Archive for May 18, 2023

KAYAK’s ChatGPT Plugin Rolls Out To All Canadian Plus Users

Posted in Commentary with tags on May 18, 2023 by itnerd

After a controlled rollout in April, all ChatGPT Plus subscribers can take advantage of the KAYAK plugin and use AI to power personalized recommendations for travel.

With KAYAK data released last week showing overall flight searches up a whopping 77 per cent in Canada*, this new and more conversational way of planning your next trip becomes a convenient way for Canadians to plan their summer vacation early and expand their chances to find the best flight, hotel and car deals.

Using KAYAK’s plugin is easy, simply type into ChatGPT: “Plan a trip for me from August 1 through August 4 to Orlando, Florida with a $1,500 budget for a family of 2 with a rental car” and voila! Flight, hotel and rental car options are mapped out in seconds and ready to book. 

Methodology

*Flights: KAYAK considered round trip, economy flight searches between 1/1/2023 – 3/31/2023 for travel dates 5/20/2023 – 9/5/2023. For YoY comparison, the same search and travel dates were used in 2022. Prices are in CAD and are on average and subject to change. Destinations were removed based on certain search thresholds and travel advisories in place.

Leave a comment »

Rogers Has Issues For The Second Day In A Row… This Time It’s With MMS… And I Have An “Update” To Their Ongoing Mail Issue

Posted in Commentary with tags on May 18, 2023 by itnerd

I’ve gotten a couple of calls from clients of mine who are having issues sending MMS messages on the Rogers. I did a search of Twitter and found this:

Rogers appears to know about the issue based on this. But there’s no ETA to resolution as of yet.

So if you’re having this issue, you’re not alone it seems. This really makes Rogers look bad given what happened to some of their customers yesterday, and their ongoing email issues. UPDATE: This is now fixed.

Speaking of Rogers email issues, here’s a quick refresher in case you’re new to the issues with Rogers email service that have been going on for months:

  • I first reported on issues with Rogers email, and the inability to generate app specific passwords to allow users of Rogers email to use email clients like Outlook and Thunderbird on March 7th.  
  • This issue dragged on for months. There is a workaround, but that workaround is sub optimal to say the least. And as this issue dragged on into April, I was left with no other option than to recommend to my many clients who are affected by this to dump Rogers as their email provider.
  • Rogers has sort of admitted that there is an issue. But it took them a very long time to do that and there is currently no ETA to resolution. Even though we’re now into mid-May which makes it over two months since this issue first surfaced.

Now that you’re up to speed, while researching this MMS issue I came across this on Twitter :

Interestingly enough, Rogers replied. And they did so in detail and without using their usual canned responses that people hate:

I have to ask, what does “update this feature” mean? Does it mean that they are trying to find a way to go back to using a singular password like every other email service on the planet is capable of? Does it mean that they’re trying to fix the app specific password system that has been broken for months? Or are they working on something new? For example using OAuth instead of app specific passwords? Who knows what Rogers is or isn’t working on because they have not said much of anything. That leaves their customers who are affected by this issue in the dark and fuming. And I can’t say that I blame them as Rogers really have screwed up the handling of this issue.

I’ve said this before and I will say it again, because Rogers isn’t communicating if or when this issue will be fixed, your best course of action is to dump Rogers as your email provider. Clearly Rogers can’t help you to use your email using the tools you want to use, be it Outlook or some other email client as they can’t resolve this issue. And they won’t communicate to affected customers what they are going to do to get this issue resolved. Thus your only option is to dump them. In my opinion you don’t have any other choice as Rogers simply cannot be relied upon when it comes to email. And perhaps more based on their recent track record.

Leave a comment »

New Study Shows 38% Of Respondents Believe Email As Communication Channel Most Vulnerable To Attacks

Posted in Commentary with tags on May 18, 2023 by itnerd

Leading research firm Enterprise Strategy Group (ESG) and email security company Armorblox released the results of a research survey of 490 IT and security professionals with a focus on the challenges organizations face in securing the abundance of communication and collaboration tools used today. 

Results of the study showed that the majority of organizations use six or more communication tools, across channels, with email remaining the channel seen as the most vulnerable to attacks (38%).

Even though email has advanced over time, it still has significant weaknesses in terms of security. According to 38% of survey respondents, email is considered the most vulnerable channel for threat actors. This notes the substantial risk associated with email communication and the constant vulnerabilities of outdated security tools against advanced threats.

Key findings of the survey:

  • 39% of respondents stated spam/malware and 34% of respondents stated phishing/spear phishing/malicious links evaded security controls
  • 27% of respondents stated misaddressed emails slipped past native security layers
  • 26% of respondents indicated threats that penetrated security controls included wire transfer fraud, payroll fraud, payment fraud, other BEC attacks
  • 23% of respondents stated internal account compromise/takeover was the result of threats bypassing legacy layers
  • 23% of respondents indicated threats resulted in unintentional sensitive data leakage

For the full analysis on challenges organizations face in security communication channels, download the ESG report here.

Leave a comment »

Dasera Names Terry Hill As Chief Revenue Officer

Posted in Commentary with tags on May 18, 2023 by itnerd

Dasera, the premier data security platform specializing in automated data security and governance solutions for top-tier finance, healthcare, and technology enterprises, today announced the appointment of Terry Hill as Chief Revenue Officer. With Dasera’s recent successful Series A funding, Hill will play a pivotal role in driving the company’s sales efforts, expanding its customer base, and fostering revenue growth to help Dasera reach the next stage of success.

Bringing over 25 years of experience in the technology sector, including notable roles as CRO at Orca Security and head of sales at Fastly, Hill has a proven track record of success. At Fastly, he played an instrumental role in the company’s growth journey, from a B Round start-up to a successful IPO, while holding leadership positions in sales, marketing, finance, and operations at AT&T.

Dasera’s data security platform fosters a culture of trust, collaboration, and innovation, creating data-driven environments. Its solution empowers organizations to unleash the full potential of their data confidently, maintaining a competitive edge in the ever-evolving landscape.

As the world migrates to the cloud, modern data security and governance teams grapple with data sprawl, generating exponential governance challenges, security issues, compliance violations, and data misuse. Today’s organizations require a comprehensive security and governance solution that proactively manages their data risk posture on-prem and cloud environments.

Dasera empowers organizations to harness their data securely, providing automated data security and governance controls for on-prem and cloud environments. Balancing data accessibility with minimized risk, Dasera offers contextualized visibility and understanding of the four data variables: Data infrastructure, data and its attributes, data users, and data usage. With real-time monitoring, an open platform standard that integrates and ingests context from any tool, and cross-functional workflows that streamline the incident response process, Dasera detects and remediates potential data misuse or leaks, ensuring safe and compliant data-driven decision-making.

As AI technologies like ChatGPT-4 continue to advance, companies will increasingly give in to temptation and rely on these tools for various tasks, including processing and analyzing sensitive data. Dasera’s automated data security and governance controls can help identify inappropriate usage of sensitive data – such as an analyst at a financial services firm using ChatGPT-4 to process customer financial records – enabling organizations to maintain visibility and control over their data assets, bolstering their overall data security posture, even in the face of advanced AI solutions and potential internal threats.

For a comprehensive understanding of Dasera’s data security platform, explore firsthand insights from our valued customer, Omada Health, or read their latest white paper to discover essential strategies for navigating the complexities of data management, culture, and security.

Leave a comment »

It’s Official – Montana Bans TikTok

Posted in Commentary with tags on May 18, 2023 by itnerd

After being passed by lawmakers in the state recently. Montana is now the first U.S. state to ban TikTok after Montana Governor Greg Gianforte signed legislation to ban the app from operating in the state:

Montana will make it unlawful for Google and Apple’s app stores to offer TikTok within the state, but will not impose any penalties on individuals using the app. The ban is to take effect Jan. 1, 2024, and is almost certain to face legal challenges.

It will be interesting to see how long it takes for the first lawsuits to be filed. I’m guessing that it will be filed by TikTok based on this:

Earlier, TikTok issued a statement saying that the new law “infringes on the First Amendment rights of the people of Montana by unlawfully banning TikTok,” and said it will “continue working to defend the rights of our users inside and outside of Montana.”

You can understand why TikTok would take that position. They don’t want laws like this to spread like wildfire. Nor do they want the US government to do the same thing. My guess is that this is about to blow up as this is a crisis for the Chinese owned social media app.

1 Comment »

New BEC 3.0 Variant Uses Dropbox in Phishing Attack Exploiting Resume PDF and Malicious OneDrive File

Posted in Commentary with tags on May 18, 2023 by itnerd

Avanan, a Check Point Software Company, has releasee a report unveiling a new BEC 3.0, leveraging reputable services like Dropbox to distribute phishing content and exploit unsuspecting victims. The hackers initiate the attack by sharing a Dropbox link to a resume PDF. When recipients click on the link, they are directed to a page hosted on Dropbox. This initial communication, appearing to come from Dropbox, may seem harmless due to the platform’s credibility. 

However, the hackers’ utilization of the site introduces malicious intent. Once users click on the link and enter Dropbox, they are presented with a page where they must input their email account and password to view the document. At this stage, the hackers obtain users’ email addresses and passwords, even if the users choose not to proceed further.

After submitting their credentials, users are redirected to another site that hosts a malicious URL. Although the URL originates from a legitimate source, the content displayed on the page raises concerns. Users encounter a webpage that mimics OneDrive, and if they click on the provided link, a malicious file is downloaded.

You can read more about this BEC 3.0 attack here.

Leave a comment »

Rogers Took A Dirt Nap In Central Ontario…. But Everything Is Fine Now

Posted in Commentary with tags on May 18, 2023 by itnerd

From the “we don’t need the bad press department” comes news that Rogers had a major outage in central Ontario that took out all their services. This was the view from Down Detector:

As you can see, Rogers had major issues between noon and 4PM yesterday where Internet, phone, TV, and landline phone were not working. It’s not clear what caused the outage. But I am sure that we’ll never find out as Rogers doesn’t communicate that info. But I can say that this latest outage with one of Canada’s largest telcos doesn’t make them look good.

1 Comment »