Archive for November 22, 2021

BREAKING: Tile Selling Itself To Life360 For $205 Million

Posted in Commentary with tags on November 22, 2021 by itnerd

On Sunday, I read an article where Tile claimed that they were doing well against AirTags. And that their business is doing well. Well, 24 hours later, the news is out that Tile is selling itself to Life360 for $205 million. To put that in perspective, Apple has $1.2 billion in revenues a day. So read into that what you will.

Here’s why Life360 bought Tile:

Life360 bills itself as an overall family safety app, with location sharing between family members, crash detection, and other features. Over the summer, it announced that it has over 1 million paying customers and reported its valuation had crossed $1 billion. It also acquired another item locating hardware startup, Jiobit, which makes cellular-connected trackers for kids and pets. 

Life360 expects the deal will increase the global footprint for both companies, Tile’s non-Bluetooth Finding Network, and create a larger combined subscriber base. Currently listed on the stock exchange in Australia, Life360 says it has plans for a “potential dual listing in the US” next year.

In a blog post announcing the Tile acquisition, Life360 CEO and co-founder Chris Hulls says, “The combination of Life360 and Tile means safety just got a whole lot simpler for millions of families and individuals around the world. We’ll be bundling Tile devices as part of our Membership plans, and Tile will offer Life360 Membership benefits to its customers. We’ll also start work on integrating our technologies so Tile devices, Jiobit wearables, and Life360 app customers will show up on a unified map – people, pets, and things all in one place.”

So clearly Life360 seriously wants to to up their game in terms of location tracking. And Tile clearly fits into that. But I suspect that Tile users may want to be ready for Life360’s rather craptastic privacy policy. Life360 data harvests and sells your data (including location data). My sense is that this will mean that Tile users will likely defect to other solutions. We’ll have to see how this plays out. In any case, at least Tile has a backer to help it to better complete with Apple’s AirTags.

BREAKING: Ontario COVID-19 Vaccine Portal Has Possibly Been Pwned

Posted in Commentary with tags on November 22, 2021 by itnerd

Thanks to @TheDanLevy for bringing this to light. It seems that Ontario’s COVID-19 vaccine portal might have been pwned:

A spokesperson for the Solicitor General confirmed the government has received multiple reports of spam text messages received by individuals who scheduled appointments or accessed vaccine certificates through the COVID-9 immunization system.

“Ontarians should be aware these texts are financial in nature and that the government will never conduct a financial transaction through these methods,” Marion Ringuette said in a statement.

“The government takes allegations of fraud very seriously and is aggressively investigating these reports with our partner ministries, the Ontario Provincial Police (OPP) and others.”

This isn’t good and one hopes that spam texts are the only thing that are the result of this incident as I can see how anything more than that won’t end well for those who have been affected. In the meantime, Ontario residents should keep their heads on a swivel.

Olympus Was Pwned AGAIN

Posted in Commentary with tags on November 22, 2021 by itnerd

I recently wrote about the fact that the EMEA operations for Olympus were pwned by a ransomware attack. Well, it’s happened again. And I am not sure how I missed this:

On its website, the company said it was investigating a “potential cybersecurity incident” detected on Oct 10, 2021.

The cyber attack shut down the company’s IT systems in the Americas, affecting the U.S., Canada, and Latin America with no impacts on other parts of the world, the company said.

It appears to be a ransomware attack according to this:

However, citing a ransom note left behind by the ransomware-as-a-service (RaaS) group BlackMatter, an insider told TechCrunch that Olympus was recovering from a ransomware attack.

Additionally, the ransom note pointed to BlackMatter’s Tor website used for collecting ransom from other victims.

There is clearly more pwnage going on than I can keep up with. And that’s not good. I’m not talking about the fact that missing pwnage affects my click rates and page views. I am talking about the fact that every single day there’s a company being pwned. That’s not good for all of us.

Researcher Finds Unpatched API Vulnerability In Google Cloud

Posted in Commentary with tags on November 22, 2021 by itnerd

Security researcher David Schutz discovered an SSRF bug in an internal Jobs API Google Cloud project. The now-patched vulnerability would have allowed attackers to access sensitive resources but was found while Schutz was conducting research for Discovery Documents. This is now fixed.

Yariv Shivek, VP of Product, Neosec had this to say:

The exploitation of this SSRF vulnerability highlights the need for API traffic monitoring and behavioral analytics: Once an attacker obtains an access token (or an API key, or any other form of credentials) they can impersonate an authenticated party and operate as that party. Can you spot abnormal behavior carried out by authenticated parties? Do you even see it?

That’s a good question. Hopefully finding out the answer to that question doesn’t have any negative effects. As in someone who gets pwned.

GoDaddy Suffers MASSIVE Data Breach After Being Pwned

Posted in Commentary with tags , on November 22, 2021 by itnerd

Today isn’t a good day to be a GoDaddy customer. Especially ones who use WordPress on GoDaddy. That’s because the company admitted to a massive data breach that exposed a massive amount of customers to the possibility of pawnage:

In a filing with the Securities and Exchange Commission, GoDaddy’s chief information security officer Demetrius Comes said the company detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers. WordPress is a web-based content management system used by millions to set up blogs or websites. GoDaddy lets customers host their own WordPress installs on their servers.

GoDaddy said the unauthorized person used a compromised password to get access to GoDaddy’s systems around September 6. GoDaddy said it discovered the breach last week on November 17. It’s not clear if the compromised password was protected with two-factor authentication.

I am going to go out a limb and say that the password in question was not protected with two-factor authentication. But I am free to be proven wrong. In any case, there’s more:

The filing said that the breach affects 1.2 million active and inactive managed WordPress users, who had their email addresses and customer numbers exposed. GoDaddy said this exposure could put users at greater risk of phishing attacks. The web host also said that the original WordPress admin password created when WordPress was first installed, which could be used to access a customer’s WordPress server, was also exposed.

The company said that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services.

Oh boy. This is not trivial. And what makes this worse is GoDaddy also owns Sucuri which besides being the business of securing websites among other things, ironically offers up advice on how to secure WordPress sites. Regardless, this is not a good look for GoDaddy and it is a safe bet that company will have a lot of explaining to do over the coming days.

#EcoEx21: OVHcloud Ecosystem Shares Its Values At An International Event

Posted in Commentary with tags on November 22, 2021 by itnerd

Customers, technological, industrial, and commercial partners: November 16-18, 2021, OVHcloud is bringing together nearly 130 players from its ecosystem for a virtual event. 

This event is an opportunity for the communities surrounding the European cloud leader to demonstrate the power of their mobilization around the same values: respect for freedom, openness, and the ethical and sustainable use of technology. During this international event (Europe, Americas, and Asia-Pacific), users, contributors, experts, and partners will provide their testimonials and expertise throughout more than 50 sessions. 

Michel Paulin, CEO of OVHcloud, and Octave Klaba, founder and president of OVHcloud, will open each day. They will bring together numerous guests, including Laurent Giovachini, Deputy CEO of the Sopra Steria Group; Amita Potnis, Director and Head of Research for the Global Trusted

Practice at IDC; Nicolas Helleringer, CTO of Resilience; Ingrid Söllner, Chief Marketing Officer of Thetris; Max Schrems, activist, lawyer, author and founder of NOYB –the European Centre for Digital Rights. Together, they will discuss the challenges driving the cloud market.

With a recent €350 million capital injection and a market capitalization of nearly €4 billion, OVHcloud is entering a new phase of its expansion. The success of this operation helped build trust in Europe’s leading cloud provider and proved that a robust ecosystem backs them.

Accelerate the Development of New, Value-Based Cloud Solutions

To meet its wide range of customer needs across digital-native companies, public and private organizations, DevOps, and partner resellers, OVHcloud continues to develop its four solution categories: Bare Metal CloudHosted Private CloudPublic Cloud, and Web Cloud, always at a predictable price and with a performance/cost ratio that is unique on the market.

OVHcloud is accelerating the integration of software technologies into its solution portfolio by combining its legacy Infrastructure-as-a-Service (IaaS) expertise with Platform-as-a-Service 

(PaaS) solutions. Through its partnerships (such as Database-as-a-Service (DBaaS) solutions with MongoDB, Aiven, and a collaborative development platform with Platform.sh),R&D (AI Notebooks or AI Training, for example), and its acquisitions (launch of a High-Performance Object Storage offer following the acquisition of OpenIO), OVHcloud intends to support companies’ digital transformation offering them a set of ready-to-use tools. Further, OVHcloud will make a platform of open cloud solutions available for users to adopt and enrich–sharing these solutions with all those waiting for more standards, openness, and reversibility in the PaaS.

OVHcloud guarantees its customers’ data sovereignty by allowing them to choose the location of their data, protect them from outside interference, ensure compliance with local regulations, and commit not to exploit this data for the optimization of its AI models or commercial purposes. The commitment was recently reinforced with the advent of Hosted Private Cloud solutions qualifying for SecNumCloud (ANSSI security visa), which testifies to the highest security and trust standard in Europe, G Cloud in the UK, C5 in Germany, and AGID in Italy.

The next step for OVHcloud is to ensure technological sovereignty for its customers by allowing them to control the underlying technology and thus avoid technical lock-in situations. The interoperability and reversibility of OVHcloud solutions are built in line with recommendations by Gaia-X. During the event, Pierre Gronlier, CTO of Gaia-X will shed light on the initiative’s recent progress in implementing a decentralized, open and sovereign data infrastructure.

Many OVHcloud partners will share their stories on these strategic topics, such as Raghu Raghuram, CEO of VMware; Rob Bissett, Anthos Product Manager at Google Cloud ; andVincent Robert, Partner Project Manager at Platform.sh. 

Getting Closer to International Customers, in Compliance with Local Legislation

To serve its customers worldwide, OVHcloud is growing its footprint by expanding existing data centers in Europe and Canada. And opening sites in new regions within the US, India, and Asia-Pacific. All while guaranteeing its customers operational sovereignty because they retain the freedom to choose where their data is stored. 

Furthermore, all OVHcloud solutions comply with current legislation, depending on the sector or location: GDPR for personal data, for example, or HDS for healthcare data. Raphaël-David Lasseri, Founder and CEO of Magic Lemp, will remind you of the importance of this compliance during a session dedicated to healthcare data challenges.

To illustrate the guarantee of data immunity from extraterritorial laws, Cristina Guttuso, Chief Legal Officer of OVHcloud, will be hosting a conference on the new framework for European data transfers.

Offer Support Programs for Joint Success

To support its customers’ growth, OVHcloud continues to strengthen and deploy its Partner Program, Startup Program, Marketplace and Open Trusted Cloud support programsworldwide, based on non-exclusivity of commitmentMariana Caillaud, founder and CEO of Dolipharm; Rita 

Nazarian, Partner Manager of IPaidThat; Roberto Correnti, CTO of Full IP Solutions and many others will share their experiences on the benefits of the programs.

Pursuing a Comprehensive Innovation Policy Geared Towards Sustainability

As an integral part of its DNA, the OVHcloud vertical model is essential for sustainable innovation. The Group is paving the way towards an eco-responsible cloud through its R&D and collaboration with its providers (to aim for a transparent carbon footprint of server components), with players in the cloud market (notably through a shared commitment in the Climate Neutrality Pact for data centers), and with its customers (via the provision of a carbon invoice calculator for their cloud consumption).

To achieve its goal of “zero net emissions” by 2030 and anticipate new use cases requiring very high performance, OVHcloud is now testing an immersion cooling prototype. The concept is unique as it involves combining immersion cooling technology with the water-cooling technology that OVHcloud has been using for nearly 18 years.

Thomas Arenz, Director of Marketing Communications and Strategic Business Development for EMEA at Samsung; Thibaut de La Bouverie, Partner, Cloud Transformation Lead at Deloitte; and Romain Rouvoy, Professor at INRIA, will discuss environmental issues in the cloud at a dedicated session.

Learn more about the Ecosystem Experience 2021.

Guest Post: VPN-Related Media Coverage Grows By 43% In 2021 Says Atlas VPN

Posted in Commentary with tags on November 22, 2021 by itnerd

Data extracted and compiled by Atlas VPN reveals that the average number of VPN-related pages published monthly grew by 43% in 2021 YTD compared to 2020.

The wave of data breaches, consumer privacy issues, and increased internet usage due to the pandemic are some of the main factors that sparked interest in VPNs.

Edvardas Garbenis, a cybersecurity researcher at Atlas VPN comments on the situation:

It’s already clear that 2021 will be marked as a year when VPN popularity exploded globally.  Be it media coverage or actual download numbers – interest in VPNs is increasing to never-seen-before heights. The data shows that this growth is not likely to stop anytime soon.

Will there come a time when having a VPN application on all of your devices becomes the norm? If the pattern continues – it’s not a stretch to expect it within the next couple of years.

The research team at Atlas VPN extracted and analyzed data from the Ahrefs platform. The data depicts how many monthly pages were published on the internet that contained the keyword “VPN” in the story.   

The data reveals that the popularity of VPN-related media coverage was increasing steadily since 2017. However, in the last two years, the popularity exploded.   

Throughout 2021 so far, the total number of unique pages published stands at 5.71 million. Yet, in 2020, the total reached 4.35 million. Even though 2021 still has another month to go, it has already hit a record number of VPN-related stories ever.

Going back in time even further, we see that the increase in VPN-related stories had a huge growth from 2019 to 2020.

Why are VPNs exploding in popularity?

So what are the reasons behind the surge in VPN coverage? It’s like anywhere else – supply and demand. The reality is that media outlets are responding to the interests of their readers.

Privacy and security issues on the internet have skyrocketed in the past couple of years. Naturally, concerned internauts are looking for ways to protect themselves online.

To read the full article, head over to:
https://atlasvpn.com/blog/vpn-related-media-coverage-grows-by-43-in-2021

ASUS Serves Up Some Great Gifts For The Tech Lover In Your Life

Posted in Commentary with tags on November 22, 2021 by itnerd

Tech lovers are sometimes difficult to buy for. Fortunately ASUS has a few different products for your consideration. They are suited to a variety of users, from the tech enthusiast to the casual internet browser, and everyone in between:

  • ProArt Display PA329CV :  Designed for the serious creative, the ProArt Display PA329CV features a 32” 4K UHD display, ProArt preset ProArt Preset, USB-C connection, and calman verified display. With a 3840 x 2160 resolution – 4X more than full HD – users will find crystal clear visuals even in the finest details of photos and text. $1449 @ Amazon
  • AC1750 Dual Band Gigabit WiFi 5 Router: Powered by 5G Wi-Fi and 256QAM technology, this router is perfect for the household managing multiple WFH workers. On a 5GHz band it blazes to 1300 Mbps letting users connect multiple devices without sacrificing speed. $79.99 @ The Source
  • ZenBeam Latte : A wireless mini projector that will take movie nights anywhere. Sitting at the size of a coffee mug, this projector  holds three hours of projection or 12 hours of audio playback, projects up to 300 LED lumens output and 720p native resolution and can connect through wireless connectivity, bluetooth, or a USB-A port. 549 @ Canada Computers
  • Chromebook Flip C433 : A super versatile laptop designed for work and play. The Chromebook Flip features an Intel® Core™ m3 processor, 8 GB RAM, and a 14” touchscreen. It has 360 degree hinge lettering users use it as a laptop or tablet. $499 @ Amazon
  • ASUS ROG Gladius II Wireless: Co-designed with Pro gamers for ultimate comfort, this mouse features right-handed ergonomics and ROG-exclusive socket design enabling easy switch-replacements to customize click force. $155.78 @ Amazon

If northing on this list strikes your fancy, check out ASUS.com for even more gift ideas.