Archive for November, 2021

New LinkedIn Data Reveals The Top Canadian Roles, Industries & Locations To Get A Promotion In

Posted in Commentary with tags on November 30, 2021 by itnerd

Can the role a person holds influence their odds of getting a promotion? How about their industry or their address? It turns out all these factors can influence how likely Canadians are to be promoted, according to new data from LinkedIn’s latest Get Ahead Special Report.

LinkedIn investigated internal promotion rates compared to the national average over the past 12 months. Here are the key findings:

  • Top 3 roles where Canadians were most likely to be promoted:
    1. Product managers, internal promotion rate 120% higher than the national average
    2. Marketers, internal promotion rate 68% higher
    3. Accountants, internal promotion rate 51% higher
  • Top 3 industries where Canadians were most likely to be promoted:
    1. Finance, internal promotion rate 46% higher than the national average
    2. Media & Communications, internal promotion rate 39% higher
    3. Software & IT Services, internal promotion rate 39% higher
  • Top 3 locations where Canadians were most likely to be promoted:
    1. Greater Toronto Area, internal promotion rate 27% larger than the national average
    2. Greater Vancouver Metropolitan Area, internal promotion rate 11% higher
    3. Greater Kitchener-Cambridge-Waterloo Metropolitan Area, internal promotion rate 4% higher

The full report findings can be found here. Research methodology is shared below: 

For this report, LinkedIn’s Economic Graph team analyzed Canadian internal promotion data at companies with more than 10 employees between November 2020 and October 2021. We excluded internal promotions from internship positions and promotions from C-Suite roles to partner or owner roles from this analysis. The internal promotion rate reflects the number of LinkedIn members who added a new, higher seniority position at the same employer to their profile in a job function divided by the total number of members with an active position in that job function. Top regions are metropolitan areas with the higher promotion rates for that particular job function between the November 2020 to October 2021 period. Top skills are a selection of the most commonly listed skills on profiles of members who received internal promotions during the November 2020 to October 2021 period.

Guest Post: Hackers Targeting Small Business During Covid

Posted in Commentary with tags on November 30, 2021 by itnerd

Canada is one of the world’s most targeted countries for cyber-attacks which have already wreaked havoc on universities, city transit systems such as in Montreal and Toronto, and most recently the provincial healthcare system of Newfoundland and Labrador. But according to Julian Fernandez of Motto, a web agency that specializes in developing custom sites, small business is the most vulnerable.

“These attackers target smaller businesses and individuals who are less likely to practice secure online habits,” Fernandez says. “And the pandemic is the perfect storm. Everyone had to become adept at using their computers and the Internet at home. Unfortunately, not everyone is a cyber-security expert and the attackers have jumped on this opportunity.”

Fernandez says a typical ransomware payout is demanded in cryptocurrency, with the average amount $980 US.

According to the Canadian Anti-Fraud Centre, which collects information on fraud and identity theft, more than 62,000 incidents of fraud have been reported this year involving more than 43,000 victims. The total amount reported lost so far this year is over $200 million, which is about twice as much in all of 2020.

“People and businesses should educate themselves on what to do,” Fernandez says. “Invest in security. Have firm policies so your staff is on board. And report any scams and cyberattacks to the governing bodies for your industry. A lot of fraud isn’t reported so the total damage is even higher.”

Fernandez offered five basic tips on how to protect against cyber and ransomware attacks:

  1. Avoid visiting websites that don’t appear credible, and if you do learn how to use a VPN (Virtual Private Network). 
  2. Use a password manager. 
  3. Never release important and sensitive information over the phone or through email. 
  4. Never open emails or attachments from strangers. 
  5. Protect and secure all your devices, including access points to your data.

About Motto
Motto started over 20 years ago as a creative web agency building custom websites and web apps. In the past five years it has adapted WordPress software to become an expert in producing custom WordPress sites for clients that range from small and mid-size businesses (over $5 million) to large organizations. Motto also has an agency agreement with KINSTA, a web-hosting company with more than 20,000 customers.

Review: Ember Mug 2

Posted in Products with tags on November 30, 2021 by itnerd

App controlled devices are everywhere. But an app controlled coffee mug is kind of different. The coffee mug in question is the Ember Mug 2:

Here’s the deal. This mug will keep your hot beverage of choice warm. If you’re using the mug alone, it will keep your beverage warm for up to 1.5 hours because of the built in battery. If you use the included charging coaster you can keep your beverage warm all day. All of this can be controlled by an app that is available for iOS and Android. So how well does this work? Let’s find out. Starting with what’s in the box:

Open the box and you see the mug right at the top of the box. It’s made of stainless steel coated with FDA food-grade ceramic. It also comes in two colours. Black and white as well as metallic colours at a higher price.

Underneath the mug is the charging coaster.

Underneath that is the power adapter for the charging coaster.

Finally you get the usual documentation, including this:

In an Apple like move, you get some stickers to let the world know that you have an Ember Mug.

The Ember Mug 2 that I got holds 10 fluid ounces (there is a 14 fluid ounce version available as well as a 12 fluid ounce travel mug). Out of interest, I decided to compare this in terms of weight to a “regular” mug that holds a similar amount of liquid. Here’s what I came up with:

  • Regular Mug: 333 grams
  • Ember Mug: 412 grams

So the Ember Mug 2. is marginally heavier. Presumably because of the battery. While it does feel heavier, it isn’t a deal breaker in my mind as it really doesn’t affect how the mug is used.

Setting it up is easy, I plugged the coaster into the wall and placed the Ember Mug 2 on it. I then installed the Ember app on my iPhone 12 Pro which then after pairing it via pressing and holding the power button on the bottom of the mug for 5 seconds prompted me to update the firmware. Once that was done, I noted that it was at 27% of a charge. So I let it charge while I did some work. Once charged, I got my wife to roast and grind a coffee for me. Yes, my wife and I take our coffee so seriously that we have the gear to roast and grind our own coffee so that we can have the best quality coffee possible. Then we do the pour over method using a reusable filter to get the perfect cup of coffee:

The water was boiled to 96 degrees celsius which is clearly too hot to drink. Fortunately, the Ember Mug can help you with that as it you can pick the hot beverage that you are drinking via the app and keep it at that temperature:

You’ll also note that there’s a tea timer that will allow you to properly steep your tea. Nice touch! Plus you can add your own presets between 50 degree celsius and 62.5 degree celsius.

Once the beverage reaches the desired temperature, you’ll get a notification on your phone.

I can verify that sipping coffee over a two hour period and using a thermometer to check the temperature, it was half a degree off the stated temperature in the app. That’s perfectly acceptable to me. And the taste of the coffee remained constant because of the fact that it was always at that temperature. Thus if you take your coffee or tea seriously, this mug will help you to up your game.

When it comes to cleaning, you need to hand wash it and make sure that the bottom is dry as that’s where it charges from. After all, electricity and water don’t mix.

Other observations include the following:

The app had a recipe section. But these five recipes are the only ones that are available at present. Hopefully more recipes are added over time.

There’s an LED light that you can alter the colour so that if you have multiple Ember Mugs, you can tell them apart. I set mine to blue. In case you are wondering where the LED is, here’s a picture:

Finally, you can also control the mug from your Apple Watch which is handy if that is your preference. Alternately, the Ember Mug 2 is fully functional without the Ember App. In this case, it will maintain a default temperature of 57 degrees celsius if that is your preference.

So what’s the downsides of the Ember Mug 2? The only thing that I can see is the price. At $99.95 USD for the 10 fluid ounce version, it’s a big price tag to have the perfect cup of coffee or tea. And the prices only go up from there for the larger or travel versions, not to mention the metallic colours. But the flip side to that is that if you take your coffee seriously, which my wife and I do, the Ember Mug 2 may be be worth it to you as from what I can tell it works exactly the way the company says it does and the result is good coffee as nothing good happens in the world unless you have good coffee.

Infographic: OTRS Spotlight: Workflows In The Pandemic

Posted in Commentary on November 30, 2021 by itnerd

Source: OTRS

Guest Post: 86% Of Hacks In Google Cloud Were Used For Illegal Crypto Mining Says Atlas VPN

Posted in Commentary with tags on November 30, 2021 by itnerd

Many successful attacks on the cloud infrastructure are due to poor cybersecurity measures and a lack of control implementations.

According to the data presented by the Atlas VPN team, 86% of hacked Google Cloud accounts are used for illegal crypto mining. In addition, most instances of compromise in Google Cloud are due to weak or no password for the user account.

Hackers conducted cryptocurrency mining 86% of the time after gaining access to a Google Cloud account. Cryptocurrency mining is a for-profit activity, which consumes a large amount of GPU and CPU resources.

Conducting port scanning of other targets on the Internet occurred 10% of the time after Google Cloud compromised instance. Port scanning enables cybercriminals to identify weak spots in the network and exploit found vulnerabilities.

Hackers launched attacks against other targets on the internet 8% of the time following a Google Cloud account hack. Hosting malware on the cloud was the goal of 6% of cybercriminals.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on attacks against cloud services:

“The advantages of cloud-hosted resources include high availability and access at any time. While this simplifies workforce operations, hackers may exploit the cloud’s pervasive nature for their benefit. Despite the increased interest in cybersecurity, spear-phishing and social engineering attacks are still very effective.”

Most exploited vulnerabilities

While trying to deliver a cyberattack, cybercriminals always search for the simplest way to compromise their target.

Weak or no password for a user account or no authentication for APIs caused 48% of the Google Cloud hacks. It indicates that users could have avoided compromising their accounts if they had set up a stronger password.

Hackers exploited a vulnerability in third-party software in the Cloud instance in 26% of cases. If the hacks exploited a zero-day vulnerability, the fault could be attributed to the software developers not releasing an update. However, if a patch was released, responsibility for the compromise falls to the user not updating the software in time.

Misconfiguration of Cloud instance or in third-party software allowed 12% of hacks in Google Cloud. Any mistakes, malfunctions, or gaps in your infrastructure that put you at risk are known as misconfiguration.

Other issues caused 12% of compromises in the Google Cloud. While leaked credentials, such as keys published in GitHub projects, were exploited in 4% of attacks.

To read the full article, head over to: https://atlasvpn.com/blog/86-of-hacks-in-google-cloud-were-used-for-illegal-crypto-mining

TELUS Becomes The First Tech Company In Canada To Publicly Commit To An Indigenous Reconciliation Action Plan

Posted in Commentary with tags on November 29, 2021 by itnerd

Today, TELUS released its 2021 Reconciliation and Indigenous Connectivity Report, an evolution from the annual connectivity report that shares inspiring stories of the transformative benefits that connectivity brings to newly connected Indigenous communities. This year’s report also includes TELUS’ first-ever Indigenous reconciliation action plan. Guided by Indigenous voices and Indigenous-led frameworks of reconciliation, TELUS has proudly formalized our commitment to reconciliation, becoming the first technology company in Canada to develop and launch a public Indigenous reconciliation action plan. 

In 2021, TELUS connected 48 Indigenous lands to our advanced broadband networks and 382 Indigenous lands to the transformative power of 5G. In support of their continued efforts to connect Indigenous communities to the life-changing power of high speed internet and mobility solutions, TELUS developed its Indigenous reconciliation strategy and Indigenous reconciliation action plan through an inclusive, culturally relevant process. The plan was guided by Indigenous voices and frameworks of reconciliation, and leverages their core competencies with an emphasis on meeting the needs of the diverse Indigenous communities in the areas they serve. TELUS hosted two rounds of engagement over 18 sessions with Indigenous leaders, Elders, subject matter experts, and Indigenous team members from across their serving areas, and they are committed to having this manner of engagement as a cornerstone of TELUS’ actions moving forward. 

TELUS’ Indigenous reconciliation action plan identifies four pillars where they believe they can drive meaningful change and includes measurable targets and timelines for each. Their short-term action plan targets include:

  • Connectivity: Connecting an additional 20 communities to broadband by 2023
  • Enabling social outcomes: Launching the $1 million TELUS Indigenous Communities Fund, which provides grants of up to $50,000 to Indigenous-led organizations focused on mental health and well-being, language and cultural revitalization, access to education, and/or community building 
  • Cultural responsiveness & relationships: Working with Indigenous educators to develop and deliver e-learning material and ensuring learning opportunities and resources are available and accessible to TELUS team members
  • Economic reconciliation: Achieving Bronze Progressive Aboriginal Relations status by demonstrating sustained leadership in their commitment to working with Indigenous businesses and prosperity in Indigenous communities by 2024

In 2022, an Indigenous advisory council consisting of Indigenous leaders, subject matter experts, and Elders within their serving areas will be established to provide ongoing advice and guidance on the implementation of TELUS’ reconciliation actions. To ensure Indigenous ways of knowing are implemented throughout the organization, the advisory council will monitor the progress of TELUS’ Indigenous strategies and provide guidance for effective implementation of TELUS’ commitments and targets outlined in the annual Indigenous reconciliation and connectivity report and internal Indigenous reconciliation action plans. Every year, the Indigenous reconciliation action plan will be evaluated and refreshed in collaboration with the Indigenous advisory council.

To further their commitments, TELUS has embarked on the Canadian Council for Aboriginal Business’ Progressive Aboriginal Relations certification program, the premier corporate social responsibility program with an emphasis on Indigenous relations. 

In addition to the Indigenous reconciliation action plan, the report shares stories of connectivity from Indigenous communities and the projects and benefits that have been made possible by reliable connectivity. Stories vary from utilizing modern technology to maintaining culture through language classes, to supporting wetland rehabilitation to local, community based job creation and training opportunities. The report also highlights TELUS’ collaborations with communities and Indigenous organizations with an emphasis on supporting, developing, and expanding programs that look beyond connectivity to enable social outcomes for communities for longer-term prosperity and success.

By the numbers:

  • 240 Indigenous communities serviced by TELUS
  • 80,000+ people living in Indigenous communities with access to the TELUS PureFibre network 
  • 91 Indigenous communities and 151 Indigenous Lands connected to TELUS PureFibre/Coax
  • 382 Indigenous lands connected to 5G in 2021
  • 48 Indigenous lands expanded or connected to in 2021 to support social, economic, and education outcomes 

Quotes from community leaders featured in the report: 

To learn more about the commitment by TELUS to reconciliation and to read the 2021 Reconciliation and Indigenous Connectivity Report visit telus.com/reconciliation.

Panasonic Pwned…. Full Extent Of Data Breach Unknown

Posted in Commentary with tags on November 29, 2021 by itnerd

Happy Monday. Unless you’re with Panasonic.

I say that because Panasonic has disclosed a data breach after threat actors gained access to servers on its network. Panasonic Corporation confirmed that the network was illegally accessed by a third party on November 11, 2021. Panasonic reported the incident to the relevant authorities and has taken measures to prevent access to its network from external servers, including hiring a third party to investigate the attack and find if any of the data access during the intrusion includes customer personal information. In short, they don’t know the full extent of the data breach. That’s bad.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this comment on this data breach:

 “It’s crucial to encrypt data at rest to prevent exactly those kinds of incidents. Solutions such as full-disk encryption might not be enough when attackers have gained access to the systems, but luckily there are alternatives that enable protecting data at the level of the application such that the files themselves are always encrypted.”

Hopefully Panasonic does a follow up to advise on the full extent of the data breach so that those affected can protect themselves accordingly.

UPDATE: I have additional commentary from Eddy Bobritsky, CEO, Minerva Labs:

“This attack, much like ransomware attacks, are becoming all too common. An attacker uses evasive malware techniques to gain a foothold in the company to either steal proprietary data or encrypt or even destroy important information. Although their investigation hasn’t been completed yet, Panasonic seem to be lucky here as they were able to detect the breach relatively quickly. According to the IBM “Cost of Data Breach 2021” report, on average it took 287 days to identify and contain a data breach. This increase in sophistication of evasive techniques is simply making it much more difficult for regular EDR antivirus solutions to cope.”

BREAKING: TELUS And Koodo Have An Outage In Montreal [UPDATE: Alberta Fixed… Montreal Fixed]

Posted in Commentary with tags on November 29, 2021 by itnerd

It has come to light that TELUS and Koodo customers in Montreal may be having issues due to an outage. Both brands took to Twitter to alert their customers. I have the Tweet from TELUS below:

Cable cuts aren’t exactly trivial to fix. But here’s hoping that TELUS and Koodo customers in Montreal get back online soon as we all rely on our mobile phones these days.

Stay tuned for updates as they come.

UPDATE: There’s apparently another outage in progress based on what I see on the TELUS Outage Site. This one is in Alberta:

Hopefully this too gets resolved quickly.

UPDATE #2: The outage in Alberta has been resolved. But as of 9:55PM the one in Montreal has not been resolved. Because this is a cable cut, I expect that outage in Montreal to go on for quite a while yet.

UPDATE #3: The TELUS Outage Site says that the Montreal outage is resolved.

Review: JBL Go 2

Posted in Products with tags on November 29, 2021 by itnerd

Regardless of how good your laptop or phone speakers are, there are times where you need a speaker that gives you more sound that those can provide. Or you need a more robust speaker for going to the beach with. JBL has you covered on that front with their Go 2 speaker:

Here’s what you get in the box:

Besides the speaker, you get a USB-A to micro USB cable. Which in the age of USB-C is a #Fail. And the usual documentation that nobody will read. The speaker itself has these controls and connections:

There is a very thick rubber flap that covers these ports:

You get a micro USB connector and a 3.5mm input.

You get controls on the other side of the speaker including power and volume. The speaker is pretty compact and is easy to carry. It takes up little room in a backpack, laptop bag or purse.

The Go 2 supports Bluetooth 4.1 and have a battery life of 5 hours and takes 2.5 hours to charge. The speaker is IPX7 waterproof which means taking it to the pool or the beach is not an issue as it means it can be fully submersed in 1 meter of water for up to 30 minutes.

The question is, how does it sound? To find out, I paired it to my 16″ MacBook Pro and played one of my audio torture test playlists that I use when I evaluate car audio systems. Paring it is dead easy as I was able to turn the speaker on and have it pop up in the Bluetooth menu of my MacBook Pro. Once paired, there’s a white light that goes from flashing to solid as well as some sounds that you hear when it is powered up and it is paired. Once I did that, I had to hurriedly turn down the volume as the Go 2 is loud. It also has a surprising amount of bass, though you’re not going to shake windows with this speaker. Even at full volume. Beyond that, the sound is pretty good and I suspect that you will have no complaints. And just in the interest of pushing the envelope a bit, I played a couple of videos and found zero issues in terms of having the audio synced with the video. It also performs reasonably well as a speakerphone as there’s a built-in microphone. But I am not sure that I would use this in a noisy environment as background sound was picked up and was audible on my test calls.

My verdict is that the JBL Go 2 is a speaker that will provide you with decent sound at a decent price. Which is $35 USD as I type this. Though mine is black, there are a number of colours available. One thing that I should point out is the Go 3 is now available from JBL so you might want to either look at that, or look for the best deal on the Go 2 that you can find. Regardless, the Go 2 is worth a listen to if you are in the market for a portable Bluetooth speaker that is waterproof.

IKEA Email Systems Hit By Ongoing Cyberattack

Posted in Commentary with tags on November 28, 2021 by itnerd

IKEA is apparently under a cyberattack that is affecting it’s email systems. Bleeping Computer has the details:

In internal emails seen by BleepingComputer, IKEA is warning employees of an ongoing reply-chain phishing cyber-attack targeting internal mailboxes. These emails are also being sent from other compromised IKEA organizations and business partners.

“There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA,” explained an internal email sent to IKEA employees and seen by BleepingComputer.

“This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious.”

IKEA IT teams warn employees that the reply-chain emails contain links with seven digits at the end and shared an example email, as shown below. In addition, employees are told not to open the emails, regardless of who sent them, and to report them to the IT department immediately.

Recipients are also told to tell the sender of the emails via Microsoft Teams chat to report the emails.

Attacks like this are crippling and difficult to resolve. The best advice that I can give is to stop attacks like these before they start. That means having a layered set of defences from software to user training to make sure that you don’t become the next IKEA.