Archive for November 14, 2022

Elon Musk Just Killed Twitter’s SMS Based 2FA…. WHAT WAS HE THINKING??? [UPDATE: Working For Some Again]

Posted in Commentary with tags on November 14, 2022 by itnerd

I don’t get it. I’ll just put that out there right out of the gate. I say that because a reader pointed me towards this Tweet:

With Twitter SMS 2FA turned off, this service will not function. As in you will be locked out of your Twitter account and you will not be able to log back in if you log out. That’s because Musk clearly decided to kill whatever back end service or services send out the code to your phone via SMS.

Now if you use other forms of 2FA for Twitter, for example you use Microsoft Authenticator to generate a code to log into Twitter, you’re fine. But for those who use strictly SMS for 2FA, and that would be a lot of people I suspect, could be in deep trouble unless they immediately do the following via Twitter’s web interface:

  • Go to Settings & Support Settings and privacy and then go to Security and account access.
  • Go to the Security section.
  • Under Two-factor authentication, click the two-factor authentication link.
  • Make sure the Text message toggle is OFF.
  • For your security, use one of the other methods which are Authentication App or a Security Key. Or if you feel lucky, don’t use another method of 2FA.

More instructions can be found here. Just ignore anything that refers to SMS or text messaging. Seeing as it’s broken at the moment.

Now to be fair to Musk as I have to look at this from both sides of the fence, SMS based 2FA is weak and exploitable. Thus killing it is a good idea. But to do it with zero warning to users is just plain stupid. That of course assumes that he killed it based on this Tweet.

Now he might not have had a clue what this did, and now by turning whatever back end service supports Twitter SMS 2FA, he’s screwed over a ton of Twitter users in the process.

But the other possibility is that Twitter 2FA broken and there is nobody left who can fix it. Which effectively is the same thing as he turned it off because he laid off half the staff, and those with the knowledge to fix stuff at Twitter are likely not returning his phone calls. Either way, Musk is proving that he’s way out of his league with Twitter. And Twitter users will suffer as a result.

Just another day in Musk run Twitter I guess.

UPDATE: It looks like this service is slowly coming back up. Over the past hour, there have been reports on Twitter that users who were unable to use SMS 2FA can now use it again. But I am not sure that I would trust it as Musk may just break it again.

Ukrainian CERT Discloses New Wiper Malware

Posted in Commentary with tags on November 14, 2022 by itnerd

The Ukrainian Computer Emergency Response Team (CERT) has issued a statement on a new attack campaign by suspected Russian threat actors which are compromised victims’ VPN accounts to access and encrypt networked resources. More details are available here:

Initial compromise is achieved by tricking victims into downloading “Advanced IP Scanner” software which actually contains Vidar malware. CERTU-UA believes this was achieved by initial access brokers (IABs) working for the Russians.

“It should be noted that the Vidar stealer, among other things, steals Telegram session data, which, in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim’s account,” the statement continued.

“As it turned out, the victim’s Telegram was used to transfer VPN connection configuration files (including certificates and authentication data) to users. Given the lack of two-factor authentication when establishing a VPN connection, attackers were able to gain an unauthorized connection to the corporate network.”

Once inside, attackers conducted reconnaissance work using the Netscan tool and then launched Cobalt Strike Beacon, exfiltrating data using the Rclone program. There are also signs of the threat actors using Anydesk and Ngrok at this stage.

It’s unclear how widespread the campaign was, although “several” Ukrainian organizations are thought to have been impacted since spring 2022.

Most pointedly, CERT-UA confirmed that the end goal is not to generate profits from a ransom but to destroy victim environments.

Dr. Darren Williams, CEO and Founder, BlackFog had this comment:

“This is another great example of a clever phishing technique to disguise the attack vector inside another application. These are very difficult to detect with existing solutions because of the mechanism of action that steals VPN session information to ultimately exfiltrate data from the device. VPN’s have been routinely targeted in the past because they contain a treasure trove of valuable data for extortion and a centralized repository of data from the victim and the organization. Once the attacker has gained access it is very easy to spread laterally within the organization. This emphasizes why companies need to not only provide defense strategies but also proactive ones that protect an organization and its devices from unauthorized data exfiltration.”

This is clearly an attack meant to hurt Ukraine. Hopefully they are doing their best to make sure that attacks like this are not successful going forward. I say that because while they are winning on the the battlefield, the battlefield has changed to being cyberspace. And for the rest of us, I would say that 2FA for your VPN connections is a must to stop this sort of thing from happening to you.

Elon Musk Kills ‘Twitter for iPhone’ Label…. While He Does A Massive Ad Buy On Twitfer For SpaceX

Posted in Commentary with tags on November 14, 2022 by itnerd

Over the years on Twitter you might have seen some infamous Twitter fails where someone who’s working for smartphone company not named Apple, or shilling for said smartphone company not named Apple has Tweeted from an iPhone. Take this example caught by YouTuber MKBHD of Huawei doing all sorts of things from iPhones. Stuff like that is funny to see, but those days are apparently over as Elon Musk has put an end to this:

I’m just spitballing here. But maybe he’s doing this to make Twitter a bit more advertiser friendly? As in he’s taken away the ability for smartphone companies to shoot themselves in the foot? Or maybe he’s doing this as a distraction from the world watching him act like an 8 year old by pushing every button in Twitter HQ to see what happens with disastrous results? Who knows? But it is a curious move because given how messed up Twitter is at present, you’d think he’d have bigger issues to deal with.

Speaking of bigger issues. One of those issues is the fact that advertisers have been recommended by ad agencies to pause advertising on the platform. That directly affects Musk’s bottom line as Twitter relies heavily on advertising revenue. This makes this CNBC story curious. Which is that SpaceX has done a massive ad buy for the Starlink Internet service:

The campaign will promote the SpaceX-owned and -operated satellite internet service called Starlink on Twitter in Spain and Australia, according to internal records from the social media business viewed by CNBC.

The ad campaign SpaceX is buying to promote Starlink is called a Twitter “takeover.” When a company buys one of these packages, they typically spend upwards of $250,000 to put their brand on top of the main Twitter timeline for a full day, according to one current and one former Twitter employee who asked to remain unnamed because they were not authorized to speak on behalf of the company.

Users should see Starlink brand messaging for the first three times that they open the Twitter app on the day or days of the planned takeover campaign in Australia and in Spain. The campaign, which was purchased in the last week, was slated to run in coming days first in Australia then in Spain.

SpaceX has not typically purchased large advertising packages from Twitter, the current and former employees said.

Hours after this story was first published, Musk wrote in a tweet: “SpaceX Starlink bought a tiny – not large – ad package to test effectiveness of Twitter advertising in Australia & Spain. Did same for FB/Insta/Google.”

According to internal documents viewed by CNBC, SpaceX has spent more than $160,000 on the Twitter ad campaign for Starlink in Australia and Spain so far.

Am I the only one that thinks that this is a little “sus“? The Internet of course found this where Musk says he doesn’t buy adversting:

And based on this Tweet, he has an iPhone. But that’s besides the point. What is relevant to this story is the fact that he now says this when called out for being a hypocrite:

I’m sure if that’s true, he can show proof of his ad purchases on Facebook, Instagram, and Google. But my thinking is that it’s not going to happen as it’s not true. But Musk is free to prove yours truly and the rest of the Internet wrong at any time. My thinking is that he’s doing this as part of a larger plan to entice advertisers back onto the platform. It will be interesting to see if this ad buy, regardless has any effect on that. My thinking is that it won’t as the problem that advertisers have with Twitter is Elon Musk.

Marketcircle Makes Daylite’s Opportunities Board Tools Accessible for Users on the Go, Now Available on iPhone and iPad

Posted in Commentary with tags on November 14, 2022 by itnerd

Marketcircle, makers of Daylite, the CRM and productivity business app built exclusively for the Apple platform that empowers small businesses to handle more clients, close more deals, execute more projects and boost team collaboration, is excited to announce its popular Opportunities Board is now available on iOS and iPadOS. 

This enhanced mobile tool brings all of Opportunities Board’s features to iPhone and iPad. It has the same functionality as the desktop version and is ideal for on-the-go or hybrid workers.

The Opportunities Board provides a unified view of every step of the sales pipeline so all team members can visually track, organize and prioritize business opportunities to generate more revenue by shortening the sales cycle and winning more deals.

Increased transparency with the Opportunities Board allows sales teams to spend more time selling and less time in time-consuming status update meetings. Daylite visually tracks the status of opportunities across whole teams, so bottlenecks are identified, and productivity and results are boosted with optimal team collaboration.

For more information about the Daylite Opportunities Board visit: https://marketcircle.blog/daylite-opportunities-board-ipad-iphone/

Beyond the exciting Opportunities Board enhancements, Daylite is now fully optimized and compatible with Apple’s latest operating system macOS 13 Ventura. Daylite users can now take advantage of all the benefits of the newest macOS while enjoying the productivity, collaboration and CRM mastery of Daylite.     

Daylite is available on the Mac App Store, making it easy to download Daylite on the App Store across iOS, iPadOS and macOS devices. Download Daylite on the App Store today.

Elon Musk Fact Checked By Former Twitter Employees…. How Embarrassing For Him

Posted in Commentary with tags on November 14, 2022 by itnerd

It is bad enough for Elon Musk that he has turned Twitter into a train wreck next to a dumpster fire. But you know things are really bad when his own former employees fact check him. Let me give you two examples where Musk has been posted tweets intended to indicate financial or technical inefficiencies at the company which need to be fixed. And former staff calling him on it.

On Saturday, Musk put out this Tweet:

Cue the blowback:

Ouch. But it gets worse. Musk then reacted to someone calling him out for forcing employees to pay for lunch which breaks a long standing Twitter tradition:

Cue the blowback:

What’s worse is if you look at these Tweets, he then gets into public pi$$ing contests with these people. That makes no sense and it’s almost as if Musk is just making stuff up to justify what he’s done. And is then trying to defend that tenuous position when he gets called on it. Which isn’t a good look if you are Elon Musk. I think it’s proof that Musk is in over his head and is just saying and doing anything to make his issues with Twitter go away.

If I were Musk, I would stop getting into public fights with these people, I would stop putting stuff like this out there, and I would either focus on making Twitter a place where people want to spend their time and advertisers want to spend money. Right now he’s not doing that and Twitter is further descending into hellscape territory.

US Army Among Others Uses Code From Russian Company That’s Pretending To Be An American Company In Their Apps

Posted in Commentary with tags on November 14, 2022 by itnerd

When people create apps, it’s not at all unusual for the developer to use code from someone else. After all, why reinvent the wheel if someone has done the hard work for you?

Well, maybe that practice should be rethought. I say that because it now turns out a Russian company who were pretending to be an American company has had its code show up in thousands of apps. Including an app used by the US Army. Reuters has the details:

Thousands of smartphone applications in Apple and Google’s online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found.

The Centers for Disease Control and Prevention (CDC), the United States’ main agency for fighting major health threats, said it had been deceived into believing Pushwoosh was based in the U.S. capital. After learning about its Russian roots from Reuters, it removed Pushwoosh software from seven public-facing apps, citing security concerns.

The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns. That app was used by soldiers at one of the country’s main combat training bases.

According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.

On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company, based at various times in California, Maryland and Washington, D.C., Reuters found.

Now the question is this: Is this company trying to simply evade sanctions against Russia to stay in business. Or are they collecting data from these apps and handing it over the the Russian government. The company says it didn’t hide the fact that it is Russian, though I question that based on the Reuters story. And one could argue that it really doesn’t matter as the Russian government could knock on their door asking for whatever data they had, and the company could hand it over.

I think that the take home message is as follows. If you as a developer plan to use someone else’s code in your apps, you should make sure that it’s from a trustworthy source. Clearly a lot of developers didn’t in this case. And now it’s an issue.

Pinterest TV Expands To Canada

Posted in Commentary with tags on November 14, 2022 by itnerd

Following the launch of Pinterest TV in the US last year, Pinterest TV is now expanding into Canada with a focus on shopping inspiration for the holidays. Pinterest TV is a new feature created to unlock live original video for creators and merchants. 

Pinterest is kicking-off ‘Shop the Holidays on Pinterest TV’ with 10 hours of daily programming running from November 15-18th in Canada and the US. Over sixty brands and four major North American publishers are taking part in the series, which will include over 40 hours of shoppable content. Proving that even holiday shopping is different on Pinterest, Pinners will also benefit from mindful meditation breaks, shopping tips and tricks, and exclusive access to product drops and deals in time for inspiring holiday shopping.

Pinterest TV episodes will be hosted by a combination of publishers, Pinterest Key Opinion Sellers, Canadian and global brands. Each day will focus on a different category so shoppers in North America can find the gifts they’re looking for, while also delighting in discovering something new.

‘Shop the Holidays’ Program Schedule

November 15th – Food and Festivities

Dig into the first day of shoppable fun with The Bay, Fable, Apartment Therapy and a six-hour stream in collaboration with Tastemade, featuring beloved cuisine creators and deals on indie food brands.

November 16th – Home and Decor

Deck the halls with Red Land Cotton, exclusive holiday wreath ideas and a three-hour evening takeover with Wayfair, featuring deals and curated design tips from Pinterest’s own Live Shopping hosts. 

November 17th – Beauty and Fashion

Shop Nudestix, Jenny Bird, Theraface and more with an extra-special gifting curation from the editors at Allure Magazine. 

November 18th – Gift Guides

Finding the ideal gift for everyone will be easy this year. Tune in to shop from indie Canadian brands like LOHN candles, The Silk Labs, alongside Canadian retailer The Bay, and find curated ideas from editors at The Kit and Glamour. 

Pinterest is a destination for people to watch, shop and try inspiring ideas in categories including food, beauty, home, and DIY. Through recent advancements with shopping and creator features, Pinners are engaging in more immersive formats and actionable entertainment than ever before. Since launching Pinterest TV in the US last year, there have been over 2 million minutes of livestream watchtime and over 900 creators and brands have gone live. 

Simply click here, or tap the TV icon in the upper left corner of the Pinterest App to view episodes, interact with hosts, ask questions via chat, and shop products you like, live. 

Shopping Pinterest TV 

On Pinterest TV, brands and creators can showcase and tag products so Pinners can shop and purchase on the retailer’s site. Hosts will have a shopping toolbox to enable live shopping experiences including a product drawer with prices and product details, product drops and brand collaborations and a limited-time-offer module to offer discounts. 

Tastemade, a global partner of Pinterest, will kick off their inaugural Canadian programming during ‘Shop the Holidays on Pinterest TV’. Tastemade will be hosting programming dedicated to food and home days, to help Pinners get ready ahead of holiday hosting season. 

More on Pinterest TV

  • Fresh, live inspiration. Pinterest TV is a new way to discover fresh inspiration through live video from diverse Pinterest creators.
  • Inspiration for your life. Each weekday, Pinterest TV will bring you a fresh episode focused on a different category: food, home, fashion, beauty, and more.
  • Shop exclusive deals. Every Friday, a new brand will host an exclusive product drop. Show up live to see the big reveal and bag special discounts.
  • Watch live, revisit later. Check out our shows live for a chance to interact with creators and snag exclusive deals. Pinterest TV recordings will also be available after airing, so you can check out shows you missed or revisit any of your favorite episodes. To stay in the know on upcoming live sessions, tap “Remind me.
  • Shop anytime. Following each live Pinterest TV episode, brands will create Shoppable Boards with the products highlighted in the episode to make shopping and browsing easier than ever.

Not A Good Look For Apple: Analytics Data Sent From iPhones With Or Without Your Consent… And A Lawsuit Has Been Filed

Posted in Commentary with tags on November 14, 2022 by itnerd

Many people, yours truly included use iPhones because we want our data to remain private. Well that appears that it isn’t the case. A security researcher named Tommy Mysk has discovered that regardless of whether you allowed your iPhone to send analytics data to Apple or not, iPhones and specifically Apple apps were sending that data anyway. Gizmodo broke this news over the weekend and their story is very much worth reading as it goes deep into the weeds about this. But the bottom line is that it blows up Apple’s privacy argument in epic fashion.

Gizmodo also reports that a class action lawsuit has been filed in California. Which is understandable because Apple trades on the privacy mantra and it appears that it doesn’t actually follow through on that. Now Apple hasn’t commented on this, but this has got to be a 9-1-1 event for the company. I would not at all be surprised if a bunch of software updates come out in the next couple of weeks or so to address everything that has been discovered. Then I would not at all be surprised if Apple makes some comment to suggest it was an oversight and there’s nothing to see here. Finally I fully expect that Apple’s iLawyers will try to get this lawsuit to go away as quickly as possible. Because Apple as a company that is under a lot of scrutiny from a variety of sources. Thus is is a problem that they do not need right now.

This is not a good look at all for Apple.

Intuit’s Third Annual Prosperity Accelerator Aims to Spur Growth for Greater Toronto Area Fintechs

Posted in Commentary with tags on November 14, 2022 by itnerd

Intuit announced today the launch of its third annual Intuit Prosperity Accelerator in collaboration with Highline Beta, a globally recognized accelerator builder-operator and venture capital firm focused on corporate innovation.

The Intuit Prosperity Accelerator: Toronto, powered by Highline Beta, is an equity-free, challenge-based program focused on advancing financial prosperity. The four-month program is designed to accelerate the growth, impact, and fundability of high-potential Greater Toronto Area (GTA) tech startups whose mission is to improve the financial prosperity of Canadian consumers and small businesses. Selected startups will have access to a corporate and investor mentorship network, dedicated coaching, and the opportunity for follow-on investment from Highline Beta.

Today’s tech startups are facing uncertainty due to the possibility of a recession, high inflation, and an ongoing labour shortage. Further, startup funding in Canada for financial technology companies in the second quarter of 2022 saw a dramatic 70% drop compared to the previous year, highlighting the need for startup accelerator programs such as the Intuit Prosperity Accelerator.

Over the past two years, Intuit has worked with 15 startup participants in its Prosperity Accelerator program to help overcome such challenges by running design experiments, validating use cases, and helping position them to raise over $24 million CAD.

Toronto is now accepting applications until January 13, 2023. Six to eight startups will be selected, with the program kicking off in February 2023. Startups wishing to join must have a solution in market that fits into at least one of the program’s challenge areas:

Help consumers with:

  • Rising mortgage and rent costs
  • Managing savings and investments
  • Empowering income stability and mitigating debt

Help small businesses and self-employed individuals with:

  • Juggling the management of multiple businesses
  • Rising cost of goods sold
  • Attracting and retaining labour

For more information on eligibility requirements and to apply, visit: https://www.intuit.com/ca/prosperity-accelerator.

About the Program:

The Intuit Prosperity Accelerator: Toronto powered by Highline Beta is an equity-free challenged-based program focused on advancing financial prosperity. Selected startups will come from Toronto’s burgeoning tech ecosystem and have access to a corporate and investor mentorship network, dedicated coaching, and the opportunity for follow-on investment from Highline Beta. It will also provide exclusive access to experts, business mentors, and a vibrant alumni startup community. New this year, applicants will benefit from regular virtual and in-person programming.

The Intuit Prosperity Accelerator is now accepting applications until January 13, 2023. Six to eight startups will be selected, with the program kicking off in February 2023. Applicants must be from high-potential seed-stage tech startups located in the Greater Toronto Area who have technology-driven solutions with products in market. Applications from pre-seed or later-stage companies will also be considered based on alignment with program challenges.

Guest Post: Generation X in China is the wariest of wearable technology due to data privacy concerns

Posted in Commentary with tags on November 14, 2022 by itnerd

Wearable electronics are becoming increasingly popular worldwide, including in China, where around 78% of the population own a smartwatch, a fitness tracker, or both. However, as such devices have access to a vast amount of sensitive data, like users’ health information, privacy and security concerns arise.

According to the data presented by the Atlas VPN team, based on the Rakuten Insight online survey, people born in Generation X (those born between the mid-1960-s and early 1980-s) are the most skeptical of wearable technology in China due to concerns over their personal data safety and privacy when stored by such devices.

In total, 27% of 45 to 54-year-olds in China who do not own any wearables indicated worry about their data safety and privacy as one of the reasons against purchasing one, while the same is true for 22% of people aged 55 and more. 

The younger generations are less bothered about wearable electronics’ privacy and safety implications. Nevertheless, nearly a fifth (19%) of Millennial survey respondents aged 25 to 44 stated safety and privacy concerns among the top deterrents to using wearables. In the meantime, 10% of respondents belonging to Generation Z (ages 16 to 24) do not use wearables for this reason.

Overall, 15% of survey participants indicated they would not buy wearable electronics in China due to data privacy and safety concerns. Males are more likely to distrust wearable devices due to such concerns (17%) than females (14%).

All in all, wearable technologies can be highly convenient, helping users evaluate their sleep quality, fitness levels, and overall health, among other things. However, to do so, wearable electronics collect a wide range of sensitive information, including users’ heart rate, blood pressure, sleep patterns, and GPS location, essentially enabling surveillance of individuals and their behaviors. When such information is stored, there is always a risk it can end up in the wrong hands or be misused. 

To read the full article, head over to:

https://atlasvpn.com/blog/generation-x-in-china-is-the-wariest-of-wearable-technology-due-to-data-privacy-concerns