Archive for December, 2020

BREAKING: Microsoft Pwned By Russian Hackers…. Source Code Allegedly Viewed

Posted in Commentary with tags , on December 31, 2020 by itnerd

This isn’t a good way to end the year. The news is breaking that Microsoft has admitted that they were hacked as part of the huge Solarwinds hack. And the results are not good:

While the hackers, suspected to be working for Russia’s S.V.R. intelligence agency, did not appear to use Microsoft’s systems to attack other victims, they were able to view some Microsoft source code by hacking into an employee account, the company said.

Microsoft had previously said it was not breached in the attack, which compromised dozens of federal agencies, as well as corporations. Microsoft said its subsequent investigation revealed that the hackers were not able to access emails or its products and services, and that they were not able to modify the source code they viewed.

This is far from good. If the hackers saw source code, they could exploit it to attack anyone with a Microsoft OS or product installed. That’s pretty scary. I suspect that we’re going to find out more details about this in the coming days. And those details will send chills down the spines of security experts everywhere.

2020: Year In Review

Posted in Commentary on December 31, 2020 by itnerd

At this time of year I like to look back over the past 365 days and pick out the stories that really got my attention. This year is different as it’s been a dumpster fire of a year. While tech did sort of march on, the focus on the entire planet was elsewhere. Having said that, here’s what happened in tech this year:

In 2020 The Pwnage Was EPIC: Every day brought a new story about someone or something getting pwned by hackers. I’d list all the stories but we’d be here all day. You can get a sense of this by simply searching my blog for “pwnage 2020” or “hacked 2020”. The thing is that this is getting worse and not better. Which means we should all be scared for what might happen in 2021.

Apple Stopped Including Chargers In The Box: Citing environmental reasons, Apple stopped including chargers in the Apple Watch 6 and iPhone 12s. That was a heavily criticized move that apparently is now being copied by Samsung who trolled Apple for not including the charger in the box and is now covering that up. Chinese phone maker Xiaomi is apparently doing the same thing. Does that make Apple right? No. I bet that this was all about boosting their margins. But at least they were first.

The Hammer Drops On Big Tech: Both Facebook and Google get sued by the US government for being too big and too powerful. That’s not a surprise as you could see this coming. The real question is, if anything substantive will happen because of it in 2021 and beyond? Stay tuned to find out.

Trump Faces Off Against TikTok: President Donald Trump faced off against TikTok for something around half the year citing it as a national security threat. Perhaps that’s true as TikTok does do some things that are kind of sketchy. Such as the app itself being incredibly invasive, and the company sending info about American job applicants to China. Or perhaps it’s because anti-Trump types used TikTok to embarrass Trump. Either way, this was an interesting story to watch in 2020, but chances are we won’t be hearing about TikTok in 2021 as Trump will be gone by the end of January and I am sure that the incoming Biden administration won’t care about this.

Apple & Google vs. Epic Games – FIGHT!: Epic Games who makes the game Fortnite wanted to cut a side deal with Apple so that it could make more money. Apple said no. Epic then tried to side load a way to make money into Fortnite which made Apple in turn toss Fortnite off the App Store. And it turns out that they did something similar to Google with led to a similar result. This has led to lawsuits which at the moment aren’t going well for Epic. This is headed to trial in 2021 where I expect Epic to lose. Though I am not a lawyer. But I think Epic will find a way to back down from this and save what little of the Fortnite empire is left before it gets that far.

Cyberpunk 2077 Crashes And Burns: The most hyped video game in the history of the universe ever was released late this year and spectacularly failed. That game was Cyberpunk 2077. Now you perhaps saw this coming as trouble during development was plain to see. The initial release date of April 16th 2020 was first pushed back to September 17th. Then November 19th. Then December 10th. You can blame prepping for so many platforms at the same time for that. When the game finally launched, it was a bug ridden mess that forced Sony and Microsoft to pull the game from their respective platforms and offer refunds. Now some patches and fixes are being rolled out, but is that going to be enough to stave off the hordes of lawyers who are looking to sue the daylights out of CD Projekt who made the game? That’s a question that will be answered in 2021.

Apple Gives The Middle Finger To Intel: Apple this past June dumped Intel in favor of putting their own processors. It wasn’t a shock as the average iPhone made in the last four or five years has a chip in it that runs circles around anything Intel makes. Thus it was only a matter of time before they started to show up in Macs. And based on my look at the MacBook Air with Apple’s new M1 processor, they perhaps should have done it years ago as the M1 processor is miles ahead of Intel on multiple fronts. And this M1 processor will be the slowest processor that Apple will ever make. Which if you are Intel, you should be prepared for PC makers to dump you as well. Ether for AMD who makes better x86 processors than Intel, or for someone else who is using ARM based processors like Apple is. The fact is that Intel’s days are very much numbered given that there are better options out there for computer makers.

Belkin Kills IoT Cameras And Alienates Users In The Process: Belkin lit up the Internet by killing their line of NetCam cameras this past year leaving users with no plan B. They did extend this once, but they killed it once and for all at the end of June. I think that part of the problem is that they did this in the middle of a global pandemic which really ticked users off. Now on one hand, I can say that this should serve as a cautionary tale about IoT gear. Which is that the vendor can kill them at any time and users should know that. But on the other hand Belkin could have handled this way better than they did. And as a result of that, you can bet a lot of people will not be considering Belkin the next time they need gear, IoT or otherwise.

Zooming All The Things: Zoom took off this year because you couldn’t have face to face meetings. Which lead to a lot of scrutiny on Zoom. They had a ton of security issues that they had to deal with. Some of which were were self inflicted. Once the world stops ending, I wonder if they will be as relevant as they are right now.

Bell Takes Flight…. And Flops At The Same Time: A trend that I noted this year is that a lot of people are making the move from Rogers Internet to Bell Internet. That doesn’t surprise me as to be frank Bell has a much better Internet product than Rogers. Which is kind of important when you are working from home as many of us are. You can find out why that is the case here. And it also didn’t help that during this pandemic where everyone is working from home, Rogers was caught throttling their customers. However, something that I also did a lot of is to help customers to fix Bell’s mistakes after the install. For example I had a customer who moved all their services from Rogers to Bell, and they lost their phone service for 36 hours. They could dial out, but nobody could call them. The customer made two calls to Bell with no joy. Then I got involved and explained to Bell that their phone service wasn’t provisioned properly and how I came to that conclusion. Then It got fixed. I could cite other examples, but a rough estimate is that 40% of my clients who switched to Bell had post install issues. That’s not cool. So I have a message to Bell. People shouldn’t have to pay someone like me to make sure your products are properly installed. Thus I would suggest that get your installers into a room and really drill home the message that you don’t leave a customer until everything is working to the customer’s satisfaction. Because it’s stuff like that that gives me reason not to not only recommend Bell to my clients, but to switch to them myself. And believe me, I do want to switch to Bell Internet as it is from my experience way better than Rogers Internet.

Apple vs. Facebook – FIGHT!: Apple has brought out a bunch of privacy changes to iOS 14 that disclose what apps on iOS do and what information they want access to. Facebook got very upset about this and mounted a full court press to get Apple to back down on this. Including an ad campaign that from the perspective of most is full of lies. I’m guessing that Facebook is upset as if users know how invasive Facebook is, they won’t use Facebook and Facebook’s income will nosedive. That’s too bad for Facebook as it is high time that someone introduce Facebook to the concept of respecting their users. Though Apple would have better footing on the moral high ground if they took such a hard stance not just with Facebook, but with China as well seeing as Apple folds up like a cheap suit every time China wants it to seeing as it does China’s bidding without much protest.

And now for some stats. The top ten countries that visited my blog in 2020 are:

  1. Canada
  2. United States
  3. United Kingdom
  4. Australia
  5. India
  6. Singapore
  7. Norway
  8. Germany
  9. Philippines
  10. Netherlands

In all almost 1 million page views were served up this year. Given the year that we all had, that’s pretty good.

And in terms of the top ten stories that were viewed this year:

  1. Review: TP-Link AX1800 Deco X20 Mesh WiFi System
  2. Don’t Fall For This Interac Scam That Is Delivered By Text Message [UPDATED]
  3. Here’s How The Last 4 Digits Of Your Credit Card Can Be Used To Commit Fraud
  4. Rogers Rolling Out New Modem/Routers For Ignite Internet…. Why You Should Care
  5. New Program Offering Canadian Seniors Free Smartphones & Low-Cost Data Plans From TELUS To Help Them Stay Connected
  6. Hyundai Canada Updates Software Update Site To Support More Hyundai Canada Vehicles [UPDATED]
  7. Review: GTA Car Kits Pure Bluetooth Car Kit
  8. How To Move Your E-Mail And Contacts Off The Rogers Yahoo/Oath E-Mail Platform
  9. Android Auto & Apple CarPlay On My 2016 Hyundai Tucson Limited
  10. Review: Rogers NextBox 3.0

A story on TP-Link’s mesh WiFi system was number one this year. Likely because everyone and their dog is working from home and having good WiFi is an absolute requirement. For the second year in a row, a story about scams doesn’t shock me seeing how much I wrote about that topic in the last couple of years. Rogers seems to be popular with three stories in the top ten. Though one of them is moving off of the Rogers email platform which should ring alarm bells in the corner offices at Rogers. And two stories about Android Auto and Apple CarPlay in Hyundai vehicles were also in the top ten which I find curious seeing as that upgrade program has ended. But there’s a cheap to free option for Hyundai Canada owners that I wrote about here. Regardless there’s a lot of Hyundai owners in Canada who care about Android Auto and Apple CarPlay. Finally, news about low cost data plans for seniors from TELUS got a lot of attention. Perhaps Rogers and Bell should take note?

Now if you have something that you think that should be on this list, leave a comment with your thoughts. Happy new year (hopefully)!

My Tech Highlights Of 2020

Posted in Products on December 30, 2020 by itnerd

Let’s get this out of the way, 2020 was a train wreck of a year that has affected all of us. And that’s included yours truly as I didn’t review as much tech as I am used to. Which is why I will not be doing the IT Nerd awards this year. But that doesn’t mean there wasn’t interesting tech to be had. Thus here’s a list of things that really caught my eye in 2020:

2020 Mazda CX-30 GT: Mazda hit it out of the park with the CX-30 GT. For less than $34K CDN, you’re getting a sub-compact SUV that is great on gas, has an interior to die for, a significant amount of tech, a power lift gate which is rare in this class of car, lots of space for your stuff, and a lot of power from the engine. The bottom line is that if you’re in the market for a sub-compact SUV, this is the one that you want to get. And to make it even more enticing, Mazda will have a version with their 2.5L turbo engine in it. I can’t wait to drive that once the world stops ending.

ASUS ZenWiFi AX (XT8) – With everyone working from home, good WiFi is a must. That’s why the ASUS ZenWiFi AX (XT8) is on this list as I’ve been using it for months and it has given me easy to set up and trouble free and secure WiFi that supports up to WiFi 6. The only thing that may be a downside is the price as it’s not cheap. But if you want near bullet proof WiFi, this is the way to go. Though ASUS also makes the ASUS ZenWiFi AC (CT8) which gives you 802.11ac WiFi that is just as bullet proof at a lower price point.

Roku Streambar: Roku devices are already the top of the streaming devices food chain. But the Streambar is going take Roku to the next level as it upgrades “dumb” TVs to being “smart” TVs with great sound. And it gives “smart” TVs better sound. Plus it supports Apple HomeKit and AirPlay 2 which makes it very versatile. And all for under $200 CDN which makes this a very compelling purchase.

Apple HomePod Mini: When the HomePod first came out, it had great sound, but a price tag that I couldn’t justify. But at $119 CDN, the Apple HomePod Mini is easy to justify. It has great sound quality, it can act as a base for your HomeKit devices, and has a ton of party tricks like “Intercom” which broadcasts a voice message to one or more HomePods along with other Apple devices, and the U1 chip which allows you to point an iPhone 11 or 12 at it and transfer music and calls to it. As long as you are in the Apple ecosystem, this is a must get.

Apple MacBook Air With The M1 Processor: Apple goes 2 for 2 with their new M1 based Macs. I had the chance to test the new MacBook Air and this computer is FAST. It absolutely destroys anything with an Intel processor in any and every way. And the kicker is that this Mac will be the slowest Mac Apple will ever make. Which means that anything after this MacBook Air is going to be way faster. And I can’t wait for those Macs to come out.

Those are the things that really caught my eye in 2020. Hopefully in 2021 the world will become more normal and we’ll all be able to do the things that we’re used to doing. For me that includes reviewing the latest and coolest tech. Fingers crossed that happens.

Trump Administration Serves Up Appeal To Fight Injunction Blocking Them From Nuking TikTok

Posted in Commentary with tags on December 29, 2020 by itnerd

Just when you thought it was over. It isn’t. In the dying days of the Trump Administration, an appeal has been filed to take out a ruling that prohibited certain restrictions regarding TikTok:

The appeal challenges a Dec. 7 preliminary injunction from US District Court Judge Carl Nichols, which prevented the US Department of Commerce from enforcing rules that would have made it illegal for infrastructure companies to carry TikTok’s network traffic.

That ruling followed an earlier injunction that prevented the Commerce Department from banning downloads of TikTok from US app stores.

I really don’t see the point of this. These people are less than a month before they are footnotes in history. Why even bother with this? Are they only interested in getting a win? I don’t get it. This seems like a waste of time and taxpayer money to me.

Finnish Parliament Pwned…. Likely By State Sponsored Hackers

Posted in Commentary with tags , on December 29, 2020 by itnerd

The Finnish Parliament said on Monday that hackers gained entry to its internal IT system and accessed email accounts for some members of Parliament (MPs):

Government officials said the attack took place in the fall of 2020 and was discovered this month by the Parliament’s IT staff. The matter is currently being investigated by the Finnish Central Criminal Police (KRP). In an official statement, KRP Commissioner Tero Muurman said the attack did not cause any damage to the Parliament’s internal IT system but was not an accidental intrusion either. Muurman said the Parliament security breach is currently being investigated as a “suspected espionage” incident. “At this stage, one alternative is that unknown factors have been able to obtain information through the hacking, either for the benefit of a foreign state or to harm Finland,” Muurman said. “The theft has affected more than one person, but unfortunately, we cannot tell the exact number without jeopardizing the ongoing preliminary investigation.

Hacks like these are getting to the point where they are becoming so common that it’s now just noise. And that’s a problem because every one of these hacks needs to be taken seriously. Which means they need to be looked at with urgency and corrective action needs to be taken quickly. Especially given who got hacked in this case. But it is safe to say that it’s likely a nation state behind this hack and there would be a small list of suspects that would be responsible for this.

Hackers Target Vietnam In Complex Supply Chain Attack

Posted in Commentary with tags , on December 28, 2020 by itnerd

Vietnam appears to have been the target of a complex supply chain attack by unknown hackers utilizing malware. Targets were Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. This is according to a report from ESET:

ESET researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organization and the VNCERT. We believe that the website has not been delivering compromised software installers as of the end of August 2020 and ESET telemetry data does not indicate the compromised installers being distributed anywhere else. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software.

I find it difficult to believe that the Vietnam Government Certification Authority or VGCA was aware of this seeing as the day that ESET released their report the VGCA admitted to the security breach and published a tutorial on how users could remove the malware from their systems. So read into that what you will. I read it as “or crap we got caught out and we now have to make it look like we were on top of things.”

Citrix Hardware Pwned By Hackers Leveraging Them For DDoS Attacks

Posted in Commentary with tags on December 25, 2020 by itnerd

Merry Christmas. At least for all but those companies who own Citrix hardware. Bad actors have discovered a way to bounce and amplify junk web traffic against Citrix ADC networking equipment to launch DDoS attacks

While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, sources have told ZDNet earlier today. The first of these attacks have been detected last week and documented by German IT systems administrator Marco Hofmann. Hofmann tracked the issue to the DTLS interface on Citrix ADC devices. DTLS, or Datagram Transport Layer Security, is a more version of the TLS protocol implemented on the stream-friendly UDP transfer protocol, rather than the more reliable TCP. Just like all UDP-based protocols, DTLS is spoofable and can be used as a DDoS amplification vector.

Citrix has confirmed the issue and they say that they will fix it before the new year. Meaning a fair number of Citrix employees will be working overtime this holiday season. Which means that once this fix becomes available, those who own this gear should install it ASAP.

KFC Releases A Gaming PC… Seriously

Posted in Commentary with tags on December 24, 2020 by itnerd

KFC unveiled what they’re calling the KFConsole — a VR-ready high-end gaming PC that comes with a built-in chicken warmer.

Back in June, just after the PS5 reveal, KFC released a ridiculous trailer for the KFConsole, but everyone just figured they were joking. Turns out, they were dead serious. KFC, the chicken place, has teamed up with Cooler Master and launched a gaming console capable of 4K and 240FPS. The joint press release doesn’t mention a price or release date, but I’ve reached out for clarification and will update this article if I hear back. 

The complete specs haven’t been revealed, but we know it’s got an Intel Nuc 9 CPU, Seagate BarraCuda 1TB SSD, and judging from the prominence of “ray tracing” in the marketing from Cooler Master, an Nvidia GPU. Cooler Master also says the KFConsole has “a first of its kind hot swappable GPU slot” for easy upgrades. But who really cares about all that when it’s got a chamber to keep your fried chicken warm?

Who precisely asked for this? I didn’t. I don’t know any gamers who asked for this? And isn’t this going to get covered in grease? But to be serious a second, this sounds like a pretty top end gaming PC and in other circumstances, I might say that gamers should run out and get one. But this seems to be more of a marketing stunt than anything else.

DHS Warns Americans About Dealing With Chinese Firms Or With Firms With Chinese Citizens In “Leadership And Security-Focused Roles”…. Hmmmm

Posted in Commentary with tags , on December 23, 2020 by itnerd

Earlier today I posted a story on DHS warning consumers about TCL TVs running Android which allegedly contains back doors that could steal data. I did some hunting around and found that DHS has a broader  business advisory that was published on Wednesday that says that Chinese products and services could contain backdoors or other data collection systems. It also said that data theft could occur via insider threats and business partnerships. The goal is to harvest data from western companies for use in furthering China’s economic goals.

The advice that DHS has is to take care when sharing data with Chinese firms; using equipment produced or maintained by Chinese companies; and even when working with companies that have Chinese citizens in “key leadership and security-focused roles.” Which is pretty broad and borders on sounding racist to me. I have to wonder how much of this is a legitimate threat, and how much of this is xenophobia. I guess we’ll find out soon enough.

TCL Probed By DHS Over Accusations Of Back Doors In Their TVs

Posted in Commentary with tags on December 23, 2020 by itnerd

Apparently the Department Of Homeland Security is probing Chinese based TV maker TCL over accusations that their Android TVs have backdoors that facilitate data theft:

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company “back door” access to deployed sets, The Security Ledger reports. Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is “reviewing entities such as the Chinese manufacturer TCL.” “This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world,” Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled “Homeland Security and the China Challenge.” 

As reported last month, independent researchers John Jackson — an application security engineer for Shutter Stock — and a researcher using the handle Sick Codes identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned. Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself. In a statement to The Security Ledger, TCL disputed that account. By TCL’s account, the patched vulnerability was linked to a feature called “Magic Connect” and an Android APK by the name of T-Cast, which allows users to “stream user content from a mobile device.” T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was “updated to resolve this issue,” the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability. 

In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader “business advisory” cautioning against using data services and equipment from firms linked to the People’s Republic of China (PRC). This advisory will highlight “numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals,” Wolf said. “DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result,” he said.

As far as I can tell, this is restricted to Android powered TVs that TCL makes. I have a Roku powered TCL TV that don’t appear to be affected. But this highlights the fact that if you put something on the Internet, smart or otherwise, it’s a risk. So if this concerns you, and if you have one of these TVs, you should unplug it from the Internet. Though these TVs never saw the light of day in Canada.