Archive for May, 2022

« Older Entries
Newer Entries »

Competition Bureau To Rogers And Shaw: That Merger Ain’t Happening On Our Watch

Posted in Commentary with tags , on May 8, 2022 by itnerd

Rogers and Shaw apparently got some bad news on Friday night. Apparently the Competition Bureau dialled them up and let them know that their proposed merger was going to be opposed by them. Rogers put out a press release that among other things said this:

Rogers Communications Inc. (“Rogers”) and Shaw Communications Inc. (“Shaw”) were notified this afternoon following the close of trading of the Commissioner of Competition’s intention to file applications to the Competition Tribunal opposing Rogers’ proposed merger with Shaw (the “Transaction”).

Rogers and Shaw remain committed to the Transaction, which is in the best interests of Canada and Canadians because of the significant long-term benefits it will bring for consumers, businesses and the economy. The companies have offered to address concerns regarding the possible impact of the Transaction on Canada’s competitive wireless market by proposing the full divesture of Shaw’s wireless business, Freedom Mobile. Rogers and Shaw are engaged in a process to sell Freedom Mobile, with a view to addressing concerns raised by the Commissioner of Competition and ISED.

Rogers and Shaw will oppose the application to prevent the Transaction to be made by the Commissioner of Competition, while continuing to engage constructively with the Competition Bureau in an effort to bring this matter to a resolution and ensure that the Transaction’s benefits can be realized by all Canadians.

As a result of this news, Rogers and Shaw have pushed the the outside date of the merger to July 31 2022. That way they can “engage” with the Competition Bureau and get them to change their minds. Something that I personally don’t see happening. So I expect this to be in court at some point.

Frankly, i’m not at all surprised by this as there has been healthy opposition to this merger as it is seen as reducing competition rather than increasing it. And frankly, Rogers specifically has larger issues at the moment. While they have made announcements about increasing the speeds of their Internet offering to better compete with Bell and Telus, the facts are that those announcements really won’t make the Internet experience for the majority of their customers any better anytime soon. So if I were Rogers, I’d focus on that rather than reducing competition by buying Shaw.

1 Comment »

Guest Post: If You Value Your Privacy – Stop Using Gmail

Posted in Commentary with tags on May 8, 2022 by itnerd

Have you ever considered how much information Google harvests about you?

Google creates ‘shadow profiles’ of every user by tracking, recording and analysing:

  • Every email you send or receive via Gmail
  • Every search you perform on Google search
  • Every video you watch on YouTube
  • Everywhere you go, the route you took and how long you stay – even if you never open the Maps app
  • Your physical location – even if you turn off location services – by using information gathered from Wi-Fi and other wireless signals

Google has admitted to scanning your Gmail messages to compile a list of your purchases and who-knows-what-else. Just think of all the confidential financial, medical and other personal data which you have ever exchanged via email – it’s all being scanned by Google’s AI to build up a ‘shadow profile’ of you and your behaviour.

Google’s Director of Security even admitted that Google allows third party developers to access your Gmail messages if you’ve granted them permission which, since most people don’t change their privacy settings, is likely to include almost all of Gmail’s 1.5 billion users.

“Gmail becomes a window into your entire online life because of how wide and deep their surveillance architecture goes”, says Rowenna Fielding, founder of privacy consultancy Miss IG Geek.

Some people argue in favour of surveillance, after all “if you’ve got nothing to hide, why should you be worried?” Plus, Google’s motto is “Don’t be evil”, right? Wrong. It used to be, but sometime in 2018 Google dropped “Don’t be evil” from its code of conduct, replacing it with Alphabet’s intention to “do the right thing”, which is clearly open to interpretation. Do the right thing for who exactly? The users? The advertisers? Or just for Alphabet inc?

What can you do to minimise the exploitation of your data?

The first thing to do, if you have a Google account, is to manage your profile and set your data collection and storage preferences – but doing so won’t prevent Google exploiting the data they retain about you.

The most important step you can take is to get off Gmail. By sending email through Google’s servers you are knowingly allowing every message you send or receive to be scanned.

What are the alternatives to Gmail?

Thankfully there are alternatives to Gmail, which work just as well and are far more secure.

Open Web Systems is a different kind of email provider. Co-owned by its users, it provides surveillance-free email and document storage, with military-grade security and encryption, powered by 100% renewable energy.

There’s always a cost to send an email – and although your Gmail account doesn’t have a monthly fee you are still paying by allowing Google to store, scan, and monetize your data.

Ultimately the choice is yours, but when the surveillance-free alternatives deliver the same level of usability and functionality as the data-exploiting alternatives for just £4/month, why wouldn’t you pay for privacy?

Leave a comment »

Ikea Canada Had A “Internal” Data Breach…. WTF??

Posted in Commentary with tags , on May 7, 2022 by itnerd

Over the last month, my wife and I have been doing shopping at Ikea Canada. But I may be rethinking that as it has come to light this past week that Ikea Canada had what they term an “Internal” data breach that affected 95,000 Canadians. Global News has the details:

Ikea Canada told Global News it was made aware that some of its customers’ personal information appeared in the results of a generic search made by an employee between March 1 to March 3.

A spokesperson added that the information was accessed by the person using Ikea’s customer database.

“While we can’t speculate as to why the search was made, we can share that we have taken actions to remedy this situation,” Ikea Canada PR leader Kristin Newbigging said.

“We have also reviewed our internal processes and reminded our co-workers of their obligation to protect customer information.”

Okay. The fact that you have to remind your employees not to do something like this is a huge problem. And the fact that an employee did this is a massive problem. It likely shows that their internal controls weren’t on point.

Here’s the best news out of this:

kea Canada has submitted a breach report to the Office of the Privacy Commissioner of Canada (OPC).

OPC officials confirmed they are in communication with the company to get more information and determine next steps. They would not say what those steps could be.

Hopefully the OPC smacks Ikea Canada silly as this is pretty unacceptable from my perspective. In the meantime, affected customers have already been notified by email.

Leave a comment »

Today Is The Anniversary Of The Colonial Pipeline Hack

Posted in Commentary on May 7, 2022 by itnerd

May 7th is the first anniversary of the Colonial Pipeline hack. The company apparently got pwned by ransomware and this attack created a major shortage of fuel along the east coast of the US, which in turn caused fuel prices to spike upwards. To make this go away, the company paid the ransom. The FBI did get some of that money back though. It later emerged that the notorious group, Dark Side was behind this, and they got in via single compromised password. A lot of this is now a very detailed case study as to how an attack like this is carried out and what you can do to not get pwned.

Darren Williams, Founder and CEO of BlackFog had this comment:

“The Colonial Pipeline attack was the first ransomware attack that mainstreamed “Ransomware” around the world. It also highlighted that most organizations were totally unprepared to combat such attacks to the extent that US President made it a top priority to invest in programs to protect the nation’s infrastructure.”

“The big lessons learned from these attacks are that you can no longer ignore security and systems need to be professionally managed, updated and protected. Organizations need to embrace security procedures as an important part of the business or face the consequences. Insurance cannot protect you from the damage after it has occurred but only mitigate partial financial losses.”

“The Colonial attack also highlights the need for data exfiltration monitoring to not only prevent ransomware attacks but more importantly stop the loss of information outside the organization. This is the primary goal of any attack, steal as much information as you can and then extort the organization and / or disable the infrastructure.”

“It is crucial that the United States shows leadership in this new frontier of cyberwar from both a monetary and policy perspective. No nation has ever been in trouble by being too prepared. Since the beginning of 2022 we have seen a high volume of attacks, that continues to break new records each month. We expect this trend to continue throughout 2022.”

“While we commend the government for taking these attacks seriously, we would like to see regulations that fast-track newer technologies for adoption rather than regulations that currently prevent smaller organizations from winning key contracts. We would propose similar policies to those that were adopted during the COVID pandemic whereby the government was able to fast track solutions by backing several promising technologies which saw unparalleled advances in medicine that the world has never seen. Cyberattacks threaten to affect our water, food and power supplies, and just about anything that uses a microchip. Cyberwar is the new frontier for crime, with low barriers to entry, low risk and minimal chances of being caught.”

Artur Kane, CMO at GoodAccess had the next comment:

“Ransomware attacks are a prevalent threat to businesses today, yet many companies still neglect the necessary procedures to prevent and contain them.

Critical infrastructure, in particular, is a lucrative target. Adversaries often pick them because of the high potential impact and the slow adoption of the latest security measures by critical infrastructure operators, leaving them vulnerable to attack.

Oil, gas, power, and water suppliers tend to be conservative in their security policies, which center on reducing the attack surface by building a secure perimeter to repel outside attacks. This perimeter, built on legacy technology and outdated networking models, has to be impenetrable if it is to fulfil its function.

However, users nowadays also need to connect from outside the secure boundary, something the traditional model has trouble coping with. User devices connected from outside to the internal network may introduce malicious code, or hackers infiltrate internal systems. Once that happens, there is little to stop them doing damage because the network can never be completely disconnected when administrators need to access it.

Attacks and downtimes are inevitable. While it’s necessary to do the maximum for prevention, in terms of regular security awareness training, backups, and system redundancy, it is equally important to lower the impact of breaches and reducing response time when they do happen.

Apart from regular hardware and firmware, software patching, and network segmentation, it is also important to reduce the attack surface by enforcing strict access control policies that allow users only the minimum necessary rights. Furthermore, to mitigate the risk associated with remote access, IT admins must extend the network perimeter to all touchpoints between technology, administrative, operations, and public-facing infrastructures. 

But even with all these measures in place, attackers can still find a way in. IT professionals must therefore look for ways of detecting attacks early and prepare detailed response and remediation plans. Continual training and security drills of security administrators is a must in order to assure their awareness of response protocols and prepare them for a swift and decisive response.

Attacks on critical infrastructure can be expected to rise in both frequency and magnitude as global tensions rise. The digital space is becoming a hot battleground and is likely to become hotter still as war rages on land, and critical infrastructure operators need to prepare themselves not just to counter profit-oriented ransomware attacks but also sabotage by state-sponsored groups.

Peter Stelzhammer, Co-founder of AV-Comparatives had this to say:

“Looking at the Colonial Pipeline disaster, it reminds a little bit of the Conficker disaster, which occurred in 2008. Both attacks could have been prevented with proper Enterprise Endpoint Security and Patch Management, as well as following the basic security advice every CISO should follow. Update the operating system, patch all third-party software, check for known CVEs and use multi-layered security systems. For Conficker, a Microsoft out-of-band patch was released on October 23, 2008, to close this vulnerability, however, a large number of Windows PCs (estimated at 30%) were not patched as of January 2009. Even in the Colonial pipeline disaster, only the billing system was hit by the Darkside Group, the pipeline was shut down by the operators. Maybe to prevent delivering fossil fuels without being able to send an invoice? So, keep in mind, do frequent rolling backups of your systems, have a disaster recovery plan and UPDATE and user Security systems. IT security belongs to the CEO and the board, it is that important.”

Hopefully organizations learn from what happened with Colonial Pipelines so that they don’t become the next Colonial Pipeline that I have to write about a year from now or sooner.

Leave a comment »

Vipul Baijal Tapped To Lead Xebia’s North American Operations

Posted in Commentary with tags on May 6, 2022 by itnerd

A global leader in IT consulting and digital technology, Xebia who I have written about before is now embarking on an aggressive expansion in Canada. To that end, Vipul Baijal has been tapped to lead Xebia’s North American expansion as their head of the Americas.

It will be interesting to see what Mr. Baijal’s experience does to drive Xebia forward in North America. And what Xebia has in store in the future.

Leave a comment »

Digital Experience A Make-Or-Break For Wearable Tech In Canada: Report

Posted in Commentary with tags on May 6, 2022 by itnerd

There’s been substantial growth in the consumer medical devices market in recent years – 320 million consumer medical wearables will ship globally in 2022 (according to Deloitte). These range from heart rate monitors that can be used to detect heart disease and long COVID, to bracelets which aid ovulation prediction and conception. Now, consumers are incorporating this technology in their daily lives to improve their overall health and wellbeing.  

In a new study of more than 12,000 consumers globally, including Canada, Cisco AppDynamics uncovered how quickly consumers are adopting this technology, the level of trust they have when allowing third parties to handle their data, and their expectations for incredible digital experiences when using these services.  

The results show a booming industry, with consumers keen to realize a range of health and wellbeing benefits. But at the same time their expectations for flawless digital experiences are higher than ever. One bad digital experience could be the make-or-break moment in a technology failing to reach its full potential. 

Key Canadian takeaways from the report include

  • 2% of Canadians think wearable technology has the potential to transform both their personal health and public health as a whole 
  • 61% of Canadians say they intend to use more of these types of wearable technologies or applications in the next 12 months 
  • 33% of Canadians say they currently use at least one wearable health tech device 
  • 73% of Canadians say a bad digital experience may stop them using a specific wearable device or application and 51% say it may put them off trying other health or wellbeing wearables or applications 
  • The biggest components of a bad digital experience for Canadians are: 
    • Data privacy / data security leak (61%) 
    • Application or device crashing (58%) 
    • Slow run time / unresponsive (57%) 
  • 86% of Canadians say reliable, real-time access to health data and accuracy of this data is critical to a good user experience 

There is a lot more detail on this report which you can find here.

Leave a comment »

What’s In My Laptop Bag – The 2022 Edition

Posted in Commentary with tags on May 6, 2022 by itnerd

I haven’t done one of these articles in a while as I typically do them when I plan to travel either on business or pleasure. And travelling hasn’t been a thing for the last couple of years during the pandemic. But as it appears that the world is opening up, I decided to put a new “What’s In My Laptop Bag” article for you starting with the laptop:

This is my 2021 16″ MacBook Pro. I did a two part review of it which you can find here and here. But in the months since I have gotten it, I can honestly say that it’s the best computer that I’ve ever owned. And the weight of it is really a non factor for me. Once I get back to travelling again, I’ll be happy to have this laptop with me as it does everything that I need it to do with a lot of headroom left over. By the way, if you’re wondering about the carbon that’s on the trackpad, that’s a vinyl skin from dBrand. They offer skins that allow you to cover as little or as much of the MacBook as you want. In my case, I did the trackpad and the back of the screen.

This is the Tucano Figura Medium. It’s old, as in approaching two decades old. But it’s so durable you could never tell and it’s never failed me. It proves that if you invest in a quality laptop bag, your return on investment will be protection and longevity. Speaking of protection, it provides a good amount of protection as well as easily accessible pockets for things like airline tickets and other documents. Not to mention the ability to hold my MacBook Pro related items. Plus I can slide the case through the handle of my carry on bag so that I have nothing on my shoulder. It’s also easy to pull out the notebook at TSA checkpoints.

For some extra protection, I slide my laptop into this Inateck sleeve. Even though it was designed for 15″ MacBook Pros, my 16″ fits just fine. And I use the included case for my power adapter and cable. Besides acting as a means of protection for the MacBook Pro inside my laptop bag, I sometimes take my MacBook Pro out just using this sleeve if I am only going to be out for a few hours. It’s held up well over the years as I only needed to have the velcro that closes the case replaced recently. Inside the pocket of this sleeve I have this:

I have a resealable bag with one of these cloths that I got from Amazon that I have on hand to clean the screen of my MacBook. While Apple does sell their own polishing cloths, you can get 24 of these cloths for what the Apple polishing cloth costs. As a result, I have these at my desk, in my laptop bag as you see here, with spares left over should I need them. And for the record, the only time you need to get the Apple polishing cloth is if you have a nano-texture display from Apple. But then you’ll get one for free when you buy a display with the nano-texture coating.

The majority of my gear is stored in a ProCase Universal Electronics Accessories Bag that I got from Amazon. It is thin and organizes the gear that’s in it via two dual sided compartments.

This section holds a MagSafe puck, an HDMI cable seeing as Apple brought back the HDMI port on the MacBook Pro, an Ethernet Cable, and a USB-C cable.

This section holds three dongles. Specifically a DVI-D to USB-C dongle, an Ethernet to USB-C dongle, and a USB-A to USB-C dongle. Because even though Apple brought back ports, I have found that you’ll still have to live the dongle life. I also have a variety of USB cables and USB-A to USB-C adapters, and a USB stick, specifically this one that has the macOS Monterey installer on it.

You’re likely wondering why I am showing you a pen. It’s a 4 in 1 pen made by a company called Rotring. It contains a blue pen, a red pen, a mechanical pencil and a stylus that works on touch sensitive screens which means that it does not work on the screens of iPhones or iPads. I’ve had this for close to a decade and I’ve only ever had to change the cartridges for the pens and add lead to the pencil.

Now if I am travelling either domestically or overseas, I will add the following items to the bag:

This is the Olixar Travel Adapter With 4 USB ports. This will help me to keep my iPhone and Apple Watch charged as I plug this into an outlet and plug everything else into it.

Next up is the Apple World Travel Adapter Kit which allows me to plug my MacBook Pro in to power it anywhere in the world.

This Kensington wall adapter doesn’t convert voltage. But I have take it with me in case I need to plug something into the wall in a foreign country as long as that something in question does voltage conversion on its own.

All of these items live in this Herschel Supply Company pouch. That way I have one thing that I need to pick up and drop into my laptop bag.

In terms of my Apple Watch, I bring along this Twelve South Time Porter which holds my collection of Apple Watch bands and has an Apple Watch charger at the top of it. Speaking of Apple Watch bands, it’s likely time for me to do a round up of my Apple Watch band collection as there are new bands that are part of the collection. I’ll add that to my to-do list.

Besides those items, I also pack portable SSD’s for backup purposes. Because you should always backup your computer. Especially when travelling. Top tip: If you do travel with an SSD to back up your computer, pack it into your checked luggage. That way, if your computer gets stolen you have a backup elsewhere. I also tend to travel with a multi-tool that doesn’t have a blade. The reason is that I want to make sure that it doesn’t get confiscated by airport security. And I typically drop one or two USB sticks into the bag as a just in case thing.

So that’s a look at what’s in my laptop bag. Hopefully, I’ve helped someone travel smarter, but if you have a tip or a suggestion, feel free to leave me a comment below.

2 Comments »

HP Introduces New Tools And Devices To Empower Business-Critical Workers And IT Teams

Posted in Commentary with tags on May 5, 2022 by itnerd

With hybrid work environments, companies are virtualizing applications and desktops to provide enhanced security, resilience, and uninterrupted productivity for mission critical work.  HP is introducing new PC hardware, software and device management solutions to empower business-critical workers and the IT teams that support them in today’s hybrid world. Among the new tools and devices:

  • The HP Elite Chromebooks, which have stepped up to the challenge with a portfolio of business Chromebooks better than ever and thoughtfully designed to empower hybrid cloud workers.
  • The HP Elite Thin Client device keeps increasing performance requirements demanded by video collaboration and delivers performance, versatility and security in a virtual workhorse.
  • The HP Cloud Endpoint Manager gives IT teams a better way to manage growing fleets of HP Thin Clients. The software is the world’s first real-time device monitoring of thin clients with OEM device management software.

For more information, you can read the blog post here.

Leave a comment »

Chinese Linked Hacker Group Linked To Data Theft

Posted in Commentary with tags on May 5, 2022 by itnerd

Security firm Cybereason have discovered a Chinese government-linked hacker group dubbed Operation CuckooBees trying to steal sensitive data from dozens of manufacturing and technology firms in the US, Europe and Asia. The hackers targeted blueprints for producing materials with broad applications to the pharmaceutical and aerospace industry.

Darren Williams, CEO and Founder, BlackFog:

“This is not surprising given both the history and the growing trend we are seeing involving data exfiltration to China. BlackFog’s latest research found that 20% of all ransomware attacks exfiltrate data to China. This has been a growing trend over the last year and have seen renewed efforts focused specifically around espionage. This also correlates with BlackFog’s April report that saw a dramatic rise in attacks on Technology, Manufacturing and Government, with increases of 25%, 20% and 40% respectively.”

Given the state of the world at the moment, you can expect to see more groups like this emerge. Which means that sooner or later, enterprises everywhere will be on their target list. Thus having defences in place is an absolute requirement.

1 Comment »

Guest Post: US Data Compromises Affected Over 20 Million People In Q1 2022 Says Atlas VPN

Posted in Commentary with tags on May 4, 2022 by itnerd

From appointment scheduling and calendar service FlexBooker to CVS Pharmacy, data compromises are still a grim reality in 2022.

According to the data presented by the Atlas VPN team, based on the Identity Theft Resource Center research, publicly reported data compromises in the United States affected 20,773,963 million victims (approximately 230,822 a day) in the first quarter of 2022. In total, there were 404 compromises reported from January through March.

Compared to the first quarter of 2021, data compromises increased by 14%, from 354 to 404. However, the number of victims actually fell by 50%, from 41,254,479 to 20,773,963, indicating smaller but more targeted data breaches. 

Cyberattacks were responsible for 91% of US data compromises in Q1 2022. In total, 367 data breaches happened due to cyberattacks, claiming 13,525,762 victims. Most common cyberattacks include phishing, smishing, and business email compromise (110), ransomware (67), and malware (22).

System and human errors were the reason for 32 or 8% of data compromises in the US within the first three months of the year, affecting 7,223,708 victims. The main reasons behind the errors were email and letter correspondence (12), misconfigured firewalls (5), and failure to configure cloud security (4).

The remaining 1% of data compromises were due to physical attacks, such as document theft, device theft, and improper disposal. Such events took 21,601 victims.

The technology sector suffered the most

Almost no major economic sectors were spared from data breaches in the first quarter of this year. However, some were affected more than others.

The most impacted industry in terms of the number of victims was technology, with 10,832,588 million breached accounts. Data compromises affecting the sector were also the most prolific, with one breach on average involving nearly 677,037 accounts. In total, the sector faced 16 data compromise events in Q1 2022. 

The second most affected sector in terms of victims was financial services. It suffered from 68 compromises impacting 3,384,769 people. Meanwhile, the healthcare industry faced 73 compromises — more than any other sector and affected 2,560,465 people. Both financial and healthcare sectors are highly lucrative targets to cybercriminals due to valuable data stored by the companies working in the industry. 

To read the full article, head over to: https://atlasvpn.com/blog/us-data-compromises-affected-over-20-million-people-in-q1-2022

Leave a comment »

« Older Entries
Newer Entries »