Archive for June 28, 2021

Microsoft Tries To Clarify Windows 11 System Requirements

Posted in Commentary with tags on June 28, 2021 by itnerd

On Saturday, I posted a story on the rather hefty system requirements for Windows 11. There must have been one hell of a blowback from that because Microsoft has now posted a blog post to clarify this situation:

The intention of today’s post is to acknowledge and clarify the confusion caused by our PC Health Check tool, share more details as to why we updated the system requirements for Windows 11 and set the path for how we will learn and adjust. Below you will find changes we are making based on that feedback, including ensuring we have the ability for Windows Insiders to install Windows 11 on 7th generation processors to give us more data about performance and security, updating our PC Health check app to provide more clarity, and committing to more technical detail on the principles behind our decisions. With Windows 11, we are focused on increasing security, improving reliability, and ensuring compatibility. This is what drives our decisions.

Reading the rest of the blog post, they try to clear this up. But I don’t think this is going away anytime soon. But I guess that Windows Insiders will find out what the truth is as the first Insider build is available today. The results will be all over Twitter shortly after people try that build out.

2 Comments »

Facebook Escapes Antitrust Action…. For Now

Posted in Commentary on June 28, 2021 by itnerd

Facebook shares posted their biggest intraday gain in two months after it won a dismissal of two antitrust cases, pushing its market value above $1 trillion for the first time. The social-media giant jumped as much as 4.4%, the most since April 29 after a judge granted Facebook’s request to dismiss the complaints filed last year by the U.S. Federal Trade Commission and state attorneys general.

A federal court on Monday dismissed the Federal Trade Commission’s antitrust complaint against Facebook, dealing a major setback for the agency’s complaint that could have resulted in Facebook divesting Instagram and WhatsApp.

“Although the Court does not agree with all of Facebook’s contentions here, it ultimately concurs that the agency’s complaint is legally insufficient and must therefore be dismissed,” reads the filing from U.S. District Court for the District of Columbia. “The FTC has failed to plead enough facts to plausibly establish a necessary element of all of its Section 2 claims — namely, that Facebook has monopoly power in the market for Personal Social Networking (PSN) Services.” The court dismissed the complaint, not the case, meaning the FTC could file its complaint once again.

This is really a blow to for anyone who wants Facebook to be held accountable for their bad behavior. Hopefully the FTC refiles the complaint as something has to be done about Facebook.

2 Comments »

Half of Enterprise 5G Operators Lack the Knowledge or Tools to Find and Fix Security Vulnerabilities: Trend Micro

Posted in Commentary with tags on June 28, 2021 by itnerd

Trend Micro today released new research that reveals a major gap in security capability among mobile operators, which in many cases is not yet being filled by industry partnerships.

In the 5G era, and a rapidly changing digital landscape, operators could broaden their security credentials with partners as they look to deliver on their desire to secure private networks.

Learn more about the research during Mobile World Congress with Trend Micro’s Ed Cabrera: https://www.mwcbarcelona.com/agenda/session/enabling-digital-transformation-of-industries-in-the-5g-era.

According to the study, 68% of operators sell private wireless networks to enterprise customers with the rest planning to do so by 2025. Nearly half (45%) of operators consider it extremely important to invest in security to achieve long-term enterprise revenue goals. To this end, 77% of operators are planning to offer security as part of their private network solutions.

In addition, the report found that:

  • 51% of operators see edge computing (Multi-Access Edge Computing, or MEC) is a key part of their near future enterprise strategy. Only 18% of operators currently secure their endpoints or edge.
  • 48% of operators cite a lack of adequate knowledge or tools to discover vulnerabilities as a top 5G security challenge.
  • 39% have a limited pool of security experts.
  • 41% struggle with network virtualization vulnerabilities.

The role operators can play in securing the private network ecosystem is particularly important in the 5G Era. New threat vectors will materialize as enterprises look to embrace new communications technologies (5G, edge computing, cloud computing, private wireless, IoT) to digitally transform their business. Operators are in a prime position to address these and profit in supporting their enterprise customers. To take on this role, operators will want to broaden their credentials or partner with security, cloud or IT vendors capable of filling any gaps in their security portfolios and expertise.

As a security platformer with 5G service providers for Enterprise, Trend Micro understand the needs of its corporate customers and partners with these organizations to best meet those needs.

To read a full copy of the report, Securing 5G Era Private networks, please visit: https://data.gsmaintelligence.com/research/research/research-2021/securing-private-networks-in-the-5G-era.

The report is based on two GSMA Intelligence surveys:

  • GSMA Intelligence Operators in Focus 2021 survey spans 100 decision-makers from operators around the world to understand their views on the enterprise opportunity.
  • The GSMA Intelligence Enterprise in Focus 2020 survey spans 2,873 companies in eight industry verticals and 18 countries.

Leave a comment »

Western Digital Says Remotely-Installed Trojans Responsible For Wiping ‘My Book’ Storage Devices

Posted in Commentary with tags , on June 28, 2021 by itnerd

Last week I brought you the story of people who have Western Digital My Book Internet connected hard getting them remotely erased by unknown threat actors. Well, Western Digital have put to a statement. And here’s what they had to say:

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

We are reviewing log files which we have received from affected customers to further characterize the attack and the mechanism of access. The log files we have reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.

Additionally, the log files show that on some devices, the attackers installed a trojan with a file named “.nttpd,1-ppc-be-t1-z”, which is a Linux ELF binary compiled for the PowerPC architecture used by the My Book Live and Live Duo. A sample of this trojan has been captured for further analysis and it has been uploaded to VirusTotal.

Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning.

But what’s interesting is that this statement references this CVE number: CVE-2018-18472. This was something that I mentioned in my original report on this issue as I speculated that this could be the cause of this incident. Western Digital has seemingly confirmed that. Which means that by not patching this issue when it was first disclosed, Western Digital has in effect created this problem for themselves. That’s something to keep in mind when users who were affected by this issue start suing Western Digital. Because you know that the lawsuit is coming.

Leave a comment »