Archive for the Commentary Category

Petro Canada Suggests That Users Change Their Passwords

Posted in Commentary with tags , on February 26, 2017 by itnerd

Clearly a lot of companies are being paranoid about getting pwned by hackers as over the weekend, Petro Canada sent out e-mails to participants of their Petro Points program to change their passwords. Here’s a picture of the e-mail:

Screen Shot 2017-02-26 at 8.53.37 PM.png

Now, unlike the e-mail that Cineplex users got, they spun this in a way made you to more likely to not question whether this e-mail was real or not. That’s likely to make sure that users are more likely to change their password. Though, I will admit that this still has a “blame the user” feel to it. But having said that clearly the Loblaw and Canadian Tire hacks has Canadian businesses spooked.

Advertisements

Cineplex Asking Users To Change Their Passwords…. Why?

Posted in Commentary with tags , on February 24, 2017 by itnerd

That’s the question being asked by people who use Cineplex Connect as they got an e-mail this morning asking them to change their passwords. Here’s an example of such an e-mail posted to Twitter by someone who thinks this is an attempt at phishing:

The problem is, that this e-mail is actually legit as confirmed by the Cineplex Twitter account:

So…. Why are they doing this? In my mind, it’s one of these three things:

  1. Cineplex Got pwned by hackers.
  2. Cineplex is watching other Canadian companies like Loblaw and Canadian Tire get pwned by hackers and is simply getting ahead of the curve in terms of trying to keep their users safe.
  3. This is related to the Cloudflare disclosure of leaked data. It is not clear if Cineplex is a Cloudflare customer, but the timing is interesting enough to make that a possiblity.

Whatever the reason, you should likely change your password. To change your password, you need to login to Cineplex’s website, click on the Security tab and follow password change instructions. In the meantime, we’ll have to guess which one of the three reasons that I stated is the truth. I’d like to think it’s the second one, but these days you never know.

Cellebrite Claims To Be Able To Get Data From iPhone 6 & Older Models

Posted in Commentary with tags on February 24, 2017 by itnerd

Israel based iPhone hacking firm Cellebrite is now making the claim that they can extract data from iPhone 6 and older models. This is interesting as it was thought that anything from the iPhone 5s or newer was difficult to hack. Here’s what CyberScoop had to say about this:

Cellebrite, the Israel-based firm that makes millions selling smartphone cracking tools to governments around the world, announced Wednesday that it can unlock and extract the full file system from locked iPhones including the 6 and 6+ with their Advanced Investigative Service (CAIS) product in which their customers send phones they urgently need unlocked.

Every version before the 6+ can also be unlocked by Cellebrite whose forensic researchers say they have successfully bypassed Apple’s security and encryption.

And:

Cellebrite’s ability to break into the iPhone 6 and 6+ comes in their latest line of product releases. The newest Cellebrite product, UFED 6.0, boasts dozens of new and improved features including the ability to extract data from 51 Samsung Android devices including the Galaxy S7 and Galaxy S7 Edge, the latest flagship models for Android’s most popular brand, as well as the new high-end Google Pixel Android devices.

“In the majority of devices, Cellebrite’s proprietary boot loader can bypass all security mechanisms, even if the device is locked, without jailbreaking, rooting or flashing the device,” according to the company. Newer devices, particularly iOS devices, present evolving challenges.

It’s interesting that they don’t have the iPhone 6s/6s Plus, 7 or 7 Plus on their list. I am guessing that those phones are different enough that these guys haven’t figured out how to break into them yet. Regardless, this is sure to put them into the crosshairs of Apple who I am sure is going to do their best to figure out exactly how Cellebrite is doing this and then develop countermeasures to stop them from being able to extract data from their shiny iDevices.

Let the arms race begin.

iPhone 7 Plus Catches Fire On Video…. Apple Is Investigating

Posted in Commentary with tags on February 24, 2017 by itnerd

A viral video is of a smoldering iPhone 7 Plus is making the rounds around the Internet. The video made by Brianna Olivas, shows the device burning to the point that the case is melting away and smoke is seen coming out the side of the phone. In a statement to Mashable, an Apple spokesperson said that the company has been in touch with Olivas and is investigating. “We are in touch with the customer and looking into it,”

Here’s the video in question via her Twitter feed:

Now, does this mean that there’s a problem with the iPhone 7 Plus? Likely no. Any device that uses a lithium based battery has a risk of exploding. And iPhones have caught fire every once in a while. The thing to watch for is if this becomes a trend. As in like Samsung’s Galaxy Note 7 debacle where phones were blowing up at a rate that has never been seen before or since.

Another thing to consider is the fact that maybe there’s another cause for this other than a design defect or something similar. Like using a third party charger as it has been found that these can be really dangerous. Or perhaps the phone was dropped which damaged the battery. I’m not trying to blame the victim here. I’m simply providing some perspective that we need all the facts at hand before coming to a conclusion. What will help with that is if Apple shares these facts in a complete and robust manner with the public once their investigation is complete.

Canadian Web Hosting Deploys Customer Intelligence Platform Cloudash In Beta With AI

Posted in Commentary with tags on February 24, 2017 by itnerd

Canadian Web Hosting announced yesterday the first beta release of their Customer Intelligence Platform Cloudash. This platform brings together their expanded Hosting as a Service (HaaS) platform with deep insights driven by artificial intelligence.

Cloudash is an entirely new way to interact with web hosting and cloud hosting services and is built on React using GraphQL. The platform incorporates Canadian Web Hosting’s web hosting services, including Shared Hosting, VPS, Containers, Cloud Computing and Cloud Storage that can be instantly provisioned with a free registered account. React is the same development platform used by leading applications HipChat, Facebook Chat and many others. It delivers proven performance and flexibility for end-users.

This is Canadian Web Hosting’s first application built using GraphQL, an open-source data query language that delivers exceptional latency and bandwidth performance. GraphQL incorporates a new microservices architecture, removes the Rest API layer, thereby improving the time for new product updates and makes it easier than ever for customers to write GraphQL queries directly into their applications.

To support end-users, Canadian Web Hosting has added artificial intelligence capabilities to Cloudash, including deep integration of Watson and AI driven communication platforms to help customers receive actionable insights and easily understand their data.  Customers have the ability to receive real time insights, regular daily and weekly summaries and ongoing resource audits that help customers understand their usage and how to decrease their overall infrastructure and cloud hosting spend.

Canadian Web Hosting’s new major release for Cloudash is scheduled for June that will offer additional capabilities around public cloud computing, OpenStack, object storage and so much more.  To learn more about Canadian Web Hosting or Cloudash, contact Canadian Web Hosting today at 1-888-821-7888 or by emailing sales@canadianwebhosting.com.

Cloudflare Security Breach Exposes Data From 3400 Websites Including, Fitbit & Uber

Posted in Commentary with tags on February 24, 2017 by itnerd

User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in the Cloudflare content delivery network. The goal of a content delivery network is to serve content to end-users with high availability and high performance.But instead, this one leaked data and the leaks were spotted by Google security researcher Tavis Ormandy who has a habit of spotting this sort of thing. A Cloudflare blog post acknowledges that the issue was serious, but says there is no evidence of it having been exploited:

The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.

But Cloudflare’s response was quickly smacked down by Ormandy:

[The company’s blog post] contains an excellent postmortem, but severely downplays the risk to customers.

An unofficial list of sites that may be affected has been posted to Github and it includes sites like Fitbit and Uber, but note that this includes all domains that use Cloudflare DNS. That means that this is a much larger number than use the affected services. In the meantime Google, Bing, Yahoo and other search engines have been working on clearing cached data from the breach before anyone went public. But that doesn’t mean that nothing leaked out as this issue likely existed for months before being patched.

 

Intuit QuickBooks Canada & Dream Payments launch new Integration To Help Entrepreneurs Get Paid Faster

Posted in Commentary with tags on February 24, 2017 by itnerd

The QuickBooks Online (QBO) ecosystem has a new member: Toronto-based startup Dream Payments.

With the new QuickBooks and Dream Payments integration, small business owners can now accept cash, credit and Interac Debit from anywhere, anytime, helping them get paid faster and improve their access to capital and better manage their cash flow.

With 1.3 million debit terminals in Canada and growing, there’s been a gap in the market for an affordable and comprehensive mobile point of sale to replace dated and expensive payment terminals, and as 68 per cent of entrepreneurs use apps to run their businesses according to Intuit’s “2017 Small Business App Study,” there’s also clearly an appetite for greater integration within the ecosystem.

For the 32 per cent of small business owners who say cash flow is the main concern keeping them up at night, the Dream Payments QuickBooks integration provides users with all the information they need at their fingertips to manage their business from anywhere:

  • Focus on business growth: With the Dream Mobile Point of Sale, SMBs can accept Interac Debit and credit cards and even contactless payments (including Apple Pay and Samsung Pay) and never have to turn a sale away again.
  • Get paid faster: Each transaction is automatically updated in QBO. Even inventory and taxes are updated instantly.
  • No more guessing or reconciliation problems: Users can access QBO invoices right from within the Dream mobile app and accept in-person payments towards them; they’ll automatically be recorded as paid and reconciled within QBO.

If you’re a small business owner, you should check out Dream Payments for QuickBooks Online.