Archive for the Commentary Category

New Paragon Mac Toolbox Unites 6 Essential Cross-Platform Data Exchange Tools

Posted in Commentary with tags on October 22, 2018 by itnerd

Paragon Software Group has released Paragon Mac ToolBox — a bundle of six tools for users frequently working in Mac and Windows environments. The toolkit contains the most essential technologies for overcoming cross-platform limitations and incompatibilities when switching between Mac and Windows systems. Paragon Mac ToolBox is available for $39.95, saving users 50 percent off the original product price on all tools if purchased separately.

Paragon Mac Toolbox includes:

  • NTFS for Mac, an award-winning driver that grants users full read/write access to Microsoft NTFS-formatted data on Mac systems. Like the majority of Paragon System Link drivers, once the program is installed, users can immediately navigate volumes, as well as read, edit, copy, or create files and folders. All product options and functionality, including information on mounted volumes, system startup, and verification can be accessed conveniently from the Mac Finder menu bar.
  • APFS for Windows is a driver for smooth operations with APFS-formatted volumes on a Windows PC.
  • HFS+ for Windows, a driver for seamlessly working with macOS HFS+ formatted volumes on PC.
  • NTFS-HFS+ Converter converts NTFS volumes to HFS+ volumes or vice versa while guaranteeing no data loss.
  • APFS-HFS+ Converter easily reverts files from APFS to the older HFS+ for specific operations (HFS+ volumes only).
  • CampTune provides a simple user interface with a slider to easily redistribute Boot Camp storage space between Mac and Windows.

Paragon Mac Toolbox is available for $39.95 at https://www.paragon-software.com/home/mac-toolbox/

Advertisements

Guest Post: NordVPN Discusses The Targeting Of iPhone Users By Cybercriminals

Posted in Commentary with tags on October 22, 2018 by itnerd

A new cell phone scam targeted at iPhone users tries to steal theirApple login details by sending a fake Spotify/iTunes email.

The phishing email claims to be from Apple and Spotify. If a user clicks on the link, the email says the user had bought a year of Spotify Premium for $150.99 and links to a page to “review your subscription.” A fake Apple landing page – which looks like a real one – then asks for log-in details.

“One of the most common types of phishing is an email that contains a fraudulent link. In this case, users are likely to give away their personal information, because they will be obviously worried they might be charged $150,” said Ruby Gonzalez, Communications Director of NordVPN. “The supposed website of a trusted brand,such as Apple, creates a fake sense of familiarity, which  misleads people into entering their private information.”

According to Apple, if a user receives an email asking them to update their account or payment information, they should only do so directly in their Settings on the Apple device that they are using. Users can update their passwords at appleid.apple.com.

NordVPN also recommends using its CyberSec feature, which is designed to block advertisements, malicious sites, and phishing links. While it’s still not available on iOS, CyberSec can be used on Windows, macOS, Linux, as well as on the mobile app for Android.

NordVPN provides these tips for spotting a phishing email:

  1. Check the sender’s address. Don’t just trust the display name – pay attention to the email address. If the domain looks suspicious (e.g., info@secure.apple.com), don’t open the email.

 

  1. Look for spelling and grammar mistakes. Serious companies don’t usually send out emails with bad grammar and basic spelling mistakes.

 

  1. Take a look at the greeting. Your bank or another legitimate institution would often address you with your full name. If you see a vague “Dear user” instead, remain vigilant.

 

  1. Don’t click on links– instead, hover your mouse on the button to see the destination link. Check if it looks legitimate and, especially, if it contains the “https” part to indicate a secure connection.

 

  1. When in doubt, contact your bank or other institution over the phone or alternative email address and ask to confirm if the email is legitimate.

 

  1. In addition, two-factor authenticationcan be set on iOS devices. That way, a hacker would have to go through another control even if they have stolen a user’s login information.

 

For additional safety, use a VPN. Using a VPN when browsing can protect you against malware and phishing that targets online access points.

A Follow Up To My Move From Rogers To TELUS Mobility

Posted in Commentary on October 22, 2018 by itnerd

Since I wrote about My Move From Rogers To TELUS Mobility a little while ago, some things have happened based on the fact that TELUS saw this in that story in relation to my wife wanting to move to TELUS, but being unable to as their in market plans couldn’t match what Rogers was serving up to her:

But if someone from TELUS is reading this, you’d gain a customer for life if you could match her $65 for 5GB plan that she has with Rogers.

A couple of days after that post went up, I had several people from Telus reach out to me. In particular was Anna from The Office Of The President who facilitated getting my wife onto a plan that was slightly more expensive than her Rogers plan. But was a better value as she had more data (6GB as opposed to 5GB) among other features. To sweeten the pot, she would waive the $30 fee to activate a SIM card. My wife decided to take Anna’s offer and we made our way to the same TELUS store at Sherway Gardens in Toronto so that she could make the switch. What likely helped to move things along was that the staff remembered me from when I made my switch to TELUS. But even without that, I think she would have no issue doing the following:

  • Assess her needs from a data plan perspective.
  • Do all the “paperwork” to not only make her a TELUS customer, but port her number from Rogers to TELUS. I say “paperwork” because it was all done electronically. Not one scrap of paper was used.
  • Have her sign off on all of the above on a tablet and have all the documentation  emailed to her.
  • Helped her to set up a My TELUS account to allow her to manage my account either online or via the My TELUS App

It all took about 45 minutes and went pretty smoothly. My wife noted the following as part of her experience:

  • The seats what were in the TELUS store were very comfortable. And that was important to her as she was sitting for 45 minutes or so.
  • The person that she dealt with made zero attempts to upsell her which she absolutely appreciated. That same person also ensured that everything worked before she left the store which was also appreciated. However, he was clearly under the weather and should have perhaps taken a sick day. Seeing as that it is close to flu season, that’s something that is worth considering by TELUS. Another thing that my wife would offer up as advice is to set some expectations up front about how long the process would take in terms of setting her up up on TELUS as some people may not have properly accounted for the time that might be required to sign up.
  • The design of the store which I have written about previously appealed to her. The only suggestion that she would make is that the store could be a bit bigger to accommodate space to facilitate more private conversations. From my perspective, she does have a point. But there are TELUS stores like the one at the Eaton Center in Toronto which are much larger in size versus the one at Sherway Gardens. So I would simply attribute this to the Sherway Gardens location rather than being something that TELUS needs to work on as a whole.

By the time we left, she was able to dial out from her iPhone. And about an hour after we left the store, her phone number was ported from Rogers. After that, a quick phone call to Anna to set up her account with the plan that they discussed and it was job done. Overall, my wife felt it was a very positive experience.

My wife’s good feelings continued when she went to work on the following Monday. With Rogers my wife’s workplace was a cellular dead zone. As in she got one bar to zero bars with Rogers which often left her unable to get and receive calls, or calls would drop. That often required her to leave her office and find a location with a better cellular signal, or use a landline instead. In an attempt to remedy that Rogers she had to enable their WiFi calling service which turned out to be difficult initially before we ultimately had success. That was fine until her workplace said that WiFi calling wasn’t allowed on their WiFi network which put her back to square one. Now that she’s on Telus, that’s changed. Here’s a text message exchange that I had with her on this topic:

fullsizeoutput_be1

To my wife, this is almost life changing as for the first time in years my wife make and receive calls at work without an issue. My wife has also noticed that in other locations where reception with Rogers was poor to non-existent, she can now get three to for bars on Telus. Not only that, she noted that the speed of her LTE connection is much faster than what she is used to. That further confirms the findings of PC Magazine and OpenSignal who rank TELUS as the fastest LTE network in Canada. And for the record, the Anna that is referenced in this exchange is the same Anna who facilitated her coming across to TELUS. And she deserves some kudos from someone further up the food chain in TELUS as she did a great job in getting her on board.

Another thing that my Wife noted was that the myTELUS app is way better than what Rogers offers up from their app (though to be fair to Rogers, they say in their app that improvements are coming). According to her, it is designed to give you the information that you need without having to excessively dig for it. She thinks that TELUS has a better understanding in terms of what customers want and how to present it in a manner that is easy to understand. It’s also very visually appealing.

There’s one final part to this story. Both my wife and I have been getting calls from Rogers retentions group. Now I’ve ignored these calls, but in the case of my wife she spoke to them once to essentially blow them off and didn’t even allow them to present her with whatever offers that they had. But being a betting man, I would suspect it is something along the lines of this offer which iPhoneInCanada.ca discovered. Needless to say, a return to Rogers when it comes to our cell phone service isn’t happening.

Here’s the bottom line according to my wife. She doesn’t like change and that’s why she stuck with Rogers for as long as she did. However, TELUS made it so easy for her to make the switch that she was blown away by the experience and now believes that she should have made this switch long before now. Plus the fact that she hasn’t had to fix anything after her move to TELUS is impressive as any change she or I did with Rogers usually resulted in a couple of calls to Rogers to fix something after the fact. This saved her time and effort and resulted in an extremely positive customer experience with TELUS. Her only suggestion was that if TELUS were to get aggressive with their pricing, say chop off five dollars from their in market plans when it comes to data as well as five dollars off when it comes to voice, they could really take large amounts of business away from Rogers and Bell as they have the customer service end of things nailed along with the quality of their LTE network. But even without doing that, TELUS is a company she’d recommend without hesitation. Clearly, TELUS has something going on here that makes them more than worthy of consideration when you need cell phone service. In fact, I think that my wife and I would both say that they should be your only choice.

 

 

watchOS 5 Needs Some Work When It Comes To Its Mail App

Posted in Commentary with tags on October 21, 2018 by itnerd

Yesterday I got a call for a woman who was highly frustrated. She had just gotten a Apple Watch Series 4 With GPS+Cellular and she had a very interesting problem that neither she or the Apple Genius Bar could solve:

  • When the watch was connected to her iPhone via Bluetooth, she had no problem sending or receiving mail via the Gmail account that was on the watch.
  • When the watch was connected to LTE, she was getting this error: “Cannot Get Mail, No connection available to retrieve messages for [Insert name of Gmail account here], Make sure to activate this account in “Apple Watch App” on your iPhone.”

Out of desperation she called me to have a look. I had a suspicion of what was going on even before I arrived at the client’s location. Gmail has a setting where you could enable or disable the use of “less secure apps”. A less secure app is one where the app can see your Gmail login and password directly. That’s a security risk if the app has been compromised by malware or is untrustworthy in some way. Instead, Google wants you to get your mail from Gmail via an app that uses an authentication protocol known as OAuth (specifically, OAuth 2). By using such an app, the app never sees your username and password. Instead, after being redirected to a Google sign in page inside the app, and using that to sign in, the app gets an OAuth 2 token that allows it get and send your email.  My suspicion was that the mail app on the Apple Watch does not support OAuth 2 while it is on LTE.

So when I arrived, I had the user log into her Gmail account. Then I had her do this:

 

  • Go to the Less secure apps section of her Google Account.
  • Turn on Allow less secure apps.

When I did that I had her leave the phone at home and then we took a walk down the block to force the Apple Watch onto LTE. Then I had her check her email from the watch and she found that she was able to get email.

Now this is an issue that Apple needs to fix as you should not have to downgrade the security of your Gmail account to allow it to be used on the Apple Watch. Thus Apple really needs to fix and add OAuth 2 support to watchOS 5.1 or later.

So I was finished with this client. Right? Well not so much.

We discovered that when you replied to an email, it would default to her iCloud account as she had both her Gmail and an iCloud account on her Apple Watch when the watch was on LTE. And there does not seem to be any clear way to change that behavior. This is something that I am continuing to investigate as I was able to replicate this behavior on my Apple Watch. However I am pretty sure that this is a bug that Apple will need to fix. But seeing as the client was able to receive email on her Apple Watch when it was on LTE for the first time since she got the watch, it was job done. But what this episode clearly illustrates that Apple does need to put in some more time and more effort into really doing meaningful QA on their products. I say that because Apple really has a great use case here with the Apple Watch as you could really utilize it to make yourself more productive when you are away from your phone. But the fact that they don’t seem to support OAuth 2 for Gmail, and they let a pretty clear bug slip through totally lets the side down. And that needs to change sooner rather than later.

 

 

Good Grief! Yet Another Extortion Phishing Scam Has Appeared!

Posted in Commentary with tags on October 20, 2018 by itnerd

One day after I told you about the latest extortion phishing scam, I have another one for you. Like yesterday’s scam and last four extortion phishing scams that I told you about in the last few months, this one again plays on the fact that you might have surfed for porn and that you might of done something else related to that. In other words, it is playing on your guilt about doing things that you perhaps should not be doing. Here’s the text of the latest scam email that I came across:

Hello.. .

This won\’t take too much of your study time, therefore direct to the point. I got a video of you commiting spermicide when at a pornpage you are went to, thanks to a fantastic arse software I\’ve been able to put on a few internet sites with that kind of content.

You click play and all the digital cameras and a microphone start working in addition it will save every damn detail coming from your personal pc, like contacts, passwords or shit such as dat, think where i got this e mail from?) And so now i know just who i will deliver that to, just in case you not necessarily going to compensate this with me.

I am going to put a account address down below so that you can send me 690 bucks within 3 days utmost via bitcoin. See, it\’s not that large of a sum to cover, suppose that would make me not that bad of a man.

You are allowed to complete whatever the shit you want to, yet in case i will not see the total in the period of time mentioned above, clearly… u undoubtedly realize what can happen.

So it\’s under your control at this point. I\’m not going to proceed through all the info and crap, just simply don\’t have time for this as well as you possibly know that internet is loaded with text letters similar to this, therefore it is also your final choice to believe in this not really, there may be just one way to figure out.

Here is the bitcoin wallet address- <Bitcoin Address redacted>

Have a great time and remember that time clock is ticking))

The first thing that I note about this latest scam is that it doesn’t offer up a password that you might of used as “proof” that they hacked your computer. But it does offer up all the usual elements of these scams like installing some sort of trojan that takes control of your computer, in particular the webcam and microphone, and steals stuff like contacts. I’ve said it before and I will say it again, such software does exist. But if you have functioning and up to date antivirus software, it should be a non-issue.

Now,  like all the other variants of this scam, the scumbags behind it got the email address and password as part of a data breach. You can find out which data breach by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach of some sort. The fact that they don’t have a password that you might have used indicates that you were part of a breach that didn’t include passwords. Thus it is highly likely that the low life behind this scam is less sophisticated and not that bright when compared to the others who run scams like these.

Having said all of that, if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. Another thing I am strongly suggesting to my clients is that they change the passwords to things like email, online banking and the like as a preventative measure. That way if they get an email like this, they will know it is fake immediately.

These scams are starting to get out of hand. Thus I strongly suggest that you take measures to prevent yourself from becoming a victim. These scumbags want you to be the 1% of people who fall for something like this because they make lots of money off that 1%. Don’t be part of that 1%. Ignore an email like this and use my advice above to protect yourself.

Another Day, Another Extortion Phishing Scam….. Don’t Fall Victim To It!

Posted in Commentary with tags on October 19, 2018 by itnerd

Today, I am going to expose another extortion phishing scam email. And for the record, I will keep shining a light on these and others who try to take advantage of honest hard working people because cockroaches like them hate the light. Like the last four extortion phishing scams that I told you about in the last few months, this one again plays on the fact that you might have surfed for porn and that you might of done something else related to that. In other words, it is playing on your guilt about doing things that you perhaps should not be doing. Here’s the text of the latest scam email that I came across:

Hello!

My nickname in darknet is kevan45.

I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from <Email redacted>  is <password redacted>

Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.

Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.

Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $811 is quite a fair price to destroy the dirt I created. Send the above amount on my BTC wallet (bitcoin): <Bitcoin Wallet Redacted>

As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it. Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!

After your reading this message, I’ll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.

Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!

Good luck!

The first thing that this email says is that they installed trojan on the computer that takes control of the system and allows the person who installed it to log your keystrokes and control your webcam and microphone. Now this software does exist. But if you have up to date and functional anti-virus software, it should be able to deal with it. But in this case, I can say that never happened.

So, how can I say that this never happened? That’s because like all the other variants of this scam, the scumbags behind it got the email address and password as part of a data breach. You can find out which data breach by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password. And chances are that the breach in question took place longer than the six months that the scumbags claim that they have had access to your system.

Having said all of that, if you’re concerned about an email like this, and if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. Another thing I am strongly suggesting to my clients is that they change the passwords to things like email, online banking and the like as a preventative measure. That way if they get an email like this, they will know it is fake immediately.

Only about 1% of people who get an email like this pay up Thus these scumbags want you to be the 1% of people who fall for something like this because they make lots of money off that 1%. Don’t fall for this. Never respond to an email like this. Never pay up. Just ignore them and make sure that whatever password that they have isn’t in use by any of your online accounts. They are scumbags and don’t deserve your attention or more importantly your money.

Caudabe Announces Lineup Of Ultra Slim, Minimalist Cases For iPhone XS/XS Max/XR

Posted in Commentary with tags on October 19, 2018 by itnerd

Caudabe is proud to introduced its lineup of premium cases for the iPhone XS, iPhone XS Max, And iPhone XR. The new products are the latest iteration of Caudabe’s well-recognized design philosophy of combining sleek, minimalist design with smart functionality.

In addition to the Veil XT, the gold standard for ultra thin cases, this year’s lineup includes cases like the popular Sheath and Synthesis, both of which feature drop-tested shock absorption in an ultra sleek design, and Lucid Clear, a crystal clear, impact-resistant case made from the same polymer used in bulletproof glass.

5.8_sheath_black_2048x2048.jpg

The Sheath Case

Available in: Classic Black, Classic Navy, Classic Camo Green and Classic Ultravoilet | MSRP:$24.95

The perfect blend of minimalism and shock absorption. An exquisitely slim iPhone case manufactured from ShockLite™, a soft, gel-like, flexible polymer with excellent shock absorption. Provides cushion from everyday drops and tumbles while maintaining the slim profile of your iPhone. Drop tested to 2m / 6.6 ft.

5.8-veil-product-image-JH18-frost_db2a8529-bd7a-4c3b-9e53-9c18a3c22005_2048x2048.jpg

The Veil XT

Available in: Stealth Black and Frost | MSRP: $19.95

Impossibly thin case at a mere 0.35mm; perfect for scratch and bump protection Ridge around the camera cutout to protect the iPhone’s protruding camera Micro-etched matte surface providing excellent grip.

lucid-product-image-JH18-5.8-crystal_2048x2048.jpg

Lucid Clear

Available in: Crystal, Gold Metallic and Silver Metallic | MSRP: $24.95

An ultra slim, crystal clear case manufactured from the same impact resistant thermoplastic polymer used in bulletproof glass. Lucid Clear is perfect for protecting against everyday drops while showing off your iPhone’s sleek design in stunning clarity. Available in crystal clear and two stunning chrome metallic finishes that tastefully accentuate your iPhone’s design.

5.8_synthesis_black_599a33b4-4972-4206-868a-cfa5752d192c_2048x2048.jpg

The Synthesis

Available in: Stealth Black and Gray | MSRP: $29.95

Caudabe’s most protective iPhone case, drop tested to 2m / 6.6 ft. A fusion of a soft, flexible perimeter manufactured from ShockLiteTM, our shock-absorbing polymer, and a hard, micro-etched, clear back shell. Rugged protection in a slim, minimalist design.