Archive for April 8, 2022

Google & iFixit Team Up To Make Pixel Displays, Batteries And Other Parts Available…. Are You Paying Attention Apple?

Posted in Commentary with tags , on April 8, 2022 by itnerd

Clearly the announcement by Samsung that it was teaming up with iFixit to make parts and tools available for their phones, Google clearly felt that they had to do the same thing. Which leads me to this announcement that caught my attention:

We’re delighted to announce that we are working with Google to sell genuine parts for Pixel phones, starting later this year.  You can learn more about it in Google’s blog post.

We will be continuing to write our step-by-step Google Pixel phone repair guides, which are comprehensive going all the way back to the original Pixel. Repair guides are live for every Pixel through the Pixel 5, and we are writing guides for the 5a6, and 6 Pro right now.

Our parts selection will include everything you need for the most common Google Pixel repairs—batteries, displays, cameras, and more. We will sell them both individually and as part of Fix Kits, which include all the tools you need to fix your Google Pixel, from screwdriver bits to spudgers. 

Starting later this year, genuine Pixel spare parts will be available for purchase at ifixit.com for Pixel 2 through Pixel 6 Pro, as well as future Pixel models, in the USUKCanadaAustralia, and European Union countries where Pixel is available.

This is great news for people who want to be able to fix their own phones. And it’s way better than Apple’s announcement/non-announcement where they say that they want to give customers the ability to repair their own stuff but so far hasn’t delivered on that. So the question is, with both Samsung and Google embracing the ability for customers to repair their own devices, will Apple get serious about doing the same thing rather than paying lip service to it? I guess we’ll have to see.

1 Comment »

2022 Canadian Federal Budget Includes Spending On Cybersecurity

Posted in Commentary with tags on April 8, 2022 by itnerd

Yesterday’s Federal Budget had a lot in it for people to pick apart. But being an IT Nerd, I am focused on the new spending for cybersecurity:

Announced this afternoon, Budget 2022 also proposes to provide $238.2 million per year after the initial five year period for additional measures to address the rapidly evolving cyber threat landscape. The budget still has to be passed by Parliament.

The spending will include:
–$263.9 million over five years, starting in 2022-23, and $96.5 million annually ongoing to enhance the Communications Security Establishment’s (CSE’s) abilities to launch offensive cyber operations to prevent and defend against cyber attacks. The CSE is a division within the Defence Department that is responsible for protecting federal IT networks;
–$180.3 million over five years, starting in 2022-23, and $40.6 million per year ongoing to enhance CSE’s abilities to prevent and respond to cyberattacks on critical infrastructure;
–$178.7 million over five years, starting in 2022-23, and $39.5 million annually ongoing to expand cyber security protection for small departments, agencies, and Crown corporations; and,
–$252.3 million over five years, starting in 2022-23, and $61.7 million per year ongoing for CSE to make critical government systems more resilient to cyber incidents.

There would also be extra money to help cybersecurity researchers in fields such as quantum computing and artificial intelligence.

Those are big numbers. Thus this must be good. Right? I reached out to an expert to answer this question. Specifically David Masson, Director of Enterprise Security at cybersecurity AI firm, Darktrace:

“The Canadian Centre for Cyber Security, the public-facing arm of the CSE, has issued several cyber threat bulletins and advisories warning Canadian organizations operating critical infrastructure (CI) of the threat of cyber-attacks from Russia and Russian sponsored-proxies. It is no surprise that the Canadian Government underscores this priority with the allotment of $180 million to protect these increasingly vulnerable organizations and an additional $252 million to build government cyber-resilience in the face of incoming cyber-threats.  

 In addition to protecting CI and strengthening government defences, the vast majority of the announced budget will support the CSE in boosting its cyber capabilities, including launching offensive cyber operations against malicious actors. This shift to offensive cyber operations to succinctly combat cyber-attacks may indicate troubling intelligence surrounding impending cyber-threats. Overall, the new budget emphasizes cyber “defence,” where the strategic advantage will be with those who can defend most successfully and quickly – not focused on attacking their enemy. This funding is an essential step in ensuring that Canadian organizations do not get left behind in the global cyber war.”

It seems that Mr. Masson thinks this is positive. So I will go with that. Hopefully the Federal Government spends this money wisely so that Canadians are protected from cyber threats of all sorts.

Leave a comment »

HelpSystems Acquires Terranova Security

Posted in Commentary with tags on April 8, 2022 by itnerd

HelpSystems announced today the acquisition of Terranova Security, a leader in global phishing simulation and security awareness training. Available in more than 40 languages, Terranova Security’s platform and content incorporates gamification techniques to increase engagement and knowledge retention. This approach enables all organizations to hone employee cyberattack prevention skills and reduce the chance of a successful phishing attack. Terranova Security extends HelpSystems’ overall security suite with a proven training security awareness solution that complements email security offerings from ClearswiftAgari, and PhishLabs.

Because employees are often the first line of defense against cyberattack, Terranova Security’s training and simulation capabilities are at the top of many cybersecurity to-do lists for highly targeted organizations. Terranova Security works with customers to take a holistic look at suspicious emails and evaluate how effective users are at recognizing scams and whether they need additional training. The company strives to instill users with the knowledge, skills, and confidence they need to recognize cyber threats, from phishing emails to credential harvesting webpages and other forms of social engineering. 

Although phishing attacks aren’t new, the industry has seen a marked rise in their prevalence in the wake of expanding remote workforces with increasingly sophisticated and bold attempts. In addition to phishing and the more targeted spear phishing campaigns, these aggressive efforts to infiltrate businesses can take the forms of social engineering, business email compromise, and ransomware that paralyzes entire networks. 

HelpSystems is a software company focused on helping exceptional organizations secure and automate their operations. Their cybersecurity and automation software protects information and simplifies security and IT processes to give our customers peace of mind. They know security and IT transformation is a journey, not a destination. Let’s move forward. Learn more at helpsystems.com

Terranova Security is the global security awareness training partner of choice that has been transforming the world’s end users into cyber heroes for more than 20 years. Using a proven pedagogical framework, Terranova Security training solutions empower organizations worldwide to implement programs that change user behaviors, reduce the human risk factor, and counter cyber threats effectively. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. With the addition of new features like its Content Center and Cyber Hero Score, Terranova Security consistently innovates to support all organizations’ cyber security objectives. These industry-leading solution additions also strengthen long-term information security for all professionals, regardless of region or sector, in an era where remote work and borderless productivity are standard. Learn more at terranovasecurity.com.

Leave a comment »

Data From Fox News Leaked Via Unsecured Database

Posted in Commentary with tags on April 8, 2022 by itnerd

Fox News is making headlines for all the wrong reasons.

In a recent report from security researcher Jeremiah Fowler, details were revealed of an open and non-password protected database that contained nearly 13 million records belonging to FOX News. The data reportedly contained management data including employee personally identifiable information, internal FOX emails, usernames and more. In the data, there were several references to Comcast Technology Solutions. Comcast has confirmed that they did not manage this dataset and that it likely belonged to a customer that was using their services.

Kevin Novak, Managing Director, Breakwater Solutions:

“Over the course of the past couple of years, as companies have struggled to adapt to a new operating paradigm in the face of a global pandemic, there has been a mass migration of processes and information from captive, in-house data centers to public cloud centric service providers such as Google Cloud, Microsoft Azure, and Amazon Web Services.  The ease by which services can be deployed has created a false sense of security, and as many are learning, this is starting to materialize into a significant wave of improper data disclosures (breaches) and cybercrime compromises.”

“While in-house, captive data centers are certainly not immune to accidental misconfigurations (particularly as it pertains to things like leaving remote access portals accessible through the firewall), these environments have been around much longer, and the hardening of these environments tends to be slightly more well-understood.” 

“Whether hosting information in captive data centers or public-cloud ones, enterprises need to be mindful to enforce mature, tested security controls and governance protocols, lest they find themselves the subject of tomorrow’s big headline.”

Companies have to take care to make sure that their data always stays in their control. Otherwise bad things will happen. At the very least it’s bad press. At worst, it’s going to be a serious data breach with serious consequences. Neither of those is a good thing.

Leave a comment »