Archive for January 10, 2023

Has UHN Been Pwned In A Cyberattack? They Say No But I’m Skeptical

Posted in Commentary with tags on January 10, 2023 by itnerd

First some background. When a hospital issues a “code grey” it means that critical infrastructure has failed within the hospital which can seriously affect patient care.

With that in mind, yesterday I got tipped off by a reader if this blog who works within University Health Network or UHN here in Toronto that the hospital system had issued a code grey and that I should keep an eye on the story. The person who tipped me off also said that this would be a big story. Thus I held off publishing anything until I got enough facts to paint a picture for you. The source of the code grey was issues related to their IT infrastructure. That in itself is very unusual because it has been my experience that hospitals have very robust IT infrastructures. Thus something catastrophic would have to have happened for it to take UHN down in whole or in part. That’s when rumours that UHN had been pwned in some sort of cyberattack started to circulate in public and on the dark web. Though the they deny this:

Here’s the thing. It is entirely possible that they are telling the truth here. But the problem with that is that I have seen enough examples over the years where hospitals that issue a code grey are ones that got hit by some sort of cyberattack. Be it some sort of ransomware or a situation where patient data is leaked. And it all eventually becomes public no matter how the hospital spins it. Thus I hope that if this is some sort of internal incident, UHN speaks in detail about this situation so that they prove that they aren’t one of the many hospitals around the world to get pwned over the last few years. Until that happens, I’m remaining skeptical that this is some sort internal incident and not a cyberattack. But I am free to be proven wrong. And I hope I am given how important UHN is to the Greater Toronto Area.

How 1.5 Billion Shoppers Shaped Holiday Retail 2022 According To Salesforce

Posted in Commentary with tags on January 10, 2023 by itnerd

Today, Salesforce released its 2022 All Wrapped Up Report, which analyzes shopping data from over 1.5 billion shoppers from the holiday season across ecommerce, marketing, and service.

Key Canadian shopping trends:

  • Order volume in Canada was down 7% YoY but Average Selling Price (ASP) grew 0.5%
  • The highest discount offered in Canada was during the cyber week at 18%, but highest growth in shopping was observed Pre-Christmas at 11% YoY
  • While credit card remained the most popular payment method for Canadian shoppers at 78% usage, but the highest growth was shown by Financing and Apple Pay at 74% and 65% respectively

Major global trends revealed:

  • Holiday returns spike to record highs: Salesforce predicted over 1.4 billion orders purchased this holiday season would be returned. Today’s data shows that the number reached 1.39 billion, accounting for 13% of total holiday orders and a 63% increase in returns YoY. These numbers spiked in the six days after Christmas, with 16% of orders returned over that week — a 5% increase over last year. 
  • BOPIS (Buy Online, Pick-up In Store) brings hope to last minute shoppers — and growth to retailers: Nearly one out of every five online orders placed globally this holiday season were via BOPIS. BOPIS adoption by consumers peaked at 35% of all orders on the Friday before the Christmas holiday as shoppers retrieved last minute gifts. 

More insights can be found at the shopping insights HQ.

New Research: Up to 85% of Identity Theft is Now Synthetic, and Kids are Most Likely Target 

Posted in Commentary with tags on January 10, 2023 by itnerd

Up to 85 percent of identity theft nowadays is synthetic, which means thieves use combinations of real and fake information to take out loans, get credit cards, purchase cars, collect unemployment, and much more. And it’s grown 233 percent over five years. 

Children are uniquely vulnerable, because it’s an amalgamation of different identities (name, Social Security number, etc.) and 86 percent of parents don’t look at their kids’ credit report or other reports that would alert them to fraud – a key reason why the problem is growing and can go undetected for years until the damage is already done.

How can parents protect their kids? Security.org is out with research and tips, including how to notice early indicators and take action quickly to reduce damage.

Key findings include: 

  • Only six percent of parents use credit monitoring services to track their children’s credit activity
  • Parents feel their children’s data stored in social media, medical records, and school forms were most vulnerable to theft
  • Nearly 25 percent of parents weren’t taking any active steps to protect their children’s sensitive data, up from 15 percent in 2020

Parents can find helpful tips to keep their kids safe here: https://www.security.org/digital-safety/synthetic-identity-theft-guide-for-parents/

Apple Sued Again Over Privacy

Posted in Commentary with tags on January 10, 2023 by itnerd

You might recall at the end of last year, some researchers discovered that Apple records, tracks, collects, and monetizes analytics data, regardless of safeguards or a consumers’ selected privacy settings. And that led to a lawsuit. Well, we have another lawsuit that has been filed in regards to privacy. This one was filed in U.S. District Court for the Eastern District of Pennsylvania a few days ago and alleges the following:

  • Apple records and uses the personal information and activity of consumers, drawn from products like the iPhone and apps.
  • This is allegedly performed even if the user enters settings that they don’t want data shared. 

This on the surface sounds just like the other lawsuit that I linked to earlier. Now Apple of course has not commented on this or the other lawsuit. But with these claims mounting, Apple needs to address this in some way as they trade on privacy. And at the moment, it seems that Apple has been perhaps less than truthful about their privacy claims.

OVHcloud Metal Instances combines the best of Bare Metal with the convenience of pay as you go and infrastructure as code 

Posted in Commentary with tags on January 10, 2023 by itnerd

OVHcloud, the European Cloud leader and Bare Metal pioneer, announces the launch of Metal Instances. New to the Public Cloud universe, these instances leverage the tremendous compute power of Bare Metal servers, support an infrastructure as code deployment methodology and benefit from the flexibility and convenience Public Cloud is known for with a pay as you go model. 

In a typical Cloud-native environment, applications are decoupled from the underlying hardware so that they can scale thanks to the Cloud on-demand elasticity. This way, under the hood hardware becomes abstract and can be trimmed on the fly to answer specific peak periods. But not all apps are created equal, and some workloads might require dedicated hardware resources for their execution, whether it’s for control, isolation, or performance. Metal Instances are specifically designed to address this need offering on-demand availability and quick deployment times based on automated and standardized large-scale roll out through infrastructure as code made possible by OpenStack and Terraform native support. Last but not least, Metal Instances benefit from a pay as you go billing model (down to the hour) enabling customers to pay exactly for the compute capacity they consume. 

Full control of the hardware  

Metal Instances offer exactly what customers can expect from the Bare Metal forerunner: complete control of the hardware with access to the full CPU resources. Being run on 100% dedicated single tenant physical servers, Metal Instances support on-demand deploy through standard OpenStack API, benefit from Cloud automation capabilities and can be integrated into the full Public Cloud ecosystem of OVHcloud services. 

Bare Metal as a Service 

Metal Instances are built for a variety of workloads requiring specific hardware regardless of the purpose: performance, licensing, or low-level software customization. Thanks to Metal Instances, customers will benefit from a unique and flexible on-demand Cloud offer spanning across 3 different instances:  
 

  • bm-s1 is powered by an Intel Xeon-E 2274G (4C/8T), 2x 960 GB SSD with hourly pricing of 0,5 euros, 
  • bm-m1 is powered by an Intel Xeon-E 2288G (8C/16T), 2x 960 GB SSD with hourly pricing of 0,85 euros, 
  • bm-l1 is powered by an AMD EPYC 7371 (16C/32T), 2x 960 GB SSD with hourly pricing of 1,45 euros, 

Each instance is teamed with a 1 Gbit/s guaranteed public network link and a 2 Gbit/s guaranteed private network. True to OVHcloud’s commitments when it comes to price predictability, the cost includes incoming and outgoing traffic. 

A solution that offers data protection and sustainability 

Metal Instances benefit from OVHcloud well known expertise in infrastructure, offering a trusted Cloud in environmentally friendly datacenters. With the highest security and data protection standards in the form of ISO 27001 certification and HDS, data are immune to extra-territorial laws. OVHcloud datacenters take advantage of its unique industrial model with a watercooling system that contributes in a sustainable Cloud allowing to reach best-in-class PUE/WUE indexes (see more data here).  

Availability 

Metal Instances BM-S1, BM-M1 and BM-L1 are available in Canada (BHS), France (GRA & SBG), Germany (LIM), United Kingdom (ERI) and Poland (WAW) and ready to click in less than 3 minutes.  

Bell Fibe 1.5 Gbps FTTH Internet – Six Months Later

Posted in Commentary with tags on January 10, 2023 by itnerd

It’s been six months since my wife and I dumped Rogers Ignite Internet to replace it with Bell Fibe 1.5 Gbps Internet. And to be honest, there’s only been a handful of things to report on. That includes this incident where a Bell tech’s incompetence left us without service for several hours.

Let’s start with the good. For the most part, the speed that I got on day one is the same speed that I have now. And neither my wife or I have had any incidents since the one that I mentioned above. I continue to use the advanced DMZ method of bypassing Bell’s hardware, specifically the HH4000 which Bell has replaced with their Gigahub for my own hardware. Specifically the ASUS ZenWiFi XT8. And that continues to be fine for me. Though I should note that if Bell were smart, they would have a proper bridge mode for their customers to use just like Rogers does. But I might be expecting too much from Bell. Just like they should also have IPv6 on their network just like Rogers does. But I’m digressing here. I should note that the Gigahub which is going out to all new Bell customers has had some issues which Bell admits to and resolved for the most part. Though there seems to be a couple new issues that I am looking into and I will have a follow up article on that soon.

Now over to the bad. Bell has raised my bill by $5.05 a month. That’s not a deal breaker for me as I am still paying way less than I was with Rogers, and honestly I am not surprised by this. Because I did say this when I was in the process of moving to Bell and spotted a clause in their contract that gives them the right to raise your rates with 30 days notice:

Thus the way I read this is that Bell will increase your bill at some point. Another reason for me to be ready to call in to cut a new deal if required.

Well, they gave me 60 days notice before the increase. But if you’re not paying attention, you might miss it and call into Bell fuming until they point it out to you. That was me as when I got my bill, I basically said “WTF?” and called into Bell where they pointed out where to find this information. So assuming that you have a MyBell account, this is what you have to watch for:

  • On the website: When you get your bill, look for a “Messages” section and if you see anything there, you should open it up and look at it. Here’s what I saw:
  • On the app, Click on the words “View your detailed bill” as that will take you to Bell.ca to see the same information. Alternately you can view a PDF copy of your bill and look for something like this:
  • If you get your bills by mail, you’ll see the above as well on your bill.

This is why I encourage every Bell customer to closely look at their bills to ensure that you’re never caught off guard by anything that they do. Be it something that they warn you about as is the case here, or a billing mistake or “billing mistake” that they make as Bell has a history of that behaviour. If I could give Bell some advice, this information is easy to miss and you should really send notices of rate increases by email so that that it will cut down on the number of calls that rate increases generate. But I know that they won’t do that as customer experience has never been Bell’s primary focus. Speaking of which, when I called in, I did get an agent who was pleasant and helpful. But the flip side is that I hear stories of their agents hanging up on people and being rude. So if Bell really wants to become the dominant telco in Canada, their customer experience needs to be job number 1 for them to focus on.

The only other thing that I want to note is that I cancelled Crave TV as Bell “slipped” that along with their TV service into the package claiming that it was free when it actually wasn’t. I made the changes and I will see what effect it has on my bill as I would not be surprised if my monthly fees go up. At that point I will have to call into them and cut some sort of new deal if I can. Which another reason why Bell needs to improve their customer experience as this is the sort of thing that is completely unnecessary. Making customers hop through these sorts of hoops, and having your call centre staff engage in questionable behaviour doesn’t result in happy customers. Ever.

So am I happy that I have moved to Bell? Well, I wouldn’t say that I am happy as such. Bt as long as the experience is like it has been so far, which is there are no outages or billing issues, I’m fine to continue dealing with them. But as I’ve mentioned in other posts, I have zero loyalty to any Canadian telco. If things change with Bell in a negative way, then my incentive to stick with them will decrease. Therefore, I would strongly suggest to Bell that they need to make sure that my experience so far which has been mostly positive stays that way. And if they’re smart, they will improve their customer experience, add IPv6, add a bridge mode to their hardware, or all of the above to give me more of a reason to not to ditch them. Though if I were them, I would start with their customer experience as that’s what they need to address immediately.

Elon Musk Is In Trouble Again…. This Time It’s About Him Tweeting That He Will Remove Tesla’s Full Self Driving Safeguards

Posted in Commentary with tags on January 10, 2023 by itnerd

Elon Musk really doesn’t have a clue about how to keep his thoughts to himself. I say that because his habit of saying anything that pops to mind has gotten him into trouble again. On New Years Eve, he said this in response to a Tweet regarding Tesla’s Full Self Driving:

To be clear, what they’re talking about is the requirement by Tesla’s Full Self Driving software to keep your hands on the steering wheel at all times as that serves as proof that you are still in control of the car should you need to take control. Well, that one Tweet has gotten the attention of the NHTSA according to The Verge:

An NHTSA spokesperson confirmed that the agency has reached out to Tesla to gather information about the Musk tweet, in which the controversial billionaire suggested he would eliminate a driver monitoring function that warns users to keep their hands on the steering wheel while using FSD. 

The information gathering by NHTSA is part of a broader investigation into Tesla’s Autopilot, which has been linked to over a dozen crashes involving stationary emergency vehicles.

Seriously Elon. You’re already under investigation because of issues with Tesla’s Full Self Driving, and you’re really going to poke a stick in the cage so to speak? You may be a billionaire, but you’re clearly not that smart as that Tweet was a dumb thing to do. That’s on top of the fact that this feature is years late and is still in beta. As it should be given what YouTubers like MKBHD, Along For The Ride, and Snazzy Labs have found. Which is that it’s not that good.

I guess that Elon must be bored and he needs some more problems to deal with. Because clearly the ones that he currently has with the implosion that is Twitter and the crash of Tesla’s stock price aren’t enough to keep him occupied.

Windows 8.1 Support Ends TODAY

Posted in Commentary with tags on January 10, 2023 by itnerd

Today marks the day that Windows 8.1 will reach its end of support. That means that the product will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates. Businesses and individuals around the world will be exposed to a significantly bigger attack surface and increased risk from using an unsupported operating system from Microsoft.

Antonio Sanchez, cybersecurity product marketing principal at cybersecurity software and services provider Fortra says:

“As of January 10th, any organization that still has Windows 8.1 running in their environment is accepting the additional risk of being breached. This is because Microsoft will no longer be creating security updates for 8.1 for any new vulnerabilities. And if your strategy is to hope there are no new vulnerabilities discovered here is something to keep in mind: Windows 7 had almost 1,000 new vulnerabilities after its end of life.”

My advice would be that if you have not already migrated to Windows 10 or Windows 11, you should do so immediately as there’s very little good reason to be running anything earlier than Windows 10 in 2023.