Archive for December, 2021

« Older Entries
Newer Entries »

I Spent An Evening Trying Out iMazing’s iPhone Spyware Detection Feature… Here’s How It Went

Posted in Products with tags on December 22, 2021 by itnerd

A while ago I wrote about a product called iMazing which among other things claimed to “easily” detect spyware from The NSO Group among other types of spyware. At the time I promised that I would try it out and see what it was like. I finally got around to doing that last night. And here’s how it went for me.

First of all, let me get this out of the way. It is extremely unlikely that 95% of you or more have any spyware on your iPhone. That’s because spyware on the iPhone tends to be aimed at specific targets. Such as journalists, human rights activists or government officials. And on top of that, while exploits do exist for iOS devices, they are rare and highly valuable as iOS is a highly secure OS by default. Which is why groups like The NSO Group are in a cat and mouse game with Apple to use these exploits before Apple shuts the down. Which means that those exploits are more likely to be used on a high value target rather than the common person with an iPhone 13.

Having said all that there is a school of thought that says that it pays to be sure that you aren’t one of the 5%. That’s where iMazing comes in. Here’s how it works. The short answer is that iMazing makes a backup of your iPhone, and then performs an analysis on it to see if you have any spyware type activity.

The more nerdy answer adds to what I said above via this statement from the company:

iMazing’s spyware detection tool is available as a free feature in iMazing 2.14 and above. It can be used to detect signs of infection by NSO’s Pegasus and has the potential to evolve to detect other threats. The methodology implemented closely mirrors that of the open-source Mobile Verification Kit by Amnesty International’s Security Lab. The ability for the user to customize the analyzer by providing indicators of compromise in STIX format may be useful for early investigations of future threats. For more context on the development of iMazing’s spyware detection tool, please refer to this blog post.

So all you need to do is to follow the instructions in this document which will require you to connect your iPhone to your computer and have iMazing perform an encrypted backup using the “Detect Spyware” option. It will then analyze the backup and produce a report in the form of a spreadsheet. All analysis is local to the computer in case you were wondering if iMazing gets to see your data. The whole process takes anywhere from 10 to 20 minutes and is largely painless. In my case I got a report that said that I had no spyware on my iPhone. But I did get 7 warnings.

The timestamp traces back to a suspicious text that I was investigating. The text had a link in it and the link never opened in Safari. Thus this is explainable. And according to iMazing, HTTP redirections, indicator matches, and signs of manipulated entries will end up in entries like the above. HTTP redirects are logged as warnings to bring your attention to them. And they are not a sign of infection in themselves as long as they do not point to a known malicious domain. Other than that, my iPhone was clean.

Now there are some things to note:

  • There are some differences between iMazing’s tool and the one from Amnesty International. iMazing works only with iPhone, and it does not support analyzing from jailbroken devices.
  • In the interests of privacy, iMazing does not save extracted records to the analysis file. The process happens in system memory, then the results are exported and the memory is wiped.
  • iMazing cannot prevent a spyware infection. It can only tell you if you have one. That means that you have to still be careful so that you don’t get infected. Doing things like ensuring that you have an up to date OS on your phone, you don’t click on links that you get from anyone, and the like will keep you safer. Though I will point out that Pegasus which is the spyware that The NSO Group serves up is zero click in nature. Meaning that if you’re a target of one of their customers, you’ll get pwned no matter what you do as it require zero interaction from you to take over your iPhone.
  • If your iPhone does come back as positive for spyware, you need to reach out to iMazing here and have them analyze your backup. In the meantime, you should refrain from any communications which may put you at risk but keep using the device as you did before so as not to reveal that you have become aware of the infection. Assuming that you don’t have a false positive which iMazing can confirm. If you don’t have a false positive, they will put you in touch with professional help.

iMazing goes for $59.99 CAD per year for unlimited devices and has the option for doing a one time purchase based on the number of devices that you want to use iMazing with starting at $44.99 CAD for one device. But the spyware scanning functionality is free.

Again, I will point out that it is highly unlikely that 95% or more of you would be a target for spyware. But if you think you are one of those 5%, or you just want to be sure that you aren’t infected with something evil, iMazing has a solution for you.

2 Comments »

BREAKING: AWS Is Down…. Again

Posted in Commentary with tags on December 22, 2021 by itnerd

Bad news. The AWS Health Dashboard is showing that one of its Elastic Cloud Compute systems is down, specifically in Northern Virginia. The problems started at 4:35 am ET and is affecting the following sites among others:

  • Amazon
  • Hulu
  • Slack
  • Grindr
  • Epic Games Store
  • Samsung Smarthings
  • Rocket League

The cause was apparently a power outage. Amazon is bringing power back online and things should get back to normal soon. But this is the second major outage for AWS in a short amount of time. Thus Amazon will have some explaining to do.

Leave a comment »

Guest Post: Over $12 Billion In Crypto Stolen In The Past Decade Says Atlas VPN

Posted in Commentary with tags on December 21, 2021 by itnerd

Many crypto services have failed to build efficient security systems that would stop cybercriminals from exploiting flaws for personal gain at the expense of their victims. 

According to the data presented by the Atlas VPN team, more than $12 billion of crypto assets were stolen in the past 11 years. In addition, 40% of the funds were stolen from fraudulent exchanges, while Decentralized Finance (DeFi)-related hacks continue to surge. 

The first official security breach of a cryptocurrency exchange happened in 2011, while hackers stole $1 million in total throughout the year. Since then, the sum has continued to grow, reaching nearly $3.2 billion in 2021.

Crypto fraud exploded in 2019 when total losses accumulated to $3.8 billion, a 598% increase since 2018. As of now, fraudsters have stolen over $7.1 billion worth of crypto assets in the last 11 years.

DeFi hacks are the latest trend for cryptocurrency cybercriminals. It started in 2020, and hackers stole $149 million of crypto assets from DeFi exchanges. However, losses in DeFi breaches quickly grew in 2021, adding up to $1.7 billion in total.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on crypto-related hacks and scams:

“With the popularity of cryptocurrencies growing, it’s reasonable to say that crypto-related hacks and scams are not disappearing anytime soon. Many people are ignorant of the risks of investing in cryptocurrency because blockchain technology is still relatively new. Before putting money into a platform, make sure to research its technical and security capabilities.”

Fraudulent exchanges caused most losses

While there are plenty of trustworthy cryptocurrency exchanges, there are just as many fraudulent ones, which try to prey on people’s lack of knowledge of how to distinguish a legit crypto platform.

Fraudulent exchanges have stolen 40% of all lost crypto assets throughout 11 years. Fraudulent platforms are those involved in exit scams, illegal behavior, or whose funds were seized by the government.

Exchanges with very high money laundering risks were responsible for 24% of stolen crypto assets. Such exchanges allow the withdrawal of more than $2000 in crypto daily without KYC/AML (Know Your Customer/Anti-Money Laundering).

P2P exchanges with high money laundering risks have stolen 5% of total funds. Mixing services were responsible for 4% of stolen crypto assets

To read the full article, head over to: https://atlasvpn.com/blog/over-12-billion-in-crypto-stolen-in-the-past-decade

1 Comment »

My Desk Setup – The 2021.5 Edition

Posted in Commentary on December 21, 2021 by itnerd

After posting my desk setup last week, I made some changes based on the fact that there were things that I didn’t like about the setup. So with some advice from my wife I have a new desk setup. Let’s have a look at what my desk setup looks like after the changes that I made.

The first thing you’ll notice is that I have moved everything to the left and I now have my 16″ MacBook Pro slightly left of centre with my Acer Nitro XV271 Z 27″ Gaming Monitor just above it on a Fellowes monitor stand. My desk phone is just to the left now and the pens and stapler are just to the right. I believe that this makes for a much better work space for me.

Let’s start with the monitor and the computer. This is the Acer Nitro XV271 Z 27″ Gaming Monitor and the 16″ MacBook Pro. This configuration works way better for me than having the monitor off to the right in my previous setup. On top of that the monitor is a decent match for the screen of the MacBook Pro because of the ability do 120 Hz (or higher but I have it locked at 120 Hz) and HDR400. Both are connected using USB-C Digital AV Multiport Adapter from Apple which also has the connection to my UPS, and the MacBook Pro is powered by USB-C to MagSafe 3 cable that is plugged into the Apple 140W power adapter. All of this sits on the FlexiSpot Electric Height Adjustable Standing Desk which has the ability to raise or lower at the push of a button. That means that I can dial in my perfect position that is ergonomically correct. You can read my review on it here. One thing that I had to do was to put in longer power cables on the monitor to ensure that no matter what height I had the desk, the cables would not become an issue. Likewise, I used a short HDMI cable from the monitor to the multiport adapter to make the cables on the desk neat and tidy. In case you’re wondering, the phone to the left is a Vtech DS3111-2 which is has DECT 6.0 Digital technology which is Vtech’s name for their phones that use the 1.9 GHz frequency which is exclusively set aside for the purpose of voice communication. Thus they will not interfere with my WiFi or Bluetooth devices, or vice versa and ensure that the call quality is top shelf.

Something that I didn’t change is the fact that I still have the InvisQi wireless charger which is placed under the desk so that I can charge my iPhone 12 Pro or AirPods Pro as you see here. Beside it an Asus mousepad that I got at an Asus event a few years ago along with a Logitech V470 Bluetooth mouse. It’s a simple mouse powered by two AA batteries that works well for me.

With the exception of the desk which is plugged straight into the wall, all the electronics are powered from the APC BackUPS 600. In my condo, I have UPS units all over it to protect my various electronics as a UPS or Uninterruptible Power Supply will keep your gear running if there is a blackout thanks to the built in battery. Plus it will protect you from power surges (which is too much current) and sags (which is too little current) thanks to said battery. It also has a USB-A cable that connects to your computer so that if the UPS needs to shut down your computer due to a power event, it can use that cable to send that command to your computer. In my case I have it running into the USB-C Digital AV Multiport Adapter from Apple. But it won’t shut down the computer because Apple notebooks don’t support that functionality within macOS for reasons only known to Apple. But it will recognize when something happens and use UPS power until it runs out. Then it will switch over to the internal battery. I highly recommend these to any computer user to make sure that their equipment is protected from any electrical issues as it is cheaper to replace one of these rather than replace your computer should the worst happen.

One thing that I needed is storage for things like cables, portable hard drives, tools and the like. That’s where these multi-coloured slide out bins from Really Useful Boxes which I got at Staples comes in. They allow me to keep my cables organized so that I can find what I need, when I need it with ease.

Below that, I have a old Rubbermaid clear storage bin which holds more cables. And at the bottom is a Gry Mattr Three Drawer Cabinet that I got at Staples. This holds my files, pens, and assorted stuff like external hard drives and tools. It also can be locked which is a big plus for me.

So that’s my revised desk setup. The changes that I made I think have really helped me to have a much more functional workspace. But I’m open to suggestions as to how that I can make this even better. If you’ve got suggestions, please leave a comment and share your thoughts.

2 Comments »

HelpSystems Offers Up Predictions For 2022

Posted in Commentary with tags on December 21, 2021 by itnerd

Well, it’s been quite the year on the cybersecurity front. And to be frank, with threats like Log4Shell, that’s likely to make 2022 quite the year as well. To get more detail on what that might look like, here’s three predictions from HelpSystems that make for some interesting reading.

Joe Vest, Tech Director – Cobalt Strike by HelpSystems

“The prevalent cybersecurity testing model that I call, ‘find the bad, fix the bad,’ will continue to dominate in 2022, and many organizations will remain steps behind the threat. If we could patch our way out of this problem, we would’ve solved security many years ago. Unfortunately, much of the advice and testing models keeps us steps behind the threat. There’s a great deal of time, money and energy spent designing and operation a security operations program. By only concentrating on fixing flaws, we just measure our ability to prevent – and 100% prevention is unrealistic. The motto, ‘prevent first, detect always,’ must be adopted as a core preset for secure security operations programs. Remember, the goal of security is not to stop a hack. The goal is to prevent, detect and respond to a threat actor before they successfully achieve their goal. It’s time we pushed back on the threat and moved beyond fixing the flaws.”

Tom Huntington, Executive Vice President of Technical Solutions at HelpSystems

“There’s a shortage of IT staff in the cybersecurity industry. We know that CISOs and other cybersecurity professionals are really trying to staff up their team to help combat all the bad hackers around the globe. I’m thinking that as we roll through 2022 that one of the better practices would be to apply automation – things like robotic process automation, workload automation, enterprise scheduling – those kinds of practices should be used as we look at mundane, repetitive cybersecurity processes that we’re doing, and we may be able to augment the shortage in staff with a good set of automation products alongside of cybersecurity.”

“2022 is the year that C suite recognize that they are getting further and further behind on their security projects. They’ll start to turn to RPA (Robotic Process Automation) and enterprise automation to help their teams become more productive in the battle against the cybercriminals. If they cannot hire talent, automation allows them to augment this deficiency. This effort takes SOAR (security orchestration automation and response) to a new level.”

Brian Pick, Managing Director of Managed File Transfer – HelpSystems

“Organizations will continue to look closely at how to minimize any type of data breach. This includes a close examination of how they are exchanging data/files with third parties. For example, we’re seeing a lot of inquiries that relate to organizations taking a closer look at any processes that require someone to manually secure a file before it’s exchanged. This could include having a programmer write a script to transfer a file securely or someone using a PC application to encrypt the file first before sending it. Security personnel are looking for a consistent, reliable and auditable process for securely exchanging files that help prevent data.”

It will be interesting to see how their predictions play out in 2022 as I know that many will be keeping track.

Leave a comment »

Log4j…. The Gift That Keeps On Giving

Posted in Commentary with tags on December 20, 2021 by itnerd

This isn’t the type of gift that sysadmins want. But news has come to light that a third Log4j vulnerability has been discovered, this time for a DoS bug. The latest Log4j bug isn’t a variant of the Log4Shell remote-code execution bug but has the same components and can also abuse the attacker-controlled lookups in logged data.

Yikes!

Ayal Yogev, CEO and Cofounder, Anjuna Security had this to say:

     “The Log4Shell bug, as were seeing with other common vulnerabilities such as CVE-2021-45105, is used to execute privileged malicious code that immediately puts entire enterprise IT infrastructures at risk. Stopping the spread is possible using widely available confidential computing facilities available in the cloud and on hosts. These physically and cryptographically isolate an application’s memory, compute and storage from others on a given host stopping the spread at its point of infection.”

Honestly, if you haven’t patched Log4j yet in your environment, you need to get cracking. Because I suspect that more issues will be found with Log4j seeing as everyone and their dog is looking for them.

Leave a comment »

Fisker Inc. Announces Its First-Ever NFT Series

Posted in Commentary with tags on December 20, 2021 by itnerd

Fisker Inc. has announced Fisker by Hand: OCEAN Concept Collection, a series of non-fungible tokens (NFTs) of original pen-on-paper sketches from the hand of Founder and Chief Designer, Henrik Fisker.

Fisker by Hand NFT auctions allow participants to partake in a charitable endeavor today, while in the future, NFT owners will enjoy exclusive invitations to bespoke events curated by Fisker.

For the inaugural release, a total of 100 Fisker by Hand: OCEAN Concept Collection NFTs are available for purchase, organized into four tiers: Ocean One: Limited to 1 Copy, 1 of 1; Extreme: Limited to 10 Copies; Ultra: Limited to 25 Copies; Sport: Limited to 64 Copies. The top three NFT tiers enjoy redeemable benefits such as signed prints and for Ocean One, an original art piece.

As part of the first-ever Fisker by Hand: OCEAN Concept Collection NFT sale, Fisker is donating 50% of primary sales to nonprofit organizations supporting corporate ESG principles.

Fisker by Hand: OCEAN Concept Collection NFTs will be auctioned through the FTX.US marketplace using Solana cryptocurrency on the Solana blockchain, a proof-of-stake blockchain with far less environmental impact than a proof-of-work blockchain. Solana’s carbon-neutral pledge aligns with Fisker’s brand pillars of design, innovation and sustainability. The auction will start at 5:00 p.m. PST on Wednesday, Dec. 22, 2021, and end 24 hours later. More information is available here.

Leave a comment »

Review: Acer Nitro XV271 Z 27″ Gaming Monitor

Posted in Products with tags on December 20, 2021 by itnerd

During my Desk Setup review, I noted that I was looking for a new monitor. The challenge that I had was that my 16″ MacBook Pro had a display that was so good, it destroyed almost any other external monitor that is currently available including Apple’s infamous Pro Display XDR which is their $5000 USD monitor that you have to spend an extra $1000 USD on top of that to get a stand that should really come with the monitor. So as a result, I made a conscious decision balance what features that were important to me with price. So the feature set that I settled on was:

  • 120 Hz or higher refresh rate. Because once you experience 120 Hz like I have on my 16″ MacBook Pro, you’ll never go back to 60 Hz.
  • HDR support
  • 24″ – 27″ widescreen
  • Full HD (1080p) resolution

So one trip to my local computer store and some consultation, I was able to put my money down on the Acer Nitro XV271 Z 27″ Gaming Monitor.

This is a 27″ full HD monitor that supports a refresh rate of 280 Hz which is insane. But on top of that it satisfies all the things that I was looking for in a monitor. But adds a few extras such as:

  • Support for AMD FreeSync Premium
  • 1 ms response time
  • Built In Speakers

Let’s start with the design. I really like the fact that it is not like other gaming monitors with lots of flashing lights, or having over the top graphics. It’s understated which means that it fits into more environments than a typical gaming monitor would. I also like the fact that top, left and right bezels are slim. That fits in with my MacBook Pro which has very slim bezels. Then there’s the stand:

The entire stand swivels so that you can get the right position that works for you. I should also mention that the monitor adjust up and down and tilts as well to aid in that. Though in my case, to get it to where I wanted it, I still had to use the monitor stand that you see in this picture. Finally, if you want to run the monitor in portrait mode, you can do that by rotating the monitor into that position.

One thing that I appreciated is that the back of the stand has a clip that allows you to make your cables neat and tidy.

On the right side are all the controls for the monitor. Including a handy joystick that makes it easy to navigate through menus and to make quick changes.

Overall, the build quality is great. It doesn’t feel cheap in any way.

From an input perspective, you get DisplayPort, HDMI, and audio out. And what’s cool is that you get both the DisplayPort and HDMI cables in the box. Though I will admit that I used my own HDMI cable because I wanted a shorter one to make cable management on my desk neater. I also used a much longer power cable to accommodate my FlexiSpot Electric Height Adjustable Standing Desk as that raises and lowers.

For my use case, I plugged it into my 16″ MacBook Pro via HDMI and turned on HDR support for the monitor as well as enabling it on the MacBook Pro. I also set the refresh rate to 120 Hz so that it matched the MacBook Pro’s display. I then ran it for a couple of days to get my impressions. The net result what that I was impressed to a point. Here’s the highlights:

  • I will get the speakers out of the way first. They sound flat with very little if any definition to any audio that you wish to play through them. In short, they won’t impress anyone. Acer might have been better off leaving them out of this monitor.
  • The display is rated for HDR400 which means the maximum brightness that it will display while running HDR content is 400 nits. While that’s not competitive with OLED screens or mini LED screens like the one in the 16″ MacBook Pro, it actually doesn’t do a bad job of displaying HDR content. So if you want to consume HDR media, or have better visuals for games, this monitor is capable of doing just that. Having said that, this monitor lacks P3 wide color gamut support which would really help with HDR content. Instead it has BT.709 color gamut support which has a slightly narrower range of color reproduction.
  • Like most IPS panels, it offers good viewing angles, but at the cost of a mediocre contrast ratio. Which is less than ideal for dark room viewing. 
  • It has an excellent low input lag and outstanding response time, resulting in clear motion, and there is very little motion blur.
  • I did not notice any flickering during testing and it was very easy to look at. I am assuming that this is due to a blue light filter that this monitor has as part of the deal.
  • Often in large monitors that do full HD, pixel density is lacking. What I mean is that text for example doesn’t look as sharp as it should. In the case of this Acer, it has decent pixel density as I did a number of articles and this review on that monitor and I didn’t have any complaints.
  • From the “edge case” department, I did notice that this monitor supports Apple’s True Tone feature. The net result is that the color temperature of the Acer monitor was almost exactly the same as the built in display of the MacBook Pro. Though I will note that it is driven by the ambient light sensor in the MacBook Pro. Which implies that If I use the MacBook Pro in clamshell mode with an external keyboard connected to this Acer monitor, I will lose this feature.
  • The anti-glare coating works really well in my environment.

The only thing that I didn’t try was gaming as I am not a gamer. Which is ironic given that this is a gaming monitor. But the main reason why I didn’t bother testing this is that any game that I have been known to play is on the Steam platform and the Steam client is still an Intel App. Which means that due to the emulation required to have it work on my M1 Pro based MacBook Pro, any game I play wouldn’t really push the monitor to its limits so that I can get an idea of what it is like as a gaming monitor. I may do a follow up on this if games start to appear that are native to Apple Silicon. But you don’t buy Macs to play games on, and game makers tend to ignore the Mac platform, so I am not holding my breath on that front.

The price that I paid for this monitor was $329 CDN. Given the feature set and nothing to really complain about other than the quality of the speakers, that’s a fair price. And it works in my use case. Thus my recommendation is simple. If you ignore the gaming monitor part, this is a monitor that is worth looking at if you need a monitor that has good viewing angles, some degree of HDR support, and a high refresh rate, and you don’t want to spend four digits on. Just ignore the speakers and you’ll be good to go.

6 Comments »

Sonos Roam On Sale In Canada Staring On December 24

Posted in Commentary with tags on December 20, 2021 by itnerd

Heads up for those who are looking for a deal!

The Sonos Roam will be available for $199 CAD from Thursday, December 24 – Monday, December 27th as part of Sonos’ Boxing Week offers in Canada. That’s a $30 savings (or 13% discount) and the only offer on Roam this year.

You can treat yourself to a new Roam (or belated holiday gift) at Sonos.com and retailers nationwide. 

Leave a comment »

VMware Workspace ONE Security Issue Sends Customers Scrambling To Patch Everything

Posted in Commentary on December 19, 2021 by itnerd

If you run VMware’s Workspace ONE Unified Endpoint Management (UEM) product, you need to pay attention to security advisory VMSA-2021-0029, which is tied to CVE-2021-22054. In short, VMware’s advisory doesn’t say a lot other than this:

A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.

This rates as a 9.1 out of 10 which is pretty bad. Or put another way, you need to immediately drop what you’re doing and patch everything related to Workspace ONE immediately. VMware has made the patches available here. After you install the patches, you need to do the following:

  • You need to edit the products web.config file with seven lines of code.
  • Reboot IIS

Here’s the thing. VMware points out, you’ll need to make those changes on “every single Windows server that has the UEM Console application installed in the environment.” And take it from me, large companies often don’t know what servers they have out there. Which makes this a very good time for companies to find out what they have out there if they run Workspace ONE.

Now I’ve done a couple of these these weekend for clients and I have about five more scheduled. Wish me luck and happy patching.

Leave a comment »

« Older Entries
Newer Entries »