Archive for November 16, 2020

The North Face E-Commerce Website Pwned By Hackers

Posted in Commentary with tags on November 16, 2020 by itnerd

Forbes is reporting that outdoor clothing manufacturer The North Face has had their e-commerce website pwned by hackers:

Customers of The North Face are receiving pre-Black Friday emails that they weren’t expecting. The outdoor gear giant was forced to reset passwords after detecting a sudden surge in malicious login attempts.

According to the breach notification filed with the California Office of the Attorney General, The North Face detected suspicious activity on October 9th and began investigating immediately.

While some customer accounts were accessed, it doesn’t appear that sensitive data was compromised. The North Face does not store payment card data for its customers’ accounts — only a token that is used by the company’s payment processing partner to authorize purchases.

That doesn’t sound too bad. But it is really, really bad. Here’s why via David Masson, Director of Enterprise Security for Darktrace:

Login credentials are the crown jewels of cyber-attacks today – once attackers have these, the opportunities for further compromise and exploitation are endless. That’s why cyber-criminals go for online retail – it’s lucrative and full of potential. Attackers will often craft fake websites of trusted brands to harvest consumers’ credentials, or launch campaigns against retailers at nights or on weekends when response times from security teams are slowest.

In recent months we’ve seen greater collaboration between the top tier hacking groups such as Maze and Sodinokibi – they’re renting out their services to less skilled groups in the underground marketplace of cyber-crime services, which increasingly means that anyone with the capital and will to do so can take on a big name like North Face.

As we approach the holiday period against the backdrop of a global pandemic, we can only expect more of these attacks. Much like when physical stores were forced to shut up shop in the advent of lockdown measures, the retail sector must innovate its way out of this problem. Having accepted this reality, many retailers such as eBay, Brooks Brothers and Jimmy Choo are taking a radically different approach with artificial intelligence – spotting and stopping attacks at machine speed, before they escalate.

If you got one of these emails from The North Face, I would change your password to something unique right now. And if you used the same password anywhere else, I’d change it on those sites as well.

Pandemic Fast-Tracked Digital Transformation For Canadian Small Businesses: PayPal

Posted in Commentary with tags on November 16, 2020 by itnerd

A new study by PayPal Canada, Business of Change: PayPal Canada Small Business Study, shows how dramatically the pandemic has accelerated digital commerce for Canadian small businesses. Two in three small businesses (67%) accept payments online and half (47%) of them only started doing so this year. Of all small businesses selling online, one third (34%) turned to digital payments only after Covid-19 was declared a global pandemic in March.

Canadian businesses have lagged behind their U.S. and global counterparts in embracing digital commerce in previous years, but this study revealed a positive shift. The number of Canadian small businesses selling online spiked nearly 400 per cent in the last five years with the global pandemic being a major catalyst for merchants going digital.[1]

The majority of online small business owners (72%) believe e-commerce is now necessary in order to have a successful business. In fact, 69 per cent of online small business owners said selling online has made them more successful. 

Impact of Covid-19 on Canadian Small Businesses

Being online was a matter of survival for Canadian entrepreneurs. Without the ability to sell online, 58 per cent of small business owners said they don’t think their business could survive the impact of Covid-19.

While being online has certainly made running a business during a pandemic easier, the coronavirus has nonetheless had a deep impact on the bottom line. More than half of small businesses have been negatively impacted by the pandemic (55%) and one in four business owners say they are not confident they can sustain themselves over the next six months (26%).

However, there were also some positive outcomes for entrepreneurs who proved to be resilient and innovative. The vast majority of small businesses (84%) are doing some type of preparation for future waves of Covid-19 and 64 per cent say the pandemic has motivated them to consider new ways to grow their business.

According to the survey, when it comes to payment methods, 58 per cent of online small businesses shared they prefer PayPal over other payment options. More than 80 per cent of business owners who use PayPal say it’s a partner that will help their business succeed into the future (81%).

Other survey highlights include:

  • 59% of small businesses say preventing fraud is a challenge of selling online
  • Reaching customers in the U.S. was seen as a top 5 benefit of e-commerce
  • 53% say they are hopeful that the holiday season will make up for some of the losses their business has faced earlier this year
  • Compared to all Canadian small businesses, those that are online only tend to be owned by women (53%), millennials (47%) and from the BIPOC community (45%)
  • Compared to all Canadian small businesses, offline businesses have a greater proportion of boomers (26%) and a lower representation of BIPOC ownership (31%).

Complete study findings can be found at this link.

Survey methodology
This survey was conducted by Edelman in partnership with Logit Group on behalf of PayPal between September 23 and October 6, 2020 among a sample of 1,001 small business owners with less than 100 employees. The interviews were conducted online in English and French, and respondents were sourced using Logit Group’s online panel. The margin of error is +/- 3% at a 95% confidence level.

Is Apple Spying On You? No

Posted in Commentary with tags on November 16, 2020 by itnerd

Last week, November 12th specifically, there was a global outage of Apple’s back end systems during the release of macOS Big Sur. Besides leaving users unable to download macOS Big Sur, a large number of Mac users reported failures opening third-party apps. This issue also affected iMessage and Apple Pay, which started to behave erratically for a short period of time. The root cause of the issues was apparently, Gatekeeper which is Apple’s anti-malware system. Here’s how it works:

  • You click on an icon to start an app.
  • Your Mac pings Apple to see if it has a valid developer certificate.
  • If it does have a valid developer certificate, the app is allowed to run. If not, you get prompted for further action.

Normally this isn’t a big deal and is transparent to users. But last week it wasn’t. And when researchers began analyzing the data their computers were sending to Apple’s servers, claims that data was being sent to Apple in plain text. This was quickly debunked by Jacopo Jannone. But by then, all sorts of conspiracy theories about Apple spying on you were floating around the Internet.

That’s forced Apple to clarify things in typical Apple fashion. By that I mean that instead of making some sort of public statement, they updated a support document and let the Internet play a game of hide and seek to go find it. Which is typical for that company.

Some key take aways from the document:

  • Apple says that it doesn’t mix data from the process of checking apps for malware with any information about Apple users and doesn’t use the app notarization process to know what apps users are running.
  • Apple also says that Apple IDs and device identification have never been involved with these software security checks.

And it plans to improve this to be more secure. Which as far as I am concerned is a backhanded admission that Apple does do all of this in a manner that isn’t a secure as it could be. And that the process isn’t as resilient as it could be. Specifically:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections

So, here’s the bottom line:

  • Apple doesn’t spy on you.
  • They’ll do better in the future to make sure that Gatekeeper is more secure and more resilient.

Am I reassured? I suppose, but that’s not the real problem. At least not if you work at Apple Park. Privacy is a big deal for Apple as they use it as a cornerstone of their marketing. This whole incident has cast a bit of a negative light on Apple when it comes to privacy. And whatever the actual facts are, people have already taken a side. That’s a problem for Apple as they push to sell as many iPhones, MacBooks and the like this holiday season. I suspect that this is far from over and Apple will have to do something that they don’t like doing, which is to step out into the light and explain this in detail.

macOS Big Sur Bricks Some Older MacBooks While Installing…. WTF?

Posted in Commentary with tags on November 16, 2020 by itnerd

If you haven’t updated your Mac to macOS Big Sur yet, you might want to sit on the sidelines for a bit because Engadget is reporting that Apple’s latest and greatest OS is literally bricking older MacBooks:

macOS Big Sur hasn’t been a pleasant update for some users. According to MacRumors, users on Apple’s forums and Reddit are stuck with a black screen when trying to update their late 2013 or mid 2014 13-inch MacBook Pro models to Big Sur. Nothing appears to solve the issue, including shortcuts to reset the NVRAM and SMC.

What’s really bad about this situation is that all these Macs are out of warranty and AppleCare. Which means if you need to get back up and running, affected users may have to buy a new computer, or face costly repairs. And I am going to go out on a limb and say Apple won’t cover either even though this is clearly their fault unless they get sued.

This is a prime reason why you should never dive into a brand new OS and instead wait to see what happens to the “early adopters”. For example, I have not upgraded any of my Macs to Big Sur. And based on this I won’t be anytime soon. Apple hasn’t commented on this, but if this is as wide spread as it appears to be, they’ll have to do something.

If a solution to this appears, I’ll post an update.