Archive for November 17, 2022

Elon Musk Shows That He’s Played Himself As Mass Resignations Wash Over Twitter

Posted in Commentary with tags on November 17, 2022 by itnerd

Fun fact: I actually wrote this story at 5:30 PM today. But I sat on it even though I was already getting news of what was happening. The reason for that is that I wanted to see how Elon Musk would respond to the news that many outlets including CNBC are reporting. But as far as I can tell, he hasn’t responded. But before I pressed the publish button just after 7PM tonight, a lot did happen. Let’s start from the beginning…

Remember the demand by Elon that the 3000 or so employees that are left at Twitter had to make? As in join Twitter 2.0 and be “hardcore” or resign. It appears that employees are choosing the latter in huge numbers:

Internal Slack messages shared with CNBC showed engineers and other employees posting goodbye messages to a “watercooler” chat group in the run up to 5 p.m. ET Thursday deadline that Musk set just a day earlier. 

Hundreds of salute emojis (which convey the message “thank you for your service”) streamed by, along with dozens of goodbye messages.

Three Twitter employees who spoke with CNBC asked to remain nameless, citing fear of professional retaliation. All three were planning to resign on Thursday. It was not clear exactly how many Twitter employees resigned. 

“The train has started in #social-watercooler” one of the employees said, referring to a Slack room where Twitter employees have used in recent weeks to notify others that they are leaving.

CNN backs up the CNBC report:

Another employee exodus appears to be underway at Twitter as many workers rejected Elon Musk’s ultimatum to work “extremely hardcore,” choosing instead to depart the company, according to multiple current and former employees.

As the deadline approached for Twitter employees to respond to Elon Musk’s ultimatum to commit to working in an “extremely hardcore” fashion at the company or leave, some employees appeared to publicly indicate they had chosen the latter option. On Thursday afternoon, Twitter staffers began posting the salute emoji, which has become a signal that someone is exiting the company. One Twitter employee said in a tweet that deciding to join the company was “one of the easiest decisions ever made. Deciding to leave today was 100% the opposite.”

Meanwhile, an internal Slack channel at the company was filled with employees posting the salute emoji after the 5pm ET deadline, indicating they had chosen not to sign Musk’s pledge and depart the company, employees told CNN.

And:

Two Twitter employees told CNN ahead of the deadline on Thursday that they planned to reject the ultimatum, citing a toxic work environment they say the billionaire has introduced. Another Twitter employee told CNN Wednesday they were still weighing the decision, saying the email from Musk “felt like a punch in the gut because no matter how you felt about wanting to stay or wanting to go, you were forced to make a decision and feel like you’re up against the time clock to make the best decision for you and your family.”

This clearly caught Musk and his lackeys off guard as they clearly thought that people would just buy in even if they didn’t want to. Well, they called that one wrong. And now that a lot of people are leaving, and clearly those people know how Twitter works because Musk doesn’t know how Twitter works, Musk is freaking out. Thus Musk then did this:

Later on Thursday, amid an apparent scramble by management to avoid losing too many workers to the ultimatum, Musk sent an email to staff attempting to clarify his position on remote work, according to text of the email obtained by CNN from a Twitter employee who asked not to be identified. 

“Regarding remote work, all that is required for approval is that your manager takes responsibility for ensuring that you are making an excellent contribution,” Musk said in the email, adding that workers would be expected to attend in-person meetings no less than once a month. 

Twenty minutes later, Musk sent a follow up email saying: “At risk of stating the obvious, any manager who falsely claims that someone reporting to them is doing excellent work or that a given role is essential, whether remote or not, will be exited from the company.”

At this point, Musk has nothing left to convince people that Twitter is a good place to work at. He’s burned pretty much every bridge by his erratic behaviour with no path to recover from this. I am pretty sure that we will now see Twitter enter a death spiral where the site becomes pretty unstable. Much as I predicted yesterday:

And as bad as this is. And folks, this is very very VERY bad. It gets even worse. If that’s even possible:

But wait… Isn’t Elon the one sabotaging the company? Of course he doesn’t see it that way. But the fact that he’s locked people out of their offices is just insane. There’s no other way to put it. And for the record, I have never seen this sort of situation happen before in the over quarter century that I’ve been in the tech space.

In any case, there is one person to blame for this whole situation. And that person is Elon Musk. Unless there’s a dramatic turnaround, he’s putting the final nails in Twitter’s coffin.

Congratulations Elon, you played yourself.

Elon’s Latest Twitter Blue Brainwave Is New Twitter Accounts Can’t Subscribe To Twitter Blue For 90 Days

Posted in Commentary with tags on November 17, 2022 by itnerd

Clearly Elon Musk is desperate for Twitter Blue to generate some income for Twitter seeing as advertisers are fleeing the platform. According to The Verge, here’s his latest idea:

Twitter won’t let accounts less than 90 days old sign up for its Blue subscription service when it relaunches (presumably on the 29th), according to an update to the About Twitter Blue page. This means that you won’t be able to just create a new account and instantly get it verified, which could be a bid to cut down on scams and impersonator accounts like the ones that almost immediately plagued the service the first time the updated Blue launched.

The old program didn’t have a set waiting period, according to an archive of the page provided by the Wayback Machine, but it did have a warning that “Twitter accounts created on or after November 9, 2022, will be unable to subscribe to Twitter Blue at this time.” While that restriction clearly wasn’t going to stick around forever, it is interesting that it’s being replaced with a specific number; in theory, people could stockpile troll accounts, knowing that they’ll be able to get them verified come March.

Yeah. So what this does is move the next occurrence of this problem to March of next year. It however doesn’t actually solve the problem. Which is anyone can get a blue checkmark. Though Musk thinks he has a way around that:

Twitter will have some policies in place to try and mitigate this; CEO Elon Musk has said that changing your verified name will make you lose your check mark until Twitter confirms your new name doesn’t violate its terms of service. (Musk has also said that if you want to create a parody account, you have to say it’s a parody in the name.) The new Twitter Blue page also says that the company “may also impose waiting periods for new accounts in the future in our discretion without notice,” which does add some ambiguity back to the rules around how you can get a blue check mark.

While those restrictions should keep people from getting verified and changing their name to match whoever is trending that day, we’ve seen a lot of impersonators go after evergreen targets instead, sometimes to great effect. It’s also unclear if the system has any way to deal with someone who changes their name and handle after 90 days but before signing up for Twitter Blue or how it will adjust as the internet’s pranksters worm their way around other new restrictions, $7.99 at a time.

At this point he’s grasping at straws. The only reason why he isn’t really addressing the problem is that he’s gambling that nothing bad will happen and he can maximize the amount of cash that he can make from people who want to “flex” by having the blue checkmark next to their name. The problem is that bad things have already happened. And people who want to do everything from pranking big companies to threat actors wanting to do anything from spread misinformation to messing with elections won’t be deterred by any of this. And it absolutely won’t get advertisers back onto the platform. Though I don’t think Musk cares about that. I think at this point he’s looking for a quick win. And any quick win will do given how badly he’s failed at running Twitter.

Huawei Announces Holiday Deals

Posted in Commentary with tags on November 17, 2022 by itnerd

Just in time for holiday shopping, Huawei Canada is introducing limited-time Black Friday and Cyber Monday deals on its most popular devices. Beginning November 18 until December 1, Canadian tech lovers can take advantage of the best of technology, luxury and innovation with these incredible deals.

Smartwatches

The unforgettable HUAWEI Watch GT 3 Pro Ceramic smartwatch marries the best of luxury watch design and technology. The sapphire glass and a ceramic body house all the advanced features of a Huawei smartwatch including cycle tracking, a battery life up to 14 days, personalized to the user with hundreds of customizable watch faces and health tracking, beautifully keeping up with your lifestyle. Perfect for the person in your life who appreciates both fashion and function, the Watch GT 3 Pro Ceramic is now $698.99 ($100 savings). 

The sophisticated HUAWEI Watch GT 3 Elite smartwatch, available in 46mm, is a powerful, modern smartwatch. With over 100 sport modes, this smartwatch will help you achieve your desired fitness goals through the AI trainer. The 3D curved glass, high-gloss finish and refined strap come together to create the perfect accessory for every occasion and the 14-day battery life means you’ll never have to slow down. Now $298.99 ($130 savings). 

Laptops

The sleek and powerful  HUAWEI MateBook 14 has a 14-inch screen, 3:2 aspect ratio and runs on 11th Gen Intel® Core™ i7-1165G7 Processor. The modern body, thanks to the dark grey aluminum frame, is designed for on-the-go while never slowing you down. This is the perfect laptop for the person always working from away and is now $500 off ($1,198.99). 

The HUAWEI MateBook D15, boasts a 15.6 inch screen, USB-A and USB-C ports, housed in an ultra-light body and is powered by 10th generation Intel® Core™ i5-10210U processor designed to accelerate and enhance performance. Level-up your performance, the 16.9mm thin, 1.53kg computer offers a speedy and satisfying notebook performance. Now $898.99 ($200 savings). 

Monitors

The immersive HUAWEI MateView GT 34 gaming monitor brings new levels to your gaming by enveloping your senses. The stunning visuals powered by HDR10 technology, with a 3440 x 1440 pixel resolution, and SoundBard dual speaker with built-in smart dual-mic system will help any gamer level up. Now $598.99 ($150 savings). 

The HUAWEI MateView 4K display with real-to-life colour delivers striking visuals on a 28.2-inch screen while the intuitive Smart Bar keeps everything at your fingertips. Powerfully integrating minimalist design with state-of-the-art technology, the monitor adapts beautifully to any workspace – perfect for updating your home office. Now $748.99 ($150 savings).

Headphones

The powerful HUAWEI FreeBuds Pro 2, co-engineered with Devialet, earbuds offer high end style and high end sound. Constantly bringing optimal sound to the user, the earbuds never let your surroundings get in the way of your music, calls or streaming by using a bone conduction microphone and smart technology to filter out daily noise for up to 30 hours (with case charging). With a long battery life and sleek design, the earbuds are perfect for the person always listening. $228.99 ($40 savings). 

The small but mighty  HUAWEI FreeBuds 4i earbuds fit cozily in your ears for long periods of comfortable listening, up to 22 hours (with case charging). Using sensors, the earbuds detect and reduce ambient noise automatically so the wearer is never interrupted. The perfect earbuds for sensitive ears. Now $88.99 ($50 savings) 

The deals will be available at Best Buy, Costco, Canada Computers and more, as well as the Huawei Amazon storefront. 

For more details, refer to the schedule below or visit our website. Offers are available while quantities last at selected carriers and retailers. Offers can change without prior notice and are subject to retailers’ SKU setup and terms and conditions.

ProductSale PeriodOriginalPromoSave
HUAWEI Watch GT 3 Pro CeramicNov 18 – Dec 1$798.99$698.99$100.00
HUAWEI Watch GT 3 EliteNov 18 – Dec 1$428.99$298.99$130.00
HUAWEI FreeBuds Pro 2 Nov 18 – Dec 1$268.99$228.99$40.00
HUAWEI FreeBuds 4iNov 18 – Dec 1$138.99$88.99$50.00
HUAWEI MateViewNov 18 – Dec 1$898.99$748.99$150.00
HUAWEI MateView GT 34Nov 18 – Dec 1$748.99$598.99$150.00
HUAWEI MateBook 14Nov 18 – Dec 1$1,698.99$1,198.99$500.00
HUAWEI MateBook D15Nov 4 – Dec 1$1,098.99$898.99$200.00

Security Expert Says To Delete Your Twitter DM’s NOW Because Elon Musk Doesn’t Have The Ability To Stop Twitter From Getting Pwned

Posted in Commentary with tags on November 17, 2022 by itnerd

Yesterday, I made this comment on Twitter based on Elon Musk wanting only “hardcore” employees working for him:

It now seems that I might have been right. Graham Cluley is an independent security analyst who has previously worked for Sophos and other security firms. What he says on his blog is kind of scary:

Because although most of what I do on Twitter is public, I have also had plenty private direct message (DM) conversations in the almost 15 years I’ve been a user on the site.

I can’t remember everything I’ve said in those conversations, or what people may have said back to me.

If Twitter is careless enough to break how 2FA works for some of its users a few days ago, what mistake might they make next? If Twitter’s security experts have either been fired, have quit, or – presumably – are wondering where they should go next, then just how safe is my data on Twitter?

It may be a remote possibility that Twitter will have a monumental security screw-up or suffer a hack that it simply doesn’t have the expertise to protect against, but it is a possibility. And it’s a possibility that seems more probable today than before Elon Musk bought the company.

There’s not anything I can do to make a chaotic Twitter safer. But I can reduce the potential risk to me, by deleting my DMs.

That’s right. He’s deleting his DM’s. And he recommends that the person on the other end of the conversation do the same. Now Cluely is a guy I follow, and if he says something or does something, it’s probably in your best interest to do it as well. And seeing as I’m kind of in the same boat that he is in, which is that some of what I do on Twitter is public, but I get a whole lot of tips via DMs. That means that on my to do list this weekend is to delete all my DM’s. Though he does point this out:

PS. You know what’s really galling? Erasing your Twitter DMs doesn’t actually stop Twitter from keeping a copy of your private messages unbeknownst to you, even if you one day completely close your account.

Yeah. That sucks. But any step that I can take to protect myself or my sources is a good one.

The fact is that Elon has no way of protecting Twitter from being pwned seeing as he’s fired the people who can protect Twitter from getting pwned. Assuming that the few that are left don’t get fed up with working for a moron with delusions of grandeur and quit. Which means that it’s up to you to protect yourself so that nothing bad happens to you because Elon has no clue how to do that.

Fortra Names Matthew Schoenfeld President  

Posted in Commentary with tags on November 17, 2022 by itnerd

Fortra announced today that it welcomes Matthew Schoenfeld to the organization as its new president. A software industry veteran with more than a decade of experience in cybersecurity, Schoenfeld has a proven record as a dynamic, purposeful leader. He has a strong history of growing sales and revenue while helping customers solve challenges through a collaborative approach, a Fortra hallmark. Current president Jim Cassens will continue to support the business as an executive director.  

Schoenfeld joins Fortra from Absolute Software, where he was EVP and chief revenue officer overseeing global sales, channel partnerships, and the customer experience. He has an impressive background in the technology and cybersecurity space developed over more than two decades, which included his tenure as executive in residence at Greylock Partners, senior vice president of the Americas and partner channel at FireEye and as an advisory board member for Abnormal Security.  

Cassens will continue to play a crucial role in the next phase of the company’s strategy as an advisor to Matthew and the entire executive team. Cassens joined the organization in 2001. Over the next two decades, he influenced the direction of the business through numerous executive roles, most recently as president leading the sales organization. As executive vice president of mergers and acquisitions, he led the company toward its historic growth on a global scale. Cassens also served as president of the cross-platform business units, chief technical officer, and vice president of international sales.  

Fortra is a cybersecurity company like no other. They’re creating a simpler, stronger future for their customers. Their trusted experts and portfolio of integrated, scalable solutions bring balance and control to organizations around the world. They’re the positive changemakers and your relentless ally to provide peace of mind through every step of your cybersecurity journey. Learn more at fortra.com.       

Iranian APT Pwns FCEB Using Log4Shell

Posted in Commentary with tags on November 17, 2022 by itnerd

The CISA and the FBI yesterday released a joint advisory warning on an unnamed Iranian Government-Sponsored APT which breached the Federal Civilian Executive Branch (FCEB) organization to deploy XMRig crypto mining malware. This was done by compromising the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell remote code execution vulnerability.

Yaron Kassner, CTO and Co-Founder, Silverfort had this to say:

     “The alert from CISA is evidence of the unfortunate legacy we were warned to expect from Log4Shell at the time of its discovery. It is a gift to state actors and access brokers and this attack is proof of the impact critical vulnerabilities such as this can have when left unpatched .“As we see here, once a toehold is gained – attackers are then able to simply pick up administrator credentials and use them to move laterally, before eventually compromising the entire domain.”

“This emphasizes the need for MFA inside the network, which was clearly missing here. Hopefully, crypto-mining was the sole outcome of this attack and not more than that.”

The take home message is that if you haven’t got your exposure to the Log4Shell vulnerability under control, you will get pwned. Thus you should get about making sure that you’re not the next victim of some threat actor taking advantage of Log4Shell.

Canadian Cybersecurity Network and Protexxa Partner To Grow The Talent Pipeline

Posted in Commentary with tags , on November 17, 2022 by itnerd

Canadian Cybersecurity Network and Protexxa have partnered to raise cybersecurity awareness and grow the talent pipeline in Canada. 

Protexxa will host and participate in events extended to the Canadian Cybersecurity Network, which has grown to 15,000 members. The collaboration will seek out opportunities to engage more people from less traditional segments, such as individuals from rural and underrepresented communities, youth, and those in related industries considering mid-career pivots.

Protexxa specializes in training and cyber consulting services offering a unique SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues. The Canadian Cybersecurity Network is Canada’s largest, most inclusive network of cybersecurity professionals, providing an engaging, empowering, and inclusive environment for cybersecurity talent and businesses. 

One of the key foundation blocks of the Canadian Cybersecurity Network is to support the growth and success of Canadian companies. Small and medium-size businesses (SMBs) are the lifeblood of the economy. These companies rarely have the resources to attract, retain and compensate top talent from Canada’s front line to deal with existing and new cyber threats. The Canadian Cybersecurity Network will soon be rolling out an SMB package to help.

For more information visit protexxa.com and canadiancybersecuritynetwork.com

Uber Audio Recording Feature Coming To Calgary

Posted in Commentary with tags on November 17, 2022 by itnerd

Beginning today, Uber is starting to roll out the new Audio Recordings safety feature, which will enable riders and drivers to record audio during a trip. Calgary is the first city for this safety feature in Canada and Uber plans to roll this out in the rest of the country next year. 

Uber hopes that every trip goes well, but we also know that sometimes things don’t go as planned. With the new Audio Recording safety feature, riders and drivers can record their trips at the tap of a button. 

Privacy is always protected

All audio recordings are encrypted and stored securely on the rider’s or driver’s device. Their recording will be locked, and no one—not the driver, not Uber, not the rider—has access to it. Uber can only access the recording if the rider or driver reports an incident and chooses to share the recording with Uber. 

Easy to set up and use on every trip

  1. After the trip has started, tap the blue shield on the map to access the Safety Toolkit. 
  2. Select Audio Recording
  3. Allow microphone permissions.
  4. Tap Start to begin recording. 
  5. For future trips when the rider would like to record audio, the rider will just need to go into their Safety Toolkit and tap Start to begin recording.  

If a driver has Audio Recording set up, the rider will be notified before the trip starts that their trip might be recorded.

More information about the audio recording feature can be found here. I’ve also included a screen recording of this feature from the passenger’s viewpoint:

And the driver’s viewpoint:

It Now Looks Like India Will Force Apple To Adopt USB-C On The iPhone

Posted in Commentary with tags on November 17, 2022 by itnerd

Hot of the heels of the EU forcing Apple to use USB-C, a press release from the Indian Government shows that they are looking to force Apple to use USB-C as well:

During the meeting, a broad consensus emerged among stakeholders on adoption of USB Type – C as a charging port for electronic devices such as smartphones, tablets, laptops etc. Further, it was deliberated that a different charging port may be adopted for feature phones.

The Department has also decided to form a sub-group to examine the feasibility of uniform charging port for wearables. The sub-group will include representatives from industry bodies, educational institutions etc.

It was also felt that an impact study may be conducted by the MoEFCC to assess and examine the possible impact of uniform charging port in electronic devices with regard to e-waste.

Stakeholders agreed that a phased roll-out of the common charging port is may be conducted so that the same can be applied by the industry and adopted by consumers harmoniously.

Now some of you might read this and say that Apple’s name isn’t anywhere on this press release. But the fact is that pretty much everything phone or headphone related has switched to USB-C ages ago. That effectively leaves Apple as the odd man out. At this point, Apple might as well just resign themselves to putting out a USB-C iPhone next year and make it available across the planet. Because other countries will copy the EU now that they have forced Apple’s hand. Of course Apple will find some way to make it “special” in some way, or to make something like fast charging or fast transfer speeds a “Pro” feature so that they can make a few extra bucks. But it looks like USB-C is gaining traction and Apple can’t stop it.

Your move Apple.

Hackers Exploit Holiday Shopper Shipping Using Refund Button as Click Bait for Credential Harvesting

Posted in Commentary with tags on November 17, 2022 by itnerd

Avanan, A Check Point Company, has released a new report on how and why hackers send phishing campaigns centered around holiday shopping. 

The research analyzes hackers sending fake email order confirmation notices in the hopes of getting the user to attempt to get a refund. 

In fact, they will instead be led to credential harvesting pages. End-users are targeted in this phishing campaign by hackers using social engineering and impersonation techniques. 

You can read the full report here.