Archive for January 26, 2023

« Older Entries

The TELUS Data Trust Survey Reveals Some Interesting Facts On How Canadians View Data Privacy

Posted in Commentary with tags on January 26, 2023 by itnerd

It’s Data Privacy Week – an issue that is top of mind as federal government is about to discuss.

Bill C-27, proposed to strengthen Canada’s private sector law while ensuring the privacy of Canadians will be protected and that innovative businesses can benefit from clear rules as technology continues to evolve.

In a recent poll, commissioned by TELUS, only 30 per cent of Canadians trust organizations to protect their personal information, and more than half of Canadians feel confident data and technology can be used to positively impact healthcare, education, safety and security. Here’s some other key points from the TELUS Data Trust Survey:

About the survey:

  • The purpose of TELUS’ Data Trust Survey was to explore Canadians’ feelings around data privacy and trust to drive conversations in light of rapid digital transformation of our economy and lives.
  • Trust, as it pertains to data, is essential to technological and social innovation. With data breaches on the rise, it’s more important than ever for organizations to protect the data entrusted to them and to be transparent about how data is used and protected to maintain and build trust.

Methodology:

  • Audience: Responses were nationally representative from 2,016 Canadian adults, 18years of age or older
  • Timeframe: August 31, 2022 to September 19, 2022
  • Location: Canada
  • Language: English, French
  • Sample provider: Dynata, Inc.Key Survey Findings

Canadians care about their data privacy.

  • 97% of Canadians feel they understand what personal information is.
  • More than eight-in-ten claim to understand how their personal information can be usedonline.
  • Three-quarters of Canadians take regular steps to protect their personal information.
  • More than half are extremely concerned about personal information and online privacy.

Half have experienced a breach, impacting their trust.

  • In the last two years, almost half of Canadians experienced some sort of breach.
  • Since experiencing a breach, two-thirds of Canadians have become more guarded with their personal information.
  • Since experiencing a breach30% of Canadians have lost trust with the company associated with the breach.

Canadians believe in the power of technology for good.

  • Half of Canadians are extremely excited about technology improvements.
  • More than half of Canadians feel confident data and technology can be used topositively impact healthcare, education, safety and security.
  • 42% believe that sharing data with trustworthy companies can provide them with usefulproducts and services

Trust matters to Canadians when choosing companies to engage with.

  • 79% of Canadians agree that a company’s reputation for how it treats personal information and privacy changes the way they think about the company or brand.
  • 62% are more likely to buy products or use services from companies they trust.
  • Only 31% trust organizations to protect their personal information.
  • Nearly one-quarter of Canadians say they don’t trust telecoms, 14% say they don’t trustvirtual care providers.

Leave a comment »

Apple’s Activation Lock Has Resulted In Perfectly Good Apple Products Being Scrapped

Posted in Commentary with tags on January 26, 2023 by itnerd

When Apple came out with Activation Lock which stops Apple Products from being reused if they are stolen because they are locked to the original owner, I applauded that as it makes iPhones and Macs less of a target for thieves. Or at least it should make them less of a target for thieves. But there’s one unfortunate side effect that Motherboard has detailed:

Secondhand MacBooks that retailed for as much as $3,000 are being turned into parts because recyclers have no way to login and factory reset the machines, which are often just a couple years old.

In short, Activation Lock is creating a problem with recyclers where they can’t factory reset perfectly good computers. So instead of factory resetting them and selling them on the used market, they are selling them for scrap. Or in the worst case, destroying parts that they can’t use with all sorts of health and environmental effects.

This is a huge optics issue that Apple has unintentionally created. And at least at this point, they don’t seem to want to help solve this problem. And I can see why from Apple’s point of view. If you give recyclers the tools factory reset these Macs, those tools might end up in the hands of thieves who would do the same thing with stolen Macs. And if Apple were to reset these computers themselves, it would be a logistical challenge for them as they would likely have to sort out what’s legit and what might have been stolen. Still, I think Apple may have to do something here as this is a bit of an optics issue for a company that likes to brag about their environmental “street cred.”Let’s see if they do or say something now that this is out there.

Leave a comment »

Home Depot Gave Customer Data To Meta Says Canadian Privacy Commissioner Without Customer Consent

Posted in Commentary with tags , on January 26, 2023 by itnerd

Home Depot is my go to for anything I need to fix stuff around my condo. But perhaps I should rethink that as the Canadian Privacy Commissioner has determined that Home Depot handed over customer data to Meta (aka Facebook) without consent from customers:

It is an issue highlighted in a recent investigation by the Office of the Privacy Commissioner of Canada (OPC) into Home Depot of Canada Inc. (Home Depot). By participating in Meta Platforms Inc.’s Offline Conversions program, Home Depot was found to be sharing details from e-receipts – including encoded email addresses and in-store purchase information – with Meta, which operates the Facebook social media platform, without the knowledge or consent of customers.

And:

The investigation found that Home Depot had been collecting customer email addresses at store checkouts for the stated purpose of providing customers with an electronic copy of their receipt since at least 2018. However, the investigation revealed that during this period, the encoded email addresses, along with high-level details about each customer’s in-store purchases, were also sent to Meta.

Information sent to Meta was used to verify if a customer had a Facebook account. If they did, Meta compared the person’s in-store purchases to Home Depot’s advertisements sent over the platform to measure and report on the effectiveness of those ads. Meta’s Offline Conversions contractual terms also allowed it to use the customer information for its own business purposes, including user profiling and targeted advertising, unrelated to Home Depot.

Each email address Home Depot shared with Meta was encoded so that it could not be read by individuals at Facebook. Meta employed an automated process that allowed it to match email addresses attached to Facebook accounts. Email addresses not already associated with a Facebook account could not be linked to individuals.

While the details of a person’s in-store purchases may not have been sensitive in the context of Home Depot, they could be highly sensitive in other retail contexts, where they reveal, for example, information about an individual’s health or sexuality.

During the investigation, Home Depot said that it relied on implied consent and that its privacy statement, accessible through its website and in print upon request at retail locations, adequately explained that the company uses “de-identified information for internal business purposes, such as marketing, customer service, and business analytics” and that it “may share information for business purposes,” including “with third parties.” Home Depot also relied on Facebook’s privacy statement, which explained the Offline Conversions program.

The OPC, however, rejected Home Depot’s argument as the privacy statements Home Depot relied on for consent were not readily available to customers at the check-out counter, and consumers would have no reason to seek them out. Moreover, the OPC found that Home Depot’s privacy statement did not clearly explain the practice in question.

Now I have always been suspect of getting e-receipts from companies which is why I always prefer printed copies. This revelation makes me want to double down on never getting an e-receipt. Now I tried to find a comment from Home Depot or Meta but I couldn’t find one. Which in itself says something. But in the meantime, here’s what the Privacy Commissioner says that Home Depot has to do:

As a result of the investigation, the OPC recommended that Home Depot:

  • cease disclosing the personal information of customers requesting an e-receipt to Meta until it is able to implement measures to ensure valid consent;
  • implement measures to obtain express, opt-in consent from customers prior to sharing the information with Meta, should it resume the practice; and
  • ensure meaningful consent by providing customers requesting an e-receipt with key information regarding its sharing of information with Meta at the point of sale, and by strengthening its privacy statement to include a detailed explanation of its practices and how customers can withdraw consent.

It will be interesting to see if Home Depot complies with this. Because now that this is out there, Home Depot is going have to deal with customers who do not trust them. And that’s not a good place to be in.

Leave a comment »

NIST Releases AI Risk Management Framework

Posted in Commentary with tags on January 26, 2023 by itnerd

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Artificial Intelligence Risk Management Framework (AI RMF 1.0) today, a guidance document for voluntary use by organizations designing, developing, deploying or using AI systems to help manage the many risks of AI technologies. A press release has the background on this:

The AI RMF follows a direction from Congress for NIST to develop the framework and was produced in close collaboration with the private and public sectors. It is intended to adapt to the AI landscape as technologies continue to develop, and to be used by organizations in varying degrees and capacities so that society can benefit from AI technologies while also being protected from its potential harms.

“This voluntary framework will help develop and deploy AI technologies in ways that enable the United States, other nations and organizations to enhance AI trustworthiness while managing risks based on our democratic values,” said Deputy Commerce Secretary Don Graves. “It should accelerate AI innovation and growth while advancing — rather than restricting or damaging — civil rights, civil liberties and equity for all.” 

Interesting. Christopher Prewitt, CTO of Inversion6 had this comment:

There is a significant amount of motivation to get ahead of Artificial Intelligence. As we know, governments are often slow to develop guidance, laws, executive orders around technology. The focus of this technology and frankly all new technologies are around the value they create and the risks are often not identified or focused on. The NIST AI Risk Management is attempting to provide a structure around the risk identification and management processes, so organizations can more safely develop new AI based solutions.

I’ll be interested to see where this goes as AI is very much a top of mind topic at present.

Leave a comment »

An Experian Glitch Exposed ALL Consumer Credit Files For SEVEN WEEKS Was Only Brought To The Attention Of Consumers This Week… WTF?

Posted in Commentary with tags on January 26, 2023 by itnerd

Brian Krebs has a mind blowing story on his website that you simply must read. It revolves around consumer credit reporting bureau Experian and an issue that Krebs found and reported to the company. Here’s the TL:DR of what happened from the story:

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.

The implication of this is staggering as this information could be used to launch all sorts of identity theft campaigns. Which is not only bad, but the worst case scenario possible. And the fact that only this week Experian told consumers is an absolute #fail.

Jack Nichelson, CISO of Inversion6 added this commentary:

The fact that Experian waited over seven weeks before notifying customers of the security risk is a serious concern. This delay in notification put customers at risk of identity theft and financial loss. By waiting so long to notify customers, Experian gave identity thieves ample time to access and potentially misuse customer information.

Furthermore, the fact that the security vulnerability persisted for nearly a month is also a cause for concern. This indicates that Experian’s security systems were not effectively detecting or addressing the issue in a timely manner.

This incident highlights the importance of prompt and transparent notification in the event of a security breach. Customers have a right to know if their personal and financial information has been compromised so they can take steps to protect themselves. Additionally, this incident raises questions about the effectiveness of Experian’s security systems and the company’s overall commitment to data privacy and security.

What needs to happen here is there needs to be an investigation from the appropriate government agencies as to the behaviour of Experian in this case. Because quite frankly this is unacceptable and needs to be addressed in the strictest possible way.

Leave a comment »

BenQ Announces New High Performance Monitors

Posted in Commentary with tags on January 26, 2023 by itnerd

With many of us back to work, it’s likely that our screen time has increased significantly since the holidays. 

Veterans in the monitor industry, BenQ is constantly at the forefront of new technology features that only better the user experience for individuals reliant on their monitors, such as entrepreneurs, tech experts, graphic designers, and illustrators.

BenQ has developed eye-care technology, that puts eye-care safety at the forefront. Below is a round-up of BenQ’s monitors that offer brightness intelligence+, brightness intelligence, low blue light, low blue light+, and a flicker-free experience. This advanced technology acts as a safeguard for the eyes filtering out harmful lights that cause eye damage.

GW2485TC | 23.8″ 1080p Eye-Care IPS USB-C Monitor ($299.99 CAD)

  • Noise cancellation microphone minimizes distractions
  • USB-C & daisy chain 
  • Coding mode for easy readability and coding efficiency
  • Ergonomic design with slim bezel
  • Available online at amazon.ca

EX270QM | MOBIUZ 1ms 27″ IPS 240Hz QHD Gaming Monitor ($1,029.99 CAD)

  • 27-inch 2560 × 1440 16:9 IPS 240Hz Gaming display
  • HDRi and true sound audio by treVolo deliver immersion
  • 1ms GTG and AMD FreeSync™ Premium Pro for smooth gameplay
  • Available online at amazon.ca

PD3420Q34-inch 2K WQHD P3 USB-C Mac® Compatible Designer Monitor ($1,029.99 CAD)

  • 34-inch LED 21:9 ULTRAWIDE, 33% extra screen real estate for video editing
  • USB-C synchronizes images, videos and data seamlessly, and can charge your mobile devices with an all-in-one cable
  • Equipped with 98% Display P3 color space
  • Available online at amazon.ca

Leave a comment »

Geotab joins the United Nations Global Compact

Posted in Commentary with tags on January 26, 2023 by itnerd

Geotab Inc., a global leader in connected transportation solutions, today announced it has joined the United Nations Global Compact initiative (UN Global Compact) — a voluntary leadership platform for the development, implementation and disclosure of responsible human right, labor, environmental and anti-corruption business practices. 

By joining the UN Global Compact, Geotab is committed to taking accountable business action and supporting universal sustainability principles. The UN Global Compact is a call to companies everywhere to align business operations and strategies with ten universally accepted principles, and to take accountable action in support of UN goals and issues embodied in the Sustainable Development Goals (SDGs). Launched in 2000, the UN Global Compact is the largest corporate sustainability initiative in the world, with more than 15,000 companies and 3,000 non-business signatories based in over 160 countries, and more than 70 local networks. 

Geotab is committed to social sustainable governance, and has invested in initiatives to ensure the company and its customers can attain high reaching goals in corporate responsibility. A signatory of the Climate Pledge and with its carbon emissions reduction targets validated by the Science Based Targets initiative (SBTi), Geotab published its inaugural Sustainability Report in 2021, and published its 2021 GHG Emissions Report in October of 2022, showing climate action and moving the company toward a more sustainable future.

Geotab is a global leader in connected transportation solutions. We provide telematics – vehicle and asset tracking – solutions to over forty thousand customers in 150 countries. For more than 20 years, we have invested in ground-breaking data research and innovation to enable partners and customers, including Fortune 500 and public sector organizations, to transform their fleets and operations. We connect to over 3.2 million vehicles and process more than 55 billion data points a day so that customers can make better decisions, increase productivity, have safer fleets, and achieve their sustainability goals. Geotab’s open platform and Marketplace, offers hundreds of third-party solution options. Backed by a team of industry leading data scientists and AI experts, Geotab is unlocking the power of data to understand real-time and predictive analytics – solving for today’s challenges and tomorrow’s world. To learn more, visit www.geotab.com.

Leave a comment »

#PSA : You Should Avoid Buying Samsung 990 Pro SSDs As They Appear To Die Far Faster Than Normal

Posted in Commentary with tags on January 26, 2023 by itnerd

If you’re an owner of the new Samsung 990 Pro SSD, or you’re thinking of buying one, you might want to pay attention to this Neowin story that seems to indicate that these drives have a problem. They die far quicker than they should:

When you buy the fastest flagship SSD on the market, you expect a certain level of reliability and confidence from its performance, but things can and do go wrong sometimes, and customer support is paramount at instilling continued confidence in the brand. This has typically been the case for past Samsung drives, actually, even the non-flagship models have been highly reliable and perform excellently with very few that I have seen needing an RMA.

Colour me with sadness when within just a couple of days of buying the 990 Pro 2TB, I noticed that the drive health according to SMART data from both Samsung Magician and third party tools had dropped to 99%. For the record I have other Samsung SSDs with over 40TB written and still at 99% health 1.5 years later, so I knew this was not normal.

Within another day or so it had dropped to 98%, by this point I’d not even written 2TB to the drive. Fast forward a couple more days and the drive health was sitting at 95%.

To reiterate, what is being described here is not in the same universe as normal. So the writer of this story sent the drive back to Samsung, only to have the drive returned to him claiming that there was no defect found. Which if this was an isolated incident, you could say that might be the case, even though it’s clearly not. But it’s not an isolated case:

Around the same time I posted to OcUK and reddit to see if others had seen the same problem, as it turns out, they had, and there is a lengthy thread over at Overclock.net about it.

And:

More owners of the 990 Pro have come forward reporting degraded health reporting in another reddit thread, this time in the r/hardware subreddit.

So this isn’t an isolated problem. And once this story got out there, Samsung changed course:

Samsung’s RMA division, Hanaro, have reached out and offered to A) Replace this SSD, and B) Try to replicate the problem. Quite why both of these options were not on the table before the issue became public is a mystery. We still request that readers continue to share their 990 Pro drive health stats and what region of the world they are in so that a better overall picture can be drawn of what appears to be a potentially developing situation.

I would agree with that and go one step further. If you’re looking to put an SSD into your latest PC build, avoiding this drive entirely would be my advice as clearly it has issues that Samsung either hasn’t gotten to the bottom of, or is looking the other way until they’re forced to deal with it. And this is happening after the previous generation drive the 980 Pro had issues as well. Clearly something is wrong over at Samsung as consumers should not be Samsung’s QA department. And until Samsung comes out with a root cause analysis along with detailing how they are going to ensure that stuff like this isn’t going to happen in the future so that consumers can trust their SSDs, I’d be steering clear of all of their SSDs to be safe. After all, it’s your data on those SSDs and your data is vaulable.

Leave a comment »

Hackers Offering Fake Jobs To Students In A Credential Harvesting Campaign: Avanan

Posted in Commentary with tags on January 26, 2023 by itnerd

Researchers at Avanan, a Check Point Software Company, have taken a deep dive into their latest analysis on how hackers dangle fake money-making opportunities at students in exchange for harvested credentials. 

In the newest phishing campaign, emails from legitimate accounts that hackers took over were sent to students offering a remote, part-time job with an enticing salary. Students were encouraged to click on the provided link, which ultimately redirected them to a credential-harvesting page.

You can read this research here. And I’d be passing this along to anyone within the hackers target group so that they can protect themselves.

Leave a comment »

Threat Analyst Finds 91% Increase in Counterfeit Currency On Underground Markets

Posted in Commentary with tags on January 26, 2023 by itnerd

With increasing sanctions against cryptocurrencies, deflating value and increased attention from law enforcement, cryptocurrency is still the top vehicle for cybercriminals to launder money. Surprisingly, the Dark Web is swarming with counterfeit currency/banknotes impacting individuals and businesses on a large scale.

According to a new report from Dov Lerner, Head of Threat Research at Cybersixgill, there was a 91% increase in the number of deep and dark web market listings advertising counterfeit banknotes, with the top 10% of cybercriminals posting on it dominating 80% of the conversation.

You can read the full report here.

Leave a comment »

« Older Entries