Author Archive

« Older Entries
Newer Entries »

CompTIA and the National Association of Career Colleges team up

Posted in Commentary with tags on July 9, 2024 by itnerd

Students at hundreds of career colleges across Canada will soon have new options for training in cybersecurity and other dynamic technology disciplines through a new program from the National Association of Career Colleges (NACC) and CompTIA, the organizations announced today.

The non-profit organizations are jointly developing a technology-focused curriculum aligned with CompTIA’s industry-leading skills certifications for tech professionals. The initial focus is on education and training for careers in cybersecurity, with the intent to make the resources available to all 550 NACC member institutions across every province.

Canada’s technology workforce expanded by nearly 300,000 net new jobs between 2017 and 2022 and now totals nearly 1.4 million workers. Among the fastest growing occupations were jobs for cybersecurity specialists, which grew by 146% in that time span. The estimated median annual wage for a tech worker in Canada is $88,233, which is 48% higher than the median national wage for all occupations.

CompTIA is the largest vendor-neutral technology certifying body in the world, with nearly 3.5 million CompTIA certifications earned by IT professionals globally, including 800,000 in cybersecurity skills.

Leave a comment »

You Know You’re Going To Have A Bad Day When You Get A Data Breach Notification In Your Inbox

Posted in Commentary with tags on July 9, 2024 by itnerd

Late yesterday, I got a data breach notification in my inbox. This isn’t the first time that this has happened and it won’t be the last time that this happens given how bad things are when it comes to company NOT protecting your personal information.

This data breach notification comes from Ticketmaster who recently got pwned in epic fashion. I haven’t dealt with Ticketmaster for years. In fact, the last time I dealt with them was 2016 when the Pet Shop Boys came to town. So on one hand, I was surprised to see that I was affected. But on the other hand I wasn’t as clearly Ticketmaster was holding on to my personal data since then. Which says a lot about their data handling practices. In any case, here’s the email that I got:

So I did sign up for their credit monitoring service. That seems to be a sensible thing to do. But at the same time I have to admit that my exposure to this is pretty limited. The credit cards that I would have used at the time has been replaced for example. So there should be no opportunity for fraud on that front. But the key word is SHOULD. I’ve learned over the years that threat actors will find ways to take information and use it to make your life miserable.

This situation has made me a lot more interested in this Ticketmaster situation as it isn’t just a news story anymore as it personally affects me. Thus I will be keeping a close eye on this going forward. And I will also be looking to see if Ticketmaster pays a price for this data leak. But honestly, they need to pay a price.

1 Comment »

Florida Health Department data published after refusing ransom demands

Posted in Commentary with tags on July 9, 2024 by itnerd

Last week, the hacking group RansomHub claimed it exfiltrated and published 100 gigabytes of sensitive data from the Florida Department of Health after it refused to meet ransom demands.

While the exact data stolen in unclear, Department of Health press secretary Jae Williams confirmed that the attack affected the state’s online Vital Statistics system which is used to issue birth and death certificates.
 
The Tampa Bay Times reported Tuesday that state tax collectors’ offices and funeral homes have been unable to issue birth and death certificates when the Department of Health’s online system went down the previous week. As of Wednesday, at least two health offices regained the ability to print birth and death certificates.
 
Meanwhile, this is the latest in a string of incidents targeting government agencies. On Wednesday, the New Mexico public defender’s office was hit with a ransomware attack and that same day, the Alabama Department of Education announced it had been targeted in a cyberattack last month.
 
According to Emsisoft, 2,207 U.S. hospitals, schools and governments were affected by ransomware attacks last year.
 
The Florida Department of Health is responsible for the state’s 67 county health departments and in February, a new state budget for the 2025 fiscal year proposed reverting $40 million, part of Florida’s Local Government Cybersecurity Grant, back into the state’s general fund.

BullWall Executive, Carol Volk had this to say:

   “Breaches such as this one by RansomHub, that exfiltratied 100GB of data from the Florida Department of Health, is another persistent reminder of the vulnerability within the public sector. The disruption of the Vital Statistics system, crucial for issuing birth and death certificates, highlights not only the operational impact but also the personal ramifications for residents.

   “This incident adds to a growing list of ransomware attacks on government entities, with the New Mexico public defender’s office and the Alabama Department of Education also recently recently targeted. Statistics from Emsisoft reported that over 2,200 U.S. hospitals, schools, and governments fell victim to ransomware last year and underscores the urgency for improved cybersecurity measures. Knowing that this trend will continue, we need to be adding measures such as MFA, encryption and ransomware containment to ensure we have protective layers against data access and exfiltration once the attackers are in-system.

   “It’s also concerning that Florida’s 2025 fiscal budget proposes diverting $40 million from the Local Government Cybersecurity Grant back to the general fund, potentially weakening defenses further. We must have sustained investment in cybersecurity to protect critical infrastructure and sensitive data.”

I’ll say two things about this. The first is that RansomHub is on a tear as of late as their victim list continues to grow. The second is that the fact that their victim list continues to grow highlights the fact that not enough time, effort and money are being spent by organizations to keep threat actors out. That needs to change, and moves like diverting $40 million from cybersecurity efforts are ill advised to say the least.

The only good news in this story is that the ransom was not paid. That’s good because threat actors should never profit from their evil deeds.

Leave a comment »

Former Nuance employee arrested After Geisinger data breach

Posted in Commentary with tags on July 9, 2024 by itnerd

A former Nuance employee has been arrested after Geisinger, a Pennsylvania Healthcare Provider, experienced a data breach which exposed 1.2 million records. The former employee had accessed certain Geisinger patient information two days after the employee had been terminated, according to the company incident notice. The information that was potentially accessed and stolen included names, addresses, dates of birth, phone numbers, race, gender, admit and discharge or transfer codes, and medical record numbers.

Chad McDonald, CISO and COO, Radiant Logic had this to say:

“Insider threats can quickly take hold of organizations if identity data and access rights are not properly managed and monitored. As seen with the Nuance breach, all it took was two days of an ex-employee’s access rights not being changed for the company and individual consumers to face extreme consequences. By utilizing modern day solutions to automate user access reviews and management, organizations can handle these situations urgently and with the precision needed to avoid dire situations.”

This sort of situation happens more often than you realize. I’ve seen a number of situations where one disgruntled employee causes a nightmare situation for an organization. What makes this situation a bit different is that this employee was outside the organization that got pwned. Thus organizations should consider this situation a cautionary tale.

Leave a comment »

CRN Honors Cyware’s Matt Courchesne as a 2024 Inclusive Channel Leader

Posted in Commentary with tags on July 8, 2024 by itnerd

Cyware today announced that CRN, a brand of The Channel Company, has named Matt Courchesne, Head of Channel–North America, as a 2024 Inclusive Channel Leader. In its second year, the list recognizes executives from vendor, distributor, and solution provider organizations who are dedicated to making a positive impact across the IT channel through inclusive leadership.

The CRN 2024 Inclusive Channel Leaders honorees are passionate about advancing equity and diversity within their organizations, the channel, and across the greater technology industry. With this recognition, CRN highlights these executives for their desire to foster inclusion and belonging.

With nearly a decade of senior leadership experience, Matt has consistently championed inclusivity. His dedication fosters a culture where diverse opinions, backgrounds, and experiences are valued, and team members are empowered to approach problems as business owners. This holistic approach not only enriches the workplace but also drives sustainable, long-term.

The 2024 Inclusive Channel Leaders list will be featured in the August issue of CRN Magazine, with online coverage starting July 8 at www.CRN.com/Inclusive-Leaders.

Leave a comment »

Prioritize Quality & affordability this back-to-school season with Epson

Posted in Commentary with tags on July 8, 2024 by itnerd

When parents are planning their back-to-school shopping and narrowing down what’s essential, a high-quality printer should be at the top of the list. Epson offers reliable and affordable printer options that will help children and parents power through many school years to come. Epson’s line of EcoTank printers can support the entire family with their important printing tasks while offering long-term cost savings.

ET-2850 Wireless Colour All-in-One Cartridge-Free Supertank Printer (MSRP: $399.99 CAD)

The ET-2850 is the ideal wireless all-in-one printer for any busy family with a variety of printing needs. It’s ultra-convenient at home or on the go, with smart device compatibility once connected to the internet. This comes in handy during the morning rush when someone forgot to print out their assignment the night before. Parents can rest easy knowing there’s one less cost to worry about since this printer is cost-effective, as it comes with a large supply of ink in the box. Plus, with each set of EcoFit ink bottles equivalent up to approximately 80 ink cartridges, the kids can print in colour as much as they want!

Where to Buy:

ET-4850 Wireless Colour All-in-One Cartridge-Free Supertank Printer (MSRP: $599.99 CAD)    The perfect printer for post-secondary students is one that will last them through multiple semesters. The ET-4850 can print up to 5000 pages approximately, limiting the number of times they’ll ring home asking for a top-up on ink, and eliminating the fear of running out of ink the night before an assignment is due. With premium productivity features like an Auto Document Feeder and a high-resolution flatbed scanner, this printer will benefit students long after graduation and support them in the workforce.

Where to Buy:

Epson has lots of deals throughout the back-to-school season, so be sure to check Epson.ca for weekly specials and even more savings! 

Leave a comment »

Microsoft Bans Chinese Employees From Using Android Phones

Posted in Commentary with tags on July 8, 2024 by itnerd

From the “things that make you say hmmmm” department, comes this report from Bloomberg where they’ve seen a memo from Microsoft that tells Microsoft China employees that starting in September, only iPhones can be used for authentication purposes. Effectively killing Android phone usage in Microsoft’s Chinese operation:

The US company will soon require Chinese-based employees to use only Apple devices to verify their identities when logging in to work computers or phones, according to an internal memo reviewed by Bloomberg News. The measure, part of Microsoft’s global Secure Future Initiative, will affect hundreds of workers across the Chinese mainland and is intended to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.

Staff who don’t already have an iPhone will be provided an iPhone 15. And this affects Chinese and Hong Kong employees. You have to wonder how the Chinese government will react to this as they will see this as a shot at them.

Get the popcorn ready.

Leave a comment »

Quebecor Says That It Has Met All Commitments Related To Their Purchase Of Freedom Mobile

Posted in Commentary with tags on July 7, 2024 by itnerd

A press release from Freedom Mobile owner Quebecor is saying that they’re met all the commitments that they had to make in order to buy Freedom Mobile.

The Progress Report on Fulfilment of Videotron Ltd.’s Undertakings submitted to ISED on July 3 describes this remarkable progress, including:

  • Maintaining the prices of wireless plans by introducing a Mobility Price Freeze Guarantee for all current and future customers of Freedom Mobile;
  • Promoting competition and lowering wireless prices by offering affordable mobile packages backed by an enhanced customer experience, which was instrumental in the 26.6% reduction in the wireless component of the Consumer Price Index1 during the year following the acquisition of Freedom Mobile;
  • Extending Freedom Mobile and Fizz services to Manitoba and other Canadian markets through MVNO2 agreements;
  • Offering low-cost 5G plans to an ever-growing number of Canadians.

The full report is available here.

I have to admit that Quebecor has used Freedom Mobile to make life difficult for the “big three” telcos. From a personal standpoint, their deals and coverage were good enough for us to switch from TELUS. If they can keep this momentum up, their existence may actually provide the competition that the telco market in Canada desperately needs.

Leave a comment »

The CRTC Puts Out An Executive Summary About The July 2022 Rogers Outage

Posted in Commentary with tags , on July 6, 2024 by itnerd

A reader tipped me off to the posting of this executive summary written by a third party named Xona Partners Inc. on behalf of the CRTC in relation to the major Rogers outage that happened in July of 2022. I encourage you to read it at your leisure. But I want to draw your attention to two items. The first is this:

Root cause of the network failure. The July 2022 outage is attributed to an error in configuring the distribution routers within the Rogers IP network. Rogers staff removed the Access Control List policy filter from the configuration of the distribution routers. This consequently resulted in a flood of IP routing information into the core network routers, which triggered the outage. The core network routers allow Rogers wireline and wireless customers to access services such as voice and data. The flood of IP routing data from the distribution routers into the core routers exceeded their capacity to process the information. The core routers crashed within minutes from the time the policy filter was removed from the distribution routers configuration. When the core network routers crashed, user traffic could no longer be routed to the appropriate destination. Consequently, services such as mobile, home phone, Internet, business wireline connectivity, and 9-1-1 calling ceased functioning.

But there’s more. This also got my attention:

Deficiency in the change management process. The configuration error, which led to the removal of the policy filter from the configuration of the distribution routers, is the result of a change management oversight by Rogers staff. Rogers staff deleted the policy filter that prevented IP route flooding in an effort to clean up the configuration files of the distribution routers. The change management process, which includes audits of change parameters, failed to flag the erroneous configuration change.

That’s pretty bad that a top tier telco like Rogers had a change management process that was suspect. If I was still a customer of Rogers, I’d be rethinking whether I should be doing business with Rogers. Though I have to say that this report also says that Rogers is making improvements in this area.

There’s a couple of other items that I want to draw your attention to. Staring with this:

Limited communication among Rogers staff. Rogers staff relied on the company’s own mobile and Internet services for connectivity to communicate among themselves. When both the wireless and wireline networks failed, Rogers staff, especially critical incident management staff, were not able to communicate effectively during the early hours of the outage. Rogers had to send Subscriber Identity Module (SIM) cards from other mobile network operators to its remote sites to enable its staff with wireless connectivity to communicate with each other. The absence of sufficient alternative means of communication slowed the Rogers response to the July 2022 outage.

This is a problem. Again this report indicates that this has been addressed. But it’s pretty bad that Rogers assumed that nothing would ever happen to their network. And as a result didn’t come up with a plan to have another option for key staff to communicate.

The second item that I want to draw your attention to is this:

Separate IP core for the wireless and wireline networks. Following the outage, Rogers announced it had decided to separate the IP core network for its wireless and wireline networks. This decision entails deploying a new IP core for the wireless network, while the existing IP core would remain to serve the wireline network. Therefore, if one IP core network were affected by an outage, the other IP core network would remain unaffected and operational. 

Rogers has not yet finalized the implementation of the IP core network separation, which remains a work in progress. When implemented, separate IP core networks for the wireless and wireline networks will help to contain a failure to its respective access network and, therefore, avoid the type of catastrophic network failure experienced in the July 2022 outage, where both wireless and wireline services were unavailable due to the outage in the common core IP network. IP core network separation would improve the overall resiliency of the Rogers wireless and wireline networks.

Rogers would do well to give customers and non-customers exact timelines as to when this will get done. I say that because simply saying you’re going to do something without saying when you’re going to do it is meaningless. More on this in a bit.

One thing to keep in mind is that the CRTC has put this out there to keep Rogers honest. Specifically:

Today, the CRTC published the executive summary of the expert report completed by Xona Partners Inc. (Xona) on Rogers’ July 2022 outage. 

Based on Xona’s findings, the measures taken by Rogers have addressed the cause of the outage. Xona also made additional recommendations to Rogers to further enhance the reliability and resilience of their network, and Rogers has confirmed the implementation of all measures. 

In order to prevent future outages, Rogers must report to the Commission on: 1) whether the measures continue to effectively address reliability issues; and 2) progress made to separate the wireline and wireless core networks. The report must be provided by 4 July 2025.

We’ll see a year from now if Rogers is truly serious about making sure that their infrastructure is actually reliable for all Canadians.

Leave a comment »

Roku OS 13 Is Upsetting Users Because They Forced Motion Smoothing Upon Them With No Way To Turn It Off

Posted in Commentary with tags on July 5, 2024 by itnerd

One of the advantages that Roku had is that they handled updates to their TVs in the same way that they updated their streaming sticks and streaming boxes. Which is for the most part, any Roku device got the same features and fixes. Up until recently I thought that was good. But back in June that changed when Roku rolled out RokuOS 13. Specifically, the picture quality became worse for some people And after reading the release notes that Roku put out in regards to version 13 of the RokuOS, the answer is pretty clear:

Roku Smart Picture: Roku Smart Picture, available on Roku TV models, automatically improves picture quality dynamically as users stream. Backlighting, uniformity, and colors will automatically adjust based on the type of TV, and Picture Mode will optimize across detected content types including sports, movies, reality, animation, and more. Users can turn on Roku Smart Picture by pressing the * button on a Roku Remote while streaming and clicking into Picture Setting then Picture Mode. This feature will not override Dolby Vision® and HDR10+ formats if they are detected on compatible devices.

Now the key part is that Roku added this:

 Roku Smart Picture, available on Roku TV models, automatically improves picture quality dynamically as users stream.

This is some sort of motion smoothing feature that Roku has implemented. And people who want the best picture quality possible turn off any sort of motion smoothing. They do that because viewing content filmed at 24 or 30fps looks really weird on TVs that run at 120 Hz and above. The insanely smooth motion makes the video almost seem too real. Or put another way, it completely destroys the movie watching experience. But for some reason Roku feels that it should be on. And not only that, in Roku’s infinite wisdom, they have no way to turn it off. Unless you have a Dolby Vision and HDR10+ TV from one of Roku’s partners. Or the streaming stick or box detects one of those TVs.

Frankly, this is the single dumbest thing that Roku has ever done. In effect, they’ve managed to anger a significant percentage of their user base for no good reason. Not that angering the people who buy your products is a good thing. In any case, Reddit for example along with Roku’s own community forum has a lot of angry users complaining about this feature, and the fact that you can’t turn it off. What makes the situation worse is that while Roku seems to acknowledge that the issue exists, they don’t seem very interested in fixing it. Or more accurately giving users the ability to turn off motion smoothing. Now there’s an extra twist to this. This feature might have existed before. While I haven’t noted that, and I am not affected negatively by this as I have a Dolby Vision and HDR10+ TV,  older threads on Roku’s forums have mentioned similar issues before. Which makes me wonder if this is something that the company has been trying to push at the behest of their hardware partners.

Regardless, even though I am not affected by this, this whole experience has left a bad taste in my mouth when it comes to Roku. I happen to like their products specifically because I perceived it to be an open platform that gave me a fair amount of choice. And their support for things like Apple HomeKit and Fitness+ really fit into my home which is deep down the rabbit hole of the Apple ecosystem. But if Roku is going to do things like this where they force things upon their user base that their users don’t want, then I may hop over to a Google powered TV. While it is Google which means that they are as invasive in terms of collecting data about you as Facebook is, they aren’t known for this level of stupidity. Perhaps Roku might want to keep that in mind and not only find a way to roll back this change, but also find a way to calm their user base before Roku TV’s end up on Craigslist en masse.

Leave a comment »

« Older Entries
Newer Entries »