Archive for December 20, 2023

Tis’ The Season For Holiday Scams And Cyber Attacks: Tips From An Expert On How To Avoid Them From TELUS

Posted in Commentary with tags on December 20, 2023 by itnerd

To help Canadians avoid cyber risks and scams this season, Cybersecurity Expert and Director of TELUS Online Security, Leigh Tynan, has rounded up a few top scams of the holidays, and her tips & tricks to avoiding them below. 

Top Holiday Scams to Avoid:

  • Shopping scams – watch out for unfamiliar websites offering low-cost items – if an offer seems too good to be true, it probably is. Scammers may never ship the item you purchased and keep your payment information to rack up unauthorized purchases.  
  • Lottery, sweepstakes, and charities – It’s important to be suspicious if you are ever asked to pay taxes or fees to the CRA on lottery or sweepstakes winnings – get more information about the charity, including whether or not they are registered with the CRA.
  • Emergency scams: If a supposed loved one is reaching out for financial help around the holidays, make sure you confirm their identity by hanging up the phone and calling them back directly.

How to Protect Yourself this Season:

  • Be mindful of “unboxing” day – Electronic devices are very popular gifts during the holiday season. It may be tempting to start using your new device right away after unboxing, but make sure you take the time to set up the appropriate security measures to protect any device against cyber threats.
  • Monitor your financial accounts regularly to ensure all activity is yours, especially with increased holiday transactions.
  • To help make cyber safety easy, TELUS Online Security offers a simple solution to help prevent cyber threats, help detect and alert you when you’re at greater risk, and help you recover if the worst happens. 

Leave a comment »

Are Giants Hiding Behind “App Store Security?” New Approov Blog Discusses This

Posted in Commentary with tags on December 20, 2023 by itnerd

Approov, leaders in mobile app security, have just published:  Limitations of Google Play Integrity API (ex SafetyNet).

Given recent lawsuits on Google’s & Apple’s app stores, are the giants hiding behind “app store security” to rake in commissions, and if so, what might change? The Approov blog examines some of the security gaps that researchers have repeatedly found, and lists nine specific Google Play App Store security issues and gaps that impact integrity – all of which can be addressed in a less restrictive, more open marketplace. 

Ted Miracco, CEO of Approov, adds these comments: 

   “Google and Apple have faced increased scrutiny and legal action recently over their app store policies and alleged anti-competitive behavior. Google was found by a California jury to have engaged in anticompetitive conduct related to the Google Play Store on Android devices in their case against Epic Games. Additionally, Google settled a related lawsuit with over 30 US states for $700 million and agreed to changes in Play Store policies. Meanwhile, Apple faces ongoing appeals over a similar lawsuit brought by Epic Games regarding App Store policies for iOS devices.

   “These legal actions could bring significant changes to the mobile app ecosystems that are now controlled tightly by Google and Apple. The lawsuits have focused heavily on the 30% commission charged by the app stores, with plaintiffs arguing that this fee is excessive and only possible due to the app store operators’ monopolistic power. Forced reductions in this commission percentage could have major financial implications for Google and Apple.

   “Additionally, policy changes that enable alternative payment processing and easier sideloading of apps could threaten the dominance of both the Play Store and App Store. If third-party app stores can gain traction, bypassing the tech giants’ review processes and fees, it would reduce both their control and access to valuable end user data. 

   “Google and Apple have staunchly defended their walled garden approaches by arguing it provides critical security protections for users. For example, Google claimed its policies “retain strong security protections” in its recent $700 million settlement. Apple makes similar statements about App Store security safeguards. History indicates otherwise.

   “This is where mobile app attestation solutions like Approov come in. Approov provides advanced integrity checking of apps to verify they are genuine and untampered, while also checking the security integrity of user devices. By leveraging Approov across apps distributed through third-party stores, the security justification for restrictive policies rings hollow. App integrity and security can be maintained without the excessive control and fees imposed by Google and Apple.

   “The recent legal action could force app store policy changes and reduce the dominance of Google and Apple in mobile software distribution. And innovative technologies like Approov’s app attestation enables security confidence in alternative app sources, blowing holes through the app security arguments Apple and Google depend on to restrict competition. The results could be substantial shifts in power and revenue in the mobile app ecosystem.”

Leave a comment »

Flashpoint Offers An Analysis Of ALPHV’s Downfall In A Blog Post

Posted in Commentary with tags on December 20, 2023 by itnerd

The Flashpoint analyst team has written a blog late yesterday about the ALPHV/Blackcat downfall and crackdown on the ransomware group. The blog post makes for interesting reading about one of the most notorious ransomware groups.

You can read the blog post here:  https://flashpoint.io/blog/alphvs-downfall-crackdown-blackcat-ransomware/

Leave a comment »

YouTube Canada releases the Top Ads of 2023

Posted in Commentary with tags on December 20, 2023 by itnerd

Today, YouTube published its annual end of year ads leaderboard today, featuring the top 10 most popular video ads in Canada in 2023. See below for the full list as well as insights and trends that bubbled up from this year’s list to help guide advertisers on what it takes to stand out in the industry today. 

Canadian Top Ads

  1. Oppenheimer | New Trailer (Universal Pictures Canada)
  2. To summer in Quebec is to summer all out (Bonjour Québec)
  3. lululemon | Mens 2023 (lululemon)
  4. What I Wouldn’t Do (North Star Calling) – Artists for Feel Out Loud supporting Kids Help Phone (Kids Help Phone)
  5. Hyundai | We make WAH | Hyundai Canada (Hyundai Canada)
  6. RONA Black Friday (RONA Inc)
  7. Kingdom of the Planet of the Apes | Teaser Trailer (20th Century Studios Canada)
  8. Celebrating 30 years of wonder in Las Vegas | Cirque du Soleil (Cirque du Soleil)
  9. Élémentaire | Bande-annonce officielle (Walt Disney Studios Canada)
  10. Soba Noodle Masterclass at Blue Goose Farm | Packed Up (MATTY MATHESON, in partnership with YETI)

Notable Themes:

  1. Start with the story. Best practices matter, but it’s the creative—the insights, the story and how it’s told—that counts. It doesn’t hurt to make people laugh and lean into emotions. The best ads we’ve seen reflect the human experience and inspire. For example, set against a cover from local duo Mayfly, Bonjour Québec’s creative style is more an invite than an ad, bringing the magic of the province to life, and welcoming viewers to join in the experience.  
  2. Connect with your audience like a creator. People connect with brands that behave like creators, crafting work that’s unique to the platform it runs on, and reflects trends and styles, embraces fandom, and invites conversation and commentary. YETI’s work with Matty Matheson shows that partnering with creators can be the best way to tell your brand’s story in an authentic way to new audiences. 
  3. Create for YouTube, not TV. Storytelling formats and production styles have changed and brands are taking great advantage of YouTube’s unique canvas, blending non-traditional lengths and production styles with orientations like vertical Shorts for the greatest creative variety and results. This year, Kids Help Phone shows us a great example of taking time to tell the story by delivering an almost five minute, emotionally charged ad. And finally, we have RONA’s hilarious Black Friday ad, that resonated with Canadian consumers on a level no other Black Friday ad did.
  4. Canadians still love to be entertained. Every year we publish this list, movie trailers bubble to the top. Canadians go to YouTube to be entertained and to learn, and movies satisfy both of these desires. And movies also present an opportunity for adjacent storytelling and creativity. Canadians love movie trailers but we also love the dissection of a topic. We crave information about upcoming films to know more about the plot, behind the scenes, interviews, or easter eggs, and YouTube satisfies all our curiosities around a topic.

Leave a comment »

What Can Apple Do To Get Apple Watches Back On Sale In The US?

Posted in Commentary with tags on December 20, 2023 by itnerd

Tomorrow, Apple is going to start winding down sales of the Apple Watch 9 and Apple Watch Ultra 2 in the US to comply with an import ban that’s been slapped on them because they “borrowed” some patents that are owned by a company called Masimo. You can click here to get the details on that. But this isn’t trivial for Apple. This ban could cost Apple up to $400 million in sales this holiday season. Though I would say that there’s some rush buying going on right now which may blunt that somewhat. In any case, Apple needs to get this sorted quickly because they don’t want to leave that cash on the table. Thus the question is, what can Apple do to get this sorted? I think there are four possibilities that Apple has at their disposal. And I will rank them from most likely to least likely:

  • Pay Masimo: This is the most likely outcome. At some point Apple will have to come to the table and work out something where they license Masimo’s tech. Now from what I can tell hasn’t been interested in talking to Masimo. But I suspect that this will change the longer that this goes.
  • Hope That President Biden Saves Them: The fact that Apple is about to pull the Apple Watch from sale in the US is clearly a pressure tactic to get the public to push The White House to veto the ban. Now they’ve done this once before for Apple when Apple ran afoul of a bunch of patents owned by Samsung that Apple “borrowed” for the iPhone. But such vetos are rare. And while anything is possible, I don’t expect a veto to happen.
  • Find a workaround: The word on the street is that Apple is trying to find a software method to work around the patents that they “borrowed” from Masimo. The thing is, the patents in question are hardware patents. So I question if Apple could pull this off in a way that would keep the legal dogs at bay. Though I will say that anything is possible.
  • Pull the feature in the US: If Apple needs to get the Apple Watch back on sale, and any of the previous three options that I have presented aren’t feasible or workable, Apple might have no option but to pull the blood oxygen functionality from the Apple Watch. That would be a desperation move for sure. And honestly, it would not shock me if a class action lawsuit were filed by angry Apple Watch owners in the US who bought the watch with that functionality in mind if Apple did go that route. I really think that they would have to be in a dark place to go down that road.

What do you think? What should Apple do? Are there any options that you could come up with that Apple should explore? Leave a comment below and share your thoughts.

Leave a comment »

EnGenius Switch Extenders Now Shipping

Posted in Commentary with tags on December 20, 2023 by itnerd

EnGenius has announced that its first Switch Extender is now available for shipping. The EXT1105P Switch Extender will provide businesses with simplified installations, cost-effective connectivity, and reliable performance. The Switch Extender family can be paired with the EnGenius Cloud, which offers centralized management for all EnGenius devices, from APs to PDUs, enhancing efficiency and reducing costs through simplified onboarding, remote configurations, and self-healing power management. This series highlights EnGenius’ commitment to providing efficient solutions that cater to the evolving needs of businesses in various industries.

Powering Your Connectivity

The EnGenius Switch Extenders address the power challenges that many industries face head-on:

  • PoE Technology: Power is delivered through PoE switches, enabling flexible installations in remote areas without additional power outlets.
  • PSE Output Ports: Streamline network expansion by directly connecting devices like cameras, speakers, and access points to the extender.
  • Simplified Management: EnGenius Cloud provides centralized management for all EnGenius devices, including Switches, Access Points, Gateways, and PDUs, from a single platform.
  • Quick Onboarding: Simplified configuration templates eliminate the need for on-site visits, saving time and money.
  • VLAN Trunking: Easily extend network segmentation to individual units or rooms for enhanced security and privacy.

 Key Features:

  • Quick-scan device registration, remote monitoring, and troubleshooting
  • Real-time system metrics, analytics, and remote configurations
  • IGMP snooping for advanced multicast filtering and network efficiency
  • Spanning Tree (RSTP) for high availability and loop-free topology
  • Voice VLAN for fast, reliable deployment of VoIP services

The EXT1105P is now shipping and available for purchase through authorized EnGenius resellers and distributors, with the EXT1106 and EXT1109P to follow soon. For more information, visit https://www.engeniustech.com/switch-extenders.html.

Leave a comment »

Folio Photonics Shares Its 2023 Reflections & 2024 Predictions

Posted in Commentary with tags on December 20, 2023 by itnerd

The following “2023 Reflections and 2024 Predictions,” by Steve Santamaria, CEO of Folio Photonics, offers his thoughts on the evolving landscape of data management and technology. His analysis for 2023 highlights key developments in active archiving, green data center innovations, and the resurgence of optical data storage. Looking ahead, Santamaria predicts a shift towards more sustainable data management practices and a rise in the adoption of optical storage in 2024. These reflections and forecasts provide a valuable perspective for understanding the intersection of technology, business, and environmental responsibility.

2023 Reflections

  1. Greater Awareness of Active Archiving – 2023 witnessed an enhanced recognition of active archiving as a vital data management tier, particularly among hyperscalers. This emerging approach, aimed at managing substantial volumes of seldom-accessed data, gained traction due to its blend of accessibility and efficiency. Hyperscalers, driven by the demand for cost-effective, long-lasting, and actively accessible services, played a pivotal role in amplifying interest and opportunities in this area. For many organizations, active archiving became a key strategy in addressing the challenge of ensuring data availability while mitigating storage costs and space limitations.
  2. Green Innovations in Data Centers – A significant trend in data center technology was the drive toward sustainability. Innovations aimed at making data centers more energy-efficient and environmentally friendly gained prominence. This shift reflected a growing awareness in the industry of the need to reduce the carbon footprint of data storage and processing facilities.
  3. Rethinking Optical Data Storage – In 2023, there was a renewed interest in optical storage’s potential. This shift was largely due to a growing realization that existing data storage technologies were not adequately meeting market demands, especially in terms of reliability and sustainability. Optical data storage, with its inherent longevity and resistance to environmental factors, became a focus for innovation. Efforts were concentrated on overcoming its traditional limitations, such as low capacity and high costs. Emerging players in the market aimed at enhancing the storage density and data rate of multi-layer optical discs. This reinvigorated attention towards optical solutions highlighted its potential as a long-term data preservation option despite it not yet being a commercially dominant choice yet.

2024 Predictions:

  1. A Leap Towards Greener Data Management – 2024 is poised to bring significant strides in eco-friendly data handling. We can expect to see companies putting a greater emphasis on making data storage more efficient. This could involve streamlining how data is stored, embracing server virtualization, and moving towards advanced yet less power-hungry cooling systems. The goal here is twofold: to trim down data centers’ environmental impact and to shave off some of their operating expenses. There’s also going to be a tilt towards long-lasting, energy-smart storage options, such as optical storage, for a more sustainable data management approach.
  2. The Rise of Optical Storage in Active Archives – In 2024, there will be a transformation in how we store and archive data with the emergence of optical storage and an alternative to active archiving systems. This trend will be driven by the growing demand for storage solutions that are not only long-lasting and secure but also energy-efficient. The invention, giving rise to a new generation of Optical storage, will gain traction, especially in sectors where stringent data retention rules are in place, thanks to its durability and resistance to environmental wear and tear. By incorporating state-of-the-art optical storage into active archiving, we’re looking at a viable, environmentally conscious alternative to conventional storage methods, bolstering data access and security. This movement is a testament to the increasing emphasis on both data preservation and environmental stewardship.
  3. A Landmark Year for Tech Innovations and Economic Shifts – 2024 will be a watershed year in terms of tech innovations leading digital and economic transformations. This change is expected to stem from several drivers: the quickened pace of digital evolution, the urgent need for sustainable, energy-efficient solutions amid environmental concerns, and the changing demands of consumers and businesses in a world reshaping after the pandemic. Post-COVID-19 economic recovery is likely to be heavily reliant on technological innovation, potentially revolutionizing fields like AI, machine learning (ML), and renewable energy. Moreover, the growing necessity for business agility and resilience is set to favor adaptable and scalable technologies, gradually sidelining older, more rigid systems. This economic scenario is ripe for nurturing groundbreaking technologies and boosting investment and research in emerging sectors, marking 2024 as a critical year for tech breakthroughs and paradigm shifts.

Leave a comment »

A Canada Post Text Message #Scam Is Making The Rounds

Posted in Commentary with tags on December 20, 2023 by itnerd

At this time of year, you’re likely ordering online to get every gift that’s on your list. Scammers know that and take advantage of that to try and scam you. Take this example:

This text message hit my phone last night. It comes from an Ottawa area number which is supposed to lull you into a false sense of security so that you don’t look at this too critically. That way you won’t question the fact that the website that they want you to go to isn’t one that belongs to Canada Post. That on top of the fact that Canada Post will never send you a text message unsolicited. Legitimate Canada Post SMS tracking or mail notifications and marketing communications will only show the sender as 272727 or 55555 and you have to sign up to get them. As for the website, it’s not canadapost-postescanada.ca. Thus this has scam written all over it and you should report it as junk. But because I investigate these scams, I’m going to do the things that you should not do and see what this scam is all about. Clicking on the link, which you should never do, gets me this:

So there’s a fake CAPTCHA that is meant to make you think that this is a real website. I will give the scammer bonus points for being to snag the IP address of the VPN connection that I was on as that adds to their attempt to fool you into thinking that this is real. I have to deduct points for the website not using SSL (Secure Socket Layer) to encrypt traffic evidenced by the “Not Secure” banner in the URL bar. No self respecting company in 2023 would ever have an website that didn’t use SSL. Thus if you somehow made it this far, you should be saying to yourself that this is a scam.

Going further into the website, you get this:

Now this is a really good copy of the Canada Post website. But it falls apart in several areas:

  • The URL is not https://www.canadapost-postescanada.ca for starters. So that’s a #Fail right off the bat.
  • There’s also no tracking number listed. That’s a #fail as well as any sort of package that Canada Post or any courier handles would have a tracking number.

Now if you click on “Reschedule Delivery”, here’s what you get (click to enlarge):

This is where it begins to become clear what the threat actors are up to. First they want to grab your personal info. And I know that because Canada Post would have no reason to ask you for your date of birth. When I entered fake info, I encountered logic that made you fill out certain items that reinforced the fact that the threat actors want your personal info. Likely to do some form of identity theft.

Once you fill in your info and click next, this is what you get (click to enlarge):

The threat actors want your credit card info as well. Likely to use it to buy a ton of stuff on someone else’s dime. But also to reinforce any attempt to steal your identity. I say that because a lot of places want your birthdate and your credit card along with a home address to run a quick credit check on you. So this threat actor could in theory use this info to take out anything from a cell phone to a loan.

Now this isn’t a new scam by any means. But it clearly isn’t going away as I suspect that the threat actors likely had some success with it. Plus as I said earlier, people are more likely to fall for it at this time of year. But you should not be one of those people. If you get one of these text messages, delete it and move on with your holiday activities.

1 Comment »