Archive for March 27, 2023

Commvault Earns 5-Star Rating in 2023 CRN Partner Program Guide

Posted in Commentary with tags on March 27, 2023 by itnerd

Commvault, an enterprise data protection leader for the complex and mission critical hybrid environments of today’s global businesses today announced its prestigious 5-star rating for the Commvault Partner Advantage program in the 2023 Partner Program Guide from CRN, a brand of The Channel Company.

According to CRN, Commvault earned the 5-star rating for going “above and beyond” in its “commitment to nurturing strong, profitable, successful channel partnerships.” Knowing which partners you can trust is critical for the channel community, especially when assessing which IT manufacturers, service providers, and distributors to do business with. Partnering with vendors like Commvault brings with it world-class technology solutions with unmatched breadth and depth, strong financial incentives, sales and marketing assistance, training and certification, technical support, and more – all important elements that can set a vendor apart and play a key role in boosting partners’ long-term growth.

In the 2023 CRN Partner Program Guide, vendors were evaluated based on program requirements and offerings such as partner training and education, pre- and post-sales support, marketing programs and resources, technical support, and communication.

Commvault’s Partner Advantage program has received a 5-star rating in the CRN Partner Program Guide for the last 10 years. Key tenants of the program center around Commvault’s dedication to helping its partners simplify their offerings, solve high-value customer problems to stay competitive, and evolve their business for exponential growth. Through the Commvault Partner Advantage program, partners can leverage Commvault’s world-class technology, in-depth tools, and tactical support needed to level up every one of their customer engagements and achieve next-level success—on-prem, in the cloud, at the edge, and everywhere in between.

The 2023 Partner Program Guide will be featured in the April 2023 issue of CRN and online at www.CRN.com/PPG.

Leave a comment »

Mujjo Releases New Laptop Sleeves

Posted in Commentary with tags on March 27, 2023 by itnerd

Mujjo has released a pair of laptop sleeves can help protect laptops such as the new M2 MacBook Pro models that were recently announced.  

First up, the Portfolio keeps business essentials well organized and at hand. Perfect for meetings, and working on a plane or train.

A few highlights:

  • All-weather protection: Made from lightweight and durable waterproof fabric, created from recycled plastic.
  • Easy access: separate section for a 16-inch laptop, and multiple pockets for accessories.
  • Available for €95 | £95 | $95 on mujjo.com and Amazon

Next is the Envoy Laptop Sleeve. They’ve worked hard on the details so you don’t have to. This lightweight and durable sleeve is designed to hold a MacBook Pro — available for both 14-inch and 16-inch models. Available in black and navy. 

A few highlights:

  • In-sleeve charging for your laptop
  • Magnetic side-opening that expands to hold your accessories
  • Expandable opening to fit larger-bulk items like your charger (and when it’s empty, the pocket remains slim)
  • Available for €95 | £95 | $95 on mujjo.com

Leave a comment »

Here’s Some More Information About Rogers Ongoing Email Fiasco

Posted in Commentary with tags on March 27, 2023 by itnerd

As I type this, it is March 27th and there’s still no resolution to the issues that Rogers has with their email offering. For those of you who are new to this, let me recap the sequence of events that has ben ongoing for almost the last month:

It started as a general outage, but what has dragged on for weeks is an issue with email. Anyone who uses Rogers email service (in other words they have a @Rogers.com address) cannot get their email. This is in part due to the fact that Rogers requires users to create  App Specific Passwords via Rogers Member Center on each program or device that an email address is used on. The creation of new app specific passwords doesn’t work and existing app specific passwords appear to have been deleted in many cases. That pretty much breaks your applications that rely on them. There is a workaround, but that workaround is sub-optimal because viewing mail through a web browser is not the best experience. Especially on a smart phone. And they’re the fact that you might have to call Rogers to get someone to reset your email password if you don’t know what it is. The problem with that is that since this fiasco began, Rogers wait times to speak to someone have gone through the roof. Making that a sub-optimal experience as well for Rogers customers.

Now I’ve been asking my sources inside Rogers about this whole fiasco, and they’ve told me on background that this is entirely a Rogers issue that they have yet to figure out. Specifically with the underpinnings of their App Specific Password system which is bolted onto their email service which is provided by Yahoo. I’ll have more on Yahoo in a moment. But you’re likely wondering why Rogers uses App Specific Passwords in their email offering. Here’s the answer: Security.

If a threat actor manages to get your password, and that same password is used on all the mail clients that you use, the threat actor in theory has access to your email on any device. That would be the case with the majority of email systems out there. But by using App Specific Passwords, where every email client and/or device has a unique password, any sort of pwnage that a threat actor does is limited to the one device or application. At least in theory.

Sidebar: One of the ways that you can best protect yourself online is to use completely different password for each and every service that you use as that follows the logic that Rogers is using here.

My problem with this App Specific Password scheme by Rogers is that it adds a layer of complexity that most users have problems dealing with as going to the Rogers Members Center and generating a password to use with your email client and/or of choice is easy for someone like me, but complex for many of Rogers customers. And I have to admit, I do make a fair amount of money from this because I often get phone calls for help when a customer gets a new laptop or smartphone, and they want to get their email on it. In short,Rogers implementation of App Specific Passwords isn’t something that some Rogers customers can easily understand. If Rogers wanted to improve the security of their email service, my suggestion would be to enforce the use of complex passwords. For example, “password” is less secure than “P@$$w0rd” because the latter has special characters, a number and a capitalized letter that make the password harder for a threat actor to brute force or guess. I also assume that this would be easier for Rogers to implement, less likely to run into the issues that we’ve been seeing for the last month, and most importantly it would be secure.

Now if that’s not bad enough, there’s also the fact that the underpinnings of Rogers mail service is Yahoo. A company who doesn’t exactly have the best track record when it comes to privacy and security. And I suspect the latter is the reason why Rogers decided to bolt on App Specific Passwords to what Yahoo offers. In terms of the former, Rogers themselves got caught up a change to Yahoo’s terms of service back in 2018 where Yahoo had tried to give themselves the right to do whatever they wanted with your email. While Yahoo did eventually walk that back for Canadians, it didn’t end well for Rogers as it left a bad taste in the mouths of a lot of their customers.

Now I am continuing to monitor this as I now have over three dozen clients who are affected by this… And counting. And I am continuing to publish updates on this because somebody needs to bring this issue and Rogers continued silence on this problem to light. Plus since you can’t forward your email to another provider, or export it entirely so that you have a local copy of it, Rogers email users are stuck with Rogers until they figure out how to fix this. Though I will admit to working on a way to export Rogers email so that my clients who want to dump Rogers for another ISP, but want a copy of their email have an option to accomplish that. If I get something that is workable on Mac and PC, I will publish it here. In the meantime, for the sake of Rogers customers, I hope that one of Canada’s largest telcos gets its act together and figures this out. Because as I type this, Rogers has handled this whole situation quite poorly. Which frankly isn’t a surprise given their recent track record with how they handle major outages.

2 Comments »

Elon Musk Discloses That Twitter Is Worth Less Than Half Of What He Bought It For…. While Twitter’s Source Code Leaks

Posted in Commentary with tags on March 27, 2023 by itnerd

Elon Musk paid $44 billion USD for Twitter. And many said at the time he overpaid. But according to Musk, Twitter at present is worth less than HALF of what he paid for it:

Twitter is now worth just $20billion — less than half of what Elon Musk paid for it six months ago, the world’s richest man told his employees.

In a company-wide email on Friday, Musk said the social media giant has lost so much money in recent months that it is now worth jut $20billion, a whopping $24billion less than what he purchased it for in October.

He then went on to defend his decision to lay off thousands of employees in the months since he took the helm of the company, and sell off a variety of merchandise in recent auctions — claiming that Twitter was once just four months from being bankrupt.

That’s mind blowing. Sure Twitter wasn’t worth $44 billion. But prior to his purchase it was worth more that $20 billion via some quick Googling that I did. That illustrates how much he’s really screwed up here to tank the value of the company by that much money.

Oh yeah, there’s also this:

In his company-wide email on Friday, obtained by the New York Times, Musk defended his decisions to lay off massive swaths of employees, saying the ‘radical changes’ to the company were necessary to save money.

He claimed that Twitter should be looked at as an ‘inverse start-up’ as he tries to rebrand the company, saying: ‘Twitter is being reshaped rapidly.’

And if his efforts are successful, Musk suggested that Twitter can one day be worth $250billion.

His remarks came as he explained the new stock compensation package he is offering to the less than 2,000 employees still left at the company.

Under his plan, Twitter employees will receive stock grants for the company he established to buy the social media platform — the X Corporation — which will operate under the $20billion estimate.

Workers will then be able to sell and cash in on their privately-held stocks every six months. 

Doing so, he said, would allow employees to have ‘liquid stock, but without the stock price chaos and lawsuit burdens of a public company.’

Musk has previously implemented a similar program at his Space X firm. 

I don’t know what drugs Elon is smoking. But nothing that he’s done with Twitter indicates that this company will be worth $250 billion in the future. In fact I would say that Elon has sent Twitter’s valuation in the other direction. Clearly Elon is either stoned or delusional. Perhaps both.

Strangely, the fact that he’s tanked Twitter’s value by over 50% isn’t his worst problem at the moment. This is:

Parts of Twitter’s source code, the underlying computer code on which the social network runs, were leaked online, according to a legal filing, a rare and major exposure of intellectual property as the company struggles to reduce technical issues and reverse its business fortunes under Elon Musk.

Twitter moved on Friday to have the leaked code taken down by sending a copyright infringement notice to GitHub, an online collaboration platform for software developers where the code was posted, according to the filing. GitHub complied and took down the code that day. It was unclear how long the leaked code had been online, but it appeared to have been public for at least several months.

Twitter also asked the U.S. District Court for the Northern District of California to order GitHub to identify the person who shared the code and any other individuals who downloaded it, according to the filing.

Twitter launched an investigation into the leak and executives handling the matter have surmised that whoever was responsible left the San Francisco-based company last year, two people briefed on the internal investigation said. Since Mr. Musk bought Twitter in October for $44 billion, about 75 percent of the company’s 7,500 employees have been laid off or resigned.

The executives were only recently made aware of the source code leak, the people briefed on the internal investigation said. One concern is that the code includes security vulnerabilities that could give hackers or other motivated parties the means to extract user data or take down the site, they said.

Well, this is a huge problem for Elon as anyone who can grab this code from GitHub and evade detection by GitHub as to downloading this code, which frankly someone singular or plural is going to evade detection by GitHub, is going to have the means to make life a living hell for Twitter and Elon. Threat actors would be able to launch attacks on Twitter at will, then rinse and repeat as Twitter will only be able to close the attack vector that was used in any one attack. To have any hope of stopping this, Twitter would have to do a full code review to even begin to close any of the possible attack vectors that they can find. And even then they won’t get all of them as threat actors would be one step ahead of them. Not to mention that threat actors would likely come up with attacks that Twitter would never envision based on what they find in the source code. It’s the ultimate game of “whack a mole” where Twitter is always going to be on the losing end of it.

If you’re one of the few people who are still on Twitter, you might want to buckle up. Because I suspect that things are about to get very bumpy. And Elon is going to be having a number of sleepless nights in the weeks ahead.

2 Comments »

Guest Post: Russia-backed hackers target government and IT organizations in Ukraine

Posted in Commentary with tags on March 27, 2023 by itnerd

Data presented by Atlas VPN reveals that Russian hackers have been targeting Ukraine’s and its allied countries’ government and IT organizations with ever-increasing sophistication.

The Russian government is believed to be behind the attacks, as they appear to be well-funded and well-organized. The cyber attacks have been aimed at stealing sensitive information, disrupting systems, and causing chaos in the targeted countries.

According to the recently published Microsoft Threat Intelligence report, the government sector was by far the most targeted sector by Russian state-affiliated hackers between February 2022 and January 2023. 

The team at Microsoft discovered 46 organized cyber attacks on various government bodies.

Russian threat actors were also interested in IT & communications companies, launching 17 attacks within the last year. 

The energy sector was also among the industries most targeted, as they were subject to 16 cyber attacks. 

A suspected Russian threat actor named IRIDIUM initiated several phishing activities between January 12 and January 28 of 2023, to access accounts at Ukrainian businesses in the defense and energy sectors.

This aligns with the traditional targets of Russian cyberattacks in Ukraine since the energy sector provides a significant portion of Ukraine’s revenue, and the government and telecommunications industries are key components of national security.

Russian hackers have been using a variety of tactics to infiltrate government and IT organizations. One of the methods used is spear-phishing, which involves sending emails with malicious links or attachments that, when clicked, infect the targeted computer with malware. 

The attacks have become increasingly complex over time, with hackers using advanced techniques such as zero-day exploits, which are vulnerabilities in software that are not yet known to the software vendor.

One of the most concerning aspects of these attacks is the potential for damage to critical infrastructure. Russian hackers have already targeted the energy and transportation infrastructure in Ukraine. 

Attacks outside of Ukraine

The Ukrainian government and IT organizations are not the only targets of these attacks. Russia has also targeted companies in other countries, including NATO member states, to play havoc with their operations and gain access to classified information.  

Between February 23, 2022, and February 7, 2023, Microsoft observed Russian nation-state threat activity against organizations based in 74 countries, excluding Ukraine.

According to the amount of recorded threats, EU and NATO member countries—particularly those on the eastern flank—dominate the list of the top 10 most targeted states.

In the 74 countries they attacked, Russian threat actors were particularly interested in government and IT sector firms, much like in Ukraine.

Government and IT & communications sectors suffered from 100 and 51 cyber attacks, respectively. 

Hackers corrupt IT businesses to leverage trusted technical ties and gain access to those firms’ clients in government, policy, and other sensitive institutions.

Hackers paid a lot of attention to the activities of various non-profit organizations and tried to disrupt their efforts by launching 31 cyber threats within the past year. 

Sophisticated cyber attacks were launched on companies in the education and energy sectors, with 16 threats targeting each. 

To read the full article, head over to: https://atlasvpn.com/blog/russia-backed-hackers-target-government-and-it-organizations-in-ukraine

Leave a comment »