your clipboard in the first place. But I guess that’s too much to ask for.

Hacker Claims To Have Pwned Donald Trump’s Twitter Account

Posted in Commentary with tags on October 22, 2020 by itnerd

A report from a Dutch newspaper has the story of a Hacker who claims to have pwned Donald Trump’s Twitter account. Apparently, the password was “maga2020!”:

The researcher, Victor Gevers, had access to Trump’s personal messages, could post tweets in his name and change his profile. Gevers took screenshots when he had access to Trump’s account. These screenshots were shared with de Volkskrant by the monthly opinion magazine Vrij Nederland. Dutch security experts find Gevers’ claim credible. The Dutchman alerted Trump and American government services to the security leak. After a few days, he was contacted by the American Secret Service in the Netherlands. This agency is also responsible for the security of the American President and took the report seriously, as evidenced by correspondence seen by de Volkskrant. Meanwhile Trump’s account has been made more secure. This is not the first time that Dutch hackers succeeded in taking over Donald Trump’s Twitter account. The first time was four years ago, just before the 2016 elections, when three hackers jointly managed to retrieve Trump’s password and access his account. That someone has now succeeded again, is remarkable. During the previous presidential elections Russian hackers attempted to influence the elections on a large scale. Subsequently, social media have taken various steps to prevent manipulation.

The dude who’s campaign slogan is MAGA, and is running for election in 2020… has a password of maga2020!

Like seriously? Worst password EVER.

Why isn’t someone in the Trump administration policing Trump’s internet usage? He clearly has the online sense of a nursing home resident. And he’s the most powerful man on Earth. At least for another fortnight one hopes.

Twitter for their part has said that they have no evidence to confirm the claim: 

And one would assume that Twitter would at a minimum have access to IP addresses of anyone who logged on. Having said that, they might not want to say that it did happen for their own reasons. Without more evidence, I’m reserving judgment if this is true, even if it would be really hilarious if true.

TELUS Launches Mental Health App For Canada’s Frontline Workers

Posted in Commentary with tags on October 22, 2020 by itnerd

In support of the well-being of Canada’s frontline workers, TELUS today announced the launch of Espri by TELUS Health, a mobile app that delivers mental health and wellness resources to support the rising mental health pressures faced by physicians, nurses, care workers, emergency medical services, firefighters, police, correctional officers, and their family members.

Frontline workers are exposed to incidents of trauma, violence, and grief, making them more likely to experience mental health issues:

  • In 2017, a study in the Canadian Journal of Psychiatry found that 44.5 per cent of first responders, including paramedics, police officers, and firefighters, screened positive for symptoms consistent with mental disorder, four times higher than the general population (10 per cent).
  • Similarly, the Canadian Medical Association’s 2018 National Physician Health Survey reported that one in four physicians experience high levels of burnout, with others reporting signs of depression and addiction.

Frontline workers also face considerable barriers and stigma to accessing mental health resources.

Developed in conjunction with first responders and under the guidance of specially-trained clinicians who are occupationally-aware and understand the needs of frontline workers, Espri by TELUS Health provides timely access to features and tools for mental wellness as well as support for crisis and prevention including:

  • Learn: A resource hub that provides quick access to relevant, clinically-informed, and occupation-specific content from the organization, TELUS Health, and/or third party providers.
  • My Plan: A goal-setting tool that helps workers build positive habits by setting and completing mental health and wellness goals
  • Group video: A video call feature that enables organizations to host virtual one-on-one, peer and group therapeutic sessions and educational programming while allowing consent-based, anonymous participation, protecting users’ safety and identity
  • Get Support: A resource list that offers one-click navigation to an organization’s preferred support resources, such as crisis lines, employee and family assistance programs, critical incident stress programs and access to healthcare professionals including psychiatrists, psychologists and mental health experts.

TELUS aims to work closely with organizations to incorporate Espri by TELUS Health into their mental health strategies. Eligible frontline workers will be able to access the app through their employer or member organization.

Google Cloud Awarded Framework Agreement For Secure Cloud Services By Canadian Federal Government

Posted in Commentary with tags on October 22, 2020 by itnerd

Google Cloud announced today that it has secured a Framework Agreement for Secure Cloud from the Canadian federal government. This agreement now enables Google Cloud to directly sell innovative cloud platform and collaboration technologies to federal agencies, helping them digitally transform and better serve their communities and constituents.

To secure this framework, Google Cloud was assessed by the Canadian federal government against all relevant security, privacy, and usability standards. While Google Cloud already works with several Canadian federal government agencies, the new agreement will permit Google Cloud to better support a wide range of federal departments, agencies, and crown corporations.

Citizens have become accustomed to convenient, easy-to-use, digital services in their daily lives. Government organizations face increased pressure to deliver the same convenience as consumer experiences, often under financial constraints and using legacy systems. This new framework agreement with Google Cloud will enable governments to procure cloud services—and subsequently help close the gap between government and consumer services.